ReactOS 0.4.15-dev-8127-g6338913
svc_auth_gss.c File Reference
#include <wintirpc.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <rpc/rpc.h>
#include <gssapi/gssapi.h>
Include dependency graph for svc_auth_gss.c:

Go to the source code of this file.

Classes

struct  gss_union_ctx_id_t
 
struct  svc_rpc_gss_data
 

Macros

#define SVCAUTH_PRIVATE(auth)    ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
 

Typedefs

typedef struct gss_union_ctx_id_t gss_union_ctx_id_desc
 
typedef struct gss_union_ctx_id_tgss_union_ctx_id_t
 

Functions

static bool_t svcauth_gss_destroy ()
 
static bool_t svcauth_gss_wrap ()
 
static bool_t svcauth_gss_unwrap ()
 
bool_t svcauth_gss_set_svc_name (gss_name_t name)
 
static bool_t svcauth_gss_import_name (char *service)
 
static bool_t svcauth_gss_acquire_cred (void)
 
static bool_t svcauth_gss_release_cred (void)
 
static bool_t svcauth_gss_accept_sec_context (struct svc_req *rqst, struct rpc_gss_init_res *gr)
 
static bool_t svcauth_gss_validate (struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
 
bool_t svcauth_gss_nextverf (struct svc_req *rqst, u_int num)
 
enum auth_stat _svcauth_gss (struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
 
bool_t svcauth_gss_destroy (SVCAUTH *auth)
 
bool_t svcauth_gss_wrap (SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
bool_t svcauth_gss_unwrap (SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
charsvcauth_gss_get_principal (SVCAUTH *auth)
 

Variables

SVCAUTH svc_auth_none
 
struct svc_auth_ops svc_auth_gss_ops
 
gss_cred_id_t _svcauth_gss_creds
 
static gss_name_t _svcauth_gss_name = NULL
 

Macro Definition Documentation

◆ SVCAUTH_PRIVATE

#define SVCAUTH_PRIVATE (   auth)     ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)

Definition at line 78 of file svc_auth_gss.c.

Typedef Documentation

◆ gss_union_ctx_id_desc

◆ gss_union_ctx_id_t

Function Documentation

◆ _svcauth_gss()

enum auth_stat _svcauth_gss ( struct svc_req rqst,
struct rpc_msg msg,
bool_t no_dispatch 
)

Definition at line 367 of file svc_auth_gss.c.

368{
369 XDR xdrs;
370 SVCAUTH *auth;
371 struct svc_rpc_gss_data *gd;
372 struct rpc_gss_cred *gc;
373 struct rpc_gss_init_res gr;
374 int call_stat, offset;
375
376 log_debug("in svcauth_gss()");
377
378 /* Initialize reply. */
379 rqst->rq_xprt->xp_verf = _null_auth;
380
381 /* Allocate and set up server auth handle. */
382 if (rqst->rq_xprt->xp_auth == NULL ||
383 rqst->rq_xprt->xp_auth == &svc_auth_none) {
384 if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
385 fprintf(stderr, "svcauth_gss: out_of_memory\n");
386 return (AUTH_FAILED);
387 }
388 if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
389 fprintf(stderr, "svcauth_gss: out_of_memory\n");
390 return (AUTH_FAILED);
391 }
393 auth->svc_ah_private = (caddr_t) gd;
394 rqst->rq_xprt->xp_auth = auth;
395 }
396 else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
397
398 /* Deserialize client credentials. */
399 if (rqst->rq_cred.oa_length <= 0)
400 return (AUTH_BADCRED);
401
402 gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
403 memset(gc, 0, sizeof(*gc));
404
405 xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
406 rqst->rq_cred.oa_length, XDR_DECODE);
407
408 if (!xdr_rpc_gss_cred(&xdrs, gc)) {
409 XDR_DESTROY(&xdrs);
410 return (AUTH_BADCRED);
411 }
412 XDR_DESTROY(&xdrs);
413
414 /* Check version. */
415 if (gc->gc_v != RPCSEC_GSS_VERSION)
416 return (AUTH_BADCRED);
417
418 /* Check RPCSEC_GSS service. */
419 if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
422 return (AUTH_BADCRED);
423
424 /* Check sequence number. */
425 if (gd->established) {
426 if (gc->gc_seq > MAXSEQ)
427 return (RPCSEC_GSS_CTXPROBLEM);
428
429 if ((offset = gd->seqlast - gc->gc_seq) < 0) {
430 gd->seqlast = gc->gc_seq;
431 offset = 0 - offset;
432 gd->seqmask <<= offset;
433 offset = 0;
434 }
435 else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
436 *no_dispatch = 1;
437 return (RPCSEC_GSS_CTXPROBLEM);
438 }
439 gd->seq = gc->gc_seq;
440 gd->seqmask |= (1 << offset);
441 }
442
443 if (gd->established) {
444 rqst->rq_clntname = (char *)gd->client_name;
445 rqst->rq_svcname = (char *)gd->ctx;
446 }
447
448 /* Handle RPCSEC_GSS control procedure. */
449 switch (gc->gc_proc) {
450
451 case RPCSEC_GSS_INIT:
453 if (rqst->rq_proc != NULLPROC)
454 return (AUTH_FAILED); /* XXX ? */
455
456 if (_svcauth_gss_name == NULL) {
457 if (!svcauth_gss_import_name("nfs"))
458 return (AUTH_FAILED);
459 }
460
462 return (AUTH_FAILED);
463
464 if (!svcauth_gss_accept_sec_context(rqst, &gr))
465 return (AUTH_REJECTEDCRED);
466
467 if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
468 return (AUTH_FAILED);
469
470 *no_dispatch = TRUE;
471
472 call_stat = svc_sendreply(rqst->rq_xprt,
474
475 if (!call_stat)
476 return (AUTH_FAILED);
477
478 if (gr.gr_major == GSS_S_COMPLETE)
479 gd->established = TRUE;
480
481 break;
482
483 case RPCSEC_GSS_DATA:
484 if (!svcauth_gss_validate(gd, msg))
485 return (RPCSEC_GSS_CREDPROBLEM);
486
487 if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
488 return (AUTH_FAILED);
489 break;
490
492 if (rqst->rq_proc != NULLPROC)
493 return (AUTH_FAILED); /* XXX ? */
494
495 if (!svcauth_gss_validate(gd, msg))
496 return (RPCSEC_GSS_CREDPROBLEM);
497
498 if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
499 return (AUTH_FAILED);
500
502 return (AUTH_FAILED);
503
505 rqst->rq_xprt->xp_auth = &svc_auth_none;
506
507 break;
508
509 default:
510 return (AUTH_REJECTEDCRED);
511 break;
512 }
513 return (AUTH_OK);
514}
@ RPCSEC_GSS_SVC_NONE
Definition: auth_gss.h:75
@ RPCSEC_GSS_SVC_PRIVACY
Definition: auth_gss.h:77
@ RPCSEC_GSS_SVC_INTEGRITY
Definition: auth_gss.h:76
#define RPCSEC_GSS_VERSION
Definition: auth_gss.h:80
@ RPCSEC_GSS_DATA
Definition: auth_gss.h:67
@ RPCSEC_GSS_DESTROY
Definition: auth_gss.h:70
@ RPCSEC_GSS_INIT
Definition: auth_gss.h:68
@ RPCSEC_GSS_CONTINUE_INIT
Definition: auth_gss.h:69
#define MAXSEQ
Definition: auth_gss.h:126
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
#define msg(x)
Definition: auth_time.c:54
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
Definition: authgss_prot.c:86
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
Definition: authgss_prot.c:48
#define caddr_t
Definition: ftp.c:24
#define NULLPROC
Definition: clnt.h:294
@ RPCSEC_GSS_CREDPROBLEM
Definition: auth.h:173
@ AUTH_FAILED
Definition: auth.h:158
@ AUTH_BADCRED
Definition: auth.h:149
@ AUTH_OK
Definition: auth.h:145
@ RPCSEC_GSS_CTXPROBLEM
Definition: auth.h:174
@ AUTH_REJECTEDCRED
Definition: auth.h:150
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
GLintptr offset
Definition: glext.h:5920
#define stderr
Definition: stdio.h:100
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
#define htonl(x)
Definition: module.h:214
char * caddr_t
Definition: rosdhcp.h:36
#define calloc
Definition: rosglue.h:14
struct opaque_auth _null_auth
#define memset(x, y, z)
Definition: compat.h:39
SVCAUTH * xp_auth
Definition: svc.h:122
struct opaque_auth xp_verf
Definition: svc.h:121
Definition: xdr.h:103
caddr_t svc_ah_private
Definition: svc_auth.h:53
struct __svcauth::svc_auth_ops * svc_ah_ops
rpc_gss_svc_t gc_svc
Definition: auth_gss.h:112
rpc_gss_proc_t gc_proc
Definition: auth_gss.h:110
u_int gc_v
Definition: auth_gss.h:109
u_int gc_seq
Definition: auth_gss.h:111
caddr_t rq_clntname
Definition: svc.h:142
void * rq_clntcred
Definition: svc.h:138
struct opaque_auth rq_cred
Definition: svc.h:137
u_int32_t rq_proc
Definition: svc.h:136
caddr_t rq_svcname
Definition: svc.h:143
SVCXPRT * rq_xprt
Definition: svc.h:139
gss_ctx_id_t ctx
Definition: svc_auth_gss.c:68
gss_name_t client_name
Definition: svc_auth_gss.c:75
u_int32_t seqmask
Definition: svc_auth_gss.c:74
bool_t svc_sendreply(SVCXPRT *xprt, xdrproc_t xdr_results, void *xdr_location)
Definition: svc.c:399
#define SVCAUTH_DESTROY(cred)
Definition: svc_auth.h:56
struct svc_auth_ops svc_auth_gss_ops
Definition: svc_auth_gss.c:60
#define SVCAUTH_PRIVATE(auth)
Definition: svc_auth_gss.c:78
static gss_name_t _svcauth_gss_name
Definition: svc_auth_gss.c:83
static bool_t svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
Definition: svc_auth_gss.c:284
bool_t svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
Definition: svc_auth_gss.c:336
static bool_t svcauth_gss_acquire_cred(void)
Definition: svc_auth_gss.c:138
SVCAUTH svc_auth_none
Definition: svc_auth_none.c:63
static bool_t svcauth_gss_import_name(char *service)
Definition: svc_auth_gss.c:112
static bool_t svcauth_gss_release_cred(void)
Definition: svc_auth_gss.c:156
static bool_t svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr)
Definition: svc_auth_gss.c:175
@ XDR_DECODE
Definition: xdr.h:86
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94

◆ svcauth_gss_accept_sec_context()

static bool_t svcauth_gss_accept_sec_context ( struct svc_req rqst,
struct rpc_gss_init_res gr 
)
static

Definition at line 175 of file svc_auth_gss.c.

177{
178 struct svc_rpc_gss_data *gd;
179 struct rpc_gss_cred *gc;
180 gss_buffer_desc recv_tok, seqbuf, checksum;
181 gss_OID mech;
182 OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
183
184 log_debug("in svcauth_gss_accept_context()");
185
186 gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
187 gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
188 memset(gr, 0, sizeof(*gr));
189
190 /* Deserialize arguments. */
191 memset(&recv_tok, 0, sizeof(recv_tok));
192
194 (caddr_t)&recv_tok))
195 return (FALSE);
196
197 gr->gr_major = gss_accept_sec_context(&gr->gr_minor,
198 &gd->ctx,
200 &recv_tok,
201 GSS_C_NO_CHANNEL_BINDINGS,
202 &gd->client_name,
203 &mech,
204 &gr->gr_token,
205 &ret_flags,
206 NULL,
207 NULL);
208
209 if (gr->gr_major != GSS_S_COMPLETE &&
210 gr->gr_major != GSS_S_CONTINUE_NEEDED) {
211 log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
212 gd->ctx = GSS_C_NO_CONTEXT;
213 gss_release_buffer(&min_stat, &gr->gr_token);
214 return (FALSE);
215 }
216 /* ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
217 * one to the mechanism oid, one to the internal_ctx_id */
218 if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) {
219 fprintf(stderr, "svcauth_gss_accept_context: out of memory\n");
220 return (FALSE);
221 }
222 memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc));
223 gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc);
224
225 /* ANDROS: change for debugging linux kernel version...
226 gr->gr_win = sizeof(gd->seqmask) * 8;
227 */
228 gr->gr_win = 0x00000005;
229
230 /* Save client info. */
231 gd->sec.mech = mech;
232 gd->sec.qop = GSS_C_QOP_DEFAULT;
233 gd->sec.svc = gc->gc_svc;
234 gd->seq = gc->gc_seq;
235 gd->win = gr->gr_win;
236
237 if (gr->gr_major == GSS_S_COMPLETE) {
238 maj_stat = gss_display_name(&min_stat, gd->client_name,
239 &gd->cname, &gd->sec.mech);
240 if (maj_stat != GSS_S_COMPLETE) {
241 log_status("display_name", maj_stat, min_stat);
242 return (FALSE);
243 }
244#ifdef DEBUG
245#ifdef HAVE_KRB5
246 {
247 gss_buffer_desc mechname;
248
249 gss_oid_to_str(&min_stat, mech, &mechname);
250
251 log_debug("accepted context for %.*s with "
252 "<mech %.*s, qop %d, svc %d>",
253 gd->cname.length, (char *)gd->cname.value,
254 mechname.length, (char *)mechname.value,
255 gd->sec.qop, gd->sec.svc);
256
257 gss_release_buffer(&min_stat, &mechname);
258 }
259#elif HAVE_HEIMDAL
260 log_debug("accepted context for %.*s with "
261 "<mech {}, qop %d, svc %d>",
262 gd->cname.length, (char *)gd->cname.value,
263 gd->sec.qop, gd->sec.svc);
264#endif
265#endif /* DEBUG */
266 seq = htonl(gr->gr_win);
267 seqbuf.value = &seq;
268 seqbuf.length = sizeof(seq);
269
270 maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT,
271 &seqbuf, &checksum);
272
273 if (maj_stat != GSS_S_COMPLETE)
274 return (FALSE);
275
276 rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
277 rqst->rq_xprt->xp_verf.oa_base = checksum.value;
278 rqst->rq_xprt->xp_verf.oa_length = checksum.length;
279 }
280 return (TRUE);
281}
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
Definition: authgss_prot.c:345
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
Definition: authgss_prot.c:70
#define svc_getargs(xprt, xargs, argsp)
Definition: svc.h:171
#define mem_alloc(bsize)
Definition: types.h:123
#define FALSE
Definition: types.h:117
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define RPCSEC_GSS
Definition: nfs41_ops.h:867
gss_buffer_desc gr_token
Definition: auth_gss.h:122
gss_buffer_desc gr_ctx
Definition: auth_gss.h:118
gss_buffer_desc cname
Definition: svc_auth_gss.c:70
struct rpc_gss_sec sec
Definition: svc_auth_gss.c:69
struct gss_union_ctx_id_t gss_union_ctx_id_desc
gss_cred_id_t _svcauth_gss_creds
Definition: svc_auth_gss.c:82

Referenced by _svcauth_gss().

◆ svcauth_gss_acquire_cred()

static bool_t svcauth_gss_acquire_cred ( void  )
static

Definition at line 138 of file svc_auth_gss.c.

139{
140 OM_uint32 maj_stat, min_stat;
141
142 log_debug("in svcauth_gss_acquire_cred()");
143
144 maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, 0,
145 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
147
148 if (maj_stat != GSS_S_COMPLETE) {
149 log_status("gss_acquire_cred", maj_stat, min_stat);
150 return (FALSE);
151 }
152 return (TRUE);
153}

Referenced by _svcauth_gss().

◆ svcauth_gss_destroy() [1/2]

static bool_t svcauth_gss_destroy ( )
static

◆ svcauth_gss_destroy() [2/2]

bool_t svcauth_gss_destroy ( SVCAUTH auth)

Definition at line 517 of file svc_auth_gss.c.

518{
519 struct svc_rpc_gss_data *gd;
520 OM_uint32 min_stat;
521
522 log_debug("in svcauth_gss_destroy()");
523
524 gd = SVCAUTH_PRIVATE(auth);
525
526 gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
527 gss_release_buffer(&min_stat, &gd->cname);
528
529 if (gd->client_name)
530 gss_release_name(&min_stat, &gd->client_name);
531
532 mem_free(gd, sizeof(*gd));
533 mem_free(auth, sizeof(*auth));
534
535 return (TRUE);
536}
#define mem_free(ptr, bsize)
Definition: types.h:124

◆ svcauth_gss_get_principal()

char * svcauth_gss_get_principal ( SVCAUTH auth)

Definition at line 573 of file svc_auth_gss.c.

