summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/fs/nfs/nfs_commonkrpc.c14
-rw-r--r--sys/fs/nfsclient/nfs_clkrpc.c12
-rw-r--r--sys/fs/nfsserver/nfs_nfsdkrpc.c37
-rw-r--r--sys/kgssapi/gss_impl.c37
-rw-r--r--sys/modules/Makefile2
-rw-r--r--sys/modules/kgssapi_krb5/Makefile3
-rw-r--r--sys/nfsclient/nfs_krpc.c12
-rw-r--r--sys/nfsserver/nfs_srvkrpc.c16
-rw-r--r--sys/rpc/rpc_generic.c4
-rw-r--r--sys/rpc/rpcsec_gss.h265
10 files changed, 333 insertions, 69 deletions
diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 72df6c5..df23e49 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -323,9 +323,7 @@ newnfs_disconnect(struct nfssockreq *nrp)
client = nrp->nr_client;
nrp->nr_client = NULL;
mtx_unlock(&nrp->nr_mtx);
-#ifdef KGSSAPI
- rpc_gss_secpurge(client);
-#endif
+ rpc_gss_secpurge_call(client);
CLNT_CLOSE(client);
CLNT_RELEASE(client);
} else {
@@ -337,21 +335,18 @@ static AUTH *
nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
char *srv_principal, gss_OID mech_oid, struct ucred *cred)
{
-#ifdef KGSSAPI
rpc_gss_service_t svc;
AUTH *auth;
#ifdef notyet
rpc_gss_options_req_t req_options;
#endif
-#endif
switch (secflavour) {
-#ifdef KGSSAPI
case RPCSEC_GSS_KRB5:
case RPCSEC_GSS_KRB5I:
case RPCSEC_GSS_KRB5P:
if (!mech_oid) {
- if (!rpc_gss_mech_to_oid("kerberosv5", &mech_oid))
+ if (!rpc_gss_mech_to_oid_call("kerberosv5", &mech_oid))
return (NULL);
}
if (secflavour == RPCSEC_GSS_KRB5)
@@ -367,7 +362,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
req_options.input_channel_bindings = NULL;
req_options.enc_type = nfs_keytab_enctype;
- auth = rpc_gss_secfind(nrp->nr_client, cred,
+ auth = rpc_gss_secfind_call(nrp->nr_client, cred,
clnt_principal, srv_principal, mech_oid, svc,
&req_options);
#else
@@ -377,7 +372,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
* principals. As such, that case cannot yet be handled.
*/
if (clnt_principal == NULL)
- auth = rpc_gss_secfind(nrp->nr_client, cred,
+ auth = rpc_gss_secfind_call(nrp->nr_client, cred,
srv_principal, mech_oid, svc);
else
auth = NULL;
@@ -385,7 +380,6 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
if (auth != NULL)
return (auth);
/* fallthrough */
-#endif /* KGSSAPI */
case AUTH_SYS:
default:
return (authunix_create(cred));
diff --git a/sys/fs/nfsclient/nfs_clkrpc.c b/sys/fs/nfsclient/nfs_clkrpc.c
index c4f7e94..0cd41b3 100644
--- a/sys/fs/nfsclient/nfs_clkrpc.c
+++ b/sys/fs/nfsclient/nfs_clkrpc.c
@@ -215,12 +215,9 @@ nfscbd_addsock(struct file *fp)
int
nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
{
-#ifdef KGSSAPI
char principal[128];
int error;
-#endif
-#ifdef KGSSAPI
if (args != NULL) {
error = copyinstr(args->principal, principal,
sizeof(principal), NULL);
@@ -229,7 +226,6 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
} else {
principal[0] = '\0';
}
-#endif
/*
* Only the first nfsd actually does any work. The RPC code
@@ -244,20 +240,16 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
NFSD_UNLOCK();
-#ifdef KGSSAPI
if (principal[0] != '\0')
- rpc_gss_set_svc_name(principal, "kerberosv5",
+ rpc_gss_set_svc_name_call(principal, "kerberosv5",
GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS);
-#endif
nfscbd_pool->sp_minthreads = 4;
nfscbd_pool->sp_maxthreads = 4;
svc_run(nfscbd_pool);
-#ifdef KGSSAPI
- rpc_gss_clear_svc_name(NFS_CALLBCKPROG, NFSV4_CBVERS);
-#endif
+ rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS);
NFSD_LOCK();
nfs_numnfscbd--;
diff --git a/sys/fs/nfsserver/nfs_nfsdkrpc.c b/sys/fs/nfsserver/nfs_nfsdkrpc.c
index 8ce70fa..2484919 100644
--- a/sys/fs/nfsserver/nfs_nfsdkrpc.c
+++ b/sys/fs/nfsserver/nfs_nfsdkrpc.c
@@ -386,18 +386,14 @@ nfsrvd_addsock(struct file *fp)
int
nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
{
-#ifdef KGSSAPI
char principal[MAXHOSTNAMELEN + 5];
int error;
bool_t ret2, ret3, ret4;
-#endif
-#ifdef KGSSAPI
error = copyinstr(args->principal, principal, sizeof (principal),
NULL);
if (error)
return (error);
-#endif
/*
* Only the first nfsd actually does any work. The RPC code
@@ -412,38 +408,29 @@ nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
NFSD_UNLOCK();
-#ifdef KGSSAPI
/* An empty string implies AUTH_SYS only. */
if (principal[0] != '\0') {
- ret2 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
- ret3 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
- ret4 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
-
- if (!ret2 || !ret3 || !ret4) {
- NFSD_LOCK();
- newnfs_numnfsd--;
- nfsrvd_init(1);
- NFSD_UNLOCK();
- return (EAUTH);
- }
+ ret2 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
+ ret3 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
+ ret4 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
+
+ if (!ret2 || !ret3 || !ret4)
+ printf("nfsd: can't register svc name\n");
}
-#endif
nfsrvd_pool->sp_minthreads = args->minthreads;
nfsrvd_pool->sp_maxthreads = args->maxthreads;
svc_run(nfsrvd_pool);
-#ifdef KGSSAPI
if (principal[0] != '\0') {
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2);
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3);
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER4);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4);
}
-#endif
NFSD_LOCK();
newnfs_numnfsd--;
diff --git a/sys/kgssapi/gss_impl.c b/sys/kgssapi/gss_impl.c
index 01d940a..09b0a4b 100644
--- a/sys/kgssapi/gss_impl.c
+++ b/sys/kgssapi/gss_impl.c
@@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
#include <kgssapi/gssapi_impl.h>
#include <rpc/rpc.h>
#include <rpc/rpc_com.h>
+#include <rpc/rpcsec_gss.h>
#include "gssd.h"
#include "kgss_if.h"
@@ -253,8 +254,40 @@ kgss_copy_buffer(const gss_buffer_t from, gss_buffer_t to)
static int
kgssapi_modevent(module_t mod, int type, void *data)
{
-
- return (0);
+ int error = 0;
+
+ switch (type) {
+ case MOD_LOAD:
+ rpc_gss_entries.rpc_gss_secfind = rpc_gss_secfind;
+ rpc_gss_entries.rpc_gss_secpurge = rpc_gss_secpurge;
+ rpc_gss_entries.rpc_gss_seccreate = rpc_gss_seccreate;
+ rpc_gss_entries.rpc_gss_set_defaults = rpc_gss_set_defaults;
+ rpc_gss_entries.rpc_gss_max_data_length =
+ rpc_gss_max_data_length;
+ rpc_gss_entries.rpc_gss_get_error = rpc_gss_get_error;
+ rpc_gss_entries.rpc_gss_mech_to_oid = rpc_gss_mech_to_oid;
+ rpc_gss_entries.rpc_gss_oid_to_mech = rpc_gss_oid_to_mech;
+ rpc_gss_entries.rpc_gss_qop_to_num = rpc_gss_qop_to_num;
+ rpc_gss_entries.rpc_gss_get_mechanisms = rpc_gss_get_mechanisms;
+ rpc_gss_entries.rpc_gss_get_versions = rpc_gss_get_versions;
+ rpc_gss_entries.rpc_gss_is_installed = rpc_gss_is_installed;
+ rpc_gss_entries.rpc_gss_set_svc_name = rpc_gss_set_svc_name;
+ rpc_gss_entries.rpc_gss_clear_svc_name = rpc_gss_clear_svc_name;
+ rpc_gss_entries.rpc_gss_getcred = rpc_gss_getcred;
+ rpc_gss_entries.rpc_gss_set_callback = rpc_gss_set_callback;
+ rpc_gss_entries.rpc_gss_clear_callback = rpc_gss_clear_callback;
+ rpc_gss_entries.rpc_gss_get_principal_name =
+ rpc_gss_get_principal_name;
+ rpc_gss_entries.rpc_gss_svc_max_data_length =
+ rpc_gss_svc_max_data_length;
+ break;
+ case MOD_UNLOAD:
+ /* Unloading of the kgssapi module isn't supported. */
+ /* FALLTHROUGH */
+ default:
+ error = EOPNOTSUPP;
+ };
+ return (error);
}
static moduledata_t kgssapi_mod = {
"kgssapi",
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index a83d56f..2dbc3d9 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -155,6 +155,8 @@ SUBDIR= ${_3dfx} \
jme \
joy \
kbdmux \
+ kgssapi \
+ kgssapi_krb5 \
khelp \
krpc \
ksyms \
diff --git a/sys/modules/kgssapi_krb5/Makefile b/sys/modules/kgssapi_krb5/Makefile
index c2ee417..e5c3e30 100644
--- a/sys/modules/kgssapi_krb5/Makefile
+++ b/sys/modules/kgssapi_krb5/Makefile
@@ -8,7 +8,8 @@ SRCS= krb5_mech.c \
kcrypto_des.c \
kcrypto_des3.c \
kcrypto_aes.c \
- kcrypto_arcfour.c
+ kcrypto_arcfour.c \
+ opt_inet6.h
SRCS+= kgss_if.h gssd.h
MFILES= kgssapi/kgss_if.m
diff --git a/sys/nfsclient/nfs_krpc.c b/sys/nfsclient/nfs_krpc.c
index 242d425..171f7aa 100644
--- a/sys/nfsclient/nfs_krpc.c
+++ b/sys/nfsclient/nfs_krpc.c
@@ -306,9 +306,7 @@ nfs_disconnect(struct nfsmount *nmp)
client = nmp->nm_client;
nmp->nm_client = NULL;
mtx_unlock(&nmp->nm_mtx);
-#ifdef KGSSAPI
- rpc_gss_secpurge(client);
-#endif
+ rpc_gss_secpurge_call(client);
CLNT_CLOSE(client);
CLNT_RELEASE(client);
} else
@@ -325,18 +323,15 @@ nfs_safedisconnect(struct nfsmount *nmp)
static AUTH *
nfs_getauth(struct nfsmount *nmp, struct ucred *cred)
{
-#ifdef KGSSAPI
rpc_gss_service_t svc;
AUTH *auth;
-#endif
switch (nmp->nm_secflavor) {
-#ifdef KGSSAPI
case RPCSEC_GSS_KRB5:
case RPCSEC_GSS_KRB5I:
case RPCSEC_GSS_KRB5P:
if (!nmp->nm_mech_oid)
- if (!rpc_gss_mech_to_oid("kerberosv5",
+ if (!rpc_gss_mech_to_oid_call("kerberosv5",
&nmp->nm_mech_oid))
return (NULL);
if (nmp->nm_secflavor == RPCSEC_GSS_KRB5)
@@ -345,12 +340,11 @@ nfs_getauth(struct nfsmount *nmp, struct ucred *cred)
svc = rpc_gss_svc_integrity;
