1a9148abdSDoug Rabson /*- 2*4de8ade9SPedro F. Giffuni * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3*4de8ade9SPedro F. Giffuni * 4a9148abdSDoug Rabson * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 5a9148abdSDoug Rabson * Authors: Doug Rabson <dfr@rabson.org> 6a9148abdSDoug Rabson * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 7a9148abdSDoug Rabson * 8a9148abdSDoug Rabson * Redistribution and use in source and binary forms, with or without 9a9148abdSDoug Rabson * modification, are permitted provided that the following conditions 10a9148abdSDoug Rabson * are met: 11a9148abdSDoug Rabson * 1. Redistributions of source code must retain the above copyright 12a9148abdSDoug Rabson * notice, this list of conditions and the following disclaimer. 13a9148abdSDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 14a9148abdSDoug Rabson * notice, this list of conditions and the following disclaimer in the 15a9148abdSDoug Rabson * documentation and/or other materials provided with the distribution. 16a9148abdSDoug Rabson * 17a9148abdSDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18a9148abdSDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19a9148abdSDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20a9148abdSDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21a9148abdSDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22a9148abdSDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23a9148abdSDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24a9148abdSDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25a9148abdSDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26a9148abdSDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27a9148abdSDoug Rabson * SUCH DAMAGE. 28a9148abdSDoug Rabson */ 29a9148abdSDoug Rabson 30a9148abdSDoug Rabson #include <sys/cdefs.h> 31a9148abdSDoug Rabson __FBSDID("$FreeBSD$"); 32a9148abdSDoug Rabson 33a9148abdSDoug Rabson #include <sys/param.h> 34a9148abdSDoug Rabson #include <sys/kernel.h> 35a9148abdSDoug Rabson #include <sys/kobj.h> 3613870d5dSRick Macklem #include <sys/lock.h> 37a9148abdSDoug Rabson #include <sys/malloc.h> 3813870d5dSRick Macklem #include <sys/mutex.h> 39a9148abdSDoug Rabson 40a9148abdSDoug Rabson #include <kgssapi/gssapi.h> 41a9148abdSDoug Rabson #include <kgssapi/gssapi_impl.h> 42a9148abdSDoug Rabson 43a9148abdSDoug Rabson #include "kgss_if.h" 44a9148abdSDoug Rabson 45a9148abdSDoug Rabson OM_uint32 46a9148abdSDoug Rabson gss_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, 47a9148abdSDoug Rabson const gss_OID mech, uid_t *uidp) 48a9148abdSDoug Rabson { 49a9148abdSDoug Rabson struct pname_to_uid_res res; 50a9148abdSDoug Rabson struct pname_to_uid_args args; 51a9148abdSDoug Rabson enum clnt_stat stat; 5213870d5dSRick Macklem CLIENT *cl; 53a9148abdSDoug Rabson 54a9148abdSDoug Rabson *minor_status = 0; 55a9148abdSDoug Rabson 56a9148abdSDoug Rabson if (pname == GSS_C_NO_NAME) 57a9148abdSDoug Rabson return (GSS_S_BAD_NAME); 58a9148abdSDoug Rabson 5913870d5dSRick Macklem cl = kgss_gssd_client(); 6013870d5dSRick Macklem if (cl == NULL) 6113870d5dSRick Macklem return (GSS_S_FAILURE); 6213870d5dSRick Macklem 63a9148abdSDoug Rabson args.pname = pname->handle; 64a9148abdSDoug Rabson args.mech = mech; 65a9148abdSDoug Rabson 66a9148abdSDoug Rabson bzero(&res, sizeof(res)); 6713870d5dSRick Macklem stat = gssd_pname_to_uid_1(&args, &res, cl); 6813870d5dSRick Macklem CLNT_RELEASE(cl); 69a9148abdSDoug Rabson if (stat != RPC_SUCCESS) { 70a9148abdSDoug Rabson *minor_status = stat; 71a9148abdSDoug Rabson return (GSS_S_FAILURE); 72a9148abdSDoug Rabson } 73a9148abdSDoug Rabson 74a9148abdSDoug Rabson if (res.major_status != GSS_S_COMPLETE) { 75a9148abdSDoug Rabson *minor_status = res.minor_status; 76a9148abdSDoug Rabson return (res.major_status); 77a9148abdSDoug Rabson } 78a9148abdSDoug Rabson 79a9148abdSDoug Rabson *uidp = res.uid; 80a9148abdSDoug Rabson return (GSS_S_COMPLETE); 81a9148abdSDoug Rabson } 82a9148abdSDoug Rabson 83a9148abdSDoug Rabson OM_uint32 84a9148abdSDoug Rabson gss_pname_to_unix_cred(OM_uint32 *minor_status, const gss_name_t pname, 85a9148abdSDoug Rabson const gss_OID mech, uid_t *uidp, gid_t *gidp, 86a9148abdSDoug Rabson int *numgroups, gid_t *groups) 87a9148abdSDoug Rabson 88a9148abdSDoug Rabson { 89a9148abdSDoug Rabson struct pname_to_uid_res res; 90a9148abdSDoug Rabson struct pname_to_uid_args args; 91a9148abdSDoug Rabson enum clnt_stat stat; 92a9148abdSDoug Rabson int i, n; 9313870d5dSRick Macklem CLIENT *cl; 94a9148abdSDoug Rabson 95a9148abdSDoug Rabson *minor_status = 0; 96a9148abdSDoug Rabson 97a9148abdSDoug Rabson if (pname == GSS_C_NO_NAME) 98a9148abdSDoug Rabson return (GSS_S_BAD_NAME); 99a9148abdSDoug Rabson 10013870d5dSRick Macklem cl = kgss_gssd_client(); 10113870d5dSRick Macklem if (cl == NULL) 10213870d5dSRick Macklem return (GSS_S_FAILURE); 10313870d5dSRick Macklem 104a9148abdSDoug Rabson args.pname = pname->handle; 105a9148abdSDoug Rabson args.mech = mech; 106a9148abdSDoug Rabson 107a9148abdSDoug Rabson bzero(&res, sizeof(res)); 10813870d5dSRick Macklem stat = gssd_pname_to_uid_1(&args, &res, cl); 10913870d5dSRick Macklem CLNT_RELEASE(cl); 110a9148abdSDoug Rabson if (stat != RPC_SUCCESS) { 111a9148abdSDoug Rabson *minor_status = stat; 112a9148abdSDoug Rabson return (GSS_S_FAILURE); 113a9148abdSDoug Rabson } 114a9148abdSDoug Rabson 115a9148abdSDoug Rabson if (res.major_status != GSS_S_COMPLETE) { 116a9148abdSDoug Rabson *minor_status = res.minor_status; 117a9148abdSDoug Rabson return (res.major_status); 118a9148abdSDoug Rabson } 119a9148abdSDoug Rabson 120a9148abdSDoug Rabson *uidp = res.uid; 121a9148abdSDoug Rabson *gidp = res.gid; 122a9148abdSDoug Rabson n = res.gidlist.gidlist_len; 123a9148abdSDoug Rabson if (n > *numgroups) 124a9148abdSDoug Rabson n = *numgroups; 125a9148abdSDoug Rabson for (i = 0; i < n; i++) 126a9148abdSDoug Rabson groups[i] = res.gidlist.gidlist_val[i]; 127a9148abdSDoug Rabson *numgroups = n; 128a9148abdSDoug Rabson 129a9148abdSDoug Rabson xdr_free((xdrproc_t) xdr_pname_to_uid_res, &res); 130a9148abdSDoug Rabson 131a9148abdSDoug Rabson return (GSS_S_COMPLETE); 132a9148abdSDoug Rabson } 133