From 21e056922d695c3fb49b48afc6e68391c764b16b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Love=20H=C3=B6rnquist-=C3=85strand?= <lha@e.kth.se>
Date: Fri, 15 Nov 2002 05:02:33 +0000
Subject: [PATCH] rxkad5-dont-allow-dot-in-aname-20021114

otherwise we need to deal with the fact that we're using . as a separator
---
 src/rxkad/ticket5.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c
index f9b52291e..93de592d8 100644
--- a/src/rxkad/ticket5.c
+++ b/src/rxkad/ticket5.c
@@ -182,6 +182,14 @@ int tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
 	goto bad_ticket;
     }
     
+    /* 
+     * If the first part of the name_string contains a dot, punt since
+     * then we can't see the diffrence between the kerberos 5
+     * principals foo.root and foo/root later in the fileserver.
+     */
+     if (strchr(decr_part.cname.name_string.val[0], '.') != NULL) 
+	 goto bad_ticket;
+
     /* Verify that decr_part.key is of right type */
     switch (decr_part.key.keytype) {
     case ETYPE_DES_CBC_CRC:
-- 
2.39.5