#include <fcntl.h>
#include <errno.h>
#include <nfsidmap.h>
+#include <nfslib.h>
+#include <time.h>
#include "svcgssd.h"
#include "gss_util.h"
#include "err_util.h"
#include "context.h"
-#include "cacheio.h"
extern char * mech2file(gss_OID mech);
#define SVCGSSD_CONTEXT_CHANNEL "/proc/net/rpc/auth.rpcsec.context/channel"
static int
do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
- gss_OID mech, gss_buffer_desc *context_token)
+ gss_OID mech, gss_buffer_desc *context_token,
+ int32_t endtime)
{
FILE *f;
int i;
}
qword_printhex(f, out_handle->value, out_handle->length);
/* XXX are types OK for the rest of this? */
- qword_printint(f, 0x7fffffff); /*XXX need a better timeout */
+ /* For context cache, use the actual context endtime */
+ qword_printint(f, endtime);
qword_printint(f, cred->cr_uid);
qword_printint(f, cred->cr_gid);
qword_printint(f, cred->cr_ngroups);
- for (i=0; i < cred->cr_ngroups; i++)
+ printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d (%d from now), "
+ "uid: %d, gid: %d, num aux grps: %d:\n",
+ fname, out_handle->length, context_token->length,
+ endtime, endtime - time(0),
+ cred->cr_uid, cred->cr_gid, cred->cr_ngroups);
+ for (i=0; i < cred->cr_ngroups; i++) {
qword_printint(f, cred->cr_groups[i]);
+ printerr(2, " (%4d) %d\n", i+1, cred->cr_groups[i]);
+ }
qword_print(f, fname);
qword_printhex(f, context_token->value, context_token->length);
err = qword_eol(f);
qword_addhex(&bp, &blen, in_handle->value, in_handle->length);
qword_addhex(&bp, &blen, in_token->value, in_token->length);
- qword_addint(&bp, &blen, 0x7fffffff); /*XXX need a better timeout */
+ /* For init cache, only needed for a short time */
+ qword_addint(&bp, &blen, time(0) + 60);
qword_adduint(&bp, &blen, maj_stat);
qword_adduint(&bp, &blen, min_stat);
qword_addhex(&bp, &blen, out_handle->value, out_handle->length);
return res;
}
+#ifdef DEBUG
void
-print_hexl(int pri, unsigned char *cp, int length)
+print_hexl(const char *description, unsigned char *cp, int length)
{
int i, j, jm;
unsigned char c;
- printerr(pri, "length %d\n",length);
- printerr(pri, "\n");
+ printf("%s (length %d)\n", description, length);
for (i = 0; i < length; i += 0x10) {
- printerr(pri, " %04x: ", (u_int)i);
+ printf(" %04x: ", (u_int)i);
jm = length - i;
jm = jm > 16 ? 16 : jm;
for (j = 0; j < jm; j++) {
if ((j % 2) == 1)
- printerr(pri,"%02x ", (u_int)cp[i+j]);
+ printf("%02x ", (u_int)cp[i+j]);
else
- printerr(pri,"%02x", (u_int)cp[i+j]);
+ printf("%02x", (u_int)cp[i+j]);
}
for (; j < 16; j++) {
if ((j % 2) == 1)
- printerr(pri," ");
+ printf(" ");
else
- printerr(pri," ");
+ printf(" ");
}
- printerr(pri," ");
+ printf(" ");
for (j = 0; j < jm; j++) {
c = cp[i+j];
c = isprint(c) ? c : '.';
- printerr(pri,"%c", c);
+ printf("%c", c);
}
- printerr(pri,"\n");
+ printf("\n");
}
}
+#endif
void
handle_nullreq(FILE *f) {
static char *lbuf = NULL;
static int lbuflen = 0;
static char *cp;
+ int32_t ctx_endtime;
printerr(1, "handling null request\n");
in_handle.length = (size_t) qword_get(&cp, in_handle.value,
sizeof(in_handle_buf));
- printerr(2, "in_handle: \n");
- print_hexl(2, in_handle.value, in_handle.length);
+#ifdef DEBUG
+ print_hexl("in_handle", in_handle.value, in_handle.length);
+#endif
in_tok.length = (size_t) qword_get(&cp, in_tok.value,
sizeof(in_tok_buf));
- printerr(2, "in_tok: \n");
- print_hexl(2, in_tok.value, in_tok.length);
+#ifdef DEBUG
+ print_hexl("in_tok", in_tok.value, in_tok.length);
+#endif
if (in_tok.length < 0) {
printerr(0, "WARNING: handle_nullreq: "
/* kernel needs ctx to calculate verifier on null response, so
* must give it context before doing null call: */
- if (serialize_context_for_kernel(ctx, &ctx_token, mech)) {
+ if (serialize_context_for_kernel(ctx, &ctx_token, mech, &ctx_endtime)) {
printerr(0, "WARNING: handle_nullreq: "
"serialize_context_for_kernel failed\n");
maj_stat = GSS_S_FAILURE;
/* We no longer need the gss context */
gss_delete_sec_context(&ignore_min_stat, &ctx, &ignore_out_tok);
- do_svc_downcall(&out_handle, &cred, mech, &ctx_token);
+ do_svc_downcall(&out_handle, &cred, mech, &ctx_token, ctx_endtime);
continue_needed:
send_response(f, &in_handle, &in_tok, maj_stat, min_stat,
&out_handle, &out_tok);
projects / nfs-utils.git / blobdiff