summaryrefslogtreecommitdiff
blob: 8ea1458580dedb7e62af909f97eea7f54000a269 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
--- openafs/src/kauth/kaprocs.c	6 Sep 2002 02:44:03 -0000	1.12
+++ openafs/src/kauth/kaprocs.c	18 Mar 2003 03:56:18 -0000	1.13
@@ -1706,6 +1706,11 @@
     celllen = strlen (cell);
     if (import && (celllen == 0)) {code = KABADTICKET; goto abort;}
     if (export && (celllen == 0)) strcpy (cell, lrealm);
+
+    if (!krb4_cross && celllen && strcmp(lrealm, cell) != 0) {
+      code = KABADUSER;
+      goto abort;
+    }
 
     des_ecb_encrypt (atimes->SeqBody, &times, schedule, DECRYPT);
     times.start = ntohl(times.start);
--- openafs/src/kauth/kaserver.c	21 Aug 2002 18:13:22 -0000	1.13
+++ openafs/src/kauth/kaserver.c	18 Mar 2003 03:56:18 -0000	1.14
@@ -56,6 +56,8 @@
 struct ubik_dbase *KA_dbase;
 afs_int32 myHost = 0;
 afs_int32 verbose_track = 1;
+afs_int32 krb4_cross = 0;
+
 struct afsconf_dir *KA_conf;		/* for getting cell info */
 
 extern afs_int32 ubik_lastYesTime;
@@ -193,6 +195,7 @@
       usage:
         printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
 	       "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
+	       "[-crossrealm]"
 	       /*" [-enable_peer_stats] [-enable_process_stats] " */
 	       "[-help]\n");
 	exit(1);
@@ -250,6 +253,7 @@
 	else if (IsArg("-clear")) level = rxkad_clear;
 	else if (IsArg("-sorry")) level = rxkad_clear;
 	else if (IsArg("-debug")) verbose_track = 0;
+	else if (IsArg("-crossrealm")) krb4_cross = 1;
 	else if (IsArg("-minhours")) {
              MinHours = atoi(argv[++a]);
         }
--- openafs/src/kauth/kaserver.h	4 Nov 2000 10:04:39 -0000	1.2
+++ openafs/src/kauth/kaserver.h	18 Mar 2003 23:47:51 -0000	1.4
@@ -179,6 +179,7 @@
   u_int   locktime
 );
 
+extern afs_int32 krb4_cross;
 
 #define LOCKPW
 
--- openafs/src/kauth/krb_udp.c	22 Aug 2002 18:45:16 -0000	1.20
+++ openafs/src/kauth/krb_udp.c	18 Mar 2003 03:56:18 -0000	1.21
@@ -461,6 +461,11 @@
 	strncpy (cell, lrealm, MAXKTCREALMLEN-1);
 	cell[MAXKTCREALMLEN-1] = 0;
     };
+
+    if (!krb4_cross && strcmp(lrealm, cell) != 0) {
+	code = KERB_ERR_PRINCIPAL_UNKNOWN;
+	goto abort;
+    }
 
     if (krb_udp_debug) {
 	printf ("UGetTicket: got ticket from '%s'.'%s'@'%s'\n",