Print this page
first pass


 128 }
 129 
 130 /*
 131  * Generic routine to wrap data used by client and server sides.
 132  */
 133 bool_t
 134 __rpc_gss_wrap_data(service, qop, context, seq_num, out_xdrs,
 135                         xdr_func, xdr_ptr)
 136         OM_uint32               qop;
 137         rpc_gss_service_t       service;
 138         gss_ctx_id_t            context;
 139         uint_t                  seq_num;
 140         XDR                     *out_xdrs;
 141         bool_t                  (*xdr_func)();
 142         caddr_t                 xdr_ptr;
 143 {
 144         OM_uint32               major, minor;
 145         gss_buffer_desc         in_buf, out_buf;
 146         XDR                     temp_xdrs;
 147         char                    *temp_data;
 148 /* EXPORT DELETE START */
 149         bool_t                  conf_state;
 150 /* EXPORT DELETE END */
 151         bool_t                  ret = FALSE;
 152         int                     size;
 153 
 154         /*
 155          * Create a temporary XDR/buffer to hold the data to be wrapped.
 156          * We need an extra bit for the sequence number serialized first.
 157          */
 158         size = xdr_sizeof(xdr_func, xdr_ptr) + BYTES_PER_XDR_UNIT;
 159         temp_data = kmem_alloc(size, KM_SLEEP);
 160         out_buf.length = 0;
 161 
 162         xdrmem_create(&temp_xdrs, temp_data, size, XDR_ENCODE);
 163 
 164         /*
 165          * serialize the sequence number into tmp memory
 166          */
 167         if (!xdr_u_int(&temp_xdrs, &seq_num))
 168                 goto fail;
 169 
 170         /*
 171          * serialize the arguments into tmp memory
 172          */
 173         if (!(*xdr_func)(&temp_xdrs, xdr_ptr))
 174                 goto fail;
 175 
 176         /*
 177          * Data to be wrapped goes in in_buf.  If privacy is used,
 178          * out_buf will have wrapped data (in_buf will no longer be
 179          * needed).  If integrity is used, out_buf will have checksum
 180          * which will follow the data in in_buf.
 181          */
 182         in_buf.length = xdr_getpos(&temp_xdrs);
 183         in_buf.value = (char *)temp_xdrs.x_base;
 184 
 185         switch (service) {
 186         case rpc_gss_svc_privacy:
 187 
 188 /* EXPORT DELETE START */
 189                 if ((major = kgss_seal(&minor, context, TRUE, qop, &in_buf,
 190                                 &conf_state, &out_buf)) != GSS_S_COMPLETE) {
 191                         RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_seal failed."
 192                                 "major = %x, minor = %x", major, minor);
 193                         goto fail;
 194                 }
 195                 in_buf.length = 0;      /* in_buf not needed */
 196                 if (!conf_state)
 197 /* EXPORT DELETE END */
 198                         goto fail;
 199 /* EXPORT DELETE START */
 200                 break;
 201 /* EXPORT DELETE END */
 202         case rpc_gss_svc_integrity:
 203                 if ((major = kgss_sign(&minor, context, qop, &in_buf,
 204                                 &out_buf)) != GSS_S_COMPLETE) {
 205                         RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_sign failed."
 206                                 "major = %x, minor = %x", major, minor);
 207                         goto fail;
 208                 }
 209                 break;
 210         default:
 211                 goto fail;
 212         }
 213 
 214         /*
 215          * write out in_buf and out_buf as needed
 216          */
 217         if (in_buf.length != 0) {
 218                 if (!__xdr_gss_buf(out_xdrs, &in_buf))
 219                         goto fail;
 220         }
 221 


 247         XDR                     temp_xdrs;
 248         uint_t                  seq_num2;
 249         bool_t                  conf = FALSE;
 250         OM_uint32               major = GSS_S_COMPLETE, minor = 0;
 251         int                     qop = 0;
 252 
 253         in_buf.value = NULL;
 254         out_buf.value = NULL;
 255 
 256         /*
 257          * Pull out wrapped data.  For privacy service, this is the
 258          * encrypted data.  For integrity service, this is the data
 259          * followed by a checksum.
 260          */
 261         if (!__xdr_gss_buf(in_xdrs, &in_buf)) {
 262                 return (FALSE);
 263         }
 264 
 265         if (service == rpc_gss_svc_privacy) {
 266                 major = GSS_S_FAILURE;
 267 /* EXPORT DELETE START */
 268                 major = kgss_unseal(&minor, context, &in_buf, &out_buf, &conf,
 269                                         &qop);
 270 /* EXPORT DELETE END */
 271                 kmem_free(in_buf.value, in_buf.length);
 272                 if (major != GSS_S_COMPLETE) {
 273                         RPCGSS_LOG1(1, "rpc_gss_unwrap: kgss_unseal failed."
 274                                 "major = %x, minor = %x", major, minor);
 275                         return (FALSE);
 276                 }
 277                 /*
 278                  * Keep the returned token (unencrypted data) in in_buf.
 279                  */
 280                 in_buf.length = out_buf.length;
 281                 in_buf.value = out_buf.value;
 282 
 283                 /*
 284                  * If privacy was not used, or if QOP is not what we are
 285                  * expecting, fail.
 286                  */
 287                 if (!conf || qop != qop_check)
 288                         goto fail;
 289 
 290         } else if (service == rpc_gss_svc_integrity) {




