gss_krb5: document that we ignore sequence number A couple times recently somebody has noticed that we're ignoring a sequence number here and wondered whether there's a bug. In fact, there's not. Thanks to Andy Adamson for pointing out a useful explanation in rfc 2203. Add comments citing that rfc, and remove "seqnum" to prevent static checkers complaining about unused variables. Reported-by: Andi Kleen <[email protected]> Signed-off-by: J. Bruce Fields <[email protected]>

commit: 5d6baef9ab52d0d02b3106d8ccd1b05ec628e027 [log] [tgz]
author: J. Bruce Fields <[email protected]> Wed Oct 09 15:59:29 2013 -0400
committer: J. Bruce Fields <[email protected]> Thu Oct 10 11:04:48 2013 -0400
tree: e983e2d40f2e1db8aaa04902d26208eb259a79d6
parent: b26ec9b11b309acd9f6bb15fcc9bb396091384e8 [diff] [blame]
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 6cd930f..6c981dd 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c

@@ -150,7 +150,6 @@
 	struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
 				      .data = cksumdata};
 	s32 now;
-	u64 seqnum;
 	u8 *ptr = read_token->data;
 	u8 *cksumkey;
 	u8 flags;
@@ -197,9 +196,10 @@
 	if (now > ctx->endtime)
 		return GSS_S_CONTEXT_EXPIRED;
 
-	/* do sequencing checks */
-
-	seqnum = be64_to_cpup((__be64 *)ptr + 8);
+	/*
+	 * NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
+	 * doesn't want it checked; see page 6 of rfc 2203.
+	 */
 
 	return GSS_S_COMPLETE;
 }
commit	5d6baef9ab52d0d02b3106d8ccd1b05ec628e027	[log] [tgz]
author	J. Bruce Fields <[email protected]>	Wed Oct 09 15:59:29 2013 -0400
committer	J. Bruce Fields <[email protected]>	Thu Oct 10 11:04:48 2013 -0400
tree	e983e2d40f2e1db8aaa04902d26208eb259a79d6
parent	b26ec9b11b309acd9f6bb15fcc9bb396091384e8 [diff] [blame]