#include "gss_internal.h"
#include "gss_api.h"
+#define LUSTRE_PIPEDIR "/lustre"
+
#define GSS_CREDCACHE_EXPIRE (30 * 60) /* 30 minute */
-/* not used now */
-#if 0
-#define GSS_CRED_EXPIRE (8 * 60 * 60) /* 8 hours */
-#define GSS_CRED_SIGN_SIZE (1024)
-#define GSS_CRED_VERIFY_SIZE (56)
-#endif
-#define LUSTRE_PIPEDIR "/lustre"
+#define GSS_TIMEOUT_DELTA (5)
+#define CRED_REFRESH_UPCALL_TIMEOUT \
+ ({ \
+ int timeout = obd_timeout - GSS_TIMEOUT_DELTA; \
+ \
+ if (timeout < GSS_TIMEOUT_DELTA * 2) \
+ timeout = GSS_TIMEOUT_DELTA * 2; \
+ timeout; \
+ })
+#define SECINIT_RPC_TIMEOUT \
+ ({ \
+ int timeout = CRED_REFRESH_UPCALL_TIMEOUT - \
+ GSS_TIMEOUT_DELTA; \
+ if (timeout < GSS_TIMEOUT_DELTA) \
+ timeout = GSS_TIMEOUT_DELTA; \
+ timeout; \
+ })
+#define SECFINI_RPC_TIMEOUT (GSS_TIMEOUT_DELTA)
+
/**********************************************
* gss security init/fini helper *
**********************************************/
-#define SECINIT_RPC_TIMEOUT (30)
-#define SECFINI_RPC_TIMEOUT (10)
-
static int secinit_compose_request(struct obd_import *imp,
char *buf, int bufsize,
int lustre_srv,
static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED;
struct gss_upcall_msg_data {
+ __u64 gum_pag;
__u32 gum_uid;
__u32 gum_svc;
__u32 gum_nal;
return;
}
LASSERT(list_empty(&gmsg->gum_list));
+#if 0
LASSERT(list_empty(&gmsg->gum_base.list));
+#else
+ /* XXX */
+ if (!list_empty(&gmsg->gum_base.list)) {
+ CWARN("msg %p: list: %p/%p/%p, copied %d, err %d, wq %d\n",
+ gmsg, &gmsg->gum_base.list,
+ gmsg->gum_base.list.prev, gmsg->gum_base.list.next,
+ gmsg->gum_base.copied, gmsg->gum_base.errno,
+ list_empty(&gmsg->gum_waitq.task_list));
+ LBUG();
+ }
+#endif
OBD_FREE(gmsg, sizeof(*gmsg));
EXIT;
}
static void
gss_unhash_msg_nolock(struct gss_upcall_msg *gmsg)
{
- ENTRY;
- if (list_empty(&gmsg->gum_list)) {
- EXIT;
+ LASSERT_SPIN_LOCKED(&gmsg->gum_gsec->gs_lock);
+
+ if (list_empty(&gmsg->gum_list))
return;
- }
list_del_init(&gmsg->gum_list);
wake_up(&gmsg->gum_waitq);
+ LASSERT(atomic_read(&gmsg->gum_refcount) > 1);
atomic_dec(&gmsg->gum_refcount);
- CDEBUG(D_SEC, "gmsg %p refcount now %d\n",
- gmsg, atomic_read(&gmsg->gum_refcount));
- LASSERT(atomic_read(&gmsg->gum_refcount) > 0);
- EXIT;
}
static void
struct gss_upcall_msg *gmsg;
ENTRY;
+ LASSERT_SPIN_LOCKED(&gsec->gs_lock);
+
list_for_each_entry(gmsg, &gsec->gs_upcalls, gum_list) {
if (memcmp(&gmsg->gum_data, gmd, sizeof(*gmd)))
continue;
if (strcmp(gmsg->gum_obdname, obdname))
continue;
+ LASSERT(atomic_read(&gmsg->gum_refcount) > 0);
atomic_inc(&gmsg->gum_refcount);
CDEBUG(D_SEC, "found gmsg at %p: obdname %s, uid %d, ref %d\n",
gmsg, obdname, gmd->gum_uid,
memcpy(&gmsg->gum_data, gmd, sizeof(*gmd));
rpcmsg = &gmsg->gum_base;
+ INIT_LIST_HEAD(&rpcmsg->list);
rpcmsg->data = &gmsg->gum_data;
rpcmsg->len = sizeof(gmsg->gum_data);
+ rpcmsg->copied = 0;
+ rpcmsg->errno = 0;
EXIT;
}
#endif /* __KERNEL__ */
spin_lock_init(&ctx->gc_seq_lock);
atomic_set(&ctx->gc_refcount,1);
