rpcgss: krb5: miscellaneous cleanup

Miscellaneous cosmetic fixes. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: J. Bruce Fields <bfields@fieldses.org> 2006-12-04 20:22:42 -0500
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2006-12-06 10:46:48 -0500
commit: 94efa93435383b08d822a40f24ff6f6ce1a888df (patch)
tree: d89f72c71ab1ea6c0a6ce5ef8af3ece1c2f510fa /net/sunrpc/auth_gss
parent: 717757ad1038ab6aacb89bad579c89b006efd913 (diff)
3 files changed, 15 insertions, 20 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index f42e453e63ea..d0bb5064f8c5 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -108,17 +108,17 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
        if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
                          md5cksum.data, md5cksum.len))
                return GSS_S_FAILURE;
-        memcpy(krb5_hdr + 16,
-               md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
+        memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
               KRB5_CKSUM_LENGTH);
        spin_lock(&krb5_seq_lock);
        seq_send = ctx->seq_send++;
        spin_unlock(&krb5_seq_lock);
-        if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
+        if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
-                               seq_send, krb5_hdr + 16, krb5_hdr + 8)))
+                               ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))
                return GSS_S_FAILURE;
-        return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
+        return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 75a75a6d1336..87f8977ccece 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -99,16 +99,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        /* XXX sanity-check bodysize?? */
        signalg = ptr[0] + (ptr[1] << 8);
-        sealalg = ptr[2] + (ptr[3] << 8);
+        if (signalg != SGN_ALG_DES_MAC_MD5)
-        /* Sanity checks */
-        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
-        if (sealalg != 0xffff)
+        sealalg = ptr[2] + (ptr[3] << 8);
+        if (sealalg != SEAL_ALG_NONE)
                return GSS_S_DEFECTIVE_TOKEN;
-        if (signalg != SGN_ALG_DES_MAC_MD5)
+        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
        if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index bf25f4d9acd1..fe25b3d898dc 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -159,7 +159,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
        krb5_hdr = ptr - 2;
        msg_start = krb5_hdr + 24;
-        /* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
        *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
        memset(krb5_hdr + 4, 0xff, 4);
@@ -196,7 +195,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
                                                                        pages))
                return GSS_S_FAILURE;
-        return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
+        return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
 u32
@@ -232,16 +231,14 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
        /* get the sign and seal algorithms */
        signalg = ptr[0] + (ptr[1] << 8);
-        sealalg = ptr[2] + (ptr[3] << 8);
+        if (signalg != SGN_ALG_DES_MAC_MD5)
-        /* Sanity checks */
-        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
+        sealalg = ptr[2] + (ptr[3] << 8);
        if (sealalg != SEAL_ALG_DES)
                return GSS_S_DEFECTIVE_TOKEN;
-        if (signalg != SGN_ALG_DES_MAC_MD5)
+        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
        if (gss_decrypt_xdr_buf(kctx->enc, buf,
author	J. Bruce Fields <bfields@fieldses.org>	2006-12-04 20:22:42 -0500
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2006-12-06 10:46:48 -0500
commit	94efa93435383b08d822a40f24ff6f6ce1a888df (patch)
tree	d89f72c71ab1ea6c0a6ce5ef8af3ece1c2f510fa /net/sunrpc/auth_gss
parent	717757ad1038ab6aacb89bad579c89b006efd913 (diff)

diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index f42e453e63ea..d0bb5064f8c5 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -108,17 +108,17 @@ gss_get_mic_kerberos(struct gss_ctx gss_ctx, struct xdr_buf text,
108	if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,	108	if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
109	md5cksum.data, md5cksum.len))	109	md5cksum.data, md5cksum.len))
110	return GSS_S_FAILURE;	110	return GSS_S_FAILURE;
111	memcpy(krb5_hdr + 16,	111
112	md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,	112	memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
113	KRB5_CKSUM_LENGTH);	113	KRB5_CKSUM_LENGTH);
114		114
115	spin_lock(&krb5_seq_lock);	115	spin_lock(&krb5_seq_lock);
116	seq_send = ctx->seq_send++;	116	seq_send = ctx->seq_send++;
117	spin_unlock(&krb5_seq_lock);	117	spin_unlock(&krb5_seq_lock);
118		118
119	if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,	119	if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
120	seq_send, krb5_hdr + 16, krb5_hdr + 8)))	120	ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))
121	return GSS_S_FAILURE;	121	return GSS_S_FAILURE;
122		122
123	return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);	123	return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
124	}	124	}


diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index 75a75a6d1336..87f8977ccece 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -99,16 +99,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
99	/* XXX sanity-check bodysize?? */	99	/* XXX sanity-check bodysize?? */
100		100
101	signalg = ptr[0] + (ptr[1] << 8);	101	signalg = ptr[0] + (ptr[1] << 8);
102	sealalg = ptr[2] + (ptr[3] << 8);	102	if (signalg != SGN_ALG_DES_MAC_MD5)
103
104	/* Sanity checks */
105
106	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))
107	return GSS_S_DEFECTIVE_TOKEN;	103	return GSS_S_DEFECTIVE_TOKEN;
108		104
109	if (sealalg != 0xffff)	105	sealalg = ptr[2] + (ptr[3] << 8);
		106	if (sealalg != SEAL_ALG_NONE)
110	return GSS_S_DEFECTIVE_TOKEN;	107	return GSS_S_DEFECTIVE_TOKEN;
111	if (signalg != SGN_ALG_DES_MAC_MD5)	108
		109	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))
112	return GSS_S_DEFECTIVE_TOKEN;	110	return GSS_S_DEFECTIVE_TOKEN;
113		111
114	if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))	112	if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))


diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index bf25f4d9acd1..fe25b3d898dc 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -159,7 +159,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
159	/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */	159	/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
160	krb5_hdr = ptr - 2;	160	krb5_hdr = ptr - 2;
161	msg_start = krb5_hdr + 24;	161	msg_start = krb5_hdr + 24;
162	/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
163		162
164	(__be16 )(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);	163	(__be16 )(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
165	memset(krb5_hdr + 4, 0xff, 4);	164	memset(krb5_hdr + 4, 0xff, 4);
@@ -196,7 +195,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
196	pages))	195	pages))
197	return GSS_S_FAILURE;	196	return GSS_S_FAILURE;
198		197
199	return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);	198	return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
200	}	199	}
201		200
202	u32	201	u32
@@ -232,16 +231,14 @@ gss_unwrap_kerberos(struct gss_ctx ctx, int offset, struct xdr_buf buf)
232	/* get the sign and seal algorithms */	231	/* get the sign and seal algorithms */
233		232
234	signalg = ptr[0] + (ptr[1] << 8);	233	signalg = ptr[0] + (ptr[1] << 8);
235	sealalg = ptr[2] + (ptr[3] << 8);	234	if (signalg != SGN_ALG_DES_MAC_MD5)
236
237	/* Sanity checks */
238
239	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))
240	return GSS_S_DEFECTIVE_TOKEN;	235	return GSS_S_DEFECTIVE_TOKEN;
241		236
		237	sealalg = ptr[2] + (ptr[3] << 8);
242	if (sealalg != SEAL_ALG_DES)	238	if (sealalg != SEAL_ALG_DES)
243	return GSS_S_DEFECTIVE_TOKEN;	239	return GSS_S_DEFECTIVE_TOKEN;
244	if (signalg != SGN_ALG_DES_MAC_MD5)	240
		241	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))
245	return GSS_S_DEFECTIVE_TOKEN;	242	return GSS_S_DEFECTIVE_TOKEN;
246		243
247	if (gss_decrypt_xdr_buf(kctx->enc, buf,	244	if (gss_decrypt_xdr_buf(kctx->enc, buf,