#include <wintirpc.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <rpc/rpc.h>#include <gssapi/gssapi.h>
Include dependency graph for svc_auth_gss.c:
Go to the source code of this file.
Classes | |
| struct | gss_union_ctx_id_t |
| struct | svc_rpc_gss_data |
Macros | |
| #define | SVCAUTH_PRIVATE(auth) ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) |
Typedefs | |
| typedef struct gss_union_ctx_id_t | gss_union_ctx_id_desc |
| typedef struct gss_union_ctx_id_t * | gss_union_ctx_id_t |
Functions | |
| static bool_t | svcauth_gss_destroy () |
| static bool_t | svcauth_gss_wrap () |
| static bool_t | svcauth_gss_unwrap () |
| bool_t | svcauth_gss_set_svc_name (gss_name_t name) |
| static bool_t | svcauth_gss_import_name (char *service) |
| static bool_t | svcauth_gss_acquire_cred (void) |
| static bool_t | svcauth_gss_release_cred (void) |
| static bool_t | svcauth_gss_accept_sec_context (struct svc_req *rqst, struct rpc_gss_init_res *gr) |
| static bool_t | svcauth_gss_validate (struct svc_rpc_gss_data *gd, struct rpc_msg *msg) |
| bool_t | svcauth_gss_nextverf (struct svc_req *rqst, u_int num) |
| enum auth_stat | _svcauth_gss (struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) |
| bool_t | svcauth_gss_destroy (SVCAUTH *auth) |
| bool_t | svcauth_gss_wrap (SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) |
| bool_t | svcauth_gss_unwrap (SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) |
| char * | svcauth_gss_get_principal (SVCAUTH *auth) |
Variables | |
| SVCAUTH | svc_auth_none |
| struct svc_auth_ops | svc_auth_gss_ops |
| gss_cred_id_t | _svcauth_gss_creds |
| static gss_name_t | _svcauth_gss_name = NULL |
Macro Definition Documentation
◆ SVCAUTH_PRIVATE
| #define SVCAUTH_PRIVATE | ( | auth | ) | ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) |
Definition at line 78 of file svc_auth_gss.c.
Typedef Documentation
◆ gss_union_ctx_id_desc
◆ gss_union_ctx_id_t
| typedef struct gss_union_ctx_id_t * gss_union_ctx_id_t |
Function Documentation
◆ _svcauth_gss()
Definition at line 367 of file svc_auth_gss.c.
368{
369 XDR xdrs;
370 SVCAUTH *auth;
375
377
378 /* Initialize reply. */
380
381 /* Allocate and set up server auth handle. */
387 }
391 }
395 }
397
398 /* Deserialize client credentials. */
401
404
407
409 XDR_DESTROY(&xdrs);
411 }
412 XDR_DESTROY(&xdrs);
413
414 /* Check version. */
417
418 /* Check RPCSEC_GSS service. */
423
424 /* Check sequence number. */
428
433 offset = 0;
434 }
436 *no_dispatch = 1;
438 }
441 }
442
446 }
447
448 /* Handle RPCSEC_GSS control procedure. */
450
455
459 }
460
463
466
469
470 *no_dispatch = TRUE;
471
474
475 if (!call_stat)
477
478 if (gr.gr_major == GSS_S_COMPLETE)
480
481 break;
482
486
489 break;
490
494
497
500
503
506
507 break;
508
509 default:
511 break;
512 }
514}
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
Definition: authgss_prot.c:86
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
Definition: authgss_prot.c:48
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
Definition: svc_auth.h:47
struct __svcauth::svc_auth_ops * svc_ah_ops
Definition: auth_gss.h:108
Definition: auth_gss.h:117
Definition: svc_auth_gss.c:66
bool_t svc_sendreply(SVCXPRT *xprt, xdrproc_t xdr_results, void *xdr_location)
Definition: svc.c:399
static bool_t svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
Definition: svc_auth_gss.c:284
bool_t svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
Definition: svc_auth_gss.c:336
static bool_t svcauth_gss_import_name(char *service)
Definition: svc_auth_gss.c:112
static bool_t svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr)
Definition: svc_auth_gss.c:175
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94
◆ svcauth_gss_accept_sec_context()
|
static |
Definition at line 175 of file svc_auth_gss.c.
