From 927c6adc1eafaefd9222c83bc1a04f50d407de9e Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sat, 21 Mar 1998 02:07:10 +0000 Subject: [PATCH] Unifdef test for same principal when changing password. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4630 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/server.c | 8 ++++++++ lib/kadm5/server.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/kadmin/server.c b/kadmin/server.c index c207b5515..28d0f2197 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -293,10 +293,14 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) } krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); +#if 0 /* anyone can change her/his own password */ + /* but not until there is a way to ensure that the + authentication was done via an initial ticket request */ if(!krb5_principal_compare(context->context, context->caller, princ)) ret = KADM5_AUTH_INSUFFICIENT; if(ret) +#endif ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); if(ret){ krb5_free_principal(context->context, princ); @@ -317,10 +321,14 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) goto fail; krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); +#if 0 /* anyone can change her/his own password */ + /* but not until there is a way to ensure that the + authentication was done via an initial ticket request */ if(!krb5_principal_compare(context->context, context->caller, princ)) ret = KADM5_AUTH_INSUFFICIENT; if(ret) +#endif ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); if(ret){ krb5_free_principal(context->context, princ); diff --git a/lib/kadm5/server.c b/lib/kadm5/server.c index c207b5515..28d0f2197 100644 --- a/lib/kadm5/server.c +++ b/lib/kadm5/server.c @@ -293,10 +293,14 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) } krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); +#if 0 /* anyone can change her/his own password */ + /* but not until there is a way to ensure that the + authentication was done via an initial ticket request */ if(!krb5_principal_compare(context->context, context->caller, princ)) ret = KADM5_AUTH_INSUFFICIENT; if(ret) +#endif ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); if(ret){ krb5_free_principal(context->context, princ); @@ -317,10 +321,14 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp) goto fail; krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_warnx(context->context, "%s: %s %s", client, op, name); +#if 0 /* anyone can change her/his own password */ + /* but not until there is a way to ensure that the + authentication was done via an initial ticket request */ if(!krb5_principal_compare(context->context, context->caller, princ)) ret = KADM5_AUTH_INSUFFICIENT; if(ret) +#endif ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW); if(ret){ krb5_free_principal(context->context, princ);