This directory is intended to help integrators of MIT krb5 code into the kernel by: 1. Identifying the GSSAPI source files necessary for wrapping and unwrapping messages. 2. Providing a test framework to ensuring that these source files do not grow addtional dependencies without alerting the developers. 3. Providing code for importing a Lucid sec context. Nothing is built in this directory during "make all". The following happens durng "make check": 1. Sources and headers are copied here from other parts of the tree. 2. Sources are compiled and built, together with some additional code in kernel_gss.c, into a static library named libkgss.a. Sources are built with -DKRB5_KERNEL, which is used (very sparingly) to eliminate dependencies such as the code to save error messages. 3. A test program is built in two parts: t_kgss_user is built against the regular ("user-space") GSSAPI libraries, and t_kgss_kernel is built against libkgss.a. 4. A Python test executes t_kgss_user, which runs t_kgss_kernel in a child process and exercises the functionality of libkgss.a. Limitations ----------- Lucid contexts are used to transport the acceptor context from user-space to kernel-space, because the code overhead of normal export/import is large (it requires the libkrb5 serialization framework). Kernel integrators should be aware of two issues with Lucid contexts: 1. They are not a flat data blob. It is up to the user/kernelspace interface to define a format for transporting the lucid context structure. 2. Lucid contexts do not convey the do-replay or do-sequence flags from the original context. RPC security does not need replay or sequence detection, so the krb5_gss_import_lucid_sec_context implementation in kernel_gss.c simply assumes the flags should be turned off. If the kernel GSS code is being used for a protocol which does need replay or sequence detection, those flags should be determined separately and set in the krb5 GSS context. Crypto library -------------- libkgss.a does not include crypto code. Almost all of the crypto library is required for a kernel integration, so it would not be productive to duplicate almost all of the crypto build infrastructure to demonstrate the kernel subset. A kernel integrator will almost certainly want to use the kernel's native PRNG instead of the default lib/crypto/krb/prng_fortuna.c, and may also wish to write a back end module implementing standard crypto primitives in terms of the kernel's crypto primitives, instead of using lib/crypto/builtin. A few pieces of crypto functionality can be omitted from a kernel subset. String-to-key is not needed, and consequently neither is PBKDF2. PRF is not needed, unless the integrator is adding krb5_gss_pseudo_random to the subset. The enctype utility APIs are not needed. DES and DES3 keys are only used via raw enctypes, so the functions in enc_old.c won't be reached. Because of the way the crypto library uses vtables internally, removing the unreached code is not simply a matter of selecting source files, and it may be simpler to just leave the small amount of unreached code in. A complete inventory of crypto APIs used by the kernel subset can be made with: nm libkgss.a | awk '/U .*_[ck]_/ {print $2}' | sort -u Currently, that list is: krb5_c_block_size krb5_c_checksum_length krb5_c_crypto_length krb5_c_make_checksum krb5_c_padding_length krb5_c_random_make_octets krb5int_c_free_keyblock krb5int_c_mandatory_cksumtype krb5_k_create_key krb5_k_decrypt krb5_k_decrypt_iov krb5_k_encrypt krb5_k_encrypt_iov krb5_k_free_key krb5_k_key_keyblock krb5_k_make_checksum krb5_k_make_checksum_iov krb5_k_verify_checksum krb5_k_verify_checksum_iov Debugging test failures ----------------------- If an error occurs in t_kgss_user, it can be debugged in the same way as any program running under the Python test framework. Start by re-running the Python script with the -v flag, then add a --debug option for the failing command, then set breakpoints or step through the process execution as necessary. If an error occurs in t_kgss_kernel, it is harder to debug, since t_kgss_user runs it as a subprocess. On Linux with gdb, it is possible to interactively debug t_kgss_kernel by starting an interactive gdb session for t_kgss_user and doing: set follow-fork-mode child break main run cont You should get a breakpoint in the main() of t_kgss_kernel and should be able to set breakpoints from there.