1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <stdio.h> 30 #include <stdlib.h> 31 #include <unistd.h> 32 #include <deflt.h> 33 #include <mechglueP.h> 34 #include <gssapi/gssapi.h> 35 #include <gssapi/gssapi_ext.h> 36 37 38 static OM_uint32 39 compare_names(OM_uint32 *minor, 40 const gss_OID mech_type, 41 const gss_name_t name, 42 const char *user, 43 int *user_ok) 44 { 45 46 OM_uint32 status, tmpMinor; 47 gss_name_t imported_name; 48 gss_name_t canon_name; 49 gss_buffer_desc gss_user; 50 int match = 0; 51 52 *user_ok = 0; 53 54 gss_user.value = (void *)user; 55 if (!gss_user.value || !name || !mech_type) 56 return (GSS_S_BAD_NAME); 57 gss_user.length = strlen(gss_user.value); 58 59 status = gss_import_name(minor, 60 &gss_user, 61 GSS_C_NT_USER_NAME, 62 &imported_name); 63 if (status != GSS_S_COMPLETE) { 64 goto out; 65 } 66 67 status = gss_canonicalize_name(minor, 68 imported_name, 69 mech_type, 70 &canon_name); 71 if (status != GSS_S_COMPLETE) { 72 (void) gss_release_name(&tmpMinor, &imported_name); 73 goto out; 74 } 75 76 status = gss_compare_name(minor, 77 canon_name, 78 name, 79 &match); 80 (void) gss_release_name(&tmpMinor, &canon_name); 81 (void) gss_release_name(&tmpMinor, &imported_name); 82 if (status == GSS_S_COMPLETE) { 83 if (match) 84 *user_ok = 1; /* remote user is a-ok */ 85 } 86 87 out: 88 return (status); 89 } 90 91 92 OM_uint32 93 __gss_userok(OM_uint32 *minor, 94 const gss_name_t name, 95 const char *user, 96 int *user_ok) 97 98 { 99 gss_mechanism mech; 100 gss_union_name_t intName; 101 gss_name_t mechName = NULL; 102 OM_uint32 major; 103 104 if (minor == NULL || user_ok == NULL) 105 return (GSS_S_CALL_INACCESSIBLE_WRITE); 106 107 if (name == NULL || user == NULL) 108 return (GSS_S_CALL_INACCESSIBLE_READ); 109 110 *user_ok = 0; 111 *minor = GSS_S_COMPLETE; 112 113 intName = (gss_union_name_t)name; 114 115 mech = __gss_get_mechanism(intName->mech_type); 116 if (mech == NULL) 117 return (GSS_S_UNAVAILABLE); 118 119 /* may need to import the name if this is not MN */ 120 if (intName->mech_type == NULL) { 121 return (GSS_S_FAILURE); 122 } else 123 mechName = intName->mech_name; 124 125 if (mech->__gss_userok) 126 major = mech->__gss_userok(mech->context, minor, mechName, 127 user, user_ok); 128 else 129 major = compare_names(minor, intName->mech_type, 130 name, user, user_ok); 131 132 return (major); 133 } /* gss_userok */ 134