xref: /freebsd/lib/librpcsec_gss/svc_rpcsec_gss.c (revision 409a390c3341fb4f162cd7de1fd595a323ebbfd8)
1 /*-
2  * Copyright (c) 2008 Doug Rabson
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  *	$FreeBSD$
27  */
28 /*
29   svc_rpcsec_gss.c
30 
31   Copyright (c) 2000 The Regents of the University of Michigan.
32   All rights reserved.
33 
34   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
35   All rights reserved, all wrongs reversed.
36 
37   Redistribution and use in source and binary forms, with or without
38   modification, are permitted provided that the following conditions
39   are met:
40 
41   1. Redistributions of source code must retain the above copyright
42      notice, this list of conditions and the following disclaimer.
43   2. Redistributions in binary form must reproduce the above copyright
44      notice, this list of conditions and the following disclaimer in the
45      documentation and/or other materials provided with the distribution.
46   3. Neither the name of the University nor the names of its
47      contributors may be used to endorse or promote products derived
48      from this software without specific prior written permission.
49 
50   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
51   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
52   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
53   DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
55   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
56   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
57   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
58   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
59   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
60   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
61 
62   $Id: svc_auth_gss.c,v 1.27 2002/01/15 15:43:00 andros Exp $
63  */
64 
65 #include <stdio.h>
66 #include <stdlib.h>
67 #include <string.h>
68 #include <pwd.h>
69 #include <grp.h>
70 #include <errno.h>
71 #include <unistd.h>
72 #include <sys/queue.h>
73 #include <rpc/rpc.h>
74 #include <rpc/rpcsec_gss.h>
75 #include "rpcsec_gss_int.h"
76 
77 static bool_t	svc_rpc_gss_initialised = FALSE;
78 
79 static bool_t   svc_rpc_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
80 static bool_t   svc_rpc_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
81 static enum auth_stat svc_rpc_gss(struct svc_req *, struct rpc_msg *);
82 
83 static struct svc_auth_ops svc_auth_gss_ops = {
84 	svc_rpc_gss_wrap,
85 	svc_rpc_gss_unwrap,
86 };
87 
88 struct svc_rpc_gss_callback {
89 	SLIST_ENTRY(svc_rpc_gss_callback) cb_link;
90 	rpc_gss_callback_t	cb_callback;
91 };
92 static SLIST_HEAD(svc_rpc_gss_callback_list, svc_rpc_gss_callback)
93 	svc_rpc_gss_callbacks = SLIST_HEAD_INITIALIZER(svc_rpc_gss_callbacks);
94 
95 struct svc_rpc_gss_svc_name {
96 	SLIST_ENTRY(svc_rpc_gss_svc_name) sn_link;
97 	char			*sn_principal;
98 	gss_OID			sn_mech;
99 	u_int			sn_req_time;
100 	gss_cred_id_t		sn_cred;
101 	u_int			sn_program;
102 	u_int			sn_version;
103 };
104 static SLIST_HEAD(svc_rpc_gss_svc_name_list, svc_rpc_gss_svc_name)
105 	svc_rpc_gss_svc_names = SLIST_HEAD_INITIALIZER(svc_rpc_gss_svc_names);
106 
107 enum svc_rpc_gss_client_state {
108 	CLIENT_NEW,				/* still authenticating */
109 	CLIENT_ESTABLISHED,			/* context established */
110 	CLIENT_STALE				/* garbage to collect */
111 };
112 
113 #define SVC_RPC_GSS_SEQWINDOW	128
114 
115 struct svc_rpc_gss_client {
116 	TAILQ_ENTRY(svc_rpc_gss_client) cl_link;
117 	TAILQ_ENTRY(svc_rpc_gss_client) cl_alllink;
118 	uint32_t		cl_id;
119 	time_t			cl_expiration;	/* when to gc */
120 	enum svc_rpc_gss_client_state cl_state;	/* client state */
121 	bool_t			cl_locked;	/* fixed service+qop */
122 	gss_ctx_id_t		cl_ctx;		/* context id */
123 	gss_cred_id_t		cl_creds;	/* delegated creds */
124 	gss_name_t		cl_cname;	/* client name */
125 	struct svc_rpc_gss_svc_name *cl_sname;	/* server name used */
126 	rpc_gss_rawcred_t	cl_rawcred;	/* raw credentials */
127 	rpc_gss_ucred_t		cl_ucred;	/* unix-style credentials */
128 	bool_t			cl_done_callback; /* TRUE after call */
129 	void			*cl_cookie;	/* user cookie from callback */
130 	gid_t			cl_gid_storage[NGRPS];
131 	gss_OID			cl_mech;	/* mechanism */
132 	gss_qop_t		cl_qop;		/* quality of protection */
133 	u_int			cl_seq;		/* current sequence number */
134 	u_int			cl_win;		/* sequence window size */
135 	u_int			cl_seqlast;	/* sequence window origin */
136 	uint32_t		cl_seqmask[SVC_RPC_GSS_SEQWINDOW/32]; /* bitmask of seqnums */
137 	gss_buffer_desc		cl_verf;	/* buffer for verf checksum */
138 };
139 TAILQ_HEAD(svc_rpc_gss_client_list, svc_rpc_gss_client);
140 
141 #define CLIENT_HASH_SIZE	256
142 #define CLIENT_MAX		128
143 struct svc_rpc_gss_client_list svc_rpc_gss_client_hash[CLIENT_HASH_SIZE];
144 struct svc_rpc_gss_client_list svc_rpc_gss_clients;
145 static size_t svc_rpc_gss_client_count;
146 static uint32_t svc_rpc_gss_next_clientid = 1;
147 
148 #ifdef __GNUC__
149 static void svc_rpc_gss_init(void) __attribute__ ((constructor));
150 #endif
151 
152 static void
153 svc_rpc_gss_init(void)
154 {
155 	int i;
156 
157 	if (!svc_rpc_gss_initialised) {
158 		for (i = 0; i < CLIENT_HASH_SIZE; i++)
159 			TAILQ_INIT(&svc_rpc_gss_client_hash[i]);
160 		TAILQ_INIT(&svc_rpc_gss_clients);
161 		svc_auth_reg(RPCSEC_GSS, svc_rpc_gss);
162 		svc_rpc_gss_initialised = TRUE;
163 	}
164 }
165 
166 bool_t
167 rpc_gss_set_callback(rpc_gss_callback_t *cb)
168 {
169 	struct svc_rpc_gss_callback *scb;
170 
171 	scb = mem_alloc(sizeof(struct svc_rpc_gss_callback));
172 	if (!scb) {
173 		_rpc_gss_set_error(RPC_GSS_ER_SYSTEMERROR, ENOMEM);
174 		return (FALSE);
175 	}
176 	scb->cb_callback = *cb;
177 	SLIST_INSERT_HEAD(&svc_rpc_gss_callbacks, scb, cb_link);
178 
179 	return (TRUE);
180 }
181 
182 bool_t
183 rpc_gss_set_svc_name(const char *principal, const char *mechanism,
184     u_int req_time, u_int program, u_int version)
185 {
186 	OM_uint32		maj_stat, min_stat;
187 	struct svc_rpc_gss_svc_name *sname;
188 	gss_buffer_desc		namebuf;
189 	gss_name_t		name;
190 	gss_OID			mech_oid;
191 	gss_OID_set_desc	oid_set;
192 	gss_cred_id_t		cred;
193 
194 	svc_rpc_gss_init();
195 
196 	if (!rpc_gss_mech_to_oid(mechanism, &mech_oid))
197 		return (FALSE);
198 	oid_set.count = 1;
199 	oid_set.elements = mech_oid;
200 
201 	namebuf.value = (void *)(intptr_t) principal;
202 	namebuf.length = strlen(principal);
203 
204 	maj_stat = gss_import_name(&min_stat, &namebuf,
205 				   GSS_C_NT_HOSTBASED_SERVICE, &name);
206 	if (maj_stat != GSS_S_COMPLETE)
207 		return (FALSE);
208 
209 	maj_stat = gss_acquire_cred(&min_stat, name,
210 	    req_time, &oid_set, GSS_C_ACCEPT, &cred, NULL, NULL);
211 	if (maj_stat != GSS_S_COMPLETE)
212 		return (FALSE);
213 
214 	gss_release_name(&min_stat, &name);
215 
216 	sname = malloc(sizeof(struct svc_rpc_gss_svc_name));
217 	if (!sname)
218 		return (FALSE);
219 	sname->sn_principal = strdup(principal);
220 	sname->sn_mech = mech_oid;
221 	sname->sn_req_time = req_time;
222 	sname->sn_cred = cred;
223 	sname->sn_program = program;
224 	sname->sn_version = version;
225 	SLIST_INSERT_HEAD(&svc_rpc_gss_svc_names, sname, sn_link);
226 
227 	return (TRUE);
228 }
229 
230 bool_t
231 rpc_gss_get_principal_name(rpc_gss_principal_t *principal,
232     const char *mech, const char *name, const char *node, const char *domain)
233 {
234 	OM_uint32		maj_stat, min_stat;
235 	gss_OID			mech_oid;
236 	size_t			namelen;
237 	gss_buffer_desc		buf;
238 	gss_name_t		gss_name, gss_mech_name;
239 	rpc_gss_principal_t	result;
240 
241 	svc_rpc_gss_init();
242 
243 	if (!rpc_gss_mech_to_oid(mech, &mech_oid))
244 		return (FALSE);
245 
246 	/*
247 	 * Construct a gss_buffer containing the full name formatted
248 	 * as "name/node@domain" where node and domain are optional.
249 	 */
250 	namelen = strlen(name);
251 	if (node) {
252 		namelen += strlen(node) + 1;
253 	}
254 	if (domain) {
255 		namelen += strlen(domain) + 1;
256 	}
257 
258 	buf.value = mem_alloc(namelen);
259 	buf.length = namelen;
260 	strcpy((char *) buf.value, name);
261 	if (node) {
262 		strcat((char *) buf.value, "/");
263 		strcat((char *) buf.value, node);
264 	}
265 	if (domain) {
266 		strcat((char *) buf.value, "@");
267 		strcat((char *) buf.value, domain);
268 	}
269 
270 	/*
271 	 * Convert that to a gss_name_t and then convert that to a
272 	 * mechanism name in the selected mechanism.
273 	 */
274 	maj_stat = gss_import_name(&min_stat, &buf,
275 	    GSS_C_NT_USER_NAME, &gss_name);
276 	mem_free(buf.value, buf.length);
277 	if (maj_stat != GSS_S_COMPLETE) {
278 		log_status("gss_import_name", mech_oid, maj_stat, min_stat);
279 		return (FALSE);
280 	}
281 	maj_stat = gss_canonicalize_name(&min_stat, gss_name, mech_oid,
282 	    &gss_mech_name);
283 	if (maj_stat != GSS_S_COMPLETE) {
284 		log_status("gss_canonicalize_name", mech_oid, maj_stat,
285 		    min_stat);
286 		gss_release_name(&min_stat, &gss_name);
287 		return (FALSE);
288 	}
289 	gss_release_name(&min_stat, &gss_name);
290 
291 	/*
292 	 * Export the mechanism name and use that to construct the
293 	 * rpc_gss_principal_t result.
294 	 */
295 	maj_stat = gss_export_name(&min_stat, gss_mech_name, &buf);
296 	if (maj_stat != GSS_S_COMPLETE) {
297 		log_status("gss_export_name", mech_oid, maj_stat, min_stat);
298 		gss_release_name(&min_stat, &gss_mech_name);
299 		return (FALSE);
300 	}
301 	gss_release_name(&min_stat, &gss_mech_name);
302 
303 	result = mem_alloc(sizeof(int) + buf.length);
304 	if (!result) {
305 		gss_release_buffer(&min_stat, &buf);
306 		return (FALSE);
307 	}
308 	result->len = buf.length;
309 	memcpy(result->name, buf.value, buf.length);
310 	gss_release_buffer(&min_stat, &buf);
311 
312 	*principal = result;
313 	return (TRUE);
314 }
315 
316 bool_t
317 rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
318     rpc_gss_ucred_t **ucred, void **cookie)
319 {
320 	struct svc_rpc_gss_client *client;
321 
322 	if (req->rq_cred.oa_flavor != RPCSEC_GSS)
323 		return (FALSE);
324 
325 	client = req->rq_clntcred;
326 	if (rcred)
327 		*rcred = &client->cl_rawcred;
328 	if (ucred)
329 		*ucred = &client->cl_ucred;
330 	if (cookie)
331 		*cookie = client->cl_cookie;
332 	return (TRUE);
333 }
334 
335 int
336 rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len)
337 {
338 	struct svc_rpc_gss_client *client = req->rq_clntcred;
339 	int			want_conf;
340 	OM_uint32		max;
341 	OM_uint32		maj_stat, min_stat;
342 	int			result;
343 
344 	switch (client->cl_rawcred.service) {
345 	case rpc_gss_svc_none:
346 		return (max_tp_unit_len);
347 		break;
348 
349 	case rpc_gss_svc_default:
350 	case rpc_gss_svc_integrity:
351 		want_conf = FALSE;
352 		break;
353 
354 	case rpc_gss_svc_privacy:
355 		want_conf = TRUE;
356 		break;
357 
358 	default:
359 		return (0);
360 	}
361 
362 	maj_stat = gss_wrap_size_limit(&min_stat, client->cl_ctx, want_conf,
363 	    client->cl_qop, max_tp_unit_len, &max);
364 
365 	if (maj_stat == GSS_S_COMPLETE) {
366 		result = (int) max;
367 		if (result < 0)
368 			result = 0;
369 		return (result);
370 	} else {
371 		log_status("gss_wrap_size_limit", client->cl_mech,
372 		    maj_stat, min_stat);
373 		return (0);
374 	}
375 }
376 
377 static struct svc_rpc_gss_client *
378 svc_rpc_gss_find_client(uint32_t clientid)
379 {
380 	struct svc_rpc_gss_client *client;
381 	struct svc_rpc_gss_client_list *list;
382 
383 
384 	log_debug("in svc_rpc_gss_find_client(%d)", clientid);
385 
386 	list = &svc_rpc_gss_client_hash[clientid % CLIENT_HASH_SIZE];
387 	TAILQ_FOREACH(client, list, cl_link) {
388 		if (client->cl_id == clientid) {
389 			/*
390 			 * Move this client to the front of the LRU
391 			 * list.
392 			 */
393 			TAILQ_REMOVE(&svc_rpc_gss_clients, client, cl_alllink);
394 			TAILQ_INSERT_HEAD(&svc_rpc_gss_clients, client,
395 			    cl_alllink);
396 			return client;
397 		}
398 	}
399 
400 	return (NULL);
401 }
402 
403 static struct svc_rpc_gss_client *
404 svc_rpc_gss_create_client(void)
405 {
406 	struct svc_rpc_gss_client *client;
407 	struct svc_rpc_gss_client_list *list;
408 
409 	log_debug("in svc_rpc_gss_create_client()");
410 
411 	client = mem_alloc(sizeof(struct svc_rpc_gss_client));
412 	memset(client, 0, sizeof(struct svc_rpc_gss_client));
413 	client->cl_id = svc_rpc_gss_next_clientid++;
414 	list = &svc_rpc_gss_client_hash[client->cl_id % CLIENT_HASH_SIZE];
415 	TAILQ_INSERT_HEAD(list, client, cl_link);
416 	TAILQ_INSERT_HEAD(&svc_rpc_gss_clients, client, cl_alllink);
417 
418 	/*
419 	 * Start the client off with a short expiration time. We will
420 	 * try to get a saner value from the client creds later.
421 	 */
422 	client->cl_state = CLIENT_NEW;
423 	client->cl_locked = FALSE;
424 	client->cl_expiration = time(0) + 5*60;
425 	svc_rpc_gss_client_count++;
426 
427 	return (client);
428 }
429 
430 static void
431 svc_rpc_gss_destroy_client(struct svc_rpc_gss_client *client)
432 {
433 	struct svc_rpc_gss_client_list *list;
434 	OM_uint32 min_stat;
435 
436 	log_debug("in svc_rpc_gss_destroy_client()");
437 
438 	if (client->cl_ctx)
439 		gss_delete_sec_context(&min_stat,
440 		    &client->cl_ctx, GSS_C_NO_BUFFER);
441 
442 	if (client->cl_cname)
443 		gss_release_name(&min_stat, &client->cl_cname);
444 
445 	if (client->cl_rawcred.client_principal)
446 		mem_free(client->cl_rawcred.client_principal,
447 		    sizeof(*client->cl_rawcred.client_principal)
448 		    + client->cl_rawcred.client_principal->len);
449 
450 	if (client->cl_verf.value)
451 		gss_release_buffer(&min_stat, &client->cl_verf);
452 
453 	list = &svc_rpc_gss_client_hash[client->cl_id % CLIENT_HASH_SIZE];
454 	TAILQ_REMOVE(list, client, cl_link);
455 	TAILQ_REMOVE(&svc_rpc_gss_clients, client, cl_alllink);
456 	svc_rpc_gss_client_count--;
457 	mem_free(client, sizeof(*client));
458 }
459 
460 static void
461 svc_rpc_gss_timeout_clients(void)
462 {
463 	struct svc_rpc_gss_client *client;
464 	struct svc_rpc_gss_client *nclient;
465 	time_t now = time(0);
466 
467 	log_debug("in svc_rpc_gss_timeout_clients()");
468 	/*
469 	 * First enforce the max client limit. We keep
470 	 * svc_rpc_gss_clients in LRU order.
471 	 */
472 	while (svc_rpc_gss_client_count > CLIENT_MAX)
473 		svc_rpc_gss_destroy_client(TAILQ_LAST(&svc_rpc_gss_clients,
474 			    svc_rpc_gss_client_list));
475 	TAILQ_FOREACH_SAFE(client, &svc_rpc_gss_clients, cl_alllink, nclient) {
476 		if (client->cl_state == CLIENT_STALE
477 		    || now > client->cl_expiration) {
478 			log_debug("expiring client %p", client);
479 			svc_rpc_gss_destroy_client(client);
480 		}
481 	}
482 }
483 
484 #ifdef DEBUG
485 /*
486  * OID<->string routines.  These are uuuuugly.
487  */
488 static OM_uint32
489 gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
490 {
491 	char		numstr[128];
492 	unsigned long	number;
493 	int		numshift;
494 	size_t		string_length;
495 	size_t		i;
496 	unsigned char	*cp;
497 	char		*bp;
498 
499 	/* Decoded according to krb5/gssapi_krb5.c */
500 
501 	/* First determine the size of the string */
502 	string_length = 0;
503 	number = 0;
504 	numshift = 0;
505 	cp = (unsigned char *) oid->elements;
506 	number = (unsigned long) cp[0];
507 	sprintf(numstr, "%ld ", number/40);
508 	string_length += strlen(numstr);
509 	sprintf(numstr, "%ld ", number%40);
510 	string_length += strlen(numstr);
511 	for (i=1; i<oid->length; i++) {
512 		if ( (size_t) (numshift+7) < (sizeof(unsigned long)*8)) {
513 			number = (number << 7) | (cp[i] & 0x7f);
514 			numshift += 7;
515 		}
516 		else {
517 			*minor_status = 0;
518 			return(GSS_S_FAILURE);
519 		}
520 		if ((cp[i] & 0x80) == 0) {
521 			sprintf(numstr, "%ld ", number);
522 			string_length += strlen(numstr);
523 			number = 0;
524 			numshift = 0;
525 		}
526 	}
527 	/*
528 	 * If we get here, we've calculated the length of "n n n ... n ".  Add 4
529 	 * here for "{ " and "}\0".
530 	 */
531 	string_length += 4;
532 	if ((bp = (char *) mem_alloc(string_length))) {
533 		strcpy(bp, "{ ");
534 		number = (unsigned long) cp[0];
535 		sprintf(numstr, "%ld ", number/40);
536 		strcat(bp, numstr);
537 		sprintf(numstr, "%ld ", number%40);
538 		strcat(bp, numstr);
539 		number = 0;
540 		cp = (unsigned char *) oid->elements;
541 		for (i=1; i<oid->length; i++) {
542 			number = (number << 7) | (cp[i] & 0x7f);
543 			if ((cp[i] & 0x80) == 0) {
544 				sprintf(numstr, "%ld ", number);
545 				strcat(bp, numstr);
546 				number = 0;
547 			}
548 		}
549 		strcat(bp, "}");
550 		oid_str->length = strlen(bp)+1;
551 		oid_str->value = (void *) bp;
552 		*minor_status = 0;
553 		return(GSS_S_COMPLETE);
554 	}
555 	*minor_status = 0;
556 	return(GSS_S_FAILURE);
557 }
558 #endif
559 
560 static void
561 svc_rpc_gss_build_ucred(struct svc_rpc_gss_client *client,
562     const gss_name_t name)
563 {
564 	OM_uint32		maj_stat, min_stat;
565 	char			buf[128];
566 	uid_t			uid;
567 	struct passwd		pwd, *pw;
568 	rpc_gss_ucred_t		*uc = &client->cl_ucred;
569 
570 	uc->uid = 65534;
571 	uc->gid = 65534;
572 	uc->gidlen = 0;
573 	uc->gidlist = client->cl_gid_storage;
574 
575 	maj_stat = gss_pname_to_uid(&min_stat, name, client->cl_mech, &uid);
576 	if (maj_stat != GSS_S_COMPLETE)
577 		return;
578 
579 	getpwuid_r(uid, &pwd, buf, sizeof(buf), &pw);
580 	if (pw) {
581 		int len = NGRPS;
582 		uc->uid = pw->pw_uid;
583 		uc->gid = pw->pw_gid;
584 		uc->gidlist = client->cl_gid_storage;
585 		getgrouplist(pw->pw_name, pw->pw_gid, uc->gidlist, &len);
586 		uc->gidlen = len;
587 	}
588 }
589 
590 static bool_t
591 svc_rpc_gss_accept_sec_context(struct svc_rpc_gss_client *client,
592 			       struct svc_req *rqst,
593 			       struct rpc_gss_init_res *gr,
594 			       struct rpc_gss_cred *gc)
595 {
596 	gss_buffer_desc		recv_tok;
597 	gss_OID			mech;
598 	OM_uint32		maj_stat = 0, min_stat = 0, ret_flags;
599 	OM_uint32		cred_lifetime;
600 	struct svc_rpc_gss_svc_name *sname;
601 
602 	log_debug("in svc_rpc_gss_accept_context()");
603 
604 	/* Deserialize arguments. */
605 	memset(&recv_tok, 0, sizeof(recv_tok));
606 
607 	if (!svc_getargs(rqst->rq_xprt,
608 		(xdrproc_t) xdr_gss_buffer_desc,
609 		(caddr_t) &recv_tok)) {
610 		client->cl_state = CLIENT_STALE;
611 		return (FALSE);
612 	}
613 
614 	/*
615 	 * First time round, try all the server names we have until
616 	 * one matches. Afterwards, stick with that one.
617 	 */
618 	if (!client->cl_sname) {
619 		SLIST_FOREACH(sname, &svc_rpc_gss_svc_names, sn_link) {
620 			if (sname->sn_program == rqst->rq_prog
621 			    && sname->sn_version == rqst->rq_vers) {
622 				gr->gr_major = gss_accept_sec_context(
623 					&gr->gr_minor,
624 					&client->cl_ctx,
625 					sname->sn_cred,
626 					&recv_tok,
627 					GSS_C_NO_CHANNEL_BINDINGS,
628 					&client->cl_cname,
629 					&mech,
630 					&gr->gr_token,
631 					&ret_flags,
632 					&cred_lifetime,
633 					&client->cl_creds);
634 				if (gr->gr_major == GSS_S_COMPLETE
635 				    || gr->gr_major == GSS_S_CONTINUE_NEEDED) {
636 					client->cl_sname = sname;
637 					break;
638 				}
639 				client->cl_sname = sname;
640 				break;
641 			}
642 		}
643 		if (!sname) {
644 			xdr_free((xdrproc_t) xdr_gss_buffer_desc,
645 			    (char *) &recv_tok);
646 			return (FALSE);
647 		}
648 	} else {
649 		gr->gr_major = gss_accept_sec_context(
650 			&gr->gr_minor,
651 			&client->cl_ctx,
652 			client->cl_sname->sn_cred,
653 			&recv_tok,
654 			GSS_C_NO_CHANNEL_BINDINGS,
655 			&client->cl_cname,
656 			&mech,
657 			&gr->gr_token,
658 			&ret_flags,
659 			&cred_lifetime,
660 			NULL);
661 	}
662 
663 	xdr_free((xdrproc_t) xdr_gss_buffer_desc, (char *) &recv_tok);
664 
665 	/*
666 	 * If we get an error from gss_accept_sec_context, send the
667 	 * reply anyway so that the client gets a chance to see what
668 	 * is wrong.
669 	 */
670 	if (gr->gr_major != GSS_S_COMPLETE &&
671 	    gr->gr_major != GSS_S_CONTINUE_NEEDED) {
672 		log_status("accept_sec_context", client->cl_mech,
673 		    gr->gr_major, gr->gr_minor);
674 		client->cl_state = CLIENT_STALE;
675 		return (TRUE);
676 	}
677 
678 	gr->gr_handle.value = &client->cl_id;
679 	gr->gr_handle.length = sizeof(client->cl_id);
680 	gr->gr_win = SVC_RPC_GSS_SEQWINDOW;
681 
682 	/* Save client info. */
683 	client->cl_mech = mech;
684 	client->cl_qop = GSS_C_QOP_DEFAULT;
685 	client->cl_seq = gc->gc_seq;
686 	client->cl_win = gr->gr_win;
687 	client->cl_done_callback = FALSE;
688 
689 	if (gr->gr_major == GSS_S_COMPLETE) {
690 		gss_buffer_desc	export_name;
691 
692 		/*
693 		 * Change client expiration time to be near when the
694 		 * client creds expire (or 24 hours if we can't figure
695 		 * that out).
696 		 */
697 		if (cred_lifetime == GSS_C_INDEFINITE)
698 			cred_lifetime = time(0) + 24*60*60;
699 
700 		client->cl_expiration = time(0) + cred_lifetime;
701 
702 		/*
703 		 * Fill in cred details in the rawcred structure.
704 		 */
705 		client->cl_rawcred.version = RPCSEC_GSS_VERSION;
706 		rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
707 		maj_stat = gss_export_name(&min_stat, client->cl_cname,
708 		    &export_name);
709 		if (maj_stat != GSS_S_COMPLETE) {
710 			log_status("gss_export_name", client->cl_mech,
711 			    maj_stat, min_stat);
712 			return (FALSE);
713 		}
714 		client->cl_rawcred.client_principal =
715 			mem_alloc(sizeof(*client->cl_rawcred.client_principal)
716 			    + export_name.length);
717 		client->cl_rawcred.client_principal->len = export_name.length;
718 		memcpy(client->cl_rawcred.client_principal->name,
719 		    export_name.value, export_name.length);
720 		gss_release_buffer(&min_stat, &export_name);
721 		client->cl_rawcred.svc_principal =
722 			client->cl_sname->sn_principal;
723 		client->cl_rawcred.service = gc->gc_svc;
724 
725 		/*
726 		 * Use gss_pname_to_uid to map to unix creds. For
727 		 * kerberos5, this uses krb5_aname_to_localname.
