aboutsummaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_gss/gss_krb5_seal.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@fieldses.org>2006-12-04 20:22:40 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-12-06 10:46:47 -0500
commitd922a84a8bf1d627810906d033223d4fa629fdbf (patch)
tree8150e29f36f3e14df0c1fea1caa1936f7cfa0e3a /net/sunrpc/auth_gss/gss_krb5_seal.c
parent39a21dd1b0eec3f5eac84ee42bda5ab4915098ae (diff)
rpcgss: krb5: sanity check sealalg value in the downcall
The sealalg is checked in several places, giving the impression it could be either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to be sufficient only for making mic's, and all the contexts we get must be capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As with signalg, just check for the right value on the downcall and ignore it otherwise. Similarly, tighten expectations for the sealalg on incoming tokens, in case we do support other values eventually. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_seal.c')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index f3f42a4465c..f42e453e63e 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -87,12 +87,6 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
now = get_seconds();
- if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) {
- dprintk("RPC: gss_krb5_seal: ctx->sealalg %d not supported\n",
- ctx->sealalg);
- return GSS_S_FAILURE;
- }
-
token->len = g_token_size(&ctx->mech_used, 22);
ptr = token->data;