def check_reply_verf(self, msg, call_cred, data): if msg.stat != MSG_ACCEPTED: return verf = msg.rbody.areply.verf if msg.rbody.areply.reply_data.stat != SUCCESS: if not self.is_NULL(verf): raise SecError("Bad reply verifier - expected NULL verifier") elif call_cred.body.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT): # The painful case - we need to check against reply data p = GSSUnpacker(data) try: res = p.unpack_rpc_gss_init_res() p.done() except: log_gss.warn("Failure unpacking gss_init_res") raise SecError("Failure unpacking gss_init_res") if self.is_NULL(verf): if res.gss_major == GSS_S_COMPLETE: raise SecError("Expected seq_window, got NULL") else: if res.gss_major != GSS_S_COMPLETE: raise SecError("Expected NULL") # BUG - context establishment is not finished on client # - so how get context? How run verifyMIC? # - This seems to be a protocol problem. Just ignore for now else: p = Packer() p.pack_uint(call_cred.body.seq_num) qop = call_cred.context.verifyMIC(p.get_buffer(), verf.body) if qop != call_cred.body.qop: raise SecError("Mismatched qop")