git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 4 Jul 2024 15:09:23 +0000 (17:09 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 17 Jul 2024 15:22:35 +0000 (15:22 +0000)
commit	bc740feeaa0b6c4968dbc5e74b9b1dac69c5150a
tree	243f92770947328555e960fd852021c108845f9d	tree \| snapshot
parent	9ec0e5029602aeda9d51ddab2a58fcd573c772de	commit \| diff

LU-17714 gss: support revoked session keyring

In case the session keyring for a regular user has been revoked, the
key ends up being linked to the user session keyring. So we must
detect this case and properly unlink the key from the correct keyring.
This applies to the initial key creation workflow, as well as to the
explicit context flush ('lfs flushctx').

Add sanity-krb5 test_10 to exercise this capability.

Test-Parameters: trivial
Test-Parameters: testgroup=review-dne-selinux-ssk-part-1
Test-Parameters: testgroup=review-dne-selinux-ssk-part-2
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: If96703a2de9a4172613bfbd96e7529b16169cf58
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55627
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Aurelien Degremont <adegremont@nvidia.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history