xref: /illumos-gate/usr/src/lib/rpcsec_gss/rpcsec_gss.c (revision c5991125ddc49f996e4c3aed94b3b5f3fcb8a9a4)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Copyright 2021 Tintri by DDN, Inc. All rights reserved.
27  */
28 
29 /*
30  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
31  *
32  * $Header:
33  * /afs/gza.com/product/secure/rel-eng/src/1.1/rpc/RCS/auth_gssapi.c,v
34  * 1.14 1995/03/22 22:07:55 jik Exp $
35  */
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <strings.h>
40 #include <errno.h>
41 #include <pthread.h>
42 #include <thread.h>
43 #include <syslog.h>
44 #include <gssapi/gssapi.h>
45 #include <rpc/rpc.h>
46 #include <rpc/rpcsec_defs.h>
47 
48 static void	rpc_gss_nextverf();
49 static bool_t	rpc_gss_marshall();
50 static bool_t	rpc_gss_validate();
51 static bool_t	rpc_gss_refresh();
52 static void	rpc_gss_destroy();
53 static void	rpc_gss_destroy_pvt();
54 static bool_t	rpc_gss_seccreate_pvt();
55 static bool_t	validate_seqwin();
56 
57 /*
58  * Globals that should have header files but don't.
59  */
60 extern bool_t	xdr_opaque_auth(XDR *, struct opaque_auth *);
61 
62 
63 static struct auth_ops rpc_gss_ops = {
64 	rpc_gss_nextverf,
65 	rpc_gss_marshall,
66 	rpc_gss_validate,
67 	rpc_gss_refresh,
68 	rpc_gss_destroy
69 };
70 
71 /*
72  * Private data for RPCSEC_GSS.
73  */
74 typedef struct _rpc_gss_data {
75 	bool_t			established;	/* TRUE when established */
76 	CLIENT			*clnt;		/* associated client handle */
77 	uint_t			version;	/* RPCSEC version */
78 	gss_ctx_id_t		context;	/* GSS context id */
79 	gss_buffer_desc		ctx_handle;	/* RPCSEC context handle */
80 	uint_t			seq_num;	/* last sequence number rcvd */
81 	gss_cred_id_t		my_cred;	/* GSS credentials */
82 	OM_uint32		qop;		/* requested QOP */
83 	rpc_gss_service_t	service;	/* requested service */
84 	uint_t			gss_proc;	/* GSS control procedure */
85 	gss_name_t		target_name;	/* target server */
86 	int			req_flags;	/* GSS request bits */
87 	gss_OID			mech_type;	/* GSS mechanism */
88 	OM_uint32		time_req;	/* requested cred lifetime */
89 	bool_t			invalid;	/* can't use this any more */
90 	OM_uint32		seq_window;	/* server sequence window */
91 	struct opaque_auth	*verifier;  /* rpc reply verifier saved for */
92 					    /* validating the sequence window */
93 	gss_channel_bindings_t	icb;
94 } rpc_gss_data;
95 #define	AUTH_PRIVATE(auth) ((rpc_gss_data *)auth->ah_private)
96 
97 /*
98  * Create a context.
99  */
100 AUTH *
__rpc_gss_seccreate(clnt,server_name,mech,service,qop,options_req,options_ret)101 __rpc_gss_seccreate(clnt, server_name, mech, service, qop, options_req,
102 								options_ret)
103 	CLIENT			*clnt;		/* associated client handle */
104 	char			*server_name;	/* target server */
105 	char			*mech;		/* security mechanism */
106 	rpc_gss_service_t	service;	/* security service */
107 	char			*qop;		/* requested QOP */
108 	rpc_gss_options_req_t	*options_req;	/* requested options */
109 	rpc_gss_options_ret_t	*options_ret;	/* returned options */
110 {
111 	OM_uint32		gssstat;
112 	OM_uint32		minor_stat;
113 	gss_name_t		target_name;
114 	gss_OID			mech_type;
115 	OM_uint32		ret_flags;
116 	OM_uint32		time_rec;
117 	gss_buffer_desc		input_name;
118 	AUTH			*auth = NULL;
119 	rpc_gss_data		*ap = NULL;
120 	OM_uint32		qop_num;
121 
122 	if (options_ret != NULL) {
123 		options_ret->major_status = 0;
124 		options_ret->minor_status = 0;
125 	}
126 
127 	/*
128 	 * convert ascii strings to GSS values
129 	 */
130 	if (!__rpc_gss_qop_to_num(qop, mech, &qop_num)) {
131 		return (NULL);
132 	}
133 
134 	if (!__rpc_gss_mech_to_oid(mech, &mech_type)) {
135 		return (NULL);
136 	}
137 
138 	/*
139 	 * convert name to GSS internal type
140 	 */
141 	input_name.value = server_name;
142 	input_name.length = strlen(server_name);
143 	gssstat = gss_import_name(&minor_stat, &input_name,
144 				(gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
145 				&target_name);
146 	if (gssstat != GSS_S_COMPLETE) {
147 		rpc_gss_err.rpc_gss_error = RPC_GSS_ER_SYSTEMERROR;
148 		rpc_gss_err.system_error = ENOMEM;
149 		if (options_ret != NULL) {
150 			options_ret->major_status = gssstat;
151 			options_ret->minor_status = minor_stat;
152 		}
153 		return (NULL);
154 	}
155 
156 	/*
157 	 * Create AUTH handle.  Save the necessary interface information
158 	 * so that the client can refresh the handle later if needed.
159 	 */
160 	if ((auth = (AUTH *) malloc(sizeof (*auth))) != NULL)
161 		ap = (rpc_gss_data *) malloc(sizeof (*ap));
162 	if (auth == NULL || ap == NULL) {
163 		rpc_gss_err.rpc_gss_error = RPC_GSS_ER_SYSTEMERROR;
164 		rpc_gss_err.system_error = ENOMEM;
165 		if (auth != NULL)
166 			free((char *)auth);
167 		(void) gss_release_name(&minor_stat, &target_name);
168 		return (NULL);
169 	}
170 
171 	memset((char *)ap, 0, sizeof (*ap));
172 	ap->clnt = clnt;
173 	ap->version = RPCSEC_GSS_VERSION;
174 	if (options_req != NULL) {
175 		ap->my_cred = options_req->my_cred;
176 		ap->req_flags = options_req->req_flags;
177 		ap->time_req = options_req->time_req;
178 		ap->icb = options_req->input_channel_bindings;
179 	} else {
180 		ap->my_cred = GSS_C_NO_CREDENTIAL;
181 		ap->req_flags = GSS_C_MUTUAL_FLAG;
182 		ap->time_req = 0;
183 		ap->icb = NULL;
184 	}
185 	if ((ap->service = service) == rpc_gss_svc_default)
186 		ap->service = rpc_gss_svc_integrity;
187 	ap->qop = qop_num;
188 	ap->target_name = target_name;
189 	ap->mech_type = mech_type;
190 
191 	/*
192 	 * Now invoke the real interface that sets up the context from
193 	 * the information stashed away in the private data.
194 	 */
195 	if (!rpc_gss_seccreate_pvt(&gssstat, &minor_stat, auth, ap,
196 				&mech_type, &ret_flags, &time_rec)) {
197 		if (options_ret != NULL) {
198 			options_ret->major_status = gssstat;
199 			options_ret->minor_status = minor_stat;
200 		}
201 		if (ap->target_name)
202 			(void) gss_release_name(&minor_stat, &ap->target_name);
203 		free((char *)ap);
204 		free((char *)auth);
205 		return (NULL);
206 	}
207 
208 	/*
209 	 * Make sure that the requested service is supported.  In all
210 	 * cases, integrity service must be available.
211 	 */
212 	if ((ap->service == rpc_gss_svc_privacy &&
213 					!(ret_flags & GSS_C_CONF_FLAG)) ||
214 			!(ret_flags & GSS_C_INTEG_FLAG)) {
215 		rpc_gss_destroy(auth);
216 		rpc_gss_err.rpc_gss_error = RPC_GSS_ER_SYSTEMERROR;
217 		rpc_gss_err.system_error = EPROTONOSUPPORT;
218 		return (NULL);
219 	}
220 
221 	/*
222 	 * return option values if requested
223 	 */
224 	if (options_ret != NULL) {
225 		char	*s;
226 
227 		options_ret->major_status = gssstat;
228 		options_ret->minor_status = minor_stat;
229 		options_ret->rpcsec_version = ap->version;
230 		options_ret->ret_flags = ret_flags;
231 		options_ret->time_ret = time_rec;
232 		options_ret->gss_context = ap->context;
233 		if ((s = __rpc_gss_oid_to_mech(mech_type)) != NULL)
234 			strcpy(options_ret->actual_mechanism, s);
235 		else
236 			options_ret->actual_mechanism[0] = '\0';
237 	}
238 	return (auth);
239 }
240 
241 /*
242  * Private interface to create a context.  This is the interface
243  * that's invoked when the context has to be refreshed.
244  */
245 static bool_t
rpc_gss_seccreate_pvt(gssstat,minor_stat,auth,ap,actual_mech_type,ret_flags,time_rec)246 rpc_gss_seccreate_pvt(gssstat, minor_stat, auth, ap, actual_mech_type,
247 						ret_flags, time_rec)
248 	OM_uint32		*gssstat;
249 	OM_uint32		*minor_stat;
250 	AUTH			*auth;
251 	rpc_gss_data		*ap;
252 	gss_OID			*actual_mech_type;
253 	OM_uint32		*ret_flags;
254 	OM_uint32		*time_rec;
255 {
256 	CLIENT			*clnt = ap->clnt;
257 	AUTH			*save_auth;
258 	enum clnt_stat		callstat;
259 	rpc_gss_init_arg	call_arg;
260 	rpc_gss_init_res	call_res;
261 	gss_buffer_desc		*input_token_p, input_token;
262 	bool_t			free_results = FALSE;
263 
264 	/*
265 	 * initialize error
266 	 */
267 	memset(&rpc_createerr, 0, sizeof (rpc_createerr));
268 
269 	/*
270 	 * (re)initialize AUTH handle and private data.
271 	 */
272 	memset((char *)auth, 0, sizeof (*auth));
273 	auth->ah_ops = &rpc_gss_ops;
274 	auth->ah_private = (caddr_t)ap;
275 	auth->ah_cred.oa_flavor = RPCSEC_GSS;
276 
277 	ap->established = FALSE;
278 	ap->ctx_handle.length = 0;
279 	ap->ctx_handle.value = NULL;
280 	ap->context = GSS_C_NO_CONTEXT;
281 	ap->seq_num = 0;
282 	ap->gss_proc = RPCSEC_GSS_INIT;
283 
284 	/*
285 	 * should not change clnt->cl_auth at this time, so save
286 	 * old handle
287 	 */
288 	save_auth = clnt->cl_auth;
289 	clnt->cl_auth = auth;
290 
291 	/*
292 	 * set state for starting context setup
293 	 */
294 	input_token_p = GSS_C_NO_BUFFER;
295 
296 next_token:
297 	*gssstat = gss_init_sec_context(minor_stat,
298 					ap->my_cred,
299 					&ap->context,
300 					ap->target_name,
301 					ap->mech_type,
302 					ap->req_flags,
303 					ap->time_req,
304 					NULL,
305 					input_token_p,
306 					actual_mech_type,
307 					&call_arg,
308 					ret_flags,
309 					time_rec);
310 
311 	if (input_token_p != GSS_C_NO_BUFFER) {
312 		OM_uint32 minor_stat2;
313 
314 		(void) gss_release_buffer(&minor_stat2, input_token_p);
315 		input_token_p = GSS_C_NO_BUFFER;
316 	}
317 
318 	if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) {
319 
320 		goto cleanup;
321 	}
322 
323 	/*
324 	 * if we got a token, pass it on
325 	 */
326 	if (call_arg.length != 0) {
327 		struct timeval timeout = {30, 0};
328 
329 		memset((char *)&call_res, 0, sizeof (call_res));
330 		callstat = clnt_call(clnt, NULLPROC,
331 				__xdr_rpc_gss_init_arg, (caddr_t)&call_arg,
332 				__xdr_rpc_gss_init_res, (caddr_t)&call_res,
333 				timeout);
334 		(void) gss_release_buffer(minor_stat, &call_arg);
335 
336 		if (callstat != RPC_SUCCESS) {
337 			goto cleanup;
338 		}
339 		/*
340 		 * we have results - note that these need to be freed
341 		 */
342 		free_results = TRUE;
343 
344 		if (call_res.gss_major != GSS_S_COMPLETE &&
345 			call_res.gss_major != GSS_S_CONTINUE_NEEDED)
346 			goto cleanup;
347 
348 		ap->gss_proc = RPCSEC_GSS_CONTINUE_INIT;
349 
350 		/*
351 		 * check for ctx_handle
352 		 */
353 		if (ap->ctx_handle.length == 0) {
354 			if (call_res.ctx_handle.length == 0)
355 				goto cleanup;
356 			GSS_DUP_BUFFER(ap->ctx_handle,
357 				call_res.ctx_handle);
358 		} else if (!GSS_BUFFERS_EQUAL(ap->ctx_handle,
359 						call_res.ctx_handle))
360 			goto cleanup;
361 
362 		/*
363 		 * check for token
364 		 */
365 		if (call_res.token.length != 0) {
366 			if (*gssstat == GSS_S_COMPLETE)
367 				goto cleanup;
368 			GSS_DUP_BUFFER(input_token, call_res.token);
369 			input_token_p = &input_token;
370 
371 		} else if (*gssstat != GSS_S_COMPLETE)
372 			goto cleanup;
373 
374 		/* save the sequence window value; validate later */
375 		ap->seq_window = call_res.seq_window;
376 		xdr_free(__xdr_rpc_gss_init_res, (caddr_t)&call_res);
377 		free_results = FALSE;
378 	}
379 
380 	/*
381 	 * results were okay.. continue if necessary
382 	 */
383 	if (*gssstat == GSS_S_CONTINUE_NEEDED)
384 		goto next_token;
385 
386 	/*
387 	 * Validate the sequence window - RFC 2203 section 5.2.3.1
388 	 */
389 	if (!validate_seqwin(ap)) {
390 		goto cleanup;
391 	}
392 
393 	/*
394 	 * Done!  Security context creation is successful.
395 	 * Ready for exchanging data.
396 	 */
397 	ap->established = TRUE;
398 	ap->seq_num = 1;
399 	ap->gss_proc = RPCSEC_GSS_DATA;
400 	ap->invalid = FALSE;
401 
402 	clnt->cl_auth = save_auth;	/* restore cl_auth */
403 	return (TRUE);
404 
405 cleanup:
406 	if (ap->context != GSS_C_NO_CONTEXT)
407 		rpc_gss_destroy_pvt(auth);
408 	if (free_results)
409 		xdr_free(__xdr_rpc_gss_init_res, (caddr_t)&call_res);
410 	clnt->cl_auth = save_auth;	/* restore cl_auth */
411 
412 /*
413  *	if (rpc_createerr.cf_stat == 0)
414  *		rpc_createerr.cf_stat = RPC_AUTHERROR;
415  */
416 	if (rpc_createerr.cf_stat == 0) {
417 		rpc_gss_err.rpc_gss_error = RPC_GSS_ER_SYSTEMERROR;
418 		rpc_gss_err.system_error = RPC_AUTHERROR;
419 	}
420 
421 	return (FALSE);
422 }
423 
424 /*
425  * Set service defaults.
426  */
427 bool_t
__rpc_gss_set_defaults(auth,service,qop)428 __rpc_gss_set_defaults(auth, service, qop)
429 	AUTH			*auth;
430 	rpc_gss_service_t	service;
431 	char			*qop;
432 {
433 	/*LINTED*/
434 	rpc_gss_data		*ap = AUTH_PRIVATE(auth);
435 	char			*mech;
436 	OM_uint32		qop_num;
437 
438 	switch (service) {
439 	case rpc_gss_svc_integrity:
440 	case rpc_gss_svc_privacy:
441 	case rpc_gss_svc_none:
442 		break;
443 	case rpc_gss_svc_default:
444 		service = rpc_gss_svc_integrity;
445 		break;
446 	default:
447 		return (FALSE);
448 	}
449 
450 	if ((mech = __rpc_gss_oid_to_mech(ap->mech_type)) == NULL)
451 		return (FALSE);
452 
453 	if (!__rpc_gss_qop_to_num(qop, mech, &qop_num))
454 		return (FALSE);
455 
456 	ap->qop = qop_num;
457 	ap->service = service;
458 	return (TRUE);
459 }
460 
461 /*
462  * Marshall credentials.
463  */
464 static bool_t
marshall_creds(ap,xdrs)465 marshall_creds(ap, xdrs)
466 	rpc_gss_data		*ap;
467 	XDR			*xdrs;
468 {
469 	rpc_gss_creds		ag_creds;
470 	char			cred_buf[MAX_AUTH_BYTES];
471 	struct opaque_auth	creds;
472 	XDR			cred_xdrs;
473 
474 	ag_creds.version = ap->version;
475 	ag_creds.gss_proc = ap->gss_proc;
476 	ag_creds.seq_num = ap->seq_num;
477 	ag_creds.service = ap->service;
478 
479 	/*
480 	 * If context has not been set up yet, use NULL handle.
