Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff

[linux-2.6.git] / net / sunrpc / auth_gss / gss_krb5_mech.c
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c

index cf72651..129e2bd 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -39,7 +39,6 @@
  #include <linux/types.h>
  #include <linux/slab.h>
  #include <linux/sunrpc/auth.h>
-#include <linux/in.h>
  #include <linux/sunrpc/gss_krb5.h>
  #include <linux/sunrpc/xdr.h>
  #include <linux/crypto.h>
@@ -98,13 +97,17 @@ get_key(const void *p, const void *end, struct crypto_tfm **res)
                         alg_mode = CRYPTO_TFM_MODE_CBC;
                         break;
                 default:
-                       dprintk("RPC:      get_key: unsupported algorithm %d\n", alg);
+                       printk("gss_kerberos_mech: unsupported algorithm %d\n", alg);
                         goto out_err_free_key;
         }
-       if (!(*res = crypto_alloc_tfm(alg_name, alg_mode)))
+       if (!(*res = crypto_alloc_tfm(alg_name, alg_mode))) {
+               printk("gss_kerberos_mech: unable to initialize crypto algorithm %s\n", alg_name);
                 goto out_err_free_key;
-       if (crypto_cipher_setkey(*res, key.data, key.len))
+       }
+       if (crypto_cipher_setkey(*res, key.data, key.len)) {
+               printk("gss_kerberos_mech: error setting key for crypto algorithm %s\n", alg_name);
                 goto out_err_free_tfm;
+       }
  
         kfree(key.data);
         return p;
@@ -185,52 +188,18 @@ static void
  gss_delete_sec_context_kerberos(void *internal_ctx) {
         struct krb5_ctx *kctx = internal_ctx;
  
-       if (kctx->seq)
-               crypto_free_tfm(kctx->seq);
-       if (kctx->enc)
-               crypto_free_tfm(kctx->enc);
-       if (kctx->mech_used.data)
-               kfree(kctx->mech_used.data);
+       crypto_free_tfm(kctx->seq);
+       crypto_free_tfm(kctx->enc);
+       kfree(kctx->mech_used.data);
         kfree(kctx);
  }
  
-static u32
-gss_verify_mic_kerberos(struct gss_ctx         *ctx,
-                       struct xdr_buf          *message,
-                       struct xdr_netobj       *mic_token,
-                       u32                     *qstate) {
-       u32 maj_stat = 0;
-       int qop_state;
-       struct krb5_ctx *kctx = ctx->internal_ctx_id;
-
-       maj_stat = krb5_read_token(kctx, mic_token, message, &qop_state,
-                                  KG_TOK_MIC_MSG);
-       if (!maj_stat && qop_state)
-           *qstate = qop_state;
-
-       dprintk("RPC:      gss_verify_mic_kerberos returning %d\n", maj_stat);
-       return maj_stat;
-}
-
-static u32
-gss_get_mic_kerberos(struct gss_ctx    *ctx,
-                    u32                qop,
-                    struct xdr_buf     *message,
-                    struct xdr_netobj  *mic_token) {
-       u32 err = 0;
-       struct krb5_ctx *kctx = ctx->internal_ctx_id;
-
-       err = krb5_make_token(kctx, qop, message, mic_token, KG_TOK_MIC_MSG);
-
-       dprintk("RPC:      gss_get_mic_kerberos returning %d\n",err);
-
-       return err;
-}
-
  static struct gss_api_ops gss_kerberos_ops = {
         .gss_import_sec_context = gss_import_sec_context_kerberos,
         .gss_get_mic            = gss_get_mic_kerberos,
         .gss_verify_mic         = gss_verify_mic_kerberos,
+       .gss_wrap               = gss_wrap_kerberos,
+       .gss_unwrap             = gss_unwrap_kerberos,
         .gss_delete_sec_context = gss_delete_sec_context_kerberos,
  };
  
@@ -245,6 +214,11 @@ static struct pf_desc gss_kerberos_pfs[] = {
                 .service = RPC_GSS_SVC_INTEGRITY,
                 .name = "krb5i",
         },
+       [2] = {
+               .pseudoflavor = RPC_AUTH_GSS_KRB5P,
+               .service = RPC_GSS_SVC_PRIVACY,
+               .name = "krb5p",
+       },
  };
  
  static struct gss_api_mech gss_kerberos_mech = {