From: Sebastien Buisson <sbuisson@ddn.com>
Date: Fri, 18 Dec 2020 14:49:11 +0000 (+0900)
Subject: LU-14263 gss: unlink revoked key
X-Git-Tag: 2.14.0-RC1~24
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=c246a9ba041d651c4fae324284f7bbd97500998b;ds=sidebyside

LU-14263 gss: unlink revoked key

When a GSS context is destroyed, it is unbound from its key, marking
the key as revoked.
The key also needs to be unlinked from the session keyring. This way,
a subsequent context initialization will manage to create a new valid
key and link it to the keyring.

Similarly, add a new '-r' flag to 'lfs flushctx', in order to reap the
revoked keys from the keyring when flushing the GSS context.

Test-Parameters: trivial
Test-Parameters: clientdistro=el7.9 testgroup=review-dne-ssk
Test-Parameters: clientdistro=el8.3 testgroup=review-dne-ssk
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: Ida4b4ea53202c1f40ad93816fb4ec96fec2bf8bc
Reviewed-on: https://review.whamcloud.com/41047
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Jian Yu <yujian@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/doc/lfs-flushctx.1 b/lustre/doc/lfs-flushctx.1
new file mode 100644
index 0000000..f9cebbd
--- /dev/null
+++ b/lustre/doc/lfs-flushctx.1
@@ -0,0 +1,40 @@
+.TH LFS-FLUSHCTX 1 2021-01-04 "Lustre" "Lustre Utilities"
+.SH NAME
+lfs flushctx \- flush security context of current user.
+.SH SYNOPSIS
+.B lfs flushctx
+.RB [ --help | -h "] [" -k "] [" -r "] [" \fIrootpath\fR "]"
+.br
+.SH DESCRIPTION
+Flush security context of current user, for Lustre file system as specified by
+\fBrootpath\fR, or for all mounted Lustre file systems.
+.P
+If \fB-k\fR is specified, proceed to Kerberos credentials cache destroy as well,
+by calling kdestroy.
+.P
+If \fB-r\fR is specified, reap revoked keys from the session keyring.
+.SH OPTIONS
+.TP
+.BR -k
+Proceed to Kerberos credentials cache destroy.
+.TP
+.BR -r
+Reap revoked keys from the session keyring.
+.TP
+.BR -h
+Display helper.
+.SH EXAMPLES
+.TP
+.B $ lfs flushctx -k -r /mnt/lustre
+This flushes security context of current user for Lustre file system mounted
+under /mnt/lustre, as well as destroys its Kerberos credentials cache and reaps
+revoked keys from its session keyring. This is the recommended way of using the
+command.
+.TP
+.B $ lfs flushctx
+This simply flushes security context of current user for all mounted Lustre file
+systems.
+.SH AUTHOR
+The lfs command is part of the Lustre filesystem.
+.SH SEE ALSO
+.BR lfs (1),
diff --git a/lustre/doc/lfs.1 b/lustre/doc/lfs.1
index 648e1f7..2ca2c42 100644
--- a/lustre/doc/lfs.1
+++ b/lustre/doc/lfs.1
@@ -45,6 +45,9 @@ lfs \- client utility for Lustre-specific file layout and other attributes
       [[\fB!\fR] \fB--uid\fR|\fB-u\fR|\fB--user\fR|\fB-U
 \fR<\fIuname\fR>|<\fIuid\fR>]
 .br
+.B lfs flushctx
+.RB [ --help | -h "] [" -k "] [" -r "] [" \fIrootpath\fR "]"
+.br
 .B lfs getname
 .RB [ --help | -h "] [" --instance | -i "] [" --fsname | -n "] ["
 .IR path ...]
@@ -175,6 +178,9 @@ data has not been changed during an archive operation or before a release
 operation, and by OST migration, primarily for verifying that file data has not
 been changed during a data copy, when done in non-blocking mode.
 .TP
+.B flushctx
+See lfs-flushctx(1).
+.TP
 .B osts
 .RB [ path ]
 List all the OSTs for all mounted filesystems. If a \fBpath\fR is provided
@@ -241,8 +247,8 @@ Turn quotas of user and group off
 .SH NOTES
 The usage of \fBlfs find\fR, \fBlfs getstripe\fR, \fBlfs hsm_*\fR,
 \fBlfs setstripe\fR, \fBlfs migrate\fR, \fBlfs getdirstripe\fR,
-\fBlfs setdirstripe\fR, \fBlfs mkdir\fR, and \fBlfs project\fR are explained
-in separate man pages.
+\fBlfs setdirstripe\fR, \fBlfs mkdir\fR, \fBlfs flushctx\fR
+and \fBlfs project\fR are explained in separate man pages.
 .SH AUTHOR
 The lfs command is part of the Lustre filesystem.
 .SH SEE ALSO
@@ -250,6 +256,7 @@ The lfs command is part of the Lustre filesystem.
 .BR lfs-df (1),
 .BR lfs-fid2path (1),
 .BR lfs-find (1),
+.BR lfs-flushctx (1),
 .BR lfs-getdirstripe (1),
 .BR lfs-getname (1),
 .BR lfs-getstripe (1),
diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c
index 820037d..b9d1c08 100644
--- a/lustre/ptlrpc/gss/gss_keyring.c
+++ b/lustre/ptlrpc/gss/gss_keyring.c
@@ -70,6 +70,7 @@ static struct key_type gss_key_type;
 
 static int sec_install_rctx_kr(struct ptlrpc_sec *sec,
                                struct ptlrpc_svc_ctx *svc_ctx);
+static void request_key_unlink(struct key *key);
 
 /*
  * the timeout is only for the case that upcall child process die abnormally.
@@ -377,17 +378,18 @@ static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
  */
 static void unbind_ctx_kr(struct ptlrpc_cli_ctx *ctx)
 {
-        struct key      *key = ctx2gctx_keyring(ctx)->gck_key;
+	struct key      *key = ctx2gctx_keyring(ctx)->gck_key;
 
-        if (key) {
+	if (key) {
 		LASSERT(key_get_payload(key, 0) == ctx);
 
-                key_get(key);
-                down_write(&key->sem);
-                unbind_key_ctx(key, ctx);
-                up_write(&key->sem);
-                key_put(key);
-        }
+		key_get(key);
+		down_write(&key->sem);
+		unbind_key_ctx(key, ctx);
+		up_write(&key->sem);
+		key_put(key);
+		request_key_unlink(key);
+	}
 }
 
 /*
diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c
index 98c3eb0..f7eacb3 100644
--- a/lustre/utils/lfs.c
+++ b/lustre/utils/lfs.c
@@ -571,8 +571,9 @@ command_t cmdlist[] = {
 	 "         clear the project inherit flag and ID on the file or directory\n"
 	},
 #endif
-	{"flushctx", lfs_flushctx, 0, "Flush security context for current user.\n"
-	 "usage: flushctx [-k] [mountpoint...]"},
+	{"flushctx", lfs_flushctx, 0,
+	 "Flush security context for current user.\n"
+	 "usage: flushctx [-k] [-r] [mountpoint...]"},
 	{"changelog", lfs_changelog, 0,
 	 "Show the metadata changes on an MDT."
 	 "\nusage: changelog <mdtname> [startrec [endrec]]"},
@@ -7925,16 +7926,19 @@ static int flushctx_ioctl(char *mp)
 
 static int lfs_flushctx(int argc, char **argv)
 {
-	int     kdestroy = 0, c;
+	int     kdestroy = 0, reap = 0, c;
 	char    mntdir[PATH_MAX] = {'\0'};
 	int     index = 0;
 	int     rc = 0;
 
-	while ((c = getopt(argc, argv, "k")) != -1) {
+	while ((c = getopt(argc, argv, "kr")) != -1) {
 		switch (c) {
 		case 'k':
 			kdestroy = 1;
 			break;
+		case 'r':
+			reap = 1;
+			break;
 		default:
 			fprintf(stderr,
 				"error: %s: option '-%c' unrecognized\n",
@@ -7972,6 +7976,15 @@ static int lfs_flushctx(int argc, char **argv)
 				rc = -1;
 		}
 	}
+
+	if (reap) {
+		rc = system("keyctl reap > /dev/null");
+		if (rc != 0) {
+			rc = WEXITSTATUS(rc);
+			fprintf(stderr, "error reaping keyring: %d\n", rc);
+		}
+	}
+
 	return rc;
 }