krb5_principal principal;
{
char *def_realm;
- unsigned int realm_length;
int retval;
- realm_length = krb5_princ_realm(bsd_context, principal)->length;
-
if ((retval = krb5_get_default_realm(bsd_context, &def_realm))) {
return 0;
}
-
- if ((realm_length != strlen(def_realm)) ||
- (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data,
- realm_length))) {
+
+ if (!data_eq_string(*krb5_princ_realm(bsd_context, principal),
+ def_realm)) {
free(def_realm);
return 0;
}
free(def_realm);
return 1;
}
-
continue;
}
- if (krb5_princ_realm(context, *client)->length ==
- krb5_princ_realm(context, temp_client)->length
- && (!memcmp (krb5_princ_realm(context, *client)->data,
- krb5_princ_realm(context, temp_client)->data,
- krb5_princ_realm(context, temp_client)->length))){
+ if (data_eq(*krb5_princ_realm(context, *client),
+ *krb5_princ_realm(context, temp_client))) {
got_one = TRUE;
for(j =0; j < cnelem; j ++){
krb5_data *p2 =
krb5_princ_component(context, temp_client, j);
- if (!p1 || !p2 || (p1->length != p2->length) ||
- memcmp(p1->data,p2->data,p1->length)){
+ if (!p1 || !p2 || !data_eq(*p1, *p2)) {
got_one = FALSE;
break;
}
return retval;
}
- if (krb5_princ_realm(context, *client)->length ==
- krb5_princ_realm(context, temp_client)->length
- && (!memcmp (krb5_princ_realm(context, *client)->data,
- krb5_princ_realm(context, temp_client)->data,
- krb5_princ_realm(context, temp_client)->length))){
-
-
+ if (data_eq(*krb5_princ_realm(context, *client),
+ *krb5_princ_realm(context, temp_client))) {
+
if (nelem &&
krb5_princ_size(context, *client) > 0 &&
krb5_princ_size(context, temp_client) > 0) {
krb5_princ_component(context, *client, 0);
krb5_data *p2 =
krb5_princ_component(context, temp_client, 0);
-
- if ((p1->length == p2->length) &&
- (!memcmp(p1->data,p2->data,p1->length))){
+
+ if (data_eq(*p1, *p2)) {
if (auth_debug){
fprintf(stderr,
/*
- * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology,
+ * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007 by the Massachusetts Institute of Technology,
* Cambridge, MA, USA. All Rights Reserved.
*
* This software is being provided to you, the LICENSEE, by the
void KRB5_CALLCONV krb5_free_realm_string
(krb5_context context, char *str);
+/* Some data comparison and conversion functions. */
+#if 0
+static inline int data_cmp(krb5_data d1, krb5_data d2)
+{
+ if (d1.length < d2.length) return -1;
+ if (d1.length > d2.length) return 1;
+ return memcmp(d1.data, d2.data, d1.length);
+}
+static inline int data_eq (krb5_data d1, krb5_data d2)
+{
+ return data_cmp(d1, d2) == 0;
+}
+#else
+static inline int data_eq (krb5_data d1, krb5_data d2)
+{
+ return (d1.length == d2.length
+ && !memcmp(d1.data, d2.data, d1.length));
+}
+#endif
+static inline krb5_data string2data (char *str)
+{
+ krb5_data d;
+ d.magic = KV5M_DATA;
+ d.length = strlen(str);
+ d.data = str;
+ return d;
+}
+static inline int data_eq_string (krb5_data d, char *s)
+{
+ return data_eq(d, string2data(s));
+}
+static inline int authdata_eq (krb5_authdata a1, krb5_authdata a2)
+{
+ return (a1.ad_type == a2.ad_type
+ && a1.length == a2.length
+ && !memcmp(a1.contents, a2.contents, a1.length));
+}
#endif /* _KRB5_INT_H */
/*
* kdc/do_tgs_req.c
*
- * Copyright 1990,1991,2001 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2001,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_data *tgs_1 =
krb5_princ_component(kdc_context, tgs_server, 1);
- if (!tgs_1 || server_1->length != tgs_1->length ||
- memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
+ if (!tgs_1 || !data_eq(*server_1, *tgs_1)) {
krb5_db_free_principal(kdc_context, &server, nprincs);
find_alternate_tgs(request, &server, &more, &nprincs);
firstpass = 0;
/*
* kdc/kdc_util.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_boolean
realm_compare(krb5_principal princ1, krb5_principal princ2)
{
- krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1);
- krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2);
+ krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1);
+ krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2);
- return((realm1->length == realm2->length) &&
- !memcmp(realm1->data, realm2->data, realm1->length));
+ return data_eq(*realm1, *realm2);
}
/*
*/
krb5_boolean krb5_is_tgs_principal(krb5_principal principal)
{
- if ((krb5_princ_size(kdc_context, principal) > 0) &&
- (krb5_princ_component(kdc_context, principal, 0)->length ==
- KRB5_TGS_NAME_SIZE) &&
- (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data,
- KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
- return TRUE;
- return FALSE;
+ if ((krb5_princ_size(kdc_context, principal) > 0) &&
+ data_eq_string (*krb5_princ_component(kdc_context, principal, 0),
+ KRB5_TGS_NAME))
+ return TRUE;
+ return FALSE;
}
/*
we set a flag here for checking below.
