git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 27 Jun 2024 15:20:58 +0000 (17:20 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 17 Jul 2024 15:22:10 +0000 (15:22 +0000)
commit	9ec0e5029602aeda9d51ddab2a58fcd573c772de
tree	973d675486fc6ee861ddfbbb37bc4a7ebd426b60	tree \| snapshot
parent	a0786829fd8b45167f2d2996b7355ca37c9359e7	commit \| diff

LU-17940 gss: get rid of root key in all cases

The root key associated with a GSS context (gck_key) is used to pass
information between kernel and userspace during GSS context
negotiation.
Whether the GSS context negotiation went well or not, the context and
the key used in this process should be unbound once done. And this
should mean unlinking the key but also directly invalidating it
instead of just revoking it, to make sure the key is ignored by all
searches and other operations.
For the same reasons, invalidate the key when the GSS upcall times
out or the context pre-initilization fails.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I8b61d22e942d0dca16b96780889976c3a5f00f6a
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55555
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>