-static bool_t svcauth_gss_destroy();
-static bool_t svcauth_gss_wrap();
-static bool_t svcauth_gss_unwrap();
+static bool_t svcauth_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t svcauth_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t svcauth_gss_destroy(SVCAUTH *);
-struct svc_auth_ops svc_auth_gss_ops = {
+static struct svc_auth_ops svc_auth_gss_ops = {
svcauth_gss_wrap,
svcauth_gss_unwrap,
svcauth_gss_destroy
((struct svc_rpc_gss_data *)(auth)->svc_ah_private)
/* Global server credentials. */
-gss_cred_id_t _svcauth_gss_creds;
+static gss_cred_id_t _svcauth_gss_creds;
static gss_name_t _svcauth_gss_name = NULL;
bool_t
{
OM_uint32 maj_stat, min_stat;
- log_debug("in svcauth_gss_set_svc_name()");
+ gss_log_debug("in svcauth_gss_set_svc_name()");
if (_svcauth_gss_name != NULL) {
maj_stat = gss_release_name(&min_stat, &_svcauth_gss_name);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_release_name", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_set_svc_name: gss_release_name",
+ maj_stat, min_stat);
return (FALSE);
}
_svcauth_gss_name = NULL;
maj_stat = gss_duplicate_name(&min_stat, name, &_svcauth_gss_name);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_duplicate_name", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_set_svc_name: gss_duplicate_name",
+ maj_stat, min_stat);
return (FALSE);
}
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
- log_debug("in svcauth_gss_import_name()");
+ gss_log_debug("in svcauth_gss_import_name()");
namebuf.value = service;
namebuf.length = strlen(service);
(gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &name);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_import_name", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_import_name: gss_import_name",
+ maj_stat, min_stat);
return (FALSE);
}
if (svcauth_gss_set_svc_name(name) != TRUE) {
{
OM_uint32 maj_stat, min_stat;
- log_debug("in svcauth_gss_acquire_cred()");
+ gss_log_debug("in svcauth_gss_acquire_cred()");
maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
&_svcauth_gss_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_acquire_cred", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_acquire_cred: gss_acquire_cred",
+ maj_stat, min_stat);
return (FALSE);
}
return (TRUE);
{
OM_uint32 maj_stat, min_stat;
- log_debug("in svcauth_gss_release_cred()");
+ gss_log_debug("in svcauth_gss_release_cred()");
maj_stat = gss_release_cred(&min_stat, &_svcauth_gss_creds);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_release_cred", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_release_cred: gss_release_cred",
+ maj_stat, min_stat);
return (FALSE);
}
gss_OID mech;
OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq;
- log_debug("in svcauth_gss_accept_context()");
+ gss_log_debug("in svcauth_gss_accept_context()");
gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
if (gr->gr_major != GSS_S_COMPLETE &&
gr->gr_major != GSS_S_CONTINUE_NEEDED) {
- log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
+ gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
+ gr->gr_major, gr->gr_minor);
gd->ctx = GSS_C_NO_CONTEXT;
gss_release_buffer(&min_stat, &gr->gr_token);
return (FALSE);
maj_stat = gss_display_name(&min_stat, gd->client_name,
&gd->cname, &gd->sec.mech);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("display_name", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_accept_sec_context: display_name",
+ maj_stat, min_stat);
