aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c20
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c12
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c11
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c14
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_mech.c21
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_seal.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_unseal.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c9
10 files changed, 33 insertions, 70 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 5e4872058ec7..f44f46f1d8e0 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -854,9 +854,7 @@ gss_marshal(struct rpc_task *task, u32 *p)
854 *p++ = htonl(RPC_AUTH_GSS); 854 *p++ = htonl(RPC_AUTH_GSS);
855 855
856 mic.data = (u8 *)(p + 1); 856 mic.data = (u8 *)(p + 1);
857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 857 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
858 GSS_C_QOP_DEFAULT,
859 &verf_buf, &mic);
860 if (maj_stat == GSS_S_CONTEXT_EXPIRED) { 858 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
861 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 859 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
862 } else if (maj_stat != 0) { 860 } else if (maj_stat != 0) {
@@ -888,7 +886,7 @@ gss_validate(struct rpc_task *task, u32 *p)
888{ 886{
889 struct rpc_cred *cred = task->tk_msg.rpc_cred; 887 struct rpc_cred *cred = task->tk_msg.rpc_cred;
890 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); 888 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
891 u32 seq, qop_state; 889 u32 seq;
892 struct kvec iov; 890 struct kvec iov;
893 struct xdr_buf verf_buf; 891 struct xdr_buf verf_buf;
894 struct xdr_netobj mic; 892 struct xdr_netobj mic;
@@ -909,7 +907,7 @@ gss_validate(struct rpc_task *task, u32 *p)
909 mic.data = (u8 *)p; 907 mic.data = (u8 *)p;
910 mic.len = len; 908 mic.len = len;
911 909
912 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic, &qop_state); 910 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
913 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 911 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
914 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 912 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
915 if (maj_stat) 913 if (maj_stat)
@@ -961,8 +959,7 @@ gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
961 p = iov->iov_base + iov->iov_len; 959 p = iov->iov_base + iov->iov_len;
962 mic.data = (u8 *)(p + 1); 960 mic.data = (u8 *)(p + 1);
963 961
964 maj_stat = gss_get_mic(ctx->gc_gss_ctx, 962 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
965 GSS_C_QOP_DEFAULT, &integ_buf, &mic);
966 status = -EIO; /* XXX? */ 963 status = -EIO; /* XXX? */
967 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 964 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
968 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 965 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
@@ -1057,8 +1054,7 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1057 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); 1054 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1058 snd_buf->tail[0].iov_base = tmp; 1055 snd_buf->tail[0].iov_base = tmp;
1059 } 1056 }
1060 maj_stat = gss_wrap(ctx->gc_gss_ctx, GSS_C_QOP_DEFAULT, offset, 1057 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1061 snd_buf, inpages);
1062 /* RPC_SLACK_SPACE should prevent this ever happening: */ 1058 /* RPC_SLACK_SPACE should prevent this ever happening: */
1063 BUG_ON(snd_buf->len > snd_buf->buflen); 1059 BUG_ON(snd_buf->len > snd_buf->buflen);
1064 status = -EIO; 1060 status = -EIO;
@@ -1150,8 +1146,7 @@ gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1150 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) 1146 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1151 return status; 1147 return status;
1152 1148
1153 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, 1149 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1154 &mic, NULL);
1155 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1150 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1156 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1151 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1157 if (maj_stat != GSS_S_COMPLETE) 1152 if (maj_stat != GSS_S_COMPLETE)
@@ -1176,8 +1171,7 @@ gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1176 /* remove padding: */ 1171 /* remove padding: */
1177 rcv_buf->len = offset + opaque_len; 1172 rcv_buf->len = offset + opaque_len;
1178 1173
1179 maj_stat = gss_unwrap(ctx->gc_gss_ctx, NULL, 1174 maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1180 offset, rcv_buf);
1181 if (maj_stat == GSS_S_CONTEXT_EXPIRED) 1175 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1182 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; 1176 cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
1183 if (maj_stat != GSS_S_COMPLETE) 1177 if (maj_stat != GSS_S_COMPLETE)
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 37a9ad97ccd4..9ffac2c50b94 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -193,15 +193,12 @@ gss_delete_sec_context_kerberos(void *internal_ctx) {
193static u32 193static u32
194gss_verify_mic_kerberos(struct gss_ctx *ctx, 194gss_verify_mic_kerberos(struct gss_ctx *ctx,
195 struct xdr_buf *message, 195 struct xdr_buf *message,
196 struct xdr_netobj *mic_token, 196 struct xdr_netobj *mic_token)
197 u32 *qstate) { 197{
198 u32 maj_stat = 0; 198 u32 maj_stat = 0;
199 int qop_state;
200 struct krb5_ctx *kctx = ctx->internal_ctx_id; 199 struct krb5_ctx *kctx = ctx->internal_ctx_id;
201 200
202 maj_stat = krb5_read_token(kctx, mic_token, message, &qop_state); 201 maj_stat = krb5_read_token(kctx, mic_token, message);
203 if (!maj_stat && qop_state)
204 *qstate = qop_state;
205 202
206 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat); 203 dprintk("RPC: gss_verify_mic_kerberos returning %d\n", maj_stat);
207 return maj_stat; 204 return maj_stat;
@@ -209,13 +206,12 @@ gss_verify_mic_kerberos(struct gss_ctx *ctx,
209 206
210static u32 207static u32
211gss_get_mic_kerberos(struct gss_ctx *ctx, 208gss_get_mic_kerberos(struct gss_ctx *ctx,
212 u32 qop,
213 struct xdr_buf *message, 209 struct xdr_buf *message,
214 struct xdr_netobj *mic_token) { 210 struct xdr_netobj *mic_token) {
215 u32 err = 0; 211 u32 err = 0;
216 struct krb5_ctx *kctx = ctx->internal_ctx_id; 212 struct krb5_ctx *kctx = ctx->internal_ctx_id;
217 213
218 err = krb5_make_token(kctx, qop, message, mic_token); 214 err = krb5_make_token(kctx, message, mic_token);
219 215
220 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err); 216 dprintk("RPC: gss_get_mic_kerberos returning %d\n",err);
221 217
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index fb852d9ab06f..15227c727c8b 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -71,7 +71,7 @@
71#endif 71#endif
72 72
73u32 73u32
74krb5_make_token(struct krb5_ctx *ctx, int qop_req, 74krb5_make_token(struct krb5_ctx *ctx,
75 struct xdr_buf *text, struct xdr_netobj *token) 75 struct xdr_buf *text, struct xdr_netobj *token)
76{ 76{
77 s32 checksum_type; 77 s32 checksum_type;
@@ -83,9 +83,6 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
83 83
84 now = get_seconds(); 84 now = get_seconds();
85 85
86 if (qop_req != 0)
87 goto out_err;
88
89 switch (ctx->signalg) { 86 switch (ctx->signalg) {
90 case SGN_ALG_DES_MAC_MD5: 87 case SGN_ALG_DES_MAC_MD5:
91 checksum_type = CKSUMTYPE_RSA_MD5; 88 checksum_type = CKSUMTYPE_RSA_MD5;
