From: Chuck Lever <chuck.lever@oracle.com>
To: trond.myklebust@netapp.com
Cc: linux-nfs@vger.kernel.org, Chuck Lever <chuck.lever@oracle.com>,
David Howells <dhowells@redhat.com>
Subject: [PATCH v1 05/15] SUNRPC: Load GSS kernel module by OID
Date: Sat, 16 Mar 2013 15:54:52 -0400 [thread overview]
Message-ID: <20130316195452.27329.5309.stgit@seurat.1015granger.net> (raw)
In-Reply-To: <20130316195044.27329.11666.stgit@seurat.1015granger.net>
The current GSS mech switch can find and load GSS pseudoflavor
modules by name ("krb5") or pseudoflavor number ("390003"), but
cannot find GSS modules by GSS tuple:
[ "1.2.840.113554.1.2.2", GSS_C_QOP_DEFAULT, RPC_GSS_SVC_NONE ]
This is important when dealing with a SECINFO request. A SECINFO
reply contains a list of flavors the server supports for the
requested export, but GSS flavors also have a GSS tuple that maps
to a pseudoflavor (like 390003 for krb5).
If the GSS module that supports the OID in the tuple is not loaded,
our client is not able to load that module dynamically to support
that pseudoflavor.
Add a way for the GSS mech switch to load GSS pseudoflavor support
by OID before searching for the pseudoflavor that matches the OID
and service.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>
---
net/sunrpc/Kconfig | 1 +
net/sunrpc/auth_gss/gss_krb5_mech.c | 1 +
net/sunrpc/auth_gss/gss_mech_switch.c | 7 +++++++
3 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig
index 516fe2c..804f4f6 100644
--- a/net/sunrpc/Kconfig
+++ b/net/sunrpc/Kconfig
@@ -3,6 +3,7 @@ config SUNRPC
config SUNRPC_GSS
tristate
+ select OID_REGISTRY
config SUNRPC_BACKCHANNEL
bool
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 61d36ce..b822ec5 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -750,6 +750,7 @@ MODULE_ALIAS("rpc-auth-gss-krb5p");
MODULE_ALIAS("rpc-auth-gss-390003");
MODULE_ALIAS("rpc-auth-gss-390004");
MODULE_ALIAS("rpc-auth-gss-390005");
+MODULE_ALIAS("rpc-auth-gss-1.2.840.113554.1.2.2");
static struct gss_api_mech gss_kerberos_mech = {
.gm_name = "krb5",
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 4db66f5..92a7240 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -36,6 +36,7 @@
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/module.h>
+#include <linux/oid_registry.h>
#include <linux/sunrpc/msg_prot.h>
#include <linux/sunrpc/gss_asn1.h>
#include <linux/sunrpc/auth_gss.h>
@@ -174,6 +175,12 @@ EXPORT_SYMBOL_GPL(gss_mech_get_by_name);
static struct gss_api_mech *gss_mech_get_by_OID(struct rpcsec_gss_oid *obj)
{
struct gss_api_mech *pos, *gm = NULL;
+ char buf[32];
+
+ if (sprint_oid(obj->data, obj->len, buf, sizeof(buf)) < 0)
+ return NULL;
+ dprintk("RPC: %s(%s)\n", __func__, buf);
+ request_module("rpc-auth-gss-%s", buf);
spin_lock(®istered_mechs_lock);
list_for_each_entry(pos, ®istered_mechs, gm_list) {
next prev parent reply other threads:[~2013-03-16 19:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-16 19:54 [PATCH v1 00/15] Security flavor negotiation fixes Chuck Lever
2013-03-16 19:54 ` [PATCH v1 01/15] SUNRPC: Missing module alias for auth_rpcgss.ko Chuck Lever
2013-03-16 19:54 ` [PATCH v1 02/15] NFS: Remove unneeded forward declaration Chuck Lever
2013-03-16 19:54 ` [PATCH v1 03/15] SUNRPC: Define rpcsec_gss_info structure Chuck Lever
2013-03-16 19:54 ` [PATCH v1 04/15] SUNRPC: Introduce rpcauth_get_pseudoflavor() Chuck Lever
2013-03-16 19:54 ` Chuck Lever [this message]
2013-03-16 19:55 ` [PATCH v1 06/15] SUNRPC: Consider qop when looking up pseudoflavors Chuck Lever
2013-03-16 19:55 ` [PATCH v1 08/15] SUNRPC: Make gss_mech_get() static Chuck Lever
2013-03-16 19:55 ` [PATCH v1 09/15] SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch Chuck Lever
2013-03-16 19:55 ` [PATCH v1 10/15] NFS: Handle missing rpc.gssd when looking up root FH Chuck Lever
2013-03-16 19:55 ` [PATCH v1 11/15] NFS: Clean up nfs4_proc_get_rootfh Chuck Lever
2013-03-16 19:55 ` [PATCH v1 12/15] NFS: Avoid PUTROOTFH when managing leases Chuck Lever
2013-03-16 19:56 ` [PATCH v1 13/15] NFS: Use static list of security flavors during root FH lookup recovery Chuck Lever
2013-03-16 19:56 ` [PATCH v1 14/15] NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSEC Chuck Lever
2013-03-16 19:56 ` [PATCH v1 15/15] NFS: Use "krb5i" to establish NFSv4 state whenever possible Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130316195452.27329.5309.stgit@seurat.1015granger.net \
--to=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).