---

yaml --- r: 42535 b: refs/heads/master c: 5eb064f h: refs/heads/master i: 42533: c9284f9 42531: fc14346 42527: ce11723 v: v3
git-mirror · Dec 6, 2006 · cce256a · cce256a
1 parent 9056d62
commit cce256a
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 61 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: e678e06bf8fa25981a6fa1f08b979fd086d713f8
+refs/heads/master: 5eb064f93973def1ec2ab4a46929e94389a6283b
diff --git a/trunk/net/sunrpc/auth_gss/gss_krb5_unseal.c b/trunk/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -112,47 +112,26 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
 
 	if (sealalg != 0xffff)
 		goto out;
-
-	/* there are several mappings of seal algorithms to sign algorithms,
-	   but few enough that we can try them all. */
-
-	if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
-	    (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
-	    (ctx->sealalg == SEAL_ALG_DES3KD &&
-	     signalg != SGN_ALG_HMAC_SHA1_DES3_KD))
+	if (signalg != SGN_ALG_DES_MAC_MD5)
 		goto out;
 
 	/* compute the checksum of the message */
 
 	/* initialize the the cksum */
-	switch (signalg) {
-	case SGN_ALG_DES_MAC_MD5:
-		checksum_type = CKSUMTYPE_RSA_MD5;
-		break;
-	default:
-		ret = GSS_S_DEFECTIVE_TOKEN;
+	checksum_type = CKSUMTYPE_RSA_MD5;
+
+	ret = make_checksum(checksum_type, ptr - 2, 8,
+				 message_buffer, 0, &md5cksum);
+	if (ret)
+		goto out;
+
+	ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
+			   md5cksum.data, 16);
+	if (ret)
 		goto out;
-	}
 
-	switch (signalg) {
-	case SGN_ALG_DES_MAC_MD5:
-		ret = make_checksum(checksum_type, ptr - 2, 8,
-					 message_buffer, 0, &md5cksum);
-		if (ret)
-			goto out;
-
-		ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data,
-				   md5cksum.data, 16);
-		if (ret)
-			goto out;
-
-		if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
-			ret = GSS_S_BAD_SIG;
-			goto out;
-		}
-		break;
-	default:
-		ret = GSS_S_DEFECTIVE_TOKEN;
+	if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
+		ret = GSS_S_BAD_SIG;
 		goto out;
 	}
 

diff --git a/trunk/net/sunrpc/auth_gss/gss_krb5_wrap.c b/trunk/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -253,6 +253,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
 
 	if (sealalg == 0xffff)
 		goto out;
+	if (signalg != SGN_ALG_DES_MAC_MD5)
+		goto out;
 
 	/* in the current spec, there is only one valid seal algorithm per
 	   key type, so a simple comparison is ok */
@@ -276,34 +278,20 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
 	/* compute the checksum of the message */
 
 	/* initialize the the cksum */
-	switch (signalg) {
-	case SGN_ALG_DES_MAC_MD5:
-		checksum_type = CKSUMTYPE_RSA_MD5;
-		break;
-	default:
-		ret = GSS_S_DEFECTIVE_TOKEN;
+	checksum_type = CKSUMTYPE_RSA_MD5;
+
+	ret = make_checksum(checksum_type, ptr - 2, 8, buf,
+		 ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
+	if (ret)
+		goto out;
+
+	ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
+			   md5cksum.data, md5cksum.len);
+	if (ret)
 		goto out;
-	}
 
-	switch (signalg) {
-	case SGN_ALG_DES_MAC_MD5:
-		ret = make_checksum(checksum_type, ptr - 2, 8, buf,
-			 ptr + 22 - (unsigned char *)buf->head[0].iov_base, &md5cksum);
-		if (ret)
-			goto out;
-
-		ret = krb5_encrypt(kctx->seq, NULL, md5cksum.data,
-				   md5cksum.data, md5cksum.len);
-		if (ret)
-			goto out;
-
-		if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
-			ret = GSS_S_BAD_SIG;
-			goto out;
-		}
-		break;
-	default:
-		ret = GSS_S_DEFECTIVE_TOKEN;
+	if (memcmp(md5cksum.data + 8, ptr + 14, 8)) {
+		ret = GSS_S_BAD_SIG;
 		goto out;
 	}