1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * krb5 mechanism specific routine for pname_to_uid
28 */
29
30 #include <gssapiP_krb5.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <pwd.h>
34
35 /*
36 * This functions supplements the gsscred table.
37 *
38 * First, it provides the mapping for root principal
39 * entries. The uid mapping returned is that of 0.
40 * The name must be of the form root/... or root@...
41 * or host/... (no host@... mapped to 0 cuz host could
42 * be the name of a normal user)
43 * or in Kerberos terms, the first component must be root or host.
44 *
45 * Second, it provides the mapping for normal user principals
46 * using the passwd tbl. Thus, the gsscred table is not normally
47 * needed for the krb5 mech (though libgss will use it if this
48 * routine fails).
49 *
50 * GSS_S_COMPLETE is returned on success.
51 * GSS_S_FAILURE is returned on failure.
52 */
53 OM_uint32
krb5_pname_to_uid(minor,pname,uidOut)54 krb5_pname_to_uid(minor, pname, uidOut)
55 OM_uint32 *minor;
56 const gss_name_t pname;
57 uid_t *uidOut;
58 {
59 krb5_context context;
60 char lname[256];
61 struct passwd *pw;
62 krb5_error_code stat;
63
64 if (! kg_validate_name(pname))
65 {
66 *minor = (OM_uint32) G_VALIDATE_FAILED;
67 return (GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
68 }
69
70 stat = krb5_init_context(&context);
71 if (stat) {
72 *minor = stat;
73 return (GSS_S_FAILURE);
74 }
75
76 stat = krb5_aname_to_localname(context, (krb5_principal) pname,
77 sizeof (lname), lname);
78 krb5_free_context(context);
79 context = NULL;
80 if (stat)
81 return (GSS_S_FAILURE);
82
83 /* get the uid from the passwd tbl */
84 if (pw = getpwnam(lname))
85 {
86 *uidOut = pw->pw_uid;
87 return (GSS_S_COMPLETE);
88 }
89
90 return (GSS_S_FAILURE);
91 } /* krb5_pname_to_uid */
92