diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:02:51 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:16 -0400 |
| commit | 81d4a4333a1dfd6070f046265d928bb4c79aff88 (patch) | |
| tree | 652fce6cd75be7388f0cd5c45aec653814710791 /net/sunrpc/auth_gss/gss_krb5_unseal.c | |
| parent | a8cc1cb7d7a12b0e2855832d10cfbfaffebfad6c (diff) | |
gss_krb5: introduce encryption type framework
Add enctype framework and change functions to use the generic
values from it rather than the values hard-coded for des.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_unseal.c')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index 069d4b59807a..10ee641a39d0 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * | 3 | * |
| 4 | * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/k5unseal.c | 4 | * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/k5unseal.c |
| 5 | * | 5 | * |
| 6 | * Copyright (c) 2000 The Regents of the University of Michigan. | 6 | * Copyright (c) 2000-2008 The Regents of the University of Michigan. |
| 7 | * All rights reserved. | 7 | * All rights reserved. |
| 8 | * | 8 | * |
| 9 | * Andy Adamson <andros@umich.edu> | 9 | * Andy Adamson <andros@umich.edu> |
| @@ -76,8 +76,9 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, | |||
| 76 | { | 76 | { |
| 77 | int signalg; | 77 | int signalg; |
| 78 | int sealalg; | 78 | int sealalg; |
| 79 | char cksumdata[16]; | 79 | char cksumdata[GSS_KRB5_MAX_CKSUM_LEN]; |
| 80 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | 80 | struct xdr_netobj md5cksum = {.len = sizeof(cksumdata), |
| 81 | .data = cksumdata}; | ||
| 81 | s32 now; | 82 | s32 now; |
| 82 | int direction; | 83 | int direction; |
| 83 | u32 seqnum; | 84 | u32 seqnum; |
| @@ -97,7 +98,7 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, | |||
| 97 | /* XXX sanity-check bodysize?? */ | 98 | /* XXX sanity-check bodysize?? */ |
| 98 | 99 | ||
| 99 | signalg = ptr[2] + (ptr[3] << 8); | 100 | signalg = ptr[2] + (ptr[3] << 8); |
| 100 | if (signalg != SGN_ALG_DES_MAC_MD5) | 101 | if (signalg != ctx->gk5e->signalg) |
| 101 | return GSS_S_DEFECTIVE_TOKEN; | 102 | return GSS_S_DEFECTIVE_TOKEN; |
| 102 | 103 | ||
| 103 | sealalg = ptr[4] + (ptr[5] << 8); | 104 | sealalg = ptr[4] + (ptr[5] << 8); |
| @@ -107,13 +108,15 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, | |||
| 107 | if ((ptr[6] != 0xff) || (ptr[7] != 0xff)) | 108 | if ((ptr[6] != 0xff) || (ptr[7] != 0xff)) |
| 108 | return GSS_S_DEFECTIVE_TOKEN; | 109 | return GSS_S_DEFECTIVE_TOKEN; |
| 109 | 110 | ||
| 110 | if (make_checksum("md5", ptr, 8, message_buffer, 0, &md5cksum)) | 111 | if (make_checksum((char *)ctx->gk5e->cksum_name, ptr, 8, |
| 112 | message_buffer, 0, &md5cksum)) | ||
| 111 | return GSS_S_FAILURE; | 113 | return GSS_S_FAILURE; |
| 112 | 114 | ||
| 113 | if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16)) | 115 | if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16)) |
| 114 | return GSS_S_FAILURE; | 116 | return GSS_S_FAILURE; |
| 115 | 117 | ||
| 116 | if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8)) | 118 | if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, |
| 119 | ctx->gk5e->cksumlength)) | ||
| 117 | return GSS_S_BAD_SIG; | 120 | return GSS_S_BAD_SIG; |
| 118 | 121 | ||
| 119 | /* it got through unscathed. Make sure the context is unexpired */ | 122 | /* it got through unscathed. Make sure the context is unexpired */ |