[PATCH] kNFSd: Add minimal server-side support for rpcsec_gss.

From: NeilBrown <neilb@cse.unsw.edu.au>

From: "J. Bruce Fields" <bfields@fieldses.org>

Note that the user (or exportfs, on the user's behalf) allows a gss
pseudoflavor to be used to access an export by exporting to a special client
named "gss/pseudoflavor-name", e.g., "gss/krb5" or "gss/lipkey-i".

5 files changed, 44 insertions, 2 deletions

diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index 1006c4fd6a99..adaff41d3a5e 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -62,8 +62,6 @@ struct rpc_gss_init_res {
 	struct xdr_netobj	gr_token;	/* token */
 };
 
-#define GSS_SEQ_WIN	5
-
 /* The gss_cl_ctx struct holds all the information the rpcsec_gss client
  * code needs to know about a single security context.  In particular,
  * gc_gss_ctx is the context handle that is used to do gss-api calls, while
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index cbb60ac22fd4..e24f9c0bafd1 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -120,6 +120,9 @@ int gss_mech_unregister_all(void);
  * reference count. */
 struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *);
 
+/* Similar, but get by name like "krb5", "spkm", etc., instead of OID. */
+struct gss_api_mech *gss_mech_get_by_name(char *);
+
 /* Just increments the mechanism's reference count and returns its input: */
 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
 
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 8886ee64fe69..980f2a4e4899 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -135,6 +135,7 @@ struct svc_rqst {
 
 	void *			rq_argp;	/* decoded arguments */
 	void *			rq_resp;	/* xdr'd results */
+	void *			rq_auth_data;	/* flavor-specific data */
 
 	int			rq_reserved;	/* space on socket outq
 						 * reserved for this request
diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
index ed0f6c91b61b..36bcc5ed72d0 100644
--- a/include/linux/sunrpc/svcauth.h
+++ b/include/linux/sunrpc/svcauth.h
@@ -66,6 +66,10 @@ struct auth_domain {
  *      GARBAGE - rpc garbage_args error
  *      SYSERR - rpc system_err error
  *      DENIED - authp holds reason for denial.
+ *      COMPLETE - the reply is encoded already and ready to be sent; no
+ *		further processing is necessary.  (This is used for processing
+ *		null procedure calls which are used to set up encryption
+ *		contexts.)
  *
  *   accept is passed the proc number so that it can accept NULL rpc requests
  *   even if it cannot authenticate the client (as is sometimes appropriate).
@@ -98,6 +102,7 @@ extern struct auth_ops	*authtab[RPC_AUTH_MAXFLAVOR];
 #define	SVC_DROP	6
 #define	SVC_DENIED	7
 #define	SVC_PENDING	8
+#define	SVC_COMPLETE	9
 
 
 extern int	svc_authenticate(struct svc_rqst *rqstp, u32 *authp);
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h
new file mode 100644
index 000000000000..73ca6ef2c4a8
--- /dev/null
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -0,0 +1,35 @@
+/*
+ * linux/include/linux/svcauth_gss.h
+ *
+ * Bruce Fields <bfields@umich.edu>
+ * Copyright (c) 2002 The Regents of the Unviersity of Michigan
+ *
+ * $Id$
+ *
+ */
+
+#ifndef _LINUX_SUNRPC_SVCAUTH_GSS_H
+#define _LINUX_SUNRPC_SVCAUTH_GSS_H
+
+#ifdef __KERNEL__
+#include <linux/sched.h>
+#include <linux/sunrpc/types.h>
+#include <linux/sunrpc/xdr.h>
+#include <linux/sunrpc/svcauth.h>
+#include <linux/sunrpc/svcsock.h>
+#include <linux/sunrpc/auth_gss.h>
+
+int gss_svc_init(void);
+int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
+
+
+struct gss_svc_data {
+	/* decoded gss client cred: */
+	struct rpc_gss_wire_cred	clcred;
+	/* pointer to the beginning of the procedure-specific results, which
+	 * may be encrypted/checksummed in svcauth_gss_release: */
+	u32				*body_start;
+};
+
+#endif /* __KERNEL__ */
+#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */