Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5d6baef9 authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

gss_krb5: document that we ignore sequence number 



A couple times recently somebody has noticed that we're ignoring a
sequence number here and wondered whether there's a bug.

In fact, there's not.  Thanks to Andy Adamson for pointing out a useful
explanation in rfc 2203.  Add comments citing that rfc, and remove
"seqnum" to prevent static checkers complaining about unused variables.

Reported-by: default avatarAndi Kleen <andi@firstfloor.org>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent b26ec9b1

net/sunrpc/auth_gss/gss_krb5_unseal.c

+4 −4
Original line number Diff line number Diff line
@@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx, 
	struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),

				      .data = cksumdata};

	s32 now;

	u64 seqnum;

	u8 *ptr = read_token->data;

	u8 *cksumkey;

	u8 flags;
@@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx, 
	if (now > ctx->endtime)

		return GSS_S_CONTEXT_EXPIRED;



	/* do sequencing checks */



	seqnum = be64_to_cpup((__be64 *)ptr + 8);

	/*

	 * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss

	 * doesn't want it checked; see page 6 of rfc 2203.

	 */



	return GSS_S_COMPLETE;

}

net/sunrpc/auth_gss/gss_krb5_wrap.c

+4 −2
Original line number Diff line number Diff line
@@ -489,7 +489,6 @@ static u32 
gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)

{

	s32		now;

	u64		seqnum;

	u8		*ptr;

	u8		flags = 0x00;

	u16		ec, rrc;
@@ -525,7 +524,10 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) 
	ec = be16_to_cpup((__be16 *)(ptr + 4));

	rrc = be16_to_cpup((__be16 *)(ptr + 6));



	seqnum = be64_to_cpup((__be64 *)(ptr + 8));

	/*

	 * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss

	 * doesn't want it checked; see page 6 of rfc 2203.

	 */



	if (rrc != 0)

		rotate_left(offset + 16, buf, rrc);