2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A/* Diffie-Hellman ONC RPC netname name type */ 2N/A {
9,
"\053\006\004\001\052\002\032\001\001" };
2N/A * __dh_gss_compare_name: Diffie-Hellman machanism support for 2N/A * gss_compare_name. Given two gss_name_ts that are presumed to 2N/A * be rpc netnames set the *equal parameter to true if they are 2N/A * the same, else set it to false. 2N/A * __dh_gss_display_name: Supports gss_display_name for Diffie-Hellman 2N/A * mechanism. This takes a gss internal name and converts it to 2N/A * a counted string suitable for display. 2N/A * Note: we no longer copy the name type OID. The current draft of 2N/A * the standard specifies: 2N/A * "The returned gss_OID will be a pointer into static stoarge 2N/A * and should be treated as read-only by the caller (in particular, 2N/A * it does not need to be freed)." 2N/A * if ((*minor = __OID_copy(name_type, __DH_GSS_C_NT_NETNAME)) 2N/A * free(output->value); 2N/A * output->value = NULL; 2N/A * return (GSS_S_FAILURE); 2N/A * Routine that takes a netname as a character string and assigns it 2N/A * to a an gss_name_t pointed to by output. 2N/A * do_uid_nametype converts a uid to a gss_name_t pointed to by output 2N/A * do_username_nametype converts a username to a gss_name_t pointed to by 2N/A * A username will be represented by the following: 2N/A * name[/node][@security-domain] 2N/A * Then optional security-domain will represent secure rpc domain if 2N/A * present. If not present the local domain will be used. name is the 2N/A * user name as found in the unix password file. If name is root and 2N/A * node is present, then node will represent the host. If the host is 2N/A * a qualified name we assume that it is a DNS name and will only return 2N/A * the first commponnet since we want host name that are relative to 2N/A * the security domain (secure rpc domain). 2N/A /* Set outputs to sane values */ 2N/A /* See if we have a name */ 2N/A /* copy the name so that we can do surgery on it */ 2N/A /* Look for optional node part */ 2N/A * user is now just the user portion and node 2N/A * points to the start of the node part. 2N/A /* Now see if there is a domain */ 2N/A /* Check for a domain */ 2N/A /* Set domain to the beginning of the domain part if pressent */ 2N/A * See if the node part is important. If the user is root get 2N/A * the host from the node. If node is not present we assume 2N/A * we're the local host. 2N/A * We only want the host part of a qualfied host name. We 2N/A * assume the domain part of a hostname is a DNS domain, 2N/A * not an rpc domain. The rpc domain can be specified 2N/A * in the optional security domain part. 2N/A * If node is null, assume local host. If domain is 2N/A * null assume local domain. See host2netname(3N) 2N/A * We use getpwnam_r to convert the name to uid. Note it is 2N/A * important to use getpwnam_r to preserve MT safty. 2N/A /* If domain is null assume local domain. See user2netname(3N) */ 2N/A * do_hostbase_nametype convert a hostbase service name of the form 2N/A * For Diffie-Hellman we assume that the service is running with the 2N/A * credtials of the machine, i.e., as root. 2N/A /* Get the nostname */ 2N/A /* If no host return bad name */ 2N/A /* Advance pass the "@" sign */ 2N/A /* Convert the hostname to its netname */ 2N/A /* Internalize the netname to output */ 2N/A * do_exported_netname: Convert an exported Diffie-Hellman name 2N/A * to a Diffie-Hellman internal name. 2N/A /* All export names must start with this */ 2N/A /* The len must be at least this big */ 2N/A /* Export names must start with the token id of 0x04 0x01 */ 2N/A /* Decode the Mechanism oid */ 2N/A /* Check that we actually have the mechanism oid elements */ 2N/A /* Compare that the input is for this mechanism */ 2N/A /* Grab the length of the mechanism specific name per RFC 2078 */ 2N/A /* This should alway be false */ 2N/A /* Make sure the bytes for the netname oid length are available */ 2N/A /* Get the netname oid length */ 2N/A /* See if we have the elements of the netname oid */ 2N/A /* Check that the oid is really a netname */ 2N/A /* p now points to the netname wich is null terminated */ 2N/A * How the netname is encoded in an export name type for 2N/A * this mechanism. See _dh_gss_export_name below. 2N/A /* Grab the netname */ 2N/A * __dh_gss_import_name: Diffie-Hellman entry point for gss_import_name. 2N/A * Given an input name of a specified name type, convert this to a 2N/A * Diffie-Hellman internal name (netname). 2N/A * The idea here is simply compare the name_type supplied with each 2N/A * name type that we know how to deal with. If we have a match we call 2N/A * the appropriate support routine form above. If we done't have a match 2N/A * we return GSS_S_BAD_NAMETYPE 2N/A /* Set sane state */ 2N/A /* UID in machine format */ 2N/A /* Should we assume that the id is network byte order ??? */ 2N/A /* uid = htonl(uid); No, this should be the local orfering */ 2N/A /* Name that was exported with __dh_gss_export_name */ 2N/A /* Null ternamte name so we can manipulate as a c-style string */ 2N/A /* Diffie-Hellman (ONC RPC netname) */ 2N/A /* Host based service name (service@hostname) */ 2N/A /* Thus local OS user name */ 2N/A /* The os user id writen as a string */ 2N/A /* Convert the name to a uid */ 2N/A /* Any thing else */ 2N/A * __dh_gss_release_name: DH entry point for gss_release_name. 2N/A * Release an internal DH name. 2N/A/* Lock for initializing oid_name_tab */ 2N/A/* Table of name types that this mechanism understands */ 2N/A * __dh_gss_inquire_names_for_mech: DH entry point for 2N/A * gss_inquire_names_for_mech. 2N/A * Return a set of OID name types that a mechanism can understand 2N/A /* See if we need to initialize the table */ 2N/A /* If nobody sneaked in, initialize the table */ 2N/A /* oid_name_tab[6] = GSS_C_NT_ANONYMOUS_NAME; */ 2N/A /* Return the set of OIDS from the table */ 2N/A * Private libgss entry point to convert a principal name to uid. 2N/A /* Convert the principal name to a netname */ 2N/A /* First try to convert as a user */ 2N/A /* Get this hosts netname */ 2N/A * If the netname is this host's netname then we're root 2N/A * else we're nobody. 2N/A /* We could not get a netname */ 2N/A * __dh_gss_export_name: Diffie-Hellman support for gss_export_name. 2N/A * Given a Diffie-Hellman internal name return the GSS exported format. 2N/A /* input_name is dh principal name */ 2N/A /* Magic for exported blobs */ 2N/A /* Set sane outputs */ 2N/A /* Determine the length of the name */ 2N/A /* Find the total length */ 2N/A /* Allocate the blob */ 2N/A /* Set the blob to the exported name */ 2N/A /* Start with some magic */ 2N/A * The spec only allows two bytes for the oid length. 2N/A * We are assuming here that the correct encodeing is MSB first as 2N/A * was done in libgss. 2N/A /* Now the mechanism OID DER Encoding */ 2N/A *p++ =
0x06;
/* Universal Tag for OID */ 2N/A /* Now the mechanism OID elements */ 2N/A /* The name length most MSB first */ 2N/A * We'll now encode the netname oid. Again we'll just use 2 bytes. 2N/A * This is the same encoding that the libgss implementor uses, so 2N/A * we'll just follow along. 2N/A /* The netname oid values */ 2N/A /* Now we copy the netname including the null byte to be safe */ 2N/A * Support routine for __dh_internal_release_oid. Return True if 2N/A * the supplied OID points to the reference OID or if the elements 2N/A * of the reference OID are the same as the supplied OID. In the 2N/A * latter case, just free the OID container and set the pointer to it 2N/A * to GSS_C_NO_OID. Otherwise return false 2N/A * If some on create a shallow copy free, the structure point to 2N/A * id and set the pointer to it to GSS_C_NO_OID 2N/A * __dh_gss_internal_release_oid: DH support for the gss_internal_relaese_oid 2N/A * entry. Check that the refence to an oid is one of our mechanisms static 2N/A * OIDS. If it is return true indicating to libgss that we have handled the 2N/A * release of that OID. Otherwise we return false and let libgss deal with it. 2N/A * The only OIDS we know are the calling mechanism found in the context 2N/A * and the shared DH_GSS_C_NT_NETNAME name type