aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorKevin Coffman <kwc@citi.umich.edu>2010-03-17 13:02:50 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2010-05-14 15:09:16 -0400
commita8cc1cb7d7a12b0e2855832d10cfbfaffebfad6c (patch)
tree90a2816d677acfed392800ca032e4c23cabe2417 /net
parent1ac3719a2214c545c7e19d34e272a148ca9a24f1 (diff)
gss_krb5: prepare for new context format
Prepare for new context format by splitting out the old "v1" context processing function Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c63
1 files changed, 39 insertions, 24 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 0cd940e897ed..afe09108e1b0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -123,53 +123,47 @@ out_err:
123} 123}
124 124
125static int 125static int
126gss_import_sec_context_kerberos(const void *p, 126gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
127 size_t len,
128 struct gss_ctx *ctx_id)
129{ 127{
130 const void *end = (const void *)((const char *)p + len);
131 struct krb5_ctx *ctx;
132 int tmp; 128 int tmp;
133 129
134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) {
135 p = ERR_PTR(-ENOMEM);
136 goto out_err;
137 }
138
139 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); 130 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
140 if (IS_ERR(p)) 131 if (IS_ERR(p))
141 goto out_err_free_ctx; 132 goto out_err;
133
134 /* Old format supports only DES! Any other enctype uses new format */
142 ctx->enctype = ENCTYPE_DES_CBC_RAW; 135 ctx->enctype = ENCTYPE_DES_CBC_RAW;
136
143 /* The downcall format was designed before we completely understood 137 /* The downcall format was designed before we completely understood
144 * the uses of the context fields; so it includes some stuff we 138 * the uses of the context fields; so it includes some stuff we
145 * just give some minimal sanity-checking, and some we ignore 139 * just give some minimal sanity-checking, and some we ignore
146 * completely (like the next twenty bytes): */ 140 * completely (like the next twenty bytes): */
147 if (unlikely(p + 20 > end || p + 20 < p)) 141 if (unlikely(p + 20 > end || p + 20 < p))
148 goto out_err_free_ctx; 142 goto out_err;
149 p += 20; 143 p += 20;
150 p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); 144 p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
151 if (IS_ERR(p)) 145 if (IS_ERR(p))
152 goto out_err_free_ctx; 146 goto out_err;
153 if (tmp != SGN_ALG_DES_MAC_MD5) { 147 if (tmp != SGN_ALG_DES_MAC_MD5) {
154 p = ERR_PTR(-ENOSYS); 148 p = ERR_PTR(-ENOSYS);
155 goto out_err_free_ctx; 149 goto out_err;
156 } 150 }
157 p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); 151 p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
158 if (IS_ERR(p)) 152 if (IS_ERR(p))
159 goto out_err_free_ctx; 153 goto out_err;
160 if (tmp != SEAL_ALG_DES) { 154 if (tmp != SEAL_ALG_DES) {
161 p = ERR_PTR(-ENOSYS); 155 p = ERR_PTR(-ENOSYS);
162 goto out_err_free_ctx; 156 goto out_err;
163 } 157 }
164 p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime)); 158 p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
165 if (IS_ERR(p)) 159 if (IS_ERR(p))
166 goto out_err_free_ctx; 160 goto out_err;
167 p = simple_get_bytes(p, end, &ctx->seq_send, sizeof(ctx->seq_send)); 161 p = simple_get_bytes(p, end, &ctx->seq_send, sizeof(ctx->seq_send));
168 if (IS_ERR(p)) 162 if (IS_ERR(p))
169 goto out_err_free_ctx; 163 goto out_err;
170 p = simple_get_netobj(p, end, &ctx->mech_used); 164 p = simple_get_netobj(p, end, &ctx->mech_used);
171 if (IS_ERR(p)) 165 if (IS_ERR(p))
172 goto out_err_free_ctx; 166 goto out_err;
173 p = get_key(p, end, &ctx->enc); 167 p = get_key(p, end, &ctx->enc);
174 if (IS_ERR(p)) 168 if (IS_ERR(p))
175 goto out_err_free_mech; 169 goto out_err_free_mech;
@@ -181,9 +175,6 @@ gss_import_sec_context_kerberos(const void *p,
181 goto out_err_free_key2; 175 goto out_err_free_key2;
182 } 176 }
183 177
184 ctx_id->internal_ctx_id = ctx;
185
186 dprintk("RPC: Successfully imported new context.\n");
187 return 0; 178 return 0;
188 179
189out_err_free_key2: 180out_err_free_key2:
@@ -192,12 +183,36 @@ out_err_free_key1:
192 crypto_free_blkcipher(ctx->enc); 183 crypto_free_blkcipher(ctx->enc);
193out_err_free_mech: 184out_err_free_mech:
194 kfree(ctx->mech_used.data); 185 kfree(ctx->mech_used.data);
195out_err_free_ctx:
196 kfree(ctx);
197out_err: 186out_err:
198 return PTR_ERR(p); 187 return PTR_ERR(p);
199} 188}
200 189
190static int
191gss_import_sec_context_kerberos(const void *p, size_t len,
192 struct gss_ctx *ctx_id)
193{
194 const void *end = (const void *)((const char *)p + len);
195 struct krb5_ctx *ctx;
196 int ret;
197
198 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
199 if (ctx == NULL)
200 return -ENOMEM;
201
202 if (len == 85)
203 ret = gss_import_v1_context(p, end, ctx);
204 else
205 ret = -EINVAL;
206
207 if (ret == 0)
208 ctx_id->internal_ctx_id = ctx;
209 else
210 kfree(ctx);
211
212 dprintk("RPC: %s: returning %d\n", __func__, ret);
213 return ret;
214}
215
201static void 216static void
202gss_delete_sec_context_kerberos(void *internal_ctx) { 217gss_delete_sec_context_kerberos(void *internal_ctx) {
203 struct krb5_ctx *kctx = internal_ctx; 218 struct krb5_ctx *kctx = internal_ctx;