From owner-svn-src-stable-8@FreeBSD.ORG Mon Jul 4 00:24:59 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5C8E106566B; Mon, 4 Jul 2011 00:24:59 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D2FAD8FC08; Mon, 4 Jul 2011 00:24:59 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p640OxxQ046348; Mon, 4 Jul 2011 00:24:59 GMT (envelope-from rmacklem@svn.freebsd.org) Received: (from rmacklem@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p640OxkV046337; Mon, 4 Jul 2011 00:24:59 GMT (envelope-from rmacklem@svn.freebsd.org) Message-Id: <201107040024.p640OxkV046337@svn.freebsd.org> From: Rick Macklem Date: Mon, 4 Jul 2011 00:24:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r223748 - in stable/8/sys: fs/nfs fs/nfsclient fs/nfsserver kgssapi modules modules/kgssapi_krb5 nfsclient nfsserver rpc X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2011 00:25:00 -0000 Author: rmacklem Date: Mon Jul 4 00:24:59 2011 New Revision: 223748 URL: http://svn.freebsd.org/changeset/base/223748 Log: MFC: r223309 Fix the kgssapi so that it can be loaded as a module. Currently the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. Modified: stable/8/sys/fs/nfs/nfs_commonkrpc.c stable/8/sys/fs/nfsclient/nfs_clkrpc.c stable/8/sys/fs/nfsserver/nfs_nfsdkrpc.c stable/8/sys/kgssapi/gss_impl.c stable/8/sys/modules/Makefile stable/8/sys/modules/kgssapi_krb5/Makefile stable/8/sys/nfsclient/nfs_krpc.c stable/8/sys/nfsserver/nfs_srvkrpc.c stable/8/sys/rpc/rpc_generic.c stable/8/sys/rpc/rpcsec_gss.h Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/fs/nfs/nfs_commonkrpc.c ============================================================================== --- stable/8/sys/fs/nfs/nfs_commonkrpc.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/fs/nfs/nfs_commonkrpc.c Mon Jul 4 00:24:59 2011 (r223748) @@ -300,9 +300,7 @@ newnfs_disconnect(struct nfssockreq *nrp client = nrp->nr_client; nrp->nr_client = NULL; mtx_unlock(&nrp->nr_mtx); -#ifdef KGSSAPI - rpc_gss_secpurge(client); -#endif + rpc_gss_secpurge_call(client); CLNT_CLOSE(client); CLNT_RELEASE(client); } else { @@ -314,21 +312,18 @@ static AUTH * nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal, char *srv_principal, gss_OID mech_oid, struct ucred *cred) { -#ifdef KGSSAPI rpc_gss_service_t svc; AUTH *auth; #ifdef notyet rpc_gss_options_req_t req_options; #endif -#endif switch (secflavour) { -#ifdef KGSSAPI case RPCSEC_GSS_KRB5: case RPCSEC_GSS_KRB5I: case RPCSEC_GSS_KRB5P: if (!mech_oid) { - if (!rpc_gss_mech_to_oid("kerberosv5", &mech_oid)) + if (!rpc_gss_mech_to_oid_call("kerberosv5", &mech_oid)) return (NULL); } if (secflavour == RPCSEC_GSS_KRB5) @@ -344,7 +339,7 @@ nfs_getauth(struct nfssockreq *nrp, int req_options.input_channel_bindings = NULL; req_options.enc_type = nfs_keytab_enctype; - auth = rpc_gss_secfind(nrp->nr_client, cred, + auth = rpc_gss_secfind_call(nrp->nr_client, cred, clnt_principal, srv_principal, mech_oid, svc, &req_options); #else @@ -354,7 +349,7 @@ nfs_getauth(struct nfssockreq *nrp, int * principals. As such, that case cannot yet be handled. */ if (clnt_principal == NULL) - auth = rpc_gss_secfind(nrp->nr_client, cred, + auth = rpc_gss_secfind_call(nrp->nr_client, cred, srv_principal, mech_oid, svc); else auth = NULL; @@ -362,7 +357,6 @@ nfs_getauth(struct nfssockreq *nrp, int if (auth != NULL) return (auth); /* fallthrough */ -#endif /* KGSSAPI */ case AUTH_SYS: default: return (authunix_create(cred)); Modified: stable/8/sys/fs/nfsclient/nfs_clkrpc.c ============================================================================== --- stable/8/sys/fs/nfsclient/nfs_clkrpc.