+ if (simple_get_bytes(&p, &len, &gmd->gum_pag, sizeof(gmd->gum_pag)))
+ goto err_free_ctx;
if (simple_get_bytes(&p, &len, &gmd->gum_uid, sizeof(gmd->gum_uid)))
goto err_free_ctx;
if (simple_get_bytes(&p, &len, &gmd->gum_svc, sizeof(gmd->gum_svc)))
* cred APIs *
***************************************/
#ifdef __KERNEL__
-#define CRED_REFRESH_UPCALL_TIMEOUT (50)
static int gss_cred_refresh(struct ptlrpc_cred *cred)
{
struct obd_import *import;
struct dentry *dentry;
char *obdname, *obdtype;
wait_queue_t wait;
- uid_t uid = cred->pc_uid;
int res;
ENTRY;
RETURN(-EINVAL);
}
- gmd.gum_uid = uid;
+ gmd.gum_pag = cred->pc_pag;
+ gmd.gum_uid = cred->pc_uid;
gmd.gum_nal = import->imp_connection->c_peer.peer_ni->pni_number;
gmd.gum_netid = 0;
gmd.gum_nid = import->imp_connection->c_peer.peer_id.nid;
obdtype = import->imp_obd->obd_type->typ_name;
- if (!strcmp(obdtype, "mdc"))
+ if (!strcmp(obdtype, OBD_MDC_DEVICENAME))
gmd.gum_svc = LUSTRE_GSS_SVC_MDS;
- else if (!strcmp(obdtype, "osc"))
+ else if (!strcmp(obdtype, OBD_OSC_DEVICENAME))
gmd.gum_svc = LUSTRE_GSS_SVC_OSS;
else {
CERROR("gss on %s?\n", obdtype);
CDEBUG(D_SEC, "Initiate gss context %p(%u@%s)\n",
container_of(cred, struct gss_cred, gc_base),
- uid, import->imp_target_uuid.uuid);
+ cred->pc_uid, import->imp_target_uuid.uuid);
again:
spin_lock(&gsec->gs_lock);
gss_put_ctx(gcred->gc_ctx);
}
- CDEBUG(D_SEC, "GSS_SEC: destroy cred %p\n", gcred);
+ CDEBUG(D_SEC, "sec.gss %p: destroy cred %p\n", cred->pc_sec, gcred);
OBD_FREE(gcred, sizeof(*gcred));
EXIT;
if (err)
CERROR("parse init downcall err %d\n", err);
+ vcred.vc_pag = gmd.gum_pag;
vcred.vc_uid = gmd.gum_uid;
- vcred.vc_pag = vcred.vc_uid; /* FIXME */
cred = ptlrpcs_cred_lookup(sec, &vcred);
if (!cred) {
static unsigned long ratelimit;
ENTRY;
+ LASSERT(list_empty(&msg->list));
+
if (msg->errno >= 0) {
EXIT;
return;
gmsg = container_of(msg, struct gss_upcall_msg, gum_base);
CDEBUG(D_SEC, "destroy gmsg %p\n", gmsg);
+ LASSERT(atomic_read(&gmsg->gum_refcount) > 0);
atomic_inc(&gmsg->gum_refcount);
gss_unhash_msg(gmsg);
if (msg->errno == -ETIMEDOUT || msg->errno == -EPIPE) {
unsigned long now = get_seconds();
if (time_after(now, ratelimit)) {
- CWARN("GSS_SEC upcall timed out.\n"
+ CWARN("sec.gss upcall timed out.\n"
"Please check user daemon is running!\n");
ratelimit = now + 15;
}
gmsg = list_entry(gsec->gs_upcalls.next,
struct gss_upcall_msg, gum_list);
+ LASSERT(list_empty(&gmsg->gum_base.list));
gmsg->gum_base.errno = -EPIPE;
atomic_inc(&gmsg->gum_refcount);
gss_unhash_msg_nolock(gmsg);
current->fsuid = save_uid;
- CDEBUG(D_SEC, "Create GSS security instance at %p(external %p)\n",
- gsec, sec);
+ CDEBUG(D_SEC, "Create sec.gss %p\n", gsec);
RETURN(sec);
#ifdef __KERNEL__
ENTRY;
gsec = container_of(sec, struct gss_sec, gs_base);
- CDEBUG(D_SEC, "Destroy GSS security instance at %p\n", gsec);
+ CDEBUG(D_SEC, "Destroy sec.gss %p\n", gsec);
LASSERT(gsec->gs_mech);
LASSERT(!atomic_read(&sec->ps_refcount));
git://git.whamcloud.com / fs / lustre-release.git / blobdiff