add KRB5_TC_MATCH_SRV_NAMEONLY
authorJohn Kohl <jtkohl@mit.edu>
Mon, 18 Feb 1991 16:38:54 +0000 (16:38 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Mon, 18 Feb 1991 16:38:54 +0000 (16:38 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1719 dc483132-0cff-0310-8789-dd5450dbe970

src/include/krb5/ccache.h
src/lib/krb5/ccache/file/fcc_retrv.c
src/lib/krb5/ccache/stdio/scc_retrv.c

index 5ae934859c749887c6da01b6783f60d83c8c5080..90edfb457fc17a8ed56b8b41120500052aca93ed 100644 (file)
@@ -53,6 +53,7 @@ typedef struct _krb5_cc_ops {
 #define        KRB5_TC_MATCH_TIMES_EXACT       0x00000008
 #define        KRB5_TC_MATCH_FLAGS_EXACT       0x00000010
 #define        KRB5_TC_MATCH_AUTHDATA          0x00000020
+#define        KRB5_TC_MATCH_SRV_NAMEONLY      0x00000040
 
 /* for set_flags and other functions */
 #define KRB5_TC_OPENCLOSE              0x00000001
index ac3791195b20a433dcb0a33db50fced096c91d53..69c36c125eee2849a87abd68f707a1eb27c1c5c3 100644 (file)
@@ -28,6 +28,10 @@ static krb5_boolean standard_fields_match
     PROTOTYPE((const krb5_creds *,
               const krb5_creds *));
 
+static krb5_boolean srvname_match
+    PROTOTYPE((const krb5_creds *,
+              const krb5_creds *));
+
 static krb5_boolean authdata_match
     PROTOTYPE ((krb5_authdata * const *, krb5_authdata * const *));
 
@@ -70,7 +74,9 @@ krb5_fcc_retrieve(id, whichfields, mcreds, creds)
          return kret;
 
      while ((kret = krb5_fcc_next_cred(id, &cursor, &fetchcreds)) == KRB5_OK) {
-         if (standard_fields_match(mcreds, &fetchcreds)
+         if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+                  srvname_match(mcreds, &fetchcreds)) ||
+              standard_fields_match(mcreds, &fetchcreds))
              &&
              (! set(KRB5_TC_MATCH_IS_SKEY) ||
               mcreds->is_skey == fetchcreds.is_skey)
@@ -129,6 +135,19 @@ register const krb5_creds *mcreds, *creds;
            krb5_principal_compare(mcreds->server,creds->server));
 }
 
+/* only match the server name portion, not the server realm portion */
+
+static krb5_boolean
+srvname_match(mcreds, creds)
+register const krb5_creds *mcreds, *creds;
+{
+    krb5_boolean retval;
+    retval = krb5_principal_compare(mcreds->client,creds->client);
+    if (retval != TRUE)
+       return retval;
+    return krb5_principal_compare(&(mcreds->server[1]),&(creds->server[1]));
+}
+
 static krb5_boolean
 authdata_match(mdata, data)
     register krb5_authdata * const *mdata, * const *data;
index 0eac3bbe7c71c078d63b40756ab28bb8dcbbd10e..f04ec1f11da413e60d4bd4f0db4b5a95a6700275 100644 (file)
@@ -56,6 +56,20 @@ register const krb5_creds *mcreds, *creds;
            krb5_principal_compare(mcreds->server,creds->server));
 }
 
+/* only match the server name portion, not the server realm portion */
+
+static krb5_boolean
+srvname_match(mcreds, creds)
+register const krb5_creds *mcreds, *creds;
+{
+    krb5_boolean retval;
+    retval = krb5_principal_compare(mcreds->client,creds->client);
+    if (retval != TRUE)
+       return retval;
+    return krb5_principal_compare(&(mcreds->server[1]),&(creds->server[1]));
+}
+
+
 static krb5_boolean
 authdata_match(mdata, data)
     krb5_authdata *const *mdata, *const *data;
@@ -123,7 +137,9 @@ krb5_scc_retrieve(id, whichfields, mcreds, creds)
          return kret;
 
      while ((kret = krb5_scc_next_cred(id, &cursor, &fetchcreds)) == KRB5_OK) {
-         if (standard_fields_match(mcreds, &fetchcreds)
+         if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+                  srvname_match(mcreds, &fetchcreds)) ||
+              standard_fields_match(mcreds, &fetchcreds))
              &&
              (! set(KRB5_TC_MATCH_IS_SKEY) ||
               mcreds->is_skey == fetchcreds.is_skey)