aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/sunrpc/gss_api.h13
-rw-r--r--include/linux/sunrpc/gss_err.h10
-rw-r--r--include/linux/sunrpc/gss_krb5.h8
-rw-r--r--include/linux/sunrpc/gss_spkm3.h4
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c20
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c12
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c11
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c14
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_mech.c21
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_seal.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_unseal.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c9
14 files changed, 41 insertions, 97 deletions
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index e896752ffbf9..9b8bcf125c18 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -40,23 +40,19 @@ int gss_import_sec_context(
40 struct gss_ctx **ctx_id); 40 struct gss_ctx **ctx_id);
41u32 gss_get_mic( 41u32 gss_get_mic(
42 struct gss_ctx *ctx_id, 42 struct gss_ctx *ctx_id,
43 u32 qop,
44 struct xdr_buf *message, 43 struct xdr_buf *message,
45 struct xdr_netobj *mic_token); 44 struct xdr_netobj *mic_token);
46u32 gss_verify_mic( 45u32 gss_verify_mic(
47 struct gss_ctx *ctx_id, 46 struct gss_ctx *ctx_id,
48 struct xdr_buf *message, 47 struct xdr_buf *message,
49 struct xdr_netobj *mic_token, 48 struct xdr_netobj *mic_token);
50 u32 *qstate);
51u32 gss_wrap( 49u32 gss_wrap(
52 struct gss_ctx *ctx_id, 50 struct gss_ctx *ctx_id,
53 u32 qop,
54 int offset, 51 int offset,
55 struct xdr_buf *outbuf, 52 struct xdr_buf *outbuf,
56 struct page **inpages); 53 struct page **inpages);
57u32 gss_unwrap( 54u32 gss_unwrap(
58 struct gss_ctx *ctx_id, 55 struct gss_ctx *ctx_id,
59 u32 *qop,
60 int offset, 56 int offset,
61 struct xdr_buf *inbuf); 57 struct xdr_buf *inbuf);
62u32 gss_delete_sec_context( 58u32 gss_delete_sec_context(
@@ -67,7 +63,6 @@ char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
67 63
68struct pf_desc { 64struct pf_desc {
69 u32 pseudoflavor; 65 u32 pseudoflavor;
70 u32 qop;
71 u32 service; 66 u32 service;
72 char *name; 67 char *name;
73 char *auth_domain_name; 68 char *auth_domain_name;
@@ -96,23 +91,19 @@ struct gss_api_ops {
96 struct gss_ctx *ctx_id); 91 struct gss_ctx *ctx_id);
97 u32 (*gss_get_mic)( 92 u32 (*gss_get_mic)(
98 struct gss_ctx *ctx_id, 93 struct gss_ctx *ctx_id,
99 u32 qop,
100 struct xdr_buf *message, 94 struct xdr_buf *message,
101 struct xdr_netobj *mic_token); 95 struct xdr_netobj *mic_token);
102 u32 (*gss_verify_mic)( 96 u32 (*gss_verify_mic)(
103 struct gss_ctx *ctx_id, 97 struct gss_ctx *ctx_id,
104 struct xdr_buf *message, 98 struct xdr_buf *message,
105 struct xdr_netobj *mic_token, 99 struct xdr_netobj *mic_token);
106 u32 *qstate);
107 u32 (*gss_wrap)( 100 u32 (*gss_wrap)(
108 struct gss_ctx *ctx_id, 101 struct gss_ctx *ctx_id,
109 u32 qop,
110 int offset, 102 int offset,
111 struct xdr_buf *outbuf, 103 struct xdr_buf *outbuf,
112 struct page **inpages); 104 struct page **inpages);
113 u32 (*gss_unwrap)( 105 u32 (*gss_unwrap)(
114 struct gss_ctx *ctx_id, 106 struct gss_ctx *ctx_id,
115 u32 *qop,
116 int offset, 107 int offset,
117 struct xdr_buf *buf); 108 struct xdr_buf *buf);
118 void (*gss_delete_sec_context)( 109 void (*gss_delete_sec_context)(
diff --git a/include/linux/sunrpc/gss_err.h b/include/linux/sunrpc/gss_err.h
index 92608a2e574c..a6807867bd21 100644
--- a/include/linux/sunrpc/gss_err.h
+++ b/include/linux/sunrpc/gss_err.h
@@ -66,16 +66,6 @@ typedef unsigned int OM_uint32;
66 66
67 67
68/* 68/*
69 * Define the default Quality of Protection for per-message services. Note
70 * that an implementation that offers multiple levels of QOP may either reserve
71 * a value (for example zero, as assumed here) to mean "default protection", or
72 * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit
73 * QOP value. However a value of 0 should always be interpreted by a GSSAPI
74 * implementation as a request for the default protection level.
