From af00fb734a0197d485f0c8d2dab4cb530045c1e3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mar 04 2017 00:32:49 +0000
Subject: Add utility function to compare gssx_creds


This is not a full comparison, just enough to detect if creds have
changed in an acquire_cred loop to a proxy.

Signed-off-by: Simo Sorce <simo@redhat.com>
[rharwood@redhat.com: style fixups, language in comment]
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

---

diff --git a/src/mechglue/gpp_creds.c b/src/mechglue/gpp_creds.c
index 2103156..42d21c5 100644
--- a/src/mechglue/gpp_creds.c
+++ b/src/mechglue/gpp_creds.c
@@ -85,6 +85,57 @@ uint32_t gpp_cred_handle_free(uint32_t *min, struct gpp_cred_handle *handle)
     return maj;
 }
 
+/* NOTE: currently the only things we check for are the cred name and the
+ * cred_handle_reference.  We do NOT check each cred element beyond that they
+ * match in number */
+bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b)
+{
+    gssx_buffer *ta;
+    gssx_buffer *tb;
+
+    if (!a && !b) {
+        return true;
+    } else if (!a || !b) {
+        return false;
+    }
+
+    ta = &a->desired_name.display_name;
+    tb = &b->desired_name.display_name;
+    if (ta->octet_string_len != tb->octet_string_len) {
+        return false;
+    } else if (!ta->octet_string_val && tb->octet_string_val) {
+        return false;
+    } else if (ta->octet_string_val) {
+        if (!tb->octet_string_val) {
+            return false;
+        } else if (memcmp(ta->octet_string_val, tb->octet_string_val,
+                   ta->octet_string_len) != 0) {
+            return false;
+        }
+    }
+
+    if (a->elements.elements_len != b->elements.elements_len) {
+        return false;
+    }
+
+    ta = &a->cred_handle_reference;
+    tb = &b->cred_handle_reference;
+    if (ta->octet_string_len != tb->octet_string_len) {
+        return false;
+    } else if (!ta->octet_string_val && tb->octet_string_val) {
+        return false;
+    } else if (ta->octet_string_val) {
+        if (!tb->octet_string_val) {
+            return false;
+        } else if (memcmp(ta->octet_string_val, tb->octet_string_val,
+                   ta->octet_string_len) != 0) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
 uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
                                 gss_const_key_value_set_t cred_store,
                                 gssx_cred *creds)
diff --git a/src/mechglue/gss_plugin.h b/src/mechglue/gss_plugin.h
index 7b87519..333d63c 100644
--- a/src/mechglue/gss_plugin.h
+++ b/src/mechglue/gss_plugin.h
@@ -75,6 +75,7 @@ uint32_t gpp_local_to_name(uint32_t *minor,
 uint32_t gpp_cred_handle_init(uint32_t *min, bool defcred, const char *ccache,
                               struct gpp_cred_handle **out_handle);
 uint32_t gpp_cred_handle_free(uint32_t *min, struct gpp_cred_handle *handle);
+bool gpp_creds_are_equal(gssx_cred *a, gssx_cred *b);
 uint32_t gpp_store_remote_creds(uint32_t *min, bool default_creds,
                                 gss_const_key_value_set_t cred_store,
                                 gssx_cred *creds);