Home | History | Annotate | Download | only in krb5
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  *
     25  * A module for Kerberos V5  security mechanism.
     26  *
     27  */
     28 
     29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
     30 
     31 char _depends_on[] = "misc/kgssapi crypto/md5";
     32 
     33 #include <sys/types.h>
     34 #include <sys/modctl.h>
     35 #include <sys/errno.h>
     36 #include <mechglueP.h>
     37 #include <gssapiP_krb5.h>
     38 #include <gssapi_err_generic.h>
     39 #include <gssapi/kgssapi_defs.h>
     40 #include <sys/debug.h>
     41 #include <k5-int.h>
     42 
     43 /* mechglue wrappers */
     44 
     45 static OM_uint32 k5glue_delete_sec_context
     46 	(void *, OM_uint32 *,	/* minor_status */
     47 	gss_ctx_id_t *,	/* context_handle */
     48 	gss_buffer_t,	/* output_token */
     49 	OM_uint32);
     50 
     51 static OM_uint32 k5glue_sign
     52 	(void *, OM_uint32 *,	/* minor_status */
     53 	gss_ctx_id_t,	/* context_handle */
     54 	int,		/* qop_req */
     55 	gss_buffer_t,	/* message_buffer */
     56 	gss_buffer_t,	/* message_token */
     57 	OM_uint32);
     58 
     59 static OM_uint32 k5glue_verify
     60 	(void *, OM_uint32 *,	/* minor_status */
     61 	gss_ctx_id_t,	/* context_handle */
     62 	gss_buffer_t,	/* message_buffer */
     63 	gss_buffer_t,	/* token_buffer */
     64 	int *,	/* qop_state */
     65 	OM_uint32);
     66 
     67 /* EXPORT DELETE START */
     68 static OM_uint32 k5glue_seal
     69 	(void *, OM_uint32 *,	/* minor_status */
     70 	gss_ctx_id_t,		/* context_handle */
     71 	int,			/* conf_req_flag */
     72 	int,			/* qop_req */
     73 	gss_buffer_t,		/* input_message_buffer */
     74 	int *,			/* conf_state */
     75 	gss_buffer_t,		/* output_message_buffer */
     76 	OM_uint32);
     77 
     78 static OM_uint32 k5glue_unseal
     79 	(void *, OM_uint32 *,	/* minor_status */
     80 	gss_ctx_id_t,		/* context_handle */
     81 	gss_buffer_t,		/* input_message_buffer */
     82 	gss_buffer_t,		/* output_message_buffer */
     83 	int *,			/* conf_state */
     84 	int *,			/* qop_state */
     85 	OM_uint32);
     86 /* EXPORT DELETE END */
     87 
     88 static OM_uint32 k5glue_import_sec_context
     89 	(void *, OM_uint32 *,		/* minor_status */
     90 	gss_buffer_t,			/* interprocess_token */
     91 	gss_ctx_id_t *);		/* context_handle */
     92 
     93 
     94 
     95 static	struct	gss_config krb5_mechanism =
     96 	{{9, "\052\206\110\206\367\022\001\002\002"},
     97 	NULL,	/* context */
     98 	NULL,	/* next */
     99 	TRUE,	/* uses_kmod */
    100 /* EXPORT DELETE START */ /* CRYPT DELETE START */
    101 	k5glue_unseal,
    102 /* EXPORT DELETE END */ /* CRYPT DELETE END */
    103 	k5glue_delete_sec_context,
    104 /* EXPORT DELETE START */ /* CRYPT DELETE START */
    105 	k5glue_seal,
    106 /* EXPORT DELETE END */ /* CRYPT DELETE END */
    107 	k5glue_import_sec_context,
    108 /* EXPORT DELETE START */
    109 /* CRYPT DELETE START */
    110 #if 0
    111 /* CRYPT DELETE END */
    112 	k5glue_seal,
    113 	k5glue_unseal,
    114 /* CRYPT DELETE START */
    115 #endif
    116 /* CRYPT DELETE END */
    117 /* EXPORT DELETE END */
    118 	k5glue_sign,
    119 	k5glue_verify,
    120 	};
    121 
    122 static gss_mechanism
    123 	gss_mech_initialize()
    124 {
    125 	return (&krb5_mechanism);
    126 }
    127 
    128 
    129 /*
    130  * Module linkage information for the kernel.
