Reinstate gss_userok and gss_pname_to_uid

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24710 dc483132-0cff-0310-8789-dd5450dbe970
author: Luke Howard <lukeh@padl.com> 2011-03-17 04:46:47 +0000
committer: Luke Howard <lukeh@padl.com> 2011-03-17 04:46:47 +0000
commit: 4e271979185c61e3c7030904db3ec7dd703a9a29 (patch)
tree: af855ff2fcb17f119665d41fc2cddb389c1cf335 /src/lib/gssapi
parent: 2f0bf9bd3db4cf870c34033f25093d59c1b40280 (diff)
download: krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.zip
krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.gz
krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.bz2
8 files changed, 173 insertions, 50 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h
index d92bbcf..68a89be 100644
--- a/src/lib/gssapi/generic/gssapi_ext.h
+++ b/src/lib/gssapi/generic/gssapi_ext.h
@@ -31,20 +31,21 @@
 extern "C" {
 #endif /* __cplusplus */
 
-#if 0
 /*
  * Solaris extensions
  */
-int KRB5_CALLCONV gssd_pname_to_uid
-	(char *,
-	 gss_OID,
-	 gss_OID,
-	 uid_t *);
-
-int KRB5_CALLCONV __gss_userok
-	(const gss_name_t /*name*/,
-	 const char * /*username*/);
-#endif
+OM_uint32 KRB5_CALLCONV
+gss_pname_to_uid
+	(OM_uint32 *minor,
+         const gss_name_t name,
+	 const gss_OID mech_type,
+	 uid_t *uidOut);
+
+OM_uint32 KRB5_CALLCONV
+gss_userok(OM_uint32 *minor,
+           const gss_name_t name,
+           const char *user,
+           int *user_ok);
 
 OM_uint32 KRB5_CALLCONV
 gss_acquire_cred_with_password(
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index cc2f8fc..3e49b83 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -84,6 +84,10 @@
 #include "gssapiP_krb5.h"
 #include "mglueP.h"
 
+#ifndef NO_PASSWORD
+#include <pwd.h>
+#endif
+
 /** exported constants defined in gssapi_krb5{,_nx}.h **/
 
 /* these are bogus, but will compile */
@@ -745,6 +749,87 @@ cleanup:
     return major;
 }
 
+#ifndef NO_PASSWORD
+static OM_uint32
+krb5_gss_pname_to_uid(OM_uint32 *minor,
+                      const gss_name_t pname,
+                      const gss_OID mech_type,
+                      uid_t *uid)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    char localname[BUFSIZ], pwbuf[BUFSIZ];
+    struct passwd pwx, *pw;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (!kg_validate_name(pname)) {
+        *minor = (OM_uint32)G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
+    }
+
+    kname = (krb5_gss_name_t)pname;
+
+    code = krb5_aname_to_localname(context, kname->princ,
+                                   sizeof(localname), localname);
+    if (code != 0) {
+        *minor = code;
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
+    }
+
+    code = k5_getpwnam_r(localname, &pwx, pwbuf, sizeof(pwbuf), &pw);
+    if (code == 0)
+        *uid = pw->pw_uid;
+    else
+        *minor = errno;
+
+    krb5_free_context(context);
+
+    return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+#endif /* !NO_PASSWORD */
+
+static OM_uint32
+krb5_gss_userok(OM_uint32 *minor,
+                const gss_name_t pname,
+                const char *local_user,
+                int *user_ok)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+
+    *minor = 0;
+    *user_ok = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (!kg_validate_name(pname)) {
+        *minor = (OM_uint32)G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
+    }
+
+    kname = (krb5_gss_name_t)pname;
+
+    *user_ok = krb5_kuserok(context, kname->princ, local_user);
+
+    krb5_free_context(context);
+
+    return GSS_S_COMPLETE;
+}
+
 static struct gss_config krb5_mechanism = {
     { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
     NULL,
@@ -791,6 +876,12 @@ static struct gss_config krb5_mechanism = {
     krb5_gss_inquire_context,
     krb5_gss_internal_release_oid,
     krb5_gss_wrap_size_limit,
+#ifdef NO_PASSWORD
+    NULL,
+#else
+    krb5_gss_pname_to_uid,
+#endif
+    krb5_gss_userok,
     krb5_gss_export_name,
     krb5_gss_store_cred,
     krb5_gss_inquire_sec_context_by_oid,
diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports
index fee99c9..dc75cf7 100644
--- a/src/lib/gssapi/libgssapi_krb5.exports
+++ b/src/lib/gssapi/libgssapi_krb5.exports
@@ -103,6 +103,7 @@ gss_nt_service_name_v2
 gss_nt_string_uid_name
 gss_nt_user_name
 gss_oid_to_str
+gss_pname_to_uid
 gss_pseudo_random
 gss_process_context_token
 gss_release_any_name_mapping
@@ -125,6 +126,7 @@ gss_unseal
 gss_unwrap
 gss_unwrap_aead
 gss_unwrap_iov
+gss_userok
 gss_verify
 gss_verify_mic
 gss_wrap
diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in
index 7bb2069..2d90138 100644
--- a/src/lib/gssapi/mechglue/Makefile.in
+++ b/src/lib/gssapi/mechglue/Makefile.in
@@ -63,9 +63,11 @@ SRCS = \
 	$(srcdir)/g_unseal.c \
 	$(srcdir)/g_unwrap_aead.c \
 	$(srcdir)/g_unwrap_iov.c \
+	$(srcdir)/g_userok.c \
 	$(srcdir)/g_verify.c \
 	$(srcdir)/g_wrap_aead.c \
-	$(srcdir)/g_wrap_iov.c
+	$(srcdir)/g_wrap_iov.c \
+	$(srcdir)/gssd_pname_to_uid.c \
 
