-
- Downloads
SUNRPC: Introduce rpcauth_get_pseudoflavor()
A SECINFO reply may contain flavors whose kernel module is not yet loaded by the client's kernel. A new RPC client API, called rpcauth_get_pseudoflavor(), is introduced to do proper checking for support of a security flavor. When this API is invoked, the RPC client now tries to load the module for each flavor first before performing the "is this supported?" check. This means if a module is available on the client, but has not been loaded yet, it will be loaded and registered automatically when the SECINFO reply is processed. The new API can take a full GSS tuple (OID, QoP, and service). Previously only the OID and service were considered. nfs_find_best_sec() is updated to verify all flavors requested in a SECINFO reply, including AUTH_NULL and AUTH_UNIX. Previously these two flavors were simply assumed to be supported without consulting the RPC client. Note that the replaced version of nfs_find_best_sec() can return RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an unsupported "service" value. nfs_find_best_sec() now returns RPC_AUTH_UNIX in this case. Signed-off-by:Chuck Lever <chuck.lever@oracle.com> Signed-off-by:
Showing
- fs/nfs/nfs4namespace.c 23 additions, 18 deletionsfs/nfs/nfs4namespace.c
- include/linux/sunrpc/auth.h 5 additions, 0 deletionsinclude/linux/sunrpc/auth.h
- include/linux/sunrpc/gss_api.h 2 additions, 3 deletionsinclude/linux/sunrpc/gss_api.h
- net/sunrpc/auth.c 35 additions, 0 deletionsnet/sunrpc/auth.c
- net/sunrpc/auth_gss/auth_gss.c 1 addition, 0 deletionsnet/sunrpc/auth_gss/auth_gss.c
- net/sunrpc/auth_gss/gss_mech_switch.c 23 additions, 5 deletionsnet/sunrpc/auth_gss/gss_mech_switch.c
Loading
Please register or sign in to comment