本文整理汇总了C++中AUTH_PRIVATE函数的典型用法代码示例。如果您正苦于以下问题:C++ AUTH_PRIVATE函数的具体用法?C++ AUTH_PRIVATE怎么用?C++ AUTH_PRIVATE使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了AUTH_PRIVATE函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: authdes_validate
/*
* 3. Validate
*/
static bool
authdes_validate(AUTH *auth, struct opaque_auth *rverf)
{
/* LINTED pointer alignment */
struct ad_private *ad = AUTH_PRIVATE(auth);
struct authdes_verf verf;
int status;
uint32_t *ixdr;
des_block buf;
if (rverf->oa_length != (2 + 1) * BYTES_PER_XDR_UNIT)
return (false);
/* LINTED pointer alignment */
ixdr = (uint32_t *) rverf->oa_base;
buf.key.high = (uint32_t) *ixdr++;
buf.key.low = (uint32_t) *ixdr++;
verf.adv_int_u = (uint32_t) *ixdr++;
/*
* Decrypt the timestamp
*/
status =
ecb_crypt((char *)&auth->ah_key, (char *)&buf,
(u_int) sizeof(des_block), DES_DECRYPT | DES_HW);
if (DES_FAILED(status)) {
__warnx(TIRPC_DEBUG_FLAG_AUTH,
"authdes_validate: DES decryption failure");
return (false);
}
/*
* xdr the decrypted timestamp
*/
/* LINTED pointer alignment */
ixdr = (uint32_t *) buf.c;
verf.adv_timestamp.tv_sec = IXDR_GET_INT32(ixdr) + 1;
verf.adv_timestamp.tv_usec = IXDR_GET_INT32(ixdr);
/*
* validate
*/
if (bcmp
((char *)&ad->ad_timestamp, (char *)&verf.adv_timestamp,
sizeof(struct timeval)) != 0) {
__warnx(TIRPC_DEBUG_FLAG_AUTH,
"authdes_validate: verifier mismatch");
return (false);
}
/*
* We have a nickname now, let's use it
*/
ad->ad_nickname = verf.adv_nickname;
ad->ad_cred.adc_namekind = ADN_NICKNAME;
return (true);
}
示例2: authunix_destroy
static void
authunix_destroy(AUTH *auth)
{
struct audata *au = AUTH_PRIVATE(auth);
assert(auth != NULL);
mem_free(au, sizeof(*au));
}
示例3: auth_gssapi_marshall
/*
* Function: auth_gssapi_marhsall
*
* Purpose: Marshall RPC credentials and verifier onto xdr stream.
*
* Arguments:
*
* auth (r/w) AUTH structure for client
* xdrs (r/w) XDR stream to marshall to
*
* Returns: boolean indicating success/failure
*
* Effects:
*
* The pre-serialized credentials in cred_buf are serialized. If the
* context is established, the sealed sequence number is serialized as
* the verifier. If the context is not established, an empty verifier
* is serialized. The sequence number is *not* incremented, because
* this function is called multiple times if retransmission is required.
*
* If this took all the header fields as arguments, it could sign
* them.
*/
static bool_t auth_gssapi_marshall(
AUTH *auth,
XDR *xdrs)
{
OM_uint32 minor_stat;
gss_buffer_desc out_buf;
uint32_t seq_num;
if (AUTH_PRIVATE(auth)->established == TRUE) {
PRINTF(("gssapi_marshall: starting\n"));
seq_num = AUTH_PRIVATE(auth)->seq_num + 1;
PRINTF(("gssapi_marshall: sending seq_num %d\n", seq_num));
if (auth_gssapi_seal_seq(AUTH_PRIVATE(auth)->context, seq_num,
&out_buf) == FALSE) {
PRINTF(("gssapi_marhshall: seal failed\n"));
}
auth->ah_verf.oa_base = out_buf.value;
auth->ah_verf.oa_length = out_buf.length;
if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
(void) gss_release_buffer(&minor_stat, &out_buf);
return FALSE;
}
(void) gss_release_buffer(&minor_stat, &out_buf);
} else {
PRINTF(("gssapi_marshall: not established, sending null verf\n"));
auth->ah_verf.oa_base = NULL;
auth->ah_verf.oa_length = 0;
if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
return FALSE;
}
}
return TRUE;
}
示例4: authunix_marshal
static bool
authunix_marshal(AUTH *auth, XDR *xdrs)
{
struct audata *au = AUTH_PRIVATE(auth);
assert(auth != NULL);
assert(xdrs != NULL);
return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos));
}
示例5: authdes_destroy
/*
* 5. Destroy
*/
static void
authdes_destroy (AUTH *auth)
{
struct ad_private *ad = AUTH_PRIVATE (auth);
FREE (ad->ad_fullname, ad->ad_fullnamelen + 1);
FREE (ad->ad_servername, ad->ad_servernamelen + 1);
FREE (ad, sizeof (struct ad_private));
FREE (auth, sizeof (AUTH));
}
示例6: marshall_new_creds
/*
* Function: marshall_new_creds
*
* Purpose: (pre-)serialize auth_msg and client_handle fields of
* auth_gssapi_creds into auth->cred_buf
*
* Arguments:
*
* auth (r/w) the AUTH structure to modify
* auth_msg (r) the auth_msg field to serialize
* client_handle (r) the client_handle field to serialize, or
* NULL
*
* Returns: TRUE if successful, FALSE if not
*
* Requires: auth must point to a valid GSS-API auth structure, auth_msg
* must be TRUE or FALSE, client_handle must be a gss_buffer_t with a valid
* value and length field or NULL.
*
* Effects: auth->ah_cred is set to the serialized auth_gssapi_creds
* version 2 structure (stored in the cred_buf field of private data)
* containing version, auth_msg and client_handle.
* auth->ah_cred.oa_flavor is set to AUTH_GSSAPI. If cliend_handle is
* NULL, it is treated as if it had a length of 0 and a value of NULL.
*
* Modifies: auth
*/
static bool_t marshall_new_creds(
AUTH *auth,
bool_t auth_msg,
gss_buffer_t client_handle)
{
auth_gssapi_creds creds;
XDR xdrs;
PRINTF(("marshall_new_creds: starting\n"));
creds.version = 2;
creds.auth_msg = auth_msg;
if (client_handle)
GSS_COPY_BUFFER(creds.client_handle, *client_handle)
else {
creds.client_handle.length = 0;
creds.client_handle.value = NULL;
}
xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
MAX_AUTH_BYTES, XDR_ENCODE);
if (! xdr_authgssapi_creds(&xdrs, &creds)) {
PRINTF(("marshall_new_creds: failed encoding auth_gssapi_creds\n"));
XDR_DESTROY(&xdrs);
return FALSE;
}
AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);
XDR_DESTROY(&xdrs);
PRINTF(("marshall_new_creds: auth_gssapi_creds is %d bytes\n",
AUTH_PRIVATE(auth)->cred_len));
auth->ah_cred.oa_flavor = AUTH_GSSAPI;
auth->ah_cred.oa_base = (char *) AUTH_PRIVATE(auth)->cred_buf;
auth->ah_cred.oa_length = AUTH_PRIVATE(auth)->cred_len;
PRINTF(("marshall_new_creds: succeeding\n"));
return TRUE;
}
示例7: authgss_validate
static bool_t
authgss_validate(AUTH *auth, struct opaque_auth *verf)
{
struct rpc_gss_data *gd;
u_int num, qop_state;
gss_buffer_desc signbuf, checksum;
OM_uint32 maj_stat, min_stat;
log_debug("in authgss_validate()");
gd = AUTH_PRIVATE(auth);
if (gd->established == FALSE) {
/* would like to do this only on NULL rpc --
* gc->established is good enough.
