FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-17 06:17:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rpcgss: krb5: expect a constant signalg value

Browse Source 
We also only ever receive one value of the signalg, so let's not pretend
otherwise

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
J. Bruce Fields 2006-12-04 20:22:36 -05:00 committed by Trond Myklebust
parent e678e06bf8
commit 5eb064f939
2 changed files with 25 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
net/sunrpc/auth_gss/gss_krb5_unseal.c
View File

@ -112,47 +112,26 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
if (sealalg != 0xffff) if (sealalg != 0xffff)
goto out; goto out;
if (signalg != SGN_ALG_DES_MAC_MD5)
/* there are several mappings of seal algorithms to sign algorithms,
but few enough that we can try them all. */
if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
(ctx->sealalg == SEAL_ALG_DES3KD &&
signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
goto out; goto out;
/* compute the checksum of the message */ /* compute the checksum of the message */
/* initialize the the cksum */ /* initialize the the cksum */
switch (signalg) { checksum_type = CKSUMTYPE_RSA_MD5;
case SGN_ALG_DES_MAC_MD5:
checksum_type = CKSUMTYPE_RSA_MD5; ret = make_checksum(checksum_type, ptr - 2, 8,
break; message_buffer, 0, &md5cksum);
default: if (ret)
ret = GSS_S_DEFECTIVE_TOKEN;
goto out; goto out;
}
switch (signalg) { ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
case SGN_ALG_DES_MAC_MD5: md5cksum.data, 16);
ret = make_checksum(checksum_type, ptr - 2, 8, if (ret)
message_buffer, 0, &md5cksum); goto out;
if (ret)
goto out;
ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data, if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
md5cksum.data, 16); ret = GSS_S_BAD_SIG;
if (ret)
goto out;
if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
ret = GSS_S_BAD_SIG;
goto out;
}
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out; goto out;
} }

38
net/sunrpc/auth_gss/gss_krb5_wrap.c
View File

@ -253,6 +253,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
if (sealalg == 0xffff) if (sealalg == 0xffff)
goto out; goto out;
if (signalg != SGN_ALG_DES_MAC_MD5)
goto out;
/* in the current spec, there is only one valid seal algorithm per /* in the current spec, there is only one valid seal algorithm per
key type, so a simple comparison is ok */ key type, so a simple comparison is ok */
@ -276,34 +278,20 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
/* compute the checksum of the message */ /* compute the checksum of the message */
/* initialize the the cksum */ /* initialize the the cksum */
switch (signalg) { checksum_type = CKSUMTYPE_RSA_MD5;
case SGN_ALG_DES_MAC_MD5:
checksum_type = CKSUMTYPE_RSA_MD5; ret = make_checksum(checksum_type, ptr - 2, 8, buf,
break; ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
default: if (ret)
ret = GSS_S_DEFECTIVE_TOKEN;
goto out; goto out;
}
switch (signalg) { ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
case SGN_ALG_DES_MAC_MD5: md5cksum.data, md5cksum.len);
ret = make_checksum(checksum_type, ptr - 2, 8, buf, if (ret)
ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum); goto out;
if (ret)
goto out;
ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data, if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
md5cksum.data, md5cksum.len); ret = GSS_S_BAD_SIG;
if (ret)
goto out;
if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
ret = GSS_S_BAD_SIG;
goto out;
}
break;
default:
ret = GSS_S_DEFECTIVE_TOKEN;
goto out; goto out;
} }