From: Ken Raeburn Date: Thu, 10 May 2007 02:37:22 +0000 (+0000) Subject: Define and use some inline helper functions for comparing data and authdata structure... X-Git-Tag: krb5-1.7-alpha1~1114 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=86ef9dd0422b95ccf2b29f18847c47b6b9e2e6c5;p=krb5.git Define and use some inline helper functions for comparing data and authdata structures, instead of open-coding checks of multiple fields everywhere. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19544 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index e83d99841..64da72f70 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -1348,22 +1348,17 @@ int default_realm(principal) krb5_principal principal; { char *def_realm; - unsigned int realm_length; int retval; - realm_length = krb5_princ_realm(bsd_context, principal)->length; - if ((retval = krb5_get_default_realm(bsd_context, &def_realm))) { return 0; } - - if ((realm_length != strlen(def_realm)) || - (memcmp(def_realm, krb5_princ_realm(bsd_context, principal)->data, - realm_length))) { + + if (!data_eq_string(*krb5_princ_realm(bsd_context, principal), + def_realm)) { free(def_realm); return 0; } free(def_realm); return 1; } - diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c index 85b94b5e2..2eeadd454 100644 --- a/src/clients/ksu/heuristic.c +++ b/src/clients/ksu/heuristic.c @@ -351,11 +351,8 @@ krb5_error_code get_closest_principal(context, plist, client, found) continue; } - if (krb5_princ_realm(context, *client)->length == - krb5_princ_realm(context, temp_client)->length - && (!memcmp (krb5_princ_realm(context, *client)->data, - krb5_princ_realm(context, temp_client)->data, - krb5_princ_realm(context, temp_client)->length))){ + if (data_eq(*krb5_princ_realm(context, *client), + *krb5_princ_realm(context, temp_client))) { got_one = TRUE; for(j =0; j < cnelem; j ++){ @@ -364,8 +361,7 @@ krb5_error_code get_closest_principal(context, plist, client, found) krb5_data *p2 = krb5_princ_component(context, temp_client, j); - if (!p1 || !p2 || (p1->length != p2->length) || - memcmp(p1->data,p2->data,p1->length)){ + if (!p1 || !p2 || !data_eq(*p1, *p2)) { got_one = FALSE; break; } diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 8e1834240..6c3c94deb 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -540,13 +540,9 @@ krb5_error_code get_best_principal(context, plist, client) return retval; } - if (krb5_princ_realm(context, *client)->length == - krb5_princ_realm(context, temp_client)->length - && (!memcmp (krb5_princ_realm(context, *client)->data, - krb5_princ_realm(context, temp_client)->data, - krb5_princ_realm(context, temp_client)->length))){ - - + if (data_eq(*krb5_princ_realm(context, *client), + *krb5_princ_realm(context, temp_client))) { + if (nelem && krb5_princ_size(context, *client) > 0 && krb5_princ_size(context, temp_client) > 0) { @@ -554,9 +550,8 @@ krb5_error_code get_best_principal(context, plist, client) krb5_princ_component(context, *client, 0); krb5_data *p2 = krb5_princ_component(context, temp_client, 0); - - if ((p1->length == p2->length) && - (!memcmp(p1->data,p2->data,p1->length))){ + + if (data_eq(*p1, *p2)) { if (auth_debug){ fprintf(stderr, diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 98f106475..93a0b1abb 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006 by the Massachusetts Institute of Technology, + * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. * * This software is being provided to you, the LICENSEE, by the @@ -2479,4 +2479,41 @@ void KRB5_CALLCONV krb5_realm_iterator_free void KRB5_CALLCONV krb5_free_realm_string (krb5_context context, char *str); +/* Some data comparison and conversion functions. */ +#if 0 +static inline int data_cmp(krb5_data d1, krb5_data d2) +{ + if (d1.length < d2.length) return -1; + if (d1.length > d2.length) return 1; + return memcmp(d1.data, d2.data, d1.length); +} +static inline int data_eq (krb5_data d1, krb5_data d2) +{ + return data_cmp(d1, d2) == 0; +} +#else +static inline int data_eq (krb5_data d1, krb5_data d2) +{ + return (d1.length == d2.length + && !memcmp(d1.data, d2.data, d1.length)); +} +#endif +static inline krb5_data string2data (char *str) +{ + krb5_data d; + d.magic = KV5M_DATA; + d.length = strlen(str); + d.data = str; + return d; +} +static inline int data_eq_string (krb5_data d, char *s) +{ + return data_eq(d, string2data(s)); +} +static inline int authdata_eq (krb5_authdata a1, krb5_authdata a2) +{ + return (a1.ad_type == a2.ad_type + && a1.length == a2.length + && !memcmp(a1.contents, a2.contents, a1.length)); +} #endif /* _KRB5_INT_H */ diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 8e960cb04..ef1fab01f 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -1,7 +1,7 @@ /* * kdc/do_tgs_req.c * - * Copyright 1990,1991,2001 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2001,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -173,8 +173,7 @@ tgt_again: krb5_data *tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1); - if (!tgs_1 || server_1->length != tgs_1->length || - memcmp(server_1->data, tgs_1->data, tgs_1->length)) { + if (!tgs_1 || !data_eq(*server_1, *tgs_1)) { krb5_db_free_principal(kdc_context, &server, nprincs); find_alternate_tgs(request, &server, &more, &nprincs); firstpass = 0; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index aeabc5c65..2a28f4fa6 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1,7 +1,7 @@ /* * kdc/kdc_util.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -137,11 +137,10 @@ concat_authorization_data(krb5_authdata **first, krb5_authdata **second, krb5_boolean realm_compare(krb5_principal princ1, krb5_principal princ2) { - krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1); - krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2); + krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1); + krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2); - return((realm1->length == realm2->length) && - !memcmp(realm1->data, realm2->data, realm1->length)); + return data_eq(*realm1, *realm2); } /* @@ -150,13 +149,11 @@ realm_compare(krb5_principal princ1, krb5_principal princ2) */ krb5_boolean krb5_is_tgs_principal(krb5_principal principal) { - if ((krb5_princ_size(kdc_context, principal) > 0) && - (krb5_princ_component(kdc_context, principal, 0)->length == - KRB5_TGS_NAME_SIZE) && - (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, - KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) - return TRUE; - return FALSE; + if ((krb5_princ_size(kdc_context, principal) > 0) && + data_eq_string (*krb5_princ_component(kdc_context, principal, 0), + KRB5_TGS_NAME)) + return TRUE; + return FALSE; } /* @@ -237,11 +234,8 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, we set a flag here for checking below. */ - if ((krb5_princ_realm(kdc_context, apreq->ticket->server)->length != - krb5_princ_realm(kdc_context, tgs_server)->length) || - memcmp(krb5_princ_realm(kdc_context, apreq->ticket->server)->data, - krb5_princ_realm(kdc_context, tgs_server)->data, - krb5_princ_realm(kdc_context, tgs_server)->length)) + if (!data_eq(*krb5_princ_realm(kdc_context, apreq->ticket->server), + *krb5_princ_realm(kdc_context, tgs_server))) foreign_server = TRUE; if ((retval = krb5_auth_con_init(kdc_context, &auth_context))) @@ -332,8 +326,7 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, krb5_data *tkt_realm = krb5_princ_realm(kdc_context, (*ticket)->enc_part2->client); krb5_data *tgs_realm = krb5_princ_realm(kdc_context, tgs_server); - if (tkt_realm->length == tgs_realm->length && - !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) { + if (data_eq(*tkt_realm, *tgs_realm)) { /* someone in a foreign realm claiming to be local */ krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check"); retval = KRB5KDC_ERR_POLICY; @@ -1173,11 +1166,8 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, } /* ...and that the second component matches the server realm... */ if ((krb5_princ_size(kdc_context, ticket->server) <= 1) || - (krb5_princ_component(kdc_context, ticket->server, 1)->length != - krb5_princ_realm(kdc_context, request->server)->length) || - memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data, - krb5_princ_realm(kdc_context, request->server)->data, - krb5_princ_realm(kdc_context, request->server)->length)) { + !data_eq(*krb5_princ_component(kdc_context, ticket->server, 1), + *krb5_princ_realm(kdc_context, request->server))) { *status = "BAD TGS SERVER INSTANCE"; return KRB_AP_ERR_NOT_US; } @@ -1235,9 +1225,7 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, /* can not proxy ticket granting tickets */ if (isflagset(request->kdc_options, KDC_OPT_PROXY) && (!request->server->data || - request->server->data[0].length != KRB5_TGS_NAME_SIZE || - memcmp(request->server->data[0].data, KRB5_TGS_NAME, - KRB5_TGS_NAME_SIZE))) { + !data_eq_string(request->server->data[0], KRB5_TGS_NAME))) { *status = "CAN'T PROXY TGT"; return KDC_ERR_BADOPTION; } diff --git a/src/krb524/k524init.c b/src/krb524/k524init.c index 73f3650ed..c611b2e5c 100644 --- a/src/krb524/k524init.c +++ b/src/krb524/k524init.c @@ -21,6 +21,7 @@ */ #include "autoconf.h" +#include "k5-int.h" /* for data_eq */ #include #include "com_err.h" @@ -122,8 +123,7 @@ int main(argc, argv) if (!nodelete) { krb5_data *crealm = krb5_princ_realm (context, client); krb5_data *srealm = krb5_princ_realm (context, server); - if (crealm->length != srealm->length - || memcmp (crealm->data, srealm->data, crealm->length)) { + if (!data_eq(*crealm, *srealm)) { /* Since krb4 ticket files don't store the realm name separately, and the client realm is assumed to be the realm of the first ticket, let's not store an initial diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c index 43c9da7d0..d6bdaca5b 100644 --- a/src/lib/krb5/ccache/cc_retr.c +++ b/src/lib/krb5/ccache/cc_retr.c @@ -1,7 +1,7 @@ /* * lib/krb5/ccache/cc_retr.c * - * Copyright 1990,1991,1999 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,1999,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -114,11 +114,7 @@ data_match(const krb5_data *data1, const krb5_data *data2) } if (!data2) return FALSE; - if (data1->length != data2->length) - return FALSE; - else - return memcmp(data1->data, data2->data, (unsigned) data1->length) - ? FALSE : TRUE; + return data_eq(*data1, *data2) ? TRUE : FALSE; } static int @@ -352,17 +348,11 @@ krb5_creds_compare (krb5_context in_context, } if (equal) { - equal = (in_creds->ticket.length == in_compare_creds->ticket.length && - (!in_creds->ticket.length || - !memcmp (in_creds->ticket.data, in_compare_creds->ticket.data, - in_creds->ticket.length))); + equal = data_eq(in_creds->ticket, in_compare_creds->ticket); } if (equal) { - equal = (in_creds->second_ticket.length == in_compare_creds->second_ticket.length && - (!in_creds->second_ticket.length || - !memcmp (in_creds->second_ticket.data, in_compare_creds->second_ticket.data, - in_creds->second_ticket.length))); + equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket); } if (equal) { @@ -372,11 +362,7 @@ krb5_creds_compare (krb5_context in_context, if (authdata && compare_authdata) { for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) { - equal = (authdata[i]->ad_type == compare_authdata[i]->ad_type && - authdata[i]->length == compare_authdata[i]->length && - (!authdata[i]->length || - !memcmp (authdata[i]->contents, compare_authdata[i]->contents, - authdata[i]->length))); + equal = authdata_eq(*authdata[i], *compare_authdata[i]); } if (equal) { equal = (!authdata[i] && !compare_authdata[i]); } } else { diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 9fe73c878..2a2854259 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/chk_trans.c * - * Copyright 2001 by the Massachusetts Institute of Technology. + * Copyright 2001, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -292,13 +292,6 @@ struct check_data { krb5_principal *tgs; }; -static int -same_data (krb5_data *d1, krb5_data *d2) -{ - return (d1->length == d2->length - && !memcmp (d1->data, d2->data, d1->length)); -} - static krb5_error_code check_realm_in_list (krb5_data *realm, void *data) { @@ -307,7 +300,7 @@ check_realm_in_list (krb5_data *realm, void *data) Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data)); for (i = 0; cdata->tgs[i]; i++) { - if (same_data (krb5_princ_realm (cdata->ctx, cdata->tgs[i]), realm)) + if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm)) return 0; } Tprintf (("BAD!\n")); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 5b9d3917a..a064a8e52 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994,2003,2005 by the Massachusetts Institute of Technology. + * Copyright (c) 1994,2003,2005,2007 by the Massachusetts Institute of Technology. * Copyright (c) 1994 CyberSAFE Corporation * Copyright (c) 1993 Open Computing Security Group * Copyright (c) 1990,1991 by the Massachusetts Institute of Technology. @@ -139,12 +139,9 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal); #define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \ (r) != KRB5_CC_NOT_KTYPE) -#define IS_TGS_PRINC(c, p) \ - ((krb5_princ_size((c), (p)) == 2) && \ - (krb5_princ_component((c), (p), 0)->length == \ - KRB5_TGS_NAME_SIZE) && \ - (!memcmp(krb5_princ_component((c), (p), 