log server principal; send bogus token if it doesn't look like a broken app

author Ken Raeburn <raeburn@mit.edu>

Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)

committer Ken Raeburn <raeburn@mit.edu>

Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)
author Ken Raeburn <raeburn@mit.edu>
Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)
committer Ken Raeburn <raeburn@mit.edu>
Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c

index 7954bac265ba2287767515a258c2bf0f7ccb24e9..fe6d7a8c4c054c69846224587d77a3bc4a61ed3e 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -561,9 +561,18 @@ new_connection(
     ctx_free = 0;
  
  #ifdef CFX_EXERCISE
+   {
+       krb5_data *p1 = &ctx->there->data[0];
+       _log("%s:%d: principal's first component is (%d) '%*s'\n",
+           SFILE, __LINE__, p1->length, p1->length, p1->data);
+   }
     if (ctx->proto == 1
-       && (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
-       && (rand() & 3)) {
+       /* I think the RPC code may be broken.  Don't mess around
+         if we're authenticating to "kadmin/whatever".  */
+       && ctx->there->data[0].data[0] != 'k'
+       /* I *know* the FTP server code is broken.  */
+       && ctx->there->data[0].data[0] != 'f'
+       ) {
         /* Create a bogus token and return it, with status
           GSS_S_CONTINUE_NEEDED.  Save enough data that we can resume
           on the next call.  */
author	Ken Raeburn <raeburn@mit.edu>
	Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Fri, 12 Dec 2003 23:01:45 +0000 (23:01 +0000)