提交 1ac3719a 编写于 作者: K Kevin Coffman 提交者: Trond Myklebust

gss_krb5: split up functions in preparation of adding new enctypes

Add encryption type to the krb5 context structure and use it to switch
to the correct functions depending on the encryption type.
Signed-off-by: NKevin Coffman <kwc@citi.umich.edu>
Signed-off-by: NSteve Dickson <steved@redhat.com>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
上级 54ec3d46
...@@ -48,6 +48,7 @@ ...@@ -48,6 +48,7 @@
struct krb5_ctx { struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */ int initiate; /* 1 = initiating, 0 = accepting */
u32 enctype;
struct crypto_blkcipher *enc; struct crypto_blkcipher *enc;
struct crypto_blkcipher *seq; struct crypto_blkcipher *seq;
s32 endtime; s32 endtime;
......
...@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p, ...@@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
if (IS_ERR(p)) if (IS_ERR(p))
goto out_err_free_ctx; goto out_err_free_ctx;
ctx->enctype = ENCTYPE_DES_CBC_RAW;
/* The downcall format was designed before we completely understood /* The downcall format was designed before we completely understood
* the uses of the context fields; so it includes some stuff we * the uses of the context fields; so it includes some stuff we
* just give some minimal sanity-checking, and some we ignore * just give some minimal sanity-checking, and some we ignore
......
...@@ -70,11 +70,10 @@ ...@@ -70,11 +70,10 @@
DEFINE_SPINLOCK(krb5_seq_lock); DEFINE_SPINLOCK(krb5_seq_lock);
u32 static u32
gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
struct xdr_netobj *token) struct xdr_netobj *token)
{ {
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
char cksumdata[16]; char cksumdata[16];
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
unsigned char *ptr, *msg_start; unsigned char *ptr, *msg_start;
...@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, ...@@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
} }
u32
gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
struct xdr_netobj *token)
{
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
switch (ctx->enctype) {
default:
BUG();
case ENCTYPE_DES_CBC_RAW:
return gss_get_mic_v1(ctx, text, token);
}
}
...@@ -70,11 +70,10 @@ ...@@ -70,11 +70,10 @@
/* read_token is a mic token, and message_buffer is the data that the mic was /* read_token is a mic token, and message_buffer is the data that the mic was
* supposedly taken over. */ * supposedly taken over. */
u32 static u32
gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, gss_verify_mic_v1(struct krb5_ctx *ctx,
struct xdr_buf *message_buffer, struct xdr_netobj *read_token) struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
{ {
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
int signalg; int signalg;
int sealalg; int sealalg;
char cksumdata[16]; char cksumdata[16];
...@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, ...@@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
u32
gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
struct xdr_buf *message_buffer,
struct xdr_netobj *read_token)
{
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
switch (ctx->enctype) {
default:
BUG();
case ENCTYPE_DES_CBC_RAW:
return gss_verify_mic_v1(ctx, message_buffer, read_token);
}
}
...@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen) ...@@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
/* XXX factor out common code with seal/unseal. */ /* XXX factor out common code with seal/unseal. */
u32 static u32
gss_wrap_kerberos(struct gss_ctx *ctx, int offset, gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
struct xdr_buf *buf, struct page **pages) struct xdr_buf *buf, struct page **pages)
{ {
struct krb5_ctx *kctx = ctx->internal_ctx_id;
char cksumdata[16]; char cksumdata[16];
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
int blocksize = 0, plainlen; int blocksize = 0, plainlen;
...@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, ...@@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
} }
u32 static u32
gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
{ {
struct krb5_ctx *kctx = ctx->internal_ctx_id;
int signalg; int signalg;
int sealalg; int sealalg;
char cksumdata[16]; char cksumdata[16];
...@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) ...@@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }
u32
gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
struct xdr_buf *buf, struct page **pages)
{
struct krb5_ctx *kctx = gctx->internal_ctx_id;
switch (kctx->enctype) {
default:
BUG();
case ENCTYPE_DES_CBC_RAW:
return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
}
}
u32
gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct xdr_buf *buf)
{
struct krb5_ctx *kctx = gctx->internal_ctx_id;
switch (kctx->enctype) {
default:
BUG();
case ENCTYPE_DES_CBC_RAW:
return gss_unwrap_kerberos_v1(kctx, offset, buf);
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册