1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* A module for Kerberos V5 security mechanism.
*
*/
#pragma ident "%Z%%M% %I% %E% SMI"
char _depends_on[] = "misc/kgssapi crypto/md5";
#include <sys/types.h>
#include <sys/modctl.h>
#include <sys/errno.h>
#include <mechglueP.h>
#include <gssapiP_krb5.h>
#include <gssapi_err_generic.h>
#include <gssapi/kgssapi_defs.h>
#include <sys/debug.h>
#include <k5-int.h>
OM_uint32 krb5_gss_get_context(void ** context);
extern krb5_error_code krb5_ser_context_init
(krb5_context);
extern krb5_error_code krb5_ser_auth_context_init
(krb5_context);
static struct gss_config krb5_mechanism =
{{9, "\052\206\110\206\367\022\001\002\002"},
NULL, /* context */
NULL, /* next */
TRUE, /* uses_kmod */
/* EXPORT DELETE START */ /* CRYPT DELETE START */
krb5_gss_unseal,
/* EXPORT DELETE END */ /* CRYPT DELETE END */
krb5_gss_delete_sec_context,
/* EXPORT DELETE START */ /* CRYPT DELETE START */
krb5_gss_seal,
/* EXPORT DELETE END */ /* CRYPT DELETE END */
krb5_gss_import_sec_context,
/* EXPORT DELETE START */
/* CRYPT DELETE START */
#if 0
/* CRYPT DELETE END */
krb5_gss_seal,
krb5_gss_unseal,
/* CRYPT DELETE START */
#endif
/* CRYPT DELETE END */
/* EXPORT DELETE END */
krb5_gss_sign,
krb5_gss_verify,
};
static gss_mechanism
gss_mech_initialize()
{
(void) krb5_gss_get_context(&(krb5_mechanism.context));
return (&krb5_mechanism);
}
/*
* Module linkage information for the kernel.
*/
extern struct mod_ops mod_miscops;
static struct modlmisc modlmisc = {
&mod_miscops, "Krb5 GSS mechanism"
};
static struct modlinkage modlinkage = {
MODREV_1,
(void *)&modlmisc,
NULL
};
static int krb5_fini_code = EBUSY;
int
_init()
{
int retval;
gss_mechanism mech, tmp;
if ((retval = mod_install(&modlinkage)) != 0)
return (retval);
mech = gss_mech_initialize();
mutex_enter(&__kgss_mech_lock);
tmp = __kgss_get_mechanism(&mech->mech_type);
if (tmp != NULL) {
KRB5_LOG0(KRB5_INFO,
"KRB5 GSS mechanism: mechanism already in table.\n");
if (tmp->uses_kmod == TRUE) {
KRB5_LOG0(KRB5_INFO, "KRB5 GSS mechanism: mechanism "
"table supports kernel operations!\n");
}
/*
* keep us loaded, but let us be unloadable. This
* will give the developer time to trouble shoot
*/
krb5_fini_code = 0;
} else {
__kgss_add_mechanism(mech);
ASSERT(__kgss_get_mechanism(&mech->mech_type) == mech);
}
mutex_exit(&__kgss_mech_lock);
return (0);
}
int
_fini()
{
int ret = krb5_fini_code;
if (ret == 0) {
ret = (mod_remove(&modlinkage));
}
return (ret);
}
int
_info(struct modinfo *modinfop)
{
return (mod_info(&modlinkage, modinfop));
}
OM_uint32
krb5_gss_get_context(context)
void ** context;
{
OM_uint32 major_status = 0;
mutex_lock(&krb5_mutex);
if (context == NULL)
{
major_status = GSS_S_FAILURE;
goto unlock;
}
if (kg_context) {
*context = kg_context;
major_status = GSS_S_COMPLETE;
goto unlock;
}
if (krb5_init_context(&kg_context))
{
major_status = GSS_S_FAILURE;
goto unlock;
}
if (krb5_ser_auth_context_init(kg_context))
{
kg_context = 0;
major_status = GSS_S_FAILURE;
goto unlock;
}
*context = kg_context;
unlock:
mutex_unlock(&krb5_mutex);
return (major_status);
}
|