else
svc = rpc_gss_svc_privacy;
- auth = rpc_gss_secfind(nmp->nm_client, cred,
+ auth = rpc_gss_secfind_call(nmp->nm_client, cred,
nmp->nm_principal, nmp->nm_mech_oid, svc);
if (auth)
return (auth);
/* fallthrough */
-#endif
case AUTH_SYS:
default:
return (authunix_create(cred));
diff --git a/sys/nfsserver/nfs_srvkrpc.c b/sys/nfsserver/nfs_srvkrpc.c
index 512373b..3c60825 100644
--- a/sys/nfsserver/nfs_srvkrpc.c
+++ b/sys/nfsserver/nfs_srvkrpc.c
@@ -418,12 +418,9 @@ nfssvc_addsock(struct file *fp, struct thread *td)
static int
nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
{
-#ifdef KGSSAPI
char principal[128];
int error;
-#endif
-#ifdef KGSSAPI
if (args) {
error = copyinstr(args->principal, principal,
sizeof(principal), NULL);
@@ -434,7 +431,6 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
getcredhostname(td->td_ucred, principal + 4,
sizeof(principal) - 4);
}
-#endif
/*
* Only the first nfsd actually does any work. The RPC code
@@ -449,12 +445,10 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
NFSD_UNLOCK();
-#ifdef KGSSAPI
- rpc_gss_set_svc_name(principal, "kerberosv5",
+ rpc_gss_set_svc_name_call(principal, "kerberosv5",
GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
- rpc_gss_set_svc_name(principal, "kerberosv5",
+ rpc_gss_set_svc_name_call(principal, "kerberosv5",
GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
-#endif
if (args) {
nfsrv_pool->sp_minthreads = args->minthreads;
@@ -466,10 +460,8 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
svc_run(nfsrv_pool);
-#ifdef KGSSAPI
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2);
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3);
-#endif
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
NFSD_LOCK();
nfsrv_numnfsd--;
diff --git a/sys/rpc/rpc_generic.c b/sys/rpc/rpc_generic.c
index fd39350..6adae38 100644
--- a/sys/rpc/rpc_generic.c
+++ b/sys/rpc/rpc_generic.c
@@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
#include <rpc/rpc.h>
#include <rpc/nettype.h>
+#include <rpc/rpcsec_gss.h>
#include <rpc/rpc_com.h>
@@ -69,6 +70,9 @@ extern u_long sb_max_adj; /* not defined in socketvar.h */
#define strrchr rindex
#endif
+/* Provide an entry point hook for the rpcsec_gss module. */
+struct rpc_gss_entries rpc_gss_entries;
+
struct handle {
NCONF_HANDLE *nhandle;
int nflag; /* Whether NETPATH or NETCONFIG */
diff --git a/sys/rpc/rpcsec_gss.h b/sys/rpc/rpcsec_gss.h
index 563205c..94696f3 100644
--- a/sys/rpc/rpcsec_gss.h
+++ b/sys/rpc/rpcsec_gss.h
@@ -141,6 +141,271 @@ typedef struct {
__BEGIN_DECLS
#ifdef _KERNEL
+/*
+ * Set up a structure of entry points for the kgssapi module and inline
+ * functions named rpc_gss_XXX_call() to use them, so that the kgssapi
+ * module doesn't need to be loaded for the NFS modules to work using
+ * AUTH_SYS. The kgssapi modules will be loaded by the gssd(8) daemon
+ * when it is started up and the entry points will then be filled in.
