diff options
| -rw-r--r-- | src/include/gssrpc/auth_gssapi.h | 13 | ||||
| -rw-r--r-- | src/include/gssrpc/rename.h | 2 | ||||
| -rw-r--r-- | src/lib/rpc/libgssrpc.exports | 2 | ||||
| -rw-r--r-- | src/lib/rpc/svc_auth_gss.c | 27 | ||||
| -rw-r--r-- | src/lib/rpc/svc_auth_gssapi.c | 26 |
5 files changed, 59 insertions, 11 deletions
diff --git a/src/include/gssrpc/auth_gssapi.h b/src/include/gssrpc/auth_gssapi.h index d842930bb0..9d94853228 100644 --- a/src/include/gssrpc/auth_gssapi.h +++ b/src/include/gssrpc/auth_gssapi.h @@ -54,6 +54,14 @@ typedef void (*auth_gssapi_log_badauth_func) struct sockaddr_in *raddr, caddr_t data); +/* auth_gssapi_log_badauth_func is IPv4-specific; this version gives the + * transport handle so the fd can be used to get the address. */ +typedef void (*auth_gssapi_log_badauth2_func) + (OM_uint32 major, + OM_uint32 minor, + SVCXPRT *xprt, + caddr_t data); + typedef void (*auth_gssapi_log_badverf_func) (gss_name_t client, gss_name_t server, @@ -117,6 +125,9 @@ void svcauth_gssapi_unset_names void svcauth_gssapi_set_log_badauth_func (auth_gssapi_log_badauth_func func, caddr_t data); +void svcauth_gssapi_set_log_badauth2_func +(auth_gssapi_log_badauth2_func func, + caddr_t data); void svcauth_gssapi_set_log_badverf_func (auth_gssapi_log_badverf_func func, caddr_t data); @@ -126,6 +137,8 @@ void svcauth_gssapi_set_log_miscerr_func void svcauth_gss_set_log_badauth_func(auth_gssapi_log_badauth_func, caddr_t); +void svcauth_gss_set_log_badauth2_func(auth_gssapi_log_badauth2_func, + caddr_t); void svcauth_gss_set_log_badverf_func(auth_gssapi_log_badverf_func, caddr_t); void svcauth_gss_set_log_miscerr_func(auth_gssapi_log_miscerr_func, diff --git a/src/include/gssrpc/rename.h b/src/include/gssrpc/rename.h index 318be1a52d..ecec66ab10 100644 --- a/src/include/gssrpc/rename.h +++ b/src/include/gssrpc/rename.h @@ -125,10 +125,12 @@ #define svcauth_gssapi_set_names gssrpc_svcauth_gssapi_set_names #define svcauth_gssapi_unset_names gssrpc_svcauth_gssapi_unset_names #define svcauth_gssapi_set_log_badauth_func gssrpc_svcauth_gssapi_set_log_badauth_func +#define svcauth_gssapi_set_log_badauth2_func gssrpc_svcauth_gssapi_set_log_badauth2_func #define svcauth_gssapi_set_log_badverf_func gssrpc_svcauth_gssapi_set_log_badverf_func #define svcauth_gssapi_set_log_miscerr_func gssrpc_svcauth_gssapi_set_log_miscerr_func #define svcauth_gss_set_log_badauth_func gssrpc_svcauth_gss_set_log_badauth_func +#define svcauth_gss_set_log_badauth2_func gssrpc_svcauth_gss_set_log_badauth2_func #define svcauth_gss_set_log_badverf_func gssrpc_svcauth_gss_set_log_badverf_func #define svcauth_gss_set_log_miscerr_func gssrpc_svcauth_gss_set_log_miscerr_func diff --git a/src/lib/rpc/libgssrpc.exports b/src/lib/rpc/libgssrpc.exports index e6509d90c5..79e69612dd 100644 --- a/src/lib/rpc/libgssrpc.exports +++ b/src/lib/rpc/libgssrpc.exports @@ -60,10 +60,12 @@ gssrpc_svc_sendreply gssrpc_svc_unregister gssrpc_svcauth_gss_get_principal gssrpc_svcauth_gss_set_log_badauth_func +gssrpc_svcauth_gss_set_log_badauth2_func gssrpc_svcauth_gss_set_log_badverf_func gssrpc_svcauth_gss_set_log_miscerr_func gssrpc_svcauth_gss_set_svc_name gssrpc_svcauth_gssapi_set_log_badauth_func +gssrpc_svcauth_gssapi_set_log_badauth2_func gssrpc_svcauth_gssapi_set_log_badverf_func gssrpc_svcauth_gssapi_set_log_miscerr_func gssrpc_svcauth_gssapi_set_names diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 68498daa83..8da70032a1 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -80,6 +80,8 @@ typedef struct gss_union_ctx_id_t { static auth_gssapi_log_badauth_func log_badauth = NULL; static caddr_t log_badauth_data = NULL; +static auth_gssapi_log_badauth2_func log_badauth2 = NULL; +static caddr_t log_badauth2_data = NULL; static auth_gssapi_log_badverf_func log_badverf = NULL; static caddr_t log_badverf_data = NULL; static auth_gssapi_log_miscerr_func log_miscerr = NULL; @@ -186,6 +188,16 @@ svcauth_gss_release_cred(void) return (TRUE); } +/* Invoke log_badauth callbacks for an authentication failure. */ +static void +badauth(OM_uint32 maj, OM_uint32 minor, SVCXPRT *xprt) +{ + if (log_badauth != NULL) + (*log_badauth)(maj, minor, &xprt->xp_raddr, log_badauth_data); + if (log_badauth2 != NULL) + (*log_badauth2)(maj, minor, xprt, log_badauth2_data); +} + static bool_t svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr) @@ -226,12 +238,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, log_status("accept_sec_context", gr->gr_major, gr->gr_minor); if (gr->gr_major != GSS_S_COMPLETE && gr->gr_major != GSS_S_CONTINUE_NEEDED) { - if (log_badauth != NULL) { - (*log_badauth)(gr->gr_major, - gr->gr_minor, - &rqst->rq_xprt->xp_raddr, - log_badauth_data); - } + badauth(gr->gr_major, gr->gr_minor, rqst->rq_xprt); gd->ctx = GSS_C_NO_CONTEXT; goto errout; } @@ -673,6 +680,14 @@ void svcauth_gss_set_log_badauth_func( log_badauth_data = data; } +void +svcauth_gss_set_log_badauth2_func(auth_gssapi_log_badauth2_func func, + caddr_t data) +{ + log_badauth2 = func; + log_badauth2_data = data; +} + /* * Function: svcauth_gss_set_log_badverf_func * diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c index 9688b8cd7c..e3af08fb6d 100644 --- a/src/lib/rpc/svc_auth_gssapi.c +++ b/src/lib/rpc/svc_auth_gssapi.c @@ -125,6 +125,8 @@ static int server_creds_count = 0; static auth_gssapi_log_badauth_func log_badauth = NULL; static caddr_t log_badauth_data = NULL; +static auth_gssapi_log_badauth2_func log_badauth2 = NULL; +static caddr_t log_badauth2_data = NULL; static auth_gssapi_log_badverf_func log_badverf = NULL; static caddr_t log_badverf_data = NULL; static auth_gssapi_log_miscerr_func log_miscerr = NULL; @@ -141,6 +143,16 @@ typedef struct _client_list { static client_list *clients = NULL; +/* Invoke log_badauth callbacks for an authentication failure. */ +static void +badauth(OM_uint32 maj, OM_uint32 minor, SVCXPRT *xprt) +{ + if (log_badauth != NULL) + (*log_badauth)(maj, minor, &xprt->xp_raddr, log_badauth_data); + if (log_badauth2 != NULL) + (*log_badauth2)(maj, minor, xprt, log_badauth2_data); +} + enum auth_stat gssrpc__svcauth_gssapi( register struct svc_req *rqst, register struct rpc_msg *msg, @@ -443,11 +455,7 @@ enum auth_stat gssrpc__svcauth_gssapi( call_res.gss_major, call_res.gss_minor)); - if (log_badauth != NULL) - (*log_badauth)(call_res.gss_major, - call_res.gss_minor, - &rqst->rq_xprt->xp_raddr, - log_badauth_data); + badauth(call_res.gss_major, call_res.gss_minor, rqst->rq_xprt); gss_release_buffer(&minor_stat, &output_token); svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res, @@ -1027,6 +1035,14 @@ void svcauth_gssapi_set_log_badauth_func( log_badauth_data = data; } +void +svcauth_gssapi_set_log_badauth2_func(auth_gssapi_log_badauth2_func func, + caddr_t data) +{ + log_badauth2 = func; + log_badauth2_data = data; +} + /* * Function: svcauth_gssapi_set_log_badverf_func * |