git://git.whamcloud.com - fs/lustre-release.git/commit

author	Aurelien Degremont <adegremont@nvidia.com>
	Tue, 5 Mar 2024 08:29:23 +0000 (09:29 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Sat, 23 Mar 2024 05:59:00 +0000 (05:59 +0000)
commit	cd8625792f10d51fceca4717544ff8016609c3be
tree	60526379df43ab4a120a9ac12c8429c7e095f04d	tree \| snapshot
parent	193b21cad5a43b7f37ba67a7b7299564f0f68eef	commit \| diff

LU-17612 sec: return keyring errors to userspace

In current code, Linux keyring errors, when using GSS Kerberos,
are all masked under a generic ECONNREFUSED error. That makes
it hard to understand the root cause of the problem
for the I/O caller.

Update the code to propagate errors from request_key() up to
the application.

struct ptlrpc_cli_ctx * gss_sec_lookup_ctx_kr(...) is modified
to now returns a NULL pointer or -errval. This is tested by callers
and propagated. NULL values are still converted to ECONNREFUSED.

Test-Parameters: trivial
Test-Parameters: kerberos=true testlist=sanity-krb5
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Change-Id: I13792f141a961036bc9f7629a4a2db692e245c41
Signed-off-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54296
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>

lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/ptlrpc/sec.c		diff \| blob \| history