75 */
76#define GSS_C_QOP_DEFAULT 0
77
78/*
79 * Expiration time of 2^32-1 seconds means infinite lifetime for a 69 * Expiration time of 2^32-1 seconds means infinite lifetime for a
80 * credential or security context 70 * credential or security context
81 */ 71 */
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 7f93c2d5ebdb..a7bda4edb853 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -119,21 +119,21 @@ make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
119 int body_offset, struct xdr_netobj *cksum); 119 int body_offset, struct xdr_netobj *cksum);
120 120
121u32 121u32
122krb5_make_token(struct krb5_ctx *context_handle, int qop_req, 122krb5_make_token(struct krb5_ctx *context_handle,
123 struct xdr_buf *input_message_buffer, 123 struct xdr_buf *input_message_buffer,
124 struct xdr_netobj *output_message_buffer); 124 struct xdr_netobj *output_message_buffer);
125 125
126u32 126u32
127krb5_read_token(struct krb5_ctx *context_handle, 127krb5_read_token(struct krb5_ctx *context_handle,
128 struct xdr_netobj *input_token_buffer, 128 struct xdr_netobj *input_token_buffer,
129 struct xdr_buf *message_buffer, int *qop_state); 129 struct xdr_buf *message_buffer);
130 130
131u32 131u32
132gss_wrap_kerberos(struct gss_ctx *ctx_id, u32 qop, int offset, 132gss_wrap_kerberos(struct gss_ctx *ctx_id, int offset,
133 struct xdr_buf *outbuf, struct page **pages); 133 struct xdr_buf *outbuf, struct page **pages);
134 134
135u32 135u32
136gss_unwrap_kerberos(struct gss_ctx *ctx_id, u32 *qop, int offset, 136gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset,
137 struct xdr_buf *buf); 137 struct xdr_buf *buf);
138 138
139 139
diff --git a/include/linux/sunrpc/gss_spkm3.h b/include/linux/sunrpc/gss_spkm3.h
index b5c9968c3c17..0beb2cf00a84 100644
--- a/include/linux/sunrpc/gss_spkm3.h
+++ b/include/linux/sunrpc/gss_spkm3.h
@@ -41,9 +41,9 @@ struct spkm3_ctx {
41#define SPKM_WRAP_TOK 5 41#define SPKM_WRAP_TOK 5
42#define SPKM_DEL_TOK 6 42#define SPKM_DEL_TOK 6
43 43
44u32 spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, struct xdr_buf * text, struct xdr_netobj * token, int toktype); 44u32 spkm3_make_token(struct spkm3_ctx *ctx, struct xdr_buf * text, struct xdr_netobj * token, int toktype);
45 45
46u32 spkm3_read_token(struct spkm3_ctx *ctx, struct xdr_netobj *read_token, struct xdr_buf *message_buffer, int *qop_state, int toktype); 46u32 spkm3_read_token(struct spkm3_ctx *ctx, struct xdr_netobj *read_token, struct xdr_buf *message_buffer, int toktype);
47 47
48#define CKSUMTYPE_RSA_MD5 0x0007 48#define CKSUMTYPE_RSA_MD5 0x0007
49 49
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5e4872058ec7..f44f46f1d8e0 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -854,9 +854,7 @@ gss_marshal(struct rpc_task *task, u32 *p)
854 *p++ = htonl(RPC_AUTH_GSS); 854 *p++ = htonl(RPC_AUTH_GSS);
855 855
856 mic.data = (u8 *)(p + 1); 856 mic.data = (u8 *)(p + 1);
857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
858 GSS_C_QOP_DEFAULT,
859 &verf_buf, &mic);
860 if (maj_stat == GSS_S_CONTEXT_EXPIRED) { 858 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
861 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 859 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
862 } else if (maj_stat != 0) { 860 } else if (maj_stat != 0) {
@@ -888,7 +886,7 @@ gss_validate(struct rpc_task *task, u32 *p)
888{ 886{
889 struct rpc_cred *cred = task->tk_msg.rpc_cred; 887 struct rpc_cred *cred = task->tk_msg.rpc_cred;
890 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); 888 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
891 u32 seq, qop_state; 889 u32 seq;
892 struct kvec iov; 890 struct kvec iov;
893 struct xdr_buf verf_buf; 891 struct xdr_buf verf_buf;
894 struct xdr_netobj mic; 892 struct xdr_netobj mic;
@@ -909,7 +907,7 @@ gss_validate(struct rpc_task *task, u32 *p)
909 mic.data = (u8 *)p; 907 mic.data = (u8 *)p;
910 mic.len = len; 908 mic.len = len;
911 909
912 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic, &qop_state); 910 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
913 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 911 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
