def unpack_opaque_auth(self):
data = types.opaque_auth()
data.flavor = self.unpack_auth_flavor()
data.body = self.unpack_opaque()
if len(data.body) > 400:
raise XDRError, 'array length too long for data.body'
return data
def make_call_verf(self, xid, body):
if body.cred.body.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
return rpclib.NULL_CRED
else:
data = self.partially_packed_header(xid, body)
# XXX how handle gssapi.Error?
token = self._get_context(body.cred.body.handle).getMIC(data)
return opaque_auth(RPCSEC_GSS, token)
def make_call_verf(self, xid, body):
if body.cred.body.gss_proc in (RPCSEC_GSS_INIT,
RPCSEC_GSS_CONTINUE_INIT):
return rpclib.NULL_CRED
else:
data = self.partially_packed_header(xid, body)
# XXX how handle gssapi.Error?
token = self._get_context(body.cred.body.handle).getMIC(data)
return opaque_auth(RPCSEC_GSS, token)
def partially_packed_header(self, xid, body):
p = RPCPacker()
p.pack_uint(xid)
p.pack_enum(CALL)
p.pack_uint(body.rpcvers)
p.pack_uint(body.prog)
p.pack_uint(body.vers)
p.pack_uint(body.proc)
cred = opaque_auth(RPCSEC_GSS, self.pack_cred(body.cred.body))
p.pack_opaque_auth(cred)
return p.get_buffer()
def make_cred(self, credinfo):
"""Create credential"""
if credinfo is None:
# Create a default cred
who = self.init_cred()
else:
# XXX Check credinfo.flavor?
who = credinfo.context
out = opaque_auth(AUTH_SYS, who)
out.opaque = False # HACK
return out
def partially_packed_header(self, xid, body):
p = RPCPacker()
p.pack_uint(xid)
p.pack_enum(CALL)
p.pack_uint(body.rpcvers)
p.pack_uint(body.prog)
p.pack_uint(body.vers)
p.pack_uint(body.proc)
cred = opaque_auth(RPCSEC_GSS, self.pack_cred(body.cred.body))
p.pack_opaque_auth(cred)
return p.get_buffer()
def make_cred(self, credinfo):
"""Create credential"""
if credinfo is None:
# Create a default cred
who = self.init_cred()
else:
# XXX Check credinfo.flavor?
who = credinfo.context
out = opaque_auth(AUTH_SYS, who)
out.opaque = False # HACK
return out
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(major))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(major))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_cred(self):
"""Credential sent with each RPC call"""
seq = 0
if self.init == 1: # first call in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
elif self.init > 1: # subsequent calls in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none,
RPCSEC_GSS_CONTINUE_INIT)
else: # data transfer calls
self.lock.acquire()
self.gss_seq_num += 1 # FRED - check for overflow
seq = self.gss_seq_num
self.lock.release()
cred = self._make_cred_gss(self.gss_handle, self.service, seq=seq)
return opaque_auth(RPCSEC_GSS, cred), seq
def make_cred(self):
"""Credential sent with each RPC call"""
seq = 0
if self.init == 1: # first call in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
elif self.init > 1: # subsequent calls in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none,
RPCSEC_GSS_CONTINUE_INIT)
else: # data transfer calls
self.lock.acquire()
self.gss_seq_num += 1 # FRED - check for overflow
seq = self.gss_seq_num
self.lock.release()
cred = self._make_cred_gss(self.gss_handle, self.service, seq=seq)
return opaque_auth(RPCSEC_GSS, cred), seq
def make_reply_verf(self, cred, stat):
log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
cred = cred.body
if stat:
# Return trivial verf on error
# NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
return rpclib.NULL_CRED
elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
# init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = Packer()
p.pack_uint(i)
# XXX BUG - need to set qop
token = self._get_context(cred.handle).getMIC(p.get_buffer())
return opaque_auth(RPCSEC_GSS, token)
def make_reply_verf(self, cred, stat):
log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
cred = cred.body
if stat:
# Return trivial verf on error
# NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
return rpclib.NULL_CRED
elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
# init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = Packer()
p.pack_uint(i)
# XXX BUG - need to set qop
token = self._get_context(cred.handle).getMIC(p.get_buffer())
return opaque_auth(RPCSEC_GSS, token)
def make_cred(self, credinfo):
log_gss.debug("Calling make_cred %r" % credinfo)
# XXX Deal with a default credinfo==None?
if credinfo.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
context = None
seqid = 0 # Should be ignored by server
else:
context = self._get_context(credinfo.context)
seqid = context.get_seqid()
service = credinfo.service
data = gss_type.rpc_gss_cred_vers_1_t(credinfo.gss_proc, seqid,
credinfo.service,
credinfo.context) # str
cred = gss_type.rpc_gss_cred_t(RPCSEC_GSS_VERS_1, data)
out = opaque_auth(RPCSEC_GSS, cred)
out.opaque = False # HACK to tell system we haven't packed cred
out.context = context # This needs to be Context()
out.body.qop = credinfo.qop
log_gss.debug("make_cred = %r" % out)
return out
def make_cred(self, credinfo):
log_gss.debug("Calling make_cred %r" % credinfo)
# XXX Deal with a default credinfo==None?
if credinfo.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
context = None
seqid = 0 # Should be ignored by server
else:
context = self._get_context(credinfo.context)
seqid = context.get_seqid()
service = credinfo.service
data = gss_type.rpc_gss_cred_vers_1_t(credinfo.gss_proc, seqid,
credinfo.service,
credinfo.context) # str
cred = gss_type.rpc_gss_cred_t(RPCSEC_GSS_VERS_1, data)
out = opaque_auth(RPCSEC_GSS, cred)
out.opaque = False # HACK to tell system we haven't packed cred
out.context = context # This needs to be Context()
out.body.qop = credinfo.qop
log_gss.debug("make_cred = %r" % out)
return out
