2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1986, 2010, Oracle and/or its affiliates. All rights reserved. 2N/A * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. 2N/A * Server side handling of RPCSEC_GSS flavor. 2N/A * Sequence window definitions. 2N/A/* cache retransmit data */ 2N/A * Server side RPCSEC_GSS context information. 2N/A * Data structures used for LRU based context management. 2N/A * server credential management data and structures 2N/A * lock used with server credential variables list 2N/A * server cred list locking guidelines: 2N/A * - Writer's lock holder has exclusive access to the list 2N/A * - Reader's lock holder(s) must also lock (refresh_mutex) each node 2N/A * before accessing that node's elements (ie. cred) 2N/A * server callback list 2N/A * lock used with callback variables 2N/A * forward declarations 2N/A * Fetch server side authentication structure. 2N/A * Cleanup routine for destroying context, called after service 2N/A * procedure is executed, for MT safeness. 2N/A * First check if current context needs to be cleaned up. 2N/A * Check for other expired contexts. 2N/A * Check again, in case some other thread got in. 2N/A * Set server parameters. 2N/A * Ignore parameters unless greater than zero. 2N/A * Shift the array arr of length arrlen right by nbits bits. 2N/A * If the number of bits to be shifted exceeds SEQ_WIN, just 2N/A * zero out the array. 2N/A * Check that the received sequence number seq_num is valid. 2N/A * If it exceeds the maximum, kill context. 2N/A * If greater than the last seen sequence number, just shift 2N/A * the sequence window so that it starts at the new sequence 2N/A * number and extends downwards by SEQ_WIN. 2N/A * If it is outside the sequence window, return failure. 2N/A * If within sequence window, set the bit corresponding to it 2N/A * if not already seen; if already seen, return failure. 2N/A * Convert a name in gss exported type to rpc_gss_principal_t type. 2N/A * Convert a name in internal form to the exported type. 2N/A * Set server callback. 2N/A * Locate callback (if specified) and call server. Release any 2N/A * delegated credentials unless passed to server and the server 2N/A * accepts the context. If a callback is not specified, accept 2N/A * the incoming context. 2N/A * Return caller credentials. 2N/A * Double check making sure ucred is not set 2N/A * after acquiring the lock. 2N/A "mech_to_oid failed in getcred.\n"));
2N/A * gid's already set; 2N/A * check if they have expired. 2N/A * Server side authentication for RPCSEC_GSS. 2N/A * Initialize response verifier to NULL verifier. If 2N/A * necessary, this will be changed later. 2N/A * Need to null out results to start with. 2N/A * Pull out and check credential and verifier. 2N/A * If this is a control message and proc is GSSAPI_INIT, then 2N/A * create a client handle for this client. Otherwise, look up 2N/A * the existing handle. 2N/A * Only verify values for service parameter when proc 2N/A * not RPCSEC_GSS_INIT or RPCSEC_GSS_CONTINUE_INIT. 2N/A * RFC2203 says contents for sequence and service args 2N/A * are undefined for creation procs. 2N/A * Note: only need to check for *CONTINUE_INIT here because 2N/A * if() clause already checked for RPCSEC_GSS_INIT 2N/A * lock the client data until it's safe; if it's already stale, 2N/A * no more processing is possible 2N/A * Any response we send will use ctx_handle, so set it now; 2N/A * also set seq_window since this won't change. 2N/A * Keep copy of parameters we'll need for response, for the 2N/A * sake of reentrancy (we don't want to look in the context 2N/A * data because when we are sending a response, another 2N/A * request may have come in. 2N/A * If the context is not established, then only GSSAPI_INIT 2N/A * and _CONTINUE requests are valid. 2N/A * call is for us, deserialize arguments 2N/A * set next sc to point to the server cred 2N/A * if the client_data contains server_creds 2N/A * Server_creds was right - set it. Also 2N/A * set the raw and unix credentials at this 2N/A * point. This saves a lot of computation 2N/A * later when credentials are retrieved. 2N/A * XXX server_creds will prob be stale 2N/A * after rpc_gss_refresh_svc_cred(), but 2N/A * it appears not to ever be referenced 2N/A * XXX server_creds will prob be stale 2N/A * after rpc_gss_refresh_svc_cred(), but 2N/A * it appears not to ever be referenced 2N/A /* Make sure to free output_token in case of failure. */ 2N/A * We have a failure - send response and delete 2N/A * the context. Don't dispatch. Set ctx_handle 2N/A * to NULL and seq_window to 0. 