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index c3d6d1bc100c..bcf978627a71 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -74,7 +74,7 @@
74u32 74u32
75krb5_read_token(struct krb5_ctx *ctx, 75krb5_read_token(struct krb5_ctx *ctx,
76 struct xdr_netobj *read_token, 76 struct xdr_netobj *read_token,
77 struct xdr_buf *message_buffer, int *qop_state) 77 struct xdr_buf *message_buffer)
78{ 78{
79 int signalg; 79 int signalg;
80 int sealalg; 80 int sealalg;
@@ -157,9 +157,6 @@ krb5_read_token(struct krb5_ctx *ctx,
157 157
158 /* it got through unscathed. Make sure the context is unexpired */ 158 /* it got through unscathed. Make sure the context is unexpired */
159 159
160 if (qop_state)
161 *qop_state = GSS_C_QOP_DEFAULT;
162
163 now = get_seconds(); 160 now = get_seconds();
164 161
165 ret = GSS_S_CONTEXT_EXPIRED; 162 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index ddcde6e42b23..af777cf9f251 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -116,7 +116,7 @@ make_confounder(char *p, int blocksize)
116/* XXX factor out common code with seal/unseal. */ 116/* XXX factor out common code with seal/unseal. */
117 117
118u32 118u32
119gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset, 119gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
120 struct xdr_buf *buf, struct page **pages) 120 struct xdr_buf *buf, struct page **pages)
121{ 121{
122 struct krb5_ctx *kctx = ctx->internal_ctx_id; 122 struct krb5_ctx *kctx = ctx->internal_ctx_id;
@@ -132,9 +132,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, u32 qop, int offset,
132 132
133 now = get_seconds(); 133 now = get_seconds();
134 134
135 if (qop != 0)
136 goto out_err;
137
138 switch (kctx->signalg) { 135 switch (kctx->signalg) {
139 case SGN_ALG_DES_MAC_MD5: 136 case SGN_ALG_DES_MAC_MD5:
140 checksum_type = CKSUMTYPE_RSA_MD5; 137 checksum_type = CKSUMTYPE_RSA_MD5;
@@ -229,8 +226,7 @@ out_err:
229} 226}
230 227
231u32 228u32
232gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset, 229gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
233 struct xdr_buf *buf)
234{ 230{
235 struct krb5_ctx *kctx = ctx->internal_ctx_id; 231 struct krb5_ctx *kctx = ctx->internal_ctx_id;
236 int signalg; 232 int signalg;
@@ -328,9 +324,6 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, u32 *qop, int offset,
328 324
329 /* it got through unscathed. Make sure the context is unexpired */ 325 /* it got through unscathed. Make sure the context is unexpired */
330 326
331 if (qop)
332 *qop = GSS_C_QOP_DEFAULT;
333
334 now = get_seconds(); 327 now = get_seconds();
335 328
336 ret = GSS_S_CONTEXT_EXPIRED; 329 ret = GSS_S_CONTEXT_EXPIRED;
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 06d97cb3481a..b048bf672da2 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -250,13 +250,11 @@ gss_import_sec_context(const void *input_token, size_t bufsize,
250 250
251u32 251u32
252gss_get_mic(struct gss_ctx *context_handle, 252gss_get_mic(struct gss_ctx *context_handle,
253 u32 qop,
254 struct xdr_buf *message, 253 struct xdr_buf *message,
255 struct xdr_netobj *mic_token) 254 struct xdr_netobj *mic_token)
256{ 255{
257 return context_handle->mech_type->gm_ops 256 return context_handle->mech_type->gm_ops
258 ->gss_get_mic(context_handle, 257 ->gss_get_mic(context_handle,
259 qop,
260 message, 258 message,
261 mic_token); 259 mic_token);
262} 260}
@@ -266,35 +264,31 @@ gss_get_mic(struct gss_ctx *context_handle,
266u32 264u32
267gss_verify_mic(struct gss_ctx *context_handle, 265gss_verify_mic(struct gss_ctx *context_handle,
268 struct xdr_buf *message, 266 struct xdr_buf *message,
269 struct xdr_netobj *mic_token, 267 struct xdr_netobj *mic_token)
270 u32 *qstate)
271{ 268{
