LU-9672 gss: fix expiration time of sunrpc cache

Expiration time of sunrpc cache is misinterpreted. Downcal
and response from user space must provide an epoch time,
not a duration.
And on kernel side, expiry must always be expressed in seconds
from boot, as set when retrieved from get_expiry().

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I35c58a040a62410374dee0be3ae5bed7956cd985
Reviewed-on: https://review.whamcloud.com/27667
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/ptlrpc/gss/gss_svc_upcall.c b/lustre/ptlrpc/gss/gss_svc_upcall.c
index 7f4a129..41737a3 100644 (file)
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -614,41 +614,50 @@ static int rsc_parse(struct cache_detail *cd, char *mesg, int mlen)
                 CERROR("NOENT? set rsc entry negative\n");
                set_bit(CACHE_NEGATIVE, &rsci.h.flags);
         } else {
-                rawobj_t tmp_buf;
-                unsigned long ctx_expiry;
-
-                /* gid */
-                if (get_int(&mesg, (int *) &rsci.ctx.gsc_gid))
-                        goto out;
-
-                /* mech name */
-                len = qword_get(&mesg, buf, mlen);
-                if (len < 0)
-                        goto out;
-                gm = lgss_name_to_mech(buf);
-                status = -EOPNOTSUPP;
-                if (!gm)
-                        goto out;
-
-                status = -EINVAL;
-                /* mech-specific data: */
-                len = qword_get(&mesg, buf, mlen);
-                if (len < 0)
-                        goto out;
-
-                tmp_buf.len = len;
-                tmp_buf.data = (unsigned char *)buf;
-                if (lgss_import_sec_context(&tmp_buf, gm,
-                                            &rsci.ctx.gsc_mechctx))
-                        goto out;
-
-                /* currently the expiry time passed down from user-space
-                 * is invalid, here we retrive it from mech. */
-                if (lgss_inquire_context(rsci.ctx.gsc_mechctx, &ctx_expiry)) {
-                        CERROR("unable to get expire time, drop it\n");
-                        goto out;
-                }
-                expiry = (time_t) ctx_expiry;
+               rawobj_t tmp_buf;
+               time64_t ctx_expiry;
+
+               /* gid */
+               if (get_int(&mesg, (int *) &rsci.ctx.gsc_gid))
+                       goto out;
+
+               /* mech name */
+               len = qword_get(&mesg, buf, mlen);
+               if (len < 0)
+                       goto out;
+               gm = lgss_name_to_mech(buf);
+               status = -EOPNOTSUPP;
+               if (!gm)
+                       goto out;
+
+               status = -EINVAL;
+               /* mech-specific data: */
+               len = qword_get(&mesg, buf, mlen);
+               if (len < 0)
+                       goto out;
+
+               tmp_buf.len = len;
+               tmp_buf.data = (unsigned char *)buf;
+               if (lgss_import_sec_context(&tmp_buf, gm,
+                                           &rsci.ctx.gsc_mechctx))
+                       goto out;
+
+               /* set to seconds since machine booted */
+               expiry = ktime_get_seconds();
+
+               /* currently the expiry time passed down from user-space
+                * is invalid, here we retrive it from mech.
+                */
+               if (lgss_inquire_context(rsci.ctx.gsc_mechctx,
+                                        (unsigned long *)&ctx_expiry)) {
+                       CERROR("unable to get expire time, drop it\n");
+                       goto out;
+               }
+
+               /* ctx_expiry is the number of seconds since Jan 1 1970.
+                * We want just the  number of seconds into the future.
+                */
+               expiry += ctx_expiry - ktime_get_real_seconds();
         }
 
         rsci.h.expiry_time = expiry;

diff --git a/lustre/utils/gss/svcgssd_proc.c b/lustre/utils/gss/svcgssd_proc.c
index 5516bc1..72d371b 100644 (file)
--- a/lustre/utils/gss/svcgssd_proc.c
+++ b/lustre/utils/gss/svcgssd_proc.c
@@ -113,7 +113,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
        }
        qword_printhex(f, out_handle->value, out_handle->length);
        /* XXX are types OK for the rest of this? */
-       qword_printint(f, 3600); /* an hour should be sufficient */
+       qword_printint(f, time(NULL) + 3600);   /* 1 hour should be ok */
        qword_printint(f, cred->cr_remote);
        qword_printint(f, cred->cr_usr_root);
        qword_printint(f, cred->cr_usr_mds);
@@ -152,7 +152,7 @@ send_response(FILE *f, gss_buffer_desc *in_handle, gss_buffer_desc *in_token,
        printerr(2, "sending reply\n");
        qword_addhex(&bp, &blen, in_handle->value, in_handle->length);
        qword_addhex(&bp, &blen, in_token->value, in_token->length);
-       qword_addint(&bp, &blen, 3600); /* an hour should be sufficient */
+       qword_addint(&bp, &blen, time(NULL) + 3600);   /* 1 hour should be ok */
        qword_adduint(&bp, &blen, maj_stat);
        qword_adduint(&bp, &blen, min_stat);
        qword_addhex(&bp, &blen, out_handle->value, out_handle->length);