krb5_cc_copy_cache_match now lives in libkrb5

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13793 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2004-04-25 19:38:02 +00:00
parent 898468d57e
commit e95a1672b8

View File

@@ -79,157 +79,6 @@ usage(int ret)
exit(ret);
}
#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
#define KRB5_TC_MATCH_FLAGS (1 << 27)
#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
#define KRB5_TC_MATCH_TIMES (1 << 25)
#define KRB5_TC_MATCH_AUTHDATA (1 << 24)
#define KRB5_TC_MATCH_2ND_TKT (1 << 23)
#define KRB5_TC_MATCH_IS_SKEY (1 << 22)
static krb5_boolean
krb5_data_equal(const krb5_data *a, const krb5_data *b)
{
if(a->length != b->length)
return FALSE;
return memcmp(a->data, b->data, a->length) == 0;
}
static krb5_boolean
krb5_times_equal(const krb5_times *a, const krb5_times *b)
{
return a->starttime == b->starttime &&
a->authtime == b->authtime &&
a->endtime == b->endtime &&
a->renew_till == b->renew_till;
}
static krb5_boolean
krb5_compare_creds2(krb5_context context, krb5_flags whichfields,
const krb5_creds * mcreds, const krb5_creds * creds)
{
krb5_boolean match = TRUE;
if (match && mcreds->server) {
if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY))
match = krb5_principal_compare_any_realm (context, mcreds->server,
creds->server);
else
match = krb5_principal_compare (context, mcreds->server,
creds->server);
}
if (match && mcreds->client) {
if(whichfields & KRB5_TC_DONT_MATCH_REALM)
match = krb5_principal_compare_any_realm (context, mcreds->client,
creds->client);
else
match = krb5_principal_compare (context, mcreds->client,
creds->client);
}
if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
match = krb5_enctypes_compatible_keys(context,
mcreds->session.keytype,
creds->session.keytype);
if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
match = mcreds->flags.i == creds->flags.i;
if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
match = krb5_times_equal(&mcreds->times, &creds->times);
if (match && (whichfields & KRB5_TC_MATCH_TIMES))
/* compare only expiration times */
match = (mcreds->times.renew_till <= creds->times.renew_till) &&
(mcreds->times.endtime <= creds->times.endtime);
if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
unsigned int i;
if(mcreds->authdata.len != creds->authdata.len)
match = FALSE;
else
for(i = 0; match && i < mcreds->authdata.len; i++)
match = (mcreds->authdata.val[i].ad_type ==
creds->authdata.val[i].ad_type) &&
krb5_data_equal(&mcreds->authdata.val[i].ad_data,
&creds->authdata.val[i].ad_data);
}
if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
match = krb5_data_equal(&mcreds->second_ticket, &creds->second_ticket);
if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
match = ((mcreds->second_ticket.length == 0) ==
(creds->second_ticket.length == 0));
return match;
}
static krb5_error_code
krb5_cc_next_cred_match(krb5_context context,
const krb5_ccache id,
krb5_cc_cursor * cursor,
krb5_creds * creds,
krb5_flags whichfields,
const krb5_creds * mcreds)
{
krb5_error_code ret;
while (1) {
ret = krb5_cc_next_cred(context, id, cursor, creds);
if (ret)
return ret;
if (mcreds == NULL || krb5_compare_creds2(context, whichfields, mcreds, creds))
return 0;
krb5_free_cred_contents(context, creds);
}
}
static krb5_error_code
krb5_cc_copy_cache_match(krb5_context context,
const krb5_ccache from,
krb5_ccache to,
krb5_flags whichfields,
const krb5_creds * mcreds,
unsigned int *matched)
{
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds cred;
krb5_principal princ;
ret = krb5_cc_get_principal(context, from, &princ);
if (ret)
return ret;
ret = krb5_cc_initialize(context, to, princ);
if (ret) {
krb5_free_principal(context, princ);
return ret;
}
ret = krb5_cc_start_seq_get(context, from, &cursor);
if (ret) {
krb5_free_principal(context, princ);
return ret;
}
if (matched)
*matched = 0;
while (ret == 0 &&
krb5_cc_next_cred_match(context, from, &cursor, &cred,
whichfields, mcreds) == 0) {
if (matched)
(*matched)++;
ret = krb5_cc_store_cred(context, to, &cred);
krb5_free_cred_contents(context, &cred);
}
krb5_cc_end_seq_get(context, from, &cursor);
krb5_free_principal(context, princ);
return ret;
}
static int32_t
bitswap32(int32_t b)
{