kernel/include/linux/sunrpc/gss_krb5.h, branch linux-3.0.y

NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls

2010-05-14T19:09:33Z

Again, we can deadlock if the memory reclaim triggers a writeback that requires a rpcsec_gss credential lookup. Signed-off-by: Trond Myklebust

gss_krb5: Add support for rc4-hmac encryption

2010-05-14T19:09:20Z

Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gss_krb5: Use confounder length in wrap code

2010-05-14T19:09:20Z

All encryption types use a confounder at the beginning of the wrap token. In all encryption types except arcfour-hmac, the confounder is the same as the blocksize. arcfour-hmac has a blocksize of one, but uses an eight byte confounder. Add an entry to the crypto framework definitions for the confounder length and change the wrap/unwrap code to use the confounder length rather than assuming it is always the blocksize. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gssd_krb5: More arcfour-hmac support

2010-05-14T19:09:20Z

For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gss_krb5: Save the raw session key in the context

2010-05-14T19:09:19Z

This is needed for deriving arcfour-hmac keys "on the fly" using the sequence number or checksu Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gssd_krb5: arcfour-hmac support

2010-05-14T19:09:19Z

For arcfour-hmac support, the make_checksum function needs a usage field to correctly calculate the checksum differently for MIC and WRAP tokens. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gss_krb5: add remaining pieces to enable AES encryption support

2010-05-14T19:09:19Z

Add the remaining pieces to enable support for Kerberos AES encryption types. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gss_krb5: add support for new token formats in rfc4121

2010-05-14T19:09:18Z

This is a step toward support for AES encryption types which are required to use the new token formats defined in rfc4121. Signed-off-by: Kevin Coffman [SteveD: Fixed a typo in gss_verify_mic_v2()] Signed-off-by: Steve Dickson [Trond: Got rid of the TEST_ROTATE/TEST_EXTRA_COUNT crap] Signed-off-by: Trond Myklebust

gss_krb5: add support for triple-des encryption

2010-05-14T19:09:17Z

Add the final pieces to support the triple-des encryption type. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust

gss_krb5: handle new context format from gssd

2010-05-14T19:09:17Z

For encryption types other than DES, gssd sends down context information in a new format. This new format includes the information needed to support the new Kerberos GSS-API tokens defined in rfc4121. Signed-off-by: Kevin Coffman Signed-off-by: Steve Dickson Signed-off-by: Trond Myklebust