574{
575 struct svc_rpc_gss_data *gd;
576 char *pname;
577
578 gd = SVCAUTH_PRIVATE(auth);
579
580 if (gd->cname.length == 0)
581 return (NULL);
582
583 if ((pname = malloc(gd->cname.length + 1)) == NULL)
584 return (NULL);
585
586 memcpy(pname, gd->cname.value, gd->cname.length);
587 pname[gd->cname.length] = '\0';
588
589 return (pname);
590}
#define malloc
Definition: debug_ros.c:4
GLenum pname
Definition: glext.h:5645

◆ svcauth_gss_import_name()

static bool_t svcauth_gss_import_name ( char service)
static

Definition at line 112 of file svc_auth_gss.c.

113{
114 gss_name_t name;
115 gss_buffer_desc namebuf;
116 OM_uint32 maj_stat, min_stat;
117
118 log_debug("in svcauth_gss_import_name()");
119
120 namebuf.value = service;
121 namebuf.length = strlen(service);
122
123 maj_stat = gss_import_name(&min_stat, &namebuf,
124 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &name);
125
126 if (maj_stat != GSS_S_COMPLETE) {
127 log_status("gss_import_name", maj_stat, min_stat);
128 return (FALSE);
129 }
131 gss_release_name(&min_stat, &name);
132 return (FALSE);
133 }
134 return (TRUE);
135}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
Definition: name.c:39
bool_t svcauth_gss_set_svc_name(gss_name_t name)
Definition: svc_auth_gss.c:86

Referenced by _svcauth_gss().

◆ svcauth_gss_nextverf()

bool_t svcauth_gss_nextverf ( struct svc_req rqst,
u_int  num 
)

Definition at line 336 of file svc_auth_gss.c.

337{
338 struct svc_rpc_gss_data *gd;
339 gss_buffer_desc signbuf, checksum;
340 OM_uint32 maj_stat, min_stat;
341
342 log_debug("in svcauth_gss_nextverf()");
343
344 if (rqst->rq_xprt->xp_auth == NULL)
345 return (FALSE);
346
347 gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
348
349 signbuf.value = &num;
350 signbuf.length = sizeof(num);
351
352 maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
353 &signbuf, &checksum);
354
355 if (maj_stat != GSS_S_COMPLETE) {
356 log_status("gss_get_mic", maj_stat, min_stat);
357 return (FALSE);
358 }
359 rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
360 rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
361 rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
362
363 return (TRUE);
364}
UINT32 u_int
Definition: types.h:82
GLuint GLuint num
Definition: glext.h:9618

Referenced by _svcauth_gss().

◆ svcauth_gss_release_cred()

static bool_t svcauth_gss_release_cred ( void  )
static

Definition at line 156 of file svc_auth_gss.c.

157{
158 OM_uint32 maj_stat, min_stat;
159
160 log_debug("in svcauth_gss_release_cred()");
161
162 maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds);
163
164 if (maj_stat != GSS_S_COMPLETE) {
165 log_status("gss_release_cred", maj_stat, min_stat);
166 return (FALSE);
167 }
168
170
171 return (TRUE);
172}

Referenced by _svcauth_gss().

◆ svcauth_gss_set_svc_name()

bool_t svcauth_gss_set_svc_name ( gss_name_t  name)

Definition at line 86 of file svc_auth_gss.c.

87{
88 OM_uint32 maj_stat, min_stat;
89
90 log_debug("in svcauth_gss_set_svc_name()");
91
92 if (_svcauth_gss_name != NULL) {
93 maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name);
94
95 if (maj_stat != GSS_S_COMPLETE) {
96 log_status("gss_release_name", maj_stat, min_stat);
97 return (FALSE);
98 }
100 }
101 maj_stat = gss_duplicate_name(&min_stat, name, &_svcauth_gss_name);
102
103 if (maj_stat != GSS_S_COMPLETE) {
104 log_status("gss_duplicate_name", maj_stat, min_stat);
105 return (FALSE);
106 }
107
108 return (TRUE);
109}

Referenced by svcauth_gss_import_name().

◆ svcauth_gss_unwrap() [1/2]

static bool_t svcauth_gss_unwrap ( )
static

◆ svcauth_gss_unwrap() [2/2]

bool_t svcauth_gss_unwrap ( SVCAUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 556 of file svc_auth_gss.c.

557{
558 struct svc_rpc_gss_data *gd;
559
560 log_debug("in svcauth_gss_unwrap()");
561
562 gd = SVCAUTH_PRIVATE(auth);
563
564 if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
565 return ((*xdr_func)(xdrs, xdr_ptr));
566 }
567 return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
568 gd->ctx, gd->sec.qop,
569 gd->sec.svc, gd->seq));
570}
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
Definition: authgss_prot.c:251

◆ svcauth_gss_validate()

static bool_t svcauth_gss_validate ( struct svc_rpc_gss_data gd,
struct rpc_msg msg 
)
static

Definition at line 284 of file svc_auth_gss.c.

285{
286 struct opaque_auth *oa;
287 gss_buffer_desc rpcbuf, checksum;
288 OM_uint32 maj_stat, min_stat, qop_state;
289 u_char rpchdr[128];
290 int32_t *buf;
291
292 log_debug("in svcauth_gss_validate()");
293
294 memset(rpchdr, 0, sizeof(rpchdr));
295
296 /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
297 oa = &msg->rm_call.cb_cred;
298 if (oa->oa_length > MAX_AUTH_BYTES)
299 return (FALSE);
300
301 /* 8 XDR units from the IXDR macro calls. */
302 if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
303 RNDUP(oa->oa_length)))
304 return (FALSE);
305
306 buf = (int32_t *)rpchdr;
307 IXDR_PUT_LONG(buf, msg->rm_xid);
308 IXDR_PUT_ENUM(buf, msg->rm_direction);
309 IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
310 IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
311 IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
312 IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
315 if (oa->oa_length) {
316 memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
317 buf += RNDUP(oa->oa_length) / sizeof(int32_t);
318 }
319 rpcbuf.value = rpchdr;
320 rpcbuf.length = (u_char *)buf - rpchdr;
321
322 checksum.value = msg->rm_call.cb_verf.oa_base;
323 checksum.length = msg->rm_call.cb_verf.oa_length;
324
325 maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
326 &qop_state);
327
328 if (maj_stat != GSS_S_COMPLETE) {
329 log_status("gss_verify_mic", maj_stat, min_stat);
330 return (FALSE);
331 }
332 return (TRUE);
333}
#define MAX_AUTH_BYTES
Definition: auth.h:77
INT32 int32_t
Definition: types.h:71
UCHAR u_char
Definition: types.h:80
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
#define int32_t
Definition: nsiface.idl:56
char * value
Definition: compiler.c:67
u_int oa_length
Definition: auth.h:198
caddr_t oa_base
Definition: auth.h:197
enum_t oa_flavor
Definition: auth.h:196
#define IXDR_PUT_ENUM(buf, v)
Definition: xdr.h:282
#define BYTES_PER_XDR_UNIT
Definition: xdr.h:93
#define IXDR_PUT_LONG(buf, v)
Definition: xdr.h:273
#define RNDUP(x)
Definition: xdr.h:94

Referenced by _svcauth_gss().

◆ svcauth_gss_wrap() [1/2]

static bool_t svcauth_gss_wrap ( )
static

◆ svcauth_gss_wrap() [2/2]

bool_t svcauth_gss_wrap ( SVCAUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)

Definition at line 539 of file svc_auth_gss.c.

540{
541 struct svc_rpc_gss_data *gd;
542
543 log_debug("in svcauth_gss_wrap()");
544
545 gd = SVCAUTH_PRIVATE(auth);
546
547 if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
548 return ((*xdr_func)(xdrs, xdr_ptr));
549 }
550 return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
551 gd->ctx, gd->sec.qop,
552 gd->sec.svc, gd->seq));
553}

Variable Documentation

◆ _svcauth_gss_creds

gss_cred_id_t _svcauth_gss_creds

◆ _svcauth_gss_name

gss_name_t _svcauth_gss_name = NULL
static

Definition at line 83 of file svc_auth_gss.c.

Referenced by _svcauth_gss(), svcauth_gss_acquire_cred(), and svcauth_gss_set_svc_name().

◆ svc_auth_gss_ops

struct svc_auth_ops svc_auth_gss_ops
Initial value:
= {
}
static bool_t svcauth_gss_destroy()
static bool_t svcauth_gss_unwrap()
static bool_t svcauth_gss_wrap()

Definition at line 60 of file svc_auth_gss.c.

Referenced by _svcauth_gss(), and svc_getreq_common().

◆ svc_auth_none

SVCAUTH svc_auth_none
extern

Definition at line 63 of file svc_auth_none.c.

Referenced by _svcauth_gss(), and _svcauth_none().