krb5/krb/princ_comp.c

	princ_comp.c revision 2
4bff34e37def8a90f9194d81bc345c52ba20086athurlow/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
4bff34e37def8a90f9194d81bc345c52ba20086athurlow/*
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * lib/krb5/krb/princ_comp.c
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * All Rights Reserved.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * Export of this software from the United States of America may
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *   require a specific license from the United States Government.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *   It is the responsibility of any person or organization contemplating
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *   export to obtain such a license before exporting.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * distribute this software and its documentation for any purpose and
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * without fee is hereby granted, provided that the above copyright
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * notice appear in all copies and that both that copyright notice and
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * this permission notice appear in supporting documentation, and that
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * the name of M.I.T. not be used in advertising or publicity pertaining
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * to distribution of the software without specific, written prior
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * permission.  Furthermore if you modify this software you must label
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * your software as modified software and not distribute it in such a
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * fashion that it might be confused with the original M.I.T. software.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * M.I.T. makes no representations about the suitability of
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * this software for any purpose.  It is provided "as is" without express
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * or implied warranty.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow *
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * compare two principals, returning a krb5_boolean true if equal, false if
4bff34e37def8a90f9194d81bc345c52ba20086athurlow * not.
4bff34e37def8a90f9194d81bc345c52ba20086athurlow */
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include "k5-int.h"
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include "k5-unicode.h"
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Rossstatic krb5_boolean
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Rossrealm_compare_flags(krb5_context context,
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross                    krb5_const_principal princ1,
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross                    krb5_const_principal princ2,
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross                    int flags)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    const krb5_data *realm1 = krb5_princ_realm(context, princ1);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    const krb5_data *realm2 = krb5_princ_realm(context, princ2);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (realm1->length != realm2->length)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        return FALSE;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ?
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) :
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        (memcmp(realm1->data, realm2->data, realm2->length) == 0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_boolean KRB5_CALLCONV
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Rosskrb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return realm_compare_flags(context, princ1, princ2, 0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Rossstatic krb5_error_code
4bff34e37def8a90f9194d81bc345c52ba20086athurlowupn_to_principal(krb5_context context,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                 krb5_const_principal princ,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                 krb5_principal *upn)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    char *unparsed_name;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    krb5_error_code code;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    code = krb5_unparse_name_flags(context, princ,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                                   KRB5_PRINCIPAL_UNPARSE_NO_REALM,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                                   &unparsed_name);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (code) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        *upn = NULL;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        return code;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    }
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    code = krb5_parse_name(context, unparsed_name, upn);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    free(unparsed_name);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return code;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_boolean KRB5_CALLCONV
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_principal_compare_flags(krb5_context context,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                             krb5_const_principal princ1,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                             krb5_const_principal princ2,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                             int flags)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    register int i;
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross    krb5_int32 nelem;
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross    unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    krb5_principal upn1 = NULL;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    krb5_principal upn2 = NULL;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    krb5_boolean ret = FALSE;
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross    if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross        /* Treat UPNs as if they were real principals */
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross        if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            if (upn_to_principal(context, princ1, &upn1) == 0)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                princ1 = upn1;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        }
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            if (upn_to_principal(context, princ2, &upn2) == 0)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                princ2 = upn2;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        }
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    }
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    nelem = krb5_princ_size(context, princ1);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (nelem != krb5_princ_size(context, princ2))
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        goto out;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 &&
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        !realm_compare_flags(context, princ1, princ2, flags))
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        goto out;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    for (i = 0; i < (int) nelem; i++) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        const krb5_data *p1 = krb5_princ_component(context, princ1, i);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        const krb5_data *p2 = krb5_princ_component(context, princ2, i);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        krb5_boolean eq;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        if (casefold) {
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            if (utf8)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            else
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                eq = (p1->length == p2->length
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                      && strncasecmp(p1->data, p2->data, p2->length) == 0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        } else
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            eq = data_eq(*p1, *p2);
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        if (!eq)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow            goto out;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    }
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross    ret = TRUE;
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Ross
9c9af2590af49bb395bc8d2eace0f2d4ea16d165Gordon Rossout:
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (upn1 != NULL)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        krb5_free_principal(context, upn1);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (upn2 != NULL)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        krb5_free_principal(context, upn2);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return ret;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    /*
4bff34e37def8a90f9194d81bc345c52ba20086athurlow     * Check for a match with KRB5_REFERRAL_REALM.  Currently this relies
4bff34e37def8a90f9194d81bc345c52ba20086athurlow     * on that string constant being zero-length.  (Unlike principal realm
4bff34e37def8a90f9194d81bc345c52ba20086athurlow     * names, KRB5_REFERRAL_REALM is known to be a string.)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow     */
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#ifdef DEBUG_REFERRALS
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#if 0
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
4bff34e37def8a90f9194d81bc345c52ba20086athurlow           r->data,(r->length==0)?"true":"false");
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#endif
4bff34e37def8a90f9194d81bc345c52ba20086athurlow#endif
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    assert(strlen(KRB5_REFERRAL_REALM)==0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    if (r->length==0)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        return TRUE;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    else
4bff34e37def8a90f9194d81bc345c52ba20086athurlow        return FALSE;
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_boolean KRB5_CALLCONV
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_principal_compare(krb5_context context,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                       krb5_const_principal princ1,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                       krb5_const_principal princ2)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return krb5_principal_compare_flags(context, princ1, princ2, 0);
4bff34e37def8a90f9194d81bc345c52ba20086athurlow}
4bff34e37def8a90f9194d81bc345c52ba20086athurlow
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_boolean KRB5_CALLCONV
4bff34e37def8a90f9194d81bc345c52ba20086athurlowkrb5_principal_compare_any_realm(krb5_context context,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                                 krb5_const_principal princ1,
4bff34e37def8a90f9194d81bc345c52ba20086athurlow                                 krb5_const_principal princ2)
4bff34e37def8a90f9194d81bc345c52ba20086athurlow{
4bff34e37def8a90f9194d81bc345c52ba20086athurlow    return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM);
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross}
613a2f6ba31e891e3d947a356daf5e563d43c1ceGordon Ross