Whamcloud - gitweb
git://git.whamcloud.com / fs / lustre-release.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8571698) | patch
LU-17852 gss: do not use expired reverse gss contexts 27/55127/9
authorSebastien Buisson <sbuisson@ddn.com>
Thu, 16 May 2024 09:58:24 +0000 (11:58 +0200)
committerOleg Drokin <green@whamcloud.com>
Tue, 25 Jun 2024 03:29:22 +0000 (03:29 +0000)
commit3f6cf9107d8a3325d6337593f872977555d82c9f
treed2d838ecb95aa20591da28d3edb9bd539a9ef13ftree | snapshot
parent85716980de7c83a8d8eeb255bf24d9e0a972baf9commit | diff
LU-17852 gss: do not use expired reverse gss contexts

On server side, a reverse context matches a gss context established
on client side. These reverse contexts have a expiration time, and are
replaced with fresh ones when they expire.
So get rid of expired reverse contexts when we find them in the
gsk_clist. And when we look up for a context, do not continue using
the current one if it is expired.

Add sanity-krb5 test_200 to check the expired reverse contexts.

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I11f2d8ab298073f9d5bedff187b67f2ca289ae47
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55127
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
lustre/ptlrpc/gss/gss_keyring.c diff | blob | history
lustre/ptlrpc/gss/gss_svc_upcall.c diff | blob | history
lustre/ptlrpc/gss/sec_gss.c diff | blob | history
lustre/tests/sanity-krb5.sh diff | blob | history
Lustre primary development and releases