static void clean_client(void)
{
svc_auth_gssapi_data *client_data;
client_list *c;
PRINTF(("clean_client: starting\n"));
c = clients;
while (c) {
client_data = c->client;
L_PRINTF(2, ("clean_client: client_data = %p\n",
(void *) client_data));
if (client_data->expiration < time(0)) {
PRINTF(("clean_client: client %d expired\n",
client_data->key));
destroy_client(client_data);
c = clients; /* start over, just to be safe */
} else {
c = c->next;
}
}
PRINTF(("clean_client: done\n"));
}
static void dump_db(char *msg)
{
svc_auth_gssapi_data *client_data;
client_list *c;
L_PRINTF(3, ("dump_db: %s:\n", msg));
c = clients;
while (c) {
client_data = c->client;
L_PRINTF(3, ("\tclient_data = %p, exp = %d\n",
(void *) client_data, client_data->expiration));
c = c->next;
}
L_PRINTF(3, ("\n"));
}
/*
* Function: create_client
*
* Purpose: Creates an new client_data structure and stores it in the
* database.
*
* Returns: the new client_data structure, or NULL on failure.
*
* Effects:
*
* A new client_data is created and stored in the hash table and
* b-tree. A new key that is unique in the current database is
* chosen; this key should be used as the client's client_handle.
*/
static svc_auth_gssapi_data *create_client(void)
{
client_list *c;
svc_auth_gssapi_data *client_data;
static int client_key = 1;
PRINTF(("svcauth_gssapi: empty creds, creating\n"));
client_data = (svc_auth_gssapi_data *) malloc(sizeof(*client_data));
if (client_data == NULL)
return NULL;
memset((char *) client_data, 0, sizeof(*client_data));
L_PRINTF(2, ("create_client: new client_data = %p\n",
(void *) client_data));
/* set up client data structure */
client_data->established = 0;
client_data->context = GSS_C_NO_CONTEXT;
client_data->expiration = time(0) + INITIATION_TIMEOUT;
/* set up psycho-recursive SVCAUTH hack */
client_data->svcauth.svc_ah_ops = &svc_auth_gssapi_ops;
client_data->svcauth.svc_ah_private = (caddr_t) client_data;
client_data->key = client_key++;
c = (client_list *) malloc(sizeof(client_list));
if (c == NULL)
return NULL;
c->client = client_data;
c->next = NULL;
if (clients == NULL)
clients = c;
else {
c->next = clients;
clients = c;
}
PRINTF(("svcauth_gssapi: new handle %d\n", client_data->key));
L_PRINTF(2, ("create_client: done\n"));
return client_data;
}
/*
* Function get_client
*
* Purpose: retrieve a client_data structure from the database based
* on its client handle (key)
*
* Arguments:
*
* client_handle (r) the handle (key) to retrieve
*
* Effects:
*
* Searches the list and returns the client_data whose key field
* matches the contents of client_handle, or returns NULL if none was
* found.
*/
static svc_auth_gssapi_data *get_client(gss_buffer_t client_handle)
{
client_list *c;
uint32_t handle;
memcpy(&handle, client_handle->value, 4);
L_PRINTF(2, ("get_client: looking for client %d\n", handle));
c = clients;
while (c) {
if (c->client->key == handle)
return c->client;
c = c->next;
}
L_PRINTF(2, ("get_client: client_handle lookup failed\n"));
return NULL;
}
/*
* Function: destroy_client
*
* Purpose: destroys a client entry and removes it from the database
*
* Arguments:
*
* client_data (r) the client to be destroyed
*
* Effects:
*
* client_data->context is deleted with gss_delete_sec_context.
* client_data's entry in the database is destroyed. client_data is
* freed.
*/
static void destroy_client(svc_auth_gssapi_data *client_data)
{
OM_uint32 gssstat, minor_stat;
gss_buffer_desc out_buf;
client_list *c, *c2;
PRINTF(("destroy_client: destroying client_data\n"));
L_PRINTF(2, ("destroy_client: client_data = %p\n", (void *) client_data));
#ifdef DEBUG_GSSAPI
if (svc_debug_gssapi >= 3)
dump_db("before frees");
#endif
/* destroy client struct even if error occurs */
gssstat = gss_delete_sec_context(&minor_stat, &client_data->context,
&out_buf);
if (gssstat != GSS_S_COMPLETE)
AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat,
minor_stat));
gss_release_buffer(&minor_stat, &out_buf);
gss_release_name(&minor_stat, &client_data->client_name);
if (client_data->prev_verf.length != 0)
gss_release_buffer(&minor_stat, &client_data->prev_verf);
if (clients == NULL) {
PRINTF(("destroy_client: called on empty database\n"));
abort();
} else if (clients->client == client_data) {
c = clients;
clients = clients->next;
free(c);
} else {
c2 = clients;
c = clients->next;
while (c) {
if (c->client == client_data) {
c2->next = c->next;
free(c);
goto done;
} else {
c2 = c;
c = c->next;
}
}
PRINTF(("destroy_client: client_handle delete failed\n"));
abort();
}
done:
L_PRINTF(2, ("destroy_client: client %d destroyed\n", client_data->key));
free(client_data);
#if 0 /*ifdef PURIFY*/
purify_watch_n(client_data, sizeof(*client_data), "rw");
#endif
}
/*
* Function: auth_gssapi_create
*
* Purpose: Create a GSS-API style authenticator, with all the
* options, and return the handle.
*
* Effects: See design document, section XXX.
*/
AUTH *auth_gssapi_create(
CLIENT *clnt,
OM_uint32 *gssstat,
OM_uint32 *minor_stat,
gss_cred_id_t claimant_cred_handle,
gss_name_t target_name,
gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
gss_OID *actual_mech_type,
OM_uint32 *ret_flags,
OM_uint32 *time_rec)
{
AUTH *auth, *save_auth;
struct auth_gssapi_data *pdata;
struct gss_channel_bindings_struct bindings, *bindp;
struct sockaddr_in laddr, raddr;
enum clnt_stat callstat;
struct timeval timeout;
int bindings_failed;
rpcproc_t init_func;
auth_gssapi_init_arg call_arg;
auth_gssapi_init_res call_res;
gss_buffer_desc *input_token, isn_buf;
memset(&rpc_createerr, 0, sizeof(rpc_createerr));
/* this timeout is only used if clnt_control(clnt, CLSET_TIMEOUT) */
/* has not already been called.. therefore, we can just pick */
/* something reasonable-sounding.. */
timeout.tv_sec = 30;
timeout.tv_usec = 0;
auth = NULL;
pdata = NULL;
/* don't assume the caller will want to change clnt->cl_auth */
save_auth = clnt->cl_auth;
auth = (AUTH *) malloc(sizeof(*auth));
pdata = (struct auth_gssapi_data *) malloc(sizeof(*pdata));
if (auth == NULL || pdata == NULL) {
/* They needn't both have failed; clean up. */
free(auth);
free(pdata);
auth = NULL;
pdata = NULL;
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
goto cleanup;
}
memset((char *) auth, 0, sizeof(*auth));
memset((char *) pdata, 0, sizeof(*pdata));
auth->ah_ops = &auth_gssapi_ops;
auth->ah_private = (caddr_t) pdata;
/* initial creds are auth_msg TRUE and no handle */
marshall_new_creds(auth, TRUE, NULL);
/* initial verifier is empty */
auth->ah_verf.oa_flavor = AUTH_GSSAPI;
auth->ah_verf.oa_base = NULL;
auth->ah_verf.oa_length = 0;
AUTH_PRIVATE(auth)->established = FALSE;
AUTH_PRIVATE(auth)->clnt = clnt;
AUTH_PRIVATE(auth)->def_cred = (claimant_cred_handle ==
GSS_C_NO_CREDENTIAL);
clnt->cl_auth = auth;
/* start by trying latest version */
call_arg.version = 4;
bindings_failed = 0;
try_new_version:
/* set state for initial call to init_sec_context */
input_token = GSS_C_NO_BUFFER;
AUTH_PRIVATE(auth)->context = GSS_C_NO_CONTEXT;
init_func = AUTH_GSSAPI_INIT;
#ifdef GSSAPI_KRB5
/*
* OV servers up to version 3 used the old mech id. Beta 7
* servers used version 3 with the new mech id; however, the beta
* 7 gss-api accept_sec_context accepts either mech id. Thus, if
* any server rejects version 4, we fall back to version 3 with
* the old mech id; for the OV server it will be right, and for
* the beta 7 server it will be accepted. Not ideal, but it
* works.
*/
if (call_arg.version < 4 && (mech_type == gss_mech_krb5 ||
mech_type == GSS_C_NULL_OID))
mech_type = (gss_OID) gss_mech_krb5_old;
#endif
if (!bindings_failed && call_arg.version >= 3) {
if (clnt_control(clnt, CLGET_LOCAL_ADDR, &laddr) == FALSE) {
PRINTF(("gssapi_create: CLGET_LOCAL_ADDR failed"));
goto cleanup;
}
if (clnt_control(clnt, CLGET_SERVER_ADDR, &raddr) == FALSE) {
PRINTF(("gssapi_create: CLGET_SERVER_ADDR failed"));
goto cleanup;
}
memset(&bindings, 0, sizeof(bindings));
bindings.application_data.length = 0;
bindings.initiator_addrtype = GSS_C_AF_INET;
bindings.initiator_address.length = 4;
bindings.initiator_address.value = &laddr.sin_addr.s_addr;
bindings.acceptor_addrtype = GSS_C_AF_INET;
bindings.acceptor_address.length = 4;
bindings.acceptor_address.value = &raddr.sin_addr.s_addr;
bindp = &bindings;
} else {
bindp = NULL;
}
memset((char *) &call_res, 0, sizeof(call_res));
next_token:
*gssstat = gss_init_sec_context(minor_stat,
claimant_cred_handle,
&AUTH_PRIVATE(auth)->context,
target_name,
mech_type,
req_flags,
time_req,
bindp,
input_token,
actual_mech_type,
&call_arg.token,
ret_flags,
time_rec);
if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) {
AUTH_GSSAPI_DISPLAY_STATUS(("initializing context", *gssstat,
*minor_stat));
goto cleanup;
}
/* if we got a token, pass it on */
if (call_arg.token.length != 0) {
/*
* sanity check: if we received a signed isn in the last
* response then there *cannot* be another token to send
*/
if (call_res.signed_isn.length != 0) {
PRINTF(("gssapi_create: unexpected token from init_sec\n"));
goto cleanup;
}
PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
memset((char *) &call_res, 0, sizeof(call_res));
callstat = clnt_call(clnt, init_func,
xdr_authgssapi_init_arg, &call_arg,
xdr_authgssapi_init_res, &call_res,
timeout);
gss_release_buffer(minor_stat, &call_arg.token);
if (callstat != RPC_SUCCESS) {
struct rpc_err err;
clnt_geterr(clnt, &err);
if (callstat == RPC_AUTHERROR &&
(err.re_why == AUTH_BADCRED || err.re_why == AUTH_FAILED)
&& call_arg.version >= 1) {
L_PRINTF(1,
("call_arg protocol version %d rejected, trying %d.\n",
call_arg.version, call_arg.version-1));
call_arg.version--;
goto try_new_version;
} else {
PRINTF(("gssapi_create: GSSAPI_INIT (%d) failed, stat %d\n",
init_func, callstat));
}
goto cleanup;
} else if (call_res.version != call_arg.version &&
!(call_arg.version == 2 && call_res.version == 1)) {
/*
* The Secure 1.1 servers always respond with version
* 1. Thus, if we just tried a version >=3, fall all
* the way back to version 1 since that is all they
* understand
*/
if (call_arg.version > 2 && call_res.version == 1) {
L_PRINTF(1,
("Talking to Secure 1.1 server, using version 1.\n"));
call_arg.version = 1;
goto try_new_version;
}
PRINTF(("gssapi_create: invalid call_res vers %d\n",
call_res.version));
goto cleanup;
} else if (call_res.gss_major != GSS_S_COMPLETE) {
AUTH_GSSAPI_DISPLAY_STATUS(("in response from server",
call_res.gss_major,
call_res.gss_minor));
goto cleanup;
}
PRINTF(("gssapi_create: GSSAPI_INIT (%d) succeeded\n", init_func));
init_func = AUTH_GSSAPI_CONTINUE_INIT;
/* check for client_handle */
if (AUTH_PRIVATE(auth)->client_handle.length == 0) {
if (call_res.client_handle.length == 0) {
PRINTF(("gssapi_create: expected client_handle\n"));
goto cleanup;
} else {
PRINTF(("gssapi_create: got client_handle %d\n",
*((uint32_t *)call_res.client_handle.value)));
GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle,
call_res.client_handle);
/* auth_msg is TRUE; there may be more tokens */
marshall_new_creds(auth, TRUE,
&AUTH_PRIVATE(auth)->client_handle);
}
} else if (!GSS_BUFFERS_EQUAL(AUTH_PRIVATE(auth)->client_handle,
call_res.client_handle)) {
PRINTF(("gssapi_create: got different client_handle\n"));
goto cleanup;
}
/* check for token */
if (call_res.token.length==0 && *gssstat==GSS_S_CONTINUE_NEEDED) {
PRINTF(("gssapi_create: expected token\n"));
goto cleanup;
} else if (call_res.token.length != 0) {
if (*gssstat == GSS_S_COMPLETE) {
PRINTF(("gssapi_create: got unexpected token\n"));
goto cleanup;
} else {
/* assumes call_res is safe until init_sec_context */
input_token = &call_res.token;
PRINTF(("gssapi_create: got new token\n"));
}
}
}
/* check for isn */
if (*gssstat == GSS_S_COMPLETE) {
if (call_res.signed_isn.length == 0) {
PRINTF(("gssapi_created: expected signed isn\n"));
goto cleanup;
} else {
PRINTF(("gssapi_create: processing signed isn\n"));
/* don't check conf (integ only) or qop (accpet default) */
*gssstat = gss_unseal(minor_stat,
AUTH_PRIVATE(auth)->context,
&call_res.signed_isn,
&isn_buf, NULL, NULL);
if (*gssstat != GSS_S_COMPLETE) {
AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn",
*gssstat, *minor_stat));
goto cleanup;
} else if (isn_buf.length != sizeof(uint32_t)) {
PRINTF(("gssapi_create: gss_unseal gave %d bytes\n",
(int) isn_buf.length));
goto cleanup;
}
AUTH_PRIVATE(auth)->seq_num = (uint32_t)
ntohl(*((uint32_t*)isn_buf.value));
*gssstat = gss_release_buffer(minor_stat, &isn_buf);
if (*gssstat != GSS_S_COMPLETE) {
AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn",
*gssstat, *minor_stat));
goto cleanup;
}
PRINTF(("gssapi_create: isn is %d\n",
AUTH_PRIVATE(auth)->seq_num));
/* we no longer need these results.. */
xdr_free(xdr_authgssapi_init_res, &call_res);
}
} else if (call_res.signed_isn.length != 0) {
PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
}
/* results were okay.. continue if necessary */
if (*gssstat == GSS_S_CONTINUE_NEEDED) {
PRINTF(("gssapi_create: not done, continuing\n"));
goto next_token;
}
/*
* Done! Context is established, we have client_handle and isn.
*/
AUTH_PRIVATE(auth)->established = TRUE;
marshall_new_creds(auth, FALSE,
&AUTH_PRIVATE(auth)->client_handle);
PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n",
*((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value),
AUTH_PRIVATE(auth)->seq_num));
/* don't assume the caller will want to change clnt->cl_auth */
clnt->cl_auth = save_auth;
return auth;
/******************************************************************/
cleanup:
PRINTF(("gssapi_create: bailing\n\n"));
if (auth) {
if (AUTH_PRIVATE(auth))
auth_gssapi_destroy(auth);
else
free(auth);
auth = NULL;
}
/* don't assume the caller will want to change clnt->cl_auth */
clnt->cl_auth = save_auth;
if (rpc_createerr.cf_stat == 0)
rpc_createerr.cf_stat = RPC_AUTHERROR;
return auth;
}