728 		 */
729 		svc_rpc_gss_build_ucred(client, client->cl_cname);
730 		gss_release_name(&min_stat, &client->cl_cname);
731 
732 #ifdef DEBUG
733 		{
734 			gss_buffer_desc mechname;
735 
736 			gss_oid_to_str(&min_stat, mech, &mechname);
737 
738 			log_debug("accepted context for %s with "
739 			    "<mech %.*s, qop %d, svc %d>",
740 			    client->cl_rawcred.client_principal->name,
741 			    mechname.length, (char *)mechname.value,
742 			    client->cl_qop, client->rawcred.service);
743 
744 			gss_release_buffer(&min_stat, &mechname);
745 		}
746 #endif /* DEBUG */
747 	}
748 	return (TRUE);
749 }
750 
751 static bool_t
752 svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
753 	gss_qop_t *qop)
754 {
755 	struct opaque_auth	*oa;
756 	gss_buffer_desc		 rpcbuf, checksum;
757 	OM_uint32		 maj_stat, min_stat;
758 	gss_qop_t		 qop_state;
759 	int32_t			 rpchdr[128 / sizeof(int32_t)];
760 	int32_t			*buf;
761 
762 	log_debug("in svc_rpc_gss_validate()");
763 
764 	memset(rpchdr, 0, sizeof(rpchdr));
765 
766 	/* Reconstruct RPC header for signing (from xdr_callmsg). */
767 	buf = rpchdr;
768 	IXDR_PUT_LONG(buf, msg->rm_xid);
769 	IXDR_PUT_ENUM(buf, msg->rm_direction);
770 	IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
771 	IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
772 	IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
773 	IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
774 	oa = &msg->rm_call.cb_cred;
775 	IXDR_PUT_ENUM(buf, oa->oa_flavor);
776 	IXDR_PUT_LONG(buf, oa->oa_length);
777 	if (oa->oa_length) {
778 		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
779 		buf += RNDUP(oa->oa_length) / sizeof(int32_t);
780 	}
781 	rpcbuf.value = rpchdr;
782 	rpcbuf.length = (u_char *)buf - (u_char *)rpchdr;
783 
784 	checksum.value = msg->rm_call.cb_verf.oa_base;
785 	checksum.length = msg->rm_call.cb_verf.oa_length;
786 
787 	maj_stat = gss_verify_mic(&min_stat, client->cl_ctx, &rpcbuf, &checksum,
788 				  &qop_state);
789 
790 	if (maj_stat != GSS_S_COMPLETE) {
791 		log_status("gss_verify_mic", client->cl_mech,
792 		    maj_stat, min_stat);
793 		client->cl_state = CLIENT_STALE;
794 		return (FALSE);
795 	}
796 	*qop = qop_state;
797 	return (TRUE);
798 }
799 
800 static bool_t
801 svc_rpc_gss_nextverf(struct svc_rpc_gss_client *client,
802     struct svc_req *rqst, u_int seq)
803 {
804 	gss_buffer_desc		signbuf;
805 	OM_uint32		maj_stat, min_stat;
806 	uint32_t		nseq;
807 
808 	log_debug("in svc_rpc_gss_nextverf()");
809 
810 	nseq = htonl(seq);
811 	signbuf.value = &nseq;
812 	signbuf.length = sizeof(nseq);
813 
814 	if (client->cl_verf.value)
815 		gss_release_buffer(&min_stat, &client->cl_verf);
816 
817 	maj_stat = gss_get_mic(&min_stat, client->cl_ctx, client->cl_qop,
818 	    &signbuf, &client->cl_verf);
819 
820 	if (maj_stat != GSS_S_COMPLETE) {
821 		log_status("gss_get_mic", client->cl_mech, maj_stat, min_stat);
822 		client->cl_state = CLIENT_STALE;
823 		return (FALSE);
824 	}
825 	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
826 	rqst->rq_xprt->xp_verf.oa_base = (caddr_t)client->cl_verf.value;
827 	rqst->rq_xprt->xp_verf.oa_length = (u_int)client->cl_verf.length;
828 
829 	return (TRUE);
830 }
831 
832 static bool_t
833 svc_rpc_gss_callback(struct svc_rpc_gss_client *client, struct svc_req *rqst)
834 {
835 	struct svc_rpc_gss_callback *scb;
836 	rpc_gss_lock_t	lock;
837 	void		*cookie;
838 	bool_t		cb_res;
839 	bool_t		result;
840 
841 	/*
842 	 * See if we have a callback for this guy.
843 	 */
844 	result = TRUE;
845 	SLIST_FOREACH(scb, &svc_rpc_gss_callbacks, cb_link) {
846 		if (scb->cb_callback.program == rqst->rq_prog
847 		    && scb->cb_callback.version == rqst->rq_vers) {
848 			/*
849 			 * This one matches. Call the callback and see
850 			 * if it wants to veto or something.
851 			 */
852 			lock.locked = FALSE;
853 			lock.raw_cred = &client->cl_rawcred;
854 			cb_res = scb->cb_callback.callback(rqst,
855 			    client->cl_creds,
856 			    client->cl_ctx,
857 			    &lock,
858 			    &cookie);
859 
860 			if (!cb_res) {
861 				client->cl_state = CLIENT_STALE;
862 				result = FALSE;
863 				break;
864 			}
865 
866 			/*
867 			 * The callback accepted the connection - it
868 			 * is responsible for freeing client->cl_creds
869 			 * now.
870 			 */
871 			client->cl_creds = GSS_C_NO_CREDENTIAL;
872 			client->cl_locked = lock.locked;
873 			client->cl_cookie = cookie;
874 			return (TRUE);
875 		}
876 	}
877 
878 	/*
879 	 * Either no callback exists for this program/version or one
880 	 * of the callbacks rejected the connection. We just need to
881 	 * clean up the delegated client creds, if any.
882 	 */
883 	if (client->cl_creds) {
884 		OM_uint32 min_ver;
885 		gss_release_cred(&min_ver, &client->cl_creds);
886 	}
887 	return (result);
888 }
889 
890 static bool_t
891 svc_rpc_gss_check_replay(struct svc_rpc_gss_client *client, uint32_t seq)
892 {
893 	u_int32_t offset;
894 	int word, bit;
895 
896 	if (seq <= client->cl_seqlast) {
897 		/*
898 		 * The request sequence number is less than
899 		 * the largest we have seen so far. If it is
900 		 * outside the window or if we have seen a
901 		 * request with this sequence before, silently
902 		 * discard it.
