static void
svcudp_destroy(register SVCXPRT *xprt)
{
register struct svcudp_data *su = su_data(xprt);
xprt_unregister(xprt);
if (xprt->xp_sock != INVALID_SOCKET)
(void)closesocket(xprt->xp_sock);
xprt->xp_sock = INVALID_SOCKET;
if (xprt->xp_auth != NULL) {
SVCAUTH_DESTROY(xprt->xp_auth);
xprt->xp_auth = NULL;
}
XDR_DESTROY(&(su->su_xdrs));
mem_free(rpc_buffer(xprt), su->su_iosz);
mem_free((caddr_t)su, sizeof(struct svcudp_data));
mem_free((caddr_t)xprt, sizeof(SVCXPRT));
}
enum auth_stat
_svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
{
XDR xdrs;
SVCAUTH *auth;
struct svc_rpc_gss_data *gd;
struct rpc_gss_cred *gc;
struct rpc_gss_init_res gr;
int call_stat, offset;
log_debug("in svcauth_gss()");
/* Initialize reply. */
rqst->rq_xprt->xp_verf = _null_auth;
/* Allocate and set up server auth handle. */
if (rqst->rq_xprt->xp_auth == NULL ||
rqst->rq_xprt->xp_auth == &svc_auth_none) {
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
auth->svc_ah_ops = &svc_auth_gss_ops;
auth->svc_ah_private = (caddr_t) gd;
rqst->rq_xprt->xp_auth = auth;
}
else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
/* Deserialize client credentials. */
if (rqst->rq_cred.oa_length <= 0)
return (AUTH_BADCRED);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
memset(gc, 0, sizeof(*gc));
xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length, XDR_DECODE);
if (!xdr_rpc_gss_cred(&xdrs, gc)) {
XDR_DESTROY(&xdrs);
return (AUTH_BADCRED);
}
XDR_DESTROY(&xdrs);
/* Check version. */
if (gc->gc_v != RPCSEC_GSS_VERSION)
return (AUTH_BADCRED);
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
return (AUTH_BADCRED);
/* Check sequence number. */
if (gd->established) {
if (gc->gc_seq > MAXSEQ)
return (RPCSEC_GSS_CTXPROBLEM);
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
}
else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
return (RPCSEC_GSS_CTXPROBLEM);
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
}
if (gd->established) {
rqst->rq_clntname = (char *)gd->client_name;
rqst->rq_svcname = (char *)gd->ctx;
}
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
if (rqst->rq_proc != NULLPROC)
return (AUTH_FAILED); /* XXX ? */
if (_svcauth_gss_name == NULL) {
if (!svcauth_gss_import_name("nfs"))
return (AUTH_FAILED);
}
if (!svcauth_gss_acquire_cred())
return (AUTH_FAILED);
if (!svcauth_gss_accept_sec_context(rqst, &gr))
return (AUTH_REJECTEDCRED);
if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
return (AUTH_FAILED);
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
if (!call_stat)
return (AUTH_FAILED);
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
break;
case RPCSEC_GSS_DATA:
if (!svcauth_gss_validate(gd, msg))
return (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
return (AUTH_FAILED);
break;
case RPCSEC_GSS_DESTROY:
if (rqst->rq_proc != NULLPROC)
return (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_validate(gd, msg))
return (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
return (AUTH_FAILED);
if (!svcauth_gss_release_cred())
return (AUTH_FAILED);
SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
rqst->rq_xprt->xp_auth = &svc_auth_none;
break;
default:
return (AUTH_REJECTEDCRED);
break;
}
return (AUTH_OK);
}
enum auth_stat
gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
bool_t *no_dispatch)
{
enum auth_stat retstat;
XDR xdrs;
SVCAUTH *auth;
struct svc_rpc_gss_data *gd;
struct rpc_gss_cred *gc;
struct rpc_gss_init_res gr;
int call_stat, offset;
OM_uint32 min_stat;
log_debug("in svcauth_gss()");
/* Initialize reply. */
rqst->rq_xprt->xp_verf = gssrpc__null_auth;
/* Allocate and set up server auth handle. */
if (rqst->rq_xprt->xp_auth == NULL ||