177{
180 gss_buffer_desc recv_tok, seqbuf, checksum;
181 gss_OID mech;
182 OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
183
185
189
190 /* Deserialize arguments. */
192
194 (caddr_t)&recv_tok))
196
198 &gd->ctx,
199 _svcauth_gss_creds,
200 &recv_tok,
201 GSS_C_NO_CHANNEL_BINDINGS,
202 &gd->client_name,
203 &mech,
204 &gr->gr_token,
205 &ret_flags,
206 NULL,
207 NULL);
208
210 gr->gr_major != GSS_S_CONTINUE_NEEDED) {
212 gd->ctx = GSS_C_NO_CONTEXT;
213 gss_release_buffer(&min_stat, &gr->gr_token);
215 }
216 /* ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
217 * one to the mechanism oid, one to the internal_ctx_id */
221 }
224
225 /* ANDROS: change for debugging linux kernel version...
226 gr->gr_win = sizeof(gd->seqmask) * 8;
227 */
228 gr->gr_win = 0x00000005;
229
230 /* Save client info. */
231 gd->sec.mech = mech;
232 gd->sec.qop = GSS_C_QOP_DEFAULT;
236
238 maj_stat = gss_display_name(&min_stat, gd->client_name,
240 if (maj_stat != GSS_S_COMPLETE) {
243 }
244#ifdef DEBUG
245#ifdef HAVE_KRB5
246 {
247 gss_buffer_desc mechname;
248
249 gss_oid_to_str(&min_stat, mech, &mechname);
250
252 "<mech %.*s, qop %d, svc %d>",
254 mechname.length, (char *)mechname.value,
256
257 gss_release_buffer(&min_stat, &mechname);
258 }
259#elif HAVE_HEIMDAL
261 "<mech {}, qop %d, svc %d>",
264#endif
265#endif /* DEBUG */
267 seqbuf.value = &seq;
268 seqbuf.length = sizeof(seq);
269
270 maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT,
271 &seqbuf, &checksum);
272
273 if (maj_stat != GSS_S_COMPLETE)
275
279 }
281}
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
Definition: authgss_prot.c:70
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
Definition: auth_gss.c:66
struct gss_union_ctx_id_t gss_union_ctx_id_desc
Referenced by _svcauth_gss().
◆ svcauth_gss_acquire_cred()
Definition at line 138 of file svc_auth_gss.c.
139{
140 OM_uint32 maj_stat, min_stat;
141
143
144 maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, 0,
145 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
147
148 if (maj_stat != GSS_S_COMPLETE) {
151 }
153}
Referenced by _svcauth_gss().
◆ svcauth_gss_destroy() [1/2]
|
static |
◆ svcauth_gss_destroy() [2/2]
Definition at line 517 of file svc_auth_gss.c.
518{
520 OM_uint32 min_stat;
521
523
524 gd = SVCAUTH_PRIVATE(auth);
525
526 gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
527 gss_release_buffer(&min_stat, &gd->cname);
528
530 gss_release_name(&min_stat, &gd->client_name);
531
534
536}
◆ svcauth_gss_get_principal()
Definition at line 573 of file svc_auth_gss.c.
◆ svcauth_gss_import_name()
Definition at line 112 of file svc_auth_gss.c.
113{
114 gss_name_t name;
115 gss_buffer_desc namebuf;
116 OM_uint32 maj_stat, min_stat;
117
119
120 namebuf.value = service;
121 namebuf.length = strlen(service);
122
123 maj_stat = gss_import_name(&min_stat, &namebuf,
124 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &name);
125
126 if (maj_stat != GSS_S_COMPLETE) {
129 }
131 gss_release_name(&min_stat, &name);
133 }
135}
bool_t svcauth_gss_set_svc_name(gss_name_t name)
Definition: svc_auth_gss.c:86
Referenced by _svcauth_gss().
◆ svcauth_gss_nextverf()
Definition at line 336 of file svc_auth_gss.c.
337{
339 gss_buffer_desc signbuf, checksum;
340 OM_uint32 maj_stat, min_stat;
341
343
346
348
349 signbuf.value = #
351
353 &signbuf, &checksum);
354
355 if (maj_stat != GSS_S_COMPLETE) {
358 }
362
364}
Referenced by _svcauth_gss().
◆ svcauth_gss_release_cred()
Definition at line 156 of file svc_auth_gss.c.
157{
158 OM_uint32 maj_stat, min_stat;
159
161
162 maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds);
163
164 if (maj_stat != GSS_S_COMPLETE) {
167 }
168
170
172}
Referenced by _svcauth_gss().
◆ svcauth_gss_set_svc_name()
| bool_t svcauth_gss_set_svc_name | ( | gss_name_t | name | ) |
Definition at line 86 of file svc_auth_gss.c.
87{
88 OM_uint32 maj_stat, min_stat;
89
91
93 maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name);
94
95 if (maj_stat != GSS_S_COMPLETE) {
98 }
100 }
102
103 if (maj_stat != GSS_S_COMPLETE) {
106 }
107
109}
Referenced by svcauth_gss_import_name().
◆ svcauth_gss_unwrap() [1/2]
|
static |
◆ svcauth_gss_unwrap() [2/2]
Definition at line 556 of file svc_auth_gss.c.
557{
559
561
562 gd = SVCAUTH_PRIVATE(auth);
563
565 return ((*xdr_func)(xdrs, xdr_ptr));
566 }
570}
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
Definition: authgss_prot.c:251
◆ svcauth_gss_validate()
|
static |
Definition at line 284 of file svc_auth_gss.c.
285{
287 gss_buffer_desc rpcbuf, checksum;
288 OM_uint32 maj_stat, min_stat, qop_state;
289 u_char rpchdr[128];
291
293
295
296 /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
297 oa = &msg->rm_call.cb_cred;
300
301 /* 8 XDR units from the IXDR macro calls. */
305
318 }
319 rpcbuf.value = rpchdr;
321
324
326 &qop_state);
327
328 if (maj_stat != GSS_S_COMPLETE) {
331 }
333}
Definition: auth.h:195
Referenced by _svcauth_gss().
◆ svcauth_gss_wrap() [1/2]
|
static |
◆ svcauth_gss_wrap() [2/2]
Definition at line 539 of file svc_auth_gss.c.
540{
542
544
545 gd = SVCAUTH_PRIVATE(auth);
546
548 return ((*xdr_func)(xdrs, xdr_ptr));
549 }
553}
Variable Documentation
◆ _svcauth_gss_creds
| gss_cred_id_t _svcauth_gss_creds |
Definition at line 82 of file svc_auth_gss.c.
Referenced by svcauth_gss_accept_sec_context(), svcauth_gss_acquire_cred(), and svcauth_gss_release_cred().
◆ _svcauth_gss_name
|
static |
Definition at line 83 of file svc_auth_gss.c.
Referenced by _svcauth_gss(), svcauth_gss_acquire_cred(), and svcauth_gss_set_svc_name().
◆ svc_auth_gss_ops
| struct svc_auth_ops svc_auth_gss_ops |
Initial value:
= {
}
static bool_t svcauth_gss_destroy()
static bool_t svcauth_gss_unwrap()
static bool_t svcauth_gss_wrap()
Definition at line 60 of file svc_auth_gss.c.
Referenced by _svcauth_gss(), and svc_getreq_common().
◆ svc_auth_none
|
extern |
Definition at line 63 of file svc_auth_none.c.
Referenced by _svcauth_gss(), and _svcauth_none().
