From e678e06bf8fa25981a6fa1f08b979fd086d713f8 Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Mon, 4 Dec 2006 20:22:35 -0500 Subject: gss: krb5: remove signalg and sealalg We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields Signed-off-by: Trond Myklebust --- net/sunrpc/auth_gss/gss_krb5_mech.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'net/sunrpc/auth_gss/gss_krb5_mech.c') diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 754b8cd6439..17587163fca 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -129,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p, { const void *end = (const void *)((const char *)p + len); struct krb5_ctx *ctx; + int tmp; if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) goto out_err; @@ -142,9 +143,11 @@ gss_import_sec_context_kerberos(const void *p, p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed)); if (IS_ERR(p)) goto out_err_free_ctx; - p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg)); + p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); if (IS_ERR(p)) goto out_err_free_ctx; + if (tmp != SGN_ALG_DES_MAC_MD5) + goto out_err_free_ctx; p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg)); if (IS_ERR(p)) goto out_err_free_ctx; -- cgit v1.2.3