diff options
Diffstat (limited to 'src/lib/gssapi/generic/gssapi_ext.h')
-rw-r--r-- | src/lib/gssapi/generic/gssapi_ext.h | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index 7a594fe..0e9178a 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -41,11 +41,43 @@ gss_pname_to_uid const gss_OID mech_type, uid_t *uidOut); +/** Determine whether a mechanism name is authorized to act as a username. + * + * @param [in] name Mechanism name + * @param [in] username System username + * + * This is a simple wrapper around gss_authorize_localname(). It only supports + * system usernames as local names, and cannot distinguish between lack of + * authorization and other errors. + * + * @retval 1 @a name is authorized to act as @a username + * @retval 0 @a name is not authorized or an error occurred + */ +int KRB5_CALLCONV +gss_userok(const gss_name_t name, + const char *username); + +/** Determine whether a mechanism name is authorized to act as a local name. + * + * @param [out] minor Minor status code + * @param [in] name Mechanism name + * @param [in] user Local name + * + * @a name is a mechanism name, typically the result of a completed + * gss_accept_sec_context(). @a user is an internal name representing a local + * name, such as a name imported by gss_import_name() with an @a + * input_name_type of @c GSS_C_NT_USER_NAME. + * + * @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user, + * GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error + * occured. + * + * @sa gss_userok + */ OM_uint32 KRB5_CALLCONV -gss_userok(OM_uint32 *minor, - const gss_name_t name, - const char *user, - int *user_ok); +gss_authorize_localname(OM_uint32 *minor, + const gss_name_t name, + const gss_name_t user); OM_uint32 KRB5_CALLCONV gss_acquire_cred_with_password( |