[PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Simo Sorce]

This patchset implements a new upcall mechanism that uses the sunrpc
client to talk to gssproxy[1], a new userspace daemon that handles gssapi
operations on behalf of other processes on the system.

The main driver for this new mechanism is to overcome limitations with
the current daemon and upcall. The current code cannot handle tickets
larger than approximatively 2k and cannot handle sending back large user
credential sets to the kernel.

These patches have been tested against the development version of gssproxy
tagged as kernel_v0.1 in the master repo[2].

I have tested walking into mountpoints using tickets artificially pumped
up to 64k and the user is properly authorized, after the accept_se_context
call is performed through the new upcall mechanism and gssproxy.

The gssproxy has the potential of handling also init_sec_context calls,
but at the moment the only targeted system is nfsd.

Simo.

[1] https://fedorahosted.org/gss-proxy/
[2] http://git.fedorahosted.org/git/?p=gss-proxy.git;a=shortlog;h=refs/tags/kernel_v0.1


NOTE: Included are all changes request and agreed on the list recently,
      kmalloc changes and containers compatibility changes.
      Pacthes rebased on top of Bruce Field's for-3.5 tree.


Simo Sorce (4):
  SUNRPC: conditionally return endtime from import_sec_context
  SUNRPC: Document a bit RPCGSS handling in the NFS Server
  SUNRPC: Add RPC based upcall mechanism for RPCGSS auth
  SUNRPC: Use gssproxy upcall for nfsd's RPCGSS authentication.

 Documentation/filesystems/nfs/00-INDEX         |    2 +
 Documentation/filesystems/nfs/knfsd-rpcgss.txt |   65 ++
 include/linux/sunrpc/auth_gss.h                |    3 +
 include/linux/sunrpc/gss_api.h                 |    2 +
 include/linux/sunrpc/svcauth_gss.h             |    2 +-
 net/sunrpc/auth_gss/Makefile                   |    4 +-
 net/sunrpc/auth_gss/auth_gss.c                 |   11 +-
 net/sunrpc/auth_gss/gss_krb5_mech.c            |    3 +
 net/sunrpc/auth_gss/gss_mech_switch.c          |    5 +-
 net/sunrpc/auth_gss/gss_rpc_upcall.c           |  353 +++++++++
 net/sunrpc/auth_gss/gss_rpc_upcall.h           |   43 ++
 net/sunrpc/auth_gss/gss_rpc_xdr.c              |  907 ++++++++++++++++++++++++
 net/sunrpc/auth_gss/gss_rpc_xdr.h              |  269 +++++++
 net/sunrpc/auth_gss/svcauth_gss.c              |  226 ++++++-
 14 files changed, 1875 insertions(+), 20 deletions(-)
 create mode 100644 Documentation/filesystems/nfs/knfsd-rpcgss.txt
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.c
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.h
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.c
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.h

-- 
1.7.7.6

[PATCH 1/4] SUNRPC: conditionally return endtime from import_sec_context

[Simo Sorce]

We expose this parameter for a future caller.
It will be used to extract the endtime from the gss-proxy upcall mechanism,
in order to set the rsc cache expiration time.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 include/linux/sunrpc/gss_api.h        |    2 ++
 net/sunrpc/auth_gss/auth_gss.c        |    2 +-
 net/sunrpc/auth_gss/gss_krb5_mech.c   |    3 +++
 net/sunrpc/auth_gss/gss_mech_switch.c |    5 +++--
 net/sunrpc/auth_gss/svcauth_gss.c     |    3 ++-
 5 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index 332da61cf8b71fc73d802b2609210f46641a9ea1..7bd486d50f0861b45c98e695751c2f92f1b3bdfa 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -36,6 +36,7 @@ int gss_import_sec_context(
 		size_t			bufsize,
 		struct gss_api_mech	*mech,
 		struct gss_ctx		**ctx_id,
+		time_t			*endtime,
 		gfp_t			gfp_mask);
 u32 gss_get_mic(
 		struct gss_ctx		*ctx_id,
@@ -91,6 +92,7 @@ struct gss_api_ops {
 			const void		*input_token,
 			size_t			bufsize,
 			struct gss_ctx		*ctx_id,
+			time_t			*endtime,
 			gfp_t			gfp_mask);
 	u32 (*gss_get_mic)(
 			struct gss_ctx		*ctx_id,
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index d3ad81f8da5b79551c36b17a7d53007406946699..836cbecb1947235d38c62eadf79ae96ad73906e6 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -232,7 +232,7 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct
 		p = ERR_PTR(-EFAULT);
 		goto err;
 	}
-	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, GFP_NOFS);
+	ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
 	if (ret < 0) {
 		p = ERR_PTR(ret);
 		goto err;
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 8eff8c32d1b9b403c2365326c16e44df7c0923e6..329c36b9aa269a414932df86d89650c7a39528fd 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -679,6 +679,7 @@ out_err:
 static int
 gss_import_sec_context_kerberos(const void *p, size_t len,
 				struct gss_ctx *ctx_id,
+				time_t *endtime,
 				gfp_t gfp_mask)
 {
 	const void *end = (const void *)((const char *)p + len);
@@ -696,6 +697,8 @@ gss_import_sec_context_kerberos(const void *p, size_t len,
 
 	if (ret == 0)
 		ctx_id->internal_ctx_id = ctx;
+		if (endtime)
+			*endtime = ctx->endtime;
 	else
 		kfree(ctx);
 
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index ca8cad8251c7ff1c13c9bff6757e098c4f1cd9b2..b22cc24fac482351876c8f4a6c10d8b203a95045 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -312,14 +312,15 @@ int
 gss_import_sec_context(const void *input_token, size_t bufsize,
 		       struct gss_api_mech	*mech,
 		       struct gss_ctx		**ctx_id,
+		       time_t			*endtime,
 		       gfp_t gfp_mask)
 {
 	if (!(*ctx_id = kzalloc(sizeof(**ctx_id), gfp_mask)))
 		return -ENOMEM;
 	(*ctx_id)->mech_type = gss_mech_get(mech);
 
-	return mech->gm_ops
-		->gss_import_sec_context(input_token, bufsize, *ctx_id, gfp_mask);
+	return mech->gm_ops->gss_import_sec_context(input_token, bufsize,
+						*ctx_id, endtime, gfp_mask);
 }
 
 /* gss_get_mic: compute a mic over message and return mic_token. */
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index bcb773781ec08cbf0a2f00a4034126bfffc7e1cb..5008672f920e8bdda6a4753bd7c7262a90d11eab 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -486,7 +486,8 @@ static int rsc_parse(struct cache_detail *cd,
 		len = qword_get(&mesg, buf, mlen);
 		if (len < 0)
 			goto out;
-		status = gss_import_sec_context(buf, len, gm, &rsci.mechctx, GFP_KERNEL);
+		status = gss_import_sec_context(buf, len, gm, &rsci.mechctx,
+						NULL, GFP_KERNEL);
 		if (status)
 			goto out;
 
-- 
1.7.7.6

[PATCH 2/4] SUNRPC: Document a bit RPCGSS handling in the NFS Server

[Simo Sorce]

Includes changes intorduced by GSS-Proxy.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 Documentation/filesystems/nfs/00-INDEX         |    2 +
 Documentation/filesystems/nfs/knfsd-rpcgss.txt |   65 ++++++++++++++++++++++++
 2 files changed, 67 insertions(+), 0 deletions(-)
 create mode 100644 Documentation/filesystems/nfs/knfsd-rpcgss.txt

diff --git a/Documentation/filesystems/nfs/00-INDEX b/Documentation/filesystems/nfs/00-INDEX
index 1716874a651e1c574e7ca9719dfb4e3521b0a5e9..66eb6c8c5334518ddbc10115c7b34b4dfb1b3c0e 100644
--- a/Documentation/filesystems/nfs/00-INDEX
+++ b/Documentation/filesystems/nfs/00-INDEX
@@ -20,3 +20,5 @@ rpc-cache.txt
 	- introduction to the caching mechanisms in the sunrpc layer.
 idmapper.txt
 	- information for configuring request-keys to be used by idmapper
+knfsd-rpcgss.txt
+	- Information on GSS authentication support in the NFS Server
diff --git a/Documentation/filesystems/nfs/knfsd-rpcgss.txt b/Documentation/filesystems/nfs/knfsd-rpcgss.txt
new file mode 100644
index 0000000000000000000000000000000000000000..914aa536273b986539d7859092e2c0f139ce5535
--- /dev/null
+++ b/Documentation/filesystems/nfs/knfsd-rpcgss.txt
@@ -0,0 +1,65 @@
+
+Kernel NFS Server RPCGSS Support
+================================
+
+This document gives references to the standards and protocols used to
+implement RPCGSS authentication in the NFS Server.
+
+RPCGSS is specified in a few IETF documents:
+ - RFC2203 v1: http://tools.ietf.org/rfc/rfc2203.txt
+ - RFC5403 v2: http://tools.ietf.org/rfc/rfc5403.txt
+and there is a 3rd version  being proposed:
+ - http://tools.ietf.org/id/draft-williams-rpcsecgssv3.txt
+   (At draft n. 02 at the time of writing)
+
+Background
+----------
+
+The RPCGSS Authentication method describes a way to perform GSSAPI
+Authentication for NFS.
+Although GSSAPI is itself completely mechanism agnostic, in many cases only
+the KRB5 mechanism is supported by NFS implementations.
+
+The Linux kernel, at the moment, supports only the KRB5 mechanism, and depends
+on GSSAPI extensions that are KRB5 specific.
+
+GSSAPI is a complex library, and implementing it completely in kernel is
+unwarranted. However GSSAPI operations are fundementally separable in 2 parts:
+- context establishment
+- integrity/privacy protection (read: signing and encrypting)
+
+The first part is the complex one, while the actual integrity and privacy
+protecion is simple enough.
+Because of the complexity of context establishment, the NFS Server defers the
+operation to the userspace througuh the use of upcalls.
+
+NFS Server Legacy Upcall mechanism
+----------------------------------
+
+The classic upcall mechanism uses a custom text based upcall mechanism to talk
+to a custom daemon called rpc.svcgssd that is provide by the nfs-utils package.
+
+This upcall mechanism has 2 limitations:
+A) Can handle tokens that are no bigger than 2KiB
+
+In some Kerberos deployment GSSAPI tokens can be quite big, up and beyond 64KiB
+in size due to various authorization extensions attacked to the Kerberos
+tickets, that needs to be sent through the GSS layer in order to perform
+context establishment.
+
+B) Does not properly handle creds where the user is member of more than a few
+housand groups (the current hard limit in the kernel is 65K groups) due to
+limitation on the size of the buffer that can be send back to the kernel (4KiB).
+
+NFS Server New RPC Upcall mechanism
+-----------------------------------
+
+A new upcall mechanism that uses RPC over a Unix socket is added. This
+mechanism uses a protocol called gss-proxy, and user space program that
+implements it called Gssproxy. The gss_proxy RPC protocol is currently document
+here: https://fedorahosted.org/gss-proxy/wiki/ProtocolDocumentation
+
+This upcall mechanism uses the kernel rpc client and connects to the gssproxy
+userspace program over a regular unix socket. The gssproxy protocol does not
+suffer from the size limitations of the legacy protocol.
+
-- 
1.7.7.6

[PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth

[Simo Sorce]

This patch implements a sunrpc client to use the services of the gssproxy
userspace daemon.

In particular it allows to perform calls in user space using an RPC
call instead of custom hand-coded upcall/downcall messages.

Currently only accept_sec_context is implemented as that is all is needed for
the server case.

File server modules like NFS and CIFS can use full gssapi services this way,
once init_sec_context is also implemented.

For the NFS server case this code allow to lift the limit of max 2k krb5
tickets. This limit is prevents legitimate kerberos deployments from using krb5
authentication with the Linux NFS server as they have normally ticket that are
many kilobytes large.

It will also allow to lift the limitation on the size of the credential set
(uid,gid,gids) passed down from user space for users that have very many groups
associated. Currently the downcall mechanism used by rpc.svcgssd is limited
to around 2k secondary groups of the 65k allowed by kernel structures.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 net/sunrpc/auth_gss/Makefile         |    4 +-
 net/sunrpc/auth_gss/gss_rpc_upcall.c |  353 +++++++++++++
 net/sunrpc/auth_gss/gss_rpc_upcall.h |   43 ++
 net/sunrpc/auth_gss/gss_rpc_xdr.c    |  907 ++++++++++++++++++++++++++++++++++
 net/sunrpc/auth_gss/gss_rpc_xdr.h    |  269 ++++++++++
 5 files changed, 1575 insertions(+), 1 deletions(-)
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.c
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.h
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.c
 create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.h

diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile
index 9e4cb59ef9f0207bc8edc4629dee18c545599de6..bf9f334529416f496ad32a3d0087964df93ff4ac 100644
--- a/net/sunrpc/auth_gss/Makefile
+++ b/net/sunrpc/auth_gss/Makefile
@@ -5,9 +5,11 @@
 obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o
 
 auth_rpcgss-y := auth_gss.o gss_generic_token.o \
-	gss_mech_switch.o svcauth_gss.o
+	gss_mech_switch.o svcauth_gss.o \
+	gss_rpc_upcall.o gss_rpc_xdr.o
 
 obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o
 
 rpcsec_gss_krb5-y := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
 	gss_krb5_seqnum.o gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o
+
diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.c b/net/sunrpc/auth_gss/gss_rpc_upcall.c
new file mode 100644
index 0000000000000000000000000000000000000000..5fd8c91ab8b5d33aa116a9014fce0d5aa197d73b
--- /dev/null
+++ b/net/sunrpc/auth_gss/gss_rpc_upcall.c
@@ -0,0 +1,353 @@
+/*
+ *  linux/net/sunrpc/gss_rpc_upcall.c
+ *
+ *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <linux/types.h>
+#include <linux/un.h>
+
+#include <linux/sunrpc/svcauth.h>
+#include "gss_rpc_upcall.h"
+
+#define GSSPROXY_SOCK_PATHNAME	"/var/run/gssproxy.sock"
+
+#define GSSPROXY_PROGRAM	(400112u)
+#define GSSPROXY_VERS_1		(1u)
+
+DEFINE_MUTEX(gssp_clnt_mutex);
+struct rpc_clnt *gssp_clnt;
+
+/*
+ * Encoding/Decoding functions
+ */
+
+enum {
+	GSSX_NULL = 0,	/* Unused */
+        GSSX_INDICATE_MECHS = 1,
+        GSSX_GET_CALL_CONTEXT = 2,
+        GSSX_IMPORT_AND_CANON_NAME = 3,
+        GSSX_EXPORT_CRED = 4,
+        GSSX_IMPORT_CRED = 5,
+        GSSX_ACQUIRE_CRED = 6,
+        GSSX_STORE_CRED = 7,
+        GSSX_INIT_SEC_CONTEXT = 8,
+        GSSX_ACCEPT_SEC_CONTEXT = 9,
+        GSSX_RELEASE_HANDLE = 10,
+        GSSX_GET_MIC = 11,
+        GSSX_VERIFY = 12,
+        GSSX_WRAP = 13,
+        GSSX_UNWRAP = 14,
+        GSSX_WRAP_SIZE_LIMIT = 15,
+};
+
+#define PROC(proc, name)				\
+[GSSX_##proc] = {					\
+	.p_proc   = GSSX_##proc,			\
+	.p_encode = (kxdreproc_t)gssx_enc_##name,	\
+	.p_decode = (kxdrdproc_t)gssx_dec_##name,	\
+	.p_arglen = GSSX_ARG_##name##_sz,		\
+	.p_replen = GSSX_RES_##name##_sz, 		\
+	.p_statidx = GSSX_##proc,			\
+	.p_name   = #proc,				\
+}
+
+struct rpc_procinfo gssp_procedures[] = {
+	PROC(INDICATE_MECHS, indicate_mechs),
+        PROC(GET_CALL_CONTEXT, get_call_context),
+        PROC(IMPORT_AND_CANON_NAME, import_and_canon_name),
+        PROC(EXPORT_CRED, export_cred),
+        PROC(IMPORT_CRED, import_cred),
+        PROC(ACQUIRE_CRED, acquire_cred),
+        PROC(STORE_CRED, store_cred),
+        PROC(INIT_SEC_CONTEXT, init_sec_context),
+        PROC(ACCEPT_SEC_CONTEXT, accept_sec_context),
+        PROC(RELEASE_HANDLE, release_handle),
+        PROC(GET_MIC, get_mic),
+        PROC(VERIFY, verify),
+        PROC(WRAP, wrap),
+        PROC(UNWRAP, unwrap),
+        PROC(WRAP_SIZE_LIMIT, wrap_size_limit),
+};
+
+
+
+/*
+ * Common transport functions
+ */
+
+static const struct rpc_program gssp_program;
+
+static int gssp_rpc_create(struct net *net, struct rpc_clnt **_clnt)
+{
+	static const struct sockaddr_un gssp_localaddr = {
+		.sun_family		= AF_LOCAL,
+		.sun_path		= GSSPROXY_SOCK_PATHNAME,
+	};
+	struct rpc_create_args args = {
+		.net		= net,
+		.protocol	= XPRT_TRANSPORT_LOCAL,
+		.address	= (struct sockaddr *)&gssp_localaddr,
+		.addrsize	= sizeof(gssp_localaddr),
+		.servername	= "localhost",
+		.program	= &gssp_program,
+		.version	= GSSPROXY_VERS_1,
+		.authflavor	= RPC_AUTH_NULL,
+		.flags		= RPC_CLNT_CREATE_NOPING,
+	};
+	struct rpc_clnt *clnt;
+	int result = 0;
+
+	clnt = rpc_create(&args);
+	if (IS_ERR(clnt)) {
+		dprintk("RPC:       failed to create AF_LOCAL gssproxy "
+				"client (errno %ld).\n", PTR_ERR(clnt));
+		result = -PTR_ERR(clnt);
+		*_clnt = NULL;
+		goto out;
+	}
+
+	dprintk("RPC:       created new gssp local client (gssp_local_clnt: "
+			"%p)\n", clnt);
+	*_clnt = clnt;
+
+out:
+	return result;
+}
+
+static struct rpc_clnt *get_clnt(struct net *net, bool global_clnt)
+{
+	struct rpc_clnt *clnt;
+	int err;
+
+	mutex_lock(&gssp_clnt_mutex);
+
+	if (global_clnt && gssp_clnt)
+		return gssp_clnt;
+
+	err = gssp_rpc_create(net, &clnt);
+	if (err) {
+		mutex_unlock(&gssp_clnt_mutex);
+		return NULL;
+	}
+	if (global_clnt)
+		gssp_clnt = clnt;
+
+	mutex_unlock(&gssp_clnt_mutex);
+	return clnt;
+}
+
+static void kill_clnt(struct rpc_clnt *clnt)
+{
+	BUG_ON(clnt == NULL);
+
+	mutex_lock(&gssp_clnt_mutex);
+
+	rpc_shutdown_client(clnt);
+	if (clnt == gssp_clnt)
+		gssp_clnt = NULL;
+
+	mutex_unlock(&gssp_clnt_mutex);
+}
+
+static int gssp_call(struct net *net, struct rpc_message *msg)
+{
+	struct rpc_clnt *clnt;
+	int status;
+
+	/* for now always create new one */
+	clnt = get_clnt(net, false);
+
+	status = rpc_call_sync(clnt, msg, 0);
+	if (status < 0) {
+		dprintk("gssp: rpc_call returned error %d\n", -status);
+		switch (status) {
+		case -EPROTONOSUPPORT:
+			status = -EINVAL;
+			break;
+		case -ECONNREFUSED:
+		case -ETIMEDOUT:
+		case -ENOTCONN:
+			status = -EAGAIN;
+			break;
+		case -ERESTARTSYS:
+			if (signalled ())
+				status = -EINTR;
+			break;
+		default:
+			break;
+		}
+	}
+
+	/* always kill connection for now */
+	kill_clnt(clnt);
+
+	return status;
+}
+
+
+/*
+ * Public functions
+ */
+
+/* numbers somewhat arbitrary but large enough for current needs */
+#define GSSX_MAX_OUT_HANDLE	128
+#define GSSX_MAX_MECH_OID	16
+#define GSSX_MAX_SRC_PRINC	256
+#define GSSX_KMEMBUF (GSSX_max_output_handle_sz + \
+			GSSX_max_oid_sz + \
+			GSSX_max_princ_sz + \
+			sizeof(struct svc_cred))
+
+int gssp_accept_sec_context_upcall(struct net *net,
+				struct gssp_upcall_data *data)
+{
+	struct gssx_arg_accept_sec_context arg;
+	struct gssx_res_accept_sec_context res;
+	struct gssx_ctx ctxh;
+	struct gssx_ctx rctxh;
+	struct gssx_cred delegcred;
+	struct rpc_message msg = {
+		.rpc_proc = &gssp_procedures[GSSX_ACCEPT_SEC_CONTEXT],
+		.rpc_argp = &arg,
+		.rpc_resp = &res,
+		.rpc_cred = NULL, /* FIXME ? */
+	};
+	struct xdr_netobj client_name = { 0 , NULL };
+	int ret;
+
+	/* fill in arg */
+	memset(&arg, 0, sizeof(arg));
+	if (data->in_handle.len != 0) {
+		memset(&ctxh, 0, sizeof(ctxh));
+		arg.context_handle = &ctxh;
+		ctxh.state = data->in_handle;
+	}
+	arg.input_token = data->in_token;
+
+	/* use nfs/ for targ_name ? */
+
+	/* prepare res */
+	memset(&res, 0, sizeof(res));
+	memset(&rctxh, 0, sizeof(rctxh));
+	res.context_handle = &rctxh;
+
+	/* pass in the max length we expect for each of these
+	 * buffers but let the xdr code kmalloc them */
+	rctxh.exported_context_token.len = GSSX_max_output_handle_sz;
+	rctxh.mech.len = GSSX_max_oid_sz;
+	rctxh.src_name.display_name.len = GSSX_max_princ_sz;
+
+	res.output_token = &data->out_token;
+	res.output_token->len = GSSX_max_output_token_sz;
+
+	/* we are never interested in delegated credentials */
+	memset(&delegcred, 0, sizeof(delegcred));
+	res.delegated_cred_handle = &delegcred;
+
+	/* make upcall */
+	ret = gssp_call(net, &msg);
+
+	/* we need to fetch all data even in case of error so
+	 * that we can free special strctures is they have been allocated */
+	data->major_status = res.status.major_status;
+	data->minor_status = res.status.minor_status;
+	if (res.context_handle) {
+		data->out_handle = rctxh.exported_context_token;
+		data->mech_oid = rctxh.mech;
+		client_name = rctxh.src_name.display_name;
+	}
+
+	if (res.options.count == 1) {
+		gssx_buffer *value = &res.options.data[0].value;
+		/* Currently we only decode CREDS_VALUE, if we add
+		 * anything else we'll have to loop and match on the
+		 * option name */
+		if (value->len == 1) {
+			/* steal group info from struct svc_cred */
+			data->creds = *(struct svc_cred *)value->data;
+			data->found_creds = 1;
+		}
+		/* whether we use it or not, free data */
+		kfree(value->data);
+	}
+
+	if (res.options.count != 0) {
+		kfree(res.options.data);
+	}
+
+	/* convert to GSS_NT_HOSTBASED_SERVICE form and set into creds */
+	if (data->found_creds && client_name.data != NULL) {
+		char *c;
+
+		data->creds.cr_principal = kstrndup(client_name.data,
+						client_name.len, GFP_KERNEL);
+		if (data->creds.cr_principal) {
+			/* terminate and remove realm part */
+			c = strchr(data->creds.cr_principal, '@');
+			if (c) {
+				*c = '\0';
+
+				/* change service-hostname delimiter */
+				c = strchr(data->creds.cr_principal, '/');
+				if (c) *c = '@';
+			}
+			if (!c) {
+				/* not a service principal */
+				kfree(data->creds.cr_principal);
+				data->creds.cr_principal = NULL;
+			}
+		}
+	}
+	kfree(client_name.data);
+
+	return ret;
+}
+
+void gssp_free_upcall_data(struct gssp_upcall_data *data)
+{
+	kfree(data->in_handle.data);
+	kfree(data->out_handle.data);
+	kfree(data->out_token.data);
+	kfree(data->mech_oid.data);
+	free_svc_cred(&data->creds);
+}
+
+/*
+ * Initialization stuff
+ */
+
+static const struct rpc_version gssp_version1 = {
+	.number		= GSSPROXY_VERS_1,
+	.nrprocs	= ARRAY_SIZE(gssp_procedures),
+	.procs		= gssp_procedures,
+};
+
+static const struct rpc_version *gssp_version[] = {
+	NULL,
+	&gssp_version1,
+};
+
+static struct rpc_stat gssp_stats;
+
+static const struct rpc_program gssp_program = {
+	.name		= "gssproxy",
+	.number		= GSSPROXY_PROGRAM,
+	.nrvers		= ARRAY_SIZE(gssp_version),
+	.version	= gssp_version,
+	.stats		= &gssp_stats,
+};
diff --git a/net/sunrpc/auth_gss/gss_rpc_upcall.h b/net/sunrpc/auth_gss/gss_rpc_upcall.h
new file mode 100644
index 0000000000000000000000000000000000000000..83aca5aedf52da29a9182678f3de3a8d5bee7056
--- /dev/null
+++ b/net/sunrpc/auth_gss/gss_rpc_upcall.h
@@ -0,0 +1,43 @@
+/*
+ *  linux/net/sunrpc/gss_rpc_upcall.h
+ *
+ *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef _GSS_RPC_UPCALL_H
+#define _GSS_RPC_UPCALL_H
+
+#include <linux/sunrpc/auth_gss.h>
+#include "gss_rpc_xdr.h"
+
+struct gssp_upcall_data {
+	struct xdr_netobj in_handle;
+	struct gssp_in_token in_token;
+	struct xdr_netobj out_handle;
+	struct xdr_netobj out_token;
+	struct xdr_netobj mech_oid;
+	struct svc_cred creds;
+	int found_creds;
+	int major_status;
+	int minor_status;
+};
+
+int gssp_accept_sec_context_upcall(struct net *net,
+				struct gssp_upcall_data *data);
+void gssp_free_upcall_data(struct gssp_upcall_data *data);
+
+#endif /* _GSS_RPC_UPCALL_H */
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
new file mode 100644
index 0000000000000000000000000000000000000000..bcffb9503ccba060e0d906a4c6dbdbfcebbaec81
--- /dev/null
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -0,0 +1,907 @@
+/*
+ * GSS Proxy upcall module
+ *
+ *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <linux/sunrpc/svcauth.h>
+#include "gss_rpc_xdr.h"
+
+static bool gssx_check_pointer(struct xdr_stream *xdr)
+{
+	__be32 *p;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	return *p?true:false;
+}
+
+static int gssx_enc_bool(struct xdr_stream *xdr, int v)
+{
+	__be32 *p;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	*p = v ? xdr_one : xdr_zero;
+	return 0;
+}
+
+static int gssx_dec_bool(struct xdr_stream *xdr, u32 *v)
+{
+	__be32 *p;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	*v = be32_to_cpu(*p);
+	return 0;
+}
+
+static int gssx_enc_buffer(struct xdr_stream *xdr,
+			   gssx_buffer *buf)
+{
+	__be32 *p;
+
+	p = xdr_reserve_space(xdr, sizeof(u32) + buf->len);
+	if (!p)
+		return -ENOSPC;
+	xdr_encode_opaque(p, buf->data, buf->len);
+	return 0;
+}
+
+static int gssx_enc_in_token(struct xdr_stream *xdr,
+			     struct gssp_in_token *in)
+{
+	__be32 *p;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (!p)
+		return -ENOSPC;
+	*p = cpu_to_be32(in->page_len);
+
+	/* all we need to do is to write pages */
+	xdr_write_pages(xdr, in->pages, in->page_base, in->page_len);
+
+	return 0;
+}
+
+
+static int gssx_dec_buffer(struct xdr_stream *xdr,
+			   gssx_buffer *buf)
+{
+	u32 length;
+	__be32 *p;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+
+	length = be32_to_cpup(p);
+	p = xdr_inline_decode(xdr, length);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+
+	if (buf->len == 0) {
+		/* we intentionally are not interested in this buffer */
+		return 0;
+	}
+	if (length > buf->len)
+		return -ENOSPC;
+
+	if (!buf->data) {
+		buf->data = kmemdup(p, length, GFP_KERNEL);
+		if (!buf->data)
+			return -ENOMEM;
+	} else {
+		memcpy(buf->data, p, length);
+	}
+	buf->len = length;
+	return 0;
+}
+
+static int gssx_enc_option(struct xdr_stream *xdr,
+			   struct gssx_option *opt)
+{
+	int err;
+
+	err = gssx_enc_buffer(xdr, &opt->option);
+	if (err)
+		return err;
+	err = gssx_enc_buffer(xdr, &opt->value);
+	return err;
+}
+
+static int gssx_dec_option(struct xdr_stream *xdr,
+			   struct gssx_option *opt)
+{
+	int err;
+
+	err = gssx_dec_buffer(xdr, &opt->option);
+	if (err)
+		return err;
+	err = gssx_dec_buffer(xdr, &opt->value);
+	return err;
+}
+
+static int dummy_enc_opt_array(struct xdr_stream *xdr,
+				struct gssx_option_array *oa)
+{
+	__be32 *p;
+
+	if (oa->count != 0)
+		return -EINVAL;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (!p)
+		return -ENOSPC;
+	*p = 0;
+
+	return 0;
+}
+
+static int dummy_dec_opt_array(struct xdr_stream *xdr,
+				struct gssx_option_array *oa)
+{
+	struct gssx_option dummy;
+	u32 count, i;
+	__be32 *p;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	count = be32_to_cpup(p++);
+	memset(&dummy, 0, sizeof(dummy));
+	for (i = 0; i < count; i++) {
+		gssx_dec_option(xdr, &dummy);
+	}
+
+	oa->count = 0;
+	oa->data = NULL;
+	return 0;
+}
+
+static int get_s32(void **p, void *max, s32 *res)
+{
+	void *base = *p;
+	void *next = (void *)((char *)base + sizeof(s32));
+	if (unlikely(next > max || next < base))
+		return -EINVAL;
+	memcpy(res, base, sizeof(s32));
+	*p = next;
+	return 0;
+}
+
+static int gssx_dec_linux_creds(struct xdr_stream *xdr,
+				struct svc_cred *creds)
+{
+	u32 length;
+	__be32 *p;
+	void *q, *end;
+	s32 tmp;
+	int N, i, err;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+
+	length = be32_to_cpup(p);
+
+	/* FIXME: we do not want to use the scratch buffer for this one
+	 * may need to use functions that allows us to access an io vector
+	 * directly */
+	p = xdr_inline_decode(xdr, length);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+
+	q = p;
+	end = q + length;
+
+	/* uid */
+	err = get_s32(&q, end, &tmp);
+	if (err)
+		return err;
+	creds->cr_uid = tmp;
+
+	/* gid */
+	err = get_s32(&q, end, &tmp);
+	if (err)
+		return err;
+	creds->cr_gid = tmp;
+
+	/* number of additional gid's */
+	err = get_s32(&q, end, &tmp);
+	if (err)
+		return err;
+	N = tmp;
+	creds->cr_group_info = groups_alloc(N);
+	if (creds->cr_group_info == NULL)
+		return -ENOMEM;
+
+	/* gid's */
+	for (i = 0; i < N; i++) {
+		err = get_s32(&q, end, &tmp);
+		if (err) {
+			groups_free(creds->cr_group_info);
+			return err;
+		}
+		GROUP_AT(creds->cr_group_info, i) = tmp;
+	}
+
+	return 0;
+}
+
+static int gssx_dec_option_array(struct xdr_stream *xdr,
+				 struct gssx_option_array *oa)
+{
+	struct svc_cred *creds;
+	u32 count, i;
+	__be32 *p;
+	int err;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	count = be32_to_cpup(p++);
+	if (count != 0) {
+		/* we recognize only 1 currently: CREDS_VALUE */
+		oa->count = 1;
+
+		oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL);
+		if (!oa->data)
+			return -ENOMEM;
+
+		creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
+		if (!creds) {
+			kfree(oa->data);
+			return -ENOMEM;
+		}
+
+		oa->data[0].option.data = CREDS_VALUE;
+		oa->data[0].option.len = sizeof(CREDS_VALUE);
+		oa->data[0].value.data = (void *)creds;
+		oa->data[0].value.len = 0;
+	}
+	for (i = 0; i < count; i++) {
+		gssx_buffer dummy = { 0, NULL };
+		u32 length;
+
+		/* option buffer */
+		p = xdr_inline_decode(xdr, 4);
+		if (unlikely(p == NULL))
+			return -ENOSPC;
+
+		length = be32_to_cpup(p);
+		p = xdr_inline_decode(xdr, length);
+		if (unlikely(p == NULL))
+			return -ENOSPC;
+
+		if (length == sizeof(CREDS_VALUE) &&
+		    memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) {
+			/* We have creds here. parse them */
+			err = gssx_dec_linux_creds(xdr, creds);
+			if (err)
+				return err;
+			oa->data[0].value.len = 1; /* presence */
+		} else {
+			/* consume uninteresting buffer */
+			err = gssx_dec_buffer(xdr, &dummy);
+			if (err)
+				return err;
+		}
+	}
+	return 0;
+}
+
+static int gssx_dec_status(struct xdr_stream *xdr,
+			   struct gssx_status *status)
+{
+	__be32 *p;
+	int err;
+
+	/* status->major_status */
+	p = xdr_inline_decode(xdr, 8);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	p = xdr_decode_hyper(p, &status->major_status);
+
+	/* status->mech */
+	err = gssx_dec_buffer(xdr, &status->mech);
+	if (err)
+		return err;
+
+	/* status->minor_status */
+	p = xdr_inline_decode(xdr, 8);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	p = xdr_decode_hyper(p, &status->minor_status);
+
+	/* status->major_status_string */
+	err = gssx_dec_buffer(xdr, &status->major_status_string);
+	if (err)
+		return err;
+
+	/* status->minor_status_string */
+	err = gssx_dec_buffer(xdr, &status->minor_status_string);
+	if (err)
+		return err;
+
+	/* status->server_ctx */
+	err = gssx_dec_buffer(xdr, &status->server_ctx);
+	if (err)
+		return err;
+
+	/* we assume we have no options for now, so simply consume them */
+	/* status->options */
+	err = dummy_dec_opt_array(xdr, &status->options);
+
+	return err;
+}
+
+static int gssx_enc_call_ctx(struct xdr_stream *xdr,
+			     struct gssx_call_ctx *ctx)
+{
+	struct gssx_option opt;
+	__be32 *p;
+	int err;
+
+	/* ctx->locale */
+	err = gssx_enc_buffer(xdr, &ctx->locale);
+	if (err)
+		return err;
+
+	/* ctx->server_ctx */
+	err = gssx_enc_buffer(xdr, &ctx->server_ctx);
+	if (err)
+		return err;
+
+	/* we always want to ask for lucid contexts */
+	/* ctx->options */
+	p = xdr_reserve_space(xdr, 4);
+	*p = cpu_to_be32(2);
+
+	/* we want a lucid_v1 context */
+	opt.option.data = LUCID_OPTION;
+	opt.option.len = sizeof(LUCID_OPTION);
+	opt.value.data = LUCID_VALUE;
+	opt.value.len = sizeof(LUCID_VALUE);
+	err = gssx_enc_option(xdr, &opt);
+
+	/* ..and user creds */
+	opt.option.data = CREDS_OPTION;
+	opt.option.len = sizeof(CREDS_OPTION);
+	opt.value.data = CREDS_VALUE;
+	opt.value.len = sizeof(CREDS_VALUE);
+	err = gssx_enc_option(xdr, &opt);
+
+	return err;
+}
+
+static int gssx_dec_name_attr(struct xdr_stream *xdr,
+			     struct gssx_name_attr *attr)
+{
+	int err;
+
+	/* attr->attr */
