1 5059 gtb /* 2 5059 gtb * CDDL HEADER START 3 5059 gtb * 4 5059 gtb * The contents of this file are subject to the terms of the 5 5059 gtb * Common Development and Distribution License (the "License"). 6 5059 gtb * You may not use this file except in compliance with the License. 7 5059 gtb * 8 5059 gtb * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 5059 gtb * or http://www.opensolaris.org/os/licensing. 10 5059 gtb * See the License for the specific language governing permissions 11 5059 gtb * and limitations under the License. 12 5059 gtb * 13 5059 gtb * When distributing Covered Code, include this CDDL HEADER in each 14 5059 gtb * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 5059 gtb * If applicable, add the following below this CDDL HEADER, with the 16 5059 gtb * fields enclosed by brackets "[]" replaced with your own identifying 17 5059 gtb * information: Portions Copyright [yyyy] [name of copyright owner] 18 5059 gtb * 19 5059 gtb * CDDL HEADER END 20 5059 gtb */ 21 0 stevel /* 22 4167 mp153739 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 0 stevel * Use is subject to license terms. 24 0 stevel * 25 0 stevel * A module for Kerberos V5 security mechanism. 26 0 stevel * 27 0 stevel */ 28 0 stevel 29 0 stevel #pragma ident "%Z%%M% %I% %E% SMI" 30 0 stevel 31 0 stevel char _depends_on[] = "misc/kgssapi crypto/md5"; 32 0 stevel 33 0 stevel #include <sys/types.h> 34 0 stevel #include <sys/modctl.h> 35 0 stevel #include <sys/errno.h> 36 0 stevel #include <mechglueP.h> 37 0 stevel #include <gssapiP_krb5.h> 38 0 stevel #include <gssapi_err_generic.h> 39 0 stevel #include <gssapi/kgssapi_defs.h> 40 0 stevel #include <sys/debug.h> 41 0 stevel #include <k5-int.h> 42 0 stevel 43 5059 gtb /* mechglue wrappers */ 44 0 stevel 45 5053 gtb static OM_uint32 k5glue_delete_sec_context 46 5059 gtb (void *, OM_uint32 *, /* minor_status */ 47 5059 gtb gss_ctx_id_t *, /* context_handle */ 48 5059 gtb gss_buffer_t, /* output_token */ 49 5059 gtb OM_uint32); 50 0 stevel 51 5053 gtb static OM_uint32 k5glue_sign 52 5059 gtb (void *, OM_uint32 *, /* minor_status */ 53 5059 gtb gss_ctx_id_t, /* context_handle */ 54 5059 gtb int, /* qop_req */ 55 5059 gtb gss_buffer_t, /* message_buffer */ 56 5059 gtb gss_buffer_t, /* message_token */ 57 5059 gtb OM_uint32); 58 5053 gtb 59 5053 gtb static OM_uint32 k5glue_verify 60 5059 gtb (void *, OM_uint32 *, /* minor_status */ 61 5059 gtb gss_ctx_id_t, /* context_handle */ 62 5059 gtb gss_buffer_t, /* message_buffer */ 63 5059 gtb gss_buffer_t, /* token_buffer */ 64 5059 gtb int *, /* qop_state */ 65 5059 gtb OM_uint32); 66 5053 gtb 67 5053 gtb /* EXPORT DELETE START */ 68 5053 gtb static OM_uint32 k5glue_seal 69 5059 gtb (void *, OM_uint32 *, /* minor_status */ 70 5059 gtb gss_ctx_id_t, /* context_handle */ 71 5059 gtb int, /* conf_req_flag */ 72 5059 gtb int, /* qop_req */ 73 5059 gtb gss_buffer_t, /* input_message_buffer */ 74 5059 gtb int *, /* conf_state */ 75 5059 gtb gss_buffer_t, /* output_message_buffer */ 76 5059 gtb OM_uint32); 77 5053 gtb 78 5053 gtb static OM_uint32 k5glue_unseal 79 5059 gtb (void *, OM_uint32 *, /* minor_status */ 80 5059 gtb gss_ctx_id_t, /* context_handle */ 81 5059 gtb gss_buffer_t, /* input_message_buffer */ 82 5059 gtb gss_buffer_t, /* output_message_buffer */ 83 5059 gtb int *, /* conf_state */ 84 5059 gtb int *, /* qop_state */ 85 5059 gtb OM_uint32); 86 5053 gtb /* EXPORT DELETE END */ 87 5053 gtb 88 5053 gtb static OM_uint32 k5glue_import_sec_context 89 5059 gtb (void *, OM_uint32 *, /* minor_status */ 90 5059 gtb gss_buffer_t, /* interprocess_token */ 91 5059 gtb gss_ctx_id_t *); /* context_handle */ 92 5053 gtb 93 5053 gtb 94 0 stevel 95 0 stevel static struct gss_config krb5_mechanism = 96 0 stevel {{9, "\052\206\110\206\367\022\001\002\002"}, 97 0 stevel NULL, /* context */ 98 0 stevel NULL, /* next */ 99 0 stevel TRUE, /* uses_kmod */ 100 0 stevel /* EXPORT DELETE START */ /* CRYPT DELETE START */ 101 5053 gtb k5glue_unseal, 102 0 stevel /* EXPORT DELETE END */ /* CRYPT DELETE END */ 103 5053 gtb k5glue_delete_sec_context, 104 0 stevel /* EXPORT DELETE START */ /* CRYPT DELETE START */ 105 5053 gtb k5glue_seal, 106 0 stevel /* EXPORT DELETE END */ /* CRYPT DELETE END */ 107 5053 gtb k5glue_import_sec_context, 108 0 stevel /* EXPORT DELETE START */ 109 0 stevel /* CRYPT DELETE START */ 110 0 stevel #if 0 111 0 stevel /* CRYPT DELETE END */ 112 5053 gtb k5glue_seal, 113 5053 gtb k5glue_unseal, 114 0 stevel /* CRYPT DELETE START */ 115 0 stevel #endif 116 0 stevel /* CRYPT DELETE END */ 117 0 stevel /* EXPORT DELETE END */ 118 5053 gtb k5glue_sign, 119 5053 gtb k5glue_verify, 120 5053 gtb }; 121 0 stevel 122 0 stevel static gss_mechanism 123 0 stevel gss_mech_initialize() 124 0 stevel { 125 0 stevel return (&krb5_mechanism); 126 0 stevel } 127 0 stevel 128 0 stevel 129 0 stevel /* 130 0 stevel * Module linkage information for the kernel. 131 0 stevel */ 132 0 stevel extern struct mod_ops mod_miscops; 133 0 stevel 134 0 stevel static struct modlmisc modlmisc = { 135 0 stevel &mod_miscops, "Krb5 GSS mechanism" 136 0 stevel }; 137 0 stevel 138 0 stevel static struct modlinkage modlinkage = { 139 0 stevel MODREV_1, 140 0 stevel (void *)&modlmisc, 141 0 stevel NULL 142 0 stevel }; 143 0 stevel 144 0 stevel 145 0 stevel static int krb5_fini_code = EBUSY; 146 0 stevel 147 0 stevel int 148 0 stevel _init() 149 0 stevel { 150 0 stevel int retval; 151 0 stevel gss_mechanism mech, tmp; 152 0 stevel 153 0 stevel if ((retval = mod_install(&modlinkage)) != 0) 154 0 stevel return (retval); 155 0 stevel 156 0 stevel mech = gss_mech_initialize(); 157 0 stevel 158 0 stevel mutex_enter(&__kgss_mech_lock); 159 0 stevel tmp = __kgss_get_mechanism(&mech->mech_type); 160 0 stevel if (tmp != NULL) { 161 0 stevel 162 0 stevel KRB5_LOG0(KRB5_INFO, 163 5059 gtb "KRB5 GSS mechanism: mechanism already in table.\n"); 164 0 stevel 165 0 stevel if (tmp->uses_kmod == TRUE) { 166 0 stevel KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism " 167 5059 gtb "table supports kernel operations!\n"); 168 0 stevel } 169 0 stevel /* 170 0 stevel * keep us loaded, but let us be unloadable. This 171 0 stevel * will give the developer time to trouble shoot 172 0 stevel */ 173 0 stevel krb5_fini_code = 0; 174 0 stevel } else { 175 0 stevel __kgss_add_mechanism(mech); 176 0 stevel ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech); 177 0 stevel } 178 0 stevel mutex_exit(&__kgss_mech_lock); 179 0 stevel 180 0 stevel return (0); 181 0 stevel } 182 0 stevel 183 0 stevel int 184 0 stevel _fini() 185 0 stevel { 186 0 stevel int ret = krb5_fini_code; 187 0 stevel 188 0 stevel if (ret == 0) { 189 0 stevel ret = (mod_remove(&modlinkage)); 190 0 stevel } 191 0 stevel return (ret); 192 0 stevel } 193 0 stevel 194 0 stevel int 195 0 stevel _info(struct modinfo *modinfop) 196 0 stevel { 197 0 stevel return (mod_info(&modlinkage, modinfop)); 198 0 stevel } 199 0 stevel 200 5053 gtb /* ARGSUSED */ 201 5053 gtb static OM_uint32 202 5053 gtb k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token, 203 5053 gtb gssd_ctx_verifier) 204 5059 gtb void *ctx; 205 5059 gtb OM_uint32 *minor_status; 206 5059 gtb gss_ctx_id_t *context_handle; 207 5059 gtb gss_buffer_t output_token; 208 5059 gtb OM_uint32 gssd_ctx_verifier; 209 0 stevel { 210 5059 gtb return (krb5_gss_delete_sec_context(minor_status, 211 5053 gtb