SUNRPC handle EKEYEXPIRED in call_refreshresult
Currently, when an RPCSEC_GSS context has expired or is non-existent and the users (Kerberos) credentials have also expired or are non-existent, the client receives the -EKEYEXPIRED error and tries to refresh the context forever. If an application is performing I/O, or other work against the share, the application hangs, and the user is not prompted to refresh/establish their credentials. This can result in a denial of service for other users. Users are expected to manage their Kerberos credential lifetimes to mitigate this issue. Move the -EKEYEXPIRED handling into the RPC layer. Try tk_cred_retry number of times to refresh the gss_context, and then return -EACCES to the application. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Andy Adamson
committed by
Trond Myklebust
Trond Myklebust
parent
620038f6d2
commit
eb96d5c97b
@@ -46,39 +46,6 @@
|
||||
|
||||
#define NFSDBG_FACILITY NFSDBG_PROC
|
||||
|
||||
/*
|
||||
* wrapper to handle the -EKEYEXPIRED error message. This should generally
|
||||
* only happen if using krb5 auth and a user's TGT expires. NFSv2 doesn't
|
||||
* support the NFSERR_JUKEBOX error code, but we handle this situation in the
|
||||
* same way that we handle that error with NFSv3.
|
||||
*/
|
||||
static int
|
||||
nfs_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
|
||||
{
|
||||
int res;
|
||||
do {
|
||||
res = rpc_call_sync(clnt, msg, flags);
|
||||
if (res != -EKEYEXPIRED)
|
||||
break;
|
||||
freezable_schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
|
||||
res = -ERESTARTSYS;
|
||||
} while (!fatal_signal_pending(current));
|
||||
return res;
|
||||
}
|
||||
|
||||
#define rpc_call_sync(clnt, msg, flags) nfs_rpc_wrapper(clnt, msg, flags)
|
||||
|
||||
static int
|
||||
nfs_async_handle_expired_key(struct rpc_task *task)
|
||||
{
|
||||
if (task->tk_status != -EKEYEXPIRED)
|
||||
return 0;
|
||||
task->tk_status = 0;
|
||||
rpc_restart_call(task);
|
||||
rpc_delay(task, NFS_JUKEBOX_RETRY_TIME);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Bare-bones access to getattr: this is for nfs_read_super.
|
||||
*/
|
||||
@@ -364,8 +331,6 @@ static void nfs_proc_unlink_rpc_prepare(struct rpc_task *task, struct nfs_unlink
|
||||
|
||||
static int nfs_proc_unlink_done(struct rpc_task *task, struct inode *dir)
|
||||
{
|
||||
if (nfs_async_handle_expired_key(task))
|
||||
return 0;
|
||||
nfs_mark_for_revalidate(dir);
|
||||
return 1;
|
||||
}
|
||||
@@ -385,8 +350,6 @@ static int
|
||||
nfs_proc_rename_done(struct rpc_task *task, struct inode *old_dir,
|
||||
struct inode *new_dir)
|
||||
{
|
||||
if (nfs_async_handle_expired_key(task))
|
||||
return 0;
|
||||
nfs_mark_for_revalidate(old_dir);
|
||||
nfs_mark_for_revalidate(new_dir);
|
||||
return 1;
|
||||
@@ -642,9 +605,6 @@ static int nfs_read_done(struct rpc_task *task, struct nfs_read_data *data)
|
||||
{
|
||||
struct inode *inode = data->header->inode;
|
||||
|
||||
if (nfs_async_handle_expired_key(task))
|
||||
return -EAGAIN;
|
||||
|
||||
nfs_invalidate_atime(inode);
|
||||
if (task->tk_status >= 0) {
|
||||
nfs_refresh_inode(inode, data->res.fattr);
|
||||
@@ -671,9 +631,6 @@ static int nfs_write_done(struct rpc_task *task, struct nfs_write_data *data)
|
||||
{
|
||||
struct inode *inode = data->header->inode;
|
||||
|
||||
if (nfs_async_handle_expired_key(task))
|
||||
return -EAGAIN;
|
||||
|
||||
if (task->tk_status >= 0)
|
||||
nfs_post_op_update_inode_force_wcc(inode, data->res.fattr);
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user