Example #1
0
 def unpack_opaque_auth(self):
     data = types.opaque_auth()
     data.flavor = self.unpack_auth_flavor()
     data.body = self.unpack_opaque()
     if len(data.body) > 400:
         raise XDRError, 'array length too long for data.body'
     return data
Example #2
0
 def make_call_verf(self, xid, body):
     if body.cred.body.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
         return rpclib.NULL_CRED
     else:
         data = self.partially_packed_header(xid, body)
         # XXX how handle gssapi.Error?
         token = self._get_context(body.cred.body.handle).getMIC(data)
         return opaque_auth(RPCSEC_GSS, token)
Example #3
0
 def make_call_verf(self, xid, body):
     if body.cred.body.gss_proc in (RPCSEC_GSS_INIT,
                                    RPCSEC_GSS_CONTINUE_INIT):
         return rpclib.NULL_CRED
     else:
         data = self.partially_packed_header(xid, body)
         # XXX how handle gssapi.Error?
         token = self._get_context(body.cred.body.handle).getMIC(data)
         return opaque_auth(RPCSEC_GSS, token)
Example #4
0
 def partially_packed_header(self, xid, body):
     p = RPCPacker()
     p.pack_uint(xid)
     p.pack_enum(CALL)
     p.pack_uint(body.rpcvers)
     p.pack_uint(body.prog)
     p.pack_uint(body.vers)
     p.pack_uint(body.proc)
     cred = opaque_auth(RPCSEC_GSS, self.pack_cred(body.cred.body))
     p.pack_opaque_auth(cred)
     return p.get_buffer()
Example #5
0
 def make_cred(self, credinfo):
     """Create credential"""
     if credinfo is None:
         # Create a default cred
         who = self.init_cred()
     else:
         # XXX Check credinfo.flavor?
         who = credinfo.context
     out = opaque_auth(AUTH_SYS, who)
     out.opaque = False # HACK
     return out
Example #6
0
 def partially_packed_header(self, xid, body):
     p = RPCPacker()
     p.pack_uint(xid)
     p.pack_enum(CALL)
     p.pack_uint(body.rpcvers)
     p.pack_uint(body.prog)
     p.pack_uint(body.vers)
     p.pack_uint(body.proc)
     cred = opaque_auth(RPCSEC_GSS, self.pack_cred(body.cred.body))
     p.pack_opaque_auth(cred)
     return p.get_buffer()
Example #7
0
 def make_cred(self, credinfo):
     """Create credential"""
     if credinfo is None:
         # Create a default cred
         who = self.init_cred()
     else:
         # XXX Check credinfo.flavor?
         who = credinfo.context
     out = opaque_auth(AUTH_SYS, who)
     out.opaque = False  # HACK
     return out
Example #8
0
    def make_verf(self, data):
        """Verifier sent with each RPC call

        'data' is packed header upto and including cred
        """
        if self.init:
            return self._none
        else:
            d = gssapi.getMIC(self.gss_context, data)
            major = d['major']
            if major != gssapi.GSS_S_COMPLETE:
                raise SecError("gssapi.getMIC returned: %s" % \
                      show_major(major))
            return opaque_auth(RPCSEC_GSS, d['token'])
Example #9
0
    def make_verf(self, data):
        """Verifier sent with each RPC call

        'data' is packed header upto and including cred
        """
        if self.init:
            return self._none
        else:
            d = gssapi.getMIC(self.gss_context, data)
            major = d['major']
            if major != gssapi.GSS_S_COMPLETE:
                raise SecError("gssapi.getMIC returned: %s" % \
                      show_major(major))
            return opaque_auth(RPCSEC_GSS, d['token'])
Example #10
0
 def make_cred(self):
     """Credential sent with each RPC call"""
     seq = 0
     if self.init == 1: # first call in context creation
         cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
     elif self.init > 1: # subsequent calls in context creation
         cred = self._make_cred_gss('', rpc_gss_svc_none,
                               RPCSEC_GSS_CONTINUE_INIT)
     else: # data transfer calls
         self.lock.acquire()
         self.gss_seq_num += 1 # FRED - check for overflow
         seq = self.gss_seq_num
         self.lock.release()
         cred = self._make_cred_gss(self.gss_handle, self.service, seq=seq)
     return opaque_auth(RPCSEC_GSS, cred), seq
Example #11
0
 def make_cred(self):
     """Credential sent with each RPC call"""
     seq = 0
     if self.init == 1:  # first call in context creation
         cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
     elif self.init > 1:  # subsequent calls in context creation
         cred = self._make_cred_gss('', rpc_gss_svc_none,
                                    RPCSEC_GSS_CONTINUE_INIT)
     else:  # data transfer calls
         self.lock.acquire()
         self.gss_seq_num += 1  # FRED - check for overflow
         seq = self.gss_seq_num
         self.lock.release()
         cred = self._make_cred_gss(self.gss_handle, self.service, seq=seq)
     return opaque_auth(RPCSEC_GSS, cred), seq
Example #12
0
 def make_reply_verf(self, cred, stat):
     log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
     cred = cred.body
     if stat:
         # Return trivial verf on error
         # NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
         return rpclib.NULL_CRED
     elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
         # init requires getMIC(seq_window)
         i = WINDOWSIZE
     else:
         # Else return getMIC(cred.seq_num)
         i = cred.seq_num
     p = Packer()
     p.pack_uint(i)
     # XXX BUG - need to set qop
     token = self._get_context(cred.handle).getMIC(p.get_buffer())
     return opaque_auth(RPCSEC_GSS, token)
Example #13
0
 def make_reply_verf(self, cred, stat):
     log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
     cred = cred.body
     if stat:
         # Return trivial verf on error
         # NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
         return rpclib.NULL_CRED
     elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
         # init requires getMIC(seq_window)
         i = WINDOWSIZE
     else:
         # Else return getMIC(cred.seq_num)
         i = cred.seq_num
     p = Packer()
     p.pack_uint(i)
     # XXX BUG - need to set qop
     token = self._get_context(cred.handle).getMIC(p.get_buffer())
     return opaque_auth(RPCSEC_GSS, token)
Example #14
0
 def make_cred(self, credinfo):
     log_gss.debug("Calling make_cred %r" % credinfo)
     # XXX Deal with a default credinfo==None?
     if credinfo.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
         context = None
         seqid = 0 # Should be ignored by server
     else:
         context = self._get_context(credinfo.context)
         seqid = context.get_seqid()
     service = credinfo.service
     data = gss_type.rpc_gss_cred_vers_1_t(credinfo.gss_proc, seqid,
                                           credinfo.service,
                                           credinfo.context) # str
     cred = gss_type.rpc_gss_cred_t(RPCSEC_GSS_VERS_1, data)
     out = opaque_auth(RPCSEC_GSS, cred)
     out.opaque = False # HACK to tell system we haven't packed cred
     out.context = context # This needs to be Context()
     out.body.qop = credinfo.qop
     log_gss.debug("make_cred = %r" % out)
     return out
Example #15
0
 def make_cred(self, credinfo):
     log_gss.debug("Calling make_cred %r" % credinfo)
     # XXX Deal with a default credinfo==None?
     if credinfo.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
         context = None
         seqid = 0  # Should be ignored by server
     else:
         context = self._get_context(credinfo.context)
         seqid = context.get_seqid()
     service = credinfo.service
     data = gss_type.rpc_gss_cred_vers_1_t(credinfo.gss_proc, seqid,
                                           credinfo.service,
                                           credinfo.context)  # str
     cred = gss_type.rpc_gss_cred_t(RPCSEC_GSS_VERS_1, data)
     out = opaque_auth(RPCSEC_GSS, cred)
     out.opaque = False  # HACK to tell system we haven't packed cred
     out.context = context  # This needs to be Context()
     out.body.qop = credinfo.qop
     log_gss.debug("make_cred = %r" % out)
     return out