X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fsvcgssd_proc.c;h=f1621529733880c08325a8a2285787dc773e813d;hp=4037159b2ede2f737d0229728c15425ff9acdbd3;hb=eb3a145789b9eedd39b56e1d76f412435abaa747;hpb=8fd9fad1ea4b25b8962d70133f476650ef0637b0

diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index 4037159..f162152 100644
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -45,12 +45,13 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <nfsidmap.h>
+#include <nfslib.h>
+#include <time.h>
 
 #include "svcgssd.h"
 #include "gss_util.h"
 #include "err_util.h"
 #include "context.h"
-#include "cacheio.h"
 
 extern char * mech2file(gss_OID mech);
 #define SVCGSSD_CONTEXT_CHANNEL "/proc/net/rpc/auth.rpcsec.context/channel"
@@ -67,7 +68,8 @@ struct svc_cred {
 
 static int
 do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
-		gss_OID mech, gss_buffer_desc *context_token)
+		gss_OID mech, gss_buffer_desc *context_token,
+		int32_t endtime)
 {
 	FILE *f;
 	int i;
@@ -86,12 +88,20 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
 	}
 	qword_printhex(f, out_handle->value, out_handle->length);
 	/* XXX are types OK for the rest of this? */
-	qword_printint(f, 0x7fffffff); /*XXX need a better timeout */
+	/* For context cache, use the actual context endtime */
+	qword_printint(f, endtime);
 	qword_printint(f, cred->cr_uid);
 	qword_printint(f, cred->cr_gid);
 	qword_printint(f, cred->cr_ngroups);
-	for (i=0; i < cred->cr_ngroups; i++)
+	printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d (%d from now), "
+		 "uid: %d, gid: %d, num aux grps: %d:\n",
+		 fname, out_handle->length, context_token->length,
+		 endtime, endtime - time(0),
+		 cred->cr_uid, cred->cr_gid, cred->cr_ngroups);
+	for (i=0; i < cred->cr_ngroups; i++) {
 		qword_printint(f, cred->cr_groups[i]);
+		printerr(2, "  (%4d) %d\n", i+1, cred->cr_groups[i]);
+	}
 	qword_print(f, fname);
 	qword_printhex(f, context_token->value, context_token->length);
 	err = qword_eol(f);
@@ -124,9 +134,10 @@ send_response(FILE *f, gss_buffer_desc *in_handle, gss_buffer_desc *in_token,
 
 	qword_addhex(&bp, &blen, in_handle->value, in_handle->length);
 	qword_addhex(&bp, &blen, in_token->value, in_token->length);
-	qword_addint(&bp, &blen, 0x7fffffff); /*XXX need a better timeout */
-	qword_addint(&bp, &blen, maj_stat);
-	qword_addint(&bp, &blen, min_stat);
+	/* For init cache, only needed for a short time */
+	qword_addint(&bp, &blen, time(0) + 60);
+	qword_adduint(&bp, &blen, maj_stat);
+	qword_adduint(&bp, &blen, min_stat);
 	qword_addhex(&bp, &blen, out_handle->value, out_handle->length);
 	qword_addhex(&bp, &blen, out_token->value, out_token->length);
 	qword_addeol(&bp, &blen);
@@ -250,42 +261,43 @@ out:
 	return res;
 }
 
+#ifdef DEBUG
 void
-print_hexl(int pri, unsigned char *cp, int length)
+print_hexl(const char *description, unsigned char *cp, int length)
 {
 	int i, j, jm;
 	unsigned char c;
 
-	printerr(pri, "length %d\n",length);
-	printerr(pri, "\n");
+	printf("%s (length %d)\n", description, length);
 
 	for (i = 0; i < length; i += 0x10) {
-		printerr(pri, "  %04x: ", (u_int)i);
+		printf("  %04x: ", (u_int)i);
 		jm = length - i;
 		jm = jm > 16 ? 16 : jm;
 
 		for (j = 0; j < jm; j++) {
 			if ((j % 2) == 1)
-				printerr(pri,"%02x ", (u_int)cp[i+j]);
+				printf("%02x ", (u_int)cp[i+j]);
 			else
-				printerr(pri,"%02x", (u_int)cp[i+j]);
+				printf("%02x", (u_int)cp[i+j]);
 		}
 		for (; j < 16; j++) {
 			if ((j % 2) == 1)
-				printerr(pri,"   ");
+				printf("   ");
 			else
-				printerr(pri,"  ");
+				printf("  ");
 		}
-		printerr(pri," ");
+		printf(" ");
 
 		for (j = 0; j < jm; j++) {
 			c = cp[i+j];
 			c = isprint(c) ? c : '.';
-			printerr(pri,"%c", c);
+			printf("%c", c);
 		}
-		printerr(pri,"\n");
+		printf("\n");
 	}
 }
+#endif
 
 void
 handle_nullreq(FILE *f) {
@@ -313,6 +325,7 @@ handle_nullreq(FILE *f) {
 	static char		*lbuf = NULL;
 	static int		lbuflen = 0;
 	static char		*cp;
+	int32_t			ctx_endtime;
 
 	printerr(1, "handling null request\n");
 
@@ -326,13 +339,15 @@ handle_nullreq(FILE *f) {
 
 	in_handle.length = (size_t) qword_get(&cp, in_handle.value,
 					      sizeof(in_handle_buf));
-	printerr(2, "in_handle: \n");
-	print_hexl(2, in_handle.value, in_handle.length);
+#ifdef DEBUG
+	print_hexl("in_handle", in_handle.value, in_handle.length);
+#endif
 
 	in_tok.length = (size_t) qword_get(&cp, in_tok.value,
 					   sizeof(in_tok_buf));
-	printerr(2, "in_tok: \n");
-	print_hexl(2, in_tok.value, in_tok.length);
+#ifdef DEBUG
+	print_hexl("in_tok", in_tok.value, in_tok.length);
+#endif
 
 	if (in_tok.length < 0) {
 		printerr(0, "WARNING: handle_nullreq: "
@@ -387,7 +402,7 @@ handle_nullreq(FILE *f) {
 
 	/* kernel needs ctx to calculate verifier on null response, so
 	 * must give it context before doing null call: */
-	if (serialize_context_for_kernel(ctx, &ctx_token, mech)) {
+	if (serialize_context_for_kernel(ctx, &ctx_token, mech, &ctx_endtime)) {
 		printerr(0, "WARNING: handle_nullreq: "
 			    "serialize_context_for_kernel failed\n");
 		maj_stat = GSS_S_FAILURE;
@@ -396,7 +411,7 @@ handle_nullreq(FILE *f) {
 	/* We no longer need the gss context */
 	gss_delete_sec_context(&ignore_min_stat, &ctx, &ignore_out_tok);
 
-	do_svc_downcall(&out_handle, &cred, mech, &ctx_token);
+	do_svc_downcall(&out_handle, &cred, mech, &ctx_token, ctx_endtime);
 continue_needed:
 	send_response(f, &in_handle, &in_tok, maj_stat, min_stat,
 			&out_handle, &out_tok);