aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@fieldses.org>2005-10-13 16:55:18 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2005-10-19 02:19:47 -0400
commit00fd6e14255fe7a249315746386d640bc4e9e758 (patch)
tree36d8fad57404c5ea96cdb6e5579f4241e2cd8188 /net/sunrpc
parent14ae162c24d985593d5b19437d7f3d8fd0062b59 (diff)
RPCSEC_GSS remove all qop parameters
Not only are the qop parameters that are passed around throughout the gssapi unused by any currently implemented mechanism, but there appears to be some doubt as to whether they will ever be used. Let's just kill them off for now. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c20
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c12
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c11
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c14
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_mech.c21
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_seal.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_unseal.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c9
10 files changed, 33 insertions, 70 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5e4872058ec7..f44f46f1d8e0 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -854,9 +854,7 @@ gss_marshal(struct rpc_task *task, u32 *p)
854 *p++ = htonl(RPC_AUTH_GSS); 854 *p++ = htonl(RPC_AUTH_GSS);
855 855
856 mic.data = (u8 *)(p + 1); 856 mic.data = (u8 *)(p + 1);
857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
858 GSS_C_QOP_DEFAULT,
859 &verf_buf, &mic);
860 if (maj_stat == GSS_S_CONTEXT_EXPIRED) { 858 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
861 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 859 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
862 } else if (maj_stat != 0) { 860 } else if (maj_stat != 0) {
@@ -888,7 +886,7 @@ gss_validate(struct rpc_task *task, u32 *p)
888{ 886{
889 struct rpc_cred *cred = task->tk_msg.rpc_cred; 887 struct rpc_cred *cred = task->tk_msg.rpc_cred;
890 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); 888 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
891 u32 seq, qop_state; 889 u32 seq;
892 struct kvec iov; 890 struct kvec iov;
893 struct xdr_buf verf_buf; 891 struct xdr_buf verf_buf;
894 struct xdr_netobj mic; 892 struct xdr_netobj mic;
@@ -909,7 +907,7 @@ gss_validate(struct rpc_task *task, u32 *p)
909 mic.data = (u8 *)p; 907 mic.data = (u8 *)p;
910 mic.len = len; 908 mic.len = len;
911 909
912 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic, &qop_state); 910 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
913 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 911 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
914 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 912 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
915 if (maj_stat) 913 if (maj_stat)
@@ -961,8 +959,7 @@ gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
961 p = iov->iov_base + iov->iov_len; 959 p = iov->iov_base + iov->iov_len;
962 mic.data = (u8 *)(p + 1); 960 mic.data = (u8 *)(p + 1);
963 961
964 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 962 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
965 GSS_C_QOP_DEFAULT, &integ_buf, &mic);
966 status = -EIO; /* XXX? */ 963 status = -EIO; /* XXX? */
967 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 964 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
968 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 965 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
@@ -1057,8 +1054,7 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1057 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); 1054 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1058 snd_buf->tail[0].iov_base = tmp; 1055 snd_buf->tail[0].iov_base = tmp;
1059 } 1056 }
1060 maj_stat = gss_wrap(ctx->gc_gss_ctx, GSS_C_QOP_DEFAULT, offset, 1057 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1061 snd_buf, inpages);
1062 /* RPC_SLACK_SPACE should prevent this ever happening: */ 1058 /* RPC_SLACK_SPACE should prevent this ever happening: */
1063 BUG_ON(snd_buf->len > snd_buf->buflen); 1059 BUG_ON(snd_buf->len > snd_buf->buflen);
1064 status = -EIO; 1060 status = -EIO;
@@ -1150,8 +1146,7 @@ gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1150 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) 1146 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1151 return status; 1147 return status;
1152 1148
1153 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, 1149 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1154 &mic, NULL);
1155 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1150 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1156 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1151 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1157 if (maj_stat != GSS_S_COMPLETE) 1152 if (maj_stat != GSS_S_COMPLETE)
@@ -1176,8 +1171,7 @@ gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1176 /* remove padding: */ 1171 /* remove padding: */
1177 rcv_buf->len = offset + opaque_len; 1172 rcv_buf->len = offset + opaque_len;
1178 1173
1179 maj_stat = gss_unwrap(ctx->gc_gss_ctx, NULL, 1174 maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1180 offset, rcv_buf);
1181 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1175 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1182 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1176 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1183 if (maj_stat != GSS_S_COMPLETE) 1177 if (maj_stat != GSS_S_COMPLETE)
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 37a9ad97ccd4..9ffac2c50b94 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -193,15 +193,12 @@ gss_delete_sec_context_kerberos(void *internal_ctx) {
193static u32 193static u32
194gss_verify_mic_kerberos(struct gss_ctx *ctx, 194gss_verify_mic_kerberos(struct gss_ctx *ctx,
195 struct xdr_buf *message, 195 struct xdr_buf *message,
196 struct xdr_netobj *mic_token, 196 struct xdr_netobj *mic_token)
197 u32 *qstate) { 197{
198 u32 maj_stat = 0; 198 u32 maj_stat = 0;
199 int qop_state;
200 struct krb5_ctx *kctx = ctx->internal_ctx_id; 199 struct krb5_ctx *kctx = ctx->internal_ctx_id;
201 200
202 maj_stat = krb5_read_token(kctx, mic_token, message, &qop_state); 201 maj_stat = krb5_read_token(kctx, mic_token, message);
203 if (!maj_stat && qop_state)
204 *qstate = qop_state;
205 202
206 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat); 203 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat);
207 return maj_stat; 204 return maj_stat;
@@ -209,13 +206,12 @@ gss_verify_mic_kerberos(struct gss_ctx *ctx,
209 206
210static u32 207static u32
211gss_get_mic_kerberos(struct gss_ctx *ctx, 208gss_get_mic_kerberos(struct gss_ctx *ctx,
212 u32 qop,
213 struct xdr_buf *message, 209 struct xdr_buf *message,
214 struct xdr_netobj *mic_token) { 210 struct xdr_netobj *mic_token) {
215 u32 err = 0; 211 u32 err = 0;
216 struct krb5_ctx *kctx = ctx->internal_ctx_id; 212 struct krb5_ctx *kctx = ctx->internal_ctx_id;
217 213
218 err = krb5_make_token(kctx, qop, message, mic_token); 214 err = krb5_make_token(kctx, message, mic_token);
219 215
220 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err); 216 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err);
221 217
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index fb852d9ab06f..15227c727c8b 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -71,7 +71,7 @@
71#endif 71#endif
72 72
73u32 73u32
74krb5_make_token(struct krb5_ctx *ctx, int qop_req, 74krb5_make_token(struct krb5_ctx *ctx,
75 struct xdr_buf *text, struct xdr_netobj *token) 75 struct xdr_buf *text, struct xdr_netobj *token)
76{ 76{
