ReactOS 0.4.15-dev-8419-g7f0e8a3
auth_sspi.c File Reference
#include <wintirpc.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/auth.h>
#include <rpc/auth_sspi.h>
#include <rpc/clnt.h>
Include dependency graph for auth_sspi.c:

Go to the source code of this file.

Classes

struct  rpc_sspi_data
 

Macros

#define AUTH_PRIVATE(auth)   ((struct rpc_sspi_data *)auth->ah_private)
 
#define DEBUG
 
#define fd_out   stdout
 

Functions

static void authsspi_nextverf (AUTH *auth)
 
static bool_t authsspi_marshal (AUTH *auth, XDR *xdrs, u_int *seq)
 
static bool_t authsspi_refresh (AUTH *auth, void *)
 
static bool_t authsspi_validate (AUTH *auth, struct opaque_auth *verf, u_int seq)
 
static void authsspi_destroy (AUTH *auth)
 
static void authsspi_destroy_context (AUTH *auth)
 
static bool_t authsspi_wrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
static bool_t authsspi_unwrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
 
void print_rpc_gss_sec (struct rpc_sspi_sec *ptr)
 
void print_negotiated_attrs (PCtxtHandle ctx)
 
AUTHauthsspi_create (CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
 
AUTHauthsspi_create_default (CLIENT *clnt, char *service, int svc)
 
bool_t authsspi_service (AUTH *auth, int svc)
 
uint32_t sspi_get_mic (PCtxtHandle ctx, u_int qop, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
 
uint32_t sspi_verify_mic (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *qop_state)
 
void sspi_release_buffer (sspi_buffer_desc *buf)
 
uint32_t sspi_import_name (sspi_buffer_desc *name_in, sspi_name_t *name_out)
 
uint32_t sspi_wrap (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state)
 
uint32_t sspi_unwrap (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state, u_int *qop_state)
 
void log_hexdump (bool_t on, const u_char *title, const u_char *buf, int len, int offset)
 
void log_debug (const char *fmt,...)
 

Variables

static struct auth_ops authsspi_ops
 
static struct timeval AUTH_TIMEOUT = { 25, 0 }
 

Macro Definition Documentation

◆ AUTH_PRIVATE

#define AUTH_PRIVATE (   auth)    ((struct rpc_sspi_data *)auth->ah_private)

Definition at line 67 of file auth_sspi.c.

◆ DEBUG

#define DEBUG

Definition at line 856 of file auth_sspi.c.

◆ fd_out

#define fd_out   stdout

Definition at line 858 of file auth_sspi.c.

Function Documentation

◆ authsspi_create()

AUTH * authsspi_create ( CLIENT clnt,
sspi_name_t  name,
struct rpc_sspi_sec sec 
)

Definition at line 74 of file auth_sspi.c.

75{
76 AUTH *auth, *save_auth;
77 struct rpc_sspi_data *gd;
78
79 log_debug("in authgss_create()");
80
82
83 if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
85 rpc_createerr.cf_error.re_errno = ENOMEM;
86 return (NULL);
87 }
88 if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
90 rpc_createerr.cf_error.re_errno = ENOMEM;
91 free(auth);
92 return (NULL);
93 }
94
95#if 0
96 if (name != SSPI_C_NO_NAME) {
97 if (gss_duplicate_name(&min_stat, name, &gd->name)
98 != GSS_S_COMPLETE) {
100 rpc_createerr.cf_error.re_errno = ENOMEM;
101 free(auth);
102 return (NULL);
103 }
104 }
105 else
106#else
107 gd->name = strdup(name);
108#endif
109
110 gd->clnt = clnt;
112 gd->sec = sec;
113
114 gd->gc.gc_v = RPCSEC_SSPI_VERSION;
115 gd->gc.gc_proc = RPCSEC_SSPI_INIT;
116 gd->gc.gc_svc = gd->sec->svc;
117
118 auth->ah_ops = &authsspi_ops;
119 auth->ah_private = (caddr_t)gd;
120
121 save_auth = clnt->cl_auth;
122 clnt->cl_auth = auth;
123
124 if (!authsspi_refresh(auth, NULL))
125 auth = NULL;
126
127 clnt->cl_auth = save_auth;
128
129 return (auth);
130}
#define ENOMEM
Definition: acclib.h:84
static bool_t authsspi_refresh(AUTH *auth, void *)
Definition: auth_sspi.c:343
static struct auth_ops authsspi_ops
Definition: auth_sspi.c:43
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
@ RPCSEC_SSPI_INIT
Definition: auth_sspi.h:32
#define SSPI_C_NO_NAME
Definition: auth_sspi.h:59
#define RPCSEC_SSPI_VERSION
Definition: auth_sspi.h:44
#define caddr_t
Definition: ftp.c:24
@ RPC_SYSTEMERROR
Definition: clnt_stat.h:43
#define free
Definition: debug_ros.c:5
#define NULL
Definition: types.h:112
#define SecInvalidateHandle(x)
Definition: sspi.h:58
#define calloc
Definition: rosglue.h:14
_Check_return_ _CRTIMP char *__cdecl strdup(_In_opt_z_ const char *_Src)
#define memset(x, y, z)
Definition: compat.h:39
Definition: auth.h:205
void * ah_private
Definition: auth.h:225
struct __auth::auth_ops * ah_ops
AUTH * cl_auth
Definition: clnt.h:122
Definition: name.c:39
struct rpc_err cf_error
Definition: clnt.h:497
enum clnt_stat cf_stat
Definition: clnt.h:496
sspi_name_t name
Definition: auth_sspi.c:59
struct rpc_sspi_cred gc
Definition: auth_sspi.c:62
struct rpc_sspi_sec * sec
Definition: auth_sspi.c:60
CLIENT * clnt
Definition: auth_sspi.c:58
CtxtHandle ctx
Definition: auth_sspi.c:61

Referenced by authsspi_create_default().

◆ authsspi_create_default()

AUTH * authsspi_create_default ( CLIENT clnt,
char service,
int  svc 
)

Definition at line 133 of file auth_sspi.c.

134{
135 AUTH *auth = NULL;
136 uint32_t maj_stat = 0;
137 sspi_buffer_desc sname;
139 unsigned char sec_pkg_name[] = "Kerberos";
140 struct rpc_sspi_sec *sec;
141
142 log_debug("in authgss_create_default() for %s", service);
143
144 sname.value = service;
145 sname.length = (int)strlen(service);
146#if 0
147 maj_stat = gss_import_name(&min_stat, &sname,
148 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
149 &name);
150#else
151 maj_stat = sspi_import_name(&sname, &name);
152#endif
153 if (maj_stat != SEC_E_OK) {
154 log_debug("authgss_create_default: sspi_import_name failed with %x", maj_stat);
155 return (NULL);
156 }
157 sec = calloc(1, sizeof(struct rpc_sspi_sec));
158 if (sec == NULL)
159 goto out_err;
160 sec->svc = svc;
161 // Let's acquire creds here for now
163 NULL, NULL, NULL, NULL, &sec->cred, &sec->expiry);
164 if (maj_stat != SEC_E_OK) {
165 log_debug("authgss_create_default: AcquireCredentialsHandleA failed with %x", maj_stat);
166 free(sec);
167 goto out;
168 }
169
170 auth = authsspi_create(clnt, name, sec);
171 if (auth == NULL)
172 goto out_free_sec;
173
174out:
175 if (name != SSPI_C_NO_NAME) {
176#if 0
177 gss_release_name(&min_stat, &name);
178#else
179 free(name);
180#endif
181 }
182
183 return (auth);
184out_free_sec:
185 if (rpc_createerr.cf_error.re_errno == ENOMEM) {
187 free(sec);
188 }
189out_err:
191 rpc_createerr.cf_error.re_errno = ENOMEM;
192 goto out;
193}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
AUTH * authsspi_create(CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
Definition: auth_sspi.c:74
uint32_t sspi_import_name(sspi_buffer_desc *name_in, sspi_name_t *name_out)
Definition: auth_sspi.c:735
#define sspi_name_t
Definition: auth_sspi.h:46
UINT32 uint32_t
Definition: types.h:75
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
static char sec_pkg_name[]
Definition: ntlm.c:180
#define SECPKG_CRED_BOTH
Definition: sspi.h:292
static FILE * out
Definition: regtests2xml.c:44
TimeStamp expiry
Definition: auth_sspi.h:70
rpc_sspi_svc_t svc
Definition: auth_sspi.h:67
CredHandle cred
Definition: auth_sspi.h:68
#define SEC_E_OK
Definition: winerror.h:2356
SECURITY_STATUS WINAPI AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialsUse, PLUID pvLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn, PVOID pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
Definition: wrapper.c:59
SECURITY_STATUS WINAPI FreeCredentialsHandle(PCredHandle phCredential)
Definition: wrapper.c:151

Referenced by create_new_rpc_auth(), and create_rpcsec_auth_client().

◆ authsspi_destroy()

static void authsspi_destroy ( AUTH auth)
static

Definition at line 596 of file auth_sspi.c.

597{
598 struct rpc_sspi_data *gd;
599
600 log_debug("in authgss_destroy()");
601
602 gd = AUTH_PRIVATE(auth);
603 if (gd == NULL) return;
604
606
607#if 0
608 if (gd->name != SSPI_C_NO_NAME)
609 gss_release_name(&min_stat, &gd->name);
610#else
611 free(gd->name);
612#endif
613 FreeCredentialsHandle(&gd->sec->cred);
614 free(gd->sec);
615 free(gd);
616 free(auth);
617}
static void authsspi_destroy_context(AUTH *auth)
Definition: auth_sspi.c:561
#define AUTH_PRIVATE(auth)
Definition: auth_sspi.c:67

Referenced by authsspi_refresh().

◆ authsspi_destroy_context()

static void authsspi_destroy_context ( AUTH auth)
static

Definition at line 561 of file auth_sspi.c.

562{
563 struct rpc_sspi_data *gd;
564
565 log_debug("in authgss_destroy_context()");
566
567 gd = AUTH_PRIVATE(auth);
568 if (gd == NULL) return;
569
570 if (SecIsValidHandle(&gd->ctx)) {
571 if (gd->established) {
572 gd->gc.gc_proc = RPCSEC_SSPI_DESTROY;
576 }
577 sspi_release_buffer(&gd->gc.gc_ctx);
579#if 0
580 gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
581 /* XXX ANDROS check size of context - should be 8 */
582 memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
583 gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
584#endif
585 }
586
587 /* free saved wire verifier (if any) */
589 gd->gc_wire_verf.value = NULL;
590 gd->gc_wire_verf.length = 0;
591
592 gd->established = FALSE;
593}
bool_t xdr_void(void)
Definition: xdr.c:92
static struct timeval AUTH_TIMEOUT
Definition: auth_sspi.c:69
void sspi_release_buffer(sspi_buffer_desc *buf)
Definition: auth_sspi.c:727
@ RPCSEC_SSPI_DESTROY
Definition: auth_sspi.h:34
#define NULLPROC
Definition: clnt.h:294
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
#define mem_free(ptr, bsize)
Definition: types.h:124
#define FALSE
Definition: types.h:117
#define SecIsValidHandle(x)
Definition: sspi.h:63
sspi_buffer_desc gc_wire_verf
Definition: auth_sspi.c:56
bool_t established
Definition: auth_sspi.c:54
SECURITY_STATUS WINAPI DeleteSecurityContext(PCtxtHandle phContext)
Definition: wrapper.c:450
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144

Referenced by authsspi_destroy(), authsspi_marshal(), authsspi_refresh(), and authsspi_validate().

◆ authsspi_marshal()

static bool_t authsspi_marshal ( AUTH auth,
XDR xdrs,
u_int seq 
)
static

Definition at line 203 of file auth_sspi.c.

204{
205 XDR tmpxdrs;
206 char tmp[MAX_AUTH_BYTES];
207 struct rpc_sspi_data *gd;
209 uint32_t maj_stat;
210 bool_t xdr_stat;
211
212 log_debug("in authgss_marshal()");
213
214 gd = AUTH_PRIVATE(auth);
215
216 if (gd->established) {
217 gd->gc.gc_seq++;
218 *seq = gd->gc.gc_seq;
219 }
220
221 xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
222
223 if (!xdr_rpc_sspi_cred(&tmpxdrs, &gd->gc)) {
224 log_debug("authsspi_marshal: xdr_rpc_sspi_cred failed");
225 XDR_DESTROY(&tmpxdrs);
226 return (FALSE);
227 }
228 auth->ah_cred.oa_flavor = RPCSEC_GSS;
229 auth->ah_cred.oa_base = tmp;
230 auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
231
232 XDR_DESTROY(&tmpxdrs);
233
234 if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) {
235 log_debug("authsspi_marshal: failed to xdr GSS CRED");
236 return (FALSE);
237 }
238 if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
239 gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
240 return (xdr_opaque_auth(xdrs, &_null_auth));
241 }
242 /* Checksum serialized RPC header, up to and including credential. */
243 rpcbuf.length = XDR_GETPOS(xdrs) - 4;
244 //XDR_SETPOS(xdrs, 0);
245 //rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
246 rpcbuf.value = xdrrec_getoutbase(xdrs) + 1;
247
248#if 0
249 maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
250 &rpcbuf, &checksum);
251#else
252 maj_stat = sspi_get_mic(&gd->ctx, 0, gd->gc.gc_seq, &rpcbuf, &checksum);
253#endif
254 if (maj_stat != SEC_E_OK) {
255 log_debug("authsspi_marshal: sspi_get_mic failed with %x", maj_stat);
256 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
257 gd->established = FALSE;
259 }
260 return (FALSE);
261 }
262 auth->ah_verf.oa_flavor = RPCSEC_GSS;
263 auth->ah_verf.oa_base = checksum.value;
264 auth->ah_verf.oa_length = checksum.length;
265 xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
266#if 0
267 gss_release_buffer(&min_stat, &checksum);
268#else
270#endif
271 return (xdr_stat);
272}
bool_t xdr_opaque_auth()
uint32_t sspi_get_mic(PCtxtHandle ctx, u_int qop, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
Definition: auth_sspi.c:659
@ RPCSEC_SSPI_CONTINUE_INIT
Definition: auth_sspi.h:33
bool_t xdr_rpc_sspi_cred(XDR *xdrs, struct rpc_sspi_cred *p)
Definition: authsspi_prot.c:34
#define MAX_AUTH_BYTES
Definition: auth.h:77
int32_t bool_t
Definition: types.h:101
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
#define RPCSEC_GSS
Definition: nfs41_ops.h:867
struct opaque_auth _null_auth
struct opaque_auth ah_cred
Definition: auth.h:206
struct opaque_auth ah_verf
Definition: auth.h:207
Definition: xdr.h:103
#define SEC_E_NO_AUTHENTICATING_AUTHORITY
Definition: winerror.h:2926
@ XDR_ENCODE
Definition: xdr.h:85
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94
int32_t * xdrrec_getoutbase(XDR *xdrs)
Definition: xdr_rec.c:415

◆ authsspi_nextverf()

static void authsspi_nextverf ( AUTH auth)
static

Definition at line 196 of file auth_sspi.c.

197{
198 log_debug("in authgss_nextverf()");
199 /* no action necessary */
200}

◆ authsspi_refresh()

static bool_t authsspi_refresh ( AUTH auth,
void tmp 
)
static

Definition at line 343 of file auth_sspi.c.

344{
345 struct rpc_sspi_data *gd;
346 struct rpc_sspi_init_res gr;
347 sspi_buffer_desc *recv_tokenp, send_token;
348 uint32_t maj_stat, call_stat, ret_flags, i;
349 unsigned long flags =
351 SecBufferDesc out_desc, in_desc;
352 SecBuffer wtkn[1], rtkn[1];
353
354 log_debug("in authgss_refresh()");
355
356 gd = AUTH_PRIVATE(auth);
357
358 if ((gd->established && tmp == NULL) || gd->inprogress)
359 return (TRUE);
360 else if (tmp) {
361 log_debug("trying to refresh credentials\n");
363 sspi_release_buffer(&gd->gc.gc_ctx);
366 gd->gc_wire_verf.value = NULL;
367 gd->gc_wire_verf.length = 0;
368 gd->established = FALSE;
369 gd->gc.gc_proc = RPCSEC_SSPI_INIT;
370 }
371
372 /* GSS context establishment loop. */
373 memset(&gr, 0, sizeof(gr));
374 recv_tokenp = SSPI_C_NO_BUFFER;
375 send_token.length = 0;
376 send_token.value = NULL;
377
379
380 if (gd->sec->svc == RPCSEC_SSPI_SVC_PRIVACY)
382
383 for (i=0;;i++) {
384 /* print the token we just received */
385 if (recv_tokenp != SSPI_C_NO_BUFFER) {
386 log_debug("The token we just received (length %d):",
387 recv_tokenp->length);
388 log_hexdump(0, "", recv_tokenp->value, recv_tokenp->length, 0);
389 }
390#if 0
391 maj_stat = gss_init_sec_context(&min_stat,
392 gd->sec.cred,
393 &gd->ctx,
394 gd->name,
395 gd->sec.mech,
396 gd->sec.req_flags,
397 0, /* time req */
398 NULL, /* channel */
399 recv_tokenp,
400 NULL, /* used mech */
401 &send_token,
402 &ret_flags,
403 NULL); /* time rec */
404#else
405 gd->inprogress = TRUE;
406 out_desc.cBuffers = 1;
407 out_desc.pBuffers = wtkn;
408 out_desc.ulVersion = SECBUFFER_VERSION;
409 wtkn[0].BufferType = SECBUFFER_TOKEN;
410 wtkn[0].cbBuffer = send_token.length;
411 wtkn[0].pvBuffer = send_token.value;
412 log_debug("calling InitializeSecurityContextA for %s", gd->name);
413
415 &gd->sec->cred,
416 ((i==0)?NULL:&gd->ctx),
417 gd->name,
418 flags,
419 0,
421 ((i==0)?NULL:&in_desc),
422 0,
423 &gd->ctx,
424 &out_desc,
425 &ret_flags,
426 &gd->expiry);
427#endif
428 if (recv_tokenp != SSPI_C_NO_BUFFER) {
429#if 0
430 gss_release_buffer(&min_stat, &gr.gr_token);
431#else
432 sspi_release_buffer(&gr.gr_token);
433#endif
434 recv_tokenp = SSPI_C_NO_BUFFER;
435 }
436 if (maj_stat != SEC_E_OK && maj_stat != SEC_I_CONTINUE_NEEDED) {
437 log_debug("InitializeSecurityContext failed with %x", maj_stat);
438 break;
439 }
440 send_token.length = wtkn[0].cbBuffer;
441 send_token.value = wtkn[0].pvBuffer;
442 if (send_token.length != 0) {
443 memset(&gr, 0, sizeof(gr));
444
445 /* print the token we are about to send */
446 log_debug("The token being sent (length %d):",
447 send_token.length);
448 log_hexdump(0, "", send_token.value, send_token.length, 0);
449
450 call_stat = clnt_call(gd->clnt, NULLPROC,
452 &send_token,
454 (caddr_t)&gr, AUTH_TIMEOUT);
455#if 0
456 gss_release_buffer(&min_stat, &send_token);
457#else
458 // 11/29/2010 [aglo] can't call sspi_relase_buffer, causes heap
459 // corruption (later) to try and free the buffer directly.
460 FreeContextBuffer(send_token.value);
461#endif
462 if (call_stat != RPC_SUCCESS ||
463 (gr.gr_major != SEC_E_OK &&
464 gr.gr_major != SEC_I_CONTINUE_NEEDED))
465 break;
466
467 if (gr.gr_ctx.length != 0) {
468#if 0
469 if (gd->gc.gc_ctx.value)
470 gss_release_buffer(&min_stat,
471 &gd->gc.gc_ctx);
472#else
473 sspi_release_buffer(&gd->gc.gc_ctx);
474#endif
475 gd->gc.gc_ctx = gr.gr_ctx;
476 }
477 if (gr.gr_token.length != 0) {
478 if (maj_stat != SEC_I_CONTINUE_NEEDED)
479 break;
480 recv_tokenp = &gr.gr_token;
481 in_desc.cBuffers = 1;
482 in_desc.pBuffers = rtkn;
484 rtkn[0].BufferType = SECBUFFER_TOKEN;
485 rtkn[0].cbBuffer = gr.gr_token.length;
486 rtkn[0].pvBuffer = gr.gr_token.value;
487 }
488 gd->gc.gc_proc = RPCSEC_SSPI_CONTINUE_INIT;
489 }
490
491 /* GSS_S_COMPLETE => check gss header verifier,
492 * usually checked in gss_validate
493 */
494 if (maj_stat == SEC_E_OK) {
495 sspi_buffer_desc bufin;
496 u_int seq, qop_state = 0;
497
499
500 seq = htonl(gr.gr_win);
501 bufin.value = (unsigned char *)&seq;
502 bufin.length = sizeof(seq);
503#if 0
504 maj_stat = gss_verify_mic(&min_stat, gd->ctx,
505 &bufin, &bufout, &qop_state);
506#else
507 maj_stat = sspi_verify_mic(&gd->ctx, 0, &bufin, &gd->gc_wire_verf, &qop_state);
508#endif
509 if (maj_stat != SEC_E_OK) {
510 log_debug("authgss_refresh: sspi_verify_mic failed with %x", maj_stat);
511 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
512 gd->established = FALSE;
514 }
515 break;
516 }
517 gd->established = TRUE;
518 gd->inprogress = FALSE;
519 gd->gc.gc_proc = RPCSEC_SSPI_DATA;
520 gd->gc.gc_seq = 0;
521 gd->win = gr.gr_win;
522 log_debug("authgss_refresh: established GSS context");
523 break;
524 }
525 }
526 /* End context negotiation loop. */
527 if (gd->gc.gc_proc != RPCSEC_SSPI_DATA) {
528 if (gr.gr_token.length != 0)
529#if 0
530 gss_release_buffer(&min_stat, &gr.gr_token);
531#else
532 sspi_release_buffer(&gr.gr_token);
533#endif
534 authsspi_destroy(auth);
535 auth = NULL;
537
538 return (FALSE);
539 }
540 return (TRUE);
541}
void print_negotiated_attrs(PCtxtHandle ctx)
Definition: auth_sspi.c:904
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
Definition: auth_sspi.c:942
static void authsspi_destroy(AUTH *auth)
Definition: auth_sspi.c:596
uint32_t sspi_verify_mic(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *qop_state)
Definition: auth_sspi.c:699
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
Definition: auth_sspi.c:859
#define SSPI_C_NO_BUFFER
Definition: auth_sspi.h:60
@ RPCSEC_SSPI_DATA
Definition: auth_sspi.h:31
@ RPCSEC_SSPI_SVC_PRIVACY
Definition: auth_sspi.h:41
bool_t xdr_rpc_sspi_init_args(XDR *xdrs, sspi_buffer_desc *p)
Definition: authsspi_prot.c:56
bool_t xdr_rpc_sspi_init_res(XDR *xdrs, struct rpc_sspi_init_res *p)
Definition: authsspi_prot.c:72
@ RPC_SUCCESS
Definition: clnt_stat.h:22
@ RPC_AUTHERROR
Definition: clnt_stat.h:38
UINT32 u_int
Definition: types.h:82
#define TRUE
Definition: types.h:120
GLbitfield flags
Definition: glext.h:7161
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define htonl(x)
Definition: module.h:214
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:366
#define ISC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:370
#define SECBUFFER_TOKEN
Definition: sspi.h:161
#define SECURITY_NATIVE_DREP
Definition: sspi.h:473
#define ISC_REQ_INTEGRITY
Definition: sspi.h:378
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:363
#define SECBUFFER_VERSION
Definition: sspi.h:187
char * caddr_t
Definition: rosdhcp.h:36
SECURITY_STATUS WINAPI FreeContextBuffer(PVOID pv)
Definition: sspi.c:699
ULONG cBuffers
Definition: sspi.h:182
ULONG ulVersion
Definition: sspi.h:181
ULONG BufferType
Definition: sspi.h:154
ULONG cbBuffer
Definition: sspi.h:153
char * value
Definition: compiler.c:67
TimeStamp expiry
Definition: auth_sspi.c:64
bool_t inprogress
Definition: auth_sspi.c:55
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
SECURITY_STATUS WINAPI InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
Definition: wrapper.c:237

Referenced by authsspi_create().

◆ authsspi_service()

bool_t authsspi_service ( AUTH auth,
int  svc 
)

Definition at line 544 of file auth_sspi.c.

545{
546 struct rpc_sspi_data *gd;
547
548 log_debug("in authgss_service()");
549
550 if (!auth)
551 return(FALSE);
552 gd = AUTH_PRIVATE(auth);
553 if (!gd || !gd->established)
554 return (FALSE);
555 gd->sec->svc = svc;
556 gd->gc.gc_svc = svc;
557 return (TRUE);
558}

◆ authsspi_unwrap()

bool_t authsspi_unwrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr,
u_int  seq 
)
static

Definition at line 637 of file auth_sspi.c.

638{
639 struct rpc_sspi_data *gd;
640
641 log_debug("in authgss_unwrap()");
642
643 gd = AUTH_PRIVATE(auth);
644
645 if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
646 return ((*xdr_func)(xdrs, xdr_ptr));
647 }
648 return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
649 &gd->ctx, gd->sec->qop,
650 gd->sec->svc, seq));
651}
@ RPCSEC_SSPI_SVC_NONE
Definition: auth_sspi.h:39
bool_t xdr_rpc_sspi_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, PCtxtHandle ctx, sspi_qop_t qop, rpc_sspi_svc_t svc, u_int seq)

◆ authsspi_validate()

static bool_t authsspi_validate ( AUTH auth,
struct opaque_auth verf,
u_int  seq 
)
static

Definition at line 275 of file auth_sspi.c.

276{
277 struct rpc_sspi_data *gd;
278 u_int num, qop_state, cur_seq;
279 sspi_buffer_desc signbuf, checksum;
280 uint32_t maj_stat;
281
282 log_debug("in authgss_validate(for seq=%d)", seq);
283
284 gd = AUTH_PRIVATE(auth);
285
286 if (gd->established == FALSE) {
287 /* would like to do this only on NULL rpc --
288 * gc->established is good enough.
289 * save the on the wire verifier to validate last
290 * INIT phase packet after decode if the major
291 * status is GSS_S_COMPLETE
292 */
293 if ((gd->gc_wire_verf.value =
294 mem_alloc(verf->oa_length)) == NULL) {
295 return (FALSE);
296 }
297 memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
298 gd->gc_wire_verf.length = verf->oa_length;
299 return (TRUE);
300 }
301
302 if (gd->gc.gc_proc == RPCSEC_SSPI_DESTROY)
303 return TRUE;
304
305 if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
306 gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
307 num = htonl(gd->win);
308 }
309 else {
310 if (seq == -1) {
311 num = htonl(gd->gc.gc_seq);
312 cur_seq = gd->gc.gc_seq;
313 }
314 else {
315 num = htonl(seq);
316 cur_seq = seq;
317 }
318 }
319
320 signbuf.value = &num;
321 signbuf.length = sizeof(num);
322
323 checksum.value = verf->oa_base;
324 checksum.length = verf->oa_length;
325#if 0
326 maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
327 &checksum, &qop_state);
328#else
329 maj_stat = sspi_verify_mic(&gd->ctx, cur_seq, &signbuf, &checksum, &qop_state);
330#endif
331 if (maj_stat != SEC_E_OK) {
332 log_debug("authsspi_validate: VerifySignature failed with %x", maj_stat);
333 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
334 gd->established = FALSE;
336 }
337 return (FALSE);
338 }
339 return (TRUE);
340}
#define mem_alloc(bsize)
Definition: types.h:123
GLuint GLuint num
Definition: glext.h:9618
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
u_int oa_length
Definition: auth.h:198
caddr_t oa_base
Definition: auth.h:197

◆ authsspi_wrap()

bool_t authsspi_wrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)
static

Definition at line 620 of file auth_sspi.c.

621{
622 struct rpc_sspi_data *gd;
623
624 log_debug("in authgss_wrap()");
625
626 gd = AUTH_PRIVATE(auth);
627
628 if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
629 return ((*xdr_func)(xdrs, xdr_ptr));
630 }
631 return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
632 &gd->ctx, gd->sec->qop,
633 gd->sec->svc, gd->gc.gc_seq));
634}

◆ log_debug()

void log_debug ( const char fmt,
  ... 
)

Definition at line 977 of file auth_sspi.c.

978{
979 va_list ap;
980
981 va_start(ap, fmt);
982 fprintf(fd_out, "%04x: rpcsec_gss: ", GetCurrentThreadId());
984 fprintf(fd_out, "\n");
985 fflush(fd_out);
986 va_end(ap);
987}
char * va_list
Definition: acmsvcex.h:78
#define va_end(ap)
Definition: acmsvcex.h:90
#define va_start(ap, A)
Definition: acmsvcex.h:91
#define fd_out
Definition: auth_sspi.c:858
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
_Check_return_opt_ _CRTIMP int __cdecl fflush(_Inout_opt_ FILE *_File)
_Check_return_opt_ _CRTIMP int __cdecl vfprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format, va_list _ArgList)
Definition: dsound.c:943
DWORD WINAPI GetCurrentThreadId(void)
Definition: thread.c:459
void int int ULONGLONG int va_list * ap
Definition: winesup.h:36

Referenced by _svcauth_gss(), authgss_create(), authgss_create_default(), authgss_destroy(), authgss_destroy_context(), authgss_get_private_data(), authgss_marshal(), authgss_nextverf(), authgss_refresh(), authgss_service(), authgss_unwrap(), authgss_validate(), authgss_wrap(), authsspi_create(), authsspi_create_default(), authsspi_destroy(), authsspi_destroy_context(), authsspi_marshal(), authsspi_nextverf(), authsspi_refresh(), authsspi_service(), authsspi_unwrap(), authsspi_validate(), authsspi_wrap(), print_negotiated_attrs(), sspi_import_name(), svcauth_gss_accept_sec_context(), svcauth_gss_acquire_cred(), svcauth_gss_destroy(), svcauth_gss_import_name(), svcauth_gss_nextverf(), svcauth_gss_release_cred(), svcauth_gss_set_svc_name(), svcauth_gss_unwrap(), svcauth_gss_validate(), svcauth_gss_wrap(), xdr_rpc_sspi_cred(), xdr_rpc_sspi_init_args(), xdr_rpc_sspi_init_res(), xdr_rpc_sspi_unwrap_data(), and xdr_rpc_sspi_wrap_data().

◆ log_hexdump()

void log_hexdump ( bool_t  on,
const u_char title,
const u_char buf,
int  len,
int  offset 
)

Definition at line 942 of file auth_sspi.c.

944{
945 int i, j, jm, c;
946
947 if (!on) return;
948
949 fprintf(fd_out, "%04x: %s (len=%d)\n", GetCurrentThreadId(), title, len);
950 for (i = 0; i < len; i += 0x10) {
951 fprintf(fd_out, " %04x: ", (u_int)(i + offset));
952 jm = len - i;
953 jm = jm > 16 ? 16 : jm;
954
955 for (j = 0; j < jm; j++) {
956 if ((j % 2) == 1)
957 fprintf(fd_out, "%02x ", (u_int) buf[i+j]);
958 else
959 fprintf(fd_out, "%02x", (u_int) buf[i+j]);
960 }
961 for (; j < 16; j++) {
962 if ((j % 2) == 1) fprintf(fd_out, " ");
963 else fprintf(fd_out, " ");
964 }
965 fprintf(fd_out, " ");
966
967 for (j = 0; j < jm; j++) {
968 c = buf[i+j];
969 c = isprint(c) ? c : '.';
970 fprintf(fd_out, "%c", c);
971 }
972 fprintf(fd_out, "\n");
973 }
974 fflush(fd_out);
975}
#define isprint(c)
Definition: acclib.h:73
const GLubyte * c
Definition: glext.h:8905
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLenum GLsizei len
Definition: glext.h:6722
GLintptr offset
Definition: glext.h:5920
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
#define c
Definition: ke_i.h:80
static char title[]
Definition: ps.c:92

Referenced by authgss_refresh(), authsspi_refresh(), sspi_get_mic(), sspi_unwrap(), sspi_verify_mic(), and sspi_wrap().

◆ print_negotiated_attrs()

void print_negotiated_attrs ( PCtxtHandle  ctx)

Definition at line 904 of file auth_sspi.c.

905{
906 SecPkgContext_Sizes ContextSizes;
907 unsigned long flags;
908 uint32_t maj_stat;
909
911 if (maj_stat != SEC_E_OK) return;
912
913 log_debug("negotiated flags %x\n", flags);
914 if (flags & ISC_REQ_DELEGATE) log_debug("ISC_REQ_DELEGATE");
915 if (flags & ISC_REQ_MUTUAL_AUTH) log_debug("ISC_REQ_MUTUAL_AUTH");
916 if (flags & ISC_REQ_REPLAY_DETECT) log_debug("ISC_REQ_REPLAY_DETECT");
917 if (flags & ISC_REQ_SEQUENCE_DETECT) log_debug("ISC_REQ_SEQUENCE_DETECT");
918 if (flags & ISC_REQ_CONFIDENTIALITY) log_debug("ISC_REQ_CONFIDENTIALITY");
919 if (flags & ISC_REQ_USE_SESSION_KEY) log_debug("ISC_REQ_USE_SESSION_KEY");
920 if (flags & ISC_REQ_PROMPT_FOR_CREDS) log_debug("ISC_REQ_PROMPT_FOR_CREDS");
921 if (flags & ISC_REQ_USE_SUPPLIED_CREDS) log_debug("ISC_REQ_USE_SUPPLIED_CREDS");
922 if (flags & ISC_REQ_ALLOCATE_MEMORY) log_debug("ISC_REQ_ALLOCATE_MEMORY");
923 if (flags & ISC_REQ_USE_DCE_STYLE) log_debug("ISC_REQ_USE_DCE_STYLE");
924 if (flags & ISC_REQ_DATAGRAM) log_debug("ISC_REQ_DATAGRAM");
925 if (flags & ISC_REQ_CONNECTION) log_debug("ISC_REQ_CONNECTION");
926 if (flags & ISC_REQ_CALL_LEVEL) log_debug("ISC_REQ_CALL_LEVEL");
927 if (flags & ISC_REQ_FRAGMENT_SUPPLIED) log_debug("ISC_REQ_FRAGMENT_SUPPLIED");
928 if (flags & ISC_REQ_EXTENDED_ERROR) log_debug("ISC_REQ_EXTENDED_ERROR");
929 if (flags & ISC_REQ_STREAM) log_debug("ISC_REQ_STREAM");
930 if (flags & ISC_REQ_INTEGRITY) log_debug("ISC_REQ_INTEGRITY");
931 if (flags & ISC_REQ_IDENTIFY) log_debug("ISC_REQ_IDENTIFY");
932 if (flags & ISC_REQ_NULL_SESSION) log_debug("ISC_REQ_NULL_SESSION");
933 if (flags & ISC_REQ_MANUAL_CRED_VALIDATION) log_debug("ISC_REQ_MANUAL_CRED_VALIDATION");
934
935 maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
936 if (maj_stat != SEC_E_OK) return;
937
938 log_debug("signature size is %d\n", ContextSizes.cbMaxSignature);
939
940}
#define ISC_REQ_DATAGRAM
Definition: sspi.h:372
#define ISC_REQ_MANUAL_CRED_VALIDATION
Definition: sspi.h:381
#define ISC_REQ_STREAM
Definition: sspi.h:377
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:376
#define ISC_REQ_USE_SUPPLIED_CREDS
Definition: sspi.h:369
#define ISC_REQ_NULL_SESSION
Definition: sspi.h:380
#define ISC_REQ_PROMPT_FOR_CREDS
Definition: sspi.h:368
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:365
#define ISC_REQ_CALL_LEVEL
Definition: sspi.h:374
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:364
#define ISC_REQ_DELEGATE
Definition: sspi.h:362
#define ISC_REQ_FRAGMENT_SUPPLIED
Definition: sspi.h:375
#define ISC_REQ_USE_SESSION_KEY
Definition: sspi.h:367
#define SECPKG_ATTR_SIZES
Definition: sspi.h:521
#define ISC_REQ_IDENTIFY
Definition: sspi.h:379
#define SECPKG_ATTR_FLAGS
Definition: sspi.h:535
#define ISC_REQ_CONNECTION
Definition: sspi.h:373
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:371
ULONG cbMaxSignature
Definition: sspi.h:562
SECURITY_STATUS WINAPI QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: wrapper.c:505

Referenced by authsspi_refresh().

◆ print_rpc_gss_sec()

void print_rpc_gss_sec ( struct rpc_sspi_sec ptr)

Definition at line 859 of file auth_sspi.c.

860{
861 int i;
862 char *p;
863
864 fprintf(fd_out, "rpc_gss_sec:");
865 if(ptr->mech == NULL)
866 fprintf(fd_out, "NULL gss_OID mech");
867 else {
868 fprintf(fd_out, " mechanism_OID: {");
869 p = (char *)ptr->mech->elements;
870 for (i=0; i < ptr->mech->length; i++)
871 /* First byte of OIDs encoded to save a byte */
872 if (i == 0) {
873 int first, second;
874 if (*p < 40) {
875 first = 0;
876 second = *p;
877 }
878 else if (40 <= *p && *p < 80) {
879 first = 1;
880 second = *p - 40;
881 }
882 else if (80 <= *p && *p < 127) {
883 first = 2;
884 second = *p - 80;
885 }
886 else {
887 /* Invalid value! */
888 first = -1;
889 second = -1;
890 }
891 fprintf(fd_out, " %u %u", first, second);
892 p++;
893 }
894 else {
895 fprintf(fd_out, " %u", (unsigned char)*p++);
896 }
897 fprintf(fd_out, " }\n");
898 }
899 fprintf(fd_out, " qop: %d\n", ptr->qop);
900 fprintf(fd_out, " service: %d\n", ptr->svc);
901 fprintf(fd_out, " cred: %p\n", ptr->cred);
902}
const GLint * first
Definition: glext.h:5794
GLfloat GLfloat p
Definition: glext.h:8902
#define for
Definition: utility.h:88
static PVOID ptr
Definition: dispmode.c:27

Referenced by authgss_refresh(), and authsspi_refresh().

◆ sspi_get_mic()

uint32_t sspi_get_mic ( PCtxtHandle  ctx,
u_int  qop,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout 
)

Definition at line 659 of file auth_sspi.c.

661{
662#endif
663 uint32_t maj_stat;
664 SecPkgContext_Sizes ContextSizes;
666 SecBuffer sec_tkn[2];
667
668 log_hexdump(0, "sspi_get_mic: calculating checksum of", bufin->value, bufin->length, 0);
669
670 memset(&ContextSizes, 0, sizeof(ContextSizes));
671 maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
672 if (maj_stat != SEC_E_OK) return maj_stat;
673
674 if (ContextSizes.cbMaxSignature == 0) return SEC_E_INTERNAL_ERROR;
675
676 desc.cBuffers = 2;
677 desc.pBuffers = sec_tkn;
678 desc.ulVersion = SECBUFFER_VERSION;
679 sec_tkn[0].BufferType = SECBUFFER_DATA;
680 sec_tkn[0].cbBuffer = bufin->length;
681 sec_tkn[0].pvBuffer = bufin->value;
682 sec_tkn[1].BufferType = SECBUFFER_TOKEN;
683 sec_tkn[1].cbBuffer = ContextSizes.cbMaxSignature;
684 sec_tkn[1].pvBuffer = calloc(ContextSizes.cbMaxSignature, sizeof(char));
685 if (sec_tkn[1].pvBuffer == NULL) return SEC_E_INSUFFICIENT_MEMORY;
686
687 maj_stat = MakeSignature(ctx, 0, &desc, seq);
688 if (maj_stat == SEC_E_OK) {
689 bufout->length = sec_tkn[1].cbBuffer;
690 bufout->value = sec_tkn[1].pvBuffer;
691 log_hexdump(0, "sspi_get_mic: verifier is", bufout->value, bufout->length, 0);
692 } else
693 free(sec_tkn[1].pvBuffer);
694
695 return maj_stat;
696}
static const WCHAR desc[]
Definition: protectdata.c:36
#define SECBUFFER_DATA
Definition: sspi.h:160
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
SECURITY_STATUS WINAPI MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:623

Referenced by authsspi_marshal(), and xdr_rpc_sspi_wrap_data().

◆ sspi_import_name()

uint32_t sspi_import_name ( sspi_buffer_desc name_in,
sspi_name_t name_out 
)

Definition at line 735 of file auth_sspi.c.

736{
737 *name_out = calloc(name_in->length + 5, sizeof(char));
738 if (*name_out == NULL)
740
741 strcpy(*name_out, "nfs/");
742 strncat(*name_out, name_in->value, name_in->length);
743
744 log_debug("imported service name is: %s\n", *name_out);
745
746 return SEC_E_OK;
747}
char * strncat(char *DstString, const char *SrcString, ACPI_SIZE Count)
Definition: utclib.c:605
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388

Referenced by authsspi_create_default().

◆ sspi_release_buffer()

void sspi_release_buffer ( sspi_buffer_desc buf)

Definition at line 727 of file auth_sspi.c.

728{
729 if (buf->value)
730 free(buf->value);
731 buf->value = NULL;
732 buf->length = 0;
733}

Referenced by authsspi_destroy_context(), authsspi_marshal(), authsspi_refresh(), xdr_rpc_sspi_unwrap_data(), and xdr_rpc_sspi_wrap_data().

◆ sspi_unwrap()

uint32_t sspi_unwrap ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int conf_state,
u_int qop_state 
)

Definition at line 810 of file auth_sspi.c.

