#include "gss_util.h"
#include "err_util.h"
#include "lsupport.h"
+#include "lustre_ver.h"
+
+int null_enabled;
+int krb_enabled;
+int sk_enabled;
void
closeall(int min)
(void) close(fd);
}
}
+
/*
* mydaemon creates a pipe between the partent and child
* process. The parent process will wait until the
release_parent()
{
int status;
+ ssize_t sret __attribute__ ((unused));
if (pipefds[1] > 0) {
- write(pipefds[1], &status, 1);
+ sret = write(pipefds[1], &status, 1);
close(pipefds[1]);
pipefds[1] = -1;
}
}
static void
-usage(char *progname)
+usage(FILE *fp, char *progname)
{
- fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r]\n",
+ fprintf(fp, "usage: %s [ -fnvmogk ]\n",
progname);
- exit(1);
+ fprintf(stderr, "-f - Run in foreground\n");
+ fprintf(stderr, "-n - Don't establish kerberos credentials\n");
+ fprintf(stderr, "-v - Verbosity\n");
+ fprintf(stderr, "-m - Service MDS\n");
+ fprintf(stderr, "-o - Service OSS\n");
+ fprintf(stderr, "-g - Service MGS\n");
+ fprintf(stderr, "-k - Enable kerberos support\n");
+#ifdef HAVE_OPENSSL_SSK
+ fprintf(stderr, "-s - Enable shared secret key support\n");
+#endif
+ fprintf(stderr, "-z - Enable gssnull support\n");
+
+ exit(fp == stderr);
}
int
int fg = 0;
int verbosity = 0;
int opt;
- int must_srv_mds = 0, must_srv_oss = 0;
- extern char *optarg;
+ int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0;
char *progname;
- while ((opt = getopt(argc, argv, "fvrnp:")) != -1) {
+ while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) {
switch (opt) {
- case 'f':
- fg = 1;
- break;
- case 'n':
- get_creds = 0;
- break;
- case 'v':
- verbosity++;
- break;
- case 'm':
- get_creds = 1;
- must_srv_mds = 1;
- break;
- case 'o':
- get_creds = 1;
- must_srv_oss = 1;
- break;
- default:
- usage(argv[0]);
- break;
+ case 'f':
+ fg = 1;
+ break;
+ case 'n':
+ get_creds = 0;
+ break;
+ case 'v':
+ verbosity++;
+ break;
+ case 'm':
+ get_creds = 1;
+ must_srv_mds = 1;
+ break;
+ case 'o':
+ get_creds = 1;
+ must_srv_oss = 1;
+ break;
+ case 'g':
+ get_creds = 1;
+ must_srv_mgs = 1;
+ break;
+ case 'k':
+ krb_enabled = 1;
+ break;
+ case 'h':
+ usage(stdout, argv[0]);
+ break;
+ case 's':
+#ifdef HAVE_OPENSSL_SSK
+ sk_enabled = 1;
+#else
+ fprintf(stderr, "error: request for SSK but service "
+ "support not enabled\n");
+ usage(stderr, argv[0]);
+#endif
+ break;
+ case 'z':
+ null_enabled = 1;
+ break;
+ default:
+ usage(stderr, argv[0]);
+ break;
}
}
else
progname = argv[0];
- initerr(progname, verbosity, fg);
+ if (!sk_enabled && !krb_enabled && !null_enabled) {
+#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0)
+ fprintf(stderr, "warning: no -k, -s, or -z option given, "
+ "assume -k for backward compatibility\n");
+ krb_enabled = 1;
+#else
+ fprintf(stderr, "error: need one of -k, -s, or -z options\n");
+ usage(stderr, argv[0]);
- if (gssd_check_mechs() != 0) {
- printerr(0, "ERROR: Problem with gssapi library\n");
- exit(1);
+#endif
}
+ initerr(progname, verbosity, fg);
- if (gssd_get_local_realm()) {
- printerr(0, "ERROR: Can't get Local Kerberos realm\n");
- exit(1);
- }
+ /* For kerberos use gss mechanisms but ignore for sk and null */
+ if (krb_enabled) {
+ if (gssd_check_mechs()) {
+ printerr(0, "ERROR: problem with gssapi library\n");
+ exit(1);
+ }
+ if (gssd_get_local_realm()) {
+ printerr(0, "ERROR: Can't get Local Kerberos realm\n");
+ exit(1);
+ }
- if (get_creds && gssd_prepare_creds(must_srv_mds, must_srv_oss)) {
- printerr(0, "unable to obtain root (machine) credentials\n");
- printerr(0, "do you have a keytab entry for "
- "nfs/<your.host>@<YOUR.REALM> in "
- "/etc/krb5.keytab?\n");
- exit(1);
+ if (get_creds &&
+ gssd_prepare_creds(must_srv_mgs, must_srv_mds,
+ must_srv_oss)) {
+ printerr(0, "unable to obtain root (machine) "
+ "credentials\n");
+ printerr(0, "do you have a keytab entry for "
+ "<lustre_xxs>/<your.host>@<YOUR.REALM> in "
+ "/etc/krb5.keytab?\n");
+ exit(1);
+ }
}
if (!fg)