gss: krb5: remove signalg and sealalg
We designed the krb5 context import without completely understanding the
context. Now it's clear that there are a number of fields that we ignore,
or that we depend on having one single value.
In particular, we only support one value of signalg currently; so let's
check the signalg field in the downcall (in case we decide there's
something else we could support here eventually), but ignore it otherwise.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index e30ba20..f680ed3 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -44,7 +44,6 @@
int initiate; /* 1 = initiating, 0 = accepting */
int seed_init;
unsigned char seed[16];
- int signalg;
int sealalg;
struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq;
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 754b8cd..1758716 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -129,6 +129,7 @@
{
const void *end = (const void *)((const char *)p + len);
struct krb5_ctx *ctx;
+ int tmp;
if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
goto out_err;
@@ -142,9 +143,11 @@
p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
if (IS_ERR(p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
+ p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
+ if (tmp != SGN_ALG_DES_MAC_MD5)
+ goto out_err_free_ctx;
p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
if (IS_ERR(p))
goto out_err_free_ctx;
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index dc58af0..a496af5 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -88,15 +88,7 @@
now = get_seconds();
- switch (ctx->signalg) {
- case SGN_ALG_DES_MAC_MD5:
- checksum_type = CKSUMTYPE_RSA_MD5;
- break;
- default:
- dprintk("RPC: gss_krb5_seal: ctx->signalg %d not"
- " supported\n", ctx->signalg);
- goto out_err;
- }
+ checksum_type = CKSUMTYPE_RSA_MD5;
if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
dprintk("RPC: gss_krb5_seal: ctx->sealalg %d not supported\n",
ctx->sealalg);
@@ -115,24 +107,18 @@
krb5_hdr = ptr - 2;
msg_start = krb5_hdr + 24;
- *(__be16 *)(krb5_hdr + 2) = htons(ctx->signalg);
+ *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
memset(krb5_hdr + 4, 0xff, 4);
if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
- goto out_err;
+ goto out_err;
- switch (ctx->signalg) {
- case SGN_ALG_DES_MAC_MD5:
- if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
- md5cksum.data, md5cksum.len))
- goto out_err;
- memcpy(krb5_hdr + 16,
- md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
- KRB5_CKSUM_LENGTH);
- break;
- default:
- BUG();
- }
+ if (krb5_encrypt(ctx->seq, NULL, md5cksum.data,
+ md5cksum.data, md5cksum.len))
+ goto out_err;
+ memcpy(krb5_hdr + 16,
+ md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
+ KRB5_CKSUM_LENGTH);
spin_lock(&krb5_seq_lock);
seq_send = ctx->seq_send++;
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index ad24387..eee49f4 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -134,15 +134,7 @@
now = get_seconds();
- switch (kctx->signalg) {
- case SGN_ALG_DES_MAC_MD5:
- checksum_type = CKSUMTYPE_RSA_MD5;
- break;
- default:
- dprintk("RPC: gss_krb5_seal: kctx->signalg %d not"
- " supported\n", kctx->signalg);
- goto out_err;
- }
+ checksum_type = CKSUMTYPE_RSA_MD5;
if (kctx->sealalg != SEAL_ALG_NONE && kctx->sealalg != SEAL_ALG_DES) {
dprintk("RPC: gss_krb5_seal: kctx->sealalg %d not supported\n",
kctx->sealalg);
@@ -177,7 +169,7 @@
msg_start = krb5_hdr + 24;
/* XXXJBF: */ BUG_ON(buf->head[0].iov_base + offset + headlen != msg_start + blocksize);
- *(__be16 *)(krb5_hdr + 2) = htons(kctx->signalg);
+ *(__be16 *)(krb5_hdr + 2) = htons(SGN_ALG_DES_MAC_MD5);
memset(krb5_hdr + 4, 0xff, 4);
*(__be16 *)(krb5_hdr + 4) = htons(kctx->sealalg);
@@ -191,18 +183,12 @@
goto out_err;
buf->pages = tmp_pages;
- switch (kctx->signalg) {
- case SGN_ALG_DES_MAC_MD5:
- if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
- md5cksum.data, md5cksum.len))
- goto out_err;
- memcpy(krb5_hdr + 16,
- md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
- KRB5_CKSUM_LENGTH);
- break;
- default:
- BUG();
- }
+ if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
+ md5cksum.data, md5cksum.len))
+ goto out_err;
+ memcpy(krb5_hdr + 16,
+ md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
+ KRB5_CKSUM_LENGTH);
spin_lock(&krb5_seq_lock);
seq_send = kctx->seq_send++;