Re: unread variables in sunrpc kerberos code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 09, 2013 at 02:33:22PM -0400, Andy Adamson wrote:
> RPCSEC_GSS requires that the GSS-API level sequencing is turned off -
> e.g. the sequence_req_flag is set to false.
> 
> rfc2203:
> 
>   When GSS_Init_sec_context() is called, the parameters
>   replay_det_req_flag and sequence_req_flag must be turned off. The
>   reasons for this are:
> 
>   *    ONC RPC can be used over unreliable transports and provides no
>         layer to reliably re-assemble messages. Thus it is possible for
>         gaps in message sequencing to occur, as well as out of order
>         messages.
> 
>    *    RPC servers can be multi-threaded, and thus the order in which
>         GSS-API messages are signed or wrapped can be different from the
>         order in which the messages are verified or unwrapped, even if
>         the requests are sent on reliable transports.
> 
>    *    To maximize convenience of implementation, the order in which an
>         ONC RPC entity will verify the header and verify/unwrap the body
>         of an RPC call or reply is left unspecified.
> 
>    The RPCSEC_GSS protocol provides for protection from replay attack,
>    yet tolerates out-of-order delivery or processing of messages and
>    tolerates dropped requests.
> 
> 
> So the RPCSEC_GSS layer does the sequencing, not the GSS layer.

Thanks Andy, that RFC text is a good explanation;  I'll add a comment
referencing that.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux