38 static void 	auth_gssapi_nextverf(AUTH *);
39 static bool_t 	auth_gssapi_marshall(AUTH *, XDR *);
40 static bool_t	auth_gssapi_validate(AUTH *, struct opaque_auth *);
41 static bool_t	auth_gssapi_refresh(AUTH *, struct rpc_msg *);
42 static bool_t	auth_gssapi_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
43 static bool_t	auth_gssapi_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
44 static void	auth_gssapi_destroy(AUTH *);
46 static bool_t	marshall_new_creds(AUTH *, bool_t, gss_buffer_t);
73 #define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private)  argument
83 AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name)  in auth_gssapi_create_default()
85      AUTH *auth;  in auth_gssapi_create_default()  local
103      auth = auth_gssapi_create(clnt,  in auth_gssapi_create_default()
116      return auth;  in auth_gssapi_create_default()
127 AUTH *auth_gssapi_create(  in auth_gssapi_create()
140      AUTH *auth, *save_auth;  in auth_gssapi_create()  local
161      auth = NULL;  in auth_gssapi_create()
167      auth = (AUTH *) malloc(sizeof(*auth));  in auth_gssapi_create()
169      if (auth == NULL || pdata == NULL) {  in auth_gssapi_create()
171 	  free(auth);  in auth_gssapi_create()
173 	  auth = NULL;  in auth_gssapi_create()
179      memset(auth, 0, sizeof(*auth));  in auth_gssapi_create()
182      auth->ah_ops = &auth_gssapi_ops;  in auth_gssapi_create()
183      auth->ah_private = (caddr_t) pdata;  in auth_gssapi_create()
186      marshall_new_creds(auth, TRUE, NULL);  in auth_gssapi_create()
189      auth->ah_verf.oa_flavor = AUTH_GSSAPI;  in auth_gssapi_create()
190      auth->ah_verf.oa_base = NULL;  in auth_gssapi_create()
191      auth->ah_verf.oa_length = 0;  in auth_gssapi_create()
193      AUTH_PRIVATE(auth)->established = FALSE;  in auth_gssapi_create()
194      AUTH_PRIVATE(auth)->clnt = clnt;  in auth_gssapi_create()
195      AUTH_PRIVATE(auth)->def_cred = (claimant_cred_handle ==  in auth_gssapi_create()
198      clnt->cl_auth = auth;  in auth_gssapi_create()
207      AUTH_PRIVATE(auth)->context = GSS_C_NO_CONTEXT;  in auth_gssapi_create()
254 				     &AUTH_PRIVATE(auth)->context,  in auth_gssapi_create()
341 	  if (AUTH_PRIVATE(auth)->client_handle.length == 0) {  in auth_gssapi_create()
349 		    GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle,  in auth_gssapi_create()
353 		    marshall_new_creds(auth, TRUE,  in auth_gssapi_create()
354 				       &AUTH_PRIVATE(auth)->client_handle);  in auth_gssapi_create()
356 	  } else if (!GSS_BUFFERS_EQUAL(AUTH_PRIVATE(auth)->client_handle,  in auth_gssapi_create()
388 				     AUTH_PRIVATE(auth)->context,  in auth_gssapi_create()
402 	       AUTH_PRIVATE(auth)->seq_num = (uint32_t)  in auth_gssapi_create()
412 		       AUTH_PRIVATE(auth)->seq_num));  in auth_gssapi_create()
427      AUTH_PRIVATE(auth)->established = TRUE;  in auth_gssapi_create()
429      marshall_new_creds(auth, FALSE,  in auth_gssapi_create()
430 			&AUTH_PRIVATE(auth)->client_handle);  in auth_gssapi_create()
433 	     *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value),  in auth_gssapi_create()
434 	     AUTH_PRIVATE(auth)->seq_num));  in auth_gssapi_create()
440      return auth;  in auth_gssapi_create()
447      if (auth) {  in auth_gssapi_create()
448 	 if (AUTH_PRIVATE(auth))  in auth_gssapi_create()
449 	     auth_gssapi_destroy(auth);  in auth_gssapi_create()
451 	     free(auth);  in auth_gssapi_create()
452 	 auth = NULL;  in auth_gssapi_create()
462      return auth;  in auth_gssapi_create()
469  * auth_gssapi_creds into auth->cred_buf
473  * 	auth		(r/w) the AUTH structure to modify
480  * Requires: auth must point to a valid GSS-API auth structure, auth_msg
484  * Effects: auth->ah_cred is set to the serialized auth_gssapi_creds
487  * auth->ah_cred.oa_flavor is set to AUTH_GSSAPI.  If cliend_handle is
490  * Modifies: auth
493      AUTH *auth,  in marshall_new_creds()  argument
512      xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,  in marshall_new_creds()
519      AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);  in marshall_new_creds()
523 	     AUTH_PRIVATE(auth)->cred_len));  in marshall_new_creds()
525      auth->ah_cred.oa_flavor = AUTH_GSSAPI;  in marshall_new_creds()
526      auth->ah_cred.oa_base = (char *) AUTH_PRIVATE(auth)->cred_buf;  in marshall_new_creds()
527      auth->ah_cred.oa_length = AUTH_PRIVATE(auth)->cred_len;  in marshall_new_creds()
542 static void auth_gssapi_nextverf(AUTH *auth)  in auth_gssapi_nextverf()  argument
553  * 	auth		(r/w) AUTH structure for client
570      AUTH *auth,  in auth_gssapi_marshall()  argument
577      if (AUTH_PRIVATE(auth)->established == TRUE)  {  in auth_gssapi_marshall()
580 	  seq_num = AUTH_PRIVATE(auth)->seq_num + 1;  in auth_gssapi_marshall()
584 	  if (auth_gssapi_seal_seq(AUTH_PRIVATE(auth)->context, seq_num,  in auth_gssapi_marshall()
589 	  auth->ah_verf.oa_base = out_buf.value;  in auth_gssapi_marshall()
590 	  auth->ah_verf.oa_length = out_buf.length;  in auth_gssapi_marshall()
592 	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||  in auth_gssapi_marshall()
593 	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {  in auth_gssapi_marshall()
601 	  auth->ah_verf.oa_base = NULL;  in auth_gssapi_marshall()
602 	  auth->ah_verf.oa_length = 0;  in auth_gssapi_marshall()
604 	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||  in auth_gssapi_marshall()
605 	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {  in auth_gssapi_marshall()
621      AUTH *auth,  in auth_gssapi_validate()  argument
627      if (AUTH_PRIVATE(auth)->established == FALSE) {  in auth_gssapi_validate()
636      if (auth_gssapi_unseal_seq(AUTH_PRIVATE(auth)->context, &in_buf,  in auth_gssapi_validate()
643      if (AUTH_PRIVATE(auth)->seq_num+2 != seq_num) {  in auth_gssapi_validate()
645 		  AUTH_PRIVATE(auth)->seq_num + 2, seq_num, seq_num));  in auth_gssapi_validate()
651      AUTH_PRIVATE(auth)->seq_num += 2;  in auth_gssapi_validate()
678      AUTH *auth,  in auth_gssapi_refresh()  argument
684 	  AUTH_PRIVATE(auth)->seq_num++;  in auth_gssapi_refresh()
703 static void auth_gssapi_destroy(AUTH *auth)  in auth_gssapi_destroy()  argument
710      if (AUTH_PRIVATE(auth)->client_handle.length == 0) {  in auth_gssapi_destroy()
716      if (!marshall_new_creds(auth, TRUE, &AUTH_PRIVATE(auth)->client_handle)) {  in auth_gssapi_destroy()
724      callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_DESTROY,  in auth_gssapi_destroy()
727 	  clnt_sperror(AUTH_PRIVATE(auth)->clnt,  in auth_gssapi_destroy()
733 				      &AUTH_PRIVATE(auth)->context,  in auth_gssapi_destroy()
738      if (AUTH_PRIVATE(auth)->def_cred) {  in auth_gssapi_destroy()
746      free(AUTH_PRIVATE(auth)->client_handle.value);  in auth_gssapi_destroy()
747      free(auth->ah_private);  in auth_gssapi_destroy()
748      free(auth);  in auth_gssapi_destroy()
761      AUTH *auth,  in auth_gssapi_wrap()  argument
768      if (! AUTH_PRIVATE(auth)->established) {  in auth_gssapi_wrap()
772 					AUTH_PRIVATE(auth)->context,  in auth_gssapi_wrap()
773 					AUTH_PRIVATE(auth)->seq_num+1,  in auth_gssapi_wrap()
792      AUTH *auth,  in auth_gssapi_unwrap()  argument
799      if (! AUTH_PRIVATE(auth)->established) {  in auth_gssapi_unwrap()
803 					  AUTH_PRIVATE(auth)->context,  in auth_gssapi_unwrap()
804 					  AUTH_PRIVATE(auth)->seq_num,  in auth_gssapi_unwrap()