LU-3289 gss: Change the handling of keys for SK

Servers were automatically loading keys of the client type to allow
server to server communication to work by only including a path
to the --skpath option of mount.lustre.  However, this has multiple
issues due to ordering with multiple keys and can be unpredictable.
Instead keys that will be used for server to server communication
must be loaded manually or by a pre-mount script using lgss_sk
and specifiying the client type.

In addition client's should only load a single key with --skpath so
a check is added to not allow directories on the client.

Signed-off-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Change-Id: I239753fa1a2bff19bed598e6d2a073e8567d1002
Reviewed-on: http://review.whamcloud.com/22626
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/utils/mount_utils.c b/lustre/utils/mount_utils.c
index ec353f1..3ee400d 100644 (file)
--- a/lustre/utils/mount_utils.c
+++ b/lustre/utils/mount_utils.c
@@ -887,15 +887,6 @@ int load_shared_keys(struct mount_opts *mop)
        int type = 0;
        int rc;
 
-       if (IS_SERVER(&mop->mo_ldd)) {
-               if (IS_MGS(&mop->mo_ldd))
-                       type |= SK_TYPE_MGS;
-               if (IS_MDT(&mop->mo_ldd) || IS_OST(&mop->mo_ldd))
-                       type |= SK_TYPE_SERVER | SK_TYPE_CLIENT;
-       } else {
-               type |= SK_TYPE_CLIENT;
-       }
-
        /* init logging */
        sk_init_logging(NULL, 1, 1);
 
@@ -906,6 +897,20 @@ int load_shared_keys(struct mount_opts *mop)
                return -errno;
        }
 
+       if (IS_SERVER(&mop->mo_ldd)) {
+               if (IS_MGS(&mop->mo_ldd))
+                       type |= SK_TYPE_MGS;
+               if (IS_MDT(&mop->mo_ldd) || IS_OST(&mop->mo_ldd))
+                       type |= SK_TYPE_SERVER;
+       } else {
+               type |= SK_TYPE_CLIENT;
+               if (!S_ISREG(sbuf.st_mode)) {
+                       fprintf(stderr, "Invalid shared key path, must be a "
+                               "file for client mounts: %s\n", path);
+                       return -EINVAL;
+               }
+       }
+
        /* Load individual keys or a directory of them */
        if (S_ISREG(sbuf.st_mode)) {
                return sk_load_keyfile(path, type);