2N/A * This step succeeded. Send a response, along with 2N/A * a token if there's one. Don't dispatch. 2N/A * set response verifier: checksum of SEQ_WIN 2N/A * Cache last response in case it is lost and the client 2N/A * retries on an established context. 2N/A * If appropriate, set established to TRUE *after* sending 2N/A * response (otherwise, the client will receive the final 2N/A * Context is established. Set expiry time for 2N/A * context (the minimum of time_rec and max_lifetime). 2N/A * This is an established context. Continue to 2N/A * satisfy retried continue init requests out of 2N/A * the retransmit cache. Throw away any that don't 2N/A * have a matching xid or the cach is empty. 2N/A * Delete the retransmit cache once the client sends 2N/A /* fall thru to default */ 2N/A "on an established context");
2N/A * Once the context is established and there is no more 2N/A * retransmission of last continue init request, it is safe 2N/A * to delete the retransmit cache entry. 2N/A * Context is already established. Check verifier, and 2N/A * note parameters we will need for response in gss_parms. 2N/A * Check and invoke callback if necessary. 2N/A * If the context was locked, make sure that the client 2N/A * has not changed QOP. 2N/A * Validate sequence number. 2N/A * Operational error, drop packet silently. 2N/A * The client will recover after timing out, 2N/A * assuming this is a client error and not 2N/A * a relpay attack. Don't dispatch. 2N/A * set response verifier 2N/A * If this is a control message RPCSEC_GSS_DESTROY, process 2N/A * the call; otherwise, return AUTH_OK so it will be 2N/A * dispatched to the application server. 2N/A * This should be an RPCSEC_GSS_DATA request. 2N/A * If context is locked, make sure that the client 2N/A * has not changed the security service. 2N/A * Set client credentials to raw credential 2N/A * structure in context. This is okay, since 2N/A * this will not change during the lifetime of 2N/A * the context (so it's MT safe). 2N/A * Check verifier. The verifier is the checksum of the RPC header 2N/A * upto and including the credentials field. 2N/A * We have to reconstruct the RPC header from the previously 2N/A * parsed information, since we haven't kept the header intact. 2N/A /* 8 XDR units from the IXDR macro calls. */ 2N/A * Set response verifier. This is the checksum of the given number. 2N/A * (e.g. sequence number or sequence window) 2N/A * Create client context. 2N/A * set up client data structure 2N/A * Check totals. If we've hit the limit, we destroy a context 2N/A * based on LRU method. 2N/A * now try on LRU basis 2N/A * The client context handle is a 32-bit key (unsigned int). 2N/A * The key is incremented until there is no duplicate for it. 2N/A * Set cleanup callback if we haven't. 2N/A * Insert client context into hash list and LRU list. 2N/A * Fetch a client, given the client context handle. Move it to the 2N/A * top of the LRU list since this is the most recently used context. 2N/A * Given the client context handle, find the context corresponding to it. 2N/A * Don't change its LRU state since it may not be used. 2N/A * Destroy a client context. 2N/A * remove from hash list 2N/A * remove from LRU list 2N/A * If there is a GSS context, clean up GSS state. 2N/A * Check for expired client contexts. 2N/A * Drop the least recently used client context, if possible. 2N/A * find service credentials 2N/A * return cred if found, 2N/A * Set the server principal name. 2N/A /* Check if there is already an entry in the svc_creds_list. */ 2N/A * Successfully added the mech to the cred handle 2N/A * free the existing oid_set in svc_cred 2N/A * Refresh server credentials. 2N/A * Encrypt the serialized arguments from xdr_func applied to xdr_ptr 2N/A * and write the result to xdrs. 2N/A * If context is not established, or if neither integrity nor 2N/A * privacy service is used, don't wrap - just XDR encode. 2N/A * Otherwise, wrap data using service and QOP parameters. 2N/A * Decrypt the serialized arguments and XDR decode them. 2N/A * If context is not established, or if neither integrity nor 2N/A * privacy service is used, don't unwrap - just XDR decode. 2N/A * Otherwise, unwrap data. 2N/A * Add retransmit entry to the context cache entry for a new xid. 2N/A * If there is already an entry, delete it before adding the new one. 2N/A * Delete the retransmit data from the context cache entry.