diff options
author | Luke Howard <lukeh@padl.com> | 2011-03-17 04:46:47 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2011-03-17 04:46:47 +0000 |
commit | 4e271979185c61e3c7030904db3ec7dd703a9a29 (patch) | |
tree | af855ff2fcb17f119665d41fc2cddb389c1cf335 /src/lib/gssapi | |
parent | 2f0bf9bd3db4cf870c34033f25093d59c1b40280 (diff) | |
download | krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.zip krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.gz krb5-4e271979185c61e3c7030904db3ec7dd703a9a29.tar.bz2 |
Reinstate gss_userok and gss_pname_to_uid
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24710 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi')
-rw-r--r-- | src/lib/gssapi/generic/gssapi_ext.h | 23 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/gssapi_krb5.c | 91 | ||||
-rw-r--r-- | src/lib/gssapi/libgssapi_krb5.exports | 2 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/Makefile.in | 12 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/g_userok.c | 14 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/gssd_pname_to_uid.c | 65 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/mglueP.h | 14 | ||||
-rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 2 |
8 files changed, 173 insertions, 50 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index d92bbcf..68a89be 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -31,20 +31,21 @@ extern "C" { #endif /* __cplusplus */ -#if 0 /* * Solaris extensions */ -int KRB5_CALLCONV gssd_pname_to_uid - (char *, - gss_OID, - gss_OID, - uid_t *); - -int KRB5_CALLCONV __gss_userok - (const gss_name_t /*name*/, - const char * /*username*/); -#endif +OM_uint32 KRB5_CALLCONV +gss_pname_to_uid + (OM_uint32 *minor, + const gss_name_t name, + const gss_OID mech_type, + uid_t *uidOut); + +OM_uint32 KRB5_CALLCONV +gss_userok(OM_uint32 *minor, + const gss_name_t name, + const char *user, + int *user_ok); OM_uint32 KRB5_CALLCONV gss_acquire_cred_with_password( diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index cc2f8fc..3e49b83 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -84,6 +84,10 @@ #include "gssapiP_krb5.h" #include "mglueP.h" +#ifndef NO_PASSWORD +#include <pwd.h> +#endif + /** exported constants defined in gssapi_krb5{,_nx}.h **/ /* these are bogus, but will compile */ @@ -745,6 +749,87 @@ cleanup: return major; } +#ifndef NO_PASSWORD +static OM_uint32 +krb5_gss_pname_to_uid(OM_uint32 *minor, + const gss_name_t pname, + const gss_OID mech_type, + uid_t *uid) +{ + krb5_context context; + krb5_error_code code; + krb5_gss_name_t kname; + char localname[BUFSIZ], pwbuf[BUFSIZ]; + struct passwd pwx, *pw; + + code = krb5_gss_init_context(&context); + if (code != 0) { + *minor = code; + return GSS_S_FAILURE; + } + + if (!kg_validate_name(pname)) { + *minor = (OM_uint32)G_VALIDATE_FAILED; + krb5_free_context(context); + return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; + } + + kname = (krb5_gss_name_t)pname; + + code = krb5_aname_to_localname(context, kname->princ, + sizeof(localname), localname); + if (code != 0) { + *minor = code; + krb5_free_context(context); + return GSS_S_FAILURE; + } + + code = k5_getpwnam_r(localname, &pwx, pwbuf, sizeof(pwbuf), &pw); + if (code == 0) + *uid = pw->pw_uid; + else + *minor = errno; + + krb5_free_context(context); + + return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; +} +#endif /* !NO_PASSWORD */ + +static OM_uint32 +krb5_gss_userok(OM_uint32 *minor, + const gss_name_t pname, + const char *local_user, + int *user_ok) +{ + krb5_context context; + krb5_error_code code; + krb5_gss_name_t kname; + + *minor = 0; + *user_ok = 0; + + code = krb5_gss_init_context(&context); + if (code != 0) { + *minor = code; + return GSS_S_FAILURE; + } + + if (!kg_validate_name(pname)) { + *minor = (OM_uint32)G_VALIDATE_FAILED; + krb5_free_context(context); + return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME; + } + + kname = (krb5_gss_name_t)pname; + + *user_ok = krb5_kuserok(context, kname->princ, local_user); + + krb5_free_context(context); + + return GSS_S_COMPLETE; +} + static struct gss_config krb5_mechanism = { { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, NULL, @@ -791,6 +876,12 @@ static struct gss_config krb5_mechanism = { krb5_gss_inquire_context, krb5_gss_internal_release_oid, krb5_gss_wrap_size_limit, +#ifdef NO_PASSWORD + NULL, +#else + krb5_gss_pname_to_uid, +#endif + krb5_gss_userok, krb5_gss_export_name, krb5_gss_store_cred, krb5_gss_inquire_sec_context_by_oid, diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports index fee99c9..dc75cf7 100644 --- a/src/lib/gssapi/libgssapi_krb5.exports +++ b/src/lib/gssapi/libgssapi_krb5.exports @@ -103,6 +103,7 @@ gss_nt_service_name_v2 gss_nt_string_uid_name gss_nt_user_name gss_oid_to_str +gss_pname_to_uid gss_pseudo_random gss_process_context_token gss_release_any_name_mapping @@ -125,6 +126,7 @@ gss_unseal gss_unwrap gss_unwrap_aead gss_unwrap_iov +gss_userok gss_verify gss_verify_mic gss_wrap diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in index 7bb2069..2d90138 100644 --- a/src/lib/gssapi/mechglue/Makefile.in +++ b/src/lib/gssapi/mechglue/Makefile.in @@ -63,9 +63,11 @@ SRCS = \ $(srcdir)/g_unseal.c \ $(srcdir)/g_unwrap_aead.c \ $(srcdir)/g_unwrap_iov.c \ + $(srcdir)/g_userok.c \ $(srcdir)/g_verify.c \ $(srcdir)/g_wrap_aead.c \ - $(srcdir)/g_wrap_iov.c + $(srcdir)/g_wrap_iov.c \ + $(srcdir)/gssd_pname_to_uid.c \ OBJS = \ $(OUTPRE)g_accept_sec_context.$(OBJEXT) \ @@ -121,9 +123,11 @@ OBJS = \ $(OUTPRE)g_unseal.$(OBJEXT) \ $(OUTPRE)g_unwrap_aead.$(OBJEXT) \ $(OUTPRE)g_unwrap_iov.$(OBJEXT) \ + $(OUTPRE)g_userok.$(OBJEXT) \ $(OUTPRE)g_verify.$(OBJEXT) \ $(OUTPRE)g_wrap_aead.$(OBJEXT) \ - $(OUTPRE)g_wrap_iov.$(OBJEXT) + $(OUTPRE)g_wrap_iov.$(OBJEXT) \ + $(OUTPRE)gssd_pname_to_uid.$(OBJEXT) STLIBOBJS = \ g_accept_sec_context.o \ @@ -179,9 +183,11 @@ STLIBOBJS = \ g_unseal.o \ g_unwrap_aead.o \ g_unwrap_iov.o \ + g_userok.o \ g_verify.o \ g_wrap_aead.o \ - g_wrap_iov.o + g_wrap_iov.o \ + gssd_pname_to_uid.o EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi EXPORTED_HEADERS = mechglue.h diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c index dbb0f02..9447f2a 100644 --- a/src/lib/gssapi/mechglue/g_userok.c +++ b/src/lib/gssapi/mechglue/g_userok.c @@ -68,10 +68,10 @@ out: OM_uint32 -gssint_userok(OM_uint32 *minor, - const gss_name_t name, - const char *user, - int *user_ok) +gss_userok(OM_uint32 *minor, + const gss_name_t name, + const char *user, + int *user_ok) { gss_mechanism mech; @@ -100,11 +100,11 @@ gssint_userok(OM_uint32 *minor, } else mechName = intName->mech_name; - if (mech->gssint_userok) { - major = mech->gssint_userok(minor, mechName, + if (mech->gss_userok) { + major = mech->gss_userok(minor, mechName, user, user_ok); if (major != GSS_S_COMPLETE) - map_error(minor_status, mech); + map_error(minor, mech); } else major = compare_names(minor, intName->mech_type, name, user, user_ok); diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c index 8b8277f..66173a6 100644 --- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c +++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c @@ -32,35 +32,58 @@ #include "mglueP.h" -int gssd_pname_to_uid(pname, name_type, mech_type, uid) - -char * pname; -gss_OID name_type; -gss_OID mech_type; -uid_t * uid; +OM_uint32 gss_pname_to_uid(minor, pname, mech_type, uid) +OM_uint32 *minor; +const gss_name_t pname; +const gss_OID mech_type; +uid_t *uid; { - int status; - gss_mechanism mech; + OM_uint32 major, tmpMinor; + gss_mechanism mech; + gss_union_name_t unionName; + gss_name_t mechName = GSS_C_NO_NAME; /* * find the appropriate mechanism specific pname_to_uid procedure and * call it. */ + if (minor == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor = 0; + + if (pname == GSS_C_NO_NAME) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (uid == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + unionName = (gss_union_name_t)pname; + + if (mech_type != GSS_C_NO_OID) + mech = gssint_get_mechanism(mech_type); + else + mech = gssint_get_mechanism(unionName->mech_type); + + if (mech == NULL || mech->gss_pname_to_uid == NULL) + return GSS_S_UNAVAILABLE; - mech = gssint_get_mechanism (mech_type); + /* may need to create a mechanism specific name */ + if (unionName->mech_type == GSS_C_NO_OID || + (unionName->mech_type != GSS_C_NO_OID && + !g_OID_equal(unionName->mech_type, &mech->mech_type))) { + major = gssint_import_internal_name(minor, &mech->mech_type, + unionName, &mechName); + if (GSS_ERROR(major)) + return major; + } - if (mech) { - if (mech_type == GSS_C_NULL_OID) - mech_type = &mech->mech_type; + major = mech->gss_pname_to_uid(minor, + mechName ? mechName : unionName->mech_name, + mech_type, uid); - if (mech->pname_to_uid) { - status = mech->pname_to_uid(pname, name_type, mech_type, uid); - if (status != GSS_S_COMPLETE) - map_error(minor_status, mech); - } else - status = GSS_S_BAD_MECH; - } else - status = GSS_S_BAD_MECH; + if (mechName != GSS_C_NO_NAME) + gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName); - return(status); + return major; } diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 5edddeb..2f8e31b 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -335,22 +335,20 @@ typedef struct gss_config { OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ ); -#if 0 - int (*pname_to_uid) + OM_uint32 (*gss_pname_to_uid) ( - char *, /* pname */ - gss_OID, /* name type */ - gss_OID, /* mech type */ + OM_uint32 *, /* minor */ + const gss_name_t, /* name */ + const gss_OID, /* mech_type */ uid_t * /* uid */ - ); - OM_uint32 (*gssint_userok) + ); + OM_uint32 (*gss_userok) ( OM_uint32 *, /* minor_status */ const gss_name_t, /* pname */ const char *, /* local user */ int * /* user ok? */ /* */); -#endif OM_uint32 (*gss_export_name) ( OM_uint32 *, /* minor_status */ diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 191c0ab..01fa8e2 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -243,6 +243,8 @@ static struct gss_config spnego_mechanism = spnego_gss_inquire_context, /* gss_inquire_context */ NULL, /* gss_internal_release_oid */ spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ + NULL, /* gssd_pname_to_uid */ + NULL, /* gss_userok */ NULL, /* gss_export_name */ NULL, /* gss_store_cred */ spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */ |