/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <deflt.h>
#include <mechglueP.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>


static OM_uint32
compare_names(OM_uint32 *minor,
            const gss_OID mech_type,
            const gss_name_t name,
            const char *user,
            int *user_ok)
{

        OM_uint32 status, tmpMinor;
        gss_name_t imported_name;
        gss_name_t canon_name;
        gss_buffer_desc gss_user;
        int match = 0;

        *user_ok = 0;

        gss_user.value = (void *)user;
        if (!gss_user.value || !name || !mech_type)
                return (GSS_S_BAD_NAME);
        gss_user.length = strlen(gss_user.value);

        status = gss_import_name(minor,
                                &gss_user,
                                GSS_C_NT_USER_NAME,
                                &imported_name);
        if (status != GSS_S_COMPLETE) {
                goto out;
        }

        status = gss_canonicalize_name(minor,
                                    imported_name,
                                    mech_type,
                                    &canon_name);
        if (status != GSS_S_COMPLETE) {
                (void) gss_release_name(&tmpMinor, &imported_name);
                goto out;
        }

        status = gss_compare_name(minor,
                                canon_name,
                                name,
                                &match);
        (void) gss_release_name(&tmpMinor, &canon_name);
        (void) gss_release_name(&tmpMinor, &imported_name);
        if (status == GSS_S_COMPLETE) {
                if (match)
                        *user_ok = 1; /* remote user is a-ok */
        }

out:
        return (status);
}


OM_uint32
__gss_userok(OM_uint32 *minor,
            const gss_name_t name,
            const char *user,
            int *user_ok)

{
        gss_mechanism mech;
        gss_union_name_t intName;
        gss_name_t mechName = NULL;
        OM_uint32 major;

        if (minor == NULL || user_ok == NULL)
                return (GSS_S_CALL_INACCESSIBLE_WRITE);

        if (name == NULL || user == NULL)
                return (GSS_S_CALL_INACCESSIBLE_READ);

        *user_ok = 0;
        *minor = GSS_S_COMPLETE;

        intName = (gss_union_name_t)name;

        mech = __gss_get_mechanism(intName->mech_type);
        if (mech == NULL)
                return (GSS_S_UNAVAILABLE);

        /* may need to import the name if this is not MN */
        if (intName->mech_type == NULL) {
                return (GSS_S_FAILURE);
        } else
                mechName = intName->mech_name;

        if (mech->__gss_userok)
                major = mech->__gss_userok(mech->context,  minor, mechName,
                                user, user_ok);
        else
                major = compare_names(minor, intName->mech_type,
                                    name, user, user_ok);

        return (major);
} /* gss_userok */