OpenCloudOS-Kernel/net/sunrpc/auth_gss
Olga Kornievskaia 2efef7080f rpc: add service field to new upcall
This patch extends the new upcall with a "service" field that currently
can have 2 values: "*" or "nfs". These values specify matching rules for
principals in the keytab file. The "*" means that gssd is allowed to use
"root", "nfs", or "host" keytab entries while the other option requires
"nfs".

Restricting gssd to use the "nfs" principal is needed for when the
server performs a callback to the client.  The server in this case has
to authenticate itself as an "nfs" principal.

We also need "service" field to distiguish between two client-side cases
both currently using a uid of 0: the case of regular file access by the
root user, and the case of state-management calls (such as setclientid)
which should use a keytab for authentication.  (And the upcall should
fail if an appropriate principal can't be found.)

Signed-off: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2008-12-23 16:19:56 -05:00
..
Makefile gss_krb5: move gss_krb5_crypto into the krb5 module 2008-06-23 13:47:32 -04:00
auth_gss.c rpc: add service field to new upcall 2008-12-23 16:19:56 -05:00
gss_generic_token.c SUNRPC: rpcsec_gss modules should not be used by out-of-tree code 2008-12-23 15:21:32 -05:00
gss_krb5_crypto.c gss_krb5: move gss_krb5_crypto into the krb5 module 2008-06-23 13:47:32 -04:00
gss_krb5_mech.c SUNRPC: Use GFP_NOFS when allocating credentials 2008-07-09 12:08:48 -04:00
gss_krb5_seal.c gss_krb5: create a define for token header size and clean up ptr location 2008-06-23 13:47:25 -04:00
gss_krb5_seqnum.c gss_krb5: consistently use unsigned for seqnum 2008-04-23 16:13:41 -04:00
gss_krb5_unseal.c gss_krb5: create a define for token header size and clean up ptr location 2008-06-23 13:47:25 -04:00
gss_krb5_wrap.c gss_krb5: Use random value to initialize confounder 2008-06-23 13:47:38 -04:00
gss_mech_switch.c SUNRPC: rpcsec_gss modules should not be used by out-of-tree code 2008-12-23 15:21:32 -05:00
gss_spkm3_mech.c SUNRPC: Use GFP_NOFS when allocating credentials 2008-07-09 12:08:48 -04:00
gss_spkm3_seal.c sunrpc: make token header values less confusing 2008-04-23 16:13:41 -04:00
gss_spkm3_token.c SUNRPC: Use GFP_NOFS when allocating credentials 2008-07-09 12:08:48 -04:00
gss_spkm3_unseal.c Merge branch 'master' of /home/trondmy/kernel/linux-2.6/ 2007-02-12 22:43:25 -08:00
svcauth_gss.c rpc: allow gss callbacks to client 2008-12-23 16:18:34 -05:00