1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 * 5 * A module for Kerberos V5 security mechanism. 6 * 7 */ 8 9 #pragma ident "%Z%%M% %I% %E% SMI" 10 11 char _depends_on[] = "misc/kgssapi crypto/md5"; 12 13 #include <sys/types.h> 14 #include <sys/modctl.h> 15 #include <sys/errno.h> 16 #include <mechglueP.h> 17 #include <gssapiP_krb5.h> 18 #include <gssapi_err_generic.h> 19 #include <gssapi/kgssapi_defs.h> 20 #include <sys/debug.h> 21 #include <k5-int.h> 22 23 /** mechglue wrappers **/ 24 25 static OM_uint32 k5glue_delete_sec_context 26 (void *, OM_uint32*, /* minor_status */ 27 gss_ctx_id_t*, /* context_handle */ 28 gss_buffer_t, /* output_token */ 29 OM_uint32); 30 31 static OM_uint32 k5glue_sign 32 (void *, OM_uint32*, /* minor_status */ 33 gss_ctx_id_t, /* context_handle */ 34 int, /* qop_req */ 35 gss_buffer_t, /* message_buffer */ 36 gss_buffer_t, /* message_token */ 37 OM_uint32); 38 39 static OM_uint32 k5glue_verify 40 (void *, OM_uint32*, /* minor_status */ 41 gss_ctx_id_t, /* context_handle */ 42 gss_buffer_t, /* message_buffer */ 43 gss_buffer_t, /* token_buffer */ 44 int*, /* qop_state */ 45 OM_uint32); 46 47 /* EXPORT DELETE START */ 48 static OM_uint32 k5glue_seal 49 (void *, OM_uint32*, /* minor_status */ 50 gss_ctx_id_t, /* context_handle */ 51 int, /* conf_req_flag */ 52 int, /* qop_req */ 53 gss_buffer_t, /* input_message_buffer */ 54 int*, /* conf_state */ 55 gss_buffer_t, /* output_message_buffer */ 56 OM_uint32); 57 58 static OM_uint32 k5glue_unseal 59 (void *, OM_uint32*, /* minor_status */ 60 gss_ctx_id_t, /* context_handle */ 61 gss_buffer_t, /* input_message_buffer */ 62 gss_buffer_t, /* output_message_buffer */ 63 int*, /* conf_state */ 64 int*, /* qop_state */ 65 OM_uint32); 66 /* EXPORT DELETE END */ 67 68 static OM_uint32 k5glue_import_sec_context 69 (void *, OM_uint32 *, /* minor_status */ 70 gss_buffer_t, /* interprocess_token */ 71 gss_ctx_id_t *); /* context_handle */ 72 73 74 75 static struct gss_config krb5_mechanism = 76 {{9, "\052\206\110\206\367\022\001\002\002"}, 77 NULL, /* context */ 78 NULL, /* next */ 79 TRUE, /* uses_kmod */ 80 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 81 k5glue_unseal, 82 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 83 k5glue_delete_sec_context, 84 /* EXPORT DELETE START */ /* CRYPT DELETE START */ 85 k5glue_seal, 86 /* EXPORT DELETE END */ /* CRYPT DELETE END */ 87 k5glue_import_sec_context, 88 /* EXPORT DELETE START */ 89 /* CRYPT DELETE START */ 90 #if 0 91 /* CRYPT DELETE END */ 92 k5glue_seal, 93 k5glue_unseal, 94 /* CRYPT DELETE START */ 95 #endif 96 /* CRYPT DELETE END */ 97 /* EXPORT DELETE END */ 98 k5glue_sign, 99 k5glue_verify, 100 }; 101 102 static gss_mechanism 103 gss_mech_initialize() 104 { 105 return (&krb5_mechanism); 106 } 107 108 109 /* 110 * Module linkage information for the kernel. 111 */ 112 extern struct mod_ops mod_miscops; 113 114 static struct modlmisc modlmisc = { 115 &mod_miscops, "Krb5 GSS mechanism" 116 }; 117 118 static struct modlinkage modlinkage = { 119 MODREV_1, 120 (void *)&modlmisc, 121 NULL 122 }; 123 124 125 static int krb5_fini_code = EBUSY; 126 127 int 128 _init() 129 { 130 int retval; 131 gss_mechanism mech, tmp; 132 133 if ((retval = mod_install(&modlinkage)) != 0) 134 return (retval); 135 136 mech = gss_mech_initialize(); 137 138 mutex_enter(&__kgss_mech_lock); 139 tmp = __kgss_get_mechanism(&mech->mech_type); 140 if (tmp != NULL) { 141 142 KRB5_LOG0(KRB5_INFO, 143 "KRB5 GSS mechanism: mechanism already in table.\n"); 144 145 if (tmp->uses_kmod == TRUE) { 146 KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism " 147 "table supports kernel operations!