def secure_data(self, data, seqnum):
"""Filter procedure arguments before sending to server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.getMIC returned: %s" % \
show_major(d['major'])
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.wrap returned: %s" % \
show_major(d['major'])
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
return data
def secure_data(self, data, seqnum):
"""Filter procedure arguments before sending to server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getpacker()
p.reset()
p.pack_uint(seqnum)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
raise SecError("Unknown service %i for RPCSEC_GSS" % self.service)
return data
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.getMIC returned: %s" % \
show_major(major)
return opaque_auth(RPCSEC_GSS, d['token'])
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(major))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_reply_verf(self, cred, stat):
cred = self._gss_cred_from_opaque_auth(cred)
i = None
if stat:
# Return trivial verf on error
return self._none
elif cred.gss_proc != RPCSEC_GSS_DATA:
# STUB - init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = self.getpacker()
p.reset()
p.pack_uint(i)
d = gssapi.getMIC(self.gss_context, p.get_buffer())
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_reply_verf(self, cred, stat):
cred = self._gss_cred_from_opaque_auth(cred)
i = None
if stat:
# Return trivial verf on error
return self._none
elif cred.gss_proc != RPCSEC_GSS_DATA:
# STUB - init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = self.getpacker()
p.reset()
p.pack_uint(i)
d = gssapi.getMIC(self.gss_context, p.get_buffer())
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
return opaque_auth(RPCSEC_GSS, d['token'])
def secure_data(self, data, cred):
"""Add security info/encryption to procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" %
gss_cred.service)
return data
def secure_data(self, data, cred):
"""Add security info/encryption to procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.getMIC(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(data)
p.pack_opaque(d['token'])
data = p.get_buffer()
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getpacker()
p.reset()
p.pack_uint(gss_cred.seq_num)
data = p.get_buffer() + data
d = gssapi.wrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.wrap returned: %s" % \
show_major(d['major']))
p.reset()
p.pack_opaque(d['msg'])
data = p.get_buffer()
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" % gss_cred.service)
return data