BOOL kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2) { #if defined(HAVE_KRB5_C_ENCTYPE_COMPARE) krb5_boolean similar = 0; krb5_c_enctype_compare(context, enctype1, enctype2, &similar); return similar ? True : False; #elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS) return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False; #endif }
krb5_boolean KRB5_LIB_FUNCTION krb5_compare_creds(krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds) { krb5_boolean match = TRUE; if (match && mcreds->server) { if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) match = krb5_principal_compare_any_realm (context, mcreds->server, creds->server); else match = krb5_principal_compare (context, mcreds->server, creds->server); } if (match && mcreds->client) { if(whichfields & KRB5_TC_DONT_MATCH_REALM) match = krb5_principal_compare_any_realm (context, mcreds->client, creds->client); else match = krb5_principal_compare (context, mcreds->client, creds->client); } if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE)) match = krb5_enctypes_compatible_keys(context, mcreds->session.keytype, creds->session.keytype); if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT)) match = mcreds->flags.i == creds->flags.i; if (match && (whichfields & KRB5_TC_MATCH_FLAGS)) match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i; if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT)) match = krb5_times_equal(&mcreds->times, &creds->times); if (match && (whichfields & KRB5_TC_MATCH_TIMES)) /* compare only expiration times */ match = (mcreds->times.renew_till <= creds->times.renew_till) && (mcreds->times.endtime <= creds->times.endtime); if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) { unsigned int i; if(mcreds->authdata.len != creds->authdata.len) match = FALSE; else for(i = 0; match && i < mcreds->authdata.len; i++) match = (mcreds->authdata.val[i].ad_type == creds->authdata.val[i].ad_type) && krb5_data_equal(&mcreds->authdata.val[i].ad_data, &creds->authdata.val[i].ad_data); } if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT)) match = krb5_data_equal(&mcreds->second_ticket, &creds->second_ticket); if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY)) match = ((mcreds->second_ticket.length == 0) == (creds->second_ticket.length == 0)); return match; }