Начало Каталог Помощ
Регистрация Вход
phyus
/
linux-vybrid_public
8
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
Преглед на файлове

gss: krb5: remove signalg and sealalg

We designed the krb5 context import without completely understanding the
context.  Now it's clear that there are a number of fields that we ignore,
or that we depend on having one single value.

In particular, we only support one value of signalg currently; so let's
check the signalg field in the downcall (in case we decide there's
something else we could support here eventually), but ignore it otherwise.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
J. Bruce Fields преди 18 години
родител
adeb8133dd
ревизия
e678e06bf8
променени са 4 файла, в които са добавени 22 реда и са изтрити 48 реда
Обединен изглед Покажи статистика за разликите
  1. 0 1
      include/linux/sunrpc/gss_krb5.h
  2. 4 1
      net/sunrpc/auth_gss/gss_krb5_mech.c
  3. 10 24
      net/sunrpc/auth_gss/gss_krb5_seal.c
  4. 8 22
      net/sunrpc/auth_gss/gss_krb5_wrap.c

+ 0 - 1
include/linux/sunrpc/gss_krb5.h
Целия файл 

@@ -44,7 +44,6 @@ struct krb5_ctx {
 
 	int			initiate; /* 1 = initiating, 0 = accepting */
 
 	int			initiate; /* 1 = initiating, 0 = accepting */
 
 	int			seed_init;
 
 	int			seed_init;
 
 	unsigned char		seed[16];
 
 	unsigned char		seed[16];
 
-	int			signalg;
 
 	int			sealalg;
 
 	int			sealalg;
 
 	struct crypto_blkcipher	*enc;
 
 	struct crypto_blkcipher	*enc;
 
 	struct crypto_blkcipher	*seq;
 
 	struct crypto_blkcipher	*seq;

+ 4 - 1
net/sunrpc/auth_gss/gss_krb5_mech.c
Целия файл 

@@ -129,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p,
 
 {
 
 {
 
 	const void *end = (const void *)((const char *)p + len);
 
 	const void *end = (const void *)((const char *)p + len);
 
 	struct	krb5_ctx *ctx;
 
 	struct	krb5_ctx *ctx;
 
+	int tmp;
 
 
 
 	if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
 
 	if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
 
 		goto out_err;
 
 		goto out_err;
 
@@ -142,9 +143,11 @@ gss_import_sec_context_kerberos(const void *p,
 
 	p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
 
 	p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
 
 	if (IS_ERR(p))
 
 	if (IS_ERR(p))
 
 		goto out_err_free_ctx;
 
 		goto out_err_free_ctx;
 
-	p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
 
+	p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
 
 	if (IS_ERR(p))
 
 	if (IS_ERR(p))
 
 		goto out_err_free_ctx;
 
 		goto out_err_free_ctx;
 
+	if (tmp != SGN_ALG_DES_MAC_MD5)
 
+		goto out_err_free_ctx;
 
 	p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
 
 	p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
 
 	if (IS_ERR(p))
 
 	if (IS_ERR(p))
 
 		goto out_err_free_ctx;
 
 		goto out_err_free_ctx;

+ 10 - 24
net/sunrpc/auth_gss/gss_krb5_seal.c
Целия файл 

@@ -88,15 +88,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
 
 
 	now = get_seconds();
 
 	now = get_seconds();
 
 
 
-	switch (ctx->signalg) {
 
-		case SGN_ALG_DES_MAC_MD5:
 
-			checksum_type = CKSUMTYPE_RSA_MD5;
 
-			break;
 
-		default:
 
-			dprintk("RPC:      gss_krb5_seal: ctx->signalg %d not"
 
-				" supported\n", ctx->signalg);
 
-			goto out_err;
 
-	}
 
+	checksum_type = CKSUMTYPE_RSA_MD5;
 
 	if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
 
 	if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
 
 		dprintk("RPC:      gss_krb5_seal: ctx->sealalg %d not supported\n",
 
 		dprintk("RPC:      gss_krb5_seal: ctx->sealalg %d not supported\n",
 
 			ctx->sealalg);
 
 			ctx->sealalg);
 
