Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1dbd9029 authored by Kevin Coffman's avatar Kevin Coffman Committed by Trond Myklebust
Browse files

gssd_krb5: More arcfour-hmac support 



For the arcfour-hmac support, the make_seq_num and get_seq_num
functions need access to the kerberos context structure.
This will be used in a later patch.

Signed-off-by: default avatarKevin Coffman <kwc@citi.umich.edu>
Signed-off-by: default avatarSteve Dickson <steved@redhat.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent fc263a91

include/linux/sunrpc/gss_krb5.h

+3 −2
Original line number Diff line number Diff line
@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf, 
		    int offset);



s32

krb5_make_seq_num(struct crypto_blkcipher *key,

krb5_make_seq_num(struct krb5_ctx *kctx,

		struct crypto_blkcipher *key,

		int direction,

		u32 seqnum, unsigned char *cksum, unsigned char *buf);



s32

krb5_get_seq_num(struct crypto_blkcipher *key,

krb5_get_seq_num(struct krb5_ctx *kctx,

	       unsigned char *cksum,

	       unsigned char *buf, int *direction, u32 *seqnum);

net/sunrpc/auth_gss/gss_krb5_seal.c

+2 −3
Original line number Diff line number Diff line
@@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text, 
	seq_send = ctx->seq_send++;

	spin_unlock(&krb5_seq_lock);



	if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,

			      seq_send, ptr + GSS_KRB5_TOK_HDR_LEN,

			      ptr + 8))

	if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff,

			      seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))

		return GSS_S_FAILURE;



	return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;

net/sunrpc/auth_gss/gss_krb5_seqnum.c

+4 −2
Original line number Diff line number Diff line
@@ -40,7 +40,8 @@ 
#endif



s32

krb5_make_seq_num(struct crypto_blkcipher *key,

krb5_make_seq_num(struct krb5_ctx *kctx,

		struct crypto_blkcipher *key,

		int direction,

		u32 seqnum,

		unsigned char *cksum, unsigned char *buf)
@@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key, 
}



s32

krb5_get_seq_num(struct crypto_blkcipher *key,

krb5_get_seq_num(struct krb5_ctx *kctx,

	       unsigned char *cksum,

	       unsigned char *buf,

	       int *direction, u32 *seqnum)

{

	s32 code;

	unsigned char plain[8];

	struct crypto_blkcipher *key = kctx->seq;



	dprintk("RPC:       krb5_get_seq_num:\n");

net/sunrpc/auth_gss/gss_krb5_unseal.c

+2 −1
Original line number Diff line number Diff line
@@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx, 


	/* do sequencing checks */



	if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))

	if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,

			     &direction, &seqnum))

		return GSS_S_FAILURE;



	if ((ctx->initiate && direction != 0xff) ||

net/sunrpc/auth_gss/gss_krb5_wrap.c

+3 −3
Original line number Diff line number Diff line
@@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, 


	/* XXX would probably be more efficient to compute checksum

	 * and encrypt at the same time: */

	if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,

	if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,

			       seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))

		return GSS_S_FAILURE;
@@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) 


	/* do sequencing checks */



	if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,

				    &direction, &seqnum))

	if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,

				    ptr + 8, &direction, &seqnum))

		return GSS_S_BAD_SIG;



	if ((kctx->initiate && direction != 0xff) ||