272 return context_handle->mech_type->gm_ops 269 return context_handle->mech_type->gm_ops
273 ->gss_verify_mic(context_handle, 270 ->gss_verify_mic(context_handle,
274 message, 271 message,
275 mic_token, 272 mic_token);
276 qstate);
277} 273}
278 274
279u32 275u32
280gss_wrap(struct gss_ctx *ctx_id, 276gss_wrap(struct gss_ctx *ctx_id,
281 u32 qop,
282 int offset, 277 int offset,
283 struct xdr_buf *buf, 278 struct xdr_buf *buf,
284 struct page **inpages) 279 struct page **inpages)
285{ 280{
286 return ctx_id->mech_type->gm_ops 281 return ctx_id->mech_type->gm_ops
287 ->gss_wrap(ctx_id, qop, offset, buf, inpages); 282 ->gss_wrap(ctx_id, offset, buf, inpages);
288} 283}
289 284
290u32 285u32
291gss_unwrap(struct gss_ctx *ctx_id, 286gss_unwrap(struct gss_ctx *ctx_id,
292 u32 *qop,
293 int offset, 287 int offset,
294 struct xdr_buf *buf) 288 struct xdr_buf *buf)
295{ 289{
296 return ctx_id->mech_type->gm_ops 290 return ctx_id->mech_type->gm_ops
297 ->gss_unwrap(ctx_id, qop, offset, buf); 291 ->gss_unwrap(ctx_id, offset, buf);
298} 292}
299 293
300 294
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 6c97d61baa9b..39b3edc14694 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -224,18 +224,13 @@ gss_delete_sec_context_spkm3(void *internal_ctx) {
224static u32 224static u32
225gss_verify_mic_spkm3(struct gss_ctx *ctx, 225gss_verify_mic_spkm3(struct gss_ctx *ctx,
226 struct xdr_buf *signbuf, 226 struct xdr_buf *signbuf,
227 struct xdr_netobj *checksum, 227 struct xdr_netobj *checksum)
228 u32 *qstate) { 228{
229 u32 maj_stat = 0; 229 u32 maj_stat = 0;
230 int qop_state = 0;
231 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 230 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
232 231
233 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n"); 232 dprintk("RPC: gss_verify_mic_spkm3 calling spkm3_read_token\n");
234 maj_stat = spkm3_read_token(sctx, checksum, signbuf, &qop_state, 233 maj_stat = spkm3_read_token(sctx, checksum, signbuf, SPKM_MIC_TOK);
235 SPKM_MIC_TOK);
236
237 if (!maj_stat && qop_state)
238 *qstate = qop_state;
239 234
240 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat); 235 dprintk("RPC: gss_verify_mic_spkm3 returning %d\n", maj_stat);
241 return maj_stat; 236 return maj_stat;
@@ -243,15 +238,15 @@ gss_verify_mic_spkm3(struct gss_ctx *ctx,
243 238
244static u32 239static u32
245gss_get_mic_spkm3(struct gss_ctx *ctx, 240gss_get_mic_spkm3(struct gss_ctx *ctx,
246 u32 qop,
247 struct xdr_buf *message_buffer, 241 struct xdr_buf *message_buffer,
248 struct xdr_netobj *message_token) { 242 struct xdr_netobj *message_token)
243{
249 u32 err = 0; 244 u32 err = 0;
250 struct spkm3_ctx *sctx = ctx->internal_ctx_id; 245 struct spkm3_ctx *sctx = ctx->internal_ctx_id;
251 246
252 dprintk("RPC: gss_get_mic_spkm3\n"); 247 dprintk("RPC: gss_get_mic_spkm3\n");
253 248
254 err = spkm3_make_token(sctx, qop, message_buffer, 249 err = spkm3_make_token(sctx, message_buffer,
255 message_token, SPKM_MIC_TOK); 250 message_token, SPKM_MIC_TOK);
256 return err; 251 return err;
257} 252}
@@ -264,8 +259,8 @@ static struct gss_api_ops gss_spkm3_ops = {
264}; 259};
265 260
266static struct pf_desc gss_spkm3_pfs[] = { 261static struct pf_desc gss_spkm3_pfs[] = {
267 {RPC_AUTH_GSS_SPKM, 0, RPC_GSS_SVC_NONE, "spkm3"}, 262 {RPC_AUTH_GSS_SPKM, RPC_GSS_SVC_NONE, "spkm3"},
268 {RPC_AUTH_GSS_SPKMI, 0, RPC_GSS_SVC_INTEGRITY, "spkm3i"}, 263 {RPC_AUTH_GSS_SPKMI, RPC_GSS_SVC_INTEGRITY, "spkm3i"},
269}; 264};
270 265
271static struct gss_api_mech gss_spkm3_mech = { 266static struct gss_api_mech gss_spkm3_mech = {
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index 25339868d462..148201e929d0 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -51,7 +51,7 @@
51 */ 51 */
52 52
53u32 53u32
54spkm3_make_token(struct spkm3_ctx *ctx, int qop_req, 54spkm3_make_token(struct spkm3_ctx *ctx,
55 struct xdr_buf * text, struct xdr_netobj * token, 55 struct xdr_buf * text, struct xdr_netobj * token,
56 int toktype) 56 int toktype)
57{ 57{
@@ -68,8 +68,6 @@ spkm3_make_token(struct spkm3_ctx *ctx, int qop_req,
68 dprintk("RPC: spkm3_make_token\n"); 68 dprintk("RPC: spkm3_make_token\n");
69 69
70 now = jiffies; 70 now = jiffies;
71 if (qop_req != 0)
72 goto out_err;
73 71
74 if (ctx->ctx_id.len != 16) { 72 if (ctx->ctx_id.len != 16) {
75 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n", 73 dprintk("RPC: spkm3_make_token BAD ctx_id.len %d\n",
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
index 65ce81bf0bc4..c3c0d9586103 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
@@ -52,7 +52,7 @@ u32
52spkm3_read_token(struct spkm3_ctx *ctx, 52spkm3_read_token(struct spkm3_ctx *ctx,
53 struct xdr_netobj *read_token, /* checksum */ 53 struct xdr_netobj *read_token, /* checksum */
54 struct xdr_buf *message_buffer, /* signbuf */ 54 struct xdr_buf *message_buffer, /* signbuf */
55 int *qop_state, int toktype) 55 int toktype)
56{ 56{
57 s32 code; 57 s32 code;
58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; 58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL};
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index e3308195374e..e4ada15ed856 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -566,8 +566,7 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
566 566
567 if (rqstp->rq_deferred) /* skip verification of revisited request */ 567 if (rqstp->rq_deferred) /* skip verification of revisited request */
568 return SVC_OK; 568 return SVC_OK;
569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum, NULL) 569 if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) {
570 != GSS_S_COMPLETE) {
571 *authp = rpcsec_gsserr_credproblem; 570 *authp = rpcsec_gsserr_credproblem;
572 return SVC_DENIED; 571 return SVC_DENIED;
573 } 572 }
@@ -604,7 +603,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
604 xdr_buf_from_iov(&iov, &verf_data); 603 xdr_buf_from_iov(&iov, &verf_data);
605 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; 604 p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
606 mic.data = (u8 *)(p + 1); 605 mic.data = (u8 *)(p + 1);
607 maj_stat = gss_get_mic(ctx_id, 0, &verf_data, &mic); 606 maj_stat = gss_get_mic(ctx_id, &verf_data, &mic);
608 if (maj_stat != GSS_S_COMPLETE) 607 if (maj_stat != GSS_S_COMPLETE)
609 return -1; 608 return -1;
610 *p++ = htonl(mic.len); 609 *p++ = htonl(mic.len);
@@ -710,7 +709,7 @@ unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
710 goto out; 709 goto out;
711 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) 710 if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
712 goto out; 711 goto out;
713 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic, NULL); 712 maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
714 if (maj_stat != GSS_S_COMPLETE) 713 if (maj_stat != GSS_S_COMPLETE)
715 goto out; 714 goto out;
716 if (ntohl(svc_getu32(&buf->head[0])) != seq) 715 if (ntohl(svc_getu32(&buf->head[0])) != seq)
@@ -1012,7 +1011,7 @@ svcauth_gss_release(struct svc_rqst *rqstp)
1012 resv = &resbuf->tail[0]; 1011 resv = &resbuf->tail[0];
1013 } 1012 }
1014 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; 1013 mic.data = (u8 *)resv->iov_base + resv->iov_len + 4;
1015 if (gss_get_mic(gsd->rsci->mechctx, 0, &integ_buf, &mic)) 1014 if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic))
1016 goto out_err; 1015 goto out_err;
1017 svc_putu32(resv, htonl(mic.len)); 1016 svc_putu32(resv, htonl(mic.len));
1018 memset(mic.data + mic.len, 0, 1017 memset(mic.data + mic.len, 0,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-08 04:09:39 -0500