914 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 912 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
915 if (maj_stat) 913 if (maj_stat)
@@ -961,8 +959,7 @@ gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
961 p = iov->iov_base + iov->iov_len; 959 p = iov->iov_base + iov->iov_len;
962 mic.data = (u8 *)(p + 1); 960 mic.data = (u8 *)(p + 1);
963 961
964 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 962 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
965 GSS_C_QOP_DEFAULT, &integ_buf, &mic);
966 status = -EIO; /* XXX? */ 963 status = -EIO; /* XXX? */
967 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 964 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
968 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 965 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
@@ -1057,8 +1054,7 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1057 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); 1054 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1058 snd_buf->tail[0].iov_base = tmp; 1055 snd_buf->tail[0].iov_base = tmp;
1059 } 1056 }
1060 maj_stat = gss_wrap(ctx->gc_gss_ctx, GSS_C_QOP_DEFAULT, offset, 1057 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1061 snd_buf, inpages);
1062 /* RPC_SLACK_SPACE should prevent this ever happening: */ 1058 /* RPC_SLACK_SPACE should prevent this ever happening: */
1063 BUG_ON(snd_buf->len > snd_buf->buflen); 1059 BUG_ON(snd_buf->len > snd_buf->buflen);
1064 status = -EIO; 1060 status = -EIO;
@@ -1150,8 +1146,7 @@ gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1150 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) 1146 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1151 return status; 1147 return status;
1152 1148
1153 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, 1149 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1154 &mic, NULL);
1155 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1150 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1156 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1151 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1157 if (maj_stat != GSS_S_COMPLETE) 1152 if (maj_stat != GSS_S_COMPLETE)
@@ -1176,8 +1171,7 @@ gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1176 /* remove padding: */ 1171 /* remove padding: */
1177 rcv_buf->len = offset + opaque_len; 1172 rcv_buf->len = offset + opaque_len;
1178 1173
1179 maj_stat = gss_unwrap(ctx->gc_gss_ctx, NULL, 1174 maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1180 offset, rcv_buf);
1181 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1175 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1182 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1176 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1183 if (maj_stat != GSS_S_COMPLETE) 1177 if (maj_stat != GSS_S_COMPLETE)
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 37a9ad97ccd4..9ffac2c50b94 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -193,15 +193,12 @@ gss_delete_sec_context_kerberos(void *internal_ctx) {
193static u32 193static u32
194gss_verify_mic_kerberos(struct gss_ctx *ctx, 194gss_verify_mic_kerberos(struct gss_ctx *ctx,
195 struct xdr_buf *message, 195 struct xdr_buf *message,
196 struct xdr_netobj *mic_token, 196 struct xdr_netobj *mic_token)
197 u32 *qstate) { 197{
198 u32 maj_stat = 0; 198 u32 maj_stat = 0;
199 int qop_state;
200 struct krb5_ctx *kctx = ctx->internal_ctx_id; 199 struct krb5_ctx *kctx = ctx->internal_ctx_id;
201 200
202 maj_stat = krb5_read_token(kctx, mic_token, message, &qop_state); 201 maj_stat = krb5_read_token(kctx, mic_token, message);
203 if (!maj_stat && qop_state)
204 *qstate = qop_state;
205 202
206 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat); 203 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat);
207 return maj_stat; 204 return maj_stat;
@@ -209,13 +206,12 @@ gss_verify_mic_kerberos(struct gss_ctx *ctx,
209 206
210static u32 207static u32
211gss_get_mic_kerberos(struct gss_ctx *ctx, 208gss_get_mic_kerberos(struct gss_ctx *ctx,
212 u32 qop,
213 struct xdr_buf *message, 209 struct xdr_buf *message,
214 struct xdr_netobj *mic_token) { 210 struct xdr_netobj *mic_token) {
215 u32 err = 0; 211 u32 err = 0;
216 struct krb5_ctx *kctx = ctx->internal_ctx_id; 212 struct krb5_ctx *kctx = ctx->internal_ctx_id;
217 213
218 err = krb5_make_token(kctx, qop, message, mic_token); 214 err = krb5_make_token(kctx, message, mic_token);
219 215
220 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err); 216 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err);
221 217
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index fb852d9ab06f..15227c727c8b 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -71,7 +71,7 @@
71#endif 71#endif
72 72
73u32 73u32
74krb5_make_token(struct krb5_ctx *ctx, int qop_req, 74krb5_make_token(struct krb5_ctx *ctx,
75 struct xdr_buf *text, struct xdr_netobj *token) 75 struct xdr_buf *text, struct xdr_netobj *token)
76{ 76{
77 s32 checksum_type; 77 s32 checksum_type;
@@ -83,9 +83,6 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
83 83
84 now = get_seconds(); 84 now = get_seconds();
85 85
86 if (qop_req != 0)
87 goto out_err;
88
89 switch (ctx->signalg) { 86 switch (ctx->signalg) {
90 case SGN_ALG_DES_MAC_MD5: 87 case SGN_ALG_DES_MAC_MD5:
91 checksum_type = CKSUMTYPE_RSA_MD5; 88 checksum_type = CKSUMTYPE_RSA_MD5;
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index c3d6d1bc100c..bcf978627a71 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -74,7 +74,7 @@
74u32 74u32
75krb5_read_token(struct krb5_ctx *ctx, 75krb5_read_token(struct krb5_ctx *ctx,
76 struct xdr_netobj *read_token, 76 struct xdr_netobj *read_token,
77 struct xdr_buf *message_buffer, int *qop_state) 77 struct xdr_buf *message_buffer)
78{ 78{
79 int signalg; 79 int signalg;
80 int sealalg; 80 int sealalg;
@@ -157,9 +157,6 @@ krb5_read_token(struct krb5_ctx *ctx,
157 157
158 /* it got through unscathed. Make sure the context is unexpired */ 158 /* it got through unscathed. Make sure the context is unexpired */
159 159
160 if (qop_state)
161 *qop_state = GSS_C_QOP_DEFAULT;
162
163 now = get_seconds(); 160 now = get_seconds();
164 161
165 ret = GSS_S_CONTEXT_EXPIRED; 162 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index ddcde6e42b23..af777cf9f251 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -116,7 +116,7 @@ make_confounder(char *p, int blocksize)
116/* XXX factor out common code with seal/unseal. */ 116/* XXX factor out common code with seal/unseal. */
117 117
118u32 118u32
119gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, 119gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
120 struct xdr_buf *buf, struct page **pages) 120 struct xdr_buf *buf, struct page **pages)
121{ 121{
122 struct krb5_ctx *kctx = ctx->internal_ctx_id; 122 struct krb5_ctx *kctx = ctx->internal_ctx_id;
@@ -132,9 +132,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset,
132 132
133 now = get_seconds(); 133 now = get_seconds();
134 134
135 if (qop != 0)
136 goto out_err;
137
138 switch (kctx->signalg) { 135 switch (kctx->signalg) {
139 case SGN_ALG_DES_MAC_MD5: 136 case SGN_ALG_DES_MAC_MD5:
140 checksum_type = CKSUMTYPE_RSA_MD5; 137 checksum_type = CKSUMTYPE_RSA_MD5;
@@ -229,8 +226,7 @@ out_err:
229} 226}
230 227
231u32 228u32
232gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, 229gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
233 struct xdr_buf *buf)
234{ 230{
235 struct krb5_ctx *kctx = ctx->internal_ctx_id; 231 struct krb5_ctx *kctx = ctx->internal_ctx_id;
236 int signalg; 232 int signalg;
@@ -328,9 +324,6 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset,
328 324
329 /* it got through unscathed. Make sure the context is unexpired */ 325 /* it got through unscathed. Make sure the context is unexpired */
330 326
331 if (qop)
332 *qop = GSS_C_QOP_DEFAULT;
333
334 now = get_seconds(); 327 now = get_seconds();
335 328
336 ret = GSS_S_CONTEXT_EXPIRED; 329 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 06d97cb3481a..b048bf672da2 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -250,13 +250,11 @@ gss_import_sec_context(const void *input_token, size_t bufsize,
250 250
251u32 251u32
252gss_get_mic(struct gss_ctx *context_handle, 252gss_get_mic(struct gss_ctx *context_handle,
