From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 12 Dec 2003 23:01:45 +0000 (+0000)
Subject: log server principal; send bogus token if it doesn't look like a broken app
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51939d243032b81530ad2a5220c47ba4908931aa;p=thirdparty%2Fkrb5.git

log server principal; send bogus token if it doesn't look like a broken app

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/raeburn-gssapi-cfx@15888 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 7954bac265..fe6d7a8c4c 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -561,9 +561,18 @@ new_connection(
    ctx_free = 0;
 
 #ifdef CFX_EXERCISE
+   {
+       krb5_data *p1 = &ctx->there->data[0];
+       _log("%s:%d: principal's first component is (%d) '%*s'\n",
+	    SFILE, __LINE__, p1->length, p1->length, p1->data);
+   }
    if (ctx->proto == 1
-       && (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
-       && (rand() & 3)) {
+       /* I think the RPC code may be broken.  Don't mess around
+	  if we're authenticating to "kadmin/whatever".  */
+       && ctx->there->data[0].data[0] != 'k'
+       /* I *know* the FTP server code is broken.  */
+       && ctx->there->data[0].data[0] != 'f'
+       ) {
        /* Create a bogus token and return it, with status
 	  GSS_S_CONTINUE_NEEDED.  Save enough data that we can resume
 	  on the next call.  */