enum auth_stat _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) { XDR xdrs; SVCAUTH *auth; struct svc_rpc_gss_data *gd; struct rpc_gss_cred *gc; struct rpc_gss_init_res gr; int call_stat, offset; log_debug("in svcauth_gss()"); /* Initialize reply. */ rqst->rq_xprt->xp_verf = _null_auth; /* Allocate and set up server auth handle. */ if (rqst->rq_xprt->xp_auth == NULL || rqst->rq_xprt->xp_auth == &svc_auth_none) { if ((auth = calloc(sizeof(*auth), 1)) == NULL) { fprintf(stderr, "svcauth_gss: out_of_memory\n"); return (AUTH_FAILED); } if ((gd = calloc(sizeof(*gd), 1)) == NULL) { fprintf(stderr, "svcauth_gss: out_of_memory\n"); return (AUTH_FAILED); } auth->svc_ah_ops = &svc_auth_gss_ops; auth->svc_ah_private = (caddr_t) gd; rqst->rq_xprt->xp_auth = auth; } else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); /* Deserialize client credentials. */ if (rqst->rq_cred.oa_length <= 0) return (AUTH_BADCRED); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gc, 0, sizeof(*gc)); xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE); if (!xdr_rpc_gss_cred(&xdrs, gc)) { XDR_DESTROY(&xdrs); return (AUTH_BADCRED); } XDR_DESTROY(&xdrs); /* Check version. */ if (gc->gc_v != RPCSEC_GSS_VERSION) return (AUTH_BADCRED); /* Check RPCSEC_GSS service. */ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) return (AUTH_BADCRED); /* Check sequence number. */ if (gd->established) { if (gc->gc_seq > MAXSEQ) return (RPCSEC_GSS_CTXPROBLEM); if ((offset = gd->seqlast - gc->gc_seq) < 0) { gd->seqlast = gc->gc_seq; offset = 0 - offset; gd->seqmask <<= offset; offset = 0; } else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = 1; return (RPCSEC_GSS_CTXPROBLEM); } gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); } if (gd->established) { rqst->rq_clntname = (char *)gd->client_name; rqst->rq_svcname = (char *)gd->ctx; } /* Handle RPCSEC_GSS control procedure. */ switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: if (rqst->rq_proc != NULLPROC) return (AUTH_FAILED); /* XXX ? */ if (_svcauth_gss_name == NULL) { if (!svcauth_gss_import_name("nfs")) return (AUTH_FAILED); } if (!svcauth_gss_acquire_cred()) return (AUTH_FAILED); if (!svcauth_gss_accept_sec_context(rqst, &gr)) return (AUTH_REJECTEDCRED); if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) return (AUTH_FAILED); *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); if (!call_stat) return (AUTH_FAILED); if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; break; case RPCSEC_GSS_DATA: if (!svcauth_gss_validate(gd, msg)) return (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) return (AUTH_FAILED); break; case RPCSEC_GSS_DESTROY: if (rqst->rq_proc != NULLPROC) return (AUTH_FAILED); /* XXX ? */ if (!svcauth_gss_validate(gd, msg)) return (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) return (AUTH_FAILED); if (!svcauth_gss_release_cred()) return (AUTH_FAILED); SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); rqst->rq_xprt->xp_auth = &svc_auth_none; break; default: return (AUTH_REJECTEDCRED); break; } return (AUTH_OK); }
enum auth_stat _svcauth_gss(struct svc_req *req, struct rpc_msg *msg, bool *no_dispatch) { XDR xdrs[1]; SVCAUTH *auth; struct svc_rpc_gss_data *gd = NULL; struct rpc_gss_cred *gc = NULL; struct rpc_gss_init_res gr; int call_stat, offset; OM_uint32 min_stat; bool gd_locked = false; bool gd_hashed = false; /* Initialize reply. */ req->rq_verf = _null_auth; /* Unserialize client credentials. */ if (req->rq_cred.oa_length <= 0) svcauth_gss_return(AUTH_BADCRED); gc = (struct rpc_gss_cred *)req->rq_clntcred; memset(gc, 0, sizeof(struct rpc_gss_cred)); xdrmem_create(xdrs, req->rq_cred.oa_base, req->rq_cred.oa_length, XDR_DECODE); if (!xdr_rpc_gss_cred(xdrs, gc)) { XDR_DESTROY(xdrs); svcauth_gss_return(AUTH_BADCRED); } XDR_DESTROY(xdrs); /* Check version. */ if (gc->gc_v != RPCSEC_GSS_VERSION) svcauth_gss_return(AUTH_BADCRED); if (gc->gc_seq > RPCSEC_GSS_MAXSEQ) svcauth_gss_return(RPCSEC_GSS_CTXPROBLEM); if (gc->gc_proc > RPCSEC_GSS_MAXPROC) svcauth_gss_return(AUTH_BADCRED); /* Check RPCSEC_GSS service. */ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) svcauth_gss_return(AUTH_BADCRED); /* Context lookup. */ if ((gc->gc_proc == RPCSEC_GSS_DATA) || (gc->gc_proc == RPCSEC_GSS_DESTROY)) { /* Per RFC 2203 5.3.3.3, if a valid security context * cannot be found to authorize a request, the * implementation returns RPCSEC_GSS_CREDPROBLEM. * N.B., we are explicitly allowed to discard contexts * for any reason (e.g., to save space). */ gd = authgss_ctx_hash_get(gc); if (!gd) svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM); gd_hashed = true; if (gc->gc_svc != gd->sec.svc) gd->sec.svc = gc->gc_svc; } if (!gd) { /* Allocate and set up server auth handle. */ auth = mem_alloc(sizeof(SVCAUTH)); gd = alloc_svc_rpc_gss_data(); auth->svc_ah_ops = &svc_auth_gss_ops; auth->svc_ah_private = (caddr_t) gd; gd->auth = auth; } /* Serialize context. */ mutex_lock(&gd->lock); gd_locked = true; /* thread auth */ req->rq_auth = gd->auth; /* Check sequence number. */ if (gd->established) { if (get_time_fast() >= gd->endtime) { *no_dispatch = true; svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM); } /* XXX implied serialization? or just fudging? advance if * greater? */ offset = gd->seqlast - gc->gc_seq; if (offset < 0) { gd->seqlast = gc->gc_seq; offset = 0 - offset; gd->seqmask <<= offset; offset = 0; } else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = true; svcauth_gss_return(AUTH_OK); } gd->seqmask |= (1 << offset); /* XXX harmless */ req->rq_ap1 = (void *)(uintptr_t) gc->gc_seq; /* GCC casts */ req->rq_clntname = (char *) gd->client_name; req->rq_svcname = (char *) gd->ctx; } /* gd->established */ /* Handle RPCSEC_GSS control procedure. */ switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: if (req->rq_proc != NULLPROC) svcauth_gss_return(AUTH_FAILED); /* XXX ? */ /* XXX why unconditionally acquire creds? */ if (!svcauth_gss_acquire_cred()) svcauth_gss_return(AUTH_FAILED); if (!svcauth_gss_accept_sec_context(req, gd, &gr)) svcauth_gss_return(AUTH_REJECTEDCRED); if (!svcauth_gss_nextverf(req, gd, htonl(gr.gr_win))) { /* XXX check */ gss_release_buffer(&min_stat, &gr.gr_token); mem_free(gr.gr_ctx.value, 0); svcauth_gss_return(AUTH_FAILED); } *no_dispatch = true; call_stat = svc_sendreply(req->rq_xprt, req, (xdrproc_t) xdr_rpc_gss_init_res, (caddr_t) &gr); /* XXX */ gss_release_buffer(&min_stat, &gr.gr_token); gss_release_buffer(&min_stat, &gd->checksum); mem_free(gr.gr_ctx.value, 0); if (!call_stat) svcauth_gss_return(AUTH_FAILED); if (gr.gr_major == GSS_S_COMPLETE) { gd->established = true; if (!gd_hashed) { /* krb5 pac -- try all that apply */ gss_buffer_desc attr, display_buffer; /* completely generic */ int auth = 1, comp = 0, more = -1; memset(&gd->pac.ms_pac, 0, sizeof(gss_buffer_desc)); memset(&display_buffer, 0, sizeof(gss_buffer_desc)); /* MS AD */ attr.value = "urn:mspac:"; attr.length = 10; gr.gr_major = gss_get_name_attribute(&gr.gr_minor, gd->client_name, &attr, &auth, &comp, &gd->pac.ms_pac, &display_buffer, &more); if (gr.gr_major == GSS_S_COMPLETE) { /* dont need it */ gss_release_buffer(&gr.gr_minor, &display_buffer); gd->flags |= SVC_RPC_GSS_FLAG_MSPAC; } (void)authgss_ctx_hash_set(gd); } } break; /* XXX next 2 cases: is it correct to leave gd in cache * after a validate or verf failure ? */ case RPCSEC_GSS_DATA: call_stat = svcauth_gss_validate(req, gd, msg); switch (call_stat) { default: svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM); case 0: break; } if (!svcauth_gss_nextverf(req, gd, htonl(gc->gc_seq))) svcauth_gss_return(AUTH_FAILED); break; case RPCSEC_GSS_DESTROY: if (req->rq_proc != NULLPROC) svcauth_gss_return(AUTH_FAILED); /* XXX ? */ if (svcauth_gss_validate(req, gd, msg)) svcauth_gss_return(RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(req, gd, htonl(gc->gc_seq))) svcauth_gss_return(AUTH_FAILED); *no_dispatch = true; (void)authgss_ctx_hash_del(gd); /* avoid lock order reversal gd->lock, xprt->xp_lock */ mutex_unlock(&gd->lock); gd_locked = false; call_stat = svc_sendreply(req->rq_xprt, req, (xdrproc_t) xdr_void, (caddr_t) NULL); /* We acquired a reference on gd with authgss_ctx_hash_get * call. Time to release the reference as we don't need * gd anymore. */ unref_svc_rpc_gss_data(gd, SVC_RPC_GSS_FLAG_NONE); req->rq_auth = &svc_auth_none; break; default: svcauth_gss_return(AUTH_REJECTEDCRED); break; } svcauth_gss_return(AUTH_OK); }
