Commit 1dbd9029 authored by Kevin Coffman's avatar Kevin Coffman Committed by Trond Myklebust

gssd_krb5: More arcfour-hmac support

For the arcfour-hmac support, the make_seq_num and get_seq_num
functions need access to the kerberos context structure.
This will be used in a later patch.
Signed-off-by: default avatarKevin Coffman <kwc@citi.umich.edu>
Signed-off-by: default avatarSteve Dickson <steved@redhat.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent fc263a91
...@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf, ...@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
int offset); int offset);
s32 s32
krb5_make_seq_num(struct crypto_blkcipher *key, krb5_make_seq_num(struct krb5_ctx *kctx,
struct crypto_blkcipher *key,
int direction, int direction,
u32 seqnum, unsigned char *cksum, unsigned char *buf); u32 seqnum, unsigned char *cksum, unsigned char *buf);
s32 s32
krb5_get_seq_num(struct crypto_blkcipher *key, krb5_get_seq_num(struct krb5_ctx *kctx,
unsigned char *cksum, unsigned char *cksum,
unsigned char *buf, int *direction, u32 *seqnum); unsigned char *buf, int *direction, u32 *seqnum);
......
...@@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text, ...@@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
seq_send = ctx->seq_send++; seq_send = ctx->seq_send++;
spin_unlock(&krb5_seq_lock); spin_unlock(&krb5_seq_lock);
if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff,
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))
ptr + 8))
return GSS_S_FAILURE; return GSS_S_FAILURE;
return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
......
...@@ -40,7 +40,8 @@ ...@@ -40,7 +40,8 @@
#endif #endif
s32 s32
krb5_make_seq_num(struct crypto_blkcipher *key, krb5_make_seq_num(struct krb5_ctx *kctx,
struct crypto_blkcipher *key,
int direction, int direction,
u32 seqnum, u32 seqnum,
unsigned char *cksum, unsigned char *buf) unsigned char *cksum, unsigned char *buf)
...@@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key, ...@@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key,
} }
s32 s32
krb5_get_seq_num(struct crypto_blkcipher *key, krb5_get_seq_num(struct krb5_ctx *kctx,
unsigned char *cksum, unsigned char *cksum,
unsigned char *buf, unsigned char *buf,
int *direction, u32 *seqnum) int *direction, u32 *seqnum)
{ {
s32 code; s32 code;
unsigned char plain[8]; unsigned char plain[8];
struct crypto_blkcipher *key = kctx->seq;
dprintk("RPC: krb5_get_seq_num:\n"); dprintk("RPC: krb5_get_seq_num:\n");
......
...@@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, ...@@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
/* do sequencing checks */ /* do sequencing checks */
if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum)) if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
&direction, &seqnum))
return GSS_S_FAILURE; return GSS_S_FAILURE;
if ((ctx->initiate && direction != 0xff) || if ((ctx->initiate && direction != 0xff) ||
......
...@@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, ...@@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
/* XXX would probably be more efficient to compute checksum /* XXX would probably be more efficient to compute checksum
* and encrypt at the same time: */ * and encrypt at the same time: */
if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))) seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
return GSS_S_FAILURE; return GSS_S_FAILURE;
...@@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) ...@@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
/* do sequencing checks */ /* do sequencing checks */
if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,
&direction, &seqnum)) ptr + 8, &direction, &seqnum))
return GSS_S_BAD_SIG; return GSS_S_BAD_SIG;
if ((kctx->initiate && direction != 0xff) || if ((kctx->initiate && direction != 0xff) ||
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment