diff options
| author | J. Bruce Fields <bfields@fieldses.org> | 2005-10-13 16:55:18 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2005-10-19 02:19:47 -0400 |
| commit | 00fd6e14255fe7a249315746386d640bc4e9e758 (patch) | |
| tree | 36d8fad57404c5ea96cdb6e5579f4241e2cd8188 /net/sunrpc/auth_gss | |
| parent | 14ae162c24d985593d5b19437d7f3d8fd0062b59 (diff) | |
RPCSEC_GSS remove all qop parameters
Not only are the qop parameters that are passed around throughout the gssapi
unused by any currently implemented mechanism, but there appears to be some
doubt as to whether they will ever be used. Let's just kill them off for now.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 20 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 12 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_seal.c | 5 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 5 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 11 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_mech_switch.c | 14 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_mech.c | 21 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_seal.c | 4 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_unseal.c | 2 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 9 |
10 files changed, 33 insertions, 70 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 5e4872058ec7..f44f46f1d8e0 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -854,9 +854,7 @@ gss_marshal(struct rpc_task *task, u32 *p) | |||
| 854 | *p++ = htonl(RPC_AUTH_GSS); | 854 | *p++ = htonl(RPC_AUTH_GSS); |
| 855 | 855 | ||
| 856 | mic.data = (u8 *)(p + 1); | 856 | mic.data = (u8 *)(p + 1); |
| 857 | maj_stat = gss_get_mic(ctx->gc_gss_ctx, | 857 | maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic); |
| 858 | GSS_C_QOP_DEFAULT, | ||
| 859 | &verf_buf, &mic); | ||
| 860 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) { | 858 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) { |
| 861 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; | 859 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; |
| 862 | } else if (maj_stat != 0) { | 860 | } else if (maj_stat != 0) { |
| @@ -888,7 +886,7 @@ gss_validate(struct rpc_task *task, u32 *p) | |||
| 888 | { | 886 | { |
| 889 | struct rpc_cred *cred = task->tk_msg.rpc_cred; | 887 | struct rpc_cred *cred = task->tk_msg.rpc_cred; |
| 890 | struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); | 888 | struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); |
| 891 | u32 seq, qop_state; | 889 | u32 seq; |
| 892 | struct kvec iov; | 890 | struct kvec iov; |
| 893 | struct xdr_buf verf_buf; | 891 | struct xdr_buf verf_buf; |
| 894 | struct xdr_netobj mic; | 892 | struct xdr_netobj mic; |
| @@ -909,7 +907,7 @@ gss_validate(struct rpc_task *task, u32 *p) | |||
| 909 | mic.data = (u8 *)p; | 907 | mic.data = (u8 *)p; |
| 910 | mic.len = len; | 908 | mic.len = len; |
| 911 | 909 | ||
| 912 | maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic, &qop_state); | 910 | maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic); |
| 913 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) | 911 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) |
| 914 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; | 912 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; |
| 915 | if (maj_stat) | 913 | if (maj_stat) |
| @@ -961,8 +959,7 @@ gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, | |||
| 961 | p = iov->iov_base + iov->iov_len; | 959 | p = iov->iov_base + iov->iov_len; |
| 962 | mic.data = (u8 *)(p + 1); | 960 | mic.data = (u8 *)(p + 1); |
| 963 | 961 | ||
| 964 | maj_stat = gss_get_mic(ctx->gc_gss_ctx, | 962 | maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic); |
| 965 | GSS_C_QOP_DEFAULT, &integ_buf, &mic); | ||
| 966 | status = -EIO; /* XXX? */ | 963 | status = -EIO; /* XXX? */ |
| 967 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) | 964 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) |
| 968 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; | 965 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; |
| @@ -1057,8 +1054,7 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, | |||
| 1057 | memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); | 1054 | memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); |
| 1058 | snd_buf->tail[0].iov_base = tmp; | 1055 | snd_buf->tail[0].iov_base = tmp; |
| 1059 | } | 1056 | } |
| 1060 | maj_stat = gss_wrap(ctx->gc_gss_ctx, GSS_C_QOP_DEFAULT, offset, | 1057 | maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages); |
| 1061 | snd_buf, inpages); | ||
| 1062 | /* RPC_SLACK_SPACE should prevent this ever happening: */ | 1058 | /* RPC_SLACK_SPACE should prevent this ever happening: */ |
| 1063 | BUG_ON(snd_buf->len > snd_buf->buflen); | 1059 | BUG_ON(snd_buf->len > snd_buf->buflen); |
| 1064 | status = -EIO; | 1060 | status = -EIO; |
| @@ -1150,8 +1146,7 @@ gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, | |||
| 1150 | if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) | 1146 | if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) |
| 1151 | return status; | 1147 | return status; |
| 1152 | 1148 | ||
| 1153 | maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, | 1149 | maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic); |
| 1154 | &mic, NULL); | ||
| 1155 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) | 1150 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) |
| 1156 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; | 1151 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; |
| 1157 | if (maj_stat != GSS_S_COMPLETE) | 1152 | if (maj_stat != GSS_S_COMPLETE) |
| @@ -1176,8 +1171,7 @@ gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, | |||
| 1176 | /* remove padding: */ | 1171 | /* remove padding: */ |
| 1177 | rcv_buf->len = offset + opaque_len; | 1172 | rcv_buf->len = offset + opaque_len; |
| 1178 | 1173 | ||
| 1179 | maj_stat = gss_unwrap(ctx->gc_gss_ctx, NULL, | 1174 | maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf); |
| 1180 | offset, rcv_buf); | ||
| 1181 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) | 1175 | if (maj_stat == GSS_S_CONTEXT_EXPIRED) |
| 1182 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; | 1176 | cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; |
| 1183 | if (maj_stat != GSS_S_COMPLETE) | 1177 | if (maj_stat != GSS_S_COMPLETE) |
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 37a9ad97ccd4..9ffac2c50b94 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
| @@ -193,15 +193,12 @@ gss_delete_sec_context_kerberos(void *internal_ctx) { | |||
| 193 | static u32 | 193 | static u32 |
| 194 | gss_verify_mic_kerberos(struct gss_ctx *ctx, | 194 | gss_verify_mic_kerberos(struct gss_ctx *ctx, |
| 195 | struct xdr_buf *message, | 195 | struct xdr_buf *message, |
| 196 | struct xdr_netobj *mic_token, | 196 | struct xdr_netobj *mic_token) |
| 197 | u32 *qstate) { | 197 | { |
| 198 | u32 maj_stat = 0; | 198 | u32 maj_stat = 0; |
| 199 | int qop_state; | ||
| 200 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | 199 | struct krb5_ctx *kctx = ctx->internal_ctx_id; |
| 201 | 200 | ||
| 202 | maj_stat = krb5_read_token(kctx, mic_token, message, &qop_state); | 201 | maj_stat = krb5_read_token(kctx, mic_token, message); |
| 203 | if (!maj_stat && qop_state) | ||
| 204 | *qstate = qop_state; | ||
| 205 | 202 | ||
| 206 | dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat); | 203 | dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat); |
| 207 | return maj_stat; | 204 | return maj_stat; |
| @@ -209,13 +206,12 @@ gss_verify_mic_kerberos(struct gss_ctx *ctx, | |||
| 209 | 206 | ||
| 210 | static u32 | 207 | static u32 |
| 211 | gss_get_mic_kerberos(struct gss_ctx *ctx, | 208 | gss_get_mic_kerberos(struct gss_ctx *ctx, |
| 212 | u32 qop, | ||
| 213 | struct xdr_buf *message, | 209 | struct xdr_buf *message, |
| 214 | struct xdr_netobj *mic_token) { | 210 | struct xdr_netobj *mic_token) { |
| 215 | u32 err = 0; | 211 | u32 err = 0; |
| 216 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | 212 | struct krb5_ctx *kctx = ctx->internal_ctx_id; |
| 217 | 213 | ||
| 218 | err = krb5_make_token(kctx, qop, message, mic_token); | 214 | err = krb5_make_token(kctx, message, mic_token); |
| 219 | 215 | ||
| 220 | dprintk("RPC: gss_get_mic_kerberos returning %d\n",err); | 216 | dprintk("RPC: gss_get_mic_kerberos returning %d\n",err); |
| 221 | 217 | ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index fb852d9ab06f..15227c727c8b 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c | |||
| @@ -71,7 +71,7 @@ | |||
| 71 | #endif | 71 | #endif |
| 72 | 72 | ||
| 73 | u32 | 73 | u32 |
| 74 | krb5_make_token(struct krb5_ctx *ctx, int qop_req, | 74 | krb5_make_token(struct krb5_ctx *ctx, |
| 75 | struct xdr_buf *text, struct xdr_netobj *token) | 75 | struct xdr_buf *text, struct xdr_netobj *token) |
| 76 | { | 76 | { |
| 77 | s32 checksum_type; | 77 | s32 checksum_type; |
| @@ -83,9 +83,6 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req, | |||
| 83 | 83 | ||
| 84 | now = get_seconds(); | 84 | now = get_seconds(); |
| 85 | 85 | ||
| 86 | if (qop_req != 0) | ||
| 87 | goto out_err; | ||
| 88 | |||
| 89 | switch (ctx->signalg) { | 86 | switch (ctx->signalg) { |
| 90 | case SGN_ALG_DES_MAC_MD5: | 87 | case SGN_ALG_DES_MAC_MD5: |
| 91 | checksum_type = CKSUMTYPE_RSA_MD5; | 88 | checksum_type = CKSUMTYPE_RSA_MD5; |
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index c3d6d1bc100c..bcf978627a71 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
| @@ -74,7 +74,7 @@ | |||
| 74 | u32 | 74 | u32 |
| 75 | krb5_read_token(struct krb5_ctx *ctx, | 75 | krb5_read_token(struct krb5_ctx *ctx, |
| 76 | struct xdr_netobj *read_token, | 76 | struct xdr_netobj *read_token, |
| 77 | struct xdr_buf *message_buffer, int *qop_state) | 77 | struct xdr_buf *message_buffer) |
| 78 | { | 78 | { |
| 79 | int signalg; | 79 | int signalg; |
| 80 | int sealalg; | 80 | int sealalg; |
| @@ -157,9 +157,6 @@ krb5_read_token(struct krb5_ctx *ctx, | |||
| 157 | 157 | ||
| 158 | /* it got through unscathed. Make sure the context is unexpired */ | 158 | /* it got through unscathed. Make sure the context is unexpired */ |
| 159 | 159 | ||
| 160 | if (qop_state) | ||
| 161 | *qop_state = GSS_C_QOP_DEFAULT; | ||
| 162 | |||
| 163 | now = get_seconds(); | 160 | now = get_seconds(); |
| 164 | 161 | ||
| 165 | ret = GSS_S_CONTEXT_EXPIRED; | 162 | ret = GSS_S_CONTEXT_EXPIRED; |
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index ddcde6e42b23..af777cf9f251 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c | |||
| @@ -116,7 +116,7 @@ make_confounder(char *p, int blocksize) | |||
| 116 | /* XXX factor out common code with seal/unseal. */ | 116 | /* XXX factor out common code with seal/unseal. */ |
| 117 | 117 | ||
| 118 | u32 | 118 | u32 |
| 119 | gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, | 119 | gss_wrap_kerberos(struct gss_ctx *ctx, int offset, |
| 120 | struct xdr_buf *buf, struct page **pages) | 120 | struct xdr_buf *buf, struct page **pages) |
| 121 | { | 121 | { |
| 122 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | 122 | struct krb5_ctx *kctx = ctx->internal_ctx_id; |
| @@ -132,9 +132,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, | |||
| 132 | 132 | ||
| 133 | now = get_seconds(); | 133 | now = get_seconds(); |
| 134 | 134 | ||
| 135 | if (qop != 0) | ||
| 136 | goto out_err; | ||
| 137 | |||
| 138 | switch (kctx->signalg) { | 135 | switch (kctx->signalg) { |
| 139 | case SGN_ALG_DES_MAC_MD5: | 136 | case SGN_ALG_DES_MAC_MD5: |
| 140 | checksum_type = CKSUMTYPE_RSA_MD5; | 137 | checksum_type = CKSUMTYPE_RSA_MD5; |
| @@ -229,8 +226,7 @@ out_err: | |||
| 229 | } | 226 | } |
| 230 | 227 | ||
| 231 | u32 | 228 | u32 |
| 232 | gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, | 229 | gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) |
| 233 | struct xdr_buf *buf) | ||
| 234 | { | 230 | { |
| 235 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | 231 | struct krb5_ctx *kctx = ctx->internal_ctx_id; |
| 236 | int signalg; | 232 | int signalg; |
| @@ -328,9 +324,6 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, | |||
| 328 | 324 | ||
| 329 | /* it got through unscathed. Make sure the context is unexpired */ | 325 | /* it got through unscathed. Make sure the context is unexpired */ |
| 330 | 326 | ||
| 331 | if (qop) | ||
| 332 | *qop = GSS_C_QOP_DEFAULT; | ||
| 333 | |||
| 334 | now = get_seconds(); | 327 | now = get_seconds(); |
| 335 | 328 | ||
| 336 | ret = GSS_S_CONTEXT_EXPIRED; | 329 | ret = GSS_S_CONTEXT_EXPIRED; |
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c index 06d97cb3481a..b048bf672da2 100644 --- a/net/sunrpc/auth_gss/gss_mech_switch.c +++ b/net/sunrpc/auth_gss/gss_mech_switch.c | |||
| @@ -250,13 +250,11 @@ gss_import_sec_context(const void *input_token, size_t bufsize, | |||
| 250 | 250 | ||
| 251 | u32 | 251 | u32 |
| 252 | gss_get_mic(struct gss_ctx *context_handle, | 252 | gss_get_mic(struct gss_ctx *context_handle, |
| 253 | u32 qop, | ||
| 254 | struct xdr_buf *message, | 253 | struct xdr_buf *message, |
| 255 | struct xdr_netobj *mic_token) | 254 | struct xdr_netobj *mic_token) |
| 256 | { | 255 | { |
| 257 | return context_handle->mech_type->gm_ops | 256 | return context_handle->mech_type->gm_ops |
| 258 | ->gss_get_mic(context_handle, | 257 | ->gss_get_mic(context_handle, |
| 259 | qop, | ||
| 260 | message, | 258 | message, |
| 261 | mic_token); | 259 | mic_token); |
| 262 | } | 260 | } |
| @@ -266,35 +264,31 @@ gss_get_mic(struct gss_ctx *context_handle, | |||
| 266 | u32 | 264 | u32 |
| 267 | gss_verify_mic(struct gss_ctx *context_handle, | 265 | gss_verify_mic(struct gss_ctx *context_handle, |
| 268 | struct xdr_buf *message, | 266 | struct xdr_buf *message, |
| 269 | struct xdr_netobj *mic_token, | 267 | struct xdr_netobj *mic_token) |
| 270 | u32 *qstate) | ||
| 271 | { | 268 | { |
| 272 | return context_handle->mech_type->gm_ops | 269 | return context_handle->mech_type->gm_ops |
| 273 | ->gss_verify_mic(context_handle, | 270 | ->gss_verify_mic(context_handle, |
| 274 | message, | 271 | message, |
| 275 | mic_token, | 272 | mic_token); |
| 276 | qstate); | ||
| 277 | } | 273 | } |
| 278 | 274 | ||
| 279 | u32 | 275 | u32 |
| 280 | gss_wrap(struct gss_ctx *ctx_id, | 276 | gss_wrap(struct gss_ctx *ctx_id, |
| 281 | u32 qop, | ||
| 282 | int offset, | 277 | int offset, |
| 283 | struct xdr_buf *buf, | 278 | struct xdr_buf *buf, |
| 284 | struct page **inpages) | 279 | struct page **inpages) |
| 285 | { | 280 | { |
| 286 | return ctx_id->mech_type->gm_ops | 281 | return ctx_id->mech_type->gm_ops |
| 287 | ->gss_wrap(ctx_id, qop, offset, buf, inpages); | 282 | ->gss_wrap(ctx_id, offset, buf, inpages); |
| 288 | } | 283 | } |
| 289 | 284 | ||
| 290 | u32 | 285 | u32 |
| 291 | gss_unwrap(struct gss_ctx *ctx_id, | 286 | gss_unwrap(struct gss_ctx *ctx_id, |
| 292 | u32 *qop, | ||
| 293 | int offset, | 287 | int offset, |
| 294 | struct xdr_buf *buf) | 288 | struct xdr_buf *buf) |
| 295 | { | 289 | { |
| 296 | return ctx_id->mech_type->gm_ops | 290 | return ctx_id->mech_type->gm_ops |
| 297 | ->gss_unwrap(ctx_id, qop, offset, buf); | 291 | ->gss_unwrap(ctx_id, offset, buf); |
| 298 | } | 292 | } |
| 299 | 293 | ||
| 300 | 294 | ||
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c index 6c97d61baa9b..39b3edc14694 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_mech.c +++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c | |||
| @@ -224,18 +224,13 @@ gss_delete_sec_context_spkm3(void *internal_ctx) { | |||
| 224 | static u32 | 224 | static u32 |
| 225 | gss_verify_mic_spkm3(struct gss_ctx *ctx, | 225 | gss_verify_mic_spkm3(struct gss_ctx *ctx, |
| 226 | struct xdr_buf *signbuf, | 226 | struct xdr_buf *signbuf, |
| 227 | struct xdr_netobj *checksum, | 227 | struct xdr_netobj *checksum) |
| 228 | u32 *qstate) { | 228 | { |
| 229 | u32 maj_stat = 0; | 229 | u32 maj_stat = 0; |
| 230 | int qop_state = 0; | ||
| 231 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; | 230 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; |
| 232 | 231 | ||
| 233 | dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); | 232 | dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); |
| 234 | maj_stat = spkm3_read_token(sctx, checksum, signbuf, &qop_state, | 233 | maj_stat = spkm3_read_token(sctx, checksum, signbuf, SPKM_MIC_TOK); |
| 235 | SPKM_MIC_TOK); | ||
| 236 | |||
| 237 | if (!maj_stat && qop_state) | ||
| 238 | *qstate = qop_state; | ||
| 239 | 234 | ||
| 240 | dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); | 235 | dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); |
| 241 | return maj_stat; | 236 | return maj_stat; |
| @@ -243,15 +238,15 @@ gss_verify_mic_spkm3(struct gss_ctx *ctx, | |||
| 243 | 238 | ||
| 244 | static u32 | 239 | static u32 |
| 245 | gss_get_mic_spkm3(struct gss_ctx *ctx, | 240 | gss_get_mic_spkm3(struct gss_ctx *ctx, |
| 246 | u32 qop, | ||
| 247 | struct xdr_buf *message_buffer, | 241 | struct xdr_buf *message_buffer, |
| 248 | struct xdr_netobj *message_token) { | 242 | struct xdr_netobj *message_token) |
| 243 | { | ||
| 249 | u32 err = 0; | 244 | u32 err = 0; |
| 250 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; | 245 | struct spkm3_ctx *sctx = ctx->internal_ctx_id; |
| 251 | 246 | ||
| 252 | dprintk("RPC: gss_get_mic_spkm3\n"); | 247 | dprintk("RPC: gss_get_mic_spkm3\n"); |
| 253 | 248 | ||
| 254 | err = spkm3_make_token(sctx, qop, message_buffer, | 249 | err = spkm3_make_token(sctx, message_buffer, |
| 255 | message_token, SPKM_MIC_TOK); | 250 | message_token, SPKM_MIC_TOK); |
| 256 | return err; | 251 | return err; |
| 257 | } | 252 | } |
| @@ -264,8 +259,8 @@ static struct gss_api_ops gss_spkm3_ops = { | |||
| 264 | }; | 259 | }; |
| 265 | 260 | ||
| 266 | static struct pf_desc gss_spkm3_pfs[] = { | 261 | static struct pf_desc gss_spkm3_pfs[] = { |
| 267 | {RPC_AUTH_GSS_SPKM, 0, RPC_GSS_SVC_NONE, "spkm3"}, | 262 | {RPC_AUTH_GSS_SPKM, RPC_GSS_SVC_NONE, "spkm3"}, |
| 268 | {RPC_AUTH_GSS_SPKMI, 0, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, | 263 | {RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, |
| 269 | }; | 264 | }; |
| 270 | 265 | ||
| 271 | static struct gss_api_mech gss_spkm3_mech = { | 266 | static struct gss_api_mech gss_spkm3_mech = { |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c index 25339868d462..148201e929d0 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_seal.c +++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c | |||
| @@ -51,7 +51,7 @@ | |||
| 51 | */ | 51 | */ |
| 52 | 52 | ||
| 53 | u32 | 53 | u32 |
| 54 | spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, | 54 | spkm3_make_token(struct spkm3_ctx *ctx, |
| 55 | struct xdr_buf * text, struct xdr_netobj * token, | 55 | struct xdr_buf * text, struct xdr_netobj * token, |
| 56 | int toktype) | 56 | int toktype) |
| 57 | { | 57 | { |
| @@ -68,8 +68,6 @@ spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, | |||
| 68 | dprintk("RPC: spkm3_make_token\n"); | 68 | dprintk("RPC: spkm3_make_token\n"); |
| 69 | 69 | ||
| 70 | now = jiffies; | 70 | now = jiffies; |
| 71 | if (qop_req != 0) | ||
| 72 | goto out_err; | ||
| 73 | 71 | ||
| 74 | if (ctx->ctx_id.len != 16) { | 72 | if (ctx->ctx_id.len != 16) { |
| 75 | dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n", | 73 | dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n", |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c index 65ce81bf0bc4..c3c0d9586103 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c +++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c | |||
| @@ -52,7 +52,7 @@ u32 | |||
| 52 | spkm3_read_token(struct spkm3_ctx *ctx, | 52 | spkm3_read_token(struct spkm3_ctx *ctx, |
| 53 | struct xdr_netobj *read_token, /* checksum */ | 53 | struct xdr_netobj *read_token, /* checksum */ |
| 54 | struct xdr_buf *message_buffer, /* signbuf */ | 54 | struct xdr_buf *message_buffer, /* signbuf */ |
| 55 | int *qop_state, int toktype) | 55 | int toktype) |
| 56 | { | 56 | { |
| 57 | s32 code; | 57 | s32 code; |
| 58 | struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; | 58 | struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index e3308195374e..e4ada15ed856 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
| @@ -566,8 +566,7 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, | |||
| 566 | 566 | ||
| 567 | if (rqstp->rq_deferred) /* skip verification of revisited request */ | 567 | if (rqstp->rq_deferred) /* skip verification of revisited request */ |
| 568 | return SVC_OK; | 568 | return SVC_OK; |
| 569 | if (gss_verify_mic(ctx_id, &rpchdr, &checksum, NULL) | 569 | if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) { |
| 570 | != GSS_S_COMPLETE) { | ||
| 571 | *authp = rpcsec_gsserr_credproblem; | 570 | *authp = rpcsec_gsserr_credproblem; |
| 572 | return SVC_DENIED; | 571 | return SVC_DENIED; |
| 573 | } | 572 | } |
| @@ -604,7 +603,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) | |||
| 604 | xdr_buf_from_iov(&iov, &verf_data); | 603 | xdr_buf_from_iov(&iov, &verf_data); |
| 605 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; | 604 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; |
| 606 | mic.data = (u8 *)(p + 1); | 605 | mic.data = (u8 *)(p + 1); |
| 607 | maj_stat = gss_get_mic(ctx_id, 0, &verf_data, &mic); | 606 | maj_stat = gss_get_mic(ctx_id, &verf_data, &mic); |
| 608 | if (maj_stat != GSS_S_COMPLETE) | 607 | if (maj_stat != GSS_S_COMPLETE) |
| 609 | return -1; | 608 | return -1; |
| 610 | *p++ = htonl(mic.len); | 609 | *p++ = htonl(mic.len); |
| @@ -710,7 +709,7 @@ unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) | |||
| 710 | goto out; | 709 | goto out; |
| 711 | if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) | 710 | if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) |
| 712 | goto out; | 711 | goto out; |
| 713 | maj_stat = gss_verify_mic(ctx, &integ_buf, &mic, NULL); | 712 | maj_stat = gss_verify_mic(ctx, &integ_buf, &mic); |
| 714 | if (maj_stat != GSS_S_COMPLETE) | 713 | if (maj_stat != GSS_S_COMPLETE) |
| 715 | goto out; | 714 | goto out; |
| 716 | if (ntohl(svc_getu32(&buf->head[0])) != seq) | 715 | if (ntohl(svc_getu32(&buf->head[0])) != seq) |
| @@ -1012,7 +1011,7 @@ svcauth_gss_release(struct svc_rqst *rqstp) | |||
| 1012 | resv = &resbuf->tail[0]; | 1011 | resv = &resbuf->tail[0]; |
| 1013 | } | 1012 | } |
| 1014 | mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; | 1013 | mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; |
| 1015 | if (gss_get_mic(gsd->rsci->mechctx, 0, &integ_buf, &mic)) | 1014 | if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic)) |
| 1016 | goto out_err; | 1015 | goto out_err; |
| 1017 | svc_putu32(resv, htonl(mic.len)); | 1016 | svc_putu32(resv, htonl(mic.len)); |
| 1018 | memset(mic.data + mic.len, 0, | 1017 | memset(mic.data + mic.len, 0, |