gss_krb5: document that we ignore sequence number
A couple times recently somebody has noticed that we're ignoring a sequence number here and wondered whether there's a bug. In fact, there's not. Thanks to Andy Adamson for pointing out a useful explanation in rfc 2203. Add comments citing that rfc, and remove "seqnum" to prevent static checkers complaining about unused variables. Reported-by: Andi Kleen <andi@firstfloor.org> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
b26ec9b11b
commit
5d6baef9ab
|
@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
|
|||
struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
|
||||
.data = cksumdata};
|
||||
s32 now;
|
||||
u64 seqnum;
|
||||
u8 *ptr = read_token->data;
|
||||
u8 *cksumkey;
|
||||
u8 flags;
|
||||
|
@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
|
|||
if (now > ctx->endtime)
|
||||
return GSS_S_CONTEXT_EXPIRED;
|
||||
|
||||
/* do sequencing checks */
|
||||
|
||||
seqnum = be64_to_cpup((__be64 *)ptr + 8);
|
||||
/*
|
||||
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
|
||||
* doesn't want it checked; see page 6 of rfc 2203.
|
||||
*/
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
|
|
@ -489,7 +489,6 @@ static u32
|
|||
gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
||||
{
|
||||
s32 now;
|
||||
u64 seqnum;
|
||||
u8 *ptr;
|
||||
u8 flags = 0x00;
|
||||
u16 ec, rrc;
|
||||
|
@ -525,7 +524,10 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
|||
ec = be16_to_cpup((__be16 *)(ptr + 4));
|
||||
rrc = be16_to_cpup((__be16 *)(ptr + 6));
|
||||
|
||||
seqnum = be64_to_cpup((__be64 *)(ptr + 8));
|
||||
/*
|
||||
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
|
||||
* doesn't want it checked; see page 6 of rfc 2203.
|
||||
*/
|
||||
|
||||
if (rrc != 0)
|
||||
rotate_left(offset + 16, buf, rrc);
|
||||
|
|
Loading…
Reference in New Issue