-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
* Modifications for Lustre
*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*
- * Copyright (c) 2011, Whamcloud, Inc.
+ * Copyright (c) 2011, Intel Corporation.
*
* Author: Eric Mei <ericm@clusterfs.com>
*/
key_t sem_key;
int sem_id;
} lgss_mutexes[LGSS_MUTEX_MAX] = {
- [LGSS_MUTEX_KRB5] = { "keyring", 0x4292d473, 0 },
+ [LGSS_MUTEX_KRB5] = { "keyring", 0x4292d473, 0 },
};
static int lgss_mutex_get(struct lgss_mutex_s *mutex)
****************************************/
/* from kerberos source, gssapi_krb5.c */
-gss_OID_desc krb5oid =
- {9, "\052\206\110\206\367\022\001\002\002"};
-
-gss_OID_desc spkm3oid =
- {7, "\053\006\001\005\005\001\003"};
+gss_OID_desc krb5oid = {
+ .length = 9,
+ .elements = "\052\206\110\206\367\022\001\002\002"
+};
+gss_OID_desc spkm3oid = {
+ .length = 7,
+ .elements = "\053\006\001\005\005\001\003"
+};
+/* null and sk come from IU's oid space */
+gss_OID_desc nulloid = {
+ .length = 12,
+ .elements = "\053\006\001\004\001\311\146\215\126\001\000\000"
+};
+#ifdef HAVE_OPENSSL_SSK
+gss_OID_desc skoid = {
+ .length = 12,
+ .elements = "\053\006\001\004\001\311\146\215\126\001\000\001"
+};
+#endif
/****************************************
* log facilities *
struct lgss_mech_type *lgss_name2mech(const char *mech_name)
{
- if (strcmp(mech_name, "krb5") == 0)
- return &lgss_mech_krb5;
- return NULL;
+ if (strcmp(mech_name, "krb5") == 0)
+ return &lgss_mech_krb5;
+ if (strcmp(mech_name, "gssnull") == 0)
+ return &lgss_mech_null;
+#ifdef HAVE_OPENSSL_SSK
+ if (strcmp(mech_name, "sk") == 0)
+ return &lgss_mech_sk;
+#endif
+ return NULL;
}
int lgss_mech_initialize(struct lgss_mech_type *mech)
void lgss_destroy_cred(struct lgss_cred *cred)
{
- lassert(cred->lc_mech);
+ lassert(cred->lc_mech != NULL);
lassert(cred->lc_mech_cred == NULL);
logmsg(LL_TRACE, "destroying a %s cred at %p\n",
{
struct lgss_mech_type *mech = cred->lc_mech;
- lassert(mech);
+ lassert(mech != NULL);
logmsg(LL_TRACE, "preparing %s cred %p\n", mech->lmt_name, cred);
{
struct lgss_mech_type *mech = cred->lc_mech;
- lassert(mech);
+ lassert(mech != NULL);
logmsg(LL_TRACE, "releasing %s cred %p\n", mech->lmt_name, cred);
if (cred->lc_mech_cred) {
lassert(cred->lc_mech != NULL);
- lassert(cred->lc_mech->lmt_release_cred);
+ lassert(cred->lc_mech->lmt_release_cred != NULL);
cred->lc_mech->lmt_release_cred(cred);
}
{
struct lgss_mech_type *mech = cred->lc_mech;
- lassert(mech);
+ lassert(mech != NULL);
logmsg(LL_TRACE, "using %s cred %p\n", mech->lmt_name, cred);
return 0;
}
+int lgss_validate_cred(struct lgss_cred *cred, gss_buffer_desc *token,
+ gss_buffer_desc *ctx_token)
+{
+ struct lgss_mech_type *mech = cred->lc_mech;
+
+ lassert(mech != NULL);
+
+ logmsg(LL_TRACE, "validate %s cred %p with token %p\n", mech->lmt_name,
+ cred, token);
+
+ if (mech->lmt_validate_cred)
+ return mech->lmt_validate_cred(cred, token, ctx_token);
+
+ return 0;
+}
+
/****************************************
* helper functions *
****************************************/
}
if (lnet_nid2hostname(tgt_nid, namebuf, max_namelen)) {
- logmsg(LL_ERR,"can't resolve hostname from nid %llx\n",tgt_nid);
+ logmsg(LL_ERR, "cannot resolve hostname from nid %"PRIx64"\n",
+ tgt_nid);
return -1;
}