rpcgss: krb5: expect a constant signalg value

We also only ever receive one value of the signalg, so let's not pretend otherwise Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: J. Bruce Fields <bfields@fieldses.org> 2006-12-04 20:22:36 -0500
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2006-12-06 10:46:45 -0500
commit: 5eb064f93973def1ec2ab4a46929e94389a6283b (patch)
tree: ce51f825db0318ee1e5c75e64c9dd0f60f31fda0 /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent: e678e06bf8fa25981a6fa1f08b979fd086d713f8 (diff)
1 files changed, 13 insertions, 34 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 0828cf64100..23b509dedf9 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -112,47 +112,26 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        if (sealalg != 0xffff)
                goto out;
+        if (signalg != SGN_ALG_DES_MAC_MD5)
-        /* there are several mappings of seal algorithms to sign algorithms,
-           but few enough that we can try them all. */
-        if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
-            (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
-            (ctx->sealalg == SEAL_ALG_DES3KD &&
-             signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
                goto out;
        /* compute the checksum of the message */
        /* initialize the the cksum */
-        switch (signalg) {
+        checksum_type = CKSUMTYPE_RSA_MD5;
-        case SGN_ALG_DES_MAC_MD5:
-                checksum_type = CKSUMTYPE_RSA_MD5;
+        ret = make_checksum(checksum_type, ptr - 2, 8,
-                break;
+                                 message_buffer, 0, &md5cksum);
-        default:
+        if (ret)
-                ret = GSS_S_DEFECTIVE_TOKEN;
+                goto out;
+        ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
+                           md5cksum.data, 16);
+        if (ret)
                goto out;
-        }
-        switch (signalg) {
+        if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
-        case SGN_ALG_DES_MAC_MD5:
+                ret = GSS_S_BAD_SIG;
-                ret = make_checksum(checksum_type, ptr - 2, 8,
-                                         message_buffer, 0, &md5cksum);
-                if (ret)
-                        goto out;
-                ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
-                                   md5cksum.data, 16);
-                if (ret)
-                        goto out;
-                if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
-                        ret = GSS_S_BAD_SIG;
-                        goto out;
-                }
-                break;
-        default:
-                ret = GSS_S_DEFECTIVE_TOKEN;
                goto out;
        }
author	J. Bruce Fields <bfields@fieldses.org>	2006-12-04 20:22:36 -0500
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2006-12-06 10:46:45 -0500
commit	5eb064f93973def1ec2ab4a46929e94389a6283b (patch)
tree	ce51f825db0318ee1e5c75e64c9dd0f60f31fda0 /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent	e678e06bf8fa25981a6fa1f08b979fd086d713f8 (diff)

diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index 0828cf64100..23b509dedf9 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -112,47 +112,26 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
112		112
113	if (sealalg != 0xffff)	113	if (sealalg != 0xffff)
114	goto out;	114	goto out;
115		115	if (signalg != SGN_ALG_DES_MAC_MD5)
116	/* there are several mappings of seal algorithms to sign algorithms,
117	but few enough that we can try them all. */
118
119	if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) \|\|
120	(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) \|\|
121	(ctx->sealalg == SEAL_ALG_DES3KD &&
122	signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
123	goto out;	116	goto out;
124		117
125	/* compute the checksum of the message */	118	/* compute the checksum of the message */
126		119
127	/* initialize the the cksum */	120	/* initialize the the cksum */
128	switch (signalg) {	121	checksum_type = CKSUMTYPE_RSA_MD5;
129	case SGN_ALG_DES_MAC_MD5:	122
130	checksum_type = CKSUMTYPE_RSA_MD5;	123	ret = make_checksum(checksum_type, ptr - 2, 8,
131	break;	124	message_buffer, 0, &md5cksum);
132	default:	125	if (ret)
133	ret = GSS_S_DEFECTIVE_TOKEN;	126	goto out;
		127
		128	ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
		129	md5cksum.data, 16);
		130	if (ret)
134	goto out;	131	goto out;
135	}
136		132
137	switch (signalg) {	133	if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
138	case SGN_ALG_DES_MAC_MD5:	134	ret = GSS_S_BAD_SIG;
139	ret = make_checksum(checksum_type, ptr - 2, 8,
140	message_buffer, 0, &md5cksum);
141	if (ret)
142	goto out;
143
144	ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
145	md5cksum.data, 16);
146	if (ret)
147	goto out;
148
149	if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
150	ret = GSS_S_BAD_SIG;
151	goto out;
152	}
153	break;
154	default:
155	ret = GSS_S_DEFECTIVE_TOKEN;
156	goto out;	135	goto out;
157	}	136	}
158		137