| blob | 6ccb78fe51a8162815cb2c6e90d7e2fbdb2f11d7 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * name.c
24 *
25 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 *
28 */
33 #include <pwd.h>
34 #include <string.h>
35 #include <stdlib.h>
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/note.h>
39 #include <thread.h>
50 /* Diffie-Hellman ONC RPC netname name type */
56 #define OID_MAX_NAME_ENTRIES 32
58 /*
59 * __dh_gss_compare_name: Diffie-Hellman machanism support for
60 * gss_compare_name. Given two gss_name_ts that are presumed to
61 * be rpc netnames set the *equal parameter to true if they are
62 * the same, else set it to false.
63 */
65 OM_uint32
71 {
82 }
87 }
89 /*
90 * __dh_gss_display_name: Supports gss_display_name for Diffie-Hellman
91 * mechanism. This takes a gss internal name and converts it to
92 * a counted string suitable for display.
93 */
94 OM_uint32
100 {
116 }
119 /*
120 * Note: we no longer copy the name type OID. The current draft of
121 * the standard specifies:
122 *
123 * "The returned gss_OID will be a pointer into static stoarge
124 * and should be treated as read-only by the caller (in particular,
125 * it does not need to be freed)."
126 *
127 * if (name_type) {
128 * if ((*minor = __OID_copy(name_type, __DH_GSS_C_NT_NETNAME))
129 * != DH_SUCCESS) {
130 * free(output->value);
131 * output->value = NULL;
132 * return (GSS_S_FAILURE);
133 * }
134 * }
135 */
141 }
143 /*
144 * Routine that takes a netname as a character string and assigns it
145 * to a an gss_name_t pointed to by output.
146 */
147 static OM_uint32
149 {
159 }
162 }
164 /*
165 * do_uid_nametype converts a uid to a gss_name_t pointed to by output
166 */
167 static OM_uint32
169 {
175 }
177 }
179 /*
180 * do_username_nametype converts a username to a gss_name_t pointed to by
181 * output.
182 *
183 * A username will be represented by the following:
184 * name[/node][@security-domain]
185 *
186 * Then optional security-domain will represent secure rpc domain if
187 * present. If not present the local domain will be used. name is the
188 * user name as found in the unix password file. If name is root and
189 * node is present, then node will represent the host. If the host is
190 * a qualified name we assume that it is a DNS name and will only return
191 * the first commponnet since we want host name that are relative to
192 * the security domain (secure rpc domain).
193 */
195 static OM_uint32
197 {
203 /* Set outputs to sane values */
208 /* See if we have a name */
212 }
214 /* copy the name so that we can do surgery on it */
219 }
222 /* Look for optional node part */
225 /*
226 * user is now just the user portion and node
227 * points to the start of the node part.
228 */
231 /* Now see if there is a domain */
233 }
234 else
235 /* Check for a domain */
238 /* Set domain to the beginning of the domain part if pressent */
242 /*
243 * See if the node part is important. If the user is root get
244 * the host from the node. If node is not present we assume
245 * we're the local host.
246 */
250 /*
251 * We only want the host part of a qualfied host name. We
252 * assume the domain part of a hostname is a DNS domain,
253 * not an rpc domain. The rpc domain can be specified
254 * in the optional security domain part.
255 */
260 }
261 /*
262 * If node is null, assume local host. If domain is
263 * null assume local domain. See host2netname(3N)
264 */
269 }
272 }
274 /*
275 * We use getpwnam_r to convert the name to uid. Note it is
276 * important to use getpwnam_r to preserve MT safty.
277 */
282 }
284 /* If domain is null assume local domain. See user2netname(3N) */
289 }
292 }
294 /*
295 * do_hostbase_nametype convert a hostbase service name of the form
296 * service@hostname.
297 *
298 * For Diffie-Hellman we assume that the service is running with the
299 * credtials of the machine, i.e., as root.
300 */
301 static OM_uint32
303 {
304 /* Get the nostname */
309 /* If no host return bad name */
313 /* Advance pass the "@" sign */
316 /* Convert the hostname to its netname */
320 }
322 /* Internalize the netname to output */
324 }
326 /*
327 * do_exported_netname: Convert an exported Diffie-Hellman name
328 * to a Diffie-Hellman internal name.
329 */
330 static OM_uint32
335 {
336 /* All export names must start with this */
345 OM_uint32 namelen;
346 OM_uint32 currlen;
347 OM_uint32 bytes;
351 /* The len must be at least this big */
355 /* Export names must start with the token id of 0x04 0x01 */
360 /* Decode the Mechanism oid */
364 /* Check that we actually have the mechanism oid elements */
368 /* Compare that the input is for this mechanism */
380 /* Grab the length of the mechanism specific name per RFC 2078 */
386 /* This should alway be false */
390 /* Make sure the bytes for the netname oid length are available */
394 /* Get the netname oid length */
398 /* See if we have the elements of the netname oid */
402 /* Check that the oid is really a netname */
409 /* p now points to the netname wich is null terminated */
412 /*
413 * How the netname is encoded in an export name type for
414 * this mechanism. See _dh_gss_export_name below.
