1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License").  You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22
23/*
24 * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27/*
28 * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
29 * Use is subject to license terms.
30 */
31
32/*
33 *  Kernel code to obtain client handle to gssd server
34 */
35
36#include <sys/types.h>
37#include <gssapi/gssapi.h>
38#include <gssapi/gssd_prot.h>
39#include <gssapi/kgssapi_defs.h>
40
41#include <sys/systm.h>
42#include <sys/vnode.h>
43#include <sys/uio.h>
44#include <sys/pathname.h>
45
46#define	GSSD_RETRY 5
47
48kmutex_t	gssrpcb_lock;
49zone_key_t	gss_zone_key;
50
51struct gss_globals {
52	enum clnt_stat		gss_last_stat;
53	struct netbuf		gss_netaddr;
54	struct knetconfig	gss_config;
55};
56
57/* ARGSUSED */
58void *
59gss_zone_init(zoneid_t zoneid)
60{
61	struct gss_globals *gssg;
62
63	gssg = kmem_zalloc(sizeof (*gssg), KM_SLEEP);
64	return (gssg);
65}
66
67/* ARGSUSED */
68void
69gss_zone_fini(zoneid_t zoneid, void *data)
70{
71	struct gss_globals *gssg = data;
72	struct netbuf *netaddrp = &gssg->gss_netaddr;
73
74	if (netaddrp->len != 0)
75		kmem_free(netaddrp->buf, netaddrp->maxlen);
76	kmem_free(gssg, sizeof (*gssg));
77}
78
79void
80killgssd_handle(CLIENT *client)
81{
82	struct rpc_err rpcerr;
83	struct gss_globals *gssg;
84
85	gssg = zone_getspecific(gss_zone_key, curproc->p_zone);
86	CLNT_GETERR(client, &rpcerr);
87	gssg->gss_last_stat = rpcerr.re_status;
88
89	AUTH_DESTROY(client->cl_auth);
90	CLNT_DESTROY(client);
91}
92
93CLIENT *
94getgssd_handle(void)
95{
96	struct vnode *vp;
97	int error;
98	CLIENT *clnt;
99	enum clnt_stat stat;
100	struct netbuf tmpaddr;
101	struct gss_globals *gssg;
102	struct netbuf *netaddrp;
103
104	gssg = zone_getspecific(gss_zone_key, curproc->p_zone);
105	/*
106	 * Cribbed from kerb_krpc.c. Really should do the config set up
107	 * in the _init routine.
108	 */
109	if (gssg->gss_config.knc_rdev == 0) {
110		if ((error = lookupname("/dev/ticotsord", UIO_SYSSPACE,
111		    FOLLOW, NULLVPP, &vp)) != 0) {
112			GSSLOG(1, "getgssd_handle: lookupname: %d\n", error);
113			return (NULL);
114		}
115		gssg->gss_config.knc_rdev = vp->v_rdev;
116		gssg->gss_config.knc_protofmly = loopback_name;
117		VN_RELE(vp);
118		gssg->gss_config.knc_semantics = NC_TPI_COTS_ORD;
119	}
120
121	/*
122	 * Contact rpcbind to get gssd's address only
123	 * once and re-use the address.
124	 */
125	mutex_enter(&gssrpcb_lock);
126	netaddrp = &gssg->gss_netaddr;
127
128	if (netaddrp->len == 0 || gssg->gss_last_stat != RPC_SUCCESS) {
129		if (netaddrp->buf != NULL)
130			kmem_free(netaddrp->buf, netaddrp->maxlen);
131
132		/* Set up netaddr to be "localhost." (strlen is 10) */
133		netaddrp->len = netaddrp->maxlen = 10;
134		netaddrp->buf = kmem_alloc(netaddrp->len, KM_SLEEP);
135		(void) strncpy(netaddrp->buf, "localhost.", netaddrp->len);
136
137		/* Get address of gssd from rpcbind */
138		stat = rpcbind_getaddr(&gssg->gss_config, GSSPROG, GSSVERS,
139		    netaddrp);
140		if (stat != RPC_SUCCESS) {
141			kmem_free(netaddrp->buf, netaddrp->maxlen);
142			netaddrp->buf = NULL;
143			netaddrp->len = netaddrp->maxlen = 0;
144			mutex_exit(&gssrpcb_lock);
145			return (NULL);
146		}
147	}
148
149	/*
150	 * Copy the netaddr information into a tmp location to
151	 * be used by clnt_tli_kcreate.  The purpose of this
152	 * is for MT race condition (ie. netaddr being modified
153	 * while it is being used.)
154	 */
155	tmpaddr.buf = kmem_zalloc(netaddrp->maxlen, KM_SLEEP);
156	bcopy(netaddrp->buf, tmpaddr.buf, netaddrp->maxlen);
157	tmpaddr.maxlen = netaddrp->maxlen;
158	tmpaddr.len = netaddrp->len;
159
160	mutex_exit(&gssrpcb_lock);
161
162	error = clnt_tli_kcreate(&gssg->gss_config, &tmpaddr, GSSPROG,
163	    GSSVERS, 0, GSSD_RETRY, kcred, &clnt);
164
165	kmem_free(tmpaddr.buf, tmpaddr.maxlen);
166
167	if (error != 0) {
168		GSSLOG(1,
169		"getgssd_handle: clnt_tli_kcreate: error %d\n", error);
170		return (NULL);
171	}
172
173	return (clnt);
174}
175