/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <deflt.h> #include <mechglueP.h> #include <gssapi/gssapi.h> #include <gssapi/gssapi_ext.h> static OM_uint32 compare_names(OM_uint32 *minor, const gss_OID mech_type, const gss_name_t name, const char *user, int *user_ok) { OM_uint32 status, tmpMinor; gss_name_t imported_name; gss_name_t canon_name; gss_buffer_desc gss_user; int match = 0; *user_ok = 0; gss_user.value = (void *)user; if (!gss_user.value || !name || !mech_type) return (GSS_S_BAD_NAME); gss_user.length = strlen(gss_user.value); status = gss_import_name(minor, &gss_user, GSS_C_NT_USER_NAME, &imported_name); if (status != GSS_S_COMPLETE) { goto out; } status = gss_canonicalize_name(minor, imported_name, mech_type, &canon_name); if (status != GSS_S_COMPLETE) { (void) gss_release_name(&tmpMinor, &imported_name); goto out; } status = gss_compare_name(minor, canon_name, name, &match); (void) gss_release_name(&tmpMinor, &canon_name); (void) gss_release_name(&tmpMinor, &imported_name); if (status == GSS_S_COMPLETE) { if (match) *user_ok = 1; /* remote user is a-ok */ } out: return (status); } OM_uint32 __gss_userok(OM_uint32 *minor, const gss_name_t name, const char *user, int *user_ok) { gss_mechanism mech; gss_union_name_t intName; gss_name_t mechName = NULL; OM_uint32 major; if (minor == NULL || user_ok == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); if (name == NULL || user == NULL) return (GSS_S_CALL_INACCESSIBLE_READ); *user_ok = 0; *minor = GSS_S_COMPLETE; intName = (gss_union_name_t)name; mech = __gss_get_mechanism(intName->mech_type); if (mech == NULL) return (GSS_S_UNAVAILABLE); /* may need to import the name if this is not MN */ if (intName->mech_type == NULL) { return (GSS_S_FAILURE); } else mechName = intName->mech_name; if (mech->__gss_userok) major = mech->__gss_userok(mech->context, minor, mechName, user, user_ok); else major = compare_names(minor, intName->mech_type, name, user, user_ok); return (major); } /* gss_userok */