415 */
420 /* Grab the netname */
425 }
429 }
431 /*
432 * __dh_gss_import_name: Diffie-Hellman entry point for gss_import_name.
433 * Given an input name of a specified name type, convert this to a
434 * Diffie-Hellman internal name (netname).
435 *
436 * The idea here is simply compare the name_type supplied with each
437 * name type that we know how to deal with. If we have a match we call
438 * the appropriate support routine form above. If we done't have a match
439 * we return GSS_S_BAD_NAMETYPE
440 */
441 OM_uint32
447 {
449 OM_uint32 stat;
459 /* Set sane state */
463 /* UID in machine format */
465 uid_t uid;
469 /* Should we assume that the id is network byte order ??? */
470 /* uid = htonl(uid); No, this should be the local orfering */
473 /* Name that was exported with __dh_gss_export_name */
478 }
480 /* Null ternamte name so we can manipulate as a c-style string */
485 }
490 /* Diffie-Hellman (ONC RPC netname) */
495 /* Host based service name (service@hostname) */
500 /* Thus local OS user name */
505 /* The os user id writen as a string */
508 /* Convert the name to a uid */
515 /* Any thing else */
518 }
519 }
521 /*
522 * __dh_gss_release_name: DH entry point for gss_release_name.
523 * Release an internal DH name.
524 */
525 OM_uint32
527 {
539 }
541 /* Lock for initializing oid_name_tab */
544 /* Table of name types that this mechanism understands */
547 /*
548 * __dh_gss_inquire_names_for_mech: DH entry point for
549 * gss_inquire_names_for_mech.
550 *
551 * Return a set of OID name types that a mechanism can understand
552 */
553 OM_uint32
556 {
559 /* See if we need to initialize the table */
562 /* If nobody sneaked in, initialize the table */
570 /* oid_name_tab[6] = GSS_C_NT_ANONYMOUS_NAME; */
571 }
573 }
575 /* Return the set of OIDS from the table */
581 }
584 /*
585 * Private libgss entry point to convert a principal name to uid.
586 */
587 OM_uint32
592 {
595 gid_t gid;
598 /* Convert the principal name to a netname */
610 /* First try to convert as a user */
613 /* Get this hosts netname */
615 /*
616 * If the netname is this host's netname then we're root
617 * else we're nobody.
618 */
622 }
624 /* We could not get a netname */
627 }
629 /*
630 * __dh_gss_export_name: Diffie-Hellman support for gss_export_name.
631 * Given a Diffie-Hellman internal name return the GSS exported format.
632 */
633 OM_uint32
638 {
639 /* input_name is dh principal name */
642 /* Magic for exported blobs */
649 OM_uint32 len;
650 OM_uint32 namelen;
651 OM_uint32 currlen;
659 /* Set sane outputs */
664 /* Determine the length of the name */
668 /* Find the total length */
672 /* Allocate the blob */
677 }
678 /* Set the blob to the exported name */
682 /* Start with some magic */
686 /*
687 * The spec only allows two bytes for the oid length.
688 * We are assuming here that the correct encodeing is MSB first as
689 * was done in libgss.
690 */
697 /* Now the mechanism OID DER Encoding */
702 }
704 /* Now the mechanism OID elements */
708 /* The name length most MSB first */
714 /*
715 * We'll now encode the netname oid. Again we'll just use 2 bytes.
716 * This is the same encoding that the libgss implementor uses, so
717 * we'll just follow along.
718 */
723 /* The netname oid values */
729 /* Now we copy the netname including the null byte to be safe */
733 }
735 /*
736 * Support routine for __dh_internal_release_oid. Return True if
737 * the supplied OID points to the reference OID or if the elements
738 * of the reference OID are the same as the supplied OID. In the
739 * latter case, just free the OID container and set the pointer to it
740 * to GSS_C_NO_OID. Otherwise return false
741 */
742 static int
744 {
750 /*
751 * If some on create a shallow copy free, the structure point to
752 * id and set the pointer to it to GSS_C_NO_OID
753 */
758 }
761 }
763 /*
764 * __dh_gss_internal_release_oid: DH support for the gss_internal_relaese_oid
765 * entry. Check that the refence to an oid is one of our mechanisms static
766 * OIDS. If it is return true indicating to libgss that we have handled the
767 * release of that OID. Otherwise we return false and let libgss deal with it.
768 *
769 * The only OIDS we know are the calling mechanism found in the context
770 * and the shared DH_GSS_C_NT_NETNAME name type
771 */
772 OM_uint32
774 {
792 }