rqst->rq_xprt->xp_auth == &svc_auth_none) {
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
fprintf(stderr, "svcauth_gss: out_of_memory\n");
return (AUTH_FAILED);
}
auth->svc_ah_ops = &svc_auth_gss_ops;
SVCAUTH_PRIVATE(auth) = gd;
rqst->rq_xprt->xp_auth = auth;
}
else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd);
/* Deserialize client credentials. */
if (rqst->rq_cred.oa_length <= 0)
return (AUTH_BADCRED);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
memset(gc, 0, sizeof(*gc));
log_debug("calling xdrmem_create()");
log_debug("oa_base=%p, oa_length=%u", rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length);
xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
rqst->rq_cred.oa_length, XDR_DECODE);
log_debug("xdrmem_create() returned");
if (!xdr_rpc_gss_cred(&xdrs, gc)) {
log_debug("xdr_rpc_gss_cred() failed");
XDR_DESTROY(&xdrs);
return (AUTH_BADCRED);
}
XDR_DESTROY(&xdrs);
retstat = AUTH_FAILED;
#define ret_freegc(code) do { retstat = code; goto freegc; } while (0)
/* Check version. */
if (gc->gc_v != RPCSEC_GSS_VERSION)
ret_freegc (AUTH_BADCRED);
/* Check RPCSEC_GSS service. */
if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
ret_freegc (AUTH_BADCRED);
/* Check sequence number. */
if (gd->established) {
if (gc->gc_seq > MAXSEQ)
ret_freegc (RPCSEC_GSS_CTXPROBLEM);
if ((offset = gd->seqlast - gc->gc_seq) < 0) {
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
} else if ((u_int)offset >= gd->win ||
(gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
ret_freegc (RPCSEC_GSS_CTXPROBLEM);
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
}
if (gd->established) {
rqst->rq_clntname = (char *)gd->client_name;
rqst->rq_svccred = (char *)gd->ctx;
}
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc) {
case RPCSEC_GSS_INIT:
case RPCSEC_GSS_CONTINUE_INIT:
if (rqst->rq_proc != NULLPROC)
ret_freegc (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_acquire_cred())
ret_freegc (AUTH_FAILED);
if (!svcauth_gss_accept_sec_context(rqst, &gr))
ret_freegc (AUTH_REJECTEDCRED);
if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
gss_release_buffer(&min_stat, &gr.gr_token);
ret_freegc (AUTH_FAILED);
}
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
(caddr_t)&gr);
gss_release_buffer(&min_stat, &gr.gr_token);
gss_release_buffer(&min_stat, &gd->checksum);
if (!call_stat)
ret_freegc (AUTH_FAILED);
if (gr.gr_major == GSS_S_COMPLETE)
gd->established = TRUE;
break;
case RPCSEC_GSS_DATA:
if (!svcauth_gss_validate(rqst, gd, msg))
ret_freegc (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
ret_freegc (AUTH_FAILED);
break;
case RPCSEC_GSS_DESTROY:
if (rqst->rq_proc != NULLPROC)
ret_freegc (AUTH_FAILED); /* XXX ? */
if (!svcauth_gss_validate(rqst, gd, msg))
ret_freegc (RPCSEC_GSS_CREDPROBLEM);
if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
ret_freegc (AUTH_FAILED);
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt,
xdr_void, (caddr_t)NULL);
log_debug("sendreply in destroy: %d", call_stat);
if (!svcauth_gss_release_cred())
ret_freegc (AUTH_FAILED);
SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
rqst->rq_xprt->xp_auth = &svc_auth_none;
break;
default:
ret_freegc (AUTH_REJECTEDCRED);
break;
}
retstat = AUTH_OK;
freegc:
xdr_free(xdr_rpc_gss_cred, gc);
log_debug("returning %d from svcauth_gss()", retstat);
return (retstat);
}
enum auth_stat
Gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t * no_dispatch)
{
enum auth_stat retstat;
XDR xdrs;
SVCAUTH *auth;
struct svc_rpc_gss_data *gd;
struct rpc_gss_cred *gc;
struct rpc_gss_init_res gr;
int call_stat, offset;
OM_uint32 min_stat;
gss_union_ctx_id_desc *gss_ctx_data;
char ctx_str[64];
/* Used to update the hashtable entries.
* These should not be used for purposes other than updating
* hashtable entries. */
bool_t *p_established = NULL;
u_int *p_seqlast = NULL;
uint32_t *p_seqmask = NULL;
/* Initialize reply. */
LogFullDebug(COMPONENT_RPCSEC_GSS, "Gssrpc__svcauth_gss called");
/* Allocate and set up server auth handle. */
if(rqst->rq_xprt->xp_auth == NULL || rqst->rq_xprt->xp_auth == &Svc_auth_none)
{
if((auth = (SVCAUTH *)Mem_Calloc(1, sizeof(*auth))) == NULL)
{
LogCrit(COMPONENT_RPCSEC_GSS, "svcauth_gss: out_of_memory");
return (AUTH_FAILED);
}
if((gd = (struct svc_rpc_gss_data *)Mem_Calloc(1, sizeof(*gd))) == NULL)
{
LogCrit(COMPONENT_RPCSEC_GSS, "svcauth_gss: out_of_memory");
Mem_Free(auth);
return (AUTH_FAILED);
}
auth->svc_ah_ops = &Svc_auth_gss_ops;
auth->svc_ah_private = (void *)gd;
rqst->rq_xprt->xp_auth = auth;
}
else
gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
/* Deserialize client credentials. */
if(rqst->rq_cred.oa_length <= 0)
return (AUTH_BADCRED);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
memset(gc, 0, sizeof(*gc));
xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE);
if(!xdr_rpc_gss_cred(&xdrs, gc))
{
XDR_DESTROY(&xdrs);
return (AUTH_BADCRED);
}
XDR_DESTROY(&xdrs);
if(gc->gc_ctx.length != 0)
gss_ctx_data = (gss_union_ctx_id_desc *)(gc->gc_ctx.value);
else
gss_ctx_data = NULL;
if(isFullDebug(COMPONENT_RPCSEC_GSS))
{
sprint_ctx(ctx_str, (char *)gc->gc_ctx.value, gc->gc_ctx.length);
LogFullDebug(COMPONENT_RPCSEC_GSS,
"Gssrpc__svcauth_gss gc_proc (%u) %s context %s",
gc->gc_proc, str_gc_proc(gc->gc_proc), ctx_str);
}
/* If we do not retrieve gss data from the cache, then this important
* variables could not possibly be meaningful. */
gd->seqlast = 0;
gd->seqmask = 0;
gd->established = 0;
/** @todo Think about restoring the correct lines */
//if( gd->established == 0 && gc->gc_proc == RPCSEC_GSS_DATA )
if(gc->gc_proc == RPCSEC_GSS_DATA || gc->gc_proc == RPCSEC_GSS_DESTROY)
{
if(isFullDebug(COMPONENT_RPCSEC_GSS))
{
LogFullDebug(COMPONENT_RPCSEC_GSS,
"Dump context hash table");
Gss_ctx_Hash_Print();
}
LogFullDebug(COMPONENT_RPCSEC_GSS, "Getting gss data struct from hashtable.");
/* Fill in svc_rpc_gss_data from cache */
if(!Gss_ctx_Hash_Get(gss_ctx_data,
gd,
&p_established,
&p_seqlast,
&p_seqmask))
{
LogCrit(COMPONENT_RPCSEC_GSS, "Could not find gss context ");
ret_freegc(AUTH_REJECTEDCRED);
}
else
{
/* If you 'mount -o sec=krb5i' you will have gc->gc_proc > RPCSEC_GSS_SVN_NONE, but the
* negociation will have been made as if option was -o sec=krb5, the value of sec.svc has to be updated
* id the stored gd that we got fromn the hash */
if(gc->gc_svc != gd->sec.svc)
gd->sec.svc = gc->gc_svc;
}
}
if(isFullDebug(COMPONENT_RPCSEC_GSS))
{
char ctx_str_2[64];
sprint_ctx(ctx_str_2, (unsigned char *)gd->ctx, sizeof(gss_ctx_data));
sprint_ctx(ctx_str, (unsigned char *)gc->gc_ctx.value, gc->gc_ctx.length);
LogFullDebug(COMPONENT_RPCSEC_GSS,
"Call to Gssrpc__svcauth_gss ----> Client=%s length=%lu (GD: established=%u ctx=%s) (RQ:sock=%u) (GC: Proc=%u Svc=%u ctx=%s)",
