git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 13 Jun 2024 09:19:04 +0000 (11:19 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Tue, 25 Jun 2024 03:32:39 +0000 (03:32 +0000)
commit	bffafaa5273109cea0e3b2a15d7a0b7ae965daa8
tree	c2cf36ac512ed0667f8de62c5f6ba5a8c4af4243	tree \| snapshot
parent	16ac1c2641e8020bb9428ab671c32333c2efe3a1	commit \| diff

LU-17940 gss: get rid of root key sooner

The root key associated with a GSS context (gck_key) is used to pass
information between kernel and userspace during GSS context
negotiation.
Once the GSS context for root is up-to-date, the key is never used
again, although it has a permanent validity. And when the context
expires, the key is directly revoked and replaced with a new one to
serve the negotiation of a new root context.
So to avoid issues with keys staying in the root's kernel keyring and
being accidentally revoked, just get rid of the key associated with a
root context as soon as the negotiation process has finished.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I4be773723b9046ed451684bd141d5ef2bc584bfb
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55406
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>