X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fsvcgssd_krb5.c;h=1d44d3449c02cd71cfbe0d7be6f1f9991654a798;hp=fc67a6f1363ded05217725cf1fec415aac094a17;hb=e07913c2c5e4dc5e406c2cb12cf78150cab3d95a;hpb=d6c1b35c6b40243bfd6fba2591c9f8f2653078c0

diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
index fc67a6f..1d44d34 100644
--- a/utils/gssd/svcgssd_krb5.c
+++ b/utils/gssd/svcgssd_krb5.c
@@ -38,6 +38,7 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include <ctype.h>
 #include <gssapi/gssapi.h>
 #include <krb5.h>
 
@@ -45,6 +46,7 @@
 #include "gss_oids.h"
 #include "err_util.h"
 #include "svcgssd_krb5.h"
+#include "../mount/version.h"
 
 #define MYBUFLEN 1024
 
@@ -97,6 +99,12 @@ parse_enctypes(char *enctypes)
 	if (n == 0)
 		return ENOENT;
 
+	/* Skip pass any non digits */
+	while (*enctypes && isdigit(*enctypes) == 0)
+		enctypes++;
+	if (*enctypes == '\0')
+		return EINVAL;
+
 	/* Allocate space for enctypes array */
 	if ((parsed_enctypes = (int *) calloc(n, sizeof(int))) == NULL) {
 		return ENOMEM;
@@ -169,22 +177,44 @@ svcgssd_limit_krb5_enctypes(void)
 {
 #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
 	u_int maj_stat, min_stat;
-	krb5_enctype default_enctypes[] = { ENCTYPE_DES_CBC_CRC,
-					    ENCTYPE_DES_CBC_MD5,
-					    ENCTYPE_DES_CBC_MD4 };
-	int default_num_enctypes =
-		sizeof(default_enctypes) / sizeof(default_enctypes[0]);
-	krb5_enctype *enctypes;
-	int num_enctypes;
+	krb5_enctype old_kernel_enctypes[] = {
+		ENCTYPE_DES_CBC_CRC,
+		ENCTYPE_DES_CBC_MD5,
+		ENCTYPE_DES_CBC_MD4 };
+	krb5_enctype new_kernel_enctypes[] = {
+		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+		ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+		ENCTYPE_DES3_CBC_SHA1,
+		ENCTYPE_ARCFOUR_HMAC,
+		ENCTYPE_DES_CBC_CRC,
+		ENCTYPE_DES_CBC_MD5,
+		ENCTYPE_DES_CBC_MD4 };
+	krb5_enctype *default_enctypes, *enctypes;
+	int default_num_enctypes, num_enctypes;
+
+
+	if (linux_version_code() < MAKE_VERSION(2, 6, 35)) {
+		default_enctypes = old_kernel_enctypes;
+		default_num_enctypes =
+			sizeof(old_kernel_enctypes) / sizeof(old_kernel_enctypes[0]);
+	} else {
+		default_enctypes = new_kernel_enctypes;
+		default_num_enctypes =
+			sizeof(new_kernel_enctypes) / sizeof(new_kernel_enctypes[0]);
+	}
 
 	get_kernel_supported_enctypes();
 
 	if (parsed_enctypes != NULL) {
 		enctypes = parsed_enctypes;
 		num_enctypes = parsed_num_enctypes;
+		printerr(2, "%s: Calling gss_set_allowable_enctypes with %d "
+			"enctypes from the kernel\n", __func__, num_enctypes);
 	} else {
 		enctypes = default_enctypes;
 		num_enctypes = default_num_enctypes;
+		printerr(2, "%s: Calling gss_set_allowable_enctypes with %d "
+			"enctypes from defaults\n", __func__, num_enctypes);
 	}
 
 	maj_stat = gss_set_allowable_enctypes(&min_stat, gssd_creds,