(char *)gd->cname.value,
(long unsigned int)gd->cname.length,
gd->established,
ctx_str_2,
rqst->rq_xprt->XP_SOCK,
gc->gc_proc,
gc->gc_svc,
ctx_str);
}
retstat = AUTH_FAILED;
/* Check version. */
if(gc->gc_v != RPCSEC_GSS_VERSION)
{
LogDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: bad GSS version.");
ret_freegc(AUTH_BADCRED);
}
/* Check RPCSEC_GSS service. */
if(gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
{
LogDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: bad GSS service (krb5, krb5i, krb5p)");
ret_freegc(AUTH_BADCRED);
}
/* Check sequence number. */
if(gd->established)
{
/* Sequence should be less than the max sequence number */
if(gc->gc_seq > MAXSEQ)
{
LogDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: max sequence number exceeded.");
ret_freegc(RPCSEC_GSS_CTXPROBLEM);
}
/* Check the difference between the current sequence number
* and the last sequence number. */
LogFullDebug(COMPONENT_RPCSEC_GSS, "seqlast: %d seqnum: %d offset: %d seqwin: %d seqmask: %x",
gd->seqlast, gc->gc_seq, gd->seqlast - gc->gc_seq, gd->win, gd->seqmask);
if((offset = gd->seqlast - gc->gc_seq) < 0)
{
gd->seqlast = gc->gc_seq;
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
}
else if((unsigned int)offset >= gd->win
|| (gd->seqmask & (1 << (unsigned int)offset)))
{
if ((unsigned int)offset >= gd->win)
LogDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: the current seqnum is lower"
" than seqlast by %d and out of the seq window of size %d.", offset, gd->win);
else
LogDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: the current seqnum has already been used.");
*no_dispatch = TRUE;
ret_freegc(RPCSEC_GSS_CTXPROBLEM);
}
gd->seq = gc->gc_seq;
gd->seqmask |= (1 << offset);
}
if(gd->established)
{
rqst->rq_clntname = (char *)gd->client_name;
#ifndef _USE_TIRPC
rqst->rq_svccred = (char *)gd->ctx;
#else
rqst->rq_svcname = (char *)gd->ctx;
#endif
}
/* Handle RPCSEC_GSS control procedure. */
switch (gc->gc_proc)
{
case RPCSEC_GSS_INIT:
LogFullDebug(COMPONENT_RPCSEC_GSS, "Reached RPCSEC_GSS_INIT:");
case RPCSEC_GSS_CONTINUE_INIT:
LogFullDebug(COMPONENT_RPCSEC_GSS, "Reached RPCSEC_GSS_CONTINUE_INIT:");
if(rqst->rq_proc != NULLPROC)
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: request proc != NULL during INIT request");
ret_freegc(AUTH_FAILED); /* XXX ? */
}
if(!Svcauth_gss_acquire_cred())
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Can't acquire credentials from RPC request.");
ret_freegc(AUTH_FAILED);
}
if(!Svcauth_gss_accept_sec_context(rqst, &gr))
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Can't accept the security context.");
ret_freegc(AUTH_REJECTEDCRED);
}
if(!Svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
{
gss_release_buffer(&min_stat, &gr.gr_token);
Mem_Free(gr.gr_ctx.value);
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Checksum verification failed");
ret_freegc(AUTH_FAILED);
}
*no_dispatch = TRUE;
