ReactOS 0.4.15-dev-7924-g5949c20
Classes | Macros | Functions | Variables
auth_sspi.c File Reference
#include <wintirpc.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/auth.h>
#include <rpc/auth_sspi.h>
#include <rpc/clnt.h>
Include dependency graph for auth_sspi.c:

Go to the source code of this file.

Classes

struct  rpc_sspi_data
 

Macros

#define AUTH_PRIVATE(auth)   ((struct rpc_sspi_data *)auth->ah_private)
 
#define DEBUG
 
#define fd_out   stdout
 

Functions

static void authsspi_nextverf (AUTH *auth)
 
static bool_t authsspi_marshal (AUTH *auth, XDR *xdrs, u_int *seq)
 
static bool_t authsspi_refresh (AUTH *auth, void *)
 
static bool_t authsspi_validate (AUTH *auth, struct opaque_auth *verf, u_int seq)
 
static void authsspi_destroy (AUTH *auth)
 
static void authsspi_destroy_context (AUTH *auth)
 
static bool_t authsspi_wrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 
static bool_t authsspi_unwrap (AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
 
void print_rpc_gss_sec (struct rpc_sspi_sec *ptr)
 
void print_negotiated_attrs (PCtxtHandle ctx)
 
AUTHauthsspi_create (CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
 
AUTHauthsspi_create_default (CLIENT *clnt, char *service, int svc)
 
bool_t authsspi_service (AUTH *auth, int svc)
 
uint32_t sspi_get_mic (PCtxtHandle ctx, u_int qop, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
 
uint32_t sspi_verify_mic (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *qop_state)
 
void sspi_release_buffer (sspi_buffer_desc *buf)
 
uint32_t sspi_import_name (sspi_buffer_desc *name_in, sspi_name_t *name_out)
 
uint32_t sspi_wrap (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state)
 
uint32_t sspi_unwrap (PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state, u_int *qop_state)
 
void log_hexdump (bool_t on, const u_char *title, const u_char *buf, int len, int offset)
 
void log_debug (const char *fmt,...)
 

Variables

static struct auth_ops authsspi_ops
 
static struct timeval AUTH_TIMEOUT = { 25, 0 }
 

Macro Definition Documentation

◆ AUTH_PRIVATE

#define AUTH_PRIVATE (   auth)    ((struct rpc_sspi_data *)auth->ah_private)

Definition at line 67 of file auth_sspi.c.

◆ DEBUG

#define DEBUG

Definition at line 856 of file auth_sspi.c.

◆ fd_out

#define fd_out   stdout

Definition at line 858 of file auth_sspi.c.

Function Documentation

◆ authsspi_create()

AUTH * authsspi_create ( CLIENT clnt,
sspi_name_t  name,
struct rpc_sspi_sec sec 
)

Definition at line 74 of file auth_sspi.c.

75{
76 AUTH *auth, *save_auth;
77 struct rpc_sspi_data *gd;
78
79 log_debug("in authgss_create()");
80
81 memset(&rpc_createerr, 0, sizeof(rpc_createerr));
82
83 if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
84 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
85 rpc_createerr.cf_error.re_errno = ENOMEM;
86 return (NULL);
87 }
88 if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
89 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
90 rpc_createerr.cf_error.re_errno = ENOMEM;
91 free(auth);
92 return (NULL);
93 }
94
95#if 0
96 if (name != SSPI_C_NO_NAME) {
97 if (gss_duplicate_name(&min_stat, name, &gd->name)
98 != GSS_S_COMPLETE) {
99 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
100 rpc_createerr.cf_error.re_errno = ENOMEM;
101 free(auth);
102 return (NULL);
103 }
104 }
105 else
106#else
107 gd->name = strdup(name);
108#endif
109
110 gd->clnt = clnt;
111 SecInvalidateHandle(&gd->ctx);
112 gd->sec = sec;
113
114 gd->gc.gc_v = RPCSEC_SSPI_VERSION;
115 gd->gc.gc_proc = RPCSEC_SSPI_INIT;
116 gd->gc.gc_svc = gd->sec->svc;
117
118 auth->ah_ops = &authsspi_ops;
119 auth->ah_private = (caddr_t)gd;
120
121 save_auth = clnt->cl_auth;
122 clnt->cl_auth = auth;
123
124 if (!authsspi_refresh(auth, NULL))
125 auth = NULL;
126
127 clnt->cl_auth = save_auth;
128
129 return (auth);
130}
ENOMEM
#define ENOMEM
Definition: acclib.h:84
authsspi_refresh
static bool_t authsspi_refresh(AUTH *auth, void *)
Definition: auth_sspi.c:343
authsspi_ops
static struct auth_ops authsspi_ops
Definition: auth_sspi.c:43
log_debug
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
RPCSEC_SSPI_INIT
@ RPCSEC_SSPI_INIT
Definition: auth_sspi.h:32
SSPI_C_NO_NAME
#define SSPI_C_NO_NAME
Definition: auth_sspi.h:59
RPCSEC_SSPI_VERSION
#define RPCSEC_SSPI_VERSION
Definition: auth_sspi.h:44
caddr_t
#define caddr_t
Definition: ftp.c:24
RPC_SYSTEMERROR
@ RPC_SYSTEMERROR
Definition: clnt_stat.h:43
free
#define free
Definition: debug_ros.c:5
NULL
#define NULL
Definition: types.h:112
SecInvalidateHandle
#define SecInvalidateHandle(x)
Definition: sspi.h:58
calloc
#define calloc
Definition: rosglue.h:14
strdup
_Check_return_ _CRTIMP char *__cdecl strdup(_In_opt_z_ const char *_Src)
memset
#define memset(x, y, z)
Definition: compat.h:39
__auth
Definition: auth.h:205
__auth::ah_private
void * ah_private
Definition: auth.h:225
__auth::ah_ops
struct __auth::auth_ops * ah_ops
__rpc_client::cl_auth
AUTH * cl_auth
Definition: clnt.h:122
name
Definition: name.c:39
rpc_createerr
Definition: clnt.h:495
rpc_createerr::cf_error
struct rpc_err cf_error
Definition: clnt.h:497
rpc_createerr::cf_stat
enum clnt_stat cf_stat
Definition: clnt.h:496
rpc_sspi_data
Definition: auth_sspi.c:53
rpc_sspi_data::name
sspi_name_t name
Definition: auth_sspi.c:59
rpc_sspi_data::gc
struct rpc_sspi_cred gc
Definition: auth_sspi.c:62
rpc_sspi_data::sec
struct rpc_sspi_sec * sec
Definition: auth_sspi.c:60
rpc_sspi_data::clnt
CLIENT * clnt
Definition: auth_sspi.c:58
rpc_sspi_data::ctx
CtxtHandle ctx
Definition: auth_sspi.c:61

Referenced by authsspi_create_default().

◆ authsspi_create_default()

AUTH * authsspi_create_default ( CLIENT clnt,
char service,
int  svc 
)

Definition at line 133 of file auth_sspi.c.

134{
135 AUTH *auth = NULL;
136 uint32_t maj_stat = 0;
137 sspi_buffer_desc sname;
138 sspi_name_t name = SSPI_C_NO_NAME;
139 unsigned char sec_pkg_name[] = "Kerberos";
140 struct rpc_sspi_sec *sec;
141
142 log_debug("in authgss_create_default() for %s", service);
143
144 sname.value = service;
145 sname.length = (int)strlen(service);
146#if 0
147 maj_stat = gss_import_name(&min_stat, &sname,
148 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
149 &name);
150#else
151 maj_stat = sspi_import_name(&sname, &name);
152#endif
153 if (maj_stat != SEC_E_OK) {
154 log_debug("authgss_create_default: sspi_import_name failed with %x", maj_stat);
155 return (NULL);
156 }
157 sec = calloc(1, sizeof(struct rpc_sspi_sec));
158 if (sec == NULL)
159 goto out_err;
160 sec->svc = svc;
161 // Let's acquire creds here for now
162 maj_stat = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_BOTH,
163 NULL, NULL, NULL, NULL, &sec->cred, &sec->expiry);
164 if (maj_stat != SEC_E_OK) {
165 log_debug("authgss_create_default: AcquireCredentialsHandleA failed with %x", maj_stat);
166 free(sec);
167 goto out;
168 }
169
170 auth = authsspi_create(clnt, name, sec);
171 if (auth == NULL)
172 goto out_free_sec;
173
174out:
175 if (name != SSPI_C_NO_NAME) {
176#if 0
177 gss_release_name(&min_stat, &name);
178#else
179 free(name);
180#endif
181 }
182
183 return (auth);
184out_free_sec:
185 if (rpc_createerr.cf_error.re_errno == ENOMEM) {
186 FreeCredentialsHandle(&sec->cred);
187 free(sec);
188 }
189out_err:
190 rpc_createerr.cf_stat = RPC_SYSTEMERROR;
191 rpc_createerr.cf_error.re_errno = ENOMEM;
192 goto out;
193}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
authsspi_create
AUTH * authsspi_create(CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
Definition: auth_sspi.c:74
sspi_import_name
uint32_t sspi_import_name(sspi_buffer_desc *name_in, sspi_name_t *name_out)
Definition: auth_sspi.c:735
sspi_name_t
#define sspi_name_t
Definition: auth_sspi.h:46
uint32_t
UINT32 uint32_t
Definition: types.h:75
int
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
sec_pkg_name
static char sec_pkg_name[]
Definition: ntlm.c:180
SECPKG_CRED_BOTH
#define SECPKG_CRED_BOTH
Definition: sspi.h:292
out
static FILE * out
Definition: regtests2xml.c:44
_sspi_buffer_desc
Definition: auth_sspi.h:54
_sspi_buffer_desc::length
int length
Definition: auth_sspi.h:55
_sspi_buffer_desc::value
void * value
Definition: auth_sspi.h:56
rpc_sspi_sec
Definition: auth_sspi.h:64
rpc_sspi_sec::expiry
TimeStamp expiry
Definition: auth_sspi.h:70
rpc_sspi_sec::svc
rpc_sspi_svc_t svc
Definition: auth_sspi.h:67
rpc_sspi_sec::cred
CredHandle cred
Definition: auth_sspi.h:68
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
AcquireCredentialsHandleA
SECURITY_STATUS WINAPI AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialsUse, PLUID pvLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn, PVOID pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
Definition: wrapper.c:59
FreeCredentialsHandle
SECURITY_STATUS WINAPI FreeCredentialsHandle(PCredHandle phCredential)
Definition: wrapper.c:151

Referenced by create_new_rpc_auth(), and create_rpcsec_auth_client().

◆ authsspi_destroy()

static void authsspi_destroy ( AUTH auth)
static

Definition at line 596 of file auth_sspi.c.

597{
598 struct rpc_sspi_data *gd;
599
600 log_debug("in authgss_destroy()");
601
602 gd = AUTH_PRIVATE(auth);
603 if (gd == NULL) return;
604
605 authsspi_destroy_context(auth);
606
607#if 0
608 if (gd->name != SSPI_C_NO_NAME)
609 gss_release_name(&min_stat, &gd->name);
610#else
611 free(gd->name);
612#endif
613 FreeCredentialsHandle(&gd->sec->cred);
614 free(gd->sec);
615 free(gd);
616 free(auth);
617}
authsspi_destroy_context
static void authsspi_destroy_context(AUTH *auth)
Definition: auth_sspi.c:561
AUTH_PRIVATE
#define AUTH_PRIVATE(auth)
Definition: auth_sspi.c:67

Referenced by authsspi_refresh().

◆ authsspi_destroy_context()

static void authsspi_destroy_context ( AUTH auth)
static

Definition at line 561 of file auth_sspi.c.

562{
563 struct rpc_sspi_data *gd;
564
565 log_debug("in authgss_destroy_context()");
566
567 gd = AUTH_PRIVATE(auth);
568 if (gd == NULL) return;
569
570 if (SecIsValidHandle(&gd->ctx)) {
571 if (gd->established) {
572 gd->gc.gc_proc = RPCSEC_SSPI_DESTROY;
573 clnt_call(gd->clnt, NULLPROC, (xdrproc_t)xdr_void, NULL,
574 (xdrproc_t)xdr_void, NULL, AUTH_TIMEOUT);
575 DeleteSecurityContext(&gd->ctx);
576 }
577 sspi_release_buffer(&gd->gc.gc_ctx);
578 SecInvalidateHandle(&gd->ctx);
579#if 0
580 gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
581 /* XXX ANDROS check size of context - should be 8 */
582 memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
583 gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
584#endif
585 }
586
587 /* free saved wire verifier (if any) */
588 mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
589 gd->gc_wire_verf.value = NULL;
590 gd->gc_wire_verf.length = 0;
591
592 gd->established = FALSE;
593}
xdr_void
bool_t xdr_void(void)
Definition: xdr.c:92
AUTH_TIMEOUT
static struct timeval AUTH_TIMEOUT
Definition: auth_sspi.c:69
sspi_release_buffer
void sspi_release_buffer(sspi_buffer_desc *buf)
Definition: auth_sspi.c:727
RPCSEC_SSPI_DESTROY
@ RPCSEC_SSPI_DESTROY
Definition: auth_sspi.h:34
NULLPROC
#define NULLPROC
Definition: clnt.h:294
clnt_call
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
mem_free
#define mem_free(ptr, bsize)
Definition: types.h:124
FALSE
#define FALSE
Definition: types.h:117
SecIsValidHandle
#define SecIsValidHandle(x)
Definition: sspi.h:63
rpc_sspi_data::gc_wire_verf
sspi_buffer_desc gc_wire_verf
Definition: auth_sspi.c:56
rpc_sspi_data::established
bool_t established
Definition: auth_sspi.c:54
DeleteSecurityContext
SECURITY_STATUS WINAPI DeleteSecurityContext(PCtxtHandle phContext)
Definition: wrapper.c:450
xdrproc_t
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144

Referenced by authsspi_destroy(), authsspi_marshal(), authsspi_refresh(), and authsspi_validate().

◆ authsspi_marshal()

static bool_t authsspi_marshal ( AUTH auth,
XDR xdrs,
u_int seq 
)
static

Definition at line 203 of file auth_sspi.c.

204{
205 XDR tmpxdrs;
206 char tmp[MAX_AUTH_BYTES];
207 struct rpc_sspi_data *gd;
208 sspi_buffer_desc rpcbuf, checksum;
209 uint32_t maj_stat;
210 bool_t xdr_stat;
211
212 log_debug("in authgss_marshal()");
213
214 gd = AUTH_PRIVATE(auth);
215
216 if (gd->established) {
217 gd->gc.gc_seq++;
218 *seq = gd->gc.gc_seq;
219 }
220
221 xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
222
223 if (!xdr_rpc_sspi_cred(&tmpxdrs, &gd->gc)) {
224 log_debug("authsspi_marshal: xdr_rpc_sspi_cred failed");
225 XDR_DESTROY(&tmpxdrs);
226 return (FALSE);
227 }
228 auth->ah_cred.oa_flavor = RPCSEC_GSS;
229 auth->ah_cred.oa_base = tmp;
230 auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
231
232 XDR_DESTROY(&tmpxdrs);
233
234 if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) {
235 log_debug("authsspi_marshal: failed to xdr GSS CRED");
236 return (FALSE);
237 }
238 if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
239 gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
240 return (xdr_opaque_auth(xdrs, &_null_auth));
241 }
242 /* Checksum serialized RPC header, up to and including credential. */
243 rpcbuf.length = XDR_GETPOS(xdrs) - 4;
244 //XDR_SETPOS(xdrs, 0);
245 //rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
246 rpcbuf.value = xdrrec_getoutbase(xdrs) + 1;
247
248#if 0
249 maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
250 &rpcbuf, &checksum);
251#else
252 maj_stat = sspi_get_mic(&gd->ctx, 0, gd->gc.gc_seq, &rpcbuf, &checksum);
253#endif
254 if (maj_stat != SEC_E_OK) {
255 log_debug("authsspi_marshal: sspi_get_mic failed with %x", maj_stat);
256 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
257 gd->established = FALSE;
258 authsspi_destroy_context(auth);
259 }
260 return (FALSE);
261 }
262 auth->ah_verf.oa_flavor = RPCSEC_GSS;
263 auth->ah_verf.oa_base = checksum.value;
264 auth->ah_verf.oa_length = checksum.length;
265 xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
266#if 0
267 gss_release_buffer(&min_stat, &checksum);
268#else
269 sspi_release_buffer(&checksum);
270#endif
271 return (xdr_stat);
272}
xdr_opaque_auth
bool_t xdr_opaque_auth()
sspi_get_mic
uint32_t sspi_get_mic(PCtxtHandle ctx, u_int qop, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
Definition: auth_sspi.c:659
RPCSEC_SSPI_CONTINUE_INIT
@ RPCSEC_SSPI_CONTINUE_INIT
Definition: auth_sspi.h:33
xdr_rpc_sspi_cred
bool_t xdr_rpc_sspi_cred(XDR *xdrs, struct rpc_sspi_cred *p)
Definition: authsspi_prot.c:34
MAX_AUTH_BYTES
#define MAX_AUTH_BYTES
Definition: auth.h:77
bool_t
int32_t bool_t
Definition: types.h:101
checksum
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
RPCSEC_GSS
#define RPCSEC_GSS
Definition: nfs41_ops.h:867
_null_auth
struct opaque_auth _null_auth
Definition: rpc_commondata.c:37
__auth::ah_cred
struct opaque_auth ah_cred
Definition: auth.h:206
__auth::ah_verf
struct opaque_auth ah_verf
Definition: auth.h:207
__rpc_xdr
Definition: xdr.h:103
SEC_E_NO_AUTHENTICATING_AUTHORITY
#define SEC_E_NO_AUTHENTICATING_AUTHORITY
Definition: winerror.h:2926
XDR_ENCODE
@ XDR_ENCODE
Definition: xdr.h:85
XDR_DESTROY
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
XDR_GETPOS
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
xdrmem_create
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94
xdrrec_getoutbase
int32_t * xdrrec_getoutbase(XDR *xdrs)
Definition: xdr_rec.c:415

◆ authsspi_nextverf()

static void authsspi_nextverf ( AUTH auth)
static

Definition at line 196 of file auth_sspi.c.

197{
198 log_debug("in authgss_nextverf()");
199 /* no action necessary */
200}

◆ authsspi_refresh()

static bool_t authsspi_refresh ( AUTH auth,
void tmp 
)
static

Definition at line 343 of file auth_sspi.c.

344{
345 struct rpc_sspi_data *gd;
346 struct rpc_sspi_init_res gr;
347 sspi_buffer_desc *recv_tokenp, send_token;
348 uint32_t maj_stat, call_stat, ret_flags, i;
349 unsigned long flags =
350 ISC_REQ_MUTUAL_AUTH|ISC_REQ_INTEGRITY|ISC_REQ_ALLOCATE_MEMORY;
351 SecBufferDesc out_desc, in_desc;
352 SecBuffer wtkn[1], rtkn[1];
353
354 log_debug("in authgss_refresh()");
355
356 gd = AUTH_PRIVATE(auth);
357
358 if ((gd->established && tmp == NULL) || gd->inprogress)
359 return (TRUE);
360 else if (tmp) {
361 log_debug("trying to refresh credentials\n");
362 DeleteSecurityContext(&gd->ctx);
363 sspi_release_buffer(&gd->gc.gc_ctx);
364 SecInvalidateHandle(&gd->ctx);
365 mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
366 gd->gc_wire_verf.value = NULL;
367 gd->gc_wire_verf.length = 0;
368 gd->established = FALSE;
369 gd->gc.gc_proc = RPCSEC_SSPI_INIT;
370 }
371
372 /* GSS context establishment loop. */
373 memset(&gr, 0, sizeof(gr));
374 recv_tokenp = SSPI_C_NO_BUFFER;
375 send_token.length = 0;
376 send_token.value = NULL;
377
378 print_rpc_gss_sec(gd->sec);
379
380 if (gd->sec->svc == RPCSEC_SSPI_SVC_PRIVACY)
381 flags |= ISC_REQ_CONFIDENTIALITY;
382
383 for (i=0;;i++) {
384 /* print the token we just received */
385 if (recv_tokenp != SSPI_C_NO_BUFFER) {
386 log_debug("The token we just received (length %d):",
387 recv_tokenp->length);
388 log_hexdump(0, "", recv_tokenp->value, recv_tokenp->length, 0);
389 }
390#if 0
391 maj_stat = gss_init_sec_context(&min_stat,
392 gd->sec.cred,
393 &gd->ctx,
394 gd->name,
395 gd->sec.mech,
396 gd->sec.req_flags,
397 0, /* time req */
398 NULL, /* channel */
399 recv_tokenp,
400 NULL, /* used mech */
401 &send_token,
402 &ret_flags,
403 NULL); /* time rec */
404#else
405 gd->inprogress = TRUE;
406 out_desc.cBuffers = 1;
407 out_desc.pBuffers = wtkn;
408 out_desc.ulVersion = SECBUFFER_VERSION;
409 wtkn[0].BufferType = SECBUFFER_TOKEN;
410 wtkn[0].cbBuffer = send_token.length;
411 wtkn[0].pvBuffer = send_token.value;
412 log_debug("calling InitializeSecurityContextA for %s", gd->name);
413
414 maj_stat = InitializeSecurityContextA(
415 &gd->sec->cred,
416 ((i==0)?NULL:&gd->ctx),
417 gd->name,
418 flags,
419 0,
420 SECURITY_NATIVE_DREP,
421 ((i==0)?NULL:&in_desc),
422 0,
423 &gd->ctx,
424 &out_desc,
425 &ret_flags,
426 &gd->expiry);
427#endif
428 if (recv_tokenp != SSPI_C_NO_BUFFER) {
429#if 0
430 gss_release_buffer(&min_stat, &gr.gr_token);
431#else
432 sspi_release_buffer(&gr.gr_token);
433#endif
434 recv_tokenp = SSPI_C_NO_BUFFER;
435 }
436 if (maj_stat != SEC_E_OK && maj_stat != SEC_I_CONTINUE_NEEDED) {
437 log_debug("InitializeSecurityContext failed with %x", maj_stat);
438 break;
439 }
440 send_token.length = wtkn[0].cbBuffer;
441 send_token.value = wtkn[0].pvBuffer;
442 if (send_token.length != 0) {
443 memset(&gr, 0, sizeof(gr));
444
445 /* print the token we are about to send */
446 log_debug("The token being sent (length %d):",
447 send_token.length);
448 log_hexdump(0, "", send_token.value, send_token.length, 0);
449
450 call_stat = clnt_call(gd->clnt, NULLPROC,
451 (xdrproc_t)xdr_rpc_sspi_init_args,
452 &send_token,
453 (xdrproc_t)xdr_rpc_sspi_init_res,
454 (caddr_t)&gr, AUTH_TIMEOUT);
455#if 0
456 gss_release_buffer(&min_stat, &send_token);
457#else
458 // 11/29/2010 [aglo] can't call sspi_relase_buffer, causes heap
459 // corruption (later) to try and free the buffer directly.
460 FreeContextBuffer(send_token.value);
461#endif
462 if (call_stat != RPC_SUCCESS ||
463 (gr.gr_major != SEC_E_OK &&
464 gr.gr_major != SEC_I_CONTINUE_NEEDED))
465 break;
466
467 if (gr.gr_ctx.length != 0) {
468#if 0
469 if (gd->gc.gc_ctx.value)
470 gss_release_buffer(&min_stat,
471 &gd->gc.gc_ctx);
472#else
473 sspi_release_buffer(&gd->gc.gc_ctx);
474#endif
475 gd->gc.gc_ctx = gr.gr_ctx;
476 }
477 if (gr.gr_token.length != 0) {
478 if (maj_stat != SEC_I_CONTINUE_NEEDED)
479 break;
480 recv_tokenp = &gr.gr_token;
481 in_desc.cBuffers = 1;
482 in_desc.pBuffers = rtkn;
483 in_desc.ulVersion = SECBUFFER_VERSION;
484 rtkn[0].BufferType = SECBUFFER_TOKEN;
485 rtkn[0].cbBuffer = gr.gr_token.length;
486 rtkn[0].pvBuffer = gr.gr_token.value;
487 }
488 gd->gc.gc_proc = RPCSEC_SSPI_CONTINUE_INIT;
489 }
490
491 /* GSS_S_COMPLETE => check gss header verifier,
492 * usually checked in gss_validate
493 */
494 if (maj_stat == SEC_E_OK) {
495 sspi_buffer_desc bufin;
496 u_int seq, qop_state = 0;
497
498 print_negotiated_attrs(&gd->ctx);
499
500 seq = htonl(gr.gr_win);
501 bufin.value = (unsigned char *)&seq;
502 bufin.length = sizeof(seq);
503#if 0
504 maj_stat = gss_verify_mic(&min_stat, gd->ctx,
505 &bufin, &bufout, &qop_state);
506#else
507 maj_stat = sspi_verify_mic(&gd->ctx, 0, &bufin, &gd->gc_wire_verf, &qop_state);
508#endif
509 if (maj_stat != SEC_E_OK) {
510 log_debug("authgss_refresh: sspi_verify_mic failed with %x", maj_stat);
511 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
512 gd->established = FALSE;
513 authsspi_destroy_context(auth);
514 }
515 break;
516 }
517 gd->established = TRUE;
518 gd->inprogress = FALSE;
519 gd->gc.gc_proc = RPCSEC_SSPI_DATA;
520 gd->gc.gc_seq = 0;
521 gd->win = gr.gr_win;
522 log_debug("authgss_refresh: established GSS context");
523 break;
524 }
525 }
526 /* End context negotiation loop. */
527 if (gd->gc.gc_proc != RPCSEC_SSPI_DATA) {
528 if (gr.gr_token.length != 0)
529#if 0
530 gss_release_buffer(&min_stat, &gr.gr_token);
531#else
532 sspi_release_buffer(&gr.gr_token);
533#endif
534 authsspi_destroy(auth);
535 auth = NULL;
536 rpc_createerr.cf_stat = RPC_AUTHERROR;
537
538 return (FALSE);
539 }
540 return (TRUE);
541}
print_negotiated_attrs
void print_negotiated_attrs(PCtxtHandle ctx)
Definition: auth_sspi.c:904
log_hexdump
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
Definition: auth_sspi.c:942
authsspi_destroy
static void authsspi_destroy(AUTH *auth)
Definition: auth_sspi.c:596
sspi_verify_mic
uint32_t sspi_verify_mic(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *qop_state)
Definition: auth_sspi.c:699
print_rpc_gss_sec
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
Definition: auth_sspi.c:859
SSPI_C_NO_BUFFER
#define SSPI_C_NO_BUFFER
Definition: auth_sspi.h:60
RPCSEC_SSPI_DATA
@ RPCSEC_SSPI_DATA
Definition: auth_sspi.h:31
RPCSEC_SSPI_SVC_PRIVACY
@ RPCSEC_SSPI_SVC_PRIVACY
Definition: auth_sspi.h:41
xdr_rpc_sspi_init_args
bool_t xdr_rpc_sspi_init_args(XDR *xdrs, sspi_buffer_desc *p)
Definition: authsspi_prot.c:56
xdr_rpc_sspi_init_res
bool_t xdr_rpc_sspi_init_res(XDR *xdrs, struct rpc_sspi_init_res *p)
Definition: authsspi_prot.c:72
RPC_SUCCESS
@ RPC_SUCCESS
Definition: clnt_stat.h:22
RPC_AUTHERROR
@ RPC_AUTHERROR
Definition: clnt_stat.h:38
u_int
UINT32 u_int
Definition: types.h:82
TRUE
#define TRUE
Definition: types.h:120
flags
GLbitfield flags
Definition: glext.h:7161
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
htonl
#define htonl(x)
Definition: module.h:214
ISC_REQ_CONFIDENTIALITY
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:366
ISC_REQ_ALLOCATE_MEMORY
#define ISC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:370
SECBUFFER_TOKEN
#define SECBUFFER_TOKEN
Definition: sspi.h:161
SECURITY_NATIVE_DREP
#define SECURITY_NATIVE_DREP
Definition: sspi.h:473
ISC_REQ_INTEGRITY
#define ISC_REQ_INTEGRITY
Definition: sspi.h:378
ISC_REQ_MUTUAL_AUTH
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:363
SECBUFFER_VERSION
#define SECBUFFER_VERSION
Definition: sspi.h:187
caddr_t
char * caddr_t
Definition: rosdhcp.h:36
FreeContextBuffer
SECURITY_STATUS WINAPI FreeContextBuffer(PVOID pv)
Definition: sspi.c:699
_SecBufferDesc
Definition: sspi.h:180
_SecBufferDesc::cBuffers
ULONG cBuffers
Definition: sspi.h:182
_SecBufferDesc::ulVersion
ULONG ulVersion
Definition: sspi.h:181
_SecBuffer
Definition: sspi.h:152
_SecBuffer::BufferType
ULONG BufferType
Definition: sspi.h:154
_SecBuffer::cbBuffer
ULONG cbBuffer
Definition: sspi.h:153
define::value
char * value
Definition: compiler.c:67
rpc_sspi_data::expiry
TimeStamp expiry
Definition: auth_sspi.c:64
rpc_sspi_data::inprogress
bool_t inprogress
Definition: auth_sspi.c:55
rpc_sspi_data::win
u_int win
Definition: auth_sspi.c:63
rpc_sspi_init_res
Definition: auth_sspi.h:83
SEC_I_CONTINUE_NEEDED
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
InitializeSecurityContextA
SECURITY_STATUS WINAPI InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
Definition: wrapper.c:237

Referenced by authsspi_create().

◆ authsspi_service()

bool_t authsspi_service ( AUTH auth,
int  svc 
)

Definition at line 544 of file auth_sspi.c.

545{
546 struct rpc_sspi_data *gd;
547
548 log_debug("in authgss_service()");
549
550 if (!auth)
551 return(FALSE);
552 gd = AUTH_PRIVATE(auth);
553 if (!gd || !gd->established)
554 return (FALSE);
555 gd->sec->svc = svc;
556 gd->gc.gc_svc = svc;
557 return (TRUE);
558}

◆ authsspi_unwrap()

bool_t authsspi_unwrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr,
u_int  seq 
)
static

Definition at line 637 of file auth_sspi.c.

638{
639 struct rpc_sspi_data *gd;
640
641 log_debug("in authgss_unwrap()");
642
643 gd = AUTH_PRIVATE(auth);
644
645 if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
646 return ((*xdr_func)(xdrs, xdr_ptr));
647 }
648 return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
649 &gd->ctx, gd->sec->qop,
650 gd->sec->svc, seq));
651}
RPCSEC_SSPI_SVC_NONE
@ RPCSEC_SSPI_SVC_NONE
Definition: auth_sspi.h:39
xdr_rpc_sspi_data
bool_t xdr_rpc_sspi_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, PCtxtHandle ctx, sspi_qop_t qop, rpc_sspi_svc_t svc, u_int seq)
Definition: authsspi_prot.c:288

◆ authsspi_validate()

static bool_t authsspi_validate ( AUTH auth,
struct opaque_auth verf,
u_int  seq 
)
static

Definition at line 275 of file auth_sspi.c.

276{
277 struct rpc_sspi_data *gd;
278 u_int num, qop_state, cur_seq;
279 sspi_buffer_desc signbuf, checksum;
280 uint32_t maj_stat;
281
282 log_debug("in authgss_validate(for seq=%d)", seq);
283
284 gd = AUTH_PRIVATE(auth);
285
286 if (gd->established == FALSE) {
287 /* would like to do this only on NULL rpc --
288 * gc->established is good enough.
289 * save the on the wire verifier to validate last
290 * INIT phase packet after decode if the major
291 * status is GSS_S_COMPLETE
292 */
293 if ((gd->gc_wire_verf.value =
294 mem_alloc(verf->oa_length)) == NULL) {
295 return (FALSE);
296 }
297 memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
298 gd->gc_wire_verf.length = verf->oa_length;
299 return (TRUE);
300 }
301
302 if (gd->gc.gc_proc == RPCSEC_SSPI_DESTROY)
303 return TRUE;
304
305 if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
306 gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
307 num = htonl(gd->win);
308 }
309 else {
310 if (seq == -1) {
311 num = htonl(gd->gc.gc_seq);
312 cur_seq = gd->gc.gc_seq;
313 }
314 else {
315 num = htonl(seq);
316 cur_seq = seq;
317 }
318 }
319
320 signbuf.value = &num;
321 signbuf.length = sizeof(num);
322
323 checksum.value = verf->oa_base;
324 checksum.length = verf->oa_length;
325#if 0
326 maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
327 &checksum, &qop_state);
328#else
329 maj_stat = sspi_verify_mic(&gd->ctx, cur_seq, &signbuf, &checksum, &qop_state);
330#endif
331 if (maj_stat != SEC_E_OK) {
332 log_debug("authsspi_validate: VerifySignature failed with %x", maj_stat);
333 if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
334 gd->established = FALSE;
335 authsspi_destroy_context(auth);
336 }
337 return (FALSE);
338 }
339 return (TRUE);
340}
mem_alloc
#define mem_alloc(bsize)
Definition: types.h:123
num
GLuint GLuint num
Definition: glext.h:9618
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
opaque_auth::oa_length
u_int oa_length
Definition: auth.h:198
opaque_auth::oa_base
caddr_t oa_base
Definition: auth.h:197

◆ authsspi_wrap()

bool_t authsspi_wrap ( AUTH auth,
XDR xdrs,
xdrproc_t  xdr_func,
caddr_t  xdr_ptr 
)
static

Definition at line 620 of file auth_sspi.c.

621{
622 struct rpc_sspi_data *gd;
623
624 log_debug("in authgss_wrap()");
625
626 gd = AUTH_PRIVATE(auth);
627
628 if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
629 return ((*xdr_func)(xdrs, xdr_ptr));
630 }
631 return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
632 &gd->ctx, gd->sec->qop,
633 gd->sec->svc, gd->gc.gc_seq));
634}

◆ log_debug()

void log_debug ( const char fmt,
  ... 
)

Definition at line 977 of file auth_sspi.c.

978{
979 va_list ap;
980
981 va_start(ap, fmt);
982 fprintf(fd_out, "%04x: rpcsec_gss: ", GetCurrentThreadId());
983 vfprintf(fd_out, fmt, ap);
984 fprintf(fd_out, "\n");
985 fflush(fd_out);
986 va_end(ap);
987}
va_list
char * va_list
Definition: acmsvcex.h:78
va_end
#define va_end(ap)
Definition: acmsvcex.h:90
va_start
#define va_start(ap, A)
Definition: acmsvcex.h:91
fd_out
#define fd_out
Definition: auth_sspi.c:858
fprintf
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
fflush
_Check_return_opt_ _CRTIMP int __cdecl fflush(_Inout_opt_ FILE *_File)
vfprintf
_Check_return_opt_ _CRTIMP int __cdecl vfprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format, va_list _ArgList)
fmt
Definition: dsound.c:943
GetCurrentThreadId
DWORD WINAPI GetCurrentThreadId(void)
Definition: thread.c:459
ap
void int int ULONGLONG int va_list * ap
Definition: winesup.h:36

Referenced by _svcauth_gss(), authgss_create(), authgss_create_default(), authgss_destroy(), authgss_destroy_context(), authgss_get_private_data(), authgss_marshal(), authgss_nextverf(), authgss_refresh(), authgss_service(), authgss_unwrap(), authgss_validate(), authgss_wrap(), authsspi_create(), authsspi_create_default(), authsspi_destroy(), authsspi_destroy_context(), authsspi_marshal(), authsspi_nextverf(), authsspi_refresh(), authsspi_service(), authsspi_unwrap(), authsspi_validate(), authsspi_wrap(), print_negotiated_attrs(), sspi_import_name(), svcauth_gss_accept_sec_context(), svcauth_gss_acquire_cred(), svcauth_gss_destroy(), svcauth_gss_import_name(), svcauth_gss_nextverf(), svcauth_gss_release_cred(), svcauth_gss_set_svc_name(), svcauth_gss_unwrap(), svcauth_gss_validate(), svcauth_gss_wrap(), xdr_rpc_sspi_cred(), xdr_rpc_sspi_init_args(), xdr_rpc_sspi_init_res(), xdr_rpc_sspi_unwrap_data(), and xdr_rpc_sspi_wrap_data().

◆ log_hexdump()

void log_hexdump ( bool_t  on,
const u_char title,
const u_char buf,
int  len,
int  offset 
)

Definition at line 942 of file auth_sspi.c.

944{
945 int i, j, jm, c;
946
947 if (!on) return;
948
949 fprintf(fd_out, "%04x: %s (len=%d)\n", GetCurrentThreadId(), title, len);
950 for (i = 0; i < len; i += 0x10) {
951 fprintf(fd_out, " %04x: ", (u_int)(i + offset));
952 jm = len - i;
953 jm = jm > 16 ? 16 : jm;
954
955 for (j = 0; j < jm; j++) {
956 if ((j % 2) == 1)
957 fprintf(fd_out, "%02x ", (u_int) buf[i+j]);
958 else
959 fprintf(fd_out, "%02x", (u_int) buf[i+j]);
960 }
961 for (; j < 16; j++) {
962 if ((j % 2) == 1) fprintf(fd_out, " ");
963 else fprintf(fd_out, " ");
964 }
965 fprintf(fd_out, " ");
966
967 for (j = 0; j < jm; j++) {
968 c = buf[i+j];
969 c = isprint(c) ? c : '.';
970 fprintf(fd_out, "%c", c);
971 }
972 fprintf(fd_out, "\n");
973 }
974 fflush(fd_out);
975}
isprint
#define isprint(c)
Definition: acclib.h:73
c
const GLubyte * c
Definition: glext.h:8905
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
len
GLenum GLsizei len
Definition: glext.h:6722
offset
GLintptr offset
Definition: glext.h:5920
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
c
#define c
Definition: ke_i.h:80
title
static char title[]
Definition: ps.c:92

Referenced by authgss_refresh(), authsspi_refresh(), sspi_get_mic(), sspi_unwrap(), sspi_verify_mic(), and sspi_wrap().

◆ print_negotiated_attrs()

void print_negotiated_attrs ( PCtxtHandle  ctx)

Definition at line 904 of file auth_sspi.c.

905{
906 SecPkgContext_Sizes ContextSizes;
907 unsigned long flags;
908 uint32_t maj_stat;
909
910 maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_FLAGS, &flags);
911 if (maj_stat != SEC_E_OK) return;
912
913 log_debug("negotiated flags %x\n", flags);
914 if (flags & ISC_REQ_DELEGATE) log_debug("ISC_REQ_DELEGATE");
915 if (flags & ISC_REQ_MUTUAL_AUTH) log_debug("ISC_REQ_MUTUAL_AUTH");
916 if (flags & ISC_REQ_REPLAY_DETECT) log_debug("ISC_REQ_REPLAY_DETECT");
917 if (flags & ISC_REQ_SEQUENCE_DETECT) log_debug("ISC_REQ_SEQUENCE_DETECT");
918 if (flags & ISC_REQ_CONFIDENTIALITY) log_debug("ISC_REQ_CONFIDENTIALITY");
919 if (flags & ISC_REQ_USE_SESSION_KEY) log_debug("ISC_REQ_USE_SESSION_KEY");
920 if (flags & ISC_REQ_PROMPT_FOR_CREDS) log_debug("ISC_REQ_PROMPT_FOR_CREDS");
921 if (flags & ISC_REQ_USE_SUPPLIED_CREDS) log_debug("ISC_REQ_USE_SUPPLIED_CREDS");
922 if (flags & ISC_REQ_ALLOCATE_MEMORY) log_debug("ISC_REQ_ALLOCATE_MEMORY");
923 if (flags & ISC_REQ_USE_DCE_STYLE) log_debug("ISC_REQ_USE_DCE_STYLE");
924 if (flags & ISC_REQ_DATAGRAM) log_debug("ISC_REQ_DATAGRAM");
925 if (flags & ISC_REQ_CONNECTION) log_debug("ISC_REQ_CONNECTION");
926 if (flags & ISC_REQ_CALL_LEVEL) log_debug("ISC_REQ_CALL_LEVEL");
927 if (flags & ISC_REQ_FRAGMENT_SUPPLIED) log_debug("ISC_REQ_FRAGMENT_SUPPLIED");
928 if (flags & ISC_REQ_EXTENDED_ERROR) log_debug("ISC_REQ_EXTENDED_ERROR");
929 if (flags & ISC_REQ_STREAM) log_debug("ISC_REQ_STREAM");
930 if (flags & ISC_REQ_INTEGRITY) log_debug("ISC_REQ_INTEGRITY");
931 if (flags & ISC_REQ_IDENTIFY) log_debug("ISC_REQ_IDENTIFY");
932 if (flags & ISC_REQ_NULL_SESSION) log_debug("ISC_REQ_NULL_SESSION");
933 if (flags & ISC_REQ_MANUAL_CRED_VALIDATION) log_debug("ISC_REQ_MANUAL_CRED_VALIDATION");
934
935 maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
936 if (maj_stat != SEC_E_OK) return;
937
938 log_debug("signature size is %d\n", ContextSizes.cbMaxSignature);
939
940}
ISC_REQ_DATAGRAM
#define ISC_REQ_DATAGRAM
Definition: sspi.h:372
ISC_REQ_MANUAL_CRED_VALIDATION
#define ISC_REQ_MANUAL_CRED_VALIDATION
Definition: sspi.h:381
ISC_REQ_STREAM
#define ISC_REQ_STREAM
Definition: sspi.h:377
ISC_REQ_EXTENDED_ERROR
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:376
ISC_REQ_USE_SUPPLIED_CREDS
#define ISC_REQ_USE_SUPPLIED_CREDS
Definition: sspi.h:369
ISC_REQ_NULL_SESSION
#define ISC_REQ_NULL_SESSION
Definition: sspi.h:380
ISC_REQ_PROMPT_FOR_CREDS
#define ISC_REQ_PROMPT_FOR_CREDS
Definition: sspi.h:368
ISC_REQ_SEQUENCE_DETECT
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:365
ISC_REQ_CALL_LEVEL
#define ISC_REQ_CALL_LEVEL
Definition: sspi.h:374
ISC_REQ_REPLAY_DETECT
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:364
ISC_REQ_DELEGATE
#define ISC_REQ_DELEGATE
Definition: sspi.h:362
ISC_REQ_FRAGMENT_SUPPLIED
#define ISC_REQ_FRAGMENT_SUPPLIED
Definition: sspi.h:375
ISC_REQ_USE_SESSION_KEY
#define ISC_REQ_USE_SESSION_KEY
Definition: sspi.h:367
SECPKG_ATTR_SIZES
#define SECPKG_ATTR_SIZES
Definition: sspi.h:521
ISC_REQ_IDENTIFY
#define ISC_REQ_IDENTIFY
Definition: sspi.h:379
SECPKG_ATTR_FLAGS
#define SECPKG_ATTR_FLAGS
Definition: sspi.h:535
ISC_REQ_CONNECTION
#define ISC_REQ_CONNECTION
Definition: sspi.h:373
ISC_REQ_USE_DCE_STYLE
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:371
_SecPkgContext_Sizes
Definition: sspi.h:560
_SecPkgContext_Sizes::cbMaxSignature
ULONG cbMaxSignature
Definition: sspi.h:562
QueryContextAttributesA
SECURITY_STATUS WINAPI QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: wrapper.c:505

Referenced by authsspi_refresh().

◆ print_rpc_gss_sec()

void print_rpc_gss_sec ( struct rpc_sspi_sec ptr)

Definition at line 859 of file auth_sspi.c.

860{
861 int i;
862 char *p;
863
864 fprintf(fd_out, "rpc_gss_sec:");
865 if(ptr->mech == NULL)
866 fprintf(fd_out, "NULL gss_OID mech");
867 else {
868 fprintf(fd_out, " mechanism_OID: {");
869 p = (char *)ptr->mech->elements;
870 for (i=0; i < ptr->mech->length; i++)
871 /* First byte of OIDs encoded to save a byte */
872 if (i == 0) {
873 int first, second;
874 if (*p < 40) {
875 first = 0;
876 second = *p;
877 }
878 else if (40 <= *p && *p < 80) {
879 first = 1;
880 second = *p - 40;
881 }
882 else if (80 <= *p && *p < 127) {
883 first = 2;
884 second = *p - 80;
885 }
886 else {
887 /* Invalid value! */
888 first = -1;
889 second = -1;
890 }
891 fprintf(fd_out, " %u %u", first, second);
892 p++;
893 }
894 else {
895 fprintf(fd_out, " %u", (unsigned char)*p++);
896 }
897 fprintf(fd_out, " }\n");
898 }
899 fprintf(fd_out, " qop: %d\n", ptr->qop);
900 fprintf(fd_out, " service: %d\n", ptr->svc);
901 fprintf(fd_out, " cred: %p\n", ptr->cred);
902}
first
const GLint * first
Definition: glext.h:5794
p
GLfloat GLfloat p
Definition: glext.h:8902
for
#define for
Definition: utility.h:88
ptr
static PVOID ptr
Definition: dispmode.c:27

Referenced by authgss_refresh(), and authsspi_refresh().

◆ sspi_get_mic()

uint32_t sspi_get_mic ( PCtxtHandle  ctx,
u_int  qop,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout 
)

Definition at line 659 of file auth_sspi.c.

661{
662#endif
663 uint32_t maj_stat;
664 SecPkgContext_Sizes ContextSizes;
665 SecBufferDesc desc;
666 SecBuffer sec_tkn[2];
667
668 log_hexdump(0, "sspi_get_mic: calculating checksum of", bufin->value, bufin->length, 0);
669
670 memset(&ContextSizes, 0, sizeof(ContextSizes));
671 maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
672 if (maj_stat != SEC_E_OK) return maj_stat;
673
674 if (ContextSizes.cbMaxSignature == 0) return SEC_E_INTERNAL_ERROR;
675
676 desc.cBuffers = 2;
677 desc.pBuffers = sec_tkn;
678 desc.ulVersion = SECBUFFER_VERSION;
679 sec_tkn[0].BufferType = SECBUFFER_DATA;
680 sec_tkn[0].cbBuffer = bufin->length;
681 sec_tkn[0].pvBuffer = bufin->value;
682 sec_tkn[1].BufferType = SECBUFFER_TOKEN;
683 sec_tkn[1].cbBuffer = ContextSizes.cbMaxSignature;
684 sec_tkn[1].pvBuffer = calloc(ContextSizes.cbMaxSignature, sizeof(char));
685 if (sec_tkn[1].pvBuffer == NULL) return SEC_E_INSUFFICIENT_MEMORY;
686
687 maj_stat = MakeSignature(ctx, 0, &desc, seq);
688 if (maj_stat == SEC_E_OK) {
689 bufout->length = sec_tkn[1].cbBuffer;
690 bufout->value = sec_tkn[1].pvBuffer;
691 log_hexdump(0, "sspi_get_mic: verifier is", bufout->value, bufout->length, 0);
692 } else
693 free(sec_tkn[1].pvBuffer);
694
695 return maj_stat;
696}
desc
static const WCHAR desc[]
Definition: protectdata.c:36
SECBUFFER_DATA
#define SECBUFFER_DATA
Definition: sspi.h:160
SEC_E_INTERNAL_ERROR
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
MakeSignature
SECURITY_STATUS WINAPI MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:623

Referenced by authsspi_marshal(), and xdr_rpc_sspi_wrap_data().

◆ sspi_import_name()

uint32_t sspi_import_name ( sspi_buffer_desc name_in,
sspi_name_t name_out 
)

Definition at line 735 of file auth_sspi.c.

736{
737 *name_out = calloc(name_in->length + 5, sizeof(char));
738 if (*name_out == NULL)
739 return SEC_E_INSUFFICIENT_MEMORY;
740
741 strcpy(*name_out, "nfs/");
742 strncat(*name_out, name_in->value, name_in->length);
743
744 log_debug("imported service name is: %s\n", *name_out);
745
746 return SEC_E_OK;
747}
strncat
char * strncat(char *DstString, const char *SrcString, ACPI_SIZE Count)
Definition: utclib.c:605
strcpy
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388

Referenced by authsspi_create_default().

◆ sspi_release_buffer()

void sspi_release_buffer ( sspi_buffer_desc buf)

Definition at line 727 of file auth_sspi.c.

728{
729 if (buf->value)
730 free(buf->value);
731 buf->value = NULL;
732 buf->length = 0;
733}

Referenced by authsspi_destroy_context(), authsspi_marshal(), authsspi_refresh(), xdr_rpc_sspi_unwrap_data(), and xdr_rpc_sspi_wrap_data().

◆ sspi_unwrap()

uint32_t sspi_unwrap ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int conf_state,
u_int qop_state 
)

Definition at line 810 of file auth_sspi.c.