\n"); 148 } 149 /* 150 * keep us loaded, but let us be unloadable. This 151 * will give the developer time to trouble shoot 152 */ 153 krb5_fini_code = 0; 154 } else { 155 __kgss_add_mechanism(mech); 156 ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech); 157 } 158 mutex_exit(&__kgss_mech_lock); 159 160 return (0); 161 } 162 163 int 164 _fini() 165 { 166 int ret = krb5_fini_code; 167 168 if (ret == 0) { 169 ret = (mod_remove(&modlinkage)); 170 } 171 return (ret); 172 } 173 174 int 175 _info(struct modinfo *modinfop) 176 { 177 return (mod_info(&modlinkage, modinfop)); 178 } 179 180 /* ARGSUSED */ 181 static OM_uint32 182 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token, 183 gssd_ctx_verifier) 184 void *ctx; 185 OM_uint32 *minor_status; 186 gss_ctx_id_t *context_handle; 187 gss_buffer_t output_token; 188 OM_uint32 gssd_ctx_verifier; 189 { 190 return(krb5_gss_delete_sec_context(minor_status, 191 context_handle, output_token, 192 gssd_ctx_verifier)); 193 } 194 195 /* V2 */ 196 /* ARGSUSED */ 197 static OM_uint32 198 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 199 void *ctx; 200 OM_uint32 *minor_status; 201 gss_buffer_t interprocess_token; 202 gss_ctx_id_t *context_handle; 203 { 204 return(krb5_gss_import_sec_context(minor_status, 205 interprocess_token, 206 context_handle)); 207 } 208 209 /* EXPORT DELETE START */ 210 /* V1 only */ 211 /* ARGSUSED */ 212 static OM_uint32 213 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 214 input_message_buffer, conf_state, output_message_buffer, gssd_ctx_verifier) 215 void *ctx; 216 OM_uint32 *minor_status; 217 gss_ctx_id_t context_handle; 218 int conf_req_flag; 219 int qop_req; 220 gss_buffer_t input_message_buffer; 221 int *conf_state; 222 gss_buffer_t output_message_buffer; 223 OM_uint32 gssd_ctx_verifier; 224 { 225 return(krb5_gss_seal(minor_status, context_handle, 226 conf_req_flag, qop_req, input_message_buffer, 227 conf_state, output_message_buffer, gssd_ctx_verifier)); 228 } 229 /* EXPORT DELETE END */ 230 231 /* ARGSUSED */ 232 static OM_uint32 233 k5glue_sign(ctx, minor_status, context_handle, 234 qop_req, message_buffer, 235 message_token, gssd_ctx_verifier) 236 void *ctx; 237 OM_uint32 *minor_status; 238 gss_ctx_id_t context_handle; 239 int qop_req; 240 gss_buffer_t message_buffer; 241 gss_buffer_t message_token; 242 OM_uint32 gssd_ctx_verifier; 243 { 244 return(krb5_gss_sign(minor_status, context_handle, 245 qop_req, message_buffer, message_token, gssd_ctx_verifier)); 246 } 247 248 /* EXPORT DELETE START */ 249 /* ARGSUSED */ 250 static OM_uint32 251 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 252 output_message_buffer, conf_state, qop_state, gssd_ctx_verifier) 253 void *ctx; 254 OM_uint32 *minor_status; 255 gss_ctx_id_t context_handle; 256 gss_buffer_t input_message_buffer; 257 gss_buffer_t output_message_buffer; 258 int *conf_state; 259 int *qop_state; 260 OM_uint32 gssd_ctx_verifier; 261 { 262 return(krb5_gss_unseal(minor_status, context_handle, 263 input_message_buffer, output_message_buffer, 264 conf_state, qop_state, gssd_ctx_verifier)); 265 } 266 /* EXPORT DELETE END */ 267 268 /* V1 only */ 269 /* ARGSUSED */ 270 static OM_uint32 271 k5glue_verify(ctx, minor_status, context_handle, message_buffer, 272 token_buffer, qop_state, gssd_ctx_verifier) 273 void *ctx; 274 OM_uint32 *minor_status; 275 gss_ctx_id_t context_handle; 276 gss_buffer_t message_buffer; 277 gss_buffer_t token_buffer; 278 int *qop_state; 279 OM_uint32 gssd_ctx_verifier; 280 { 281 return(krb5_gss_verify(minor_status, 282 context_handle, 283 message_buffer, 284 token_buffer, 285 qop_state, gssd_ctx_verifier)); 286 } 287