diff options
author | Luke Howard <lukeh@padl.com> | 2011-03-21 00:44:18 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2011-03-21 00:44:18 +0000 |
commit | 788610117b742e10d263c2624cbc41f69721ad6d (patch) | |
tree | dead85910cacb41201e791dd53c80b8ad7044832 /src | |
parent | a7978f2141dfdad52597fff380fee99a47a18e02 (diff) | |
download | krb5-788610117b742e10d263c2624cbc41f69721ad6d.zip krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.gz krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.bz2 |
add attribute-based implementation of gssd_pname_to_uid
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24733 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/gssapi/mechglue/g_userok.c | 6 | ||||
-rw-r--r-- | src/lib/gssapi/mechglue/gssd_pname_to_uid.c | 132 |
2 files changed, 121 insertions, 17 deletions
diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c index 64791bb..f43cf0b 100644 --- a/src/lib/gssapi/mechglue/g_userok.c +++ b/src/lib/gssapi/mechglue/g_userok.c @@ -43,8 +43,6 @@ #include <mglueP.h> #include <gssapi/gssapi.h> -static const char localLoginUserAttr[] = "local-login-user"; - static OM_uint32 mech_userok(OM_uint32 *minor, const gss_union_name_t unionName, @@ -88,8 +86,8 @@ attr_userok(OM_uint32 *minor, *user_ok = 0; - attribute.length = sizeof(localLoginUserAttr) - 1; - attribute.value = (void *)localLoginUserAttr; + attribute.length = sizeof("local-login-user") - 1; + attribute.value = "local-login-user"; while (more != 0 && *user_ok == 0) { gss_buffer_desc value; diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c index 66173a6..97e54d3 100644 --- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c +++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c @@ -1,5 +1,35 @@ /* #pragma ident "@(#)gssd_pname_to_uid.c 1.18 04/02/23 SMI" */ - +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ /* * Copyright 1996 by Sun Microsystems, Inc. * @@ -32,16 +62,85 @@ #include "mglueP.h" -OM_uint32 gss_pname_to_uid(minor, pname, mech_type, uid) -OM_uint32 *minor; -const gss_name_t pname; -const gss_OID mech_type; -uid_t *uid; +#ifndef NO_PASSWORD +#include <pwd.h> +#endif + +static OM_uint32 +attr_pname_to_uid(OM_uint32 *minor, + const gss_mechanism mech, + const gss_name_t mech_name, + uid_t *uidp) +{ + OM_uint32 major = GSS_S_UNAVAILABLE; +#ifndef NO_PASSWORD + OM_uint32 tmpMinor; + int more = -1; + gss_buffer_desc attribute; + + if (mech->gss_get_name_attribute == NULL) + return GSS_S_UNAVAILABLE; + + attribute.length = sizeof("local-login-user") - 1; + attribute.value = "local-login-user"; + + while (more != 0) { + gss_buffer_desc value; + gss_buffer_desc display_value; + int authenticated = 0, complete = 0, code; + char pwbuf[BUFSIZ]; + struct passwd pw, *pwd; + char *localLoginUser; + + major = mech->gss_get_name_attribute(minor, + mech_name, + &attribute, + &authenticated, + &complete, + &value, + &display_value, + &more); + if (GSS_ERROR(major)) + break; + + localLoginUser = malloc(value.length + 1); + if (localLoginUser == NULL) { + major = GSS_S_FAILURE; + *minor = ENOMEM; + break; + } + + memcpy(localLoginUser, value.value, value.length); + localLoginUser[value.length] = '\0'; + + code = k5_getpwnam_r(localLoginUser, &pw, pwbuf, sizeof(pwbuf), &pwd); + + free(localLoginUser); + gss_release_buffer(&tmpMinor, &value); + gss_release_buffer(&tmpMinor, &display_value); + + if (code == 0 && pwd != NULL) { + *uidp = pwd->pw_uid; + major = GSS_S_COMPLETE; + *minor = 0; + break; + } + } +#endif /* !NO_PASSWORD */ + + return major; +} + +OM_uint32 +gss_pname_to_uid(OM_uint32 *minor, + const gss_name_t pname, + const gss_OID mech_type, + uid_t *uidp) { OM_uint32 major, tmpMinor; gss_mechanism mech; gss_union_name_t unionName; - gss_name_t mechName = GSS_C_NO_NAME; + gss_name_t mechName = GSS_C_NO_NAME, mechNameP; /* * find the appropriate mechanism specific pname_to_uid procedure and @@ -55,7 +154,7 @@ uid_t *uid; if (pname == GSS_C_NO_NAME) return GSS_S_CALL_INACCESSIBLE_READ; - if (uid == NULL) + if (uidp == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; unionName = (gss_union_name_t)pname; @@ -65,7 +164,7 @@ uid_t *uid; else mech = gssint_get_mechanism(unionName->mech_type); - if (mech == NULL || mech->gss_pname_to_uid == NULL) + if (mech == NULL) return GSS_S_UNAVAILABLE; /* may need to create a mechanism specific name */ @@ -76,11 +175,18 @@ uid_t *uid; unionName, &mechName); if (GSS_ERROR(major)) return major; - } - major = mech->gss_pname_to_uid(minor, - mechName ? mechName : unionName->mech_name, - mech_type, uid); + mechNameP = mechName; + } else + mechNameP = unionName->mech_name; + + major = GSS_S_UNAVAILABLE; + + if (mech->gss_pname_to_uid != NULL) + major = mech->gss_pname_to_uid(minor, mechNameP, mech_type, uidp); + + if (major != GSS_S_COMPLETE) + major = attr_pname_to_uid(minor, mech, mechNameP, uidp); if (mechName != GSS_C_NO_NAME) gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName); |