* save the on the wire verifier to validate last
* INIT phase packet after decode if the major
* status is GSS_S_COMPLETE
*/
if ((gd->gc_wire_verf.value =
mem_alloc(verf->oa_length)) == NULL) {
fprintf(stderr, "gss_validate: out of memory\n");
return (FALSE);
}
memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
gd->gc_wire_verf.length = verf->oa_length;
return (TRUE);
}
if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
num = htonl(gd->win);
}
else num = htonl(gd->gc.gc_seq);
signbuf.value = #
signbuf.length = sizeof(num);
checksum.value = verf->oa_base;
checksum.length = verf->oa_length;
maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
&checksum, &qop_state);
if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
log_status("gss_verify_mic", maj_stat, min_stat);
if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
gd->established = FALSE;
authgss_destroy_context(auth);
}
return (FALSE);
}
return (TRUE);
}
示例8: authdes_validate
/*
* 3. Validate
*/
static bool_t
authdes_validate (AUTH *auth, struct opaque_auth *rverf)
{
struct ad_private *ad = AUTH_PRIVATE (auth);
struct authdes_verf verf;
int status;
register uint32_t *ixdr;
if (rverf->oa_length != (2 + 1) * BYTES_PER_XDR_UNIT)
return FALSE;
ixdr = (uint32_t *) rverf->oa_base;
verf.adv_xtimestamp.key.high = *ixdr++;
verf.adv_xtimestamp.key.low = *ixdr++;
verf.adv_int_u = *ixdr++; /* nickname not XDR'd ! */
/*
* Decrypt the timestamp
*/
status = ecb_crypt ((char *) &auth->ah_key, (char *) &verf.adv_xtimestamp,
sizeof (des_block), DES_DECRYPT | DES_HW);
if (DES_FAILED (status))
{
debug ("authdes_validate: DES decryption failure");
return FALSE;
}
/*
* xdr the decrypted timestamp
*/
ixdr = (uint32_t *) verf.adv_xtimestamp.c;
verf.adv_timestamp.tv_sec = IXDR_GET_U_INT32 (ixdr) + 1;
verf.adv_timestamp.tv_usec = IXDR_GET_U_INT32 (ixdr);
/*
* validate
*/
if (memcmp ((char *) &ad->ad_timestamp, (char *) &verf.adv_timestamp,
sizeof (struct rpc_timeval)) != 0)
{
debug ("authdes_validate: verifier mismatch\n");
return FALSE;
}
/*
* We have a nickname now, let's use it
*/
ad->ad_nickname = verf.adv_nickname;
ad->ad_cred.adc_namekind = ADN_NICKNAME;
return TRUE;
}
示例9: rpc_gss_validate
static bool_t
rpc_gss_validate(AUTH *auth, struct opaque_auth *verf)
{
struct rpc_gss_data *gd;
gss_qop_t qop_state;
uint32_t num;
gss_buffer_desc signbuf, checksum;
OM_uint32 maj_stat, min_stat;
log_debug("in rpc_gss_validate()");
gd = AUTH_PRIVATE(auth);
if (gd->gd_state == RPCSEC_GSS_CONTEXT) {
/*
* Save the on the wire verifier to validate last INIT
* phase packet after decode if the major status is
* GSS_S_COMPLETE.
*/
if (gd->gd_verf.value)
xdr_free((xdrproc_t) xdr_gss_buffer_desc,
(char *) &gd->gd_verf);
gd->gd_verf.value = mem_alloc(verf->oa_length);
if (gd->gd_verf.value == NULL) {
fprintf(stderr, "gss_validate: out of memory\n");
_rpc_gss_set_error(RPC_GSS_ER_SYSTEMERROR, ENOMEM);
return (FALSE);
}
memcpy(gd->gd_verf.value, verf->oa_base, verf->oa_length);
gd->gd_verf.length = verf->oa_length;
return (TRUE);
}
num = htonl(gd->gd_cred.gc_seq);
signbuf.value = #
signbuf.length = sizeof(num);
checksum.value = verf->oa_base;
checksum.length = verf->oa_length;
maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx, &signbuf,
&checksum, &qop_state);
if (maj_stat != GSS_S_COMPLETE || qop_state != gd->gd_qop) {
log_status("gss_verify_mic", gd->gd_mech, maj_stat, min_stat);
if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
rpc_gss_destroy_context(auth, TRUE);
}
_rpc_gss_set_error(RPC_GSS_ER_SYSTEMERROR, EPERM);
return (FALSE);
}
return (TRUE);
}
示例10: auth_gssapi_unwrap
/*
* Function: auth_gssapi_unwrap
*
* Purpose: read encrypted arguments from xdrs, decrypt, and
* deserialize with xdr_func into xdr_ptr.
*
* Effects: See design doc, section XXX.
*/
static bool_t auth_gssapi_unwrap(
AUTH *auth,
XDR *in_xdrs,
bool_t (*xdr_func)(),
caddr_t xdr_ptr)
{
OM_uint32 gssstat, minor_stat;
if (! AUTH_PRIVATE(auth)->established) {
PRINTF(("gssapi_unwrap: context not established, noop\n"));
return (*xdr_func)(in_xdrs, xdr_ptr);
} else if (! auth_gssapi_unwrap_data(&gssstat, &minor_stat,
AUTH_PRIVATE(auth)->context,
AUTH_PRIVATE(auth)->seq_num,
in_xdrs, xdr_func, xdr_ptr)) {
if (gssstat != GSS_S_COMPLETE)
AUTH_GSSAPI_DISPLAY_STATUS(("decrypting function arguments",
gssstat, minor_stat));
return FALSE;
} else
return TRUE;
}
示例11: auth_gssapi_refresh
/*
* Function: auth_gssapi_refresh
*
* Purpose: Attempts to resyncrhonize the sequence number.
