krb5_cc_copy_cache_match now lives in libkrb5
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13793 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -79,157 +79,6 @@ usage(int ret)
|
||||
exit(ret);
|
||||
}
|
||||
|
||||
|
||||
#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
|
||||
#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
|
||||
#define KRB5_TC_MATCH_FLAGS (1 << 27)
|
||||
#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
|
||||
#define KRB5_TC_MATCH_TIMES (1 << 25)
|
||||
#define KRB5_TC_MATCH_AUTHDATA (1 << 24)
|
||||
#define KRB5_TC_MATCH_2ND_TKT (1 << 23)
|
||||
#define KRB5_TC_MATCH_IS_SKEY (1 << 22)
|
||||
|
||||
static krb5_boolean
|
||||
krb5_data_equal(const krb5_data *a, const krb5_data *b)
|
||||
{
|
||||
if(a->length != b->length)
|
||||
return FALSE;
|
||||
return memcmp(a->data, b->data, a->length) == 0;
|
||||
}
|
||||
|
||||
static krb5_boolean
|
||||
krb5_times_equal(const krb5_times *a, const krb5_times *b)
|
||||
{
|
||||
return a->starttime == b->starttime &&
|
||||
a->authtime == b->authtime &&
|
||||
a->endtime == b->endtime &&
|
||||
a->renew_till == b->renew_till;
|
||||
}
|
||||
|
||||
static krb5_boolean
|
||||
krb5_compare_creds2(krb5_context context, krb5_flags whichfields,
|
||||
const krb5_creds * mcreds, const krb5_creds * creds)
|
||||
{
|
||||
krb5_boolean match = TRUE;
|
||||
|
||||
if (match && mcreds->server) {
|
||||
if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY))
|
||||
match = krb5_principal_compare_any_realm (context, mcreds->server,
|
||||
creds->server);
|
||||
else
|
||||
match = krb5_principal_compare (context, mcreds->server,
|
||||
creds->server);
|
||||
}
|
||||
|
||||
if (match && mcreds->client) {
|
||||
if(whichfields & KRB5_TC_DONT_MATCH_REALM)
|
||||
match = krb5_principal_compare_any_realm (context, mcreds->client,
|
||||
creds->client);
|
||||
else
|
||||
match = krb5_principal_compare (context, mcreds->client,
|
||||
creds->client);
|
||||
}
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
|
||||
match = krb5_enctypes_compatible_keys(context,
|
||||
mcreds->session.keytype,
|
||||
creds->session.keytype);
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
|
||||
match = mcreds->flags.i == creds->flags.i;
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
|
||||
match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
|
||||
match = krb5_times_equal(&mcreds->times, &creds->times);
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_TIMES))
|
||||
/* compare only expiration times */
|
||||
match = (mcreds->times.renew_till <= creds->times.renew_till) &&
|
||||
(mcreds->times.endtime <= creds->times.endtime);
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
|
||||
unsigned int i;
|
||||
if(mcreds->authdata.len != creds->authdata.len)
|
||||
match = FALSE;
|
||||
else
|
||||
for(i = 0; match && i < mcreds->authdata.len; i++)
|
||||
match = (mcreds->authdata.val[i].ad_type ==
|
||||
creds->authdata.val[i].ad_type) &&
|
||||
krb5_data_equal(&mcreds->authdata.val[i].ad_data,
|
||||
&creds->authdata.val[i].ad_data);
|
||||
}
|
||||
if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
|
||||
match = krb5_data_equal(&mcreds->second_ticket, &creds->second_ticket);
|
||||
|
||||
if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
|
||||
match = ((mcreds->second_ticket.length == 0) ==
|
||||
(creds->second_ticket.length == 0));
|
||||
|
||||
return match;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
krb5_cc_next_cred_match(krb5_context context,
|
||||
const krb5_ccache id,
|
||||
krb5_cc_cursor * cursor,
|
||||
krb5_creds * creds,
|
||||
krb5_flags whichfields,
|
||||
const krb5_creds * mcreds)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
while (1) {
|
||||
ret = krb5_cc_next_cred(context, id, cursor, creds);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (mcreds == NULL || krb5_compare_creds2(context, whichfields, mcreds, creds))
|
||||
return 0;
|
||||
krb5_free_cred_contents(context, creds);
|
||||
}
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
krb5_cc_copy_cache_match(krb5_context context,
|
||||
const krb5_ccache from,
|
||||
krb5_ccache to,
|
||||
krb5_flags whichfields,
|
||||
const krb5_creds * mcreds,
|
||||
unsigned int *matched)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_cc_cursor cursor;
|
||||
krb5_creds cred;
|
||||
krb5_principal princ;
|
||||
|
||||
ret = krb5_cc_get_principal(context, from, &princ);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = krb5_cc_initialize(context, to, princ);
|
||||
if (ret) {
|
||||
krb5_free_principal(context, princ);
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_cc_start_seq_get(context, from, &cursor);
|
||||
if (ret) {
|
||||
krb5_free_principal(context, princ);
|
||||
return ret;
|
||||
}
|
||||
if (matched)
|
||||
*matched = 0;
|
||||
while (ret == 0 &&
|
||||
krb5_cc_next_cred_match(context, from, &cursor, &cred,
|
||||
whichfields, mcreds) == 0) {
|
||||
if (matched)
|
||||
(*matched)++;
|
||||
ret = krb5_cc_store_cred(context, to, &cred);
|
||||
krb5_free_cred_contents(context, &cred);
|
||||
}
|
||||
krb5_cc_end_seq_get(context, from, &cursor);
|
||||
krb5_free_principal(context, princ);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t
|
||||
bitswap32(int32_t b)
|
||||
{
|
||||
|
Reference in New Issue
Block a user