[PATCH 05/23] gss_krb5: prepare for new context format

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: steved@redhat.com
To: linux-nfs@vger.kernel.org
Subject: [PATCH 05/23] gss_krb5: prepare for new context format
Date: Wed, 17 Mar 2010 13:02:50 -0400	[thread overview]
Message-ID: <1268845388-9516-6-git-send-email-steved@redhat.com> (raw)
In-Reply-To: <1268845388-9516-1-git-send-email-steved@redhat.com>

From: Kevin Coffman <kwc@citi.umich.edu>

Prepare for new context format by splitting out the old "v1"
context processing function

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
 net/sunrpc/auth_gss/gss_krb5_mech.c |   64 ++++++++++++++++++++++-------------
 1 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 0cd940e..1849757 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -123,53 +123,47 @@ out_err:
 }
 
 static int
-gss_import_sec_context_kerberos(const void *p,
-				size_t len,
-				struct gss_ctx *ctx_id)
+gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
 {
-	const void *end = (const void *)((const char *)p + len);
-	struct	krb5_ctx *ctx;
 	int tmp;
 
-	if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) {
-		p = ERR_PTR(-ENOMEM);
-		goto out_err;
-	}
-
 	p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
+
+	/* Old format supports only DES!  Any other enctype uses new format */
 	ctx->enctype = ENCTYPE_DES_CBC_RAW;
+
 	/* The downcall format was designed before we completely understood
 	 * the uses of the context fields; so it includes some stuff we
 	 * just give some minimal sanity-checking, and some we ignore
 	 * completely (like the next twenty bytes): */
 	if (unlikely(p + 20 > end || p + 20 < p))
-		goto out_err_free_ctx;
+		goto out_err;
 	p += 20;
 	p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
 	if (tmp != SGN_ALG_DES_MAC_MD5) {
 		p = ERR_PTR(-ENOSYS);
-		goto out_err_free_ctx;
+		goto out_err;
 	}
 	p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
 	if (tmp != SEAL_ALG_DES) {
 		p = ERR_PTR(-ENOSYS);
-		goto out_err_free_ctx;
+		goto out_err;
 	}
 	p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
 	p = simple_get_bytes(p, end, &ctx->seq_send, sizeof(ctx->seq_send));
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
 	p = simple_get_netobj(p, end, &ctx->mech_used);
 	if (IS_ERR(p))
-		goto out_err_free_ctx;
+		goto out_err;
 	p = get_key(p, end, &ctx->enc);
 	if (IS_ERR(p))
 		goto out_err_free_mech;
@@ -181,9 +175,6 @@ gss_import_sec_context_kerberos(const void *p,
 		goto out_err_free_key2;
 	}
 
-	ctx_id->internal_ctx_id = ctx;
-
-	dprintk("RPC:       Successfully imported new context.\n");
 	return 0;
 
 out_err_free_key2:
@@ -192,12 +183,37 @@ out_err_free_key1:
 	crypto_free_blkcipher(ctx->enc);
 out_err_free_mech:
 	kfree(ctx->mech_used.data);
-out_err_free_ctx:
-	kfree(ctx);
 out_err:
 	return PTR_ERR(p);
 }
 
+static int
+gss_import_sec_context_kerberos(const void *p, size_t len,
+				struct gss_ctx *ctx_id)
+{
+	const void *end = (const void *)((const char *)p + len);
+	struct  krb5_ctx *ctx;
+	int ret;
+
+	ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
+	if (ctx == NULL)
+		return -ENOMEM;
+	memset(ctx, 0, sizeof(*ctx));
+
+	if (len == 85)
+		ret = gss_import_v1_context(p, end, ctx);
+	else
+		ret = -EINVAL;
+
+	if (ret == 0)
+		ctx_id->internal_ctx_id = ctx;
+	else
+		kfree(ctx);
+
+	dprintk("RPC:       %s: returning %d\n", __func__, ret);
+	return ret;
+}
+
 static void
 gss_delete_sec_context_kerberos(void *internal_ctx) {
 	struct krb5_ctx *kctx = internal_ctx;
-- 
1.6.6.1

next prev parent reply	other threads:[~2010-03-17 17:03 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-17 17:02 [PATCH 00/23] Add new enctypes for gss_krb5 (Round 5) steved
2010-03-17 17:02 ` [PATCH 01/23] gss_krb5: Introduce encryption type framework steved
2010-03-17 17:02 ` [PATCH 02/23] gss_krb5: Added and improved code comments steved
2010-03-17 17:10   ` Chuck Lever
2010-03-17 17:02 ` [PATCH 03/23] gss_krb5: Don't expect blocksize to always be 8 when calculating padding steved
2010-03-17 17:02 ` [PATCH 04/23] gss_krb5: split up functions in preparation of adding new enctypes steved
2010-03-17 17:02 ` steved [this message]
2010-03-17 17:02 ` [PATCH 06/23] gss_krb5: introduce encryption type framework steved
2010-03-17 17:02 ` [PATCH 07/23] gss_krb5: add ability to have a keyed checksum (hmac) steved
2010-03-17 17:02 ` [PATCH 08/23] gss_krb5: import functionality to derive keys into the kernel steved
2010-03-17 17:02 ` [PATCH 09/23] gss_krb5: handle new context format from gssd steved
2010-03-17 17:02 ` [PATCH 10/23] gss_krb5: add support for triple-des encryption steved
2010-03-17 17:02 ` [PATCH 11/23] Add new pipefs file indicating which Kerberos enctypes the kernel supports steved
2010-03-17 17:02 ` [PATCH 12/23] Update " steved
2010-03-17 17:02 ` [PATCH 13/23] xdr: Add an export for the helper function write_bytes_to_xdr_buf() steved
2010-03-17 17:02 ` [PATCH 14/23] gss_krb5: add support for new token formats in rfc4121 steved
2010-03-17 17:03 ` [PATCH 15/23] gss_krb5: add remaining pieces to enable AES encryption support steved
2010-03-17 17:03 ` [PATCH 16/23] gss_krb5: Update pipefs file steved
2010-03-17 17:03 ` [PATCH 17/23] gssd_krb5: arcfour-hmac support steved
2010-03-17 17:03 ` [PATCH 18/23] gss_krb5: Save the raw session key in the context steved
2010-03-17 17:03 ` [PATCH 19/23] gssd_krb5: More arcfour-hmac support steved
2010-03-17 17:03 ` [PATCH 20/23] gss_krb5: Use confounder length in wrap code steved
2010-03-17 17:03 ` [PATCH 21/23] gss_krb5: Add support for rc4-hmac encryption steved
2010-03-17 17:03 ` [PATCH 22/23] Update the pipefs file steved
2010-03-17 17:03 ` [PATCH 23/23] Fixed a typo in gss_verify_mic_v2() steved

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0cd940e dfblob:1849757 )
 OR (
bs:"[PATCH 05/23] gss_krb5: prepare for new context format" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1268845388-9516-6-git-send-email-steved@redhat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox