From 683ac6656cb05b6e83593770ffc049eee4a4d119 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Thu, 8 Apr 2010 14:09:58 -0400 Subject: gss_krb5: Add upcall info indicating supported kerberos enctypes The text based upcall now indicates which Kerberos encryption types are supported by the kernel rpcsecgss code. This is used by gssd to determine which encryption types it should attempt to negotiate when creating a context with a server. The server principal's database and keytab encryption types are what limits what it should negotiate. Therefore, its keytab should be created with only the enctypes listed by this file. Currently we support des-cbc-crc, des-cbc-md4 and des-cbc-md5 Signed-off-by: Trond Myklebust --- include/linux/sunrpc/gss_api.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/linux/sunrpc/gss_api.h') diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h index 03f33330ece2..b22d7f189ceb 100644 --- a/include/linux/sunrpc/gss_api.h +++ b/include/linux/sunrpc/gss_api.h @@ -80,6 +80,8 @@ struct gss_api_mech { /* pseudoflavors supported by this mechanism: */ int gm_pf_num; struct pf_desc * gm_pfs; + /* Should the following be a callback operation instead? */ + const char *gm_upcall_enctypes; }; /* and must provide the following operations: */ -- cgit v1.2.3 From 1f4c86c0be9064ab4eebd9e67c84606c1cfeec4b Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Thu, 13 May 2010 12:51:02 -0400 Subject: NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls Again, we can deadlock if the memory reclaim triggers a writeback that requires a rpcsec_gss credential lookup. Signed-off-by: Trond Myklebust --- include/linux/sunrpc/gss_api.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include/linux/sunrpc/gss_api.h') diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h index b22d7f189ceb..5d8048beb051 100644 --- a/include/linux/sunrpc/gss_api.h +++ b/include/linux/sunrpc/gss_api.h @@ -35,7 +35,8 @@ int gss_import_sec_context( const void* input_token, size_t bufsize, struct gss_api_mech *mech, - struct gss_ctx **ctx_id); + struct gss_ctx **ctx_id, + gfp_t gfp_mask); u32 gss_get_mic( struct gss_ctx *ctx_id, struct xdr_buf *message, @@ -89,7 +90,8 @@ struct gss_api_ops { int (*gss_import_sec_context)( const void *input_token, size_t bufsize, - struct gss_ctx *ctx_id); + struct gss_ctx *ctx_id, + gfp_t gfp_mask); u32 (*gss_get_mic)( struct gss_ctx *ctx_id, struct xdr_buf *message, -- cgit v1.2.3