]> pilppa.com Git - linux-2.6-omap-h63xx.git/commitdiff
gss: krb5: remove signalg and sealalg
authorJ. Bruce Fields <bfields@fieldses.org>
Tue, 5 Dec 2006 01:22:35 +0000 (20:22 -0500)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Wed, 6 Dec 2006 15:46:44 +0000 (10:46 -0500)
We designed the krb5 context import without completely understanding the
context.  Now it's clear that there are a number of fields that we ignore,
or that we depend on having one single value.

In particular, we only support one value of signalg currently; so let's
check the signalg field in the downcall (in case we decide there's
something else we could support here eventually), but ignore it otherwise.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
include/linux/sunrpc/gss_krb5.h
net/sunrpc/auth_gss/gss_krb5_mech.c
net/sunrpc/auth_gss/gss_krb5_seal.c
net/sunrpc/auth_gss/gss_krb5_wrap.c

index e30ba201910ae8c24dde51bd01451a6fca6e0614..f680ed3b1b5ee3c29fcda96c6ca32f809976d751 100644 (file)
@@ -44,7 +44,6 @@ struct krb5_ctx {
        int                     initiate; /* 1 = initiating, 0 = accepting */
        int                     seed_init;
        unsigned char           seed[16];
-       int                     signalg;
        int                     sealalg;
        struct crypto_blkcipher *enc;
        struct crypto_blkcipher *seq;
index 754b8cd6439f20e4157069ff9bbc5197b3e3010f..17587163fcaef5484a57acf64879d1cce811be7f 100644 (file)
@@ -129,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p,
 {
        const void *end = (const void *)((const char *)p + len);
        struct  krb5_ctx *ctx;
+       int tmp;
 
        if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
                goto out_err;
@@ -142,9 +143,11 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
+       p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;
+       if (tmp != SGN_ALG_DES_MAC_MD5)
+               goto out_err_free_ctx;
        p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
        if (IS_ERR(p))
                goto out_err_free_ctx;
index dc58af0b8b4c3b6ac487419f894e59ba1bd8425c..a496af585a08dc06276ab88a88e4d288e73a2aa7 100644 (file)
@@ -88,15 +88,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
        now = get_seconds();
 
-       switch (ctx->signalg) {
-               case SGN_ALG_DES_MAC_MD5:
-                       checksum_type = CKSUMTYPE_RSA_MD5;
-                       break;
-               default:
-                       dprintk("RPC:      gss_krb5_seal: ctx->signalg %d not"
-                               " supported\n", ctx->signalg);
-                       goto out_err;
-       }
+       checksum_type = CKSUMTYPE_RSA_MD5;
        if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
                dprintk("RPC:      gss_krb5_seal: ctx->sealalg %d not supported\n",
                        ctx->sealalg);
@@ -115,24 +107,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
        krb5_hdr = ptr - 2;
        msg_start = krb5_hdr + 24;
 
-       *(__be16 *)(krb5_hdr + 2) = htons(ctx->signalg);
+       *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
        memset(krb5_hdr + 4, 0xff, 4);
 
        if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
-                       goto out_err;
-
-       switch (ctx->signalg) {
-       case SGN_ALG_DES_MAC_MD5:
-               if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
-                                 md5cksum.data, md5cksum.len))
-                       goto out_err;
-               memcpy(krb5_hdr + 16,
-                      md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
-                      KRB5_CKSUM_LENGTH);
-               break;
-       default:
-               BUG();
-       }
+               goto out_err;
+
+       if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
+                         md5cksum.data, md5cksum.len))
+               goto out_err;
+       memcpy(krb5_hdr + 16,
+              md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
+              KRB5_CKSUM_LENGTH);
 
        spin_lock(&krb5_seq_lock);
        seq_send = ctx->seq_send++;
index ad243872f547a6396857bef84daa4bf942270c9f..eee49f4c4c6ae9bcb2a6c9ad3bd6ef24d5576355 100644 (file)
@@ -134,15 +134,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 
        now = get_seconds();
 
-       switch (kctx->signalg) {
-               case SGN_ALG_DES_MAC_MD5:
-                       checksum_type = CKSUMTYPE_RSA_MD5;
-                       break;
-               default:
-                       dprintk("RPC:      gss_krb5_seal: kctx->signalg %d not"
-                               " supported\n", kctx->signalg);
-                       goto out_err;
-       }
+       checksum_type = CKSUMTYPE_RSA_MD5;
        if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
                dprintk("RPC:      gss_krb5_seal: kctx->sealalg %d not supported\n",
                        kctx->sealalg);
@@ -177,7 +169,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        msg_start = krb5_hdr + 24;
        /* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
 
-       *(__be16 *)(krb5_hdr + 2) = htons(kctx->signalg);
+       *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
        memset(krb5_hdr + 4, 0xff, 4);
        *(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
 
@@ -191,18 +183,12 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
                goto out_err;
        buf->pages = tmp_pages;
 
-       switch (kctx->signalg) {
-       case SGN_ALG_DES_MAC_MD5:
-               if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
-                                 md5cksum.data, md5cksum.len))
-                       goto out_err;
-               memcpy(krb5_hdr + 16,
-                      md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
-                      KRB5_CKSUM_LENGTH);
-               break;
-       default:
-               BUG();
-       }
+       if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
+                         md5cksum.data, md5cksum.len))
+               goto out_err;
+       memcpy(krb5_hdr + 16,
+              md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
+              KRB5_CKSUM_LENGTH);
 
        spin_lock(&krb5_seq_lock);
        seq_send = kctx->seq_send++;