bool_t
xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
gss_ctx_id_t ctx, gss_qop_t qop,
rpc_gss_svc_t svc, uint32_t seq)
{
XDR tmpxdrs;
gss_buffer_desc databuf, wrapbuf;
OM_uint32 maj_stat, min_stat;
int conf_state;
bool_t xdr_stat;
xdralloc_create(&tmpxdrs, XDR_ENCODE);
xdr_stat = FALSE;
/* Marshal rpc_gss_data_t (sequence number + arguments). */
if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr))
goto errout;
/* Set databuf to marshalled rpc_gss_data_t. */
databuf.length = xdr_getpos(&tmpxdrs);
databuf.value = xdralloc_getdata(&tmpxdrs);
if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1))
goto errout;
/* Checksum rpc_gss_data_t. */
maj_stat = gss_get_mic(&min_stat, ctx, qop,
&databuf, &wrapbuf);
if (maj_stat != GSS_S_COMPLETE) {
log_debug("gss_get_mic failed");
goto errout;
}
/* Marshal checksum. */
xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1);
gss_release_buffer(&min_stat, &wrapbuf);
}
else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
/* Encrypt rpc_gss_data_t. */
maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
&conf_state, &wrapbuf);
if (maj_stat != GSS_S_COMPLETE) {
log_status("gss_wrap", maj_stat, min_stat);
goto errout;
}
/* Marshal databody_priv. */
xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1);
gss_release_buffer(&min_stat, &wrapbuf);
}
errout:
xdr_destroy(&tmpxdrs);
return (xdr_stat);
}
/*
* Function: kdb_put_entry
*
* Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to
* database.
*
* Arguments:
*
* handle (r) the server_handle
* kdb (r/w) the krb5_db_entry to store
* adb (r) the osa_princ_db_ent to store
*
* Effects:
*
* The last modifier field of the kdb is set to the caller at now.
* adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as
* KRB5_TL_KADM_DATA. kdb is then written to the database.
*/
krb5_error_code
kdb_put_entry(kadm5_server_handle_t handle,
krb5_db_entry *kdb, osa_princ_ent_rec *adb)
{
krb5_error_code ret;
krb5_int32 now;
XDR xdrs;
krb5_tl_data tl_data;
int one;
ret = krb5_timeofday(handle->context, &now);
if (ret)
return(ret);
ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
handle->current_caller);
if (ret)
return(ret);
xdralloc_create(&xdrs, XDR_ENCODE);
if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
xdr_destroy(&xdrs);
return(KADM5_XDR_FAILURE);
}
tl_data.tl_data_type = KRB5_TL_KADM_DATA;
tl_data.tl_data_length = xdr_getpos(&xdrs);
/* Solaris Kerberos */
tl_data.tl_data_contents = (unsigned char *) xdralloc_getdata(&xdrs);
ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
xdr_destroy(&xdrs);
if (ret)
return(ret);
one = 1;
ret = krb5_db_put_principal(handle->context, kdb, &one);
if (ret)
return(ret);
return(0);
}
/*
* Function: kdb_put_entry
*
* Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to
* database.
*
* Arguments:
*
* handle (r) the server_handle
* kdb (r/w) the krb5_db_entry to store
* adb (r) the osa_princ_db_ent to store
*
* Effects:
*
* The last modifier field of the kdb is set to the caller at now.
* adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as
* KRB5_TL_KADM_DATA. kdb is then written to the database.
*/
krb5_error_code
kdb_put_entry(kadm5_server_handle_t handle,
krb5_db_entry *kdb, osa_princ_ent_rec *adb)
{
krb5_error_code ret;
krb5_int32 now;
XDR xdrs;
krb5_tl_data tl_data;
ret = krb5_timeofday(handle->context, &now);
if (ret)
return(ret);
ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
handle->current_caller);
if (ret)
return(ret);
xdralloc_create(&xdrs, XDR_ENCODE);
if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
xdr_destroy(&xdrs);
return(KADM5_XDR_FAILURE);
}
tl_data.tl_data_type = KRB5_TL_KADM_DATA;
tl_data.tl_data_length = xdr_getpos(&xdrs);
tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
xdr_destroy(&xdrs);
if (ret)
return(ret);
/* we are always updating TL data */
kdb->mask |= KADM5_TL_DATA;
ret = krb5_db_put_principal(handle->context, kdb);
if (ret)
return(ret);
return(0);
}
krb5_error_code
krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry,
osa_princ_ent_rec *princ_entry)
{
XDR xdrs;
krb5_tl_data tl_data;
krb5_error_code retval;
xdralloc_create(&xdrs, XDR_ENCODE);
if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
xdr_destroy(&xdrs);
return KADM5_XDR_FAILURE;
}
tl_data.tl_data_type = KRB5_TL_KADM_DATA;
tl_data.tl_data_length = xdr_getpos(&xdrs);
tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
xdr_destroy(&xdrs);
return retval;
}
bool_t auth_gssapi_wrap_data(
OM_uint32 *major,
OM_uint32 *minor,
gss_ctx_id_t context,
uint32_t seq_num,
XDR *out_xdrs,
bool_t (*xdr_func)(),
caddr_t xdr_ptr)
{
gss_buffer_desc in_buf, out_buf;
XDR temp_xdrs;
int conf_state;
unsigned int length;
PRINTF(("gssapi_wrap_data: starting\n"));
*major = GSS_S_COMPLETE;
*minor = 0; /* assumption */
xdralloc_create(&temp_xdrs, XDR_ENCODE);
/* serialize the sequence number into local memory */
PRINTF(("gssapi_wrap_data: encoding seq_num %d\n", seq_num));
if (! xdr_u_int32(&temp_xdrs, &seq_num)) {
PRINTF(("gssapi_wrap_data: serializing seq_num failed\n"));
XDR_DESTROY(&temp_xdrs);
return FALSE;
}
/* serialize the arguments into local memory */
if (!(*xdr_func)(&temp_xdrs, xdr_ptr)) {
PRINTF(("gssapi_wrap_data: serializing arguments failed\n"));
XDR_DESTROY(&temp_xdrs);
return FALSE;
}
in_buf.length = xdr_getpos(&temp_xdrs);
in_buf.value = xdralloc_getdata(&temp_xdrs);
*major = gss_seal(minor, context, 1,
GSS_C_QOP_DEFAULT, &in_buf, &conf_state,
&out_buf);
if (*major != GSS_S_COMPLETE) {
XDR_DESTROY(&temp_xdrs);
return FALSE;
}
PRINTF(("gssapi_wrap_data: %d bytes data, %d bytes sealed\n",
(int) in_buf.length, (int) out_buf.length));
/* write the token */
length = out_buf.length;
if (! xdr_bytes(out_xdrs, (char **) &out_buf.value,
(unsigned int *) &length,
out_buf.length)) {
PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n"));
XDR_DESTROY(&temp_xdrs);
return FALSE;
}
*major = gss_release_buffer(minor, &out_buf);
PRINTF(("gssapi_wrap_data: succeeding\n\n"));
XDR_DESTROY(&temp_xdrs);
return TRUE;
}