+	err = gssx_dec_buffer(xdr, &attr->attr);
+	if (err)
+		return err;
+
+	/* attr->value */
+	err = gssx_dec_buffer(xdr, &attr->value);
+	if (err)
+		return err;
+
+	/* attr->extensions */
+	err = dummy_dec_opt_array(xdr, &attr->extensions);
+
+	return err;
+}
+
+static int dummy_enc_nameattr_array(struct xdr_stream *xdr,
+				    struct gssx_name_attr_array *naa)
+{
+	__be32 *p;
+
+	if (naa->count != 0)
+		return -EINVAL;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (!p)
+		return -ENOSPC;
+	*p = 0;
+
+	return 0;
+}
+
+static int dummy_dec_nameattr_array(struct xdr_stream *xdr,
+				    struct gssx_name_attr_array *naa)
+{
+	struct gssx_name_attr dummy;
+	u32 count, i;
+	__be32 *p;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	count = be32_to_cpup(p++);
+	for (i = 0; i < count; i++) {
+		gssx_dec_name_attr(xdr, &dummy);
+	}
+
+	naa->count = 0;
+	naa->data = NULL;
+	return 0;
+}
+
+static int gssx_enc_name(struct xdr_stream *xdr,
+			 struct gssx_name *name)
+{
+	int err;
+
+	/* name->display_name */
+	err = gssx_enc_buffer(xdr, &name->display_name);
+	if (err)
+		return err;
+
+	/* name->name_type */
+	err = gssx_enc_buffer(xdr, &name->name_type);
+	if (err)
+		return err;
+
+	/* name->exported_name */
+	err = gssx_enc_buffer(xdr, &name->exported_name);
+	if (err)
+		return err;
+
+	/* name->exported_composite_name */
+	err = gssx_enc_buffer(xdr, &name->exported_composite_name);
+	if (err)
+		return err;
+
+	/* leave name_attributes empty for now, will add once we have any
+	 * to pass up at all */
+	/* name->name_attributes */
+	err = dummy_enc_nameattr_array(xdr, &name->name_attributes);
+	if (err)
+		return err;
+
+	/* leave options empty for now, will add once we have any options
+	 * to pass up at all */
+	/* name->extensions */
+	err = dummy_enc_opt_array(xdr, &name->extensions);
+
+	return err;
+}
+
+static int gssx_dec_name(struct xdr_stream *xdr,
+			 struct gssx_name *name)
+{
+	int err;
+
+	/* name->display_name */
+	err = gssx_dec_buffer(xdr, &name->display_name);
+	if (err)
+		return err;
+
+	/* name->name_type */
+	err = gssx_dec_buffer(xdr, &name->name_type);
+	if (err)
+		return err;
+
+	/* name->exported_name */
+	err = gssx_dec_buffer(xdr, &name->exported_name);
+	if (err)
+		return err;
+
+	/* name->exported_composite_name */
+	err = gssx_dec_buffer(xdr, &name->exported_composite_name);
+	if (err)
+		return err;
+
+	/* we assume we have no attributes for now, so simply consume them */
+	/* name->name_attributes */
+	err = dummy_dec_nameattr_array(xdr, &name->name_attributes);
+	if (err)
+		return err;
+
+	/* we assume we have no options for now, so simply consume them */
+	/* name->extensions */
+	err = dummy_dec_opt_array(xdr, &name->extensions);
+
+	return err;
+}
+
+static int gssx_dec_cred_element(struct xdr_stream *xdr,
+				 struct gssx_cred_element *el)
+{
+	__be32 *p;
+	int err;
+
+	/* el->MN */
+	err = gssx_dec_name(xdr, &el->MN);
+	if (err)
+		return err;
+
+	/* el->mech */
+	err = gssx_dec_buffer(xdr, &el->mech);
+	if (err)
+		return err;
+
+	/* el->cred_usage */
+	p = xdr_inline_decode(xdr, 4+8+8);
+	if (!p)
+		return -ENOSPC;
+	el->cred_usage = be32_to_cpup(p++);
+
+	/* el->initiator_time_rec */
+	p = xdr_decode_hyper(p, &el->initiator_time_rec);
+
+	/* el->acceptor_time_rec */
+	p = xdr_decode_hyper(p, &el->initiator_time_rec);
+
+	/* we assume we have no options for now, so simply consume them */
+	/* el->options */
+	err = dummy_dec_opt_array(xdr, &el->options);
+
+	return err;
+}
+
+static int dummy_enc_credel_array(struct xdr_stream *xdr,
+				  struct gssx_cred_element_array *cea)
+{
+	__be32 *p;
+
+	if (cea->count != 0)
+		return -EINVAL;
+
+	p = xdr_reserve_space(xdr, 4);
+	if (!p)
+		return -ENOSPC;
+	*p = 0;
+
+	return 0;
+}
+
+static int dummy_dec_credel_array(struct xdr_stream *xdr,
+				  struct gssx_cred_element_array *cea)
+{
+	struct gssx_cred_element dummy;
+	u32 count, i;
+	__be32 *p;
+
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	count = be32_to_cpup(p++);
+	for (i = 0; i < count; i++) {
+		gssx_dec_cred_element(xdr, &dummy);
+	}
+
+	cea->count = 0;
+	cea->data = NULL;
+	return 0;
+}
+
+static int gssx_enc_cred(struct xdr_stream *xdr,
+			 struct gssx_cred *cred)
+{
+	int err;
+
+	/* cred->desired_name */
+	err = gssx_enc_name(xdr, &cred->desired_name);
+	if (err)
+		return err;
+
+	/* cred->elements */
+	err = dummy_enc_credel_array(xdr, &cred->elements);
+
+	/* cred->cred_handle_reference */
+	err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
+	if (err)
+		return err;
+
+	/* cred->needs_release */
+	err = gssx_enc_bool(xdr, cred->needs_release);
+
+	return err;
+}
+
+static int gssx_dec_cred(struct xdr_stream *xdr,
+			 struct gssx_cred *cred)
+{
+	int err;
+
+	/* cred->desired_name */
+	err = gssx_dec_name(xdr, &cred->desired_name);
+	if (err)
+		return err;
+
+	/* cred->elements */
+	err = dummy_dec_credel_array(xdr, &cred->elements);
+
+	/* cred->cred_handle_reference */
+	err = gssx_dec_buffer(xdr, &cred->cred_handle_reference);
+	if (err)
+		return err;
+
+	/* cred->needs_release */
+	err = gssx_dec_bool(xdr, &cred->needs_release);
+
+	return err;
+}
+
+static int gssx_enc_ctx(struct xdr_stream *xdr,
+			struct gssx_ctx *ctx)
+{
+	__be32 *p;
+	int err;
+
+	/* ctx->exported_context_token */
+	err = gssx_enc_buffer(xdr, &ctx->exported_context_token);
+	if (err)
+		return err;
+
+	/* ctx->state */
+	err = gssx_enc_buffer(xdr, &ctx->state);
+	if (err)
+		return err;
+
+	/* ctx->need_release */
+	err = gssx_enc_bool(xdr, ctx->need_release);
+	if (err)
+		return err;
+
+	/* ctx->mech */
+	err = gssx_enc_buffer(xdr, &ctx->mech);
+	if (err)
+		return err;
+
+	/* ctx->src_name */
+	err = gssx_enc_name(xdr, &ctx->src_name);
+	if (err)
+		return err;
+
+	/* ctx->targ_name */
+	err = gssx_enc_name(xdr, &ctx->targ_name);
+	if (err)
+		return err;
+
+	/* ctx->lifetime */
+	p = xdr_reserve_space(xdr, 8+8);
+	if (!p)
+		return -ENOSPC;
+	p = xdr_encode_hyper(p, ctx->lifetime);
+
+	/* ctx->ctx_flags */
+	p = xdr_encode_hyper(p, ctx->ctx_flags);
+
+	/* ctx->locally_initiated */
+	err = gssx_enc_bool(xdr, ctx->locally_initiated);
+	if (err)
+		return err;
+
+	/* ctx->open */
+	err = gssx_enc_bool(xdr, ctx->open);
+	if (err)
+		return err;
+
+	/* leave options empty for now, will add once we have any options
+	 * to pass up at all */
+	/* ctx->options */
+	err = dummy_enc_opt_array(xdr, &ctx->options);
+
+	return err;
+}
+
+static int gssx_dec_ctx(struct xdr_stream *xdr,
+			struct gssx_ctx *ctx)
+{
+	__be32 *p;
+	int err;
+
+	/* ctx->exported_context_token */
+	err = gssx_dec_buffer(xdr, &ctx->exported_context_token);
+	if (err)
+		return err;
+
+	/* ctx->state */
+	err = gssx_dec_buffer(xdr, &ctx->state);
+	if (err)
+		return err;
+
+	/* ctx->need_release */
+	err = gssx_dec_bool(xdr, &ctx->need_release);
+	if (err)
+		return err;
+
+	/* ctx->mech */
+	err = gssx_dec_buffer(xdr, &ctx->mech);
+	if (err)
+		return err;
+
+	/* ctx->src_name */
+	err = gssx_dec_name(xdr, &ctx->src_name);
+	if (err)
+		return err;
+
+	/* ctx->targ_name */
+	err = gssx_dec_name(xdr, &ctx->targ_name);
+	if (err)
+		return err;
+
+	/* ctx->lifetime */
+	p = xdr_inline_decode(xdr, 8+8);
+	if (unlikely(p == NULL))
+		return -ENOSPC;
+	p = xdr_decode_hyper(p, &ctx->lifetime);
+
+	/* ctx->ctx_flags */
+	p = xdr_decode_hyper(p, &ctx->ctx_flags);
+
+	/* ctx->locally_initiated */
+	err = gssx_dec_bool(xdr, &ctx->locally_initiated);
+	if (err)
+		return err;
+
+	/* ctx->open */
+	err = gssx_dec_bool(xdr, &ctx->open);
+	if (err)
+		return err;
+
+	/* we assume we have no options for now, so simply consume them */
+	/* ctx->options */
+	err = dummy_dec_opt_array(xdr, &ctx->options);
+
+	return err;
+}
+
+static int gssx_enc_cb(struct xdr_stream *xdr, struct gssx_cb *cb)
+{
+	__be32 *p;
+	int err;
+
+	/* cb->initiator_addrtype */
+	p = xdr_reserve_space(xdr, 8);
+	if (!p)
+		return -ENOSPC;
+	p = xdr_encode_hyper(p, cb->initiator_addrtype);
+
+	/* cb->initiator_address */
+	err = gssx_enc_buffer(xdr, &cb->initiator_address);
+	if (err)
+		return err;
+
+	/* cb->acceptor_addrtype */
+	p = xdr_reserve_space(xdr, 8);
+	if (!p)
+		return -ENOSPC;
+	p = xdr_encode_hyper(p, cb->acceptor_addrtype);
+
+	/* cb->acceptor_address */
+	err = gssx_enc_buffer(xdr, &cb->acceptor_address);
+	if (err)
+		return err;
+
+	/* cb->application_data */
+	err = gssx_enc_buffer(xdr, &cb->application_data);
+
+	return err;
+}
+
+void gssx_enc_accept_sec_context(struct rpc_rqst *req,
+				 struct xdr_stream *xdr,
+				 struct gssx_arg_accept_sec_context *arg)
+{
+	int err;
+
+	err = gssx_enc_call_ctx(xdr, &arg->call_ctx);
+	if (err)
+		goto done;
+
+	/* arg->context_handle */
+	if (arg->context_handle) {
+		err = gssx_enc_ctx(xdr, arg->context_handle);
+		if (err)
+			goto done;
+	} else {
+		err = gssx_enc_bool(xdr, 0);
+	}
+
+	/* arg->cred_handle */
+	if (arg->cred_handle) {
+		err = gssx_enc_cred(xdr, arg->cred_handle);
+		if (err)
+			goto done;
+	} else {
+		err = gssx_enc_bool(xdr, 0);
+	}
+
+	/* arg->input_token */
+	err = gssx_enc_in_token(xdr, &arg->input_token);
+	if (err)
+		goto done;
+
+	/* arg->input_cb */
+	if (arg->input_cb) {
+		err = gssx_enc_cb(xdr, arg->input_cb);
+		if (err)
+			goto done;
+	} else {
+		err = gssx_enc_bool(xdr, 0);
+	}
+
+	err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
+	if (err)
+		goto done;
+
+	/* leave options empty for now, will add once we have any options
+	 * to pass up at all */
+	/* arg->options */
+	err = dummy_enc_opt_array(xdr, &arg->options);
+
+done:
+	if (err)
+		dprintk("RPC:       gssx_enc_accept_sec_context: %d\n", err);
+}
+
+int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
+				struct xdr_stream *xdr,
+				struct gssx_res_accept_sec_context *res)
+{
+	int err;
+
+	/* res->status */
+	err = gssx_dec_status(xdr, &res->status);
+	if (err)
+		return err;
+
+	/* res->context_handle */
+	if (gssx_check_pointer(xdr)) {
+		err = gssx_dec_ctx(xdr, res->context_handle);
+		if (err)
+			return err;
+	} else {
+		res->context_handle = NULL;
+	}
+
+	/* res->output_token */
+	if (gssx_check_pointer(xdr)) {
+		err = gssx_dec_buffer(xdr, res->output_token);
+		if (err)
+			return err;
+	} else {
+		res->output_token = NULL;
+	}
+
+	/* res->delegated_cred_handle */
+	if (gssx_check_pointer(xdr)) {
+		err = gssx_dec_cred(xdr, res->delegated_cred_handle);
+		if (err)
+			return err;
+	} else {
+		res->delegated_cred_handle = NULL;
+	}
+
+	/* we assume we have no options for now, so simply consume them */
+	/* res->options */
+	err = gssx_dec_option_array(xdr, &res->options);
+
+	return err;
+}
+
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.h b/net/sunrpc/auth_gss/gss_rpc_xdr.h
new file mode 100644
index 0000000000000000000000000000000000000000..9256a5836474fef952ab12d3b27e03bb4d0f20ea
--- /dev/null
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.h
@@ -0,0 +1,269 @@
+/*
+ * GSS Proxy upcall module
+ *
+ *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef _LINUX_GSS_RPC_XDR_H
+#define _LINUX_GSS_RPC_XDR_H
+
+#include <linux/sunrpc/xdr.h>
+#include <linux/sunrpc/clnt.h>
+#include <linux/sunrpc/xprtsock.h>
+
+#ifdef RPC_DEBUG
+# define RPCDBG_FACILITY	RPCDBG_AUTH
+#endif
+
+#define LUCID_OPTION "exported_context_type"
+#define LUCID_VALUE  "linux_lucid_v1"
+#define CREDS_OPTION "exported_creds_type"
+#define CREDS_VALUE  "linux_creds_v1"
+
+typedef struct xdr_netobj gssx_buffer;
+typedef struct xdr_netobj utf8string;
+typedef struct xdr_netobj gssx_OID;
+
+enum gssx_cred_usage {
+	GSSX_C_INITIATE = 1,
+	GSSX_C_ACCEPT = 2,
+	GSSX_C_BOTH = 3,
+};
+
+struct gssx_option {
+	gssx_buffer option;
+	gssx_buffer value;
+};
+
+struct gssx_option_array {
+	u32 count;
+	struct gssx_option *data;
+};
+
+struct gssx_status {
+	u64 major_status;
+	gssx_OID mech;
+	u64 minor_status;
+	utf8string major_status_string;
+	utf8string minor_status_string;
+	gssx_buffer server_ctx;
+	struct gssx_option_array options;
+};
+
+struct gssx_call_ctx {
+	utf8string locale;
+	gssx_buffer server_ctx;
+	struct gssx_option_array options;
+};
+
+struct gssx_name_attr {
+	gssx_buffer attr;
+	gssx_buffer value;
+	struct gssx_option_array extensions;
+};
+
+struct gssx_name_attr_array {
+	u32 count;
+	struct gssx_name_attr *data;
+};
+
+struct gssx_name {
+	gssx_buffer display_name;
+	gssx_OID name_type;
+	gssx_buffer exported_name;
+	gssx_buffer exported_composite_name;
+	struct gssx_name_attr_array name_attributes;
+	struct gssx_option_array extensions;
+};
+typedef struct gssx_name gssx_name;
+
+struct gssx_cred_element {
+	gssx_name MN;
+	gssx_OID mech;
+	u32 cred_usage;
+	u64 initiator_time_rec;
+	u64 acceptor_time_rec;
+	struct gssx_option_array options;
+};
+
+struct gssx_cred_element_array {
+	u32 count;
+	struct gssx_cred_element *data;
+};
+
+struct gssx_cred {
+	gssx_name desired_name;
+	struct gssx_cred_element_array elements;
+	gssx_buffer cred_handle_reference;
+	u32 needs_release;
+};
+
+struct gssx_ctx {
+	gssx_buffer exported_context_token;
+	gssx_buffer state;
+	u32 need_release;
+	gssx_OID mech;
+	gssx_name src_name;
+	gssx_name targ_name;
+	u64 lifetime;
+	u64 ctx_flags;
+	u32 locally_initiated;
+	u32 open;
+	struct gssx_option_array options;
+};
+
+struct gssx_cb {
+	u64 initiator_addrtype;
+	gssx_buffer initiator_address;
+	u64 acceptor_addrtype;
+	gssx_buffer acceptor_address;
+	gssx_buffer application_data;
+};
+
+
+/* This structure is not defined in the protocol.
+ * It is used in the kernel to carry around a big buffer
+ * as a set of pages */
+struct gssp_in_token {
+	struct page **pages;	/* Array of contiguous pages */
+	unsigned int page_base;	/* Start of page data */
+	unsigned int page_len;	/* Length of page data */
+};
+
+struct gssx_arg_accept_sec_context {
+	struct gssx_call_ctx call_ctx;
+	struct gssx_ctx *context_handle;
+	struct gssx_cred *cred_handle;
+	struct gssp_in_token input_token;
+	struct gssx_cb *input_cb;
+	u32 ret_deleg_cred;
+	struct gssx_option_array options;
+};
+
+struct gssx_res_accept_sec_context {
+	struct gssx_status status;
+	struct gssx_ctx *context_handle;
+	gssx_buffer *output_token;
+	struct gssx_cred *delegated_cred_handle;
+	struct gssx_option_array options;
+};
+
+
+
+#define gssx_enc_indicate_mechs NULL
+#define gssx_dec_indicate_mechs NULL
+#define gssx_enc_get_call_context NULL
+#define gssx_dec_get_call_context NULL
+#define gssx_enc_import_and_canon_name NULL
+#define gssx_dec_import_and_canon_name NULL
+#define gssx_enc_export_cred NULL
+#define gssx_dec_export_cred NULL
+#define gssx_enc_import_cred NULL
+#define gssx_dec_import_cred NULL
+#define gssx_enc_acquire_cred NULL
+#define gssx_dec_acquire_cred NULL
+#define gssx_enc_store_cred NULL
+#define gssx_dec_store_cred NULL
+#define gssx_enc_init_sec_context NULL
+#define gssx_dec_init_sec_context NULL
+void gssx_enc_accept_sec_context(struct rpc_rqst *req,
+				 struct xdr_stream *xdr,
+				 struct gssx_arg_accept_sec_context *args);
+int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
+				struct xdr_stream *xdr,
+				struct gssx_res_accept_sec_context *res);
+#define gssx_enc_release_handle NULL
+#define gssx_dec_release_handle NULL
+#define gssx_enc_get_mic NULL
+#define gssx_dec_get_mic NULL
+#define gssx_enc_verify NULL
+#define gssx_dec_verify NULL
+#define gssx_enc_wrap NULL
+#define gssx_dec_wrap NULL
+#define gssx_enc_unwrap NULL
+#define gssx_dec_unwrap NULL
+#define gssx_enc_wrap_size_limit NULL
+#define gssx_dec_wrap_size_limit NULL
+
+/* non implemented calls are set to 0 size */
+#define GSSX_ARG_indicate_mechs_sz 0
+#define GSSX_RES_indicate_mechs_sz 0
+#define GSSX_ARG_get_call_context_sz 0
+#define GSSX_RES_get_call_context_sz 0
+#define GSSX_ARG_import_and_canon_name_sz 0
+#define GSSX_RES_import_and_canon_name_sz 0
+#define GSSX_ARG_export_cred_sz 0
+#define GSSX_RES_export_cred_sz 0
+#define GSSX_ARG_import_cred_sz 0
+#define GSSX_RES_import_cred_sz 0
+#define GSSX_ARG_acquire_cred_sz 0
+#define GSSX_RES_acquire_cred_sz 0
+#define GSSX_ARG_store_cred_sz 0
+#define GSSX_RES_store_cred_sz 0
+#define GSSX_ARG_init_sec_context_sz 0
+#define GSSX_RES_init_sec_context_sz 0
+
+#define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \
+			8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \
+			8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE))
+#define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \
+					4 + 4 + 4)
+#define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */
+#define GSSX_default_in_token_sz 4 /* does *not* include token data */
+#define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */
+#define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \
+					GSSX_default_in_ctx_hndl_sz + \
+					GSSX_default_in_cred_sz + \
+					GSSX_default_in_token_sz + \
+					GSSX_default_in_cb_sz + \
+					4 /* no deleg creds boolean */ + \
+					4) /* empty options */
+
+/* somewhat arbitrary numbers but large enough (we ignore some of the data
+ * sent down, but it is part of the protocol so we need enough space to take
+ * it in) */
+#define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4
+#define GSSX_max_output_handle_sz 128
+#define GSSX_max_oid_sz 16
+#define GSSX_max_princ_sz 256
+#define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \
+			     16 + 4 + GSSX_max_oid_sz + \
+			     2 * GSSX_max_princ_sz + \
+			     8 + 8 + 4 + 4 + 4)
+#define GSSX_max_output_token_sz 1024
+#define GSSX_max_creds_sz (4 + 4 + 4 + NGROUPS_MAX * 4)
+#define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
+					GSSX_default_ctx_sz + \
+					GSSX_max_output_token_sz + \
+					4 + GSSX_max_creds_sz)
+
+#define GSSX_ARG_release_handle_sz 0
+#define GSSX_RES_release_handle_sz 0
+#define GSSX_ARG_get_mic_sz 0
+#define GSSX_RES_get_mic_sz 0
+#define GSSX_ARG_verify_sz 0
+#define GSSX_RES_verify_sz 0
+#define GSSX_ARG_wrap_sz 0
+#define GSSX_RES_wrap_sz 0
+#define GSSX_ARG_unwrap_sz 0
+#define GSSX_RES_unwrap_sz 0
+#define GSSX_ARG_wrap_size_limit_sz 0
+#define GSSX_RES_wrap_size_limit_sz 0
+
+
+
+#endif /* _LINUX_GSS_RPC_XDR_H */
-- 
1.7.7.6

[PATCH 4/4] SUNRPC: Use gssproxy upcall for nfsd's RPCGSS authentication.

[Simo Sorce]

The main advantge of this new upcall mechanism is that it can handle
big tickets as seen in Kerberos implementations where tickets carry
authorization data like the MS-PAC buffer with AD or the Posix Authorization
Data being discussed in IETF on the krbwg working group.

The Gssproxy program is used to perform the accept_sec_context call on the
kernel's behalf. The code is changed to also pass the input buffer straight
to upcall mechanism to avoid allocating and copying many pages as tokens can
be as big (potentially more in future) as 64KiB.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 include/linux/sunrpc/auth_gss.h    |    3 +
 include/linux/sunrpc/svcauth_gss.h |    2 +-
 net/sunrpc/auth_gss/auth_gss.c     |    9 ++-
 net/sunrpc/auth_gss/svcauth_gss.c  |  223 +++++++++++++++++++++++++++++++++--
 4 files changed, 222 insertions(+), 15 deletions(-)

diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index f1cfd4c85cd047c4b2fadd367eeb819aabc57d29..eb2670f6cf9113f1b4c161b9deda05ee4757fa85 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -19,6 +19,9 @@
 
 #define RPC_GSS_VERSION		1
 
+#define GSS_UPCALL_LEGACY	0
+#define GSS_UPCALL_GSSPROXY	1
+
 #define MAXSEQ 0x80000000 /* maximum legal sequence number, from rfc 2203 */
 
 enum rpc_gss_proc {
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h
index 726aff1a52011fcdfd3ab1e11b8a82ff1dbea703..7baccfcc6547ca738cb90063bf07c85c418f4874 100644
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -16,7 +16,7 @@
 #include <linux/sunrpc/svcsock.h>
 #include <linux/sunrpc/auth_gss.h>
 
-int gss_svc_init(void);
+int gss_svc_init(unsigned int upcall_type);
 void gss_svc_shutdown(void);
 int gss_svc_init_net(struct net *net);
 void gss_svc_shutdown_net(struct net *net);
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 836cbecb1947235d38c62eadf79ae96ad73906e6..97fe72609387cb8b948bc3aa4d14db4956138d3c 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -60,6 +60,8 @@ static const struct rpc_credops gss_nullops;
 #define GSS_RETRY_EXPIRED 5
 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
 
+static unsigned int gss_upcall_daemon_type = GSS_UPCALL_LEGACY;
+
 #ifdef RPC_DEBUG
 # define RPCDBG_FACILITY	RPCDBG_AUTH
 #endif
@@ -1687,7 +1689,7 @@ static int __init init_rpcsec_gss(void)
 	err = rpcauth_register(&authgss_ops);
 	if (err)
 		goto out;
-	err = gss_svc_init();
+	err = gss_svc_init(gss_upcall_daemon_type);
 	if (err)
 		goto out_unregister;
 	err = register_pernet_subsys(&rpcsec_gss_net_ops);
@@ -1717,6 +1719,11 @@ module_param_named(expired_cred_retry_delay,
 		   uint, 0644);
 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
 		"the RPC engine retries an expired credential");
+module_param_named(upcall_daemon_type,
+		   gss_upcall_daemon_type,
+		   uint, 0644);
+MODULE_PARM_DESC(upcall_daemon_type, "Type of svcgss upcall daemon used "
+		"(legacy=0 or gssproxy=1)");
 
 module_init(init_rpcsec_gss)
 module_exit(exit_rpcsec_gss)
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 5008672f920e8bdda6a4753bd7c7262a90d11eab..57b04cb741b840de773ed2cbb75a1245a7968ebe 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -47,6 +47,7 @@
 #include <linux/sunrpc/svcauth.h>
 #include <linux/sunrpc/svcauth_gss.h>
 #include <linux/sunrpc/cache.h>
+#include "gss_rpc_upcall.h"
 
 #include "../netns.h"
 
@@ -54,6 +55,8 @@
 # define RPCDBG_FACILITY	RPCDBG_AUTH
 #endif
 
+static bool use_gssp = false;
+
 /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests
  * into replies.
  *
@@ -551,6 +554,7 @@ static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct r
 }
 
 
+
 static struct rsc *
 gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle)
 {
@@ -971,13 +975,10 @@ gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
 }
 
 static inline int
-gss_read_verf(struct rpc_gss_wire_cred *gc,
-	      struct kvec *argv, __be32 *authp,
-	      struct xdr_netobj *in_handle,
-	      struct xdr_netobj *in_token)
+gss_read_common_verf(struct rpc_gss_wire_cred *gc,
+		     struct kvec *argv, __be32 *authp,
+		     struct xdr_netobj *in_handle)
 {
-	struct xdr_netobj tmpobj;
-
 	/* Read the verifier; should be NULL: */
 	*authp = rpc_autherr_badverf;
 	if (argv->iov_len < 2 * 4)
@@ -993,6 +994,23 @@ gss_read_verf(struct rpc_gss_wire_cred *gc,
 	if (dup_netobj(in_handle, &gc->gc_ctx))
 		return SVC_CLOSE;
 	*authp = rpc_autherr_badverf;
+
+	return 0;
+}
+
+static inline int
+gss_read_verf(struct rpc_gss_wire_cred *gc,
+	      struct kvec *argv, __be32 *authp,
+	      struct xdr_netobj *in_handle,
+	      struct xdr_netobj *in_token)
+{
+	struct xdr_netobj tmpobj;
+	int res;
+
+	res = gss_read_common_verf(gc, argv, authp, in_handle);
+	if (res)
+		return res;
+
 	if (svc_safe_getnetobj(argv, &tmpobj)) {
 		kfree(in_handle->data);
 		return SVC_DENIED;
@@ -1005,6 +1023,40 @@ gss_read_verf(struct rpc_gss_wire_cred *gc,
 	return 0;
 }
 
+/* Ok this is really heavily depending on a set of semantics in
+ * how rqstp is set up by svc_recv and pages laid down by the
+ * server when reading a request. We are basically guaranteed that
+ * the token lays all down linearly across a set of pages, starting
+ * at iov_base in rq_arg.head[0] which happens to be the first of a
+ * set of pages stored in rq_pages[].
+ * rq_arg.head[0].iov_base will provide us the page_base to pass
+ * to the upcall.
+ */
+static inline int
+gss_read_proxy_verf(struct svc_rqst *rqstp,
+		    struct rpc_gss_wire_cred *gc, __be32 *authp,
+		    struct xdr_netobj *in_handle,
+		    struct gssp_in_token *in_token)
+{
+	struct kvec *argv = &rqstp->rq_arg.head[0];
+	u32 inlen;
+	int res;
+
+	res = gss_read_common_verf(gc, argv, authp, in_handle);
+	if (res)
+		return res;
+
+	inlen = svc_getnl(argv);
+	if (inlen > (argv->iov_len + rqstp->rq_arg.page_len))
+		return SVC_DENIED;
+
+	in_token->pages = rqstp->rq_pages;
+	in_token->page_base = (ulong)argv->iov_base & ~PAGE_MASK;
+	in_token->page_len = inlen;
+
+	return 0;
+}
+
 static inline int
 gss_write_resv(struct kvec *resv, size_t size_limit,
 	       struct xdr_netobj *out_handle, struct xdr_netobj *out_token,
@@ -1032,7 +1084,7 @@ gss_write_resv(struct kvec *resv, size_t size_limit,
  * the upcall results are available, write the verifier and result.
  * Otherwise, drop the request pending an answer to the upcall.
  */
-static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
+static int svcauth_gss_legacy_init(struct svc_rqst *rqstp,
 			struct rpc_gss_wire_cred *gc, __be32 *authp)
 {
 	struct kvec *argv = &rqstp->rq_arg.head[0];
@@ -1072,6 +1124,134 @@ out:
 	return ret;
 }
 