context_handle, output_token, 212 5053 gtb gssd_ctx_verifier)); 213 5053 gtb } 214 0 stevel 215 5053 gtb /* V2 */ 216 5053 gtb /* ARGSUSED */ 217 5053 gtb static OM_uint32 218 5053 gtb k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) 219 5059 gtb void *ctx; 220 5059 gtb OM_uint32 *minor_status; 221 5059 gtb gss_buffer_t interprocess_token; 222 5059 gtb gss_ctx_id_t *context_handle; 223 5053 gtb { 224 5059 gtb return (krb5_gss_import_sec_context(minor_status, 225 5059 gtb interprocess_token, 226 5059 gtb context_handle)); 227 5053 gtb } 228 0 stevel 229 5053 gtb /* EXPORT DELETE START */ 230 5053 gtb /* V1 only */ 231 5053 gtb /* ARGSUSED */ 232 5053 gtb static OM_uint32 233 5053 gtb k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, 234 5059 gtb input_message_buffer, conf_state, output_message_buffer, 235 5059 gtb gssd_ctx_verifier) 236 5059 gtb void *ctx; 237 5059 gtb OM_uint32 *minor_status; 238 5059 gtb gss_ctx_id_t context_handle; 239 5059 gtb int conf_req_flag; 240 5059 gtb int qop_req; 241 5059 gtb gss_buffer_t input_message_buffer; 242 5059 gtb int *conf_state; 243 5059 gtb gss_buffer_t output_message_buffer; 244 5059 gtb OM_uint32 gssd_ctx_verifier; 245 5053 gtb { 246 5059 gtb return (krb5_gss_seal(minor_status, context_handle, 247 5053 gtb conf_req_flag, qop_req, input_message_buffer, 248 5053 gtb conf_state, output_message_buffer, gssd_ctx_verifier)); 249 5053 gtb } 250 5053 gtb /* EXPORT DELETE END */ 251 0 stevel 252 5053 gtb /* ARGSUSED */ 253 5053 gtb static OM_uint32 254 5053 gtb k5glue_sign(ctx, minor_status, context_handle, 255 5059 gtb qop_req, message_buffer, 256 5059 gtb message_token, gssd_ctx_verifier) 257 5059 gtb void *ctx; 258 5059 gtb OM_uint32 *minor_status; 259 5059 gtb gss_ctx_id_t context_handle; 260 5059 gtb int qop_req; 261 5059 gtb gss_buffer_t message_buffer; 262 5059 gtb gss_buffer_t message_token; 263 5059 gtb OM_uint32 gssd_ctx_verifier; 264 5053 gtb { 265 5059 gtb return (krb5_gss_sign(minor_status, context_handle, 266 5059 gtb qop_req, message_buffer, message_token, gssd_ctx_verifier)); 267 0 stevel } 268 5053 gtb 269 5053 gtb /* EXPORT DELETE START */ 270 5053 gtb /* ARGSUSED */ 271 5053 gtb static OM_uint32 272 5053 gtb k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, 273 5053 gtb output_message_buffer, conf_state, qop_state, gssd_ctx_verifier) 274 5059 gtb void *ctx; 275 5059 gtb OM_uint32 *minor_status; 276 5059 gtb gss_ctx_id_t context_handle; 277 5059 gtb gss_buffer_t input_message_buffer; 278 5059 gtb gss_buffer_t output_message_buffer; 279 5059 gtb int *conf_state; 280 5059 gtb int *qop_state; 281 5059 gtb OM_uint32 gssd_ctx_verifier; 282 5053 gtb { 283 5059 gtb return (krb5_gss_unseal(minor_status, context_handle, 284 5059 gtb input_message_buffer, output_message_buffer, 285 5059 gtb conf_state, qop_state, gssd_ctx_verifier)); 286 5053 gtb } 287 5053 gtb /* EXPORT DELETE END */ 288 5053 gtb 289 5053 gtb /* V1 only */ 290 5053 gtb /* ARGSUSED */ 291 5053 gtb static OM_uint32 292 5053 gtb k5glue_verify(ctx, minor_status, context_handle, message_buffer, 293 5053 gtb token_buffer, qop_state, gssd_ctx_verifier) 294 5059 gtb void *ctx; 295 5059 gtb OM_uint32 *minor_status; 296 5059 gtb gss_ctx_id_t context_handle; 297 5059 gtb gss_buffer_t message_buffer; 298 5059 gtb gss_buffer_t token_buffer; 299 5059 gtb int *qop_state; 300 5059 gtb OM_uint32 gssd_ctx_verifier; 301 5053 gtb { 302 5059 gtb return (krb5_gss_verify(minor_status, 303 5059 gtb context_handle, 304 5059 gtb message_buffer, 305 5059 gtb token_buffer, 306 5059 gtb qop_state, gssd_ctx_verifier)); 307 5053 gtb } 308
Indexes created Tue Nov 24 11:10:09 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.