git.baikalelectronics.ru Git - kernel.git/commit

author	Simo Sorce <simo@redhat.com>
	Fri, 25 May 2012 22:09:56 +0000 (18:09 -0400)
committer	J. Bruce Fields <bfields@redhat.com>
	Fri, 26 Apr 2013 15:41:28 +0000 (11:41 -0400)
commit	d2e746f87f2c74ee17f36db22d2904d88cab8ea4
tree	b92b6fecf0856d48d232f266d7ac7e2b0ff09a17	tree \| snapshot
parent	3f9de78f0157d8690b3a1cfffe3b82408c1ff217	commit \| diff

SUNRPC: Use gssproxy upcall for server RPCGSS authentication.

The main advantge of this new upcall mechanism is that it can handle
big tickets as seen in Kerberos implementations where tickets carry
authorization data like the MS-PAC buffer with AD or the Posix Authorization
Data being discussed in IETF on the krbwg working group.

The Gssproxy program is used to perform the accept_sec_context call on the
kernel's behalf. The code is changed to also pass the input buffer straight
to upcall mechanism to avoid allocating and copying many pages as tokens can
be as big (potentially more in future) as 64KiB.

Signed-off-by: Simo Sorce <simo@redhat.com>
[bfields: containerization, negotiation api]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

Documentation/filesystems/nfs/00-INDEX		diff \| blob \| history
Documentation/filesystems/nfs/rpc-server-gss.txt	[new file with mode: 0644]	blob
net/sunrpc/auth_gss/gss_rpc_upcall.c		diff \| blob \| history
net/sunrpc/auth_gss/svcauth_gss.c		diff \| blob \| history
net/sunrpc/netns.h		diff \| blob \| history