File krb5-1.6.3-case-insensitive.dif of Package krb5
Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h.orig
+++ src/include/k5-int.h
@@ -1253,6 +1253,11 @@ struct _krb5_context {
#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
+#ifdef __CI_PRINC__
+#define KRB5_LIBOPT_CASE_INSENSITIVE 0x0002
+#define KRB5_LIBOPT_RD_REQ_TRY_HOST_SPN 0x0004
+#endif
+
/* internal message representations */
typedef struct _krb5_safe {
Index: src/lib/krb5/krb/init_ctx.c
===================================================================
--- src/lib/krb5/krb/init_ctx.c.orig
+++ src/lib/krb5/krb/init_ctx.c
@@ -222,6 +222,16 @@ init_common (krb5_context *context, krb5
&tmp);
ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
+#ifdef __CI_PRINC__
+#define DEFAULT_CASE_SENSITIVE 1
+ profile_get_boolean(ctx->profile, "libdefaults",
+ "case_sensitive", 0, DEFAULT_CASE_SENSITIVE,
+ &tmp);
+ if (tmp == 0)
+ ctx->library_options |= KRB5_LIBOPT_CASE_INSENSITIVE;
+
+#endif /* __CI_PRINC__ */
+
/*
* We use a default file credentials cache of 3. See
* lib/krb5/krb/ccache/file/fcc.h for a description of the
Index: src/lib/krb5/krb/princ_comp.c
===================================================================
--- src/lib/krb5/krb/princ_comp.c.orig
+++ src/lib/krb5/krb/princ_comp.c
@@ -33,13 +33,35 @@
krb5_boolean KRB5_CALLCONV
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
{
+ krb5_boolean ret;
+
if ((princ1 == NULL) || (princ2 == NULL))
return FALSE;
if ((krb5_princ_realm(context, princ1) == NULL) ||
(krb5_princ_realm(context, princ2) == NULL))
return FALSE;
+#ifdef __CI_PRINC__
+ /* XXX this needs to be Unicode-aware */
+
+ if (krb5_princ_realm(context, princ1)->length !=
+ krb5_princ_realm(context, princ2)->length) {
+ /* NB this test won't be necessarily correct for UTF-8 */
+ return FALSE;
+ }
+
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE) {
+ ret = (strncasecmp (krb5_princ_realm(context, princ1)->data,
+ krb5_princ_realm(context, princ2)->data,
+ krb5_princ_realm(context, princ2)->length) == 0);
+ } else {
+ ret = (memcmp (krb5_princ_realm(context, princ1)->data,
+ krb5_princ_realm(context, princ2)->data,
+ krb5_princ_realm(context, princ2)->length) == 0);
+ }
+ return ret;
+#else
if (krb5_princ_realm(context, princ1)->length !=
krb5_princ_realm(context, princ2)->length ||
memcmp (krb5_princ_realm(context, princ1)->data,
@@ -48,6 +70,7 @@ krb5_realm_compare(krb5_context context,
return FALSE;
return TRUE;
+#endif /* __CI_PRINC__ */
}
krb5_boolean KRB5_CALLCONV
@@ -69,9 +92,25 @@ krb5_principal_compare(krb5_context cont
for (i = 0; i < (int) nelem; i++) {
register const krb5_data *p1 = krb5_princ_component(context, princ1, i);
register const krb5_data *p2 = krb5_princ_component(context, princ2, i);
+#ifdef __CI_PRINC__
+ /* XXX this needs to be Unicode-aware */
+ krb5_boolean ret;
+
+ if (p1->length != p2->length)
+ return FALSE;
+
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE)
+ ret = (strncasecmp(p1->data, p2->data, p1->length) == 0);
+ else
+ ret = (memcmp(p1->data, p2->data, p1->length) == 0);
+
+ if (ret == FALSE)
+ return ret;
+#else
if (p1->length != p2->length ||
memcmp(p1->data, p2->data, p1->length))
return FALSE;
+#endif /* __CI_PRINC__ */
}
return TRUE;
}
