128 }
129
130 /*
131 * Generic routine to wrap data used by client and server sides.
132 */
133 bool_t
134 __rpc_gss_wrap_data(service, qop, context, seq_num, out_xdrs,
135 xdr_func, xdr_ptr)
136 OM_uint32 qop;
137 rpc_gss_service_t service;
138 gss_ctx_id_t context;
139 uint_t seq_num;
140 XDR *out_xdrs;
141 bool_t (*xdr_func)();
142 caddr_t xdr_ptr;
143 {
144 OM_uint32 major, minor;
145 gss_buffer_desc in_buf, out_buf;
146 XDR temp_xdrs;
147 char *temp_data;
148 /* EXPORT DELETE START */
149 bool_t conf_state;
150 /* EXPORT DELETE END */
151 bool_t ret = FALSE;
152 int size;
153
154 /*
155 * Create a temporary XDR/buffer to hold the data to be wrapped.
156 * We need an extra bit for the sequence number serialized first.
157 */
158 size = xdr_sizeof(xdr_func, xdr_ptr) + BYTES_PER_XDR_UNIT;
159 temp_data = kmem_alloc(size, KM_SLEEP);
160 out_buf.length = 0;
161
162 xdrmem_create(&temp_xdrs, temp_data, size, XDR_ENCODE);
163
164 /*
165 * serialize the sequence number into tmp memory
166 */
167 if (!xdr_u_int(&temp_xdrs, &seq_num))
168 goto fail;
169
170 /*
171 * serialize the arguments into tmp memory
172 */
173 if (!(*xdr_func)(&temp_xdrs, xdr_ptr))
174 goto fail;
175
176 /*
177 * Data to be wrapped goes in in_buf. If privacy is used,
178 * out_buf will have wrapped data (in_buf will no longer be
179 * needed). If integrity is used, out_buf will have checksum
180 * which will follow the data in in_buf.
181 */
182 in_buf.length = xdr_getpos(&temp_xdrs);
183 in_buf.value = (char *)temp_xdrs.x_base;
184
185 switch (service) {
186 case rpc_gss_svc_privacy:
187
188 /* EXPORT DELETE START */
189 if ((major = kgss_seal(&minor, context, TRUE, qop, &in_buf,
190 &conf_state, &out_buf)) != GSS_S_COMPLETE) {
191 RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_seal failed."
192 "major = %x, minor = %x", major, minor);
193 goto fail;
194 }
195 in_buf.length = 0; /* in_buf not needed */
196 if (!conf_state)
197 /* EXPORT DELETE END */
198 goto fail;
199 /* EXPORT DELETE START */
200 break;
201 /* EXPORT DELETE END */
202 case rpc_gss_svc_integrity:
203 if ((major = kgss_sign(&minor, context, qop, &in_buf,
204 &out_buf)) != GSS_S_COMPLETE) {
205 RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_sign failed."
206 "major = %x, minor = %x", major, minor);
207 goto fail;
208 }
209 break;
210 default:
211 goto fail;
212 }
213
214 /*
215 * write out in_buf and out_buf as needed
216 */
217 if (in_buf.length != 0) {
218 if (!__xdr_gss_buf(out_xdrs, &in_buf))
219 goto fail;
220 }
221
247 XDR temp_xdrs;
248 uint_t seq_num2;
249 bool_t conf = FALSE;
250 OM_uint32 major = GSS_S_COMPLETE, minor = 0;
251 int qop = 0;
252
253 in_buf.value = NULL;
254 out_buf.value = NULL;
255
256 /*
257 * Pull out wrapped data. For privacy service, this is the
258 * encrypted data. For integrity service, this is the data
259 * followed by a checksum.
260 */
261 if (!__xdr_gss_buf(in_xdrs, &in_buf)) {
262 return (FALSE);
263 }
264
265 if (service == rpc_gss_svc_privacy) {
266 major = GSS_S_FAILURE;
267 /* EXPORT DELETE START */
268 major = kgss_unseal(&minor, context, &in_buf, &out_buf, &conf,
269 &qop);
270 /* EXPORT DELETE END */
271 kmem_free(in_buf.value, in_buf.length);
272 if (major != GSS_S_COMPLETE) {
273 RPCGSS_LOG1(1, "rpc_gss_unwrap: kgss_unseal failed."
274 "major = %x, minor = %x", major, minor);
275 return (FALSE);
276 }
277 /*
278 * Keep the returned token (unencrypted data) in in_buf.
279 */
280 in_buf.length = out_buf.length;
281 in_buf.value = out_buf.value;
282
283 /*
284 * If privacy was not used, or if QOP is not what we are
285 * expecting, fail.
286 */
287 if (!conf || qop != qop_check)
288 goto fail;
289
290 } else if (service == rpc_gss_svc_integrity) {
|
128 }
129
130 /*
131 * Generic routine to wrap data used by client and server sides.
132 */
133 bool_t
134 __rpc_gss_wrap_data(service, qop, context, seq_num, out_xdrs,
135 xdr_func, xdr_ptr)
136 OM_uint32 qop;
137 rpc_gss_service_t service;
138 gss_ctx_id_t context;
139 uint_t seq_num;
140 XDR *out_xdrs;
141 bool_t (*xdr_func)();
142 caddr_t xdr_ptr;
143 {
144 OM_uint32 major, minor;
145 gss_buffer_desc in_buf, out_buf;
146 XDR temp_xdrs;
147 char *temp_data;
148 bool_t conf_state;
149 bool_t ret = FALSE;
150 int size;
151
152 /*
153 * Create a temporary XDR/buffer to hold the data to be wrapped.
154 * We need an extra bit for the sequence number serialized first.
155 */
156 size = xdr_sizeof(xdr_func, xdr_ptr) + BYTES_PER_XDR_UNIT;
157 temp_data = kmem_alloc(size, KM_SLEEP);
158 out_buf.length = 0;
159
160 xdrmem_create(&temp_xdrs, temp_data, size, XDR_ENCODE);
161
162 /*
163 * serialize the sequence number into tmp memory
164 */
165 if (!xdr_u_int(&temp_xdrs, &seq_num))
166 goto fail;
167
168 /*
169 * serialize the arguments into tmp memory
170 */
171 if (!(*xdr_func)(&temp_xdrs, xdr_ptr))
172 goto fail;
173
174 /*
175 * Data to be wrapped goes in in_buf. If privacy is used,
176 * out_buf will have wrapped data (in_buf will no longer be
177 * needed). If integrity is used, out_buf will have checksum
178 * which will follow the data in in_buf.
179 */
180 in_buf.length = xdr_getpos(&temp_xdrs);
181 in_buf.value = (char *)temp_xdrs.x_base;
182
183 switch (service) {
184 case rpc_gss_svc_privacy:
185
186 if ((major = kgss_seal(&minor, context, TRUE, qop, &in_buf,
187 &conf_state, &out_buf)) != GSS_S_COMPLETE) {
188 RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_seal failed."
189 "major = %x, minor = %x", major, minor);
190 goto fail;
191 }
192 in_buf.length = 0; /* in_buf not needed */
193 if (!conf_state)
194 goto fail;
195 break;
196 case rpc_gss_svc_integrity:
197 if ((major = kgss_sign(&minor, context, qop, &in_buf,
198 &out_buf)) != GSS_S_COMPLETE) {
199 RPCGSS_LOG1(1, "rpc_gss_wrap: kgss_sign failed."
200 "major = %x, minor = %x", major, minor);
201 goto fail;
202 }
203 break;
204 default:
205 goto fail;
206 }
207
208 /*
209 * write out in_buf and out_buf as needed
210 */
211 if (in_buf.length != 0) {
212 if (!__xdr_gss_buf(out_xdrs, &in_buf))
213 goto fail;
214 }
215
241 XDR temp_xdrs;
242 uint_t seq_num2;
243 bool_t conf = FALSE;
244 OM_uint32 major = GSS_S_COMPLETE, minor = 0;
245 int qop = 0;
246
247 in_buf.value = NULL;
248 out_buf.value = NULL;
249
250 /*
251 * Pull out wrapped data. For privacy service, this is the
252 * encrypted data. For integrity service, this is the data
253 * followed by a checksum.
254 */
255 if (!__xdr_gss_buf(in_xdrs, &in_buf)) {
256 return (FALSE);
257 }
258
259 if (service == rpc_gss_svc_privacy) {
260 major = GSS_S_FAILURE;
261 major = kgss_unseal(&minor, context, &in_buf, &out_buf, &conf,
262 &qop);
263 kmem_free(in_buf.value, in_buf.length);
264 if (major != GSS_S_COMPLETE) {
265 RPCGSS_LOG1(1, "rpc_gss_unwrap: kgss_unseal failed."
266 "major = %x, minor = %x", major, minor);
267 return (FALSE);
268 }
269 /*
270 * Keep the returned token (unencrypted data) in in_buf.
271 */
272 in_buf.length = out_buf.length;
273 in_buf.value = out_buf.value;
274
275 /*
276 * If privacy was not used, or if QOP is not what we are
277 * expecting, fail.
278 */
279 if (!conf || qop != qop_check)
280 goto fail;
281
282 } else if (service == rpc_gss_svc_integrity) {
|