1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2011 Bayard G. Bell. All rights reserved.
25 *
26 * A module for Kerberos V5 security mechanism.
27 *
28 */
29
30 #include <sys/types.h>
31 #include <sys/modctl.h>
32 #include <sys/errno.h>
33 #include <mechglueP.h>
34 #include <gssapiP_krb5.h>
35 #include <gssapi_err_generic.h>
36 #include <gssapi/kgssapi_defs.h>
37 #include <sys/debug.h>
38 #include <k5-int.h>
39
40 /* mechglue wrappers */
41
42 static OM_uint32 k5glue_delete_sec_context
43 (void *, OM_uint32 *, /* minor_status */
44 gss_ctx_id_t *, /* context_handle */
45 gss_buffer_t, /* output_token */
46 OM_uint32);
47
48 static OM_uint32 k5glue_sign
49 (void *, OM_uint32 *, /* minor_status */
50 gss_ctx_id_t, /* context_handle */
51 int, /* qop_req */
52 gss_buffer_t, /* message_buffer */
53 gss_buffer_t, /* message_token */
54 OM_uint32);
55
56 static OM_uint32 k5glue_verify
57 (void *, OM_uint32 *, /* minor_status */
58 gss_ctx_id_t, /* context_handle */
59 gss_buffer_t, /* message_buffer */
60 gss_buffer_t, /* token_buffer */
61 int *, /* qop_state */
62 OM_uint32);
63
64 /* EXPORT DELETE START */
65 static OM_uint32 k5glue_seal
66 (void *, OM_uint32 *, /* minor_status */
67 gss_ctx_id_t, /* context_handle */
68 int, /* conf_req_flag */
69 int, /* qop_req */
70 gss_buffer_t, /* input_message_buffer */
71 int *, /* conf_state */
72 gss_buffer_t, /* output_message_buffer */
73 OM_uint32);
74
75 static OM_uint32 k5glue_unseal
76 (void *, OM_uint32 *, /* minor_status */
77 gss_ctx_id_t, /* context_handle */
78 gss_buffer_t, /* input_message_buffer */
79 gss_buffer_t, /* output_message_buffer */
80 int *, /* conf_state */
81 int *, /* qop_state */
82 OM_uint32);
83 /* EXPORT DELETE END */
84
85 static OM_uint32 k5glue_import_sec_context
86 (void *, OM_uint32 *, /* minor_status */
87 gss_buffer_t, /* interprocess_token */
88 gss_ctx_id_t *); /* context_handle */
89
90
91
92 static struct gss_config krb5_mechanism =
93 {{9, "\052\206\110\206\367\022\001\002\002"},
94 NULL, /* context */
95 NULL, /* next */
96 TRUE, /* uses_kmod */
97 /* EXPORT DELETE START */ /* CRYPT DELETE START */
98 k5glue_unseal,
99 /* EXPORT DELETE END */ /* CRYPT DELETE END */
100 k5glue_delete_sec_context,
101 /* EXPORT DELETE START */ /* CRYPT DELETE START */
102 k5glue_seal,
103 /* EXPORT DELETE END */ /* CRYPT DELETE END */
104 k5glue_import_sec_context,
105 /* EXPORT DELETE START */
106 /* CRYPT DELETE START */
107 #if 0
108 /* CRYPT DELETE END */
109 k5glue_seal,
110 k5glue_unseal,
111 /* CRYPT DELETE START */
112 #endif
113 /* CRYPT DELETE END */
114 /* EXPORT DELETE END */
115 k5glue_sign,
116 k5glue_verify,
117 };
118
119 static gss_mechanism
120 gss_mech_initialize()
121 {
122 return (&krb5_mechanism);
123 }
124
125
126 /*
127 * Module linkage information for the kernel.
128 */
129 extern struct mod_ops mod_miscops;
130
131 static struct modlmisc modlmisc = {
132 &mod_miscops, "Krb5 GSS mechanism"
133 };
134
135 static struct modlinkage modlinkage = {
136 MODREV_1,
137 (void *)&modlmisc,
138 NULL
139 };
140
141
142 static int krb5_fini_code = EBUSY;
143
144 int
145 _init()
146 {
147 int retval;
148 gss_mechanism mech, tmp;
149
150 if ((retval = mod_install(&modlinkage)) != 0)
151 return (retval);
152
153 mech = gss_mech_initialize();
154
155 mutex_enter(&__kgss_mech_lock);
156 tmp = __kgss_get_mechanism(&mech->mech_type);
157 if (tmp != NULL) {
158
159 KRB5_LOG0(KRB5_INFO,
160 "KRB5 GSS mechanism: mechanism already in table.\n");
161
162 if (tmp->uses_kmod == TRUE) {
163 KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
164 "table supports kernel operations!\n");
165 }
166 /*
167 * keep us loaded, but let us be unloadable. This
168 * will give the developer time to trouble shoot
169 */
170 krb5_fini_code = 0;
171 } else {
172 __kgss_add_mechanism(mech);
173 ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
174 }
175 mutex_exit(&__kgss_mech_lock);
176
177 return (0);
178 }
179
180 int
181 _fini()
182 {
183 int ret = krb5_fini_code;
184
185 if (ret == 0) {
186 ret = (mod_remove(&modlinkage));
187 }
188 return (ret);
189 }
190
191 int
192 _info(struct modinfo *modinfop)
193 {
194 return (mod_info(&modlinkage, modinfop));
195 }
196
197 /* ARGSUSED */
198 static OM_uint32
199 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token,
200 gssd_ctx_verifier)
201 void *ctx;
202 OM_uint32 *minor_status;
203 gss_ctx_id_t *context_handle;
204 gss_buffer_t output_token;
205 OM_uint32 gssd_ctx_verifier;
206 {
207 return (krb5_gss_delete_sec_context(minor_status,
208 context_handle, output_token,
209 gssd_ctx_verifier));
210 }
211
212 /* V2 */
213 /* ARGSUSED */
214 static OM_uint32
215 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
216 void *ctx;
217 OM_uint32 *minor_status;
218 gss_buffer_t interprocess_token;
219 gss_ctx_id_t *context_handle;
220 {
221 return (krb5_gss_import_sec_context(minor_status,
222 interprocess_token,
223 context_handle));
224 }
225
226 /* EXPORT DELETE START */
227 /* V1 only */
228 /* ARGSUSED */
229 static OM_uint32
230 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
231 input_message_buffer, conf_state, output_message_buffer,
232 gssd_ctx_verifier)
233 void *ctx;
234 OM_uint32 *minor_status;
235 gss_ctx_id_t context_handle;
236 int conf_req_flag;
237 int qop_req;
238 gss_buffer_t input_message_buffer;
239 int *conf_state;
240 gss_buffer_t output_message_buffer;
241 OM_uint32 gssd_ctx_verifier;
242 {
243 return (krb5_gss_seal(minor_status, context_handle,
244 conf_req_flag, qop_req, input_message_buffer,
245 conf_state, output_message_buffer, gssd_ctx_verifier));
246 }
247 /* EXPORT DELETE END */
248
249 /* ARGSUSED */
250 static OM_uint32
251 k5glue_sign(ctx, minor_status, context_handle,
252 qop_req, message_buffer,
253 message_token, gssd_ctx_verifier)
254 void *ctx;
255 OM_uint32 *minor_status;
256 gss_ctx_id_t context_handle;
257 int qop_req;
258 gss_buffer_t message_buffer;
259 gss_buffer_t message_token;
260 OM_uint32 gssd_ctx_verifier;
261 {
262 return (krb5_gss_sign(minor_status, context_handle,
263 qop_req, message_buffer, message_token, gssd_ctx_verifier));
264 }
265
266 /* EXPORT DELETE START */
267 /* ARGSUSED */
268 static OM_uint32
269 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
270 output_message_buffer, conf_state, qop_state, gssd_ctx_verifier)
271 void *ctx;
272 OM_uint32 *minor_status;
273 gss_ctx_id_t context_handle;
274 gss_buffer_t input_message_buffer;
275 gss_buffer_t output_message_buffer;
276 int *conf_state;
277 int *qop_state;
278 OM_uint32 gssd_ctx_verifier;
279 {
280 return (krb5_gss_unseal(minor_status, context_handle,
281 input_message_buffer, output_message_buffer,
282 conf_state, qop_state, gssd_ctx_verifier));
283 }
284 /* EXPORT DELETE END */
285
286 /* V1 only */
287 /* ARGSUSED */
288 static OM_uint32
289 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
290 token_buffer, qop_state, gssd_ctx_verifier)
291 void *ctx;
292 OM_uint32 *minor_status;
293 gss_ctx_id_t context_handle;
294 gss_buffer_t message_buffer;
295 gss_buffer_t token_buffer;
296 int *qop_state;
297 OM_uint32 gssd_ctx_verifier;
298 {
299 return (krb5_gss_verify(minor_status,
300 context_handle,
301 message_buffer,
302 token_buffer,
303 qop_state, gssd_ctx_verifier));
304 }