linux/net/sunrpc/netns.h
Simo Sorce 030d794bf4 SUNRPC: Use gssproxy upcall for server RPCGSS authentication.
The main advantge of this new upcall mechanism is that it can handle
big tickets as seen in Kerberos implementations where tickets carry
authorization data like the MS-PAC buffer with AD or the Posix Authorization
Data being discussed in IETF on the krbwg working group.

The Gssproxy program is used to perform the accept_sec_context call on the
kernel's behalf. The code is changed to also pass the input buffer straight
to upcall mechanism to avoid allocating and copying many pages as tokens can
be as big (potentially more in future) as 64KiB.

Signed-off-by: Simo Sorce <simo@redhat.com>
[bfields: containerization, negotiation api]
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-04-26 11:41:28 -04:00

40 lines
849 B
C

#ifndef __SUNRPC_NETNS_H__
#define __SUNRPC_NETNS_H__
#include <net/net_namespace.h>
#include <net/netns/generic.h>
struct cache_detail;
struct sunrpc_net {
struct proc_dir_entry *proc_net_rpc;
struct cache_detail *ip_map_cache;
struct cache_detail *unix_gid_cache;
struct cache_detail *rsc_cache;
struct cache_detail *rsi_cache;
struct super_block *pipefs_sb;
struct mutex pipefs_sb_lock;
struct list_head all_clients;
spinlock_t rpc_client_lock;
struct rpc_clnt *rpcb_local_clnt;
struct rpc_clnt *rpcb_local_clnt4;
spinlock_t rpcb_clnt_lock;
unsigned int rpcb_users;
struct mutex gssp_lock;
wait_queue_head_t gssp_wq;
struct rpc_clnt *gssp_clnt;
int use_gss_proxy;
struct proc_dir_entry *use_gssp_proc;
};
extern int sunrpc_net_id;
int ip_map_cache_create(struct net *);
void ip_map_cache_destroy(struct net *);
#endif