+static int gss_proxy_save_rsc(struct cache_detail *cd,
+				struct gssp_upcall_data *ud,
+				uint64_t *handle)
+{
+	struct rsc rsci, *rscp = NULL;
+	static atomic64_t ctxhctr;
+	long long ctxh;
+	struct gss_api_mech *gm = NULL;
+	time_t expiry;
+	int status = -EINVAL;
+
+	memset(&rsci, 0, sizeof(rsci));
+	/* context handle */
+	status = -ENOMEM;
+	/* the handle needs to be just a unique id,
+	 * use a static counter */
+	ctxh = atomic64_inc_return(&ctxhctr);
+
+	/* make a copy for the caller */
+	*handle = ctxh;
+
+	/* make a copy for the rsc cache */
+	if (dup_to_netobj(&rsci.handle, (char *)handle, sizeof(uint64_t)))
+		goto out;
+	rscp = rsc_lookup(cd, &rsci);
+	if (!rscp)
+		goto out;
+
+	/* creds */
+	if (!ud->found_creds) {
+		/* userspace seem buggy, we should always get at least a
+		 * mapping to nobody */
+		dprintk("RPC:       No creds found, marking Negative!\n");
+		set_bit(CACHE_NEGATIVE, &rsci.h.flags);
+	} else {
+
+		/* steal creds */
+		rsci.cred = ud->creds;
+		memset(&ud->creds, 0, sizeof(struct svc_cred));
+
+		status = -EOPNOTSUPP;
+		/* get mech handle from OID */
+		gm = gss_mech_get_by_OID(&ud->mech_oid);
+		if (!gm)
+			goto out;
+
+		status = -EINVAL;
+		/* mech-specific data: */
+		status = gss_import_sec_context(ud->out_handle.data,
+						ud->out_handle.len,
+						gm, &rsci.mechctx,
+						&expiry, GFP_KERNEL);
+		if (status)
+			goto out;
+	}
+
+	rsci.h.expiry_time = expiry;
+	rscp = rsc_update(cd, &rsci, rscp);
+	status = 0;
+out:
+	gss_mech_put(gm);
+	rsc_free(&rsci);
+	if (rscp)
+		cache_put(&rscp->h, cd);
+	else
+		status = -ENOMEM;
+	return status;
+}
+
+static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
+			struct rpc_gss_wire_cred *gc, __be32 *authp)
+{
+	struct kvec *resv = &rqstp->rq_res.head[0];
+	struct xdr_netobj cli_handle;
+	struct gssp_upcall_data ud;
+	uint64_t handle;
+	int status;
+	int ret;
+	struct net *net = rqstp->rq_xprt->xpt_net;
+	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
+
+	memset(&ud, 0, sizeof(ud));
+	ret = gss_read_proxy_verf(rqstp, gc, authp,
+				  &ud.in_handle, &ud.in_token);
+	if (ret)
+		return ret;
+
+	ret = SVC_CLOSE;
+
+	/* Perform synchronous upcall to gss-proxy */
+	status = gssp_accept_sec_context_upcall(net, &ud);
+	if (status)
+		goto out;
+
+	dprintk("RPC:       svcauth_gss: gss major status = %d\n",
+			ud.major_status);
+
+	switch (ud.major_status) {
+	case GSS_S_CONTINUE_NEEDED:
+		cli_handle = ud.out_handle;
+		break;
+	case GSS_S_COMPLETE:
+		status = gss_proxy_save_rsc(sn->rsc_cache, &ud, &handle);
+		if (status)
+			goto out;
+		cli_handle.data = (u8 *)&handle;
+		cli_handle.len = sizeof(handle);
+		break;
+	default:
+		ret = SVC_CLOSE;
+		goto out;
+	}
+
+	/* Got an answer to the upcall; use it: */
+	if (gss_write_init_verf(sn->rsc_cache, rqstp,
+				&cli_handle, &ud.major_status))
+		goto out;
+	if (gss_write_resv(resv, PAGE_SIZE,
+			   &cli_handle, &ud.out_token,
+			   ud.major_status, ud.minor_status))
+		goto out;
+
+	ret = SVC_COMPLETE;
+out:
+	gssp_free_upcall_data(&ud);
+	return ret;
+}
+
 /*
  * Accept an rpcsec packet.
  * If context establishment, punt to user space
@@ -1138,7 +1318,10 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
 	switch (gc->gc_proc) {
 	case RPC_GSS_PROC_INIT:
 	case RPC_GSS_PROC_CONTINUE_INIT:
-		return svcauth_gss_handle_init(rqstp, gc, authp);
+		if (use_gssp)
+			return svcauth_gss_proxy_init(rqstp, gc, authp);
+		else
+			return svcauth_gss_legacy_init(rqstp, gc, authp);
 	case RPC_GSS_PROC_DATA:
 	case RPC_GSS_PROC_DESTROY:
 		/* Look up the context, and check the verifier: */
@@ -1510,9 +1693,12 @@ gss_svc_init_net(struct net *net)
 	rv = rsc_cache_create_net(net);
 	if (rv)
 		return rv;
-	rv = rsi_cache_create_net(net);
-	if (rv)
-		goto out1;
+	if (!use_gssp) {
+		rv = rsi_cache_create_net(net);
+		if (rv)
+			goto out1;
+	}
+
 	return 0;
 out1:
 	rsc_cache_destroy_net(net);
@@ -1522,13 +1708,24 @@ out1:
 void
 gss_svc_shutdown_net(struct net *net)
 {
-	rsi_cache_destroy_net(net);
+	if (!use_gssp)
+		rsi_cache_destroy_net(net);
 	rsc_cache_destroy_net(net);
 }
 
 int
-gss_svc_init(void)
+gss_svc_init(unsigned int upcall_type)
 {
+	switch (upcall_type) {
+	case GSS_UPCALL_LEGACY:
+		break;
+	case GSS_UPCALL_GSSPROXY:
+		dprintk("RPC:       svcauth_gss: Initializing for use with gss-proxy\n");
+		use_gssp = true;
+		break;
+	default:
+		return -EINVAL;
+	}
 	return svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss);
 }
 
-- 
1.7.7.6

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> This patchset implements a new upcall mechanism that uses the sunrpc
> client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> operations on behalf of other processes on the system.
> 
> The main driver for this new mechanism is to overcome limitations with
> the current daemon and upcall. The current code cannot handle tickets
> larger than approximatively 2k and cannot handle sending back large user
> credential sets to the kernel.
> 
> These patches have been tested against the development version of gssproxy
> tagged as kernel_v0.1 in the master repo[2].
> 
> I have tested walking into mountpoints using tickets artificially pumped
> up to 64k and the user is properly authorized, after the accept_se_context
> call is performed through the new upcall mechanism and gssproxy.
> 
> The gssproxy has the potential of handling also init_sec_context calls,
> but at the moment the only targeted system is nfsd.

OK, absent objections from anyone else I'm commiting these for 3.6 and
pushing them out soon pending some regression testing.  Thanks!

--b.

> 
> Simo.
> 
> [1] https://fedorahosted.org/gss-proxy/
> [2] http://git.fedorahosted.org/git/?p=gss-proxy.git;a=shortlog;h=refs/tags/kernel_v0.1
> 
> 
> NOTE: Included are all changes request and agreed on the list recently,
>       kmalloc changes and containers compatibility changes.
>       Pacthes rebased on top of Bruce Field's for-3.5 tree.
> 
> 
> Simo Sorce (4):
>   SUNRPC: conditionally return endtime from import_sec_context
>   SUNRPC: Document a bit RPCGSS handling in the NFS Server
>   SUNRPC: Add RPC based upcall mechanism for RPCGSS auth
>   SUNRPC: Use gssproxy upcall for nfsd's RPCGSS authentication.
> 
>  Documentation/filesystems/nfs/00-INDEX         |    2 +
>  Documentation/filesystems/nfs/knfsd-rpcgss.txt |   65 ++
>  include/linux/sunrpc/auth_gss.h                |    3 +
>  include/linux/sunrpc/gss_api.h                 |    2 +
>  include/linux/sunrpc/svcauth_gss.h             |    2 +-
>  net/sunrpc/auth_gss/Makefile                   |    4 +-
>  net/sunrpc/auth_gss/auth_gss.c                 |   11 +-
>  net/sunrpc/auth_gss/gss_krb5_mech.c            |    3 +
>  net/sunrpc/auth_gss/gss_mech_switch.c          |    5 +-
>  net/sunrpc/auth_gss/gss_rpc_upcall.c           |  353 +++++++++
>  net/sunrpc/auth_gss/gss_rpc_upcall.h           |   43 ++
>  net/sunrpc/auth_gss/gss_rpc_xdr.c              |  907 ++++++++++++++++++++++++
>  net/sunrpc/auth_gss/gss_rpc_xdr.h              |  269 +++++++
>  net/sunrpc/auth_gss/svcauth_gss.c              |  226 ++++++-
>  14 files changed, 1875 insertions(+), 20 deletions(-)
>  create mode 100644 Documentation/filesystems/nfs/knfsd-rpcgss.txt
>  create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.c
>  create mode 100644 net/sunrpc/auth_gss/gss_rpc_upcall.h
>  create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.c
>  create mode 100644 net/sunrpc/auth_gss/gss_rpc_xdr.h
> 
> -- 
> 1.7.7.6
> 

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Jul 10, 2012 at 04:49:13PM -0400, bfields wrote:
> On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > This patchset implements a new upcall mechanism that uses the sunrpc
> > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > operations on behalf of other processes on the system.
> > 
> > The main driver for this new mechanism is to overcome limitations with
> > the current daemon and upcall. The current code cannot handle tickets
> > larger than approximatively 2k and cannot handle sending back large user
> > credential sets to the kernel.
> > 
> > These patches have been tested against the development version of gssproxy
> > tagged as kernel_v0.1 in the master repo[2].
> > 
> > I have tested walking into mountpoints using tickets artificially pumped
> > up to 64k and the user is properly authorized, after the accept_se_context
> > call is performed through the new upcall mechanism and gssproxy.
> > 
> > The gssproxy has the potential of handling also init_sec_context calls,
> > but at the moment the only targeted system is nfsd.
> 
> OK, absent objections from anyone else I'm commiting these for 3.6 and
> pushing them out soon pending some regression testing.  Thanks!

Whoops, I spoke too soon.  I'll take a quick look tomorrow, but if you
have an idea that would be great....

The code I'm running is in

	git://linux-nfs.org/~bfields/linux-topics.git for-3.6-incoming

Looks like the BUG() case in gss_get_mic_kerberos(), so ctx->enctype is
bogus--maybe a context isn't getting initialized right?

--b.

kernel BUG at net/sunrpc/auth_gss/gss_krb5_seal.c:213!
invalid opcode: 0000 [#1] PREEMPT SMP 
CPU 1 
Modules linked in: rpcsec_gss_krb5 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd lockd nfs_acl auth_rpcgss sunrpc [last unloaded: scsi_wait_scan]

Pid: 4924, comm: nfsd Not tainted 3.5.0-rc3-00104-g3521b3f #14 Bochs Bochs
RIP: 0010:[<ffffffffa00e4076>]  [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
RSP: 0018:ffff880035ed9aa0  EFLAGS: 00010202
RAX: ffffffffa00e7e20 RBX: ffff8800392398f8 RCX: ffff880032c53000
RDX: ffff880035ed9ba0 RSI: ffff880035ed9b50 RDI: ffff880036ffd8b8
RBP: ffff880035ed9b30 R08: 0000000000000000 R09: ffff8800391afb20
R10: 0000000000000000 R11: 0000000000000001 R12: ffff880032c53014
R13: ffff880035ed9ba0 R14: ffff880035ed9b50 R15: ffff880036ffd8b8
FS:  0000000000000000(0000) GS:ffff88003fc80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f0a38b45000 CR3: 0000000032cc8000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 4924, threadinfo ffff880035ed8000, task ffff88003b326040)
Stack:
 ffff880035ed9b10 ffffffffa001c163 0000000000000004 ffff880035f365b0
 0000000000015240 00000000000000c0 000000004ffc95c7 0000000000000000
 ffff880035e8adf0 ffff880035ed9b20 ffff88003beecda8 ffff880035f36590
Call Trace:
 [<ffffffffa001c163>] ? cache_check+0x73/0x380 [sunrpc]
 [<ffffffffa0056bd3>] gss_get_mic+0x13/0x20 [auth_rpcgss]
 [<ffffffffa0058255>] gss_write_verf+0x95/0x110 [auth_rpcgss]
 [<ffffffffa00593bb>] svcauth_gss_legacy_init+0x24b/0x5f0 [auth_rpcgss]
 [<ffffffffa0059170>] ? svcauth_gss_register_pseudoflavor+0xc0/0xc0 [auth_rpcgss]
 [<ffffffffa005a1f1>] svcauth_gss_accept+0x501/0xa90 [auth_rpcgss]
 [<ffffffffa0059cf0>] ? svcauth_gss_proxy_init+0x590/0x590 [auth_rpcgss]
 [<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
 [<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
 [<ffffffffa0013b36>] svc_authenticate+0xc6/0xe0 [sunrpc]
 [<ffffffffa000f57d>] svc_process_common+0x20d/0x690 [sunrpc]
 [<ffffffff81079750>] ? try_to_wake_up+0x330/0x330
 [<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
 [<ffffffffa000fd50>] svc_process+0x110/0x160 [sunrpc]
 [<ffffffffa0087c8d>] nfsd+0xbd/0x1a0 [nfsd]
 [<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
 [<ffffffff8106675e>] kthread+0x9e/0xb0
 [<ffffffff819af494>] kernel_thread_helper+0x4/0x10
 [<ffffffff819a735d>] ? retint_restore_args+0xe/0xe
 [<ffffffff810666c0>] ? __init_kthread_worker+0x70/0x70
 [<ffffffff819af490>] ? gs_change+0xb/0xb
Code: fe ff ff 90 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 68 66 66 66 66 90 48 8b 5f 08 49 89 f6 49 89 d5 83 7b 04 17 76 04 <0f> 0b eb fe 48 63 4b 04 b8 01 00 00 00 48 d3 e0 a9 50 00 80 00 
RIP  [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
 RSP <ffff880035ed9aa0>
---[ end trace 797c56ca0aa53457 ]---

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Jul 10, 2012 at 05:05:11PM -0400, J. Bruce Fields wrote:
> On Tue, Jul 10, 2012 at 04:49:13PM -0400, bfields wrote:
> > On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > > This patchset implements a new upcall mechanism that uses the sunrpc
> > > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > > operations on behalf of other processes on the system.
> > > 
> > > The main driver for this new mechanism is to overcome limitations with
> > > the current daemon and upcall. The current code cannot handle tickets
> > > larger than approximatively 2k and cannot handle sending back large user
> > > credential sets to the kernel.
> > > 
> > > These patches have been tested against the development version of gssproxy
> > > tagged as kernel_v0.1 in the master repo[2].
> > > 
> > > I have tested walking into mountpoints using tickets artificially pumped
> > > up to 64k and the user is properly authorized, after the accept_se_context
> > > call is performed through the new upcall mechanism and gssproxy.
> > > 
> > > The gssproxy has the potential of handling also init_sec_context calls,
> > > but at the moment the only targeted system is nfsd.
> > 
> > OK, absent objections from anyone else I'm commiting these for 3.6 and
> > pushing them out soon pending some regression testing.  Thanks!
> 
> Whoops, I spoke too soon.  I'll take a quick look tomorrow, but if you
> have an idea that would be great....
> 
> The code I'm running is in
> 
> 	git://linux-nfs.org/~bfields/linux-topics.git for-3.6-incoming
> 
> Looks like the BUG() case in gss_get_mic_kerberos(), so ctx->enctype is
> bogus--maybe a context isn't getting initialized right?

And this is reproduceable after applying the first patch ("conditionally
return endtime...") but not before.  The patch seems obviously innocent,
but maybe my eyes are playing tricks on me.

--b.

> 
> --b.
> 
> kernel BUG at net/sunrpc/auth_gss/gss_krb5_seal.c:213!
> invalid opcode: 0000 [#1] PREEMPT SMP 
> CPU 1 
> Modules linked in: rpcsec_gss_krb5 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd lockd nfs_acl auth_rpcgss sunrpc [last unloaded: scsi_wait_scan]
> 
> Pid: 4924, comm: nfsd Not tainted 3.5.0-rc3-00104-g3521b3f #14 Bochs Bochs
> RIP: 0010:[<ffffffffa00e4076>]  [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
> RSP: 0018:ffff880035ed9aa0  EFLAGS: 00010202
> RAX: ffffffffa00e7e20 RBX: ffff8800392398f8 RCX: ffff880032c53000
> RDX: ffff880035ed9ba0 RSI: ffff880035ed9b50 RDI: ffff880036ffd8b8
> RBP: ffff880035ed9b30 R08: 0000000000000000 R09: ffff8800391afb20
> R10: 0000000000000000 R11: 0000000000000001 R12: ffff880032c53014
> R13: ffff880035ed9ba0 R14: ffff880035ed9b50 R15: ffff880036ffd8b8
> FS:  0000000000000000(0000) GS:ffff88003fc80000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00007f0a38b45000 CR3: 0000000032cc8000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process nfsd (pid: 4924, threadinfo ffff880035ed8000, task ffff88003b326040)
> Stack:
>  ffff880035ed9b10 ffffffffa001c163 0000000000000004 ffff880035f365b0
>  0000000000015240 00000000000000c0 000000004ffc95c7 0000000000000000
>  ffff880035e8adf0 ffff880035ed9b20 ffff88003beecda8 ffff880035f36590
> Call Trace:
>  [<ffffffffa001c163>] ? cache_check+0x73/0x380 [sunrpc]
>  [<ffffffffa0056bd3>] gss_get_mic+0x13/0x20 [auth_rpcgss]
>  [<ffffffffa0058255>] gss_write_verf+0x95/0x110 [auth_rpcgss]
>  [<ffffffffa00593bb>] svcauth_gss_legacy_init+0x24b/0x5f0 [auth_rpcgss]
>  [<ffffffffa0059170>] ? svcauth_gss_register_pseudoflavor+0xc0/0xc0 [auth_rpcgss]
>  [<ffffffffa005a1f1>] svcauth_gss_accept+0x501/0xa90 [auth_rpcgss]
>  [<ffffffffa0059cf0>] ? svcauth_gss_proxy_init+0x590/0x590 [auth_rpcgss]
>  [<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
>  [<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
>  [<ffffffffa0013b36>] svc_authenticate+0xc6/0xe0 [sunrpc]
>  [<ffffffffa000f57d>] svc_process_common+0x20d/0x690 [sunrpc]
>  [<ffffffff81079750>] ? try_to_wake_up+0x330/0x330
>  [<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
>  [<ffffffffa000fd50>] svc_process+0x110/0x160 [sunrpc]
>  [<ffffffffa0087c8d>] nfsd+0xbd/0x1a0 [nfsd]
>  [<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
>  [<ffffffff8106675e>] kthread+0x9e/0xb0
>  [<ffffffff819af494>] kernel_thread_helper+0x4/0x10
>  [<ffffffff819a735d>] ? retint_restore_args+0xe/0xe
>  [<ffffffff810666c0>] ? __init_kthread_worker+0x70/0x70
>  [<ffffffff819af490>] ? gs_change+0xb/0xb
> Code: fe ff ff 90 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 68 66 66 66 66 90 48 8b 5f 08 49 89 f6 49 89 d5 83 7b 04 17 76 04 <0f> 0b eb fe 48 63 4b 04 b8 01 00 00 00 48 d3 e0 a9 50 00 80 00 
> RIP  [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
>  RSP <ffff880035ed9aa0>
> ---[ end trace 797c56ca0aa53457 ]---

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Simo Sorce]

On Thu, 2012-07-12 at 08:39 -0400, J. Bruce Fields wrote:
> And this is reproduceable after applying the first patch
> ("conditionally
> return endtime...") but not before.  The patch seems obviously
> innocent,
> but maybe my eyes are playing tricks on me.
> 
missing braces around the if statement where I inserted the if (endtime)
contion, causing instead to always kfree(ctx)

Sorry about that, it completely escaped my review of it multiple times
over.

SImo.

-- 
Simo Sorce * Red Hat, Inc * New York

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Thu, Jul 12, 2012 at 06:05:17PM -0400, Simo Sorce wrote:
> On Thu, 2012-07-12 at 08:39 -0400, J. Bruce Fields wrote:
> > And this is reproduceable after applying the first patch
> > ("conditionally
> > return endtime...") but not before.  The patch seems obviously
> > innocent,
> > but maybe my eyes are playing tricks on me.
> > 
> missing braces around the if statement where I inserted the if (endtime)
> contion, causing instead to always kfree(ctx)
> 
> Sorry about that, it completely escaped my review of it multiple times
> over.

I also looked straight at it without seeing it.  It's tough to make my
eyes not trust the indentation!

--b.

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index a32bb4f..3bc4a23 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -695,11 +695,11 @@ gss_import_sec_context_kerberos(const void *p, size_t len,
 	else
 		ret = gss_import_v2_context(p, end, ctx, gfp_mask);
 
-	if (ret == 0)
+	if (ret == 0) {
 		ctx_id->internal_ctx_id = ctx;
 		if (endtime)
 			*endtime = ctx->endtime;
-	else
+	} else
 		kfree(ctx);
 
 	dprintk("RPC:       %s: returning %d\n", __func__, ret);

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gVHVlLCAyMDEyLTA3LTEwIGF0IDE2OjQ5IC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IE9uIEZyaSwgTWF5IDI1LCAyMDEyIGF0IDA2OjA5OjUyUE0gLTA0MDAsIFNpbW8gU29yY2Ug
d3JvdGU6DQo+ID4gVGhpcyBwYXRjaHNldCBpbXBsZW1lbnRzIGEgbmV3IHVwY2FsbCBtZWNoYW5p
c20gdGhhdCB1c2VzIHRoZSBzdW5ycGMNCj4gPiBjbGllbnQgdG8gdGFsayB0byBnc3Nwcm94eVsx
XSwgYSBuZXcgdXNlcnNwYWNlIGRhZW1vbiB0aGF0IGhhbmRsZXMgZ3NzYXBpDQo+ID4gb3BlcmF0
aW9ucyBvbiBiZWhhbGYgb2Ygb3RoZXIgcHJvY2Vzc2VzIG9uIHRoZSBzeXN0ZW0uDQo+ID4gDQo+
ID4gVGhlIG1haW4gZHJpdmVyIGZvciB0aGlzIG5ldyBtZWNoYW5pc20gaXMgdG8gb3ZlcmNvbWUg
bGltaXRhdGlvbnMgd2l0aA0KPiA+IHRoZSBjdXJyZW50IGRhZW1vbiBhbmQgdXBjYWxsLiBUaGUg
Y3VycmVudCBjb2RlIGNhbm5vdCBoYW5kbGUgdGlja2V0cw0KPiA+IGxhcmdlciB0aGFuIGFwcHJv
eGltYXRpdmVseSAyayBhbmQgY2Fubm90IGhhbmRsZSBzZW5kaW5nIGJhY2sgbGFyZ2UgdXNlcg0K
PiA+IGNyZWRlbnRpYWwgc2V0cyB0byB0aGUga2VybmVsLg0KPiA+IA0KPiA+IFRoZXNlIHBhdGNo
ZXMgaGF2ZSBiZWVuIHRlc3RlZCBhZ2FpbnN0IHRoZSBkZXZlbG9wbWVudCB2ZXJzaW9uIG9mIGdz
c3Byb3h5DQo+ID4gdGFnZ2VkIGFzIGtlcm5lbF92MC4xIGluIHRoZSBtYXN0ZXIgcmVwb1syXS4N
Cj4gPiANCj4gPiBJIGhhdmUgdGVzdGVkIHdhbGtpbmcgaW50byBtb3VudHBvaW50cyB1c2luZyB0
aWNrZXRzIGFydGlmaWNpYWxseSBwdW1wZWQNCj4gPiB1cCB0byA2NGsgYW5kIHRoZSB1c2VyIGlz
IHByb3Blcmx5IGF1dGhvcml6ZWQsIGFmdGVyIHRoZSBhY2NlcHRfc2VfY29udGV4dA0KPiA+IGNh
bGwgaXMgcGVyZm9ybWVkIHRocm91Z2ggdGhlIG5ldyB1cGNhbGwgbWVjaGFuaXNtIGFuZCBnc3Nw
cm94eS4NCj4gPiANCj4gPiBUaGUgZ3NzcHJveHkgaGFzIHRoZSBwb3RlbnRpYWwgb2YgaGFuZGxp
bmcgYWxzbyBpbml0X3NlY19jb250ZXh0IGNhbGxzLA0KPiA+IGJ1dCBhdCB0aGUgbW9tZW50IHRo
ZSBvbmx5IHRhcmdldGVkIHN5c3RlbSBpcyBuZnNkLg0KPiANCj4gT0ssIGFic2VudCBvYmplY3Rp
b25zIGZyb20gYW55b25lIGVsc2UgSSdtIGNvbW1pdGluZyB0aGVzZSBmb3IgMy42IGFuZA0KPiBw
dXNoaW5nIHRoZW0gb3V0IHNvb24gcGVuZGluZyBzb21lIHJlZ3Jlc3Npb24gdGVzdGluZy4gIFRo
YW5rcyENCg0KUGxlYXNlIHRlc3QgdGhhdCB0aGUgTkZTdjQgYmFja2NoYW5uZWwgY29udGludWVz
IHRvIHdvcmsgdW5jaGFuZ2VkIHdpdGgNCnRoZSBleGlzdGluZyBycGMuc3ZjZ3NzZCBiZWZvcmUg
eW91IGNvbW1pdC4NCg0KSSBkb24ndCBjYXJlIHdoYXQgaGFwcGVucyB0byB0aGUgTkZTIHNlcnZl
ciwgYnV0IEkgZG8gZXhwZWN0IGFsbA0KZXhpc3RpbmcgTkZTdjQgY2xpZW50IHNldHVwcyB0byB3
b3JrIHdpdGhvdXQgYW55IG5lZWQgZm9yIGNoYW5nZXMuDQoNCi0tIA0KVHJvbmQgTXlrbGVidXN0
DQpMaW51eCBORlMgY2xpZW50IG1haW50YWluZXINCg0KTmV0QXBwDQpUcm9uZC5NeWtsZWJ1c3RA
bmV0YXBwLmNvbQ0Kd3d3Lm5ldGFwcC5jb20NCg0K

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Jul 10, 2012 at 09:52:51PM +0000, Myklebust, Trond wrote:
> On Tue, 2012-07-10 at 16:49 -0400, J. Bruce Fields wrote:
> > On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > > This patchset implements a new upcall mechanism that uses the sunrpc
> > > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > > operations on behalf of other processes on the system.
> > > 
> > > The main driver for this new mechanism is to overcome limitations with
> > > the current daemon and upcall. The current code cannot handle tickets
> > > larger than approximatively 2k and cannot handle sending back large user
> > > credential sets to the kernel.
> > > 
> > > These patches have been tested against the development version of gssproxy
> > > tagged as kernel_v0.1 in the master repo[2].
> > > 
> > > I have tested walking into mountpoints using tickets artificially pumped
> > > up to 64k and the user is properly authorized, after the accept_se_context
> > > call is performed through the new upcall mechanism and gssproxy.
> > > 
> > > The gssproxy has the potential of handling also init_sec_context calls,
> > > but at the moment the only targeted system is nfsd.
> > 
> > OK, absent objections from anyone else I'm commiting these for 3.6 and
> > pushing them out soon pending some regression testing.  Thanks!
> 
> Please test that the NFSv4 backchannel continues to work unchanged with
> the existing rpc.svcgssd before you commit.
> 
> I don't care what happens to the NFS server, but I do expect all
> existing NFSv4 client setups to work without any need for changes.

The rpc server's authentication method is global to the machine, so if
the NFS server is using gss proxy, then I believe the callback server
will be as well.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gVHVlLCAyMDEyLTA3LTEwIGF0IDE3OjU2IC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IE9uIFR1ZSwgSnVsIDEwLCAyMDEyIGF0IDA5OjUyOjUxUE0gKzAwMDAsIE15a2xlYnVzdCwg
VHJvbmQgd3JvdGU6DQo+ID4gT24gVHVlLCAyMDEyLTA3LTEwIGF0IDE2OjQ5IC0wNDAwLCBKLiBC
cnVjZSBGaWVsZHMgd3JvdGU6DQo+ID4gPiBPbiBGcmksIE1heSAyNSwgMjAxMiBhdCAwNjowOTo1
MlBNIC0wNDAwLCBTaW1vIFNvcmNlIHdyb3RlOg0KPiA+ID4gPiBUaGlzIHBhdGNoc2V0IGltcGxl
bWVudHMgYSBuZXcgdXBjYWxsIG1lY2hhbmlzbSB0aGF0IHVzZXMgdGhlIHN1bnJwYw0KPiA+ID4g
PiBjbGllbnQgdG8gdGFsayB0byBnc3Nwcm94eVsxXSwgYSBuZXcgdXNlcnNwYWNlIGRhZW1vbiB0
aGF0IGhhbmRsZXMgZ3NzYXBpDQo+ID4gPiA+IG9wZXJhdGlvbnMgb24gYmVoYWxmIG9mIG90aGVy
IHByb2Nlc3NlcyBvbiB0aGUgc3lzdGVtLg0KPiA+ID4gPiANCj4gPiA+ID4gVGhlIG1haW4gZHJp
dmVyIGZvciB0aGlzIG5ldyBtZWNoYW5pc20gaXMgdG8gb3ZlcmNvbWUgbGltaXRhdGlvbnMgd2l0
aA0KPiA+ID4gPiB0aGUgY3VycmVudCBkYWVtb24gYW5kIHVwY2FsbC4gVGhlIGN1cnJlbnQgY29k
ZSBjYW5ub3QgaGFuZGxlIHRpY2tldHMNCj4gPiA+ID4gbGFyZ2VyIHRoYW4gYXBwcm94aW1hdGl2
ZWx5IDJrIGFuZCBjYW5ub3QgaGFuZGxlIHNlbmRpbmcgYmFjayBsYXJnZSB1c2VyDQo+ID4gPiA+
IGNyZWRlbnRpYWwgc2V0cyB0byB0aGUga2VybmVsLg0KPiA+ID4gPiANCj4gPiA+ID4gVGhlc2Ug
cGF0Y2hlcyBoYXZlIGJlZW4gdGVzdGVkIGFnYWluc3QgdGhlIGRldmVsb3BtZW50IHZlcnNpb24g
b2YgZ3NzcHJveHkNCj4gPiA+ID4gdGFnZ2VkIGFzIGtlcm5lbF92MC4xIGluIHRoZSBtYXN0ZXIg
cmVwb1syXS4NCj4gPiA+ID4gDQo+ID4gPiA+IEkgaGF2ZSB0ZXN0ZWQgd2Fsa2luZyBpbnRvIG1v
dW50cG9pbnRzIHVzaW5nIHRpY2tldHMgYXJ0aWZpY2lhbGx5IHB1bXBlZA0KPiA+ID4gPiB1cCB0
byA2NGsgYW5kIHRoZSB1c2VyIGlzIHByb3Blcmx5IGF1dGhvcml6ZWQsIGFmdGVyIHRoZSBhY2Nl
cHRfc2VfY29udGV4dA0KPiA+ID4gPiBjYWxsIGlzIHBlcmZvcm1lZCB0aHJvdWdoIHRoZSBuZXcg
dXBjYWxsIG1lY2hhbmlzbSBhbmQgZ3NzcHJveHkuDQo+ID4gPiA+IA0KPiA+ID4gPiBUaGUgZ3Nz
cHJveHkgaGFzIHRoZSBwb3RlbnRpYWwgb2YgaGFuZGxpbmcgYWxzbyBpbml0X3NlY19jb250ZXh0
IGNhbGxzLA0KPiA+ID4gPiBidXQgYXQgdGhlIG1vbWVudCB0aGUgb25seSB0YXJnZXRlZCBzeXN0
ZW0gaXMgbmZzZC4NCj4gPiA+IA0KPiA+ID4gT0ssIGFic2VudCBvYmplY3Rpb25zIGZyb20gYW55
b25lIGVsc2UgSSdtIGNvbW1pdGluZyB0aGVzZSBmb3IgMy42IGFuZA0KPiA+ID4gcHVzaGluZyB0
aGVtIG91dCBzb29uIHBlbmRpbmcgc29tZSByZWdyZXNzaW9uIHRlc3RpbmcuICBUaGFua3MhDQo+
ID4gDQo+ID4gUGxlYXNlIHRlc3QgdGhhdCB0aGUgTkZTdjQgYmFja2NoYW5uZWwgY29udGludWVz
IHRvIHdvcmsgdW5jaGFuZ2VkIHdpdGgNCj4gPiB0aGUgZXhpc3RpbmcgcnBjLnN2Y2dzc2QgYmVm
b3JlIHlvdSBjb21taXQuDQo+ID4gDQo+ID4gSSBkb24ndCBjYXJlIHdoYXQgaGFwcGVucyB0byB0
aGUgTkZTIHNlcnZlciwgYnV0IEkgZG8gZXhwZWN0IGFsbA0KPiA+IGV4aXN0aW5nIE5GU3Y0IGNs
aWVudCBzZXR1cHMgdG8gd29yayB3aXRob3V0IGFueSBuZWVkIGZvciBjaGFuZ2VzLg0KPiANCj4g
VGhlIHJwYyBzZXJ2ZXIncyBhdXRoZW50aWNhdGlvbiBtZXRob2QgaXMgZ2xvYmFsIHRvIHRoZSBt
YWNoaW5lLCBzbyBpZg0KPiB0aGUgTkZTIHNlcnZlciBpcyB1c2luZyBnc3MgcHJveHksIHRoZW4g
SSBiZWxpZXZlIHRoZSBjYWxsYmFjayBzZXJ2ZXINCj4gd2lsbCBiZSBhcyB3ZWxsLg0KDQpUaGVu
IHdoeSBpcyBpdCBiZWluZyBsYWJlbGxlZCBhcyBhIGtuZnNkLW9ubHkgY2hhbmdlPw0KSG93IHdp
bGwgaXQgYmVoYXZlIGlmIEkgZG9uJ3QgcnVuIGdzcyBwcm94eT8NCg0KDQotLSANClRyb25kIE15
a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlr
bGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29tDQoNCg==

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gVHVlLCAyMDEyLTA3LTEwIGF0IDE4OjEyIC0wNDAwLCBUcm9uZCBNeWtsZWJ1c3Qgd3JvdGU6
DQo+IE9uIFR1ZSwgMjAxMi0wNy0xMCBhdCAxNzo1NiAtMDQwMCwgSi4gQnJ1Y2UgRmllbGRzIHdy
b3RlOg0KPiA+IE9uIFR1ZSwgSnVsIDEwLCAyMDEyIGF0IDA5OjUyOjUxUE0gKzAwMDAsIE15a2xl
YnVzdCwgVHJvbmQgd3JvdGU6DQo+ID4gPiBPbiBUdWUsIDIwMTItMDctMTAgYXQgMTY6NDkgLTA0
MDAsIEouIEJydWNlIEZpZWxkcyB3cm90ZToNCj4gPiA+ID4gT24gRnJpLCBNYXkgMjUsIDIwMTIg
YXQgMDY6MDk6NTJQTSAtMDQwMCwgU2ltbyBTb3JjZSB3cm90ZToNCj4gPiA+ID4gPiBUaGlzIHBh
dGNoc2V0IGltcGxlbWVudHMgYSBuZXcgdXBjYWxsIG1lY2hhbmlzbSB0aGF0IHVzZXMgdGhlIHN1
bnJwYw0KPiA+ID4gPiA+IGNsaWVudCB0byB0YWxrIHRvIGdzc3Byb3h5WzFdLCBhIG5ldyB1c2Vy
c3BhY2UgZGFlbW9uIHRoYXQgaGFuZGxlcyBnc3NhcGkNCj4gPiA+ID4gPiBvcGVyYXRpb25zIG9u
IGJlaGFsZiBvZiBvdGhlciBwcm9jZXNzZXMgb24gdGhlIHN5c3RlbS4NCj4gPiA+ID4gPiANCj4g
PiA+ID4gPiBUaGUgbWFpbiBkcml2ZXIgZm9yIHRoaXMgbmV3IG1lY2hhbmlzbSBpcyB0byBvdmVy
Y29tZSBsaW1pdGF0aW9ucyB3aXRoDQo+ID4gPiA+ID4gdGhlIGN1cnJlbnQgZGFlbW9uIGFuZCB1
cGNhbGwuIFRoZSBjdXJyZW50IGNvZGUgY2Fubm90IGhhbmRsZSB0aWNrZXRzDQo+ID4gPiA+ID4g
bGFyZ2VyIHRoYW4gYXBwcm94aW1hdGl2ZWx5IDJrIGFuZCBjYW5ub3QgaGFuZGxlIHNlbmRpbmcg
YmFjayBsYXJnZSB1c2VyDQo+ID4gPiA+ID4gY3JlZGVudGlhbCBzZXRzIHRvIHRoZSBrZXJuZWwu
DQo+ID4gPiA+ID4gDQo+ID4gPiA+ID4gVGhlc2UgcGF0Y2hlcyBoYXZlIGJlZW4gdGVzdGVkIGFn
YWluc3QgdGhlIGRldmVsb3BtZW50IHZlcnNpb24gb2YgZ3NzcHJveHkNCj4gPiA+ID4gPiB0YWdn
ZWQgYXMga2VybmVsX3YwLjEgaW4gdGhlIG1hc3RlciByZXBvWzJdLg0KPiA+ID4gPiA+IA0KPiA+
ID4gPiA+IEkgaGF2ZSB0ZXN0ZWQgd2Fsa2luZyBpbnRvIG1vdW50cG9pbnRzIHVzaW5nIHRpY2tl
dHMgYXJ0aWZpY2lhbGx5IHB1bXBlZA0KPiA+ID4gPiA+IHVwIHRvIDY0ayBhbmQgdGhlIHVzZXIg
aXMgcHJvcGVybHkgYXV0aG9yaXplZCwgYWZ0ZXIgdGhlIGFjY2VwdF9zZV9jb250ZXh0DQo+ID4g
PiA+ID4gY2FsbCBpcyBwZXJmb3JtZWQgdGhyb3VnaCB0aGUgbmV3IHVwY2FsbCBtZWNoYW5pc20g
YW5kIGdzc3Byb3h5Lg0KPiA+ID4gPiA+IA0KPiA+ID4gPiA+IFRoZSBnc3Nwcm94eSBoYXMgdGhl
IHBvdGVudGlhbCBvZiBoYW5kbGluZyBhbHNvIGluaXRfc2VjX2NvbnRleHQgY2FsbHMsDQo+ID4g
PiA+ID4gYnV0IGF0IHRoZSBtb21lbnQgdGhlIG9ubHkgdGFyZ2V0ZWQgc3lzdGVtIGlzIG5mc2Qu
DQo+ID4gPiA+IA0KPiA+ID4gPiBPSywgYWJzZW50IG9iamVjdGlvbnMgZnJvbSBhbnlvbmUgZWxz
ZSBJJ20gY29tbWl0aW5nIHRoZXNlIGZvciAzLjYgYW5kDQo+ID4gPiA+IHB1c2hpbmcgdGhlbSBv
dXQgc29vbiBwZW5kaW5nIHNvbWUgcmVncmVzc2lvbiB0ZXN0aW5nLiAgVGhhbmtzIQ0KPiA+ID4g
DQo+ID4gPiBQbGVhc2UgdGVzdCB0aGF0IHRoZSBORlN2NCBiYWNrY2hhbm5lbCBjb250aW51ZXMg
dG8gd29yayB1bmNoYW5nZWQgd2l0aA0KPiA+ID4gdGhlIGV4aXN0aW5nIHJwYy5zdmNnc3NkIGJl
Zm9yZSB5b3UgY29tbWl0Lg0KPiA+ID4gDQo+ID4gPiBJIGRvbid0IGNhcmUgd2hhdCBoYXBwZW5z
IHRvIHRoZSBORlMgc2VydmVyLCBidXQgSSBkbyBleHBlY3QgYWxsDQo+ID4gPiBleGlzdGluZyBO
RlN2NCBjbGllbnQgc2V0dXBzIHRvIHdvcmsgd2l0aG91dCBhbnkgbmVlZCBmb3IgY2hhbmdlcy4N
Cj4gPiANCj4gPiBUaGUgcnBjIHNlcnZlcidzIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBpcyBnbG9i
YWwgdG8gdGhlIG1hY2hpbmUsIHNvIGlmDQo+ID4gdGhlIE5GUyBzZXJ2ZXIgaXMgdXNpbmcgZ3Nz
IHByb3h5LCB0aGVuIEkgYmVsaWV2ZSB0aGUgY2FsbGJhY2sgc2VydmVyDQo+ID4gd2lsbCBiZSBh
cyB3ZWxsLg0KPiANCj4gVGhlbiB3aHkgaXMgaXQgYmVpbmcgbGFiZWxsZWQgYXMgYSBrbmZzZC1v
bmx5IGNoYW5nZT8NCj4gSG93IHdpbGwgaXQgYmVoYXZlIGlmIEkgZG9uJ3QgcnVuIGdzcyBwcm94
eT8NCg0KLi4uYW5kIGhvdyB3aWxsIGl0IGJlaGF2ZSBpbiBhIG5ldCBuYW1lc3BhY2U/DQoNCi0t
IA0KVHJvbmQgTXlrbGVidXN0DQpMaW51eCBORlMgY2xpZW50IG1haW50YWluZXINCg0KTmV0QXBw
DQpUcm9uZC5NeWtsZWJ1c3RAbmV0YXBwLmNvbQ0Kd3d3Lm5ldGFwcC5jb20NCg0K

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Jul 10, 2012 at 10:25:13PM +0000, Myklebust, Trond wrote:
> On Tue, 2012-07-10 at 18:12 -0400, Trond Myklebust wrote:
> > Then why is it being labelled as a knfsd-only change?

It should be labeled an rpc server change.

> > How will it behave if I don't run gss proxy?

It will work, but if the server's running on the same machine it will
also use svcgssd, and hence won't (for example) be able to handle the
larger init_sec_context packets.

> ...and how will it behave in a net namespace?

It will need the same fixes as we need for rpcbind.

I'm sure we could allow the callback server and the nfs server to use
different authentication upcalls.  But that makes this not worth it.

We should be able to share the same use the same mechanism on all rpc
servers, so if a mechanism based on gssproxy calls isn't acceptable for
the nfs callback server then I'll drop it.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gVHVlLCAyMDEyLTA3LTEwIGF0IDE4OjM4IC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IE9uIFR1ZSwgSnVsIDEwLCAyMDEyIGF0IDEwOjI1OjEzUE0gKzAwMDAsIE15a2xlYnVzdCwg
VHJvbmQgd3JvdGU6DQo+ID4gT24gVHVlLCAyMDEyLTA3LTEwIGF0IDE4OjEyIC0wNDAwLCBUcm9u
ZCBNeWtsZWJ1c3Qgd3JvdGU6DQo+ID4gPiBUaGVuIHdoeSBpcyBpdCBiZWluZyBsYWJlbGxlZCBh
cyBhIGtuZnNkLW9ubHkgY2hhbmdlPw0KPiANCj4gSXQgc2hvdWxkIGJlIGxhYmVsZWQgYW4gcnBj
IHNlcnZlciBjaGFuZ2UuDQoNCkFsbCB0aGUgZG9jdW1lbnRhdGlvbiBpbiB0aGUgcGF0Y2hlcyB3
YXMgYXBwZWFyaW5nIHRvIGltcGx5IHRoYXQgaXQNCmFmZmVjdGVkIG9ubHkgbmZzZCB3aXRoIGZp
bGVuYW1lcyBzdWNoIGFzDQoiRG9jdW1lbnRhdGlvbi9maWxlc3lzdGVtcy9uZnMva25mc2QtcnBj
Z3NzLnR4dCIuYW5kIHBhdGNoIGNoYW5nZWxvZ3MNCndpdGggdGl0bGVzIHN1Y2ggYXMgIlNVTlJQ
QzogVXNlIGdzc3Byb3h5IHVwY2FsbCBmb3IgbmZzZCdzIFJQQ0dTUw0KYXV0aGVudGljYXRpb24u
Ig0KDQo+ID4gPiBIb3cgd2lsbCBpdCBiZWhhdmUgaWYgSSBkb24ndCBydW4gZ3NzIHByb3h5Pw0K
PiANCj4gSXQgd2lsbCB3b3JrLCBidXQgaWYgdGhlIHNlcnZlcidzIHJ1bm5pbmcgb24gdGhlIHNh
bWUgbWFjaGluZSBpdCB3aWxsDQo+IGFsc28gdXNlIHN2Y2dzc2QsIGFuZCBoZW5jZSB3b24ndCAo
Zm9yIGV4YW1wbGUpIGJlIGFibGUgdG8gaGFuZGxlIHRoZQ0KPiBsYXJnZXIgaW5pdF9zZWNfY29u
dGV4dCBwYWNrZXRzLg0KDQpBbiBORlMgY2xpZW50IGNhbGxiYWNrIHNlcnZlciBpcyBvbmx5IHRy
eWluZyB0byBjaGVjayB0aGF0IGl0IGlzIHRhbGtpbmcNCnRvIGEgbWFjaGluZSBjcmVkZW50aWFs
IHdpdGggYSBuYW1lIG9mIHRoZSBmb3JtIG5mc0Bob3N0bmFtZS4gSXQgZG9lc24ndA0KY2FyZSBh
Ym91dCBQQUdzLCBhbmQgYW55b25lIHdobyB0cmllcyB0byBzZXQgdGhlIG1hY2hpbmUgY3JlZCB1
cCB3aXRoDQpvbmUgaXMgY2xlYXJseSBpbnNhbmUgYW55d2F5Li4uDQoNCj4gPiAuLi5hbmQgaG93
IHdpbGwgaXQgYmVoYXZlIGluIGEgbmV0IG5hbWVzcGFjZT8NCj4gDQo+IEl0IHdpbGwgbmVlZCB0
aGUgc2FtZSBmaXhlcyBhcyB3ZSBuZWVkIGZvciBycGNiaW5kLg0KDQpTbyBiYXNpY2FsbHksIGl0
IHdpbGwgaGF2ZSB0byBzdG9yZSB0aGUgcGF0aCBhdCBjbGllbnQgY3JlYXRpb24gdGltZT8NCg0K
PiBJJ20gc3VyZSB3ZSBjb3VsZCBhbGxvdyB0aGUgY2FsbGJhY2sgc2VydmVyIGFuZCB0aGUgbmZz
IHNlcnZlciB0byB1c2UNCj4gZGlmZmVyZW50IGF1dGhlbnRpY2F0aW9uIHVwY2FsbHMuICBCdXQg
dGhhdCBtYWtlcyB0aGlzIG5vdCB3b3J0aCBpdC4NCg0KVGhlIHBvaW50IGlzIHRoYXQgaW4gYSBj
b250YWluZXJpc2VkIGVudmlyb25tZW50LCB0aGUgTkZTIGNsaWVudCBtYXkgbm90DQprbm93IHdo
YXQgcHJvdG9jb2wgdGhhdCBhbiBORlMgc2VydmVyIHJ1bm5pbmcgaW4gYSBjb21wbGV0ZWx5IGRp
ZmZlcmVudA0KY29udGFpbmVyIGlzIHVzaW5nLg0KDQo+IFdlIHNob3VsZCBiZSBhYmxlIHRvIHNo
YXJlIHRoZSBzYW1lIHVzZSB0aGUgc2FtZSBtZWNoYW5pc20gb24gYWxsIHJwYw0KPiBzZXJ2ZXJz
LCBzbyBpZiBhIG1lY2hhbmlzbSBiYXNlZCBvbiBnc3Nwcm94eSBjYWxscyBpc24ndCBhY2NlcHRh
YmxlIGZvcg0KPiB0aGUgbmZzIGNhbGxiYWNrIHNlcnZlciB0aGVuIEknbGwgZHJvcCBpdC4NCg0K
SSBkb24ndCBzZWUgaG93IHlvdSBjYW4gZW5mb3JjZSB0aGF0IHByZW1pc2Ugd2hlbiB1c2luZyBj
b250YWluZXJzLg0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWlu
dGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAu
Y29tDQoNCg==

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Jul 10, 2012 at 10:58:40PM +0000, Myklebust, Trond wrote:
> All the documentation in the patches was appearing to imply that it
> affected only nfsd with filenames such as
> "Documentation/filesystems/nfs/knfsd-rpcgss.txt".and patch changelogs
> with titles such as "SUNRPC: Use gssproxy upcall for nfsd's RPCGSS
> authentication."

Fixed locally (and pushed out temporarily to for-3.6-incoming branch at
git://linux-nfs.org/~bfields/linux-topics.git).  Thanks for catching
that.

> > > > How will it behave if I don't run gss proxy?
> > 
> > It will work, but if the server's running on the same machine it will
> > also use svcgssd, and hence won't (for example) be able to handle the
> > larger init_sec_context packets.
> 
> An NFS client callback server is only trying to check that it is talking
> to a machine credential with a name of the form nfs@hostname. It doesn't
> care about PAGs, and anyone who tries to set the machine cred up with
> one is clearly insane anyway...

Yes.  I don't know enough to say that a larger init_sec_context call
could never be required for some other reason--but it sounds unlikely.

Anyway: I was hoping that the old upcall mechanism could be declared a
legacy thing--no new features, bugfixes only for regressions, etc.--and
possibly be removed after a long transition period.

If it's a requirement that the client never use the gssproxy mechanism,
even on the 4.0 backchannel, then that requires committing to develop
both.  I don't think that makes sense.

Given that, the containerization issues seem irrelevant, but:

> > > ...and how will it behave in a net namespace?
> > 
> > It will need the same fixes as we need for rpcbind.
> 
> So basically, it will have to store the path at client creation time?

I think that's right.

> > I'm sure we could allow the callback server and the nfs server to use
> > different authentication upcalls.  But that makes this not worth it.
> 
> The point is that in a containerised environment, the NFS client may not
> know what protocol that an NFS server running in a completely different
> container is using.
> 
> > We should be able to share the same use the same mechanism on all rpc
> > servers, so if a mechanism based on gssproxy calls isn't acceptable for
> > the nfs callback server then I'll drop it.
> 
> I don't see how you can enforce that premise when using containers.

I don't believe there's a requirement that containers be able to use
different upcall mechanisms.  Are we allowing people to choose between
new and old client idmappers per container?

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Wed, Jul 11, 2012 at 01:03:32PM -0400, J. Bruce Fields wrote:
> On Tue, Jul 10, 2012 at 10:58:40PM +0000, Myklebust, Trond wrote:
> > All the documentation in the patches was appearing to imply that it
> > affected only nfsd with filenames such as
> > "Documentation/filesystems/nfs/knfsd-rpcgss.txt".and patch changelogs
> > with titles such as "SUNRPC: Use gssproxy upcall for nfsd's RPCGSS
> > authentication."
> 
> Fixed locally (and pushed out temporarily to for-3.6-incoming branch at
> git://linux-nfs.org/~bfields/linux-topics.git).  Thanks for catching
> that.
> 
> > > > > How will it behave if I don't run gss proxy?
> > > 
> > > It will work, but if the server's running on the same machine it will
> > > also use svcgssd, and hence won't (for example) be able to handle the
> > > larger init_sec_context packets.
> > 
> > An NFS client callback server is only trying to check that it is talking
> > to a machine credential with a name of the form nfs@hostname. It doesn't
> > care about PAGs, and anyone who tries to set the machine cred up with
> > one is clearly insane anyway...
> 
> Yes.  I don't know enough to say that a larger init_sec_context call
> could never be required for some other reason--but it sounds unlikely.
> 
> Anyway: I was hoping that the old upcall mechanism could be declared a
> legacy thing--no new features, bugfixes only for regressions, etc.--and
> possibly be removed after a long transition period.
> 
> If it's a requirement that the client never use the gssproxy mechanism,
> even on the 4.0 backchannel, then that requires committing to develop
> both.  I don't think that makes sense.

