first stab at integrity and privacy
note: privacy will not work when we have more than 1 outstanding rpcs which generates out of order replies which sspi does not allow when privacy is enabled. adding auth_wrap() and auth_unwrap() to per-message gss token protection required adding these methods to auth_sys and auth_non. linux server doesnt support v2 kerberos tokens that have rotated data. sspi will always produce such tokens for aes. thus thus code was only tested for v1 kerberos tokens (ie des).
This commit is contained in:
Olga Kornievskaia
parent
b6120b41fd
commit
4411d3d807
7 changed files with 149 additions and 28 deletions
|
|
@ -353,6 +353,12 @@ marshal_new_auth(auth)
|
|||
XDR_DESTROY(xdrs);
|
||||
}
|
||||
|
||||
static bool_t
|
||||
authunix_wrap(AUTH *auth, XDR *xdrs, xdrproc_t func, caddr_t args, u_int seq)
|
||||
{
|
||||
return ((*func)(xdrs, args));
|
||||
}
|
||||
|
||||
static struct auth_ops *
|
||||
authunix_ops()
|
||||
{
|
||||
|
|
@ -368,6 +374,8 @@ authunix_ops()
|
|||
ops.ah_validate = authunix_validate;
|
||||
ops.ah_refresh = authunix_refresh;
|
||||
ops.ah_destroy = authunix_destroy;
|
||||
ops.ah_wrap = authunix_wrap;
|
||||
ops.ah_unwrap = authunix_wrap;
|
||||
}
|
||||
mutex_unlock(&ops_lock);
|
||||
return (&ops);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue