struct rsi {
struct cache_head h;
+ __u32 naltype;
+ __u32 netid;
+ __u64 nid;
rawobj_t in_handle, in_token;
rawobj_t out_handle, out_token;
int major_status, minor_status;
{
struct rsi *rsii = container_of(h, struct rsi, h);
+ qword_addhex(bpp, blen, (char *) &rsii->naltype, sizeof(rsii->naltype));
+ qword_addhex(bpp, blen, (char *) &rsii->netid, sizeof(rsii->netid));
+ qword_addhex(bpp, blen, (char *) &rsii->nid, sizeof(rsii->nid));
qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len);
qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len);
(*bpp)[-1] = '\n';
#define RSC_HASHMAX (1<<RSC_HASHBITS)
#define RSC_HASHMASK (RSC_HASHMAX-1)
-#define GSS_SEQ_WIN 128
+#define GSS_SEQ_WIN 512
struct gss_svc_seq_data {
/* highest seq number seen so far: */
struct rsc {
struct cache_head h;
rawobj_t handle;
- __u32 remote;
+ __u32 remote_realm;
struct vfs_cred cred;
+ uid_t mapped_uid;
struct gss_svc_seq_data seqdata;
struct gss_ctx *mechctx;
};
goto out;
/* remote flag */
- rv = get_int(&mesg, &rsci->remote);
+ rv = get_int(&mesg, &rsci->remote_realm);
if (rv) {
CERROR("fail to get remote flag\n");
goto out;
}
+ /* mapped uid */
+ rv = get_int(&mesg, &rsci->mapped_uid);
+ if (rv) {
+ CERROR("fail to get mapped uid\n");
+ goto out;
+ }
+
/* uid, or NEGATIVE */
rv = get_int(&mesg, &rsci->cred.vc_uid);
if (rv == -EINVAL)
goto out;
- if (rv == -ENOENT)
+ if (rv == -ENOENT) {
+ CERROR("NOENT? set rsc entry negative\n");
set_bit(CACHE_NEGATIVE, &rsci->h.flags);
- else {
- int N, i;
+ } else {
struct gss_api_mech *gm;
rawobj_t tmp_buf;
__u64 ctx_expiry;
if (get_int(&mesg, &rsci->cred.vc_gid))
goto out;
- /* number of additional gid's */
- if (get_int(&mesg, &N))
- goto out;
- status = -ENOMEM;
-#if 0
- rsci->cred.vc_ginfo = groups_alloc(N);
- if (rsci->cred.vc_ginfo == NULL)
- goto out;
-#endif
-
- /* gid's */
- status = -EINVAL;
- for (i=0; i<N; i++) {
- gid_t gid;
- if (get_int(&mesg, &gid))
- goto out;
-#if 0
- GROUP_AT(rsci->cred.vc_ginfo, i) = gid;
-#endif
- }
-
/* mech name */
len = qword_get(&mesg, buf, mlen);
if (len < 0)
__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
goto exit;
} else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) {
+ CERROR("seq %u too low: max %u, win %d\n",
+ seq_num, sd->sd_max, GSS_SEQ_WIN);
rc = 1;
goto exit;
}
- if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
+ if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) {
+ CERROR("seq %u is replay: max %u, win %d\n",
+ seq_num, sd->sd_max, GSS_SEQ_WIN);
rc = 1;
+ }
exit:
spin_unlock(&sd->sd_lock);
return rc;
GOTO(out_rsikey, rc = SVC_DROP);
}
+ rsikey->naltype = (__u32) req->rq_peer.peer_ni->pni_number;
+ rsikey->netid = 0;
+ rsikey->nid = (__u64) req->rq_peer.peer_id.nid;
+
rsip = gssd_upcall(rsikey, &my_chandle);
if (!rsip) {
CERROR("error in gssd_upcall.\n");
*res = PTLRPCS_OK;
+ req->rq_auth_uid = rsci->cred.vc_uid;
+ req->rq_remote_realm = rsci->remote_realm;
+ req->rq_mapped_uid = rsci->mapped_uid;
+
/* This is simplified since right now we doesn't support
* INIT_CONTINUE yet.
*/
}
req->rq_auth_uid = rsci->cred.vc_uid;
- req->rq_remote = rsci->remote;
+ req->rq_remote_realm = rsci->remote_realm;
+ req->rq_mapped_uid = rsci->mapped_uid;
*res = PTLRPCS_OK;
GOTO(out, rc = SVC_OK);