From 5f9be9ecf927d0e1ba01b4753c6cf449f2308f8f Mon Sep 17 00:00:00 2001 From: John Kohl Date: Mon, 18 Feb 1991 16:38:54 +0000 Subject: [PATCH] add KRB5_TC_MATCH_SRV_NAMEONLY git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1719 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/ccache.h | 1 + src/lib/krb5/ccache/file/fcc_retrv.c | 21 ++++++++++++++++++++- src/lib/krb5/ccache/stdio/scc_retrv.c | 18 +++++++++++++++++- 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/src/include/krb5/ccache.h b/src/include/krb5/ccache.h index 5ae934859..90edfb457 100644 --- a/src/include/krb5/ccache.h +++ b/src/include/krb5/ccache.h @@ -53,6 +53,7 @@ typedef struct _krb5_cc_ops { #define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 #define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 #define KRB5_TC_MATCH_AUTHDATA 0x00000020 +#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 /* for set_flags and other functions */ #define KRB5_TC_OPENCLOSE 0x00000001 diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index ac3791195..69c36c125 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -28,6 +28,10 @@ static krb5_boolean standard_fields_match PROTOTYPE((const krb5_creds *, const krb5_creds *)); +static krb5_boolean srvname_match + PROTOTYPE((const krb5_creds *, + const krb5_creds *)); + static krb5_boolean authdata_match PROTOTYPE ((krb5_authdata * const *, krb5_authdata * const *)); @@ -70,7 +74,9 @@ krb5_fcc_retrieve(id, whichfields, mcreds, creds) return kret; while ((kret = krb5_fcc_next_cred(id, &cursor, &fetchcreds)) == KRB5_OK) { - if (standard_fields_match(mcreds, &fetchcreds) + if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && + srvname_match(mcreds, &fetchcreds)) || + standard_fields_match(mcreds, &fetchcreds)) && (! set(KRB5_TC_MATCH_IS_SKEY) || mcreds->is_skey == fetchcreds.is_skey) @@ -129,6 +135,19 @@ register const krb5_creds *mcreds, *creds; krb5_principal_compare(mcreds->server,creds->server)); } +/* only match the server name portion, not the server realm portion */ + +static krb5_boolean +srvname_match(mcreds, creds) +register const krb5_creds *mcreds, *creds; +{ + krb5_boolean retval; + retval = krb5_principal_compare(mcreds->client,creds->client); + if (retval != TRUE) + return retval; + return krb5_principal_compare(&(mcreds->server[1]),&(creds->server[1])); +} + static krb5_boolean authdata_match(mdata, data) register krb5_authdata * const *mdata, * const *data; diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index 0eac3bbe7..f04ec1f11 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -56,6 +56,20 @@ register const krb5_creds *mcreds, *creds; krb5_principal_compare(mcreds->server,creds->server)); } +/* only match the server name portion, not the server realm portion */ + +static krb5_boolean +srvname_match(mcreds, creds) +register const krb5_creds *mcreds, *creds; +{ + krb5_boolean retval; + retval = krb5_principal_compare(mcreds->client,creds->client); + if (retval != TRUE) + return retval; + return krb5_principal_compare(&(mcreds->server[1]),&(creds->server[1])); +} + + static krb5_boolean authdata_match(mdata, data) krb5_authdata *const *mdata, *const *data; @@ -123,7 +137,9 @@ krb5_scc_retrieve(id, whichfields, mcreds, creds) return kret; while ((kret = krb5_scc_next_cred(id, &cursor, &fetchcreds)) == KRB5_OK) { - if (standard_fields_match(mcreds, &fetchcreds) + if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && + srvname_match(mcreds, &fetchcreds)) || + standard_fields_match(mcreds, &fetchcreds)) && (! set(KRB5_TC_MATCH_IS_SKEY) || mcreds->is_skey == fetchcreds.is_skey) -- 2.26.2