1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * A module for Kerberos V5 security mechanism.
26 *
27 */
28
29 #pragma ident "%Z%%M% %I% %E% SMI"
30
31 char _depends_on[] = "misc/kgssapi crypto/md5";
32
33 #include <sys/types.h>
34 #include <sys/modctl.h>
35 #include <sys/errno.h>
36 #include <mechglueP.h>
37 #include <gssapiP_krb5.h>
38 #include <gssapi_err_generic.h>
39 #include <gssapi/kgssapi_defs.h>
40 #include <sys/debug.h>
41 #include <k5-int.h>
42
43 /* mechglue wrappers */
44
45 static OM_uint32 k5glue_delete_sec_context
46 (void *, OM_uint32 *, /* minor_status */
47 gss_ctx_id_t *, /* context_handle */
48 gss_buffer_t, /* output_token */
49 OM_uint32);
50
51 static OM_uint32 k5glue_sign
52 (void *, OM_uint32 *, /* minor_status */
53 gss_ctx_id_t, /* context_handle */
54 int, /* qop_req */
55 gss_buffer_t, /* message_buffer */
56 gss_buffer_t, /* message_token */
57 OM_uint32);
58
59 static OM_uint32 k5glue_verify
60 (void *, OM_uint32 *, /* minor_status */
61 gss_ctx_id_t, /* context_handle */
62 gss_buffer_t, /* message_buffer */
63 gss_buffer_t, /* token_buffer */
64 int *, /* qop_state */
65 OM_uint32);
66
67 /* EXPORT DELETE START */
68 static OM_uint32 k5glue_seal
69 (void *, OM_uint32 *, /* minor_status */
70 gss_ctx_id_t, /* context_handle */
71 int, /* conf_req_flag */
72 int, /* qop_req */
73 gss_buffer_t, /* input_message_buffer */
74 int *, /* conf_state */
75 gss_buffer_t, /* output_message_buffer */
76 OM_uint32);
77
78 static OM_uint32 k5glue_unseal
79 (void *, OM_uint32 *, /* minor_status */
80 gss_ctx_id_t, /* context_handle */
81 gss_buffer_t, /* input_message_buffer */
82 gss_buffer_t, /* output_message_buffer */
83 int *, /* conf_state */
84 int *, /* qop_state */
85 OM_uint32);
86 /* EXPORT DELETE END */
87
88 static OM_uint32 k5glue_import_sec_context
89 (void *, OM_uint32 *, /* minor_status */
90 gss_buffer_t, /* interprocess_token */
91 gss_ctx_id_t *); /* context_handle */
92
93
94
95 static struct gss_config krb5_mechanism =
96 {{9, "\052\206\110\206\367\022\001\002\002"},
97 NULL, /* context */
98 NULL, /* next */
99 TRUE, /* uses_kmod */
100 /* EXPORT DELETE START */ /* CRYPT DELETE START */
101 k5glue_unseal,
102 /* EXPORT DELETE END */ /* CRYPT DELETE END */
103 k5glue_delete_sec_context,
104 /* EXPORT DELETE START */ /* CRYPT DELETE START */
105 k5glue_seal,
106 /* EXPORT DELETE END */ /* CRYPT DELETE END */
107 k5glue_import_sec_context,
108 /* EXPORT DELETE START */
109 /* CRYPT DELETE START */
110 #if 0
111 /* CRYPT DELETE END */
112 k5glue_seal,
113 k5glue_unseal,
114 /* CRYPT DELETE START */
115 #endif
116 /* CRYPT DELETE END */
117 /* EXPORT DELETE END */
118 k5glue_sign,
119 k5glue_verify,
120 };
121
122 static gss_mechanism
gss_mech_initialize()123 gss_mech_initialize()
124 {
125 return (&krb5_mechanism);
126 }
127
128
129 /*
130 * Module linkage information for the kernel.
131 */
132 extern struct mod_ops mod_miscops;
133
134 static struct modlmisc modlmisc = {
135 &mod_miscops, "Krb5 GSS mechanism"
136 };
137
138 static struct modlinkage modlinkage = {
139 MODREV_1,
140 (void *)&modlmisc,
141 NULL
142 };
143
144
145 static int krb5_fini_code = EBUSY;
146
147 int
_init()148 _init()
149 {
150 int retval;
151 gss_mechanism mech, tmp;
152
153 if ((retval = mod_install(&modlinkage)) != 0)
154 return (retval);
155
156 mech = gss_mech_initialize();
157
158 mutex_enter(&__kgss_mech_lock);
159 tmp = __kgss_get_mechanism(&mech->mech_type);
160 if (tmp != NULL) {
161
162 KRB5_LOG0(KRB5_INFO,
163 "KRB5 GSS mechanism: mechanism already in table.\n");
164
165 if (tmp->uses_kmod == TRUE) {
166 KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
167 "table supports kernel operations!\n");
168 }
169 /*
170 * keep us loaded, but let us be unloadable. This
171 * will give the developer time to trouble shoot
172 */
173 krb5_fini_code = 0;
174 } else {
175 __kgss_add_mechanism(mech);
176 ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
177 }
178 mutex_exit(&__kgss_mech_lock);
179
180 return (0);
181 }
182
183 int
_fini()184 _fini()
185 {
186 int ret = krb5_fini_code;
187
188 if (ret == 0) {
189 ret = (mod_remove(&modlinkage));
190 }
191 return (ret);
192 }
193
194 int
_info(struct modinfo * modinfop)195 _info(struct modinfo *modinfop)
196 {
197 return (mod_info(&modlinkage, modinfop));
198 }
199
200 /* ARGSUSED */
201 static OM_uint32
k5glue_delete_sec_context(ctx,minor_status,context_handle,output_token,gssd_ctx_verifier)202 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
203 gssd_ctx_verifier)
204 void *ctx;
205 OM_uint32 *minor_status;
206 gss_ctx_id_t *context_handle;
207 gss_buffer_t output_token;
208 OM_uint32 gssd_ctx_verifier;
209 {
210 return (krb5_gss_delete_sec_context(minor_status,
211 context_handle, output_token,
212 gssd_ctx_verifier));
213 }
214
215 /* V2 */
216 /* ARGSUSED */
217 static OM_uint32
k5glue_import_sec_context(ctx,minor_status,interprocess_token,context_handle)218 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
219 void *ctx;
220 OM_uint32 *minor_status;
221 gss_buffer_t interprocess_token;
222 gss_ctx_id_t *context_handle;
223 {
224 return (krb5_gss_import_sec_context(minor_status,
225 interprocess_token,
226 context_handle));
227 }
228
229 /* EXPORT DELETE START */
230 /* V1 only */
231 /* ARGSUSED */
232 static OM_uint32
k5glue_seal(ctx,minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer,gssd_ctx_verifier)233 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
234 input_message_buffer, conf_state, output_message_buffer,
235 gssd_ctx_verifier)
236 void *ctx;
237 OM_uint32 *minor_status;
238 gss_ctx_id_t context_handle;
239 int conf_req_flag;
240 int qop_req;
241 gss_buffer_t input_message_buffer;
242 int *conf_state;
243 gss_buffer_t output_message_buffer;
244 OM_uint32 gssd_ctx_verifier;
245 {
246 return (krb5_gss_seal(minor_status, context_handle,
247 conf_req_flag, qop_req, input_message_buffer,
248 conf_state, output_message_buffer, gssd_ctx_verifier));
249 }
250 /* EXPORT DELETE END */
251
252 /* ARGSUSED */
253 static OM_uint32
k5glue_sign(ctx,minor_status,context_handle,qop_req,message_buffer,message_token,gssd_ctx_verifier)254 k5glue_sign(ctx, minor_status, context_handle,
255 qop_req, message_buffer,
256 message_token, gssd_ctx_verifier)
257 void *ctx;
258 OM_uint32 *minor_status;
259 gss_ctx_id_t context_handle;
260 int qop_req;
261 gss_buffer_t message_buffer;
262 gss_buffer_t message_token;
263 OM_uint32 gssd_ctx_verifier;
264 {
265 return (krb5_gss_sign(minor_status, context_handle,
266 qop_req, message_buffer, message_token, gssd_ctx_verifier));
267 }
268
269 /* EXPORT DELETE START */
270 /* ARGSUSED */
271 static OM_uint32
k5glue_unseal(ctx,minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state,gssd_ctx_verifier)272 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
273 output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
274 void *ctx;
275 OM_uint32 *minor_status;
276 gss_ctx_id_t context_handle;
277 gss_buffer_t input_message_buffer;
278 gss_buffer_t output_message_buffer;
279 int *conf_state;
280 int *qop_state;
281 OM_uint32 gssd_ctx_verifier;
282 {
283 return (krb5_gss_unseal(minor_status, context_handle,
284 input_message_buffer, output_message_buffer,
285 conf_state, qop_state, gssd_ctx_verifier));
286 }
287 /* EXPORT DELETE END */
288
289 /* V1 only */
290 /* ARGSUSED */
291 static OM_uint32
k5glue_verify(ctx,minor_status,context_handle,message_buffer,token_buffer,qop_state,gssd_ctx_verifier)292 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
293 token_buffer, qop_state, gssd_ctx_verifier)
294 void *ctx;
295 OM_uint32 *minor_status;
296 gss_ctx_id_t context_handle;
297 gss_buffer_t message_buffer;
298 gss_buffer_t token_buffer;
299 int *qop_state;
300 OM_uint32 gssd_ctx_verifier;
301 {
302 return (krb5_gss_verify(minor_status,
303 context_handle,
304 message_buffer,
305 token_buffer,
306 qop_state, gssd_ctx_verifier));
307 }
308