bool_t xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, uint32_t seq) { XDR tmpxdrs; gss_buffer_desc databuf, wrapbuf; OM_uint32 maj_stat, min_stat; int conf_state; bool_t xdr_stat; xdralloc_create(&tmpxdrs, XDR_ENCODE); xdr_stat = FALSE; /* Marshal rpc_gss_data_t (sequence number + arguments). */ if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr)) goto errout; /* Set databuf to marshalled rpc_gss_data_t. */ databuf.length = xdr_getpos(&tmpxdrs); databuf.value = xdralloc_getdata(&tmpxdrs); if (svc == RPCSEC_GSS_SVC_INTEGRITY) { if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) goto errout; /* Checksum rpc_gss_data_t. */ maj_stat = gss_get_mic(&min_stat, ctx, qop, &databuf, &wrapbuf); if (maj_stat != GSS_S_COMPLETE) { log_debug("gss_get_mic failed"); goto errout; } /* Marshal checksum. */ xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1); gss_release_buffer(&min_stat, &wrapbuf); } else if (svc == RPCSEC_GSS_SVC_PRIVACY) { /* Encrypt rpc_gss_data_t. */ maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf, &conf_state, &wrapbuf); if (maj_stat != GSS_S_COMPLETE) { log_status("gss_wrap", maj_stat, min_stat); goto errout; } /* Marshal databody_priv. */ xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1); gss_release_buffer(&min_stat, &wrapbuf); } errout: xdr_destroy(&tmpxdrs); return (xdr_stat); }
/* * Function: kdb_put_entry * * Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to * database. * * Arguments: * * handle (r) the server_handle * kdb (r/w) the krb5_db_entry to store * adb (r) the osa_princ_db_ent to store * * Effects: * * The last modifier field of the kdb is set to the caller at now. * adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as * KRB5_TL_KADM_DATA. kdb is then written to the database. */ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, krb5_db_entry *kdb, osa_princ_ent_rec *adb) { krb5_error_code ret; krb5_int32 now; XDR xdrs; krb5_tl_data tl_data; int one; ret = krb5_timeofday(handle->context, &now); if (ret) return(ret); ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, handle->current_caller); if (ret) return(ret); xdralloc_create(&xdrs, XDR_ENCODE); if(! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); return(KADM5_XDR_FAILURE); } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); /* Solaris Kerberos */ tl_data.tl_data_contents = (unsigned char *) xdralloc_getdata(&xdrs); ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data); xdr_destroy(&xdrs); if (ret) return(ret); one = 1; ret = krb5_db_put_principal(handle->context, kdb, &one); if (ret) return(ret); return(0); }
/* * Function: kdb_put_entry * * Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to * database. * * Arguments: * * handle (r) the server_handle * kdb (r/w) the krb5_db_entry to store * adb (r) the osa_princ_db_ent to store * * Effects: * * The last modifier field of the kdb is set to the caller at now. * adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as * KRB5_TL_KADM_DATA. kdb is then written to the database. */ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, krb5_db_entry *kdb, osa_princ_ent_rec *adb) { krb5_error_code ret; krb5_int32 now; XDR xdrs; krb5_tl_data tl_data; ret = krb5_timeofday(handle->context, &now); if (ret) return(ret); ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, handle->current_caller); if (ret) return(ret); xdralloc_create(&xdrs, XDR_ENCODE); if(! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); return(KADM5_XDR_FAILURE); } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs); ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data); xdr_destroy(&xdrs); if (ret) return(ret); /* we are always updating TL data */ kdb->mask |= KADM5_TL_DATA; ret = krb5_db_put_principal(handle->context, kdb); if (ret) return(ret); return(0); }
krb5_error_code krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry, osa_princ_ent_rec *princ_entry) { XDR xdrs; krb5_tl_data tl_data; krb5_error_code retval; xdralloc_create(&xdrs, XDR_ENCODE); if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) { xdr_destroy(&xdrs); return KADM5_XDR_FAILURE; } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs); retval = krb5_dbe_update_tl_data(context, entry, &tl_data); xdr_destroy(&xdrs); return retval; }
bool_t auth_gssapi_wrap_data( OM_uint32 *major, OM_uint32 *minor, gss_ctx_id_t context, uint32_t seq_num, XDR *out_xdrs, bool_t (*xdr_func)(), caddr_t xdr_ptr) { gss_buffer_desc in_buf, out_buf; XDR temp_xdrs; int conf_state; unsigned int length; PRINTF(("gssapi_wrap_data: starting\n")); *major = GSS_S_COMPLETE; *minor = 0; /* assumption */ xdralloc_create(&temp_xdrs, XDR_ENCODE); /* serialize the sequence number into local memory */ PRINTF(("gssapi_wrap_data: encoding seq_num %d\n", seq_num)); if (! xdr_u_int32(&temp_xdrs, &seq_num)) { PRINTF(("gssapi_wrap_data: serializing seq_num failed\n")); XDR_DESTROY(&temp_xdrs); return FALSE; } /* serialize the arguments into local memory */ if (!(*xdr_func)(&temp_xdrs, xdr_ptr)) { PRINTF(("gssapi_wrap_data: serializing arguments failed\n")); XDR_DESTROY(&temp_xdrs); return FALSE; } in_buf.length = xdr_getpos(&temp_xdrs); in_buf.value = xdralloc_getdata(&temp_xdrs); *major = gss_seal(minor, context, 1, GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); if (*major != GSS_S_COMPLETE) { XDR_DESTROY(&temp_xdrs); return FALSE; } PRINTF(("gssapi_wrap_data: %d bytes data, %d bytes sealed\n", (int) in_buf.length, (int) out_buf.length)); /* write the token */ length = out_buf.length; if (! xdr_bytes(out_xdrs, (char **) &out_buf.value, (unsigned int *) &length, out_buf.length)) { PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n")); XDR_DESTROY(&temp_xdrs); return FALSE; } *major = gss_release_buffer(minor, &out_buf); PRINTF(("gssapi_wrap_data: succeeding\n\n")); XDR_DESTROY(&temp_xdrs); return TRUE; }