• Chuck Lever's avatar
    SUNRPC: Consider qop when looking up pseudoflavors · 83523d08
    Chuck Lever authored
    The NFSv4 SECINFO operation returns a list of security flavors that
    the server supports for a particular share.  An NFSv4 client is
    supposed to pick a pseudoflavor it supports that corresponds to one
    of the flavors returned by the server.
    
    GSS flavors in this list have a GSS tuple that identify a specific
    GSS pseudoflavor.
    
    Currently our client ignores the GSS tuple's "qop" value.  A
    matching pseudoflavor is chosen based only on the OID and service
    value.
    
    So far this omission has not had much effect on Linux.  The NFSv4
    protocol currently supports only one qop value: GSS_C_QOP_DEFAULT,
    also known as zero.
    
    However, if an NFSv4 server happens to return something other than
    zero in the qop field, our client won't notice.  This could cause
    the client to behave in incorrect ways that could have security
    implications.
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    83523d08
svcauth_gss.c 38.4 KB