+ */
+typedef AUTH *rpc_gss_secfind_ftype(CLIENT *clnt, struct ucred *cred,
+ const char *principal, gss_OID mech_oid,
+ rpc_gss_service_t service);
+typedef void rpc_gss_secpurge_ftype(CLIENT *clnt);
+typedef AUTH *rpc_gss_seccreate_ftype(CLIENT *clnt, struct ucred *cred,
+ const char *principal, const char *mechanism,
+ rpc_gss_service_t service, const char *qop,
+ rpc_gss_options_req_t *options_req,
+ rpc_gss_options_ret_t *options_ret);
+typedef bool_t rpc_gss_set_defaults_ftype(AUTH *auth,
+ rpc_gss_service_t service, const char *qop);
+typedef int rpc_gss_max_data_length_ftype(AUTH *handle,
+ int max_tp_unit_len);
+typedef void rpc_gss_get_error_ftype(rpc_gss_error_t *error);
+typedef bool_t rpc_gss_mech_to_oid_ftype(const char *mech, gss_OID *oid_ret);
+typedef bool_t rpc_gss_oid_to_mech_ftype(gss_OID oid, const char **mech_ret);
+typedef bool_t rpc_gss_qop_to_num_ftype(const char *qop, const char *mech,
+ u_int *num_ret);
+typedef const char **rpc_gss_get_mechanisms_ftype(void);
+typedef bool_t rpc_gss_get_versions_ftype(u_int *vers_hi, u_int *vers_lo);
+typedef bool_t rpc_gss_is_installed_ftype(const char *mech);
+typedef bool_t rpc_gss_set_svc_name_ftype(const char *principal,
+ const char *mechanism, u_int req_time, u_int program,
+ u_int version);
+typedef void rpc_gss_clear_svc_name_ftype(u_int program, u_int version);
+typedef bool_t rpc_gss_getcred_ftype(struct svc_req *req,
+ rpc_gss_rawcred_t **rcred,
+ rpc_gss_ucred_t **ucred, void **cookie);
+typedef bool_t rpc_gss_set_callback_ftype(rpc_gss_callback_t *cb);
+typedef void rpc_gss_clear_callback_ftype(rpc_gss_callback_t *cb);
+typedef bool_t rpc_gss_get_principal_name_ftype(rpc_gss_principal_t *principal,
+ const char *mech, const char *name, const char *node,
+ const char *domain);
+typedef int rpc_gss_svc_max_data_length_ftype(struct svc_req *req,
+ int max_tp_unit_len);
+
+struct rpc_gss_entries {
+ rpc_gss_secfind_ftype *rpc_gss_secfind;
+ rpc_gss_secpurge_ftype *rpc_gss_secpurge;
+ rpc_gss_seccreate_ftype *rpc_gss_seccreate;
+ rpc_gss_set_defaults_ftype *rpc_gss_set_defaults;
+ rpc_gss_max_data_length_ftype *rpc_gss_max_data_length;
+ rpc_gss_get_error_ftype *rpc_gss_get_error;
+ rpc_gss_mech_to_oid_ftype *rpc_gss_mech_to_oid;
+ rpc_gss_oid_to_mech_ftype *rpc_gss_oid_to_mech;
+ rpc_gss_qop_to_num_ftype *rpc_gss_qop_to_num;
+ rpc_gss_get_mechanisms_ftype *rpc_gss_get_mechanisms;
+ rpc_gss_get_versions_ftype *rpc_gss_get_versions;
+ rpc_gss_is_installed_ftype *rpc_gss_is_installed;
+ rpc_gss_set_svc_name_ftype *rpc_gss_set_svc_name;
+ rpc_gss_clear_svc_name_ftype *rpc_gss_clear_svc_name;
+ rpc_gss_getcred_ftype *rpc_gss_getcred;
+ rpc_gss_set_callback_ftype *rpc_gss_set_callback;
+ rpc_gss_clear_callback_ftype *rpc_gss_clear_callback;
+ rpc_gss_get_principal_name_ftype *rpc_gss_get_principal_name;
+ rpc_gss_svc_max_data_length_ftype *rpc_gss_svc_max_data_length;
+};
+extern struct rpc_gss_entries rpc_gss_entries;
+
+/* Functions to access the entry points. */
+static __inline AUTH *
+rpc_gss_secfind_call(CLIENT *clnt, struct ucred *cred, const char *principal,
+ gss_OID mech_oid, rpc_gss_service_t service)
+{
+ AUTH *ret = NULL;
+
+ if (rpc_gss_entries.rpc_gss_secfind != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_secfind)(clnt, cred, principal,
+ mech_oid, service);
+ return (ret);
+}
+
+static __inline void
+rpc_gss_secpurge_call(CLIENT *clnt)
+{
+
+ if (rpc_gss_entries.rpc_gss_secpurge != NULL)
+ (*rpc_gss_entries.rpc_gss_secpurge)(clnt);
+}
+
+static __inline AUTH *
+rpc_gss_seccreate_call(CLIENT *clnt, struct ucred *cred, const char *principal,
+ const char *mechanism, rpc_gss_service_t service, const char *qop,
+ rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret)
+{
+ AUTH *ret = NULL;
+
+ if (rpc_gss_entries.rpc_gss_seccreate != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_seccreate)(clnt, cred,
+ principal, mechanism, service, qop, options_req,
+ options_ret);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_set_defaults_call(AUTH *auth, rpc_gss_service_t service,
+ const char *qop)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_set_defaults != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_set_defaults)(auth, service,
+ qop);
+ return (ret);
+}
+
+static __inline int
+rpc_gss_max_data_length_call(AUTH *handle, int max_tp_unit_len)
+{
+ int ret = 0;
+
+ if (rpc_gss_entries.rpc_gss_max_data_length != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_max_data_length)(handle,
+ max_tp_unit_len);
+ return (ret);
+}
+
+static __inline void
+rpc_gss_get_error_call(rpc_gss_error_t *error)
+{
+
+ if (rpc_gss_entries.rpc_gss_get_error != NULL)
+ (*rpc_gss_entries.rpc_gss_get_error)(error);
+}
+
+static __inline bool_t
+rpc_gss_mech_to_oid_call(const char *mech, gss_OID *oid_ret)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_mech_to_oid != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_mech_to_oid)(mech, oid_ret);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_oid_to_mech_call(gss_OID oid, const char **mech_ret)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_oid_to_mech != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_oid_to_mech)(oid, mech_ret);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_qop_to_num_call(const char *qop, const char *mech, u_int *num_ret)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_qop_to_num != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_qop_to_num)(qop, mech, num_ret);
+ return (ret);
+}
+
+static __inline const char **
+rpc_gss_get_mechanisms_call(void)
+{
+ const char **ret = NULL;
+
+ if (rpc_gss_entries.rpc_gss_get_mechanisms != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_get_mechanisms)();
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_get_versions_call(u_int *vers_hi, u_int *vers_lo)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_get_versions != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_get_versions)(vers_hi, vers_lo);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_is_installed_call(const char *mech)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_is_installed != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_is_installed)(mech);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_set_svc_name_call(const char *principal, const char *mechanism,
+ u_int req_time, u_int program, u_int version)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_set_svc_name != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_set_svc_name)(principal,
+ mechanism, req_time, program, version);
+ return (ret);
+}
+
+static __inline void
+rpc_gss_clear_svc_name_call(u_int program, u_int version)
+{
+
+ if (rpc_gss_entries.rpc_gss_clear_svc_name != NULL)
+ (*rpc_gss_entries.rpc_gss_clear_svc_name)(program, version);
+}
+
+static __inline bool_t
+rpc_gss_getcred_call(struct svc_req *req, rpc_gss_rawcred_t **rcred,
+ rpc_gss_ucred_t **ucred, void **cookie)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_getcred != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_getcred)(req, rcred, ucred,
+ cookie);
+ return (ret);
+}
+
+static __inline bool_t
+rpc_gss_set_callback_call(rpc_gss_callback_t *cb)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_set_callback != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_set_callback)(cb);
+ return (ret);
+}
+
+static __inline void
+rpc_gss_clear_callback_call(rpc_gss_callback_t *cb)
+{
+
+ if (rpc_gss_entries.rpc_gss_clear_callback != NULL)
+ (*rpc_gss_entries.rpc_gss_clear_callback)(cb);
+}
+
+static __inline bool_t
+rpc_gss_get_principal_name_call(rpc_gss_principal_t *principal,
+ const char *mech, const char *name, const char *node, const char *domain)
+{
+ bool_t ret = 1;
+
+ if (rpc_gss_entries.rpc_gss_get_principal_name != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_get_principal_name)(principal,
+ mech, name, node, domain);
+ return (ret);
+}
+
+static __inline int
+rpc_gss_svc_max_data_length_call(struct svc_req *req, int max_tp_unit_len)
+{
+ int ret = 0;
+
+ if (rpc_gss_entries.rpc_gss_svc_max_data_length != NULL)
+ ret = (*rpc_gss_entries.rpc_gss_svc_max_data_length)(req,
+ max_tp_unit_len);
+ return (ret);
+}
+
AUTH *rpc_gss_secfind(CLIENT *clnt, struct ucred *cred,
const char *principal, gss_OID mech_oid, rpc_gss_service_t service);
void rpc_gss_secpurge(CLIENT *clnt);
OpenPOWER on IntegriCloud