1*ad19d054Sgtb /*
2*ad19d054Sgtb * CDDL HEADER START
3*ad19d054Sgtb *
4*ad19d054Sgtb * The contents of this file are subject to the terms of the
5*ad19d054Sgtb * Common Development and Distribution License (the "License").
6*ad19d054Sgtb * You may not use this file except in compliance with the License.
7*ad19d054Sgtb *
8*ad19d054Sgtb * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*ad19d054Sgtb * or http://www.opensolaris.org/os/licensing.
10*ad19d054Sgtb * See the License for the specific language governing permissions
11*ad19d054Sgtb * and limitations under the License.
12*ad19d054Sgtb *
13*ad19d054Sgtb * When distributing Covered Code, include this CDDL HEADER in each
14*ad19d054Sgtb * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*ad19d054Sgtb * If applicable, add the following below this CDDL HEADER, with the
16*ad19d054Sgtb * fields enclosed by brackets "[]" replaced with your own identifying
17*ad19d054Sgtb * information: Portions Copyright [yyyy] [name of copyright owner]
18*ad19d054Sgtb *
19*ad19d054Sgtb * CDDL HEADER END
20*ad19d054Sgtb */
217c478bd9Sstevel@tonic-gate /*
22ab9b2e15Sgtb * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate * krb5 mechanism specific routine for pname_to_uid
287c478bd9Sstevel@tonic-gate */
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h>
317c478bd9Sstevel@tonic-gate #include <stdlib.h>
327c478bd9Sstevel@tonic-gate #include <string.h>
337c478bd9Sstevel@tonic-gate #include <pwd.h>
347c478bd9Sstevel@tonic-gate
357c478bd9Sstevel@tonic-gate /*
367c478bd9Sstevel@tonic-gate * This functions supplements the gsscred table.
377c478bd9Sstevel@tonic-gate *
387c478bd9Sstevel@tonic-gate * First, it provides the mapping for root principal
397c478bd9Sstevel@tonic-gate * entries. The uid mapping returned is that of 0.
407c478bd9Sstevel@tonic-gate * The name must be of the form root/... or root@...
417c478bd9Sstevel@tonic-gate * or host/... (no host@... mapped to 0 cuz host could
427c478bd9Sstevel@tonic-gate * be the name of a normal user)
437c478bd9Sstevel@tonic-gate * or in Kerberos terms, the first component must be root or host.
447c478bd9Sstevel@tonic-gate *
457c478bd9Sstevel@tonic-gate * Second, it provides the mapping for normal user principals
467c478bd9Sstevel@tonic-gate * using the passwd tbl. Thus, the gsscred table is not normally
477c478bd9Sstevel@tonic-gate * needed for the krb5 mech (though libgss will use it if this
487c478bd9Sstevel@tonic-gate * routine fails).
497c478bd9Sstevel@tonic-gate *
507c478bd9Sstevel@tonic-gate * GSS_S_COMPLETE is returned on success.
517c478bd9Sstevel@tonic-gate * GSS_S_FAILURE is returned on failure.
527c478bd9Sstevel@tonic-gate */
537c478bd9Sstevel@tonic-gate OM_uint32
krb5_pname_to_uid(minor,pname,uidOut)54ab9b2e15Sgtb krb5_pname_to_uid(minor, pname, uidOut)
557c478bd9Sstevel@tonic-gate OM_uint32 *minor;
567c478bd9Sstevel@tonic-gate const gss_name_t pname;
577c478bd9Sstevel@tonic-gate uid_t *uidOut;
587c478bd9Sstevel@tonic-gate {
59ab9b2e15Sgtb krb5_context context;
607c478bd9Sstevel@tonic-gate char lname[256];
617c478bd9Sstevel@tonic-gate struct passwd *pw;
627c478bd9Sstevel@tonic-gate krb5_error_code stat;
637c478bd9Sstevel@tonic-gate
647c478bd9Sstevel@tonic-gate if (! kg_validate_name(pname))
657c478bd9Sstevel@tonic-gate {
667c478bd9Sstevel@tonic-gate *minor = (OM_uint32) G_VALIDATE_FAILED;
677c478bd9Sstevel@tonic-gate return (GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
687c478bd9Sstevel@tonic-gate }
697c478bd9Sstevel@tonic-gate
70ab9b2e15Sgtb stat = krb5_init_context(&context);
71ab9b2e15Sgtb if (stat) {
72ab9b2e15Sgtb *minor = stat;
73*ad19d054Sgtb return (GSS_S_FAILURE);
74ab9b2e15Sgtb }
75ab9b2e15Sgtb
767c478bd9Sstevel@tonic-gate stat = krb5_aname_to_localname(context, (krb5_principal) pname,
777c478bd9Sstevel@tonic-gate sizeof (lname), lname);
78ab9b2e15Sgtb krb5_free_context(context);
79ab9b2e15Sgtb context = NULL;
807c478bd9Sstevel@tonic-gate if (stat)
817c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
827c478bd9Sstevel@tonic-gate
837c478bd9Sstevel@tonic-gate /* get the uid from the passwd tbl */
847c478bd9Sstevel@tonic-gate if (pw = getpwnam(lname))
857c478bd9Sstevel@tonic-gate {
867c478bd9Sstevel@tonic-gate *uidOut = pw->pw_uid;
877c478bd9Sstevel@tonic-gate return (GSS_S_COMPLETE);
887c478bd9Sstevel@tonic-gate }
897c478bd9Sstevel@tonic-gate
907c478bd9Sstevel@tonic-gate return (GSS_S_FAILURE);
917c478bd9Sstevel@tonic-gate } /* krb5_pname_to_uid */
92