Commit 94efa934 authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Trond Myklebust

rpcgss: krb5: miscellaneous cleanup

Miscellaneous cosmetic fixes.
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 717757ad
...@@ -108,17 +108,17 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, ...@@ -108,17 +108,17 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
md5cksum.data, md5cksum.len)) md5cksum.data, md5cksum.len))
return GSS_S_FAILURE; return GSS_S_FAILURE;
memcpy(krb5_hdr + 16,
md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH, memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
KRB5_CKSUM_LENGTH); KRB5_CKSUM_LENGTH);
spin_lock(&krb5_seq_lock); spin_lock(&krb5_seq_lock);
seq_send = ctx->seq_send++; seq_send = ctx->seq_send++;
spin_unlock(&krb5_seq_lock); spin_unlock(&krb5_seq_lock);
if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
seq_send, krb5_hdr + 16, krb5_hdr + 8))) ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))
return GSS_S_FAILURE; return GSS_S_FAILURE;
return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
} }
...@@ -99,16 +99,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, ...@@ -99,16 +99,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
/* XXX sanity-check bodysize?? */ /* XXX sanity-check bodysize?? */
signalg = ptr[0] + (ptr[1] << 8); signalg = ptr[0] + (ptr[1] << 8);
sealalg = ptr[2] + (ptr[3] << 8); if (signalg != SGN_ALG_DES_MAC_MD5)
/* Sanity checks */
if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
if (sealalg != 0xffff) sealalg = ptr[2] + (ptr[3] << 8);
if (sealalg != SEAL_ALG_NONE)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
if (signalg != SGN_ALG_DES_MAC_MD5)
if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum)) if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))
......
...@@ -159,7 +159,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, ...@@ -159,7 +159,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
krb5_hdr = ptr - 2; krb5_hdr = ptr - 2;
msg_start = krb5_hdr + 24; msg_start = krb5_hdr + 24;
/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
*(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5); *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
memset(krb5_hdr + 4, 0xff, 4); memset(krb5_hdr + 4, 0xff, 4);
...@@ -196,7 +195,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, ...@@ -196,7 +195,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
pages)) pages))
return GSS_S_FAILURE; return GSS_S_FAILURE;
return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
} }
u32 u32
...@@ -232,16 +231,14 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) ...@@ -232,16 +231,14 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
/* get the sign and seal algorithms */ /* get the sign and seal algorithms */
signalg = ptr[0] + (ptr[1] << 8); signalg = ptr[0] + (ptr[1] << 8);
sealalg = ptr[2] + (ptr[3] << 8); if (signalg != SGN_ALG_DES_MAC_MD5)
/* Sanity checks */
if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
sealalg = ptr[2] + (ptr[3] << 8);
if (sealalg != SEAL_ALG_DES) if (sealalg != SEAL_ALG_DES)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
if (signalg != SGN_ALG_DES_MAC_MD5)
if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
if (gss_decrypt_xdr_buf(kctx->enc, buf, if (gss_decrypt_xdr_buf(kctx->enc, buf,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment