enum auth_stat
_svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
{
XDR xdrs;
SVCAUTH *auth;
struct svc_rpc_gss_data *gd;
struct rpc_gss_cred *gc;
struct rpc_gss_init_res gr;
int call_stat, offset;
log_debug("in svcauth_gss()");
/* Initialize reply. */
rqst->rq_xprt->xp_verf = _null_auth;
/* Allocate and set up server auth handle. */
if (rqst->rq_xprt->xp_auth == NULL ||
rqst->rq_xprt->xp_auth == &svc_auth_none) {
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
auth->svc_ah_ops = &svc_auth_gss_ops;
auth->svc_ah_private = (caddr_t) gd;
rqst->rq_xprt->xp_auth = auth;
}
else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
/* Deserialize client credentials. */
if (rqst->rq_cred.oa_length <= 0)
return (AUTH_BADCRED);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
memset(gc, 0, sizeof(*gc));
xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length, XDR_DECODE);
if (!xdr_rpc_gss_cred(&xdrs, gc)) {
XDR_DESTROY(&xdrs);
return (AUTH_BADCRED);
}
XDR_DESTROY(&xdrs);
/* Check version. */
if (gc->gc_v != RPCSEC_GSS_VERSION)
return (AUTH_BADCRED);
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
return (AUTH_BADCRED);
/* Check sequence number. */
if (gd->established) {
if (gc->gc_seq > MAXSEQ)
return (RPCSEC_GSS_CTXPROBLEM);
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
}
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
return (RPCSEC_GSS_CTXPROBLEM);
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
}
if (gd->established) {
rqst->rq_clntname = (char *)gd->client_name;
rqst->rq_svcname = (char *)gd->ctx;
}
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
if (rqst->rq_proc != NULLPROC)
return (AUTH_FAILED); /* XXX ? */
if (_svcauth_gss_name == NULL) {
if (!svcauth_gss_import_name("nfs"))
return (AUTH_FAILED);
}
if (!svcauth_gss_acquire_cred())
return (AUTH_FAILED);
if (!svcauth_gss_accept_sec_context(rqst, &gr))
return (AUTH_REJECTEDCRED);
if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
return (AUTH_FAILED);
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
if (!call_stat)
return (AUTH_FAILED);
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
break;
case RPCSEC_GSS_DATA:
if (!svcauth_gss_validate(gd, msg))
return (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
return (AUTH_FAILED);
break;
case RPCSEC_GSS_DESTROY:
if (rqst->rq_proc != NULLPROC)
return (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_validate(gd, msg))
return (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
return (AUTH_FAILED);
if (!svcauth_gss_release_cred())
return (AUTH_FAILED);
SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
rqst->rq_xprt->xp_auth = &svc_auth_none;
break;
default:
return (AUTH_REJECTEDCRED);
break;
}
return (AUTH_OK);
}
enum auth_stat
_svcauth_gss(struct svc_req *req, struct rpc_msg *msg,
bool *no_dispatch)
{
XDR xdrs[1];
SVCAUTH *auth;
struct svc_rpc_gss_data *gd = NULL;
struct rpc_gss_cred *gc = NULL;
struct rpc_gss_init_res gr;
int call_stat, offset;
OM_uint32 min_stat;
bool gd_locked = false;
bool gd_hashed = false;
/* Initialize reply. */
req->rq_verf = _null_auth;
/* Unserialize client credentials. */
if (req->rq_cred.oa_length <= 0)
svcauth_gss_return(AUTH_BADCRED);
gc = (struct rpc_gss_cred *)req->rq_clntcred;
memset(gc, 0, sizeof(struct rpc_gss_cred));
xdrmem_create(xdrs, req->rq_cred.oa_base, req->rq_cred.oa_length,
XDR_DECODE);
if (!xdr_rpc_gss_cred(xdrs, gc)) {
XDR_DESTROY(xdrs);
svcauth_gss_return(AUTH_BADCRED);
}
XDR_DESTROY(xdrs);
/* Check version. */
if (gc->gc_v != RPCSEC_GSS_VERSION)
svcauth_gss_return(AUTH_BADCRED);
if (gc->gc_seq > RPCSEC_GSS_MAXSEQ)
svcauth_gss_return(RPCSEC_GSS_CTXPROBLEM);
if (gc->gc_proc > RPCSEC_GSS_MAXPROC)
svcauth_gss_return(AUTH_BADCRED);
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE
&& gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY
&& gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
svcauth_gss_return(AUTH_BADCRED);
/* Context lookup. */
if ((gc->gc_proc == RPCSEC_GSS_DATA)
|| (gc->gc_proc == RPCSEC_GSS_DESTROY)) {
/* Per RFC 2203 5.3.3.3, if a valid security context
* cannot be found to authorize a request, the
* implementation returns RPCSEC_GSS_CREDPROBLEM.
* N.B., we are explicitly allowed to discard contexts
* for any reason (e.g., to save space). */
gd = authgss_ctx_hash_get(gc);
if (!gd)
svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM);
gd_hashed = true;
if (gc->gc_svc != gd->sec.svc)
gd->sec.svc = gc->gc_svc;
}
if (!gd) {
/* Allocate and set up server auth handle. */
auth = mem_alloc(sizeof(SVCAUTH));
gd = alloc_svc_rpc_gss_data();
auth->svc_ah_ops = &svc_auth_gss_ops;
auth->svc_ah_private = (caddr_t) gd;
gd->auth = auth;
}
/* Serialize context. */
mutex_lock(&gd->lock);
gd_locked = true;
/* thread auth */
req->rq_auth = gd->auth;
/* Check sequence number. */
if (gd->established) {
if (get_time_fast() >= gd->endtime) {
*no_dispatch = true;
svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM);
}
/* XXX implied serialization? or just fudging? advance if
* greater? */
offset = gd->seqlast - gc->gc_seq;
if (offset < 0) {
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
} else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = true;
svcauth_gss_return(AUTH_OK);
}
gd->seqmask |= (1 << offset); /* XXX harmless */
req->rq_ap1 = (void *)(uintptr_t) gc->gc_seq; /* GCC casts */
req->rq_clntname = (char *) gd->client_name;
req->rq_svcname = (char *) gd->ctx;
}
/* gd->established */
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
if (req->rq_proc != NULLPROC)
svcauth_gss_return(AUTH_FAILED); /* XXX ? */
/* XXX why unconditionally acquire creds? */
if (!svcauth_gss_acquire_cred())
svcauth_gss_return(AUTH_FAILED);
if (!svcauth_gss_accept_sec_context(req, gd, &gr))
svcauth_gss_return(AUTH_REJECTEDCRED);
if (!svcauth_gss_nextverf(req, gd, htonl(gr.gr_win))) {
/* XXX check */
gss_release_buffer(&min_stat, &gr.gr_token);
mem_free(gr.gr_ctx.value, 0);
svcauth_gss_return(AUTH_FAILED);
}
*no_dispatch = true;
call_stat =
svc_sendreply(req->rq_xprt, req,
(xdrproc_t) xdr_rpc_gss_init_res,
(caddr_t) &gr);
/* XXX */
gss_release_buffer(&min_stat, &gr.gr_token);
gss_release_buffer(&min_stat, &gd->checksum);
mem_free(gr.gr_ctx.value, 0);
if (!call_stat)
svcauth_gss_return(AUTH_FAILED);
if (gr.gr_major == GSS_S_COMPLETE) {
gd->established = true;
if (!gd_hashed) {
/* krb5 pac -- try all that apply */
gss_buffer_desc attr, display_buffer;
/* completely generic */
int auth = 1, comp = 0, more = -1;
memset(&gd->pac.ms_pac, 0,
sizeof(gss_buffer_desc));
memset(&display_buffer, 0,
sizeof(gss_buffer_desc));
/* MS AD */
attr.value = "urn:mspac:";
attr.length = 10;
gr.gr_major =
gss_get_name_attribute(&gr.gr_minor,
gd->client_name,
&attr, &auth, &comp,
&gd->pac.ms_pac,
&display_buffer,
&more);
if (gr.gr_major == GSS_S_COMPLETE) {
/* dont need it */
gss_release_buffer(&gr.gr_minor,
&display_buffer);
gd->flags |= SVC_RPC_GSS_FLAG_MSPAC;
}
(void)authgss_ctx_hash_set(gd);
}
}
break;
/* XXX next 2 cases: is it correct to leave gd in cache
* after a validate or verf failure ? */
case RPCSEC_GSS_DATA:
call_stat = svcauth_gss_validate(req, gd, msg);
switch (call_stat) {
default:
svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM);
case 0:
break;
}
if (!svcauth_gss_nextverf(req, gd, htonl(gc->gc_seq)))
svcauth_gss_return(AUTH_FAILED);
break;
case RPCSEC_GSS_DESTROY:
if (req->rq_proc != NULLPROC)
svcauth_gss_return(AUTH_FAILED); /* XXX ? */
if (svcauth_gss_validate(req, gd, msg))
svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(req, gd, htonl(gc->gc_seq)))
svcauth_gss_return(AUTH_FAILED);
*no_dispatch = true;
(void)authgss_ctx_hash_del(gd);
/* avoid lock order reversal gd->lock, xprt->xp_lock */
mutex_unlock(&gd->lock);
gd_locked = false;
call_stat =
svc_sendreply(req->rq_xprt, req, (xdrproc_t) xdr_void,
(caddr_t) NULL);
/* We acquired a reference on gd with authgss_ctx_hash_get
* call. Time to release the reference as we don't need
* gd anymore.
