KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) { return _krb5_kuserok(context, principal, luser, TRUE); }
/* * Heimdal's default aname2lname mapping. */ static krb5_error_code an2ln_default(krb5_context context, char *rule, krb5_const_principal aname, size_t lnsize, char *lname) { krb5_error_code ret; const char *res; int root_princs_ok; if (strcmp(rule, "NONE") == 0) return KRB5_NO_LOCALNAME; if (strcmp(rule, "DEFAULT") == 0) root_princs_ok = 0; else if (strcmp(rule, "HEIMDAL_DEFAULT") == 0) root_princs_ok = 1; else return KRB5_PLUGIN_NO_HANDLE; if (!princ_realm_is_default(context, aname)) return KRB5_PLUGIN_NO_HANDLE; if (aname->name.name_string.len == 1) { /* * One component principal names in default realm -> the one * component is the username. */ res = aname->name.name_string.val[0]; } else if (root_princs_ok && aname->name.name_string.len == 2 && strcmp (aname->name.name_string.val[1], "root") == 0) { /* * Two-component principal names in default realm where the * first component is "root" -> root IFF the principal is in * root's .k5login (or whatever krb5_kuserok() does). */ krb5_principal rootprinc; krb5_boolean userok; res = "root"; ret = krb5_copy_principal(context, aname, &rootprinc); if (ret) return ret; userok = _krb5_kuserok(context, rootprinc, res, FALSE); krb5_free_principal(context, rootprinc); if (!userok) return KRB5_NO_LOCALNAME; } else { return KRB5_PLUGIN_NO_HANDLE; } if (strlcpy(lname, res, lnsize) >= lnsize) return KRB5_CONFIG_NOTENUFSPACE; return 0; }