lib/libgss/g_userok.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident   "%Z%%M% %I% %E% SMI"

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <deflt.h>
#include <mechglueP.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>


static OM_uint32
compare_names(OM_uint32 *minor,
        const gss_OID mech_type,
        const gss_name_t name,
        const char *user,
        int *user_ok)
{

    OM_uint32 status, tmpMinor;
    gss_name_t imported_name;
    gss_name_t canon_name;
    gss_buffer_desc gss_user;
    int match = 0;

    *user_ok = 0;

    gss_user.value = (void *)user;
    if (!gss_user.value || !name || !mech_type)
        return (GSS_S_BAD_NAME);
    gss_user.length = strlen(gss_user.value);

    status = gss_import_name(minor,
                &gss_user,
                GSS_C_NT_USER_NAME,
                &imported_name);
    if (status != GSS_S_COMPLETE) {
        goto out;
    }

    status = gss_canonicalize_name(minor,
                    imported_name,
                    mech_type,
                    &canon_name);
    if (status != GSS_S_COMPLETE) {
        (void) gss_release_name(&tmpMinor, &imported_name);
        goto out;
    }

    status = gss_compare_name(minor,
                canon_name,
                name,
                &match);
    (void) gss_release_name(&tmpMinor, &canon_name);
    (void) gss_release_name(&tmpMinor, &imported_name);
    if (status == GSS_S_COMPLETE) {
        if (match)
            *user_ok = 1; /* remote user is a-ok */
    }

out:
    return (status);
}


OM_uint32
__gss_userok(OM_uint32 *minor,
        const gss_name_t name,
        const char *user,
        int *user_ok)

{
    gss_mechanism mech;
    gss_union_name_t intName;
    gss_name_t mechName = NULL;
    OM_uint32 major;

    if (minor == NULL || user_ok == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);

    if (name == NULL || user == NULL)
        return (GSS_S_CALL_INACCESSIBLE_READ);

    *user_ok = 0;
    *minor = GSS_S_COMPLETE;

    intName = (gss_union_name_t)name;

    mech = __gss_get_mechanism(intName->mech_type);
    if (mech == NULL)
        return (GSS_S_UNAVAILABLE);

    /* may need to import the name if this is not MN */
    if (intName->mech_type == NULL) {
        return (GSS_S_FAILURE);
    } else
        mechName = intName->mech_name;

    if (mech->__gss_userok)
        major = mech->__gss_userok(mech->context,  minor, mechName,
                user, user_ok);
    else
        major = compare_names(minor, intName->mech_type,
                    name, user, user_ok);

    return (major);
} /* gss_userok */