def handle_gss_init(self, cred, data, first):
p = GSSUnpacker(data)
token = p.unpack_opaque()
p.done()
log_gss.debug("***ACCEPTSECCONTEXT***")
if first:
context = gssapi.Context()
else:
context = self._get_context(cred.body.handle)
try:
token = context.accept(token)
except gssapi.Error as e:
log_gss.debug("RPCSEC_GSS_INIT failed (%s, %i)!" %
(e.name, e.minor))
res = rpc_gss_init_res('', e.major, e.minor, 0, '')
else:
log_gss.debug("RPCSEC_GSS_*INIT succeeded!")
if first:
handle = self._add_context(context)
# XXX HACK - this ensures make_reply_verf works, but
# is a subtle side-effect that could introduce bugs if code
# is ever reorganized. Currently cred is forgotten once
# we leave here though.
cred.body.rpc_gss_cred_vers_1_t.handle = handle
else:
handle = cred.body.handle
if context.open:
major = gssapi.GSS_S_COMPLETE
else:
major = gssapi.GSS_S_CONTINUE_NEEDED
res = rpc_gss_init_res(
handle,
major,
0, # XXX can't see minor
WINDOWSIZE,
token)
# Prepare response
p = GSSPacker()
p.pack_rpc_gss_init_res(res)
# NOTE this is an annoying case for make_reply_verf.
# It is the only time that you need msg_data to feed into it.
verf = self.make_reply_verf(cred, major)
raise rpclib.RPCSuccessfulReply(verf, p.get_buffer())
def pack_cred(py_cred):
p = GSSPacker()
p.pack_rpc_gss_cred_t(py_cred)
return p.get_buffer()
# we leave here though.
cred.body.rpc_gss_cred_vers_1_t.handle = handle
else:
handle = cred.body.handle
if context.open:
major = gssapi.GSS_S_COMPLETE
else:
major = gssapi.GSS_S_CONTINUE_NEEDED
res = rpc_gss_init_res(
handle,
major,
0, # XXX can't see minor
WINDOWSIZE,
token)
# Prepare response
p = GSSPacker()
p.pack_rpc_gss_init_res(res)
# NOTE this is an annoying case for make_reply_verf.
# It is the only time that you need msg_data to feed into it.
verf = self.make_reply_verf(cred, major)
raise rpclib.RPCSuccessfulReply(verf, p.get_buffer())
def make_reply_verf(self, cred, stat):
log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
cred = cred.body
if stat:
# Return trivial verf on error
# NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
return rpclib.NULL_CRED
elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
# init requires getMIC(seq_window)
def pack_cred(py_cred):
p = GSSPacker()
p.pack_rpc_gss_cred_t(py_cred)
return p.get_buffer()
handle = self._add_context(context)
# XXX HACK - this ensures make_reply_verf works, but
# is a subtle side-effect that could introduce bugs if code
# is ever reorganized. Currently cred is forgotten once
# we leave here though.
cred.body.rpc_gss_cred_vers_1_t.handle = handle
else:
handle = cred.body.handle
if context.open:
major = gssapi.GSS_S_COMPLETE
else:
major = gssapi.GSS_S_CONTINUE_NEEDED
res = rpc_gss_init_res(handle, major, 0, # XXX can't see minor
WINDOWSIZE, token)
# Prepare response
p = GSSPacker()
p.pack_rpc_gss_init_res(res)
# NOTE this is an annoying case for make_reply_verf.
# It is the only time that you need msg_data to feed into it.
verf = self.make_reply_verf(cred, major)
raise rpclib.RPCSuccessfulReply(verf, p.get_buffer())
def make_reply_verf(self, cred, stat):
log_gss.debug("CALL:make_reply_verf(%r, %i)" % (cred, stat))
cred = cred.body
if stat:
# Return trivial verf on error
# NOTE this relies on GSS_S_COMPLETE == rpc.SUCCESS == 0
return rpclib.NULL_CRED
elif cred.gss_proc in (RPCSEC_GSS_INIT, RPCSEC_GSS_CONTINUE_INIT):
# init requires getMIC(seq_window)
