On Mon, 2012-12-03 at 22:39 +0000, Adamson, Andy wrote:
> On Dec 3, 2012, at 4:06 PM, "Myklebust, Trond" <Trond.Myklebust@xxxxxxxxxx>
> wrote:
> > It seems to me that this code allows me to kill anyone's rpcsec_gss
> > sessions by creating a key with their uid, and then destroying it.
>
> Yes - just proof of concept code. There is a lot to consider.
>
> >
> > One solution is to replace user_instantiate() with something that sets
> > the payload to a value determined by the kernel itself. We'd definitely
> > want to include the uid, but perhaps also add a cookie that is unique to
> > this key (using the idr/ida stuff from include/linux/idr.h ?), and that
> > can be used to distinguish it from keys generated from other processes.
> > If we were to use the same key to label the auth_gss creds, then we
> > could have user_gss_destroy() kill _only_ the auth_gss creds that it
> > spawned.
>
> Yes, killing only the auth it spawned is indeed what we want.
>
> >
> > Ultimately, though, I think we might want to let the user set at least
> > _part_ of the payload to something that might be useful to gssd when it
> > goes looking for credentials. Since the nfslogin and gssd will be
> > shipped as part of the nfs-utils package, it would be nice to allow them
> > to use the gss-ctx key in order to communicate. Interesting information
> > might include the KRB5CCNAME.
>
> Thanks for the good suggestions.
So, I've got a question: Can we replace some of the stuff in the "RFC
Avoid expired credential keys for buffered writes" patch series with
this?
My thinking is that since the user_gss_destroy() has to sync all files
and then invalidate the rpcsec_gss creds, we're pretty much doing the
same thing as in the above RFC patch series. If nfslogin were to tell
the gss-ctx key how long until the kerberos tgt expires, couldn't we
have a work queue job wake up just before the tgt is about to expire,
and simply call user_gss_destroy by revoking the gss-ctx key?
If, on the other hand, the user renews the tgt using nfslogin, then we
could update the gss-ctx key, and defer the work queue job until the new
expirt time.
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
