linux/net/sunrpc/auth_gss
Chuck Lever 83523d083a SUNRPC: Consider qop when looking up pseudoflavors
The NFSv4 SECINFO operation returns a list of security flavors that
the server supports for a particular share.  An NFSv4 client is
supposed to pick a pseudoflavor it supports that corresponds to one
of the flavors returned by the server.

GSS flavors in this list have a GSS tuple that identify a specific
GSS pseudoflavor.

Currently our client ignores the GSS tuple's "qop" value.  A
matching pseudoflavor is chosen based only on the OID and service
value.

So far this omission has not had much effect on Linux.  The NFSv4
protocol currently supports only one qop value: GSS_C_QOP_DEFAULT,
also known as zero.

However, if an NFSv4 server happens to return something other than
zero in the qop field, our client won't notice.  This could cause
the client to behave in incorrect ways that could have security
implications.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-03-29 15:43:24 -04:00
..
auth_gss.c SUNRPC: Introduce rpcauth_get_pseudoflavor() 2013-03-29 15:43:07 -04:00
gss_generic_token.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
gss_krb5_crypto.c SUNRPC: Don't use variable length automatic arrays in kernel code 2012-03-12 13:37:16 -04:00
gss_krb5_keys.c NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls 2010-05-14 15:09:33 -04:00
gss_krb5_mech.c SUNRPC: Consider qop when looking up pseudoflavors 2013-03-29 15:43:24 -04:00
gss_krb5_seal.c SUNRPC: Fix a few sparse warnings 2012-03-11 19:30:02 -04:00
gss_krb5_seqnum.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
gss_krb5_unseal.c gss_krb5: Add support for rc4-hmac encryption 2010-05-14 15:09:20 -04:00
gss_krb5_wrap.c sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer 2013-02-08 15:19:10 -05:00
gss_mech_switch.c SUNRPC: Consider qop when looking up pseudoflavors 2013-03-29 15:43:24 -04:00
Makefile Net: sunrpc: auth_gss: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
svcauth_gss.c SUNRPC: Consider qop when looking up pseudoflavors 2013-03-29 15:43:24 -04:00