0)->data, \ - KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) +#define IS_TGS_PRINC(c, p) \ + (krb5_princ_size((c), (p)) == 2 && \ + data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) /* * Flags for ccache lookups of cross-realm TGTs. @@ -447,9 +444,7 @@ find_nxt_kdc(struct tr_state *ts) r2 = krb5_princ_component(ts->ctx, *kdcptr, 1); - if (r1 != NULL && r2 != NULL && - r1->length == r2->length && - !memcmp(r1->data, r2->data, r1->length)) { + if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) { break; } } @@ -929,8 +924,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, r1 = &referral_tgts[referral_count-1]->server->data[1]; r2 = &(*out_cred)->server->data[1]; - if (r1->length == r2->length && - !memcmp(r1->data, r2->data, r1->length)) { + if (data_eq(*r1, *r2)) { DPRINTF(("gc_from_kdc: referred back to " "previous realm; fall back\n")); krb5_free_creds(context, *out_cred); diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 8ee5721a7..9d992d810 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/gc_via_tgt.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -33,12 +33,9 @@ #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) -#define IS_TGS_PRINC(c, p) \ - ((krb5_princ_size((c), (p)) == 2) && \ - (krb5_princ_component((c), (p), 0)->length == \ - KRB5_TGS_NAME_SIZE) && \ - (!memcmp(krb5_princ_component((c), (p), 0)->data, \ - KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) +#define IS_TGS_PRINC(c, p) \ + (krb5_princ_size((c), (p)) == 2 && \ + data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) static krb5_error_code krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds) @@ -146,9 +143,7 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, * effectively checks this. */ if (krb5_realm_compare(context, in_cred->client, in_cred->server) && - in_cred->server->data[1].length == in_cred->client->realm.length && - !memcmp(in_cred->client->realm.data, in_cred->server->data[1].data, - in_cred->client->realm.length)) { + data_eq(*in_cred->server->data[1], *in_cred->client->realm) { /* Attempted to rewrite local TGS. */ return KRB5_KDCREP_MODIFIED; } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index cb1a652bd..6e033ad91 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/princ_comp.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -33,11 +33,8 @@ krb5_boolean KRB5_CALLCONV krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) { - if (krb5_princ_realm(context, princ1)->length != - krb5_princ_realm(context, princ2)->length || - memcmp (krb5_princ_realm(context, princ1)->data, - krb5_princ_realm(context, princ2)->data, - krb5_princ_realm(context, princ2)->length)) + if (!data_eq(*krb5_princ_realm(context, princ1), + *krb5_princ_realm(context, princ2))) return FALSE; return TRUE; @@ -59,8 +56,7 @@ krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_c for (i = 0; i < (int) nelem; i++) { register const krb5_data *p1 = krb5_princ_component(context, princ1, i); register const krb5_data *p2 = krb5_princ_component(context, princ2, i); - if (p1->length != p2->length || - memcmp(p1->data, p2->data, p1->length)) + if (!data_eq(*p1, *p2)) return FALSE; } return TRUE; diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index a4f825a76..2ab5da5d4 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -2,7 +2,7 @@ * lib/krb5/krb/rd_req_dec.c * * Copyright (c) 1994 CyberSAFE Corporation. - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -189,9 +189,8 @@ goto cleanup; */ krb5_get_default_realm(context, &lrealm); if ((trans->tr_contents.data && trans->tr_contents.data[0]) || - strlen(lrealm) != realm->length || - memcmp(lrealm, realm->data, strlen(lrealm))) { - retval = KRB5KRB_AP_ERR_ILL_CR_TKT; + !data_eq_string(*realm, lrealm)) { + retval = KRB5KRB_AP_ERR_ILL_CR_TKT; } free(lrealm); } diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index 0d3188309..d04b85cdb 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/an_to_ln.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -630,8 +630,7 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne if ((retval = krb5_get_default_realm(context, &def_realm))) { return(retval); } - if (((size_t) realm_length != strlen(def_realm)) || - (memcmp(def_realm, krb5_princ_realm(context, aname)->data, realm_length))) { + if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) { free(def_realm); return KRB5_LNAME_NOTRANS; }