gssd_krb5: More arcfour-hmac support
For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
fc263a917a
commit
1dbd9029f3
|
@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
|
|||
int offset);
|
||||
|
||||
s32
|
||||
krb5_make_seq_num(struct crypto_blkcipher *key,
|
||||
krb5_make_seq_num(struct krb5_ctx *kctx,
|
||||
struct crypto_blkcipher *key,
|
||||
int direction,
|
||||
u32 seqnum, unsigned char *cksum, unsigned char *buf);
|
||||
|
||||
s32
|
||||
krb5_get_seq_num(struct crypto_blkcipher *key,
|
||||
krb5_get_seq_num(struct krb5_ctx *kctx,
|
||||
unsigned char *cksum,
|
||||
unsigned char *buf, int *direction, u32 *seqnum);
|
||||
|
||||
|
|
|
@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
|
|||
seq_send = ctx->seq_send++;
|
||||
spin_unlock(&krb5_seq_lock);
|
||||
|
||||
if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
|
||||
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN,
|
||||
ptr + 8))
|
||||
if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff,
|
||||
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
|
||||
|
|
|
@ -40,7 +40,8 @@
|
|||
#endif
|
||||
|
||||
s32
|
||||
krb5_make_seq_num(struct crypto_blkcipher *key,
|
||||
krb5_make_seq_num(struct krb5_ctx *kctx,
|
||||
struct crypto_blkcipher *key,
|
||||
int direction,
|
||||
u32 seqnum,
|
||||
unsigned char *cksum, unsigned char *buf)
|
||||
|
@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key,
|
|||
}
|
||||
|
||||
s32
|
||||
krb5_get_seq_num(struct crypto_blkcipher *key,
|
||||
krb5_get_seq_num(struct krb5_ctx *kctx,
|
||||
unsigned char *cksum,
|
||||
unsigned char *buf,
|
||||
int *direction, u32 *seqnum)
|
||||
{
|
||||
s32 code;
|
||||
unsigned char plain[8];
|
||||
struct crypto_blkcipher *key = kctx->seq;
|
||||
|
||||
dprintk("RPC: krb5_get_seq_num:\n");
|
||||
|
||||
|
|
|
@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
|
|||
|
||||
/* do sequencing checks */
|
||||
|
||||
if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
|
||||
if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
|
||||
&direction, &seqnum))
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
if ((ctx->initiate && direction != 0xff) ||
|
||||
|
|
|
@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
|
|||
|
||||
/* XXX would probably be more efficient to compute checksum
|
||||
* and encrypt at the same time: */
|
||||
if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
|
||||
if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,
|
||||
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
|
@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
|||
|
||||
/* do sequencing checks */
|
||||
|
||||
if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
|
||||
&direction, &seqnum))
|
||||
if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,
|
||||
ptr + 8, &direction, &seqnum))
|
||||
return GSS_S_BAD_SIG;
|
||||
|
||||
if ((kctx->initiate && direction != 0xff) ||
|
||||
|
|
Loading…
Reference in New Issue