def handle_gss_init(self, cred, data, first): p = GSSUnpacker(data) token = p.unpack_opaque() p.done() log_gss.debug("***ACCEPTSECCONTEXT***") if first: context = gssapi.Context() else: context = self._get_context(cred.body.handle) try: token = context.accept(token) except gssapi.Error as e: log_gss.debug("RPCSEC_GSS_INIT failed (%s, %i)!" % (e.name, e.minor)) res = rpc_gss_init_res('', e.major, e.minor, 0, '') else: log_gss.debug("RPCSEC_GSS_*INIT succeeded!") if first: handle = self._add_context(context) # XXX HACK - this ensures make_reply_verf works, but # is a subtle side-effect that could introduce bugs if code # is ever reorganized. Currently cred is forgotten once # we leave here though. cred.body.rpc_gss_cred_vers_1_t.handle = handle else: handle = cred.body.handle if context.open: major = gssapi.GSS_S_COMPLETE else: major = gssapi.GSS_S_CONTINUE_NEEDED res = rpc_gss_init_res( handle, major, 0, # XXX can't see minor WINDOWSIZE, token) # Prepare response p = GSSPacker() p.pack_rpc_gss_init_res(res) # NOTE this is an annoying case for make_reply_verf. # It is the only time that you need msg_data to feed into it. verf = self.make_reply_verf(cred, major) raise rpclib.RPCSuccessfulReply(verf, p.get_buffer())
def pack_cred(py_cred): p = GSSPacker() p.pack_rpc_gss_cred_t(py_cred) return p.get_buffer()
# we leave here though. cred.body.rpc_gss_cred_vers_1_t.handle = handle else: handle = cred.body.handle if context.open: major = gssapi.GSS_S_COMPLETE else: major = gssapi.GSS_S_CONTINUE_NEEDED res = rpc_gss_init_res( handle, major, 0, # XXX can't see minor WINDOWSIZE, token) # Prepare response p = GSSPacker() p.pack_rpc_gss_init_res(res) # NOTE this is an annoying case for make_reply_verf. # It is the only time that you need msg_data to feed into it. verf = self.make_reply_verf(cred, major) raise rpclib.RPCSuccessfulReply(verf, p.get_buffer()) def make_reply_verf(self, cred, stat): log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat)) cred = cred.body if stat: # Return trivial verf on error # NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0 return rpclib.NULL_CRED elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT): # init requires getMIC(seq_window)
handle = self._add_context(context) # XXX HACK - this ensures make_reply_verf works, but # is a subtle side-effect that could introduce bugs if code # is ever reorganized. Currently cred is forgotten once # we leave here though. cred.body.rpc_gss_cred_vers_1_t.handle = handle else: handle = cred.body.handle if context.open: major = gssapi.GSS_S_COMPLETE else: major = gssapi.GSS_S_CONTINUE_NEEDED res = rpc_gss_init_res(handle, major, 0, # XXX can't see minor WINDOWSIZE, token) # Prepare response p = GSSPacker() p.pack_rpc_gss_init_res(res) # NOTE this is an annoying case for make_reply_verf. # It is the only time that you need msg_data to feed into it. verf = self.make_reply_verf(cred, major) raise rpclib.RPCSuccessfulReply(verf, p.get_buffer()) def make_reply_verf(self, cred, stat): log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat)) cred = cred.body if stat: # Return trivial verf on error # NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0 return rpclib.NULL_CRED elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT): # init requires getMIC(seq_window)