Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/gssapi/mechs/krb5/krb5mech.c
+++ new/usr/src/uts/common/gssapi/mechs/krb5/krb5mech.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 * Copyright (c) 2011 Bayard G. Bell. All rights reserved.
25 25 *
26 26 * A module for Kerberos V5 security mechanism.
27 27 *
28 28 */
29 29
30 30 #include <sys/types.h>
31 31 #include <sys/modctl.h>
32 32 #include <sys/errno.h>
33 33 #include <mechglueP.h>
34 34 #include <gssapiP_krb5.h>
35 35 #include <gssapi_err_generic.h>
36 36 #include <gssapi/kgssapi_defs.h>
37 37 #include <sys/debug.h>
38 38 #include <k5-int.h>
39 39
40 40 /* mechglue wrappers */
41 41
42 42 static OM_uint32 k5glue_delete_sec_context
43 43 (void *, OM_uint32 *, /* minor_status */
44 44 gss_ctx_id_t *, /* context_handle */
45 45 gss_buffer_t, /* output_token */
46 46 OM_uint32);
47 47
48 48 static OM_uint32 k5glue_sign
49 49 (void *, OM_uint32 *, /* minor_status */
50 50 gss_ctx_id_t, /* context_handle */
51 51 int, /* qop_req */
52 52 gss_buffer_t, /* message_buffer */
53 53 gss_buffer_t, /* message_token */
↓ open down ↓ |
53 lines elided |
↑ open up ↑ |
54 54 OM_uint32);
55 55
56 56 static OM_uint32 k5glue_verify
57 57 (void *, OM_uint32 *, /* minor_status */
58 58 gss_ctx_id_t, /* context_handle */
59 59 gss_buffer_t, /* message_buffer */
60 60 gss_buffer_t, /* token_buffer */
61 61 int *, /* qop_state */
62 62 OM_uint32);
63 63
64 -/* EXPORT DELETE START */
65 64 static OM_uint32 k5glue_seal
66 65 (void *, OM_uint32 *, /* minor_status */
67 66 gss_ctx_id_t, /* context_handle */
68 67 int, /* conf_req_flag */
69 68 int, /* qop_req */
70 69 gss_buffer_t, /* input_message_buffer */
71 70 int *, /* conf_state */
72 71 gss_buffer_t, /* output_message_buffer */
73 72 OM_uint32);
74 73
75 74 static OM_uint32 k5glue_unseal
76 75 (void *, OM_uint32 *, /* minor_status */
77 76 gss_ctx_id_t, /* context_handle */
78 77 gss_buffer_t, /* input_message_buffer */
79 78 gss_buffer_t, /* output_message_buffer */
80 79 int *, /* conf_state */
81 80 int *, /* qop_state */
82 81 OM_uint32);
83 -/* EXPORT DELETE END */
84 82
85 83 static OM_uint32 k5glue_import_sec_context
86 84 (void *, OM_uint32 *, /* minor_status */
87 85 gss_buffer_t, /* interprocess_token */
88 86 gss_ctx_id_t *); /* context_handle */
89 87
90 88
91 89
92 90 static struct gss_config krb5_mechanism =
93 91 {{9, "\052\206\110\206\367\022\001\002\002"},
94 92 NULL, /* context */
95 93 NULL, /* next */
96 94 TRUE, /* uses_kmod */
97 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
98 95 k5glue_unseal,
99 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
100 96 k5glue_delete_sec_context,
101 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
102 97 k5glue_seal,
103 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
104 98 k5glue_import_sec_context,
105 -/* EXPORT DELETE START */
106 -/* CRYPT DELETE START */
107 -#if 0
108 -/* CRYPT DELETE END */
109 - k5glue_seal,
110 - k5glue_unseal,
111 -/* CRYPT DELETE START */
112 -#endif
113 -/* CRYPT DELETE END */
114 -/* EXPORT DELETE END */
115 99 k5glue_sign,
116 100 k5glue_verify,
117 101 };
118 102
119 103 static gss_mechanism
120 104 gss_mech_initialize()
121 105 {
122 106 return (&krb5_mechanism);
123 107 }
124 108
125 109
126 110 /*
127 111 * Module linkage information for the kernel.
128 112 */
129 113 extern struct mod_ops mod_miscops;
130 114
131 115 static struct modlmisc modlmisc = {
132 116 &mod_miscops, "Krb5 GSS mechanism"
133 117 };
134 118
135 119 static struct modlinkage modlinkage = {
136 120 MODREV_1,
137 121 (void *)&modlmisc,
138 122 NULL
139 123 };
140 124
141 125
142 126 static int krb5_fini_code = EBUSY;
143 127
144 128 int
145 129 _init()
146 130 {
147 131 int retval;
148 132 gss_mechanism mech, tmp;
149 133
150 134 if ((retval = mod_install(&modlinkage)) != 0)
151 135 return (retval);
152 136
153 137 mech = gss_mech_initialize();
154 138
155 139 mutex_enter(&__kgss_mech_lock);
156 140 tmp = __kgss_get_mechanism(&mech->mech_type);
157 141 if (tmp != NULL) {
158 142
159 143 KRB5_LOG0(KRB5_INFO,
160 144 "KRB5 GSS mechanism: mechanism already in table.\n");
161 145
162 146 if (tmp->uses_kmod == TRUE) {
163 147 KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
164 148 "table supports kernel operations!\n");
165 149 }
166 150 /*
167 151 * keep us loaded, but let us be unloadable. This
168 152 * will give the developer time to trouble shoot
169 153 */
170 154 krb5_fini_code = 0;
171 155 } else {
172 156 __kgss_add_mechanism(mech);
173 157 ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
174 158 }
175 159 mutex_exit(&__kgss_mech_lock);
176 160
177 161 return (0);
178 162 }
179 163
180 164 int
181 165 _fini()
182 166 {
183 167 int ret = krb5_fini_code;
184 168
185 169 if (ret == 0) {
186 170 ret = (mod_remove(&modlinkage));
187 171 }
188 172 return (ret);
189 173 }
190 174
191 175 int
192 176 _info(struct modinfo *modinfop)
193 177 {
194 178 return (mod_info(&modlinkage, modinfop));
195 179 }
196 180
197 181 /* ARGSUSED */
198 182 static OM_uint32
199 183 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
200 184 gssd_ctx_verifier)
201 185 void *ctx;
202 186 OM_uint32 *minor_status;
203 187 gss_ctx_id_t *context_handle;
204 188 gss_buffer_t output_token;
205 189 OM_uint32 gssd_ctx_verifier;
206 190 {
207 191 return (krb5_gss_delete_sec_context(minor_status,
208 192 context_handle, output_token,
209 193 gssd_ctx_verifier));
210 194 }
211 195
212 196 /* V2 */
213 197 /* ARGSUSED */
214 198 static OM_uint32
215 199 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
↓ open down ↓ |
91 lines elided |
↑ open up ↑ |
216 200 void *ctx;
217 201 OM_uint32 *minor_status;
218 202 gss_buffer_t interprocess_token;
219 203 gss_ctx_id_t *context_handle;
220 204 {
221 205 return (krb5_gss_import_sec_context(minor_status,
222 206 interprocess_token,
223 207 context_handle));
224 208 }
225 209
226 -/* EXPORT DELETE START */
227 210 /* V1 only */
228 211 /* ARGSUSED */
229 212 static OM_uint32
230 213 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
231 214 input_message_buffer, conf_state, output_message_buffer,
232 215 gssd_ctx_verifier)
233 216 void *ctx;
234 217 OM_uint32 *minor_status;
235 218 gss_ctx_id_t context_handle;
236 219 int conf_req_flag;
237 220 int qop_req;
238 221 gss_buffer_t input_message_buffer;
239 222 int *conf_state;
240 223 gss_buffer_t output_message_buffer;
241 224 OM_uint32 gssd_ctx_verifier;
242 225 {
243 226 return (krb5_gss_seal(minor_status, context_handle,
244 227 conf_req_flag, qop_req, input_message_buffer,
245 228 conf_state, output_message_buffer, gssd_ctx_verifier));
246 229 }
247 -/* EXPORT DELETE END */
248 230
249 231 /* ARGSUSED */
250 232 static OM_uint32
251 233 k5glue_sign(ctx, minor_status, context_handle,
252 234 qop_req, message_buffer,
253 235 message_token, gssd_ctx_verifier)
254 236 void *ctx;
255 237 OM_uint32 *minor_status;
256 238 gss_ctx_id_t context_handle;
257 239 int qop_req;
258 240 gss_buffer_t message_buffer;
259 241 gss_buffer_t message_token;
260 242 OM_uint32 gssd_ctx_verifier;
261 243 {
262 244 return (krb5_gss_sign(minor_status, context_handle,
263 245 qop_req, message_buffer, message_token, gssd_ctx_verifier));
264 246 }
265 247
266 -/* EXPORT DELETE START */
267 248 /* ARGSUSED */
268 249 static OM_uint32
269 250 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
270 251 output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
271 252 void *ctx;
272 253 OM_uint32 *minor_status;
273 254 gss_ctx_id_t context_handle;
274 255 gss_buffer_t input_message_buffer;
275 256 gss_buffer_t output_message_buffer;
276 257 int *conf_state;
277 258 int *qop_state;
278 259 OM_uint32 gssd_ctx_verifier;
279 260 {
280 261 return (krb5_gss_unseal(minor_status, context_handle,
281 262 input_message_buffer, output_message_buffer,
282 263 conf_state, qop_state, gssd_ctx_verifier));
283 264 }
284 -/* EXPORT DELETE END */
285 265
286 266 /* V1 only */
287 267 /* ARGSUSED */
288 268 static OM_uint32
289 269 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
290 270 token_buffer, qop_state, gssd_ctx_verifier)
291 271 void *ctx;
292 272 OM_uint32 *minor_status;
293 273 gss_ctx_id_t context_handle;
294 274 gss_buffer_t message_buffer;
295 275 gss_buffer_t token_buffer;
296 276 int *qop_state;
297 277 OM_uint32 gssd_ctx_verifier;
298 278 {
299 279 return (krb5_gss_verify(minor_status,
300 280 context_handle,
301 281 message_buffer,
302 282 token_buffer,
303 283 qop_state, gssd_ctx_verifier));
304 284 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX