128 	struct rpc_gss_data	*gd;
170 	gd = mem_alloc(sizeof(*gd));
171 	if (gd == NULL) {
179 	auth->ah_private = (caddr_t) gd;
185 	    GSS_C_NT_HOSTBASED_SERVICE, &gd->gd_name);
193 		gd->gd_options = *options_req;
195 		gd->gd_options.req_flags = GSS_C_MUTUAL_FLAG;
196 		gd->gd_options.time_req = 0;
197 		gd->gd_options.my_cred = GSS_C_NO_CREDENTIAL;
198 		gd->gd_options.input_channel_bindings = NULL;
200 	gd->gd_clnt = clnt;
201 	gd->gd_ctx = GSS_C_NO_CONTEXT;
202 	gd->gd_mech = oid;
203 	gd->gd_qop = qop_num;
205 	gd->gd_cred.gc_version = RPCSEC_GSS_VERSION;
206 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;
207 	gd->gd_cred.gc_seq = 0;
208 	gd->gd_cred.gc_svc = service;
230 	struct rpc_gss_data	*gd;
234 	gd = AUTH_PRIVATE(auth);
235 	if (!rpc_gss_oid_to_mech(gd->gd_mech, &mechanism)) {
247 	gd->gd_cred.gc_svc = service;
248 	gd->gd_qop = qop_num;
270 	struct rpc_gss_data	*gd;
278 	gd = AUTH_PRIVATE(auth);
280 	if (gd->gd_state == RPCSEC_GSS_CONTEXT) {
286 		if (gd->gd_verf.value)
288 			    (char *) &gd->gd_verf);
289 		gd->gd_verf.value = mem_alloc(verf->oa_length);
290 		if (gd->gd_verf.value == NULL) {
295 		memcpy(gd->gd_verf.value, verf->oa_base, verf->oa_length);
296 		gd->gd_verf.length = verf->oa_length;
300 	num = htonl(gd->gd_cred.gc_seq);
307 	maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx, &signbuf,
309 	if (maj_stat != GSS_S_COMPLETE || qop_state != gd->gd_qop) {
310 		log_status("gss_verify_mic", gd->gd_mech, maj_stat, min_stat);
323 	struct rpc_gss_data	*gd;
331 	gd = AUTH_PRIVATE(auth);
333 	if (gd->gd_state != RPCSEC_GSS_START)
337 	gd->gd_state = RPCSEC_GSS_CONTEXT;
338 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;
339 	gd->gd_cred.gc_seq = 0;
347 		    gd->gd_options.my_cred,
348 		    &gd->gd_ctx,
349 		    gd->gd_name,
350 		    gd->gd_mech,
351 		    gd->gd_options.req_flags,
352 		    gd->gd_options.time_req,
353 		    gd->gd_options.input_channel_bindings,
355 		    &gd->gd_mech,	/* used mech */
372 			log_status("gss_init_sec_context", gd->gd_mech,
381 			call_stat = clnt_call(gd->gd_clnt, NULLPROC,
394 				log_status("server reply", gd->gd_mech,
408 				    (char *) &gd->gd_cred.gc_handle);
409 				gd->gd_cred.gc_handle = gr.gr_handle;
425 			gd->gd_cred.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
440 			maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx,
441 			    &bufin, &gd->gd_verf, &qop_state);
444 			    qop_state != gd->gd_qop) {
445 				log_status("gss_verify_mic", gd->gd_mech,
459 			options_ret->rpcsec_version = gd->gd_cred.gc_version;
460 			options_ret->gss_context = gd->gd_ctx;
461 			if (rpc_gss_oid_to_mech(gd->gd_mech, &mech)) {
467 			gd->gd_state = RPCSEC_GSS_ESTABLISHED;
468 			gd->gd_cred.gc_proc = RPCSEC_GSS_DATA;
469 			gd->gd_cred.gc_seq = 0;
470 			gd->gd_win = gr.gr_win;
475 	    (char *) &gd->gd_verf);
478 	if (gd->gd_cred.gc_proc != RPCSEC_GSS_DATA) {
513 	struct rpc_gss_data	*gd;
518 	gd = AUTH_PRIVATE(auth);
520 	if (gd->gd_state == RPCSEC_GSS_ESTABLISHED && send_destroy) {
521 		gd->gd_cred.gc_proc = RPCSEC_GSS_DESTROY;
522 		clnt_call(gd->gd_clnt, NULLPROC,
532 	    (char *) &gd->gd_cred.gc_handle);
533 	gd->gd_cred.gc_handle.length = 0;
535 	if (gd->gd_ctx != GSS_C_NO_CONTEXT)
536 		gss_delete_sec_context(&min_stat, &gd->gd_ctx, NULL);
538 	gd->gd_state = RPCSEC_GSS_START;
544 	struct rpc_gss_data	*gd;
549 	gd = AUTH_PRIVATE(auth);
553 	if (gd->gd_name != GSS_C_NO_NAME)
554 		gss_release_name(&min_stat, &gd->gd_name);
555 	if (gd->gd_verf.value)
557 		    (char *) &gd->gd_verf);
559 	mem_free(gd, sizeof(*gd));
571 	struct rpc_gss_data	*gd;
578 	gd = AUTH_PRIVATE(auth);
580 	if (gd->gd_state == RPCSEC_GSS_ESTABLISHED)
581 		gd->gd_cred.gc_seq++;
589 	if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gd_cred)) {
614 	if (gd->gd_cred.gc_proc == RPCSEC_GSS_INIT ||
615 	    gd->gd_cred.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
628 		maj_stat = gss_get_mic(&min_stat, gd->gd_ctx, gd->gd_qop,
632 			log_status("gss_get_mic", gd->gd_mech,
653 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED ||
654 	    gd->gd_cred.gc_svc == rpc_gss_svc_none) {
658 		gd->gd_ctx, gd->gd_qop, gd->gd_cred.gc_svc,
659 		gd->gd_cred.gc_seq));
665 	struct rpc_gss_data	*gd;
669 	gd = AUTH_PRIVATE(auth);
671 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED ||
672 	    gd->gd_cred.gc_svc == rpc_gss_svc_none) {
676 		gd->gd_ctx, gd->gd_qop, gd->gd_cred.gc_svc,
677 		gd->gd_cred.gc_seq));
683 	struct rpc_gss_data	*gd;
689 	gd = AUTH_PRIVATE(auth);
691 	switch (gd->gd_cred.gc_svc) {
709 	maj_stat = gss_wrap_size_limit(&min_stat, gd->gd_ctx, want_conf,
710 	    gd->gd_qop, max_tp_unit_len, &max);
718 		log_status("gss_wrap_size_limit", gd->gd_mech,

Indexes created Sun Jun 30 11:05:36 MDT 2024