diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-11-25 11:33:35 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-11-25 17:03:09 -0500 |
commit | 4c57a429760a3b3aa89938a13708742675f9548b (patch) | |
tree | e6c36be1bba678f05e85cb570e99a81f65c947e1 /src/lib/rpc/svc_auth_gss.c | |
parent | 32a770ac1851339621185cdca187d8c1cc27adaf (diff) | |
download | krb5-4c57a429760a3b3aa89938a13708742675f9548b.tar.gz krb5-4c57a429760a3b3aa89938a13708742675f9548b.tar.xz krb5-4c57a429760a3b3aa89938a13708742675f9548b.zip |
Add new versions of log_badauth gssrpc callbacks
libgssrpc supports two callbacks for gss_accept_sec_context failures
on servers (one for AUTH_GSS and one for AUTH_GSSAPI), which are
IPv4-specific. Provide an alternate version which supplies the
transport handle instead of the address, so that we can get the
address via the file descriptor for TCP connections.
ticket: 7770
Diffstat (limited to 'src/lib/rpc/svc_auth_gss.c')
-rw-r--r-- | src/lib/rpc/svc_auth_gss.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 68498daa83..8da70032a1 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -80,6 +80,8 @@ typedef struct gss_union_ctx_id_t { static auth_gssapi_log_badauth_func log_badauth = NULL; static caddr_t log_badauth_data = NULL; +static auth_gssapi_log_badauth2_func log_badauth2 = NULL; +static caddr_t log_badauth2_data = NULL; static auth_gssapi_log_badverf_func log_badverf = NULL; static caddr_t log_badverf_data = NULL; static auth_gssapi_log_miscerr_func log_miscerr = NULL; @@ -186,6 +188,16 @@ svcauth_gss_release_cred(void) return (TRUE); } +/* Invoke log_badauth callbacks for an authentication failure. */ +static void +badauth(OM_uint32 maj, OM_uint32 minor, SVCXPRT *xprt) +{ + if (log_badauth != NULL) + (*log_badauth)(maj, minor, &xprt->xp_raddr, log_badauth_data); + if (log_badauth2 != NULL) + (*log_badauth2)(maj, minor, xprt, log_badauth2_data); +} + static bool_t svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr) @@ -226,12 +238,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, log_status("accept_sec_context", gr->gr_major, gr->gr_minor); if (gr->gr_major != GSS_S_COMPLETE && gr->gr_major != GSS_S_CONTINUE_NEEDED) { - if (log_badauth != NULL) { - (*log_badauth)(gr->gr_major, - gr->gr_minor, - &rqst->rq_xprt->xp_raddr, - log_badauth_data); - } + badauth(gr->gr_major, gr->gr_minor, rqst->rq_xprt); gd->ctx = GSS_C_NO_CONTEXT; goto errout; } @@ -673,6 +680,14 @@ void svcauth_gss_set_log_badauth_func( log_badauth_data = data; } +void +svcauth_gss_set_log_badauth2_func(auth_gssapi_log_badauth2_func func, + caddr_t data) +{ + log_badauth2 = func; + log_badauth2_data = data; +} + /* * Function: svcauth_gss_set_log_badverf_func * |