RPCSEC_GSS: Make a couple functions in the krb5 code more

generally useful. This will help prepare for the spkm3 and lipkey mechanisms. Patch by Bruce Fields

RPCSEC_GSS: Make a couple functions in the krb5 code more
generally useful. This will help prepare for the spkm3 and lipkey mechanisms. Patch by Bruce Fields
71aaeb7f · Trond Myklebust · 2d6e6e14 · 71aaeb7f · 71aaeb7f · 71aaeb7f
Commit 71aaeb7f authored May 20, 2004 by Trond Myklebust
8 changed files
--- a/include/linux/sunrpc/gss_asn1.h
+++ b/include/linux/sunrpc/gss_asn1.h
@@ -81,5 +81,4 @@ int g_token_size(
 void g_make_token_header(
     struct xdr_netobj *mech,
     int body_size,
-     unsigned char **buf,
-     int tok_type);
+     unsigned char **buf);
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -115,7 +115,7 @@ enum seal_alg {
 #define ENCTYPE_UNKNOWN         0x01ff

 s32
-krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body,
+make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
 		   struct xdr_netobj *cksum);

 u32

--- a/net/sunrpc/auth_gss/Makefile
+++ b/net/sunrpc/auth_gss/Makefile
@@ -5,10 +5,10 @@
 obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o

 auth_rpcgss-objs := auth_gss.o gss_pseudoflavors.o gss_generic_token.o \
-	sunrpcgss_syms.o gss_mech_switch.o svcauth_gss.o
+	sunrpcgss_syms.o gss_mech_switch.o svcauth_gss.o gss_krb5_crypto.o

 obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o

 rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
-	gss_krb5_crypto.o gss_krb5_seqnum.o
+	gss_krb5_seqnum.o

--- a/net/sunrpc/auth_gss/gss_generic_token.c
+++ b/net/sunrpc/auth_gss/gss_generic_token.c
@@ -155,16 +155,13 @@ g_token_size(struct xdr_netobj *mech, unsigned int body_size)
   be the right size.  buf is advanced past the token header */

 void
-g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf,
-		int tok_type)
+g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)
 {
 	*(*buf)++ = 0x60;
 	der_write_length(buf, 4 + mech->len + body_size);
 	*(*buf)++ = 0x06;
 	*(*buf)++ = (unsigned char) mech->len;
 	TWRITE_STR(*buf, mech->data, ((int) mech->len));
-	*(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
-	*(*buf)++ = (unsigned char) (tok_type&0xff);
 }

 /*
@@ -221,9 +218,6 @@ g_verify_token_header(struct xdr_netobj *mech, int *body_size,
 	if (ret)
 		return(ret);

-	if ((*buf++ != ((tok_type>>8)&0xff)) || (*buf++ != (tok_type&0xff))) 
-		return(G_WRONG_TOKID);
-
 	if (!ret) {
 		*buf_in = buf;
 		*body_size = toksize;

--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -135,10 +135,9 @@ buf_to_sg(struct scatterlist *sg, char *ptr, int len) {
 	sg->length = len;
 }

-/* checksum the plaintext data and the first 8 bytes of the krb5 token header,
- * as specified by the rfc: */
+/* checksum the plaintext data and hdrlen bytes of the token header */
 s32
-krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body,
+make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
 		   struct xdr_netobj *cksum)
 {
 	char                            *cksumname;
@@ -164,7 +163,7 @@ krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body,
 		goto out;

 	crypto_digest_init(tfm);
-	buf_to_sg(sg, header, 8);
+	buf_to_sg(sg, header, hdrlen);
 	crypto_digest_update(tfm, sg, 1);
 	if (body->head[0].iov_len) {
 		buf_to_sg(sg, body->head[0].iov_base, body->head[0].iov_len);

--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -122,7 +122,10 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
 	token->len = g_token_size(&ctx->mech_used, 22 + tmsglen);

 	ptr = token->data;
-	g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr, toktype);
+	g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr);
+
+	*ptr++ = (unsigned char) ((toktype>>8)&0xff);
+	*ptr++ = (unsigned char) (toktype&0xff);

 	/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
 	krb5_hdr = ptr - 2;
@@ -137,7 +140,7 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
 		/* XXX removing support for now */
 		goto out_err;
 	} else { /* Sign only.  */
-		if (krb5_make_checksum(checksum_type, krb5_hdr, text,
+		if (make_checksum(checksum_type, krb5_hdr, 8, text,
 				       &md5cksum))
 			goto out_err;
 	}

--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -99,6 +99,10 @@ krb5_read_token(struct krb5_ctx *ctx,
 	if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, toktype,
 					read_token->len))
 		goto out;
+
+	if ((*ptr++ != ((toktype>>8)&0xff)) || (*ptr++ != (toktype&0xff)))
+		goto out;
+
 	/* XXX sanity-check bodysize?? */

 	if (toktype == KG_TOK_WRAP_MSG) {
@@ -149,7 +153,7 @@ krb5_read_token(struct krb5_ctx *ctx,

 	switch (signalg) {
 	case SGN_ALG_DES_MAC_MD5:
-		ret = krb5_make_checksum(checksum_type, ptr - 2,
+		ret = make_checksum(checksum_type, ptr - 2, 8,
 					 message_buffer, &md5cksum);
 		if (ret)
 			goto out;

--- a/net/sunrpc/auth_gss/sunrpcgss_syms.c
+++ b/net/sunrpc/auth_gss/sunrpcgss_syms.c
@@ -10,6 +10,7 @@
 #include <linux/sunrpc/auth_gss.h>
 #include <linux/sunrpc/svcauth_gss.h>
 #include <linux/sunrpc/gss_asn1.h>
+#include <linux/sunrpc/gss_krb5.h>

 /* sec_triples: */
 EXPORT_SYMBOL(gss_register_triple);
@@ -30,6 +31,9 @@ EXPORT_SYMBOL(gss_mech_put);
 EXPORT_SYMBOL(g_make_token_header);
 EXPORT_SYMBOL(g_verify_token_header);
 EXPORT_SYMBOL(g_token_size);
+EXPORT_SYMBOL(make_checksum);
+EXPORT_SYMBOL(krb5_encrypt);
+EXPORT_SYMBOL(krb5_decrypt);

 /* debug */
 EXPORT_SYMBOL(print_hexl);