xref: /titanic_50/usr/src/uts/common/gssapi/mechs/krb5/krb5mech.c (revision ab9b2e153c3a9a2b1141fefa87925b1a9beb1236)
1 /*
2  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  *
5  * A module for Kerberos V5  security mechanism.
6  *
7  */
8 
9 #pragma ident	"%Z%%M%	%I%	%E% SMI"
10 
11 char _depends_on[] = "misc/kgssapi crypto/md5";
12 
13 #include <sys/types.h>
14 #include <sys/modctl.h>
15 #include <sys/errno.h>
16 #include <mechglueP.h>
17 #include <gssapiP_krb5.h>
18 #include <gssapi_err_generic.h>
19 #include <gssapi/kgssapi_defs.h>
20 #include <sys/debug.h>
21 #include <k5-int.h>
22 
23 /** mechglue wrappers **/
24 
25 static OM_uint32 k5glue_delete_sec_context
26     (void *, OM_uint32*,       /* minor_status */
27      gss_ctx_id_t*,    /* context_handle */
28      gss_buffer_t,     /* output_token */
29      OM_uint32);
30 
31 static OM_uint32 k5glue_sign
32     (void *, OM_uint32*,       /* minor_status */
33      gss_ctx_id_t,     /* context_handle */
34      int,              /* qop_req */
35      gss_buffer_t,     /* message_buffer */
36      gss_buffer_t,     /* message_token */
37      OM_uint32);
38 
39 static OM_uint32 k5glue_verify
40     (void *, OM_uint32*,       /* minor_status */
41      gss_ctx_id_t,     /* context_handle */
42      gss_buffer_t,     /* message_buffer */
43      gss_buffer_t,     /* token_buffer */
44      int*,              /* qop_state */
45      OM_uint32);
46 
47 /* EXPORT DELETE START */
48 static OM_uint32 k5glue_seal
49     (void *, OM_uint32*,       /* minor_status */
50      gss_ctx_id_t,     /* context_handle */
51      int,              /* conf_req_flag */
52      int,              /* qop_req */
53      gss_buffer_t,     /* input_message_buffer */
54      int*,             /* conf_state */
55      gss_buffer_t,     /* output_message_buffer */
56      OM_uint32);
57 
58 static OM_uint32 k5glue_unseal
59     (void *, OM_uint32*,       /* minor_status */
60      gss_ctx_id_t,     /* context_handle */
61      gss_buffer_t,     /* input_message_buffer */
62      gss_buffer_t,     /* output_message_buffer */
63      int*,             /* conf_state */
64      int*,             /* qop_state */
65      OM_uint32);
66 /* EXPORT DELETE END */
67 
68 static OM_uint32 k5glue_import_sec_context
69     (void *, OM_uint32 *,		/* minor_status */
70      gss_buffer_t,		/* interprocess_token */
71      gss_ctx_id_t *);		/* context_handle */
72 
73 
74 
75 static	struct	gss_config krb5_mechanism =
76 	{{9, "\052\206\110\206\367\022\001\002\002"},
77 	NULL,	/* context */
78 	NULL,	/* next */
79 	TRUE,	/* uses_kmod */
80 /* EXPORT DELETE START */ /* CRYPT DELETE START */
81 	k5glue_unseal,
82 /* EXPORT DELETE END */ /* CRYPT DELETE END */
83 	k5glue_delete_sec_context,
84 /* EXPORT DELETE START */ /* CRYPT DELETE START */
85 	k5glue_seal,
86 /* EXPORT DELETE END */ /* CRYPT DELETE END */
87 	k5glue_import_sec_context,
88 /* EXPORT DELETE START */
89 /* CRYPT DELETE START */
90 #if 0
91 /* CRYPT DELETE END */
92 	k5glue_seal,
93 	k5glue_unseal,
94 /* CRYPT DELETE START */
95 #endif
96 /* CRYPT DELETE END */
97 /* EXPORT DELETE END */
98 	k5glue_sign,
99 	k5glue_verify,
100 	};
101 
102 static gss_mechanism
103 	gss_mech_initialize()
104 {
105 	return (&krb5_mechanism);
106 }
107 
108 
109 /*
110  * Module linkage information for the kernel.
111  */
112 extern struct mod_ops mod_miscops;
113 
114 static struct modlmisc modlmisc = {
115 	&mod_miscops, "Krb5 GSS mechanism"
116 };
117 
118 static struct modlinkage modlinkage = {
119 	MODREV_1,
120 	(void *)&modlmisc,
121 	NULL
122 };
123 
124 
125 static int krb5_fini_code = EBUSY;
126 
127 int
128 _init()
129 {
130 	int retval;
131 	gss_mechanism mech, tmp;
132 
133 	if ((retval = mod_install(&modlinkage)) != 0)
134 		return (retval);
135 
136 	mech = gss_mech_initialize();
137 
138 	mutex_enter(&__kgss_mech_lock);
139 	tmp = __kgss_get_mechanism(&mech->mech_type);
140 	if (tmp != NULL) {
141 
142 		KRB5_LOG0(KRB5_INFO,
143 			"KRB5 GSS mechanism: mechanism already in table.\n");
144 
145 		if (tmp->uses_kmod == TRUE) {
146 			KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
147 				"table supports kernel operations!\n");
148 		}
149 		/*
150 		 * keep us loaded, but let us be unloadable. This
151 		 * will give the developer time to trouble shoot
152 		 */
153 		krb5_fini_code = 0;
154 	} else {
155 		__kgss_add_mechanism(mech);
156 		ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
157 	}
158 	mutex_exit(&__kgss_mech_lock);
159 
160 	return (0);
161 }
162 
163 int
164 _fini()
165 {
166 	int ret = krb5_fini_code;
167 
168 	if (ret == 0) {
169 		ret = (mod_remove(&modlinkage));
170 	}
171 	return (ret);
172 }
173 
174 int
175 _info(struct modinfo *modinfop)
176 {
177 	return (mod_info(&modlinkage, modinfop));
178 }
179 
180 /* ARGSUSED */
181 static OM_uint32
182 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
183 	gssd_ctx_verifier)
184     void *ctx;
185      OM_uint32 *minor_status;
186      gss_ctx_id_t *context_handle;
187      gss_buffer_t output_token;
188     OM_uint32 gssd_ctx_verifier;
189 {
190    return(krb5_gss_delete_sec_context(minor_status,
191 				    context_handle, output_token,
192 				    gssd_ctx_verifier));
193 }
194 
195 /* V2 */
196 /* ARGSUSED */
197 static OM_uint32
198 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
199     void *ctx;
200      OM_uint32		 *minor_status;
201      gss_buffer_t	interprocess_token;
202      gss_ctx_id_t	 *context_handle;
203 {
204    return(krb5_gss_import_sec_context(minor_status,
205 				      interprocess_token,
206 				    context_handle));
207 }
208 
209 /* EXPORT DELETE START */
210 /* V1 only */
211 /* ARGSUSED */
212 static OM_uint32
213 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
214 	    input_message_buffer, conf_state, output_message_buffer, gssd_ctx_verifier)
215     void *ctx;
216      OM_uint32 *minor_status;
217      gss_ctx_id_t context_handle;
218      int conf_req_flag;
219      int qop_req;
220      gss_buffer_t input_message_buffer;
221      int *conf_state;
222      gss_buffer_t output_message_buffer;
223     OM_uint32 gssd_ctx_verifier;
224 {
225    return(krb5_gss_seal(minor_status, context_handle,
226 			conf_req_flag, qop_req, input_message_buffer,
227 			conf_state, output_message_buffer, gssd_ctx_verifier));
228 }
229 /* EXPORT DELETE END */
230 
231 /* ARGSUSED */
232 static OM_uint32
233 k5glue_sign(ctx, minor_status, context_handle,
234 	      qop_req, message_buffer,
235 	    message_token, gssd_ctx_verifier)
236     void *ctx;
237      OM_uint32 *minor_status;
238      gss_ctx_id_t context_handle;
239      int qop_req;
240      gss_buffer_t message_buffer;
241      gss_buffer_t message_token;
242     OM_uint32 gssd_ctx_verifier;
243 {
244    return(krb5_gss_sign(minor_status, context_handle,
245 			qop_req, message_buffer, message_token, gssd_ctx_verifier));
246 }
247 
248 /* EXPORT DELETE START */
249 /* ARGSUSED */
250 static OM_uint32
251 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
252 	    output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
253     void *ctx;
254      OM_uint32 *minor_status;
255      gss_ctx_id_t context_handle;
256      gss_buffer_t input_message_buffer;
257      gss_buffer_t output_message_buffer;
258      int *conf_state;
259      int *qop_state;
260     OM_uint32 gssd_ctx_verifier;
261 {
262    return(krb5_gss_unseal(minor_status, context_handle,
263 			  input_message_buffer, output_message_buffer,
264 			conf_state, qop_state, gssd_ctx_verifier));
265 }
266 /* EXPORT DELETE END */
267 
268 /* V1 only */
269 /* ARGSUSED */
270 static OM_uint32
271 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
272 	    token_buffer, qop_state, gssd_ctx_verifier)
273     void *ctx;
274      OM_uint32 *minor_status;
275      gss_ctx_id_t context_handle;
276      gss_buffer_t message_buffer;
277      gss_buffer_t token_buffer;
278      int *qop_state;
279     OM_uint32 gssd_ctx_verifier;
280 {
281    return(krb5_gss_verify(minor_status,
282 			  context_handle,
283 			  message_buffer,
284 			  token_buffer,
285 			qop_state, gssd_ctx_verifier));
286 }
287