gss_krb5: split up functions in preparation of adding new enctypes
Add encryption type to the krb5 context structure and use it to switch to the correct functions depending on the encryption type. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>hifive-unleashed-5.1
Kevin Coffman
Trond Myklebust
parent
54ec3d462f
commit
1ac3719a22
|
|
@ -48,6 +48,7 @@
|
|||
|
||||
struct krb5_ctx {
|
||||
int initiate; /* 1 = initiating, 0 = accepting */
|
||||
u32 enctype;
|
||||
struct crypto_blkcipher *enc;
|
||||
struct crypto_blkcipher *seq;
|
||||
s32 endtime;
|
||||
|
|
|
|||
|
|
@ -139,6 +139,7 @@ gss_import_sec_context_kerberos(const void *p,
|
|||
p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
|
||||
if (IS_ERR(p))
|
||||
goto out_err_free_ctx;
|
||||
ctx->enctype = ENCTYPE_DES_CBC_RAW;
|
||||
/* The downcall format was designed before we completely understood
|
||||
* the uses of the context fields; so it includes some stuff we
|
||||
* just give some minimal sanity-checking, and some we ignore
|
||||
|
|
|
|||
|
|
@ -70,11 +70,10 @@
|
|||
|
||||
DEFINE_SPINLOCK(krb5_seq_lock);
|
||||
|
||||
u32
|
||||
gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
|
||||
static u32
|
||||
gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
|
||||
struct xdr_netobj *token)
|
||||
{
|
||||
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
|
||||
char cksumdata[16];
|
||||
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
|
||||
unsigned char *ptr, *msg_start;
|
||||
|
|
@ -120,3 +119,18 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
|
|||
|
||||
return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
u32
|
||||
gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
|
||||
struct xdr_netobj *token)
|
||||
{
|
||||
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
|
||||
|
||||
switch (ctx->enctype) {
|
||||
default:
|
||||
BUG();
|
||||
case ENCTYPE_DES_CBC_RAW:
|
||||
return gss_get_mic_v1(ctx, text, token);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -70,11 +70,10 @@
|
|||
/* read_token is a mic token, and message_buffer is the data that the mic was
|
||||
* supposedly taken over. */
|
||||
|
||||
u32
|
||||
gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
|
||||
static u32
|
||||
gss_verify_mic_v1(struct krb5_ctx *ctx,
|
||||
struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
|
||||
{
|
||||
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
|
||||
int signalg;
|
||||
int sealalg;
|
||||
char cksumdata[16];
|
||||
|
|
@ -135,3 +134,19 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
|
|||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
u32
|
||||
gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
|
||||
struct xdr_buf *message_buffer,
|
||||
struct xdr_netobj *read_token)
|
||||
{
|
||||
struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
|
||||
|
||||
switch (ctx->enctype) {
|
||||
default:
|
||||
BUG();
|
||||
case ENCTYPE_DES_CBC_RAW:
|
||||
return gss_verify_mic_v1(ctx, message_buffer, read_token);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -124,11 +124,10 @@ make_confounder(char *p, u32 conflen)
|
|||
|
||||
/* XXX factor out common code with seal/unseal. */
|
||||
|
||||
u32
|
||||
gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
|
||||
static u32
|
||||
gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
|
||||
struct xdr_buf *buf, struct page **pages)
|
||||
{
|
||||
struct krb5_ctx *kctx = ctx->internal_ctx_id;
|
||||
char cksumdata[16];
|
||||
struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
|
||||
int blocksize = 0, plainlen;
|
||||
|
|
@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
|
|||
return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
u32
|
||||
gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
|
||||
static u32
|
||||
gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
||||
{
|
||||
struct krb5_ctx *kctx = ctx->internal_ctx_id;
|
||||
int signalg;
|
||||
int sealalg;
|
||||
char cksumdata[16];
|
||||
|
|
@ -294,3 +292,31 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
|
|||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
u32
|
||||
gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
|
||||
struct xdr_buf *buf, struct page **pages)
|
||||
{
|
||||
struct krb5_ctx *kctx = gctx->internal_ctx_id;
|
||||
|
||||
switch (kctx->enctype) {
|
||||
default:
|
||||
BUG();
|
||||
case ENCTYPE_DES_CBC_RAW:
|
||||
return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
|
||||
}
|
||||
}
|
||||
|
||||
u32
|
||||
gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct xdr_buf *buf)
|
||||
{
|
||||
struct krb5_ctx *kctx = gctx->internal_ctx_id;
|
||||
|
||||
switch (kctx->enctype) {
|
||||
default:
|
||||
BUG();
|
||||
case ENCTYPE_DES_CBC_RAW:
|
||||
return gss_unwrap_kerberos_v1(kctx, offset, buf);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue