History log of /net/sunrpc/auth_gss/gss_krb5_mech.c
Revision Date Author Comments
400f26b542e86995662a0cc5483656b7b1f42af6 26-May-2012 Simo Sorce <simo@redhat.com> SUNRPC: conditionally return endtime from import_sec_context

We expose this parameter for a future caller.
It will be used to extract the endtime from the gss-proxy upcall mechanism,
in order to set the rsc cache expiration time.

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
83523d083a045a2069e5f3443d2e4f810a6e6d9a 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Consider qop when looking up pseudoflavors

The NFSv4 SECINFO operation returns a list of security flavors that
the server supports for a particular share. An NFSv4 client is
supposed to pick a pseudoflavor it supports that corresponds to one
of the flavors returned by the server.

GSS flavors in this list have a GSS tuple that identify a specific
GSS pseudoflavor.

Currently our client ignores the GSS tuple's "qop" value. A
matching pseudoflavor is chosen based only on the OID and service
value.

So far this omission has not had much effect on Linux. The NFSv4
protocol currently supports only one qop value: GSS_C_QOP_DEFAULT,
also known as zero.

However, if an NFSv4 server happens to return something other than
zero in the qop field, our client won't notice. This could cause
the client to behave in incorrect ways that could have security
implications.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
f783288f0cf47f1988f5284c89e325bd22c74f91 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Load GSS kernel module by OID

The current GSS mech switch can find and load GSS pseudoflavor
modules by name ("krb5") or pseudoflavor number ("390003"), but
cannot find GSS modules by GSS tuple:

[ "1.2.840.113554.1.2.2", GSS_C_QOP_DEFAULT, RPC_GSS_SVC_NONE ]

This is important when dealing with a SECINFO request. A SECINFO
reply contains a list of flavors the server supports for the
requested export, but GSS flavors also have a GSS tuple that maps
to a pseudoflavor (like 390003 for krb5).

If the GSS module that supports the OID in the tuple is not loaded,
our client is not able to load that module dynamically to support
that pseudoflavor.

Add a way for the GSS mech switch to load GSS pseudoflavor support
by OID before searching for the pseudoflavor that matches the OID
and service.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fb15b26f8ba3ff629a052faf3f4a4744585ca2dc 16-Mar-2013 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Define rpcsec_gss_info structure

The NFSv4 SECINFO procedure returns a list of security flavors. Any
GSS flavor also has a GSS tuple containing an OID, a quality-of-
protection value, and a service value, which specifies a particular
GSS pseudoflavor.

For simplicity and efficiency, I'd like to return each GSS tuple
from the NFSv4 SECINFO XDR decoder and pass it straight into the RPC
client.

Define a data structure that is visible to both the NFS client and
the RPC client. Take structure and field names from the relevant
standards to avoid confusion.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
95c961747284a6b83a5e2d81240e214b0fa3464d 15-Apr-2012 Eric Dumazet <eric.dumazet@gmail.com> net: cleanup unsigned to unsigned int

Use of "unsigned int" is preferred to bare "unsigned" in net tree.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
09acfea5d8de419ebe84be43b08f7b79c965215f 11-Mar-2012 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix a few sparse warnings

net/sunrpc/svcsock.c:412:22: warning: incorrect type in assignment
(different address spaces)
- svc_partial_recvfrom now takes a struct kvec, so the variable
save_iovbase needs to be an ordinary (void *)

Make a bunch of variables in net/sunrpc/xprtsock.c static

Fix a couple of "warning: symbol 'foo' was not declared. Should it be
static?" reports.

Fix a couple of conflicting function declarations.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
058c5c99999609e3de7e15b49049665f02d06577 22-Jun-2011 J. Bruce Fields <bfields@redhat.com> rpc: allow autoloading of gss mechanisms

Remove the need for an explicit modprobe of rpcsec_gss_krb5.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
b084f598df36b62dfae83c10ed17f0b66b50f442 31-May-2011 J. Bruce Fields <bfields@redhat.com> nfsd: fix dependency of nfsd on auth_rpcgss

Commit b0b0c0a26e84 "nfsd: add proc file listing kernel's gss_krb5
enctypes" added an nunnecessary dependency of nfsd on the auth_rpcgss
module.

It's a little ad hoc, but since the only piece of information nfsd needs
from rpcsec_gss_krb5 is a single static string, one solution is just to
share it with an include file.

Cc: stable@kernel.org
Reported-by: Michael Guntsche <mike@it-loops.com>
Cc: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
0867659fa3c245bf203d837a82e0f6ea5079c2c5 06-Apr-2011 Trond Myklebust <Trond.Myklebust@netapp.com> Revert "net/sunrpc: Use static const char arrays"

This reverts commit 411b5e05617593efebc06241dbc56f42150f2abe.

Olga Kornievskaia reports:

Problem: linux client mounting linux server using rc4-hmac-md5
enctype. gssd fails with create a context after receiving a reply from
the server.

Diagnose: putting printout statements in the server kernel and
kerberos libraries revealed that client and server derived different
integrity keys.

Server kernel code was at fault due the the commit

[aglo@skydive linux-pnfs]$ git show 411b5e05617593efebc06241dbc56f42150f2abe

Trond: The problem is that since it relies on virt_to_page(), you cannot
call sg_set_buf() for data in the const section.

Reported-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org [2.6.36+]
f8628220bb395104697be9c447c1085846dfc97c 03-Mar-2011 Kevin Coffman <kwc@citi.umich.edu> gss:krb5 only include enctype numbers in gm_upcall_enctypes

Make the value in gm_upcall_enctypes just the enctype values.
This allows the values to be used more easily elsewhere.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
540c8cb6a576f34a9a0b04467f46bb6e67a1f852 03-Mar-2011 Kevin Coffman <kwc@citi.umich.edu> gss:krb5 only include enctype numbers in gm_upcall_enctypes

Make the value in gm_upcall_enctypes just the enctype values.
This allows the values to be used more easily elsewhere.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
411b5e05617593efebc06241dbc56f42150f2abe 13-Sep-2010 Joe Perches <joe@perches.com> net/sunrpc: Use static const char arrays

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
ce8477e1176389ed920550f4c925ad4a815b22d5 13-Sep-2010 Bian Naimeng <biannm@cn.fujitsu.com> gss:krb5 miss returning error to caller when import security context

krb5 miss returning error to up layer when import security context,
it may be return ok though it has failed to import security context.

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1f4c86c0be9064ab4eebd9e67c84606c1cfeec4b 13-May-2010 Trond Myklebust <Trond.Myklebust@netapp.com> NFS: Don't use GFP_KERNEL in rpcsec_gss downcalls

Again, we can deadlock if the memory reclaim triggers a writeback that
requires a rpcsec_gss credential lookup.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fc54a0c65fc8cae6b0355512f0b619c1515e7d7f 08-Apr-2010 Trond Myklebust <Trond.Myklebust@netapp.com> gss_krb5: Advertise rc4-hmac enctype support in the rpcsec_gss/krb5 upcall

Update the upcall info indicating which Kerberos enctypes
the kernel supports

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fffdaef2eb4a7333952e55cf97f1fc0fcc35f981 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: Add support for rc4-hmac encryption

Add necessary changes to add kernel support for the rc4-hmac Kerberos
encryption type used by Microsoft and described in rfc4757.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
5af46547ec451918f3ba51efe59b317d33adf701 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: Use confounder length in wrap code

All encryption types use a confounder at the beginning of the
wrap token. In all encryption types except arcfour-hmac, the
confounder is the same as the blocksize. arcfour-hmac has a
blocksize of one, but uses an eight byte confounder.

Add an entry to the crypto framework definitions for the
confounder length and change the wrap/unwrap code to use
the confounder length rather than assuming it is always
the blocksize.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fc263a917afad3bda7b823a6edc803a40e7f6015 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: Save the raw session key in the context

This is needed for deriving arcfour-hmac keys "on the fly"
using the sequence number or checksu

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
bf6d359c508cf83401c942262a9749752598394d 08-Apr-2010 Trond Myklebust <Trond.Myklebust@netapp.com> gss_krb5: Advertise AES enctype support in the rpcsec_gss/krb5 upcall

Update upcall info indicating which Kerberos enctypes
the kernel supports

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
934a95aa1c9c6ad77838800b79c306e982437605 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: add remaining pieces to enable AES encryption support

Add the remaining pieces to enable support for Kerberos AES
encryption types.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
4018bf3eec5ff6bf1234a602a4e72518757a7f55 08-Apr-2010 Trond Myklebust <Trond.Myklebust@netapp.com> gss_krb5: Advertise triple-des enctype support in the rpcsec_gss/krb5 upcall

Update the upcall info indicating which Kerberos enctypes the kernel
supports.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
958142e97e04d6c266ae093739bbbbd03afcd497 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: add support for triple-des encryption

Add the final pieces to support the triple-des encryption type.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
683ac6656cb05b6e83593770ffc049eee4a4d119 08-Apr-2010 Trond Myklebust <Trond.Myklebust@netapp.com> gss_krb5: Add upcall info indicating supported kerberos enctypes

The text based upcall now indicates which Kerberos encryption types are
supported by the kernel rpcsecgss code. This is used by gssd to
determine which encryption types it should attempt to negotiate
when creating a context with a server.

