[30278] in CVS-changelog-for-Kerberos-V5
krb5 commit: Modernize krb5int_cc_creds_match_request() style
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 27 18:19:45 2018
Date: Mon, 27 Aug 2018 18:19:33 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201808272219.w7RMJXLL011887@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/2bdfd7effd54e13d39ceaaa04fcf986bbc64adfd
commit 2bdfd7effd54e13d39ceaaa04fcf986bbc64adfd
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri Aug 3 00:45:43 2018 -0400
Modernize krb5int_cc_creds_match_request() style
src/lib/krb5/ccache/cc_retr.c | 105 +++++++++++++++++++----------------------
1 files changed, 49 insertions(+), 56 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c
index c835129..2c50c9c 100644
--- a/src/lib/krb5/ccache/cc_retr.c
+++ b/src/lib/krb5/ccache/cc_retr.c
@@ -30,9 +30,6 @@
#define KRB5_OK 0
-#define set(bits) (whichfields & bits)
-#define flags_match(a,b) (((a) & (b)) == (a))
-
static int
times_match_exact(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
{
@@ -58,30 +55,21 @@ times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
}
static krb5_boolean
-standard_fields_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds *creds)
+princs_match(krb5_context context, krb5_flags whichfields,
+ const krb5_creds *mcreds, const krb5_creds *creds)
{
- return (krb5_principal_compare(context, mcreds->client,creds->client)
- && krb5_principal_compare(context, mcreds->server,creds->server));
-}
+ krb5_principal_data princ;
-/* only match the server name portion, not the server realm portion */
-
-static krb5_boolean
-srvname_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds *creds)
-{
- krb5_boolean retval;
- krb5_principal_data p1, p2;
-
- retval = krb5_principal_compare(context, mcreds->client,creds->client);
- if (retval != TRUE)
- return retval;
- /*
- * Hack to ignore the server realm for the purposes of the compare.
- */
- p1 = *mcreds->server;
- p2 = *creds->server;
- p1.realm = p2.realm;
- return krb5_principal_compare(context, &p1, &p2);
+ if (!krb5_principal_compare(context, mcreds->client, creds->client))
+ return FALSE;
+ if (whichfields & KRB5_TC_MATCH_SRV_NAMEONLY) {
+ /* Ignore the server realm. */
+ princ = *mcreds->server;
+ princ.realm = creds->server->realm;
+ return krb5_principal_compare(context, &princ, creds->server);
+ } else {
+ return krb5_principal_compare(context, mcreds->server, creds->server);
+ }
}
static krb5_boolean
@@ -162,42 +150,47 @@ pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
*/
krb5_boolean
-krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
+krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields,
+ krb5_creds *mcreds, krb5_creds *creds)
{
+ krb5_boolean is_skey;
+
+ if (!princs_match(context, whichfields, mcreds, creds))
+ return FALSE;
+
/* Only match a user-to-user credential if explicitly asked for, since the
* ticket won't work as a regular service ticket. */
- if (! set(KRB5_TC_MATCH_IS_SKEY) && creds->is_skey)
+ is_skey = (whichfields & KRB5_TC_MATCH_IS_SKEY) ? mcreds->is_skey : FALSE;
+ if (creds->is_skey != is_skey)
return FALSE;
- if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
- srvname_match(context, mcreds, creds)) ||
- standard_fields_match(context, mcreds, creds))
- &&
- (! set(KRB5_TC_MATCH_IS_SKEY) ||
- mcreds->is_skey == creds->is_skey)
- &&
- (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
- mcreds->ticket_flags == creds->ticket_flags)
- &&
- (! set(KRB5_TC_MATCH_FLAGS) ||
- flags_match(mcreds->ticket_flags, creds->ticket_flags))
- &&
- (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
- times_match_exact(&mcreds->times, &creds->times))
- &&
- (! set(KRB5_TC_MATCH_TIMES) ||
- times_match(&mcreds->times, &creds->times))
- &&
- ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
- authdata_match(mcreds->authdata, creds->authdata))
- &&
- (! set(KRB5_TC_MATCH_2ND_TKT) ||
- data_match (&mcreds->second_ticket, &creds->second_ticket))
- &&
- ((! set(KRB5_TC_MATCH_KTYPE))||
- (mcreds->keyblock.enctype == creds->keyblock.enctype)))
- return TRUE;
- return FALSE;
+ if ((whichfields & KRB5_TC_MATCH_FLAGS_EXACT) &&
+ mcreds->ticket_flags != creds->ticket_flags)
+ return FALSE;
+ if ((whichfields & KRB5_TC_MATCH_FLAGS) &&
+ (creds->ticket_flags & mcreds->ticket_flags) != mcreds->ticket_flags)
+ return FALSE;
+
+ if ((whichfields & KRB5_TC_MATCH_TIMES_EXACT) &&
+ !times_match_exact(&mcreds->times, &creds->times))
+ return FALSE;
+ if ((whichfields & KRB5_TC_MATCH_TIMES) &&
+ !times_match(&mcreds->times, &creds->times))
+ return FALSE;
+
+ if ((whichfields & KRB5_TC_MATCH_AUTHDATA) &&
+ !authdata_match(mcreds->authdata, creds->authdata))
+ return FALSE;
+
+ if ((whichfields & KRB5_TC_MATCH_2ND_TKT) &&
+ !data_match(&mcreds->second_ticket, &creds->second_ticket))
+ return FALSE;
+
+ if ((whichfields & KRB5_TC_MATCH_KTYPE) &&
+ mcreds->keyblock.enctype != creds->keyblock.enctype)
+ return FALSE;
+
+ return TRUE;
}
static krb5_error_code
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
