diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/principal.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/principal.c | 93 |
1 files changed, 77 insertions, 16 deletions
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 2999868..7be1d93 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -38,9 +38,10 @@ #ifdef HAVE_ARPA_NAMESER_H #include <arpa/nameser.h> #endif +#include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.63 2000/02/07 03:19:05 assar Exp $"); +RCSID("$Id: principal.c,v 1.73 2000/10/16 03:42:14 assar Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -494,6 +495,9 @@ krb5_copy_principal(krb5_context context, return 0; } +/* + * return TRUE iff princ1 == princ2 (without considering the realm) + */ krb5_boolean krb5_principal_compare_any_realm(krb5_context context, @@ -510,6 +514,10 @@ krb5_principal_compare_any_realm(krb5_context context, return TRUE; } +/* + * return TRUE iff princ1 == princ2 + */ + krb5_boolean krb5_principal_compare(krb5_context context, krb5_const_principal princ1, @@ -520,6 +528,9 @@ krb5_principal_compare(krb5_context context, return krb5_principal_compare_any_realm(context, princ1, princ2); } +/* + * return TRUE iff realm(princ1) == realm(princ2) + */ krb5_boolean krb5_realm_compare(krb5_context context, @@ -529,22 +540,52 @@ krb5_realm_compare(krb5_context context, return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0; } +/* + * return TRUE iff princ matches pattern + */ + +krb5_boolean +krb5_principal_match(krb5_context context, + krb5_const_principal princ, + krb5_const_principal pattern) +{ + int i; + if(princ_num_comp(princ) != princ_num_comp(pattern)) + return FALSE; + if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0) + return FALSE; + for(i = 0; i < princ_num_comp(princ); i++){ + if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0) + return FALSE; + } + return TRUE; +} + + struct v4_name_convert { const char *from; const char *to; } default_v4_name_convert[] = { - { "ftp", "ftp" }, - { "hprop", "hprop" }, - { "pop", "pop" }, - { "rcmd", "host" }, + { "ftp", "ftp" }, + { "hprop", "hprop" }, + { "pop", "pop" }, + { "imap", "imap" }, + { "rcmd", "host" }, { NULL, NULL } }; +/* + * return the converted instance name of `name' in `realm'. + * look in the configuration file and then in the default set above. + * return NULL if no conversion is appropriate. + */ + static const char* get_name_conversion(krb5_context context, const char *realm, const char *name) { struct v4_name_convert *q; const char *p; + p = krb5_config_get_string(context, NULL, "realms", realm, "v4_name_convert", "host", name, NULL); if(p == NULL) @@ -577,6 +618,12 @@ get_name_conversion(krb5_context context, const char *realm, const char *name) return NULL; } +/* + * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'. + * if `resolve', use DNS. + * if `func', use that function for validating the conversion + */ + krb5_error_code krb5_425_conv_principal_ext(krb5_context context, const char *name, @@ -589,7 +636,7 @@ krb5_425_conv_principal_ext(krb5_context context, const char *p; krb5_error_code ret; krb5_principal pr; - char host[128]; + char host[MAXHOSTNAMELEN]; /* do the following: if the name is found in the `v4_name_convert:host' part, is is assumed to be a `host' type @@ -635,7 +682,17 @@ krb5_425_conv_principal_ext(krb5_context context, inst = hp->h_name; #endif if(inst) { - ret = krb5_make_principal(context, &pr, realm, name, inst, NULL); + char *low_inst = strdup(inst); + + if (low_inst == NULL) { +#ifdef USE_RESOLVER + dns_free_data(r); +#endif + return ENOMEM; + } + ret = krb5_make_principal(context, &pr, realm, name, low_inst, + NULL); + free (low_inst); if(ret == 0) { if(func == NULL || (*func)(context, pr)){ *princ = pr; @@ -673,8 +730,7 @@ krb5_425_conv_principal_ext(krb5_context context, p = krb5_config_get_string(context, NULL, "realms", realm, "default_domain", NULL); if(p == NULL){ - /* should this be an error or should it silently - succeed? */ + /* this should be an error, just faking a name is not good */ return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -801,6 +857,13 @@ name_convert(krb5_context context, const char *name, const char *realm, return -1; } +/* + * convert the v5 principal in `principal' into a v4 corresponding one + * in `name, instance, realm' + * this is limited interface since there's no length given for these + * three parameters. They have to be 40 bytes each (ANAME_SZ). + */ + krb5_error_code krb5_524_conv_principal(krb5_context context, const krb5_principal principal, @@ -811,6 +874,7 @@ krb5_524_conv_principal(krb5_context context, const char *n, *i, *r; char tmpinst[40]; int type = princ_type(principal); + const int aname_sz = 40; r = principal->realm; @@ -846,15 +910,12 @@ krb5_524_conv_principal(krb5_context context, i = tmpinst; } - if(strlen(r) >= 40) + if (strlcpy (name, n, aname_sz) >= aname_sz) return KRB5_PARSE_MALFORMED; - if(strlen(n) >= 40) + if (strlcpy (instance, i, aname_sz) >= aname_sz) return KRB5_PARSE_MALFORMED; - if(strlen(i) >= 40) + if (strlcpy (realm, r, aname_sz) >= aname_sz) return KRB5_PARSE_MALFORMED; - strcpy(realm, r); - strcpy(name, n); - strcpy(instance, i); return 0; } @@ -870,7 +931,7 @@ krb5_sname_to_principal (krb5_context context, krb5_principal *ret_princ) { krb5_error_code ret; - char localhost[128]; + char localhost[MAXHOSTNAMELEN]; char **realms, *host = NULL; if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) |