summaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss/gss_mech_switch.c
Commit message (Collapse)AuthorAgeFilesLines
* xprtrdma: No direct data placement with krb5i and krb5pChuck Lever2016-07-111-0/+12
| | | | | | | | | | | | | | | | | | | | Direct data placement is not allowed when using flavors that guarantee integrity or privacy. When such security flavors are in effect, don't allow the use of Read and Write chunks for moving individual data items. All messages larger than the inline threshold are sent via Long Call or Long Reply. On my systems (CX-3 Pro on FDR), for small I/O operations, the use of Long messages adds only around 5 usecs of latency in each direction. Note that when integrity or encryption is used, the host CPU touches every byte in these messages. Even if it could be used, data movement offload doesn't buy much in this case. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Tested-by: Steve Wise <swise@opengridcomputing.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
* sunrpc: eliminate RPC_DEBUGJeff Layton2014-11-241-1/+1
| | | | | | | It's always set to whatever CONFIG_SUNRPC_DEBUG is, so just use that. Signed-off-by: Jeff Layton <jlayton@primarydata.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
* SUNRPC: Fix a module reference issue in rpcsec_gssTrond Myklebust2014-05-181-3/+1
| | | | | | | | We're not taking a reference in the case where _gss_mech_get_by_pseudoflavor loops without finding the correct rpcsec_gss flavour, so why are we releasing it? Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
* svcrpc: store gss mech in svc_credJ. Bruce Fields2013-07-011-1/+4
| | | | | | | | | Store a pointer to the gss mechanism used in the rq_cred and cl_cred. This will make it easier to enforce SP4_MACH_CRED, which needs to compare the mechanism used on the exchange_id with that used on protected operations. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* Merge branch 'nfs-for-next' of git://linux-nfs.org/~trondmy/nfs-2.6 into ↵J. Bruce Fields2013-04-291-29/+90
|\ | | | | | | | | | | | | | | | | for-3.10 Note conflict: Chuck's patches modified (and made static) gss_mech_get_by_OID, which is still needed by gss-proxy patches. The conflict resolution is a bit minimal; we may want some more cleanup.
| * SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switchChuck Lever2013-03-291-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | Clean up: Reduce the symbol table footprint for auth_rpcgss.ko by removing exported symbols for functions that are no longer used outside of auth_rpcgss.ko. The remaining two EXPORTs in gss_mech_switch.c get documenting comments. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Make gss_mech_get() staticChuck Lever2013-03-291-4/+1
| | | | | | | | | | | | | | gss_mech_get() is no longer used outside of gss_mech_switch.c. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Refactor nfsd4_do_encode_secinfo()Chuck Lever2013-03-291-2/+33
| | | | | | | | | | | | | | | | | | Clean up. This matches a similar API for the client side, and keeps ULP fingers out the of the GSS mech switch. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Acked-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Consider qop when looking up pseudoflavorsChuck Lever2013-03-291-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The NFSv4 SECINFO operation returns a list of security flavors that the server supports for a particular share. An NFSv4 client is supposed to pick a pseudoflavor it supports that corresponds to one of the flavors returned by the server. GSS flavors in this list have a GSS tuple that identify a specific GSS pseudoflavor. Currently our client ignores the GSS tuple's "qop" value. A matching pseudoflavor is chosen based only on the OID and service value. So far this omission has not had much effect on Linux. The NFSv4 protocol currently supports only one qop value: GSS_C_QOP_DEFAULT, also known as zero. However, if an NFSv4 server happens to return something other than zero in the qop field, our client won't notice. This could cause the client to behave in incorrect ways that could have security implications. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Load GSS kernel module by OIDChuck Lever2013-03-291-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current GSS mech switch can find and load GSS pseudoflavor modules by name ("krb5") or pseudoflavor number ("390003"), but cannot find GSS modules by GSS tuple: [ "1.2.840.113554.1.2.2", GSS_C_QOP_DEFAULT, RPC_GSS_SVC_NONE ] This is important when dealing with a SECINFO request. A SECINFO reply contains a list of flavors the server supports for the requested export, but GSS flavors also have a GSS tuple that maps to a pseudoflavor (like 390003 for krb5). If the GSS module that supports the OID in the tuple is not loaded, our client is not able to load that module dynamically to support that pseudoflavor. Add a way for the GSS mech switch to load GSS pseudoflavor support by OID before searching for the pseudoflavor that matches the OID and service. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Introduce rpcauth_get_pseudoflavor()Chuck Lever2013-03-291-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A SECINFO reply may contain flavors whose kernel module is not yet loaded by the client's kernel. A new RPC client API, called rpcauth_get_pseudoflavor(), is introduced to do proper checking for support of a security flavor. When this API is invoked, the RPC client now tries to load the module for each flavor first before performing the "is this supported?" check. This means if a module is available on the client, but has not been loaded yet, it will be loaded and registered automatically when the SECINFO reply is processed. The new API can take a full GSS tuple (OID, QoP, and service). Previously only the OID and service were considered. nfs_find_best_sec() is updated to verify all flavors requested in a SECINFO reply, including AUTH_NULL and AUTH_UNIX. Previously these two flavors were simply assumed to be supported without consulting the RPC client. Note that the replaced version of nfs_find_best_sec() can return RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an unsupported "service" value. nfs_find_best_sec() now returns RPC_AUTH_UNIX in this case. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | SUNRPC: conditionally return endtime from import_sec_contextSimo Sorce2013-04-261-2/+3
|/ | | | | | | | | We expose this parameter for a future caller. It will be used to extract the endtime from the gss-proxy upcall mechanism, in order to set the rsc cache expiration time. Signed-off-by: Simo Sorce <simo@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* SUNRPC: Add missing static declaration to _gss_mech_get_by_nameTrond Myklebust2013-02-011-2/+2
| | | | | | Ditto for _gss_mech_get_by_pseudoflavor. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Add a missing spin_unlock to gss_mech_list_pseudoflavorsTrond Myklebust2012-07-171-1/+3
| | | | | | | | The patch "SUNRPC: Add rpcauth_list_flavors()" introduces a new error path in gss_mech_list_pseudoflavors, but fails to release the spin lock. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Add rpcauth_list_flavors()Chuck Lever2012-07-161-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The gss_mech_list_pseudoflavors() function provides a list of currently registered GSS pseudoflavors. This list does not include any non-GSS flavors that have been registered with the RPC client. nfs4_find_root_sec() currently adds these extra flavors by hand. Instead, nfs4_find_root_sec() should be looking at the set of flavors that have been explicitly registered via rpcauth_register(). And, other areas of code will soon need the same kind of list that contains all flavors the kernel currently knows about (see below). Rather than cloning the open-coded logic in nfs4_find_root_sec() to those new places, introduce a generic RPC function that generates a full list of registered auth flavors and pseudoflavors. A new rpc_authops method is added that lists a flavor's pseudoflavors, if it has any. I encountered an interesting module loader loop when I tried to get the RPC client to invoke gss_mech_list_pseudoflavors() by name. This patch is a pre-requisite for server trunking discovery, and a pre-requisite for fixing up the in-kernel mount client to do better automatic security flavor selection. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* auth_gss: the list of pseudoflavors not being parsed correctlySteve Dickson2012-05-031-3/+4
| | | | | | | | | gss_mech_list_pseudoflavors() parses a list of registered mechanisms. On that list contains a list of pseudo flavors which was not being parsed correctly, causing only the first pseudo flavor to be found. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpc: allow autoloading of gss mechanismsJ. Bruce Fields2011-07-151-4/+28
| | | | | | Remove the need for an explicit modprobe of rpcsec_gss_krb5. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
* NFS: Determine initial mount securityBryan Schumaker2011-03-241-0/+16
