From: Simon Wilkinson Date: Sun, 7 Feb 2010 14:15:26 +0000 (+0100) Subject: Make unixuser's vid advisory X-Git-Tag: upstream/1.8.0_pre1^2~4892 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=ba1d050c6e8c9593dfa3d914f9d24e2bd985abe0;p=packages%2Fo%2Fopenafs.git Make unixuser's vid advisory The 'vid' element of the unixuser structure was performing two functions. It was used in debug messages to clarify which user's token had expired and, in a few locations, to signify whether the user had tokens or not. This patch removes this dual usage. 'vid' is renamed to viceId, so all uses are found and fixed. Where it is used for debugging, it remains, but we only set the viceId for a user when we first use an rxkad token on that context. Other uses of 'vid' have been replaced with tests against the UHasTokens flag in the user's states. Change-Id: Ifc0306a34fb7360810c792215e55e783f1dd062c Reviewed-on: http://gerrit.openafs.org/2581 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- diff --git a/src/afs/IRIX/osi_idbg.c b/src/afs/IRIX/osi_idbg.c index 5d9b683a4..89d021cba 100644 --- a/src/afs/IRIX/osi_idbg.c +++ b/src/afs/IRIX/osi_idbg.c @@ -141,7 +141,7 @@ idbg_pruser(struct unixuser *tu) token = afs_FindToken(tu->tokens, RX_SECIDX_KAD); qprintf("@0x%x nxt 0x%x uid %d (0x%x) cell 0x%x vid 0x%x ref %d\n", tu, - tu->next, tu->uid, tu->uid, tu->cell, tu->vid, tu->refCount); + tu->next, tu->uid, tu->uid, tu->cell, tu->viceId, tu->refCount); qprintf("time %dRX_SECIDX_KADstLen %d stp 0x%x exp 0x%x ", tu->tokenTime, (token != NULL)?token->rxkad.ticketLen:0, (token != NULL)?token->rxkad.ticket:NULL, @@ -150,7 +150,7 @@ idbg_pruser(struct unixuser *tu) qprintf("\n"); qprintf("ClearToken: handle 0x%x ViceID 0x%x Btime %d Etime %d\n", (token != NULL)?token->rxkad.clearToken.AuthHandle:0, - tu->vid, + tu->viceId, (token != NULL)?token->rxkad.clearToken.BeginTimestamp:0, (token != NULL)?token->rxkad.clearToken.EndTimestamp:0); } diff --git a/src/afs/LINUX/osi_proc.c b/src/afs/LINUX/osi_proc.c index ee9accf3b..140a99051 100644 --- a/src/afs/LINUX/osi_proc.c +++ b/src/afs/LINUX/osi_proc.c @@ -196,7 +196,7 @@ static int uu_show(struct seq_file *m, void *p) } seq_printf(m, "%10d %4d %04x %-25s %10d", - tu->uid, tu->refCount, tu->states, cellname, tu->vid); + tu->uid, tu->refCount, tu->states, cellname, tu->viceId); if (tc) afs_PutCell(tc, READ_LOCK); diff --git a/src/afs/LINUX24/osi_proc.c b/src/afs/LINUX24/osi_proc.c index a77766e3b..4e485ff01 100644 --- a/src/afs/LINUX24/osi_proc.c +++ b/src/afs/LINUX24/osi_proc.c @@ -192,7 +192,7 @@ static int uu_show(struct seq_file *m, void *p) } seq_printf(m, "%10d %4d %04x %-25s %10d", - tu->uid, tu->refCount, tu->states, cellname, tu->vid); + tu->uid, tu->refCount, tu->states, cellname, tu->viceId); if (tc) afs_PutCell(tc, READ_LOCK); diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c index eabcfebe2..ae790cfba 100644 --- a/src/afs/VNOPS/afs_vnop_access.c +++ b/src/afs/VNOPS/afs_vnop_access.c @@ -79,8 +79,7 @@ afs_GetAccessBits(struct vcache *avc, afs_int32 arights, if (!tu) { return (arights & avc->f.anyAccess); } - if ((tu->vid == UNDEFVID) || !(tu->states & UHasTokens) - || (tu->states & UTokensBad)) { + if (!(tu->states & UHasTokens) || (tu->states & UTokensBad)) { afs_PutUser(tu, READ_LOCK); return (arights & avc->f.anyAccess); } else { diff --git a/src/afs/afs.h b/src/afs/afs.h index 064ba2b20..f1285bc0c 100644 --- a/src/afs/afs.h +++ b/src/afs/afs.h @@ -357,7 +357,7 @@ struct unixuser { struct unixuser *next; /* next hash pointer */ afs_int32 uid; /* search based on uid and cell */ afs_int32 cell; - afs_int32 vid; /* corresponding vice id in specified cell */ + afs_int32 viceId; /* Optional viced ID corresponding to current tokens */ short refCount; /* reference count for allocation */ char states; /* flag info */ afs_int32 tokenTime; /* last time tokens were set, used for timing out conn data */ diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c index 1834e6d88..22b36e75a 100644 --- a/src/afs/afs_analyze.c +++ b/src/afs/afs_analyze.c @@ -545,7 +545,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode, afs_NotifyUser(tu, UTokensDropped); afs_warnuser ("afs: Tokens for user of AFS id %d for cell %s have expired (server %d.