evin/ms-nfs41-client
3
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fixing tirpc handle of auth_refresh

Browse source 
(a) auth_refresh recursively calls clnt_call() which will call
clnt_vc_call() and will try to acquire a lock on the socket which we have
already acquires. thus a change to see if the thread trying to acquire the
lock is the same holding the lock.

(b) authsspi_fresh() needed to check if we were called to refresh the
context due to the error (ie 2nd argument non-null) and if so, destroy
the old context and then reacquire a new sspi context.

it seems that InitializeSecurityContext() also requires new creds as well
so after initially calling AcquireCreds() we don't need to worry about
refreshing credentials.
This commit is contained in:
Olga Kornievskaia 2010-12-08 18:24:53 -05:00
parent c596742659
commit 35d76cf593
2 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
libtirpc/src/auth_sspi.c
View file

@ -351,8 +351,19 @@ authsspi_refresh(AUTH *auth, void *tmp)
gd = AUTH_PRIVATE(auth); gd = AUTH_PRIVATE(auth);
if (gd->established) if (gd->established && tmp == NULL)
return (TRUE); return (TRUE);
else if (tmp) {
log_debug("trying to refresh credentials\n");
DeleteSecurityContext(&gd->ctx);
sspi_release_buffer(&gd->gc.gc_ctx);
SecInvalidateHandle(&gd->ctx);
mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
gd->gc_wire_verf.value = NULL;
gd->gc_wire_verf.length = 0;
gd->established = FALSE;
gd->gc.gc_proc = RPCSEC_SSPI_INIT;
}
/* GSS context establishment loop. */ /* GSS context establishment loop. */
memset(&gr, 0, sizeof(gr)); memset(&gr, 0, sizeof(gr));

10
libtirpc/src/clnt_vc.c
View file

@ -159,9 +159,10 @@ static cond_t *vc_cv;
#define acquire_fd_lock(fd) { \ #define acquire_fd_lock(fd) { \
mutex_lock(&clnt_fd_lock); \ mutex_lock(&clnt_fd_lock); \
while (vc_fd_locks[WINSOCK_HANDLE_HASH(fd)]) \ while (vc_fd_locks[WINSOCK_HANDLE_HASH(fd)] && \
vc_fd_locks[WINSOCK_HANDLE_HASH(fd)] != GetCurrentThreadId()) \
cond_wait(&vc_cv[WINSOCK_HANDLE_HASH(fd)], &clnt_fd_lock); \ cond_wait(&vc_cv[WINSOCK_HANDLE_HASH(fd)], &clnt_fd_lock); \
vc_fd_locks[WINSOCK_HANDLE_HASH(fd)] = 1; \ vc_fd_locks[WINSOCK_HANDLE_HASH(fd)] = GetCurrentThreadId(); \
mutex_unlock(&clnt_fd_lock); \ mutex_unlock(&clnt_fd_lock); \
} }
@ -554,10 +555,11 @@ call_again:
while (TRUE) { while (TRUE) {
mutex_lock(&clnt_fd_lock); mutex_lock(&clnt_fd_lock);
while (vc_fd_locks[WINSOCK_HANDLE_HASH(ct->ct_fd)] || while ((vc_fd_locks[WINSOCK_HANDLE_HASH(ct->ct_fd)] &&
vc_fd_locks[WINSOCK_HANDLE_HASH(ct->ct_fd)] != GetCurrentThreadId()) ||
(ct->reply_msg.rm_xid && ct->reply_msg.rm_xid != x_id)) (ct->reply_msg.rm_xid && ct->reply_msg.rm_xid != x_id))
cond_wait(&vc_cv[WINSOCK_HANDLE_HASH(ct->ct_fd)], &clnt_fd_lock); cond_wait(&vc_cv[WINSOCK_HANDLE_HASH(ct->ct_fd)], &clnt_fd_lock);
vc_fd_locks[WINSOCK_HANDLE_HASH(ct->ct_fd)] = 1; vc_fd_locks[WINSOCK_HANDLE_HASH(ct->ct_fd)] = GetCurrentThreadId();
mutex_unlock(&clnt_fd_lock); mutex_unlock(&clnt_fd_lock);
xdrs->x_op = XDR_DECODE; xdrs->x_op = XDR_DECODE;