gss: krb5: remove signalg and sealalg
We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
adeb8133dd
commit
e678e06bf8
|
@ -44,7 +44,6 @@ struct krb5_ctx {
|
|||
int initiate; /* 1 = initiating, 0 = accepting */
|
||||
int seed_init;
|
||||
unsigned char seed[16];
|
||||
int signalg;
|
||||
int sealalg;
|
||||
struct crypto_blkcipher *enc;
|
||||
struct crypto_blkcipher *seq;
|
||||
|
|
|
@ -129,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p,
|
|||
{
|
||||
const void *end = (const void *)((const char *)p + len);
|
||||
struct krb5_ctx *ctx;
|
||||
int tmp;
|
||||
|
||||
if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
|
||||
goto out_err;
|
||||
|
@ -142,9 +143,11 @@ gss_import_sec_context_kerberos(const void *p,
|
|||
p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_ctx;
|
||||
p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
|
||||
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_ctx;
|
||||
if (tmp != SGN_ALG_DES_MAC_MD5)
|
||||
goto out_err_free_ctx;
|
||||
p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_ctx;
|
||||
|
|
|
@ -88,15 +88,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
|
|||
|
||||
now = get_seconds();
|
||||
|
||||
switch (ctx->signalg) {
|
||||
case SGN_ALG_DES_MAC_MD5:
|
||||
checksum_type = CKSUMTYPE_RSA_MD5;
|
||||
break;
|
||||
default:
|
||||
dprintk("RPC: gss_krb5_seal: ctx->signalg %d not"
|
||||
" supported\n", ctx->signalg);
|
||||
goto out_err;
|
||||
}
|
||||
checksum_type = CKSUMTYPE_RSA_MD5;
|
||||
if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
|
||||
dprintk("RPC: gss_krb5_seal: ctx->sealalg %d not supported\n",
|
||||
ctx->sealalg);
|
||||
|
@ -115,24 +107,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
|
|||
krb5_hdr = ptr - 2;
|
||||
msg_start = krb5_hdr + 24;
|
||||
|
||||
*(__be16 *)(krb5_hdr + 2) = htons(ctx->signalg);
|
||||
*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
|
||||
memset(krb5_hdr + 4, 0xff, 4);
|
||||
|
||||
if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
|
||||
goto out_err;
|
||||
goto out_err;
|
||||
|
||||
switch (ctx->signalg) {
|
||||
case SGN_ALG_DES_MAC_MD5:
|
||||
if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
|
||||
md5cksum.data, md5cksum.len))
|
||||
goto out_err;
|
||||
memcpy(krb5_hdr + 16,
|
||||
md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
|
||||
KRB5_CKSUM_LENGTH);
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
}
|
||||
if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
|
||||
md5cksum.data, md5cksum.len))
|
||||
goto out_err;
|
||||
memcpy(krb5_hdr + 16,
|
||||
md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
|
||||
KRB5_CKSUM_LENGTH);
|
||||
|
||||
spin_lock(&krb5_seq_lock);
|
||||
seq_send = ctx->seq_send++;
|
||||
|
|
|
@ -134,15 +134,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
|
|||
|
||||
now = get_seconds();
|
||||
|
||||
switch (kctx->signalg) {
|
||||
case SGN_ALG_DES_MAC_MD5:
|
||||
checksum_type = CKSUMTYPE_RSA_MD5;
|
||||
break;
|
||||
default:
|
||||
dprintk("RPC: gss_krb5_seal: kctx->signalg %d not"
|
||||
" supported\n", kctx->signalg);
|
||||
goto out_err;
|
||||
}
|
||||
checksum_type = CKSUMTYPE_RSA_MD5;
|
||||
if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
|
||||
dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n",
|
||||
kctx->sealalg);
|
||||
|
@ -177,7 +169,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
|
|||
msg_start = krb5_hdr + 24;
|
||||
/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
|
||||
|
||||
*(__be16 *)(krb5_hdr + 2) = htons(kctx->signalg);
|
||||
*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
|
||||
memset(krb5_hdr + 4, 0xff, 4);
|
||||
*(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
|
||||
|
||||
|
@ -191,18 +183,12 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
|
|||
goto out_err;
|
||||
buf->pages = tmp_pages;
|
||||
|
||||
switch (kctx->signalg) {
|
||||
case SGN_ALG_DES_MAC_MD5:
|
||||
if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
|
||||
md5cksum.data, md5cksum.len))
|
||||
goto out_err;
|
||||
memcpy(krb5_hdr + 16,
|
||||
md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
|
||||
KRB5_CKSUM_LENGTH);
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
}
|
||||
if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
|
||||
md5cksum.data, md5cksum.len))
|
||||
goto out_err;
|
||||
memcpy(krb5_hdr + 16,
|
||||
md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
|
||||
KRB5_CKSUM_LENGTH);
|
||||
|
||||
spin_lock(&krb5_seq_lock);
|
||||
seq_send = kctx->seq_send++;
|
||||
|
|
Loading…
Reference in New Issue