*/
- if ((krb5_princ_realm(kdc_context, apreq->ticket->server)->length !=
- krb5_princ_realm(kdc_context, tgs_server)->length) ||
- memcmp(krb5_princ_realm(kdc_context, apreq->ticket->server)->data,
- krb5_princ_realm(kdc_context, tgs_server)->data,
- krb5_princ_realm(kdc_context, tgs_server)->length))
+ if (!data_eq(*krb5_princ_realm(kdc_context, apreq->ticket->server),
+ *krb5_princ_realm(kdc_context, tgs_server)))
foreign_server = TRUE;
if ((retval = krb5_auth_con_init(kdc_context, &auth_context)))
krb5_data *tkt_realm = krb5_princ_realm(kdc_context,
(*ticket)->enc_part2->client);
krb5_data *tgs_realm = krb5_princ_realm(kdc_context, tgs_server);
- if (tkt_realm->length == tgs_realm->length &&
- !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) {
+ if (data_eq(*tkt_realm, *tgs_realm)) {
/* someone in a foreign realm claiming to be local */
krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check");
retval = KRB5KDC_ERR_POLICY;
}
/* ...and that the second component matches the server realm... */
if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
- (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
- krb5_princ_realm(kdc_context, request->server)->length) ||
- memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
- krb5_princ_realm(kdc_context, request->server)->data,
- krb5_princ_realm(kdc_context, request->server)->length)) {
+ !data_eq(*krb5_princ_component(kdc_context, ticket->server, 1),
+ *krb5_princ_realm(kdc_context, request->server))) {
*status = "BAD TGS SERVER INSTANCE";
return KRB_AP_ERR_NOT_US;
}
/* can not proxy ticket granting tickets */
if (isflagset(request->kdc_options, KDC_OPT_PROXY) &&
(!request->server->data ||
- request->server->data[0].length != KRB5_TGS_NAME_SIZE ||
- memcmp(request->server->data[0].data, KRB5_TGS_NAME,
- KRB5_TGS_NAME_SIZE))) {
+ !data_eq_string(request->server->data[0], KRB5_TGS_NAME))) {
*status = "CAN'T PROXY TGT";
return KDC_ERR_BADOPTION;
}
*/
#include "autoconf.h"
+#include "k5-int.h" /* for data_eq */
#include <krb5.h>
#include "com_err.h"
if (!nodelete) {
krb5_data *crealm = krb5_princ_realm (context, client);
krb5_data *srealm = krb5_princ_realm (context, server);
- if (crealm->length != srealm->length
- || memcmp (crealm->data, srealm->data, crealm->length)) {
+ if (!data_eq(*crealm, *srealm)) {
/* Since krb4 ticket files don't store the realm name
separately, and the client realm is assumed to be the
realm of the first ticket, let's not store an initial
/*
* lib/krb5/ccache/cc_retr.c
*
- * Copyright 1990,1991,1999 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,1999,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
}
if (!data2) return FALSE;
- if (data1->length != data2->length)
- return FALSE;
- else
- return memcmp(data1->data, data2->data, (unsigned) data1->length)
- ? FALSE : TRUE;
+ return data_eq(*data1, *data2) ? TRUE : FALSE;
}
static int
}
if (equal) {
- equal = (in_creds->ticket.length == in_compare_creds->ticket.length &&
- (!in_creds->ticket.length ||
- !memcmp (in_creds->ticket.data, in_compare_creds->ticket.data,
- in_creds->ticket.length)));
+ equal = data_eq(in_creds->ticket, in_compare_creds->ticket);
}
if (equal) {
- equal = (in_creds->second_ticket.length == in_compare_creds->second_ticket.length &&
- (!in_creds->second_ticket.length ||
- !memcmp (in_creds->second_ticket.data, in_compare_creds->second_ticket.data,
- in_creds->second_ticket.length)));
+ equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket);
}
if (equal) {
if (authdata && compare_authdata) {
for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) {
- equal = (authdata[i]->ad_type == compare_authdata[i]->ad_type &&
- authdata[i]->length == compare_authdata[i]->length &&
- (!authdata[i]->length ||
- !memcmp (authdata[i]->contents, compare_authdata[i]->contents,
- authdata[i]->length)));
+ equal = authdata_eq(*authdata[i], *compare_authdata[i]);
}
if (equal) { equal = (!authdata[i] && !compare_authdata[i]); }
} else {
/*
* lib/krb5/krb/chk_trans.c
*
- * Copyright 2001 by the Massachusetts Institute of Technology.
+ * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_principal *tgs;
};
-static int
-same_data (krb5_data *d1, krb5_data *d2)
-{
- return (d1->length == d2->length
- && !memcmp (d1->data, d2->data, d1->length));
-}
-
static krb5_error_code
check_realm_in_list (krb5_data *realm, void *data)
{
Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data));
for (i = 0; cdata->tgs[i]; i++) {
- if (same_data (krb5_princ_realm (cdata->ctx, cdata->tgs[i]), realm))
+ if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm))
return 0;
}
Tprintf (("BAD!\n"));
/*
- * Copyright (c) 1994,2003,2005 by the Massachusetts Institute of Technology.
+ * Copyright (c) 1994,2003,2005,2007 by the Massachusetts Institute of Technology.
* Copyright (c) 1994 CyberSAFE Corporation
* Copyright (c) 1993 Open Computing Security Group
* Copyright (c) 1990,1991 by the Massachusetts Institute of Technology.
#define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \
(r) != KRB5_CC_NOT_KTYPE)
-#define IS_TGS_PRINC(c, p) \
- ((krb5_princ_size((c), (p)) == 2) && \
- (krb5_princ_component((c), (p), 0)->length == \
- KRB5_TGS_NAME_SIZE) && \
- (!memcmp(krb5_princ_component((c), (p), 0)->data, \
- KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
+#define IS_TGS_PRINC(c, p) \
+ (krb5_princ_size((c), (p)) == 2 && \
+ data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME))
/*
* Flags for ccache lookups of cross-realm TGTs.
r2 = krb5_princ_component(ts->ctx, *kdcptr, 1);
- if (r1 != NULL && r2 != NULL &&
- r1->length == r2->length &&
- !memcmp(r1->data, r2->data, r1->length)) {
+ if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) {
break;
}
}
r1 = &referral_tgts[referral_count-1]->server->data[1];
r2 = &(*out_cred)->server->data[1];
- if (r1->length == r2->length &&
- !memcmp(r1->data, r2->data, r1->length)) {
+ if (data_eq(*r1, *r2)) {
DPRINTF(("gc_from_kdc: referred back to "
"previous realm; fall back\n"));
krb5_free_creds(context, *out_cred);
/*
* lib/krb5/krb/gc_via_tgt.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
-#define IS_TGS_PRINC(c, p) \
- ((krb5_princ_size((c), (p)) == 2) && \
- (krb5_princ_component((c), (p), 0)->length == \
- KRB5_TGS_NAME_SIZE) && \
- (!memcmp(krb5_princ_component((c), (p), 0)->data, \
- KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
+#define IS_TGS_PRINC(c, p) \
+ (krb5_princ_size((c), (p)) == 2 && \
+ data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME))
static krb5_error_code
krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds)
* effectively checks this.
*/
if (krb5_realm_compare(context, in_cred->client, in_cred->server) &&
- in_cred->server->data[1].length == in_cred->client->realm.length &&
- !memcmp(in_cred->client->realm.data, in_cred->server->data[1].data,
- in_cred->client->realm.length)) {
+ data_eq(*in_cred->server->data[1], *in_cred->client->realm) {
/* Attempted to rewrite local TGS. */
return KRB5_KDCREP_MODIFIED;
}
/*
* lib/krb5/krb/princ_comp.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
krb5_boolean KRB5_CALLCONV
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
{
- if (krb5_princ_realm(context, princ1)->length !=
- krb5_princ_realm(context, princ2)->length ||
- memcmp (krb5_princ_realm(context, princ1)->data,
- krb5_princ_realm(context, princ2)->data,
- krb5_princ_realm(context, princ2)->length))
+ if (!data_eq(*krb5_princ_realm(context, princ1),
+ *krb5_princ_realm(context, princ2)))
return FALSE;
return TRUE;
for (i = 0; i < (int) nelem; i++) {
register const krb5_data *p1 = krb5_princ_component(context, princ1, i);
register const krb5_data *p2 = krb5_princ_component(context, princ2, i);
- if (p1->length != p2->length ||
- memcmp(p1->data, p2->data, p1->length))
+ if (!data_eq(*p1, *p2))
return FALSE;
}
return TRUE;
* lib/krb5/krb/rd_req_dec.c
*
* Copyright (c) 1994 CyberSAFE Corporation.
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
*/
krb5_get_default_realm(context, &lrealm);
if ((trans->tr_contents.data && trans->tr_contents.data[0]) ||
- strlen(lrealm) != realm->length ||
- memcmp(lrealm, realm->data, strlen(lrealm))) {
- retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+ !data_eq_string(*realm, lrealm)) {
+ retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
}
free(lrealm);
}
/*
* lib/krb5/os/an_to_ln.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
if ((retval = krb5_get_default_realm(context, &def_realm))) {
return(retval);
}
- if (((size_t) realm_length != strlen(def_realm)) ||
- (memcmp(def_realm, krb5_princ_realm(context, aname)->data, realm_length))) {
+ if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) {
free(def_realm);
return KRB5_LNAME_NOTRANS;
}
projects / krb5.git / commitdiff