RPCSEC_GSS: krb5 pre-privacy cleanup

The code this was originally derived from processed wrap and mic tokens using the same functions. This required some contortions, and more would be required with the addition of xdr_buf's, so it's better to separate out the two code paths. In preparation for adding privacy support, remove the last vestiges of the old wrap token code. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: J. Bruce Fields <bfields@fieldses.org> 2005-10-13 16:55:08 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2005-10-19 02:19:45 -0400
commit: bfa91516b57483fc9c81d8d90325fd2c3c16ac48 (patch)
tree: ed5c63ec1aa88152b0991370f4a1dbcfff0cd15a /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent: f7b3af64c653c73feb060a9f94f2df9ab4bba4c3 (diff)
1 files changed, 6 insertions, 24 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 8767fc53183d..19eba3df6607 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -68,20 +68,13 @@
 #endif
-/* message_buffer is an input if toktype is MIC and an output if it is WRAP:
+/* read_token is a mic token, and message_buffer is the data that the mic was
- * If toktype is MIC: read_token is a mic token, and message_buffer is the
+ * supposedly taken over. */
- *   data that the mic was supposedly taken over.
- * If toktype is WRAP: read_token is a wrap token, and message_buffer is used
- *   to return the decrypted data.
- */
-/* XXX will need to change prototype and/or just split into a separate function
- * when we add privacy (because read_token will be in pages too). */
 u32
 krb5_read_token(struct krb5_ctx *ctx,
                struct xdr_netobj *read_token,
-                struct xdr_buf *message_buffer,
+                struct xdr_buf *message_buffer, int *qop_state)
-                int *qop_state, int toktype)
 {
        int                     signalg;
        int                     sealalg;
@@ -100,16 +93,12 @@ krb5_read_token(struct krb5_ctx *ctx,
                                        read_token->len))
                goto out;
-        if ((*ptr++ != ((toktype>>8)&0xff)) || (*ptr++ != (toktype&0xff)))
+        if ((*ptr++ != ((KG_TOK_MIC_MSG>>8)&0xff)) ||
+            (*ptr++ != ( KG_TOK_MIC_MSG    &0xff))   )
                goto out;
        /* XXX sanity-check bodysize?? */
-        if (toktype == KG_TOK_WRAP_MSG) {
-                /* XXX gone */
-                goto out;
-        }
        /* get the sign and seal algorithms */
        signalg = ptr[0] + (ptr[1] << 8);
@@ -120,14 +109,7 @@ krb5_read_token(struct krb5_ctx *ctx,
        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                goto out;
-        if (((toktype != KG_TOK_WRAP_MSG) && (sealalg != 0xffff)) ||
+        if (sealalg != 0xffff)
-            ((toktype == KG_TOK_WRAP_MSG) && (sealalg == 0xffff)))
-                goto out;
-        /* in the current spec, there is only one valid seal algorithm per
-           key type, so a simple comparison is ok */
-        if ((toktype == KG_TOK_WRAP_MSG) && !(sealalg == ctx->sealalg))
                goto out;
        /* there are several mappings of seal algorithms to sign algorithms,
author	J. Bruce Fields <bfields@fieldses.org>	2005-10-13 16:55:08 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2005-10-19 02:19:45 -0400
commit	bfa91516b57483fc9c81d8d90325fd2c3c16ac48 (patch)
tree	ed5c63ec1aa88152b0991370f4a1dbcfff0cd15a /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent	f7b3af64c653c73feb060a9f94f2df9ab4bba4c3 (diff)