xref: /titanic_41/usr/src/uts/common/gssapi/mechs/krb5/krb5mech.c (revision c39526b769298791ff5b0b6c5e761f49aabaeb4e) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * A module for Kerberos V5  security mechanism.
26  *
27  */
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 char _depends_on[] = "misc/kgssapi crypto/md5";
32 
33 #include <sys/types.h>
34 #include <sys/modctl.h>
35 #include <sys/errno.h>
36 #include <mechglueP.h>
37 #include <gssapiP_krb5.h>
38 #include <gssapi_err_generic.h>
39 #include <gssapi/kgssapi_defs.h>
40 #include <sys/debug.h>
41 #include <k5-int.h>
42 
43 /* mechglue wrappers */
44 
45 static OM_uint32 k5glue_delete_sec_context
46 	(void *, OM_uint32 *,	/* minor_status */
47 	gss_ctx_id_t *,	/* context_handle */
48 	gss_buffer_t,	/* output_token */
49 	OM_uint32);
50 
51 static OM_uint32 k5glue_sign
52 	(void *, OM_uint32 *,	/* minor_status */
53 	gss_ctx_id_t,	/* context_handle */
54 	int,		/* qop_req */
55 	gss_buffer_t,	/* message_buffer */
56 	gss_buffer_t,	/* message_token */
57 	OM_uint32);
58 
59 static OM_uint32 k5glue_verify
60 	(void *, OM_uint32 *,	/* minor_status */
61 	gss_ctx_id_t,	/* context_handle */
62 	gss_buffer_t,	/* message_buffer */
63 	gss_buffer_t,	/* token_buffer */
64 	int *,	/* qop_state */
65 	OM_uint32);
66 
67 /* EXPORT DELETE START */
68 static OM_uint32 k5glue_seal
69 	(void *, OM_uint32 *,	/* minor_status */
70 	gss_ctx_id_t,		/* context_handle */
71 	int,			/* conf_req_flag */
72 	int,			/* qop_req */
73 	gss_buffer_t,		/* input_message_buffer */
74 	int *,			/* conf_state */
75 	gss_buffer_t,		/* output_message_buffer */
76 	OM_uint32);
77 
78 static OM_uint32 k5glue_unseal
79 	(void *, OM_uint32 *,	/* minor_status */
80 	gss_ctx_id_t,		/* context_handle */
81 	gss_buffer_t,		/* input_message_buffer */
82 	gss_buffer_t,		/* output_message_buffer */
83 	int *,			/* conf_state */
84 	int *,			/* qop_state */
85 	OM_uint32);
86 /* EXPORT DELETE END */
87 
88 static OM_uint32 k5glue_import_sec_context
89 	(void *, OM_uint32 *,		/* minor_status */
90 	gss_buffer_t,			/* interprocess_token */
91 	gss_ctx_id_t *);		/* context_handle */
92 
93 
94 
95 static	struct	gss_config krb5_mechanism =
96 	{{9, "\052\206\110\206\367\022\001\002\002"},
97 	NULL,	/* context */
98 	NULL,	/* next */
99 	TRUE,	/* uses_kmod */
100 /* EXPORT DELETE START */ /* CRYPT DELETE START */
101 	k5glue_unseal,
102 /* EXPORT DELETE END */ /* CRYPT DELETE END */
103 	k5glue_delete_sec_context,
104 /* EXPORT DELETE START */ /* CRYPT DELETE START */
105 	k5glue_seal,
106 /* EXPORT DELETE END */ /* CRYPT DELETE END */
107 	k5glue_import_sec_context,
108 /* EXPORT DELETE START */
109 /* CRYPT DELETE START */
110 #if 0
111 /* CRYPT DELETE END */
112 	k5glue_seal,
113 	k5glue_unseal,
114 /* CRYPT DELETE START */
115 #endif
116 /* CRYPT DELETE END */
117 /* EXPORT DELETE END */
118 	k5glue_sign,
119 	k5glue_verify,
120 	};
121 
122 static gss_mechanism
123 	gss_mech_initialize()
124 {
125 	return (&krb5_mechanism);
126 }
127 
128 
129 /*
130  * Module linkage information for the kernel.
