attached
From c3216dc6e35a0000b2be96d1e0b9c9ff536e2340 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Tue, 16 Jul 2013 11:47:27 -0400
Subject: [PATCH] Use libunistring ulc_casecmp() on unicode strings

https://fedorahosted.org/freeipa/ticket/3772
---
 daemons/configure.ac                 | 10 ++++++++++
 daemons/ipa-kdb/Makefile.am          |  1 +
 daemons/ipa-kdb/ipa_kdb.h            |  2 +-
 daemons/ipa-kdb/ipa_kdb_common.c     | 15 ++++++++++++---
 daemons/ipa-kdb/ipa_kdb_principals.c | 15 ++++++++++++---
 5 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/daemons/configure.ac b/daemons/configure.ac
index 8219f2c53eb5e940883dd2ffe25ca85cf83dd78b..a1211f39079925e2706e490c012199b20cf487e8 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -190,6 +190,16 @@ AC_CHECK_LIB([pdb],[pdb_enum_upn_suffixes],
              [$SAMBA40EXTRA_LIBPATH])
 
 dnl ---------------------------------------------------------------------------
+dnl Check for libunistring
+dnl ---------------------------------------------------------------------------
+AC_CHECK_HEADERS([unicase.h],,AC_MSG_ERROR([Could not find unicase.h]))
+AC_CHECK_LIB([unistring],
+             [ulc_casecmp],
+             [UNISTRING_LIBS="-lunistring"],
+             [AC_MSG_ERROR([libunistring does not have ulc_casecmp])])
+AC_SUBST(UNISTRING_LIBS)
+
+dnl ---------------------------------------------------------------------------
 dnl Check for libverto
 dnl ---------------------------------------------------------------------------
 PKG_CHECK_MODULES([LIBVERTO], [libverto])
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
index 13c4551318c7997397d0d83c51a0ffb99490e926..dc543dd56e5c1c094bc7356febea8c8362b94aa2 100644
--- a/daemons/ipa-kdb/Makefile.am
+++ b/daemons/ipa-kdb/Makefile.am
@@ -50,6 +50,7 @@ ipadb_la_LIBADD = 		\
 	$(KRB5_LIBS)		\
 	$(LDAP_LIBS)		\
 	$(NDRPAC_LIBS)		\
+	$(UNISTRING_LIBS)	\
 	$(NULL)
 
 if HAVE_CHECK
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 54869d8f9f19b7e19d03a5020782064d36aeadd3..f7797c493715d540f079ba3888e004418cdc19de 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -158,7 +158,7 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
                                       char *attrname, krb5_timestamp *result);
 
 int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
-                              char *attrname, char *value);
+                              char *attrname, const char *value);
 int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le,
                              LDAPDerefRes **results);
 
diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c
index e227602ea081cc155bfffb80d2fb1758a66fa9a5..112086b57c9f83895589538b5494ae81fb14a948 100644
--- a/daemons/ipa-kdb/ipa_kdb_common.c
+++ b/daemons/ipa-kdb/ipa_kdb_common.c
@@ -21,6 +21,7 @@
  */
 
 #include "ipa_kdb.h"
+#include <unicase.h>
 
 static struct timeval std_timeout = {300, 0};
 
@@ -518,20 +519,28 @@ int ipadb_ldap_attr_to_krb5_timestamp(LDAP *lcontext, LDAPMessage *le,
 }
 
 int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le,
-                              char *attrname, char *value)
+                              char *attrname, const char *value)
 {
     struct berval **vals;
     int ret = ENOENT;
-    int i;
+    int i, result;
 
     vals = ldap_get_values_len(lcontext, le, attrname);
     if (vals) {
         for (i = 0; vals[i]; i++) {
-            if (strcasecmp(vals[i]->bv_val, value) == 0) {
+            if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
+                            value, strlen(value),
+                            NULL, NULL, &result) != 0) {
+                ret = errno;
+                break;
+            }
+
+            if (result == 0) {
                 ret = 0;
                 break;
             }
         }
+
         ldap_value_free_len(vals);
     }
 
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3566e1ece897d79ced0f18a27c7acaaa64c83544..66d434a531b478dfff42dd7d389bc04ed72bad50 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -21,6 +21,7 @@
  */
 
 #include "ipa_kdb.h"
+#include <unicase.h>
 
 /*
  * During TGS request search by ipaKrbPrincipalName (case-insensitive)
@@ -614,7 +615,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
     bool found = false;
     LDAPMessage *le = NULL;
     struct berval **vals;
-    int i;
+    int i, result;
 
     ipactx = ipadb_get_context(kcontext);
     if (!ipactx) {
@@ -643,7 +644,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
             /* KDC will accept aliases when doing TGT lookup (ref_tgt_again in do_tgs_req.c */
             /* Use case-insensitive comparison in such cases */
             if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
-                found = (strcasecmp(vals[i]->bv_val, (*principal)) == 0);
+                if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
+                                (*principal), strlen(*principal),
+                                NULL, NULL, &result) != 0)
+                    return KRB5_KDB_INTERNAL_ERROR;
+                found = (result == 0);
             } else {
                 found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
             }
@@ -663,7 +668,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
 
         /* Again, if aliases are accepted by KDC, use case-insensitive comparison */
         if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
-            found = (strcasecmp(vals[0]->bv_val, (*principal)) == 0);
+            if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
+                            (*principal), strlen(*principal),
+                            NULL, NULL, &result) != 0)
+                return KRB5_KDB_INTERNAL_ERROR;
+            found = (result == 0);
         } else {
             found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
         }
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to