SUNRPC,RPCSEC_GSS: fix krb5 sequence numbers.

Use a spinlock to ensure unique sequence numbers when creating krb5 gss tokens. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: J. Bruce Fields <bfields@fieldses.org> 2006-03-20 23:24:04 -0500
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2006-03-20 23:24:04 -0500
commit: eaa82edf20d738a7ae31f4b0a5f72f64c14a58df (patch)
tree: 57c3244912dc5d15ca7a738ba7358bbd2616b1d9 /net
parent: 096455a22acac06fb6d0d75f276170ab72d55ba6 (diff)
2 files changed, 14 insertions, 6 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 58f9721980e2..f43311221a72 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -70,6 +70,8 @@
 # define RPCDBG_FACILITY        RPCDBG_AUTH
 #endif
+spinlock_t krb5_seq_lock = SPIN_LOCK_UNLOCKED;
 u32
 gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
                struct xdr_netobj *token)
@@ -80,6 +82,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        unsigned char           *ptr, *krb5_hdr, *msg_start;
        s32                     now;
+        u32                     seq_send;
        dprintk("RPC:     gss_krb5_seal\n");
@@ -134,12 +137,14 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
                BUG();
        }
+        spin_lock(&krb5_seq_lock);
+        seq_send = ctx->seq_send++;
+        spin_unlock(&krb5_seq_lock);
        if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
-                               ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8)))
+                               seq_send, krb5_hdr + 16, krb5_hdr + 8)))
                goto out_err;
-        ctx->seq_send++;
        return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
 out_err:
        return GSS_S_FAILURE;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 346133e446cb..89d1f3e14128 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -128,6 +128,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        s32                     now;
        int                     headlen;
        struct page             **tmp_pages;
+        u32                     seq_send;
        dprintk("RPC:     gss_wrap_kerberos\n");
@@ -206,18 +207,20 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
                BUG();
        }
+        spin_lock(&krb5_seq_lock);
+        seq_send = kctx->seq_send++;
+        spin_unlock(&krb5_seq_lock);
        /* XXX would probably be more efficient to compute checksum
         * and encrypt at the same time: */
        if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
-                               kctx->seq_send, krb5_hdr + 16, krb5_hdr + 8)))
+                               seq_send, krb5_hdr + 16, krb5_hdr + 8)))
                goto out_err;
        if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize,
                                                                        pages))
                goto out_err;
-        kctx->seq_send++;
        return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
 out_err:
        return GSS_S_FAILURE;
author	J. Bruce Fields <bfields@fieldses.org>	2006-03-20 23:24:04 -0500
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2006-03-20 23:24:04 -0500
commit	eaa82edf20d738a7ae31f4b0a5f72f64c14a58df (patch)
tree	57c3244912dc5d15ca7a738ba7358bbd2616b1d9 /net
parent	096455a22acac06fb6d0d75f276170ab72d55ba6 (diff)