    131  */
    132 extern struct mod_ops mod_miscops;
    133 
    134 static struct modlmisc modlmisc = {
    135 	&mod_miscops, "Krb5 GSS mechanism"
    136 };
    137 
    138 static struct modlinkage modlinkage = {
    139 	MODREV_1,
    140 	(void *)&modlmisc,
    141 	NULL
    142 };
    143 
    144 
    145 static int krb5_fini_code = EBUSY;
    146 
    147 int
    148 _init()
    149 {
    150 	int retval;
    151 	gss_mechanism mech, tmp;
    152 
    153 	if ((retval = mod_install(&modlinkage)) != 0)
    154 		return (retval);
    155 
    156 	mech = gss_mech_initialize();
    157 
    158 	mutex_enter(&__kgss_mech_lock);
    159 	tmp = __kgss_get_mechanism(&mech->mech_type);
    160 	if (tmp != NULL) {
    161 
    162 		KRB5_LOG0(KRB5_INFO,
    163 		    "KRB5 GSS mechanism: mechanism already in table.\n");
    164 
    165 		if (tmp->uses_kmod == TRUE) {
    166 			KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
    167 			    "table supports kernel operations!\n");
    168 		}
    169 		/*
    170 		 * keep us loaded, but let us be unloadable. This
    171 		 * will give the developer time to trouble shoot
    172 		 */
    173 		krb5_fini_code = 0;
    174 	} else {
    175 		__kgss_add_mechanism(mech);
    176 		ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
    177 	}
    178 	mutex_exit(&__kgss_mech_lock);
    179 
    180 	return (0);
    181 }
    182 
    183 int
    184 _fini()
    185 {
    186 	int ret = krb5_fini_code;
    187 
    188 	if (ret == 0) {
    189 		ret = (mod_remove(&modlinkage));
    190 	}
    191 	return (ret);
    192 }
    193 
    194 int
    195 _info(struct modinfo *modinfop)
    196 {
    197 	return (mod_info(&modlinkage, modinfop));
    198 }
    199 
    200 /* ARGSUSED */
    201 static OM_uint32
    202 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
    203 	gssd_ctx_verifier)
    204 	void *ctx;
    205 	OM_uint32 *minor_status;
    206 	gss_ctx_id_t *context_handle;
    207 	gss_buffer_t output_token;
    208 	OM_uint32 gssd_ctx_verifier;
    209 {
    210 	return (krb5_gss_delete_sec_context(minor_status,
    211 				    context_handle, output_token,
    212 				    gssd_ctx_verifier));
    213 }
    214 
    215 /* V2 */
    216 /* ARGSUSED */
    217 static OM_uint32
    218 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
    219 	void *ctx;
    220 	OM_uint32 *minor_status;
    221 	gss_buffer_t	interprocess_token;
    222 	gss_ctx_id_t	 *context_handle;
    223 {
    224 	return (krb5_gss_import_sec_context(minor_status,
    225 			interprocess_token,
    226 			context_handle));
    227 }
    228 
    229 /* EXPORT DELETE START */
    230 /* V1 only */
    231 /* ARGSUSED */
    232 static OM_uint32
    233 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
    234 	    input_message_buffer, conf_state, output_message_buffer,
    235 	    gssd_ctx_verifier)
    236 	void *ctx;
    237 	OM_uint32 *minor_status;
    238 	gss_ctx_id_t context_handle;
    239 	int conf_req_flag;
    240 	int qop_req;
    241 	gss_buffer_t input_message_buffer;
    242 	int *conf_state;
    243 	gss_buffer_t output_message_buffer;
    244 	OM_uint32 gssd_ctx_verifier;
    245 {
    246 	return (krb5_gss_seal(minor_status, context_handle,
    247 			conf_req_flag, qop_req, input_message_buffer,
    248 			conf_state, output_message_buffer, gssd_ctx_verifier));
    249 }
    250 /* EXPORT DELETE END */
    251 
    252 /* ARGSUSED */
    253 static OM_uint32
    254 k5glue_sign(ctx, minor_status, context_handle,
    255 		qop_req, message_buffer,
    256 		message_token, gssd_ctx_verifier)
    257 	void *ctx;
    258 	OM_uint32 *minor_status;
    259 	gss_ctx_id_t context_handle;
    260 	int qop_req;
    261 	gss_buffer_t message_buffer;
    262 	gss_buffer_t message_token;
    263 	OM_uint32 gssd_ctx_verifier;
    264 {
    265 	return (krb5_gss_sign(minor_status, context_handle,
    266 		qop_req, message_buffer, message_token, gssd_ctx_verifier));
    267 }
    268 
    269 /* EXPORT DELETE START */
    270 /* ARGSUSED */
    271 static OM_uint32
    272 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
    273 	    output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
    274 	void *ctx;
    275 	OM_uint32 *minor_status;
    276 	gss_ctx_id_t context_handle;
    277 	gss_buffer_t input_message_buffer;
    278 	gss_buffer_t output_message_buffer;
    279 	int *conf_state;
    280 	int *qop_state;
    281 	OM_uint32 gssd_ctx_verifier;
    282 {
    283 	return (krb5_gss_unseal(minor_status, context_handle,
    284 				input_message_buffer, output_message_buffer,
    285 				conf_state, qop_state, gssd_ctx_verifier));
    286 }
    287 /* EXPORT DELETE END */
    288 
    289 /* V1 only */
    290 /* ARGSUSED */
    291 static OM_uint32
    292 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
    293 	    token_buffer, qop_state, gssd_ctx_verifier)
    294 	void *ctx;
    295 	OM_uint32 *minor_status;
    296 	gss_ctx_id_t context_handle;
    297 	gss_buffer_t message_buffer;
    298 	gss_buffer_t token_buffer;
    299 	int *qop_state;
    300 	OM_uint32 gssd_ctx_verifier;
    301 {
    302 	return (krb5_gss_verify(minor_status,
    303 				context_handle,
    304 				message_buffer,
    305 				token_buffer,
    306 				qop_state, gssd_ctx_verifier));
    307 }
    308