git.karo-electronics.de Git - linux-beck.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Sat, 16 Mar 2013 19:54:43 +0000 (15:54 -0400)
committer	Trond Myklebust <Trond.Myklebust@netapp.com>
	Fri, 29 Mar 2013 19:43:07 +0000 (15:43 -0400)
commit	9568c5e9a61de49f67f524404a27a1014a8d7f1e
tree	5bc8c5496bae61b6e5dfac11e620f7aef18a58b6	tree \| snapshot
parent	fb15b26f8ba3ff629a052faf3f4a4744585ca2dc	commit \| diff

SUNRPC: Introduce rpcauth_get_pseudoflavor()

A SECINFO reply may contain flavors whose kernel module is not
yet loaded by the client's kernel.  A new RPC client API, called
rpcauth_get_pseudoflavor(), is introduced to do proper checking
for support of a security flavor.

When this API is invoked, the RPC client now tries to load the
module for each flavor first before performing the "is this
supported?" check.  This means if a module is available on the
client, but has not been loaded yet, it will be loaded and
registered automatically when the SECINFO reply is processed.

The new API can take a full GSS tuple (OID, QoP, and service).
Previously only the OID and service were considered.

nfs_find_best_sec() is updated to verify all flavors requested in a
SECINFO reply, including AUTH_NULL and AUTH_UNIX.  Previously these
two flavors were simply assumed to be supported without consulting
the RPC client.

Note that the replaced version of nfs_find_best_sec() can return
RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
unsupported "service" value.  nfs_find_best_sec() now returns
RPC_AUTH_UNIX in this case.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

fs/nfs/nfs4namespace.c		diff \| blob \| history
include/linux/sunrpc/auth.h		diff \| blob \| history
include/linux/sunrpc/gss_api.h		diff \| blob \| history
net/sunrpc/auth.c		diff \| blob \| history
net/sunrpc/auth_gss/auth_gss.c		diff \| blob \| history
net/sunrpc/auth_gss/gss_mech_switch.c		diff \| blob \| history