git.baikalelectronics.ru Git - kernel.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Sat, 16 Mar 2013 19:55:01 +0000 (15:55 -0400)
committer	Trond Myklebust <Trond.Myklebust@netapp.com>
	Fri, 29 Mar 2013 19:43:24 +0000 (15:43 -0400)
commit	11b1a359aaa8e9051719c13bfd699df776737055
tree	e09dba12aaa71997d1ebe1913ddf6a3f9d5f55cb	tree \| snapshot
parent	30f8b4f3d4404cadba1b6821d8f837dac1fb64aa	commit \| diff

SUNRPC: Consider qop when looking up pseudoflavors

The NFSv4 SECINFO operation returns a list of security flavors that
the server supports for a particular share.  An NFSv4 client is
supposed to pick a pseudoflavor it supports that corresponds to one
of the flavors returned by the server.

GSS flavors in this list have a GSS tuple that identify a specific
GSS pseudoflavor.

Currently our client ignores the GSS tuple's "qop" value.  A
matching pseudoflavor is chosen based only on the OID and service
value.

So far this omission has not had much effect on Linux.  The NFSv4
protocol currently supports only one qop value: GSS_C_QOP_DEFAULT,
also known as zero.

However, if an NFSv4 server happens to return something other than
zero in the qop field, our client won't notice.  This could cause
the client to behave in incorrect ways that could have security
implications.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

include/linux/sunrpc/gss_api.h		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_mech.c		diff \| blob \| history
net/sunrpc/auth_gss/gss_mech_switch.c		diff \| blob \| history
net/sunrpc/auth_gss/svcauth_gss.c		diff \| blob \| history