@@ -115,24 +107,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
 	krb5_hdr = ptr - 2;
 
 	krb5_hdr = ptr - 2;
 
 	msg_start = krb5_hdr + 24;
 
 	msg_start = krb5_hdr + 24;
 
 
 
-	*(__be16 *)(krb5_hdr + 2) = htons(ctx->signalg);
 
+	*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
 
 	memset(krb5_hdr + 4, 0xff, 4);
 
 	memset(krb5_hdr + 4, 0xff, 4);
 
 
 
 	if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
 
 	if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
 
-			goto out_err;
 
-
 
-	switch (ctx->signalg) {
 
-	case SGN_ALG_DES_MAC_MD5:
 
-		if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
 
-				  md5cksum.data, md5cksum.len))
 
-			goto out_err;
 
-		memcpy(krb5_hdr + 16,
 
-		       md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
 
-		       KRB5_CKSUM_LENGTH);
 
-		break;
 
-	default:
 
-		BUG();
 
-	}
 
+		goto out_err;
 
+
 
+	if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
 
+			  md5cksum.data, md5cksum.len))
 
+		goto out_err;
 
+	memcpy(krb5_hdr + 16,
 
+	       md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
 
+	       KRB5_CKSUM_LENGTH);
 
 
 
 	spin_lock(&krb5_seq_lock);
 
 	spin_lock(&krb5_seq_lock);
 
 	seq_send = ctx->seq_send++;
 
 	seq_send = ctx->seq_send++;

+ 8 - 22
net/sunrpc/auth_gss/gss_krb5_wrap.c
Целия файл 

@@ -134,15 +134,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 
 
 
 	now = get_seconds();
 
 	now = get_seconds();
 
 
 
-	switch (kctx->signalg) {
 
-		case SGN_ALG_DES_MAC_MD5:
 
-			checksum_type = CKSUMTYPE_RSA_MD5;
 
-			break;
 
-		default:
 
-			dprintk("RPC:      gss_krb5_seal: kctx->signalg %d not"
 
-				" supported\n", kctx->signalg);
 
-			goto out_err;
 
-	}
 
+	checksum_type = CKSUMTYPE_RSA_MD5;
 
 	if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
 
 	if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
 
 		dprintk("RPC:      gss_krb5_seal: kctx->sealalg %d not supported\n",
 
 		dprintk("RPC:      gss_krb5_seal: kctx->sealalg %d not supported\n",
 
 			kctx->sealalg);
 
 			kctx->sealalg);
 
@@ -177,7 +169,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 
 	msg_start = krb5_hdr + 24;
 
 	msg_start = krb5_hdr + 24;
 
 	/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
 
 	/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
 
 
 
-	*(__be16 *)(krb5_hdr + 2) = htons(kctx->signalg);
 
+	*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
 
 	memset(krb5_hdr + 4, 0xff, 4);
 
 	memset(krb5_hdr + 4, 0xff, 4);
 
 	*(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
 
 	*(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
 
 
 
@@ -191,18 +183,12 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 
 		goto out_err;
 
 		goto out_err;
 
 	buf->pages = tmp_pages;
 
 	buf->pages = tmp_pages;
 
 
 
-	switch (kctx->signalg) {
 
-	case SGN_ALG_DES_MAC_MD5:
 
-		if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
 
-				  md5cksum.data, md5cksum.len))
 
-			goto out_err;
 
-		memcpy(krb5_hdr + 16,
 
-		       md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
 
-		       KRB5_CKSUM_LENGTH);
 
-		break;
 
-	default:
 
-		BUG();
 
-	}
 
+	if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
 
+			  md5cksum.data, md5cksum.len))
 
+		goto out_err;
 
+	memcpy(krb5_hdr + 16,
 
+	       md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
 
+	       KRB5_CKSUM_LENGTH);
 
 
 
 	spin_lock(&krb5_seq_lock);
 
 	spin_lock(&krb5_seq_lock);
 
 	seq_send = kctx->seq_send++;
 
 	seq_send = kctx->seq_send++;