813{
814#else
815uint32_t sspi_unwrap(void *dummy, u_int seq, sspi_buffer_desc *bufin,
816 sspi_buffer_desc *bufout, u_int *conf_state,
817 u_int *qop_state)
818{
819 PCtxtHandle ctx = dummy;
820#endif
821 uint32_t maj_stat;
822 SecBufferDesc BuffDesc;
823 SecBuffer SecBuff[2];
824 ULONG ulQop = 0;
825
826 BuffDesc.ulVersion = 0;
827 BuffDesc.cBuffers = 2;
828 BuffDesc.pBuffers = SecBuff;
829
830 SecBuff[0].cbBuffer = bufin->length;
831 SecBuff[0].BufferType = SECBUFFER_STREAM;
832 SecBuff[0].pvBuffer = bufin->value;
833
834 SecBuff[1].cbBuffer = 0;
835 SecBuff[1].BufferType = SECBUFFER_DATA;
836 SecBuff[1].pvBuffer = NULL;
837
838 log_hexdump(0, "cipher:", bufin->value, bufin->length, 0);
839
840 maj_stat = DecryptMessage(ctx, &BuffDesc, seq, &ulQop);
841 if (maj_stat != SEC_E_OK) return maj_stat;
842
843 bufout->length = SecBuff[1].cbBuffer;
844 bufout->value = malloc(bufout->length);
845 memcpy(bufout->value, SecBuff[1].pvBuffer, bufout->length);
846
847 log_hexdump(0, "data:", bufout->value, bufout->length, 0);
848
849 *conf_state = 1;
850 *qop_state = 0;
851
852 return SEC_E_OK;
853}
sspi_unwrap
uint32_t sspi_unwrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state, u_int *qop_state)
Definition: auth_sspi.c:810
malloc
#define malloc
Definition: debug_ros.c:4
SECBUFFER_STREAM
#define SECBUFFER_STREAM
Definition: sspi.h:169
_SecHandle
Definition: sspi.h:52
ULONG
uint32_t ULONG
Definition: typedefs.h:59
DecryptMessage
SECURITY_STATUS WINAPI DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:1036

Referenced by sspi_unwrap(), and xdr_rpc_sspi_unwrap_data().

◆ sspi_verify_mic()

uint32_t sspi_verify_mic ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int qop_state 
)

Definition at line 699 of file auth_sspi.c.

701{
702#else
703uint32_t sspi_verify_mic(void *dummy, u_int seq, sspi_buffer_desc *bufin,
704 sspi_buffer_desc *bufout, u_int *qop_state)
705{
706 PCtxtHandle ctx = dummy;
707#endif
708 SecBufferDesc desc;
709 SecBuffer sec_tkn[2];
710
711 desc.cBuffers = 2;
712 desc.pBuffers = sec_tkn;
713 desc.ulVersion = SECBUFFER_VERSION;
714 sec_tkn[0].BufferType = SECBUFFER_DATA;
715 sec_tkn[0].cbBuffer = bufin->length;
716 sec_tkn[0].pvBuffer = bufin->value;
717 sec_tkn[1].BufferType = SECBUFFER_TOKEN;
718 sec_tkn[1].cbBuffer = bufout->length;
719 sec_tkn[1].pvBuffer = bufout->value;
720
721 log_hexdump(0, "sspi_verify_mic: calculating checksum over", bufin->value, bufin->length, 0);
722 log_hexdump(0, "sspi_verify_mic: received checksum ", bufout->value, bufout->length, 0);
723
724 return VerifySignature(ctx, &desc, seq, qop_state);
725}
VerifySignature
SECURITY_STATUS WINAPI VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:653

Referenced by authsspi_refresh(), authsspi_validate(), sspi_verify_mic(), and xdr_rpc_sspi_unwrap_data().

◆ sspi_wrap()

uint32_t sspi_wrap ( PCtxtHandle  ctx,
u_int  seq,
sspi_buffer_desc bufin,
sspi_buffer_desc bufout,
u_int conf_state 
)

Definition at line 750 of file auth_sspi.c.

752{
753#else
754uint32_t sspi_wrap(void *dummy, u_int seq, sspi_buffer_desc *bufin,
755 sspi_buffer_desc *bufout, u_int *conf_state)
756{
757 PCtxtHandle ctx = dummy;
758#endif
759 uint32_t maj_stat;
760 SecBufferDesc BuffDesc;
761 SecBuffer SecBuff[3];
762 ULONG ulQop = 0;
763 SecPkgContext_Sizes ContextSizes;
764 PBYTE p;
765
766 maj_stat = QueryContextAttributes(ctx, SECPKG_ATTR_SIZES,
767 &ContextSizes);
768 if (maj_stat != SEC_E_OK)
769 goto out;
770
771 BuffDesc.ulVersion = 0;
772 BuffDesc.cBuffers = 3;
773 BuffDesc.pBuffers = SecBuff;
774
775 SecBuff[0].cbBuffer = ContextSizes.cbSecurityTrailer;
776 SecBuff[0].BufferType = SECBUFFER_TOKEN;
777 SecBuff[0].pvBuffer = malloc(ContextSizes.cbSecurityTrailer);
778
779 SecBuff[1].cbBuffer = bufin->length;
780 SecBuff[1].BufferType = SECBUFFER_DATA;
781 SecBuff[1].pvBuffer = bufin->value;
782 log_hexdump(0, "plaintext:", bufin->value, bufin->length, 0);
783
784 SecBuff[2].cbBuffer = ContextSizes.cbBlockSize;
785 SecBuff[2].BufferType = SECBUFFER_PADDING;
786 SecBuff[2].pvBuffer = malloc(ContextSizes.cbBlockSize);
787
788 maj_stat = EncryptMessage(ctx, ulQop, &BuffDesc, seq);
789 if (maj_stat != SEC_E_OK)
790 goto out_free;
791
792 bufout->length = SecBuff[0].cbBuffer + SecBuff[1].cbBuffer + SecBuff[2].cbBuffer;
793 p = bufout->value = malloc(bufout->length);
794 memcpy(p, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer);
795 p += SecBuff[0].cbBuffer;
796 memcpy(p, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer);
797 p += SecBuff[1].cbBuffer;
798 memcpy(p, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer);
799out_free:
800 free(SecBuff[0].pvBuffer);
801 free(SecBuff[2].pvBuffer);
802
803 if (!maj_stat)
804 log_hexdump(0, "cipher:", bufout->value, bufout->length, 0);
805out:
806 return maj_stat;
807}
sspi_wrap
uint32_t sspi_wrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state)
Definition: auth_sspi.c:750
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
SECBUFFER_PADDING
#define SECBUFFER_PADDING
Definition: sspi.h:168
QueryContextAttributes
#define QueryContextAttributes
Definition: sspi.h:512
_SecPkgContext_Sizes::cbBlockSize
ULONG cbBlockSize
Definition: sspi.h:563
_SecPkgContext_Sizes::cbSecurityTrailer
ULONG cbSecurityTrailer
Definition: sspi.h:564
EncryptMessage
SECURITY_STATUS WINAPI EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:1006

Referenced by sspi_wrap(), and xdr_rpc_sspi_wrap_data().

Variable Documentation

◆ AUTH_TIMEOUT

struct timeval AUTH_TIMEOUT = { 25, 0 }
static

Definition at line 69 of file auth_sspi.c.

Referenced by authsspi_destroy_context(), and authsspi_refresh().

◆ authsspi_ops

struct auth_ops authsspi_ops
static
Initial value:
= {
authsspi_nextverf,
authsspi_marshal,
authsspi_validate,
authsspi_refresh,
authsspi_destroy,
authsspi_wrap,
authsspi_unwrap
}
authsspi_validate
static bool_t authsspi_validate(AUTH *auth, struct opaque_auth *verf, u_int seq)
Definition: auth_sspi.c:275
authsspi_marshal
static bool_t authsspi_marshal(AUTH *auth, XDR *xdrs, u_int *seq)
Definition: auth_sspi.c:203
authsspi_wrap
static bool_t authsspi_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
Definition: auth_sspi.c:620
authsspi_unwrap
static bool_t authsspi_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
Definition: auth_sspi.c:637
authsspi_nextverf
static void authsspi_nextverf(AUTH *auth)
Definition: auth_sspi.c:196

Definition at line 43 of file auth_sspi.c.

Referenced by authsspi_create().