Commit 5eb064f9 authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Trond Myklebust

rpcgss: krb5: expect a constant signalg value

We also only ever receive one value of the signalg, so let's not pretend
otherwise
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent e678e06b
......@@ -112,30 +112,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
if (sealalg != 0xffff)
goto out;
/* there are several mappings of seal algorithms to sign algorithms,
but few enough that we can try them all. */
if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
(ctx->sealalg == SEAL_ALG_DES3KD &&
signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
if (signalg != SGN_ALG_DES_MAC_MD5)
goto out;
/* compute the checksum of the message */
/* initialize the the cksum */
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
checksum_type = CKSUMTYPE_RSA_MD5;
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out;
}
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
ret = make_checksum(checksum_type, ptr - 2, 8,
message_buffer, 0, &md5cksum);
if (ret)
......@@ -150,11 +134,6 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
ret = GSS_S_BAD_SIG;
goto out;
}
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out;
}
/* it got through unscathed. Make sure the context is unexpired */
......
......@@ -253,6 +253,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
if (sealalg == 0xffff)
goto out;
if (signalg != SGN_ALG_DES_MAC_MD5)
goto out;
/* in the current spec, there is only one valid seal algorithm per
key type, so a simple comparison is ok */
......@@ -276,17 +278,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
/* compute the checksum of the message */
/* initialize the the cksum */
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
checksum_type = CKSUMTYPE_RSA_MD5;
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out;
}
switch (signalg) {
case SGN_ALG_DES_MAC_MD5:
ret = make_checksum(checksum_type, ptr - 2, 8, buf,
ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
if (ret)
......@@ -301,11 +294,6 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
ret = GSS_S_BAD_SIG;
goto out;
}
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out;
}
/* it got through unscathed. Make sure the context is unexpired */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment