Remove define for KRB5_CKSUM_LENGTH, which will become enctype-dependent
authorKevin Coffman <kwc@citi.umich.edu>
Thu, 21 Feb 2008 18:44:27 +0000 (13:44 -0500)
committerJ. Bruce Fields <bfields@citi.umich.edu>
Wed, 23 Apr 2008 20:13:40 +0000 (16:13 -0400)
cleanup: When adding new encryption types, the checksum length
can be different for each enctype.  Face the fact that the
current code only supports DES which has a checksum length of 8.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
include/linux/sunrpc/gss_krb5.h
net/sunrpc/auth_gss/gss_krb5_seal.c
net/sunrpc/auth_gss/gss_krb5_wrap.c

index 5a4b1e0206e3a8afff8bf8f7a7fc00051f121ba0..216738394f6426a8d591c29bf1a35cbb7c2f43ff 100644 (file)
@@ -70,8 +70,6 @@ enum seal_alg {
        SEAL_ALG_DES3KD = 0x0002
 };
 
-#define KRB5_CKSUM_LENGTH 8
-
 #define CKSUMTYPE_CRC32                        0x0001
 #define CKSUMTYPE_RSA_MD4              0x0002
 #define CKSUMTYPE_RSA_MD4_DES          0x0003
index dedcbd6108f4272e76c3cf2f7fac4c82d85e856f..39c08b7e33aff8cb227214e5bd497b6c99d0fb78 100644 (file)
@@ -109,8 +109,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
                          md5cksum.data, md5cksum.len))
                return GSS_S_FAILURE;
 
-       memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
-              KRB5_CKSUM_LENGTH);
+       memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8);
 
        spin_lock(&krb5_seq_lock);
        seq_send = ctx->seq_send++;
index 3bdc527ee64a131e7b1dd705af5aa9e30e28952a..3cd99a795d7a317b6adaa55c491fa1ada7c8b2f1 100644 (file)
@@ -176,9 +176,7 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
        if (krb5_encrypt(kctx->seq, NULL, md5cksum.data,
                          md5cksum.data, md5cksum.len))
                return GSS_S_FAILURE;
-       memcpy(krb5_hdr + 16,
-              md5cksum.data + md5cksum.len - KRB5_CKSUM_LENGTH,
-              KRB5_CKSUM_LENGTH);
+       memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - 8, 8);
 
        spin_lock(&krb5_seq_lock);
        seq_send = kctx->seq_send++;