[PATCH 13/28] gss_krb5: split up functions in preparation of adding new enctypes
Kevin Coffman
kwc at citi.umich.edu
Mon Mar 31 12:27:20 EDT 2008
On Mon, Mar 31, 2008 at 11:35 AM, Chuck Lever <chuck.lever at oracle.com> wrote:
>
> On Mar 31, 2008, at 10:31 AM, Kevin Coffman wrote:
> > Add encryption type to the krb5 context structure and use it to switch
> > to the correct functions depending on the encryption type.
> >
> > Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>
> > ---
> >
> > include/linux/sunrpc/gss_krb5.h | 1 +
> > net/sunrpc/auth_gss/gss_krb5_mech.c | 1 +
> > net/sunrpc/auth_gss/gss_krb5_seal.c | 21 ++++++++++++++--
> > net/sunrpc/auth_gss/gss_krb5_unseal.c | 22 ++++++++++++++---
> > net/sunrpc/auth_gss/gss_krb5_wrap.c | 44 ++++++++++++++++++++++
> > +++++++----
> > 5 files changed, 77 insertions(+), 12 deletions(-)
> >
> > diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/
> > gss_krb5.h
> > index 0d55934..973a3cc 100644
> > --- a/include/linux/sunrpc/gss_krb5.h
> > +++ b/include/linux/sunrpc/gss_krb5.h
> > @@ -42,6 +42,7 @@
> >
> > struct krb5_ctx {
> > int initiate; /* 1 = initiating, 0 = accepting */
> > + u32 enctype;
> > struct crypto_blkcipher *enc;
> > struct crypto_blkcipher *seq;
> > s32 endtime;
> > diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/
> > auth_gss/gss_krb5_mech.c
> > index 3c070d0..477cf07 100644
> > --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
> > +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
> > @@ -137,6 +137,7 @@ gss_import_sec_context_kerberos(const void *p,
> > p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
> > if (IS_ERR(p))
> > goto out_err_free_ctx;
> > + ctx->enctype = ENCTYPE_DES_CBC_RAW;
> > /* The downcall format was designed before we completely understood
> > * the uses of the context fields; so it includes some stuff we
> > * just give some minimal sanity-checking, and some we ignore
> > diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/
> > auth_gss/gss_krb5_seal.c
> > index 5f1d36d..6925737 100644
> > --- a/net/sunrpc/auth_gss/gss_krb5_seal.c
> > +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
> > @@ -71,11 +71,10 @@
> >
> > DEFINE_SPINLOCK(krb5_seq_lock);
> >
> > -u32
> > -gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
> > +static u32
> > +gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
> > struct xdr_netobj *token)
> > {
> > - struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
> > char cksumdata[16];
> > struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
> > unsigned char *ptr, *krb5_hdr, *msg_start;
> > @@ -121,3 +120,19 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx,
> > struct xdr_buf *text,
> >
> > return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED :
> > GSS_S_COMPLETE;
> > }
> > +
> > +u32
> > +gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
> > + struct xdr_netobj *token)
> > +{
> > + struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
> > +
> > + switch (ctx->enctype) {
> > + case ENCTYPE_DES_CBC_RAW:
> > + return gss_get_mic_v1(ctx, text, token);
> > + default:
> > + BUG();
> > + }
> > + return 0;
>
> If the compiler is complaining about needing a return because the BUG
> () doesn't have one, there are cleaner ways to do this.
Please educate me! :-) Is there an example somewhere?
> > +}
> > +
> > diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/
> > auth_gss/gss_krb5_unseal.c
> > index d91a5d0..eb6e349 100644
> > --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
> > +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
> > @@ -71,11 +71,10 @@
> > /* read_token is a mic token, and message_buffer is the data that
> > the mic was
> > * supposedly taken over. */
> >
> > -u32
> > -gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
> > +static u32
> > +gss_verify_mic_v1(struct krb5_ctx *ctx,
> > struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
> > {
> > - struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
> > int signalg;
> > int sealalg;
> > char cksumdata[16];
> > @@ -136,3 +135,20 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
> >
> > return GSS_S_COMPLETE;
> > }
> > +
> > +u32
> > +gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
> > + struct xdr_buf *message_buffer,
> > + struct xdr_netobj *read_token)
> > +{
> > + struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
> > +
> > + switch (ctx->enctype) {
> > + case ENCTYPE_DES_CBC_RAW:
> > + return gss_verify_mic_v1(ctx, message_buffer, read_token);
> > + default:
> > + BUG();
> > + }
> > + return 0;
> > +}
>
> Likewise.
>
>
>
> > +
> > diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/
> > auth_gss/gss_krb5_wrap.c
> > index 14b35a3..1ee3f29 100644
> > --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
> > +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
> > @@ -122,11 +122,10 @@ make_confounder(char *p, int conflen)
> >
> > /* XXX factor out common code with seal/unseal. */
> >
> > -u32
> > -gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
> > +static u32
> > +gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
> > struct xdr_buf *buf, struct page **pages)
> > {
> > - struct krb5_ctx *kctx = ctx->internal_ctx_id;
> > char cksumdata[16];
> > struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
> > int blocksize = 0, plainlen;
> > @@ -203,10 +202,9 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int
> > offset,
> > return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED :
> > GSS_S_COMPLETE;
> > }
> >
> > -u32
> > -gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct
> > xdr_buf *buf)
> > +static u32
> > +gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct
> > xdr_buf *buf)
> > {
> > - struct krb5_ctx *kctx = ctx->internal_ctx_id;
> > int signalg;
> > int sealalg;
> > char cksumdata[16];
> > @@ -294,3 +292,37 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int
> > offset, struct xdr_buf *buf)
> >
> > return GSS_S_COMPLETE;
> > }
> > +
> > +u32
> > +gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
> > + struct xdr_buf *buf, struct page **pages)
> > +{
> > + struct krb5_ctx *kctx = gctx->internal_ctx_id;
> > +
> > + switch (kctx->enctype) {
> > + case ENCTYPE_DES_CBC_RAW:
> > + return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
> > + break;
> > + default:
> > + BUG();
> > + break;
> > + }
> > + return 0;
> > +}
> > +
> > +u32
> > +gss_unwrap_kerberos(struct gss_ctx *gctx, int offset, struct
> > xdr_buf *buf)
> > +{
> > + struct krb5_ctx *kctx = gctx->internal_ctx_id;
> > +
> > + switch (kctx->enctype) {
> > + case ENCTYPE_DES_CBC_RAW:
> > + return gss_unwrap_kerberos_v1(kctx, offset, buf);
> > + break;
> > + default:
> > + BUG();
> > + break;
> > + }
> > + return 0;
> > +}
> > +
> >
>
> "break" after "return" is pretty ugly.
>
> --
> Chuck Lever
> chuck[dot]lever[at]oracle[dot]com
>
>
More information about the NFSv4
mailing list