41#include <gssapi/gssapi.h>
78#define SVCAUTH_PRIVATE(auth) \
79 ((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
88 OM_uint32 maj_stat, min_stat;
90 log_debug(
"in svcauth_gss_set_svc_name()");
95 if (maj_stat != GSS_S_COMPLETE) {
96 log_status(
"gss_release_name", maj_stat, min_stat);
103 if (maj_stat != GSS_S_COMPLETE) {
104 log_status(
"gss_duplicate_name", maj_stat, min_stat);
115 gss_buffer_desc namebuf;
116 OM_uint32 maj_stat, min_stat;
118 log_debug(
"in svcauth_gss_import_name()");
120 namebuf.value = service;
121 namebuf.length =
strlen(service);
123 maj_stat = gss_import_name(&min_stat, &namebuf,
124 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &
name);
126 if (maj_stat != GSS_S_COMPLETE) {
127 log_status(
"gss_import_name", maj_stat, min_stat);
131 gss_release_name(&min_stat, &
name);
140 OM_uint32 maj_stat, min_stat;
142 log_debug(
"in svcauth_gss_acquire_cred()");
145 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
148 if (maj_stat != GSS_S_COMPLETE) {
149 log_status(
"gss_acquire_cred", maj_stat, min_stat);
158 OM_uint32 maj_stat, min_stat;
160 log_debug(
"in svcauth_gss_release_cred()");
164 if (maj_stat != GSS_S_COMPLETE) {
165 log_status(
"gss_release_cred", maj_stat, min_stat);
180 gss_buffer_desc recv_tok, seqbuf,
checksum;
182 OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
184 log_debug(
"in svcauth_gss_accept_context()");
188 memset(gr, 0,
sizeof(*gr));
191 memset(&recv_tok, 0,
sizeof(recv_tok));
201 GSS_C_NO_CHANNEL_BINDINGS,
209 if (gr->
gr_major != GSS_S_COMPLETE &&
210 gr->
gr_major != GSS_S_CONTINUE_NEEDED) {
212 gd->
ctx = GSS_C_NO_CONTEXT;
213 gss_release_buffer(&min_stat, &gr->
gr_token);
219 fprintf(
stderr,
"svcauth_gss_accept_context: out of memory\n");
232 gd->
sec.qop = GSS_C_QOP_DEFAULT;
237 if (gr->
gr_major == GSS_S_COMPLETE) {
238 maj_stat = gss_display_name(&min_stat, gd->
client_name,
240 if (maj_stat != GSS_S_COMPLETE) {
241 log_status(
"display_name", maj_stat, min_stat);
247 gss_buffer_desc mechname;
249 gss_oid_to_str(&min_stat, mech, &mechname);
251 log_debug(
"accepted context for %.*s with "
252 "<mech %.*s, qop %d, svc %d>",
254 mechname.length, (
char *)mechname.value,
255 gd->
sec.qop, gd->
sec.svc);
257 gss_release_buffer(&min_stat, &mechname);
260 log_debug(
"accepted context for %.*s with "
261 "<mech {}, qop %d, svc %d>",
263 gd->
sec.qop, gd->
sec.svc);
268 seqbuf.length =
sizeof(seq);
270 maj_stat = gss_sign(&min_stat, gd->
ctx, GSS_C_QOP_DEFAULT,
273 if (maj_stat != GSS_S_COMPLETE)
288 OM_uint32 maj_stat, min_stat, qop_state;
294 memset(rpchdr, 0,
sizeof(rpchdr));
297 oa = &
msg->rm_call.cb_cred;
319 rpcbuf.
value = rpchdr;
325 maj_stat = gss_verify_mic(&min_stat, gd->
ctx, &rpcbuf, &
checksum,
328 if (maj_stat != GSS_S_COMPLETE) {
329 log_status(
"gss_verify_mic", maj_stat, min_stat);
340 OM_uint32 maj_stat, min_stat;
349 signbuf.value = &
num;
350 signbuf.length =
sizeof(
num);
352 maj_stat = gss_get_mic(&min_stat, gd->
ctx, gd->
sec.qop,
355 if (maj_stat != GSS_S_COMPLETE) {
356 log_status(
"gss_get_mic", maj_stat, min_stat);
384 if ((auth =
calloc(
sizeof(*auth), 1)) ==
NULL) {
399 if (rqst->
rq_cred.oa_length <= 0)
403 memset(gc, 0,
sizeof(*gc));
478 if (gr.gr_major == GSS_S_COMPLETE)
526 gss_delete_sec_context(&min_stat, &gd->
ctx, GSS_C_NO_BUFFER);
527 gss_release_buffer(&min_stat, &gd->
cname);
548 return ((*xdr_func)(xdrs, xdr_ptr));
565 return ((*xdr_func)(xdrs, xdr_ptr));
580 if (gd->
cname.length == 0)
ACPI_SIZE strlen(const char *String)
@ RPCSEC_GSS_SVC_INTEGRITY
#define RPCSEC_GSS_VERSION
@ RPCSEC_GSS_CONTINUE_INIT
void log_debug(const char *fmt,...)
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
#define svc_getargs(xprt, xargs, argsp)
#define mem_free(ptr, bsize)
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
GLenum GLuint GLenum GLsizei const GLchar * buf
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
#define memcpy(s1, s2, n)
struct opaque_auth _null_auth
struct opaque_auth xp_verf
struct __svcauth::svc_auth_ops * svc_ah_ops
gss_ctx_id_t internal_ctx_id
struct opaque_auth rq_cred
bool_t svc_sendreply(SVCXPRT *xprt, xdrproc_t xdr_results, void *xdr_location)
#define SVCAUTH_DESTROY(cred)
struct svc_auth_ops svc_auth_gss_ops
#define SVCAUTH_PRIVATE(auth)
char * svcauth_gss_get_principal(SVCAUTH *auth)
static gss_name_t _svcauth_gss_name
static bool_t svcauth_gss_destroy()
static bool_t svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
bool_t svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
static bool_t svcauth_gss_acquire_cred(void)
bool_t svcauth_gss_set_svc_name(gss_name_t name)
struct gss_union_ctx_id_t gss_union_ctx_id_desc
static bool_t svcauth_gss_import_name(char *service)
static bool_t svcauth_gss_release_cred(void)
gss_cred_id_t _svcauth_gss_creds
static bool_t svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr)
enum auth_stat _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
static bool_t svcauth_gss_unwrap()
static bool_t svcauth_gss_wrap()
#define IXDR_PUT_ENUM(buf, v)
#define XDR_DESTROY(xdrs)
bool_t(* xdrproc_t)(XDR *,...)
#define BYTES_PER_XDR_UNIT
#define IXDR_PUT_LONG(buf, v)
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)