• S
    SUNRPC: Use gssproxy upcall for server RPCGSS authentication. · 030d794b
    Simo Sorce 提交于
    The main advantge of this new upcall mechanism is that it can handle
    big tickets as seen in Kerberos implementations where tickets carry
    authorization data like the MS-PAC buffer with AD or the Posix Authorization
    Data being discussed in IETF on the krbwg working group.
    
    The Gssproxy program is used to perform the accept_sec_context call on the
    kernel's behalf. The code is changed to also pass the input buffer straight
    to upcall mechanism to avoid allocating and copying many pages as tokens can
    be as big (potentially more in future) as 64KiB.
    Signed-off-by: NSimo Sorce <simo@redhat.com>
    [bfields: containerization, negotiation api]
    Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
    030d794b
svcauth_gss.c 45.9 KB