git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 7 Dec 2023 17:07:09 +0000 (18:07 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 3 Jan 2024 03:02:59 +0000 (03:02 +0000)
commit	67acf6047e343a0e35f077c6aed4483a14d2015c
tree	434175f145ce58d2256636510848d0650719fcba	tree \| snapshot
parent	0d5f685d036c32f47cf837c1fb0894a41212898f	commit \| diff

LU-17317 gss: do not continue using expired reverse context

In case a server uses an expired gss context to send a callback
request to a client, it might be that the associated context on
the client has already expired, and been purged from the cache.
This results in a GSS_S_NO_CONTEXT reply.
In this specific scenario, the server must mark its reverse context
as dead. This will lead to destruction of the expired context, and
creation of a new context suitable for further callback requests.

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4af90cd70a3815851ec555ea85b49714c8da4202
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/53375
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/ptlrpc/gss/sec_gss.c		diff \| blob \| history