net/sunrpc/auth_gss/gss_krb5_unseal.c
Source file repositories/reference/linux-study-clean/net/sunrpc/auth_gss/gss_krb5_unseal.c
File Facts
- System
- Linux kernel
- Corpus path
net/sunrpc/auth_gss/gss_krb5_unseal.c- Extension
.c- Size
- 4704 bytes
- Lines
- 137
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: implementation source
- Status
- source implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/types.hlinux/jiffies.hlinux/sunrpc/gss_krb5.hlinux/scatterlist.hlinux/slab.hgss_krb5_internal.h
Detected Declarations
function Copyright
Annotated Snippet
#include <linux/types.h>
#include <linux/jiffies.h>
#include <linux/sunrpc/gss_krb5.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include "gss_krb5_internal.h"
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
# define RPCDBG_FACILITY RPCDBG_AUTH
#endif
u32
gss_krb5_verify_mic_v2(struct krb5_ctx *ctx, struct xdr_buf *message_buffer,
struct xdr_netobj *read_token)
{
const struct krb5_enctype *krb5 = ctx->krb5e;
struct crypto_shash *shash = ctx->initiate ?
ctx->acceptor_sign_shash : ctx->initiator_sign_shash;
unsigned int cksum_len = krb5->cksum_len;
struct scatterlist sg_head[XDR_BUF_TO_SG_NENTS];
struct scatterlist *sg_overflow;
size_t mic_offset, mic_len;
u8 *ptr = read_token->data;
__be16 be16_ptr;
time64_t now;
u8 flags;
int nsg, i;
int ret;
dprintk("RPC: %s\n", __func__);
memcpy(&be16_ptr, (char *) ptr, 2);
if (be16_to_cpu(be16_ptr) != KG2_TOK_MIC)
return GSS_S_DEFECTIVE_TOKEN;
flags = ptr[2];
if ((!ctx->initiate && (flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)) ||
(ctx->initiate && !(flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)))
return GSS_S_BAD_SIG;
if (flags & KG2_TOKEN_FLAG_SEALED) {
dprintk("%s: token has unexpected sealed flag\n", __func__);
return GSS_S_FAILURE;
}
for (i = 3; i < 8; i++)
if (ptr[i] != 0xff)
return GSS_S_DEFECTIVE_TOKEN;
nsg = gss_krb5_mic_build_sg(message_buffer,
ptr + GSS_KRB5_TOK_HDR_LEN,
cksum_len, ptr,
sg_head, &sg_overflow);
if (nsg < 0)
return GSS_S_FAILURE;
mic_offset = 0;
mic_len = cksum_len + message_buffer->len + GSS_KRB5_TOK_HDR_LEN;
ret = crypto_krb5_verify_mic(krb5, shash, NULL, sg_head, nsg,
&mic_offset, &mic_len);
kfree(sg_overflow);
if (ret)
return gss_krb5_errno_to_status(ret);
/* it got through unscathed. Make sure the context is unexpired */
now = ktime_get_real_seconds();
if (now > ctx->endtime)
return GSS_S_CONTEXT_EXPIRED;
/*
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
* doesn't want it checked; see page 6 of rfc 2203.
*/
return GSS_S_COMPLETE;
}
Annotation
- Immediate include surface: `linux/types.h`, `linux/jiffies.h`, `linux/sunrpc/gss_krb5.h`, `linux/scatterlist.h`, `linux/slab.h`, `gss_krb5_internal.h`.
- Detected declarations: `function Copyright`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.