/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
* vim:expandtab:shiftwidth=8:tabstop=8:
*
- * Copyright (C) 2007 Cluster File Systems, Inc.
- * Author: Eric Mei <ericm@clusterfs.com>
+ * GPL HEADER START
*
- * This file is part of Lustre, http://www.lustre.org.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
- * Lustre is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 only,
+ * as published by the Free Software Foundation.
*
- * Lustre is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License version 2 for more details (a copy is included
+ * in the LICENSE file that accompanied this code).
*
- * You should have received a copy of the GNU General Public License
- * along with Lustre; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; If not, see
+ * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ * GPL HEADER END
+ */
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved
+ * Use is subject to license terms.
+ */
+/*
+ * This file is part of Lustre, http://www.lustre.org/
+ * Lustre is a trademark of Sun Microsystems, Inc.
+ *
+ * lustre/ptlrpc/gss/gss_keyring.c
+ *
+ * Author: Eric Mei <ericm@clusterfs.com>
*/
#ifndef EXPORT_SYMTAB
/*
* the timeout is only for the case that upcall child process die abnormally.
- * in any other cases it should finally update kernel key. so we set this
- * timeout value excessive long.
+ * in any other cases it should finally update kernel key.
+ *
+ * FIXME we'd better to incorporate the client & server side upcall timeouts
+ * into the framework of Adaptive Timeouts, but we need to figure out how to
+ * make sure that kernel knows the upcall processes is in-progress or died
+ * unexpectedly.
*/
#define KEYRING_UPCALL_TIMEOUT (obd_timeout + obd_timeout)
{
struct hlist_node *pos, *next;
struct ptlrpc_cli_ctx *ctx;
+ struct gss_cli_ctx *gctx;
hlist_for_each_entry_safe(ctx, pos, next, freelist, cc_cache) {
hlist_del_init(&ctx->cc_cache);
+ /* reverse ctx: update current seq to buddy svcctx if exist.
+ * ideally this should be done at gss_cli_ctx_finalize(), but
+ * the ctx destroy could be delayed by:
+ * 1) ctx still has reference;
+ * 2) ctx destroy is asynchronous;
+ * and reverse import call inval_all_ctx() require this be done
+ *_immediately_ otherwise newly created reverse ctx might copy
+ * the very old sequence number from svcctx. */
+ gctx = ctx2gctx(ctx);
+ if (!rawobj_empty(&gctx->gc_svc_handle) &&
+ sec_is_reverse(gctx->gc_base.cc_sec)) {
+ gss_svc_upcall_update_sequence(&gctx->gc_svc_handle,
+ (__u32) atomic_read(&gctx->gc_seq));
+ }
+
/* we need to wakeup waiting reqs here. the context might
* be forced released before upcall finished, then the
* late-arrived downcall can't find the ctx even. */
co_flags, import_to_gss_svc(imp),
imp->imp_connection->c_peer.nid, imp->imp_obd->obd_name);
+ CDEBUG(D_SEC, "requesting key for %s\n", desc);
+
keyring_upcall_lock(gsec_kr);
key = request_key(&gss_key_type, desc, coinfo);
keyring_upcall_unlock(gsec_kr);
CERROR("failed request key: %ld\n", PTR_ERR(key));
goto out;
}
+ CDEBUG(D_SEC, "obtained key %08x for %s\n", key->serial, desc);
/* once payload.data was pointed to a ctx, it never changes until
* we de-associate them; but parallel request_key() may return
for (;;) {
key = request_key(&gss_key_type, desc, NULL);
if (IS_ERR(key)) {
- CWARN("No more key found for current user\n");
+ CDEBUG(D_SEC, "No more key found for current user\n");
break;
}
LASSERT(atomic_read(&ctx->cc_refcount) > 0);
LASSERT(ctx->cc_sec);
- CWARN("ctx %p(%d)\n", ctx, atomic_read(&ctx->cc_refcount));
cli_ctx_expire(ctx);
kill_ctx_kr(ctx);
}
ENTRY;
if (data != NULL || datalen != 0) {
- CERROR("invalid: data %p, len %d\n", data, datalen);
+ CERROR("invalid: data %p, len "LPSZ"\n", data, datalen);
RETURN(-EINVAL);
}
struct ptlrpc_cli_ctx *ctx = key->payload.data;
struct gss_cli_ctx *gctx;
rawobj_t tmpobj = RAWOBJ_EMPTY;
+ __u32 datalen32 = (__u32) datalen;
int rc;
ENTRY;
if (data == NULL || datalen == 0) {
- CWARN("invalid: data %p, len %d\n", data, datalen);
+ CWARN("invalid: data %p, len "LPSZ"\n", data, datalen);
RETURN(-EINVAL);
}
sptlrpc_cli_ctx_get(ctx);
gctx = ctx2gctx(ctx);
- rc = buffer_extract_bytes(&data, &datalen, &gctx->gc_win,
+ rc = buffer_extract_bytes(&data, &datalen32, &gctx->gc_win,
sizeof(gctx->gc_win));
if (rc) {
CERROR("failed extract seq_win\n");
if (gctx->gc_win == 0) {
__u32 nego_rpc_err, nego_gss_err;
- rc = buffer_extract_bytes(&data, &datalen, &nego_rpc_err,
+ rc = buffer_extract_bytes(&data, &datalen32, &nego_rpc_err,
sizeof(nego_rpc_err));
if (rc) {
CERROR("failed to extrace rpc rc\n");
goto out;
}
- rc = buffer_extract_bytes(&data, &datalen, &nego_gss_err,
+ rc = buffer_extract_bytes(&data, &datalen32, &nego_gss_err,
sizeof(nego_gss_err));
if (rc) {
CERROR("failed to extrace gss rc\n");
rc = nego_rpc_err ? nego_rpc_err : -EACCES;
} else {
rc = rawobj_extract_local_alloc(&gctx->gc_handle,
- (__u32 **) &data, &datalen);
+ (__u32 **) &data, &datalen32);
if (rc) {
CERROR("failed extract handle\n");
goto out;
}
- rc = rawobj_extract_local(&tmpobj, (__u32 **) &data, &datalen);
+ rc = rawobj_extract_local(&tmpobj, (__u32 **) &data,&datalen32);
if (rc) {
CERROR("failed extract mech\n");
goto out;