 128 }
 129 
 130 /*
 131  * Generic routine to wrap data used by client and server sides.
 132  */
 133 bool_t
 134 __rpc_gss_wrap_data(service, qop, context, seq_num, out_xdrs,
 135                         xdr_func, xdr_ptr)
 136         OM_uint32               qop;
 137         rpc_gss_service_t       service;
 138         gss_ctx_id_t            context;
 139         uint_t                  seq_num;
 140         XDR                     *out_xdrs;
 141         bool_t                  (*xdr_func)();
 142         caddr_t                 xdr_ptr;
 143 {
 144         OM_uint32               major, minor;
 145         gss_buffer_desc         in_buf, out_buf;
 146         XDR                     temp_xdrs;
 147         char                    *temp_data;

 148         bool_t                  conf_state;

 149         bool_t                  ret = FALSE;
 150         int                     size;
 151 
 152         /*
 153          * Create a temporary XDR/buffer to hold the data to be wrapped.
 154          * We need an extra bit for the sequence number serialized first.
 155          */
 156         size = xdr_sizeof(xdr_func, xdr_ptr) + BYTES_PER_XDR_UNIT;
 157         temp_data = kmem_alloc(size, KM_SLEEP);
 158         out_buf.length = 0;
 159 
 160         xdrmem_create(&temp_xdrs, temp_data, size, XDR_ENCODE);
 161 
 162         /*
 163          * serialize the sequence number into tmp memory
 164          */
 165         if (!xdr_u_int(&temp_xdrs, &seq_num))
 166                 goto fail;
 167 
 168         /*
 169          * serialize the arguments into tmp memory
 170          */
 171         if (!(*xdr_func)(&temp_xdrs, xdr_ptr))
 172                 goto fail;
 173 
 174         /*
 175          * Data to be wrapped goes in in_buf.  If privacy is used,
 176          * out_buf will have wrapped data (in_buf will no longer be
 177          * needed).  If integrity is used, out_buf will have checksum
 178          * which will follow the data in in_buf.
 179          */
 180         in_buf.length = xdr_getpos(&temp_xdrs);
 181         in_buf.value = (char *)temp_xdrs.x_base;
 182 
 183         switch (service) {
 184         case rpc_gss_svc_privacy:
 185 

 186                 if ((major = kgss_seal(&minor, context, TRUE, qop, &in_buf,
 187                                 &conf_state, &out_buf)) != GSS_S_COMPLETE) {
 188                         RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_seal failed."
 189                                 "major = %x, minor = %x", major, minor);
 190                         goto fail;
 191                 }
 192                 in_buf.length = 0;      /* in_buf not needed */
 193                 if (!conf_state)

 194                         goto fail;

 195                 break;

 196         case rpc_gss_svc_integrity:
 197                 if ((major = kgss_sign(&minor, context, qop, &in_buf,
 198                                 &out_buf)) != GSS_S_COMPLETE) {
 199                         RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_sign failed."
 200                                 "major = %x, minor = %x", major, minor);
 201                         goto fail;
 202                 }
 203                 break;
 204         default:
 205                 goto fail;
 206         }
 207 
 208         /*
 209          * write out in_buf and out_buf as needed
 210          */
 211         if (in_buf.length != 0) {
 212                 if (!__xdr_gss_buf(out_xdrs, &in_buf))
 213                         goto fail;
 214         }
 215 


 241         XDR                     temp_xdrs;
 242         uint_t                  seq_num2;
 243         bool_t                  conf = FALSE;
 244         OM_uint32               major = GSS_S_COMPLETE, minor = 0;
 245         int                     qop = 0;
 246 
 247         in_buf.value = NULL;
 248         out_buf.value = NULL;
 249 
 250         /*
 251          * Pull out wrapped data.  For privacy service, this is the
 252          * encrypted data.  For integrity service, this is the data
 253          * followed by a checksum.
 254          */
 255         if (!__xdr_gss_buf(in_xdrs, &in_buf)) {
 256                 return (FALSE);
 257         }
 258 
 259         if (service == rpc_gss_svc_privacy) {
 260                 major = GSS_S_FAILURE;

 261                 major = kgss_unseal(&minor, context, &in_buf, &out_buf, &conf,
 262                                         &qop);

 263                 kmem_free(in_buf.value, in_buf.length);
 264                 if (major != GSS_S_COMPLETE) {
 265                         RPCGSS_LOG1(1, "rpc_gss_unwrap: kgss_unseal failed."
 266                                 "major = %x, minor = %x", major, minor);
 267                         return (FALSE);
 268                 }
 269                 /*
 270                  * Keep the returned token (unencrypted data) in in_buf.
 271                  */
 272                 in_buf.length = out_buf.length;
 273                 in_buf.value = out_buf.value;
 274 
 275                 /*
 276                  * If privacy was not used, or if QOP is not what we are
 277                  * expecting, fail.
 278                  */
 279                 if (!conf || qop != qop_check)
 280                         goto fail;
 281 
 282         } else if (service == rpc_gss_svc_integrity) {