253 u32 qop,
254 struct xdr_buf *message, 253 struct xdr_buf *message,
255 struct xdr_netobj *mic_token) 254 struct xdr_netobj *mic_token)
256{ 255{
257 return context_handle->mech_type->gm_ops 256 return context_handle->mech_type->gm_ops
258 ->gss_get_mic(context_handle, 257 ->gss_get_mic(context_handle,
259 qop,
260 message, 258 message,
261 mic_token); 259 mic_token);
262} 260}
@@ -266,35 +264,31 @@ gss_get_mic(struct gss_ctx *context_handle,
266u32 264u32
267gss_verify_mic(struct gss_ctx *context_handle, 265gss_verify_mic(struct gss_ctx *context_handle,
268 struct xdr_buf *message, 266 struct xdr_buf *message,
269 struct xdr_netobj *mic_token, 267 struct xdr_netobj *mic_token)
270 u32 *qstate)
271{ 268{
272 return context_handle->mech_type->gm_ops 269 return context_handle->mech_type->gm_ops
273 ->gss_verify_mic(context_handle, 270 ->gss_verify_mic(context_handle,
274 message, 271 message,
275 mic_token, 272 mic_token);
276 qstate);
277} 273}
278 274
279u32 275u32
280gss_wrap(struct gss_ctx *ctx_id, 276gss_wrap(struct gss_ctx *ctx_id,
281 u32 qop,
282 int offset, 277 int offset,
283 struct xdr_buf *buf, 278 struct xdr_buf *buf,
284 struct page **inpages) 279 struct page **inpages)
285{ 280{
286 return ctx_id->mech_type->gm_ops 281 return ctx_id->mech_type->gm_ops
287 ->gss_wrap(ctx_id, qop, offset, buf, inpages); 282 ->gss_wrap(ctx_id, offset, buf, inpages);
288} 283}
289 284
290u32 285u32
291gss_unwrap(struct gss_ctx *ctx_id, 286gss_unwrap(struct gss_ctx *ctx_id,
292 u32 *qop,
293 int offset, 287 int offset,
294 struct xdr_buf *buf) 288 struct xdr_buf *buf)
295{ 289{
296 return ctx_id->mech_type->gm_ops 290 return ctx_id->mech_type->gm_ops
297 ->gss_unwrap(ctx_id, qop, offset, buf); 291 ->gss_unwrap(ctx_id, offset, buf);
298} 292}
299 293
300 294
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 6c97d61baa9b..39b3edc14694 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -224,18 +224,13 @@ gss_delete_sec_context_spkm3(void *internal_ctx) {
224static u32 224static u32
225gss_verify_mic_spkm3(struct gss_ctx *ctx, 225gss_verify_mic_spkm3(struct gss_ctx *ctx,
226 struct xdr_buf *signbuf, 226 struct xdr_buf *signbuf,
227 struct xdr_netobj *checksum, 227 struct xdr_netobj *checksum)
228 u32 *qstate) { 228{
229 u32 maj_stat = 0; 229 u32 maj_stat = 0;
230 int qop_state = 0;
231 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 230 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
232 231
233 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); 232 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n");
234 maj_stat = spkm3_read_token(sctx, checksum, signbuf, &qop_state, 233 maj_stat = spkm3_read_token(sctx, checksum, signbuf, SPKM_MIC_TOK);
235 SPKM_MIC_TOK);
236
237 if (!maj_stat && qop_state)
238 *qstate = qop_state;
239 234
240 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); 235 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat);
241 return maj_stat; 236 return maj_stat;
@@ -243,15 +238,15 @@ gss_verify_mic_spkm3(struct gss_ctx *ctx,
243 238
244static u32 239static u32
245gss_get_mic_spkm3(struct gss_ctx *ctx, 240gss_get_mic_spkm3(struct gss_ctx *ctx,
246 u32 qop,
247 struct xdr_buf *message_buffer, 241 struct xdr_buf *message_buffer,
248 struct xdr_netobj *message_token) { 242 struct xdr_netobj *message_token)
243{
249 u32 err = 0; 244 u32 err = 0;
250 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 245 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
251 246
252 dprintk("RPC: gss_get_mic_spkm3\n"); 247 dprintk("RPC: gss_get_mic_spkm3\n");
253 248
254 err = spkm3_make_token(sctx, qop, message_buffer, 249 err = spkm3_make_token(sctx, message_buffer,
255 message_token, SPKM_MIC_TOK); 250 message_token, SPKM_MIC_TOK);
256 return err; 251 return err;
257} 252}
@@ -264,8 +259,8 @@ static struct gss_api_ops gss_spkm3_ops = {
264}; 259};
265 260
266static struct pf_desc gss_spkm3_pfs[] = { 261static struct pf_desc gss_spkm3_pfs[] = {
267 {RPC_AUTH_GSS_SPKM, 0, RPC_GSS_SVC_NONE, "spkm3"}, 262 {RPC_AUTH_GSS_SPKM, RPC_GSS_SVC_NONE, "spkm3"},
268 {RPC_AUTH_GSS_SPKMI, 0, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, 263 {RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, "spkm3i"},
