This patch adds shared key null (skn) and shared key auth (ska)
flavors to make shared key consistent with the kerberos
implementation. Shared key null requires a key to establish the
security context but does not use integrity or privacy outside of
the SEC_CTX_INIT RPC. Shared key auth enables integrity for normal
service but not bulk.
Signed-off-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Change-Id: I55fa52dfe1089f3dc9a40ffad28997a0b08aadec
Reviewed-on: http://review.whamcloud.com/18773
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
#define SPTLRPC_SUBFLVR_KRB5P \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
#define SPTLRPC_SUBFLVR_KRB5P \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
+#define SPTLRPC_SUBFLVR_SKN \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_NULL)
+#define SPTLRPC_SUBFLVR_SKA \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_AUTH)
#define SPTLRPC_SUBFLVR_SKI \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_INTG)
#define SPTLRPC_SUBFLVR_SKPI \
#define SPTLRPC_SUBFLVR_SKI \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_INTG)
#define SPTLRPC_SUBFLVR_SKPI \
SPTLRPC_SVC_PRIV, \
SPTLRPC_BULK_DEFAULT, \
SPTLRPC_BULK_SVC_PRIV)
SPTLRPC_SVC_PRIV, \
SPTLRPC_BULK_DEFAULT, \
SPTLRPC_BULK_SVC_PRIV)
+#define SPTLRPC_FLVR_SKN \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_NULL, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_NULL)
+#define SPTLRPC_FLVR_SKA \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_AUTH, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_NULL)
#define SPTLRPC_FLVR_SKI \
MAKE_FLVR(SPTLRPC_POLICY_GSS, \
SPTLRPC_MECH_GSS_SK, \
#define SPTLRPC_FLVR_SKI \
MAKE_FLVR(SPTLRPC_POLICY_GSS, \
SPTLRPC_MECH_GSS_SK, \
static struct subflavor_desc gss_sk_sfs[] = {
{
static struct subflavor_desc gss_sk_sfs[] = {
{
+ .sf_subflavor = SPTLRPC_SUBFLVR_SKN,
+ .sf_qop = 0,
+ .sf_service = SPTLRPC_SVC_NULL,
+ .sf_name = "skn"
+ },
+ {
+ .sf_subflavor = SPTLRPC_SUBFLVR_SKA,
+ .sf_qop = 0,
+ .sf_service = SPTLRPC_SVC_AUTH,
+ .sf_name = "ska"
+ },
+ {
.sf_subflavor = SPTLRPC_SUBFLVR_SKI,
.sf_qop = 0,
.sf_service = SPTLRPC_SVC_INTG,
.sf_subflavor = SPTLRPC_SUBFLVR_SKI,
.sf_qop = 0,
.sf_service = SPTLRPC_SVC_INTG,
"\053\006\001\004\001\311\146\215\126\001\000\001",
},
.gm_ops = &gss_sk_ops,
"\053\006\001\004\001\311\146\215\126\001\000\001",
},
.gm_ops = &gss_sk_ops,
return SPTLRPC_FLVR_KRB5I;
if (!strcmp(name, "krb5p"))
return SPTLRPC_FLVR_KRB5P;
return SPTLRPC_FLVR_KRB5I;
if (!strcmp(name, "krb5p"))
return SPTLRPC_FLVR_KRB5P;
+ if (!strcmp(name, "skn"))
+ return SPTLRPC_FLVR_SKN;
+ if (!strcmp(name, "ska"))
+ return SPTLRPC_FLVR_SKA;
if (!strcmp(name, "ski"))
return SPTLRPC_FLVR_SKI;
if (!strcmp(name, "skpi"))
if (!strcmp(name, "ski"))
return SPTLRPC_FLVR_SKI;
if (!strcmp(name, "skpi"))
return "krb5i";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
return "krb5p";
return "krb5i";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5P))
return "krb5p";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKN))
+ return "skn";
+ else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKA))
+ return "ska";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKI))
return "ski";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKPI))
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKI))
return "ski";
else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_SKPI))