The server principal's database and keytab encryption types are
what limits what it should negotiate. Therefore, its keytab
should be created with only the enctypes listed by this file.

Currently we support des-cbc-crc, des-cbc-md4 and des-cbc-md5

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
47d84807762966c3611c38adecec6ea703ddda7a 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: handle new context format from gssd

For encryption types other than DES, gssd sends down context information
in a new format. This new format includes the information needed to
support the new Kerberos GSS-API tokens defined in rfc4121.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
4891f2d008e4343eedea39ba1fe74864f1d32be0 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: import functionality to derive keys into the kernel

Import the code to derive Kerberos keys from a base key into the
kernel. This will allow us to change the format of the context
information sent down from gssd to include only a single key.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
e1f6c07b1160ef28e8754d12e6c03288dd9d5ca8 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: add ability to have a keyed checksum (hmac)

Encryption types besides DES may use a keyed checksum (hmac).
Modify the make_checksum() function to allow for a key
and take care of enctype-specific processing such as truncating
the resulting hash.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
81d4a4333a1dfd6070f046265d928bb4c79aff88 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: introduce encryption type framework

Add enctype framework and change functions to use the generic
values from it rather than the values hard-coded for des.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a8cc1cb7d7a12b0e2855832d10cfbfaffebfad6c 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: prepare for new context format

Prepare for new context format by splitting out the old "v1"
context processing function

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
1ac3719a2214c545c7e19d34e272a148ca9a24f1 17-Mar-2010 Kevin Coffman <kwc@citi.umich.edu> gss_krb5: split up functions in preparation of adding new enctypes

Add encryption type to the krb5 context structure and use it to switch
to the correct functions depending on the encryption type.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
14ace024b1e16d2bb9445c8387494fbbd820a738 18-Dec-2009 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Fix up an error return value in gss_import_sec_context_kerberos()

If the context allocation fails, the function currently returns a random
error code, since the variable 'p' still points to a valid memory location.

Ensure that it returns ENOMEM...

Cc: stable@kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
0f38b873aeaae698c3693748438547c8493165fb 11-Jun-2008 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Use GFP_NOFS when allocating credentials

Since the credentials may be allocated during the call to rpc_new_task(),
which again may be called by a memory allocator...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
ef338bee3f4f509e82066e100f76fecbbbbc4cca 10-Nov-2007 Kevin Coffman <kwc@citi.umich.edu> sunrpc: return error if unsupported enctype or cksumtype is encountered

Return an error from gss_import_sec_context_kerberos if the
negotiated context contains encryption or checksum types not
supported by the kernel code.

This fixes an Oops because success was assumed and later code found
no internal_ctx_id.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
ae4c40b1d81f5299c04330306736b2f0f0539f4b 17-Jul-2007 Usha Ketineni <ketineni@us.ibm.com> knfsd: rpc: add gss krb5 and spkm3 oid values

Adds oid values to the gss_api mechanism structures. On the NFSV4 server
side, these are required as part of the security triple (oid,qop,service)
information being sent in the response of the SECINFO operation.

Signed-off-by: Usha Ketineni <uketinen@us.ibm.com>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
f1c0a8615090359d57e096157feb9f900cbb233c 24-Jun-2007 Trond Myklebust <Trond.Myklebust@netapp.com> SUNRPC: Mark auth and cred operation tables as constant.

Also do the same for gss_api operation tables.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
8885cb367f86ce02bed3bf18192d74a53ac3b81f 31-Jan-2007 Chuck Lever <chuck.lever@oracle.com> SUNRPC: fix print format for tk_pid in auth_gss support

The tk_pid field is an unsigned short. The proper print format specifier for
that type is %5u, not %4d.

Also clean up some miscellaneous print formatting nits.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
717757ad1038ab6aacb89bad579c89b006efd913 05-Dec-2006 J. Bruce Fields <bfields@fieldses.org> rpcgss: krb5: ignore seed

We're currently not actually using seed or seed_init.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
d922a84a8bf1d627810906d033223d4fa629fdbf 05-Dec-2006 J. Bruce Fields <bfields@fieldses.org> rpcgss: krb5: sanity check sealalg value in the downcall

The sealalg is checked in several places, giving the impression it could be
either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to
be sufficient only for making mic's, and all the contexts we get must be
capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As
with signalg, just check for the right value on the downcall and ignore it
otherwise. Similarly, tighten expectations for the sealalg on incoming
tokens, in case we do support other values eventually.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
e678e06bf8fa25981a6fa1f08b979fd086d713f8 05-Dec-2006 J. Bruce Fields <bfields@fieldses.org> gss: krb5: remove signalg and sealalg

We designed the krb5 context import without completely understanding the
context. Now it's clear that there are a number of fields that we ignore,
or that we depend on having one single value.

In particular, we only support one value of signalg currently; so let's
check the signalg field in the downcall (in case we decide there's
something else we could support here eventually), but ignore it otherwise.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
e69062b4f728dca01ec1a9eb4ed55b73a374f164 21-Nov-2006 Arnaldo Carvalho de Melo <acme@mandriva.com> [SUNRPC]: Use k{mem,str}dup where applicable

Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
378c6697a282c383d89428380a3405bf95189347 22-Aug-2006 Herbert Xu <herbert@gondor.apana.org.au> [SUNRPC] GSS: Use block ciphers where applicable

This patch converts SUNRPC/GSS to use the new block cipher type where
applicable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
0da974f4f303a6842516b764507e3c0a03f41e5a 21-Jul-2006 Panagiotis Issaris <takis@issaris.org> [NET]: Conversions from kmalloc+memset to k(z|c)alloc.

Signed-off-by: Panagiotis Issaris <takis@issaris.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
d6e05edc59ecd79e8badf440c0d295a979bdfa3e 26-Jun-2006 Andreas Mohr <andi@lisas.de> spelling fixes

acquired (aquired)
contiguous (contigious)
successful (succesful, succesfull)
surprise (suprise)
whether (weather)
some other misspellings

Signed-off-by: Andreas Mohr <andi@lisas.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
9e56904e41e242169007e69d9916059dab995d90 03-Jan-2006 J. Bruce Fields <bfields@fieldses.org> SUNRPC: Make krb5 report unsupported encryption types

Print messages when an unsupported encrytion algorthm is requested or
there is an error locating a supported algorthm.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
a0857d03b21fa54653c9d2fe7a315381176015b4 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS: krb5 cleanup

Remove some senseless wrappers.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
00fd6e14255fe7a249315746386d640bc4e9e758 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS remove all qop parameters

Not only are the qop parameters that are passed around throughout the gssapi
unused by any currently implemented mechanism, but there appears to be some
doubt as to whether they will ever be used. Let's just kill them off for now.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
14ae162c24d985593d5b19437d7f3d8fd0062b59 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS: Add support for privacy to krb5 rpcsec_gss mechanism.

Add support for privacy to the krb5 rpcsec_gss mechanism.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
bfa91516b57483fc9c81d8d90325fd2c3c16ac48 13-Oct-2005 J. Bruce Fields <bfields@fieldses.org> RPCSEC_GSS: krb5 pre-privacy cleanup

The code this was originally derived from processed wrap and mic tokens using
the same functions. This required some contortions, and more would be required
with the addition of xdr_buf's, so it's better to separate out the two code
paths.

In preparation for adding privacy support, remove the last vestiges of the
old wrap token code.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
86b9f57dfdf455763d2be73a742a9a88bb664173 11-Aug-2005 Chuck Lever <cel@citi.umich.edu> [PATCH] RPC: Eliminate socket.h includes in RPC client

Clean-up: get rid of unnecessary socket.h and in.h includes in the generic
parts of the RPC client.

Test-plan:
Compile kernel with CONFIG_NFS enabled.

Version: Thu, 11 Aug 2005 16:06:23 -0400

Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
573dbd95964b01a942aa0c68e92b06f2c9536964 02-Sep-2005 Jesper Juhl <jesper.juhl@gmail.com> [CRYPTO]: crypto_free_tfm() callers no longer need to check for NULL

Since the patch to add a NULL short-circuit to crypto_free_tfm() went in,
there's no longer any need for callers of that function to check for NULL.
This patch removes the redundant NULL checks and also a few similar checks
for NULL before calls to kfree() that I ran into while doing the
crypto_free_tfm bits.

I've succesfuly compile tested this patch, and a kernel with the patch
applied boots and runs just fine.

When I posted the patch to LKML (and other lists/people on Cc) it drew the
following comments :

J. Bruce Fields commented
"I've no problem with the auth_gss or nfsv4 bits.--b."

Sridhar Samudrala said
"sctp change looks fine."

Herbert Xu signed off on the patch.

So, I guess this is ready to be dropped into -mm and eventually mainline.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 17-Apr-2005 Linus Torvalds <torvalds@ppc970.osdl.org> Linux-2.6.12-rc2

Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!