• Chuck Lever's avatar
    SUNRPC: Introduce rpcauth_get_pseudoflavor() · 9568c5e9
    Chuck Lever authored
    A SECINFO reply may contain flavors whose kernel module is not
    yet loaded by the client's kernel.  A new RPC client API, called
    rpcauth_get_pseudoflavor(), is introduced to do proper checking
    for support of a security flavor.
    
    When this API is invoked, the RPC client now tries to load the
    module for each flavor first before performing the "is this
    supported?" check.  This means if a module is available on the
    client, but has not been loaded yet, it will be loaded and
    registered automatically when the SECINFO reply is processed.
    
    The new API can take a full GSS tuple (OID, QoP, and service).
    Previously only the OID and service were considered.
    
    nfs_find_best_sec() is updated to verify all flavors requested in a
    SECINFO reply, including AUTH_NULL and AUTH_UNIX.  Previously these
    two flavors were simply assumed to be supported without consulting
    the RPC client.
    
    Note that the replaced version of nfs_find_best_sec() can return
    RPC_AUTH_MAXFLAVOR if the server returns a recognized OID but an
    unsupported "service" value.  nfs_find_best_sec() now returns
    RPC_AUTH_UNIX in this case.
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    9568c5e9
auth_gss.c 44.8 KB