| | | | | | | | | When sec=<something> is not presented as a mount option, we should attempt to determine what security flavor the server is using. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* NFS: use secinfo when crossing mountpointsBryan Schumaker2011-03-241-0/+22
| | | | | | | | | A submount may use different security than the parent mount does. We should figure out what sec flavor the submount uses at mount time. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* net: return operator cleanupEric Dumazet2010-09-231-1/+1
| | | | | | | | | Change "return (EXPR);" to "return EXPR;" return is not a function, parentheses are not required. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* NFS: Don't use GFP_KERNEL in rpcsec_gss downcallsTrond Myklebust2010-05-141-3/+4
| | | | | | | Again, we can deadlock if the memory reclaim triggers a writeback that requires a rpcsec_gss credential lookup. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss_krb5: Added and improved code commentsKevin Coffman2010-05-141-0/+14
| | | | | Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Fix the return value in gss_import_sec_context()Trond Myklebust2009-12-181-1/+1
| | | | | | | | | | | If the context allocation fails, it will return GSS_S_FAILURE, which is neither a valid error code, nor is it even negative. Return ENOMEM instead... Reported-by: Jeff Layton <jlayton@redhat.com> Cc: stable@kernel.org Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: rpcsec_gss modules should not be used by out-of-tree codeTrond Myklebust2008-12-231-9/+9
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [SUNRPC]: net/* NULL noiseAl Viro2008-03-171-1/+1
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* knfsd: nfsd4: store pseudoflavor in requestAndy Adamson2007-07-171-0/+14
| | | | | | | | | | | | Add a new field to the svc_rqst structure to record the pseudoflavor that the request was made with. For now we record the pseudoflavor but don't use it for anything. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'master' of /home/trondmy/kernel/linux-2.6/Trond Myklebust2007-02-121-2/+2
|\ | | | | | | | | | | | | | | | | | | Conflicts: net/sunrpc/auth_gss/gss_krb5_crypto.c net/sunrpc/auth_gss/gss_spkm3_token.c net/sunrpc/clnt.c Merge with mainline and fix conflicts.
| * [NET] SUNRPC: Fix whitespace errors.YOSHIFUJI Hideaki2007-02-101-2/+2
| | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | SUNRPC: fix print format for tk_pid in auth_gss supportChuck Lever2007-02-031-3/+3
|/ | | | | | | | | | The tk_pid field is an unsigned short. The proper print format specifier for that type is %5u, not %4d. Also clean up some miscellaneous print formatting nits. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [NET]: Conversions from kmalloc+memset to k(z|c)alloc.Panagiotis Issaris2006-07-211-2/+1
| | | | | | Signed-off-by: Panagiotis Issaris <takis@issaris.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] knfsd: svcrpc: gss: simplify rsc_parse()J. Bruce Fields2006-06-301-3/+3
| | | | | | | | | Adopt a simpler convention for gss_mech_put(), to simplify rsc_parse(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [NET]: kfree cleanupJesper Juhl2005-11-081-2/+1
| | | | | | | | | | | | | | | From: Jesper Juhl <jesper.juhl@gmail.com> This is the net/ part of the big kfree cleanup patch. Remove pointless checks for NULL prior to calling kfree() in net/. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Arnaldo Carvalho de Melo <acme@conectiva.com.br> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Andrew Morton <akpm@osdl.org>
* RPCSEC_GSS remove all qop parametersJ. Bruce Fields2005-10-181-10/+4
| | | | | | | | | Not only are the qop parameters that are passed around throughout the gssapi unused by any currently implemented mechanism, but there appears to be some doubt as to whether they will ever be used. Let's just kill them off for now. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Add support for privacy to generic gss-api code.J. Bruce Fields2005-10-181-0/+22
| | | | | | | | | Add support for privacy to generic gss-api code. This is dead code until we have both a mechanism that supports privacy and code in the client or server that uses it. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [PATCH] RPC: Eliminate socket.h includes in RPC clientChuck Lever2005-09-231-1/+0
| | | | | | | | | | | | | Clean-up: get rid of unnecessary socket.h and in.h includes in the generic parts of the RPC client. Test-plan: Compile kernel with CONFIG_NFS enabled. Version: Thu, 11 Aug 2005 16:06:23 -0400 Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+301
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
OpenPOWER on IntegriCloud