aboutsummaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_gss/gss_krb5_mech.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@fieldses.org>2006-12-04 20:22:35 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-12-06 10:46:44 -0500
commite678e06bf8fa25981a6fa1f08b979fd086d713f8 (patch)
tree1015c61bca28e960a62b52b5cc4045bcacebad6d /net/sunrpc/auth_gss/gss_krb5_mech.c
parentadeb8133dd57f380e70a389a89a2ea3ae227f9e2 (diff)
gss: krb5: remove signalg and sealalg
We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_mech.c')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 754b8cd6439..17587163fca 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -129,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p,
{
const void *end = (const void *)((const char *)p + len);
struct krb5_ctx *ctx;
+ int tmp;
if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
goto out_err;
@@ -142,9 +143,11 @@ gss_import_sec_context_kerberos(const void *p,
p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
if (IS_ERR(p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
+ p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
+ if (tmp != SGN_ALG_DES_MAC_MD5)
+ goto out_err_free_ctx;
p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
if (IS_ERR(p))
goto out_err_free_ctx;