77 s32 checksum_type; 77 s32 checksum_type;
@@ -83,9 +83,6 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
83 83
84 now = get_seconds(); 84 now = get_seconds();
85 85
86 if (qop_req != 0)
87 goto out_err;
88
89 switch (ctx->signalg) { 86 switch (ctx->signalg) {
90 case SGN_ALG_DES_MAC_MD5: 87 case SGN_ALG_DES_MAC_MD5:
91 checksum_type = CKSUMTYPE_RSA_MD5; 88 checksum_type = CKSUMTYPE_RSA_MD5;
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index c3d6d1bc100c..bcf978627a71 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -74,7 +74,7 @@
74u32 74u32
75krb5_read_token(struct krb5_ctx *ctx, 75krb5_read_token(struct krb5_ctx *ctx,
76 struct xdr_netobj *read_token, 76 struct xdr_netobj *read_token,
77 struct xdr_buf *message_buffer, int *qop_state) 77 struct xdr_buf *message_buffer)
78{ 78{
79 int signalg; 79 int signalg;
80 int sealalg; 80 int sealalg;
@@ -157,9 +157,6 @@ krb5_read_token(struct krb5_ctx *ctx,
157 157
158 /* it got through unscathed. Make sure the context is unexpired */ 158 /* it got through unscathed. Make sure the context is unexpired */
159 159
160 if (qop_state)
161 *qop_state = GSS_C_QOP_DEFAULT;
162
163 now = get_seconds(); 160 now = get_seconds();
164 161
165 ret = GSS_S_CONTEXT_EXPIRED; 162 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index ddcde6e42b23..af777cf9f251 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -116,7 +116,7 @@ make_confounder(char *p, int blocksize)
116/* XXX factor out common code with seal/unseal. */ 116/* XXX factor out common code with seal/unseal. */
117 117
118u32 118u32
119gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, 119gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
120 struct xdr_buf *buf, struct page **pages) 120 struct xdr_buf *buf, struct page **pages)
121{ 121{
122 struct krb5_ctx *kctx = ctx->internal_ctx_id; 122 struct krb5_ctx *kctx = ctx->internal_ctx_id;
@@ -132,9 +132,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset,
132 132
133 now = get_seconds(); 133 now = get_seconds();
134 134
135 if (qop != 0)
136 goto out_err;
137
138 switch (kctx->signalg) { 135 switch (kctx->signalg) {
139 case SGN_ALG_DES_MAC_MD5: 136 case SGN_ALG_DES_MAC_MD5:
140 checksum_type = CKSUMTYPE_RSA_MD5; 137 checksum_type = CKSUMTYPE_RSA_MD5;
@@ -229,8 +226,7 @@ out_err:
229} 226}
230 227
231u32 228u32
232gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, 229gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
233 struct xdr_buf *buf)
234{ 230{
235 struct krb5_ctx *kctx = ctx->internal_ctx_id; 231 struct krb5_ctx *kctx = ctx->internal_ctx_id;
236 int signalg; 232 int signalg;
@@ -328,9 +324,6 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset,
328 324
329 /* it got through unscathed. Make sure the context is unexpired */ 325 /* it got through unscathed. Make sure the context is unexpired */
330 326
331 if (qop)
332 *qop = GSS_C_QOP_DEFAULT;
333
334 now = get_seconds(); 327 now = get_seconds();
335 328
336 ret = GSS_S_CONTEXT_EXPIRED; 329 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 06d97cb3481a..b048bf672da2 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -250,13 +250,11 @@ gss_import_sec_context(const void *input_token, size_t bufsize,
250 250
251u32 251u32
252gss_get_mic(struct gss_ctx *context_handle, 252gss_get_mic(struct gss_ctx *context_handle,
253 u32 qop,
254 struct xdr_buf *message, 253 struct xdr_buf *message,
255 struct xdr_netobj *mic_token) 254 struct xdr_netobj *mic_token)
256{ 255{
257 return context_handle->mech_type->gm_ops 256 return context_handle->mech_type->gm_ops
258 ->gss_get_mic(context_handle, 257 ->gss_get_mic(context_handle,
259 qop,
260 message, 258 message,
261 mic_token); 259 mic_token);
262} 260}
@@ -266,35 +264,31 @@ gss_get_mic(struct gss_ctx *context_handle,
266u32 264u32
267gss_verify_mic(struct gss_ctx *context_handle, 265gss_verify_mic(struct gss_ctx *context_handle,
