* krshd.c: Don't set checksum_ignored to 1 if checksum_required is

	0; also, if a krb5 client passes in a checksum, check it
	regardless of whether checksum_required is true. [krb5-appl/500]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10286 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 7 insertions, 4 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index a0972b2..63e66c7 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,9 @@
+Mon Nov 17 20:55:31 1997  Tom Yu  <tlyu@mit.edu>
+
+	* krshd.c: Don't set checksum_ignored to 1 if checksum_required is
+	0; also, if a krb5 client passes in a checksum, check it
+	regardless of whether checksum_required is true. [krb5-appl/500]
+
 Wed Nov 12 19:03:02 1997  Tom Yu  <tlyu@mit.edu>
 
 	* forward.c (rd_and_store_for_creds): Don't do the chown.  Avoids
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index ef8766d..7e5573a 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -420,9 +420,6 @@ int main(argc, argv)
 	syslog(LOG_WARNING , "setsockopt (SO_LINGER): %m");
 #endif
 
-    if (!checksum_required && !checksum_ignored)
-	checksum_ignored = 1;
-
     if (checksum_required&&checksum_ignored) {
 	syslog(LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation.");
 	fatal(fd, "Configuration error: mutually exclusive options specified");
@@ -1828,7 +1825,7 @@ recvauth(netf, peersin, valid_checksum)
 						 &authenticator)))
       return status;
     
-    if (authenticator->checksum && checksum_required) {
+    if (authenticator->checksum && !checksum_ignored) {
 	struct sockaddr_in adr;
 	int adr_length = sizeof(adr);
 	char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(locuser)+32);