From ea3d7030c0c6118b636ea8909a5583b94d819e3a Mon Sep 17 00:00:00 2001 From: dfr Date: Wed, 6 Aug 2008 14:02:05 +0000 Subject: Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This is based on an old implementation from the University of Michigan with lots of changes and fixes by me and the addition of a Solaris-compatible API. Sponsored by: Isilon Systems Reviewed by: alfred --- kerberos5/lib/libgssapi_krb5/Makefile | 1 + kerberos5/lib/libgssapi_krb5/pname_to_uid.c | 59 +++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 kerberos5/lib/libgssapi_krb5/pname_to_uid.c (limited to 'kerberos5/lib') diff --git a/kerberos5/lib/libgssapi_krb5/Makefile b/kerberos5/lib/libgssapi_krb5/Makefile index b866d1b..b2cbe51 100644 --- a/kerberos5/lib/libgssapi_krb5/Makefile +++ b/kerberos5/lib/libgssapi_krb5/Makefile @@ -46,6 +46,7 @@ SRCS= 8003.c \ inquire_mechs_for_name.c \ inquire_names_for_mech.c \ inquire_sec_context_by_oid.c \ + pname_to_uid.c \ prefix.c \ prf.c \ process_context_token.c \ diff --git a/kerberos5/lib/libgssapi_krb5/pname_to_uid.c b/kerberos5/lib/libgssapi_krb5/pname_to_uid.c new file mode 100644 index 0000000..52220f6 --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/pname_to_uid.c @@ -0,0 +1,59 @@ +/*- + * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ + * Authors: Doug Rabson + * Developed with Red Inc: Alfred Perlstein + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $FreeBSD$ */ + +#include + +#include "krb5/gsskrb5_locl.h" + +OM_uint32 +_gsskrb5_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, + const gss_OID mech, uid_t *uidp) +{ + krb5_context context; + krb5_const_principal name = (krb5_const_principal) pname; + krb5_error_code kret; + char lname[MAXLOGNAME + 1], buf[128]; + struct passwd pwd, *pw; + + GSSAPI_KRB5_INIT (&context); + + kret = krb5_aname_to_localname(context, name, sizeof(lname), lname); + if (kret) { + *minor_status = kret; + return (GSS_S_FAILURE); + } + + *minor_status = 0; + getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw); + if (pw) { + *uidp = pw->pw_uid; + return (GSS_S_COMPLETE); + } else { + return (GSS_S_FAILURE); + } +} -- cgit v1.1