*/
unref_svc_rpc_gss_data(gd, SVC_RPC_GSS_FLAG_NONE);
req->rq_auth = &svc_auth_none;
break;
default:
svcauth_gss_return(AUTH_REJECTEDCRED);
break;
}
svcauth_gss_return(AUTH_OK);
}
enum auth_stat
gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
bool_t *no_dispatch)
{
enum auth_stat retstat;
XDR xdrs;
SVCAUTH *auth;
struct svc_rpc_gss_data *gd;
struct rpc_gss_cred *gc;
struct rpc_gss_init_res gr;
int call_stat, offset;
OM_uint32 min_stat;
log_debug("in svcauth_gss()");
/* Initialize reply. */
rqst->rq_xprt->xp_verf = gssrpc__null_auth;
/* Allocate and set up server auth handle. */
if (rqst->rq_xprt->xp_auth == NULL ||
rqst->rq_xprt->xp_auth == &svc_auth_none) {
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
auth->svc_ah_ops = &svc_auth_gss_ops;
SVCAUTH_PRIVATE(auth) = gd;
rqst->rq_xprt->xp_auth = auth;
}
else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd);
/* Deserialize client credentials. */
if (rqst->rq_cred.oa_length <= 0)
return (AUTH_BADCRED);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
memset(gc, 0, sizeof(*gc));
log_debug("calling xdrmem_create()");
log_debug("oa_base=%p, oa_length=%u", rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length);
xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length, XDR_DECODE);
log_debug("xdrmem_create() returned");
if (!xdr_rpc_gss_cred(&xdrs, gc)) {
log_debug("xdr_rpc_gss_cred() failed");
XDR_DESTROY(&xdrs);
return (AUTH_BADCRED);
}
XDR_DESTROY(&xdrs);
retstat = AUTH_FAILED;
#define ret_freegc(code) do { retstat = code; goto freegc; } while (0)
/* Check version. */
if (gc->gc_v != RPCSEC_GSS_VERSION)
ret_freegc (AUTH_BADCRED);
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
ret_freegc (AUTH_BADCRED);
/* Check sequence number. */
if (gd->established) {
if (gc->gc_seq > MAXSEQ)
ret_freegc (RPCSEC_GSS_CTXPROBLEM);
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
} else if ((u_int)offset >= gd->win ||
(gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
ret_freegc (RPCSEC_GSS_CTXPROBLEM);
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
}
if (gd->established) {
rqst->rq_clntname = (char *)gd->client_name;
rqst->rq_svccred = (char *)gd->ctx;
}
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
if (rqst->rq_proc != NULLPROC)
ret_freegc (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_acquire_cred())
ret_freegc (AUTH_FAILED);
if (!svcauth_gss_accept_sec_context(rqst, &gr))
ret_freegc (AUTH_REJECTEDCRED);
if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
gss_release_buffer(&min_stat, &gr.gr_token);
ret_freegc (AUTH_FAILED);
}
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
(caddr_t)&gr);
gss_release_buffer(&min_stat, &gr.gr_token);
gss_release_buffer(&min_stat, &gd->checksum);
if (!call_stat)
ret_freegc (AUTH_FAILED);
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
break;
case RPCSEC_GSS_DATA:
if (!svcauth_gss_validate(rqst, gd, msg))
ret_freegc (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
ret_freegc (AUTH_FAILED);
break;
case RPCSEC_GSS_DESTROY:
if (rqst->rq_proc != NULLPROC)
ret_freegc (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_validate(rqst, gd, msg))
ret_freegc (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
ret_freegc (AUTH_FAILED);
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
xdr_void, (caddr_t)NULL);
log_debug("sendreply in destroy: %d", call_stat);
if (!svcauth_gss_release_cred())
ret_freegc (AUTH_FAILED);
SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
rqst->rq_xprt->xp_auth = &svc_auth_none;
break;
default:
ret_freegc (AUTH_REJECTEDCRED);
break;
}
retstat = AUTH_OK;
freegc:
xdr_free(xdr_rpc_gss_cred, gc);
log_debug("returning %d from svcauth_gss()", retstat);
return (retstat);
}
