gss_krb5: split up functions in preparation of adding new enctypes

Add encryption type to the krb5 context structure and use it to switch to the correct functions depending on the encryption type. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Kevin Coffman <kwc@citi.umich.edu> 2010-03-17 13:02:49 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-05-14 15:09:15 -0400
commit: 1ac3719a2214c545c7e19d34e272a148ca9a24f1 (patch)
tree: ae1a3f88f85aad50c03cd0960b3fbc392561c673 /net/sunrpc/auth_gss
parent: 54ec3d462f3c2a3fe48a7bd592160bee31360087 (diff)
4 files changed, 68 insertions, 12 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 2deb0ed72ff4..0cd940e897ed 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
        if (IS_ERR(p))
                goto out_err_free_ctx;
+        ctx->enctype = ENCTYPE_DES_CBC_RAW;
        /* The downcall format was designed before we completely understood
         * the uses of the context fields; so it includes some stuff we
         * just give some minimal sanity-checking, and some we ignore
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 88fe6e75ed7e..71c2014e7ebf 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -70,11 +70,10 @@
 DEFINE_SPINLOCK(krb5_seq_lock);
-u32
+static u32
-gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
                struct xdr_netobj *token)
 {
-        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
        char                    cksumdata[16];
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        unsigned char           *ptr, *msg_start;
@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
        return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
+u32
+gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+                     struct xdr_netobj *token)
+{
+        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
+        switch (ctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_get_mic_v1(ctx, text, token);
+        }
+}
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index ce6c247edad0..069d4b59807a 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -70,11 +70,10 @@
 /* read_token is a mic token, and message_buffer is the data that the mic was
 * supposedly taken over. */
-u32
+static u32
-gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+gss_verify_mic_v1(struct krb5_ctx *ctx,
                struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
 {
-        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
        int                     signalg;
        int                     sealalg;
        char                    cksumdata[16];
@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        return GSS_S_COMPLETE;
 }
+u32
+gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+                        struct xdr_buf *message_buffer,
+                        struct xdr_netobj *read_token)
+{
+        struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
+        switch (ctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_verify_mic_v1(ctx, message_buffer, read_token);
+        }
+}
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 5d6c3b12ea70..b45b59b17ae1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
 /* XXX factor out common code with seal/unseal. */
-u32
+static u32
-gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
+gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
                struct xdr_buf *buf, struct page **pages)
 {
-        struct krb5_ctx         *kctx = ctx->internal_ctx_id;
        char                    cksumdata[16];
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        int                     blocksize = 0, plainlen;
@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
-u32
+static u32
-gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
+gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
 {
-        struct krb5_ctx         *kctx = ctx->internal_ctx_id;
        int                     signalg;
        int                     sealalg;
        char                    cksumdata[16];
@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
        return GSS_S_COMPLETE;
 }
+u32
+gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
+                  struct xdr_buf *buf, struct page **pages)
+{
+        struct krb5_ctx *kctx = gctx->internal_ctx_id;
+        switch (kctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
+        }
+}
+u32
+gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct xdr_buf *buf)
+{
+        struct krb5_ctx *kctx = gctx->internal_ctx_id;
+        switch (kctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_unwrap_kerberos_v1(kctx, offset, buf);
+        }
+}
author	Kevin Coffman <kwc@citi.umich.edu>	2010-03-17 13:02:49 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2010-05-14 15:09:15 -0400
commit	1ac3719a2214c545c7e19d34e272a148ca9a24f1 (patch)
tree	ae1a3f88f85aad50c03cd0960b3fbc392561c673 /net/sunrpc/auth_gss
parent	54ec3d462f3c2a3fe48a7bd592160bee31360087 (diff)

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 2deb0ed72ff4..0cd940e897ed 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
139	p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));	139	p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
140	if (IS_ERR(p))	140	if (IS_ERR(p))
141	goto out_err_free_ctx;	141	goto out_err_free_ctx;
		142	ctx->enctype = ENCTYPE_DES_CBC_RAW;
142	/* The downcall format was designed before we completely understood	143	/* The downcall format was designed before we completely understood
143	* the uses of the context fields; so it includes some stuff we	144	* the uses of the context fields; so it includes some stuff we
144	* just give some minimal sanity-checking, and some we ignore	145	* just give some minimal sanity-checking, and some we ignore


diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index 88fe6e75ed7e..71c2014e7ebf 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -70,11 +70,10 @@
70		70
71	DEFINE_SPINLOCK(krb5_seq_lock);	71	DEFINE_SPINLOCK(krb5_seq_lock);
72		72
73	u32	73	static u32
74	gss_get_mic_kerberos(struct gss_ctx gss_ctx, struct xdr_buf text,	74	gss_get_mic_v1(struct krb5_ctx ctx, struct xdr_buf text,
75	struct xdr_netobj *token)	75	struct xdr_netobj *token)
76	{	76	{
77	struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
78	char cksumdata[16];	77	char cksumdata[16];
79	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};	78	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
80	unsigned char ptr, msg_start;	79	unsigned char ptr, msg_start;
@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx gss_ctx, struct xdr_buf text,
120		119
121	return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;	120	return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
122	}	121	}
		122
		123	u32
		124	gss_get_mic_kerberos(struct gss_ctx gss_ctx, struct xdr_buf text,
		125	struct xdr_netobj *token)
		126	{
		127	struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
		128
		129	switch (ctx->enctype) {
		130	default:
		131	BUG();
		132	case ENCTYPE_DES_CBC_RAW:
		133	return gss_get_mic_v1(ctx, text, token);
		134	}
		135	}
		136


diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index ce6c247edad0..069d4b59807a 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -70,11 +70,10 @@
70	/* read_token is a mic token, and message_buffer is the data that the mic was	70	/* read_token is a mic token, and message_buffer is the data that the mic was
71	* supposedly taken over. */	71	* supposedly taken over. */
72		72
73	u32	73	static u32
74	gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,	74	gss_verify_mic_v1(struct krb5_ctx *ctx,
75	struct xdr_buf message_buffer, struct xdr_netobj read_token)	75	struct xdr_buf message_buffer, struct xdr_netobj read_token)
76	{	76	{
77	struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
78	int signalg;	77	int signalg;
79	int sealalg;	78	int sealalg;
80	char cksumdata[16];	79	char cksumdata[16];
@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
135		134
136	return GSS_S_COMPLETE;	135	return GSS_S_COMPLETE;
137	}	136	}
		137
		138	u32
		139	gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
		140	struct xdr_buf *message_buffer,
		141	struct xdr_netobj *read_token)
		142	{
		143	struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
		144
		145	switch (ctx->enctype) {
		146	default:
		147	BUG();
		148	case ENCTYPE_DES_CBC_RAW:
		149	return gss_verify_mic_v1(ctx, message_buffer, read_token);
		150	}
		151	}
		152


diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index 5d6c3b12ea70..b45b59b17ae1 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
124		124
125	/* XXX factor out common code with seal/unseal. */	125	/* XXX factor out common code with seal/unseal. */
126		126
127	u32	127	static u32
128	gss_wrap_kerberos(struct gss_ctx *ctx, int offset,	128	gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
129	struct xdr_buf buf, struct page *pages)	129	struct xdr_buf buf, struct page *pages)
130	{	130	{
131	struct krb5_ctx *kctx = ctx->internal_ctx_id;
132	char cksumdata[16];	131	char cksumdata[16];
133	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};	132	struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
134	int blocksize = 0, plainlen;	133	int blocksize = 0, plainlen;
@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
203	return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;	202	return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
204	}	203	}
205		204
206	u32	205	static u32
207	gss_unwrap_kerberos(struct gss_ctx ctx, int offset, struct xdr_buf buf)	206	gss_unwrap_kerberos_v1(struct krb5_ctx kctx, int offset, struct xdr_buf buf)
208	{	207	{
209	struct krb5_ctx *kctx = ctx->internal_ctx_id;
210	int signalg;	208	int signalg;
211	int sealalg;	209	int sealalg;
212	char cksumdata[16];	210	char cksumdata[16];
@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx ctx, int offset, struct xdr_buf buf)
294		292
295	return GSS_S_COMPLETE;	293	return GSS_S_COMPLETE;
296	}	294	}
		295
		296	u32
		297	gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
		298	struct xdr_buf buf, struct page *pages)
		299	{
		300	struct krb5_ctx *kctx = gctx->internal_ctx_id;
		301
		302	switch (kctx->enctype) {
		303	default:
		304	BUG();
		305	case ENCTYPE_DES_CBC_RAW:
		306	return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
		307	}
		308	}
		309
		310	u32
		311	gss_unwrap_kerberos(struct gss_ctx gctx, int offset, struct xdr_buf buf)
		312	{
		313	struct krb5_ctx *kctx = gctx->internal_ctx_id;
		314
		315	switch (kctx->enctype) {
		316	default:
		317	BUG();
		318	case ENCTYPE_DES_CBC_RAW:
		319	return gss_unwrap_kerberos_v1(kctx, offset, buf);
		320	}
		321	}
		322