269}; 264};
270 265
271static struct gss_api_mech gss_spkm3_mech = { 266static struct gss_api_mech gss_spkm3_mech = {
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index 25339868d462..148201e929d0 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -51,7 +51,7 @@
51 */ 51 */
52 52
53u32 53u32
54spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, 54spkm3_make_token(struct spkm3_ctx *ctx,
55 struct xdr_buf * text, struct xdr_netobj * token, 55 struct xdr_buf * text, struct xdr_netobj * token,
56 int toktype) 56 int toktype)
57{ 57{
@@ -68,8 +68,6 @@ spkm3_make_token(struct spkm3_ctx *ctx, int qop_req,
68 dprintk("RPC: spkm3_make_token\n"); 68 dprintk("RPC: spkm3_make_token\n");
69 69
70 now = jiffies; 70 now = jiffies;
71 if (qop_req != 0)
72 goto out_err;
73 71
74 if (ctx->ctx_id.len != 16) { 72 if (ctx->ctx_id.len != 16) {
75 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n", 73 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n",
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
index 65ce81bf0bc4..c3c0d9586103 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
@@ -52,7 +52,7 @@ u32
52spkm3_read_token(struct spkm3_ctx *ctx, 52spkm3_read_token(struct spkm3_ctx *ctx,
53 struct xdr_netobj *read_token, /* checksum */ 53 struct xdr_netobj *read_token, /* checksum */
54 struct xdr_buf *message_buffer, /* signbuf */ 54 struct xdr_buf *message_buffer, /* signbuf */
55 int *qop_state, int toktype) 55 int toktype)
56{ 56{
57 s32 code; 57 s32 code;
58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; 58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL};
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index e3308195374e..e4ada15ed856 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -566,8 +566,7 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
566 566
567 if (rqstp->rq_deferred) /* skip verification of revisited request */ 567 if (rqstp->rq_deferred) /* skip verification of revisited request */
568 return SVC_OK; 568 return SVC_OK;
569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum, NULL) 569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) {
570 != GSS_S_COMPLETE) {
571 *authp = rpcsec_gsserr_credproblem; 570 *authp = rpcsec_gsserr_credproblem;
572 return SVC_DENIED; 571 return SVC_DENIED;
573 } 572 }
@@ -604,7 +603,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
604 xdr_buf_from_iov(&iov, &verf_data); 603 xdr_buf_from_iov(&iov, &verf_data);
605 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; 604 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
606 mic.data = (u8 *)(p + 1); 605 mic.data = (u8 *)(p + 1);
607 maj_stat = gss_get_mic(ctx_id, 0, &verf_data, &mic); 606 maj_stat = gss_get_mic(ctx_id, &verf_data, &mic);
608 if (maj_stat != GSS_S_COMPLETE) 607 if (maj_stat != GSS_S_COMPLETE)
609 return -1; 608 return -1;
610 *p++ = htonl(mic.len); 609 *p++ = htonl(mic.len);
@@ -710,7 +709,7 @@ unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
710 goto out; 709 goto out;
711 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) 710 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
712 goto out; 711 goto out;
713 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic, NULL); 712 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
714 if (maj_stat != GSS_S_COMPLETE) 713 if (maj_stat != GSS_S_COMPLETE)
715 goto out; 714 goto out;
716 if (ntohl(svc_getu32(&buf->head[0])) != seq) 715 if (ntohl(svc_getu32(&buf->head[0])) != seq)
@@ -1012,7 +1011,7 @@ svcauth_gss_release(struct svc_rqst *rqstp)
1012 resv = &resbuf->tail[0]; 1011 resv = &resbuf->tail[0];
1013 } 1012 }
1014 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; 1013 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4;
1015 if (gss_get_mic(gsd->rsci->mechctx, 0, &integ_buf, &mic)) 1014 if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic))
1016 goto out_err; 1015 goto out_err;
1017 svc_putu32(resv, htonl(mic.len)); 1016 svc_putu32(resv, htonl(mic.len));
1018 memset(mic.data + mic.len, 0, 1017 memset(mic.data + mic.len, 0,
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-22 07:55:56 -0500