-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
+/*
+ * GPL HEADER START
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
- * Copyright (C) 2007 Cluster File Systems, Inc.
- * Author: Eric Mei <ericm@clusterfs.com>
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 only,
+ * as published by the Free Software Foundation.
*
- * This file is part of Lustre, http://www.lustre.org.
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License version 2 for more details (a copy is included
+ * in the LICENSE file that accompanied this code).
*
- * Lustre is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; If not, see
+ * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
*
- * Lustre is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ * GPL HEADER END
+ */
+/*
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
*
- * You should have received a copy of the GNU General Public License
- * along with Lustre; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * Copyright (c) 2012, Intel Corporation.
+ */
+/*
+ * This file is part of Lustre, http://www.lustre.org/
+ * Lustre is a trademark of Sun Microsystems, Inc.
+ *
+ * lustre/ptlrpc/gss/gss_keyring.c
+ *
+ * Author: Eric Mei <ericm@clusterfs.com>
*/
-#ifndef EXPORT_SYMTAB
-# define EXPORT_SYMTAB
-#endif
#define DEBUG_SUBSYSTEM S_SEC
#ifdef __KERNEL__
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/dcache.h>
#include <linux/fs.h>
-#include <linux/random.h>
#include <linux/crypto.h>
#include <linux/key.h>
#include <linux/keyctl.h>
+#ifdef HAVE_LINUX_KEYTYPE_H
+#include <linux/key-type.h>
+#endif
#include <linux/mutex.h>
#include <asm/atomic.h>
#else
/*
* the timeout is only for the case that upcall child process die abnormally.
- * in any other cases it should finally update kernel key. so we set this
- * timeout value excessive long.
+ * in any other cases it should finally update kernel key.
+ *
+ * FIXME we'd better to incorporate the client & server side upcall timeouts
+ * into the framework of Adaptive Timeouts, but we need to figure out how to
+ * make sure that kernel knows the upcall processes is in-progress or died
+ * unexpectedly.
*/
#define KEYRING_UPCALL_TIMEOUT (obd_timeout + obd_timeout)
* internal helpers *
****************************************/
-#define DUMP_PROCESS_KEYRINGS(tsk) \
-{ \
- CWARN("DUMP PK: %s[%u,%u/%u](<-%s[%u,%u/%u]): " \
- "a %d, t %d, p %d, s %d, u %d, us %d, df %d\n", \
- tsk->comm, tsk->pid, tsk->uid, tsk->fsuid, \
- tsk->parent->comm, tsk->parent->pid, \
- tsk->parent->uid, tsk->parent->fsuid, \
- task_aux(tsk)->request_key_auth ? \
- task_aux(tsk)->request_key_auth->serial : 0, \
- task_aux(tsk)->thread_keyring ? \
- task_aux(tsk)->thread_keyring->serial : 0, \
- tsk->signal->process_keyring ? \
- tsk->signal->process_keyring->serial : 0, \
- tsk->signal->session_keyring ? \
- tsk->signal->session_keyring->serial : 0, \
- tsk->user->uid_keyring ? \
- tsk->user->uid_keyring->serial : 0, \
- tsk->user->session_keyring ? \
- tsk->user->session_keyring->serial : 0, \
- task_aux(tsk)->jit_keyring \
- ); \
+#define DUMP_PROCESS_KEYRINGS(tsk) \
+{ \
+ CWARN("DUMP PK: %s[%u,%u/%u](<-%s[%u,%u/%u]): " \
+ "a %d, t %d, p %d, s %d, u %d, us %d, df %d\n", \
+ tsk->comm, tsk->pid, tsk->uid, tsk->fsuid, \
+ tsk->parent->comm, tsk->parent->pid, \
+ tsk->parent->uid, tsk->parent->fsuid, \
+ tsk->request_key_auth ? \
+ tsk->request_key_auth->serial : 0, \
+ key_cred(tsk)->thread_keyring ? \
+ key_cred(tsk)->thread_keyring->serial : 0, \
+ key_tgcred(tsk)->process_keyring ? \
+ key_tgcred(tsk)->process_keyring->serial : 0, \
+ key_tgcred(tsk)->session_keyring ? \
+ key_tgcred(tsk)->session_keyring->serial : 0, \
+ key_cred(tsk)->user->uid_keyring ? \
+ key_cred(tsk)->user->uid_keyring->serial : 0, \
+ key_cred(tsk)->user->session_keyring ? \
+ key_cred(tsk)->user->session_keyring->serial : 0, \
+ key_cred(tsk)->jit_keyring \
+ ); \
}
#define DUMP_KEY(key) \
); \
}
+#ifdef HAVE_STRUCT_CRED /* Since 2.6.29 */
+#define key_cred(tsk) ((tsk)->cred)
+#define key_tgcred(tsk) ((tsk)->cred->tgcred)
+#else
+#define key_cred(tsk) (tsk)
+#define key_tgcred(tsk) ((tsk)->signal)
+#endif
static inline void keyring_upcall_lock(struct gss_sec_keyring *gsec_kr)
{
#ifdef HAVE_KEYRING_UPCALL_SERIALIZED
- mutex_lock(&gsec_kr->gsk_uc_lock);
+ mutex_lock(&gsec_kr->gsk_uc_lock);
#endif
}
static inline void keyring_upcall_unlock(struct gss_sec_keyring *gsec_kr)
{
#ifdef HAVE_KEYRING_UPCALL_SERIALIZED
- mutex_unlock(&gsec_kr->gsk_uc_lock);
+ mutex_unlock(&gsec_kr->gsk_uc_lock);
#endif
}
cli_ctx_expire(ctx);
key_revoke_locked(key);
- sptlrpc_cli_ctx_wakeup(ctx);
}
static
LASSERT(timer);
- CWARN("ctx %p: start timer %lds\n", ctx, timeout);
- timeout = timeout * HZ + cfs_time_current();
+ CDEBUG(D_SEC, "ctx %p: start timer %lds\n", ctx, timeout);
+ timeout = timeout * CFS_HZ + cfs_time_current();
init_timer(timer);
timer->expires = timeout;
add_timer(timer);
}
+/*
+ * caller should make sure no race with other threads
+ */
static
void ctx_clear_timer_kr(struct ptlrpc_cli_ctx *ctx)
{
struct gss_cli_ctx_keyring *gctx_kr = ctx2gctx_keyring(ctx);
struct timer_list *timer = gctx_kr->gck_timer;
- CWARN("ctx %p, key %p\n", ctx, gctx_kr->gck_key);
if (timer == NULL)
return;
+ CDEBUG(D_SEC, "ctx %p, key %p\n", ctx, gctx_kr->gck_key);
+
gctx_kr->gck_timer = NULL;
del_singleshot_timer_sync(timer);
}
ctx->cc_expire = cfs_time_current_sec() + KEYRING_UPCALL_TIMEOUT;
- clear_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags);
- atomic_inc(&ctx->cc_refcount); /* for the caller */
+ clear_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags);
+ cfs_atomic_inc(&ctx->cc_refcount); /* for the caller */
return ctx;
}
{
struct ptlrpc_sec *sec = ctx->cc_sec;
struct gss_cli_ctx_keyring *gctx_kr = ctx2gctx_keyring(ctx);
- int rc;
- CWARN("destroying ctx %p\n", ctx);
+ CDEBUG(D_SEC, "destroying ctx %p\n", ctx);
/* at this time the association with key has been broken. */
LASSERT(sec);
- LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
+ LASSERT(cfs_atomic_read(&sec->ps_refcount) > 0);
+ LASSERT(cfs_atomic_read(&sec->ps_nctx) > 0);
+ LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
LASSERT(gctx_kr->gck_key == NULL);
ctx_clear_timer_kr(ctx);
LASSERT(gctx_kr->gck_timer == NULL);
- rc = gss_cli_ctx_fini_common(sec, ctx);
+ if (gss_cli_ctx_fini_common(sec, ctx))
+ return;
OBD_FREE_PTR(gctx_kr);
- if (rc) {
- CWARN("released the last ctx, proceed to destroy sec %s@%p\n",
- sec->ps_policy->sp_name, sec);
- sptlrpc_sec_destroy(sec);
+ cfs_atomic_dec(&sec->ps_nctx);
+ sptlrpc_sec_put(sec);
+}
+
+static void ctx_release_kr(struct ptlrpc_cli_ctx *ctx, int sync)
+{
+ if (sync) {
+ ctx_destroy_kr(ctx);
+ } else {
+ cfs_atomic_inc(&ctx->cc_refcount);
+ sptlrpc_gc_add_ctx(ctx);
}
}
-static void ctx_put_kr(struct ptlrpc_cli_ctx *ctx)
+static void ctx_put_kr(struct ptlrpc_cli_ctx *ctx, int sync)
{
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
- if (atomic_dec_and_test(&ctx->cc_refcount))
- ctx_destroy_kr(ctx);
+ if (cfs_atomic_dec_and_test(&ctx->cc_refcount))
+ ctx_release_kr(ctx, sync);
}
/*
static inline void spin_lock_if(spinlock_t *lock, int condition)
{
- if (condition)
- spin_lock(lock);
+ if (condition)
+ spin_lock(lock);
}
static inline void spin_unlock_if(spinlock_t *lock, int condition)
{
- if (condition)
- spin_unlock(lock);
+ if (condition)
+ spin_unlock(lock);
}
-static
-void ctx_enlist_kr(struct ptlrpc_cli_ctx *ctx, int is_root, int locked)
+static void ctx_enlist_kr(struct ptlrpc_cli_ctx *ctx, int is_root, int locked)
{
- struct ptlrpc_sec *sec = ctx->cc_sec;
- struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
+ struct ptlrpc_sec *sec = ctx->cc_sec;
+ struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- LASSERT(!test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags));
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(!test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags));
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
- spin_lock_if(&sec->ps_lock, !locked);
+ spin_lock_if(&sec->ps_lock, !locked);
- atomic_inc(&ctx->cc_refcount);
- set_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags);
- hlist_add_head(&ctx->cc_hash, &gsec_kr->gsk_clist);
- if (is_root)
- gsec_kr->gsk_root_ctx = ctx;
+ cfs_atomic_inc(&ctx->cc_refcount);
+ set_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags);
+ cfs_hlist_add_head(&ctx->cc_cache, &gsec_kr->gsk_clist);
+ if (is_root)
+ gsec_kr->gsk_root_ctx = ctx;
- spin_unlock_if(&sec->ps_lock, !locked);
+ spin_unlock_if(&sec->ps_lock, !locked);
}
/*
*
* return non-zero if we indeed unlist this ctx.
*/
-static
-int ctx_unlist_kr(struct ptlrpc_cli_ctx *ctx, int locked)
+static int ctx_unlist_kr(struct ptlrpc_cli_ctx *ctx, int locked)
{
struct ptlrpc_sec *sec = ctx->cc_sec;
struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- /*
- * if hashed bit has gone, leave the job to somebody who is doing it
- */
- if (test_and_clear_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0)
+ /* if hashed bit has gone, leave the job to somebody who is doing it */
+ if (test_and_clear_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0)
return 0;
- CWARN("ctx %p(%d) unlist\n", ctx, atomic_read(&ctx->cc_refcount));
-
- /*
- * drop ref inside spin lock to prevent race with other operations
- */
+ /* drop ref inside spin lock to prevent race with other operations */
spin_lock_if(&sec->ps_lock, !locked);
if (gsec_kr->gsk_root_ctx == ctx)
gsec_kr->gsk_root_ctx = NULL;
- hlist_del_init(&ctx->cc_hash);
- atomic_dec(&ctx->cc_refcount);
+ cfs_hlist_del_init(&ctx->cc_cache);
+ cfs_atomic_dec(&ctx->cc_refcount);
spin_unlock_if(&sec->ps_lock, !locked);
* bind a key with a ctx together.
* caller must hold write lock of the key, as well as ref on key & ctx.
*/
-static
-void bind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
+static void bind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
{
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
LASSERT(atomic_read(&key->usage) > 0);
LASSERT(ctx2gctx_keyring(ctx)->gck_key == NULL);
LASSERT(key->payload.data == NULL);
- /*
- * at this time context may or may not in list.
- */
+
+ /* at this time context may or may not in list. */
key_get(key);
- atomic_inc(&ctx->cc_refcount);
+ cfs_atomic_inc(&ctx->cc_refcount);
ctx2gctx_keyring(ctx)->gck_key = key;
key->payload.data = ctx;
}
* unbind a key and a ctx.
* caller must hold write lock, as well as a ref of the key.
*/
-static
-void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
+static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
{
LASSERT(key->payload.data == ctx);
- LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
+ LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
/* must revoke the key, or others may treat it as newly created */
key_revoke_locked(key);
/* once ctx get split from key, the timer is meaningless */
ctx_clear_timer_kr(ctx);
- ctx_put_kr(ctx);
+ ctx_put_kr(ctx, 1);
key_put(key);
}
}
/*
- * since this called, nobody else could touch the ctx in @freelist
+ * caller should hold one ref on contexts in freelist.
*/
-static void dispose_ctx_list_kr(struct hlist_head *freelist)
+static void dispose_ctx_list_kr(cfs_hlist_head_t *freelist)
{
- struct hlist_node *pos, *next;
+ cfs_hlist_node_t *pos, *next;
struct ptlrpc_cli_ctx *ctx;
+ struct gss_cli_ctx *gctx;
+
+ cfs_hlist_for_each_entry_safe(ctx, pos, next, freelist, cc_cache) {
+ cfs_hlist_del_init(&ctx->cc_cache);
+
+ /* reverse ctx: update current seq to buddy svcctx if exist.
+ * ideally this should be done at gss_cli_ctx_finalize(), but
+ * the ctx destroy could be delayed by:
+ * 1) ctx still has reference;
+ * 2) ctx destroy is asynchronous;
+ * and reverse import call inval_all_ctx() require this be done
+ *_immediately_ otherwise newly created reverse ctx might copy
+ * the very old sequence number from svcctx. */
+ gctx = ctx2gctx(ctx);
+ if (!rawobj_empty(&gctx->gc_svc_handle) &&
+ sec_is_reverse(gctx->gc_base.cc_sec)) {
+ gss_svc_upcall_update_sequence(&gctx->gc_svc_handle,
+ (__u32) cfs_atomic_read(&gctx->gc_seq));
+ }
- hlist_for_each_entry_safe(ctx, pos, next, freelist, cc_hash) {
- hlist_del_init(&ctx->cc_hash);
+ /* we need to wakeup waiting reqs here. the context might
+ * be forced released before upcall finished, then the
+ * late-arrived downcall can't find the ctx even. */
+ sptlrpc_cli_ctx_wakeup(ctx);
- atomic_inc(&ctx->cc_refcount);
unbind_ctx_kr(ctx);
- ctx_put_kr(ctx);
+ ctx_put_kr(ctx, 0);
}
}
static
struct ptlrpc_cli_ctx * sec_lookup_root_ctx_kr(struct ptlrpc_sec *sec)
{
- struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- struct ptlrpc_cli_ctx *ctx = NULL;
+ struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
+ struct ptlrpc_cli_ctx *ctx = NULL;
- spin_lock(&sec->ps_lock);
+ spin_lock(&sec->ps_lock);
ctx = gsec_kr->gsk_root_ctx;
+
+ if (ctx == NULL && unlikely(sec_is_reverse(sec))) {
+ cfs_hlist_node_t *node;
+ struct ptlrpc_cli_ctx *tmp;
+
+ /* reverse ctx, search root ctx in list, choose the one
+ * with shortest expire time, which is most possibly have
+ * an established peer ctx at client side. */
+ cfs_hlist_for_each_entry(tmp, node, &gsec_kr->gsk_clist,
+ cc_cache) {
+ if (ctx == NULL || ctx->cc_expire == 0 ||
+ ctx->cc_expire > tmp->cc_expire) {
+ ctx = tmp;
+ /* promote to be root_ctx */
+ gsec_kr->gsk_root_ctx = ctx;
+ }
+ }
+ }
+
if (ctx) {
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
- LASSERT(!hlist_empty(&gsec_kr->gsk_clist));
- atomic_inc(&ctx->cc_refcount);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(!cfs_hlist_empty(&gsec_kr->gsk_clist));
+ cfs_atomic_inc(&ctx->cc_refcount);
}
- spin_unlock(&sec->ps_lock);
+ spin_unlock(&sec->ps_lock);
- return ctx;
+ return ctx;
}
-static void sec_replace_root_ctx_kr(struct ptlrpc_sec *sec,
- struct ptlrpc_cli_ctx *new_ctx,
- struct key *key)
+#define RVS_CTX_EXPIRE_NICE (10)
+
+static
+void rvs_sec_install_root_ctx_kr(struct ptlrpc_sec *sec,
+ struct ptlrpc_cli_ctx *new_ctx,
+ struct key *key)
{
struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- struct ptlrpc_cli_ctx *root_ctx;
- struct hlist_head freelist = HLIST_HEAD_INIT;
+ cfs_hlist_node_t *hnode;
+ struct ptlrpc_cli_ctx *ctx;
+ cfs_time_t now;
ENTRY;
- spin_lock(&sec->ps_lock);
+ LASSERT(sec_is_reverse(sec));
- if (gsec_kr->gsk_root_ctx) {
- root_ctx = gsec_kr->gsk_root_ctx;
+ spin_lock(&sec->ps_lock);
- set_bit(PTLRPC_CTX_DEAD_BIT, &root_ctx->cc_flags);
+ now = cfs_time_current_sec();
- if (ctx_unlist_kr(root_ctx, 1))
- hlist_add_head(&root_ctx->cc_hash, &freelist);
+ /* set all existing ctxs short expiry */
+ cfs_hlist_for_each_entry(ctx, hnode, &gsec_kr->gsk_clist, cc_cache) {
+ if (ctx->cc_expire > now + RVS_CTX_EXPIRE_NICE) {
+ ctx->cc_early_expire = 1;
+ ctx->cc_expire = now + RVS_CTX_EXPIRE_NICE;
+ }
}
- /*
- * at this time, we can't guarantee the gsk_root_ctx is NULL, because
- * another thread might clear the HASHED flag of root ctx earlier,
- * and waiting for spinlock which is held by us. But anyway we just
- * install the new root ctx.
- */
- ctx_enlist_kr(new_ctx, 1, 1);
+ /* if there's root_ctx there, instead obsolete the current
+ * immediately, we leave it continue operating for a little while.
+ * hopefully when the first backward rpc with newest ctx send out,
+ * the client side already have the peer ctx well established. */
+ ctx_enlist_kr(new_ctx, gsec_kr->gsk_root_ctx ? 0 : 1, 1);
if (key)
bind_key_ctx(key, new_ctx);
- spin_unlock(&sec->ps_lock);
-
- dispose_ctx_list_kr(&freelist);
+ spin_unlock(&sec->ps_lock);
}
static void construct_key_desc(void *buf, int bufsize,
struct ptlrpc_sec *sec, uid_t uid)
{
- snprintf(buf, bufsize, "%d@%x", uid, sec2gsec_keyring(sec)->gsk_id);
+ snprintf(buf, bufsize, "%d@%x", uid, sec->ps_id);
((char *)buf)[bufsize - 1] = '\0';
}
* sec apis *
****************************************/
-static atomic_t gss_sec_id_kr = ATOMIC_INIT(0);
-
static
struct ptlrpc_sec * gss_sec_create_kr(struct obd_import *imp,
- struct ptlrpc_svc_ctx *ctx,
- __u32 flavor,
- unsigned long flags)
+ struct ptlrpc_svc_ctx *svcctx,
+ struct sptlrpc_flavor *sf)
{
struct gss_sec_keyring *gsec_kr;
ENTRY;
if (gsec_kr == NULL)
RETURN(NULL);
- gsec_kr->gsk_id = atomic_inc_return(&gss_sec_id_kr);
- INIT_HLIST_HEAD(&gsec_kr->gsk_clist);
+ CFS_INIT_HLIST_HEAD(&gsec_kr->gsk_clist);
gsec_kr->gsk_root_ctx = NULL;
- mutex_init(&gsec_kr->gsk_root_uc_lock);
+ mutex_init(&gsec_kr->gsk_root_uc_lock);
#ifdef HAVE_KEYRING_UPCALL_SERIALIZED
- mutex_init(&gsec_kr->gsk_uc_lock);
+ mutex_init(&gsec_kr->gsk_uc_lock);
#endif
if (gss_sec_create_common(&gsec_kr->gsk_base, &gss_policy_keyring,
- imp, ctx, flavor, flags))
+ imp, svcctx, sf))
goto err_free;
- if (ctx != NULL) {
- if (sec_install_rctx_kr(&gsec_kr->gsk_base.gs_base, ctx)) {
- gss_sec_destroy_common(&gsec_kr->gsk_base);
- goto err_free;
- }
+ if (svcctx != NULL &&
+ sec_install_rctx_kr(&gsec_kr->gsk_base.gs_base, svcctx)) {
+ gss_sec_destroy_common(&gsec_kr->gsk_base);
+ goto err_free;
}
RETURN(&gsec_kr->gsk_base.gs_base);
struct gss_sec *gsec = sec2gsec(sec);
struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- CWARN("destroy %s@%p\n", sec->ps_policy->sp_name, sec);
+ CDEBUG(D_SEC, "destroy %s@%p\n", sec->ps_policy->sp_name, sec);
- LASSERT(hlist_empty(&gsec_kr->gsk_clist));
+ LASSERT(cfs_hlist_empty(&gsec_kr->gsk_clist));
LASSERT(gsec_kr->gsk_root_ctx == NULL);
gss_sec_destroy_common(gsec);
OBD_FREE(gsec_kr, sizeof(*gsec_kr));
}
-static
-int user_is_root(struct ptlrpc_sec *sec, struct vfs_cred *vcred)
+static inline int user_is_root(struct ptlrpc_sec *sec, struct vfs_cred *vcred)
{
- if (sec->ps_flags & PTLRPC_SEC_FL_ROOTONLY)
+ /* except the ROOTONLY flag, treat it as root user only if real uid
+ * is 0, euid/fsuid being 0 are handled as setuid scenarios */
+ if (sec_is_rootonly(sec) || (vcred->vc_uid == 0))
return 1;
-
- /* FIXME
- * more precisely deal with setuid. maybe add more infomation
- * into vfs_cred ??
- */
- return (vcred->vc_uid == 0);
+ else
+ return 0;
}
/*
*/
static void request_key_unlink(struct key *key)
{
- struct task_struct *tsk = current;
- struct key *ring;
-
- switch (task_aux(tsk)->jit_keyring) {
- case KEY_REQKEY_DEFL_DEFAULT:
- case KEY_REQKEY_DEFL_THREAD_KEYRING:
- ring = key_get(task_aux(tsk)->thread_keyring);
- if (ring)
- break;
- case KEY_REQKEY_DEFL_PROCESS_KEYRING:
- ring = key_get(tsk->signal->process_keyring);
- if (ring)
- break;
- case KEY_REQKEY_DEFL_SESSION_KEYRING:
- rcu_read_lock();
- ring = key_get(rcu_dereference(tsk->signal->session_keyring));
- rcu_read_unlock();
- if (ring)
- break;
- case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
- ring = key_get(tsk->user->session_keyring);
- break;
- case KEY_REQKEY_DEFL_USER_KEYRING:
- ring = key_get(tsk->user->uid_keyring);
- break;
- case KEY_REQKEY_DEFL_GROUP_KEYRING:
- default:
- LBUG();
- }
-
- LASSERT(ring);
- key_unlink(ring, key);
- key_put(ring);
+ struct task_struct *tsk = current;
+ struct key *ring;
+
+ switch (key_cred(tsk)->jit_keyring) {
+ case KEY_REQKEY_DEFL_DEFAULT:
+ case KEY_REQKEY_DEFL_THREAD_KEYRING:
+ ring = key_get(key_cred(tsk)->thread_keyring);
+ if (ring)
+ break;
+ case KEY_REQKEY_DEFL_PROCESS_KEYRING:
+ ring = key_get(key_tgcred(tsk)->process_keyring);
+ if (ring)
+ break;
+ case KEY_REQKEY_DEFL_SESSION_KEYRING:
+ rcu_read_lock();
+ ring = key_get(rcu_dereference(key_tgcred(tsk)
+ ->session_keyring));
+ rcu_read_unlock();
+ if (ring)
+ break;
+ case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
+ ring = key_get(key_cred(tsk)->user->session_keyring);
+ break;
+ case KEY_REQKEY_DEFL_USER_KEYRING:
+ ring = key_get(key_cred(tsk)->user->uid_keyring);
+ break;
+ case KEY_REQKEY_DEFL_GROUP_KEYRING:
+ default:
+ LBUG();
+ }
+
+ LASSERT(ring);
+ key_unlink(ring, key);
+ key_put(ring);
}
static
struct key *key;
char desc[24];
char *coinfo;
- const int coinfo_size = sizeof(struct obd_uuid) + 64;
+ int coinfo_size;
char *co_flags = "";
ENTRY;
is_root = user_is_root(sec, vcred);
- /*
- * a little bit optimization for root context
- */
+ /* a little bit optimization for root context */
if (is_root) {
ctx = sec_lookup_root_ctx_kr(sec);
/*
* Only lookup directly for REVERSE sec, which should
* always succeed.
*/
- if (ctx || (sec->ps_flags & PTLRPC_SEC_FL_REVERSE))
+ if (ctx || sec_is_reverse(sec))
RETURN(ctx);
}
LASSERT(create != 0);
- /*
- * for root context, obtain lock and check again, this time hold
+ /* for root context, obtain lock and check again, this time hold
* the root upcall lock, make sure nobody else populated new root
- * context after last check.
- */
+ * context after last check. */
if (is_root) {
- mutex_lock(&gsec_kr->gsk_root_uc_lock);
+ mutex_lock(&gsec_kr->gsk_root_uc_lock);
ctx = sec_lookup_root_ctx_kr(sec);
if (ctx)
/* update reverse handle for root user */
sec2gsec(sec)->gs_rvs_hdl = gss_get_next_ctx_index();
- co_flags = "r";
+ switch (sec->ps_part) {
+ case LUSTRE_SP_MDT:
+ co_flags = "m";
+ break;
+ case LUSTRE_SP_OST:
+ co_flags = "o";
+ break;
+ case LUSTRE_SP_MGC:
+ co_flags = "rmo";
+ break;
+ case LUSTRE_SP_CLI:
+ co_flags = "r";
+ break;
+ case LUSTRE_SP_MGS:
+ default:
+ LBUG();
+ }
}
+ /* in case of setuid, key will be constructed as owner of fsuid/fsgid,
+ * but we do authentication based on real uid/gid. the key permission
+ * bits will be exactly as POS_ALL, so only processes who subscribed
+ * this key could have the access, although the quota might be counted
+ * on others (fsuid/fsgid).
+ *
+ * keyring will use fsuid/fsgid as upcall parameters, so we have to
+ * encode real uid/gid into callout info.
+ */
+
construct_key_desc(desc, sizeof(desc), sec, vcred->vc_uid);
- /*
- * callout info: mech:flags:svc_type:peer_nid:target_uuid
+ /* callout info format:
+ * secid:mech:uid:gid:flags:svc_type:peer_nid:target_uuid
*/
+ coinfo_size = sizeof(struct obd_uuid) + MAX_OBD_NAME + 64;
OBD_ALLOC(coinfo, coinfo_size);
if (coinfo == NULL)
goto out;
- snprintf(coinfo, coinfo_size, "%s:%s:%d:"LPX64":%s",
- sec2gsec(sec)->gs_mech->gm_name,
+ snprintf(coinfo, coinfo_size, "%d:%s:%u:%u:%s:%d:"LPX64":%s",
+ sec->ps_id, sec2gsec(sec)->gs_mech->gm_name,
+ vcred->vc_uid, vcred->vc_gid,
co_flags, import_to_gss_svc(imp),
imp->imp_connection->c_peer.nid, imp->imp_obd->obd_name);
+ CDEBUG(D_SEC, "requesting key for %s\n", desc);
+
keyring_upcall_lock(gsec_kr);
key = request_key(&gss_key_type, desc, coinfo);
keyring_upcall_unlock(gsec_kr);
CERROR("failed request key: %ld\n", PTR_ERR(key));
goto out;
}
+ CDEBUG(D_SEC, "obtained key %08x for %s\n", key->serial, desc);
- /*
- * once payload.data was pointed to a ctx, it never changes until
+ /* once payload.data was pointed to a ctx, it never changes until
* we de-associate them; but parallel request_key() may return
* a key with payload.data == NULL at the same time. so we still
- * need wirtelock of key->sem to serialize them.
- */
+ * need wirtelock of key->sem to serialize them. */
down_write(&key->sem);
if (likely(key->payload.data != NULL)) {
ctx = key->payload.data;
- LASSERT(atomic_read(&ctx->cc_refcount) >= 1);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) >= 1);
LASSERT(ctx2gctx_keyring(ctx)->gck_key == key);
LASSERT(atomic_read(&key->usage) >= 2);
/* simply take a ref and return. it's upper layer's
- * responsibility to detect & replace dead ctx.
- */
- atomic_inc(&ctx->cc_refcount);
+ * responsibility to detect & replace dead ctx. */
+ cfs_atomic_inc(&ctx->cc_refcount);
} else {
/* pre initialization with a cli_ctx. this can't be done in
- * key_instantiate() because we'v no enough information there.
- */
+ * key_instantiate() because we'v no enough information
+ * there. */
ctx = ctx_create_kr(sec, vcred);
if (ctx != NULL) {
ctx_enlist_kr(ctx, is_root, 0);
ctx_start_timer_kr(ctx, KEYRING_UPCALL_TIMEOUT);
- CWARN("installed key %p <-> ctx %p (sec %p)\n",
- key, ctx, sec);
+ CDEBUG(D_SEC, "installed key %p <-> ctx %p (sec %p)\n",
+ key, ctx, sec);
} else {
- /*
- * we'd prefer to call key_revoke(), but we more like
- * to revoke it within this key->sem locked period.
- */
+ /* we'd prefer to call key_revoke(), but we more like
+ * to revoke it within this key->sem locked period. */
key_revoke_locked(key);
}
key_put(key);
out:
if (is_root)
- mutex_unlock(&gsec_kr->gsk_root_uc_lock);
+ mutex_unlock(&gsec_kr->gsk_root_uc_lock);
RETURN(ctx);
}
struct ptlrpc_cli_ctx *ctx,
int sync)
{
- CWARN("ctx %p\n", ctx);
- ctx_destroy_kr(ctx);
+ LASSERT(cfs_atomic_read(&sec->ps_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) == 0);
+ ctx_release_kr(ctx, sync);
}
/*
char desc[24];
/* nothing to do for reverse or rootonly sec */
- if (sec->ps_flags & (PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY))
+ if (sec_is_reverse(sec) || sec_is_rootonly(sec))
return;
construct_key_desc(desc, sizeof(desc), sec, uid);
/* there should be only one valid key, but we put it in the
- * loop in case of any weird cases
- */
+ * loop in case of any weird cases */
for (;;) {
key = request_key(&gss_key_type, desc, NULL);
if (IS_ERR(key)) {
- CWARN("No more key found for current user\n");
+ CDEBUG(D_SEC, "No more key found for current user\n");
break;
}
down_write(&key->sem);
- CWARN("invalidating key %p - ctx %p\n", key, key->payload.data);
kill_key_locked(key);
/* kill_key_locked() should usually revoke the key, but we
* revoke it again to make sure, e.g. some case the key may
- * not well coupled with a context.