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/fs/nfsclient/nfs_clkrpc.c Mon Jul 4 00:24:59 2011 (r223748) @@ -217,12 +217,9 @@ nfscbd_addsock(struct file *fp) int nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args) { -#ifdef KGSSAPI char principal[128]; int error; -#endif -#ifdef KGSSAPI if (args != NULL) { error = copyinstr(args->principal, principal, sizeof(principal), NULL); @@ -231,7 +228,6 @@ nfscbd_nfsd(struct thread *td, struct nf } else { principal[0] = '\0'; } -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -246,20 +242,16 @@ nfscbd_nfsd(struct thread *td, struct nf NFSD_UNLOCK(); -#ifdef KGSSAPI if (principal[0] != '\0') - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS); -#endif nfscbd_pool->sp_minthreads = 4; nfscbd_pool->sp_maxthreads = 4; svc_run(nfscbd_pool); -#ifdef KGSSAPI - rpc_gss_clear_svc_name(NFS_CALLBCKPROG, NFSV4_CBVERS); -#endif + rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS); NFSD_LOCK(); nfs_numnfscbd--; Modified: stable/8/sys/fs/nfsserver/nfs_nfsdkrpc.c ============================================================================== --- stable/8/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/fs/nfsserver/nfs_nfsdkrpc.c Mon Jul 4 00:24:59 2011 (r223748) @@ -386,18 +386,14 @@ nfsrvd_addsock(struct file *fp) int nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args) { -#ifdef KGSSAPI char principal[MAXHOSTNAMELEN + 5]; int error; bool_t ret2, ret3, ret4; -#endif -#ifdef KGSSAPI error = copyinstr(args->principal, principal, sizeof (principal), NULL); if (error) return (error); -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -412,38 +408,29 @@ nfsrvd_nfsd(struct thread *td, struct nf NFSD_UNLOCK(); -#ifdef KGSSAPI /* An empty string implies AUTH_SYS only. */ if (principal[0] != '\0') { - ret2 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); - ret3 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); - ret4 = rpc_gss_set_svc_name(principal, "kerberosv5", - GSS_C_INDEFINITE, NFS_PROG, NFS_VER4); - - if (!ret2 || !ret3 || !ret4) { - NFSD_LOCK(); - newnfs_numnfsd--; - nfsrvd_init(1); - NFSD_UNLOCK(); - return (EAUTH); - } + ret2 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); + ret3 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); + ret4 = rpc_gss_set_svc_name_call(principal, + "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4); + + if (!ret2 || !ret3 || !ret4) + printf("nfsd: can't register svc name\n"); } -#endif nfsrvd_pool->sp_minthreads = args->minthreads; nfsrvd_pool->sp_maxthreads = args->maxthreads; svc_run(nfsrvd_pool); -#ifdef KGSSAPI if (principal[0] != '\0') { - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER4); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4); } -#endif NFSD_LOCK(); newnfs_numnfsd--; Modified: stable/8/sys/kgssapi/gss_impl.c ============================================================================== --- stable/8/sys/kgssapi/gss_impl.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/kgssapi/gss_impl.c Mon Jul 4 00:24:59 2011 (r223748) @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "gssd.h" #include "kgss_if.h" @@ -253,8 +254,40 @@ kgss_copy_buffer(const gss_buffer_t from static int kgssapi_modevent(module_t mod, int type, void *data) { + int error = 0; - return (0); + switch (type) { + case MOD_LOAD: + rpc_gss_entries.rpc_gss_secfind = rpc_gss_secfind; + rpc_gss_entries.rpc_gss_secpurge = rpc_gss_secpurge; + rpc_gss_entries.rpc_gss_seccreate = rpc_gss_seccreate; + rpc_gss_entries.rpc_gss_set_defaults = rpc_gss_set_defaults; + rpc_gss_entries.rpc_gss_max_data_length = + rpc_gss_max_data_length; + rpc_gss_entries.rpc_gss_get_error = rpc_gss_get_error; + rpc_gss_entries.rpc_gss_mech_to_oid = rpc_gss_mech_to_oid; + rpc_gss_entries.rpc_gss_oid_to_mech = rpc_gss_oid_to_mech; + rpc_gss_entries.rpc_gss_qop_to_num = rpc_gss_qop_to_num; + rpc_gss_entries.rpc_gss_get_mechanisms = rpc_gss_get_mechanisms; + rpc_gss_entries.rpc_gss_get_versions = rpc_gss_get_versions; + rpc_gss_entries.rpc_gss_is_installed = rpc_gss_is_installed; + rpc_gss_entries.rpc_gss_set_svc_name = rpc_gss_set_svc_name; + rpc_gss_entries.rpc_gss_clear_svc_name = rpc_gss_clear_svc_name; + rpc_gss_entries.rpc_gss_getcred = rpc_gss_getcred; + rpc_gss_entries.rpc_gss_set_callback = rpc_gss_set_callback; + rpc_gss_entries.rpc_gss_clear_callback = rpc_gss_clear_callback; + rpc_gss_entries.rpc_gss_get_principal_name = + rpc_gss_get_principal_name; + rpc_gss_entries.rpc_gss_svc_max_data_length = + rpc_gss_svc_max_data_length; + break; + case MOD_UNLOAD: + /* Unloading of the kgssapi module isn't supported. */ + /* FALLTHROUGH */ + default: + error = EOPNOTSUPP; + }; + return (error); } static moduledata_t kgssapi_mod = { "kgssapi", Modified: stable/8/sys/modules/Makefile ============================================================================== --- stable/8/sys/modules/Makefile Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/modules/Makefile Mon Jul 4 00:24:59 2011 (r223748) @@ -152,6 +152,8 @@ SUBDIR= ${_3dfx} \ jme \ joy \ kbdmux \ + kgssapi \ + kgssapi_krb5 \ khelp \ krpc \ ksyms \ Modified: stable/8/sys/modules/kgssapi_krb5/Makefile ============================================================================== --- stable/8/sys/modules/kgssapi_krb5/Makefile Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/modules/kgssapi_krb5/Makefile Mon Jul 4 00:24:59 2011 (r223748) @@ -8,7 +8,8 @@ SRCS= krb5_mech.c \ kcrypto_des.c \ kcrypto_des3.c \ kcrypto_aes.c \ - kcrypto_arcfour.c + kcrypto_arcfour.c \ + opt_inet6.h SRCS+= kgss_if.h gssd.h MFILES= kgssapi/kgss_if.m Modified: stable/8/sys/nfsclient/nfs_krpc.c ============================================================================== --- stable/8/sys/nfsclient/nfs_krpc.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/nfsclient/nfs_krpc.c Mon Jul 4 00:24:59 2011 (r223748) @@ -306,9 +306,7 @@ nfs_disconnect(struct nfsmount *nmp) client = nmp->nm_client; nmp->nm_client = NULL; mtx_unlock(&nmp->nm_mtx); -#ifdef KGSSAPI - rpc_gss_secpurge(client); -#endif + rpc_gss_secpurge_call(client); CLNT_CLOSE(client); CLNT_RELEASE(client); } else @@ -325,18 +323,15 @@ nfs_safedisconnect(struct nfsmount *nmp) static AUTH * nfs_getauth(struct nfsmount *nmp, struct ucred *cred) { -#ifdef KGSSAPI rpc_gss_service_t svc; AUTH *auth; -#endif switch (nmp->nm_secflavor) { -#ifdef KGSSAPI case RPCSEC_GSS_KRB5: case RPCSEC_GSS_KRB5I: case RPCSEC_GSS_KRB5P: if (!nmp->nm_mech_oid) - if (!rpc_gss_mech_to_oid("kerberosv5", + if (!rpc_gss_mech_to_oid_call("kerberosv5", &nmp->nm_mech_oid)) return (NULL); if (nmp->nm_secflavor == RPCSEC_GSS_KRB5) @@ -345,12 +340,11 @@ nfs_getauth(struct nfsmount *nmp, struct svc = rpc_gss_svc_integrity; else svc = rpc_gss_svc_privacy; - auth = rpc_gss_secfind(nmp->nm_client, cred, + auth = rpc_gss_secfind_call(nmp->nm_client, cred, nmp->nm_principal, nmp->nm_mech_oid, svc); if (auth) return (auth); /* fallthrough */ -#endif case AUTH_SYS: default: return (authunix_create(cred)); Modified: stable/8/sys/nfsserver/nfs_srvkrpc.c ============================================================================== --- stable/8/sys/nfsserver/nfs_srvkrpc.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/nfsserver/nfs_srvkrpc.c Mon Jul 4 00:24:59 2011 (r223748) @@ -418,12 +418,9 @@ nfssvc_addsock(struct file *fp, struct t static int nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) { -#ifdef KGSSAPI char principal[128]; int error; -#endif -#ifdef KGSSAPI if (args) { error = copyinstr(args->principal, principal, sizeof(principal), NULL); @@ -434,7 +431,6 @@ nfssvc_nfsd(struct thread *td, struct nf getcredhostname(td->td_ucred, principal + 4, sizeof(principal) - 4); } -#endif /* * Only the first nfsd actually does any work. The RPC code @@ -449,12 +445,10 @@ nfssvc_nfsd(struct thread *td, struct nf NFSD_UNLOCK(); -#ifdef KGSSAPI - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); - rpc_gss_set_svc_name(principal, "kerberosv5", + rpc_gss_set_svc_name_call(principal, "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); -#endif if (args) { nfsrv_pool->sp_minthreads = args->minthreads; @@ -466,10 +460,8 @@ nfssvc_nfsd(struct thread *td, struct nf svc_run(nfsrv_pool); -#ifdef KGSSAPI - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2); - rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3); -#endif + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2); + rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3); NFSD_LOCK(); nfsrv_numnfsd--; Modified: stable/8/sys/rpc/rpc_generic.c ============================================================================== --- stable/8/sys/rpc/rpc_generic.c Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/rpc/rpc_generic.c Mon Jul 4 00:24:59 2011 (r223748) @@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include @@ -69,6 +70,9 @@ extern u_long sb_max_adj; /* not defined #define strrchr rindex #endif +/* Provide an entry point hook for the rpcsec_gss module. */ +struct rpc_gss_entries rpc_gss_entries; + struct handle { NCONF_HANDLE *nhandle; int nflag; /* Whether NETPATH or NETCONFIG */ Modified: stable/8/sys/rpc/rpcsec_gss.h ============================================================================== --- stable/8/sys/rpc/rpcsec_gss.h Sun Jul 3 21:44:26 2011 (r223747) +++ stable/8/sys/rpc/rpcsec_gss.h Mon Jul 4 00:24:59 2011 (r223748) @@ -141,6 +141,271 @@ typedef struct { __BEGIN_DECLS #ifdef _KERNEL +/* + * Set up a structure of entry points for the kgssapi module and inline + * functions named rpc_gss_XXX_call() to use them, so that the kgssapi + * module doesn't need to be loaded for the NFS modules to work using + * AUTH_SYS. The kgssapi modules will be loaded by the gssd(8) daemon + * when it is started up and the entry points will then be filled in. + */ +typedef AUTH *rpc_gss_secfind_ftype(CLIENT *clnt, struct ucred *cred, + const char *principal, gss_OID mech_oid, + rpc_gss_service_t service); +typedef void rpc_gss_secpurge_ftype(CLIENT *clnt); +typedef AUTH *rpc_gss_seccreate_ftype(CLIENT *clnt, struct ucred *cred, + const char *principal, const char *mechanism, + rpc_gss_service_t service, const char *qop, + rpc_gss_options_req_t *options_req, + rpc_gss_options_ret_t *options_ret); +typedef bool_t rpc_gss_set_defaults_ftype(AUTH *auth, + rpc_gss_service_t service, const char *qop); +typedef int rpc_gss_max_data_length_ftype(AUTH *handle, + int max_tp_unit_len); +typedef void rpc_gss_get_error_ftype(rpc_gss_error_t *error); +typedef bool_t rpc_gss_mech_to_oid_ftype(const char *mech, gss_OID *oid_ret); +typedef bool_t rpc_gss_oid_to_mech_ftype(gss_OID oid, const char **mech_ret); +typedef bool_t rpc_gss_qop_to_num_ftype(const char *qop, const char *mech, + u_int *num_ret); +typedef const char **rpc_gss_get_mechanisms_ftype(void); +typedef bool_t rpc_gss_get_versions_ftype(u_int *vers_hi, u_int *vers_lo); +typedef bool_t rpc_gss_is_installed_ftype(const char *mech); +typedef bool_t rpc_gss_set_svc_name_ftype(const char *principal, + const char *mechanism, u_int req_time, u_int program, + u_int version); +typedef void rpc_gss_clear_svc_name_ftype(u_int program, u_int version); +typedef bool_t rpc_gss_getcred_ftype(struct svc_req *req, + rpc_gss_rawcred_t **rcred, + rpc_gss_ucred_t **ucred, void **cookie); +typedef bool_t rpc_gss_set_callback_ftype(rpc_gss_callback_t *cb); +typedef void rpc_gss_clear_callback_ftype(rpc_gss_callback_t *cb); +typedef bool_t rpc_gss_get_principal_name_ftype(rpc_gss_principal_t *principal, + const char *mech, const char *name, const char *node, + const char *domain); +typedef int rpc_gss_svc_max_data_length_ftype(struct svc_req *req, + int max_tp_unit_len); + +struct rpc_gss_entries { + rpc_gss_secfind_ftype *rpc_gss_secfind; + rpc_gss_secpurge_ftype *rpc_gss_secpurge; + rpc_gss_seccreate_ftype *rpc_gss_seccreate; + rpc_gss_set_defaults_ftype *rpc_gss_set_defaults; + rpc_gss_max_data_length_ftype *rpc_gss_max_data_length; + rpc_gss_get_error_ftype *rpc_gss_get_error; + rpc_gss_mech_to_oid_ftype *rpc_gss_mech_to_oid; + rpc_gss_oid_to_mech_ftype *rpc_gss_oid_to_mech; + rpc_gss_qop_to_num_ftype *rpc_gss_qop_to_num; + rpc_gss_get_mechanisms_ftype *rpc_gss_get_mechanisms; + rpc_gss_get_versions_ftype *rpc_gss_get_versions; + rpc_gss_is_installed_ftype *rpc_gss_is_installed; + rpc_gss_set_svc_name_ftype *rpc_gss_set_svc_name; + rpc_gss_clear_svc_name_ftype *rpc_gss_clear_svc_name; + rpc_gss_getcred_ftype *rpc_gss_getcred; + rpc_gss_set_callback_ftype *rpc_gss_set_callback; + rpc_gss_clear_callback_ftype *rpc_gss_clear_callback; + rpc_gss_get_principal_name_ftype *rpc_gss_get_principal_name; + rpc_gss_svc_max_data_length_ftype *rpc_gss_svc_max_data_length; +}; +extern struct rpc_gss_entries rpc_gss_entries; + +/* Functions to access the entry points. */ +static __inline AUTH * +rpc_gss_secfind_call(CLIENT *clnt, struct ucred *cred, const char *principal, + gss_OID mech_oid, rpc_gss_service_t service) +{ + AUTH *ret = NULL; + + if (rpc_gss_entries.rpc_gss_secfind != NULL) + ret = (*rpc_gss_entries.rpc_gss_secfind)(clnt, cred, principal, + mech_oid, service); + return (ret); +} + +static __inline void +rpc_gss_secpurge_call(CLIENT *clnt) +{ + + if (rpc_gss_entries.rpc_gss_secpurge != NULL) + (*rpc_gss_entries.rpc_gss_secpurge)(clnt); +} + +static __inline AUTH * +rpc_gss_seccreate_call(CLIENT *clnt, struct ucred *cred, const char *principal, + const char *mechanism, rpc_gss_service_t service, const char *qop, + rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret) +{ + AUTH *ret = NULL; + + if (rpc_gss_entries.rpc_gss_seccreate != NULL) + ret = (*rpc_gss_entries.rpc_gss_seccreate)(clnt, cred, + principal, mechanism, service, qop, options_req, + options_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_set_defaults_call(AUTH *auth, rpc_gss_service_t service, + const char *qop) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_defaults != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_defaults)(auth, service, + qop); + return (ret); +} + +static __inline int +rpc_gss_max_data_length_call(AUTH *handle, int max_tp_unit_len) +{ + int ret = 0; + + if (rpc_gss_entries.rpc_gss_max_data_length != NULL) + ret = (*rpc_gss_entries.rpc_gss_max_data_length)(handle, + max_tp_unit_len); + return (ret); +} + +static __inline void +rpc_gss_get_error_call(rpc_gss_error_t *error) +{ + + if (rpc_gss_entries.rpc_gss_get_error != NULL) + (*rpc_gss_entries.rpc_gss_get_error)(error); +} + +static __inline bool_t +rpc_gss_mech_to_oid_call(const char *mech, gss_OID *oid_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_mech_to_oid != NULL) + ret = (*rpc_gss_entries.rpc_gss_mech_to_oid)(mech, oid_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_oid_to_mech_call(gss_OID oid, const char **mech_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_oid_to_mech != NULL) + ret = (*rpc_gss_entries.rpc_gss_oid_to_mech)(oid, mech_ret); + return (ret); +} + +static __inline bool_t +rpc_gss_qop_to_num_call(const char *qop, const char *mech, u_int *num_ret) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_qop_to_num != NULL) + ret = (*rpc_gss_entries.rpc_gss_qop_to_num)(qop, mech, num_ret); + return (ret); +} + +static __inline const char ** +rpc_gss_get_mechanisms_call(void) +{ + const char **ret = NULL; + + if (rpc_gss_entries.rpc_gss_get_mechanisms != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_mechanisms)(); + return (ret); +} + +static __inline bool_t +rpc_gss_get_versions_call(u_int *vers_hi, u_int *vers_lo) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_get_versions != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_versions)(vers_hi, vers_lo); + return (ret); +} + +static __inline bool_t +rpc_gss_is_installed_call(const char *mech) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_is_installed != NULL) + ret = (*rpc_gss_entries.rpc_gss_is_installed)(mech); + return (ret); +} + +static __inline bool_t +rpc_gss_set_svc_name_call(const char *principal, const char *mechanism, + u_int req_time, u_int program, u_int version) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_svc_name != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_svc_name)(principal, + mechanism, req_time, program, version); + return (ret); +} + +static __inline void +rpc_gss_clear_svc_name_call(u_int program, u_int version) +{ + + if (rpc_gss_entries.rpc_gss_clear_svc_name != NULL) + (*rpc_gss_entries.rpc_gss_clear_svc_name)(program, version); +} + +static __inline bool_t +rpc_gss_getcred_call(struct svc_req *req, rpc_gss_rawcred_t **rcred, + rpc_gss_ucred_t **ucred, void **cookie) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_getcred != NULL) + ret = (*rpc_gss_entries.rpc_gss_getcred)(req, rcred, ucred, + cookie); + return (ret); +} + +static __inline bool_t +rpc_gss_set_callback_call(rpc_gss_callback_t *cb) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_set_callback != NULL) + ret = (*rpc_gss_entries.rpc_gss_set_callback)(cb); + return (ret); +} + +static __inline void +rpc_gss_clear_callback_call(rpc_gss_callback_t *cb) +{ + + if (rpc_gss_entries.rpc_gss_clear_callback != NULL) + (*rpc_gss_entries.rpc_gss_clear_callback)(cb); +} + +static __inline bool_t +rpc_gss_get_principal_name_call(rpc_gss_principal_t *principal, + const char *mech, const char *name, const char *node, const char *domain) +{ + bool_t ret = 1; + + if (rpc_gss_entries.rpc_gss_get_principal_name != NULL) + ret = (*rpc_gss_entries.rpc_gss_get_principal_name)(principal, + mech, name, node, domain); + return (ret); +} + +static __inline int +rpc_gss_svc_max_data_length_call(struct svc_req *req, int max_tp_unit_len) +{ + int ret = 0; + + if (rpc_gss_entries.rpc_gss_svc_max_data_length != NULL) + ret = (*rpc_gss_entries.rpc_gss_svc_max_data_length)(req, + max_tp_unit_len); + return (ret); +} + AUTH *rpc_gss_secfind(CLIENT *clnt, struct ucred *cred, const char *principal, gss_OID mech_oid, rpc_gss_service_t service); void rpc_gss_secpurge(CLIENT *clnt);