17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5f48205beScasper * Common Development and Distribution License (the "License").
6f48205beScasper * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
228ffff9fdSgt29601 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
237c478bd9Sstevel@tonic-gate * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate /*
2715c07adcSJohn Levon * Copyright (c) 2018, Joyent, Inc.
28*c5991125SMatt Barden * Copyright 2021 Tintri by DDN, Inc. All rights reserved.
2915c07adcSJohn Levon */
3015c07adcSJohn Levon
3115c07adcSJohn Levon /*
327c478bd9Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
337c478bd9Sstevel@tonic-gate *
347c478bd9Sstevel@tonic-gate * $Header:
357c478bd9Sstevel@tonic-gate * /afs/gza.com/product/secure/rel-eng/src/1.1/rpc/RCS/auth_gssapi.c,v
367c478bd9Sstevel@tonic-gate * 1.14 1995/03/22 22:07:55 jik Exp $
377c478bd9Sstevel@tonic-gate */
387c478bd9Sstevel@tonic-gate
397c478bd9Sstevel@tonic-gate #include <sys/systm.h>
407c478bd9Sstevel@tonic-gate #include <sys/types.h>
417c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h>
427c478bd9Sstevel@tonic-gate #include <rpc/rpc.h>
437c478bd9Sstevel@tonic-gate #include <rpc/rpcsec_defs.h>
447c478bd9Sstevel@tonic-gate #include <sys/debug.h>
457c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h>
467c478bd9Sstevel@tonic-gate #include <sys/ddi.h>
477c478bd9Sstevel@tonic-gate
487c478bd9Sstevel@tonic-gate static void rpc_gss_nextverf();
497c478bd9Sstevel@tonic-gate static bool_t rpc_gss_marshall();
507c478bd9Sstevel@tonic-gate static bool_t rpc_gss_validate();
517c478bd9Sstevel@tonic-gate static bool_t rpc_gss_refresh();
527c478bd9Sstevel@tonic-gate static void rpc_gss_destroy();
537c478bd9Sstevel@tonic-gate #if 0
547c478bd9Sstevel@tonic-gate static void rpc_gss_destroy_pvt();
557c478bd9Sstevel@tonic-gate #endif
567c478bd9Sstevel@tonic-gate static void rpc_gss_free_pvt();
577c478bd9Sstevel@tonic-gate static int rpc_gss_seccreate_pvt();
587c478bd9Sstevel@tonic-gate static bool_t rpc_gss_wrap();
597c478bd9Sstevel@tonic-gate static bool_t rpc_gss_unwrap();
607c478bd9Sstevel@tonic-gate static bool_t validate_seqwin();
617c478bd9Sstevel@tonic-gate
627c478bd9Sstevel@tonic-gate
637c478bd9Sstevel@tonic-gate #ifdef DEBUG
647c478bd9Sstevel@tonic-gate #include <sys/promif.h>
657c478bd9Sstevel@tonic-gate #endif
667c478bd9Sstevel@tonic-gate
677c478bd9Sstevel@tonic-gate static struct auth_ops rpc_gss_ops = {
687c478bd9Sstevel@tonic-gate rpc_gss_nextverf,
697c478bd9Sstevel@tonic-gate rpc_gss_marshall,
707c478bd9Sstevel@tonic-gate rpc_gss_validate,
717c478bd9Sstevel@tonic-gate rpc_gss_refresh,
727c478bd9Sstevel@tonic-gate rpc_gss_destroy,
737c478bd9Sstevel@tonic-gate rpc_gss_wrap,
747c478bd9Sstevel@tonic-gate rpc_gss_unwrap,
757c478bd9Sstevel@tonic-gate };
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate /*
787c478bd9Sstevel@tonic-gate * Private data for RPCSEC_GSS.
797c478bd9Sstevel@tonic-gate */
807c478bd9Sstevel@tonic-gate typedef struct _rpc_gss_data {
817c478bd9Sstevel@tonic-gate bool_t established; /* TRUE when established */
827c478bd9Sstevel@tonic-gate CLIENT *clnt; /* associated client handle */
837c478bd9Sstevel@tonic-gate int version; /* RPCSEC version */
847c478bd9Sstevel@tonic-gate gss_ctx_id_t context; /* GSS context id */
857c478bd9Sstevel@tonic-gate gss_buffer_desc ctx_handle; /* RPCSEC GSS context handle */
867c478bd9Sstevel@tonic-gate uint_t seq_num; /* last sequence number rcvd */
877c478bd9Sstevel@tonic-gate gss_cred_id_t my_cred; /* caller's GSS credentials */
887c478bd9Sstevel@tonic-gate OM_uint32 qop; /* requested QOP */
897c478bd9Sstevel@tonic-gate rpc_gss_service_t service; /* requested service */
907c478bd9Sstevel@tonic-gate uint_t gss_proc; /* GSS control procedure */
917c478bd9Sstevel@tonic-gate gss_name_t target_name; /* target server */
927c478bd9Sstevel@tonic-gate int req_flags; /* GSS request bits */
937c478bd9Sstevel@tonic-gate gss_OID mech_type; /* GSS mechanism */
947c478bd9Sstevel@tonic-gate OM_uint32 time_req; /* requested cred lifetime */
957c478bd9Sstevel@tonic-gate bool_t invalid; /* can't use this any more */
967c478bd9Sstevel@tonic-gate OM_uint32 seq_window; /* server sequence window */
977c478bd9Sstevel@tonic-gate struct opaque_auth *verifier; /* rpc reply verifier saved for */
987c478bd9Sstevel@tonic-gate /* validating the sequence window */
997c478bd9Sstevel@tonic-gate gss_channel_bindings_t icb;
1007c478bd9Sstevel@tonic-gate } rpc_gss_data;
1017c478bd9Sstevel@tonic-gate #define AUTH_PRIVATE(auth) ((rpc_gss_data *)auth->ah_private)
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate #define INTERRUPT_OK 1 /* allow interrupt */
1047c478bd9Sstevel@tonic-gate
1057c478bd9Sstevel@tonic-gate /*
1067c478bd9Sstevel@tonic-gate * RPCSEC_GSS auth cache definitions.
1077c478bd9Sstevel@tonic-gate */
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate /* The table size must be a power of two. */
1107c478bd9Sstevel@tonic-gate #define GSSAUTH_TABLESIZE 16
1117c478bd9Sstevel@tonic-gate #define HASH(keynum, uid_num) \
112f48205beScasper ((((intptr_t)(keynum)) ^ ((int)uid_num)) & (GSSAUTH_TABLESIZE - 1))
1137c478bd9Sstevel@tonic-gate
1147c478bd9Sstevel@tonic-gate /*
1157c478bd9Sstevel@tonic-gate * gss auth cache entry.
1167c478bd9Sstevel@tonic-gate */
1177c478bd9Sstevel@tonic-gate typedef struct ga_cache_entry {
1187c478bd9Sstevel@tonic-gate void *cache_key;
1197c478bd9Sstevel@tonic-gate uid_t uid;
1207c478bd9Sstevel@tonic-gate zoneid_t zoneid;
1217c478bd9Sstevel@tonic-gate bool_t in_use;
1227c478bd9Sstevel@tonic-gate time_t ref_time; /* the time referenced previously */
1237c478bd9Sstevel@tonic-gate time_t ctx_expired_time; /* when the context will be expired */
1247c478bd9Sstevel@tonic-gate AUTH *auth;
1257c478bd9Sstevel@tonic-gate struct ga_cache_entry *next;
1267c478bd9Sstevel@tonic-gate } *ga_cache_list;
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate struct ga_cache_entry *ga_cache_table[GSSAUTH_TABLESIZE];
1297c478bd9Sstevel@tonic-gate static krwlock_t ga_cache_table_lock;
1307c478bd9Sstevel@tonic-gate static struct kmem_cache *ga_cache_handle;
1317c478bd9Sstevel@tonic-gate static void gssauth_cache_reclaim(void *);
1327c478bd9Sstevel@tonic-gate
1337c478bd9Sstevel@tonic-gate static void gssauth_zone_fini(zoneid_t, void *);
1347c478bd9Sstevel@tonic-gate static zone_key_t gssauth_zone_key;
1357c478bd9Sstevel@tonic-gate
1367c478bd9Sstevel@tonic-gate int ga_cache_hit;
1377c478bd9Sstevel@tonic-gate int ga_cache_miss;
1387c478bd9Sstevel@tonic-gate int ga_cache_reclaim;
1397c478bd9Sstevel@tonic-gate
1407c478bd9Sstevel@tonic-gate #define NOT_DEAD(ptr) ASSERT((((intptr_t)(ptr)) != 0xdeadbeef))
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate void
gssauth_init(void)1437c478bd9Sstevel@tonic-gate gssauth_init(void)
1447c478bd9Sstevel@tonic-gate {
1457c478bd9Sstevel@tonic-gate /*
1467c478bd9Sstevel@tonic-gate * Initialize gss auth cache table lock
1477c478bd9Sstevel@tonic-gate */
1487c478bd9Sstevel@tonic-gate rw_init(&ga_cache_table_lock, NULL, RW_DEFAULT, NULL);
1497c478bd9Sstevel@tonic-gate
1507c478bd9Sstevel@tonic-gate /*
1517c478bd9Sstevel@tonic-gate * Allocate gss auth cache handle
1527c478bd9Sstevel@tonic-gate */
1537c478bd9Sstevel@tonic-gate ga_cache_handle = kmem_cache_create("ga_cache_handle",
1547c478bd9Sstevel@tonic-gate sizeof (struct ga_cache_entry), 0, NULL, NULL,
1557c478bd9Sstevel@tonic-gate gssauth_cache_reclaim, NULL, NULL, 0);
1567c478bd9Sstevel@tonic-gate zone_key_create(&gssauth_zone_key, NULL, NULL, gssauth_zone_fini);
1577c478bd9Sstevel@tonic-gate }
1587c478bd9Sstevel@tonic-gate
1597c478bd9Sstevel@tonic-gate /*
1607c478bd9Sstevel@tonic-gate * Destroy the structures previously initialized in gssauth_init()
1617c478bd9Sstevel@tonic-gate * This routine is called by _init() if mod_install() failed.
1627c478bd9Sstevel@tonic-gate */
1637c478bd9Sstevel@tonic-gate void
gssauth_fini(void)1647c478bd9Sstevel@tonic-gate gssauth_fini(void)
1657c478bd9Sstevel@tonic-gate {
1667c478bd9Sstevel@tonic-gate (void) zone_key_delete(gssauth_zone_key);
1677c478bd9Sstevel@tonic-gate kmem_cache_destroy(ga_cache_handle);
1687c478bd9Sstevel@tonic-gate rw_destroy(&ga_cache_table_lock);
1697c478bd9Sstevel@tonic-gate }
1707c478bd9Sstevel@tonic-gate
1717c478bd9Sstevel@tonic-gate /*
1727c478bd9Sstevel@tonic-gate * This is a cleanup routine to release cached entries when a zone is being
1737c478bd9Sstevel@tonic-gate * destroyed. The code is also used when kmem calls us to free up memory, at
1747c478bd9Sstevel@tonic-gate * which point ``zoneid'' will be ALL_ZONES. We don't honor the cache timeout
1757c478bd9Sstevel@tonic-gate * when the zone is going away, since the zoneid (and all associated cached
1767c478bd9Sstevel@tonic-gate * entries) are invalid.
1777c478bd9Sstevel@tonic-gate */
1787c478bd9Sstevel@tonic-gate time_t rpc_gss_cache_time = 60 * 60;
1797c478bd9Sstevel@tonic-gate
1807c478bd9Sstevel@tonic-gate /* ARGSUSED */
1817c478bd9Sstevel@tonic-gate static void
gssauth_zone_fini(zoneid_t zoneid,void * unused)1827c478bd9Sstevel@tonic-gate gssauth_zone_fini(zoneid_t zoneid, void *unused)
1837c478bd9Sstevel@tonic-gate {
1847c478bd9Sstevel@tonic-gate struct ga_cache_entry *p, *prev, *next;
1857c478bd9Sstevel@tonic-gate int i;
1867c478bd9Sstevel@tonic-gate time_t now;
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
1897c478bd9Sstevel@tonic-gate
1907c478bd9Sstevel@tonic-gate for (i = 0; i < GSSAUTH_TABLESIZE; i++) {
1917c478bd9Sstevel@tonic-gate prev = NULL;
1927c478bd9Sstevel@tonic-gate for (p = ga_cache_table[i]; p; p = next) {
1937c478bd9Sstevel@tonic-gate NOT_DEAD(p->next);
1947c478bd9Sstevel@tonic-gate next = p->next;
1957c478bd9Sstevel@tonic-gate NOT_DEAD(next);
1967c478bd9Sstevel@tonic-gate if (zoneid == ALL_ZONES) { /* kmem callback */
1977c478bd9Sstevel@tonic-gate /*
1987c478bd9Sstevel@tonic-gate * Free entries that have not been
1997c478bd9Sstevel@tonic-gate * used for rpc_gss_cache_time seconds.
2007c478bd9Sstevel@tonic-gate */
2017c478bd9Sstevel@tonic-gate now = gethrestime_sec();
2027c478bd9Sstevel@tonic-gate if ((p->ref_time + rpc_gss_cache_time >
2037c478bd9Sstevel@tonic-gate now) || p->in_use) {
2047c478bd9Sstevel@tonic-gate if ((p->ref_time + rpc_gss_cache_time <=
2057c478bd9Sstevel@tonic-gate now) && p->in_use) {
2067c478bd9Sstevel@tonic-gate RPCGSS_LOG0(2, "gssauth_cache_"
2077c478bd9Sstevel@tonic-gate "reclaim: in_use\n");
2087c478bd9Sstevel@tonic-gate }
2097c478bd9Sstevel@tonic-gate prev = p;
2107c478bd9Sstevel@tonic-gate continue;
2117c478bd9Sstevel@tonic-gate }
2127c478bd9Sstevel@tonic-gate } else {
2137c478bd9Sstevel@tonic-gate if (p->zoneid != zoneid) {
2147c478bd9Sstevel@tonic-gate prev = p;
2157c478bd9Sstevel@tonic-gate continue;
2167c478bd9Sstevel@tonic-gate }
2177c478bd9Sstevel@tonic-gate ASSERT(!p->in_use);
2187c478bd9Sstevel@tonic-gate }
2197c478bd9Sstevel@tonic-gate
2207c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "gssauth_cache_reclaim: destroy auth "
2217c478bd9Sstevel@tonic-gate "%p\n", (void *)p->auth);
2227c478bd9Sstevel@tonic-gate rpc_gss_destroy(p->auth);
2237c478bd9Sstevel@tonic-gate kmem_cache_free(ga_cache_handle, (void *)p);
2247c478bd9Sstevel@tonic-gate if (prev == NULL) {
2257c478bd9Sstevel@tonic-gate ga_cache_table[i] = next;
2267c478bd9Sstevel@tonic-gate } else {
2277c478bd9Sstevel@tonic-gate NOT_DEAD(prev->next);
2287c478bd9Sstevel@tonic-gate prev->next = next;
2297c478bd9Sstevel@tonic-gate }
2307c478bd9Sstevel@tonic-gate }
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
2347c478bd9Sstevel@tonic-gate
2357c478bd9Sstevel@tonic-gate }
2367c478bd9Sstevel@tonic-gate
2377c478bd9Sstevel@tonic-gate /*
2387c478bd9Sstevel@tonic-gate * Called by the kernel memory allocator when
2397c478bd9Sstevel@tonic-gate * memory is low. Free unused cache entries.
2407c478bd9Sstevel@tonic-gate * If that's not enough, the VM system will
2417c478bd9Sstevel@tonic-gate * call again for some more.
2427c478bd9Sstevel@tonic-gate */
2437c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2447c478bd9Sstevel@tonic-gate static void
gssauth_cache_reclaim(void * cdrarg)2457c478bd9Sstevel@tonic-gate gssauth_cache_reclaim(void *cdrarg)
2467c478bd9Sstevel@tonic-gate {
2477c478bd9Sstevel@tonic-gate gssauth_zone_fini(ALL_ZONES, NULL);
2487c478bd9Sstevel@tonic-gate }
2497c478bd9Sstevel@tonic-gate
2507c478bd9Sstevel@tonic-gate #define NOT_NULL(ptr) ASSERT(ptr)
2517c478bd9Sstevel@tonic-gate #define IS_ALIGNED(ptr) ASSERT((((intptr_t)(ptr)) & 3) == 0)
2527c478bd9Sstevel@tonic-gate
2537c478bd9Sstevel@tonic-gate /*
2547c478bd9Sstevel@tonic-gate * Get the client gss security service handle.
2557c478bd9Sstevel@tonic-gate * If it is in the cache table, get it, otherwise, create
2567c478bd9Sstevel@tonic-gate * a new one by calling rpc_gss_seccreate().
2577c478bd9Sstevel@tonic-gate */
2587c478bd9Sstevel@tonic-gate int
rpc_gss_secget(CLIENT * clnt,char * principal,rpc_gss_OID mechanism,rpc_gss_service_t service_type,uint_t qop,rpc_gss_options_req_t * options_req,rpc_gss_options_ret_t * options_ret,void * cache_key,cred_t * cr,AUTH ** retauth)2597c478bd9Sstevel@tonic-gate rpc_gss_secget(CLIENT *clnt,
2607c478bd9Sstevel@tonic-gate char *principal,
2617c478bd9Sstevel@tonic-gate rpc_gss_OID mechanism,
2627c478bd9Sstevel@tonic-gate rpc_gss_service_t service_type,
2637c478bd9Sstevel@tonic-gate uint_t qop,
2647c478bd9Sstevel@tonic-gate rpc_gss_options_req_t *options_req,
2657c478bd9Sstevel@tonic-gate rpc_gss_options_ret_t *options_ret,
2667c478bd9Sstevel@tonic-gate void *cache_key,
2677c478bd9Sstevel@tonic-gate cred_t *cr,
2687c478bd9Sstevel@tonic-gate AUTH **retauth)
2697c478bd9Sstevel@tonic-gate {
2707c478bd9Sstevel@tonic-gate struct ga_cache_entry **head, *current, *new, *prev;
2717c478bd9Sstevel@tonic-gate AUTH *auth = NULL;
2727c478bd9Sstevel@tonic-gate rpc_gss_data *ap;
2737c478bd9Sstevel@tonic-gate rpc_gss_options_ret_t opt_ret;
2747c478bd9Sstevel@tonic-gate int status = 0;
2757c478bd9Sstevel@tonic-gate uid_t uid = crgetuid(cr);
2767c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid();
2777c478bd9Sstevel@tonic-gate
2787c478bd9Sstevel@tonic-gate if (retauth == NULL)
2797c478bd9Sstevel@tonic-gate return (EINVAL);
2807c478bd9Sstevel@tonic-gate *retauth = NULL;
2817c478bd9Sstevel@tonic-gate
2827c478bd9Sstevel@tonic-gate NOT_NULL(cr);
2837c478bd9Sstevel@tonic-gate IS_ALIGNED(cr);
2847c478bd9Sstevel@tonic-gate #ifdef DEBUG
2857c478bd9Sstevel@tonic-gate if (HASH(cache_key, uid) < 0) {
2867c478bd9Sstevel@tonic-gate prom_printf("cache_key %p, cr %p\n", cache_key, (void *)cr);
2877c478bd9Sstevel@tonic-gate }
2887c478bd9Sstevel@tonic-gate #endif
2897c478bd9Sstevel@tonic-gate
2907c478bd9Sstevel@tonic-gate /*
2917c478bd9Sstevel@tonic-gate * Get a valid gss auth handle from the cache table.
2927c478bd9Sstevel@tonic-gate * If auth in cache is invalid and not in use, destroy it.
2937c478bd9Sstevel@tonic-gate */
2947c478bd9Sstevel@tonic-gate prev = NULL;
2957c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
2967c478bd9Sstevel@tonic-gate
2977c478bd9Sstevel@tonic-gate ASSERT(HASH(cache_key, uid) >= 0);
2987c478bd9Sstevel@tonic-gate head = &ga_cache_table[HASH(cache_key, uid)];
2997c478bd9Sstevel@tonic-gate NOT_NULL(head);
3007c478bd9Sstevel@tonic-gate IS_ALIGNED(head);
3017c478bd9Sstevel@tonic-gate
3027c478bd9Sstevel@tonic-gate for (current = *head; current; current = current->next) {
3037c478bd9Sstevel@tonic-gate NOT_NULL(current);
3047c478bd9Sstevel@tonic-gate IS_ALIGNED(current);
3057c478bd9Sstevel@tonic-gate if ((cache_key == current->cache_key) &&
3067c478bd9Sstevel@tonic-gate (uid == current->uid) && (zoneid == current->zoneid) &&
3077c478bd9Sstevel@tonic-gate !current->in_use) {
3087c478bd9Sstevel@tonic-gate current->in_use = TRUE;
3097c478bd9Sstevel@tonic-gate current->ref_time = gethrestime_sec();
3107c478bd9Sstevel@tonic-gate ap = AUTH_PRIVATE(current->auth);
3117c478bd9Sstevel@tonic-gate ap->clnt = clnt;
3127c478bd9Sstevel@tonic-gate ga_cache_hit++;
3137c478bd9Sstevel@tonic-gate if (ap->invalid ||
3147c478bd9Sstevel@tonic-gate ((current->ctx_expired_time != GSS_C_INDEFINITE) &&
315dda0f8f7Sgtb (gethrestime_sec() >=
3167c478bd9Sstevel@tonic-gate current->ctx_expired_time))) {
3177c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "NOTICE: rpc_gss_secget: time to "
3187c478bd9Sstevel@tonic-gate "refresh the auth\n");
3197c478bd9Sstevel@tonic-gate if (prev == NULL) {
3207c478bd9Sstevel@tonic-gate *head = current->next;
3217c478bd9Sstevel@tonic-gate } else {
3227c478bd9Sstevel@tonic-gate prev->next = current->next;
3237c478bd9Sstevel@tonic-gate }
3247c478bd9Sstevel@tonic-gate rpc_gss_destroy(current->auth);
3257c478bd9Sstevel@tonic-gate kmem_cache_free(ga_cache_handle, (void *) current);
3267c478bd9Sstevel@tonic-gate auth = NULL;
3277c478bd9Sstevel@tonic-gate } else {
3287c478bd9Sstevel@tonic-gate auth = current->auth;
3297c478bd9Sstevel@tonic-gate }
3307c478bd9Sstevel@tonic-gate break;
3317c478bd9Sstevel@tonic-gate } else {
3327c478bd9Sstevel@tonic-gate prev = current;
3337c478bd9Sstevel@tonic-gate }
3347c478bd9Sstevel@tonic-gate }
3357c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
3367c478bd9Sstevel@tonic-gate
3377c478bd9Sstevel@tonic-gate /*
3387c478bd9Sstevel@tonic-gate * If no valid gss auth handle can be found in the cache, create
3397c478bd9Sstevel@tonic-gate * a new one.
3407c478bd9Sstevel@tonic-gate */
3417c478bd9Sstevel@tonic-gate if (!auth) {
3427c478bd9Sstevel@tonic-gate ga_cache_miss++;
3437c478bd9Sstevel@tonic-gate if (options_ret == NULL)
3447c478bd9Sstevel@tonic-gate options_ret = &opt_ret;
3457c478bd9Sstevel@tonic-gate
3467c478bd9Sstevel@tonic-gate status = rpc_gss_seccreate(clnt, principal, mechanism,
3477c478bd9Sstevel@tonic-gate service_type, qop, options_req, options_ret, cr, &auth);
3487c478bd9Sstevel@tonic-gate if (status == 0) {
3497c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_secget: new auth %p\n",
3507c478bd9Sstevel@tonic-gate (void *)auth);
3517c478bd9Sstevel@tonic-gate new = kmem_cache_alloc(ga_cache_handle, KM_NOSLEEP);
3527c478bd9Sstevel@tonic-gate IS_ALIGNED(new);
3537c478bd9Sstevel@tonic-gate NOT_DEAD(new);
3547c478bd9Sstevel@tonic-gate if (new) {
3557c478bd9Sstevel@tonic-gate new->cache_key = cache_key;
3567c478bd9Sstevel@tonic-gate new->uid = uid;
3577c478bd9Sstevel@tonic-gate new->zoneid = zoneid;
3587c478bd9Sstevel@tonic-gate new->in_use = TRUE;
3597c478bd9Sstevel@tonic-gate new->ref_time = gethrestime_sec();
3607c478bd9Sstevel@tonic-gate if (options_ret->time_ret != GSS_C_INDEFINITE) {
3617c478bd9Sstevel@tonic-gate new->ctx_expired_time = new->ref_time +
3627c478bd9Sstevel@tonic-gate options_ret->time_ret;
3637c478bd9Sstevel@tonic-gate } else {
3647c478bd9Sstevel@tonic-gate new->ctx_expired_time = GSS_C_INDEFINITE;
3657c478bd9Sstevel@tonic-gate }
3667c478bd9Sstevel@tonic-gate new->auth = auth;
3677c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
3687c478bd9Sstevel@tonic-gate NOT_DEAD(*head);
3697c478bd9Sstevel@tonic-gate NOT_DEAD(new->next);
3707c478bd9Sstevel@tonic-gate new->next = *head;
3717c478bd9Sstevel@tonic-gate *head = new;
3727c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
3737c478bd9Sstevel@tonic-gate }
3747c478bd9Sstevel@tonic-gate /* done with opt_ret */
3757c478bd9Sstevel@tonic-gate if (options_ret == &opt_ret) {
3767c478bd9Sstevel@tonic-gate kgss_free_oid((gss_OID) opt_ret.actual_mechanism);
3777c478bd9Sstevel@tonic-gate }
3787c478bd9Sstevel@tonic-gate }
3797c478bd9Sstevel@tonic-gate }
3807c478bd9Sstevel@tonic-gate
3817c478bd9Sstevel@tonic-gate *retauth = auth;
3827c478bd9Sstevel@tonic-gate return (status);
3837c478bd9Sstevel@tonic-gate }
3847c478bd9Sstevel@tonic-gate
3857c478bd9Sstevel@tonic-gate
3867c478bd9Sstevel@tonic-gate
3877c478bd9Sstevel@tonic-gate /*
3887c478bd9Sstevel@tonic-gate * rpc_gss_secfree will destroy a rpcsec_gss context only if
3897c478bd9Sstevel@tonic-gate * the auth handle is not in the cache table.
3907c478bd9Sstevel@tonic-gate */
3917c478bd9Sstevel@tonic-gate void
rpc_gss_secfree(AUTH * auth)3927c478bd9Sstevel@tonic-gate rpc_gss_secfree(AUTH *auth)
3937c478bd9Sstevel@tonic-gate {
3947c478bd9Sstevel@tonic-gate struct ga_cache_entry *next, *cur;
3957c478bd9Sstevel@tonic-gate int i;
3967c478bd9Sstevel@tonic-gate
3977c478bd9Sstevel@tonic-gate /*
3987c478bd9Sstevel@tonic-gate * Check the cache table to find the auth.
3997c478bd9Sstevel@tonic-gate * Marked it unused.
4007c478bd9Sstevel@tonic-gate */
4017c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
4027c478bd9Sstevel@tonic-gate for (i = 0; i < GSSAUTH_TABLESIZE; i++) {
4037c478bd9Sstevel@tonic-gate for (cur = ga_cache_table[i]; cur; cur = next) {
4047c478bd9Sstevel@tonic-gate NOT_DEAD(cur);
4057c478bd9Sstevel@tonic-gate next = cur->next;
4067c478bd9Sstevel@tonic-gate NOT_DEAD(next);
4077c478bd9Sstevel@tonic-gate if (cur->auth == auth) {
4087c478bd9Sstevel@tonic-gate ASSERT(cur->in_use == TRUE);
4097c478bd9Sstevel@tonic-gate cur->in_use = FALSE;
4107c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
4117c478bd9Sstevel@tonic-gate return;
4127c478bd9Sstevel@tonic-gate }
4137c478bd9Sstevel@tonic-gate }
4147c478bd9Sstevel@tonic-gate }
4157c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
4167c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_secfree: destroy auth %p\n", (void *)auth);
4177c478bd9Sstevel@tonic-gate rpc_gss_destroy(auth);
4187c478bd9Sstevel@tonic-gate }
4197c478bd9Sstevel@tonic-gate
4207c478bd9Sstevel@tonic-gate
4217c478bd9Sstevel@tonic-gate /*
4227c478bd9Sstevel@tonic-gate * Create a gss security service context.
4237c478bd9Sstevel@tonic-gate */
4247c478bd9Sstevel@tonic-gate int
rpc_gss_seccreate(CLIENT * clnt,char * principal,rpc_gss_OID mechanism,rpc_gss_service_t service_type,uint_t qop,rpc_gss_options_req_t * options_req,rpc_gss_options_ret_t * options_ret,cred_t * cr,AUTH ** retauth)4257c478bd9Sstevel@tonic-gate rpc_gss_seccreate(CLIENT *clnt,
4267c478bd9Sstevel@tonic-gate char *principal, /* target service@server */
4277c478bd9Sstevel@tonic-gate rpc_gss_OID mechanism, /* security mechanism */
4287c478bd9Sstevel@tonic-gate rpc_gss_service_t service_type, /* security service */
4297c478bd9Sstevel@tonic-gate uint_t qop, /* requested QOP */
4307c478bd9Sstevel@tonic-gate rpc_gss_options_req_t *options_req, /* requested options */
4317c478bd9Sstevel@tonic-gate rpc_gss_options_ret_t *options_ret, /* returned options */
4327c478bd9Sstevel@tonic-gate cred_t *cr, /* client's unix cred */
4337c478bd9Sstevel@tonic-gate AUTH **retauth) /* auth handle */
4347c478bd9Sstevel@tonic-gate {
4357c478bd9Sstevel@tonic-gate OM_uint32 gssstat;
4367c478bd9Sstevel@tonic-gate OM_uint32 minor_stat;
4377c478bd9Sstevel@tonic-gate gss_name_t target_name;
4387c478bd9Sstevel@tonic-gate int ret_flags;
4397c478bd9Sstevel@tonic-gate OM_uint32 time_rec;
4407c478bd9Sstevel@tonic-gate gss_buffer_desc input_name;
4417c478bd9Sstevel@tonic-gate AUTH *auth = NULL;
4427c478bd9Sstevel@tonic-gate rpc_gss_data *ap = NULL;
4437c478bd9Sstevel@tonic-gate int error;
4447c478bd9Sstevel@tonic-gate
4457c478bd9Sstevel@tonic-gate /*
4467c478bd9Sstevel@tonic-gate * convert name to GSS internal type
4477c478bd9Sstevel@tonic-gate */
4487c478bd9Sstevel@tonic-gate input_name.value = principal;
4497c478bd9Sstevel@tonic-gate input_name.length = strlen(principal);
4507c478bd9Sstevel@tonic-gate
451*c5991125SMatt Barden if (options_ret != NULL) {
452*c5991125SMatt Barden options_ret->major_status = 0;
453*c5991125SMatt Barden options_ret->minor_status = 0;
454*c5991125SMatt Barden }
455*c5991125SMatt Barden
4567c478bd9Sstevel@tonic-gate gssstat = gss_import_name(&minor_stat, &input_name,
4577c478bd9Sstevel@tonic-gate (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &target_name);
4587c478bd9Sstevel@tonic-gate
4597c478bd9Sstevel@tonic-gate if (gssstat != GSS_S_COMPLETE) {
4607c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1,
4617c478bd9Sstevel@tonic-gate "rpc_gss_seccreate: unable to import gss name\n");
462*c5991125SMatt Barden if (options_ret != NULL) {
463*c5991125SMatt Barden options_ret->major_status = gssstat;
464*c5991125SMatt Barden options_ret->minor_status = minor_stat;
465*c5991125SMatt Barden }
4667c478bd9Sstevel@tonic-gate return (ENOMEM);
4677c478bd9Sstevel@tonic-gate }
4687c478bd9Sstevel@tonic-gate
4697c478bd9Sstevel@tonic-gate /*
4707c478bd9Sstevel@tonic-gate * Create AUTH handle. Save the necessary interface information
4717c478bd9Sstevel@tonic-gate * so that the client can refresh the handle later if needed.
4727c478bd9Sstevel@tonic-gate */
4737c478bd9Sstevel@tonic-gate if ((auth = (AUTH *) kmem_alloc(sizeof (*auth), KM_SLEEP)) != NULL)
4747c478bd9Sstevel@tonic-gate ap = (rpc_gss_data *) kmem_alloc(sizeof (*ap), KM_SLEEP);
4757c478bd9Sstevel@tonic-gate if (auth == NULL || ap == NULL) {
4767c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate: out of memory\n");
4777c478bd9Sstevel@tonic-gate if (auth != NULL)
4787c478bd9Sstevel@tonic-gate kmem_free((char *)auth, sizeof (*auth));
4797c478bd9Sstevel@tonic-gate (void) gss_release_name(&minor_stat, &target_name);
4807c478bd9Sstevel@tonic-gate return (ENOMEM);
4817c478bd9Sstevel@tonic-gate }
4827c478bd9Sstevel@tonic-gate
4837c478bd9Sstevel@tonic-gate bzero((char *)ap, sizeof (*ap));
4847c478bd9Sstevel@tonic-gate ap->clnt = clnt;
4857c478bd9Sstevel@tonic-gate ap->version = RPCSEC_GSS_VERSION;
4867c478bd9Sstevel@tonic-gate if (options_req != NULL) {
4877c478bd9Sstevel@tonic-gate ap->my_cred = options_req->my_cred;
4887c478bd9Sstevel@tonic-gate ap->req_flags = options_req->req_flags;
4897c478bd9Sstevel@tonic-gate ap->time_req = options_req->time_req;
4907c478bd9Sstevel@tonic-gate ap->icb = options_req->input_channel_bindings;
4917c478bd9Sstevel@tonic-gate } else {
4927c478bd9Sstevel@tonic-gate ap->my_cred = GSS_C_NO_CREDENTIAL;
4937c478bd9Sstevel@tonic-gate ap->req_flags = GSS_C_MUTUAL_FLAG;
4947c478bd9Sstevel@tonic-gate ap->time_req = 0;
4957c478bd9Sstevel@tonic-gate ap->icb = GSS_C_NO_CHANNEL_BINDINGS;
4967c478bd9Sstevel@tonic-gate }
4977c478bd9Sstevel@tonic-gate if ((ap->service = service_type) == rpc_gss_svc_default)
4987c478bd9Sstevel@tonic-gate ap->service = rpc_gss_svc_integrity;
4997c478bd9Sstevel@tonic-gate ap->qop = qop;
5007c478bd9Sstevel@tonic-gate ap->target_name = target_name;
5017c478bd9Sstevel@tonic-gate
5027c478bd9Sstevel@tonic-gate /*
5037c478bd9Sstevel@tonic-gate * Now invoke the real interface that sets up the context from
5047c478bd9Sstevel@tonic-gate * the information stashed away in the private data.
5057c478bd9Sstevel@tonic-gate */
5067c478bd9Sstevel@tonic-gate if (error = rpc_gss_seccreate_pvt(&gssstat, &minor_stat, auth, ap,
5077c478bd9Sstevel@tonic-gate mechanism, &ap->mech_type, &ret_flags, &time_rec, cr, 0)) {
5087c478bd9Sstevel@tonic-gate if (ap->target_name) {
5097c478bd9Sstevel@tonic-gate (void) gss_release_name(&minor_stat, &ap->target_name);
5107c478bd9Sstevel@tonic-gate }
511*c5991125SMatt Barden if (options_ret != NULL) {
512*c5991125SMatt Barden options_ret->major_status = gssstat;
513*c5991125SMatt Barden options_ret->minor_status = minor_stat;
514*c5991125SMatt Barden }
5157c478bd9Sstevel@tonic-gate kmem_free((char *)ap, sizeof (*ap));
5167c478bd9Sstevel@tonic-gate kmem_free((char *)auth, sizeof (*auth));
5177c478bd9Sstevel@tonic-gate RPCGSS_LOG(1, "rpc_gss_seccreate: init context failed"
5187c478bd9Sstevel@tonic-gate " errno=%d\n", error);
5197c478bd9Sstevel@tonic-gate return (error);
5207c478bd9Sstevel@tonic-gate }
5217c478bd9Sstevel@tonic-gate
5227c478bd9Sstevel@tonic-gate /*
5237c478bd9Sstevel@tonic-gate * Make sure that the requested service is supported. In all
5247c478bd9Sstevel@tonic-gate * cases, integrity service must be available.
5257c478bd9Sstevel@tonic-gate */
5267c478bd9Sstevel@tonic-gate if ((ap->service == rpc_gss_svc_privacy &&
5277c478bd9Sstevel@tonic-gate !(ret_flags & GSS_C_CONF_FLAG)) ||
5287c478bd9Sstevel@tonic-gate !(ret_flags & GSS_C_INTEG_FLAG)) {
5297c478bd9Sstevel@tonic-gate rpc_gss_destroy(auth);
5307c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate: service not supported\n");
5317c478bd9Sstevel@tonic-gate return (EPROTONOSUPPORT);
5327c478bd9Sstevel@tonic-gate }
5337c478bd9Sstevel@tonic-gate
5347c478bd9Sstevel@tonic-gate /*
5357c478bd9Sstevel@tonic-gate * return option values if requested
5367c478bd9Sstevel@tonic-gate */
5377c478bd9Sstevel@tonic-gate if (options_ret != NULL) {
5387c478bd9Sstevel@tonic-gate options_ret->major_status = gssstat;
5397c478bd9Sstevel@tonic-gate options_ret->minor_status = minor_stat;
5407c478bd9Sstevel@tonic-gate options_ret->rpcsec_version = ap->version;
5417c478bd9Sstevel@tonic-gate options_ret->ret_flags = ret_flags;
5427c478bd9Sstevel@tonic-gate options_ret->time_ret = time_rec;
5437c478bd9Sstevel@tonic-gate options_ret->gss_context = ap->context;
5447c478bd9Sstevel@tonic-gate /*
5457c478bd9Sstevel@tonic-gate * Caller's responsibility to free this.
5467c478bd9Sstevel@tonic-gate */
5477c478bd9Sstevel@tonic-gate NOT_NULL(ap->mech_type);
5487c478bd9Sstevel@tonic-gate __rpc_gss_dup_oid(ap->mech_type,
5497c478bd9Sstevel@tonic-gate (gss_OID *)&options_ret->actual_mechanism);
5507c478bd9Sstevel@tonic-gate }
5517c478bd9Sstevel@tonic-gate
5527c478bd9Sstevel@tonic-gate *retauth = auth;
5537c478bd9Sstevel@tonic-gate return (0);
5547c478bd9Sstevel@tonic-gate }
5557c478bd9Sstevel@tonic-gate
5567c478bd9Sstevel@tonic-gate /*
5577c478bd9Sstevel@tonic-gate * Private interface to create a context. This is the interface
5587c478bd9Sstevel@tonic-gate * that's invoked when the context has to be refreshed.
5597c478bd9Sstevel@tonic-gate */
5607c478bd9Sstevel@tonic-gate static int
rpc_gss_seccreate_pvt(gssstat,minor_stat,auth,ap,desired_mech_type,actual_mech_type,ret_flags,time_rec,cr,isrefresh)5617c478bd9Sstevel@tonic-gate rpc_gss_seccreate_pvt(gssstat, minor_stat, auth, ap, desired_mech_type,
5627c478bd9Sstevel@tonic-gate actual_mech_type, ret_flags, time_rec, cr, isrefresh)
5637c478bd9Sstevel@tonic-gate OM_uint32 *gssstat;
5647c478bd9Sstevel@tonic-gate OM_uint32 *minor_stat;
5657c478bd9Sstevel@tonic-gate AUTH *auth;
5667c478bd9Sstevel@tonic-gate rpc_gss_data *ap;
5677c478bd9Sstevel@tonic-gate gss_OID desired_mech_type;
5687c478bd9Sstevel@tonic-gate gss_OID *actual_mech_type;
5697c478bd9Sstevel@tonic-gate int *ret_flags;
5707c478bd9Sstevel@tonic-gate OM_uint32 *time_rec;
5717c478bd9Sstevel@tonic-gate cred_t *cr;
5727c478bd9Sstevel@tonic-gate int isrefresh;
5737c478bd9Sstevel@tonic-gate {
5747c478bd9Sstevel@tonic-gate CLIENT *clnt = ap->clnt;
5757c478bd9Sstevel@tonic-gate AUTH *save_auth;
5767c478bd9Sstevel@tonic-gate enum clnt_stat callstat;
5777c478bd9Sstevel@tonic-gate rpc_gss_init_arg call_arg;
5787c478bd9Sstevel@tonic-gate rpc_gss_init_res call_res;
5797c478bd9Sstevel@tonic-gate gss_buffer_desc *input_token_p, input_token, process_token;
5807c478bd9Sstevel@tonic-gate int free_results = 0;
5817c478bd9Sstevel@tonic-gate k_sigset_t smask;
5827c478bd9Sstevel@tonic-gate int error = 0;
5837c478bd9Sstevel@tonic-gate
5847c478bd9Sstevel@tonic-gate /*
5857c478bd9Sstevel@tonic-gate * (re)initialize AUTH handle and private data.
5867c478bd9Sstevel@tonic-gate */
5877c478bd9Sstevel@tonic-gate bzero((char *)auth, sizeof (*auth));
5887c478bd9Sstevel@tonic-gate auth->ah_ops = &rpc_gss_ops;
5897c478bd9Sstevel@tonic-gate auth->ah_private = (caddr_t)ap;
5907c478bd9Sstevel@tonic-gate auth->ah_cred.oa_flavor = RPCSEC_GSS;
5917c478bd9Sstevel@tonic-gate
5927c478bd9Sstevel@tonic-gate ap->established = FALSE;
5937c478bd9Sstevel@tonic-gate ap->ctx_handle.length = 0;
5947c478bd9Sstevel@tonic-gate ap->ctx_handle.value = NULL;
5957c478bd9Sstevel@tonic-gate ap->context = NULL;
5967c478bd9Sstevel@tonic-gate ap->seq_num = 0;
5977c478bd9Sstevel@tonic-gate ap->gss_proc = RPCSEC_GSS_INIT;
5987c478bd9Sstevel@tonic-gate
5997c478bd9Sstevel@tonic-gate /*
6007c478bd9Sstevel@tonic-gate * should not change clnt->cl_auth at this time, so save
6017c478bd9Sstevel@tonic-gate * old handle
6027c478bd9Sstevel@tonic-gate */
6037c478bd9Sstevel@tonic-gate save_auth = clnt->cl_auth;
6047c478bd9Sstevel@tonic-gate clnt->cl_auth = auth;
6057c478bd9Sstevel@tonic-gate
6067c478bd9Sstevel@tonic-gate /*
6077c478bd9Sstevel@tonic-gate * set state for starting context setup
6087c478bd9Sstevel@tonic-gate */
6097c478bd9Sstevel@tonic-gate bzero((char *)&call_arg, sizeof (call_arg));
6107c478bd9Sstevel@tonic-gate input_token_p = GSS_C_NO_BUFFER;
6117c478bd9Sstevel@tonic-gate
6127c478bd9Sstevel@tonic-gate next_token:
6137c478bd9Sstevel@tonic-gate *gssstat = kgss_init_sec_context(minor_stat,
6147c478bd9Sstevel@tonic-gate ap->my_cred,
6157c478bd9Sstevel@tonic-gate &ap->context,
6167c478bd9Sstevel@tonic-gate ap->target_name,
6177c478bd9Sstevel@tonic-gate desired_mech_type,
6187c478bd9Sstevel@tonic-gate ap->req_flags,
6197c478bd9Sstevel@tonic-gate ap->time_req,
6207c478bd9Sstevel@tonic-gate NULL,
6217c478bd9Sstevel@tonic-gate input_token_p,
6227c478bd9Sstevel@tonic-gate actual_mech_type,
6237c478bd9Sstevel@tonic-gate &call_arg,
6247c478bd9Sstevel@tonic-gate ret_flags,
6257c478bd9Sstevel@tonic-gate time_rec,
6267c478bd9Sstevel@tonic-gate crgetuid(cr));
6277c478bd9Sstevel@tonic-gate
6287c478bd9Sstevel@tonic-gate if (input_token_p != GSS_C_NO_BUFFER) {
6297c478bd9Sstevel@tonic-gate OM_uint32 minor_stat2;
6307c478bd9Sstevel@tonic-gate
6317c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_stat2, input_token_p);
6327c478bd9Sstevel@tonic-gate input_token_p = GSS_C_NO_BUFFER;
6337c478bd9Sstevel@tonic-gate }
6347c478bd9Sstevel@tonic-gate
6357c478bd9Sstevel@tonic-gate if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) {
6367c478bd9Sstevel@tonic-gate rpc_gss_display_status(*gssstat, *minor_stat,
6377c478bd9Sstevel@tonic-gate desired_mech_type, crgetuid(cr),
6387c478bd9Sstevel@tonic-gate "rpcsec_gss_secreate_pvt:gss_init_sec_context");
6397c478bd9Sstevel@tonic-gate error = EACCES;
6407c478bd9Sstevel@tonic-gate goto cleanup;
6417c478bd9Sstevel@tonic-gate }
6427c478bd9Sstevel@tonic-gate
6437c478bd9Sstevel@tonic-gate /*
6447c478bd9Sstevel@tonic-gate * if we got a token, pass it on
6457c478bd9Sstevel@tonic-gate */
6467c478bd9Sstevel@tonic-gate if (call_arg.length != 0) {
6477c478bd9Sstevel@tonic-gate struct timeval timeout = {30, 0};
6487c478bd9Sstevel@tonic-gate int rpcsec_retry = isrefresh ?
6497c478bd9Sstevel@tonic-gate RPCSEC_GSS_REFRESH_ATTEMPTS : 1;
6507c478bd9Sstevel@tonic-gate uint32_t oldxid;
6517c478bd9Sstevel@tonic-gate uint32_t zeroxid = 0;
6527c478bd9Sstevel@tonic-gate
6537c478bd9Sstevel@tonic-gate bzero((char *)&call_res, sizeof (call_res));
6547c478bd9Sstevel@tonic-gate
6557c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(clnt, CLGET_XID, (char *)&oldxid);
6567c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(clnt, CLSET_XID, (char *)&zeroxid);
6577c478bd9Sstevel@tonic-gate
6587c478bd9Sstevel@tonic-gate
6597c478bd9Sstevel@tonic-gate while (rpcsec_retry > 0) {
6607c478bd9Sstevel@tonic-gate struct rpc_err rpcerr;
6617c478bd9Sstevel@tonic-gate
6627c478bd9Sstevel@tonic-gate sigintr(&smask, INTERRUPT_OK);
6637c478bd9Sstevel@tonic-gate
6647c478bd9Sstevel@tonic-gate callstat = clnt_call(clnt, NULLPROC,
6657c478bd9Sstevel@tonic-gate __xdr_rpc_gss_init_arg, (caddr_t)&call_arg,
6667c478bd9Sstevel@tonic-gate __xdr_rpc_gss_init_res, (caddr_t)&call_res,
6677c478bd9Sstevel@tonic-gate timeout);
6687c478bd9Sstevel@tonic-gate
6697c478bd9Sstevel@tonic-gate sigunintr(&smask);
6707c478bd9Sstevel@tonic-gate
6717c478bd9Sstevel@tonic-gate if (callstat == RPC_SUCCESS) {
6727c478bd9Sstevel@tonic-gate error = 0;
6737c478bd9Sstevel@tonic-gate if (isrefresh &&
6747c478bd9Sstevel@tonic-gate call_res.gss_major == GSS_S_FAILURE) {
6757c478bd9Sstevel@tonic-gate
6767c478bd9Sstevel@tonic-gate clock_t one_sec = drv_usectohz(1000000);
6777c478bd9Sstevel@tonic-gate
6787c478bd9Sstevel@tonic-gate rpcsec_retry--;
6797c478bd9Sstevel@tonic-gate
6807c478bd9Sstevel@tonic-gate /*
6817c478bd9Sstevel@tonic-gate * Pause a little and try again.
6827c478bd9Sstevel@tonic-gate */
6837c478bd9Sstevel@tonic-gate
6847c478bd9Sstevel@tonic-gate if (clnt->cl_nosignal == TRUE) {
6857c478bd9Sstevel@tonic-gate delay(one_sec);
6867c478bd9Sstevel@tonic-gate } else {
6877c478bd9Sstevel@tonic-gate if (delay_sig(one_sec)) {
6887c478bd9Sstevel@tonic-gate error = EINTR;
6897c478bd9Sstevel@tonic-gate break;
6907c478bd9Sstevel@tonic-gate }
6917c478bd9Sstevel@tonic-gate }
6927c478bd9Sstevel@tonic-gate continue;
6937c478bd9Sstevel@tonic-gate }
6947c478bd9Sstevel@tonic-gate break;
6957c478bd9Sstevel@tonic-gate }
6967c478bd9Sstevel@tonic-gate
6977c478bd9Sstevel@tonic-gate if (callstat == RPC_TIMEDOUT) {
6987c478bd9Sstevel@tonic-gate error = ETIMEDOUT;
6997c478bd9Sstevel@tonic-gate break;
7007c478bd9Sstevel@tonic-gate }
7017c478bd9Sstevel@tonic-gate
7027c478bd9Sstevel@tonic-gate if (callstat == RPC_XPRTFAILED) {
7037c478bd9Sstevel@tonic-gate error = ECONNRESET;
7047c478bd9Sstevel@tonic-gate break;
7057c478bd9Sstevel@tonic-gate }
7067c478bd9Sstevel@tonic-gate
7077c478bd9Sstevel@tonic-gate if (callstat == RPC_INTR) {
7087c478bd9Sstevel@tonic-gate error = EINTR;
7097c478bd9Sstevel@tonic-gate break;
7107c478bd9Sstevel@tonic-gate }
7117c478bd9Sstevel@tonic-gate
7127c478bd9Sstevel@tonic-gate if (callstat == RPC_INPROGRESS) {
7137c478bd9Sstevel@tonic-gate continue;
7147c478bd9Sstevel@tonic-gate }
7157c478bd9Sstevel@tonic-gate
7167c478bd9Sstevel@tonic-gate clnt_geterr(clnt, &rpcerr);
7177c478bd9Sstevel@tonic-gate error = rpcerr.re_errno;
7187c478bd9Sstevel@tonic-gate break;
7197c478bd9Sstevel@tonic-gate }
7207c478bd9Sstevel@tonic-gate
7217c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(clnt, CLSET_XID, (char *)&oldxid);
7227c478bd9Sstevel@tonic-gate
7237c478bd9Sstevel@tonic-gate (void) gss_release_buffer(minor_stat, &call_arg);
7247c478bd9Sstevel@tonic-gate
7257c478bd9Sstevel@tonic-gate if (callstat != RPC_SUCCESS) {
7267c478bd9Sstevel@tonic-gate RPCGSS_LOG(1,
7277c478bd9Sstevel@tonic-gate "rpc_gss_seccreate_pvt: clnt_call failed %d\n",
7287c478bd9Sstevel@tonic-gate callstat);
7297c478bd9Sstevel@tonic-gate goto cleanup;
7307c478bd9Sstevel@tonic-gate }
7317c478bd9Sstevel@tonic-gate
7327c478bd9Sstevel@tonic-gate /*
7337c478bd9Sstevel@tonic-gate * we have results - note that these need to be freed
7347c478bd9Sstevel@tonic-gate */
7357c478bd9Sstevel@tonic-gate free_results = 1;
7367c478bd9Sstevel@tonic-gate
7377c478bd9Sstevel@tonic-gate if ((call_res.gss_major != GSS_S_COMPLETE) &&
7387c478bd9Sstevel@tonic-gate (call_res.gss_major != GSS_S_CONTINUE_NEEDED)) {
7397c478bd9Sstevel@tonic-gate RPCGSS_LOG1(1, "rpc_gss_seccreate_pvt: "
7407c478bd9Sstevel@tonic-gate "call_res gss_major %x, gss_minor %x\n",
7417c478bd9Sstevel@tonic-gate call_res.gss_major, call_res.gss_minor);
7427c478bd9Sstevel@tonic-gate error = EACCES;
7437c478bd9Sstevel@tonic-gate goto cleanup;
7447c478bd9Sstevel@tonic-gate }
7457c478bd9Sstevel@tonic-gate
7467c478bd9Sstevel@tonic-gate ap->gss_proc = RPCSEC_GSS_CONTINUE_INIT;
7477c478bd9Sstevel@tonic-gate
7487c478bd9Sstevel@tonic-gate /*
7497c478bd9Sstevel@tonic-gate * check for ctx_handle
7507c478bd9Sstevel@tonic-gate */
7517c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length == 0) {
7527c478bd9Sstevel@tonic-gate if (call_res.ctx_handle.length == 0) {
7537c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate_pvt: zero "
7547c478bd9Sstevel@tonic-gate "length handle in response\n");
7557c478bd9Sstevel@tonic-gate error = EACCES;
7567c478bd9Sstevel@tonic-gate goto cleanup;
7577c478bd9Sstevel@tonic-gate }
7587c478bd9Sstevel@tonic-gate GSS_DUP_BUFFER(ap->ctx_handle,
7597c478bd9Sstevel@tonic-gate call_res.ctx_handle);
7607c478bd9Sstevel@tonic-gate } else if (!GSS_BUFFERS_EQUAL(ap->ctx_handle,
7617c478bd9Sstevel@tonic-gate call_res.ctx_handle)) {
7627c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1,
7637c478bd9Sstevel@tonic-gate "rpc_gss_seccreate_pvt: ctx_handle not the same\n");
7647c478bd9Sstevel@tonic-gate error = EACCES;
7657c478bd9Sstevel@tonic-gate goto cleanup;
7667c478bd9Sstevel@tonic-gate }
7677c478bd9Sstevel@tonic-gate
7687c478bd9Sstevel@tonic-gate /*
7697c478bd9Sstevel@tonic-gate * check for token
7707c478bd9Sstevel@tonic-gate */
7717c478bd9Sstevel@tonic-gate if (call_res.token.length != 0) {
7727c478bd9Sstevel@tonic-gate if (*gssstat == GSS_S_COMPLETE) {
7737c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate_pvt: non "
7747c478bd9Sstevel@tonic-gate "zero length token in response, but "
7757c478bd9Sstevel@tonic-gate "gsstat == GSS_S_COMPLETE\n");
7767c478bd9Sstevel@tonic-gate error = EACCES;
7777c478bd9Sstevel@tonic-gate goto cleanup;
7787c478bd9Sstevel@tonic-gate }
7797c478bd9Sstevel@tonic-gate GSS_DUP_BUFFER(input_token, call_res.token);
7807c478bd9Sstevel@tonic-gate input_token_p = &input_token;
7817c478bd9Sstevel@tonic-gate
7827c478bd9Sstevel@tonic-gate } else if (*gssstat != GSS_S_COMPLETE) {
7837c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate_pvt:zero length "
7847c478bd9Sstevel@tonic-gate "token in response, but "
7857c478bd9Sstevel@tonic-gate "gsstat != GSS_S_COMPLETE\n");
7867c478bd9Sstevel@tonic-gate error = EACCES;
7877c478bd9Sstevel@tonic-gate goto cleanup;
7887c478bd9Sstevel@tonic-gate }
7897c478bd9Sstevel@tonic-gate
7907c478bd9Sstevel@tonic-gate /* save the sequence window value; validate later */
7917c478bd9Sstevel@tonic-gate ap->seq_window = call_res.seq_window;
7927c478bd9Sstevel@tonic-gate xdr_free(__xdr_rpc_gss_init_res, (caddr_t)&call_res);
7937c478bd9Sstevel@tonic-gate free_results = 0;
7947c478bd9Sstevel@tonic-gate }
7957c478bd9Sstevel@tonic-gate
7967c478bd9Sstevel@tonic-gate /*
7977c478bd9Sstevel@tonic-gate * results were okay.. continue if necessary
7987c478bd9Sstevel@tonic-gate */
7997c478bd9Sstevel@tonic-gate if (*gssstat == GSS_S_CONTINUE_NEEDED) {
8007c478bd9Sstevel@tonic-gate goto next_token;
8017c478bd9Sstevel@tonic-gate }
8027c478bd9Sstevel@tonic-gate
8037c478bd9Sstevel@tonic-gate /*
8047c478bd9Sstevel@tonic-gate * Context is established. Now use kgss_export_sec_context and
8057c478bd9Sstevel@tonic-gate * kgss_import_sec_context to transfer the context from the user
8067c478bd9Sstevel@tonic-gate * land to kernel if the mechanism specific kernel module is
8077c478bd9Sstevel@tonic-gate * available.
8087c478bd9Sstevel@tonic-gate */
8097c478bd9Sstevel@tonic-gate *gssstat = kgss_export_sec_context(minor_stat, ap->context,
8107c478bd9Sstevel@tonic-gate &process_token);
8117c478bd9Sstevel@tonic-gate if (*gssstat == GSS_S_NAME_NOT_MN) {
8127c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_seccreate_pvt: export_sec_context "
8137c478bd9Sstevel@tonic-gate "Kernel Module unavailable gssstat = 0x%x\n",
8147c478bd9Sstevel@tonic-gate *gssstat);
8157c478bd9Sstevel@tonic-gate goto done;
8167c478bd9Sstevel@tonic-gate } else if (*gssstat != GSS_S_COMPLETE) {
8177c478bd9Sstevel@tonic-gate (void) rpc_gss_display_status(*gssstat, *minor_stat,
818fd08154eSrg137905 isrefresh ? GSS_C_NULL_OID : *actual_mech_type,
819fd08154eSrg137905 crgetuid(cr),
8207c478bd9Sstevel@tonic-gate "rpcsec_gss_secreate_pvt:gss_export_sec_context");
8217c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(minor_stat,
8227c478bd9Sstevel@tonic-gate &ap->context, NULL);
8237c478bd9Sstevel@tonic-gate error = EACCES;
8247c478bd9Sstevel@tonic-gate goto cleanup;
8257c478bd9Sstevel@tonic-gate } else if (process_token.length == 0) {
8267c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_seccreate_pvt:zero length "
8277c478bd9Sstevel@tonic-gate "token in response for export_sec_context, but "
8287c478bd9Sstevel@tonic-gate "gsstat == GSS_S_COMPLETE\n");
8297c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(minor_stat,
8307c478bd9Sstevel@tonic-gate &ap->context, NULL);
8317c478bd9Sstevel@tonic-gate error = EACCES;
8327c478bd9Sstevel@tonic-gate goto cleanup;
8337c478bd9Sstevel@tonic-gate } else
8347c478bd9Sstevel@tonic-gate *gssstat = kgss_import_sec_context(minor_stat, &process_token,
8357c478bd9Sstevel@tonic-gate ap->context);
8367c478bd9Sstevel@tonic-gate
8377c478bd9Sstevel@tonic-gate if (*gssstat == GSS_S_COMPLETE) {
8387c478bd9Sstevel@tonic-gate (void) gss_release_buffer(minor_stat, &process_token);
8397c478bd9Sstevel@tonic-gate } else {
8407c478bd9Sstevel@tonic-gate rpc_gss_display_status(*gssstat, *minor_stat,
8417c478bd9Sstevel@tonic-gate desired_mech_type, crgetuid(cr),
8427c478bd9Sstevel@tonic-gate "rpcsec_gss_secreate_pvt:gss_import_sec_context");
8437c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(minor_stat,
8447c478bd9Sstevel@tonic-gate &ap->context, NULL);
8457c478bd9Sstevel@tonic-gate (void) gss_release_buffer(minor_stat, &process_token);
8467c478bd9Sstevel@tonic-gate error = EACCES;
8477c478bd9Sstevel@tonic-gate goto cleanup;
8487c478bd9Sstevel@tonic-gate }
8497c478bd9Sstevel@tonic-gate
8507c478bd9Sstevel@tonic-gate done:
8517c478bd9Sstevel@tonic-gate /*
8527c478bd9Sstevel@tonic-gate * Validate the sequence window - RFC 2203 section 5.2.3.1
8537c478bd9Sstevel@tonic-gate */
8547c478bd9Sstevel@tonic-gate if (!validate_seqwin(ap)) {
8557c478bd9Sstevel@tonic-gate error = EACCES;
8567c478bd9Sstevel@tonic-gate goto cleanup;
8577c478bd9Sstevel@tonic-gate }
8587c478bd9Sstevel@tonic-gate
8597c478bd9Sstevel@tonic-gate /*
8607c478bd9Sstevel@tonic-gate * Done! Security context creation is successful.
8617c478bd9Sstevel@tonic-gate * Ready for exchanging data.
8627c478bd9Sstevel@tonic-gate */
8637c478bd9Sstevel@tonic-gate ap->established = TRUE;
8647c478bd9Sstevel@tonic-gate ap->seq_num = 1;
8657c478bd9Sstevel@tonic-gate ap->gss_proc = RPCSEC_GSS_DATA;
8667c478bd9Sstevel@tonic-gate ap->invalid = FALSE;
8677c478bd9Sstevel@tonic-gate
8687c478bd9Sstevel@tonic-gate clnt->cl_auth = save_auth; /* restore cl_auth */
8697c478bd9Sstevel@tonic-gate
8707c478bd9Sstevel@tonic-gate return (0);
8717c478bd9Sstevel@tonic-gate
8727c478bd9Sstevel@tonic-gate cleanup:
8737c478bd9Sstevel@tonic-gate if (free_results)
8747c478bd9Sstevel@tonic-gate xdr_free(__xdr_rpc_gss_init_res, (caddr_t)&call_res);
8757c478bd9Sstevel@tonic-gate clnt->cl_auth = save_auth; /* restore cl_auth */
8767c478bd9Sstevel@tonic-gate
8777c478bd9Sstevel@tonic-gate /*
8787c478bd9Sstevel@tonic-gate * If need to retry for AUTH_REFRESH, do not cleanup the
8797c478bd9Sstevel@tonic-gate * auth private data.
8807c478bd9Sstevel@tonic-gate */
8817c478bd9Sstevel@tonic-gate if (isrefresh && (error == ETIMEDOUT || error == ECONNRESET)) {
8827c478bd9Sstevel@tonic-gate return (error);
8837c478bd9Sstevel@tonic-gate }
8847c478bd9Sstevel@tonic-gate
8857c478bd9Sstevel@tonic-gate if (ap->context != NULL) {
8867c478bd9Sstevel@tonic-gate rpc_gss_free_pvt(auth);
8877c478bd9Sstevel@tonic-gate }
8887c478bd9Sstevel@tonic-gate
8897c478bd9Sstevel@tonic-gate return (error? error : EACCES);
8907c478bd9Sstevel@tonic-gate }
8917c478bd9Sstevel@tonic-gate
8927c478bd9Sstevel@tonic-gate /*
8937c478bd9Sstevel@tonic-gate * Marshall credentials.
8947c478bd9Sstevel@tonic-gate */
8957c478bd9Sstevel@tonic-gate static bool_t
marshall_creds(ap,xdrs,cred_buf_len)8967c478bd9Sstevel@tonic-gate marshall_creds(ap, xdrs, cred_buf_len)
8977c478bd9Sstevel@tonic-gate rpc_gss_data *ap;
8987c478bd9Sstevel@tonic-gate XDR *xdrs;
8997c478bd9Sstevel@tonic-gate uint_t cred_buf_len;
9007c478bd9Sstevel@tonic-gate {
9017c478bd9Sstevel@tonic-gate rpc_gss_creds ag_creds;
9027c478bd9Sstevel@tonic-gate char *cred_buf;
9037c478bd9Sstevel@tonic-gate struct opaque_auth creds;
9047c478bd9Sstevel@tonic-gate XDR cred_xdrs;
9057c478bd9Sstevel@tonic-gate
9067c478bd9Sstevel@tonic-gate ag_creds.version = ap->version;
9077c478bd9Sstevel@tonic-gate ag_creds.gss_proc = ap->gss_proc;
9087c478bd9Sstevel@tonic-gate ag_creds.seq_num = ap->seq_num;
9097c478bd9Sstevel@tonic-gate ag_creds.service = ap->service;
9107c478bd9Sstevel@tonic-gate
9117c478bd9Sstevel@tonic-gate /*
9127c478bd9Sstevel@tonic-gate * If context has not been set up yet, use NULL handle.
9137c478bd9Sstevel@tonic-gate */
9147c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length > 0)
9157c478bd9Sstevel@tonic-gate ag_creds.ctx_handle = ap->ctx_handle;
9167c478bd9Sstevel@tonic-gate else {
9177c478bd9Sstevel@tonic-gate ag_creds.ctx_handle.length = 0;
9187c478bd9Sstevel@tonic-gate ag_creds.ctx_handle.value = NULL;
9197c478bd9Sstevel@tonic-gate }
9207c478bd9Sstevel@tonic-gate
9217c478bd9Sstevel@tonic-gate cred_buf = kmem_alloc(cred_buf_len, KM_SLEEP);
9227c478bd9Sstevel@tonic-gate xdrmem_create(&cred_xdrs, (caddr_t)cred_buf, cred_buf_len,
9237c478bd9Sstevel@tonic-gate XDR_ENCODE);
9247c478bd9Sstevel@tonic-gate if (!__xdr_rpc_gss_creds(&cred_xdrs, &ag_creds)) {
9257c478bd9Sstevel@tonic-gate kmem_free(cred_buf, MAX_AUTH_BYTES);
9267c478bd9Sstevel@tonic-gate XDR_DESTROY(&cred_xdrs);
9277c478bd9Sstevel@tonic-gate return (FALSE);
9287c478bd9Sstevel@tonic-gate }
9297c478bd9Sstevel@tonic-gate
9307c478bd9Sstevel@tonic-gate creds.oa_flavor = RPCSEC_GSS;
9317c478bd9Sstevel@tonic-gate creds.oa_base = cred_buf;
9327c478bd9Sstevel@tonic-gate creds.oa_length = xdr_getpos(&cred_xdrs);
9337c478bd9Sstevel@tonic-gate XDR_DESTROY(&cred_xdrs);
9347c478bd9Sstevel@tonic-gate
9357c478bd9Sstevel@tonic-gate if (!xdr_opaque_auth(xdrs, &creds)) {
9367c478bd9Sstevel@tonic-gate kmem_free(cred_buf, cred_buf_len);
9377c478bd9Sstevel@tonic-gate return (FALSE);
9387c478bd9Sstevel@tonic-gate }
9397c478bd9Sstevel@tonic-gate
9407c478bd9Sstevel@tonic-gate kmem_free(cred_buf, cred_buf_len);
9417c478bd9Sstevel@tonic-gate return (TRUE);
9427c478bd9Sstevel@tonic-gate }
9437c478bd9Sstevel@tonic-gate
9447c478bd9Sstevel@tonic-gate /*
9457c478bd9Sstevel@tonic-gate * Marshall verifier. The verifier is the checksum of the RPC header
9467c478bd9Sstevel@tonic-gate * up to and including the credential field. The XDR handle that's
9477c478bd9Sstevel@tonic-gate * passed in has the header up to and including the credential field
9487c478bd9Sstevel@tonic-gate * encoded. A pointer to the transmit buffer is also passed in.
9497c478bd9Sstevel@tonic-gate */
9507c478bd9Sstevel@tonic-gate static bool_t
marshall_verf(ap,xdrs,buf)9517c478bd9Sstevel@tonic-gate marshall_verf(ap, xdrs, buf)
9527c478bd9Sstevel@tonic-gate rpc_gss_data *ap;
9537c478bd9Sstevel@tonic-gate XDR *xdrs; /* send XDR */
9547c478bd9Sstevel@tonic-gate char *buf; /* pointer of send buffer */
9557c478bd9Sstevel@tonic-gate {
9567c478bd9Sstevel@tonic-gate struct opaque_auth verf;
9577c478bd9Sstevel@tonic-gate OM_uint32 major, minor;
9587c478bd9Sstevel@tonic-gate gss_buffer_desc in_buf, out_buf;
9597c478bd9Sstevel@tonic-gate bool_t ret = FALSE;
9607c478bd9Sstevel@tonic-gate
9617c478bd9Sstevel@tonic-gate /*
9627c478bd9Sstevel@tonic-gate * If context is not established yet, use NULL verifier.
9637c478bd9Sstevel@tonic-gate */
9647c478bd9Sstevel@tonic-gate if (!ap->established) {
9657c478bd9Sstevel@tonic-gate verf.oa_flavor = AUTH_NONE;
9667c478bd9Sstevel@tonic-gate verf.oa_base = NULL;
9677c478bd9Sstevel@tonic-gate verf.oa_length = 0;
9687c478bd9Sstevel@tonic-gate return (xdr_opaque_auth(xdrs, &verf));
9697c478bd9Sstevel@tonic-gate }
9707c478bd9Sstevel@tonic-gate
9717c478bd9Sstevel@tonic-gate verf.oa_flavor = RPCSEC_GSS;
9727c478bd9Sstevel@tonic-gate in_buf.length = xdr_getpos(xdrs);
9737c478bd9Sstevel@tonic-gate in_buf.value = buf;
9747c478bd9Sstevel@tonic-gate if ((major = kgss_sign(&minor, ap->context, ap->qop, &in_buf,
9757c478bd9Sstevel@tonic-gate &out_buf)) != GSS_S_COMPLETE) {
9767c478bd9Sstevel@tonic-gate if (major == GSS_S_CONTEXT_EXPIRED) {
9777c478bd9Sstevel@tonic-gate ap->invalid = TRUE;
9787c478bd9Sstevel@tonic-gate }
9797c478bd9Sstevel@tonic-gate RPCGSS_LOG1(1,
9807c478bd9Sstevel@tonic-gate "marshall_verf: kgss_sign failed GSS Major %x Minor %x\n",
9817c478bd9Sstevel@tonic-gate major, minor);
9827c478bd9Sstevel@tonic-gate return (FALSE);
9837c478bd9Sstevel@tonic-gate }
9847c478bd9Sstevel@tonic-gate verf.oa_base = out_buf.value;
9857c478bd9Sstevel@tonic-gate verf.oa_length = out_buf.length;
9867c478bd9Sstevel@tonic-gate ret = xdr_opaque_auth(xdrs, &verf);
9877c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor, &out_buf);
9887c478bd9Sstevel@tonic-gate
9897c478bd9Sstevel@tonic-gate return (ret);
9907c478bd9Sstevel@tonic-gate }
9917c478bd9Sstevel@tonic-gate
9927c478bd9Sstevel@tonic-gate /*
9937c478bd9Sstevel@tonic-gate * Validate sequence window upon a successful RPCSEC_GSS INIT session.
9947c478bd9Sstevel@tonic-gate * The sequence window sent back by the server should be verifiable by
9957c478bd9Sstevel@tonic-gate * the verifier which is a checksum of the sequence window.
9967c478bd9Sstevel@tonic-gate */
9977c478bd9Sstevel@tonic-gate static bool_t
validate_seqwin(rpc_gss_data * ap)9987c478bd9Sstevel@tonic-gate validate_seqwin(rpc_gss_data *ap)
9997c478bd9Sstevel@tonic-gate {
10007c478bd9Sstevel@tonic-gate uint_t seq_win_net;
10017c478bd9Sstevel@tonic-gate OM_uint32 major = 0, minor = 0;
10027c478bd9Sstevel@tonic-gate gss_buffer_desc msg_buf, tok_buf;
10037c478bd9Sstevel@tonic-gate int qop_state = 0;
10047c478bd9Sstevel@tonic-gate
10057c478bd9Sstevel@tonic-gate ASSERT(ap->verifier);
10067c478bd9Sstevel@tonic-gate ASSERT(ap->context);
10077c478bd9Sstevel@tonic-gate seq_win_net = (uint_t)htonl(ap->seq_window);
10087c478bd9Sstevel@tonic-gate msg_buf.length = sizeof (seq_win_net);
10097c478bd9Sstevel@tonic-gate msg_buf.value = (char *)&seq_win_net;
10107c478bd9Sstevel@tonic-gate tok_buf.length = ap->verifier->oa_length;
10117c478bd9Sstevel@tonic-gate tok_buf.value = ap->verifier->oa_base;
10127c478bd9Sstevel@tonic-gate major = kgss_verify(&minor, ap->context, &msg_buf, &tok_buf,
10137c478bd9Sstevel@tonic-gate &qop_state);
10147c478bd9Sstevel@tonic-gate
10157c478bd9Sstevel@tonic-gate if (major != GSS_S_COMPLETE) {
10167c478bd9Sstevel@tonic-gate RPCGSS_LOG1(1,
10178ffff9fdSgt29601 "validate_seqwin: kgss_verify failed GSS Major "
10188ffff9fdSgt29601 "%x Minor %x\n", major, minor);
10197c478bd9Sstevel@tonic-gate RPCGSS_LOG1(1, "seq_window %d, verf len %d ", ap->seq_window,
10207c478bd9Sstevel@tonic-gate ap->verifier->oa_length);
10217c478bd9Sstevel@tonic-gate return (FALSE);
10227c478bd9Sstevel@tonic-gate }
10237c478bd9Sstevel@tonic-gate return (TRUE);
10247c478bd9Sstevel@tonic-gate }
10257c478bd9Sstevel@tonic-gate
10267c478bd9Sstevel@tonic-gate /*
10277c478bd9Sstevel@tonic-gate * Validate RPC response verifier from server. The response verifier
10287c478bd9Sstevel@tonic-gate * is the checksum of the request sequence number.
10297c478bd9Sstevel@tonic-gate */
10307c478bd9Sstevel@tonic-gate static bool_t
rpc_gss_validate(auth,verf)10317c478bd9Sstevel@tonic-gate rpc_gss_validate(auth, verf)
10327c478bd9Sstevel@tonic-gate AUTH *auth;
10337c478bd9Sstevel@tonic-gate struct opaque_auth *verf;
10347c478bd9Sstevel@tonic-gate {
10357c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
10367c478bd9Sstevel@tonic-gate uint_t seq_num_net;
10377c478bd9Sstevel@tonic-gate OM_uint32 major, minor;
10387c478bd9Sstevel@tonic-gate gss_buffer_desc msg_buf, tok_buf;
10397c478bd9Sstevel@tonic-gate int qop_state;
10407c478bd9Sstevel@tonic-gate
10417c478bd9Sstevel@tonic-gate /*
10427c478bd9Sstevel@tonic-gate * If context is not established yet, save the verifier for
10437c478bd9Sstevel@tonic-gate * validating the sequence window later at the end of context
10447c478bd9Sstevel@tonic-gate * creation session.
10457c478bd9Sstevel@tonic-gate */
10467c478bd9Sstevel@tonic-gate if (!ap->established) {
10477c478bd9Sstevel@tonic-gate if (ap->verifier == NULL) {
10487c478bd9Sstevel@tonic-gate ap->verifier = kmem_zalloc(sizeof (struct opaque_auth),
10497c478bd9Sstevel@tonic-gate KM_SLEEP);
10507c478bd9Sstevel@tonic-gate if (verf->oa_length > 0)
10517c478bd9Sstevel@tonic-gate ap->verifier->oa_base = kmem_zalloc(verf->oa_length,
10527c478bd9Sstevel@tonic-gate KM_SLEEP);
10537c478bd9Sstevel@tonic-gate } else {
10547c478bd9Sstevel@tonic-gate if (ap->verifier->oa_length > 0)
10557c478bd9Sstevel@tonic-gate kmem_free(ap->verifier->oa_base, ap->verifier->oa_length);
10567c478bd9Sstevel@tonic-gate if (verf->oa_length > 0)
10577c478bd9Sstevel@tonic-gate ap->verifier->oa_base = kmem_zalloc(verf->oa_length,
10587c478bd9Sstevel@tonic-gate KM_SLEEP);
10597c478bd9Sstevel@tonic-gate }
10607c478bd9Sstevel@tonic-gate ap->verifier->oa_length = verf->oa_length;
10617c478bd9Sstevel@tonic-gate bcopy(verf->oa_base, ap->verifier->oa_base, verf->oa_length);
10627c478bd9Sstevel@tonic-gate return (TRUE);
10637c478bd9Sstevel@tonic-gate }
10647c478bd9Sstevel@tonic-gate
10657c478bd9Sstevel@tonic-gate seq_num_net = (uint_t)htonl(ap->seq_num);
10667c478bd9Sstevel@tonic-gate msg_buf.length = sizeof (seq_num_net);
10677c478bd9Sstevel@tonic-gate msg_buf.value = (char *)&seq_num_net;
10687c478bd9Sstevel@tonic-gate tok_buf.length = verf->oa_length;
10697c478bd9Sstevel@tonic-gate tok_buf.value = verf->oa_base;
10707c478bd9Sstevel@tonic-gate major = kgss_verify(&minor, ap->context, &msg_buf, &tok_buf,
10717c478bd9Sstevel@tonic-gate &qop_state);
10727c478bd9Sstevel@tonic-gate if (major != GSS_S_COMPLETE) {
10737c478bd9Sstevel@tonic-gate RPCGSS_LOG1(1,
10747c478bd9Sstevel@tonic-gate "rpc_gss_validate: kgss_verify failed GSS Major %x Minor %x\n",
10757c478bd9Sstevel@tonic-gate major, minor);
10767c478bd9Sstevel@tonic-gate return (FALSE);
10777c478bd9Sstevel@tonic-gate }
10787c478bd9Sstevel@tonic-gate return (TRUE);
10797c478bd9Sstevel@tonic-gate }
10807c478bd9Sstevel@tonic-gate
10817c478bd9Sstevel@tonic-gate /*
10827c478bd9Sstevel@tonic-gate * Refresh client context. This is necessary sometimes because the
10837c478bd9Sstevel@tonic-gate * server will ocassionally destroy contexts based on LRU method, or
10847c478bd9Sstevel@tonic-gate * because of expired credentials.
10857c478bd9Sstevel@tonic-gate */
10867c478bd9Sstevel@tonic-gate static bool_t
rpc_gss_refresh(auth,msg,cr)10877c478bd9Sstevel@tonic-gate rpc_gss_refresh(auth, msg, cr)
10887c478bd9Sstevel@tonic-gate AUTH *auth;
10897c478bd9Sstevel@tonic-gate struct rpc_msg *msg;
10907c478bd9Sstevel@tonic-gate cred_t *cr;
10917c478bd9Sstevel@tonic-gate {
10927c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
10937c478bd9Sstevel@tonic-gate gss_ctx_id_t ctx_sav = NULL;
10947c478bd9Sstevel@tonic-gate gss_buffer_desc ctx_hdle_sav = {0, NULL};
10957c478bd9Sstevel@tonic-gate uint_t sn_sav, proc_sav;
10967c478bd9Sstevel@tonic-gate bool_t est_sav;
10977c478bd9Sstevel@tonic-gate OM_uint32 gssstat, minor_stat;
10987c478bd9Sstevel@tonic-gate int error;
10997c478bd9Sstevel@tonic-gate
11007c478bd9Sstevel@tonic-gate /*
11017c478bd9Sstevel@tonic-gate * The context needs to be recreated only when the error status
11027c478bd9Sstevel@tonic-gate * returned from the server is one of the following:
11037c478bd9Sstevel@tonic-gate * RPCSEC_GSS_NOCRED and RPCSEC_GSS_FAILED
11047c478bd9Sstevel@tonic-gate * The existing context should not be destroyed unless the above
11057c478bd9Sstevel@tonic-gate * error status codes are received or if the context has not
11067c478bd9Sstevel@tonic-gate * been set up.
11077c478bd9Sstevel@tonic-gate */
11087c478bd9Sstevel@tonic-gate
11097c478bd9Sstevel@tonic-gate if (msg->rjcted_rply.rj_why == RPCSEC_GSS_NOCRED ||
11107c478bd9Sstevel@tonic-gate msg->rjcted_rply.rj_why == RPCSEC_GSS_FAILED ||
11117c478bd9Sstevel@tonic-gate !ap->established) {
11127c478bd9Sstevel@tonic-gate /*
11137c478bd9Sstevel@tonic-gate * Destroy the context if necessary. Use the same memory
11147c478bd9Sstevel@tonic-gate * for the new context since we've already passed a pointer
11157c478bd9Sstevel@tonic-gate * to it to the user.
11167c478bd9Sstevel@tonic-gate */
11177c478bd9Sstevel@tonic-gate if (ap->context != NULL) {
11187c478bd9Sstevel@tonic-gate ctx_sav = ap->context;
11197c478bd9Sstevel@tonic-gate ap->context = NULL;
11207c478bd9Sstevel@tonic-gate }
11217c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length != 0) {
11227c478bd9Sstevel@tonic-gate ctx_hdle_sav.length = ap->ctx_handle.length;
11237c478bd9Sstevel@tonic-gate ctx_hdle_sav.value = ap->ctx_handle.value;
11247c478bd9Sstevel@tonic-gate ap->ctx_handle.length = 0;
11257c478bd9Sstevel@tonic-gate ap->ctx_handle.value = NULL;
11267c478bd9Sstevel@tonic-gate }
11277c478bd9Sstevel@tonic-gate
11287c478bd9Sstevel@tonic-gate /*
11297c478bd9Sstevel@tonic-gate * If the context was not already established, don't try to
11307c478bd9Sstevel@tonic-gate * recreate it.
11317c478bd9Sstevel@tonic-gate */
11327c478bd9Sstevel@tonic-gate if (!ap->established) {
11337c478bd9Sstevel@tonic-gate ap->invalid = TRUE;
11347c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1,
11357c478bd9Sstevel@tonic-gate "rpc_gss_refresh: context was not established\n");
11367c478bd9Sstevel@tonic-gate error = EINVAL;
11377c478bd9Sstevel@tonic-gate goto out;
11387c478bd9Sstevel@tonic-gate }
11397c478bd9Sstevel@tonic-gate
11407c478bd9Sstevel@tonic-gate est_sav = ap->established;
11417c478bd9Sstevel@tonic-gate sn_sav = ap->seq_num;
11427c478bd9Sstevel@tonic-gate proc_sav = ap->gss_proc;
11437c478bd9Sstevel@tonic-gate
11447c478bd9Sstevel@tonic-gate /*
11457c478bd9Sstevel@tonic-gate * Recreate context.
11467c478bd9Sstevel@tonic-gate */
11477c478bd9Sstevel@tonic-gate error = rpc_gss_seccreate_pvt(&gssstat, &minor_stat, auth,
11487c478bd9Sstevel@tonic-gate ap, ap->mech_type, (gss_OID *)NULL, (int *)NULL,
11497c478bd9Sstevel@tonic-gate (OM_uint32 *)NULL, cr, 1);
11507c478bd9Sstevel@tonic-gate
11517c478bd9Sstevel@tonic-gate switch (error) {
11527c478bd9Sstevel@tonic-gate case 0:
11537c478bd9Sstevel@tonic-gate RPCGSS_LOG(1,
11547c478bd9Sstevel@tonic-gate "rpc_gss_refresh: auth %p refreshed\n", (void *)auth);
11557c478bd9Sstevel@tonic-gate goto out;
11567c478bd9Sstevel@tonic-gate
11577c478bd9Sstevel@tonic-gate case ETIMEDOUT:
11587c478bd9Sstevel@tonic-gate case ECONNRESET:
11597c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_refresh: try again\n");
11607c478bd9Sstevel@tonic-gate
11617c478bd9Sstevel@tonic-gate if (ap->context != NULL) {
11627c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(&minor_stat,
11637c478bd9Sstevel@tonic-gate &ap->context, NULL);
11647c478bd9Sstevel@tonic-gate }
11657c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length != 0) {
11667c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_stat,
11677c478bd9Sstevel@tonic-gate &ap->ctx_handle);
11687c478bd9Sstevel@tonic-gate }
11697c478bd9Sstevel@tonic-gate
11707c478bd9Sstevel@tonic-gate /*
11717c478bd9Sstevel@tonic-gate * Restore the original value for the caller to
11727c478bd9Sstevel@tonic-gate * try again later.
11737c478bd9Sstevel@tonic-gate */
11747c478bd9Sstevel@tonic-gate ap->context = ctx_sav;
11757c478bd9Sstevel@tonic-gate ap->ctx_handle.length = ctx_hdle_sav.length;
11767c478bd9Sstevel@tonic-gate ap->ctx_handle.value = ctx_hdle_sav.value;
11777c478bd9Sstevel@tonic-gate ap->established = est_sav;
11787c478bd9Sstevel@tonic-gate ap->seq_num = sn_sav;
11797c478bd9Sstevel@tonic-gate ap->gss_proc = proc_sav;
11807c478bd9Sstevel@tonic-gate
11817c478bd9Sstevel@tonic-gate return (FALSE);
11827c478bd9Sstevel@tonic-gate
11837c478bd9Sstevel@tonic-gate default:
11847c478bd9Sstevel@tonic-gate ap->invalid = TRUE;
11857c478bd9Sstevel@tonic-gate RPCGSS_LOG(1, "rpc_gss_refresh: can't refresh this "
11867c478bd9Sstevel@tonic-gate "auth, error=%d\n", error);
11877c478bd9Sstevel@tonic-gate goto out;
11887c478bd9Sstevel@tonic-gate }
11897c478bd9Sstevel@tonic-gate }
11907c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_refresh: don't refresh");
11917c478bd9Sstevel@tonic-gate return (FALSE);
11927c478bd9Sstevel@tonic-gate
11937c478bd9Sstevel@tonic-gate out:
11947c478bd9Sstevel@tonic-gate if (ctx_sav != NULL) {
11957c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(&minor_stat,
11967c478bd9Sstevel@tonic-gate &ctx_sav, NULL);
11977c478bd9Sstevel@tonic-gate }
11987c478bd9Sstevel@tonic-gate if (ctx_hdle_sav.length != 0) {
11997c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_stat, &ctx_hdle_sav);
12007c478bd9Sstevel@tonic-gate }
12017c478bd9Sstevel@tonic-gate
12027c478bd9Sstevel@tonic-gate return (error == 0);
12037c478bd9Sstevel@tonic-gate }
12047c478bd9Sstevel@tonic-gate
12057c478bd9Sstevel@tonic-gate /*
12067c478bd9Sstevel@tonic-gate * Destroy a context.
12077c478bd9Sstevel@tonic-gate */
12087c478bd9Sstevel@tonic-gate static void
rpc_gss_destroy(auth)12097c478bd9Sstevel@tonic-gate rpc_gss_destroy(auth)
12107c478bd9Sstevel@tonic-gate AUTH *auth;
12117c478bd9Sstevel@tonic-gate {
12127c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
12137c478bd9Sstevel@tonic-gate
12147c478bd9Sstevel@tonic-gate /*
12157c478bd9Sstevel@tonic-gate * XXX Currently, we do not ping the server (rpc_gss_destroy_pvt)
12167c478bd9Sstevel@tonic-gate * to destroy the context in the server cache.
12177c478bd9Sstevel@tonic-gate * We assume there is a good LRU/aging mechanism for the
12187c478bd9Sstevel@tonic-gate * context cache on the server side.
12197c478bd9Sstevel@tonic-gate */
12207c478bd9Sstevel@tonic-gate rpc_gss_free_pvt(auth);
12217c478bd9Sstevel@tonic-gate kmem_free((char *)ap, sizeof (*ap));
12227c478bd9Sstevel@tonic-gate kmem_free(auth, sizeof (*auth));
12237c478bd9Sstevel@tonic-gate }
12247c478bd9Sstevel@tonic-gate
12257c478bd9Sstevel@tonic-gate /*
12267c478bd9Sstevel@tonic-gate * Private interface to free memory allocated in the rpcsec_gss private
12277c478bd9Sstevel@tonic-gate * data structure (rpc_gss_data).
12287c478bd9Sstevel@tonic-gate */
12297c478bd9Sstevel@tonic-gate static void
rpc_gss_free_pvt(auth)12307c478bd9Sstevel@tonic-gate rpc_gss_free_pvt(auth)
12317c478bd9Sstevel@tonic-gate AUTH *auth;
12327c478bd9Sstevel@tonic-gate {
12337c478bd9Sstevel@tonic-gate OM_uint32 minor_stat;
12347c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
12357c478bd9Sstevel@tonic-gate
12367c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length != 0) {
12377c478bd9Sstevel@tonic-gate (void) gss_release_buffer(&minor_stat, &ap->ctx_handle);
12387c478bd9Sstevel@tonic-gate ap->ctx_handle.length = 0;
12397c478bd9Sstevel@tonic-gate ap->ctx_handle.value = NULL;
12407c478bd9Sstevel@tonic-gate }
12417c478bd9Sstevel@tonic-gate
12427c478bd9Sstevel@tonic-gate /*
12437c478bd9Sstevel@tonic-gate * Destroy local GSS context.
12447c478bd9Sstevel@tonic-gate */
12457c478bd9Sstevel@tonic-gate if (ap->context != NULL) {
12467c478bd9Sstevel@tonic-gate (void) kgss_delete_sec_context(&minor_stat, &ap->context, NULL);
12477c478bd9Sstevel@tonic-gate ap->context = NULL;
12487c478bd9Sstevel@tonic-gate }
12497c478bd9Sstevel@tonic-gate
12507c478bd9Sstevel@tonic-gate /*
12517c478bd9Sstevel@tonic-gate * Looks like we need to release default credentials if we use it.
12527c478bd9Sstevel@tonic-gate * Non-default creds need to be released by user.
12537c478bd9Sstevel@tonic-gate */
12547c478bd9Sstevel@tonic-gate if (ap->my_cred == GSS_C_NO_CREDENTIAL)
12557c478bd9Sstevel@tonic-gate (void) kgss_release_cred(&minor_stat, &ap->my_cred,
12567c478bd9Sstevel@tonic-gate crgetuid(CRED()));
12577c478bd9Sstevel@tonic-gate
12587c478bd9Sstevel@tonic-gate /*
12597c478bd9Sstevel@tonic-gate * Release any internal name structures.
12607c478bd9Sstevel@tonic-gate */
12617c478bd9Sstevel@tonic-gate if (ap->target_name != NULL) {
12627c478bd9Sstevel@tonic-gate (void) gss_release_name(&minor_stat, &ap->target_name);
12637c478bd9Sstevel@tonic-gate ap->target_name = NULL;
12647c478bd9Sstevel@tonic-gate }
12657c478bd9Sstevel@tonic-gate
12667c478bd9Sstevel@tonic-gate /*
12677c478bd9Sstevel@tonic-gate * Free mech_type oid structure.
12687c478bd9Sstevel@tonic-gate */
12697c478bd9Sstevel@tonic-gate if (ap->mech_type != NULL) {
12707c478bd9Sstevel@tonic-gate kgss_free_oid(ap->mech_type);
12717c478bd9Sstevel@tonic-gate ap->mech_type = NULL;
12727c478bd9Sstevel@tonic-gate }
12737c478bd9Sstevel@tonic-gate
12747c478bd9Sstevel@tonic-gate /*
12757c478bd9Sstevel@tonic-gate * Free the verifier saved for sequence window checking.
12767c478bd9Sstevel@tonic-gate */
12777c478bd9Sstevel@tonic-gate if (ap->verifier != NULL) {
12787c478bd9Sstevel@tonic-gate if (ap->verifier->oa_length > 0) {
12797c478bd9Sstevel@tonic-gate kmem_free(ap->verifier->oa_base, ap->verifier->oa_length);
12807c478bd9Sstevel@tonic-gate }
12817c478bd9Sstevel@tonic-gate kmem_free(ap->verifier, sizeof (struct opaque_auth));
12827c478bd9Sstevel@tonic-gate ap->verifier = NULL;
12837c478bd9Sstevel@tonic-gate }
12847c478bd9Sstevel@tonic-gate }
12857c478bd9Sstevel@tonic-gate
12867c478bd9Sstevel@tonic-gate #if 0
12877c478bd9Sstevel@tonic-gate /*
12887c478bd9Sstevel@tonic-gate * XXX this function is not used right now.
12897c478bd9Sstevel@tonic-gate * There is a client handle issue needs to be resolved.
12907c478bd9Sstevel@tonic-gate *
12917c478bd9Sstevel@tonic-gate * This is a private interface which will destroy a context
12927c478bd9Sstevel@tonic-gate * without freeing up the memory used by it. We need to do this when
12937c478bd9Sstevel@tonic-gate * a refresh fails, for example, so the user will still have a handle.
12947c478bd9Sstevel@tonic-gate */
12957c478bd9Sstevel@tonic-gate static void
12967c478bd9Sstevel@tonic-gate rpc_gss_destroy_pvt(auth)
12977c478bd9Sstevel@tonic-gate AUTH *auth;
12987c478bd9Sstevel@tonic-gate {
12997c478bd9Sstevel@tonic-gate struct timeval timeout;
13007c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
13017c478bd9Sstevel@tonic-gate
13027c478bd9Sstevel@tonic-gate /*
13037c478bd9Sstevel@tonic-gate * If we have a server context id, inform server that we are
13047c478bd9Sstevel@tonic-gate * destroying the context.
13057c478bd9Sstevel@tonic-gate */
13067c478bd9Sstevel@tonic-gate if (ap->ctx_handle.length != 0) {
13077c478bd9Sstevel@tonic-gate uint32_t oldxid;
13087c478bd9Sstevel@tonic-gate uint32_t zeroxid = 0;
13097c478bd9Sstevel@tonic-gate
13107c478bd9Sstevel@tonic-gate ap->gss_proc = RPCSEC_GSS_DESTROY;
13117c478bd9Sstevel@tonic-gate timeout.tv_sec = 10;
13127c478bd9Sstevel@tonic-gate timeout.tv_usec = 0;
13137c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(ap->clnt, CLGET_XID, (char *)&oldxid);
13147c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(ap->clnt, CLSET_XID, (char *)&zeroxid);
13157c478bd9Sstevel@tonic-gate (void) clnt_call(ap->clnt, NULLPROC, xdr_void, NULL,
13167c478bd9Sstevel@tonic-gate xdr_void, NULL, timeout);
13177c478bd9Sstevel@tonic-gate (void) CLNT_CONTROL(ap->clnt, CLSET_XID, (char *)&oldxid);
13187c478bd9Sstevel@tonic-gate }
13197c478bd9Sstevel@tonic-gate
13207c478bd9Sstevel@tonic-gate rpc_gss_free_pvt(auth);
13217c478bd9Sstevel@tonic-gate }
13227c478bd9Sstevel@tonic-gate #endif
13237c478bd9Sstevel@tonic-gate
13247c478bd9Sstevel@tonic-gate /*
13257c478bd9Sstevel@tonic-gate * Wrap client side data. The encoded header is passed in through
13267c478bd9Sstevel@tonic-gate * buf and buflen. The header is up to but not including the
13277c478bd9Sstevel@tonic-gate * credential field.
13287c478bd9Sstevel@tonic-gate */
13297c478bd9Sstevel@tonic-gate bool_t
rpc_gss_wrap(auth,buf,buflen,out_xdrs,xdr_func,xdr_ptr)13307c478bd9Sstevel@tonic-gate rpc_gss_wrap(auth, buf, buflen, out_xdrs, xdr_func, xdr_ptr)
13317c478bd9Sstevel@tonic-gate AUTH *auth;
13327c478bd9Sstevel@tonic-gate char *buf; /* encoded header */
13337c478bd9Sstevel@tonic-gate /* has been changed to u_int in the user land */
13347c478bd9Sstevel@tonic-gate uint_t buflen; /* encoded header length */
13357c478bd9Sstevel@tonic-gate XDR *out_xdrs;
13367c478bd9Sstevel@tonic-gate xdrproc_t xdr_func;
13377c478bd9Sstevel@tonic-gate caddr_t xdr_ptr;
13387c478bd9Sstevel@tonic-gate {
13397c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
13407c478bd9Sstevel@tonic-gate XDR xdrs;
13417c478bd9Sstevel@tonic-gate char *tmp_buf;
13427c478bd9Sstevel@tonic-gate uint_t xdr_buf_len, cred_buf_len;
13437c478bd9Sstevel@tonic-gate
13447c478bd9Sstevel@tonic-gate /*
13457c478bd9Sstevel@tonic-gate * Here is how MAX_SIGNED_LEN is estimated.
13467c478bd9Sstevel@tonic-gate * Signing a 48 bytes buffer using des_cbc_md5 would end up with
13477c478bd9Sstevel@tonic-gate * a buffer length 33 (padded data + 16 bytes of seq_num/checksum).
13487c478bd9Sstevel@tonic-gate * Current known max seq_num/checksum size is 24 bytes.
13497c478bd9Sstevel@tonic-gate * 88 is derived from RNDUP(33+(24-16)) * 2.
13507c478bd9Sstevel@tonic-gate */
13517c478bd9Sstevel@tonic-gate #define MAX_SIGNED_LEN 88
13527c478bd9Sstevel@tonic-gate
13537c478bd9Sstevel@tonic-gate /*
13547c478bd9Sstevel@tonic-gate * Reject an invalid context.
13557c478bd9Sstevel@tonic-gate */
13567c478bd9Sstevel@tonic-gate if (ap->invalid) {
13577c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_wrap: reject an invalid context\n");
13587c478bd9Sstevel@tonic-gate return (FALSE);
13597c478bd9Sstevel@tonic-gate }
13607c478bd9Sstevel@tonic-gate
13617c478bd9Sstevel@tonic-gate /*
13627c478bd9Sstevel@tonic-gate * If context is established, bump up sequence number.
13637c478bd9Sstevel@tonic-gate */
13647c478bd9Sstevel@tonic-gate if (ap->established)
13657c478bd9Sstevel@tonic-gate ap->seq_num++;
13667c478bd9Sstevel@tonic-gate
13677c478bd9Sstevel@tonic-gate /*
13687c478bd9Sstevel@tonic-gate * Create the header in a temporary XDR context and buffer
13697c478bd9Sstevel@tonic-gate * before putting it out.
13707c478bd9Sstevel@tonic-gate */
13717c478bd9Sstevel@tonic-gate cred_buf_len = RNDUP(sizeof (ap->version) + sizeof (ap->gss_proc) +
13727c478bd9Sstevel@tonic-gate sizeof (ap->seq_num) + sizeof (ap->service) +
13737c478bd9Sstevel@tonic-gate sizeof (ap->ctx_handle) + ap->ctx_handle.length);
13747c478bd9Sstevel@tonic-gate
13757c478bd9Sstevel@tonic-gate xdr_buf_len = buflen + cred_buf_len + sizeof (struct opaque_auth) +
13767c478bd9Sstevel@tonic-gate MAX_SIGNED_LEN;
13777c478bd9Sstevel@tonic-gate tmp_buf = kmem_alloc(xdr_buf_len, KM_SLEEP);
13787c478bd9Sstevel@tonic-gate xdrmem_create(&xdrs, tmp_buf, xdr_buf_len, XDR_ENCODE);
13797c478bd9Sstevel@tonic-gate if (!XDR_PUTBYTES(&xdrs, buf, buflen)) {
13807c478bd9Sstevel@tonic-gate kmem_free(tmp_buf, xdr_buf_len);
13817c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_wrap: xdr putbytes failed\n");
13827c478bd9Sstevel@tonic-gate return (FALSE);
13837c478bd9Sstevel@tonic-gate }
13847c478bd9Sstevel@tonic-gate
13857c478bd9Sstevel@tonic-gate /*
13867c478bd9Sstevel@tonic-gate * create cred field
13877c478bd9Sstevel@tonic-gate */
13887c478bd9Sstevel@tonic-gate if (!marshall_creds(ap, &xdrs, cred_buf_len)) {
13897c478bd9Sstevel@tonic-gate kmem_free(tmp_buf, xdr_buf_len);
13907c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_wrap: marshall_creds failed\n");
13917c478bd9Sstevel@tonic-gate return (FALSE);
13927c478bd9Sstevel@tonic-gate }
13937c478bd9Sstevel@tonic-gate
13947c478bd9Sstevel@tonic-gate /*
13957c478bd9Sstevel@tonic-gate * create verifier
13967c478bd9Sstevel@tonic-gate */
13977c478bd9Sstevel@tonic-gate if (!marshall_verf(ap, &xdrs, tmp_buf)) {
13987c478bd9Sstevel@tonic-gate kmem_free(tmp_buf, xdr_buf_len);
13997c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_wrap: marshall_verf failed\n");
14007c478bd9Sstevel@tonic-gate return (FALSE);
14017c478bd9Sstevel@tonic-gate }
14027c478bd9Sstevel@tonic-gate
14037c478bd9Sstevel@tonic-gate /*
14047c478bd9Sstevel@tonic-gate * write out header and destroy temp structures
14057c478bd9Sstevel@tonic-gate */
14067c478bd9Sstevel@tonic-gate if (!XDR_PUTBYTES(out_xdrs, tmp_buf, XDR_GETPOS(&xdrs))) {
14077c478bd9Sstevel@tonic-gate kmem_free(tmp_buf, xdr_buf_len);
14087c478bd9Sstevel@tonic-gate RPCGSS_LOG0(1, "rpc_gss_wrap: write out header failed\n");
14097c478bd9Sstevel@tonic-gate return (FALSE);
14107c478bd9Sstevel@tonic-gate }
14117c478bd9Sstevel@tonic-gate XDR_DESTROY(&xdrs);
14127c478bd9Sstevel@tonic-gate kmem_free(tmp_buf, xdr_buf_len);
14137c478bd9Sstevel@tonic-gate
14147c478bd9Sstevel@tonic-gate /*
14157c478bd9Sstevel@tonic-gate * If context is not established, or if neither integrity
14167c478bd9Sstevel@tonic-gate * nor privacy is used, just XDR encode data.