 OBJS = \
 	$(OUTPRE)g_accept_sec_context.$(OBJEXT) \
@@ -121,9 +123,11 @@ OBJS = \
 	$(OUTPRE)g_unseal.$(OBJEXT) \
 	$(OUTPRE)g_unwrap_aead.$(OBJEXT) \
 	$(OUTPRE)g_unwrap_iov.$(OBJEXT) \
+	$(OUTPRE)g_userok.$(OBJEXT) \
 	$(OUTPRE)g_verify.$(OBJEXT) \
 	$(OUTPRE)g_wrap_aead.$(OBJEXT) \
-	$(OUTPRE)g_wrap_iov.$(OBJEXT)
+	$(OUTPRE)g_wrap_iov.$(OBJEXT) \
+	$(OUTPRE)gssd_pname_to_uid.$(OBJEXT)
 
 STLIBOBJS = \
 	g_accept_sec_context.o \
@@ -179,9 +183,11 @@ STLIBOBJS = \
 	g_unseal.o \
 	g_unwrap_aead.o \
 	g_unwrap_iov.o \
+	g_userok.o \
 	g_verify.o \
 	g_wrap_aead.o \
-	g_wrap_iov.o
+	g_wrap_iov.o \
+	gssd_pname_to_uid.o
 
 EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi
 EXPORTED_HEADERS = mechglue.h
diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c
index dbb0f02..9447f2a 100644
--- a/src/lib/gssapi/mechglue/g_userok.c
+++ b/src/lib/gssapi/mechglue/g_userok.c
@@ -68,10 +68,10 @@ out:
 
 
 OM_uint32
-gssint_userok(OM_uint32 *minor,
-	    const gss_name_t name,
-	    const char *user,
-	    int *user_ok)
+gss_userok(OM_uint32 *minor,
+	   const gss_name_t name,
+	   const char *user,
+	   int *user_ok)
 
 {
 	gss_mechanism mech;
@@ -100,11 +100,11 @@ gssint_userok(OM_uint32 *minor,
 	} else
 		mechName = intName->mech_name;
 
-	if (mech->gssint_userok) {
-		major = mech->gssint_userok(minor, mechName,
+	if (mech->gss_userok) {
+		major = mech->gss_userok(minor, mechName,
 				user, user_ok);
 		if (major != GSS_S_COMPLETE)
-		    map_error(minor_status, mech);
+		    map_error(minor, mech);
 	} else
 		major = compare_names(minor, intName->mech_type,
 				    name, user, user_ok);
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index 8b8277f..66173a6 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -32,35 +32,58 @@
 
 #include "mglueP.h"
 
-int gssd_pname_to_uid(pname, name_type, mech_type, uid)
-
-char * pname;
-gss_OID name_type;
-gss_OID mech_type;
-uid_t * uid;
+OM_uint32 gss_pname_to_uid(minor, pname, mech_type, uid)
+OM_uint32 *minor;
+const gss_name_t pname;
+const gss_OID mech_type;
+uid_t *uid;
 {
-    int status;
-    gss_mechanism	mech;
+    OM_uint32 major, tmpMinor;
+    gss_mechanism mech;
+    gss_union_name_t unionName;
+    gss_name_t mechName = GSS_C_NO_NAME;
 
     /*
      * find the appropriate mechanism specific pname_to_uid procedure and
      * call it.
      */
+    if (minor == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor = 0;
+
+    if (pname == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (uid == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    unionName = (gss_union_name_t)pname;
+
+    if (mech_type != GSS_C_NO_OID)
+        mech = gssint_get_mechanism(mech_type);
+    else
+        mech = gssint_get_mechanism(unionName->mech_type);
+
+    if (mech == NULL || mech->gss_pname_to_uid == NULL)
+	return GSS_S_UNAVAILABLE;
 
-    mech = gssint_get_mechanism (mech_type);
+    /* may need to create a mechanism specific name */
+    if (unionName->mech_type == GSS_C_NO_OID ||
+        (unionName->mech_type != GSS_C_NO_OID &&
+         !g_OID_equal(unionName->mech_type, &mech->mech_type))) {
+        major = gssint_import_internal_name(minor, &mech->mech_type,
+                                            unionName, &mechName);
+        if (GSS_ERROR(major))
+            return major;
+    }
 
-    if (mech) {
-	if (mech_type == GSS_C_NULL_OID)
-	    mech_type = &mech->mech_type;
+    major = mech->gss_pname_to_uid(minor,
+                                   mechName ? mechName : unionName->mech_name,
+                                   mech_type, uid);
 
-	if (mech->pname_to_uid) {
-	    status = mech->pname_to_uid(pname, name_type, mech_type, uid);
-	    if (status != GSS_S_COMPLETE)
-		map_error(minor_status, mech);
-	} else
-	    status = GSS_S_BAD_MECH;
-    } else
-	status = GSS_S_BAD_MECH;
+    if (mechName != GSS_C_NO_NAME)
+        gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);
 
-    return(status);
+    return major;
 }
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
index 5edddeb..2f8e31b 100644
--- a/src/lib/gssapi/mechglue/mglueP.h
+++ b/src/lib/gssapi/mechglue/mglueP.h
@@ -335,22 +335,20 @@ typedef struct gss_config {
 		    OM_uint32,		/* req_output_size */
 		    OM_uint32 *		/* max_input_size */
 	 );
-#if 0
-    int		     (*pname_to_uid)
+    OM_uint32	     (*gss_pname_to_uid)
 	(
-		    char *,		/* pname */
-		    gss_OID,		/* name type */
-		    gss_OID,		/* mech type */
+		    OM_uint32 *,        /* minor */
+		    const gss_name_t,	/* name */
+		    const gss_OID,	/* mech_type */
 		    uid_t *		/* uid */
-		    );
-	OM_uint32		(*gssint_userok)
+	    );
+	OM_uint32		(*gss_userok)
 	(
 		    OM_uint32 *,	/* minor_status */
 		    const gss_name_t,	/* pname */
 		    const char *,	/* local user */
 		    int *		/* user ok? */
 	/* */);
-#endif
 	OM_uint32		(*gss_export_name)
 	(
 		OM_uint32 *,		/* minor_status */
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 191c0ab..01fa8e2 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -243,6 +243,8 @@ static struct gss_config spnego_mechanism =
 	spnego_gss_inquire_context,	/* gss_inquire_context */
 	NULL,				/* gss_internal_release_oid */
 	spnego_gss_wrap_size_limit,	/* gss_wrap_size_limit */
+	NULL,				/* gssd_pname_to_uid */
+	NULL,				/* gss_userok */
 	NULL,				/* gss_export_name */
 	NULL,				/* gss_store_cred */
  	spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
author	Luke Howard <lukeh@padl.com>	2011-03-17 04:46:47 +0000
committer	Luke Howard <lukeh@padl.com>	2011-03-17 04:46:47 +0000
commit	4e271979185c61e3c7030904db3ec7dd703a9a29 (patch)
tree	af855ff2fcb17f119665d41fc2cddb389c1cf335 /src/lib/gssapi
parent	2f0bf9bd3db4cf870c34033f25093d59c1b40280 (diff)
download	krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.zip krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.gz krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.bz2