268 struct xdr_buf *message, 266 struct xdr_buf *message,
269 struct xdr_netobj *mic_token, 267 struct xdr_netobj *mic_token)
270 u32 *qstate)
271{ 268{
272 return context_handle->mech_type->gm_ops 269 return context_handle->mech_type->gm_ops
273 ->gss_verify_mic(context_handle, 270 ->gss_verify_mic(context_handle,
274 message, 271 message,
275 mic_token, 272 mic_token);
276 qstate);
277} 273}
278 274
279u32 275u32
280gss_wrap(struct gss_ctx *ctx_id, 276gss_wrap(struct gss_ctx *ctx_id,
281 u32 qop,
282 int offset, 277 int offset,
283 struct xdr_buf *buf, 278 struct xdr_buf *buf,
284 struct page **inpages) 279 struct page **inpages)
285{ 280{
286 return ctx_id->mech_type->gm_ops 281 return ctx_id->mech_type->gm_ops
287 ->gss_wrap(ctx_id, qop, offset, buf, inpages); 282 ->gss_wrap(ctx_id, offset, buf, inpages);
288} 283}
289 284
290u32 285u32
291gss_unwrap(struct gss_ctx *ctx_id, 286gss_unwrap(struct gss_ctx *ctx_id,
292 u32 *qop,
293 int offset, 287 int offset,
294 struct xdr_buf *buf) 288 struct xdr_buf *buf)
295{ 289{
296 return ctx_id->mech_type->gm_ops 290 return ctx_id->mech_type->gm_ops
297 ->gss_unwrap(ctx_id, qop, offset, buf); 291 ->gss_unwrap(ctx_id, offset, buf);
298} 292}
299 293
300 294
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 6c97d61baa9b..39b3edc14694 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -224,18 +224,13 @@ gss_delete_sec_context_spkm3(void *internal_ctx) {
224static u32 224static u32
225gss_verify_mic_spkm3(struct gss_ctx *ctx, 225gss_verify_mic_spkm3(struct gss_ctx *ctx,
226 struct xdr_buf *signbuf, 226 struct xdr_buf *signbuf,
227 struct xdr_netobj *checksum, 227 struct xdr_netobj *checksum)
228 u32 *qstate) { 228{
229 u32 maj_stat = 0; 229 u32 maj_stat = 0;
230 int qop_state = 0;
231 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 230 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
232 231
233 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); 232 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n");
234 maj_stat = spkm3_read_token(sctx, checksum, signbuf, &qop_state, 233 maj_stat = spkm3_read_token(sctx, checksum, signbuf, SPKM_MIC_TOK);
235 SPKM_MIC_TOK);
236
237 if (!maj_stat && qop_state)
238 *qstate = qop_state;
239 234
240 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); 235 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat);
241 return maj_stat; 236 return maj_stat;
@@ -243,15 +238,15 @@ gss_verify_mic_spkm3(struct gss_ctx *ctx,
243 238
244static u32 239static u32
245gss_get_mic_spkm3(struct gss_ctx *ctx, 240gss_get_mic_spkm3(struct gss_ctx *ctx,
246 u32 qop,
247 struct xdr_buf *message_buffer, 241 struct xdr_buf *message_buffer,
248 struct xdr_netobj *message_token) { 242 struct xdr_netobj *message_token)
243{
249 u32 err = 0; 244 u32 err = 0;
250 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 245 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
251 246
252 dprintk("RPC: gss_get_mic_spkm3\n"); 247 dprintk("RPC: gss_get_mic_spkm3\n");
253 248
254 err = spkm3_make_token(sctx, qop, message_buffer, 249 err = spkm3_make_token(sctx, message_buffer,
255 message_token, SPKM_MIC_TOK); 250 message_token, SPKM_MIC_TOK);
256 return err; 251 return err;
257} 252}
@@ -264,8 +259,8 @@ static struct gss_api_ops gss_spkm3_ops = {
264}; 259};
265 260
266static struct pf_desc gss_spkm3_pfs[] = { 261static struct pf_desc gss_spkm3_pfs[] = {
267 {RPC_AUTH_GSS_SPKM, 0, RPC_GSS_SVC_NONE, "spkm3"}, 262 {RPC_AUTH_GSS_SPKM, RPC_GSS_SVC_NONE, "spkm3"},
268 {RPC_AUTH_GSS_SPKMI, 0, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, 263 {RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, "spkm3i"},
269}; 264};
270 265
271static struct gss_api_mech gss_spkm3_mech = { 266static struct gss_api_mech gss_spkm3_mech = {
