diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-18 16:14:40 +0200 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2012-10-26 10:32:05 +0200 |
commit | 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 (patch) | |
tree | 720875032628182f533e990752eb94824d7ea24c /src/providers/krb5/krb5_common.c | |
parent | 7219ef88751bb05edd77629b8068330bb6d9b117 (diff) | |
download | sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.gz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.xz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.zip |
krb5_auth: check if principal belongs to a different realm
Add a flag if the principal used for authentication does not belong
to our realm. This can be used to act differently for users from other
realms.
Diffstat (limited to 'src/providers/krb5/krb5_common.c')
-rw-r--r-- | src/providers/krb5/krb5_common.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 006dac1ce..45f126f7b 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -881,3 +881,34 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, *_upn = upn; return EOK; } + +errno_t compare_principal_realm(const char *upn, const char *realm, + bool *different_realm) +{ + size_t upn_len; + size_t realm_len; + char *at_sign; + + if (upn == NULL || realm == NULL || different_realm == NULL) { + return EINVAL; + } + + upn_len = strlen(upn); + realm_len = strlen(realm); + at_sign = strchr(upn, '@'); + + /* if coming from the same realm the upn must be at least the size of the + * realm plus 1 for the '@' char. */ + if (upn_len == 0 || realm_len == 0 || upn_len <= realm_len + 1 || + at_sign == NULL) { + return EINVAL; + } + + if (strcmp(realm, at_sign + 1) == 0) { + *different_realm = false; + } else { + *different_realm = true; + } + + return EOK; +} |