%d.%d.%d)\n", - tu->vid, aconn->srvr->server->cell->cellName, + tu->viceId, aconn->srvr->server->cell->cellName, (address >> 24), (address >> 16) & 0xff, (address >> 8) & 0xff, (address) & 0xff); } else { @@ -555,7 +555,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode, if (serversleft) { afs_warnuser ("afs: Tokens for user of AFS id %d for cell %s: rxkad error=%d (server %d.%d.%d.%d)\n", - tu->vid, aconn->srvr->server->cell->cellName, acode, + tu->viceId, aconn->srvr->server->cell->cellName, acode, (address >> 24), (address >> 16) & 0xff, (address >> 8) & 0xff, (address) & 0xff); shouldRetry = 1; @@ -566,7 +566,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode, afs_NotifyUser(tu, UTokensDropped); afs_warnuser ("afs: Tokens for user of AFS id %d for cell %s are discarded (rxkad error=%d, server %d.%d.%d.%d)\n", - tu->vid, aconn->srvr->server->cell->cellName, acode, + tu->viceId, aconn->srvr->server->cell->cellName, acode, (address >> 24), (address >> 16) & 0xff, (address >> 8) & 0xff, (address) & 0xff); } diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c index e725bb1fd..919d029b8 100644 --- a/src/afs/afs_conn.c +++ b/src/afs/afs_conn.c @@ -72,7 +72,7 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel) union tokenUnion *token; /* Do we have tokens ? */ - if (conn->user->vid != UNDEFVID) { + if (conn->user->states & UHasTokens) { token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD); if (token) { *secLevel = RX_SECIDX_KAD; @@ -83,6 +83,8 @@ afs_pickSecurityObject(struct afs_conn *conn, int *secLevel) token->rxkad.clearToken.HandShakeKey, token->rxkad.clearToken.AuthHandle, token->rxkad.ticketLen, token->rxkad.ticket); + /* We're going to use this token, so populate the viced */ + conn->user->viceId = token->rxkad.clearToken.ViceId; } } if (secObj == NULL) { @@ -269,7 +271,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell, if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) { tc->forceConnectFS = 1; /* force recreation of connection */ } - tu->vid = UNDEFVID; /* forcibly disconnect the authentication info */ + tu->states &= ~UHasTokens; /* remove the authentication info */ } if (tc->forceConnectFS) { @@ -308,7 +310,7 @@ afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell, * Will need to be revisited if/when CB gets security. */ if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) && - (tu->vid == UNDEFVID)) + (tu->viceId == UNDEFVID)) rx_SetConnSecondsUntilNatPing(tc->id, 20); tc->forceConnectFS = 0; /* apparently we're appropriately connected now */ diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c index bfb4f6b8c..612a97366 100644 --- a/src/afs/afs_nfsclnt.c +++ b/src/afs/afs_nfsclnt.c @@ -399,7 +399,7 @@ afs_nfsclient_getcreds(struct unixuser *au) token->clearToken.EndTimestamp = tcred->ct.EndTimestamp; /* Set everything else, reset connections, and move on. */ - tu->vid = tcred->vid; + tu->viceId = tcred->vid; tu->states |= UHasTokens; tu->states &= ~UTokensBad; afs_SetPrimary(tu, !!(tcred->states & UPrimary)); diff --git a/src/afs/afs_pag_cred.c b/src/afs/afs_pag_cred.c index 4da747f5f..3a0c2c52e 100644 --- a/src/afs/afs_pag_cred.c +++ b/src/afs/afs_pag_cred.c @@ -108,8 +108,8 @@ afspag_PUnlog(char *ain, afs_int32 ainSize, afs_ucred_t **acred) ObtainWriteLock(&afs_xuser, 823); for (tu = afs_users[i]; tu; tu = tu->next) { if (tu->uid == uid) { - tu->vid = UNDEFVID; tu->states &= ~UHasTokens; + tu->viceId = UNDEFVID; afs_FreeTokens(&tu->tokens); #ifdef UKERNEL /* set the expire times to 0, causes @@ -191,7 +191,6 @@ afspag_PSetTokens(char *ain, afs_int32 ainSize, afs_ucred_t **acred) tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK); if (!tu->cellinfo) tu->cellinfo = (void *)tcell; - tu->vid = clear.ViceId; afs_FreeTokens(&tu->tokens); afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear); #ifndef AFS_NOSTATS @@ -259,7 +258,7 @@ SPAGCB_GetCreds(struct rx_call *a_call, afs_int32 a_uid, token = afs_FindToken(tu->tokens, RX_SECIDX_KAD); tci = &a_creds->CredInfos_val[i]; - tci->vid = tu->vid; + tci->vid = token->rxkad.clearToken.ViceId; tci->ct.AuthHandle = token->rxkad.clearToken.AuthHandle; memcpy(tci->ct.HandShakeKey, token->rxkad.clearToken.HandShakeKey, 8); diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index 48b7130d7..ae5488bd6 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -1873,7 +1873,6 @@ DECL_PIOCTL(PSetTokens) } /* now we just set the tokens */ tu = afs_GetUser(areq->uid, i, WRITE_LOCK); /* i has the cell # */ - tu->vid = clear.ViceId; /* Set tokens destroys any that are already there */ afs_FreeTokens(&tu->tokens); afs_AddRxkadToken(&tu->tokens, stp, stLen, &clear); @@ -2278,7 +2277,7 @@ DECL_PIOCTL(PGetTokens) if (!tu) { return EDOM; } - if (((tu->states & UHasTokens) == 0) + if (!(tu->states & UHasTokens) || !afs_HasUsableTokens(tu->tokens, osi_Time())) { tu->states |= (UTokensBad | UNeedsReset); afs_NotifyUser(tu, UTokensDropped); @@ -2358,7 +2357,6 @@ DECL_PIOCTL(PUnlog) ObtainWriteLock(&afs_xuser, 227); for (tu = afs_users[i]; tu; tu = tu->next) { if (tu->uid == areq->uid) { - tu->vid = UNDEFVID; tu->states &= ~UHasTokens; afs_FreeTokens(&tu->tokens); tu->refCount++; @@ -5234,7 +5232,6 @@ DECL_PIOCTL(PNFSNukeCreds) for (i = 0; i < NUSERS; i++) { for (tu = afs_users[i]; tu; tu = tu->next) { if (tu->exporter && EXP_CHECKHOST(tu->exporter, addr)) { - tu->vid = UNDEFVID; tu->states &= ~UHasTokens; afs_FreeTokens(&tu->tokens); tu->refCount++; diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c index 7da47d056..f53ef928c 100644 --- a/src/afs/afs_user.c +++ b/src/afs/afs_user.c @@ -115,7 +115,7 @@ afs_GCUserData(int aforce) delFlag = 0; /* should we delete this dude? */ /* Don't garbage collect users in use now (refCount) */ if (tu->refCount == 0) { - if (tu->states & UHasTokens) { + if (tu->tokens) { /* Need to walk the token stack, and dispose of * all expired tokens */ afs_DiscardExpiredTokens(&tu->tokens, now); @@ -178,18 +178,12 @@ afs_CheckTokenCache(void) * If tokens are still good and user has Kerberos tickets, * check expiration */ - if (!(tu->states & UTokensBad) && tu->vid != UNDEFVID) { + if ((tu->states & UHasTokens) && !(tu->states & UTokensBad)) { if (!afs_HasUsableTokens(tu->tokens, now)) { /* * This token has expired, warn users and reset access * cache. */ -#ifdef notdef - /* I really hate this message - MLK */ - afs_warn - ("afs: Tokens for user of AFS id %d for cell %s expired now\n", - tu->vid, afs_GetCell(tu->cell)->cellName); -#endif tu->states |= (UTokensBad | UNeedsReset); } } @@ -202,7 +196,6 @@ afs_CheckTokenCache(void) } ReleaseReadLock(&afs_xuser); ReleaseReadLock(&afs_xvcache); - } /*afs_CheckTokenCache */ @@ -352,7 +345,7 @@ afs_ComputePAGStats(void) * We've found a previously-uncounted PAG. If it's been deleted * but just not garbage-collected yet, we step over it. */ - if (currPAGP->vid == UNDEFVID) + if (!(currPAGP->states & UHasTokens)) continue; /* @@ -495,7 +488,7 @@ afs_GetUser(afs_int32 auid, afs_int32 acell, afs_int32 locktype) } tu->uid = auid; tu->cell = acell; - tu->vid = UNDEFVID; + tu->viceId = UNDEFVID; tu->refCount = 1; tu->tokenTime = osi_Time(); ReleaseWriteLock(&afs_xuser);