LU-17940 gss: get rid of root key sooner

The root key associated with a GSS context (gck_key) is used to pass
information between kernel and userspace during GSS context
negotiation.
Once the GSS context for root is up-to-date, the key is never used
again, although it has a permanent validity. And when the context
expires, the key is directly revoked and replaced with a new one to
serve the negotiation of a new root context.
So to avoid issues with keys staying in the root's kernel keyring and
being accidentally revoked, just get rid of the key associated with a
root context as soon as the negotiation process has finished.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4be773723b9046ed451684bd141d5ef2bc584bfb
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55406
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c
index c1d6165..f5e45d8 100644 (file)
--- a/lustre/ptlrpc/gss/gss_keyring.c
+++ b/lustre/ptlrpc/gss/gss_keyring.c
@@ -364,8 +364,13 @@ static void bind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
  */
 static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
 {
+       /* give up on revoked key, someone else already took care of it */
+       if (test_bit(KEY_FLAG_REVOKED, &key->flags)) {
+               CDEBUG(D_SEC, "key %08x already revoked\n", key->serial);
+               return;
+       }
+
        LASSERT(key_get_payload(key, 0) == ctx);
-       LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
 
        /* must revoke the key, or others may treat it as newly created */
        key_revoke_locked(key);
@@ -391,8 +396,6 @@ static void unbind_ctx_kr(struct ptlrpc_cli_ctx *ctx)
        struct key      *key = ctx2gctx_keyring(ctx)->gck_key;
 
        if (key) {
-               LASSERT(key_get_payload(key, 0) == ctx);
-
                key_get(key);
                down_write(&key->sem);
                unbind_key_ctx(key, ctx);
@@ -1673,6 +1676,13 @@ out:
         * opinions here. */
        if (rc == 0) {
                gss_cli_ctx_uptodate(gctx);
+               /* The companion key for root ctx can now be unbound,
+                * if it is still enlisted and up-to-date.
+                */
+               if (ctx->cc_vcred.vc_uid == 0 &&
+                   test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) &&
+                   test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags))
+                       unbind_key_ctx(key, ctx);
        } else {
                /* this will also revoke the key. has to be done before
                 * wakeup waiters otherwise they can find the stale key */