- */
+ * not well coupled with a context. */
key_revoke_locked(key);
up_write(&key->sem);
int grace, int force)
{
struct gss_sec_keyring *gsec_kr;
- struct hlist_head freelist = HLIST_HEAD_INIT;
- struct hlist_node *pos, *next;
+ cfs_hlist_head_t freelist = CFS_HLIST_HEAD_INIT;
+ cfs_hlist_node_t *pos, *next;
struct ptlrpc_cli_ctx *ctx;
ENTRY;
gsec_kr = sec2gsec_keyring(sec);
- spin_lock(&sec->ps_lock);
- hlist_for_each_entry_safe(ctx, pos, next,
- &gsec_kr->gsk_clist, cc_hash) {
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ spin_lock(&sec->ps_lock);
+ cfs_hlist_for_each_entry_safe(ctx, pos, next,
+ &gsec_kr->gsk_clist, cc_cache) {
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
if (uid != -1 && uid != ctx->cc_vcred.vc_uid)
continue;
/* at this moment there's at least 2 base reference:
- * key association and in-list.
- */
- if (atomic_read(&ctx->cc_refcount) > 2) {
+ * key association and in-list. */
+ if (cfs_atomic_read(&ctx->cc_refcount) > 2) {
if (!force)
continue;
CWARN("flush busy ctx %p(%u->%s, extra ref %d)\n",
ctx, ctx->cc_vcred.vc_uid,
sec2target_str(ctx->cc_sec),
- atomic_read(&ctx->cc_refcount) - 2);
+ cfs_atomic_read(&ctx->cc_refcount) - 2);
}
- set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags);
- if (!grace)
- clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags);
+ set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags);
+ if (!grace)
+ clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags);
- if (ctx_unlist_kr(ctx, 1)) {
- hlist_add_head(&ctx->cc_hash, &freelist);
- CWARN("unlisted ctx %p\n", ctx);
- } else
- CWARN("ctx %p: unlist return 0, let it go\n", ctx);
+ cfs_atomic_inc(&ctx->cc_refcount);
+ if (ctx_unlist_kr(ctx, 1)) {
+ cfs_hlist_add_head(&ctx->cc_cache, &freelist);
+ } else {
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) >= 2);
+ cfs_atomic_dec(&ctx->cc_refcount);
+ }
}
- spin_unlock(&sec->ps_lock);
+ spin_unlock(&sec->ps_lock);
- dispose_ctx_list_kr(&freelist);
- EXIT;
+ dispose_ctx_list_kr(&freelist);
+ EXIT;
}
static
int gss_sec_flush_ctx_cache_kr(struct ptlrpc_sec *sec,
- uid_t uid,
- int grace, int force)
+ uid_t uid, int grace, int force)
{
ENTRY;
- CWARN("sec %p(%d, busy %d), uid %d, grace %d, force %d\n",
- sec, atomic_read(&sec->ps_refcount), atomic_read(&sec->ps_busy),
- uid, grace, force);
+ CDEBUG(D_SEC, "sec %p(%d, nctx %d), uid %d, grace %d, force %d\n",
+ sec, cfs_atomic_read(&sec->ps_refcount),
+ cfs_atomic_read(&sec->ps_nctx),
+ uid, grace, force);
if (uid != -1 && uid != 0)
flush_user_ctx_cache_kr(sec, uid, grace, force);
void gss_sec_gc_ctx_kr(struct ptlrpc_sec *sec)
{
struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- struct hlist_head freelist = HLIST_HEAD_INIT;
- struct hlist_node *pos, *next;
+ cfs_hlist_head_t freelist = CFS_HLIST_HEAD_INIT;
+ cfs_hlist_node_t *pos, *next;
struct ptlrpc_cli_ctx *ctx;
ENTRY;
CWARN("running gc\n");
- spin_lock(&sec->ps_lock);
- hlist_for_each_entry_safe(ctx, pos, next,
- &gsec_kr->gsk_clist, cc_hash) {
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ spin_lock(&sec->ps_lock);
+ cfs_hlist_for_each_entry_safe(ctx, pos, next,
+ &gsec_kr->gsk_clist, cc_cache) {
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
+
+ cfs_atomic_inc(&ctx->cc_refcount);
if (cli_ctx_check_death(ctx) && ctx_unlist_kr(ctx, 1)) {
- hlist_add_head(&ctx->cc_hash, &freelist);
+ cfs_hlist_add_head(&ctx->cc_cache, &freelist);
CWARN("unhashed ctx %p\n", ctx);
+ } else {
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) >= 2);
+ cfs_atomic_dec(&ctx->cc_refcount);
}
}
- spin_unlock(&sec->ps_lock);
+ spin_unlock(&sec->ps_lock);
- dispose_ctx_list_kr(&freelist);
- EXIT;
- return;
+ dispose_ctx_list_kr(&freelist);
+ EXIT;
+ return;
}
static
-int gss_sec_display_kr(struct ptlrpc_sec *sec, char *buf, int bufsize)
+int gss_sec_display_kr(struct ptlrpc_sec *sec, struct seq_file *seq)
{
struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
- struct hlist_node *pos, *next;
+ cfs_hlist_node_t *pos, *next;
struct ptlrpc_cli_ctx *ctx;
- int written = 0;
+ struct gss_cli_ctx *gctx;
+ time_t now = cfs_time_current_sec();
ENTRY;
- written = snprintf(buf, bufsize, "context list ===>\n");
- bufsize -= written;
- buf += written;
-
- spin_lock(&sec->ps_lock);
- hlist_for_each_entry_safe(ctx, pos, next,
- &gsec_kr->gsk_clist, cc_hash) {
- struct key *key;
- int len;
+ spin_lock(&sec->ps_lock);
+ cfs_hlist_for_each_entry_safe(ctx, pos, next,
+ &gsec_kr->gsk_clist, cc_cache) {
+ struct key *key;
+ char flags_str[40];
+ char mech[40];
+ gctx = ctx2gctx(ctx);
key = ctx2gctx_keyring(ctx)->gck_key;
- len = snprintf(buf, bufsize, "%p(%d): expire %ld(%ld), "
- "uid %u, flags 0x%lx, key %08x(%d)\n",
- ctx, atomic_read(&ctx->cc_refcount),
