1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <unistd.h> 30 #include <deflt.h> 31 #include <mechglueP.h> 32 #include <gssapi/gssapi.h> 33 #include <gssapi/gssapi_ext.h> 34 35 36 static OM_uint32 37 compare_names(OM_uint32 *minor, 38 const gss_OID mech_type, 39 const gss_name_t name, 40 const char *user, 41 int *user_ok) 42 { 43 44 OM_uint32 status, tmpMinor; 45 gss_name_t imported_name; 46 gss_name_t canon_name; 47 gss_buffer_desc gss_user; 48 int match = 0; 49 50 *user_ok = 0; 51 52 gss_user.value = (void *)user; 53 if (!gss_user.value || !name || !mech_type) 54 return (GSS_S_BAD_NAME); 55 gss_user.length = strlen(gss_user.value); 56 57 status = gss_import_name(minor, 58 &gss_user, 59 GSS_C_NT_USER_NAME, 60 &imported_name); 61 if (status != GSS_S_COMPLETE) { 62 goto out; 63 } 64 65 status = gss_canonicalize_name(minor, 66 imported_name, 67 mech_type, 68 &canon_name); 69 if (status != GSS_S_COMPLETE) { 70 (void) gss_release_name(&tmpMinor, &imported_name); 71 goto out; 72 } 73 74 status = gss_compare_name(minor, 75 canon_name, 76 name, 77 &match); 78 (void) gss_release_name(&tmpMinor, &canon_name); 79 (void) gss_release_name(&tmpMinor, &imported_name); 80 if (status == GSS_S_COMPLETE) { 81 if (match) 82 *user_ok = 1; /* remote user is a-ok */ 83 } 84 85 out: 86 return (status); 87 } 88 89 90 OM_uint32 91 __gss_userok(OM_uint32 *minor, 92 const gss_name_t name, 93 const char *user, 94 int *user_ok) 95 96 { 97 gss_mechanism mech; 98 gss_union_name_t intName; 99 gss_name_t mechName = NULL; 100 OM_uint32 major; 101 102 if (minor == NULL || user_ok == NULL) 103 return (GSS_S_CALL_INACCESSIBLE_WRITE); 104 105 if (name == NULL || user == NULL) 106 return (GSS_S_CALL_INACCESSIBLE_READ); 107 108 *user_ok = 0; 109 *minor = GSS_S_COMPLETE; 110 111 intName = (gss_union_name_t)name; 112 113 mech = __gss_get_mechanism(intName->mech_type); 114 if (mech == NULL) 115 return (GSS_S_UNAVAILABLE); 116 117 /* may need to import the name if this is not MN */ 118 if (intName->mech_type == NULL) { 119 return (GSS_S_FAILURE); 120 } else 121 mechName = intName->mech_name; 122 123 if (mech->__gss_userok) 124 major = mech->__gss_userok(mech->context, minor, mechName, 125 user, user_ok); 126 else 127 major = compare_names(minor, intName->mech_type, 128 name, user, user_ok); 129 130 return (major); 131 } /* gss_userok */ 132