Merge branch 'rpcsec_gss-from_cel' into linux-next

* rpcsec_gss-from_cel: (21 commits) NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE NFSv4: Don't clear the machine cred when client establish returns EACCES NFSv4: Fix issues in nfs4_discover_server_trunking NFSv4: Fix the fallback to AUTH_NULL if krb5i is not available NFS: Use server-recommended security flavor by default (NFSv3) SUNRPC: Don't recognize RPC_AUTH_MAXFLAVOR NFS: Use "krb5i" to establish NFSv4 state whenever possible NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSEC NFS: Use static list of security flavors during root FH lookup recovery NFS: Avoid PUTROOTFH when managing leases NFS: Clean up nfs4_proc_get_rootfh NFS: Handle missing rpc.gssd when looking up root FH SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch SUNRPC: Make gss_mech_get() static SUNRPC: Refactor nfsd4_do_encode_secinfo() SUNRPC: Consider qop when looking up pseudoflavors SUNRPC: Load GSS kernel module by OID SUNRPC: Introduce rpcauth_get_pseudoflavor() SUNRPC: Define rpcsec_gss_info structure NFS: Remove unneeded forward declaration ...
author: Trond Myklebust <Trond.Myklebust@netapp.com> 2013-04-23 15:40:40 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2013-04-23 15:40:40 -0400
commit: bd1d421abcaae1b84ba377ea4c33bba31d654199 (patch)
tree: 10bf67d7063a95ffd013a9d01a35b906a7d89fcf /include
parent: bdeca1b76cd56cd10a029f0ad2fd9ab6dd7e313d (diff)
parent: 79d852bf5e7691dc78cc6322ecd1860c50940785 (diff)
3 files changed, 35 insertions, 28 deletions
diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
index bdc100f66dfb..766c5bc9d441 100644
--- a/include/linux/nfs_xdr.h
+++ b/include/linux/nfs_xdr.h
@@ -14,9 +14,6 @@
 #define NFS_DEF_FILE_IO_SIZE    (4096U)
 #define NFS_MIN_FILE_IO_SIZE    (1024U)
-/* Forward declaration for NFS v3 */
-struct nfs4_secinfo_flavors;
 struct nfs4_string {
        unsigned int len;
        char *data;
@@ -1053,25 +1050,14 @@ struct nfs4_fs_locations_res {
        struct nfs4_fs_locations       *fs_locations;
 };
-struct nfs4_secinfo_oid {
+struct nfs4_secinfo4 {
-        unsigned int len;
+        u32                     flavor;
-        char data[GSS_OID_MAX_LEN];
+        struct rpcsec_gss_info  flavor_info;
-};
-struct nfs4_secinfo_gss {
-        struct nfs4_secinfo_oid sec_oid4;
-        unsigned int qop4;
-        unsigned int service;
-};
-struct nfs4_secinfo_flavor {
-        unsigned int            flavor;
-        struct nfs4_secinfo_gss gss;
 };
 struct nfs4_secinfo_flavors {
-        unsigned int num_flavors;
+        unsigned int            num_flavors;
-        struct nfs4_secinfo_flavor flavors[0];
+        struct nfs4_secinfo4    flavors[0];
 };
 struct nfs4_secinfo_arg {
diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h
index 58fda1c3c783..0dd00f4f6810 100644
--- a/include/linux/sunrpc/auth.h
+++ b/include/linux/sunrpc/auth.h
@@ -22,6 +22,8 @@
 /* size of the nodename buffer */
 #define UNX_MAXNODENAME 32
+struct rpcsec_gss_info;
 /* Work around the lack of a VFS credential */
 struct auth_cred {
        kuid_t  uid;
@@ -103,6 +105,9 @@ struct rpc_authops {
        int                     (*pipes_create)(struct rpc_auth *);
        void                    (*pipes_destroy)(struct rpc_auth *);
        int                     (*list_pseudoflavors)(rpc_authflavor_t *, int);
+        rpc_authflavor_t        (*info2flavor)(struct rpcsec_gss_info *);
+        int                     (*flavor2info)(rpc_authflavor_t,
+                                                struct rpcsec_gss_info *);
 };
 struct rpc_credops {
@@ -137,6 +142,10 @@ int			rpcauth_register(const struct rpc_authops *);
 int                     rpcauth_unregister(const struct rpc_authops *);
 struct rpc_auth *       rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
 void                    rpcauth_release(struct rpc_auth *);
+rpc_authflavor_t        rpcauth_get_pseudoflavor(rpc_authflavor_t,
+                                struct rpcsec_gss_info *);
+int                     rpcauth_get_gssinfo(rpc_authflavor_t,
+                                struct rpcsec_gss_info *);
 int                     rpcauth_list_flavors(rpc_authflavor_t *, int);
 struct rpc_cred *       rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int);
 void                    rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *);
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index a19e2547ae6a..f32b7a47e13f 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -25,10 +25,21 @@ struct gss_ctx {
 #define GSS_C_NO_BUFFER         ((struct xdr_netobj) 0)
 #define GSS_C_NO_CONTEXT        ((struct gss_ctx *) 0)
-#define GSS_C_NULL_OID          ((struct xdr_netobj) 0)
+#define GSS_C_QOP_DEFAULT       (0)
 /*XXX  arbitrary length - is this set somewhere? */
 #define GSS_OID_MAX_LEN 32
+struct rpcsec_gss_oid {
+        unsigned int    len;
+        u8              data[GSS_OID_MAX_LEN];
+};
+/* From RFC 3530 */
+struct rpcsec_gss_info {
+        struct rpcsec_gss_oid   oid;
+        u32                     qop;
+        u32                     service;
+};
 /* gss-api prototypes; note that these are somewhat simplified versions of
 * the prototypes specified in RFC 2744. */
@@ -58,12 +69,14 @@ u32 gss_unwrap(
 u32 gss_delete_sec_context(
                struct gss_ctx          **ctx_id);
-u32 gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 service);
+rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
+                                        u32 service);
 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
 struct pf_desc {
        u32     pseudoflavor;
+        u32     qop;
        u32     service;
        char    *name;
        char    *auth_domain_name;
@@ -76,7 +89,7 @@ struct pf_desc {
 struct gss_api_mech {
        struct list_head        gm_list;
        struct module           *gm_owner;
-        struct xdr_netobj       gm_oid;
+        struct rpcsec_gss_oid   gm_oid;
        char                    *gm_name;
        const struct gss_api_ops *gm_ops;
        /* pseudoflavors supported by this mechanism: */
@@ -117,9 +130,11 @@ struct gss_api_ops {
 int gss_mech_register(struct gss_api_mech *);
 void gss_mech_unregister(struct gss_api_mech *);
-/* returns a mechanism descriptor given an OID, and increments the mechanism's
+/* Given a GSS security tuple, look up a pseudoflavor */
- * reference count. */
+rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
-struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *);
+/* Given a pseudoflavor, look up a GSS security tuple */
+int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
 struct gss_api_mech *gss_mech_get_by_name(const char *);
@@ -130,9 +145,6 @@ struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
 /* Fill in an array with a list of supported pseudoflavors */
 int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
-/* Just increments the mechanism's reference count and returns its input: */
-struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
 * corresponding call to gss_mech_put. */
 void gss_mech_put(struct gss_api_mech *);
author	Trond Myklebust <Trond.Myklebust@netapp.com>	2013-04-23 15:40:40 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2013-04-23 15:40:40 -0400
commit	bd1d421abcaae1b84ba377ea4c33bba31d654199 (patch)
tree	10bf67d7063a95ffd013a9d01a35b906a7d89fcf /include
parent	bdeca1b76cd56cd10a029f0ad2fd9ab6dd7e313d (diff)
parent	79d852bf5e7691dc78cc6322ecd1860c50940785 (diff)

diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index bdc100f66dfb..766c5bc9d441 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h
@@ -14,9 +14,6 @@
14	#define NFS_DEF_FILE_IO_SIZE (4096U)	14	#define NFS_DEF_FILE_IO_SIZE (4096U)
15	#define NFS_MIN_FILE_IO_SIZE (1024U)	15	#define NFS_MIN_FILE_IO_SIZE (1024U)
16		16
17	/* Forward declaration for NFS v3 */
18	struct nfs4_secinfo_flavors;
19
20	struct nfs4_string {	17	struct nfs4_string {
21	unsigned int len;	18	unsigned int len;
22	char *data;	19	char *data;
@@ -1053,25 +1050,14 @@ struct nfs4_fs_locations_res {
1053	struct nfs4_fs_locations *fs_locations;	1050	struct nfs4_fs_locations *fs_locations;
1054	};	1051	};
1055		1052
1056	struct nfs4_secinfo_oid {	1053	struct nfs4_secinfo4 {
1057	unsigned int len;	1054	u32 flavor;
1058	char data[GSS_OID_MAX_LEN];	1055	struct rpcsec_gss_info flavor_info;
1059	};
1060
1061	struct nfs4_secinfo_gss {
1062	struct nfs4_secinfo_oid sec_oid4;
1063	unsigned int qop4;
1064	unsigned int service;
1065	};
1066
1067	struct nfs4_secinfo_flavor {
1068	unsigned int flavor;
1069	struct nfs4_secinfo_gss gss;
1070	};	1056	};
1071		1057
1072	struct nfs4_secinfo_flavors {	1058	struct nfs4_secinfo_flavors {
1073	unsigned int num_flavors;	1059	unsigned int num_flavors;
1074	struct nfs4_secinfo_flavor flavors[0];	1060	struct nfs4_secinfo4 flavors[0];
1075	};	1061	};
1076		1062
1077	struct nfs4_secinfo_arg {	1063	struct nfs4_secinfo_arg {


diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h index 58fda1c3c783..0dd00f4f6810 100644 --- a/include/linux/sunrpc/auth.h +++ b/include/linux/sunrpc/auth.h
@@ -22,6 +22,8 @@
22	/* size of the nodename buffer */	22	/* size of the nodename buffer */
23	#define UNX_MAXNODENAME 32	23	#define UNX_MAXNODENAME 32
24		24
		25	struct rpcsec_gss_info;
		26
25	/* Work around the lack of a VFS credential */	27	/* Work around the lack of a VFS credential */
26	struct auth_cred {	28	struct auth_cred {
27	kuid_t uid;	29	kuid_t uid;
@@ -103,6 +105,9 @@ struct rpc_authops {
103	int (pipes_create)(struct rpc_auth );	105	int (pipes_create)(struct rpc_auth );
104	void (pipes_destroy)(struct rpc_auth );	106	void (pipes_destroy)(struct rpc_auth );
105	int (list_pseudoflavors)(rpc_authflavor_t , int);	107	int (list_pseudoflavors)(rpc_authflavor_t , int);
		108	rpc_authflavor_t (info2flavor)(struct rpcsec_gss_info );
		109	int (*flavor2info)(rpc_authflavor_t,
		110	struct rpcsec_gss_info *);
106	};	111	};
107		112
108	struct rpc_credops {	113	struct rpc_credops {
@@ -137,6 +142,10 @@ int rpcauth_register(const struct rpc_authops *);
137	int rpcauth_unregister(const struct rpc_authops *);	142	int rpcauth_unregister(const struct rpc_authops *);
138	struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);	143	struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
139	void rpcauth_release(struct rpc_auth *);	144	void rpcauth_release(struct rpc_auth *);
		145	rpc_authflavor_t rpcauth_get_pseudoflavor(rpc_authflavor_t,
		146	struct rpcsec_gss_info *);
		147	int rpcauth_get_gssinfo(rpc_authflavor_t,
		148	struct rpcsec_gss_info *);
140	int rpcauth_list_flavors(rpc_authflavor_t *, int);	149	int rpcauth_list_flavors(rpc_authflavor_t *, int);
141	struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth , struct auth_cred , int);	150	struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth , struct auth_cred , int);
142	void rpcauth_init_cred(struct rpc_cred , const struct auth_cred , struct rpc_auth , const struct rpc_credops );	151	void rpcauth_init_cred(struct rpc_cred , const struct auth_cred , struct rpc_auth , const struct rpc_credops );


diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h index a19e2547ae6a..f32b7a47e13f 100644 --- a/include/linux/sunrpc/gss_api.h +++ b/include/linux/sunrpc/gss_api.h
@@ -25,10 +25,21 @@ struct gss_ctx {
25		25
26	#define GSS_C_NO_BUFFER ((struct xdr_netobj) 0)	26	#define GSS_C_NO_BUFFER ((struct xdr_netobj) 0)
27	#define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0)	27	#define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0)
28	#define GSS_C_NULL_OID ((struct xdr_netobj) 0)	28	#define GSS_C_QOP_DEFAULT (0)
29		29
30	/XXX arbitrary length - is this set somewhere? /	30	/XXX arbitrary length - is this set somewhere? /
31	#define GSS_OID_MAX_LEN 32	31	#define GSS_OID_MAX_LEN 32
		32	struct rpcsec_gss_oid {
		33	unsigned int len;
		34	u8 data[GSS_OID_MAX_LEN];
		35	};
		36
		37	/* From RFC 3530 */
		38	struct rpcsec_gss_info {
		39	struct rpcsec_gss_oid oid;
		40	u32 qop;
		41	u32 service;
		42	};
32		43
33	/* gss-api prototypes; note that these are somewhat simplified versions of	44	/* gss-api prototypes; note that these are somewhat simplified versions of
34	* the prototypes specified in RFC 2744. */	45	* the prototypes specified in RFC 2744. */
@@ -58,12 +69,14 @@ u32 gss_unwrap(
58	u32 gss_delete_sec_context(	69	u32 gss_delete_sec_context(
59	struct gss_ctx **ctx_id);	70	struct gss_ctx **ctx_id);
60		71
61	u32 gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 service);	72	rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
		73	u32 service);
62	u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);	74	u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
63	char gss_service_to_auth_domain_name(struct gss_api_mech , u32 service);	75	char gss_service_to_auth_domain_name(struct gss_api_mech , u32 service);
64		76
65	struct pf_desc {	77	struct pf_desc {
66	u32 pseudoflavor;	78	u32 pseudoflavor;
		79	u32 qop;
67	u32 service;	80	u32 service;
68	char *name;	81	char *name;
69	char *auth_domain_name;	82	char *auth_domain_name;
@@ -76,7 +89,7 @@ struct pf_desc {
76	struct gss_api_mech {	89	struct gss_api_mech {
77	struct list_head gm_list;	90	struct list_head gm_list;
78	struct module *gm_owner;	91	struct module *gm_owner;
79	struct xdr_netobj gm_oid;	92	struct rpcsec_gss_oid gm_oid;
80	char *gm_name;	93	char *gm_name;
81	const struct gss_api_ops *gm_ops;	94	const struct gss_api_ops *gm_ops;
82	/* pseudoflavors supported by this mechanism: */	95	/* pseudoflavors supported by this mechanism: */
@@ -117,9 +130,11 @@ struct gss_api_ops {
117	int gss_mech_register(struct gss_api_mech *);	130	int gss_mech_register(struct gss_api_mech *);
118	void gss_mech_unregister(struct gss_api_mech *);	131	void gss_mech_unregister(struct gss_api_mech *);
119		132
120	/* returns a mechanism descriptor given an OID, and increments the mechanism's	133	/* Given a GSS security tuple, look up a pseudoflavor */
121	* reference count. */	134	rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
122	struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *);	135
		136	/* Given a pseudoflavor, look up a GSS security tuple */
		137	int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
123		138
124	/* Returns a reference to a mechanism, given a name like "krb5" etc. */	139	/* Returns a reference to a mechanism, given a name like "krb5" etc. */
125	struct gss_api_mech gss_mech_get_by_name(const char );	140	struct gss_api_mech gss_mech_get_by_name(const char );
@@ -130,9 +145,6 @@ struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
130	/* Fill in an array with a list of supported pseudoflavors */	145	/* Fill in an array with a list of supported pseudoflavors */
131	int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);	146	int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
132		147
133	/* Just increments the mechanism's reference count and returns its input: */
134	struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
135
136	/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a	148	/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
137	* corresponding call to gss_mech_put. */	149	* corresponding call to gss_mech_put. */
138	void gss_mech_put(struct gss_api_mech *);	150	void gss_mech_put(struct gss_api_mech *);