err.no Git - linux-2.6/commit

author	J. Bruce Fields <bfields@fieldses.org>
	Tue, 5 Dec 2006 01:22:40 +0000 (20:22 -0500)
committer	Trond Myklebust <Trond.Myklebust@netapp.com>
	Wed, 6 Dec 2006 15:46:47 +0000 (10:46 -0500)
commit	d922a84a8bf1d627810906d033223d4fa629fdbf
tree	8150e29f36f3e14df0c1fea1caa1936f7cfa0e3a	tree \| snapshot
parent	39a21dd1b0eec3f5eac84ee42bda5ab4915098ae	commit \| diff

rpcgss: krb5: sanity check sealalg value in the downcall

The sealalg is checked in several places, giving the impression it could be
either SEAL_ALG_NONE or SEAL_ALG_DES.  But in fact SEAL_ALG_NONE seems to
be sufficient only for making mic's, and all the contexts we get must be
capable of wrapping as well.  So the sealalg must be SEAL_ALG_DES.  As
with signalg, just check for the right value on the downcall and ignore it
otherwise.  Similarly, tighten expectations for the sealalg on incoming
tokens, in case we do support other values eventually.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

include/linux/sunrpc/gss_krb5.h		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_mech.c		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_seal.c		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_wrap.c		diff \| blob \| history