Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1333122rwr;
        Thu, 20 Apr 2023 13:24:15 -0700 (PDT)
X-Google-Smtp-Source: AKy350axitSLy+QwhxaDmXPaL+K0+keoqHcztXLYSxhJlY1vBo0sWeRuQC4veRnE8iC82FoeuSLj
X-Received: by 2002:a17:902:aa87:b0:1a4:fc40:bef6 with SMTP id d7-20020a170902aa8700b001a4fc40bef6mr2421366plr.36.1682022254765;
        Thu, 20 Apr 2023 13:24:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682022254; cv=none;
        d=google.com; s=arc-20160816;
        b=Cbuv99TmPD6K5TKhzZMR8eiBH+yvVxeJbStW552sCGLdANa8wYms1iFq0W+YZom75E
         P7C0VgaMTTTL1Vcub0kQpc4TJP2SYeSIxYUphGPAoo47KykKhUuX0aX4ZgVYnUjFAkJp
         QMRmgW0kEurhZ8/5w6o9EaXJyY6Iwb5A5EbsdJnY+fNPeZfzuDpJ3Kq3RTdJRCLTa4KK
         557GCDmqRBxwE46MG9WUYCncE2Su6P3ftLJi97l2KPzYVc/sVHRtIqcyZzJDgPyzcPeO
         Cr7iiagvuGjqQo/PGZsYGpHSSuNLe66G/SYnjhJssMrfjmrfAjkDlvLR1DtjGrpbIkkx
         gyng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:to:from:dkim-signature;
        bh=0UKMauEOX4K8knGNCGpDmavHegSuS0xNqW48pXYHNIk=;
        b=gGp/LzplKc4/uKzmN6Qg1OSeVb5D7Vjk2FgtP26D71CrWoCljdrpYNqLi2PfU235XQ
         rzsOLsGWo9bKdIDNRehnu4HvIaUjJKIFWZdGDnUi4RHK6595xgto2LDRJh8dBWAHruaQ
         x7L+jE+Abq+X9rfA27MtxxCG1/k4wcnW0dqqXXw3StYqn+F2JSBs0c0Bt6DJRuVrySWZ
         uEPVaIAl3wk+4YbW7qEHULxdaQ5ZMT1QSFGVoAzMWi0TaDpqwxr/s+lm2HMMoPHM/Z4u
         QBPNhnkZPWYNpnVF7pVHXSyEcOfSW5SbKWry/KOgB/4XUTF4w5puOvHDUhi3fbsWgFyJ
         lh1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Eq9vTLQy;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ce21-20020a17090aff1500b00246bdd45f1csi2701579pjb.33.2023.04.20.13.23.34;
        Thu, 20 Apr 2023 13:24:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Eq9vTLQy;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231646AbjDTUUy (ORCPT <rfc822;malloryweidemann2@gmail.com>
        + 99 others); Thu, 20 Apr 2023 16:20:54 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41994 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229772AbjDTUUw (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Thu, 20 Apr 2023 16:20:52 -0400
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F64A1FF0
        for <linux-nfs@vger.kernel.org>; Thu, 20 Apr 2023 13:20:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1682022006;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=0UKMauEOX4K8knGNCGpDmavHegSuS0xNqW48pXYHNIk=;
        b=Eq9vTLQyTqEoPTwknPUKdAkrRbiMh/dPncXxCMzMazSCK4uZ/+kCk7r3/gC6lGXfCXV7qC
        j/CSE+Y+ix7YJoipGMxQLzpvKQk6JvFgsDLIMjDFBRi8k//zsUBQPWO/wJaAwCh7RpX7FM
        1LDFXzS862hU+DQ4i75ckcKnqs/QJsc=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-106-yeFmiqVCPVyWnWOJfS4mxA-1; Thu, 20 Apr 2023 16:20:05 -0400
X-MC-Unique: yeFmiqVCPVyWnWOJfS4mxA-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1054A85A588;
        Thu, 20 Apr 2023 20:20:05 +0000 (UTC)
Received: from aion.usersys.redhat.com (unknown [10.22.16.241])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 0338A2026D3C;
        Thu, 20 Apr 2023 20:20:05 +0000 (UTC)
Received: by aion.usersys.redhat.com (Postfix, from userid 1000)
        id 9724B1A27F5; Thu, 20 Apr 2023 16:20:04 -0400 (EDT)
From:   Scott Mayhew <smayhew@redhat.com>
To:     linux-nfs@vger.kernel.org, keyrings@vger.kernel.org
Subject: [RFC PATCH 0/5] SUNRPC: Add option to store GSS credentials in
Date:   Thu, 20 Apr 2023 16:19:59 -0400
Message-Id: <20230420202004.239116-1-smayhew@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

These patches are a work in progress.  They add the option to store GSS
credentials in user keyrings as an alternative to the credential cache
hashtables that are currently used.  The goal is to give users the
ability to destroy their credentials on-demand.

There have been other attempts to give users the ability to destroy
their GSS credentials in the past, for example:

https://lore.kernel.org/all/1354560315-2393-2-git-send-email-andros@netapp.com/T/
and
https://lore.kernel.org/linux-nfs/20170807212355.29127-1-kolga@netapp.com/

But those attempts were not accepted, so I wanted to get some feedback
on what I currently have before trying to tackle some of the more thorny
issues, such as what to do when a user has files open for write,
potentially with dirty data to be written out.

These patches are also available at:
https://github.com/scottmayhew/linux/tree/gss-cred-keyring

Here's a quick demo:

[smayhew@centos9 ~]$ sudo mount nfs:/export /mnt/t
[smayhew@centos9 ~]$ ls -l /mnt/t/test[12]
-rw-r--r--. 1 testuser1 testuser1 32 Apr 20 15:34 /mnt/t/test1
-rw-r--r--. 1 testuser2 testuser2 32 Apr 20 15:33 /mnt/t/test2

[smayhew@centos9 ~]$ kinit testuser1
Password for testuser1@SMAYHEW2.TEST: 

[smayhew@centos9 ~]$ date >/mnt/t/test1

[smayhew@centos9 ~]$ keyctl show
Session Keyring
 400651412 --alswrv   1000  1000  keyring: _ses
 376802674 --alswrv   1000 65534   \_ keyring: _uid.1000
 297894262 --als--v   1000  1000       \_ gss_cred: clid:1 id:1000 princ:(none)

[smayhew@centos9 ~]$ date >/mnt/t/test2
-bash: /mnt/t/test2: Permission denied

[smayhew@centos9 ~]$ kinit testuser2
Password for testuser2@SMAYHEW2.TEST: 

[smayhew@centos9 ~]$ keyctl unlink 297894262
1 links removed

Note: At this point the old gss_cred hasn't actually been destroyed,
because the key that is referencing it is also linked to a special
keyring hanging off the gss_auth structure.  When the user creates a new
gss_cred and the key referencing the new gss_cred is linked to the
gss_auth keyring, that causes the old gss_cred to be destroyed and a 
RPCSEC_GSS_DESTROY is sent to the server.  If the user were to unlink
their gss_cred key and do nothing else, then the cred would be destroyed
when the gss_auth is destroyed (i.e. on umount).

[smayhew@centos9 ~]$ keyctl show
Session Keyring
 400651412 --alswrv   1000  1000  keyring: _ses
 376802674 --alswrv   1000 65534   \_ keyring: _uid.1000

[smayhew@centos9 ~]$ date >/mnt/t/test2

[smayhew@centos9 ~]$ keyctl show
Session Keyring
 400651412 --alswrv   1000  1000  keyring: _ses
 376802674 --alswrv   1000 65534   \_ keyring: _uid.1000
  83204766 --als--v   1000  1000       \_ gss_cred: clid:1 id:1000 princ:(none)

[smayhew@centos9 ~]$ date >/mnt/t/test1
-bash: /mnt/t/test1: Permission denied

-Scott

Scott Mayhew (5):
  keys: export keyring_ptr_to_key()
  keys: add keyring_gc_custom()
  keys: add dest_keyring parameter to request_key_with_auxdata()
  keys: add the ability to search user keyrings in
    search_cred_keyrings_rcu()
  SUNRPC: store GSS creds in keyrings

 fs/nfs/nfs4idmap.c             |   2 +-
 include/linux/key.h            |   9 +-
 include/linux/sunrpc/auth.h    |   4 +-
 include/trace/events/rpcgss.h  |  46 ++++-
 net/sunrpc/auth.c              |   9 +-
 net/sunrpc/auth_gss/auth_gss.c | 338 +++++++++++++++++++++++++++++++--
 security/keys/internal.h       |   1 +
 security/keys/keyring.c        |  16 +-
 security/keys/process_keys.c   |  78 ++++++--
 security/keys/request_key.c    |   5 +-
 10 files changed, 470 insertions(+), 38 deletions(-)

-- 
2.39.2