gss_krb5: split up functions in preparation of adding new enctypes
authorKevin Coffman <kwc@citi.umich.edu>
Wed, 17 Mar 2010 17:02:49 +0000 (13:02 -0400)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Fri, 14 May 2010 19:09:15 +0000 (15:09 -0400)
Add encryption type to the krb5 context structure and use it to switch
to the correct functions depending on the encryption type.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
include/linux/sunrpc/gss_krb5.h
net/sunrpc/auth_gss/gss_krb5_mech.c
net/sunrpc/auth_gss/gss_krb5_seal.c
net/sunrpc/auth_gss/gss_krb5_unseal.c
net/sunrpc/auth_gss/gss_krb5_wrap.c

index 31bb8a538bf11f3049d38603adfe67212ef31a35..5378e455482cf5db06a149ff929d524fbfb94c43 100644 (file)
@@ -48,6 +48,7 @@
 
 struct krb5_ctx {
        int                     initiate; /* 1 = initiating, 0 = accepting */
+       u32                     enctype;
        struct crypto_blkcipher *enc;
        struct crypto_blkcipher *seq;
        s32                     endtime;
index 2deb0ed72ff4ed7823a1fc22118c3ea46f0d7232..0cd940e897ed8d6e6e1095491a36a3e6826a8a52 100644 (file)
@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
        if (IS_ERR(p))
                goto out_err_free_ctx;
+       ctx->enctype = ENCTYPE_DES_CBC_RAW;
        /* The downcall format was designed before we completely understood
         * the uses of the context fields; so it includes some stuff we
         * just give some minimal sanity-checking, and some we ignore
index 88fe6e75ed7e4166ef8991a3e435a1a4553a956c..71c2014e7ebfe542f06f71102449f0b6f8803196 100644 (file)
 
 DEFINE_SPINLOCK(krb5_seq_lock);
 
-u32
-gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+static u32
+gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
                struct xdr_netobj *token)
 {
-       struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
        char                    cksumdata[16];
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        unsigned char           *ptr, *msg_start;
@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
        return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
+
+u32
+gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
+                    struct xdr_netobj *token)
+{
+       struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
+
+       switch (ctx->enctype) {
+       default:
+               BUG();
+       case ENCTYPE_DES_CBC_RAW:
+               return gss_get_mic_v1(ctx, text, token);
+       }
+}
+
index ce6c247edad02d54f29a11a851fc677f269a4ec0..069d4b59807a0267052066f1f67b614fd74c3535 100644 (file)
 /* read_token is a mic token, and message_buffer is the data that the mic was
  * supposedly taken over. */
 
-u32
-gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+static u32
+gss_verify_mic_v1(struct krb5_ctx *ctx,
                struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
 {
-       struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
        int                     signalg;
        int                     sealalg;
        char                    cksumdata[16];
@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
 
        return GSS_S_COMPLETE;
 }
+
+u32
+gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
+                       struct xdr_buf *message_buffer,
+                       struct xdr_netobj *read_token)
+{
+       struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
+
+       switch (ctx->enctype) {
+       default:
+               BUG();
+       case ENCTYPE_DES_CBC_RAW:
+               return gss_verify_mic_v1(ctx, message_buffer, read_token);
+       }
+}
+
index 5d6c3b12ea702da81b6e78fa3802871a7f0695f2..b45b59b17ae1b21e56c7cd72db4ef0f1a074fb18 100644 (file)
@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
 
 /* XXX factor out common code with seal/unseal. */
 
-u32
-gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
+static u32
+gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
                struct xdr_buf *buf, struct page **pages)
 {
-       struct krb5_ctx         *kctx = ctx->internal_ctx_id;
        char                    cksumdata[16];
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        int                     blocksize = 0, plainlen;
@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
 
-u32
-gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
+static u32
+gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
 {
-       struct krb5_ctx         *kctx = ctx->internal_ctx_id;
        int                     signalg;
        int                     sealalg;
        char                    cksumdata[16];
@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
 
        return GSS_S_COMPLETE;
 }
+
+u32
+gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
+                 struct xdr_buf *buf, struct page **pages)
+{
+       struct krb5_ctx *kctx = gctx->internal_ctx_id;
+
+       switch (kctx->enctype) {
+       default:
+               BUG();
+       case ENCTYPE_DES_CBC_RAW:
+               return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
+       }
+}
+
+u32
+gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct xdr_buf *buf)
+{
+       struct krb5_ctx *kctx = gctx->internal_ctx_id;
+
+       switch (kctx->enctype) {
+       default:
+               BUG();
+       case ENCTYPE_DES_CBC_RAW:
+               return gss_unwrap_kerberos_v1(kctx, offset, buf);
+       }
+}
+