diff options
Diffstat (limited to 'src/lib/rpc/svc_auth_gss.c')
| -rw-r--r-- | src/lib/rpc/svc_auth_gss.c | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 990e7fa85c..cac57027bc 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -1,6 +1,6 @@ /* svc_auth_gss.c - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. @@ -160,7 +160,7 @@ svcauth_gss_acquire_cred(void) maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0, GSS_C_NULL_OID_SET, GSS_C_ACCEPT, &svcauth_gss_creds, NULL, NULL); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_acquire_cred", maj_stat, min_stat); return (FALSE); @@ -172,18 +172,18 @@ static bool_t svcauth_gss_release_cred(void) { OM_uint32 maj_stat, min_stat; - + log_debug("in svcauth_gss_release_cred()"); - + maj_stat = gss_release_cred(&min_stat, &svcauth_gss_creds); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_release_cred", maj_stat, min_stat); return (FALSE); } - + svcauth_gss_creds = NULL; - + return (TRUE); } @@ -198,14 +198,14 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq; log_debug("in svcauth_gss_accept_context()"); - + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gr, 0, sizeof(*gr)); /* Deserialize arguments. */ memset(&recv_tok, 0, sizeof(recv_tok)); - + if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok)) return (FALSE); @@ -237,7 +237,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, goto errout; } /* - * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, + * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, * one to the mechanism oid, one to the internal_ctx_id */ if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { @@ -249,7 +249,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, /* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version... */ gr->gr_win = sizeof(gd->seqmask) * 8; - + /* Save client info. */ gd->sec.mech = mech; gd->sec.qop = GSS_C_QOP_DEFAULT; @@ -265,7 +265,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, maj_stat = gss_display_name(&min_stat, gd->client_name, &gd->cname, &gd->sec.mech); #ifdef SPKM - } + } #endif if (maj_stat != GSS_S_COMPLETE) { log_status("display_name", maj_stat, min_stat); @@ -282,7 +282,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, gss_buffer_desc mechname; gss_oid_to_str(&min_stat, mech, &mechname); - + log_debug("accepted context for %.*s with " "<mech %.*s, qop %d, svc %d>", gd->cname.length, (char *)gd->cname.value, @@ -304,8 +304,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, if (maj_stat != GSS_S_COMPLETE) { goto errout; } - - + + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value; rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length; @@ -326,7 +326,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r int32_t *buf; log_debug("in svcauth_gss_validate()"); - + memset(rpchdr, 0, sizeof(rpchdr)); /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ @@ -357,10 +357,10 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r checksum.value = msg->rm_call.cb_verf.oa_base; checksum.length = msg->rm_call.cb_verf.oa_length; - + maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum, &qop_state); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_verify_mic", maj_stat, min_stat); if (log_badverf != NULL) @@ -383,7 +383,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) if (rqst->rq_xprt->xp_auth == NULL) return (FALSE); - + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); gss_release_buffer(&min_stat, &gd->checksum); @@ -401,7 +401,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value; rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length; - + return (TRUE); } @@ -419,7 +419,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, OM_uint32 min_stat; log_debug("in svcauth_gss()"); - + /* Initialize reply. */ rqst->rq_xprt->xp_verf = gssrpc__null_auth; @@ -445,7 +445,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, /* Deserialize client credentials. */ if (rqst->rq_cred.oa_length <= 0) return (AUTH_BADCRED); - + gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gc, 0, sizeof(*gc)); @@ -455,7 +455,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE); log_debug("xdrmem_create() returned"); - + if (!xdr_rpc_gss_cred(&xdrs, gc)) { log_debug("xdr_rpc_gss_cred() failed"); XDR_DESTROY(&xdrs); @@ -495,7 +495,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); } - + if (gd->established) { rqst->rq_clntname = (char *)gd->client_name; rqst->rq_svccred = (char *)gd->ctx; @@ -511,7 +511,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (!svcauth_gss_acquire_cred()) ret_freegc (AUTH_FAILED); - + if (!svcauth_gss_accept_sec_context(rqst, &gr)) ret_freegc (AUTH_REJECTEDCRED); @@ -522,7 +522,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, ret_freegc (AUTH_FAILED); } *no_dispatch = TRUE; - + call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, (caddr_t)&gr); @@ -534,24 +534,24 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; - + break; - + case RPCSEC_GSS_DATA: if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); - + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); break; - + case RPCSEC_GSS_DESTROY: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); /* XXX ? */ if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); - + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); @@ -564,7 +564,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (!svcauth_gss_release_cred()) ret_freegc (AUTH_FAILED); - + SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); rqst->rq_xprt->xp_auth = &svc_auth_none; @@ -588,9 +588,9 @@ svcauth_gss_destroy(SVCAUTH *auth) OM_uint32 min_stat; log_debug("in svcauth_gss_destroy()"); - + gd = SVCAUTH_PRIVATE(auth); - + gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER); gss_release_buffer(&min_stat, &gd->cname); gss_release_buffer(&min_stat, &gd->checksum); @@ -600,7 +600,7 @@ svcauth_gss_destroy(SVCAUTH *auth) mem_free(gd, sizeof(*gd)); mem_free(auth, sizeof(*auth)); - + return (TRUE); } @@ -608,11 +608,11 @@ static bool_t svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) { struct svc_rpc_gss_data *gd; - + log_debug("in svcauth_gss_wrap()"); gd = SVCAUTH_PRIVATE(auth); - + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { return ((*xdr_func)(xdrs, xdr_ptr)); } @@ -627,7 +627,7 @@ svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr struct svc_rpc_gss_data *gd; log_debug("in svcauth_gss_unwrap()"); - + gd = SVCAUTH_PRIVATE(auth); if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { |