X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fsec%2Fgss%2Fsec_gss.c;h=33b4291e762c996590d9b78832d9fbd8432216a5;hb=e6e9b8baa8c2db4385bf2e2a692463ae41eb43ac;hp=b395f918daf57070e9506773463f9d4bd53e5ee3;hpb=6a04840ece4d536bdd42d0c322c0cb684204ef65;p=fs%2Flustre-release.git diff --git a/lustre/sec/gss/sec_gss.c b/lustre/sec/gss/sec_gss.c index b395f91..33b4291 100644 --- a/lustre/sec/gss/sec_gss.c +++ b/lustre/sec/gss/sec_gss.c @@ -80,26 +80,6 @@ struct rpc_clnt; #define GSS_CREDCACHE_EXPIRE (30 * 60) /* 30 minute */ -#define GSS_TIMEOUT_DELTA (5) -#define CRED_REFRESH_UPCALL_TIMEOUT \ - ({ \ - int timeout = obd_timeout - GSS_TIMEOUT_DELTA; \ - \ - if (timeout < GSS_TIMEOUT_DELTA * 2) \ - timeout = GSS_TIMEOUT_DELTA * 2; \ - timeout; \ - }) -#define SECINIT_RPC_TIMEOUT \ - ({ \ - int timeout = CRED_REFRESH_UPCALL_TIMEOUT - \ - GSS_TIMEOUT_DELTA; \ - if (timeout < GSS_TIMEOUT_DELTA) \ - timeout = GSS_TIMEOUT_DELTA; \ - timeout; \ - }) -#define SECFINI_RPC_TIMEOUT (GSS_TIMEOUT_DELTA) - - /********************************************** * gss security init/fini helper * **********************************************/ @@ -212,10 +192,12 @@ static int secinit_parse_reply(char *repbuf, int replen, p = (__u32 *) buf_to_sec_data(repbuf); effective = 0; - status = le32_to_cpu(*p++); + p += 2; /* skip the leading unused bytes */ + seq = le32_to_cpu(*p++); major = le32_to_cpu(*p++); minor = le32_to_cpu(*p++); - seq = le32_to_cpu(*p++); + status = 0; + effective += 4 * 4; if (copy_to_user(outbuf, &status, 4)) @@ -384,19 +366,14 @@ out_copy: struct gss_sec { struct ptlrpc_sec gs_base; struct gss_api_mech *gs_mech; -#ifdef __KERNEL__ spinlock_t gs_lock; struct list_head gs_upcalls; char *gs_pipepath; struct dentry *gs_depipe; -#endif }; -#ifdef __KERNEL__ - -static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED; - struct gss_upcall_msg_data { + __u64 gum_pag; __u32 gum_uid; __u32 gum_svc; __u32 gum_nal; @@ -414,6 +391,8 @@ struct gss_upcall_msg { struct gss_upcall_msg_data gum_data; }; +#ifdef __KERNEL__ +static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED; /********************************************** * rpc_pipe upcall helpers * **********************************************/ @@ -435,10 +414,11 @@ void gss_release_msg(struct gss_upcall_msg *gmsg) #else /* XXX */ if (!list_empty(&gmsg->gum_base.list)) { + int error = gmsg->gum_base.errno; + CWARN("msg %p: list: %p/%p/%p, copied %d, err %d, wq %d\n", - gmsg, &gmsg->gum_base.list, - gmsg->gum_base.list.prev, gmsg->gum_base.list.next, - gmsg->gum_base.copied, gmsg->gum_base.errno, + gmsg, &gmsg->gum_base.list, gmsg->gum_base.list.prev, + gmsg->gum_base.list.next, gmsg->gum_base.copied, error, list_empty(&gmsg->gum_waitq.task_list)); LBUG(); } @@ -450,9 +430,7 @@ void gss_release_msg(struct gss_upcall_msg *gmsg) static void gss_unhash_msg_nolock(struct gss_upcall_msg *gmsg) { -#if defined(CONFIG_SMP) - LASSERT(spin_is_locked(&gmsg->gum_gsec->gs_lock)); -#endif + LASSERT_SPIN_LOCKED(&gmsg->gum_gsec->gs_lock); if (list_empty(&gmsg->gum_list)) return; @@ -481,9 +459,7 @@ struct gss_upcall_msg * gss_find_upcall(struct gss_sec *gsec, struct gss_upcall_msg *gmsg; ENTRY; -#if defined(CONFIG_SMP) - LASSERT(spin_is_locked(&gsec->gs_lock)); -#endif + LASSERT_SPIN_LOCKED(&gsec->gs_lock); list_for_each_entry(gmsg, &gsec->gs_upcalls, gum_list) { if (memcmp(&gmsg->gum_data, gmd, sizeof(*gmd))) @@ -525,10 +501,11 @@ static void gss_init_upcall_msg(struct gss_upcall_msg *gmsg, } #endif /* __KERNEL__ */ +/* this seems to be used only from userspace code */ +#ifndef __KERNEL__ /******************************************** * gss cred manipulation helpers * ********************************************/ -#if 0 static int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred) { @@ -546,7 +523,7 @@ int gss_cred_is_uptodate_ctx(struct ptlrpc_cred *cred) #endif static inline -struct gss_cl_ctx * gss_get_ctx(struct gss_cl_ctx *ctx) +struct gss_cl_ctx *gss_get_ctx(struct gss_cl_ctx *ctx) { atomic_inc(&ctx->gc_refcount); return ctx; @@ -662,6 +639,8 @@ int gss_parse_init_downcall(struct gss_api_mech *gm, rawobj_t *buf, spin_lock_init(&ctx->gc_seq_lock); atomic_set(&ctx->gc_refcount,1); + if (simple_get_bytes(&p, &len, &gmd->gum_pag, sizeof(gmd->gum_pag))) + goto err_free_ctx; if (simple_get_bytes(&p, &len, &gmd->gum_uid, sizeof(gmd->gum_uid))) goto err_free_ctx; if (simple_get_bytes(&p, &len, &gmd->gum_svc, sizeof(gmd->gum_svc))) @@ -739,7 +718,6 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) struct dentry *dentry; char *obdname, *obdtype; wait_queue_t wait; - uid_t uid = cred->pc_uid; int res; ENTRY; @@ -759,15 +737,16 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) RETURN(-EINVAL); } - gmd.gum_uid = uid; + gmd.gum_pag = cred->pc_pag; + gmd.gum_uid = cred->pc_uid; gmd.gum_nal = import->imp_connection->c_peer.peer_ni->pni_number; gmd.gum_netid = 0; gmd.gum_nid = import->imp_connection->c_peer.peer_id.nid; obdtype = import->imp_obd->obd_type->typ_name; - if (!strcmp(obdtype, "mdc")) + if (!strcmp(obdtype, OBD_MDC_DEVICENAME)) gmd.gum_svc = LUSTRE_GSS_SVC_MDS; - else if (!strcmp(obdtype, "osc")) + else if (!strcmp(obdtype, OBD_OSC_DEVICENAME)) gmd.gum_svc = LUSTRE_GSS_SVC_OSS; else { CERROR("gss on %s?\n", obdtype); @@ -782,7 +761,7 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) CDEBUG(D_SEC, "Initiate gss context %p(%u@%s)\n", container_of(cred, struct gss_cred, gc_base), - uid, import->imp_target_uuid.uuid); + cred->pc_uid, import->imp_target_uuid.uuid); again: spin_lock(&gsec->gs_lock); @@ -881,8 +860,7 @@ out: } #else /* !__KERNEL__ */ extern int lgss_handle_krb5_upcall(uid_t uid, __u32 dest_ip, - char *obd_name, - char *buf, int bufsize, + char *obd_name, char *buf, int bufsize, int (*callback)(char*, unsigned long)); static int gss_cred_refresh(struct ptlrpc_cred *cred) @@ -893,11 +871,11 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) struct gss_sec *gsec; struct gss_api_mech *mech; struct gss_cl_ctx *ctx = NULL; - struct vfs_cred vcred = { 0 }; ptl_nid_t peer_nid; __u32 dest_ip; __u32 subflavor; int rc, gss_err; + struct gss_upcall_msg_data gmd = { 0 }; LASSERT(cred); LASSERT(cred->pc_sec); @@ -910,9 +888,9 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) imp = cred->pc_sec->ps_import; peer_nid = imp->imp_connection->c_peer.peer_id.nid; dest_ip = (__u32) (peer_nid & 0xFFFFFFFF); - subflavor = cred->pc_sec->ps_flavor.subflavor; + subflavor = cred->pc_sec->ps_flavor; - if (subflavor != PTLRPC_SEC_GSS_KRB5I) { + if (subflavor != PTLRPCS_SUBFLVR_KRB5I) { CERROR("unknown subflavor %u\n", subflavor); GOTO(err_out, rc = -EINVAL); } @@ -931,7 +909,8 @@ static int gss_cred_refresh(struct ptlrpc_cred *cred) gsec = container_of(cred->pc_sec, struct gss_sec, gs_base); mech = gsec->gs_mech; LASSERT(mech); - rc = gss_parse_init_downcall(mech, &obj, &ctx, &vcred, &dest_ip, + + rc = gss_parse_init_downcall(mech, &obj, &ctx, &gmd, &gss_err); if (rc || gss_err) { CERROR("parse init downcall: rpc %d, gss 0x%x\n", rc, gss_err); @@ -1140,7 +1119,7 @@ proc_data_out: */ if (major == GSS_S_NO_CONTEXT || major == GSS_S_BAD_SIG) { - CWARN("req %p: server report cred %p %s, expired?\n", + CWARN("req %p: server report cred %p %s\n", req, cred, (major == GSS_S_NO_CONTEXT) ? "NO_CONTEXT" : "BAD_SIG"); @@ -1552,8 +1531,8 @@ gss_pipe_downcall(struct file *filp, const char *src, size_t mlen) if (err) CERROR("parse init downcall err %d\n", err); + vcred.vc_pag = gmd.gum_pag; vcred.vc_uid = gmd.gum_uid; - vcred.vc_pag = vcred.vc_uid; /* FIXME */ cred = ptlrpcs_cred_lookup(sec, &vcred); if (!cred) { @@ -1672,10 +1651,11 @@ struct ptlrpc_sec* gss_create_sec(__u32 flavor, { struct gss_sec *gsec; struct ptlrpc_sec *sec; + uid_t save_uid; + #ifdef __KERNEL__ char *pos; int pipepath_len; - uid_t save_uid; #endif ENTRY;