if(isFullDebug(COMPONENT_RPCSEC_GSS))
{
sprint_ctx(ctx_str, (unsigned char *)gr.gr_ctx.value, gr.gr_ctx.length);
LogFullDebug(COMPONENT_RPCSEC_GSS,
"Call to Gssrpc__svcauth_gss ----> Client=%s length=%lu (GD: established=%u) (RQ:sock=%u) (GR: maj=%u min=%u ctx=%s)",
(char *)gd->cname.value,
(long unsigned int)gd->cname.length,
gd->established,
rqst->rq_xprt->XP_SOCK,
gr.gr_major,
gr.gr_minor,
ctx_str);
}
call_stat = svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t) & gr);
gss_release_buffer(&min_stat, &gr.gr_token);
gss_release_buffer(&min_stat, &gd->checksum);
Mem_Free(gr.gr_ctx.value);
if(!call_stat)
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: svc_sendreply failed.");
ret_freegc(AUTH_FAILED);
}
if(gr.gr_major == GSS_S_COMPLETE)
{
gss_union_ctx_id_desc *gss_ctx_data2 = (gss_union_ctx_id_desc *)gd->ctx;
gd->established = TRUE;
/* Keep the gss context in a hash, gr.gr_ctx.value is used as key */
(void) Gss_ctx_Hash_Set(gss_ctx_data2, gd);
}
break;
case RPCSEC_GSS_DATA:
LogFullDebug(COMPONENT_RPCSEC_GSS, "Reached RPCSEC_GSS_DATA:");
if(!Svcauth_gss_validate(rqst, gd, msg))
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Couldn't validate request.");
ret_freegc(RPCSEC_GSS_CREDPROBLEM);
}
if(!Svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Checksum verification failed.");
ret_freegc(AUTH_FAILED);
}
/* Update a few important values in the hashtable entry */
if ( p_established != NULL)
*p_established = gd->established;
if ( p_seqlast != NULL)
*p_seqlast = gd->seqlast;
if (p_seqmask != NULL)
*p_seqmask = gd->seqmask;
break;
case RPCSEC_GSS_DESTROY:
LogFullDebug(COMPONENT_RPCSEC_GSS, "Reached RPCSEC_GSS_DESTROY:");
if(rqst->rq_proc != NULLPROC)
ret_freegc(AUTH_FAILED); /* XXX ? */
if(!Svcauth_gss_validate(rqst, gd, msg))
ret_freegc(RPCSEC_GSS_CREDPROBLEM);
if(!Svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Checksum verification failed.");
ret_freegc(AUTH_FAILED);
}
*no_dispatch = TRUE;
call_stat = svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_void, (caddr_t) NULL);
if(!Gss_ctx_Hash_Del(gss_ctx_data))
{
LogCrit(COMPONENT_RPCSEC_GSS,
"Could not delete Gss Context from hash");
}
else
LogFullDebug(COMPONENT_RPCSEC_GSS, "Gss_ctx_Hash_Del OK");
if(!Svcauth_gss_release_cred())
{
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Failed to release credentials.");
ret_freegc(AUTH_FAILED);
}
if(rqst->rq_xprt->xp_auth)
SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
rqst->rq_xprt->xp_auth = &Svc_auth_none;
break;
default:
LogFullDebug(COMPONENT_RPCSEC_GSS, "BAD AUTH: Request is not INIT, INIT_CONTINUE, DATA, OR DESTROY.");
ret_freegc(AUTH_REJECTEDCRED);
break;
}
LogFullDebug(COMPONENT_RPCSEC_GSS,
"Call to Gssrpc__svcauth_gss - OK ---> (RQ:sock=%u)",
rqst->rq_xprt->XP_SOCK);
retstat = AUTH_OK;
freegc:
if(retstat != AUTH_OK)
LogCrit(COMPONENT_RPCSEC_GSS,
"Call to Gssrpc__svcauth_gss - FAILED ---> (RQ:sock=%u)",
rqst->rq_xprt->XP_SOCK);
xdr_free((xdrproc_t)xdr_rpc_gss_cred, gc);
return (retstat);
}