So, if the issue is: you want to be able to choose, in individual
containers, which mechanism to use: whatever, we can probably make that
work.

If you're instead saying: it's not acceptable to use the gssproxy
mechanism to authenticate v4.0 callbacks, the client must only ever use
the existing mechanism: then I'd rather drop this entirely.  I don't
want to merge an rpc server authentication upcall that's not acceptable
for one of the rpc servers.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gV2VkLCAyMDEyLTA3LTExIGF0IDEzOjI3IC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IFNvLCBpZiB0aGUgaXNzdWUgaXM6IHlvdSB3YW50IHRvIGJlIGFibGUgdG8gY2hvb3NlLCBp
biBpbmRpdmlkdWFsDQo+IGNvbnRhaW5lcnMsIHdoaWNoIG1lY2hhbmlzbSB0byB1c2U6IHdoYXRl
dmVyLCB3ZSBjYW4gcHJvYmFibHkgbWFrZSB0aGF0DQo+IHdvcmsuDQoNClBsZWFzZSBkbyB0aGVu
Lg0KDQo+IElmIHlvdSdyZSBpbnN0ZWFkIHNheWluZzogaXQncyBub3QgYWNjZXB0YWJsZSB0byB1
c2UgdGhlIGdzc3Byb3h5DQo+IG1lY2hhbmlzbSB0byBhdXRoZW50aWNhdGUgdjQuMCBjYWxsYmFj
a3MsIHRoZSBjbGllbnQgbXVzdCBvbmx5IGV2ZXIgdXNlDQo+IHRoZSBleGlzdGluZyBtZWNoYW5p
c206IHRoZW4gSSdkIHJhdGhlciBkcm9wIHRoaXMgZW50aXJlbHkuICBJIGRvbid0DQo+IHdhbnQg
dG8gbWVyZ2UgYW4gcnBjIHNlcnZlciBhdXRoZW50aWNhdGlvbiB1cGNhbGwgdGhhdCdzIG5vdCBh
Y2NlcHRhYmxlDQo+IGZvciBvbmUgb2YgdGhlIHJwYyBzZXJ2ZXJzLg0KDQpJZiBpdCBnb2VzIGlu
LCBJIHdhbnQgaXQgdG8gYmUgb3B0aW9uYWwgc28gdGhhdCBpdCBkb2Vzbid0IGJyZWFrIHdvcmtp
bmcNCnNldHVwcy4gSSBhbHNvIHdhbnQgdXBncmFkZXMvZG93bmdyYWRlcyB0byBiZSBhcyBwYWlu
bGVzcyBhcyBwb3NzaWJsZS4gDQoNClNlZSBmb3IgaW5zdGFuY2UgdGhlIGlkbWFwcGVyIGNoYW5n
ZXMgaW4gMy41IHdoaWNoIGFyZSB0b3RhbGx5DQp0cmFuc3BhcmVudCB0byB0aGUgdXNlcjogaWYg
dGhlIGFkbWluIHNldHMgdXAgL2V0Yy9yZXF1ZXN0LWtleS5jb25mIHRvDQp1c2UgdGhlIG5ldyBp
ZF9yZXNvbHZlciwgdGhlbiB0aGF0IHdvcmtzLCBvdGhlcndpc2Ugd2UganVzdCBmYWxsIGJhY2sg
dG8NCnVzaW5nIHRoZSBvbGQgcnBjLmlkbWFwZCBtZXRob2QuIFRoZXJlIGFyZSBubyBtb2R1bGUg
cGFyYW1ldGVycyBldGMNCmludm9sdmVkLg0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXgg
TkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5j
b20NCnd3dy5uZXRhcHAuY29tDQoNCg==

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Wed, Jul 11, 2012 at 05:49:09PM +0000, Myklebust, Trond wrote:
> On Wed, 2012-07-11 at 13:27 -0400, J. Bruce Fields wrote:
> > So, if the issue is: you want to be able to choose, in individual
> > containers, which mechanism to use: whatever, we can probably make that
> > work.
> 
> Please do then.
> 
> > If you're instead saying: it's not acceptable to use the gssproxy
> > mechanism to authenticate v4.0 callbacks, the client must only ever use
> > the existing mechanism: then I'd rather drop this entirely.  I don't
> > want to merge an rpc server authentication upcall that's not acceptable
> > for one of the rpc servers.
> 
> If it goes in, I want it to be optional so that it doesn't break working
> setups. I also want upgrades/downgrades to be as painless as possible. 
> 
> See for instance the idmapper changes in 3.5 which are totally
> transparent to the user: if the admin sets up /etc/request-key.conf to
> use the new id_resolver, then that works, otherwise we just fall back to
> using the old rpc.idmapd method. There are no module parameters etc
> involved.

There's a module parameter here, but it's meant to be set by gssproxy to
indicate it's listening for the new upcall.  In theory that should make
the transition transparent.

However, if we need to make the choice per-namespace then we need to
find some other mechanism (assuming there's no way to make module
parameters per-namespace.)

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Thu, Jul 12, 2012 at 06:10:58PM -0400, J. Bruce Fields wrote:
> On Wed, Jul 11, 2012 at 05:49:09PM +0000, Myklebust, Trond wrote:
> > On Wed, 2012-07-11 at 13:27 -0400, J. Bruce Fields wrote:
> > > So, if the issue is: you want to be able to choose, in individual
> > > containers, which mechanism to use: whatever, we can probably make that
> > > work.
> > 
> > Please do then.
> > 
> > > If you're instead saying: it's not acceptable to use the gssproxy
> > > mechanism to authenticate v4.0 callbacks, the client must only ever use
> > > the existing mechanism: then I'd rather drop this entirely.  I don't
> > > want to merge an rpc server authentication upcall that's not acceptable
> > > for one of the rpc servers.
> > 
> > If it goes in, I want it to be optional so that it doesn't break working
> > setups. I also want upgrades/downgrades to be as painless as possible. 
> > 
> > See for instance the idmapper changes in 3.5 which are totally
> > transparent to the user: if the admin sets up /etc/request-key.conf to
> > use the new id_resolver, then that works, otherwise we just fall back to
> > using the old rpc.idmapd method. There are no module parameters etc
> > involved.
> 
> There's a module parameter here, but it's meant to be set by gssproxy to
> indicate it's listening for the new upcall.  In theory that should make
> the transition transparent.
> 
> However, if we need to make the choice per-namespace then we need to
> find some other mechanism (assuming there's no way to make module
> parameters per-namespace.)

So, perhaps something like: if the cache "channel" file for the
namespace associated with the current request isn't opened, then try the
new upcall.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Fri, Jul 13, 2012 at 11:43:02AM -0400, J. Bruce Fields wrote:
> On Thu, Jul 12, 2012 at 06:10:58PM -0400, J. Bruce Fields wrote:
> > On Wed, Jul 11, 2012 at 05:49:09PM +0000, Myklebust, Trond wrote:
> > > On Wed, 2012-07-11 at 13:27 -0400, J. Bruce Fields wrote:
> > > > So, if the issue is: you want to be able to choose, in individual
> > > > containers, which mechanism to use: whatever, we can probably make that
> > > > work.
> > > 
> > > Please do then.
> > > 
> > > > If you're instead saying: it's not acceptable to use the gssproxy
> > > > mechanism to authenticate v4.0 callbacks, the client must only ever use
> > > > the existing mechanism: then I'd rather drop this entirely.  I don't
> > > > want to merge an rpc server authentication upcall that's not acceptable
> > > > for one of the rpc servers.
> > > 
> > > If it goes in, I want it to be optional so that it doesn't break working
> > > setups. I also want upgrades/downgrades to be as painless as possible. 
> > > 
> > > See for instance the idmapper changes in 3.5 which are totally
> > > transparent to the user: if the admin sets up /etc/request-key.conf to
> > > use the new id_resolver, then that works, otherwise we just fall back to
> > > using the old rpc.idmapd method. There are no module parameters etc
> > > involved.
> > 
> > There's a module parameter here, but it's meant to be set by gssproxy to
> > indicate it's listening for the new upcall.  In theory that should make
> > the transition transparent.
> > 
> > However, if we need to make the choice per-namespace then we need to
> > find some other mechanism (assuming there's no way to make module
> > parameters per-namespace.)
> 
> So, perhaps something like: if the cache "channel" file for the
> namespace associated with the current request isn't opened, then try the
> new upcall.

Looking at that a little longer: the channel file could be temporarily
without any opens.  (For example, svcgssd could be restarted--not
normal, but it's always been possible before.)  We probably could
temporarily switch to the new upcall and then back without losing
anything, but it all sounds complicated.

The module parameter won't work any more, and obviously module init
isn't the right time to set everything up.

So my current thought is to give gssproxy some other way it can signal
its presence using a write to a special file.  (Maybe a new file under
nfsd/, or maybe a write of a special value to one of the existing cache
files.)

However, one hangup: figuring out how to switch on gssproxy
per-container isn't very interesting until gssproxy can actually work
per-container.  I'd *really* like to get the unix socket stuff worked
out first.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Wed, Aug 08, 2012 at 03:36:59PM -0400, J. Bruce Fields wrote:
> However, one hangup: figuring out how to switch on gssproxy
> per-container isn't very interesting until gssproxy can actually work
> per-container.  I'd *really* like to get the unix socket stuff worked
> out first.

Stanislav, what's left to be done to get per-container unix sockets?

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Stanislav Kinsbursky]

08.08.2012 23:43, J. Bruce Fields пишет:
> On Wed, Aug 08, 2012 at 03:36:59PM -0400, J. Bruce Fields wrote:
>> However, one hangup: figuring out how to switch on gssproxy
>> per-container isn't very interesting until gssproxy can actually work
>> per-container.  I'd *really* like to get the unix socket stuff worked
>> out first.
> Stanislav, what's left to be done to get per-container unix sockets?

Honestly, I haven't even started this task.
But if it's up to me, I'll try to measureit's complexity tomorrow.
The task itself doesn't look too complex at first sight.
But anyway it's inclusion depends also on network developers comunity 
resolution.

>
> --b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

One other question for Stanislav: I assume module parameters are global,
and that there's no plan to try to make them per-container?

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Myklebust, Trond]

T24gVHVlLCAyMDEyLTA4LTIxIGF0IDEwOjE2IC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IE9uZSBvdGhlciBxdWVzdGlvbiBmb3IgU3RhbmlzbGF2OiBJIGFzc3VtZSBtb2R1bGUgcGFy
YW1ldGVycyBhcmUgZ2xvYmFsLA0KPiBhbmQgdGhhdCB0aGVyZSdzIG5vIHBsYW4gdG8gdHJ5IHRv
IG1ha2UgdGhlbSBwZXItY29udGFpbmVyPw0KDQpVcmdoLi4uIFBlci1jb250YWluZXIgbW9kdWxl
cz8gVGhhdCB3b3VsZCBiZSB0ZXJyaWJsZS4uLg0KDQotLSANClRyb25kIE15a2xlYnVzdA0KTGlu
dXggTkZTIGNsaWVudCBtYWludGFpbmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFw
cC5jb20NCnd3dy5uZXRhcHAuY29tDQoNCg==

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Tue, Aug 21, 2012 at 02:25:56PM +0000, Myklebust, Trond wrote:
> On Tue, 2012-08-21 at 10:16 -0400, J. Bruce Fields wrote:
> > One other question for Stanislav: I assume module parameters are global,
> > and that there's no plan to try to make them per-container?
> 
> Urgh... Per-container modules? That would be terrible...

Well, of course, but if module parameters can be modified
post-module-install then in theory those modifications could be made to
take effect only per namespace.  (But which namespace?)  I wouldn't be
surprised if the whole idea makes no sense, though, I haven't thought
about it.

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Stanislav Kinsbursky]

21.08.2012 18:16, J. Bruce Fields пишет:
> One other question for Stanislav: I assume module parameters are global,
> and that there's no plan to try to make them per-container?
>

Yep, they will remain global. There may be some options, if you can tune them 
somehow (using sysctl or whatever). But currently I don't think, that module 
parameters should be containerized.

> --b.
>


-- 
Best regards,
Stanislav Kinsbursky

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Stanislav Kinsbursky]

08.08.2012 23:43, J. Bruce Fields пишет:
> On Wed, Aug 08, 2012 at 03:36:59PM -0400, J. Bruce Fields wrote:
>> However, one hangup: figuring out how to switch on gssproxy
>> per-container isn't very interesting until gssproxy can actually work
>> per-container.  I'd *really* like to get the unix socket stuff worked
>> out first.
>
> Stanislav, what's left to be done to get per-container unix sockets?
>

I've sent patches for review:
"net: connect to UNIX sockets from specified root"

> --b.
>


-- 
Best regards,
Stanislav Kinsbursky

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Simo Sorce]

On Tue, 2012-07-10 at 21:52 +0000, Myklebust, Trond wrote:
> On Tue, 2012-07-10 at 16:49 -0400, J. Bruce Fields wrote:
> > On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > > This patchset implements a new upcall mechanism that uses the sunrpc
> > > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > > operations on behalf of other processes on the system.
> > > 
> > > The main driver for this new mechanism is to overcome limitations with
> > > the current daemon and upcall. The current code cannot handle tickets
> > > larger than approximatively 2k and cannot handle sending back large user
> > > credential sets to the kernel.
> > > 
> > > These patches have been tested against the development version of gssproxy
> > > tagged as kernel_v0.1 in the master repo[2].
> > > 
> > > I have tested walking into mountpoints using tickets artificially pumped
> > > up to 64k and the user is properly authorized, after the accept_se_context
> > > call is performed through the new upcall mechanism and gssproxy.
> > > 
> > > The gssproxy has the potential of handling also init_sec_context calls,
> > > but at the moment the only targeted system is nfsd.
> > 
> > OK, absent objections from anyone else I'm commiting these for 3.6 and
> > pushing them out soon pending some regression testing.  Thanks!
> 
> Please test that the NFSv4 backchannel continues to work unchanged with
> the existing rpc.svcgssd before you commit.
> 
> I don't care what happens to the NFS server, but I do expect all
> existing NFSv4 client setups to work without any need for changes.

This change is optional and need to be explicitly activate by loading
the rpc_gsssec module with a parameter that enables the new method.

If you do not do that it keeps using the legacy method which uses
rpc.svcgssd

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[J. Bruce Fields]

On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> This patchset implements a new upcall mechanism that uses the sunrpc
> client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> operations on behalf of other processes on the system.
> 
> The main driver for this new mechanism is to overcome limitations with
> the current daemon and upcall. The current code cannot handle tickets
> larger than approximatively 2k and cannot handle sending back large user
> credential sets to the kernel.
> 
> These patches have been tested against the development version of gssproxy
> tagged as kernel_v0.1 in the master repo[2].
> 
> I have tested walking into mountpoints using tickets artificially pumped
> up to 64k and the user is properly authorized, after the accept_se_context
> call is performed through the new upcall mechanism and gssproxy.
> 
> The gssproxy has the potential of handling also init_sec_context calls,
> but at the moment the only targeted system is nfsd.

Something I forgot to ask about.  (Or I did ask and forgot to take notes
on the answer!): how is gssproxy doing the principal->(uid, gid's)
mapping?

(svcgssd uses libnfsidmap--which I don't particularly like, but if
gssproxy is doing something different then we need to figure out how the
transition will work).

--b.

Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd

[Simo Sorce]

On Fri, 2012-07-13 at 11:45 -0400, J. Bruce Fields wrote:
> On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > This patchset implements a new upcall mechanism that uses the sunrpc
> > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > operations on behalf of other processes on the system.
> > 
> > The main driver for this new mechanism is to overcome limitations with
> > the current daemon and upcall. The current code cannot handle tickets
> > larger than approximatively 2k and cannot handle sending back large user
> > credential sets to the kernel.
> > 
> > These patches have been tested against the development version of gssproxy
> > tagged as kernel_v0.1 in the master repo[2].
> > 
> > I have tested walking into mountpoints using tickets artificially pumped
> > up to 64k and the user is properly authorized, after the accept_se_context
> > call is performed through the new upcall mechanism and gssproxy.
> > 
> > The gssproxy has the potential of handling also init_sec_context calls,
> > but at the moment the only targeted system is nfsd.
> 
> Something I forgot to ask about.  (Or I did ask and forgot to take notes
> on the answer!): how is gssproxy doing the principal->(uid, gid's)
> mapping?
> 
> (svcgssd uses libnfsidmap--which I don't particularly like, but if
> gssproxy is doing something different then we need to figure out how the
> transition will work).

At the moment gss-proxy uses the standard gss_localname() function to
find out what user a principal maps to. Then a normal getpwnam() to get
the user's ids followed by a getgrouplist() for the groups.

I thought of using libnfsidmap but to be honest it makes little sense,
it is its own island of configuration that is different from the rest of
the system and I could not figure out why nfs should behave differently
from the rest of the system.

If there is a good reason I can link against the library in gss-proxy,
although I'd rather take the ball for unifying mapping so that it
behaves uniformly across the system rather than keeping custom mappings
that may different between apps and filesystem.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York