131  */
132 extern struct mod_ops mod_miscops;
133 
134 static struct modlmisc modlmisc = {
135 	&mod_miscops, "Krb5 GSS mechanism"
136 };
137 
138 static struct modlinkage modlinkage = {
139 	MODREV_1,
140 	(void *)&modlmisc,
141 	NULL
142 };
143 
144 
145 static int krb5_fini_code = EBUSY;
146 
147 int
148 _init()
149 {
150 	int retval;
151 	gss_mechanism mech, tmp;
152 
153 	if ((retval = mod_install(&modlinkage)) != 0)
154 		return (retval);
155 
156 	mech = gss_mech_initialize();
157 
158 	mutex_enter(&__kgss_mech_lock);
159 	tmp = __kgss_get_mechanism(&mech->mech_type);
160 	if (tmp != NULL) {
161 
162 		KRB5_LOG0(KRB5_INFO,
163 		    "KRB5 GSS mechanism: mechanism already in table.\n");
164 
165 		if (tmp->uses_kmod == TRUE) {
166 			KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
167 			    "table supports kernel operations!\n");
168 		}
169 		/*
170 		 * keep us loaded, but let us be unloadable. This
171 		 * will give the developer time to trouble shoot
172 		 */
173 		krb5_fini_code = 0;
174 	} else {
175 		__kgss_add_mechanism(mech);
176 		ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
177 	}
178 	mutex_exit(&__kgss_mech_lock);
179 
180 	return (0);
181 }
182 
183 int
184 _fini()
185 {
186 	int ret = krb5_fini_code;
187 
188 	if (ret == 0) {
189 		ret = (mod_remove(&modlinkage));
190 	}
191 	return (ret);
192 }
193 
194 int
195 _info(struct modinfo *modinfop)
196 {
197 	return (mod_info(&modlinkage, modinfop));
198 }
199 
200 /* ARGSUSED */
201 static OM_uint32
202 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
203 	gssd_ctx_verifier)
204 	void *ctx;
205 	OM_uint32 *minor_status;
206 	gss_ctx_id_t *context_handle;
207 	gss_buffer_t output_token;
208 	OM_uint32 gssd_ctx_verifier;
209 {
210 	return (krb5_gss_delete_sec_context(minor_status,
211 				    context_handle, output_token,
212 				    gssd_ctx_verifier));
213 }
214 
215 /* V2 */
216 /* ARGSUSED */
217 static OM_uint32
218 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
219 	void *ctx;
220 	OM_uint32 *minor_status;
221 	gss_buffer_t	interprocess_token;
222 	gss_ctx_id_t	 *context_handle;
223 {
224 	return (krb5_gss_import_sec_context(minor_status,
225 			interprocess_token,
226 			context_handle));
227 }
228 
229 /* EXPORT DELETE START */
230 /* V1 only */
231 /* ARGSUSED */
232 static OM_uint32
233 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
234 	    input_message_buffer, conf_state, output_message_buffer,
235 	    gssd_ctx_verifier)
236 	void *ctx;
237 	OM_uint32 *minor_status;
238 	gss_ctx_id_t context_handle;
239 	int conf_req_flag;
240 	int qop_req;
241 	gss_buffer_t input_message_buffer;
242 	int *conf_state;
243 	gss_buffer_t output_message_buffer;
244 	OM_uint32 gssd_ctx_verifier;
245 {
246 	return (krb5_gss_seal(minor_status, context_handle,
247 			conf_req_flag, qop_req, input_message_buffer,
248 			conf_state, output_message_buffer, gssd_ctx_verifier));
249 }
250 /* EXPORT DELETE END */
251 
252 /* ARGSUSED */
253 static OM_uint32
254 k5glue_sign(ctx, minor_status, context_handle,
255 		qop_req, message_buffer,
256 		message_token, gssd_ctx_verifier)
257 	void *ctx;
258 	OM_uint32 *minor_status;
259 	gss_ctx_id_t context_handle;
260 	int qop_req;
261 	gss_buffer_t message_buffer;
262 	gss_buffer_t message_token;
263 	OM_uint32 gssd_ctx_verifier;
264 {
265 	return (krb5_gss_sign(minor_status, context_handle,
266 		qop_req, message_buffer, message_token, gssd_ctx_verifier));
267 }
268 
269 /* EXPORT DELETE START */
270 /* ARGSUSED */
271 static OM_uint32
272 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
273 	    output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
274 	void *ctx;
275 	OM_uint32 *minor_status;
276 	gss_ctx_id_t context_handle;
277 	gss_buffer_t input_message_buffer;
278 	gss_buffer_t output_message_buffer;
279 	int *conf_state;
280 	int *qop_state;
281 	OM_uint32 gssd_ctx_verifier;
282 {
283 	return (krb5_gss_unseal(minor_status, context_handle,
284 				input_message_buffer, output_message_buffer,
285 				conf_state, qop_state, gssd_ctx_verifier));
286 }
287 /* EXPORT DELETE END */
288 
289 /* V1 only */
290 /* ARGSUSED */
291 static OM_uint32
292 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
293 	    token_buffer, qop_state, gssd_ctx_verifier)
294 	void *ctx;
295 	OM_uint32 *minor_status;
296 	gss_ctx_id_t context_handle;
297 	gss_buffer_t message_buffer;
298 	gss_buffer_t token_buffer;
299 	int *qop_state;
300 	OM_uint32 gssd_ctx_verifier;
301 {
302 	return (krb5_gss_verify(minor_status,
303 				context_handle,
304 				message_buffer,
305 				token_buffer,
306 				qop_state, gssd_ctx_verifier));
307 }
308