From be57e75b00c1ba88332a570e83564f6cae5dba45 Mon Sep 17 00:00:00 2001 From: rmacklem Date: Sun, 19 Jun 2011 22:08:55 +0000 Subject: Fix the kgssapi so that it can be loaded as a module. Currently the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. Requested by rwatson. Reviewed by: jhb MFC after: 2 weeks --- sys/fs/nfs/nfs_commonkrpc.c | 14 +- sys/fs/nfsclient/nfs_clkrpc.c | 12 +- sys/fs/nfsserver/nfs_nfsdkrpc.c | 37 ++---- sys/kgssapi/gss_impl.c | 37 +++++- sys/modules/Makefile | 2 + sys/modules/kgssapi_krb5/Makefile | 3 +- sys/nfsclient/nfs_krpc.c | 12 +- sys/nfsserver/nfs_srvkrpc.c | 16 +-- sys/rpc/rpc_generic.c | 4 + sys/rpc/rpcsec_gss.h | 265 ++++++++++++++++++++++++++++++++++++++ 10 files changed, 333 insertions(+), 69 deletions(-) (limited to 'sys') diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c index 72df6c5..df23e49 100644 --- a/sys/fs/nfs/nfs_commonkrpc.c +++ b/sys/fs/nfs/nfs_commonkrpc.c @@ -323,9 +323,7 @@ newnfs_disconnect(struct nfssockreq *nrp) client = nrp->nr_client; nrp->nr_client = NULL; mtx_unlock(&nrp->nr_mtx); -#ifdef KGSSAPI - rpc_gss_secpurge(client); -#endif + rpc_gss_secpurge_call(client); CLNT_CLOSE(client); CLNT_RELEASE(client); } else { @@ -337,21 +335,18 @@ static AUTH * nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal, char *srv_principal, gss_OID mech_oid, struct ucred *cred) { -#ifdef KGSSAPI rpc_gss_service_t svc; AUTH *auth; #ifdef notyet rpc_gss_options_req_t req_options; #endif -#endif switch (secflavour) { -#ifdef KGSSAPI case RPCSEC_GSS_KRB5: case RPCSEC_GSS_KRB5I: case RPCSEC_GSS_KRB5P: if (!mech_oid) { - if (!rpc_gss_mech_to_oid("kerberosv5", &mech_oid)) + if (!rpc_gss_mech_to_oid_call("kerberosv5", &mech_oid)) return (NULL); } if (secflavour == RPCSEC_GSS_KRB5) @@ -367,7 +362,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal, req_options.input_channel_bindings = NULL; req_options.enc_type = nfs_keytab_enctype; - auth = rpc_gss_secfind(nrp->nr_client, cred, + auth = rpc_gss_secfind_call(nrp->nr_client, cred, clnt_principal, srv_principal, mech_oid, svc, &req_options); #else @@ -377,7 +372,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal, * principals. As such, that case cannot yet be handled. */ if (clnt_principal == NULL) - auth = rpc_gss_secfind(nrp->nr_client, cred, + auth = rpc_gss_secfind_call(nrp->nr_client, cred, srv_principal, mech_oid, svc); else auth = NULL; @@ -385,7 +380,6 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal, if (auth != NULL) return (auth); /* fallthrough */ -#endif /* KGSSAPI */ case AUTH_SYS: default: return (authunix_create(cred)); diff --git a/sys/fs/nfsclient/nfs_clkrpc.c b/sys/fs/nfsclient/nfs_clkrpc.c index c4f7e94..0cd41b3 100644 --- a/sys/fs/nfsclient/nfs_clkrpc.c +++ b/sys/fs/nfsclient/nfs_clkrpc.c @@ -215,12 +215,9 @@ nfscbd_addsock(struct file *fp) int nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args) { -#ifdef KGSSAPI char principal[128]; int error; -#endif -#ifdef KGSSAPI if (args != NULL) { error = copyinstr(args->principal, principal, sizeof(principal), NULL); @@ -229,7 +226,6 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args) } else { principal[0] = '\0'; } -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -244,20 +240,16 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args) NFSD_UNLOCK(); -#ifdef KGSSAPI if (principal[0] != '\0') - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS); -#endif nfscbd_pool->sp_minthreads = 4; nfscbd_pool->sp_maxthreads = 4; svc_run(nfscbd_pool); -#ifdef KGSSAPI - rpc_gss_clear_svc_name(NFS_CALLBCKPROG, NFSV4_CBVERS); -#endif + rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS); NFSD_LOCK(); nfs_numnfscbd--; diff --git a/sys/fs/nfsserver/nfs_nfsdkrpc.c b/sys/fs/nfsserver/nfs_nfsdkrpc.c index 8ce70fa..2484919 100644 --- a/sys/fs/nfsserver/nfs_nfsdkrpc.c +++ b/sys/fs/nfsserver/nfs_nfsdkrpc.c @@ -386,18 +386,14 @@ nfsrvd_addsock(struct file *fp) int nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args) { -#ifdef KGSSAPI char principal[MAXHOSTNAMELEN + 5]; int error; bool_t ret2, ret3, ret4; -#endif -#ifdef KGSSAPI error = copyinstr(args->principal, principal, sizeof (principal), NULL); if (error) return (error); -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -412,38 +408,29 @@ nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args) NFSD_UNLOCK(); -#ifdef KGSSAPI /* An empty string implies AUTH_SYS only. */ if (principal[0] != '\0') { - ret2 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); - ret3 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); - ret4 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER4); - - if (!ret2 || !ret3 || !ret4) { - NFSD_LOCK(); - newnfs_numnfsd--; - nfsrvd_init(1); - NFSD_UNLOCK(); - return (EAUTH); - } + ret2 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); + ret3 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); + ret4 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4); + + if (!ret2 || !ret3 || !ret4) + printf("nfsd: can't register svc name\n"); } -#endif nfsrvd_pool->sp_minthreads = args->minthreads; nfsrvd_pool->sp_maxthreads = args->maxthreads; svc_run(nfsrvd_pool); -#ifdef KGSSAPI if (principal[0] != '\0') { - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER4); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4); } -#endif NFSD_LOCK(); newnfs_numnfsd--; diff --git a/sys/kgssapi/gss_impl.c b/sys/kgssapi/gss_impl.c index 01d940a..09b0a4b 100644 --- a/sys/kgssapi/gss_impl.c +++ b/sys/kgssapi/gss_impl.c @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "gssd.h" #include "kgss_if.h" @@ -253,8 +254,40 @@ kgss_copy_buffer(const gss_buffer_t from, gss_buffer_t to) static int kgssapi_modevent(module_t mod, int type, void *data) { - - return (0); + int error = 0; + + switch (type) { + case MOD_LOAD: + rpc_gss_entries.rpc_gss_secfind = rpc_gss_secfind; + rpc_gss_entries.rpc_gss_secpurge = rpc_gss_secpurge; + rpc_gss_entries.rpc_gss_seccreate = rpc_gss_seccreate; + rpc_gss_entries.rpc_gss_set_defaults = rpc_gss_set_defaults; + rpc_gss_entries.rpc_gss_max_data_length = + rpc_gss_max_data_length; + rpc_gss_entries.rpc_gss_get_error = rpc_gss_get_error; + rpc_gss_entries.rpc_gss_mech_to_oid = rpc_gss_mech_to_oid; + rpc_gss_entries.rpc_gss_oid_to_mech = rpc_gss_oid_to_mech; + rpc_gss_entries.rpc_gss_qop_to_num = rpc_gss_qop_to_num; + rpc_gss_entries.rpc_gss_get_mechanisms = rpc_gss_get_mechanisms; + rpc_gss_entries.rpc_gss_get_versions = rpc_gss_get_versions; + rpc_gss_entries.rpc_gss_is_installed = rpc_gss_is_installed; + rpc_gss_entries.rpc_gss_set_svc_name = rpc_gss_set_svc_name; + rpc_gss_entries.rpc_gss_clear_svc_name = rpc_gss_clear_svc_name; + rpc_gss_entries.rpc_gss_getcred = rpc_gss_getcred; + rpc_gss_entries.rpc_gss_set_callback = rpc_gss_set_callback; + rpc_gss_entries.rpc_gss_clear_callback = rpc_gss_clear_callback; + rpc_gss_entries.rpc_gss_get_principal_name = + rpc_gss_get_principal_name; + rpc_gss_entries.rpc_gss_svc_max_data_length = + rpc_gss_svc_max_data_length; + break; + case MOD_UNLOAD: + /* Unloading of the kgssapi module isn't supported. */ + /* FALLTHROUGH */ + default: + error = EOPNOTSUPP; + }; + return (error); } static moduledata_t kgssapi_mod = { "kgssapi", diff --git a/sys/modules/Makefile b/sys/modules/Makefile index a83d56f..2dbc3d9 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -155,6 +155,8 @@ SUBDIR= ${_3dfx} \ jme \ joy \ kbdmux \ + kgssapi \ + kgssapi_krb5 \ khelp \ krpc \ ksyms \ diff --git a/sys/modules/kgssapi_krb5/Makefile b/sys/modules/kgssapi_krb5/Makefile index c2ee417..e5c3e30 100644 --- a/sys/modules/kgssapi_krb5/Makefile +++ b/sys/modules/kgssapi_krb5/Makefile @@ -8,7 +8,8 @@ SRCS= krb5_mech.c \ kcrypto_des.c \ kcrypto_des3.c \ kcrypto_aes.c \ - kcrypto_arcfour.c + kcrypto_arcfour.c \ + opt_inet6.h SRCS+= kgss_if.h gssd.h MFILES= kgssapi/kgss_if.m diff --git a/sys/nfsclient/nfs_krpc.c b/sys/nfsclient/nfs_krpc.c index 242d425..171f7aa 100644 --- a/sys/nfsclient/nfs_krpc.c +++ b/sys/nfsclient/nfs_krpc.c @@ -306,9 +306,7 @@ nfs_disconnect(struct nfsmount *nmp) client = nmp->nm_client; nmp->nm_client = NULL; mtx_unlock(&nmp->nm_mtx); -#ifdef KGSSAPI - rpc_gss_secpurge(client); -#endif + rpc_gss_secpurge_call(client); CLNT_CLOSE(client); CLNT_RELEASE(client); } else @@ -325,18 +323,15 @@ nfs_safedisconnect(struct nfsmount *nmp) static AUTH * nfs_getauth(struct nfsmount *nmp, struct ucred *cred) { -#ifdef KGSSAPI rpc_gss_service_t svc; AUTH *auth; -#endif switch (nmp->nm_secflavor) { -#ifdef KGSSAPI case RPCSEC_GSS_KRB5: case RPCSEC_GSS_KRB5I: case RPCSEC_GSS_KRB5P: if (!nmp->nm_mech_oid) - if (!rpc_gss_mech_to_oid("kerberosv5", + if (!rpc_gss_mech_to_oid_call("kerberosv5", &nmp->nm_mech_oid)) return (NULL); if (nmp->nm_secflavor == RPCSEC_GSS_KRB5) @@ -345,12 +340,11 @@ nfs_getauth(struct nfsmount *nmp, struct ucred *cred) svc = rpc_gss_svc_integrity; else svc = rpc_gss_svc_privacy; - auth = rpc_gss_secfind(nmp->nm_client, cred, + auth = rpc_gss_secfind_call(nmp->nm_client, cred, nmp->nm_principal, nmp->nm_mech_oid, svc); if (auth) return (auth); /* fallthrough */ -#endif case AUTH_SYS: default: return (authunix_create(cred)); diff --git a/sys/nfsserver/nfs_srvkrpc.c b/sys/nfsserver/nfs_srvkrpc.c index 512373b..3c60825 100644 --- a/sys/nfsserver/nfs_srvkrpc.c +++ b/sys/nfsserver/nfs_srvkrpc.c @@ -418,12 +418,9 @@ nfssvc_addsock(struct file *fp, struct thread *td) static int nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) { -#ifdef KGSSAPI char principal[128]; int error; -#endif -#ifdef KGSSAPI if (args) { error = copyinstr(args->principal, principal, sizeof(principal), NULL); @@ -434,7 +431,6 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) getcredhostname(td->td_ucred, principal + 4, sizeof(principal) - 4); } -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -449,12 +445,10 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) NFSD_UNLOCK(); -#ifdef KGSSAPI - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); -#endif if (args) { nfsrv_pool->sp_minthreads = args->minthreads; @@ -466,10 +460,8 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) svc_run(nfsrv_pool); -#ifdef KGSSAPI - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3); -#endif + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3); NFSD_LOCK(); nfsrv_numnfsd--; diff --git a/sys/rpc/rpc_generic.c b/sys/rpc/rpc_generic.c index fd39350..6adae38 100644 --- a/sys/rpc/rpc_generic.c +++ b/sys/rpc/rpc_generic.c @@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include @@ -69,6 +70,9 @@ extern u_long sb_max_adj; /* not defined in socketvar.h */ #define strrchr rindex #endif +/* Provide an entry point hook for the rpcsec_gss module. */ +struct rpc_gss_entries rpc_gss_entries; + struct handle { NCONF_HANDLE *nhandle; int nflag; /* Whether NETPATH or NETCONFIG */ diff --git a/sys/rpc/rpcsec_gss.h b/sys/rpc/rpcsec_gss.h index 563205c..94696f3 100644 --- a/sys/rpc/rpcsec_gss.h +++ b/sys/rpc/rpcsec_gss.h @@ -141,6 +141,271 @@ typedef struct { __BEGIN_DECLS #ifdef _KERNEL +/* + * Set up a structure of entry points for the kgssapi module and inline + * functions named rpc_gss_XXX_call() to use them, so that the kgssapi + * module doesn't need to be loaded for the NFS modules to work using + * AUTH_SYS. The kgssapi modules will be loaded by the gssd(8) daemon + * when it is started up and the entry points will then be filled in. + */ +typedef AUTH *rpc_gss_secfind_ftype(CLIENT *clnt, struct ucred *cred, + const char *principal, gss_OID mech_oid, + rpc_gss_service_t service); +typedef void rpc_gss_secpurge_ftype(CLIENT *clnt); +typedef AUTH *rpc_gss_seccreate_ftype(CLIENT *clnt, struct ucred *cred, + const char *principal, const char *mechanism, + rpc_gss_service_t service, const char *qop, + rpc_gss_options_req_t *options_req, + rpc_gss_options_ret_t *options_ret); +typedef bool_t rpc_gss_set_defaults_ftype(AUTH *auth, + rpc_gss_service_t service, const char *qop); +typedef int rpc_gss_max_data_length_ftype(AUTH *handle, + int max_tp_unit_len); +typedef void rpc_gss_get_error_ftype(rpc_gss_error_t *error); +typedef bool_t rpc_gss_mech_to_oid_ftype(const char *mech, gss_OID *oid_ret); +typedef bool_t rpc_gss_oid_to_mech_ftype(gss_OID oid, const char **mech_ret); +typedef bool_t rpc_gss_qop_to_num_ftype(const char *qop, const char *mech, + u_int *num_ret); +typedef const char **rpc_gss_get_mechanisms_ftype(void); +typedef bool_t rpc_gss_get_versions_ftype(u_int *vers_hi, u_int *vers_lo); +typedef bool_t rpc_gss_is_installed_ftype(const char *mech); +typedef bool_t rpc_gss_set_svc_name_ftype(const char *principal, + const char *mechanism, u_int req_time, u_int program, + u_int version); +typedef void rpc_gss_clear_svc_name_ftype(u_int program, u_int version); +typedef bool_t rpc_gss_getcred_ftype(struct svc_req *req, + rpc_gss_rawcred_t **rcred, + rpc_gss_ucred_t **ucred, void **cookie); +typedef bool_t rpc_gss_set_callback_ftype(rpc_gss_callback_t *cb); +typedef void rpc_gss_clear_callback_ftype(rpc_gss_callback_t *cb); +typedef bool_t rpc_gss_get_principal_name_ftype(rpc_gss_principal_t *principal, + const char *mech, const char *name, const char *node, + const char *domain); +typedef int rpc_gss_svc_max_data_length_ftype(struct svc_req *req, + int max_tp_unit_len); + +struct rpc_gss_entries { + rpc_gss_secfind_ftype *rpc_gss_secfind; + rpc_gss_secpurge_ftype *rpc_gss_secpurge; + rpc_gss_seccreate_ftype *rpc_gss_seccreate; + rpc_gss_set_defaults_ftype *rpc_gss_set_defaults; + rpc_gss_max_data_length_ftype *rpc_gss_max_data_length; + rpc_gss_get_error_ftype *rpc_gss_get_error; + rpc_gss_mech_to_oid_ftype *rpc_gss_mech_to_oid; + rpc_gss_oid_to_mech_ftype *rpc_gss_oid_to_mech; + rpc_gss_qop_to_num_ftype *rpc_gss_qop_to_num; + rpc_gss_get_mechanisms_ftype *rpc_gss_get_mechanisms; + rpc_gss_get_versions_ftype *rpc_gss_get_versions; + rpc_gss_is_installed_ftype *rpc_gss_is_installed; + rpc_gss_set_svc_name_ftype *rpc_gss_set_svc_name; + rpc_gss_clear_svc_name_ftype *rpc_gss_clear_svc_name; + rpc_gss_getcred_ftype *rpc_gss_getcred; + rpc_gss_set_callback_ftype *rpc_gss_set_callback; + rpc_gss_clear_callback_ftype *rpc_gss_clear_callback; + rpc_gss_get_principal_name_ftype *rpc_gss_get_principal_name; + rpc_gss_svc_max_data_length_ftype *rpc_gss_svc_max_data_length; +}; +extern struct rpc_gss_entries rpc_gss_entries; + +/* Functions to access the entry points. */ +static __inline AUTH * +rpc_gss_secfind_call(CLIENT *clnt, struct ucred *cred, const char *principal, + gss_OID mech_oid, rpc_gss_service_t service) +{ + AUTH *ret = NULL; + + if (rpc_gss_entries.rpc_gss_secfind != NULL) + ret = (*rpc_gss_entries.rpc_gss_secfind)(clnt, cred, principal, + mech_oid, service); + return (ret); +} + +static __inline void +rpc_gss_secpurge_call(CLIENT *clnt) +{ + + if (rpc_gss_entries.rpc_gss_secpurge != NULL) + (*rpc_gss_entries.rpc_gss_secpurge)(clnt); +} + +static __inline AUTH * +rpc_gss_seccreate_call(CLIENT *clnt, struct ucred *cred, const char *principal, + const char *mechanism, rpc_gss_service_t service, const char *qop, + rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret) +{ + AUTH *ret = NULL; + + if (rpc_gss_entries.rpc_gss_seccreate != NULL) + ret = (*rpc_gss_entries.rpc_gss_seccreate)(clnt, cred, + principal, mechanism, service, qop, options_req, + options_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_set_defaults_call(AUTH *auth, rpc_gss_service_t service, + const char *qop) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_defaults != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_defaults)(auth, service, + qop); + return (ret); +} + +static __inline int +rpc_gss_max_data_length_call(AUTH *handle, int max_tp_unit_len) +{ + int ret = 0; + + if (rpc_gss_entries.rpc_gss_max_data_length != NULL) + ret = (*rpc_gss_entries.rpc_gss_max_data_length)(handle, + max_tp_unit_len); + return (ret); +} + +static __inline void +rpc_gss_get_error_call(rpc_gss_error_t *error) +{ + + if (rpc_gss_entries.rpc_gss_get_error != NULL) + (*rpc_gss_entries.rpc_gss_get_error)(error); +} + +static __inline bool_t +rpc_gss_mech_to_oid_call(const char *mech, gss_OID *oid_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_mech_to_oid != NULL) + ret = (*rpc_gss_entries.rpc_gss_mech_to_oid)(mech, oid_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_oid_to_mech_call(gss_OID oid, const char **mech_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_oid_to_mech != NULL) + ret = (*rpc_gss_entries.rpc_gss_oid_to_mech)(oid, mech_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_qop_to_num_call(const char *qop, const char *mech, u_int *num_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_qop_to_num != NULL) + ret = (*rpc_gss_entries.rpc_gss_qop_to_num)(qop, mech, num_ret); + return (ret); +} + +static __inline const char ** +rpc_gss_get_mechanisms_call(void) +{ + const char **ret = NULL; + + if (rpc_gss_entries.rpc_gss_get_mechanisms != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_mechanisms)(); + return (ret); +} + +static __inline bool_t +rpc_gss_get_versions_call(u_int *vers_hi, u_int *vers_lo) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_get_versions != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_versions)(vers_hi, vers_lo); + return (ret); +} + +static __inline bool_t +rpc_gss_is_installed_call(const char *mech) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_is_installed != NULL) + ret = (*rpc_gss_entries.rpc_gss_is_installed)(mech); + return (ret); +} + +static __inline bool_t +rpc_gss_set_svc_name_call(const char *principal, const char *mechanism, + u_int req_time, u_int program, u_int version) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_svc_name != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_svc_name)(principal, + mechanism, req_time, program, version); + return (ret); +} + +static __inline void +rpc_gss_clear_svc_name_call(u_int program, u_int version) +{ + + if (rpc_gss_entries.rpc_gss_clear_svc_name != NULL) + (*rpc_gss_entries.rpc_gss_clear_svc_name)(program, version); +} + +static __inline bool_t +rpc_gss_getcred_call(struct svc_req *req, rpc_gss_rawcred_t **rcred, + rpc_gss_ucred_t **ucred, void **cookie) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_getcred != NULL) + ret = (*rpc_gss_entries.rpc_gss_getcred)(req, rcred, ucred, + cookie); + return (ret); +} + +static __inline bool_t +rpc_gss_set_callback_call(rpc_gss_callback_t *cb) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_callback != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_callback)(cb); + return (ret); +} + +static __inline void +rpc_gss_clear_callback_call(rpc_gss_callback_t *cb) +{ + + if (rpc_gss_entries.rpc_gss_clear_callback != NULL) + (*rpc_gss_entries.rpc_gss_clear_callback)(cb); +} + +static __inline bool_t +rpc_gss_get_principal_name_call(rpc_gss_principal_t *principal, + const char *mech, const char *name, const char *node, const char *domain) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_get_principal_name != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_principal_name)(principal, + mech, name, node, domain); + return (ret); +} + +static __inline int +rpc_gss_svc_max_data_length_call(struct svc_req *req, int max_tp_unit_len) +{ + int ret = 0; + + if (rpc_gss_entries.rpc_gss_svc_max_data_length != NULL) + ret = (*rpc_gss_entries.rpc_gss_svc_max_data_length)(req, + max_tp_unit_len); + return (ret); +} + AUTH *rpc_gss_secfind(CLIENT *clnt, struct ucred *cred, const char *principal, gss_OID mech_oid, rpc_gss_service_t service); void rpc_gss_secpurge(CLIENT *clnt); -- cgit v1.1