813{
814#else
816 sspi_buffer_desc *bufout, u_int *conf_state,
817 u_int *qop_state)
818{
820#endif
821 uint32_t maj_stat;
822 SecBufferDesc BuffDesc;
823 SecBuffer SecBuff[2];
824 ULONG ulQop = 0;
825
826 BuffDesc.ulVersion = 0;
827 BuffDesc.cBuffers = 2;
828 BuffDesc.pBuffers = SecBuff;
829
830 SecBuff[0].cbBuffer = bufin->length;
831 SecBuff[0].BufferType = SECBUFFER_STREAM;
832 SecBuff[0].pvBuffer = bufin->value;
833
834 SecBuff[1].cbBuffer = 0;
835 SecBuff[1].BufferType = SECBUFFER_DATA;
836 SecBuff[1].pvBuffer = NULL;
837
838 log_hexdump(0, "cipher:", bufin->value, bufin->length, 0);
839
840 maj_stat = DecryptMessage(ctx, &BuffDesc, seq, &ulQop);
841 if (maj_stat != SEC_E_OK) return maj_stat;
842
843 bufout->length = SecBuff[1].cbBuffer;
844 bufout->value = malloc(bufout->length);
845 memcpy(bufout->value, SecBuff[1].pvBuffer, bufout->length);
846
847 log_hexdump(0, "data:", bufout->value, bufout->length, 0);
848
849 *conf_state = 1;
850 *qop_state = 0;
851
852 return SEC_E_OK;
853}
uint32_t sspi_unwrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state, u_int *qop_state)
Definition: auth_sspi.c:810
#define malloc
Definition: debug_ros.c:4
#define SECBUFFER_STREAM
Definition: sspi.h:169
uint32_t ULONG
Definition: typedefs.h:59
SECURITY_STATUS WINAPI DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:1036

Referenced by sspi_unwrap(), and xdr_rpc_sspi_unwrap_data().

◆ sspi_verify_mic()

uint32_t sspi_verify_mic ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int qop_state 
)

Definition at line 699 of file auth_sspi.c.

701{
702#else
704 sspi_buffer_desc *bufout, u_int *qop_state)
705{
707#endif
709 SecBuffer sec_tkn[2];
710
711 desc.cBuffers = 2;
712 desc.pBuffers = sec_tkn;
713 desc.ulVersion = SECBUFFER_VERSION;
714 sec_tkn[0].BufferType = SECBUFFER_DATA;
715 sec_tkn[0].cbBuffer = bufin->length;
716 sec_tkn[0].pvBuffer = bufin->value;
717 sec_tkn[1].BufferType = SECBUFFER_TOKEN;
718 sec_tkn[1].cbBuffer = bufout->length;
719 sec_tkn[1].pvBuffer = bufout->value;
720
721 log_hexdump(0, "sspi_verify_mic: calculating checksum over", bufin->value, bufin->length, 0);
722 log_hexdump(0, "sspi_verify_mic: received checksum ", bufout->value, bufout->length, 0);
723
724 return VerifySignature(ctx, &desc, seq, qop_state);
725}
SECURITY_STATUS WINAPI VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:653

Referenced by authsspi_refresh(), authsspi_validate(), sspi_verify_mic(), and xdr_rpc_sspi_unwrap_data().

◆ sspi_wrap()

uint32_t sspi_wrap ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int conf_state 
)

Definition at line 750 of file auth_sspi.c.

752{
753#else
754uint32_t sspi_wrap(void *dummy, u_int seq, sspi_buffer_desc *bufin,
755 sspi_buffer_desc *bufout, u_int *conf_state)
756{
758#endif
759 uint32_t maj_stat;
760 SecBufferDesc BuffDesc;
761 SecBuffer SecBuff[3];
762 ULONG ulQop = 0;
763 SecPkgContext_Sizes ContextSizes;
764 PBYTE p;
765
767 &ContextSizes);
768 if (maj_stat != SEC_E_OK)
769 goto out;
770
771 BuffDesc.ulVersion = 0;
772 BuffDesc.cBuffers = 3;
773 BuffDesc.pBuffers = SecBuff;
774
775 SecBuff[0].cbBuffer = ContextSizes.cbSecurityTrailer;
776 SecBuff[0].BufferType = SECBUFFER_TOKEN;
777 SecBuff[0].pvBuffer = malloc(ContextSizes.cbSecurityTrailer);
778
779 SecBuff[1].cbBuffer = bufin->length;
780 SecBuff[1].BufferType = SECBUFFER_DATA;
781 SecBuff[1].pvBuffer = bufin->value;
782 log_hexdump(0, "plaintext:", bufin->value, bufin->length, 0);
783
784 SecBuff[2].cbBuffer = ContextSizes.cbBlockSize;
785 SecBuff[2].BufferType = SECBUFFER_PADDING;
786 SecBuff[2].pvBuffer = malloc(ContextSizes.cbBlockSize);
787
788 maj_stat = EncryptMessage(ctx, ulQop, &BuffDesc, seq);
789 if (maj_stat != SEC_E_OK)
790 goto out_free;
791
792 bufout->length = SecBuff[0].cbBuffer + SecBuff[1].cbBuffer + SecBuff[2].cbBuffer;
793 p = bufout->value = malloc(bufout->length);
794 memcpy(p, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer);
795 p += SecBuff[0].cbBuffer;
796 memcpy(p, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer);
797 p += SecBuff[1].cbBuffer;
798 memcpy(p, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer);
799out_free:
800 free(SecBuff[0].pvBuffer);
801 free(SecBuff[2].pvBuffer);
802
803 if (!maj_stat)
804 log_hexdump(0, "cipher:", bufout->value, bufout->length, 0);
805out:
806 return maj_stat;
807}
uint32_t sspi_wrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state)
Definition: auth_sspi.c:750
BYTE * PBYTE
Definition: pedump.c:66
#define SECBUFFER_PADDING
Definition: sspi.h:168
#define QueryContextAttributes
Definition: sspi.h:512
ULONG cbBlockSize
Definition: sspi.h:563
ULONG cbSecurityTrailer
Definition: sspi.h:564
SECURITY_STATUS WINAPI EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:1006

Referenced by sspi_wrap(), and xdr_rpc_sspi_wrap_data().

Variable Documentation

◆ AUTH_TIMEOUT

struct timeval AUTH_TIMEOUT = { 25, 0 }
static

Definition at line 69 of file auth_sspi.c.

Referenced by authsspi_destroy_context(), and authsspi_refresh().

◆ authsspi_ops

struct auth_ops authsspi_ops
static
Initial value:
= {
}
static bool_t authsspi_validate(AUTH *auth, struct opaque_auth *verf, u_int seq)
Definition: auth_sspi.c:275
static bool_t authsspi_marshal(AUTH *auth, XDR *xdrs, u_int *seq)
Definition: auth_sspi.c:203
static bool_t authsspi_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
Definition: auth_sspi.c:620
static bool_t authsspi_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
Definition: auth_sspi.c:637
static void authsspi_nextverf(AUTH *auth)
Definition: auth_sspi.c:196

Definition at line 43 of file auth_sspi.c.

Referenced by authsspi_create().