/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
#include "gsscred.h"
/*
* gsscred utility
* Manages mapping between a security principal name and unix uid.
* Implementation file for the file based gsscred utility.
*/
/*
* Multiply by two given that the token has already gone through hex string
* expansion.
*/
/*
* file_addGssCredEntry
*
* Adds a new entry to the gsscred table.
* Does not check for duplicate entries.
*/
const char *comment, char **errDetails)
{
if (errDetails) {
gettext("Unable to open gsscred file [%s]"),
credFile);
}
return (0);
}
return (1);
} /* ******* file_addGssCredEntry ****** */
/*
* file_getGssCredEntry
*
* Searches the file for the file matching the name. Since the name
* contains a mechanism identifier, to search for all names for a given
* mechanism just supply the mechanism portion in the name buffer.
* To search by uid only, supply a non-null value of uid.
*/
char **errDetails)
{
if (errDetails) {
gettext("Unable to open gsscred file [%s]"),
credFile);
}
return (0);
}
/* go through the file in sequential order */
/* is there any search criteria */
continue;
}
} /* while */
return (1);
} /* file_getGssCredEntry */
/*
* file_getGssCredUid
*
* GSS entry point for retrieving user uid information.
* We need to go through the entire file to ensure that
* the last matching entry is retrieved - this is because
* new entries are added to the end, and in case of
* duplicates we want to get the latest entry.
*/
int
{
int retVal = 0;
return (0);
/* go through the entire file in sequential order */
retVal = 1;
}
} /* while */
return (retVal);
} /* file_getGssCredUid */
/*
*
* file_deleteGssCredEntry
*
* removes entries form file that match the delete criteria
*/
char **errDetails)
{
int foundOne = 0;
/* are we deleting everyone? */
if (errDetails) {
gettext("Unable to open gsscred"
" file [%s]"),
credFile);
}
return (0);
}
return (1);
}
/* selective delete - might still be everyone */
if (errDetails) {
gettext("Unable to open gsscred file [%s]"),
credFile);
}
return (0);
}
/* also need to open temp file */
if (errDetails) {
gettext("Unable to open gsscred temporary"
" file [%s]"),
}
return (0);
}
/* go through all the entries sequentially removing ones that match */
else
foundOne = 1;
}
/* now make the tempfile the gsscred file */
(void) unlink(credFileTmp);
if (!foundOne) {
return (0);
}
return (1);
} /* file_deleteGssCredEntry */
/*
*
* match entry
*
* checks if the specified entry matches the supplied criteria
* returns 1 if yes, 0 if no
* uidOut value can be used to retrieve the uid from the entry
* when the uid string is passed in, the uidOut value is not set
*/
{
/*
* item_len is the length of the token in the gsscred_db.
* name_len is the length of the token passed to this function.
*/
/*
* This is the hex encoding of the beginning of all exported name
* tokens for the Kerberos V mechanism. We need this to detect old,
* incorrectly exported name tokens; see below.
*/
/*
* This is the hex encoded GSS_C_NT_USER_NAME OID, needed for the same
* reason as krb5_ntok_prefix.
*/
return (0);
/* save the entry since strtok will chop it up */
return (0);
/* do we need to search the name */
/* we can match the prefix of the string */
return (0);
/*
* The following section is needed in order to detect
* two existing errant formats in the gsscred db.
*
* 1. Exported names that have a trailing null byte
* ("00" in two hex characters) with the name length
* incremented to account for the extra null byte.
*
* 2. Exported names that have the name type length
* and name type OID prepended to the exported name.
*
*/
strlen(krb5_ntok_prefix)) != 0)
return (0);
strlen(krb5_ntok_prefix)) != 0)
return (0);
return (0);
name_buf += NAME_OFFSET;
!= 0))
return (0);
/*
* Here we compare the end of name_len, given
* that item_len could have two extra "00"
* representing the null byte.
*/
!= 0)
return (0);
} else
/*
* We only strncmp() so we could check for old,
* broken exported name tokens for the krb5 mech.
* For any other exported name tokens we want exact
* matches only.
*/
return (0);
/* do we need to check the uid - if not then we found it */
/* do we ned to parse out the uid ? */
if (uidOut) {
return (0);
}
return (1);
}
/* continue with checking the uid */
}
return (1);
/* get the next token from the string - the uid */
return (0);
return (1);
return (0);
} /* ******* matchEntry ****** */