first stab at integrity and privacy

note: privacy will not work when we have more than 1 outstanding rpcs which generates out of order replies which sspi does not allow when privacy is enabled. adding auth_wrap() and auth_unwrap() to per-message gss token protection required adding these methods to auth_sys and auth_non. linux server doesnt support v2 kerberos tokens that have rotated data. sspi will always produce such tokens for aes. thus thus code was only tested for v1 kerberos tokens (ie des).
2011-01-27 13:52:08 -05:00 · 2011-01-27 13:52:08 -05:00 · 4411d3d807
commit 4411d3d807
parent b6120b41fd
7 changed files with 149 additions and 28 deletions
--- a/libtirpc/tirpc/rpc/auth_sspi.h
+++ b/libtirpc/tirpc/rpc/auth_sspi.h
@ -105,6 +105,11 @@ uint32_t sspi_get_mic(void *ctx, u_int qop, u_int seq,
                      sspi_buffer_desc *bufin, sspi_buffer_desc *bufout);
 uint32_t sspi_verify_mic(void *ctx, u_int seq, sspi_buffer_desc *bufin, 
                         sspi_buffer_desc *bufout, u_int *qop_state);
+uint32_t sspi_wrap(void *ctx, u_int seq, sspi_buffer_desc *bufin, 
+                         sspi_buffer_desc *bufout, u_int *conf_state);
+uint32_t sspi_unwrap(void *ctx, sspi_buffer_desc *bufin, 
+                     sspi_buffer_desc *bufout, u_int *conf_state, 
+                     u_int *qop_state);
 void sspi_release_buffer(sspi_buffer_desc *buf);
 uint32_t sspi_import_name(sspi_buffer_desc *name_in, sspi_name_t *name_out);