*
* Effects:
*
* When the server receives a properly authenticated RPC call, it
* increments the sequence number it is expecting from the client.
* But if the server's response is lost for any reason, the client
* can't know whether the server ever received it, assumes it didn't,
* and does *not* increment its sequence number. Thus, the client's
* next call will fail with AUTH_REJECTEDCRED because the server will
* think it is a replay attack.
*
* When an AUTH_REJECTEDCRED error arrives, this function attempts to
* resyncrhonize by incrementing the client's sequence number and
* returning TRUE. If any other error arrives, it returns FALSE.
*/
static bool_t auth_gssapi_refresh(
AUTH *auth,
struct rpc_msg *msg)
{
if (msg->rm_reply.rp_rjct.rj_stat == AUTH_ERROR &&
msg->rm_reply.rp_rjct.rj_why == AUTH_REJECTEDVERF) {
PRINTF(("gssapi_refresh: rejected verifier, incrementing\n"));
AUTH_PRIVATE(auth)->seq_num++;
return TRUE;
} else {
PRINTF(("gssapi_refresh: failing\n"));
return FALSE;
}
}
示例12: auth_gssapi_validate
/*
* Function: auth_gssapi_validate
*
* Purpose: Validate RPC response verifier from server.
*
* Effects: See design document, section XXX.
*/
static bool_t auth_gssapi_validate(
AUTH *auth,
struct opaque_auth *verf)
{
gss_buffer_desc in_buf;
uint32_t seq_num;
if (AUTH_PRIVATE(auth)->established == FALSE) {
PRINTF(("gssapi_validate: not established, noop\n"));
return TRUE;
}
PRINTF(("gssapi_validate: starting\n"));
in_buf.length = verf->oa_length;
in_buf.value = verf->oa_base;
if (auth_gssapi_unseal_seq(AUTH_PRIVATE(auth)->context, &in_buf,
&seq_num) == FALSE) {
PRINTF(("gssapi_validate: failed unsealing verifier\n"));
return FALSE;
}
/* we sent seq_num+1, so we should get back seq_num+2 */
if (AUTH_PRIVATE(auth)->seq_num+2 != seq_num) {
PRINTF(("gssapi_validate: expecting seq_num %d, got %d (%#x)\n",
AUTH_PRIVATE(auth)->seq_num + 2, seq_num, seq_num));
return FALSE;
}
PRINTF(("gssapi_validate: seq_num %d okay\n", seq_num));
/* +1 for successful transmission, +1 for successful validation */
AUTH_PRIVATE(auth)->seq_num += 2;
PRINTF(("gssapi_validate: succeeding\n"));
return TRUE;
}
示例13: marshal_new_auth
/*
* Marshals (pre-serializes) an auth struct.
* sets private data, au_marshed and au_mpos
*/
static void
marshal_new_auth(AUTH *auth)
{
XDR xdr_stream;
XDR *xdrs = &xdr_stream;
struct audata *au = AUTH_PRIVATE(auth);
xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
(! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
perror("auth_none.c - Fatal marshalling problem");
} else {
au->au_mpos = XDR_GETPOS(xdrs);
}
XDR_DESTROY(xdrs);
}
示例14: authgss_unwrap
bool_t
authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
{
struct rpc_gss_data *gd;
log_debug("in authgss_unwrap()");
gd = AUTH_PRIVATE(auth);
if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
return ((*xdr_func)(xdrs, xdr_ptr));
}
return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
gd->ctx, gd->sec.qop,
gd->sec.svc, gd->gc.gc_seq));
}
示例15: authgss_service
bool_t
authgss_service(AUTH *auth, int svc)
{
struct rpc_gss_data *gd;
log_debug("in authgss_service()");
if (!auth)
return(FALSE);
gd = AUTH_PRIVATE(auth);
if (!gd || !gd->established)
return (FALSE);
gd->sec.svc = svc;
gd->gc.gc_svc = svc;
return (TRUE);
}