summaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_gss/gss_krb5_wrap.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@fieldses.org>2006-12-04 20:22:36 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-12-06 10:46:45 -0500
commit5eb064f93973def1ec2ab4a46929e94389a6283b (patch)
treece51f825db0318ee1e5c75e64c9dd0f60f31fda0 /net/sunrpc/auth_gss/gss_krb5_wrap.c
parente678e06bf8fa25981a6fa1f08b979fd086d713f8 (diff)
rpcgss: krb5: expect a constant signalg value
We also only ever receive one value of the signalg, so let's not pretend otherwise Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_wrap.c')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c40
1 files changed, 14 insertions, 26 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index eee49f4c4c6a..a7d5c135139b 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -253,6 +253,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
if (sealalg == 0xffff)
goto out;
+ if (signalg != SGN_ALG_DES_MAC_MD5)
+ goto out;
/* in the current spec, there is only one valid seal algorithm per
key type, so a simple comparison is ok */
@@ -276,34 +278,20 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
/* compute the checksum of the message */
/* initialize the the cksum */
- switch (signalg) {
- case SGN_ALG_DES_MAC_MD5:
- checksum_type = CKSUMTYPE_RSA_MD5;
- break;
- default:
- ret = GSS_S_DEFECTIVE_TOKEN;
+ checksum_type = CKSUMTYPE_RSA_MD5;
+
+ ret = make_checksum(checksum_type, ptr - 2, 8, buf,
+ ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
+ if (ret)
+ goto out;
+
+ ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
+ md5cksum.data, md5cksum.len);
+ if (ret)
goto out;
- }
- switch (signalg) {
- case SGN_ALG_DES_MAC_MD5:
- ret = make_checksum(checksum_type, ptr - 2, 8, buf,
- ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
- if (ret)
- goto out;
-
- ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
- md5cksum.data, md5cksum.len);
- if (ret)
- goto out;
-
- if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
- ret = GSS_S_BAD_SIG;
- goto out;
- }
- break;
- default:
- ret = GSS_S_DEFECTIVE_TOKEN;
+ if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
+ ret = GSS_S_BAD_SIG;
goto out;
}