+ remote = 1;
+ CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set "
+ "as remote by default.\n", client, obd->obd_name);
+ }
+
+ if (remote) {
+ if (!mdt->mdt_opts.mo_oss_capa) {
+ CDEBUG(D_SEC, "client %s -> target %s is set as remote,"
+ " but OSS capabilities are not enabled: %d.\n",
+ client, obd->obd_name, mdt->mdt_opts.mo_oss_capa);
+ RETURN(-EACCES);
+ }
+ } else {
+ if (req->rq_auth_uid == INVALID_UID) {
+ CDEBUG(D_SEC, "client %s -> target %s: user is not "
+ "authenticated!\n", client, obd->obd_name);
+ RETURN(-EACCES);
+ }
+ }
+
+ switch (mdt->mdt_sec_level) {
+ case LUSTRE_SEC_NONE:
+ if (!remote) {
+ mdt_init_sec_none(reply, exp);
+ break;
+ } else {
+ CDEBUG(D_SEC, "client %s -> target %s is set as remote, "
+ "can not run under security level %d.\n",
+ client, obd->obd_name, mdt->mdt_sec_level);
+ RETURN(-EACCES);
+ }
+ case LUSTRE_SEC_REMOTE:
+ if (!remote)
+ mdt_init_sec_none(reply, exp);
+ break;
+ case LUSTRE_SEC_ALL:
+ if (!remote) {
+ reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
+ OBD_CONNECT_RMT_CLIENT_FORCE);
+ if (!mdt->mdt_opts.mo_mds_capa)
+ reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
+ if (!mdt->mdt_opts.mo_oss_capa)
+ reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
+ }
+ break;
+ default:
+ RETURN(-EINVAL);