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index 25339868d462..148201e929d0 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -51,7 +51,7 @@
51 */ 51 */
52 52
53u32 53u32
54spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, 54spkm3_make_token(struct spkm3_ctx *ctx,
55 struct xdr_buf * text, struct xdr_netobj * token, 55 struct xdr_buf * text, struct xdr_netobj * token,
56 int toktype) 56 int toktype)
57{ 57{
@@ -68,8 +68,6 @@ spkm3_make_token(struct spkm3_ctx *ctx, int qop_req,
68 dprintk("RPC: spkm3_make_token\n"); 68 dprintk("RPC: spkm3_make_token\n");
69 69
70 now = jiffies; 70 now = jiffies;
71 if (qop_req != 0)
72 goto out_err;
73 71
74 if (ctx->ctx_id.len != 16) { 72 if (ctx->ctx_id.len != 16) {
75 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n", 73 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n",
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
index 65ce81bf0bc4..c3c0d9586103 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
@@ -52,7 +52,7 @@ u32
52spkm3_read_token(struct spkm3_ctx *ctx, 52spkm3_read_token(struct spkm3_ctx *ctx,
53 struct xdr_netobj *read_token, /* checksum */ 53 struct xdr_netobj *read_token, /* checksum */
54 struct xdr_buf *message_buffer, /* signbuf */ 54 struct xdr_buf *message_buffer, /* signbuf */
55 int *qop_state, int toktype) 55 int toktype)
56{ 56{
57 s32 code; 57 s32 code;
58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; 58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL};
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index e3308195374e..e4ada15ed856 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -566,8 +566,7 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
566 566
567 if (rqstp->rq_deferred) /* skip verification of revisited request */ 567 if (rqstp->rq_deferred) /* skip verification of revisited request */
568 return SVC_OK; 568 return SVC_OK;
569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum, NULL) 569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) {
570 != GSS_S_COMPLETE) {
571 *authp = rpcsec_gsserr_credproblem; 570 *authp = rpcsec_gsserr_credproblem;
572 return SVC_DENIED; 571 return SVC_DENIED;
573 } 572 }
@@ -604,7 +603,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
604 xdr_buf_from_iov(&iov, &verf_data); 603 xdr_buf_from_iov(&iov, &verf_data);
605 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; 604 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
606 mic.data = (u8 *)(p + 1); 605 mic.data = (u8 *)(p + 1);
607 maj_stat = gss_get_mic(ctx_id, 0, &verf_data, &mic); 606 maj_stat = gss_get_mic(ctx_id, &verf_data, &mic);
608 if (maj_stat != GSS_S_COMPLETE) 607 if (maj_stat != GSS_S_COMPLETE)
609 return -1; 608 return -1;
610 *p++ = htonl(mic.len); 609 *p++ = htonl(mic.len);
@@ -710,7 +709,7 @@ unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
710 goto out; 709 goto out;
711 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) 710 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
712 goto out; 711 goto out;
713 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic, NULL); 712 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
714 if (maj_stat != GSS_S_COMPLETE) 713 if (maj_stat != GSS_S_COMPLETE)
715 goto out; 714 goto out;
716 if (ntohl(svc_getu32(&buf->head[0])) != seq) 715 if (ntohl(svc_getu32(&buf->head[0])) != seq)
@@ -1012,7 +1011,7 @@ svcauth_gss_release(struct svc_rqst *rqstp)
1012 resv = &resbuf->tail[0]; 1011 resv = &resbuf->tail[0];
1013 } 1012 }
1014 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; 1013 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4;
1015 if (gss_get_mic(gsd->rsci->mechctx, 0, &integ_buf, &mic)) 1014 if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic))
1016 goto out_err; 1015 goto out_err;
1017 svc_putu32(resv, htonl(mic.len)); 1016 svc_putu32(resv, htonl(mic.len));
1018 memset(mic.data + mic.len, 0, 1017 memset(mic.data + mic.len, 0,