def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
token = self.gss_context.get_signature(data)
return opaque_auth(RPCSEC_GSS, token)
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.getMIC returned: %s" % \
show_major(major)
return opaque_auth(RPCSEC_GSS, d['token'])
def make_cred(self):
"""Credential sent with each RPC call"""
if self.init == 1: # first call in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
elif self.init > 1: # subsequent calls in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none,
RPCSEC_GSS_CONTINUE_INIT)
else: # data transfer calls
self.lock.acquire()
self.gss_seq_num += 1 # FRED - check for overflow
self.lock.release()
cred = self._make_cred_gss(self.gss_handle, self.service,
seq=self.gss_seq_num)
return opaque_auth(RPCSEC_GSS, cred)
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
if self.init:
return self._none
else:
d = gssapi.getMIC(self.gss_context, data)
major = d['major']
if major != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(major))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_cred(self):
"""Credential sent with each RPC call"""
if self.init == 1: # first call in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none, RPCSEC_GSS_INIT)
elif self.init > 1: # subsequent calls in context creation
cred = self._make_cred_gss('', rpc_gss_svc_none,
RPCSEC_GSS_CONTINUE_INIT)
else: # data transfer calls
self.lock.acquire()
self.gss_seq_num += 1 # FRED - check for overflow
self.lock.release()
cred = self._make_cred_gss(self.gss_handle, self.service,
seq=self.gss_seq_num)
return opaque_auth(RPCSEC_GSS, cred)
class SecFlavor(object):
_none = opaque_auth(AUTH_NONE, b'')
def initialize(self, client):
pass
def secure_data(self, data, cred):
"""Add any security info/encryption to procedure arg/res
'data' is the data stream that would be sent if there were no security
'cred' is the opaque_auth structure that will be sent in header
"""
return data
def unsecure_data(self, data, cred):
"""Remove any security cruft from procedure arg/res
'data' is the received security wrapped data stream
'cred' is the opaque_auth structure received in header
"""
return data
def make_cred(self):
"""Credential sent with each RPC call"""
return self._none
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
return self._none
def make_reply_verf(self, cred, stat):
"""Verifier sent by server with each RPC reply"""
return self._none
def get_owner(self):
"""Return uid"""
return 0
def get_group(self):
"""Return gid"""
return 0
def check_verf(self, rverf, cred):
"""Raise error if there is a problem with reply verifier"""
pass
def make_reply_verf(self, cred, stat):
cred = self._gss_cred_from_opaque_auth(cred)
i = None
if stat:
# Return trivial verf on error
return self._none
elif cred.gss_proc != RPCSEC_GSS_DATA:
# STUB - init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = self.getpacker()
p.reset()
p.pack_uint(i)
d = gssapi.getMIC(self.gss_context, p.get_buffer())
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
return opaque_auth(RPCSEC_GSS, d['token'])
def make_reply_verf(self, cred, stat):
cred = self._gss_cred_from_opaque_auth(cred)
i = None
if stat:
# Return trivial verf on error
return self._none
elif cred.gss_proc != RPCSEC_GSS_DATA:
# STUB - init requires getMIC(seq_window)
i = WINDOWSIZE
else:
# Else return getMIC(cred.seq_num)
i = cred.seq_num
p = self.getpacker()
p.reset()
p.pack_uint(i)
d = gssapi.getMIC(self.gss_context, p.get_buffer())
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.getMIC returned: %s" % \
show_major(d['major']))
return opaque_auth(RPCSEC_GSS, d['token'])
class SecFlavor(object):
_none = opaque_auth(AUTH_NONE, '')
def initialize(self, client):
pass
def secure_data(self, data, seqnum):
"""Filter procedure arguments before sending to server"""
return data
def unsecure_data(self, data, seqnum):
"""Filter procedure results received from server"""
return data
def make_cred(self):
"""Credential and seqnum sent with each RPC call"""
return self._none, None
def make_verf(self, data):
"""Verifier sent with each RPC call
'data' is packed header upto and including cred
"""
return self._none
def make_reply_verf(self, data):
"""Verifier sent by server with each RPC reply"""
# FRED - currently data is always ''
return self._none
def get_owner(self):
"""Return uid"""
return 0
def get_group(self):
"""Return gid"""
return 0
def make_cred(self):
return opaque_auth(AUTH_SYS, self.cred)
def make_cred(self):
return opaque_auth(AUTH_SYS, self.cred), None