[src/netbsd-1-6]: src/crypto/dist/heimdal/kdc Pull up revision 1.2 (requested...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8b7ed6432f5d
branches:  netbsd-1-6
changeset: 530188:8b7ed6432f5d
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Mar 21 09:21:54 2003 +0000

description:
Pull up revision 1.2 (requested by lha in ticket #1225):
Fix Kerberos 4 procotocol problem mentioned in
[MIT krb5 Security Advisory 2003-004]/[heimdal-0.5.2 release notes]
by disable support for it.

diffstat:

 crypto/dist/heimdal/kdc/kerberos4.c |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (26 lines):

diff -r b592861bc8f9 -r 8b7ed6432f5d crypto/dist/heimdal/kdc/kerberos4.c
--- a/crypto/dist/heimdal/kdc/kerberos4.c       Fri Mar 21 09:21:47 2003 +0000
+++ b/crypto/dist/heimdal/kdc/kerberos4.c       Fri Mar 21 09:21:54 2003 +0000
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: kerberos4.c,v 1.1.1.4 2001/09/17 12:24:58 assar Exp $");
+RCSID("$Id: kerberos4.c,v 1.1.1.4.2.1 2003/03/21 09:21:54 tron Exp $");
 
 #ifdef KRB4
 
@@ -430,6 +430,13 @@
            goto out2;
        }
 
+       if (!enable_v4_cross_realm && strcmp(realm, v4_realm) != 0) {
+           kdc_log(0, "krb4 Cross-realm %s -> %s disabled", realm, v4_realm);
+           make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, 
+                          "Can't hop realms");
+           goto out2;
+       }
+
        if(strcmp(sname, "changepw") == 0){
            kdc_log(0, "Bad request for changepw ticket");
            make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN,