Add gss_localname support

Uses the fully qualified name and falls back to simple user name and
calls getpwnam_r() to resolve a local name. If the user is not known
to the nsswitch subsystme it returns a failure.

3 files changed, 79 insertions, 0 deletions

diff --git a/src/gss_names.c b/src/gss_names.c
index 64e4df3..f48d117 100644
--- a/src/gss_names.c
+++ b/src/gss_names.c
@@ -466,3 +466,66 @@ uint32_t gssntlm_display_name(uint32_t *minor_status,
 
     return GSS_S_COMPLETE;
 }
+
+#define PWBUFLEN 1024
+
+uint32_t gssntlm_localname(uint32_t *minor_status,
+	                   const gss_name_t name,
+	                   gss_const_OID mech_type,
+	                   gss_buffer_t localname)
+{
+    struct gssntlm_name *in;
+    char *uname = NULL;
+    char pwbuf[PWBUFLEN];
+    struct passwd pw, *res;
+    uint32_t min = 0;
+    int ret;
+
+    in = (struct gssntlm_name *)name;
+    if (in->type != GSSNTLM_NAME_USER) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    /* TODO: hook up with winbindd/sssd for name resolution ? */
+
+    if (in->data.user.domain) {
+        ret = asprintf(&uname, "%s\\%s",
+                       in->data.user.domain, in->data.user.name);
+        if (ret == -1) {
+            min = ENOMEM;
+            goto done;
+        }
+        ret = getpwnam_r(uname, &pw, pwbuf, PWBUFLEN, &res);
+        if (ret) {
+            min = ret;
+            goto done;
+        }
+        safefree(uname);
+        if (res) {
+            uname = strdup(res->pw_name);
+        }
+    }
+    if (uname == NULL) {
+        ret = getpwnam_r(in->data.user.name, &pw, pwbuf, PWBUFLEN, &res);
+        if (ret != 0 || res == NULL) {
+            min = ret;
+            goto done;
+        }
+        uname = strdup(res->pw_name);
+    }
+    if (!uname) {
+        min = ENOMEM;
+        goto done;
+    }
+
+done:
+    *minor_status = min;
+    if (min) {
+        free(uname);
+        return GSS_S_FAILURE;
+    }
+    localname->value = uname;
+    localname->length = strlen(uname) + 1;
+    return GSS_S_COMPLETE;
+}
diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h
index 194e954..803b7bf 100644
--- a/src/gss_ntlmssp.h
+++ b/src/gss_ntlmssp.h
@@ -313,6 +313,11 @@ uint32_t gssntlm_display_name(uint32_t *minor_status,
                               gss_buffer_t output_name_buffer,
                               gss_OID *output_name_type);
 
+uint32_t gssntlm_localname(uint32_t *minor_status,
+	                   const gss_name_t name,
+	                   gss_const_OID mech_type,
+	                   gss_buffer_t localname);
+
 uint32_t gssntlm_inquire_cred(uint32_t *minor_status,
                               gss_cred_id_t cred_handle,
                               gss_name_t *name,
diff --git a/src/gss_spi.c b/src/gss_spi.c
index a74bace..220b32c 100644
--- a/src/gss_spi.c
+++ b/src/gss_spi.c
@@ -286,6 +286,17 @@ OM_uint32 gss_display_name(OM_uint32 *minor_status,
                                 output_name_type);
 }
 
+OM_uint32 gss_localname(OM_uint32 *minor_status,
+	                const gss_name_t name,
+	                gss_const_OID mech_type,
+	                gss_buffer_t localname)
+{
+    return gssntlm_localname(minor_status,
+                             name,
+                             mech_type,
+                             localname);
+}
+
 OM_uint32 gss_set_sec_context_option(OM_uint32 *minor_status,
                                      gss_ctx_id_t *context_handle,
                                      const gss_OID desired_object,