From: Sebastien Buisson <sbuisson@ddn.com>
Date: Mon, 2 Oct 2017 20:00:52 +0000 (-0400)
Subject: LU-9672 gss: fix expiration time of sunrpc cache
X-Git-Tag: 2.10.2-RC1~37
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=7a1cb859d83891c2d7d1a50891cede6bcb1a1106;hp=c59e2e9e700654e0d2e028e041a47d4337cb98fb;p=fs%2Flustre-release.git

LU-9672 gss: fix expiration time of sunrpc cache

Expiration time of sunrpc cache is misinterpreted. Downcal
and response from user space must provide an epoch time,
not a duration.
And on kernel side, expiry must always be expressed in seconds
from boot, as set when retrieved from get_expiry().

Lustre-change: https://review.whamcloud.com/27667
Lustre-commit: f35425801545e0b47279597983cfbd02e837c45f

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I35c58a040a62410374dee0be3ae5bed7956cd985
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Signed-off-by: Minh Diep <minh.diep@intel.com>
Reviewed-on: https://review.whamcloud.com/29624
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
---

diff --git a/lustre/ptlrpc/gss/gss_svc_upcall.c b/lustre/ptlrpc/gss/gss_svc_upcall.c
index e9ae2a3..8096eaf 100644
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -615,41 +615,50 @@ static int rsc_parse(struct cache_detail *cd, char *mesg, int mlen)
                 CERROR("NOENT? set rsc entry negative\n");
 		set_bit(CACHE_NEGATIVE, &rsci.h.flags);
         } else {
-                rawobj_t tmp_buf;
-                unsigned long ctx_expiry;
-
-                /* gid */
-                if (get_int(&mesg, (int *) &rsci.ctx.gsc_gid))
-                        goto out;
-
-                /* mech name */
-                len = qword_get(&mesg, buf, mlen);
-                if (len < 0)
-                        goto out;
-                gm = lgss_name_to_mech(buf);
-                status = -EOPNOTSUPP;
-                if (!gm)
-                        goto out;
-
-                status = -EINVAL;
-                /* mech-specific data: */
-                len = qword_get(&mesg, buf, mlen);
-                if (len < 0)
-                        goto out;
-
-                tmp_buf.len = len;
-                tmp_buf.data = (unsigned char *)buf;
-                if (lgss_import_sec_context(&tmp_buf, gm,
-                                            &rsci.ctx.gsc_mechctx))
-                        goto out;
-
-                /* currently the expiry time passed down from user-space
-                 * is invalid, here we retrive it from mech. */
-                if (lgss_inquire_context(rsci.ctx.gsc_mechctx, &ctx_expiry)) {
-                        CERROR("unable to get expire time, drop it\n");
-                        goto out;
-                }
-                expiry = (time_t) ctx_expiry;
+		rawobj_t tmp_buf;
+		time64_t ctx_expiry;
+
+		/* gid */
+		if (get_int(&mesg, (int *) &rsci.ctx.gsc_gid))
+			goto out;
+
+		/* mech name */
+		len = qword_get(&mesg, buf, mlen);
+		if (len < 0)
+			goto out;
+		gm = lgss_name_to_mech(buf);
+		status = -EOPNOTSUPP;
+		if (!gm)
+			goto out;
+
+		status = -EINVAL;
+		/* mech-specific data: */
+		len = qword_get(&mesg, buf, mlen);
+		if (len < 0)
+			goto out;
+
+		tmp_buf.len = len;
+		tmp_buf.data = (unsigned char *)buf;
+		if (lgss_import_sec_context(&tmp_buf, gm,
+					    &rsci.ctx.gsc_mechctx))
+			goto out;
+
+		/* set to seconds since machine booted */
+		expiry = ktime_get_seconds();
+
+		/* currently the expiry time passed down from user-space
+		 * is invalid, here we retrive it from mech.
+		 */
+		if (lgss_inquire_context(rsci.ctx.gsc_mechctx,
+					 (unsigned long *)&ctx_expiry)) {
+			CERROR("unable to get expire time, drop it\n");
+			goto out;
+		}
+
+		/* ctx_expiry is the number of seconds since Jan 1 1970.
+		 * We want just the  number of seconds into the future.
+		 */
+		expiry += ctx_expiry - ktime_get_real_seconds();
         }
 
         rsci.h.expiry_time = expiry;
diff --git a/lustre/utils/gss/svcgssd_proc.c b/lustre/utils/gss/svcgssd_proc.c
index b43978a..8b57336 100644
--- a/lustre/utils/gss/svcgssd_proc.c
+++ b/lustre/utils/gss/svcgssd_proc.c
@@ -115,7 +115,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
 	}
 	qword_printhex(f, out_handle->value, out_handle->length);
 	/* XXX are types OK for the rest of this? */
-	qword_printint(f, 3600); /* an hour should be sufficient */
+	qword_printint(f, time(NULL) + 3600);   /* 1 hour should be ok */
 	qword_printint(f, cred->cr_remote);
 	qword_printint(f, cred->cr_usr_root);
 	qword_printint(f, cred->cr_usr_mds);
@@ -154,7 +154,7 @@ send_response(FILE *f, gss_buffer_desc *in_handle, gss_buffer_desc *in_token,
 	printerr(2, "sending reply\n");
 	qword_addhex(&bp, &blen, in_handle->value, in_handle->length);
 	qword_addhex(&bp, &blen, in_token->value, in_token->length);
-	qword_addint(&bp, &blen, 3600);	/* an hour should be sufficient */
+	qword_addint(&bp, &blen, time(NULL) + 3600);   /* 1 hour should be ok */
 	qword_adduint(&bp, &blen, maj_stat);
 	qword_adduint(&bp, &blen, min_stat);
 	qword_addhex(&bp, &blen, out_handle->value, out_handle->length);