mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Use libunistring ulc_casecmp() on unicode strings
https://fedorahosted.org/freeipa/ticket/3772
This commit is contained in:
Nathaniel McCallum
committed by
Martin Kosek
Martin Kosek
parent
e95a7b1b8d
commit
6c0b7f3389
@@ -178,6 +178,16 @@ AC_CHECK_LIB([pdb],[pdb_enum_upn_suffixes],
|
|||||||
[AC_MSG_WARN([libpdb does not have pdb_enum_upn_suffixes, no support for realm domains in ipasam])],
|
[AC_MSG_WARN([libpdb does not have pdb_enum_upn_suffixes, no support for realm domains in ipasam])],
|
||||||
[$SAMBA40EXTRA_LIBPATH])
|
[$SAMBA40EXTRA_LIBPATH])
|
||||||
|
|
||||||
|
dnl ---------------------------------------------------------------------------
|
||||||
|
dnl Check for libunistring
|
||||||
|
dnl ---------------------------------------------------------------------------
|
||||||
|
AC_CHECK_HEADERS([unicase.h],,AC_MSG_ERROR([Could not find unicase.h]))
|
||||||
|
AC_CHECK_LIB([unistring],
|
||||||
|
[ulc_casecmp],
|
||||||
|
[UNISTRING_LIBS="-lunistring"],
|
||||||
|
[AC_MSG_ERROR([libunistring does not have ulc_casecmp])])
|
||||||
|
AC_SUBST(UNISTRING_LIBS)
|
||||||
|
|
||||||
dnl ---------------------------------------------------------------------------
|
dnl ---------------------------------------------------------------------------
|
||||||
dnl Check for libverto
|
dnl Check for libverto
|
||||||
dnl ---------------------------------------------------------------------------
|
dnl ---------------------------------------------------------------------------
|
||||||
|
|||||||
@@ -50,6 +50,7 @@ ipadb_la_LIBADD = \
|
|||||||
$(KRB5_LIBS) \
|
$(KRB5_LIBS) \
|
||||||
$(LDAP_LIBS) \
|
$(LDAP_LIBS) \
|
||||||
$(NDRPAC_LIBS) \
|
$(NDRPAC_LIBS) \
|
||||||
|
$(UNISTRING_LIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
if HAVE_CHECK
|
if HAVE_CHECK
|
||||||
|
|||||||
@@ -158,7 +158,7 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
|
|||||||
char *attrname, krb5_timestamp *result);
|
char *attrname, krb5_timestamp *result);
|
||||||
|
|
||||||
int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
|
int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
|
||||||
char *attrname, char *value);
|
char *attrname, const char *value);
|
||||||
int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le,
|
int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le,
|
||||||
LDAPDerefRes **results);
|
LDAPDerefRes **results);
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "ipa_kdb.h"
|
#include "ipa_kdb.h"
|
||||||
|
#include <unicase.h>
|
||||||
|
|
||||||
static struct timeval std_timeout = {300, 0};
|
static struct timeval std_timeout = {300, 0};
|
||||||
|
|
||||||
@@ -518,20 +519,28 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
|
int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
|
||||||
char *attrname, char *value)
|
char *attrname, const char *value)
|
||||||
{
|
{
|
||||||
struct berval **vals;
|
struct berval **vals;
|
||||||
int ret = ENOENT;
|
int ret = ENOENT;
|
||||||
int i;
|
int i, result;
|
||||||
|
|
||||||
vals = ldap_get_values_len(lcontext, le, attrname);
|
vals = ldap_get_values_len(lcontext, le, attrname);
|
||||||
if (vals) {
|
if (vals) {
|
||||||
for (i = 0; vals[i]; i++) {
|
for (i = 0; vals[i]; i++) {
|
||||||
if (strcasecmp(vals[i]->bv_val, value) == 0) {
|
if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
|
||||||
|
value, strlen(value),
|
||||||
|
NULL, NULL, &result) != 0) {
|
||||||
|
ret = errno;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (result == 0) {
|
||||||
ret = 0;
|
ret = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap_value_free_len(vals);
|
ldap_value_free_len(vals);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "ipa_kdb.h"
|
#include "ipa_kdb.h"
|
||||||
|
#include <unicase.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* During TGS request search by ipaKrbPrincipalName (case-insensitive)
|
* During TGS request search by ipaKrbPrincipalName (case-insensitive)
|
||||||
@@ -614,7 +615,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|||||||
bool found = false;
|
bool found = false;
|
||||||
LDAPMessage *le = NULL;
|
LDAPMessage *le = NULL;
|
||||||
struct berval **vals;
|
struct berval **vals;
|
||||||
int i;
|
int i, result;
|
||||||
|
|
||||||
ipactx = ipadb_get_context(kcontext);
|
ipactx = ipadb_get_context(kcontext);
|
||||||
if (!ipactx) {
|
if (!ipactx) {
|
||||||
@@ -643,7 +644,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|||||||
/* KDC will accept aliases when doing TGT lookup (ref_tgt_again in do_tgs_req.c */
|
/* KDC will accept aliases when doing TGT lookup (ref_tgt_again in do_tgs_req.c */
|
||||||
/* Use case-insensitive comparison in such cases */
|
/* Use case-insensitive comparison in such cases */
|
||||||
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
|
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
|
||||||
found = (strcasecmp(vals[i]->bv_val, (*principal)) == 0);
|
if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
|
||||||
|
(*principal), strlen(*principal),
|
||||||
|
NULL, NULL, &result) != 0)
|
||||||
|
return KRB5_KDB_INTERNAL_ERROR;
|
||||||
|
found = (result == 0);
|
||||||
} else {
|
} else {
|
||||||
found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
|
found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
|
||||||
}
|
}
|
||||||
@@ -663,7 +668,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|||||||
|
|
||||||
/* Again, if aliases are accepted by KDC, use case-insensitive comparison */
|
/* Again, if aliases are accepted by KDC, use case-insensitive comparison */
|
||||||
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
|
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
|
||||||
found = (strcasecmp(vals[0]->bv_val, (*principal)) == 0);
|
if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
|
||||||
|
(*principal), strlen(*principal),
|
||||||
|
NULL, NULL, &result) != 0)
|
||||||
|
return KRB5_KDB_INTERNAL_ERROR;
|
||||||
|
found = (result == 0);
|
||||||
} else {
|
} else {
|
||||||
found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
|
found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -71,6 +71,7 @@ BuildRequires: libsss_nss_idmap-devel
|
|||||||
BuildRequires: java-1.7.0-openjdk
|
BuildRequires: java-1.7.0-openjdk
|
||||||
BuildRequires: libverto-devel
|
BuildRequires: libverto-devel
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
|
BuildRequires: libunistring-devel
|
||||||
|
|
||||||
# Find out Kerberos middle version to infer ABI changes in DAL driver
|
# Find out Kerberos middle version to infer ABI changes in DAL driver
|
||||||
# We cannot load DAL driver into KDC with wrong ABI.
|
# We cannot load DAL driver into KDC with wrong ABI.
|
||||||
|
|||||||
Reference in New Issue
Block a user