- ctx->cc_expire,
- ctx->cc_expire - cfs_time_current_sec(),
- ctx->cc_vcred.vc_uid,
- ctx->cc_flags,
- key ? key->serial : 0,
- key ? atomic_read(&key->usage) : 0);
-
- written += len;
- buf += len;
- bufsize -= len;
-
- if (bufsize < len)
- break;
+ gss_cli_ctx_flags2str(ctx->cc_flags,
+ flags_str, sizeof(flags_str));
+
+ if (gctx->gc_mechctx)
+ lgss_display(gctx->gc_mechctx, mech, sizeof(mech));
+ else
+ snprintf(mech, sizeof(mech), "N/A");
+ mech[sizeof(mech) - 1] = '\0';
+
+ seq_printf(seq, "%p: uid %u, ref %d, expire %ld(%+ld), fl %s, "
+ "seq %d, win %u, key %08x(ref %d), "
+ "hdl "LPX64":"LPX64", mech: %s\n",
+ ctx, ctx->cc_vcred.vc_uid,
+ cfs_atomic_read(&ctx->cc_refcount),
+ ctx->cc_expire,
+ ctx->cc_expire ? ctx->cc_expire - now : 0,
+ flags_str,
+ cfs_atomic_read(&gctx->gc_seq),
+ gctx->gc_win,
+ key ? key->serial : 0,
+ key ? atomic_read(&key->usage) : 0,
+ gss_handle_to_u64(&gctx->gc_handle),
+ gss_handle_to_u64(&gctx->gc_svc_handle),
+ mech);
}
- spin_unlock(&sec->ps_lock);
+ spin_unlock(&sec->ps_lock);
- RETURN(written);
+ RETURN(0);
}
/****************************************
static
int gss_cli_ctx_validate_kr(struct ptlrpc_cli_ctx *ctx)
{
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
LASSERT(ctx->cc_sec);
if (cli_ctx_check_death(ctx)) {
return 1;
}
- if (cli_ctx_is_uptodate(ctx))
+ if (cli_ctx_is_ready(ctx))
return 0;
return 1;
}
static
void gss_cli_ctx_die_kr(struct ptlrpc_cli_ctx *ctx, int grace)
{
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
LASSERT(ctx->cc_sec);
- CWARN("ctx %p(%d)\n", ctx, atomic_read(&ctx->cc_refcount));
cli_ctx_expire(ctx);
kill_ctx_kr(ctx);
}
if (rc) {
CERROR("failed copy reverse cli ctx: %d\n", rc);
- ctx_put_kr(cli_ctx);
+ ctx_put_kr(cli_ctx, 1);
return rc;
}
- sec_replace_root_ctx_kr(sec, cli_ctx, NULL);
+ rvs_sec_install_root_ctx_kr(sec, cli_ctx, NULL);
- ctx_put_kr(cli_ctx);
+ ctx_put_kr(cli_ctx, 1);
return 0;
}
goto err_put;
}
- sec_replace_root_ctx_kr(sec, cli_ctx, key);
+ rvs_sec_install_root_ctx_kr(sec, cli_ctx, key);
- ctx_put_kr(cli_ctx);
+ ctx_put_kr(cli_ctx, 1);
up_write(&key->sem);
rc = 0;
return rc;
err_put:
- ctx_put_kr(cli_ctx);
+ ctx_put_kr(cli_ctx, 1);
err_up:
up_write(&key->sem);
err_revoke:
int gss_svc_install_rctx_kr(struct obd_import *imp,
struct ptlrpc_svc_ctx *svc_ctx)
{
- LASSERT(imp->imp_sec);
+ struct ptlrpc_sec *sec;
+ int rc;
- return sec_install_rctx_kr(imp->imp_sec, svc_ctx);
+ sec = sptlrpc_import_sec_ref(imp);
+ LASSERT(sec);
+
+ rc = sec_install_rctx_kr(sec, svc_ctx);
+ sptlrpc_sec_put(sec);
+
+ return rc;
}
/****************************************
static
int gss_kt_instantiate(struct key *key, const void *data, size_t datalen)
{
+ int rc;
ENTRY;
if (data != NULL || datalen != 0) {
- CERROR("invalid: data %p, len %d\n", data, datalen);
+ CERROR("invalid: data %p, len %lu\n", data, (long)datalen);
RETURN(-EINVAL);
}
RETURN(-EINVAL);
}
- /* XXX */
- key->perm |= KEY_POS_ALL | KEY_USR_ALL;
- CWARN("key %p instantiated, ctx %p\n", key, key->payload.data);
- RETURN(0);
+ /* link the key to session keyring, so following context negotiation
+ * rpc fired from user space could find this key. This will be unlinked
+ * automatically when upcall processes die.
+ *
+ * we can't do this through keyctl from userspace, because the upcall
+ * might be neither possessor nor owner of the key (setuid).
+ *
+ * the session keyring is created upon upcall, and don't change all
+ * the way until upcall finished, so rcu lock is not needed here.
+ */
+ LASSERT(key_tgcred(cfs_current())->session_keyring);
+
+ lockdep_off();
+ rc = key_link(key_tgcred(cfs_current())->session_keyring, key);
+ lockdep_on();
+ if (unlikely(rc)) {
+ CERROR("failed to link key %08x to keyring %08x: %d\n",
+ key->serial,
+ key_tgcred(cfs_current())->session_keyring->serial, rc);
+ RETURN(rc);
+ }
+
+ CDEBUG(D_SEC, "key %p instantiated, ctx %p\n", key, key->payload.data);
+ RETURN(0);
}
/*
struct ptlrpc_cli_ctx *ctx = key->payload.data;
struct gss_cli_ctx *gctx;
rawobj_t tmpobj = RAWOBJ_EMPTY;
+ __u32 datalen32 = (__u32) datalen;
int rc;
ENTRY;
if (data == NULL || datalen == 0) {
- CWARN("invalid: data %p, len %d\n", data, datalen);
+ CWARN("invalid: data %p, len %lu\n", data, (long)datalen);
RETURN(-EINVAL);
}
- /*
- * there's a race between userspace parent - child processes. if
- * child finish negotiation too fast and call kt_update(), the ctx
+ /* if upcall finished negotiation too fast (mostly likely because
+ * of local error happened) and call kt_update(), the ctx
* might be still NULL. but the key will finally be associate
* with a context, or be revoked. if key status is fine, return
- * -EAGAIN to allow userspace sleep a while and call again.
- */
+ * -EAGAIN to allow userspace sleep a while and call again. */
if (ctx == NULL) {
- CWARN("race in userspace. key %p(%x) flags %lx\n",
+ CDEBUG(D_SEC, "update too soon: key %p(%x) flags %lx\n",
key, key->serial, key->flags);
rc = key_validate(key);
RETURN(rc);
}
- LASSERT(atomic_read(&ctx->cc_refcount) > 0);
+ LASSERT(cfs_atomic_read(&ctx->cc_refcount) > 0);
LASSERT(ctx->cc_sec);
ctx_clear_timer_kr(ctx);
/* don't proceed if already refreshed */
if (cli_ctx_is_refreshed(ctx)) {
CWARN("ctx already done refresh\n");
- sptlrpc_cli_ctx_wakeup(ctx);
RETURN(0);
}
sptlrpc_cli_ctx_get(ctx);
gctx = ctx2gctx(ctx);
- rc = -EFAULT;
- if (buffer_extract_bytes(&data, &datalen,
- &gctx->gc_win, sizeof(gctx->gc_win))) {
+ rc = buffer_extract_bytes(&data, &datalen32, &gctx->gc_win,
+ sizeof(gctx->gc_win));
+ if (rc) {
CERROR("failed extract seq_win\n");
goto out;
}
- CWARN("secwin is %d\n", gctx->gc_win);
if (gctx->gc_win == 0) {
__u32 nego_rpc_err, nego_gss_err;
- if (buffer_extract_bytes(&data, &datalen,
- &nego_rpc_err, sizeof(nego_rpc_err))) {
+ rc = buffer_extract_bytes(&data, &datalen32, &nego_rpc_err,
+ sizeof(nego_rpc_err));
+ if (rc) {
CERROR("failed to extrace rpc rc\n");
goto out;
}
- if (buffer_extract_bytes(&data, &datalen,
- &nego_gss_err, sizeof(nego_gss_err))) {
+ rc = buffer_extract_bytes(&data, &datalen32, &nego_gss_err,
+ sizeof(nego_gss_err));
+ if (rc) {
CERROR("failed to extrace gss rc\n");
goto out;
}
CERROR("negotiation: rpc err %d, gss err %x\n",
nego_rpc_err, nego_gss_err);
- if (nego_rpc_err)
- rc = nego_rpc_err;
+ rc = nego_rpc_err ? nego_rpc_err : -EACCES;
} else {
- if (rawobj_extract_local_alloc(&gctx->gc_handle,
- (__u32 **)&data, &datalen)) {
+ rc = rawobj_extract_local_alloc(&gctx->gc_handle,
+ (__u32 **) &data, &datalen32);
+ if (rc) {
CERROR("failed extract handle\n");
goto out;
}
- if (rawobj_extract_local(&tmpobj, (__u32 **)&data, &datalen)) {
+ rc = rawobj_extract_local(&tmpobj, (__u32 **) &data,&datalen32);
+ if (rc) {
CERROR("failed extract mech\n");
goto out;
}
- if (lgss_import_sec_context(&tmpobj,
- sec2gsec(ctx->cc_sec)->gs_mech,
- &gctx->gc_mechctx) !=
- GSS_S_COMPLETE) {
+ rc = lgss_import_sec_context(&tmpobj,
+ sec2gsec(ctx->cc_sec)->gs_mech,
+ &gctx->gc_mechctx);
+ if (rc != GSS_S_COMPLETE)
CERROR("failed import context\n");
- goto out;
- }
-
- rc = 0;
+ else
+ rc = 0;
}
out:
/* we don't care what current status of this ctx, even someone else
* is operating on the ctx at the same time. we just add up our own
- * opinions here.
- */
+ * opinions here. */
if (rc == 0) {
gss_cli_ctx_uptodate(gctx);
} else {
+ /* this will also revoke the key. has to be done before
+ * wakeup waiters otherwise they can find the stale key */
+ kill_key_locked(key);
+
cli_ctx_expire(ctx);
if (rc != -ERESTART)
- set_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags);
-
- /* this will also revoke the key. has to be done before
- * wakeup waiters otherwise they can find the stale key
- */
- kill_key_locked(key);
+ set_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags);
}
- sptlrpc_cli_ctx_wakeup(ctx);
-
/* let user space think it's a success */
sptlrpc_cli_ctx_put(ctx, 1);
RETURN(0);
{
ENTRY;
LASSERT(key->payload.data == NULL);
- CWARN("destroy key %p\n", key);
+ CDEBUG(D_SEC, "destroy key %p\n", key);
EXIT;
}
.refresh = gss_cli_ctx_refresh_kr,
.validate = gss_cli_ctx_validate_kr,
.die = gss_cli_ctx_die_kr,
- .display = gss_cli_ctx_display,
.sign = gss_cli_ctx_sign,
.verify = gss_cli_ctx_verify,
.seal = gss_cli_ctx_seal,
static struct ptlrpc_sec_cops gss_sec_keyring_cops = {
.create_sec = gss_sec_create_kr,
.destroy_sec = gss_sec_destroy_kr,
+ .kill_sec = gss_sec_kill,
.lookup_ctx = gss_sec_lookup_ctx_kr,
.release_ctx = gss_sec_release_ctx_kr,
.flush_ctx_cache = gss_sec_flush_ctx_cache_kr,
.authorize = gss_svc_authorize,
.free_rs = gss_svc_free_rs,
.free_ctx = gss_svc_free_ctx,
+ .prep_bulk = gss_svc_prep_bulk,
.unwrap_bulk = gss_svc_unwrap_bulk,
.wrap_bulk = gss_svc_wrap_bulk,
.install_rctx = gss_svc_install_rctx_kr,
git://git.whamcloud.com / fs / lustre-release.git / blobdiff