root/source4/heimdal/lib/krb5/creds.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. krb5_free_creds_contents
  2. krb5_free_cred_contents
  3. krb5_copy_creds_contents
  4. krb5_copy_creds
  5. krb5_free_creds
  6. krb5_times_equal
  7. krb5_compare_creds
  8. krb5_creds_get_ticket_flags

   1 /*
   2  * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 #include "krb5_locl.h"
  35 
  36 RCSID("$Id$");
  37 
  38 #undef __attribute__
  39 #define __attribute__(X)
  40 
  41 #ifndef HEIMDAL_SMALLER
  42 
  43 /* keep this for compatibility with older code */
  44 krb5_error_code KRB5_LIB_FUNCTION
  45 krb5_free_creds_contents (krb5_context context, krb5_creds *c)
     /* [<][>][^][v][top][bottom][index][help] */
  46     __attribute__((deprecated))
  47 {
  48     return krb5_free_cred_contents (context, c);
  49 }
  50 
  51 #endif /* HEIMDAL_SMALLER */
  52 
  53 /**
  54  * Free content of krb5_creds.
  55  *
  56  * @param context Kerberos 5 context.
  57  * @param c krb5_creds to free.
  58  *
  59  * @return Returns 0 to indicate success. Otherwise an kerberos et
  60  * error code is returned, see krb5_get_error_message().
  61  *
  62  * @ingroup krb5
  63  */
  64 
  65 krb5_error_code KRB5_LIB_FUNCTION
  66 krb5_free_cred_contents (krb5_context context, krb5_creds *c)
     /* [<][>][^][v][top][bottom][index][help] */
  67 {
  68     krb5_free_principal (context, c->client);
  69     c->client = NULL;
  70     krb5_free_principal (context, c->server);
  71     c->server = NULL;
  72     krb5_free_keyblock_contents (context, &c->session);
  73     krb5_data_free (&c->ticket);
  74     krb5_data_free (&c->second_ticket);
  75     free_AuthorizationData (&c->authdata);
  76     krb5_free_addresses (context, &c->addresses);
  77     memset(c, 0, sizeof(*c));
  78     return 0;
  79 }
  80 
  81 /**
  82  * Copy content of krb5_creds.
  83  *
  84  * @param context Kerberos 5 context.
  85  * @param incred source credential
  86  * @param c destination credential, free with krb5_free_cred_contents().
  87  *
  88  * @return Returns 0 to indicate success. Otherwise an kerberos et
  89  * error code is returned, see krb5_get_error_message().
  90  *
  91  * @ingroup krb5
  92  */
  93 
  94 krb5_error_code KRB5_LIB_FUNCTION
  95 krb5_copy_creds_contents (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
  96                           const krb5_creds *incred,
  97                           krb5_creds *c)
  98 {
  99     krb5_error_code ret;
 100 
 101     memset(c, 0, sizeof(*c));
 102     ret = krb5_copy_principal (context, incred->client, &c->client);
 103     if (ret)
 104         goto fail;
 105     ret = krb5_copy_principal (context, incred->server, &c->server);
 106     if (ret)
 107         goto fail;
 108     ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session);
 109     if (ret)
 110         goto fail;
 111     c->times = incred->times;
 112     ret = krb5_data_copy (&c->ticket,
 113                           incred->ticket.data,
 114                           incred->ticket.length);
 115     if (ret)
 116         goto fail;
 117     ret = krb5_data_copy (&c->second_ticket,
 118                           incred->second_ticket.data,
 119                           incred->second_ticket.length);
 120     if (ret)
 121         goto fail;
 122     ret = copy_AuthorizationData(&incred->authdata, &c->authdata);
 123     if (ret)
 124         goto fail;
 125     ret = krb5_copy_addresses (context,
 126                                &incred->addresses,
 127                                &c->addresses);
 128     if (ret)
 129         goto fail;
 130     c->flags = incred->flags;
 131     return 0;
 132 
 133 fail:
 134     krb5_free_cred_contents (context, c);
 135     return ret;
 136 }
 137 
 138 /**
 139  * Copy krb5_creds.
 140  *
 141  * @param context Kerberos 5 context.
 142  * @param incred source credential
 143  * @param outcred destination credential, free with krb5_free_creds().
 144  *
 145  * @return Returns 0 to indicate success. Otherwise an kerberos et
 146  * error code is returned, see krb5_get_error_message().
 147  *
 148  * @ingroup krb5
 149  */
 150 
 151 krb5_error_code KRB5_LIB_FUNCTION
 152 krb5_copy_creds (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 153                  const krb5_creds *incred,
 154                  krb5_creds **outcred)
 155 {
 156     krb5_creds *c;
 157 
 158     c = malloc (sizeof (*c));
 159     if (c == NULL) {
 160         krb5_set_error_message (context, ENOMEM,
 161                                 N_("malloc: out of memory", ""));
 162         return ENOMEM;
 163     }
 164     memset (c, 0, sizeof(*c));
 165     *outcred = c;
 166     return krb5_copy_creds_contents (context, incred, c);
 167 }
 168 
 169 /**
 170  * Free krb5_creds.
 171  *
 172  * @param context Kerberos 5 context.
 173  * @param c krb5_creds to free.
 174  *
 175  * @return Returns 0 to indicate success. Otherwise an kerberos et
 176  * error code is returned, see krb5_get_error_message().
 177  *
 178  * @ingroup krb5
 179  */
 180 
 181 krb5_error_code KRB5_LIB_FUNCTION
 182 krb5_free_creds (krb5_context context, krb5_creds *c)
     /* [<][>][^][v][top][bottom][index][help] */
 183 {
 184     krb5_free_cred_contents (context, c);
 185     free (c);
 186     return 0;
 187 }
 188 
 189 /* XXX this do not belong here */
 190 static krb5_boolean
 191 krb5_times_equal(const krb5_times *a, const krb5_times *b)
     /* [<][>][^][v][top][bottom][index][help] */
 192 {
 193     return a->starttime == b->starttime &&
 194         a->authtime == b->authtime &&
 195         a->endtime == b->endtime &&
 196         a->renew_till == b->renew_till;
 197 }
 198 
 199 /**
 200  * Return TRUE if `mcreds' and `creds' are equal (`whichfields'
 201  * determines what equal means).
 202  *
 203  * @param context Kerberos 5 context.
 204  * @param whichfields which fields to compare.
 205  * @param mcreds cred to compare with.
 206  * @param creds cred to compare with.
 207  *
 208  * @return return TRUE if mcred and creds are equal, FALSE if not.
 209  *
 210  * @ingroup krb5
 211  */
 212 
 213 krb5_boolean KRB5_LIB_FUNCTION
 214 krb5_compare_creds(krb5_context context, krb5_flags whichfields,
     /* [<][>][^][v][top][bottom][index][help] */
 215                    const krb5_creds * mcreds, const krb5_creds * creds)
 216 {
 217     krb5_boolean match = TRUE;
 218 
 219     if (match && mcreds->server) {
 220         if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY))
 221             match = krb5_principal_compare_any_realm (context, mcreds->server,
 222                                                       creds->server);
 223         else
 224             match = krb5_principal_compare (context, mcreds->server,
 225                                             creds->server);
 226     }
 227 
 228     if (match && mcreds->client) {
 229         if(whichfields & KRB5_TC_DONT_MATCH_REALM)
 230             match = krb5_principal_compare_any_realm (context, mcreds->client,
 231                                                       creds->client);
 232         else
 233             match = krb5_principal_compare (context, mcreds->client,
 234                                             creds->client);
 235     }
 236         
 237     if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
 238         match = krb5_enctypes_compatible_keys(context,
 239                                               mcreds->session.keytype,
 240                                               creds->session.keytype);
 241 
 242     if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
 243         match = mcreds->flags.i == creds->flags.i;
 244 
 245     if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
 246         match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
 247 
 248     if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
 249         match = krb5_times_equal(&mcreds->times, &creds->times);
 250 
 251     if (match && (whichfields & KRB5_TC_MATCH_TIMES))
 252         /* compare only expiration times */
 253         match = (mcreds->times.renew_till <= creds->times.renew_till) &&
 254             (mcreds->times.endtime <= creds->times.endtime);
 255 
 256     if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
 257         unsigned int i;
 258         if(mcreds->authdata.len != creds->authdata.len)
 259             match = FALSE;
 260         else
 261             for(i = 0; match && i < mcreds->authdata.len; i++)
 262                 match = (mcreds->authdata.val[i].ad_type ==
 263                          creds->authdata.val[i].ad_type) &&
 264                     (krb5_data_cmp(&mcreds->authdata.val[i].ad_data,
 265                                    &creds->authdata.val[i].ad_data) == 0);
 266     }
 267     if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
 268         match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0);
 269 
 270     if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
 271         match = ((mcreds->second_ticket.length == 0) ==
 272                  (creds->second_ticket.length == 0));
 273 
 274     return match;
 275 }
 276 
 277 /**
 278  * Returns the ticket flags for the credentials in creds.
 279  * See also krb5_ticket_get_flags().
 280  *
 281  * @param creds credential to get ticket flags from
 282  *
 283  * @return ticket flags
 284  *
 285  * @ingroup krb5
 286  */
 287 
 288 unsigned long
 289 krb5_creds_get_ticket_flags(krb5_creds *creds)
     /* [<][>][^][v][top][bottom][index][help] */
 290 {
 291     return TicketFlags2int(creds->flags.b);
 292 }

/* [<][>][^][v][top][bottom][index][help] */