summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-14 16:29:14 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-11-20 08:19:57 +0100
commitb7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2 (patch)
treee298e118943687f80d4feb05014c9d0f1dea363b
parent59ca512252880938ebd978f361740392d4b1e126 (diff)
downloadsssd-b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2.tar.gz
sssd-b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2.tar.xz
sssd-b7cb82d8d2b4c79071bb2d3e2e0c2086d4ae2ec2.zip
Fix compare_principal_realm() check
In case of a short UPN compare_principal_realm() erroneously returns an error.
-rw-r--r--src/providers/krb5/krb5_common.c12
-rw-r--r--src/tests/krb5_utils-tests.c6
2 files changed, 9 insertions, 9 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index ee3d72525..ed2fffae1 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -898,22 +898,16 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
errno_t compare_principal_realm(const char *upn, const char *realm,
bool *different_realm)
{
- size_t upn_len;
- size_t realm_len;
char *at_sign;
- if (upn == NULL || realm == NULL || different_realm == NULL) {
+ if (upn == NULL || realm == NULL || different_realm == NULL ||
+ *upn == '\0' || *realm == '\0') {
return EINVAL;
}
- upn_len = strlen(upn);
- realm_len = strlen(realm);
at_sign = strchr(upn, '@');
- /* if coming from the same realm the upn must be at least the size of the
- * realm plus 1 for the '@' char. */
- if (upn_len == 0 || realm_len == 0 || upn_len <= realm_len + 1 ||
- at_sign == NULL) {
+ if (at_sign == NULL) {
return EINVAL;
}
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index fe5d8423f..112b4fab6 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -711,6 +711,12 @@ START_TEST(test_compare_principal_realm)
fail_unless(ret == EOK, "Failure with different realm");
fail_unless(different_realm == true, "Different realm but " \
"different_realm is not true.");
+
+ ret = compare_principal_realm("user@ABC", "REALMNAMELONGERTHANUPN",
+ &different_realm);
+ fail_unless(ret == EOK, "Failure with long realm name.");
+ fail_unless(different_realm == true, "Realm name longer than UPN but "
+ "different_realm is not true.");
}
END_TEST