aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2008-12-23 15:21:57 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-12-23 15:21:57 -0500
commit6dcd3926b214a1fb081df18305921dedae269977 (patch)
tree00847727ce5a34b2b12fa4251c604b0c6a9e1fcd /net/sunrpc/auth_gss
parent64672d55d93c26fb4035fd1a84a803cbc09cb058 (diff)
sunrpc: fix code that makes auth_gss send destroy_cred message (try #2)
There's a bit of a chicken and egg problem when it comes to destroying auth_gss credentials. When we destroy the last instance of a GSSAPI RPC credential, we should send a NULL RPC call with a GSS procedure of RPCSEC_GSS_DESTROY to hint to the server that it can destroy those creds. This isn't happening because we're setting clearing the uptodate bit on the credentials and then setting the operations to the gss_nullops. When we go to do the RPC call, we try to refresh the creds. That fails with -EACCES and the call fails. Fix this by not clearing the UPTODATE bit for the credentials and adding a new crdestroy op for gss_nullops that just tears down the cred without trying to destroy the context. The only difference between this patch and the first one is the removal of some minor formatting deltas. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index b8561597f0c8..cb19c9ded1fa 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -693,7 +693,7 @@ gss_destroying_context(struct rpc_cred *cred)
693 struct rpc_task *task; 693 struct rpc_task *task;
694 694
695 if (gss_cred->gc_ctx == NULL || 695 if (gss_cred->gc_ctx == NULL ||
696 test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0) 696 test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
697 return 0; 697 return 0;
698 698
699 gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY; 699 gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
@@ -757,14 +757,12 @@ gss_free_cred_callback(struct rcu_head *head)
757} 757}
758 758
759static void 759static void
760gss_destroy_cred(struct rpc_cred *cred) 760gss_destroy_nullcred(struct rpc_cred *cred)
761{ 761{
762 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base); 762 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
763 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth); 763 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
764 struct gss_cl_ctx *ctx = gss_cred->gc_ctx; 764 struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
765 765
766 if (gss_destroying_context(cred))
767 return;
768 rcu_assign_pointer(gss_cred->gc_ctx, NULL); 766 rcu_assign_pointer(gss_cred->gc_ctx, NULL);
769 call_rcu(&cred->cr_rcu, gss_free_cred_callback); 767 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
770 if (ctx) 768 if (ctx)
@@ -772,6 +770,15 @@ gss_destroy_cred(struct rpc_cred *cred)
772 kref_put(&gss_auth->kref, gss_free_callback); 770 kref_put(&gss_auth->kref, gss_free_callback);
773} 771}
774 772
773static void
774gss_destroy_cred(struct rpc_cred *cred)
775{
776
777 if (gss_destroying_context(cred))
778 return;
779 gss_destroy_nullcred(cred);
780}
781
775/* 782/*
776 * Lookup RPCSEC_GSS cred for the current process 783 * Lookup RPCSEC_GSS cred for the current process
777 */ 784 */
@@ -1324,7 +1331,7 @@ static const struct rpc_credops gss_credops = {
1324 1331
1325static const struct rpc_credops gss_nullops = { 1332static const struct rpc_credops gss_nullops = {
1326 .cr_name = "AUTH_GSS", 1333 .cr_name = "AUTH_GSS",
1327 .crdestroy = gss_destroy_cred, 1334 .crdestroy = gss_destroy_nullcred,
1328 .crbind = rpcauth_generic_bind_cred, 1335 .crbind = rpcauth_generic_bind_cred,
1329 .crmatch = gss_match, 1336 .crmatch = gss_match,
1330 .crmarshal = gss_marshal, 1337 .crmarshal = gss_marshal,