5 files changed, 69 insertions, 12 deletions

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 31bb8a538bf1..5378e455482c 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -48,6 +48,7 @@
 
 struct krb5_ctx {
         int                     initiate; /* 1 = initiating, 0 = accepting */
+        u32                     enctype;
         struct crypto_blkcipher *enc;
         struct crypto_blkcipher *seq;
         s32                     endtime;
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 2deb0ed72ff4..0cd940e897ed 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
         p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
         if (IS_ERR(p))
                 goto out_err_free_ctx;
+        ctx->enctype = ENCTYPE_DES_CBC_RAW;
         /* The downcall format was designed before we completely understood
          * the uses of the context fields; so it includes some stuff we
          * just give some minimal sanity-checking, and some we ignore
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 88fe6e75ed7e..71c2014e7ebf 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -70,11 +70,10 @@
 
 DEFINE_SPINLOCK(krb5_seq_lock);
 
-u32
-gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+static u32
+gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
                 struct xdr_netobj *token)
 {
-        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
         char                    cksumdata[16];
         struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
         unsigned char           *ptr, *msg_start;
@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
         return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
+
+u32
+gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+                     struct xdr_netobj *token)
+{
+        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
+
+        switch (ctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_get_mic_v1(ctx, text, token);
+        }
+}
+
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index ce6c247edad0..069d4b59807a 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -70,11 +70,10 @@
 /* read_token is a mic token, and message_buffer is the data that the mic was
  * supposedly taken over. */
 
-u32
-gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+static u32
+gss_verify_mic_v1(struct krb5_ctx *ctx,
                 struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
 {
-        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
         int                     signalg;
         int                     sealalg;
         char                    cksumdata[16];
@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
 
         return GSS_S_COMPLETE;
 }
+
+u32
+gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+                        struct xdr_buf *message_buffer,
+                        struct xdr_netobj *read_token)
+{
+        struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
+
+        switch (ctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_verify_mic_v1(ctx, message_buffer, read_token);
+        }
+}
+
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 5d6c3b12ea70..b45b59b17ae1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
 
 /* XXX factor out common code with seal/unseal. */
 
-u32
-gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
+static u32
+gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
                 struct xdr_buf *buf, struct page **pages)
 {
-        struct krb5_ctx         *kctx = ctx->internal_ctx_id;
         char                    cksumdata[16];
         struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
         int                     blocksize = 0, plainlen;
@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
         return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
 
-u32
-gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
+static u32
+gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
 {
-        struct krb5_ctx         *kctx = ctx->internal_ctx_id;
         int                     signalg;
         int                     sealalg;
         char                    cksumdata[16];
@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
 
         return GSS_S_COMPLETE;
 }
+
+u32
+gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
+                  struct xdr_buf *buf, struct page **pages)
+{
+        struct krb5_ctx *kctx = gctx->internal_ctx_id;
+
+        switch (kctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
+        }
+}
+
+u32
+gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct xdr_buf *buf)
+{
+        struct krb5_ctx *kctx = gctx->internal_ctx_id;
+
+        switch (kctx->enctype) {
+        default:
+                BUG();
+        case ENCTYPE_DES_CBC_RAW:
+                return gss_unwrap_kerberos_v1(kctx, offset, buf);
+        }
+}
+