#define GSS_CREDCACHE_EXPIRE (30 * 60) /* 30 minute */
-#define GSS_TIMEOUT_DELTA (5)
-#define CRED_REFRESH_UPCALL_TIMEOUT \
- ({ \
- int timeout = obd_timeout - GSS_TIMEOUT_DELTA; \
- \
- if (timeout < GSS_TIMEOUT_DELTA * 2) \
- timeout = GSS_TIMEOUT_DELTA * 2; \
- timeout; \
- })
-#define SECINIT_RPC_TIMEOUT \
- ({ \
- int timeout = CRED_REFRESH_UPCALL_TIMEOUT - \
- GSS_TIMEOUT_DELTA; \
- if (timeout < GSS_TIMEOUT_DELTA) \
- timeout = GSS_TIMEOUT_DELTA; \
- timeout; \
- })
-#define SECFINI_RPC_TIMEOUT (GSS_TIMEOUT_DELTA)
-
-
/**********************************************
* gss security init/fini helper *
**********************************************/
p = (__u32 *) buf_to_sec_data(repbuf);
effective = 0;
- status = le32_to_cpu(*p++);
+ p += 2; /* skip the leading unused bytes */
+ seq = le32_to_cpu(*p++);
major = le32_to_cpu(*p++);
minor = le32_to_cpu(*p++);
- seq = le32_to_cpu(*p++);
+ status = 0;
+
effective += 4 * 4;
if (copy_to_user(outbuf, &status, 4))
struct gss_sec {
struct ptlrpc_sec gs_base;
struct gss_api_mech *gs_mech;
-#ifdef __KERNEL__
spinlock_t gs_lock;
struct list_head gs_upcalls;
char *gs_pipepath;
struct dentry *gs_depipe;
-#endif
};
-#ifdef __KERNEL__
-
-static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED;
-
struct gss_upcall_msg_data {
__u64 gum_pag;
__u32 gum_uid;
struct gss_upcall_msg_data gum_data;
};
+#ifdef __KERNEL__
+static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED;
/**********************************************
* rpc_pipe upcall helpers *
**********************************************/
#else
/* XXX */
if (!list_empty(&gmsg->gum_base.list)) {
+ int error = gmsg->gum_base.errno;
+
CWARN("msg %p: list: %p/%p/%p, copied %d, err %d, wq %d\n",
- gmsg, &gmsg->gum_base.list,
- gmsg->gum_base.list.prev, gmsg->gum_base.list.next,
- gmsg->gum_base.copied, gmsg->gum_base.errno,
+ gmsg, &gmsg->gum_base.list, gmsg->gum_base.list.prev,
+ gmsg->gum_base.list.next, gmsg->gum_base.copied, error,
list_empty(&gmsg->gum_waitq.task_list));
LBUG();
}
static void
gss_unhash_msg_nolock(struct gss_upcall_msg *gmsg)
{
-#if defined(CONFIG_SMP)
- LASSERT(spin_is_locked(&gmsg->gum_gsec->gs_lock));
-#endif
+ LASSERT_SPIN_LOCKED(&gmsg->gum_gsec->gs_lock);
if (list_empty(&gmsg->gum_list))
return;
struct gss_upcall_msg *gmsg;
ENTRY;
-#if defined(CONFIG_SMP)
- LASSERT(spin_is_locked(&gsec->gs_lock));
-#endif
+ LASSERT_SPIN_LOCKED(&gsec->gs_lock);
list_for_each_entry(gmsg, &gsec->gs_upcalls, gum_list) {
if (memcmp(&gmsg->gum_data, gmd, sizeof(*gmd)))
}
#endif /* __KERNEL__ */
+/* this seems to be used only from userspace code */
+#ifndef __KERNEL__
/********************************************
* gss cred manipulation helpers *
********************************************/
-#if 0
static
int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred)
{
#endif
static inline
-struct gss_cl_ctx * gss_get_ctx(struct gss_cl_ctx *ctx)
+struct gss_cl_ctx *gss_get_ctx(struct gss_cl_ctx *ctx)
{
atomic_inc(&ctx->gc_refcount);
return ctx;
gmd.gum_nid = import->imp_connection->c_peer.peer_id.nid;
obdtype = import->imp_obd->obd_type->typ_name;
- if (!strcmp(obdtype, "mdc"))
+ if (!strcmp(obdtype, OBD_MDC_DEVICENAME))
gmd.gum_svc = LUSTRE_GSS_SVC_MDS;
- else if (!strcmp(obdtype, "osc"))
+ else if (!strcmp(obdtype, OBD_OSC_DEVICENAME))
gmd.gum_svc = LUSTRE_GSS_SVC_OSS;
else {
CERROR("gss on %s?\n", obdtype);
}
#else /* !__KERNEL__ */
extern int lgss_handle_krb5_upcall(uid_t uid, __u32 dest_ip,
- char *obd_name,
- char *buf, int bufsize,
+ char *obd_name, char *buf, int bufsize,
int (*callback)(char*, unsigned long));
static int gss_cred_refresh(struct ptlrpc_cred *cred)
struct gss_sec *gsec;
struct gss_api_mech *mech;
struct gss_cl_ctx *ctx = NULL;
- struct vfs_cred vcred = { 0 };
ptl_nid_t peer_nid;
__u32 dest_ip;
__u32 subflavor;
int rc, gss_err;
+ struct gss_upcall_msg_data gmd = { 0 };
LASSERT(cred);
LASSERT(cred->pc_sec);
imp = cred->pc_sec->ps_import;
peer_nid = imp->imp_connection->c_peer.peer_id.nid;
dest_ip = (__u32) (peer_nid & 0xFFFFFFFF);
- subflavor = cred->pc_sec->ps_flavor.subflavor;
+ subflavor = cred->pc_sec->ps_flavor;
- if (subflavor != PTLRPC_SEC_GSS_KRB5I) {
+ if (subflavor != PTLRPCS_SUBFLVR_KRB5I) {
CERROR("unknown subflavor %u\n", subflavor);
GOTO(err_out, rc = -EINVAL);
}
gsec = container_of(cred->pc_sec, struct gss_sec, gs_base);
mech = gsec->gs_mech;
LASSERT(mech);
- rc = gss_parse_init_downcall(mech, &obj, &ctx, &vcred, &dest_ip,
+
+ rc = gss_parse_init_downcall(mech, &obj, &ctx, &gmd,
&gss_err);
if (rc || gss_err) {
CERROR("parse init downcall: rpc %d, gss 0x%x\n", rc, gss_err);
*/
if (major == GSS_S_NO_CONTEXT ||
major == GSS_S_BAD_SIG) {
- CWARN("req %p: server report cred %p %s, expired?\n",
+ CWARN("req %p: server report cred %p %s\n",
req, cred, (major == GSS_S_NO_CONTEXT) ?
"NO_CONTEXT" : "BAD_SIG");
{
struct gss_sec *gsec;
struct ptlrpc_sec *sec;
+ uid_t save_uid;
+
#ifdef __KERNEL__
char *pos;
int pipepath_len;
- uid_t save_uid;
#endif
ENTRY;