gss_krb5: document that we ignore sequence number

A couple times recently somebody has noticed that we're ignoring a sequence number here and wondered whether there's a bug. In fact, there's not. Thanks to Andy Adamson for pointing out a useful explanation in rfc 2203. Add comments citing that rfc, and remove "seqnum" to prevent static checkers complaining about unused variables. Reported-by: Andi Kleen <andi@firstfloor.org> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: J. Bruce Fields <bfields@redhat.com> 2013-10-09 15:59:29 -0400
committer: J. Bruce Fields <bfields@redhat.com> 2013-10-10 11:04:48 -0400
commit: 5d6baef9ab52d0d02b3106d8ccd1b05ec628e027 (patch)
tree: e983e2d40f2e1db8aaa04902d26208eb259a79d6 /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent: b26ec9b11b309acd9f6bb15fcc9bb396091384e8 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 6cd930f3678f..6c981ddc19f8 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
 	struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
 				      .data = cksumdata};
 	s32 now;
-	u64 seqnum;
 	u8 *ptr = read_token->data;
 	u8 *cksumkey;
 	u8 flags;
@@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
 	if (now > ctx->endtime)
 		return GSS_S_CONTEXT_EXPIRED;
 
-	/* do sequencing checks */
-
-	seqnum = be64_to_cpup((__be64 *)ptr + 8);
+	/*
+	 * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
+	 * doesn't want it checked; see page 6 of rfc 2203.
+	 */
 
 	return GSS_S_COMPLETE;
 }
author	J. Bruce Fields <bfields@redhat.com>	2013-10-09 15:59:29 -0400
committer	J. Bruce Fields <bfields@redhat.com>	2013-10-10 11:04:48 -0400
commit	5d6baef9ab52d0d02b3106d8ccd1b05ec628e027 (patch)
tree	e983e2d40f2e1db8aaa04902d26208eb259a79d6 /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent	b26ec9b11b309acd9f6bb15fcc9bb396091384e8 (diff)