gssd_pname_to_uid.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A/* local function used to call a mechanisms pname_to_uid */ 2N/A * The gsscred functions will first attempt to call the 2N/A * mechanism'm pname_to_uid function. In case this function 2N/A * returns an error or if it is not provided by a mechanism 2N/A * then the functions will attempt to look up the principal 2N/A * in the gsscred table. 2N/A * It is envisioned that the pname_to_uid function will be 2N/A * provided by only a few mechanism, which may have the principal 2N/A * name to unix credential mapping inherently present. 2N/A * Fetch gsscred options from conf file. 2N/A * This routine accepts a name in export name format and retrieves 2N/A * unix credentials associated with it. 2N/A char *
whoami =
"gsscred_expname_to_unix_cred";
2N/A /* first check the mechanism for the mapping */ 2N/A "%s: mech provided local name" 2N/A * we fall back onto the gsscred table to provide the mapping 2N/A * start by making sure that the expName is an export name buffer 2N/A "%s: gsscred tbl provided" 2N/A " local name mapping (%s, %s, %d)",
2N/A "%s: gsscred tbl could NOT" 2N/A " provide local name mapping (%s, %s)",
2N/A}
/* gsscred_expname_to_unix_cred */ 2N/A * private routine added to be called from gsscred_name_to_unix_cred 2N/A * and gsscred_expName_to_unix_cred. 2N/A /* did caller request group info also ? */ 2N/A * Return a string of the authenticated name. 2N/A * passed to gss_display_name insists on returning an empty string. 2N/A * Caller must free string memory. 2N/A * This routine accepts a name in gss internal name format together with 2N/A * a mechanim OID and retrieves a unix credentials for that entity. 2N/A /* first try the mechanism provided mapping */ 2N/A "%s: mech provided local name" 2N/A * falling back onto the gsscred table to provide the mapping 2N/A * start by canonicalizing the passed in name and then export it 2N/A "%s: gsscred tbl provided" 2N/A " local name mapping (%s, %s, %d)",
2N/A "%s: gsscred tbl could NOT" 2N/A " provide local name mapping (%s, %s)",
2N/A}
/* gsscred_name_to_unix_cred */ 2N/A * This routine accepts a unix uid, and retrieves the group id 2N/A * and supplementary group ids for that uid. 2N/A * Callers should be aware that the supplamentary group ids 2N/A * array may be empty even when this function returns success. 2N/A /* check for output parameters */ 2N/A /* determine maximum number of groups possible */ 2N/A * we allocate for the maximum number of groups 2N/A * we do not reclaim the space when the actual number 2N/A * is lower, just set the size approprately. 2N/A * we will try to remove the duplicate entry from the groups 2N/A * array. This can cause the group array to be empty. 2N/A /* length is atleast 2 */ 2N/A}
/* gss_get_group_info */ 2N/A * if this is a MN, then try using the mech 2N/A * from the name; otherwise ask for default 2N/A /* may need to import the name if this is not MN */ 2N/A /* now call the mechanism's pname function to do the work */ 2N/A}
/* gss_pname_to_uid */