60 #include <linux/types.h>
66 # define RPCDBG_FACILITY RPCDBG_AUTH
75 struct xdr_buf *message_buffer,
struct xdr_netobj *read_token)
80 struct xdr_netobj md5cksum = {.len =
sizeof(cksumdata),
85 unsigned char *
ptr = (
unsigned char *)read_token->data;
89 dprintk(
"RPC: krb5_read_token\n");
93 return GSS_S_DEFECTIVE_TOKEN;
97 return GSS_S_DEFECTIVE_TOKEN;
101 signalg = ptr[2] + (ptr[3] << 8);
102 if (signalg != ctx->
gk5e->signalg)
103 return GSS_S_DEFECTIVE_TOKEN;
105 sealalg = ptr[4] + (ptr[5] << 8);
107 return GSS_S_DEFECTIVE_TOKEN;
109 if ((ptr[6] != 0xff) || (ptr[7] != 0xff))
110 return GSS_S_DEFECTIVE_TOKEN;
112 if (ctx->
gk5e->keyed_cksum)
113 cksumkey = ctx->
cksum;
119 return GSS_S_FAILURE;
122 ctx->
gk5e->cksumlength))
123 return GSS_S_BAD_SIG;
130 return GSS_S_CONTEXT_EXPIRED;
135 &direction, &seqnum))
136 return GSS_S_FAILURE;
138 if ((ctx->
initiate && direction != 0xff) ||
140 return GSS_S_BAD_SIG;
142 return GSS_S_COMPLETE;
146 gss_verify_mic_v2(
struct krb5_ctx *ctx,
147 struct xdr_buf *message_buffer,
struct xdr_netobj *read_token)
150 struct xdr_netobj cksumobj = {.len =
sizeof(cksumdata),
154 u8 *ptr = read_token->data;
158 unsigned int cksum_usage;
160 dprintk(
"RPC: %s\n", __func__);
163 return GSS_S_DEFECTIVE_TOKEN;
167 (ctx->
initiate && !(flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)))
168 return GSS_S_BAD_SIG;
171 dprintk(
"%s: token has unexpected sealed flag\n", __func__);
172 return GSS_S_FAILURE;
175 for (i = 3; i < 8; i++)
177 return GSS_S_DEFECTIVE_TOKEN;
188 cksumkey, cksum_usage, &cksumobj))
189 return GSS_S_FAILURE;
192 ctx->
gk5e->cksumlength))
193 return GSS_S_BAD_SIG;
198 return GSS_S_CONTEXT_EXPIRED;
204 return GSS_S_COMPLETE;
209 struct xdr_buf *message_buffer,
210 struct xdr_netobj *read_token)
212 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
220 return gss_verify_mic_v1(ctx, message_buffer, read_token);
223 return gss_verify_mic_v2(ctx, message_buffer, read_token);