evin/ms-nfs41-client
3
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

first stab at SSPI leaving gss calls in

Browse source
This commit is contained in:
Olga Kornievskaia 2010-11-30 13:02:32 -05:00 committed by unknown
parent 32f9fa9334
commit b9494c3ccc
17 changed files with 1380 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

8
libtirpc/src/auth_none.c
View file

@ -58,9 +58,9 @@ __FBSDID("$FreeBSD: src/lib/libc/rpc/auth_none.c,v 1.12 2002/03/22 23:18:35 obri
* Authenticator operations routines
*/
static bool_t authnone_marshal (AUTH *, XDR *);
static bool_t authnone_marshal (AUTH *, XDR *, u_int *);
static void authnone_verf (AUTH *);
static bool_t authnone_validate (AUTH *, struct opaque_auth *);
static bool_t authnone_validate (AUTH *, struct opaque_auth *, u_int);
static bool_t authnone_refresh (AUTH *, void *);
static void authnone_destroy (AUTH *);
@ -108,7 +108,7 @@ authnone_create()
/*ARGSUSED*/
static bool_t
authnone_marshal(AUTH *client, XDR *xdrs)
authnone_marshal(AUTH *client, XDR *xdrs, u_int *seq)
{
struct authnone_private *ap;
bool_t dummy;
@ -136,7 +136,7 @@ authnone_verf(AUTH *client)
/*ARGSUSED*/
static bool_t
authnone_validate(AUTH *client, struct opaque_auth *opaque)
authnone_validate(AUTH *client, struct opaque_auth *opaque, u_int seq)
{
return (TRUE);

1485
libtirpc/src/auth_sspi.c
View file

File diff suppressed because it is too large Load diff

10
libtirpc/src/auth_unix.c
View file

@ -58,8 +58,8 @@
/* auth_unix.c */
static void authunix_nextverf (AUTH *);
static bool_t authunix_marshal (AUTH *, XDR *);
static bool_t authunix_validate (AUTH *, struct opaque_auth *);
static bool_t authunix_marshal (AUTH *, XDR *, u_int *seq);
static bool_t authunix_validate (AUTH *, struct opaque_auth *, u_int);
static bool_t authunix_refresh (AUTH *, void *);
static void authunix_destroy (AUTH *);
static void marshal_new_auth (AUTH *);
@ -213,9 +213,10 @@ authunix_nextverf(auth)
}
static bool_t
authunix_marshal(auth, xdrs)
authunix_marshal(auth, xdrs, seq)
AUTH *auth;
XDR *xdrs;
u_int *seq;
{
struct audata *au;
@ -227,9 +228,10 @@ authunix_marshal(auth, xdrs)
}
static bool_t
authunix_validate(auth, verf)
authunix_validate(auth, verf, seq)
AUTH *auth;
struct opaque_auth *verf;
u_int seq;
{
struct audata *au;
XDR xdrs;

303
libtirpc/src/authsspi_prot.c Normal file
View file

@ -0,0 +1,303 @@
/* Copyright (c) 2010
* The Regents of the University of Michigan
* All Rights Reserved
*
* Permission is granted to use, copy and redistribute this software
* for noncommercial education and research purposes, so long as no
* fee is charged, and so long as the name of the University of Michigan
* is not used in any advertising or publicity pertaining to the use
* or distribution of this software without specific, written prior
* authorization. Permission to modify or otherwise create derivative
* works of this software is not granted.
*
* This software is provided as is, without representation or warranty
* of any kind either express or implied, including without limitation
* the implied warranties of merchantability, fitness for a particular
* purpose, or noninfringement. The Regents of the University of
* Michigan shall not be liable for any damages, including special,
* indirect, incidental, or consequential damages, with respect to any
* claim arising out of or in connection with the use of the software,
* even if it has been or is hereafter advised of the possibility of
* such damages.
*/
#include <wintirpc.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
//#include <rpc/types.h>
#include <rpc/xdr.h>
#include <rpc/auth.h>
#include <rpc/auth_sspi.h>
#include <rpc/rpc.h>
#include <security.h>
bool_t
xdr_rpc_sspi_cred(XDR *xdrs, struct rpc_sspi_cred *p)
{
bool_t xdr_stat;
xdr_stat = (xdr_u_int(xdrs, &p->gc_v) &&
xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
xdr_u_int(xdrs, &p->gc_seq) &&
xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
xdr_bytes(xdrs, (char **)&p->gc_ctx.value,
(u_int *)&p->gc_ctx.length, MAX_AUTH_BYTES));
log_debug("xdr_rpc_gss_cred: %s %s "
"(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",
(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
(xdr_stat == TRUE) ? "success" : "failure",
p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc,
p->gc_ctx.value, p->gc_ctx.length);
return (xdr_stat);
}
bool_t
xdr_rpc_sspi_init_args(XDR *xdrs, sspi_buffer_desc *p)
{
bool_t xdr_stat;
xdr_stat = xdr_bytes(xdrs, (char **)&p->value,
(u_int *)&p->length, MAX_NETOBJ_SZ);
log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
(xdr_stat == TRUE) ? "success" : "failure",
p->value, p->length);
return (xdr_stat);
}
bool_t
xdr_rpc_sspi_init_res(XDR *xdrs, struct rpc_sspi_init_res *p)
{
bool_t xdr_stat;
xdr_stat = (xdr_bytes(xdrs, (char **)&p->gr_ctx.value,
(u_int *)&p->gr_ctx.length, MAX_NETOBJ_SZ) &&
xdr_u_int(xdrs, &p->gr_major) &&
xdr_u_int(xdrs, &p->gr_minor) &&
xdr_u_int(xdrs, &p->gr_win) &&
xdr_bytes(xdrs, (char **)&p->gr_token.value,
(u_int *)&p->gr_token.length, MAX_NETOBJ_SZ));
log_debug("xdr_rpc_gss_init_res %s %s "
"(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",
(xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
(xdr_stat == TRUE) ? "success" : "failure",
p->gr_ctx.value, p->gr_ctx.length,
p->gr_major, p->gr_minor, p->gr_win,
p->gr_token.value, p->gr_token.length);
return (xdr_stat);
}
bool_t
xdr_rpc_sspi_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
PCtxtHandle ctx, sspi_qop_t qop,
rpc_sspi_svc_t svc, u_int seq)
{
sspi_buffer_desc databuf, wrapbuf;
uint32_t maj_stat;
int start, end, conf_state;
bool_t xdr_stat;
log_debug("in xdr_rpc_sspi_wrap_data()");
/* Skip databody length. */
start = XDR_GETPOS(xdrs);
//XDR_SETPOS(xdrs, start + 4);
/* Marshal rpc_gss_data_t (sequence number + arguments). */
if (!xdr_u_int(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr))
return (FALSE);
end = XDR_GETPOS(xdrs);
/* Set databuf to marshalled rpc_gss_data_t. */
databuf.length = end - start - 4;
//XDR_SETPOS(xdrs, start + 4);
//databuf.value = XDR_INLINE(xdrs, databuf.length);
databuf.value = xdrrec_getoutbase(xdrs) + 1;
xdr_stat = FALSE;
if (svc == RPCSEC_SSPI_SVC_INTEGRITY) {
/* Marshal databody_integ length. */
//XDR_SETPOS(xdrs, start);
if (!xdr_u_int(xdrs, (u_int *)&databuf.length))
return (FALSE);
/* Checksum rpc_gss_data_t. */
#if 0
maj_stat = gss_get_mic(&min_stat, ctx, qop,
&databuf, &wrapbuf);
#else
maj_stat = sspi_get_mic(ctx, 0, seq, &databuf, &wrapbuf);
#endif
if (maj_stat != SEC_E_OK) {
log_debug("xdr_rpc_sspi_wrap_data: sspi_get_mic failed with %x", maj_stat);
return (FALSE);
}
/* Marshal checksum. */
//XDR_SETPOS(xdrs, end);
xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
(u_int *)&wrapbuf.length, MAX_NETOBJ_SZ);
#if 0
gss_release_buffer(&min_stat, &wrapbuf);
#else
sspi_release_buffer(&wrapbuf);
#endif
}
else if (svc == RPCSEC_SSPI_SVC_PRIVACY) {
/* Encrypt rpc_gss_data_t. */
#if 0
maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
&conf_state, &wrapbuf);
#endif
if (maj_stat != SEC_E_OK) {
log_debug("xdr_rpc_sspi_wrap_data: sspi_wrap failed with %x", maj_stat);
return (FALSE);
}
/* Marshal databody_priv. */
XDR_SETPOS(xdrs, start);
xdr_stat = xdr_bytes(xdrs, (char **)&wrapbuf.value,
(u_int *)&wrapbuf.length, MAX_NETOBJ_SZ);
#if 0
gss_release_buffer(&min_stat, &wrapbuf);
#else
sspi_release_buffer(&wrapbuf);
#endif
}
return (xdr_stat);
}
bool_t
xdr_rpc_sspi_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
PCtxtHandle ctx, sspi_qop_t qop,
rpc_sspi_svc_t svc, u_int seq)
{
XDR tmpxdrs;
sspi_buffer_desc databuf, wrapbuf;
uint32_t maj_stat;
u_int seq_num, qop_state;
int conf_state;
bool_t xdr_stat;
log_debug("in xdr_rpc_sspi_unwrap_data()");
if (xdr_func == (xdrproc_t)xdr_void || xdr_ptr == NULL)
return (TRUE);
memset(&databuf, 0, sizeof(databuf));
memset(&wrapbuf, 0, sizeof(wrapbuf));
if (svc == RPCSEC_SSPI_SVC_INTEGRITY) {
/* Decode databody_integ. */
if (!xdr_bytes(xdrs, (char **)&databuf.value, (u_int *)&databuf.length,
MAX_NETOBJ_SZ)) {
log_debug("xdr_rpc_sspi_unwrap_data: xdr decode databody_integ failed");
return (FALSE);
}
/* Decode checksum. */
if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, (u_int *)&wrapbuf.length,
MAX_NETOBJ_SZ)) {
#if 0
gss_release_buffer(&min_stat, &databuf);
#else
sspi_release_buffer(&databuf);
#endif
log_debug("xdr_rpc_sspi_unwrap_data: xdr decode checksum failed");
return (FALSE);
}
/* Verify checksum and QOP. */
#if 0
maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
&wrapbuf, &qop_state);
#else
maj_stat = sspi_verify_mic(ctx, seq, &databuf, &wrapbuf, &qop_state);
#endif
#if 0
gss_release_buffer(&min_stat, &wrapbuf);
#else
sspi_release_buffer(&wrapbuf);
#endif
if (maj_stat != SEC_E_OK || qop_state != qop) {
#if 0
gss_release_buffer(&min_stat, &databuf);
#else
sspi_release_buffer(&databuf);
#endif
log_debug("xdr_rpc_sspi_unwrap_data: sspi_verify_mic "
"failed with %x", maj_stat);
return (FALSE);
}
}
else if (svc == RPCSEC_SSPI_SVC_PRIVACY) {
/* Decode databody_priv. */
if (!xdr_bytes(xdrs, (char **)&wrapbuf.value, (u_int *)&wrapbuf.length,
MAX_NETOBJ_SZ)) {
log_debug("xdr_rpc_sspi_unwrap_data: xdr decode databody_priv failed");
return (FALSE);
}
/* Decrypt databody. */
#if 0
maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
&conf_state, &qop_state);
#endif
#if 0
gss_release_buffer(&min_stat, &wrapbuf);
#else
sspi_release_buffer(&wrapbuf);
#endif
/* Verify encryption and QOP. */
if (maj_stat != SEC_E_OK || qop_state != qop ||
conf_state != TRUE) {
#if 0
gss_release_buffer(&min_stat, &databuf);
#else
sspi_release_buffer(&databuf);
#endif
log_debug("xdr_rpc_sspi_unwrap_data: sspi_unwrap failed with %x", maj_stat);
return (FALSE);
}
}
/* Decode rpc_gss_data_t (sequence number + arguments). */
xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE);
xdr_stat = (xdr_u_int(&tmpxdrs, &seq_num) &&
(*xdr_func)(&tmpxdrs, xdr_ptr));
XDR_DESTROY(&tmpxdrs);
#if 0
gss_release_buffer(&min_stat, &databuf);
#else
sspi_release_buffer(&databuf);
#endif
/* Verify sequence number. */
if (xdr_stat == TRUE && seq_num != seq) {
log_debug("wrong sequence number in databody");
return (FALSE);
}
return (xdr_stat);
}
bool_t
xdr_rpc_sspi_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
PCtxtHandle ctx, sspi_qop_t qop,
rpc_sspi_svc_t svc, u_int seq)
{
switch (xdrs->x_op) {
case XDR_ENCODE:
return (xdr_rpc_sspi_wrap_data(xdrs, xdr_func, xdr_ptr,
ctx, qop, svc, seq));
case XDR_DECODE:
return (xdr_rpc_sspi_unwrap_data(xdrs, xdr_func, xdr_ptr,
ctx, qop, svc, seq));
case XDR_FREE:
return (TRUE);
}
return (FALSE);
}

4
libtirpc/src/clnt_dg.c
View file

@ -395,7 +395,7 @@ call_again:
*(u_int32_t *)(void *)(cu->cu_outbuf) = htonl(xid);
if ((! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
(! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
(! AUTH_MARSHALL(cl->cl_auth, xdrs, NULL)) ||
(! (*xargs)(xdrs, argsp))) {
cu->cu_error.re_status = RPC_CANTENCODEARGS;
goto out;
@ -541,7 +541,7 @@ get_reply:
if (cu->cu_error.re_status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(cl->cl_auth,
&reply_msg.acpted_rply.ar_verf)) {
&reply_msg.acpted_rply.ar_verf, 0)) {
cu->cu_error.re_status = RPC_AUTHERROR;
cu->cu_error.re_why = AUTH_INVALIDRESP;
}

6
libtirpc/src/clnt_raw.c
View file

@ -166,7 +166,7 @@ call_again:
clp->u.mashl_rpcmsg.rm_xid ++ ;
if ((! XDR_PUTBYTES(xdrs, clp->u.mashl_callmsg, clp->mcnt)) ||
(! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
(! AUTH_MARSHALL(h->cl_auth, xdrs)) ||
(! AUTH_MARSHALL(h->cl_auth, xdrs, NULL)) ||
(! (*xargs)(xdrs, argsp))) {
return (RPC_CANTENCODEARGS);
}
@ -207,7 +207,7 @@ call_again:
status = error.re_status;
if (status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf)) {
if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf, 0)) {
status = RPC_AUTHERROR;
}
} /* end successful completion */
@ -217,7 +217,7 @@ call_again:
} /* end of unsuccessful completion */
if (status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf)) {
if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf, 0)) {
status = RPC_AUTHERROR;
}
if (msg.acpted_rply.ar_verf.oa_base != NULL) {

5
libtirpc/src/clnt_vc.c
View file

@ -488,6 +488,7 @@ clnt_vc_call(cl, proc, xdr_args, args_ptr, xdr_results, results_ptr, timeout)
u_int32_t *msg_x_id = &ct->ct_u.ct_mcalli; /* yuk */
bool_t shipnow;
int refreshes = 2;
u_int seq = -1;
#ifndef _WIN32
sigset_t mask, newmask;
#else
@ -520,7 +521,7 @@ call_again:
if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) ||
(! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
(! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
(! AUTH_MARSHALL(cl->cl_auth, xdrs, &seq)) ||
(! (*xdr_args)(xdrs, args_ptr))) {
if (ct->ct_error.re_status == RPC_SUCCESS)
ct->ct_error.re_status = RPC_CANTENCODEARGS;
@ -607,7 +608,7 @@ call_again:
_seterr_reply(&ct->reply_msg, &(ct->ct_error));
if (ct->ct_error.re_status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(cl->cl_auth,
&ct->reply_msg.acpted_rply.ar_verf)) {
&ct->reply_msg.acpted_rply.ar_verf, seq)) {
ct->ct_error.re_status = RPC_AUTHERROR;
ct->ct_error.re_why = AUTH_INVALIDRESP;
} else if (! (*xdr_results)(xdrs, results_ptr)) {

5
libtirpc/src/sources
View file

@ -5,6 +5,8 @@ SOURCES=\
auth_none.c \
auth_time.c \
auth_unix.c \
auth_sspi.c \
authsspi_prot.c \
authunix_prot.c \
bindresvport.c \
clnt_bcast.c \
@ -69,13 +71,12 @@ SOURCES=\
# crypt_client.c \
# des_crypt.c \
# svc_auth_sspi.c \
# auth_sspi.c \
# auth_des.c \
# authdes_prot.c \
# authgss_prot.c \
UMTYPE=console
UNICODE=1
#UNICODE=1
DLLBASE=0x1010000
#USE_NTDLL=1
#USE_MSVCRT=1

26
libtirpc/src/xdr_rec.c
View file

@ -330,10 +330,10 @@ xdrrec_getpos(xdrs)
XDR *xdrs;
{
RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
off_t pos;
off_t pos = 0;
//pos = lseek((int)(u_long)rstrm->tcp_handle, (off_t)0, 1);
pos = _lseek((int)PtrToUlong(rstrm->tcp_handle), (off_t)0, 1);
//pos = _lseek((int)PtrToUlong(rstrm->tcp_handle), (off_t)0, 1);
if (pos != -1)
switch (xdrs->x_op) {
@ -391,6 +391,28 @@ xdrrec_setpos(xdrs, pos)
return (FALSE);
}
int32_t *
xdrrec_getoutbase(xdrs)
XDR *xdrs;
{
RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
int32_t *buf = NULL;
switch (xdrs->x_op) {
case XDR_ENCODE:
buf = rstrm->out_base;
break;
case XDR_DECODE:
break;
case XDR_FREE:
break;
}
return (buf);
}
static int32_t *
xdrrec_inline(xdrs, len)
XDR *xdrs;