Exemplo n.º 1
0
 def secure_data(self, data, seqnum):
     """Filter procedure arguments before sending to server"""
     if self.service == rpc_gss_svc_none or self.init:
         pass
     elif self.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getpacker()
         p.reset()
         p.pack_uint(seqnum)
         data = p.get_buffer() + data
         d = gssapi.getMIC(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.getMIC returned: %s" % \
                   show_major(d['major'])
         p.reset()
         p.pack_opaque(data)
         p.pack_opaque(d['token'])
         data = p.get_buffer()
     elif self.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         # FRED - this is untested
         p = self.getpacker()
         p.reset()
         p.pack_uint(seqnum)
         data = p.get_buffer() + data
         d = gssapi.wrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError, "gssapi.wrap returned: %s" % \
                   show_major(d['major'])
         p.reset()
         p.pack_opaque(d['msg'])
         data = p.get_buffer()
     else:
         raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
     return data
Exemplo n.º 2
0
 def secure_data(self, data, seqnum):
     """Filter procedure arguments before sending to server"""
     if self.service == rpc_gss_svc_none or self.init:
         pass
     elif self.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getpacker()
         p.reset()
         p.pack_uint(seqnum)
         data = p.get_buffer() + data
         d = gssapi.getMIC(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.getMIC returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(data)
         p.pack_opaque(d['token'])
         data = p.get_buffer()
     elif self.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         # FRED - this is untested
         p = self.getpacker()
         p.reset()
         p.pack_uint(seqnum)
         data = p.get_buffer() + data
         d = gssapi.wrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.wrap returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(d['msg'])
         data = p.get_buffer()
     else:
         raise SecError("Unknown service %i for RPCSEC_GSS" % self.service)
     return data
Exemplo n.º 3
0
    def make_verf(self, data):
        """Verifier sent with each RPC call

        'data' is packed header upto and including cred
        """
        if self.init:
            return self._none
        else:
            d = gssapi.getMIC(self.gss_context, data)
            major = d['major']
            if major != gssapi.GSS_S_COMPLETE:
                raise SecError, "gssapi.getMIC returned: %s" % \
                      show_major(major)
            return opaque_auth(RPCSEC_GSS, d['token'])
Exemplo n.º 4
0
    def make_verf(self, data):
        """Verifier sent with each RPC call

        'data' is packed header upto and including cred
        """
        if self.init:
            return self._none
        else:
            d = gssapi.getMIC(self.gss_context, data)
            major = d['major']
            if major != gssapi.GSS_S_COMPLETE:
                raise SecError("gssapi.getMIC returned: %s" % \
                      show_major(major))
            return opaque_auth(RPCSEC_GSS, d['token'])
Exemplo n.º 5
0
 def make_reply_verf(self, cred, stat):
     cred = self._gss_cred_from_opaque_auth(cred)
     i = None
     if stat:
         # Return trivial verf on error
         return self._none
     elif cred.gss_proc != RPCSEC_GSS_DATA:
         # STUB - init requires getMIC(seq_window)
         i = WINDOWSIZE
     else:
         # Else return getMIC(cred.seq_num)
         i = cred.seq_num
     p = self.getpacker()
     p.reset()
     p.pack_uint(i)
     d = gssapi.getMIC(self.gss_context, p.get_buffer())
     if d['major'] != gssapi.GSS_S_COMPLETE:
         raise SecError("gssapi.getMIC returned: %s" % \
               show_major(d['major']))
     return opaque_auth(RPCSEC_GSS, d['token'])
Exemplo n.º 6
0
 def make_reply_verf(self, cred, stat):
     cred = self._gss_cred_from_opaque_auth(cred)
     i = None
     if stat:
         # Return trivial verf on error
         return self._none
     elif cred.gss_proc != RPCSEC_GSS_DATA:
         # STUB - init requires getMIC(seq_window)
         i = WINDOWSIZE
     else:
         # Else return getMIC(cred.seq_num)
         i = cred.seq_num
     p = self.getpacker()
     p.reset()
     p.pack_uint(i)
     d = gssapi.getMIC(self.gss_context, p.get_buffer())
     if d['major'] != gssapi.GSS_S_COMPLETE:
         raise SecError("gssapi.getMIC returned: %s" % \
               show_major(d['major']))
     return opaque_auth(RPCSEC_GSS, d['token'])
Exemplo n.º 7
0
 def secure_data(self, data, cred):
     """Add security info/encryption to procedure arg/res"""
     gss_cred = self._gss_cred_from_opaque_auth(cred)
     if gss_cred.service == rpc_gss_svc_none or \
            gss_cred.gss_proc != RPCSEC_GSS_DATA:
         pass
     elif gss_cred.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getpacker()
         p.reset()
         p.pack_uint(gss_cred.seq_num)
         data = p.get_buffer() + data
         d = gssapi.getMIC(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.getMIC returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(data)
         p.pack_opaque(d['token'])
         data = p.get_buffer()
     elif gss_cred.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         p = self.getpacker()
         p.reset()
         p.pack_uint(gss_cred.seq_num)
         data = p.get_buffer() + data
         d = gssapi.wrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.wrap returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(d['msg'])
         data = p.get_buffer()
     else:
         # Not really necessary, should have already raised XDRError
         raise SecError("Unknown service %i for RPCSEC_GSS" %
                        gss_cred.service)
     return data
Exemplo n.º 8
0
 def secure_data(self, data, cred):
     """Add security info/encryption to procedure arg/res"""
     gss_cred = self._gss_cred_from_opaque_auth(cred)
     if gss_cred.service == rpc_gss_svc_none or \
            gss_cred.gss_proc != RPCSEC_GSS_DATA:
         pass
     elif gss_cred.service == rpc_gss_svc_integrity:
         # data = opaque[gss_seq_num+data] + opaque[checksum]
         p = self.getpacker()
         p.reset()
         p.pack_uint(gss_cred.seq_num)
         data = p.get_buffer() + data
         d = gssapi.getMIC(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.getMIC returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(data)
         p.pack_opaque(d['token'])
         data = p.get_buffer()
     elif gss_cred.service == rpc_gss_svc_privacy:
         # data = opaque[wrap([gss_seq_num+data])]
         p = self.getpacker()
         p.reset()
         p.pack_uint(gss_cred.seq_num)
         data = p.get_buffer() + data
         d = gssapi.wrap(self.gss_context, data)
         if d['major'] != gssapi.GSS_S_COMPLETE:
             raise SecError("gssapi.wrap returned: %s" % \
                   show_major(d['major']))
         p.reset()
         p.pack_opaque(d['msg'])
         data = p.get_buffer()
     else:
         # Not really necessary, should have already raised XDRError
         raise SecError("Unknown service %i for RPCSEC_GSS" % gss_cred.service)
     return data