diff options
author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:03:04 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:20 -0400 |
commit | 1dbd9029f3024d058da1cf6c6658c28aac2e4e1c (patch) | |
tree | eb407d31f61ea8a14be6bb04aa09ed8980920025 | |
parent | fc263a917afad3bda7b823a6edc803a40e7f6015 (diff) |
gssd_krb5: More arcfour-hmac support
For the arcfour-hmac support, the make_seq_num and get_seq_num
functions need access to the kerberos context structure.
This will be used in a later patch.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 5 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_seal.c | 5 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_seqnum.c | 6 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 3 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 6 |
5 files changed, 14 insertions, 11 deletions
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index b0ab827add26..d840856edecc 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h | |||
@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf, | |||
275 | int offset); | 275 | int offset); |
276 | 276 | ||
277 | s32 | 277 | s32 |
278 | krb5_make_seq_num(struct crypto_blkcipher *key, | 278 | krb5_make_seq_num(struct krb5_ctx *kctx, |
279 | struct crypto_blkcipher *key, | ||
279 | int direction, | 280 | int direction, |
280 | u32 seqnum, unsigned char *cksum, unsigned char *buf); | 281 | u32 seqnum, unsigned char *cksum, unsigned char *buf); |
281 | 282 | ||
282 | s32 | 283 | s32 |
283 | krb5_get_seq_num(struct crypto_blkcipher *key, | 284 | krb5_get_seq_num(struct krb5_ctx *kctx, |
284 | unsigned char *cksum, | 285 | unsigned char *cksum, |
285 | unsigned char *buf, int *direction, u32 *seqnum); | 286 | unsigned char *buf, int *direction, u32 *seqnum); |
286 | 287 | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index e22fed3d9a1b..36fe487d93d2 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c | |||
@@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text, | |||
152 | seq_send = ctx->seq_send++; | 152 | seq_send = ctx->seq_send++; |
153 | spin_unlock(&krb5_seq_lock); | 153 | spin_unlock(&krb5_seq_lock); |
154 | 154 | ||
155 | if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, | 155 | if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff, |
156 | seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, | 156 | seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)) |
157 | ptr + 8)) | ||
158 | return GSS_S_FAILURE; | 157 | return GSS_S_FAILURE; |
159 | 158 | ||
160 | return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; | 159 | return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; |
diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c index 6331cd6866ec..83b593084976 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c +++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c | |||
@@ -40,7 +40,8 @@ | |||
40 | #endif | 40 | #endif |
41 | 41 | ||
42 | s32 | 42 | s32 |
43 | krb5_make_seq_num(struct crypto_blkcipher *key, | 43 | krb5_make_seq_num(struct krb5_ctx *kctx, |
44 | struct crypto_blkcipher *key, | ||
44 | int direction, | 45 | int direction, |
45 | u32 seqnum, | 46 | u32 seqnum, |
46 | unsigned char *cksum, unsigned char *buf) | 47 | unsigned char *cksum, unsigned char *buf) |
@@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key, | |||
61 | } | 62 | } |
62 | 63 | ||
63 | s32 | 64 | s32 |
64 | krb5_get_seq_num(struct crypto_blkcipher *key, | 65 | krb5_get_seq_num(struct krb5_ctx *kctx, |
65 | unsigned char *cksum, | 66 | unsigned char *cksum, |
66 | unsigned char *buf, | 67 | unsigned char *buf, |
67 | int *direction, u32 *seqnum) | 68 | int *direction, u32 *seqnum) |
68 | { | 69 | { |
69 | s32 code; | 70 | s32 code; |
70 | unsigned char plain[8]; | 71 | unsigned char plain[8]; |
72 | struct crypto_blkcipher *key = kctx->seq; | ||
71 | 73 | ||
72 | dprintk("RPC: krb5_get_seq_num:\n"); | 74 | dprintk("RPC: krb5_get_seq_num:\n"); |
73 | 75 | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index ef91366e3dea..97eb91b8c70c 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
@@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, | |||
131 | 131 | ||
132 | /* do sequencing checks */ | 132 | /* do sequencing checks */ |
133 | 133 | ||
134 | if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum)) | 134 | if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, |
135 | &direction, &seqnum)) | ||
135 | return GSS_S_FAILURE; | 136 | return GSS_S_FAILURE; |
136 | 137 | ||
137 | if ((ctx->initiate && direction != 0xff) || | 138 | if ((ctx->initiate && direction != 0xff) || |
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index 097cc27494cc..a95e7e0ac0e3 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c | |||
@@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, | |||
227 | 227 | ||
228 | /* XXX would probably be more efficient to compute checksum | 228 | /* XXX would probably be more efficient to compute checksum |
229 | * and encrypt at the same time: */ | 229 | * and encrypt at the same time: */ |
230 | if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, | 230 | if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff, |
231 | seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))) | 231 | seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))) |
232 | return GSS_S_FAILURE; | 232 | return GSS_S_FAILURE; |
233 | 233 | ||
@@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) | |||
314 | 314 | ||
315 | /* do sequencing checks */ | 315 | /* do sequencing checks */ |
316 | 316 | ||
317 | if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, | 317 | if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN, |
318 | &direction, &seqnum)) | 318 | ptr + 8, &direction, &seqnum)) |
319 | return GSS_S_BAD_SIG; | 319 | return GSS_S_BAD_SIG; |
320 | 320 | ||
321 | if ((kctx->initiate && direction != 0xff) || | 321 | if ((kctx->initiate && direction != 0xff) || |