From 1d658336b05f8697d6445834f8867f8ad5e4f735 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 25 May 2012 18:09:55 -0400 Subject: SUNRPC: Add RPC based upcall mechanism for RPCGSS auth This patch implements a sunrpc client to use the services of the gssproxy userspace daemon. In particular it allows to perform calls in user space using an RPC call instead of custom hand-coded upcall/downcall messages. Currently only accept_sec_context is implemented as that is all is needed for the server case. File server modules like NFS and CIFS can use full gssapi services this way, once init_sec_context is also implemented. For the NFS server case this code allow to lift the limit of max 2k krb5 tickets. This limit is prevents legitimate kerberos deployments from using krb5 authentication with the Linux NFS server as they have normally ticket that are many kilobytes large. It will also allow to lift the limitation on the size of the credential set (uid,gid,gids) passed down from user space for users that have very many groups associated. Currently the downcall mechanism used by rpc.svcgssd is limited to around 2k secondary groups of the 65k allowed by kernel structures. Signed-off-by: Simo Sorce [bfields: containerization, concurrent upcalls, misc. fixes and cleanup] Signed-off-by: J. Bruce Fields --- net/sunrpc/netns.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/sunrpc/netns.h') diff --git a/net/sunrpc/netns.h b/net/sunrpc/netns.h index ce7bd449173d..e9f8895d70ca 100644 --- a/net/sunrpc/netns.h +++ b/net/sunrpc/netns.h @@ -23,6 +23,9 @@ struct sunrpc_net { struct rpc_clnt *rpcb_local_clnt4; spinlock_t rpcb_clnt_lock; unsigned int rpcb_users; + + struct mutex gssp_lock; + struct rpc_clnt *gssp_clnt; }; extern int sunrpc_net_id; -- cgit v1.2.3