diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2013-03-16 15:54:43 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-03-29 15:43:07 -0400 |
| commit | 9568c5e9a61de49f67f524404a27a1014a8d7f1e (patch) | |
| tree | 5bc8c5496bae61b6e5dfac11e620f7aef18a58b6 /include/linux/sunrpc/auth.h | |
| parent | fb15b26f8ba3ff629a052faf3f4a4744585ca2dc (diff) | |
SUNRPC: Introduce rpcauth_get_pseudoflavor()
A SECINFO reply may contain flavors whose kernel module is not
yet loaded by the client's kernel. A new RPC client API, called
rpcauth_get_pseudoflavor(), is introduced to do proper checking
for support of a security flavor.
When this API is invoked, the RPC client now tries to load the
module for each flavor first before performing the "is this
supported?" check. This means if a module is available on the
client, but has not been loaded yet, it will be loaded and
registered automatically when the SECINFO reply is processed.
The new API can take a full GSS tuple (OID, QoP, and service).
Previously only the OID and service were considered.
nfs_find_best_sec() is updated to verify all flavors requested in a
SECINFO reply, including AUTH_NULL and AUTH_UNIX. Previously these
two flavors were simply assumed to be supported without consulting
the RPC client.
Note that the replaced version of nfs_find_best_sec() can return
RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
unsupported "service" value. nfs_find_best_sec() now returns
RPC_AUTH_UNIX in this case.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include/linux/sunrpc/auth.h')
| -rw-r--r-- | include/linux/sunrpc/auth.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h index 58fda1c3c783..6851da4cb416 100644 --- a/include/linux/sunrpc/auth.h +++ b/include/linux/sunrpc/auth.h | |||
| @@ -22,6 +22,8 @@ | |||
| 22 | /* size of the nodename buffer */ | 22 | /* size of the nodename buffer */ |
| 23 | #define UNX_MAXNODENAME 32 | 23 | #define UNX_MAXNODENAME 32 |
| 24 | 24 | ||
| 25 | struct rpcsec_gss_info; | ||
| 26 | |||
| 25 | /* Work around the lack of a VFS credential */ | 27 | /* Work around the lack of a VFS credential */ |
| 26 | struct auth_cred { | 28 | struct auth_cred { |
| 27 | kuid_t uid; | 29 | kuid_t uid; |
| @@ -103,6 +105,7 @@ struct rpc_authops { | |||
| 103 | int (*pipes_create)(struct rpc_auth *); | 105 | int (*pipes_create)(struct rpc_auth *); |
| 104 | void (*pipes_destroy)(struct rpc_auth *); | 106 | void (*pipes_destroy)(struct rpc_auth *); |
| 105 | int (*list_pseudoflavors)(rpc_authflavor_t *, int); | 107 | int (*list_pseudoflavors)(rpc_authflavor_t *, int); |
| 108 | rpc_authflavor_t (*info2flavor)(struct rpcsec_gss_info *); | ||
| 106 | }; | 109 | }; |
| 107 | 110 | ||
| 108 | struct rpc_credops { | 111 | struct rpc_credops { |
| @@ -137,6 +140,8 @@ int rpcauth_register(const struct rpc_authops *); | |||
| 137 | int rpcauth_unregister(const struct rpc_authops *); | 140 | int rpcauth_unregister(const struct rpc_authops *); |
| 138 | struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *); | 141 | struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *); |
| 139 | void rpcauth_release(struct rpc_auth *); | 142 | void rpcauth_release(struct rpc_auth *); |
| 143 | rpc_authflavor_t rpcauth_get_pseudoflavor(rpc_authflavor_t, | ||
| 144 | struct rpcsec_gss_info *); | ||
| 140 | int rpcauth_list_flavors(rpc_authflavor_t *, int); | 145 | int rpcauth_list_flavors(rpc_authflavor_t *, int); |
| 141 | struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int); | 146 | struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int); |
| 142 | void rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *); | 147 | void rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *); |