return (FALSE);
}
-#ifdef DEBUG
#ifdef HAVE_KRB5
{
gss_buffer_desc mechname;
gss_oid_to_str(&min_stat, mech, &mechname);
- log_debug("accepted context for %.*s with "
- "<mech %.*s, qop %d, svc %d>",
- gd->cname.length, (char *)gd->cname.value,
- mechname.length, (char *)mechname.value,
- gd->sec.qop, gd->sec.svc);
+ gss_log_debug("accepted context for %.*s with "
+ "<mech %.*s, qop %d, svc %d>",
+ gd->cname.length, (char *)gd->cname.value,
+ mechname.length, (char *)mechname.value,
+ gd->sec.qop, gd->sec.svc);
gss_release_buffer(&min_stat, &mechname);
}
#elif HAVE_HEIMDAL
- log_debug("accepted context for %.*s with "
- "<mech {}, qop %d, svc %d>",
- gd->cname.length, (char *)gd->cname.value,
- gd->sec.qop, gd->sec.svc);
+ gss_log_debug("accepted context for %.*s with "
+ "<mech {}, qop %d, svc %d>",
+ gd->cname.length, (char *)gd->cname.value,
+ gd->sec.qop, gd->sec.svc);
#endif
-#endif /* DEBUG */
seq = htonl(gr->gr_win);
seqbuf.value = &seq;
seqbuf.length = sizeof(seq);
struct opaque_auth *oa;
gss_buffer_desc rpcbuf, checksum;
OM_uint32 maj_stat, min_stat, qop_state;
- u_char rpchdr[128];
+ u_char *rpchdr;
int32_t *buf;
- log_debug("in svcauth_gss_validate()");
-
- memset(rpchdr, 0, sizeof(rpchdr));
+ gss_log_debug("in svcauth_gss_validate()");
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
oa = &msg->rm_call.cb_cred;
if (oa->oa_length > MAX_AUTH_BYTES)
return (FALSE);
-
- /* 8 XDR units from the IXDR macro calls. */
- if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
- RNDUP(oa->oa_length)))
+
+ rpchdr = (u_char *)calloc(((8 * BYTES_PER_XDR_UNIT) +
+ RNDUP(oa->oa_length)), 1);
+ if (rpchdr == NULL)
return (FALSE);
buf = (int32_t *)rpchdr;
maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
&qop_state);
+ free(rpchdr);
+
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_verify_mic", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_validate: gss_verify_mic",
+ maj_stat, min_stat);
return (FALSE);
}
return (TRUE);
}
-bool_t
+static bool_t
svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
{
struct svc_rpc_gss_data *gd;
gss_buffer_desc signbuf, checksum;
OM_uint32 maj_stat, min_stat;
- log_debug("in svcauth_gss_nextverf()");
+ gss_log_debug("in svcauth_gss_nextverf()");
if (rqst->rq_xprt->xp_auth == NULL)
return (FALSE);
&signbuf, &checksum);
if (maj_stat != GSS_S_COMPLETE) {
- log_status("gss_get_mic", maj_stat, min_stat);
+ gss_log_status("svcauth_gss_nextverf: gss_get_mic",
+ maj_stat, min_stat);
return (FALSE);
}
rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
struct rpc_gss_init_res gr;
int call_stat, offset;
- log_debug("in svcauth_gss()");
+ gss_log_debug("in svcauth_gss()");
/* Initialize reply. */
rqst->rq_xprt->xp_verf = _null_auth;
return (AUTH_OK);
}
-bool_t
+static bool_t
svcauth_gss_destroy(SVCAUTH *auth)
{
struct svc_rpc_gss_data *gd;
OM_uint32 min_stat;
- log_debug("in svcauth_gss_destroy()");
+ gss_log_debug("in svcauth_gss_destroy()");
gd = SVCAUTH_PRIVATE(auth);
return (TRUE);
}
-bool_t
+static bool_t
svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
{
struct svc_rpc_gss_data *gd;
- log_debug("in svcauth_gss_wrap()");
+ gss_log_debug("in svcauth_gss_wrap()");
gd = SVCAUTH_PRIVATE(auth);
gd->sec.svc, gd->seq));
}
-bool_t
+static bool_t
svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
{
struct svc_rpc_gss_data *gd;
- log_debug("in svcauth_gss_unwrap()");
+ gss_log_debug("in svcauth_gss_unwrap()");
gd = SVCAUTH_PRIVATE(auth);