1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <unistd.h>
30 #include <deflt.h>
31 #include <mechglueP.h>
32 #include <gssapi/gssapi.h>
33 #include <gssapi/gssapi_ext.h>
34
35
36 static OM_uint32
compare_names(OM_uint32 * minor,const gss_OID mech_type,const gss_name_t name,const char * user,int * user_ok)37 compare_names(OM_uint32 *minor,
38 const gss_OID mech_type,
39 const gss_name_t name,
40 const char *user,
41 int *user_ok)
42 {
43
44 OM_uint32 status, tmpMinor;
45 gss_name_t imported_name;
46 gss_name_t canon_name;
47 gss_buffer_desc gss_user;
48 int match = 0;
49
50 *user_ok = 0;
51
52 gss_user.value = (void *)user;
53 if (!gss_user.value || !name || !mech_type)
54 return (GSS_S_BAD_NAME);
55 gss_user.length = strlen(gss_user.value);
56
57 status = gss_import_name(minor,
58 &gss_user,
59 GSS_C_NT_USER_NAME,
60 &imported_name);
61 if (status != GSS_S_COMPLETE) {
62 goto out;
63 }
64
65 status = gss_canonicalize_name(minor,
66 imported_name,
67 mech_type,
68 &canon_name);
69 if (status != GSS_S_COMPLETE) {
70 (void) gss_release_name(&tmpMinor, &imported_name);
71 goto out;
72 }
73
74 status = gss_compare_name(minor,
75 canon_name,
76 name,
77 &match);
78 (void) gss_release_name(&tmpMinor, &canon_name);
79 (void) gss_release_name(&tmpMinor, &imported_name);
80 if (status == GSS_S_COMPLETE) {
81 if (match)
82 *user_ok = 1; /* remote user is a-ok */
83 }
84
85 out:
86 return (status);
87 }
88
89
90 OM_uint32
__gss_userok(OM_uint32 * minor,const gss_name_t name,const char * user,int * user_ok)91 __gss_userok(OM_uint32 *minor,
92 const gss_name_t name,
93 const char *user,
94 int *user_ok)
95
96 {
97 gss_mechanism mech;
98 gss_union_name_t intName;
99 gss_name_t mechName = NULL;
100 OM_uint32 major;
101
102 if (minor == NULL || user_ok == NULL)
103 return (GSS_S_CALL_INACCESSIBLE_WRITE);
104
105 if (name == NULL || user == NULL)
106 return (GSS_S_CALL_INACCESSIBLE_READ);
107
108 *user_ok = 0;
109 *minor = GSS_S_COMPLETE;
110
111 intName = (gss_union_name_t)name;
112
113 mech = __gss_get_mechanism(intName->mech_type);
114 if (mech == NULL)
115 return (GSS_S_UNAVAILABLE);
116
117 /* may need to import the name if this is not MN */
118 if (intName->mech_type == NULL) {
119 return (GSS_S_FAILURE);
120 } else
121 mechName = intName->mech_name;
122
123 if (mech->__gss_userok)
124 major = mech->__gss_userok(mech->context, minor, mechName,
125 user, user_ok);
126 else
127 major = compare_names(minor, intName->mech_type,
128 name, user, user_ok);
129
130 return (major);
131 } /* gss_userok */
132