diff options
author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:02:50 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:16 -0400 |
commit | a8cc1cb7d7a12b0e2855832d10cfbfaffebfad6c (patch) | |
tree | 90a2816d677acfed392800ca032e4c23cabe2417 /net/sunrpc | |
parent | 1ac3719a2214c545c7e19d34e272a148ca9a24f1 (diff) |
gss_krb5: prepare for new context format
Prepare for new context format by splitting out the old "v1"
context processing function
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 0cd940e897ed..afe09108e1b0 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
@@ -123,53 +123,47 @@ out_err: | |||
123 | } | 123 | } |
124 | 124 | ||
125 | static int | 125 | static int |
126 | gss_import_sec_context_kerberos(const void *p, | 126 | gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx) |
127 | size_t len, | ||
128 | struct gss_ctx *ctx_id) | ||
129 | { | 127 | { |
130 | const void *end = (const void *)((const char *)p + len); | ||
131 | struct krb5_ctx *ctx; | ||
132 | int tmp; | 128 | int tmp; |
133 | 129 | ||
134 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) { | ||
135 | p = ERR_PTR(-ENOMEM); | ||
136 | goto out_err; | ||
137 | } | ||
138 | |||
139 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); | 130 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); |
140 | if (IS_ERR(p)) | 131 | if (IS_ERR(p)) |
141 | goto out_err_free_ctx; | 132 | goto out_err; |
133 | |||
134 | /* Old format supports only DES! Any other enctype uses new format */ | ||
142 | ctx->enctype = ENCTYPE_DES_CBC_RAW; | 135 | ctx->enctype = ENCTYPE_DES_CBC_RAW; |
136 | |||
143 | /* The downcall format was designed before we completely understood | 137 | /* The downcall format was designed before we completely understood |
144 | * the uses of the context fields; so it includes some stuff we | 138 | * the uses of the context fields; so it includes some stuff we |
145 | * just give some minimal sanity-checking, and some we ignore | 139 | * just give some minimal sanity-checking, and some we ignore |
146 | * completely (like the next twenty bytes): */ | 140 | * completely (like the next twenty bytes): */ |
147 | if (unlikely(p + 20 > end || p + 20 < p)) | 141 | if (unlikely(p + 20 > end || p + 20 < p)) |
148 | goto out_err_free_ctx; | 142 | goto out_err; |
149 | p += 20; | 143 | p += 20; |
150 | p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); | 144 | p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); |
151 | if (IS_ERR(p)) | 145 | if (IS_ERR(p)) |
152 | goto out_err_free_ctx; | 146 | goto out_err; |
153 | if (tmp != SGN_ALG_DES_MAC_MD5) { | 147 | if (tmp != SGN_ALG_DES_MAC_MD5) { |
154 | p = ERR_PTR(-ENOSYS); | 148 | p = ERR_PTR(-ENOSYS); |
155 | goto out_err_free_ctx; | 149 | goto out_err; |
156 | } | 150 | } |
157 | p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); | 151 | p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); |
158 | if (IS_ERR(p)) | 152 | if (IS_ERR(p)) |
159 | goto out_err_free_ctx; | 153 | goto out_err; |
160 | if (tmp != SEAL_ALG_DES) { | 154 | if (tmp != SEAL_ALG_DES) { |
161 | p = ERR_PTR(-ENOSYS); | 155 | p = ERR_PTR(-ENOSYS); |
162 | goto out_err_free_ctx; | 156 | goto out_err; |
163 | } | 157 | } |
164 | p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime)); | 158 | p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime)); |
165 | if (IS_ERR(p)) | 159 | if (IS_ERR(p)) |
166 | goto out_err_free_ctx; | 160 | goto out_err; |
167 | p = simple_get_bytes(p, end, &ctx->seq_send, sizeof(ctx->seq_send)); | 161 | p = simple_get_bytes(p, end, &ctx->seq_send, sizeof(ctx->seq_send)); |
168 | if (IS_ERR(p)) | 162 | if (IS_ERR(p)) |
169 | goto out_err_free_ctx; | 163 | goto out_err; |
170 | p = simple_get_netobj(p, end, &ctx->mech_used); | 164 | p = simple_get_netobj(p, end, &ctx->mech_used); |
171 | if (IS_ERR(p)) | 165 | if (IS_ERR(p)) |
172 | goto out_err_free_ctx; | 166 | goto out_err; |
173 | p = get_key(p, end, &ctx->enc); | 167 | p = get_key(p, end, &ctx->enc); |
174 | if (IS_ERR(p)) | 168 | if (IS_ERR(p)) |
175 | goto out_err_free_mech; | 169 | goto out_err_free_mech; |
@@ -181,9 +175,6 @@ gss_import_sec_context_kerberos(const void *p, | |||
181 | goto out_err_free_key2; | 175 | goto out_err_free_key2; |
182 | } | 176 | } |
183 | 177 | ||
184 | ctx_id->internal_ctx_id = ctx; | ||
185 | |||
186 | dprintk("RPC: Successfully imported new context.\n"); | ||
187 | return 0; | 178 | return 0; |
188 | 179 | ||
189 | out_err_free_key2: | 180 | out_err_free_key2: |
@@ -192,12 +183,36 @@ out_err_free_key1: | |||
192 | crypto_free_blkcipher(ctx->enc); | 183 | crypto_free_blkcipher(ctx->enc); |
193 | out_err_free_mech: | 184 | out_err_free_mech: |
194 | kfree(ctx->mech_used.data); | 185 | kfree(ctx->mech_used.data); |
195 | out_err_free_ctx: | ||
196 | kfree(ctx); | ||
197 | out_err: | 186 | out_err: |
198 | return PTR_ERR(p); | 187 | return PTR_ERR(p); |
199 | } | 188 | } |
200 | 189 | ||
190 | static int | ||
191 | gss_import_sec_context_kerberos(const void *p, size_t len, | ||
192 | struct gss_ctx *ctx_id) | ||
193 | { | ||
194 | const void *end = (const void *)((const char *)p + len); | ||
195 | struct krb5_ctx *ctx; | ||
196 | int ret; | ||
197 | |||
198 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | ||
199 | if (ctx == NULL) | ||
200 | return -ENOMEM; | ||
201 | |||
202 | if (len == 85) | ||
203 | ret = gss_import_v1_context(p, end, ctx); | ||
204 | else | ||
205 | ret = -EINVAL; | ||
206 | |||
207 | if (ret == 0) | ||
208 | ctx_id->internal_ctx_id = ctx; | ||
209 | else | ||
210 | kfree(ctx); | ||
211 | |||
212 | dprintk("RPC: %s: returning %d\n", __func__, ret); | ||
213 | return ret; | ||
214 | } | ||
215 | |||
201 | static void | 216 | static void |
202 | gss_delete_sec_context_kerberos(void *internal_ctx) { | 217 | gss_delete_sec_context_kerberos(void *internal_ctx) { |
203 | struct krb5_ctx *kctx = internal_ctx; | 218 | struct krb5_ctx *kctx = internal_ctx; |