git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Wed, 19 Jun 2024 14:15:43 +0000 (16:15 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Mon, 9 Dec 2024 06:06:46 +0000 (06:06 +0000)
commit	3b04d6ac1dee426cbdf507ba8d3c7e0ec593f114
tree	2bfc8b42ff07bba8447ea7f0c8009b22cb388f56	tree \| snapshot
parent	e826e8bb77bffce346f570ea5348fa0762c792d6	commit \| diff

LU-17961 sec: add server_upcall rbac role

The purpose of the new server_upcall rbac role is to control whether
clients use the server side defined identity upcall. When set, clients
do comply with the server side identity upcall. When not set, clients
are leveraging the special INTERNAL identity upcall, which means
servers trust supplementary groups as provided by the clients.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I01dcedad5da0e175aa7b8d187f2affd34d933e39
Was-Change-Id: I39a69904ce4709eacf6f08173d3cfe42e247b5bd
Reviewed-by: Lai Siyao <lai.siyao@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55475
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/doc/lctl-nodemap-modify.8		diff \| blob \| history
lustre/include/lustre_nodemap.h		diff \| blob \| history
lustre/include/md_object.h		diff \| blob \| history
lustre/include/uapi/linux/lustre/lustre_idl.h		diff \| blob \| history
lustre/mdt/mdt_coordinator.c		diff \| blob \| history
lustre/mdt/mdt_handler.c		diff \| blob \| history
lustre/mdt/mdt_lib.c		diff \| blob \| history
lustre/mdt/mdt_restripe.c		diff \| blob \| history
lustre/obdecho/echo_client.c		diff \| blob \| history
lustre/ptlrpc/wiretest.c		diff \| blob \| history
lustre/tests/sanity-sec.sh		diff \| blob \| history
lustre/utils/wirecheck.c		diff \| blob \| history
lustre/utils/wiretest.c		diff \| blob \| history