diff options
author | Kevin Coffman <kwc@citi.umich.edu> | 2008-04-30 12:45:53 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@citi.umich.edu> | 2008-06-23 13:47:25 -0400 |
commit | d00953a53e9a2edbe005c1e596f1e96a8a293401 (patch) | |
tree | 3e476deb8cfd5e97a48a725bb21af28dfdea879d /net/sunrpc/auth_gss/gss_krb5_unseal.c | |
parent | 8837abcab3d16608bd2c7fac051a839d48f2f30c (diff) |
gss_krb5: create a define for token header size and clean up ptr location
cleanup:
Document token header size with a #define instead of open-coding it.
Don't needlessly increment "ptr" past the beginning of the header
which makes the values passed to functions more understandable and
eliminates the need for extra "krb5_hdr" pointer.
Clean up some intersecting white-space issues flagged by checkpatch.pl.
This leaves the checksum length hard-coded at 8 for DES. A later patch
cleans that up.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_unseal.c')
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index d91a5d004803..066ec73c84d6 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
@@ -92,30 +92,30 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, | |||
92 | read_token->len)) | 92 | read_token->len)) |
93 | return GSS_S_DEFECTIVE_TOKEN; | 93 | return GSS_S_DEFECTIVE_TOKEN; |
94 | 94 | ||
95 | if ((*ptr++ != ((KG_TOK_MIC_MSG>>8)&0xff)) || | 95 | if ((ptr[0] != ((KG_TOK_MIC_MSG >> 8) & 0xff)) || |
96 | (*ptr++ != ( KG_TOK_MIC_MSG &0xff)) ) | 96 | (ptr[1] != (KG_TOK_MIC_MSG & 0xff))) |
97 | return GSS_S_DEFECTIVE_TOKEN; | 97 | return GSS_S_DEFECTIVE_TOKEN; |
98 | 98 | ||
99 | /* XXX sanity-check bodysize?? */ | 99 | /* XXX sanity-check bodysize?? */ |
100 | 100 | ||
101 | signalg = ptr[0] + (ptr[1] << 8); | 101 | signalg = ptr[2] + (ptr[3] << 8); |
102 | if (signalg != SGN_ALG_DES_MAC_MD5) | 102 | if (signalg != SGN_ALG_DES_MAC_MD5) |
103 | return GSS_S_DEFECTIVE_TOKEN; | 103 | return GSS_S_DEFECTIVE_TOKEN; |
104 | 104 | ||
105 | sealalg = ptr[2] + (ptr[3] << 8); | 105 | sealalg = ptr[4] + (ptr[5] << 8); |
106 | if (sealalg != SEAL_ALG_NONE) | 106 | if (sealalg != SEAL_ALG_NONE) |
107 | return GSS_S_DEFECTIVE_TOKEN; | 107 | return GSS_S_DEFECTIVE_TOKEN; |
108 | 108 | ||
109 | if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) | 109 | if ((ptr[6] != 0xff) || (ptr[7] != 0xff)) |
110 | return GSS_S_DEFECTIVE_TOKEN; | 110 | return GSS_S_DEFECTIVE_TOKEN; |
111 | 111 | ||
112 | if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum)) | 112 | if (make_checksum("md5", ptr, 8, message_buffer, 0, &md5cksum)) |
113 | return GSS_S_FAILURE; | 113 | return GSS_S_FAILURE; |
114 | 114 | ||
115 | if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16)) | 115 | if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16)) |
116 | return GSS_S_FAILURE; | 116 | return GSS_S_FAILURE; |
117 | 117 | ||
118 | if (memcmp(md5cksum.data + 8, ptr + 14, 8)) | 118 | if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8)) |
119 | return GSS_S_BAD_SIG; | 119 | return GSS_S_BAD_SIG; |
120 | 120 | ||
121 | /* it got through unscathed. Make sure the context is unexpired */ | 121 | /* it got through unscathed. Make sure the context is unexpired */ |
@@ -127,7 +127,7 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, | |||
127 | 127 | ||
128 | /* do sequencing checks */ | 128 | /* do sequencing checks */ |
129 | 129 | ||
130 | if (krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum)) | 130 | if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum)) |
131 | return GSS_S_FAILURE; | 131 | return GSS_S_FAILURE; |
132 | 132 | ||
133 | if ((ctx->initiate && direction != 0xff) || | 133 | if ((ctx->initiate && direction != 0xff) || |