1*ad19d054Sgtb /*
2*ad19d054Sgtb  * CDDL HEADER START
3*ad19d054Sgtb  *
4*ad19d054Sgtb  * The contents of this file are subject to the terms of the
5*ad19d054Sgtb  * Common Development and Distribution License (the "License").
6*ad19d054Sgtb  * You may not use this file except in compliance with the License.
7*ad19d054Sgtb  *
8*ad19d054Sgtb  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*ad19d054Sgtb  * or http://www.opensolaris.org/os/licensing.
10*ad19d054Sgtb  * See the License for the specific language governing permissions
11*ad19d054Sgtb  * and limitations under the License.
12*ad19d054Sgtb  *
13*ad19d054Sgtb  * When distributing Covered Code, include this CDDL HEADER in each
14*ad19d054Sgtb  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*ad19d054Sgtb  * If applicable, add the following below this CDDL HEADER, with the
16*ad19d054Sgtb  * fields enclosed by brackets "[]" replaced with your own identifying
17*ad19d054Sgtb  * information: Portions Copyright [yyyy] [name of copyright owner]
18*ad19d054Sgtb  *
19*ad19d054Sgtb  * CDDL HEADER END
20*ad19d054Sgtb  */
217c478bd9Sstevel@tonic-gate /*
22ab9b2e15Sgtb  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate  *  krb5 mechanism specific routine for pname_to_uid
287c478bd9Sstevel@tonic-gate  */
297c478bd9Sstevel@tonic-gate 
307c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h>
317c478bd9Sstevel@tonic-gate #include <stdlib.h>
327c478bd9Sstevel@tonic-gate #include <string.h>
337c478bd9Sstevel@tonic-gate #include <pwd.h>
347c478bd9Sstevel@tonic-gate 
357c478bd9Sstevel@tonic-gate /*
367c478bd9Sstevel@tonic-gate  * This functions supplements the gsscred table.
377c478bd9Sstevel@tonic-gate  *
387c478bd9Sstevel@tonic-gate  * First, it provides the mapping for root principal
397c478bd9Sstevel@tonic-gate  * entries.  The uid mapping returned is that of 0.
407c478bd9Sstevel@tonic-gate  * The name must be of the form root/... or root@...
417c478bd9Sstevel@tonic-gate  * or host/... (no host@... mapped to 0 cuz host could
427c478bd9Sstevel@tonic-gate  * be the name of a normal user)
437c478bd9Sstevel@tonic-gate  * or in Kerberos terms, the first component must be root or host.
447c478bd9Sstevel@tonic-gate  *
457c478bd9Sstevel@tonic-gate  * Second, it provides the mapping for normal user principals
467c478bd9Sstevel@tonic-gate  * using the passwd tbl.  Thus, the gsscred table is not normally
477c478bd9Sstevel@tonic-gate  * needed for the krb5 mech (though libgss will use it if this
487c478bd9Sstevel@tonic-gate  * routine fails).
497c478bd9Sstevel@tonic-gate  *
507c478bd9Sstevel@tonic-gate  * GSS_S_COMPLETE is returned on success.
517c478bd9Sstevel@tonic-gate  * GSS_S_FAILURE is returned on failure.
527c478bd9Sstevel@tonic-gate  */
537c478bd9Sstevel@tonic-gate OM_uint32
krb5_pname_to_uid(minor,pname,uidOut)54ab9b2e15Sgtb krb5_pname_to_uid(minor,  pname, uidOut)
557c478bd9Sstevel@tonic-gate OM_uint32 *minor;
567c478bd9Sstevel@tonic-gate const gss_name_t pname;
577c478bd9Sstevel@tonic-gate uid_t *uidOut;
587c478bd9Sstevel@tonic-gate {
59ab9b2e15Sgtb 	krb5_context context;
607c478bd9Sstevel@tonic-gate 	char lname[256];
617c478bd9Sstevel@tonic-gate 	struct passwd	*pw;
627c478bd9Sstevel@tonic-gate 	krb5_error_code stat;
637c478bd9Sstevel@tonic-gate 
647c478bd9Sstevel@tonic-gate 	if (! kg_validate_name(pname))
657c478bd9Sstevel@tonic-gate 	{
667c478bd9Sstevel@tonic-gate 		*minor = (OM_uint32) G_VALIDATE_FAILED;
677c478bd9Sstevel@tonic-gate 		return (GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
687c478bd9Sstevel@tonic-gate 	}
697c478bd9Sstevel@tonic-gate 
70ab9b2e15Sgtb 	stat = krb5_init_context(&context);
71ab9b2e15Sgtb 	if (stat) {
72ab9b2e15Sgtb 		*minor = stat;
73*ad19d054Sgtb 		return (GSS_S_FAILURE);
74ab9b2e15Sgtb 	}
75ab9b2e15Sgtb 
767c478bd9Sstevel@tonic-gate 	stat = krb5_aname_to_localname(context, (krb5_principal) pname,
777c478bd9Sstevel@tonic-gate 				    sizeof (lname), lname);
78ab9b2e15Sgtb 	krb5_free_context(context);
79ab9b2e15Sgtb 	context = NULL;
807c478bd9Sstevel@tonic-gate 	if (stat)
817c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
827c478bd9Sstevel@tonic-gate 
837c478bd9Sstevel@tonic-gate 	/* get the uid from the passwd tbl */
847c478bd9Sstevel@tonic-gate 	if (pw = getpwnam(lname))
857c478bd9Sstevel@tonic-gate 	{
867c478bd9Sstevel@tonic-gate 		*uidOut = pw->pw_uid;
877c478bd9Sstevel@tonic-gate 		return (GSS_S_COMPLETE);
887c478bd9Sstevel@tonic-gate 	}
897c478bd9Sstevel@tonic-gate 
907c478bd9Sstevel@tonic-gate 	return (GSS_S_FAILURE);
917c478bd9Sstevel@tonic-gate } /* krb5_pname_to_uid */
92