1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/princ_comp.c - Compare two principals for equality */
4 * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
28 #include "k5-unicode.h"
31 realm_compare_flags(krb5_context context,
32 krb5_const_principal princ1,
33 krb5_const_principal princ2,
36 const krb5_data *realm1 = krb5_princ_realm(context, princ1);
37 const krb5_data *realm2 = krb5_princ_realm(context, princ2);
39 if (realm1->length != realm2->length)
42 return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ?
43 (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) :
44 (memcmp(realm1->data, realm2->data, realm2->length) == 0);
47 krb5_boolean KRB5_CALLCONV
48 krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
50 return realm_compare_flags(context, princ1, princ2, 0);
53 static krb5_error_code
54 upn_to_principal(krb5_context context,
55 krb5_const_principal princ,
61 code = krb5_unparse_name_flags(context, princ,
62 KRB5_PRINCIPAL_UNPARSE_NO_REALM,
69 code = krb5_parse_name(context, unparsed_name, upn);
76 krb5_boolean KRB5_CALLCONV
77 krb5_principal_compare_flags(krb5_context context,
78 krb5_const_principal princ1,
79 krb5_const_principal princ2,
84 unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0;
85 unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0;
86 krb5_principal upn1 = NULL;
87 krb5_principal upn2 = NULL;
88 krb5_boolean ret = FALSE;
90 if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
91 /* Treat UPNs as if they were real principals */
92 if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
93 if (upn_to_principal(context, princ1, &upn1) == 0)
96 if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
97 if (upn_to_principal(context, princ2, &upn2) == 0)
102 nelem = krb5_princ_size(context, princ1);
103 if (nelem != krb5_princ_size(context, princ2))
106 if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 &&
107 !realm_compare_flags(context, princ1, princ2, flags))
110 for (i = 0; i < (int) nelem; i++) {
111 const krb5_data *p1 = krb5_princ_component(context, princ1, i);
112 const krb5_data *p2 = krb5_princ_component(context, princ2, i);
117 eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0);
119 eq = (p1->length == p2->length
120 && strncasecmp(p1->data, p2->data, p2->length) == 0);
122 eq = data_eq(*p1, *p2);
132 krb5_free_principal(context, upn1);
134 krb5_free_principal(context, upn2);
139 krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
142 * Check for a match with KRB5_REFERRAL_REALM. Currently this relies
143 * on that string constant being zero-length. (Unlike principal realm
144 * names, KRB5_REFERRAL_REALM is known to be a string.)
146 assert(strlen(KRB5_REFERRAL_REALM)==0);
153 krb5_boolean KRB5_CALLCONV
154 krb5_principal_compare(krb5_context context,
155 krb5_const_principal princ1,
156 krb5_const_principal princ2)
158 return krb5_principal_compare_flags(context, princ1, princ2, 0);
161 krb5_boolean KRB5_CALLCONV
162 krb5_principal_compare_any_realm(krb5_context context,
163 krb5_const_principal princ1,
164 krb5_const_principal princ2)
166 return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM);