X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Futils%2Fgss%2Fsvcgssd.c;h=f91e6af33a240615c3a1b837b80e8f71b7c25e93;hb=5b468e20ecc0b77460444393d1bb41867d99899d;hp=f3b968163eadb682ec8fff2ceba4377f2d43933f;hpb=d2d56f38da01001c92a09afc6b52b5acbd9bc13c;p=fs%2Flustre-release.git diff --git a/lustre/utils/gss/svcgssd.c b/lustre/utils/gss/svcgssd.c index f3b9681..f91e6af 100644 --- a/lustre/utils/gss/svcgssd.c +++ b/lustre/utils/gss/svcgssd.c @@ -1,41 +1,43 @@ /* - gssd.c - - Copyright (c) 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright (c) 2000 Dug Song . - Copyright (c) 2002 Andy Adamson . - Copyright (c) 2002 Marius Aamodt Eriksen . - Copyright (c) 2002 J. Bruce Fields . - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -*/ + * gssd.c + * + * Copyright (c) 2000 The Regents of the University of Michigan. + * All rights reserved. + * + * Copyright (c) 2000 Dug Song . + * Copyright (c) 2002 Andy Adamson . + * Copyright (c) 2002 Marius Aamodt Eriksen . + * Copyright (c) 2002 J. Bruce Fields . + * + * Copyright (c) 2016, Intel Corporation. + * + * All rights reserved, all wrongs reversed. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ #include "config.h" @@ -46,7 +48,6 @@ #include #include - #include #include #include @@ -58,6 +59,11 @@ #include "gss_util.h" #include "err_util.h" #include "lsupport.h" +#include + +int null_enabled; +int krb_enabled; +int sk_enabled; void closeall(int min) @@ -80,6 +86,7 @@ closeall(int min) (void) close(fd); } } + /* * mydaemon creates a pipe between the partent and child * process. The parent process will wait until the @@ -148,9 +155,10 @@ static void release_parent() { int status; + ssize_t sret __attribute__ ((unused)); if (pipefds[1] > 0) { - write(pipefds[1], &status, 1); + sret = write(pipefds[1], &status, 1); close(pipefds[1]); pipefds[1] = -1; } @@ -174,11 +182,23 @@ sig_hup(int signal) } static void -usage(char *progname) +usage(FILE *fp, char *progname) { - fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r]\n", + fprintf(fp, "usage: %s [ -fnvmogk ]\n", progname); - exit(1); + fprintf(stderr, "-f - Run in foreground\n"); + fprintf(stderr, "-n - Don't establish kerberos credentials\n"); + fprintf(stderr, "-v - Verbosity\n"); + fprintf(stderr, "-m - Service MDS\n"); + fprintf(stderr, "-o - Service OSS\n"); + fprintf(stderr, "-g - Service MGS\n"); + fprintf(stderr, "-k - Enable kerberos support\n"); +#ifdef HAVE_OPENSSL_SSK + fprintf(stderr, "-s - Enable shared secret key support\n"); +#endif + fprintf(stderr, "-z - Enable gssnull support\n"); + + exit(fp == stderr); } int @@ -188,32 +208,53 @@ main(int argc, char *argv[]) int fg = 0; int verbosity = 0; int opt; - int must_srv_mds = 0, must_srv_oss = 0; - extern char *optarg; + int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0; char *progname; - while ((opt = getopt(argc, argv, "fvrnp:")) != -1) { + while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) { switch (opt) { - case 'f': - fg = 1; - break; - case 'n': - get_creds = 0; - break; - case 'v': - verbosity++; - break; - case 'm': - get_creds = 1; - must_srv_mds = 1; - break; - case 'o': - get_creds = 1; - must_srv_oss = 1; - break; - default: - usage(argv[0]); - break; + case 'f': + fg = 1; + break; + case 'n': + get_creds = 0; + break; + case 'v': + verbosity++; + break; + case 'm': + get_creds = 1; + must_srv_mds = 1; + break; + case 'o': + get_creds = 1; + must_srv_oss = 1; + break; + case 'g': + get_creds = 1; + must_srv_mgs = 1; + break; + case 'k': + krb_enabled = 1; + break; + case 'h': + usage(stdout, argv[0]); + break; + case 's': +#ifdef HAVE_OPENSSL_SSK + sk_enabled = 1; +#else + fprintf(stderr, "error: request for SSK but service " + "support not enabled\n"); + usage(stderr, argv[0]); +#endif + break; + case 'z': + null_enabled = 1; + break; + default: + usage(stderr, argv[0]); + break; } } @@ -222,24 +263,40 @@ main(int argc, char *argv[]) else progname = argv[0]; - initerr(progname, verbosity, fg); + if (!sk_enabled && !krb_enabled && !null_enabled) { +#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0) + fprintf(stderr, "warning: no -k, -s, or -z option given, " + "assume -k for backward compatibility\n"); + krb_enabled = 1; +#else + fprintf(stderr, "error: need one of -k, -s, or -z options\n"); + usage(stderr, argv[0]); - if (gssd_check_mechs() != 0) { - printerr(0, "ERROR: Problem with gssapi library\n"); - exit(1); +#endif } + initerr(progname, verbosity, fg); - if (gssd_get_local_realm()) { - printerr(0, "ERROR: Can't get Local Kerberos realm\n"); - exit(1); - } + /* For kerberos use gss mechanisms but ignore for sk and null */ + if (krb_enabled) { + if (gssd_check_mechs()) { + printerr(0, "ERROR: problem with gssapi library\n"); + exit(1); + } + if (gssd_get_local_realm()) { + printerr(0, "ERROR: Can't get Local Kerberos realm\n"); + exit(1); + } - if (get_creds && gssd_prepare_creds(must_srv_mds, must_srv_oss)) { - printerr(0, "unable to obtain root (machine) credentials\n"); - printerr(0, "do you have a keytab entry for " - "nfs/@ in " - "/etc/krb5.keytab?\n"); - exit(1); + if (get_creds && + gssd_prepare_creds(must_srv_mgs, must_srv_mds, + must_srv_oss)) { + printerr(0, "unable to obtain root (machine) " + "credentials\n"); + printerr(0, "do you have a keytab entry for " + "/@ in " + "/etc/krb5.keytab?\n"); + exit(1); + } } if (!fg)