def _filter_opaque_auth(self, py_data): # NOTE Can't use this in general, because GSS uses different # encodings depending on circumstance. Instead we call this # from other filter as needed. if getattr(py_data, "opaque", True): return py_data # We don't use "try" block, since any exception is a bug # that should be raised. klass = security.klass(py_data.flavor) return opaque_auth(py_data.flavor, klass.pack_cred(py_data.body))
def _check_auth(self, msg, data): """Returns security module to use if call processing should continue, otherwise returns None. Note that it is possible for security module to hijack call processing. """ # Check that flavor is supported try: sec = self.sec_flavors[msg.cred.flavor] except KeyError: log_t.warn("AUTH_ERROR: Unsupported flavor %i" % msg.cred.flavor) if msg.proc == 0 and msg.cred.flavor == AUTH_NONE: # RFC 1831 section 11.1 says "by convention" should allow this log_t.warn("Allowing NULL proc through anyway") sec = security.klass(AUTH_NONE)() else: raise rpclib.RPCDeniedReply(AUTH_ERROR, AUTH_FAILED) # Call flavor specific authority checks return sec.check_auth(msg, data) # What incoming flavors do I allow? # How does server learn/change these defaults # For AUTH_NONE: # return True - note 11.1 says "by convention" should # allow AUTH_NONE, at least for proc==0 # For AUTH_SYS: # check machinename, mode - again how is accept list set on server? # For GSS: # illegal enum values should return AUTH_BADCRED # this will be noticed by XDR unpack failing, which means # type(cred.body) == str # check gss_version, fail with AUTH_BADCRED # check allows service - again how does server set? # check context handle - what does this mean? # see 5.3.3.3, we maintain list of contexts we are in session # with, if not in list, return CREDPROBLEM # if security credentials expire, return CTXPROBLEM # check header checksum in verf, failure returns CREDPROBLEM # check seq_num in cred, silently drop repeats, # return CTXPROBLEM if exceeds window # check seq_num in data, return GARBAGE_ARGS if mismatches cred # check gss_proc==DATA, else: # if proc==0, handle elsewhere # else return AUTH_BADCRED return True
def _filter_opaque_auth(self, py_data): # NOTE Can't use this in general, because GSS uses different # encodings depending on circumstance. Instead we call this # from other filter as needed. try: klass = security.klass(py_data.flavor) except: # An unsupported security flavor. # This will be dealt with by message handler. return py_data try: body = klass.unpack_cred(py_data.body) out = opaque_auth(py_data.flavor, body) # HACK - lets other code know this has been expanded out.opaque = False return out except: # We had a bad XDR within GSS cred. This shouldn't propagate up # as bad XDR of RPC. Instead, we just leave it as is. return py_data