-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The DCE extensions introduced the concept of IOV messages, but there was no way to just get a MIC for those messages. The IOV MIC GSSAPI extension add support for getting MICs for IOV messages. Closes #6
- Loading branch information
1 parent
bab5c52
commit 0606aaa
Showing
6 changed files
with
223 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
from gssapi.raw.cython_types cimport gss_buffer_desc, OM_uint32 | ||
|
||
cdef extern from "python_gssapi_ext.h": | ||
ctypedef struct gss_iov_buffer_desc: | ||
OM_uint32 type | ||
gss_buffer_desc buffer | ||
ctypedef gss_iov_buffer_desc* gss_iov_buffer_t | ||
|
||
cdef class IOV: | ||
cdef int iov_len | ||
cdef bint c_changed | ||
|
||
cdef bint _unprocessed | ||
cdef list _buffs | ||
cdef gss_iov_buffer_desc *_iov | ||
|
||
cdef gss_iov_buffer_desc* __cvalue__(IOV self) except NULL | ||
cdef _recreate_python_values(IOV self) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
GSSAPI="BASE" # This ensures that a full module is generated by Cython | ||
|
||
from gssapi.raw.cython_types cimport * | ||
from gssapi.raw.sec_contexts cimport SecurityContext | ||
from gssapi.raw.ext_dce cimport IOV, gss_iov_buffer_desc | ||
|
||
from gssapi.raw.misc import GSSError, _EnumExtension | ||
from gssapi.raw import ext_dce | ||
|
||
import six | ||
|
||
cdef extern from "python_gssapi_ext.h": | ||
OM_uint32 gss_get_mic_iov(OM_uint32 *min_stat, gss_ctx_id_t context_handle, | ||
gss_qop_t qop_req, gss_iov_buffer_desc *iov, | ||
int iov_count) nogil | ||
|
||
OM_uint32 gss_get_mic_iov_length(OM_uint32 *min_stat, | ||
gss_ctx_id_t context_handle, | ||
gss_qop_t qop_req, | ||
gss_iov_buffer_desc *iov, | ||
int iov_count) nogil | ||
|
||
OM_uint32 gss_verify_mic_iov(OM_uint32 *min_stat, | ||
gss_ctx_id_t context_handle, | ||
gss_qop_t *qop_state, | ||
gss_iov_buffer_desc *iov, | ||
int iov_count) nogil | ||
|
||
OM_uint32 GSS_IOV_BUFFER_TYPE_MIC_TOKEN | ||
|
||
|
||
@six.add_metaclass(_EnumExtension) | ||
class IOVBufferType(object): | ||
__base__ = ext_dce.IOVBufferType | ||
mic_token = GSS_IOV_BUFFER_TYPE_MIC_TOKEN | ||
|
||
|
||
IOV.AUTO_ALLOC_BUFFERS.add(IOVBufferType.mic_token) | ||
|
||
|
||
def get_mic_iov(SecurityContext context not None, IOV message not None, | ||
qop=None): | ||
""" | ||
Generate MIC tokens for the given IOV message | ||
This method generates a MIC token for the given IOV message, and places it | ||
in the :attr:`IOVBufferType.mic_token` buffer in the IOV. This method | ||
operates entirely in-place, and returns nothing. | ||
Args: | ||
context (SecurityContext): the current security context | ||
message (list): a list of :class:`IOVBuffer` objects | ||
qop (int): the desired Quality of Protection | ||
(or None for the default QoP) | ||
Raises: | ||
GSSError | ||
""" | ||
|
||
cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT | ||
|
||
cdef gss_iov_buffer_desc *res_arr = message.__cvalue__() | ||
|
||
cdef OM_uint32 maj_stat, min_stat | ||
|
||
with nogil: | ||
maj_stat = gss_get_mic_iov(&min_stat, context.raw_ctx, qop_req, | ||
res_arr, message.iov_len) | ||
|
||
if maj_stat == GSS_S_COMPLETE: | ||
message.c_changed = True | ||
return | ||
else: | ||
raise GSSError(maj_stat, min_stat) | ||
|
||
|
||
def get_mic_iov_length(SecurityContext context not None, IOV message not None, | ||
qop=None): | ||
""" | ||
Allocate space for the MIC buffer in the given IOV message | ||
This method allocates space for the MIC token buffer | ||
(:attr:`IOVBufferType.mic_token`) in the given IOV message. | ||
Args: | ||
context (SecurityContext): the current security context | ||
message (list): a list of :class:`IOVBuffer` objects | ||
qop (int): the desired Quality of Protection | ||
(or None for the default QoP) | ||
Raises: | ||
GSSError | ||
""" | ||
|
||
cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT | ||
|
||
cdef gss_iov_buffer_desc *res_arr = message.__cvalue__() | ||
|
||
cdef OM_uint32 maj_stat, min_stat | ||
|
||
with nogil: | ||
maj_stat = gss_get_mic_iov_length(&min_stat, context.raw_ctx, qop_req, | ||
res_arr, message.iov_len) | ||
|
||
if maj_stat == GSS_S_COMPLETE: | ||
message.c_changed = True | ||
return | ||
else: | ||
raise GSSError(maj_stat, min_stat) | ||
|
||
|
||
def verify_mic_iov(SecurityContext context not None, IOV message not None, | ||
qop=None): | ||
""" | ||
Verify that the MIC matches the data in the given IOV message | ||
This method verifies that the MIC token in the MIC buffer | ||
(:attr:`IOVBufferType.mic_token`) match the data buffer(s) | ||
in the given IOV method. | ||
Args: | ||
context (SecurityContext): the current security context | ||
message (list): a list of :class:`IOVBuffer` objects | ||
Returns: | ||
int: the QoP used to generate the MIC token | ||
Raises: | ||
GSSError | ||
""" | ||
|
||
cdef gss_iov_buffer_desc *res_arr = message.__cvalue__() | ||
|
||
cdef gss_qop_t qop_state | ||
|
||
cdef OM_uint32 maj_stat, min_stat | ||
|
||
with nogil: | ||
maj_stat = gss_verify_mic_iov(&min_stat, context.raw_ctx, &qop_state, | ||
res_arr, message.iov_len) | ||
|
||
if maj_stat == GSS_S_COMPLETE: | ||
return qop_state | ||
else: | ||
raise GSSError(maj_stat, min_stat) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters