[PATCH 18/28] gss_krb5: use a global static OID value for krb5

Mon Mar 31 12:00:15 EDT 2008

On Mar 31, 2008, at 10:32 AM, Kevin Coffman wrote:
> Rather than depend on the mechanism oid passed down with the context
> information, use a static version.  The new context format introduced
> later will not include the oid.

I wonder if it would make more sense to fold this patch into the  
subsequent changes to the context format.

> Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>
> ---
>
>  net/sunrpc/auth_gss/gss_krb5_seal.c   |    4 ++--
>  net/sunrpc/auth_gss/gss_krb5_unseal.c |    2 +-
>  net/sunrpc/auth_gss/gss_krb5_wrap.c   |    6 +++---
>  3 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/ 
> auth_gss/gss_krb5_seal.c
> index 3c93482..e4241c9 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_seal.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
> @@ -77,10 +77,10 @@ setup_token(struct krb5_ctx *ctx, struct  
> xdr_netobj *token)
>  	__be16 *ptr, *krb5_hdr;
>  	int body_size = 16 + ctx->gk5e->cksumlength;
>
> -	token->len = g_token_size(&ctx->mech_used, body_size);
> +	token->len = g_token_size(&krb5_oid, body_size);
>
>  	ptr = (__be16 *)token->data;
> -	g_make_token_header(&ctx->mech_used, body_size, (unsigned char **) 
> &ptr);
> +	g_make_token_header(&krb5_oid, body_size, (unsigned char **)&ptr);
>
>  	/* ptr now at start of header described in rfc 1964, section  
> 1.2.1: */
>  	krb5_hdr = ptr;
> diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/ 
> auth_gss/gss_krb5_unseal.c
> index 2681ff1..10f4922 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
> @@ -89,7 +89,7 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
>
>  	dprintk("RPC:       krb5_read_token\n");
>
> -	if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr,
> +	if (g_verify_token_header(&krb5_oid, &bodysize, &ptr,
>  					read_token->len))
>  		return GSS_S_DEFECTIVE_TOKEN;
>
> diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/ 
> auth_gss/gss_krb5_wrap.c
> index 1d11969..5da79bb 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
> @@ -146,7 +146,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int  
> offset,
>  	BUG_ON((buf->len - offset) % blocksize);
>  	plainlen = blocksize + buf->len - offset;
>
> -	headlen = g_token_size(&kctx->mech_used,
> +	headlen = g_token_size(&krb5_oid,
>  		16 + kctx->gk5e->cksumlength + plainlen) - (buf->len - offset);
>
>  	ptr = buf->head[0].iov_base + offset;
> @@ -158,7 +158,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int  
> offset,
>  	buf->len += headlen;
>  	BUG_ON((buf->len - offset - headlen) % blocksize);
>
> -	g_make_token_header(&kctx->mech_used,
> +	g_make_token_header(&krb5_oid,
>  				16 + kctx->gk5e->cksumlength + plainlen, &ptr);
>
>
> @@ -229,7 +229,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx,  
> int offset, struct xdr_buf *buf)
>  	dprintk("RPC:       gss_unwrap_kerberos\n");
>
>  	ptr = (u8 *)buf->head[0].iov_base + offset;
> -	if (g_verify_token_header(&kctx->mech_used, &bodysize, &ptr,
> +	if (g_verify_token_header(&krb5_oid, &bodysize, &ptr,
>  					buf->len - offset))
>  		return GSS_S_DEFECTIVE_TOKEN;
>
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com