1 /* 2 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * lib/gssapi/krb5/inq_names.c 10 * 11 * Copyright 1995 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 */ 34 35 /* 36 * inq_names.c - Return set of nametypes supported by the KRB5 mechanism. 37 */ 38 #include <gssapiP_krb5.h> 39 40 /*ARGSUSED*/ 41 OM_uint32 42 krb5_gss_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) 43 void *ctx; 44 OM_uint32 *minor_status; 45 gss_OID mechanism; 46 gss_OID_set *name_types; 47 { 48 OM_uint32 major, minor; 49 50 /* Solaris Kerberos: for MT safety, we avoid the use of a default 51 * context via kg_get_context() */ 52 #if 0 53 if (GSS_ERROR(kg_get_context(minor_status, &context))) 54 return(GSS_S_FAILURE); 55 #endif 56 57 mutex_lock(&krb5_mutex); 58 59 /* 60 * We only know how to handle our own mechanism. 61 */ 62 if ((mechanism != GSS_C_NULL_OID) && 63 !g_OID_equal(gss_mech_krb5_v2, mechanism) && 64 !g_OID_equal(gss_mech_krb5, mechanism) && 65 !g_OID_equal(gss_mech_krb5_old, mechanism)) { 66 *minor_status = 0; 67 mutex_unlock(&krb5_mutex); 68 return(GSS_S_BAD_MECH); 69 } 70 71 /* We're okay. Create an empty OID set */ 72 major = gss_create_empty_oid_set(minor_status, name_types); 73 if (major == GSS_S_COMPLETE) { 74 /* Now add our members. */ 75 if ( 76 /* The following are GSS specified nametypes */ 77 ((major = gss_add_oid_set_member(minor_status, 78 (gss_OID) GSS_C_NT_USER_NAME, 79 name_types) 80 ) == GSS_S_COMPLETE) && 81 ((major = gss_add_oid_set_member(minor_status, 82 (gss_OID) GSS_C_NT_MACHINE_UID_NAME, 83 name_types) 84 ) == GSS_S_COMPLETE) && 85 ((major = gss_add_oid_set_member(minor_status, 86 (gss_OID) GSS_C_NT_STRING_UID_NAME, 87 name_types) 88 ) == GSS_S_COMPLETE) && 89 ((major = gss_add_oid_set_member(minor_status, 90 (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, 91 name_types) 92 ) == GSS_S_COMPLETE) && 93 /* The following are kerberos only nametypes */ 94 ((major = gss_add_oid_set_member(minor_status, 95 (gss_OID) gss_nt_service_name_v2, 96 name_types) 97 ) == GSS_S_COMPLETE) && 98 ((major = gss_add_oid_set_member(minor_status, 99 (gss_OID) gss_nt_exported_name, 100 name_types) 101 ) == GSS_S_COMPLETE) && 102 ((major = gss_add_oid_set_member(minor_status, 103 (gss_OID) gss_nt_krb5_name, 104 name_types) 105 ) == GSS_S_COMPLETE) 106 ) { 107 major = gss_add_oid_set_member(minor_status, 108 (gss_OID) gss_nt_krb5_principal, 109 name_types); 110 } 111 112 /* 113 * If we choked, then release the set, but don't overwrite the minor 114 * status with the release call. 115 */ 116 if (major != GSS_S_COMPLETE) 117 (void) gss_release_oid_set(&minor, 118 name_types); 119 } 120 mutex_unlock(&krb5_mutex); 121 return(major); 122 } 123