diff options
| author | J. Bruce Fields <bfields@fieldses.org> | 2006-12-04 20:22:35 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-12-06 10:46:44 -0500 |
| commit | e678e06bf8fa25981a6fa1f08b979fd086d713f8 (patch) | |
| tree | 1015c61bca28e960a62b52b5cc4045bcacebad6d /net/sunrpc/auth_gss/gss_krb5_wrap.c | |
| parent | adeb8133dd57f380e70a389a89a2ea3ae227f9e2 (diff) | |
| download | linux-stable-e678e06bf8fa25981a6fa1f08b979fd086d713f8.tar.gz linux-stable-e678e06bf8fa25981a6fa1f08b979fd086d713f8.tar.bz2 linux-stable-e678e06bf8fa25981a6fa1f08b979fd086d713f8.zip | |
gss: krb5: remove signalg and sealalg
We designed the krb5 context import without completely understanding the
context. Now it's clear that there are a number of fields that we ignore,
or that we depend on having one single value.
In particular, we only support one value of signalg currently; so let's
check the signalg field in the downcall (in case we decide there's
something else we could support here eventually), but ignore it otherwise.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_wrap.c')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index ad243872f547..eee49f4c4c6a 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c @@ -134,15 +134,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, now = get_seconds(); - switch (kctx->signalg) { - case SGN_ALG_DES_MAC_MD5: - checksum_type = CKSUMTYPE_RSA_MD5; - break; - default: - dprintk("RPC: gss_krb5_seal: kctx->signalg %d not" - " supported\n", kctx->signalg); - goto out_err; - } + checksum_type = CKSUMTYPE_RSA_MD5; if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) { dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n", kctx->sealalg); @@ -177,7 +169,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, msg_start = krb5_hdr + 24; /* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize); - *(__be16 *)(krb5_hdr + 2) = htons(kctx->signalg); + *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5); memset(krb5_hdr + 4, 0xff, 4); *(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg); @@ -191,18 +183,12 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, goto out_err; buf->pages = tmp_pages; - switch (kctx->signalg) { - case SGN_ALG_DES_MAC_MD5: - if (krb5_encrypt(kctx->seq, NULL, md5cksum.data, - md5cksum.data, md5cksum.len)) - goto out_err; - memcpy(krb5_hdr + 16, - md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH, - KRB5_CKSUM_LENGTH); - break; - default: - BUG(); - } + if (krb5_encrypt(kctx->seq, NULL, md5cksum.data, + md5cksum.data, md5cksum.len)) + goto out_err; + memcpy(krb5_hdr + 16, + md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH, + KRB5_CKSUM_LENGTH); spin_lock(&krb5_seq_lock); seq_send = kctx->seq_send++; |