add attribute-based implementation of gssd_pname_to_uid

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24733 dc483132-0cff-0310-8789-dd5450dbe970
author: Luke Howard <lukeh@padl.com> 2011-03-21 00:44:18 +0000
committer: Luke Howard <lukeh@padl.com> 2011-03-21 00:44:18 +0000
commit: 788610117b742e10d263c2624cbc41f69721ad6d (patch)
tree: dead85910cacb41201e791dd53c80b8ad7044832 /src
parent: a7978f2141dfdad52597fff380fee99a47a18e02 (diff)
download: krb5-788610117b742e10d263c2624cbc41f69721ad6d.zip
krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.gz
krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.bz2
2 files changed, 121 insertions, 17 deletions
diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c
index 64791bb..f43cf0b 100644
--- a/src/lib/gssapi/mechglue/g_userok.c
+++ b/src/lib/gssapi/mechglue/g_userok.c
@@ -43,8 +43,6 @@
 #include <mglueP.h>
 #include <gssapi/gssapi.h>
 
-static const char localLoginUserAttr[] = "local-login-user";
-
 static OM_uint32
 mech_userok(OM_uint32 *minor,
 	    const gss_union_name_t unionName,
@@ -88,8 +86,8 @@ attr_userok(OM_uint32 *minor,
 
 	*user_ok = 0;
 
-	attribute.length = sizeof(localLoginUserAttr) - 1;
-	attribute.value = (void *)localLoginUserAttr;
+	attribute.length = sizeof("local-login-user") - 1;
+	attribute.value = "local-login-user";
 
 	while (more != 0 && *user_ok == 0) {
 		gss_buffer_desc value;
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index 66173a6..97e54d3 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -1,5 +1,35 @@
 /* #pragma ident	"@(#)gssd_pname_to_uid.c	1.18	04/02/23 SMI" */
-
+/*
+ * Copyright (c) 2011, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
  *
@@ -32,16 +62,85 @@
 
 #include "mglueP.h"
 
-OM_uint32 gss_pname_to_uid(minor, pname, mech_type, uid)
-OM_uint32 *minor;
-const gss_name_t pname;
-const gss_OID mech_type;
-uid_t *uid;
+#ifndef NO_PASSWORD
+#include <pwd.h>
+#endif
+
+static OM_uint32
+attr_pname_to_uid(OM_uint32 *minor,
+                  const gss_mechanism mech,
+                  const gss_name_t mech_name,
+                  uid_t *uidp)
+{
+    OM_uint32 major = GSS_S_UNAVAILABLE;
+#ifndef NO_PASSWORD
+    OM_uint32 tmpMinor;
+    int more = -1;
+    gss_buffer_desc attribute;
+
+    if (mech->gss_get_name_attribute == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    attribute.length = sizeof("local-login-user") - 1;
+    attribute.value = "local-login-user";
+
+    while (more != 0) {
+        gss_buffer_desc value;
+        gss_buffer_desc display_value;
+        int authenticated = 0, complete = 0, code;
+        char pwbuf[BUFSIZ];
+        struct passwd pw, *pwd;
+        char *localLoginUser;
+
+        major = mech->gss_get_name_attribute(minor,
+                                             mech_name,
+                                             &attribute,
+                                             &authenticated,
+                                             &complete,
+                                             &value,
+                                             &display_value,
+                                             &more);
+        if (GSS_ERROR(major))
+            break;
+
+        localLoginUser = malloc(value.length + 1);
+        if (localLoginUser == NULL) {
+            major = GSS_S_FAILURE;
+            *minor = ENOMEM;
+            break;
+        }
+
+        memcpy(localLoginUser, value.value, value.length);
+        localLoginUser[value.length] = '\0';
+
+        code = k5_getpwnam_r(localLoginUser, &pw, pwbuf, sizeof(pwbuf), &pwd);
+
+        free(localLoginUser);
+        gss_release_buffer(&tmpMinor, &value);
+        gss_release_buffer(&tmpMinor, &display_value);
+
+        if (code == 0 && pwd != NULL) {
+            *uidp = pwd->pw_uid;
+            major = GSS_S_COMPLETE;
+            *minor = 0;
+            break;
+        }
+    }
+#endif /* !NO_PASSWORD */
+
+    return major;
+}
+
+OM_uint32
+gss_pname_to_uid(OM_uint32 *minor,
+                 const gss_name_t pname,
+                 const gss_OID mech_type,
+                 uid_t *uidp)
 {
     OM_uint32 major, tmpMinor;
     gss_mechanism mech;
     gss_union_name_t unionName;
-    gss_name_t mechName = GSS_C_NO_NAME;
+    gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
 
     /*
      * find the appropriate mechanism specific pname_to_uid procedure and
@@ -55,7 +154,7 @@ uid_t *uid;
     if (pname == GSS_C_NO_NAME)
         return GSS_S_CALL_INACCESSIBLE_READ;
 
-    if (uid == NULL)
+    if (uidp == NULL)
         return GSS_S_CALL_INACCESSIBLE_WRITE;
 
     unionName = (gss_union_name_t)pname;
@@ -65,7 +164,7 @@ uid_t *uid;
     else
         mech = gssint_get_mechanism(unionName->mech_type);
 
-    if (mech == NULL || mech->gss_pname_to_uid == NULL)
+    if (mech == NULL)
 	return GSS_S_UNAVAILABLE;
 
     /* may need to create a mechanism specific name */
@@ -76,11 +175,18 @@ uid_t *uid;
                                             unionName, &mechName);
         if (GSS_ERROR(major))
             return major;
-    }
 
-    major = mech->gss_pname_to_uid(minor,
-                                   mechName ? mechName : unionName->mech_name,
-                                   mech_type, uid);
+        mechNameP = mechName;
+    } else
+        mechNameP = unionName->mech_name;
+
+    major = GSS_S_UNAVAILABLE;
+
+    if (mech->gss_pname_to_uid != NULL)
+        major = mech->gss_pname_to_uid(minor, mechNameP, mech_type, uidp);
+
+    if (major != GSS_S_COMPLETE)
+        major = attr_pname_to_uid(minor, mech, mechNameP, uidp);
 
     if (mechName != GSS_C_NO_NAME)
         gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);
author	Luke Howard <lukeh@padl.com>	2011-03-21 00:44:18 +0000
committer	Luke Howard <lukeh@padl.com>	2011-03-21 00:44:18 +0000
commit	788610117b742e10d263c2624cbc41f69721ad6d (patch)
tree	dead85910cacb41201e791dd53c80b8ad7044832 /src
parent	a7978f2141dfdad52597fff380fee99a47a18e02 (diff)
download	krb5-788610117b742e10d263c2624cbc41f69721ad6d.zip krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.gz krb5-788610117b742e10d263c2624cbc41f69721ad6d.tar.bz2