aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* SUNRPC: Clean up xprt_release()Trond Myklebust2010-05-14
| | | | | Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Fix up the documentation for nfs_do_refmountTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Replace nfsroot on-stack filehandleTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Cleanup file handle allocations in fs/nfs/super.cTrond Myklebust2010-05-14
| | | | | | Use the new helper functions instead of open coding. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Prevent the mount code from looping forever on broken exportsTrond Myklebust2010-05-14
| | | | | | | | Keep a global count of how many referrals that the current task has traversed on a path lookup. Return ELOOP if the count exceeds MAX_NESTED_LINKS. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs3_proc_getacl() and nfs3_proc_setacl()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs_statfs()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs_setattr()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs4_proc_create()Trond Myklebust2010-05-14
| | | | | | | Move the O_EXCL open handling into _nfs4_do_open() where it belongs. Doing so also allows us to reuse the struct fattr from the opendata. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_proc_symlink()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_proc_createTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_rmdirTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs_proc_remove()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs3_proc_readlink()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_link()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs_readdir()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs3_proc_rename() and nfs4_proc_rename()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce stack footprint of nfs_revalidate_inode()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Reduce stack footprint of nfs4_proc_access() and nfs3_proc_access()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Reduce the stack footprint of nfs4_remote_referral_get_sbTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Reduce stack footprint of nfs4_get_root()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_follow_remote_path()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_lookupTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Reduce the stack footprint of try_location()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_create_serverTrond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Reduce the stack footprint of nfs_follow_mountpoint()Trond Myklebust2010-05-14
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFSv4: Eliminate nfs4_path_walk()Trond Myklebust2010-05-14
| | | | | | | | All we really want is the ability to retrieve the root file handle. We no longer need the ability to walk down the path, since that is now done in nfs_follow_remote_path(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: Add helper functions for allocating filehandles and fattr structsTrond Myklebust2010-05-14
| | | | | | | | NFS Filehandles and struct fattr are really too large to be allocated on the stack. This patch adds in a couple of helper functions to allocate them dynamically instead. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Advertise rc4-hmac enctype support in the rpcsec_gss/krb5 upcallTrond Myklebust2010-05-14
| | | | | | | Update the upcall info indicating which Kerberos enctypes the kernel supports Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Add support for rc4-hmac encryptionKevin Coffman2010-05-14
| | | | | | | | | Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Use confounder length in wrap codeKevin Coffman2010-05-14
| | | | | | | | | | | | | | | | All encryption types use a confounder at the beginning of the wrap token. In all encryption types except arcfour-hmac, the confounder is the same as the blocksize. arcfour-hmac has a blocksize of one, but uses an eight byte confounder. Add an entry to the crypto framework definitions for the confounder length and change the wrap/unwrap code to use the confounder length rather than assuming it is always the blocksize. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gssd_krb5: More arcfour-hmac supportKevin Coffman2010-05-14
| | | | | | | | | | For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Save the raw session key in the contextKevin Coffman2010-05-14
| | | | | | | | | This is needed for deriving arcfour-hmac keys "on the fly" using the sequence number or checksu Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gssd_krb5: arcfour-hmac supportKevin Coffman2010-05-14
| | | | | | | | | | For arcfour-hmac support, the make_checksum function needs a usage field to correctly calculate the checksum differently for MIC and WRAP tokens. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Advertise AES enctype support in the rpcsec_gss/krb5 upcallTrond Myklebust2010-05-14
| | | | | | | Update upcall info indicating which Kerberos enctypes the kernel supports Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: add remaining pieces to enable AES encryption supportKevin Coffman2010-05-14
| | | | | | | | | Add the remaining pieces to enable support for Kerberos AES encryption types. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: add support for new token formats in rfc4121Kevin Coffman2010-05-14
| | | | | | | | | | | This is a step toward support for AES encryption types which are required to use the new token formats defined in rfc4121. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> [SteveD: Fixed a typo in gss_verify_mic_v2()] Signed-off-by: Steve Dickson <steved@redhat.com> [Trond: Got rid of the TEST_ROTATE/TEST_EXTRA_COUNT crap] Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* xdr: Add an export for the helper function write_bytes_to_xdr_buf()Kevin Coffman2010-05-14
| | | | | | Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Advertise triple-des enctype support in the rpcsec_gss/krb5 upcallTrond Myklebust2010-05-14
| | | | | | | Update the upcall info indicating which Kerberos enctypes the kernel supports. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: add support for triple-des encryptionKevin Coffman2010-05-14
| | | | | | | | Add the final pieces to support the triple-des encryption type. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Add upcall info indicating supported kerberos enctypesTrond Myklebust2010-05-14
| | | | | | | | | | | | | | | The text based upcall now indicates which Kerberos encryption types are supported by the kernel rpcsecgss code. This is used by gssd to determine which encryption types it should attempt to negotiate when creating a context with a server. The server principal's database and keytab encryption types are what limits what it should negotiate. Therefore, its keytab should be created with only the enctypes listed by this file. Currently we support des-cbc-crc, des-cbc-md4 and des-cbc-md5 Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: handle new context format from gssdKevin Coffman2010-05-14
| | | | | | | | | | For encryption types other than DES, gssd sends down context information in a new format. This new format includes the information needed to support the new Kerberos GSS-API tokens defined in rfc4121. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: import functionality to derive keys into the kernelKevin Coffman2010-05-14
| | | | | | | | | | Import the code to derive Kerberos keys from a base key into the kernel. This will allow us to change the format of the context information sent down from gssd to include only a single key. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: add ability to have a keyed checksum (hmac)Kevin Coffman2010-05-14
| | | | | | | | | | | Encryption types besides DES may use a keyed checksum (hmac). Modify the make_checksum() function to allow for a key and take care of enctype-specific processing such as truncating the resulting hash. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: introduce encryption type frameworkKevin Coffman2010-05-14
| | | | | | | | | Add enctype framework and change functions to use the generic values from it rather than the values hard-coded for des. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: prepare for new context formatKevin Coffman2010-05-14
| | | | | | | | | Prepare for new context format by splitting out the old "v1" context processing function Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: split up functions in preparation of adding new enctypesKevin Coffman2010-05-14
| | | | | | | | | Add encryption type to the krb5 context structure and use it to switch to the correct functions depending on the encryption type. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Don't expect blocksize to always be 8 when calculating paddingJ. Bruce Fields2010-05-14
| | | | | Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Added and improved code commentsKevin Coffman2010-05-14
| | | | | Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Introduce encryption type frameworkKevin Coffman2010-05-14
| | | | | | | | | | | | | | | | | Make the client and server code consistent regarding the extra buffer space made available for the auth code when wrapping data. Add some comments/documentation about the available buffer space in the xdr_buf head and tail when gss_wrap is called. Add a compile-time check to make sure we are not exceeding the available buffer space. Add a central function to shift head data. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-06 06:35:38 -0500