usr/src/cmd/cmd-inet/common/store_forw_creds.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #pragma ident   "%Z%%M% %I%     %E% SMI"
  27
  28
  29 #include <pwd.h>
  30 #include <locale.h>
  31 #include <syslog.h>
  32 #include <errno.h>
  33 #include <com_err.h>
  34 #include <k5-int.h>
  35
  36 extern uint_t kwarn_add_warning(char *, int);
  37 extern uint_t kwarn_del_warning(char *);
  38
  39 /*
  40  * Store the forwarded creds in the user's local ccache and register
  41  * w/ktkt_warnd(1M).
  42  */
  43 krb5_error_code
  44 store_forw_creds(krb5_context context,
  45                     krb5_creds **creds,
  46                     krb5_ticket *ticket,
  47                     char *lusername,
  48                     krb5_ccache *ccache)
  49 {
  50         krb5_error_code retval;
  51         char ccname[MAXPATHLEN];
  52         struct passwd *pwd;
  53         uid_t uid;
  54         char *client_name = NULL;
  55
  56         *ccache = NULL;
  57         if (!(pwd = getpwnam(lusername)))
  58                 return (ENOENT);
  59
  60         uid = getuid();
  61         if (seteuid(pwd->pw_uid))
  62                 return (-1);
  63
  64         (void) snprintf(ccname, sizeof (ccname), "FILE:/tmp/krb5cc_%ld",
  65             pwd->pw_uid);
  66
  67         if ((retval = krb5_cc_resolve(context, ccname, ccache)) != 0) {
  68                 krb5_set_error_message(context, retval,
  69                     gettext("failed to resolve cred cache %s"), ccname);
  70                 goto cleanup;
  71         }
  72
  73         if ((retval = krb5_cc_initialize(context, *ccache,
  74             ticket->enc_part2->client)) != 0) {
  75                 krb5_set_error_message(context, retval,
  76                     gettext("failed to initialize cred cache %s"), ccname);
  77                 goto cleanup;
  78         }
  79
  80         if ((retval = krb5_cc_store_cred(context, *ccache, *creds)) != 0) {
  81                 krb5_set_error_message(context, retval,
  82                     gettext("failed to store cred in cache %s"), ccname);
  83                 goto cleanup;
  84         }
  85
  86         if ((retval = krb5_cc_close(context, *ccache)) != 0)
  87                 goto cleanup;
  88
  89         /* Register with ktkt_warnd(1M) */
  90         if ((retval = krb5_unparse_name(context, (*creds)->client,
  91             &client_name)) != 0)
  92                 goto cleanup;
  93         (void) kwarn_del_warning(client_name);
  94         if (kwarn_add_warning(client_name, (*creds)->times.endtime) != 0) {
  95                 syslog(LOG_AUTH|LOG_NOTICE,
  96                     "store_forw_creds: kwarn_add_warning"
  97                     " failed: ktkt_warnd(1M) down? ");
  98         }
  99         free(client_name);
 100         client_name = NULL;
 101
 102 cleanup:
 103         (void) seteuid(uid);
 104
 105         return (retval);
 106 }