903 		 */
904 		offset = client->cl_seqlast - seq;
905 		if (offset >= SVC_RPC_GSS_SEQWINDOW)
906 			return (FALSE);
907 		word = offset / 32;
908 		bit = offset % 32;
909 		if (client->cl_seqmask[word] & (1 << bit))
910 			return (FALSE);
911 	}
912 
913 	return (TRUE);
914 }
915 
916 static void
917 svc_rpc_gss_update_seq(struct svc_rpc_gss_client *client, uint32_t seq)
918 {
919 	int offset, i, word, bit;
920 	uint32_t carry, newcarry;
921 
922 	if (seq > client->cl_seqlast) {
923 		/*
924 		 * This request has a sequence number greater
925 		 * than any we have seen so far. Advance the
926 		 * seq window and set bit zero of the window
927 		 * (which corresponds to the new sequence
928 		 * number)
929 		 */
930 		offset = seq - client->cl_seqlast;
931 		while (offset > 32) {
932 			for (i = (SVC_RPC_GSS_SEQWINDOW / 32) - 1;
933 			     i > 0; i--) {
934 				client->cl_seqmask[i] = client->cl_seqmask[i-1];
935 			}
936 			client->cl_seqmask[0] = 0;
937 			offset -= 32;
938 		}
939 		carry = 0;
940 		for (i = 0; i < SVC_RPC_GSS_SEQWINDOW / 32; i++) {
941 			newcarry = client->cl_seqmask[i] >> (32 - offset);
942 			client->cl_seqmask[i] =
943 				(client->cl_seqmask[i] << offset) | carry;
944 			carry = newcarry;
945 		}
946 		client->cl_seqmask[0] |= 1;
947 		client->cl_seqlast = seq;
948 	} else {
949 		offset = client->cl_seqlast - seq;
950 		word = offset / 32;
951 		bit = offset % 32;
952 		client->cl_seqmask[word] |= (1 << bit);
953 	}
954 
955 }
956 
957 enum auth_stat
958 svc_rpc_gss(struct svc_req *rqst, struct rpc_msg *msg)
959 
960 {
961 	OM_uint32		 min_stat;
962 	XDR	 		 xdrs;
963 	struct svc_rpc_gss_client *client;
964 	struct rpc_gss_cred	 gc;
965 	struct rpc_gss_init_res	 gr;
966 	gss_qop_t		 qop;
967 	int			 call_stat;
968 	enum auth_stat		 result;
969 
970 	log_debug("in svc_rpc_gss()");
971 
972 	/* Garbage collect old clients. */
973 	svc_rpc_gss_timeout_clients();
974 
975 	/* Initialize reply. */
976 	rqst->rq_xprt->xp_verf = _null_auth;
977 
978 	/* Deserialize client credentials. */
979 	if (rqst->rq_cred.oa_length <= 0)
980 		return (AUTH_BADCRED);
981 
982 	memset(&gc, 0, sizeof(gc));
983 
984 	xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
985 	    rqst->rq_cred.oa_length, XDR_DECODE);
986 
987 	if (!xdr_rpc_gss_cred(&xdrs, &gc)) {
988 		XDR_DESTROY(&xdrs);
989 		return (AUTH_BADCRED);
990 	}
991 	XDR_DESTROY(&xdrs);
992 
993 	/* Check version. */
994 	if (gc.gc_version != RPCSEC_GSS_VERSION) {
995 		result = AUTH_BADCRED;
996 		goto out;
997 	}
998 
999 	/* Check the proc and find the client (or create it) */
1000 	if (gc.gc_proc == RPCSEC_GSS_INIT) {
1001 		if (gc.gc_handle.length != 0) {
1002 			result = AUTH_BADCRED;
1003 			goto out;
1004 		}
1005 		client = svc_rpc_gss_create_client();
1006 	} else {
1007 		if (gc.gc_handle.length != sizeof(uint32_t)) {
1008 			result = AUTH_BADCRED;
1009 			goto out;
1010 		}
1011 		uint32_t *p = gc.gc_handle.value;
1012 		client = svc_rpc_gss_find_client(*p);
1013 		if (!client) {
1014 			/*
1015 			 * Can't find the client - we may have
1016 			 * destroyed it - tell the other side to
1017 			 * re-authenticate.
1018 			 */
1019 			result = RPCSEC_GSS_CREDPROBLEM;
1020 			goto out;
1021 		}
1022 	}
1023 	rqst->rq_clntcred = client;
1024 
1025 	/*
1026 	 * The service and sequence number must be ignored for
1027 	 * RPCSEC_GSS_INIT and RPCSEC_GSS_CONTINUE_INIT.
1028 	 */
1029 	if (gc.gc_proc != RPCSEC_GSS_INIT
1030 	    && gc.gc_proc != RPCSEC_GSS_CONTINUE_INIT) {
1031 		/*
1032 		 * Check for sequence number overflow.
1033 		 */
1034 		if (gc.gc_seq >= MAXSEQ) {
1035 			result = RPCSEC_GSS_CTXPROBLEM;
1036 			goto out;
1037 		}
1038 		client->cl_seq = gc.gc_seq;
1039 
1040 		/*
1041 		 * Check for valid service.
