def _filter_opaque_auth(self, py_data):
# NOTE Can't use this in general, because GSS uses different
# encodings depending on circumstance. Instead we call this
# from other filter as needed.
if getattr(py_data, "opaque", True):
return py_data
# We don't use "try" block, since any exception is a bug
# that should be raised.
klass = security.klass(py_data.flavor)
return opaque_auth(py_data.flavor, klass.pack_cred(py_data.body))
def _check_auth(self, msg, data):
"""Returns security module to use if call processing should continue,
otherwise returns None.
Note that it is possible for security module to hijack call processing.
"""
# Check that flavor is supported
try:
sec = self.sec_flavors[msg.cred.flavor]
except KeyError:
log_t.warn("AUTH_ERROR: Unsupported flavor %i" % msg.cred.flavor)
if msg.proc == 0 and msg.cred.flavor == AUTH_NONE:
# RFC 1831 section 11.1 says "by convention" should allow this
log_t.warn("Allowing NULL proc through anyway")
sec = security.klass(AUTH_NONE)()
else:
raise rpclib.RPCDeniedReply(AUTH_ERROR, AUTH_FAILED)
# Call flavor specific authority checks
return sec.check_auth(msg, data)
# What incoming flavors do I allow?
# How does server learn/change these defaults
# For AUTH_NONE:
# return True - note 11.1 says "by convention" should
# allow AUTH_NONE, at least for proc==0
# For AUTH_SYS:
# check machinename, mode - again how is accept list set on server?
# For GSS:
# illegal enum values should return AUTH_BADCRED
# this will be noticed by XDR unpack failing, which means
# type(cred.body) == str
# check gss_version, fail with AUTH_BADCRED
# check allows service - again how does server set?
# check context handle - what does this mean?
# see 5.3.3.3, we maintain list of contexts we are in session
# with, if not in list, return CREDPROBLEM
# if security credentials expire, return CTXPROBLEM
# check header checksum in verf, failure returns CREDPROBLEM
# check seq_num in cred, silently drop repeats,
# return CTXPROBLEM if exceeds window
# check seq_num in data, return GARBAGE_ARGS if mismatches cred
# check gss_proc==DATA, else:
# if proc==0, handle elsewhere
# else return AUTH_BADCRED
return True
def _filter_opaque_auth(self, py_data):
# NOTE Can't use this in general, because GSS uses different
# encodings depending on circumstance. Instead we call this
# from other filter as needed.
try:
klass = security.klass(py_data.flavor)
except:
# An unsupported security flavor.
# This will be dealt with by message handler.
return py_data
try:
body = klass.unpack_cred(py_data.body)
out = opaque_auth(py_data.flavor, body)
# HACK - lets other code know this has been expanded
out.opaque = False
return out
except:
# We had a bad XDR within GSS cred. This shouldn't propagate up
# as bad XDR of RPC. Instead, we just leave it as is.
return py_data