enum auth_stat gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) { enum auth_stat retstat; XDR xdrs; SVCAUTH *auth; struct svc_rpc_gss_data *gd; struct rpc_gss_cred *gc; struct rpc_gss_init_res gr; int call_stat, offset; OM_uint32 min_stat; log_debug("in svcauth_gss()"); /* Initialize reply. */ rqst->rq_xprt->xp_verf = gssrpc__null_auth; /* Allocate and set up server auth handle. */ if (rqst->rq_xprt->xp_auth == NULL || rqst->rq_xprt->xp_auth == &svc_auth_none) { if ((auth = calloc(sizeof(*auth), 1)) == NULL) { fprintf(stderr, "svcauth_gss: out_of_memory\n"); return (AUTH_FAILED); } if ((gd = calloc(sizeof(*gd), 1)) == NULL) { fprintf(stderr, "svcauth_gss: out_of_memory\n"); return (AUTH_FAILED); } auth->svc_ah_ops = &svc_auth_gss_ops; SVCAUTH_PRIVATE(auth) = gd; rqst->rq_xprt->xp_auth = auth; } else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd); /* Deserialize client credentials. */ if (rqst->rq_cred.oa_length <= 0) return (AUTH_BADCRED); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gc, 0, sizeof(*gc)); log_debug("calling xdrmem_create()"); log_debug("oa_base=%p, oa_length=%u", rqst->rq_cred.oa_base, rqst->rq_cred.oa_length); xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE); log_debug("xdrmem_create() returned"); if (!xdr_rpc_gss_cred(&xdrs, gc)) { log_debug("xdr_rpc_gss_cred() failed"); XDR_DESTROY(&xdrs); return (AUTH_BADCRED); } XDR_DESTROY(&xdrs); retstat = AUTH_FAILED; #define ret_freegc(code) do { retstat = code; goto freegc; } while (0) /* Check version. */ if (gc->gc_v != RPCSEC_GSS_VERSION) ret_freegc (AUTH_BADCRED); /* Check RPCSEC_GSS service. */ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) ret_freegc (AUTH_BADCRED); /* Check sequence number. */ if (gd->established) { if (gc->gc_seq > MAXSEQ) ret_freegc (RPCSEC_GSS_CTXPROBLEM); if ((offset = gd->seqlast - gc->gc_seq) < 0) { gd->seqlast = gc->gc_seq; offset = 0 - offset; gd->seqmask <<= offset; offset = 0; } else if ((u_int)offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = 1; ret_freegc (RPCSEC_GSS_CTXPROBLEM); } gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); } if (gd->established) { rqst->rq_clntname = (char *)gd->client_name; rqst->rq_svccred = (char *)gd->ctx; } /* Handle RPCSEC_GSS control procedure. */ switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); /* XXX ? */ if (!svcauth_gss_acquire_cred()) ret_freegc (AUTH_FAILED); if (!svcauth_gss_accept_sec_context(rqst, &gr)) ret_freegc (AUTH_REJECTEDCRED); if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { gss_release_buffer(&min_stat, &gr.gr_token); ret_freegc (AUTH_FAILED); } *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, (caddr_t)&gr); gss_release_buffer(&min_stat, &gr.gr_token); gss_release_buffer(&min_stat, &gd->checksum); if (!call_stat) ret_freegc (AUTH_FAILED); if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; break; case RPCSEC_GSS_DATA: if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); break; case RPCSEC_GSS_DESTROY: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); /* XXX ? */ if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, xdr_void, (caddr_t)NULL); log_debug("sendreply in destroy: %d", call_stat); if (!svcauth_gss_release_cred()) ret_freegc (AUTH_FAILED); SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); rqst->rq_xprt->xp_auth = &svc_auth_none; break; default: ret_freegc (AUTH_REJECTEDCRED); break; } retstat = AUTH_OK; freegc: xdr_free(xdr_rpc_gss_cred, gc); log_debug("returning %d from svcauth_gss()", retstat); return (retstat); }