diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-14 19:21:10 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-14 19:21:10 +0000 |
| commit | 5bb2b611b4e2f40abc4c15bc324892c88b39f55e (patch) | |
| tree | a54aeee493858254f89af5ab3f2500d967218fee | |
| parent | d227c2342a0daf8d5d42bb71a784731288a696ff (diff) | |
| download | krb5-5bb2b611b4e2f40abc4c15bc324892c88b39f55e.zip krb5-5bb2b611b4e2f40abc4c15bc324892c88b39f55e.tar.gz krb5-5bb2b611b4e2f40abc4c15bc324892c88b39f55e.tar.bz2 | |
KFW - Correct identity validation algorithm
Do not restrict the characters permitted in identity names
ticket: new
target_version: 1.4.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17557 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/windows/identity/include/khmsgtypes.h | 2 | ||||
| -rw-r--r-- | src/windows/identity/kcreddb/identity.c | 5 | ||||
| -rw-r--r-- | src/windows/identity/kcreddb/kcreddb.h | 3 |
3 files changed, 2 insertions, 8 deletions
diff --git a/src/windows/identity/include/khmsgtypes.h b/src/windows/identity/include/khmsgtypes.h index 9b63455..c2237ca 100644 --- a/src/windows/identity/include/khmsgtypes.h +++ b/src/windows/identity/include/khmsgtypes.h @@ -552,7 +552,7 @@ name to be validated will be in the \a name_src member. The
buffer will be NULL terminated with a maximum limit of
KCDB_IDENT_MAXCCH_NAME characters including the terminating
- NULL, consisting only of characters in KCDB_IDENT_VALID_CHARS
+ NULL.
The \a result member should be set to one of the following
depending on the result of the validation:
diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c index 896f723..e96c996 100644 --- a/src/windows/identity/kcreddb/identity.c +++ b/src/windows/identity/kcreddb/identity.c @@ -1146,8 +1146,6 @@ kcdb_identpro_validate_name(const wchar_t * name) before calling the identity provider */
if(FAILED(StringCchLength(name, KCDB_IDENT_MAXCCH_NAME, &cch)))
return KHM_ERROR_TOO_LONG;
- if(wcsspn(name, KCDB_IDENT_VALID_CHARS) != cch)
- return KHM_ERROR_INVALID_NAME;
EnterCriticalSection(&cs_ident);
if(kcdb_ident_sub != NULL) {
@@ -1218,8 +1216,7 @@ kcdb_identpro_canon_name( khm_size cch;
if(cb_name_out == 0 ||
- FAILED(StringCchLength(name_in, KCDB_IDENT_MAXCCH_NAME, &cch)) ||
- wcsspn(name_in, KCDB_IDENT_VALID_CHARS) != cch)
+ FAILED(StringCchLength(name_in, KCDB_IDENT_MAXCCH_NAME, &cch)))
return KHM_ERROR_INVALID_NAME;
EnterCriticalSection(&cs_ident);
diff --git a/src/windows/identity/kcreddb/kcreddb.h b/src/windows/identity/kcreddb/kcreddb.h index e1bbfb0..52ca980 100644 --- a/src/windows/identity/kcreddb/kcreddb.h +++ b/src/windows/identity/kcreddb/kcreddb.h @@ -99,9 +99,6 @@ Functions, macros etc. for manipulating identities. name */
#define KCDB_IDENT_MAXCB_NAME (sizeof(wchar_t) * KCDB_IDENT_MAXCCH_NAME)
-/*! \brief Valid characters in an identity name */
-#define KCDB_IDENT_VALID_CHARS L"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._@-/"
-
/*!
\name Flags for identities */
/*@{*/
|