14177c478bd9Sstevel@tonic-gate */
14187c478bd9Sstevel@tonic-gate if (!ap->established || ap->service == rpc_gss_svc_none) {
14197c478bd9Sstevel@tonic-gate return ((*xdr_func)(out_xdrs, xdr_ptr));
14207c478bd9Sstevel@tonic-gate }
14217c478bd9Sstevel@tonic-gate
14227c478bd9Sstevel@tonic-gate return (__rpc_gss_wrap_data(ap->service, ap->qop, ap->context,
14237c478bd9Sstevel@tonic-gate ap->seq_num, out_xdrs, xdr_func, xdr_ptr));
14247c478bd9Sstevel@tonic-gate }
14257c478bd9Sstevel@tonic-gate
14267c478bd9Sstevel@tonic-gate /*
14277c478bd9Sstevel@tonic-gate * Unwrap received data.
14287c478bd9Sstevel@tonic-gate */
14297c478bd9Sstevel@tonic-gate bool_t
rpc_gss_unwrap(auth,in_xdrs,xdr_func,xdr_ptr)14307c478bd9Sstevel@tonic-gate rpc_gss_unwrap(auth, in_xdrs, xdr_func, xdr_ptr)
14317c478bd9Sstevel@tonic-gate AUTH *auth;
14327c478bd9Sstevel@tonic-gate XDR *in_xdrs;
14337c478bd9Sstevel@tonic-gate bool_t (*xdr_func)();
14347c478bd9Sstevel@tonic-gate caddr_t xdr_ptr;
14357c478bd9Sstevel@tonic-gate {
14367c478bd9Sstevel@tonic-gate rpc_gss_data *ap = AUTH_PRIVATE(auth);
14377c478bd9Sstevel@tonic-gate
14387c478bd9Sstevel@tonic-gate /*
14397c478bd9Sstevel@tonic-gate * If context is not established, of if neither integrity
14407c478bd9Sstevel@tonic-gate * nor privacy is used, just XDR encode data.
14417c478bd9Sstevel@tonic-gate */
14427c478bd9Sstevel@tonic-gate if (!ap->established || ap->service == rpc_gss_svc_none)
14437c478bd9Sstevel@tonic-gate return ((*xdr_func)(in_xdrs, xdr_ptr));
14447c478bd9Sstevel@tonic-gate
14457c478bd9Sstevel@tonic-gate return (__rpc_gss_unwrap_data(ap->service,
14467c478bd9Sstevel@tonic-gate ap->context,
14477c478bd9Sstevel@tonic-gate ap->seq_num,
14487c478bd9Sstevel@tonic-gate ap->qop,
14497c478bd9Sstevel@tonic-gate in_xdrs, xdr_func, xdr_ptr));
14507c478bd9Sstevel@tonic-gate }
14517c478bd9Sstevel@tonic-gate
14527c478bd9Sstevel@tonic-gate /*
14537c478bd9Sstevel@tonic-gate * Revoke an GSSAPI based security credentials
14547c478bd9Sstevel@tonic-gate * from the cache table.
14557c478bd9Sstevel@tonic-gate */
14567c478bd9Sstevel@tonic-gate int
rpc_gss_revauth(uid_t uid,rpc_gss_OID mech)14577c478bd9Sstevel@tonic-gate rpc_gss_revauth(uid_t uid, rpc_gss_OID mech)
14587c478bd9Sstevel@tonic-gate {
14597c478bd9Sstevel@tonic-gate struct ga_cache_entry *next, *prev, *cur;
14607c478bd9Sstevel@tonic-gate rpc_gss_data *ap;
14617c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid();
14627c478bd9Sstevel@tonic-gate int i;
14637c478bd9Sstevel@tonic-gate
14647c478bd9Sstevel@tonic-gate /*
14657c478bd9Sstevel@tonic-gate * Check the cache table against the uid and the
14667c478bd9Sstevel@tonic-gate * mechanism type.
14677c478bd9Sstevel@tonic-gate */
14687c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
14697c478bd9Sstevel@tonic-gate for (i = 0; i < GSSAUTH_TABLESIZE; i++) {
14707c478bd9Sstevel@tonic-gate prev = NULL;
14717c478bd9Sstevel@tonic-gate for (cur = ga_cache_table[i]; cur; cur = next) {
14727c478bd9Sstevel@tonic-gate NOT_DEAD(cur);
14737c478bd9Sstevel@tonic-gate next = cur->next;
14747c478bd9Sstevel@tonic-gate NOT_DEAD(next);
14757c478bd9Sstevel@tonic-gate ap = AUTH_PRIVATE(cur->auth);
14767c478bd9Sstevel@tonic-gate if (__rpc_gss_oids_equal(ap->mech_type,
14777c478bd9Sstevel@tonic-gate (gss_OID) mech) && (cur->uid == uid) &&
14787c478bd9Sstevel@tonic-gate (cur->zoneid == zoneid)) {
14797c478bd9Sstevel@tonic-gate if (cur->in_use) {
14807c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_revauth:invalid "
14817c478bd9Sstevel@tonic-gate "auth %p\n", (void *)cur->auth);
14827c478bd9Sstevel@tonic-gate ap->invalid = TRUE;
14837c478bd9Sstevel@tonic-gate } else {
14847c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_revauth:destroy "
14857c478bd9Sstevel@tonic-gate "auth %p\n", (void *)cur->auth);
14867c478bd9Sstevel@tonic-gate rpc_gss_destroy(cur->auth);
14877c478bd9Sstevel@tonic-gate kmem_cache_free(ga_cache_handle,
14887c478bd9Sstevel@tonic-gate (void *)cur);
14897c478bd9Sstevel@tonic-gate }
14907c478bd9Sstevel@tonic-gate if (prev == NULL) {
14917c478bd9Sstevel@tonic-gate ga_cache_table[i] = next;
14927c478bd9Sstevel@tonic-gate } else {
14937c478bd9Sstevel@tonic-gate prev->next = next;
14947c478bd9Sstevel@tonic-gate NOT_DEAD(prev->next);
14957c478bd9Sstevel@tonic-gate }
14967c478bd9Sstevel@tonic-gate } else {
14977c478bd9Sstevel@tonic-gate prev = cur;
14987c478bd9Sstevel@tonic-gate }
14997c478bd9Sstevel@tonic-gate }
15007c478bd9Sstevel@tonic-gate }
15017c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
15027c478bd9Sstevel@tonic-gate
15037c478bd9Sstevel@tonic-gate return (0);
15047c478bd9Sstevel@tonic-gate }
15057c478bd9Sstevel@tonic-gate
15067c478bd9Sstevel@tonic-gate
15077c478bd9Sstevel@tonic-gate /*
15087c478bd9Sstevel@tonic-gate * Delete all the entries indexed by the cache_key.
15097c478bd9Sstevel@tonic-gate *
15107c478bd9Sstevel@tonic-gate * For example, the cache_key used for NFS is the address of the
15117c478bd9Sstevel@tonic-gate * security entry for each mount point. When the file system is unmounted,
15127c478bd9Sstevel@tonic-gate * all the cache entries indexed by this key should be deleted.
15137c478bd9Sstevel@tonic-gate */
15147c478bd9Sstevel@tonic-gate void
rpc_gss_secpurge(void * cache_key)15157c478bd9Sstevel@tonic-gate rpc_gss_secpurge(void *cache_key)
15167c478bd9Sstevel@tonic-gate {
15177c478bd9Sstevel@tonic-gate struct ga_cache_entry *next, *prev, *cur;
15187c478bd9Sstevel@tonic-gate int i;
15197c478bd9Sstevel@tonic-gate
15207c478bd9Sstevel@tonic-gate /*
15217c478bd9Sstevel@tonic-gate * Check the cache table against the cache_key.
15227c478bd9Sstevel@tonic-gate */
15237c478bd9Sstevel@tonic-gate rw_enter(&ga_cache_table_lock, RW_WRITER);
15247c478bd9Sstevel@tonic-gate for (i = 0; i < GSSAUTH_TABLESIZE; i++) {
15257c478bd9Sstevel@tonic-gate prev = NULL;
15267c478bd9Sstevel@tonic-gate for (cur = ga_cache_table[i]; cur; cur = next) {
15277c478bd9Sstevel@tonic-gate NOT_DEAD(cur);
15287c478bd9Sstevel@tonic-gate next = cur->next;
15297c478bd9Sstevel@tonic-gate NOT_DEAD(next);
15307c478bd9Sstevel@tonic-gate if (cache_key == cur->cache_key) {
15317c478bd9Sstevel@tonic-gate RPCGSS_LOG(2, "rpc_gss_secpurge: destroy auth "
15327c478bd9Sstevel@tonic-gate "%p\n", (void *)cur->auth);
15338ffff9fdSgt29601 if (cur->in_use == FALSE)
15347c478bd9Sstevel@tonic-gate rpc_gss_destroy(cur->auth);
15357c478bd9Sstevel@tonic-gate kmem_cache_free(ga_cache_handle, (void *)cur);
15367c478bd9Sstevel@tonic-gate if (prev == NULL) {
15377c478bd9Sstevel@tonic-gate ga_cache_table[i] = next;
15387c478bd9Sstevel@tonic-gate } else {
15397c478bd9Sstevel@tonic-gate NOT_DEAD(prev->next);
15407c478bd9Sstevel@tonic-gate prev->next = next;
15417c478bd9Sstevel@tonic-gate }
15427c478bd9Sstevel@tonic-gate } else {
15437c478bd9Sstevel@tonic-gate prev = cur;
15447c478bd9Sstevel@tonic-gate }
15457c478bd9Sstevel@tonic-gate }
15467c478bd9Sstevel@tonic-gate }
15477c478bd9Sstevel@tonic-gate rw_exit(&ga_cache_table_lock);
15487c478bd9Sstevel@tonic-gate }
15497c478bd9Sstevel@tonic-gate
15507c478bd9Sstevel@tonic-gate /*
15517c478bd9Sstevel@tonic-gate * Function: rpc_gss_nextverf. Not used.
15527c478bd9Sstevel@tonic-gate */
15537c478bd9Sstevel@tonic-gate static void
rpc_gss_nextverf()15547c478bd9Sstevel@tonic-gate rpc_gss_nextverf()
15557c478bd9Sstevel@tonic-gate {
15567c478bd9Sstevel@tonic-gate }
15577c478bd9Sstevel@tonic-gate
15587c478bd9Sstevel@tonic-gate /*
15597c478bd9Sstevel@tonic-gate * Function: rpc_gss_marshall - no op routine.
15607c478bd9Sstevel@tonic-gate * rpc_gss_wrap() is doing the marshalling.
15617c478bd9Sstevel@tonic-gate */
15627c478bd9Sstevel@tonic-gate /*ARGSUSED*/
15637c478bd9Sstevel@tonic-gate static bool_t
rpc_gss_marshall(auth,xdrs)15647c478bd9Sstevel@tonic-gate rpc_gss_marshall(auth, xdrs)
15657c478bd9Sstevel@tonic-gate AUTH *auth;
15667c478bd9Sstevel@tonic-gate XDR *xdrs;
15677c478bd9Sstevel@tonic-gate {
15687c478bd9Sstevel@tonic-gate return (TRUE);
15697c478bd9Sstevel@tonic-gate }
15707c478bd9Sstevel@tonic-gate
15717c478bd9Sstevel@tonic-gate /*
15727c478bd9Sstevel@tonic-gate * Set service defaults.
15737c478bd9Sstevel@tonic-gate * Not supported yet.
15747c478bd9Sstevel@tonic-gate */
15757c478bd9Sstevel@tonic-gate /* ARGSUSED */
15767c478bd9Sstevel@tonic-gate bool_t
rpc_gss_set_defaults(auth,service,qop)15777c478bd9Sstevel@tonic-gate rpc_gss_set_defaults(auth, service, qop)
15787c478bd9Sstevel@tonic-gate AUTH *auth;
15797c478bd9Sstevel@tonic-gate rpc_gss_service_t service;
15807c478bd9Sstevel@tonic-gate uint_t qop;
15817c478bd9Sstevel@tonic-gate {
15827c478bd9Sstevel@tonic-gate return (FALSE);
15837c478bd9Sstevel@tonic-gate }
15847c478bd9Sstevel@tonic-gate
15857c478bd9Sstevel@tonic-gate /* ARGSUSED */
15867c478bd9Sstevel@tonic-gate int
rpc_gss_max_data_length(AUTH * rpcgss_handle,int max_tp_unit_len)15877c478bd9Sstevel@tonic-gate rpc_gss_max_data_length(AUTH *rpcgss_handle, int max_tp_unit_len)
15887c478bd9Sstevel@tonic-gate {
15897c478bd9Sstevel@tonic-gate return (0);
15907c478bd9Sstevel@tonic-gate }
15910a701b1eSRobert Gordon
15920a701b1eSRobert Gordon rpc_gss_service_t
rpc_gss_get_service_type(AUTH * auth)15930a701b1eSRobert Gordon rpc_gss_get_service_type(AUTH *auth)
15940a701b1eSRobert Gordon {
15950a701b1eSRobert Gordon rpc_gss_data *ap = AUTH_PRIVATE(auth);
15960a701b1eSRobert Gordon
15970a701b1eSRobert Gordon return (ap->service);
15980a701b1eSRobert Gordon }
1599