gssd_krb5: More arcfour-hmac support
Kevin Coffman [Wed, 17 Mar 2010 17:03:04 +0000 (13:03 -0400)]
For the arcfour-hmac support, the make_seq_num and get_seq_num
functions need access to the kerberos context structure.
This will be used in a later patch.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

include/linux/sunrpc/gss_krb5.h
net/sunrpc/auth_gss/gss_krb5_seal.c
net/sunrpc/auth_gss/gss_krb5_seqnum.c
net/sunrpc/auth_gss/gss_krb5_unseal.c
net/sunrpc/auth_gss/gss_krb5_wrap.c

index b0ab827..d840856 100644 (file)
@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
                    int offset);
 
 s32
-krb5_make_seq_num(struct crypto_blkcipher *key,
+krb5_make_seq_num(struct krb5_ctx *kctx,
+               struct crypto_blkcipher *key,
                int direction,
                u32 seqnum, unsigned char *cksum, unsigned char *buf);
 
 s32
-krb5_get_seq_num(struct crypto_blkcipher *key,
+krb5_get_seq_num(struct krb5_ctx *kctx,
               unsigned char *cksum,
               unsigned char *buf, int *direction, u32 *seqnum);
 
index e22fed3..36fe487 100644 (file)
@@ -152,9 +152,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
        seq_send = ctx->seq_send++;
        spin_unlock(&krb5_seq_lock);
 
-       if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
-                             seq_send, ptr + GSS_KRB5_TOK_HDR_LEN,
-                             ptr + 8))
+       if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff,
+                             seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))
                return GSS_S_FAILURE;
 
        return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
index 6331cd6..83b5930 100644 (file)
@@ -40,7 +40,8 @@
 #endif
 
 s32
-krb5_make_seq_num(struct crypto_blkcipher *key,
+krb5_make_seq_num(struct krb5_ctx *kctx,
+               struct crypto_blkcipher *key,
                int direction,
                u32 seqnum,
                unsigned char *cksum, unsigned char *buf)
@@ -61,13 +62,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key,
 }
 
 s32
-krb5_get_seq_num(struct crypto_blkcipher *key,
+krb5_get_seq_num(struct krb5_ctx *kctx,
               unsigned char *cksum,
               unsigned char *buf,
               int *direction, u32 *seqnum)
 {
        s32 code;
        unsigned char plain[8];
+       struct crypto_blkcipher *key = kctx->seq;
 
        dprintk("RPC:       krb5_get_seq_num:\n");
 
index ef91366..97eb91b 100644 (file)
@@ -131,7 +131,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
 
        /* do sequencing checks */
 
-       if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
+       if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
+                            &direction, &seqnum))
                return GSS_S_FAILURE;
 
        if ((ctx->initiate && direction != 0xff) ||
index 097cc27..a95e7e0 100644 (file)
@@ -227,7 +227,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
 
        /* XXX would probably be more efficient to compute checksum
         * and encrypt at the same time: */
-       if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
+       if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,
                               seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
                return GSS_S_FAILURE;
 
@@ -314,8 +314,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
 
        /* do sequencing checks */
 
-       if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
-                                   &direction, &seqnum))
+       if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,
+                                   ptr + 8, &direction, &seqnum))
                return GSS_S_BAD_SIG;
 
        if ((kctx->initiate && direction != 0xff) ||