1. 26 Apr, 2013 6 commits
    • Simo Sorce's avatar
      SUNRPC: Use gssproxy upcall for server RPCGSS authentication. · 030d794b
      Simo Sorce authored
      The main advantge of this new upcall mechanism is that it can handle
      big tickets as seen in Kerberos implementations where tickets carry
      authorization data like the MS-PAC buffer with AD or the Posix Authorization
      Data being discussed in IETF on the krbwg working group.
      
      The Gssproxy program is used to perform the accept_sec_context call on the
      kernel's behalf. The code is changed to also pass the input buffer straight
      to upcall mechanism to avoid allocating and copying many pages as tokens can
      be as big (potentially more in future) as 64KiB.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      [bfields: containerization, negotiation api]
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      030d794b
    • Simo Sorce's avatar
      SUNRPC: Add RPC based upcall mechanism for RPCGSS auth · 1d658336
      Simo Sorce authored
      This patch implements a sunrpc client to use the services of the gssproxy
      userspace daemon.
      
      In particular it allows to perform calls in user space using an RPC
      call instead of custom hand-coded upcall/downcall messages.
      
      Currently only accept_sec_context is implemented as that is all is needed for
      the server case.
      
      File server modules like NFS and CIFS can use full gssapi services this way,
      once init_sec_context is also implemented.
      
      For the NFS server case this code allow to lift the limit of max 2k krb5
      tickets. This limit is prevents legitimate kerberos deployments from using krb5
      authentication with the Linux NFS server as they have normally ticket that are
      many kilobytes large.
      
      It will also allow to lift the limitation on the size of the credential set
      (uid,gid,gids) passed down from user space for users that have very many groups
      associated. Currently the downcall mechanism used by rpc.svcgssd is limited
      to around 2k secondary groups of the 65k allowed by kernel structures.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      [bfields: containerization, concurrent upcalls, misc. fixes and cleanup]
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      1d658336
    • Simo Sorce's avatar
      SUNRPC: conditionally return endtime from import_sec_context · 400f26b5
      Simo Sorce authored
      We expose this parameter for a future caller.
      It will be used to extract the endtime from the gss-proxy upcall mechanism,
      in order to set the rsc cache expiration time.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      400f26b5
    • J. Bruce Fields's avatar
      SUNRPC: allow disabling idle timeout · 33d90ac0
      J. Bruce Fields authored
      In the gss-proxy case we don't want to have to reconnect at random--we
      want to connect only on gss-proxy startup when we can steal gss-proxy's
      context to do the connect in the right namespace.
      
      So, provide a flag that allows the rpc_create caller to turn off the
      idle timeout.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      33d90ac0
    • J. Bruce Fields's avatar
      SUNRPC: attempt AF_LOCAL connect on setup · 7073ea87
      J. Bruce Fields authored
      In the gss-proxy case, setup time is when I know I'll have the right
      namespace for the connect.
      
      In other cases, it might be useful to get any connection errors
      earlier--though actually in practice it doesn't make any difference for
      rpcbind.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      7073ea87
    • J. Bruce Fields's avatar
      Merge Trond's nfs-for-next · c85b03ab
      J. Bruce Fields authored
      Merging Trond's nfs-for-next branch, mainly to get
      b7993ceb "SUNRPC: Allow rpc_create() to
      request that TCP slots be unlimited", which a small piece of the
      gss-proxy work depends on.
      c85b03ab
  2. 23 Apr, 2013 1 commit
  3. 22 Apr, 2013 1 commit
  4. 21 Apr, 2013 1 commit
  5. 20 Apr, 2013 2 commits
  6. 19 Apr, 2013 1 commit
  7. 17 Apr, 2013 2 commits
  8. 16 Apr, 2013 3 commits
  9. 14 Apr, 2013 3 commits
  10. 12 Apr, 2013 1 commit
  11. 11 Apr, 2013 1 commit
  12. 10 Apr, 2013 1 commit
  13. 09 Apr, 2013 12 commits
  14. 08 Apr, 2013 2 commits
    • Trond Myklebust's avatar
      NFSv4: Handle timeouts correctly when probing for lease validity · bc7a05ca
      Trond Myklebust authored
      When we send a RENEW or SEQUENCE operation in order to probe if the
      lease is still valid, we want it to be able to time out since the
      lease we are probing is likely to time out too. Currently, because
      we use soft mount semantics for these RPC calls, the return value
      is EIO, which causes the state manager to exit with an "unhandled
      error" message.
      This patch changes the call semantics, so that the RPC layer returns
      ETIMEDOUT instead of EIO. We then have the state manager default to
      a simple retry instead of exiting.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      bc7a05ca
    • J. Bruce Fields's avatar
      nfsd4: cleanup handling of nfsv4.0 closed stateid's · 9411b1d4
      J. Bruce Fields authored
      Closed stateid's are kept around a little while to handle close replays
      in the 4.0 case.  So we stash them in the last-used stateid in the
      oo_last_closed_stateid field of the open owner.  We can free that in
      encode_seqid_op_tail once the seqid on the open owner is next
      incremented.  But we don't want to do that on the close itself; so we
      set NFS4_OO_PURGE_CLOSE flag set on the open owner, skip freeing it the
      first time through encode_seqid_op_tail, then when we see that flag set
      next time we free it.
      
      This is unnecessarily baroque.
      
      Instead, just move the logic that increments the seqid out of the xdr
      code and into the operation code itself.
      
      The justification given for the current placement is that we need to
      wait till the last minute to be sure we know whether the status is a
      sequence-id-mutating error or not, but examination of the code shows
      that can't actually happen.
      Reported-by: default avatarYanchuan Nian <ycnian@gmail.com>
      Tested-by: default avatarYanchuan Nian <ycnian@gmail.com>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      9411b1d4
  15. 05 Apr, 2013 3 commits