nfsd: add proc file listing kernel's gss_krb5 enctypes

Add a new proc file which lists the encryption types supported by the kernel's gss_krb5 code. Newer MIT Kerberos libraries support the assertion of acceptor subkeys. This enctype information allows user-land (svcgssd) to request that the Kerberos libraries limit the encryption types that it uses when generating the subkeys. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: Kevin Coffman <kwc@citi.umich.edu> 2011-03-02 19:51:42 -0500
committer: J. Bruce Fields <bfields@redhat.com> 2011-03-07 12:06:48 -0500
commit: b0b0c0a26e846ae6646af9f59a3d2ea06b49cbc7 (patch)
tree: 4fd43c06c0e63b6004fd2b6808ac8d0677921cc6
parent: 540c8cb6a576f34a9a0b04467f46bb6e67a1f852 (diff)
1 files changed, 30 insertions, 1 deletions
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 33b3e2b0677..35dcfa8eba2 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -12,13 +12,14 @@
 #include <linux/nfsd/syscall.h>
 #include <linux/lockd/lockd.h>
 #include <linux/sunrpc/clnt.h>
+#include <linux/sunrpc/gss_api.h>
 #include "idmap.h"
 #include "nfsd.h"
 #include "cache.h"
 /*
- *      We have a single directory with 9 nodes in it.
+ *      We have a single directory with several nodes in it.
 */
 enum {
        NFSD_Root = 1,
@@ -42,6 +43,7 @@ enum {
        NFSD_Versions,
        NFSD_Ports,
        NFSD_MaxBlkSize,
+        NFSD_SupportedEnctypes,
        /*
         * The below MUST come last.  Otherwise we leave a hole in nfsd_files[]
         * with !CONFIG_NFSD_V4 and simple_fill_super() goes oops
@@ -187,6 +189,32 @@ static struct file_operations export_features_operations = {
        .release        = single_release,
 };
+static int supported_enctypes_show(struct seq_file *m, void *v)
+{
+        struct gss_api_mech *k5mech;
+        k5mech = gss_mech_get_by_name("krb5");
+        if (k5mech == NULL)
+                goto out;
+        if (k5mech->gm_upcall_enctypes != NULL)
+                seq_printf(m, k5mech->gm_upcall_enctypes);
+        gss_mech_put(k5mech);
+out:
+        return 0;
+}
+static int supported_enctypes_open(struct inode *inode, struct file *file)
+{
+        return single_open(file, supported_enctypes_show, NULL);
+}
+static struct file_operations supported_enctypes_ops = {
+        .open           = supported_enctypes_open,
+        .read           = seq_read,
+        .llseek         = seq_lseek,
+        .release        = single_release,
+};
 extern int nfsd_pool_stats_open(struct inode *inode, struct file *file);
 extern int nfsd_pool_stats_release(struct inode *inode, struct file *file);
@@ -1397,6 +1425,7 @@ static int nfsd_fill_super(struct super_block * sb, void * data, int silent)
                [NFSD_Versions] = {"versions", &transaction_ops, S_IWUSR|S_IRUSR},
                [NFSD_Ports] = {"portlist", &transaction_ops, S_IWUSR|S_IRUGO},
                [NFSD_MaxBlkSize] = {"max_block_size", &transaction_ops, S_IWUSR|S_IRUGO},
+                [NFSD_SupportedEnctypes] = {"supported_krb5_enctypes", &supported_enctypes_ops, S_IRUGO},
 #ifdef CONFIG_NFSD_V4
                [NFSD_Leasetime] = {"nfsv4leasetime", &transaction_ops, S_IWUSR|S_IRUSR},
                [NFSD_Gracetime] = {"nfsv4gracetime", &transaction_ops, S_IWUSR|S_IRUSR},
author	Kevin Coffman <kwc@citi.umich.edu>	2011-03-02 19:51:42 -0500
committer	J. Bruce Fields <bfields@redhat.com>	2011-03-07 12:06:48 -0500
commit	b0b0c0a26e846ae6646af9f59a3d2ea06b49cbc7 (patch)
tree	4fd43c06c0e63b6004fd2b6808ac8d0677921cc6
parent	540c8cb6a576f34a9a0b04467f46bb6e67a1f852 (diff)