linux/net/sunrpc/auth_gss
Simo Sorce 030d794bf4 SUNRPC: Use gssproxy upcall for server RPCGSS authentication.
The main advantge of this new upcall mechanism is that it can handle
big tickets as seen in Kerberos implementations where tickets carry
authorization data like the MS-PAC buffer with AD or the Posix Authorization
Data being discussed in IETF on the krbwg working group.

The Gssproxy program is used to perform the accept_sec_context call on the
kernel's behalf. The code is changed to also pass the input buffer straight
to upcall mechanism to avoid allocating and copying many pages as tokens can
be as big (potentially more in future) as 64KiB.

Signed-off-by: Simo Sorce <simo@redhat.com>
[bfields: containerization, negotiation api]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-04-26 11:41:28 -04:00
..
auth_gss.c SUNRPC: conditionally return endtime from import_sec_context 2013-04-26 11:41:27 -04:00
gss_generic_token.c
gss_krb5_crypto.c SUNRPC: Don't use variable length automatic arrays in kernel code 2012-03-12 13:37:16 -04:00
gss_krb5_keys.c
gss_krb5_mech.c SUNRPC: conditionally return endtime from import_sec_context 2013-04-26 11:41:27 -04:00
gss_krb5_seal.c SUNRPC: Fix a few sparse warnings 2012-03-11 19:30:02 -04:00
gss_krb5_seqnum.c
gss_krb5_unseal.c
gss_krb5_wrap.c sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer 2013-02-08 15:19:10 -05:00
gss_mech_switch.c SUNRPC: conditionally return endtime from import_sec_context 2013-04-26 11:41:27 -04:00
gss_rpc_upcall.c SUNRPC: Use gssproxy upcall for server RPCGSS authentication. 2013-04-26 11:41:28 -04:00
gss_rpc_upcall.h SUNRPC: Add RPC based upcall mechanism for RPCGSS auth 2013-04-26 11:41:27 -04:00
gss_rpc_xdr.c SUNRPC: Add RPC based upcall mechanism for RPCGSS auth 2013-04-26 11:41:27 -04:00
gss_rpc_xdr.h SUNRPC: Add RPC based upcall mechanism for RPCGSS auth 2013-04-26 11:41:27 -04:00
Makefile SUNRPC: Add RPC based upcall mechanism for RPCGSS auth 2013-04-26 11:41:27 -04:00
svcauth_gss.c SUNRPC: Use gssproxy upcall for server RPCGSS authentication. 2013-04-26 11:41:28 -04:00