1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * krb5 mechanism specific routine for pname_to_uid 28 */ 29 30 #include <gssapiP_krb5.h> 31 #include <stdlib.h> 32 #include <string.h> 33 #include <pwd.h> 34 35 /* 36 * This functions supplements the gsscred table. 37 * 38 * First, it provides the mapping for root principal 39 * entries. The uid mapping returned is that of 0. 40 * The name must be of the form root/... or root@... 41 * or host/... (no host@... mapped to 0 cuz host could 42 * be the name of a normal user) 43 * or in Kerberos terms, the first component must be root or host. 44 * 45 * Second, it provides the mapping for normal user principals 46 * using the passwd tbl. Thus, the gsscred table is not normally 47 * needed for the krb5 mech (though libgss will use it if this 48 * routine fails). 49 * 50 * GSS_S_COMPLETE is returned on success. 51 * GSS_S_FAILURE is returned on failure. 52 */ 53 OM_uint32 54 krb5_pname_to_uid(minor, pname, uidOut) 55 OM_uint32 *minor; 56 const gss_name_t pname; 57 uid_t *uidOut; 58 { 59 krb5_context context; 60 char lname[256]; 61 struct passwd *pw; 62 krb5_error_code stat; 63 64 if (! kg_validate_name(pname)) 65 { 66 *minor = (OM_uint32) G_VALIDATE_FAILED; 67 return (GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); 68 } 69 70 stat = krb5_init_context(&context); 71 if (stat) { 72 *minor = stat; 73 return (GSS_S_FAILURE); 74 } 75 76 stat = krb5_aname_to_localname(context, (krb5_principal) pname, 77 sizeof (lname), lname); 78 krb5_free_context(context); 79 context = NULL; 80 if (stat) 81 return (GSS_S_FAILURE); 82 83 /* get the uid from the passwd tbl */ 84 if (pw = getpwnam(lname)) 85 { 86 *uidOut = pw->pw_uid; 87 return (GSS_S_COMPLETE); 88 } 89 90 return (GSS_S_FAILURE); 91 } /* krb5_pname_to_uid */ 92