481 	 */
482 	if (ap->ctx_handle.length > 0)
483 		ag_creds.ctx_handle = ap->ctx_handle;
484 	else {
485 		ag_creds.ctx_handle.length = 0;
486 		ag_creds.ctx_handle.value = NULL;
487 	}
488 
489 	xdrmem_create(&cred_xdrs, (caddr_t)cred_buf, MAX_AUTH_BYTES,
490 								XDR_ENCODE);
491 	if (!__xdr_rpc_gss_creds(&cred_xdrs, &ag_creds)) {
492 		XDR_DESTROY(&cred_xdrs);
493 		return (FALSE);
494 	}
495 
496 	creds.oa_flavor = RPCSEC_GSS;
497 	creds.oa_base = cred_buf;
498 	creds.oa_length = xdr_getpos(&cred_xdrs);
499 	XDR_DESTROY(&cred_xdrs);
500 
501 	if (!xdr_opaque_auth(xdrs, &creds))
502 		return (FALSE);
503 
504 	return (TRUE);
505 }
506 
507 /*
508  * Marshall verifier.  The verifier is the checksum of the RPC header
509  * up to and including the credential field.  The XDR handle that's
510  * passed in has the header up to and including the credential field
511  * encoded.  A pointer to the transmit buffer is also passed in.
512  */
513 static bool_t
marshall_verf(ap,xdrs,buf)514 marshall_verf(ap, xdrs, buf)
515 	rpc_gss_data		*ap;
516 	XDR			*xdrs;	/* send XDR */
517 	char			*buf;	/* pointer of send buffer */
518 {
519 	struct opaque_auth	verf;
520 	OM_uint32		major, minor;
521 	gss_buffer_desc		in_buf, out_buf;
522 	bool_t			ret = FALSE;
523 
524 	/*
525 	 * If context is not established yet, use NULL verifier.
526 	 */
527 	if (!ap->established) {
528 		verf.oa_flavor = AUTH_NONE;
529 		verf.oa_base = NULL;
530 		verf.oa_length = 0;
531 		return (xdr_opaque_auth(xdrs, &verf));
532 	}
533 
534 	verf.oa_flavor = RPCSEC_GSS;
535 	in_buf.length = xdr_getpos(xdrs);
536 	in_buf.value = buf;
537 	if ((major = gss_sign(&minor, ap->context, ap->qop, &in_buf,
538 					&out_buf)) != GSS_S_COMPLETE) {
539 		if (major == GSS_S_CONTEXT_EXPIRED) {
540 			ap->invalid = TRUE;
541 		}
542 		return (FALSE);
543 	}
544 	verf.oa_base = out_buf.value;
545 	verf.oa_length = out_buf.length;
546 	ret = xdr_opaque_auth(xdrs, &verf);
547 	(void) gss_release_buffer(&minor, &out_buf);
548 
549 	return (ret);
550 }
551 
552 /*
553  * Function: rpc_gss_nextverf.  Not used.
554  */
555 static void
rpc_gss_nextverf()556 rpc_gss_nextverf()
557 {
558 }
559 
560 /*
561  * Function: rpc_gss_marshall - not used.
562  */
563 static bool_t
rpc_gss_marshall(auth,xdrs)564 rpc_gss_marshall(auth, xdrs)
565 	AUTH		*auth;
566 	XDR		*xdrs;
567 {
568 	if (!xdr_opaque_auth(xdrs, &auth->ah_cred) ||
569 				!xdr_opaque_auth(xdrs, &auth->ah_verf))
570 		return (FALSE);
571 	return (TRUE);
572 }
573 
574 /*
575  * Validate sequence window upon a successful RPCSEC_GSS INIT session.
576  * The sequence window sent back by the server should be verifiable by
577  * the verifier which is a checksum of the sequence window.
578  */
579 static bool_t
validate_seqwin(rpc_gss_data * ap)580 validate_seqwin(rpc_gss_data *ap)
581 {
582 	uint_t			seq_win_net;
583 	OM_uint32		major = 0, minor = 0;
584 	gss_buffer_desc		msg_buf, tok_buf;
585 	int			qop_state = 0;
586 
587 	seq_win_net = (uint_t)htonl(ap->seq_window);
588 	msg_buf.length = sizeof (seq_win_net);
589 	msg_buf.value = (char *)&seq_win_net;
590 	tok_buf.length = ap->verifier->oa_length;
591 	tok_buf.value = ap->verifier->oa_base;
592 	major = gss_verify(&minor, ap->context, &msg_buf, &tok_buf, &qop_state);
593 	if (major != GSS_S_COMPLETE)
594 		return (FALSE);
595 	return (TRUE);
596 }
597 
598 /*
599  * Validate RPC response verifier from server.  The response verifier
600  * is the checksum of the request sequence number.
601  */
602 static bool_t
rpc_gss_validate(auth,verf)603 rpc_gss_validate(auth, verf)
604 	AUTH			*auth;
605 	struct opaque_auth	*verf;
606 {
607 	/*LINTED*/
608 	rpc_gss_data		*ap = AUTH_PRIVATE(auth);
609 	uint_t			seq_num_net;
610 	OM_uint32		major, minor;
611 	gss_buffer_desc		msg_buf, tok_buf;
612 	int			qop_state;
613 
614 	/*
615 	 * If context is not established yet, save the verifier for
616 	 * validating the sequence window later at the end of context
617 	 * creation session.
618 	 */
619 	if (!ap->established) {
620 	    if (ap->verifier == NULL) {
621 		ap->verifier = malloc(sizeof (struct opaque_auth));
622 		memset(ap->verifier, 0, sizeof (struct opaque_auth));
623 		if (verf->oa_length > 0)
624 		    ap->verifier->oa_base = malloc(verf->oa_length);
625 	    } else {
626 		if (ap->verifier->oa_length > 0)
627 		    free(ap->verifier->oa_base);
628 		if (verf->oa_length > 0)
629 		    ap->verifier->oa_base = malloc(verf->oa_length);
630 	    }
631 	    ap->verifier->oa_length = verf->oa_length;
632 	    bcopy(verf->oa_base, ap->verifier->oa_base, verf->oa_length);
633 	    return (TRUE);
634 	}
635 
636 	seq_num_net = (uint_t)htonl(ap->seq_num);
637 	msg_buf.length = sizeof (seq_num_net);
638 	msg_buf.value = (char *)&seq_num_net;
639 	tok_buf.length = verf->oa_length;
640 	tok_buf.value = verf->oa_base;
641 	major = gss_verify(&minor, ap->context, &msg_buf, &tok_buf, &qop_state);
642 	if (major != GSS_S_COMPLETE)
643 		return (FALSE);
644 	return (TRUE);
645 }
646 
647 /*
648  * Refresh client context.  This is necessary sometimes because the
649  * server will ocassionally destroy contexts based on LRU method, or
650  * because of expired credentials.
651  */
652 static bool_t
rpc_gss_refresh(auth,msg)653 rpc_gss_refresh(auth, msg)
654 	AUTH		*auth;
655 	struct rpc_msg	*msg;
656 {
657 	/*LINTED*/
658 	rpc_gss_data	*ap = AUTH_PRIVATE(auth);
659 	OM_uint32	gssstat, minor_stat;
660 
661 	/*
662 	 * The context needs to be recreated only when the error status
663 	 * returned from the server is one of the following:
664 	 *	RPCSEC_GSS_NOCRED and RPCSEC_GSS_FAILED
665 	 * The existing context should not be destroyed unless the above
666 	 * error status codes are received or if the context has not
667 	 * been set up.
668 	 */
669 
670 	if (msg->rjcted_rply.rj_why == RPCSEC_GSS_NOCRED ||
671 			msg->rjcted_rply.rj_why == RPCSEC_GSS_FAILED ||
672 							!ap->established) {
673 		/*
674 		 * Destroy the context if necessary.  Use the same memory
675 		 * for the new context since we've already passed a pointer
676 		 * to it to the user.
677 		 */
678 		if (ap->context != GSS_C_NO_CONTEXT) {
679 			(void) gss_delete_sec_context(&minor_stat, &ap->context,
680 								NULL);
681 			ap->context = GSS_C_NO_CONTEXT;
682 		}
683 		if (ap->ctx_handle.length != 0) {
684 			(void) gss_release_buffer(&minor_stat,
685 							&ap->ctx_handle);
686 			ap->ctx_handle.length = 0;
687 			ap->ctx_handle.value = NULL;
688 		}
689 
690 		/*
691 		 * If the context was not already established, don't try to
692 		 * recreate it.
693 		 */
694 		if (!ap->established) {
695 			ap->invalid = TRUE;
696 			return (FALSE);
697 		}
698 
699 		/*
700 		 * Recreate context.
701 		 */
702 		if (rpc_gss_seccreate_pvt(&gssstat, &minor_stat, auth, ap,
703 		    (gss_OID *)0, (OM_uint32 *)0, (OM_uint32 *)0))
704 			return (TRUE);
705 		else {
706 			ap->invalid = TRUE;
707 			return (FALSE);
708 		}
709 	}
710 	return (FALSE);
711 }
712 
713 /*
714  * Destroy a context.
715  */
716 static void
rpc_gss_destroy(auth)717 rpc_gss_destroy(auth)
718 	AUTH		*auth;
719 {
720 	/*LINTED*/
721 	rpc_gss_data	*ap = AUTH_PRIVATE(auth);
722 
723 	rpc_gss_destroy_pvt(auth);
724 	free((char *)ap);
725 	free(auth);
726 }
727 
728 /*
729  * Private interface to destroy a context without freeing up
730  * the memory used by it.  We need to do this when a refresh
731  * fails, for example, so the user will still have a handle.
732  */
733 static void
rpc_gss_destroy_pvt(auth)734 rpc_gss_destroy_pvt(auth)
735 	AUTH		*auth;
736 {
737 	struct timeval	timeout;
738 	OM_uint32	minor_stat;
739 	/*LINTED*/
740 	rpc_gss_data	*ap = AUTH_PRIVATE(auth);
741 
742 	/*
743 	 * If we have a server context id, inform server that we are
744 	 * destroying the context.
745 	 */
746 	if (ap->ctx_handle.length != 0) {
747 		ap->gss_proc = RPCSEC_GSS_DESTROY;
748 		timeout.tv_sec = 1;
749 		timeout.tv_usec = 0;
750 		(void) clnt_call(ap->clnt, NULLPROC, xdr_void, NULL,
751 						xdr_void, NULL, timeout);
752 
753 		(void) gss_release_buffer(&minor_stat, &ap->ctx_handle);
754 		ap->ctx_handle.length = 0;
755 		ap->ctx_handle.value = NULL;
756 	}
757 
758 	/*
759 	 * Destroy local GSS context.
760 	 */
761 	if (ap->context != GSS_C_NO_CONTEXT) {
762 		(void) gss_delete_sec_context(&minor_stat, &ap->context, NULL);
763 		ap->context = GSS_C_NO_CONTEXT;
764 	}
765 
766 	/*
767 	 * Looks like we need to release default credentials if we use it.
768 	 * Non-default creds need to be released by user.
769 	 */
770 	if (ap->my_cred == GSS_C_NO_CREDENTIAL)
771 		(void) gss_release_cred(&minor_stat, &ap->my_cred);
772 
773 	/*
774 	 * Release any internal name structures.
775 	 */
776 	if (ap->target_name != NULL) {
777 		(void) gss_release_name(&minor_stat, &ap->target_name);
778 		ap->target_name = NULL;
779 	}
780 
781 	/*
782 	 * Free the verifier saved for sequence window checking.
783 	 */
784 	if (ap->verifier != NULL) {
785 	    if (ap->verifier->oa_length > 0)
786 		free(ap->verifier->oa_base);
787 	    free(ap->verifier);
788 	    ap->verifier = NULL;
789 	}
790 }
791 
792 /*
793  * Wrap client side data.  The encoded header is passed in through
794  * buf and buflen.  The header is up to but not including the
795  * credential field.
796  */
797 bool_t
__rpc_gss_wrap(auth,buf,buflen,out_xdrs,xdr_func,xdr_ptr)798 __rpc_gss_wrap(auth, buf, buflen, out_xdrs, xdr_func, xdr_ptr)
799 	AUTH			*auth;
800 	char			*buf;		/* encoded header */
801 	uint_t			buflen;		/* encoded header length */
802 	XDR			*out_xdrs;
803 	bool_t			(*xdr_func)();
804 	caddr_t			xdr_ptr;
805 {
806 	/*LINTED*/
807 	rpc_gss_data		*ap = AUTH_PRIVATE(auth);
808 	XDR			xdrs;
809 	char			tmp_buf[512];
810 
811 
812 	/*
813 	 * Reject an invalid context.
814 	 */
815 	if (ap->invalid)
816 		return (FALSE);
817 
818 	/*
819 	 * If context is established, bump up sequence number.
820 	 */
821 	if (ap->established)
822 		ap->seq_num++;
823 
824 	/*
825 	 * Create the header in a temporary XDR context and buffer
826 	 * before putting it out.
827 	 */
828 	xdrmem_create(&xdrs, tmp_buf, sizeof (tmp_buf), XDR_ENCODE);
829 	if (!XDR_PUTBYTES(&xdrs, buf, buflen))
830 		return (FALSE);
831 
832 	/*
833 	 * create cred field
834 	 */
835 	if (!marshall_creds(ap, &xdrs))
836 		return (FALSE);
837 
838 	/*
839 	 * create verifier
840 	 */
841 	if (!marshall_verf(ap, &xdrs, tmp_buf))
842 		return (FALSE);
843 
844 	/*
845 	 * write out header and destroy temp structures
846 	 */
847 	if (!XDR_PUTBYTES(out_xdrs, tmp_buf, XDR_GETPOS(&xdrs)))
848 		return (FALSE);
849 	XDR_DESTROY(&xdrs);
850 
851 	/*
852 	 * If context is not established, or if neither integrity
853 	 * nor privacy is used, just XDR encode data.
854 	 */
855 	if (!ap->established || ap->service == rpc_gss_svc_none)
856 		return ((*xdr_func)(out_xdrs, xdr_ptr));
857 
858 	return (__rpc_gss_wrap_data(ap->service, ap->qop, ap->context,
859 				ap->seq_num, out_xdrs, xdr_func, xdr_ptr));
860 }
861 
862 /*
863  * Unwrap received data.
864  */
865 bool_t
__rpc_gss_unwrap(auth,in_xdrs,xdr_func,xdr_ptr)866 __rpc_gss_unwrap(auth, in_xdrs, xdr_func, xdr_ptr)
867 	AUTH			*auth;
868 	XDR			*in_xdrs;
869 	bool_t			(*xdr_func)();
870 	caddr_t			xdr_ptr;
871 {
872 	/*LINTED*/
873 	rpc_gss_data		*ap = AUTH_PRIVATE(auth);
874 
875 	/*
876 	 * If context is not established, of if neither integrity
877 	 * nor privacy is used, just XDR encode data.
878 	 */
879 	if (!ap->established || ap->service == rpc_gss_svc_none)
880 		return ((*xdr_func)(in_xdrs, xdr_ptr));
881 
882 	return (__rpc_gss_unwrap_data(ap->service,
883 				ap->context,
884 				ap->seq_num,
885 				ap->qop,
886 				in_xdrs, xdr_func, xdr_ptr));
887 }
888 
889 int
__rpc_gss_max_data_length(auth,max_tp_unit_len)890 __rpc_gss_max_data_length(auth, max_tp_unit_len)
891 	AUTH		*auth;
892 	int		max_tp_unit_len;
893 {
894 	/*LINTED*/
895 	rpc_gss_data		*ap = AUTH_PRIVATE(auth);
896 
897 	if (!ap->established || max_tp_unit_len <= 0)
898 		return (0);
899 
900 	return (__find_max_data_length(ap->service,
901 			ap->context,
902 			ap->qop,
903 			max_tp_unit_len));
904 }
905 
906 void
__rpc_gss_get_error(rpc_gss_error_t * error)907 __rpc_gss_get_error(rpc_gss_error_t *error)
908 {
909 	*error = rpc_gss_err;
910 }
911 
912 #undef  rpc_gss_err
913 
914 rpc_gss_error_t	rpc_gss_err;
915 
916 rpc_gss_error_t *
__rpc_gss_err()917 __rpc_gss_err()
918 {
919 	static thread_key_t rpc_gss_err_key = THR_ONCE_KEY;
920 	rpc_gss_error_t *tsd;
921 
922 	if (thr_main())
923 		return (&rpc_gss_err);
924 	if (thr_keycreate_once(&rpc_gss_err_key, free) != 0)
925 		return (&rpc_gss_err);
926 	tsd = pthread_getspecific(rpc_gss_err_key);
927 	if (tsd == NULL) {
928 		tsd = (rpc_gss_error_t *)calloc(1, sizeof (rpc_gss_error_t));
929 		if (thr_setspecific(rpc_gss_err_key, tsd) != 0) {
930 			if (tsd)
931 				free(tsd);
932 			return (&rpc_gss_err);
933 		}
934 	}
935 	return (tsd);
936 }
937