def secure_data(self, data, seqnum):
"""Filter procedure arguments before sending to server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.getMIC returned: %s" % \
show_major(d['major'])
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.wrap returned: %s" % \
show_major(d['major'])
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
return data
def secure_data(self, data, seqnum):
"""Filter procedure arguments before sending to server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
raise SecError("Unknown service %i for RPCSEC_GSS" % self.service)
return data
def secure_data(self, data, cred):
"""Add security info/encryption to procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" %
gss_cred.service)
return data
def secure_data(self, data, cred):
"""Add security info/encryption to procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" % gss_cred.service)
return data
