In current code, Linux keyring errors, when using GSS Kerberos,
are all masked under a generic ECONNREFUSED error. That makes
it hard to understand the root cause of the problem
for the I/O caller.
Update the code to propagate errors from request_key() up to
the application.
struct ptlrpc_cli_ctx * gss_sec_lookup_ctx_kr(...) is modified
to now returns a NULL pointer or -errval. This is tested by callers
and propagated. NULL values are still converted to ECONNREFUSED.
Test-Parameters: trivial
Test-Parameters: kerberos=true testlist=sanity-krb5
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Change-Id: I13792f141a961036bc9f7629a4a2db692e245c41
Signed-off-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54296
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
}
}
+/**
+ * \retval a valid context on success
+ * \retval -ev error number or NULL on error
+ */
static
struct ptlrpc_cli_ctx * gss_sec_lookup_ctx_kr(struct ptlrpc_sec *sec,
struct vfs_cred *vcred,
OBD_FREE(coinfo, coinfo_size);
if (IS_ERR(key)) {
- CERROR("failed request key: %ld\n", PTR_ERR(key));
+ CERROR("%s: request key failed for uid %d: rc = %ld\n",
+ imp->imp_obd->obd_name, vcred->vc_uid,
+ PTR_ERR(key));
+ ctx = ERR_CAST(key);
goto out;
}
CDEBUG(D_SEC, "obtained key %08x for %s\n", key->serial, desc);
sptlrpc_sec_put(sec);
if (!req->rq_cli_ctx) {
- CERROR("req %p: fail to get context\n", req);
- RETURN(-ECONNREFUSED);
+ rc = -ECONNREFUSED;
+ } else if (IS_ERR(req->rq_cli_ctx)) {
+ rc = PTR_ERR(req->rq_cli_ctx);
+ req->rq_cli_ctx = NULL;
}
- RETURN(0);
+ if (rc)
+ CERROR("%s: fail to get context for req %p: rc = %d\n",
+ imp->imp_obd->obd_name, req, rc);
+
+ RETURN(rc);
}
/**
sec = sptlrpc_import_sec_ref(imp);
if (sec) {
ctx = get_my_ctx(sec);
+ if (IS_ERR(ctx))
+ ctx = NULL;
sptlrpc_sec_put(sec);
}
ctx = get_my_ctx(sec);
sptlrpc_sec_put(sec);
- if (!ctx)
+ if (IS_ERR(ctx))
+ RETURN(PTR_ERR(ctx));
+ else if (!ctx)
RETURN(-ENOMEM);
if (cli_ctx_is_eternal(ctx) ||