[PATCH 13/28] gss_krb5: split up functions in preparation of adding new enctypes
Chuck Lever
chuck.lever at oracle.com
Fri Apr 4 09:50:46 EDT 2008
On Mar 31, 2008, at 12:27 PM, Kevin Coffman wrote:
> On Mon, Mar 31, 2008 at 11:35 AM, Chuck Lever
> <chuck.lever at oracle.com> wrote:
>> On Mar 31, 2008, at 10:31 AM, Kevin Coffman wrote:
>>> Add encryption type to the krb5 context structure and use it to
>>> switch
>>> to the correct functions depending on the encryption type.
>>>
>>> Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>
>>> ---
>>>
>>> include/linux/sunrpc/gss_krb5.h | 1 +
>>> net/sunrpc/auth_gss/gss_krb5_mech.c | 1 +
>>> net/sunrpc/auth_gss/gss_krb5_seal.c | 21 ++++++++++++++--
>>> net/sunrpc/auth_gss/gss_krb5_unseal.c | 22 ++++++++++++++---
>>> net/sunrpc/auth_gss/gss_krb5_wrap.c | 44 ++++++++++++++++++++++
>>> +++++++----
>>> 5 files changed, 77 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/
>>> gss_krb5.h
>>> index 0d55934..973a3cc 100644
>>> --- a/include/linux/sunrpc/gss_krb5.h
>>> +++ b/include/linux/sunrpc/gss_krb5.h
>>> @@ -42,6 +42,7 @@
>>>
>>> struct krb5_ctx {
>>> int initiate; /* 1 = initiating, 0 =
>>> accepting */
>>> + u32 enctype;
>>> struct crypto_blkcipher *enc;
>>> struct crypto_blkcipher *seq;
>>> s32 endtime;
>>> diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/
>>> auth_gss/gss_krb5_mech.c
>>> index 3c070d0..477cf07 100644
>>> --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
>>> +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
>>> @@ -137,6 +137,7 @@ gss_import_sec_context_kerberos(const void *p,
>>> p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx-
>>> >initiate));
>>> if (IS_ERR(p))
>>> goto out_err_free_ctx;
>>> + ctx->enctype = ENCTYPE_DES_CBC_RAW;
>>> /* The downcall format was designed before we completely
>>> understood
>>> * the uses of the context fields; so it includes some
>>> stuff we
>>> * just give some minimal sanity-checking, and some we ignore
>>> diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/
>>> auth_gss/gss_krb5_seal.c
>>> index 5f1d36d..6925737 100644
>>> --- a/net/sunrpc/auth_gss/gss_krb5_seal.c
>>> +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
>>> @@ -71,11 +71,10 @@
>>>
>>> DEFINE_SPINLOCK(krb5_seq_lock);
>>>
>>> -u32
>>> -gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
>>> +static u32
>>> +gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
>>> struct xdr_netobj *token)
>>> {
>>> - struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
>>> char cksumdata[16];
>>> struct xdr_netobj md5cksum = {.len = 0, .data =
>>> cksumdata};
>>> unsigned char *ptr, *krb5_hdr, *msg_start;
>>> @@ -121,3 +120,19 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx,
>>> struct xdr_buf *text,
>>>
>>> return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED :
>>> GSS_S_COMPLETE;
>>> }
>>> +
>>> +u32
>>> +gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
>>> + struct xdr_netobj *token)
>>> +{
>>> + struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
>>> +
>>> + switch (ctx->enctype) {
>>> + case ENCTYPE_DES_CBC_RAW:
>>> + return gss_get_mic_v1(ctx, text, token);
>>> + default:
>>> + BUG();
>>> + }
>>> + return 0;
>>
>> If the compiler is complaining about needing a return because the
>> BUG
>> () doesn't have one, there are cleaner ways to do this.
>
> Please educate me! :-) Is there an example somewhere?
fs/lockd/clntproc.c:do_vfs_lock()
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
More information about the NFSv4
mailing list