Home | History | Annotate | Download | only in common
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     27 
     28 
     29 #include <pwd.h>
     30 #include <locale.h>
     31 #include <syslog.h>
     32 #include <errno.h>
     33 #include <com_err.h>
     34 #include <k5-int.h>
     35 
     36 extern uint_t kwarn_add_warning(char *, int);
     37 extern uint_t kwarn_del_warning(char *);
     38 
     39 /*
     40  * Store the forwarded creds in the user's local ccache and register
     41  * w/ktkt_warnd(1M).
     42  */
     43 krb5_error_code
     44 store_forw_creds(krb5_context context,
     45 		    krb5_creds **creds,
     46 		    krb5_ticket *ticket,
     47 		    char *lusername,
     48 		    krb5_ccache *ccache)
     49 {
     50 	krb5_error_code retval;
     51 	char ccname[MAXPATHLEN];
     52 	struct passwd *pwd;
     53 	uid_t uid;
     54 	char *client_name = NULL;
     55 
     56 	*ccache = NULL;
     57 	if (!(pwd = getpwnam(lusername)))
     58 		return (ENOENT);
     59 
     60 	uid = getuid();
     61 	if (seteuid(pwd->pw_uid))
     62 		return (-1);
     63 
     64 	(void) snprintf(ccname, sizeof (ccname), "FILE:/tmp/krb5cc_%ld",
     65 	    pwd->pw_uid);
     66 
     67 	if ((retval = krb5_cc_resolve(context, ccname, ccache)) != 0) {
     68 		krb5_set_error_message(context, retval,
     69 		    gettext("failed to resolve cred cache %s"), ccname);
     70 		goto cleanup;
     71 	}
     72 
     73 	if ((retval = krb5_cc_initialize(context, *ccache,
     74 	    ticket->enc_part2->client)) != 0) {
     75 		krb5_set_error_message(context, retval,
     76 		    gettext("failed to initialize cred cache %s"), ccname);
     77 		goto cleanup;
     78 	}
     79 
     80 	if ((retval = krb5_cc_store_cred(context, *ccache, *creds)) != 0) {
     81 		krb5_set_error_message(context, retval,
     82 		    gettext("failed to store cred in cache %s"), ccname);
     83 		goto cleanup;
     84 	}
     85 
     86 	if ((retval = krb5_cc_close(context, *ccache)) != 0)
     87 		goto cleanup;
     88 
     89 	/* Register with ktkt_warnd(1M) */
     90 	if ((retval = krb5_unparse_name(context, (*creds)->client,
     91 	    &client_name)) != 0)
     92 		goto cleanup;
     93 	(void) kwarn_del_warning(client_name);
     94 	if (kwarn_add_warning(client_name, (*creds)->times.endtime) != 0) {
     95 		syslog(LOG_AUTH|LOG_NOTICE,
     96 		    "store_forw_creds: kwarn_add_warning"
     97 		    " failed: ktkt_warnd(1M) down? ");
     98 	}
     99 	free(client_name);
    100 	client_name = NULL;
    101 
    102 cleanup:
    103 	(void) seteuid(uid);
    104 
    105 	return (retval);
    106 }
    107