KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_kuserok(krb5_context context,
krb5_principal principal,
const char *luser)
{
return _krb5_kuserok(context, principal, luser, TRUE);
}
/*
* Heimdal's default aname2lname mapping.
*/
static krb5_error_code
an2ln_default(krb5_context context,
char *rule,
krb5_const_principal aname,
size_t lnsize, char *lname)
{
krb5_error_code ret;
const char *res;
int root_princs_ok;
if (strcmp(rule, "NONE") == 0)
return KRB5_NO_LOCALNAME;
if (strcmp(rule, "DEFAULT") == 0)
root_princs_ok = 0;
else if (strcmp(rule, "HEIMDAL_DEFAULT") == 0)
root_princs_ok = 1;
else
return KRB5_PLUGIN_NO_HANDLE;
if (!princ_realm_is_default(context, aname))
return KRB5_PLUGIN_NO_HANDLE;
if (aname->name.name_string.len == 1) {
/*
* One component principal names in default realm -> the one
* component is the username.
*/
res = aname->name.name_string.val[0];
} else if (root_princs_ok && aname->name.name_string.len == 2 &&
strcmp (aname->name.name_string.val[1], "root") == 0) {
/*
* Two-component principal names in default realm where the
* first component is "root" -> root IFF the principal is in
* root's .k5login (or whatever krb5_kuserok() does).
*/
krb5_principal rootprinc;
krb5_boolean userok;
res = "root";
ret = krb5_copy_principal(context, aname, &rootprinc);
if (ret)
return ret;
userok = _krb5_kuserok(context, rootprinc, res, FALSE);
krb5_free_principal(context, rootprinc);
if (!userok)
return KRB5_NO_LOCALNAME;
} else {
return KRB5_PLUGIN_NO_HANDLE;
}
if (strlcpy(lname, res, lnsize) >= lnsize)
return KRB5_CONFIG_NOTENUFSPACE;
return 0;
}
