49 #include <netinet/in.h> 50 #include <gssapi/gssapi.h> 95 p = (
char *)
ptr->mech->elements;
104 else if (40 <= *
p && *
p < 80) {
108 else if (80 <= *
p && *
p < 127) {
143 #define AUTH_PRIVATE(auth) ((struct rpc_gss_data *)auth->ah_private) 150 AUTH *auth, *save_auth;
152 OM_uint32 min_stat = 0;
158 if ((auth =
calloc(
sizeof(*auth), 1)) ==
NULL) {
172 if (
name != GSS_C_NO_NAME) {
173 if (gss_duplicate_name(&min_stat,
name, &gd->
name)
188 gd->
ctx = GSS_C_NO_CONTEXT;
193 gd->
gc.gc_svc = gd->
sec.svc;
213 OM_uint32 maj_stat = 0, min_stat = 0;
214 gss_buffer_desc sname;
215 gss_name_t
name = GSS_C_NO_NAME;
217 log_debug(
"in authgss_create_default()");
220 sname.value = service;
221 sname.length =
strlen(service);
223 maj_stat = gss_import_name(&min_stat, &sname,
224 (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
227 if (maj_stat != GSS_S_COMPLETE) {
228 log_status(
"gss_import_name", maj_stat, min_stat);
235 if (
name != GSS_C_NO_NAME) {
239 gss_release_name(&min_stat, &
name);
250 log_debug(
"in authgss_get_private_data()");
281 OM_uint32 maj_stat, min_stat;
313 rpcbuf.value =
XDR_INLINE(xdrs, rpcbuf.length);
315 maj_stat = gss_get_mic(&min_stat, gd->
ctx, gd->
sec.qop,
318 if (maj_stat != GSS_S_COMPLETE) {
319 log_status(
"gss_get_mic", maj_stat, min_stat);
320 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
331 gss_release_buffer(&min_stat, &
checksum);
342 OM_uint32 maj_stat, min_stat;
371 signbuf.value = &
num;
372 signbuf.length =
sizeof(
num);
377 maj_stat = gss_verify_mic(&min_stat, gd->
ctx, &signbuf,
379 if (maj_stat != GSS_S_COMPLETE || qop_state != gd->
sec.qop) {
380 log_status(
"gss_verify_mic", maj_stat, min_stat);
381 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
395 gss_buffer_desc *recv_tokenp, send_token;
396 OM_uint32 maj_stat, min_stat, call_stat, ret_flags;
406 memset(&gr, 0,
sizeof(gr));
407 recv_tokenp = GSS_C_NO_BUFFER;
416 if (recv_tokenp != GSS_C_NO_BUFFER) {
417 log_debug(
"The token we just received (length %d):",
418 recv_tokenp->length);
419 log_hexdump(recv_tokenp->value, recv_tokenp->length, 0);
422 maj_stat = gss_init_sec_context(&min_stat,
436 if (recv_tokenp != GSS_C_NO_BUFFER) {
437 gss_release_buffer(&min_stat, &gr.
gr_token);
438 recv_tokenp = GSS_C_NO_BUFFER;
440 if (maj_stat != GSS_S_COMPLETE &&
441 maj_stat != GSS_S_CONTINUE_NEEDED) {
442 log_status(
"gss_init_sec_context", maj_stat, min_stat);
445 if (send_token.length != 0) {
446 memset(&gr, 0,
sizeof(gr));
450 log_debug(
"The token being sent (length %d):",
452 log_hexdump(send_token.value, send_token.length, 0);
461 gss_release_buffer(&min_stat, &send_token);
464 (gr.gr_major != GSS_S_COMPLETE &&
465 gr.gr_major != GSS_S_CONTINUE_NEEDED))
468 if (gr.gr_ctx.length != 0) {
469 if (gd->
gc.gc_ctx.value)
470 gss_release_buffer(&min_stat,
472 gd->
gc.gc_ctx = gr.gr_ctx;
474 if (gr.gr_token.length != 0) {
475 if (maj_stat != GSS_S_CONTINUE_NEEDED)
477 recv_tokenp = &gr.gr_token;
485 if (maj_stat == GSS_S_COMPLETE) {
486 gss_buffer_desc bufin;
487 gss_buffer_desc bufout;
488 u_int seq, qop_state = 0;
491 bufin.value = (
unsigned char *)&seq;
492 bufin.length =
sizeof(seq);
496 maj_stat = gss_verify_mic(&min_stat, gd->
ctx,
497 &bufin, &bufout, &qop_state);
499 if (maj_stat != GSS_S_COMPLETE
500 || qop_state != gd->
sec.qop) {
501 log_status(
"gss_verify_mic", maj_stat, min_stat);
502 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
518 gss_release_buffer(&min_stat, &gr.
gr_token);
552 log_debug(
"in authgss_destroy_context()");
556 if (gd->
gc.gc_ctx.length != 0) {
562 gss_release_buffer(&min_stat, &gd->
gc.gc_ctx);
564 memset(&gd->
gc.gc_ctx, 0,
sizeof(gd->
gc.gc_ctx));
566 if (gd->
ctx != GSS_C_NO_CONTEXT) {
567 gss_delete_sec_context(&min_stat, &gd->
ctx,
NULL);
568 gd->
ctx = GSS_C_NO_CONTEXT;
594 if (gd->
name != GSS_C_NO_NAME)
595 gss_release_name(&min_stat, &gd->
name);
611 return ((*xdr_func)(xdrs, xdr_ptr));
615 gd->
sec.svc, gd->
gc.gc_seq));
628 return ((*xdr_func)(xdrs, xdr_ptr));
632 gd->
sec.svc, gd->
gc.gc_seq));
static void authgss_destroy_context()
struct gss_union_ctx_id_t * gss_union_ctx_id_t
static struct timeval AUTH_TIMEOUT
ACPI_SIZE strlen(const char *String)
gss_buffer_desc pd_ctx_hndl
bool_t xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
static bool_t authgss_validate()
#define RPCSEC_GSS_VERSION
static bool_t authgss_marshal()
bool_t authgss_service(AUTH *auth, int svc)
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
bool_t xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, u_int seq)
bool_t(* xdrproc_t)(XDR *,...)
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
struct opaque_auth _null_auth
static bool_t authgss_wrap()
void log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
static struct auth_ops authgss_ops
gss_buffer_desc gc_wire_verf
static bool_t authgss_unwrap()
void log_debug(const char *fmt,...)
struct opaque_auth ah_verf
#define AUTH_PRIVATE(auth)
static void authgss_destroy()
struct gss_union_ctx_id_t gss_union_ctx_id_desc
gss_ctx_id_t internal_ctx_id
#define memcpy(s1, s2, n)
AUTH * authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
#define XDR_INLINE(xdrs, len)
bool_t xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
static bool_t authgss_refresh()
AUTH * authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
#define XDR_SETPOS(xdrs, pos)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
struct __auth::auth_ops * ah_ops
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
static void authgss_nextverf()
struct opaque_auth ah_cred
#define mem_free(ptr, bsize)
bool_t xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
#define XDR_DESTROY(xdrs)
bool_t authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
GLuint const GLchar * name