Changeset View
Changeset View
Standalone View
Standalone View
sys/kgssapi/gss_impl.c
Show All 25 Lines | |||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/jail.h> | |||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/kobj.h> | #include <sys/kobj.h> | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/malloc.h> | #include <sys/malloc.h> | ||||
#include <sys/module.h> | #include <sys/module.h> | ||||
#include <sys/mutex.h> | #include <sys/mutex.h> | ||||
#include <sys/osd.h> | |||||
#include <sys/priv.h> | #include <sys/priv.h> | ||||
#include <sys/proc.h> | |||||
#include <sys/syscall.h> | #include <sys/syscall.h> | ||||
#include <sys/sysent.h> | #include <sys/sysent.h> | ||||
#include <sys/sysproto.h> | #include <sys/sysproto.h> | ||||
#include <kgssapi/gssapi.h> | #include <kgssapi/gssapi.h> | ||||
#include <kgssapi/gssapi_impl.h> | #include <kgssapi/gssapi_impl.h> | ||||
#include <rpc/rpc.h> | #include <rpc/rpc.h> | ||||
#include <rpc/rpc_com.h> | #include <rpc/rpc_com.h> | ||||
#include <rpc/rpcsec_gss.h> | #include <rpc/rpcsec_gss.h> | ||||
#include "gssd.h" | #include "gssd.h" | ||||
#include "kgss_if.h" | #include "kgss_if.h" | ||||
MALLOC_DEFINE(M_GSSAPI, "GSS-API", "GSS-API"); | MALLOC_DEFINE(M_GSSAPI, "GSS-API", "GSS-API"); | ||||
/* | /* | ||||
* Syscall hooks | * Syscall hooks | ||||
*/ | */ | ||||
static struct syscall_helper_data gssd_syscalls[] = { | static struct syscall_helper_data gssd_syscalls[] = { | ||||
SYSCALL_INIT_HELPER(gssd_syscall), | SYSCALL_INIT_HELPER(gssd_syscall), | ||||
SYSCALL_INIT_LAST | SYSCALL_INIT_LAST | ||||
}; | }; | ||||
struct kgss_mech_list kgss_mechs; | struct kgss_mech_list kgss_mechs; | ||||
CLIENT *kgss_gssd_handle; | |||||
struct mtx kgss_gssd_lock; | struct mtx kgss_gssd_lock; | ||||
KGSS_VNET_DEFINE(CLIENT *, kgss_gssd_handle) = NULL; | |||||
static int | static int | ||||
kgss_load(void) | kgss_load(void) | ||||
{ | { | ||||
int error; | int error; | ||||
LIST_INIT(&kgss_mechs); | LIST_INIT(&kgss_mechs); | ||||
error = syscall_helper_register(gssd_syscalls, SY_THR_STATIC_KLD); | error = syscall_helper_register(gssd_syscalls, SY_THR_STATIC_KLD); | ||||
if (error != 0) | if (error != 0) | ||||
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | if (cl != NULL) { | ||||
*/ | */ | ||||
timo.tv_sec = 5 * 60; | timo.tv_sec = 5 * 60; | ||||
timo.tv_usec = 0; | timo.tv_usec = 0; | ||||
CLNT_CONTROL(cl, CLSET_TIMEOUT, &timo); | CLNT_CONTROL(cl, CLSET_TIMEOUT, &timo); | ||||
} | } | ||||
} else | } else | ||||
cl = NULL; | cl = NULL; | ||||
KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); | |||||
mtx_lock(&kgss_gssd_lock); | mtx_lock(&kgss_gssd_lock); | ||||
oldcl = kgss_gssd_handle; | oldcl = KGSS_VNET(kgss_gssd_handle); | ||||
kgss_gssd_handle = cl; | KGSS_VNET(kgss_gssd_handle) = cl; | ||||
mtx_unlock(&kgss_gssd_lock); | mtx_unlock(&kgss_gssd_lock); | ||||
KGSS_CURVNET_RESTORE(); | |||||
if (oldcl != NULL) { | if (oldcl != NULL) { | ||||
CLNT_CLOSE(oldcl); | CLNT_CLOSE(oldcl); | ||||
CLNT_RELEASE(oldcl); | CLNT_RELEASE(oldcl); | ||||
} | } | ||||
return (0); | return (0); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines | |||||
OM_uint32 | OM_uint32 | ||||
kgss_transfer_context(gss_ctx_id_t ctx) | kgss_transfer_context(gss_ctx_id_t ctx) | ||||
{ | { | ||||
struct export_sec_context_res res; | struct export_sec_context_res res; | ||||
struct export_sec_context_args args; | struct export_sec_context_args args; | ||||
enum clnt_stat stat; | enum clnt_stat stat; | ||||
OM_uint32 maj_stat; | OM_uint32 maj_stat; | ||||
if (!kgss_gssd_handle) | KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); | ||||
if (!KGSS_VNET(kgss_gssd_handle)) { | |||||
KGSS_CURVNET_RESTORE(); | |||||
return (GSS_S_FAILURE); | return (GSS_S_FAILURE); | ||||
} | |||||
args.ctx = ctx->handle; | args.ctx = ctx->handle; | ||||
bzero(&res, sizeof(res)); | bzero(&res, sizeof(res)); | ||||
stat = gssd_export_sec_context_1(&args, &res, kgss_gssd_handle); | stat = gssd_export_sec_context_1(&args, &res, KGSS_VNET(kgss_gssd_handle)); | ||||
KGSS_CURVNET_RESTORE(); | |||||
if (stat != RPC_SUCCESS) { | if (stat != RPC_SUCCESS) { | ||||
return (GSS_S_FAILURE); | return (GSS_S_FAILURE); | ||||
} | } | ||||
maj_stat = KGSS_IMPORT(ctx, res.format, &res.interprocess_token); | maj_stat = KGSS_IMPORT(ctx, res.format, &res.interprocess_token); | ||||
ctx->handle = 0; | ctx->handle = 0; | ||||
xdr_free((xdrproc_t) xdr_export_sec_context_res, &res); | xdr_free((xdrproc_t) xdr_export_sec_context_res, &res); | ||||
Show All 17 Lines | |||||
* Acquire the kgss_gssd_handle and return it with a reference count, | * Acquire the kgss_gssd_handle and return it with a reference count, | ||||
* if it is available. | * if it is available. | ||||
*/ | */ | ||||
CLIENT * | CLIENT * | ||||
kgss_gssd_client(void) | kgss_gssd_client(void) | ||||
{ | { | ||||
CLIENT *cl; | CLIENT *cl; | ||||
KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); | |||||
mtx_lock(&kgss_gssd_lock); | mtx_lock(&kgss_gssd_lock); | ||||
cl = kgss_gssd_handle; | cl = KGSS_VNET(kgss_gssd_handle); | ||||
if (cl != NULL) | if (cl != NULL) | ||||
CLNT_ACQUIRE(cl); | CLNT_ACQUIRE(cl); | ||||
mtx_unlock(&kgss_gssd_lock); | mtx_unlock(&kgss_gssd_lock); | ||||
KGSS_CURVNET_RESTORE(); | |||||
return (cl); | return (cl); | ||||
} | } | ||||
/* | /* | ||||
* Kernel module glue | * Kernel module glue | ||||
*/ | */ | ||||
static int | static int | ||||
kgssapi_modevent(module_t mod, int type, void *data) | kgssapi_modevent(module_t mod, int type, void *data) | ||||
{ | { | ||||
int error = 0; | int error = 0; | ||||
osd_method_t methods[PR_MAXMETHOD] = { | |||||
[PR_METHOD_REMOVE] = rpcgss_prison_cleanup, | |||||
}; | |||||
switch (type) { | switch (type) { | ||||
case MOD_LOAD: | case MOD_LOAD: | ||||
rpc_gss_entries.rpc_gss_refresh_auth = rpc_gss_refresh_auth; | rpc_gss_entries.rpc_gss_refresh_auth = rpc_gss_refresh_auth; | ||||
rpc_gss_entries.rpc_gss_secfind = rpc_gss_secfind; | rpc_gss_entries.rpc_gss_secfind = rpc_gss_secfind; | ||||
rpc_gss_entries.rpc_gss_secpurge = rpc_gss_secpurge; | rpc_gss_entries.rpc_gss_secpurge = rpc_gss_secpurge; | ||||
rpc_gss_entries.rpc_gss_seccreate = rpc_gss_seccreate; | rpc_gss_entries.rpc_gss_seccreate = rpc_gss_seccreate; | ||||
rpc_gss_entries.rpc_gss_set_defaults = rpc_gss_set_defaults; | rpc_gss_entries.rpc_gss_set_defaults = rpc_gss_set_defaults; | ||||
Show All 12 Lines | case MOD_LOAD: | ||||
rpc_gss_entries.rpc_gss_set_callback = rpc_gss_set_callback; | rpc_gss_entries.rpc_gss_set_callback = rpc_gss_set_callback; | ||||
rpc_gss_entries.rpc_gss_clear_callback = rpc_gss_clear_callback; | rpc_gss_entries.rpc_gss_clear_callback = rpc_gss_clear_callback; | ||||
rpc_gss_entries.rpc_gss_get_principal_name = | rpc_gss_entries.rpc_gss_get_principal_name = | ||||
rpc_gss_get_principal_name; | rpc_gss_get_principal_name; | ||||
rpc_gss_entries.rpc_gss_svc_max_data_length = | rpc_gss_entries.rpc_gss_svc_max_data_length = | ||||
rpc_gss_svc_max_data_length; | rpc_gss_svc_max_data_length; | ||||
mtx_init(&kgss_gssd_lock, "kgss_gssd_lock", NULL, MTX_DEF); | mtx_init(&kgss_gssd_lock, "kgss_gssd_lock", NULL, MTX_DEF); | ||||
error = kgss_load(); | error = kgss_load(); | ||||
/* XXX-BZ OSD to VNET? */ | |||||
if (error == 0) | |||||
osd_jail_register(NULL, methods); | |||||
break; | break; | ||||
case MOD_UNLOAD: | case MOD_UNLOAD: | ||||
kgss_unload(); | kgss_unload(); | ||||
mtx_destroy(&kgss_gssd_lock); | mtx_destroy(&kgss_gssd_lock); | ||||
/* | /* | ||||
* Unloading of the kgssapi module is not currently supported. | * Unloading of the kgssapi module is not currently supported. | ||||
* If somebody wants this, we would need to keep track of | * If somebody wants this, we would need to keep track of | ||||
* currently executing threads and make sure the count is 0. | * currently executing threads and make sure the count is 0. | ||||
Show All 16 Lines |