1042 		 */
1043 		if (gc.gc_svc != rpc_gss_svc_none &&
1044 		    gc.gc_svc != rpc_gss_svc_integrity &&
1045 		    gc.gc_svc != rpc_gss_svc_privacy) {
1046 			result = AUTH_BADCRED;
1047 			goto out;
1048 		}
1049 	}
1050 
1051 	/* Handle RPCSEC_GSS control procedure. */
1052 	switch (gc.gc_proc) {
1053 
1054 	case RPCSEC_GSS_INIT:
1055 	case RPCSEC_GSS_CONTINUE_INIT:
1056 		if (rqst->rq_proc != NULLPROC) {
1057 			result = AUTH_REJECTEDCRED;
1058 			break;
1059 		}
1060 
1061 		memset(&gr, 0, sizeof(gr));
1062 		if (!svc_rpc_gss_accept_sec_context(client, rqst, &gr, &gc)) {
1063 			result = AUTH_REJECTEDCRED;
1064 			break;
1065 		}
1066 
1067 		if (gr.gr_major == GSS_S_COMPLETE) {
1068 			if (!svc_rpc_gss_nextverf(client, rqst, gr.gr_win)) {
1069 				result = AUTH_REJECTEDCRED;
1070 				break;
1071 			}
1072 		} else {
1073 			rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
1074 			rqst->rq_xprt->xp_verf.oa_length = 0;
1075 		}
1076 
1077 		call_stat = svc_sendreply(rqst->rq_xprt,
1078 		    (xdrproc_t) xdr_rpc_gss_init_res,
1079 		    (caddr_t) &gr);
1080 
1081 		gss_release_buffer(&min_stat, &gr.gr_token);
1082 
1083 		if (!call_stat) {
1084 			result = AUTH_FAILED;
1085 			break;
1086 		}
1087 
1088 		if (gr.gr_major == GSS_S_COMPLETE)
1089 			client->cl_state = CLIENT_ESTABLISHED;
1090 
1091 		result = RPCSEC_GSS_NODISPATCH;
1092 		break;
1093 
1094 	case RPCSEC_GSS_DATA:
1095 	case RPCSEC_GSS_DESTROY:
1096 		if (!svc_rpc_gss_check_replay(client, gc.gc_seq)) {
1097 			result = RPCSEC_GSS_NODISPATCH;
1098 			break;
1099 		}
1100 
1101 		if (!svc_rpc_gss_validate(client, msg, &qop)) {
1102 			result = RPCSEC_GSS_CREDPROBLEM;
1103 			break;
1104 		}
1105 
1106 		if (!svc_rpc_gss_nextverf(client, rqst, gc.gc_seq)) {
1107 			result = RPCSEC_GSS_CTXPROBLEM;
1108 			break;
1109 		}
1110 
1111 		svc_rpc_gss_update_seq(client, gc.gc_seq);
1112 
1113 		/*
1114 		 * Change the SVCAUTH ops on the transport to point at
1115 		 * our own code so that we can unwrap the arguments
1116 		 * and wrap the result. The caller will re-set this on
1117 		 * every request to point to a set of null wrap/unwrap
1118 		 * methods.
1119 		 */
1120 		SVC_AUTH(rqst->rq_xprt).svc_ah_ops = &svc_auth_gss_ops;
1121 		SVC_AUTH(rqst->rq_xprt).svc_ah_private = client;
1122 
1123 		if (gc.gc_proc == RPCSEC_GSS_DATA) {
1124 			/*
1125 			 * We might be ready to do a callback to the server to
1126 			 * see if it wants to accept/reject the connection.
1127 			 */
1128 			if (!client->cl_done_callback) {
1129 				client->cl_done_callback = TRUE;
1130 				client->cl_qop = qop;
1131 				client->cl_rawcred.qop = _rpc_gss_num_to_qop(
1132 					client->cl_rawcred.mechanism, qop);
1133 				if (!svc_rpc_gss_callback(client, rqst)) {
1134 					result = AUTH_REJECTEDCRED;
1135 					break;
1136 				}
1137 			}
1138 
1139 			/*
1140 			 * If the server has locked this client to a
1141 			 * particular service+qop pair, enforce that
1142 			 * restriction now.
1143 			 */
1144 			if (client->cl_locked) {
1145 				if (client->cl_rawcred.service != gc.gc_svc) {
1146 					result = AUTH_FAILED;
1147 					break;
1148 				} else if (client->cl_qop != qop) {
1149 					result = AUTH_BADVERF;
1150 					break;
1151 				}
1152 			}
1153 
1154 			/*
1155 			 * If the qop changed, look up the new qop
1156 			 * name for rawcred.
1157 			 */
1158 			if (client->cl_qop != qop) {
1159 				client->cl_qop = qop;
1160 				client->cl_rawcred.qop = _rpc_gss_num_to_qop(
1161 					client->cl_rawcred.mechanism, qop);
1162 			}
1163 
1164 			/*
1165 			 * Make sure we use the right service value
1166 			 * for unwrap/wrap.
1167 			 */
1168 			client->cl_rawcred.service = gc.gc_svc;
1169 
1170 			result = AUTH_OK;
1171 		} else {
1172 			if (rqst->rq_proc != NULLPROC) {
1173 				result = AUTH_REJECTEDCRED;
1174 				break;
1175 			}
1176 
1177 			call_stat = svc_sendreply(rqst->rq_xprt,
1178 			    (xdrproc_t) xdr_void, (caddr_t) NULL);
1179 
1180 			if (!call_stat) {
1181 				result = AUTH_FAILED;
1182 				break;
1183 			}
1184 
1185 			svc_rpc_gss_destroy_client(client);
1186 
1187 			result = RPCSEC_GSS_NODISPATCH;
1188 			break;
1189 		}
1190 		break;
1191 
1192 	default:
1193 		result = AUTH_BADCRED;
1194 		break;
1195 	}
1196 out:
1197 	xdr_free((xdrproc_t) xdr_rpc_gss_cred, (char *) &gc);
1198 	return (result);
1199 }
1200 
1201 bool_t
1202 svc_rpc_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
1203 {
1204 	struct svc_rpc_gss_client *client;
1205 
1206 	log_debug("in svc_rpc_gss_wrap()");
1207 
1208 	client = (struct svc_rpc_gss_client *) auth->svc_ah_private;
1209 	if (client->cl_state != CLIENT_ESTABLISHED
1210 	    || client->cl_rawcred.service == rpc_gss_svc_none) {
1211 		return xdr_func(xdrs, xdr_ptr);
1212 	}
1213 	return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
1214 		client->cl_ctx, client->cl_qop,
1215 		client->cl_rawcred.service, client->cl_seq));
1216 }
1217 
1218 bool_t
1219 svc_rpc_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
1220 {
1221 	struct svc_rpc_gss_client *client;
1222 
1223 	log_debug("in svc_rpc_gss_unwrap()");
1224 
1225 	client = (struct svc_rpc_gss_client *) auth->svc_ah_private;
1226 	if (client->cl_state != CLIENT_ESTABLISHED
1227 	    || client->cl_rawcred.service == rpc_gss_svc_none) {
1228 		return xdr_func(xdrs, xdr_ptr);
1229 	}
1230 	return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr,
1231 		client->cl_ctx, client->cl_qop,
1232 		client->cl_rawcred.service, client->cl_seq));
1233 }
1234