Example #1
0
 def unsecure_data(self, data, cred):
     """Remove gss cruft from procedure arg/res"""
     gss_cred = self._gss_cred_from_opaque_auth(cred)
     if gss_cred.service == rpc_gss_svc_none or \
            gss_cred.gss_proc != RPCSEC_GSS_DATA:
         pass
     elif gss_cred.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         checksum = p.unpack_opaque()
         p.done()
         d = gssapi.verifyMIC(self.gss_context, data, checksum)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.verifyMIC returned: %s" % \
                   show_major(d['major']))
         p.reset(data)
         seqnum = p.unpack_uint()
         if seqnum != gss_cred.seq_num:
             raise SecError(\
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, gss_cred.seq_num))
         data = p.get_buffer()[p.get_position():]
     elif gss_cred.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         p.done()
         d = gssapi.unwrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.unwrap returned %s" % \
                   show_major(d['major']))
         p.reset(d['msg'])
         seqnum = p.unpack_uint()
         if seqnum != gss_cred.seq_num:
             raise SecError(\
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, self.gss_cred.seq_num))
         data = p.get_buffer()[p.get_position():]
     else:
         # Not really necessary, should have already raised XDRError
         raise SecError("Unknown service %i for RPCSEC_GSS" %
                        gss_cred.service)
     return data
Example #2
0
 def unsecure_data(self, data, cred):
     """Remove gss cruft from procedure arg/res"""
     gss_cred = self._gss_cred_from_opaque_auth(cred)
     if gss_cred.service == rpc_gss_svc_none or \
            gss_cred.gss_proc != RPCSEC_GSS_DATA:
         pass
     elif gss_cred.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         checksum = p.unpack_opaque()
         p.done()
         d = gssapi.verifyMIC(self.gss_context, data, checksum)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.verifyMIC returned: %s" % \
                   show_major(d['major']))
         p.reset(data)
         seqnum = p.unpack_uint()
         if seqnum != gss_cred.seq_num:
             raise SecError(\
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, gss_cred.seq_num))
         data = p.get_buffer()[p.get_position():]
     elif gss_cred.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         p.done()
         d = gssapi.unwrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.unwrap returned %s" % \
                   show_major(d['major']))
         p.reset(d['msg'])
         seqnum = p.unpack_uint()
         if seqnum != gss_cred.seq_num:
             raise SecError(\
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, self.gss_cred.seq_num))
         data = p.get_buffer()[p.get_position():]
     else:
         # Not really necessary, should have already raised XDRError
         raise SecError("Unknown service %i for RPCSEC_GSS" % gss_cred.service)
     return data
Example #3
0
 def unsecure_data(self, data, orig_seqnum):
     """Filter procedure results received from server"""
     if self.service == rpc_gss_svc_none or self.init:
         pass
     elif self.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         checksum = p.unpack_opaque()
         p.done()
         d = gssapi.verifyMIC(self.gss_context, data, checksum)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.verifyMIC returned: %s" % \
                   show_major(d['major'])
         p.reset(data)
         seqnum = p.unpack_uint()
         if seqnum != orig_seqnum:
             raise SecError, \
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, orig_seqnum)
         data = p.get_buffer()[p.get_position():]
     elif self.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         # FRED - this is untested
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         p.done()
         d = gssapi.unwrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.unwrap returned %s" % \
                   show_major(d['major'])
         p.reset(d['msg'])
         seqnum = p.unpack_uint()
         if seqnum != orig_seqnum:
             raise SecError, \
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, self.orig_seqnum)
         data = p.get_buffer()[p.get_position():]
     else:
         raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
     return data
Example #4
0
 def unsecure_data(self, data, orig_seqnum):
     """Filter procedure results received from server"""
     if self.service == rpc_gss_svc_none or self.init:
         pass
     elif self.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         checksum = p.unpack_opaque()
         p.done()
         d = gssapi.verifyMIC(self.gss_context, data, checksum)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.verifyMIC returned: %s" % \
                   show_major(d['major'])
         p.reset(data)
         seqnum = p.unpack_uint()
         if seqnum != orig_seqnum:
             raise SecError, \
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, orig_seqnum)
         data = p.get_buffer()[p.get_position():]
     elif self.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         # FRED - this is untested
         p = self.getunpacker()
         p.reset(data)
         data = p.unpack_opaque()
         p.done()
         d = gssapi.unwrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.unwrap returned %s" % \
                   show_major(d['major'])
         p.reset(d['msg'])
         seqnum = p.unpack_uint()
         if seqnum != orig_seqnum:
             raise SecError, \
                   "Mismatched seqnum in reply: got %i, expected %i" % \
                   (seqnum, self.orig_seqnum)
         data = p.get_buffer()[p.get_position():]
     else:
         raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
     return data