LU-14263 gss: unlink revoked key

When a GSS context is destroyed, it is unbound from its key, marking
the key as revoked.
The key also needs to be unlinked from the session keyring. This way,
a subsequent context initialization will manage to create a new valid
key and link it to the keyring.

Similarly, add a new '-r' flag to 'lfs flushctx', in order to reap the
revoked keys from the keyring when flushing the GSS context.

Test-Parameters: trivial
Test-Parameters: clientdistro=el7.9 testgroup=review-dne-ssk
Test-Parameters: clientdistro=el8.3 testgroup=review-dne-ssk
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ida4b4ea53202c1f40ad93816fb4ec96fec2bf8bc
Reviewed-on: https://review.whamcloud.com/41047
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Jian Yu <yujian@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/doc/lfs-flushctx.1 b/lustre/doc/lfs-flushctx.1
new file mode 100644 (file)
index 0000000..f9cebbd
--- /dev/null
+++ b/lustre/doc/lfs-flushctx.1
@@ -0,0 +1,40 @@
+.TH LFS-FLUSHCTX 1 2021-01-04 "Lustre" "Lustre Utilities"
+.SH NAME
+lfs flushctx \- flush security context of current user.
+.SH SYNOPSIS
+.B lfs flushctx
+.RB [ --help | -h "] [" -k "] [" -r "] [" \fIrootpath\fR "]"
+.br
+.SH DESCRIPTION
+Flush security context of current user, for Lustre file system as specified by
+\fBrootpath\fR, or for all mounted Lustre file systems.
+.P
+If \fB-k\fR is specified, proceed to Kerberos credentials cache destroy as well,
+by calling kdestroy.
+.P
+If \fB-r\fR is specified, reap revoked keys from the session keyring.
+.SH OPTIONS
+.TP
+.BR -k
+Proceed to Kerberos credentials cache destroy.
+.TP
+.BR -r
+Reap revoked keys from the session keyring.
+.TP
+.BR -h
+Display helper.
+.SH EXAMPLES
+.TP
+.B $ lfs flushctx -k -r /mnt/lustre
+This flushes security context of current user for Lustre file system mounted
+under /mnt/lustre, as well as destroys its Kerberos credentials cache and reaps
+revoked keys from its session keyring. This is the recommended way of using the
+command.
+.TP
+.B $ lfs flushctx
+This simply flushes security context of current user for all mounted Lustre file
+systems.
+.SH AUTHOR
+The lfs command is part of the Lustre filesystem.
+.SH SEE ALSO
+.BR lfs (1),

diff --git a/lustre/doc/lfs.1 b/lustre/doc/lfs.1
index 648e1f7..2ca2c42 100644 (file)
--- a/lustre/doc/lfs.1
+++ b/lustre/doc/lfs.1
@@ -45,6 +45,9 @@ lfs \- client utility for Lustre-specific file layout and other attributes
       [[\fB!\fR] \fB--uid\fR|\fB-u\fR|\fB--user\fR|\fB-U
 \fR<\fIuname\fR>|<\fIuid\fR>]
 .br
+.B lfs flushctx
+.RB [ --help | -h "] [" -k "] [" -r "] [" \fIrootpath\fR "]"
+.br
 .B lfs getname
 .RB [ --help | -h "] [" --instance | -i "] [" --fsname | -n "] ["
 .IR path ...]
@@ -175,6 +178,9 @@ data has not been changed during an archive operation or before a release
 operation, and by OST migration, primarily for verifying that file data has not
 been changed during a data copy, when done in non-blocking mode.
 .TP
+.B flushctx
+See lfs-flushctx(1).
+.TP
 .B osts
 .RB [ path ]
 List all the OSTs for all mounted filesystems. If a \fBpath\fR is provided
@@ -241,8 +247,8 @@ Turn quotas of user and group off
 .SH NOTES
 The usage of \fBlfs find\fR, \fBlfs getstripe\fR, \fBlfs hsm_*\fR,
 \fBlfs setstripe\fR, \fBlfs migrate\fR, \fBlfs getdirstripe\fR,
-\fBlfs setdirstripe\fR, \fBlfs mkdir\fR, and \fBlfs project\fR are explained
-in separate man pages.
+\fBlfs setdirstripe\fR, \fBlfs mkdir\fR, \fBlfs flushctx\fR
+and \fBlfs project\fR are explained in separate man pages.
 .SH AUTHOR
 The lfs command is part of the Lustre filesystem.
 .SH SEE ALSO
@@ -250,6 +256,7 @@ The lfs command is part of the Lustre filesystem.
 .BR lfs-df (1),
 .BR lfs-fid2path (1),
 .BR lfs-find (1),
+.BR lfs-flushctx (1),
 .BR lfs-getdirstripe (1),
 .BR lfs-getname (1),
 .BR lfs-getstripe (1),

diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c
index 820037d..b9d1c08 100644 (file)
--- a/lustre/ptlrpc/gss/gss_keyring.c
+++ b/lustre/ptlrpc/gss/gss_keyring.c
@@ -70,6 +70,7 @@ static struct key_type gss_key_type;
 
 static int sec_install_rctx_kr(struct ptlrpc_sec *sec,
                                struct ptlrpc_svc_ctx *svc_ctx);
+static void request_key_unlink(struct key *key);
 
 /*
  * the timeout is only for the case that upcall child process die abnormally.
@@ -377,17 +378,18 @@ static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
  */
 static void unbind_ctx_kr(struct ptlrpc_cli_ctx *ctx)
 {
-        struct key      *key = ctx2gctx_keyring(ctx)->gck_key;
+       struct key      *key = ctx2gctx_keyring(ctx)->gck_key;
 
-        if (key) {
+       if (key) {
                LASSERT(key_get_payload(key, 0) == ctx);
 
-                key_get(key);
-                down_write(&key->sem);
-                unbind_key_ctx(key, ctx);
-                up_write(&key->sem);
-                key_put(key);
-        }
+               key_get(key);
+               down_write(&key->sem);
+               unbind_key_ctx(key, ctx);
+               up_write(&key->sem);
+               key_put(key);
+               request_key_unlink(key);
+       }
 }
 
 /*

diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c
index 98c3eb0..f7eacb3 100644 (file)
--- a/lustre/utils/lfs.c
+++ b/lustre/utils/lfs.c
@@ -571,8 +571,9 @@ command_t cmdlist[] = {
         "         clear the project inherit flag and ID on the file or directory\n"
        },
 #endif
-       {"flushctx", lfs_flushctx, 0, "Flush security context for current user.\n"
-        "usage: flushctx [-k] [mountpoint...]"},
+       {"flushctx", lfs_flushctx, 0,
+        "Flush security context for current user.\n"
+        "usage: flushctx [-k] [-r] [mountpoint...]"},
        {"changelog", lfs_changelog, 0,
         "Show the metadata changes on an MDT."
         "\nusage: changelog <mdtname> [startrec [endrec]]"},
@@ -7925,16 +7926,19 @@ static int flushctx_ioctl(char *mp)
 
 static int lfs_flushctx(int argc, char **argv)
 {
-       int     kdestroy = 0, c;
+       int     kdestroy = 0, reap = 0, c;
        char    mntdir[PATH_MAX] = {'\0'};
        int     index = 0;
        int     rc = 0;
 
-       while ((c = getopt(argc, argv, "k")) != -1) {
+       while ((c = getopt(argc, argv, "kr")) != -1) {
                switch (c) {
                case 'k':
                        kdestroy = 1;
                        break;
+               case 'r':
+                       reap = 1;
+                       break;
                default:
                        fprintf(stderr,
                                "error: %s: option '-%c' unrecognized\n",
@@ -7972,6 +7976,15 @@ static int lfs_flushctx(int argc, char **argv)
                                rc = -1;
                }
        }
+
+       if (reap) {
+               rc = system("keyctl reap > /dev/null");
+               if (rc != 0) {
+                       rc = WEXITSTATUS(rc);
+                       fprintf(stderr, "error reaping keyring: %d\n", rc);
+               }
+       }
+
        return rc;
 }