Use libunistring ulc_casecmp() on unicode strings

https://fedorahosted.org/freeipa/ticket/3772
author: Nathaniel McCallum <npmccallum@redhat.com> 2013-07-16 11:47:27 -0400
committer: Martin Kosek <mkosek@redhat.com> 2013-07-18 18:08:53 +0200
commit: 6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958 (patch)
tree: af840dd2272f89c4e4cb7ec00087c40b1c60f03e /daemons/ipa-kdb
parent: e95a7b1b8db9fb12c25fd371cac627352c5e93fb (diff)
download: freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.tar.gz
freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.tar.xz
freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.zip
4 files changed, 26 insertions, 7 deletions
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
index 13c455131..dc543dd56 100644
--- a/daemons/ipa-kdb/Makefile.am
+++ b/daemons/ipa-kdb/Makefile.am
@@ -50,6 +50,7 @@ ipadb_la_LIBADD = 		\
 	$(KRB5_LIBS)		\
 	$(LDAP_LIBS)		\
 	$(NDRPAC_LIBS)		\
+	$(UNISTRING_LIBS)	\
 	$(NULL)
 
 if HAVE_CHECK
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 54869d8f9..f7797c493 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -158,7 +158,7 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
                                       char *attrname, krb5_timestamp *result);
 
 int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
-                              char *attrname, char *value);
+                              char *attrname, const char *value);
 int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le,
                              LDAPDerefRes **results);
 
diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c
index e227602ea..112086b57 100644
--- a/daemons/ipa-kdb/ipa_kdb_common.c
+++ b/daemons/ipa-kdb/ipa_kdb_common.c
@@ -21,6 +21,7 @@
  */
 
 #include "ipa_kdb.h"
+#include <unicase.h>
 
 static struct timeval std_timeout = {300, 0};
 
@@ -518,20 +519,28 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
 }
 
 int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
-                              char *attrname, char *value)
+                              char *attrname, const char *value)
 {
     struct berval **vals;
     int ret = ENOENT;
-    int i;
+    int i, result;
 
     vals = ldap_get_values_len(lcontext, le, attrname);
     if (vals) {
         for (i = 0; vals[i]; i++) {
-            if (strcasecmp(vals[i]->bv_val, value) == 0) {
+            if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
+                            value, strlen(value),
+                            NULL, NULL, &result) != 0) {
+                ret = errno;
+                break;
+            }
+
+            if (result == 0) {
                 ret = 0;
                 break;
             }
         }
+
         ldap_value_free_len(vals);
     }
 
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3566e1ece..66d434a53 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -21,6 +21,7 @@
  */
 
 #include "ipa_kdb.h"
+#include <unicase.h>
 
 /*
  * During TGS request search by ipaKrbPrincipalName (case-insensitive)
@@ -614,7 +615,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
     bool found = false;
     LDAPMessage *le = NULL;
     struct berval **vals;
-    int i;
+    int i, result;
 
     ipactx = ipadb_get_context(kcontext);
     if (!ipactx) {
@@ -643,7 +644,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
             /* KDC will accept aliases when doing TGT lookup (ref_tgt_again in do_tgs_req.c */
             /* Use case-insensitive comparison in such cases */
             if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
-                found = (strcasecmp(vals[i]->bv_val, (*principal)) == 0);
+                if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
+                                (*principal), strlen(*principal),
+                                NULL, NULL, &result) != 0)
+                    return KRB5_KDB_INTERNAL_ERROR;
+                found = (result == 0);
             } else {
                 found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
             }
@@ -663,7 +668,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
 
         /* Again, if aliases are accepted by KDC, use case-insensitive comparison */
         if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
-            found = (strcasecmp(vals[0]->bv_val, (*principal)) == 0);
+            if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
+                            (*principal), strlen(*principal),
+                            NULL, NULL, &result) != 0)
+                return KRB5_KDB_INTERNAL_ERROR;
+            found = (result == 0);
         } else {
             found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
         }
author	Nathaniel McCallum <npmccallum@redhat.com>	2013-07-16 11:47:27 -0400
committer	Martin Kosek <mkosek@redhat.com>	2013-07-18 18:08:53 +0200
commit	6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958 (patch)
tree	af840dd2272f89c4e4cb7ec00087c40b1c60f03e /daemons/ipa-kdb
parent	e95a7b1b8db9fb12c25fd371cac627352c5e93fb (diff)
download	freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.tar.gz freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.tar.xz freeipa-6c0b7f3389a13d0fb86e5c3bd7d299a9e8629958.zip