OpenSolaris Launch

1 files changed, 133 insertions, 0 deletions

diff --git a/usr/src/lib/libgss/g_userok.c b/usr/src/lib/libgss/g_userok.c
new file mode 100644
index 0000000000..6b6f6c2215
--- /dev/null
+++ b/usr/src/lib/libgss/g_userok.c
@@ -0,0 +1,133 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <deflt.h>
+#include <mechglueP.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+
+
+static OM_uint32
+compare_names(OM_uint32 *minor,
+	    const gss_OID mech_type,
+	    const gss_name_t name,
+	    const char *user,
+	    int *user_ok)
+{
+
+	OM_uint32 status, tmpMinor;
+	gss_name_t imported_name;
+	gss_name_t canon_name;
+	gss_buffer_desc gss_user;
+	int match = 0;
+
+	*user_ok = 0;
+
+	gss_user.value = (void *)user;
+	if (!gss_user.value || !name || !mech_type)
+		return (GSS_S_BAD_NAME);
+	gss_user.length = strlen(gss_user.value);
+
+	status = gss_import_name(minor,
+				&gss_user,
+				GSS_C_NT_USER_NAME,
+				&imported_name);
+	if (status != GSS_S_COMPLETE) {
+		goto out;
+	}
+
+	status = gss_canonicalize_name(minor,
+				    imported_name,
+				    mech_type,
+				    &canon_name);
+	if (status != GSS_S_COMPLETE) {
+		(void) gss_release_name(&tmpMinor, &imported_name);
+		goto out;
+	}
+
+	status = gss_compare_name(minor,
+				canon_name,
+				name,
+				&match);
+	(void) gss_release_name(&tmpMinor, &canon_name);
+	(void) gss_release_name(&tmpMinor, &imported_name);
+	if (status == GSS_S_COMPLETE) {
+		if (match)
+			*user_ok = 1; /* remote user is a-ok */
+	}
+
+out:
+	return (status);
+}
+
+
+OM_uint32
+__gss_userok(OM_uint32 *minor,
+	    const gss_name_t name,
+	    const char *user,
+	    int *user_ok)
+
+{
+	gss_mechanism mech;
+	gss_union_name_t intName;
+	gss_name_t mechName = NULL;
+	OM_uint32 major;
+
+	if (minor == NULL || user_ok == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	if (name == NULL || user == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_READ);
+
+	*user_ok = 0;
+	*minor = GSS_S_COMPLETE;
+
+	intName = (gss_union_name_t)name;
+
+	mech = __gss_get_mechanism(intName->mech_type);
+	if (mech == NULL)
+		return (GSS_S_UNAVAILABLE);
+
+	/* may need to import the name if this is not MN */
+	if (intName->mech_type == NULL) {
+		return (GSS_S_FAILURE);
+	} else
+		mechName = intName->mech_name;
+
+	if (mech->__gss_userok)
+		major = mech->__gss_userok(mech->context,  minor, mechName,
+				user, user_ok);
+	else
+		major = compare_names(minor, intName->mech_type,
+				    name, user, user_ok);
+
+	return (major);
+} /* gss_userok */