LU-9073 gss: remove newer kernel support

[fs/lustre-release.git] / lustre / utils / gss / sk_utils.c

diff --git a/lustre/utils/gss/sk_utils.c b/lustre/utils/gss/sk_utils.c
index 382fc9f..c25a8eb 100644 (file)
--- a/lustre/utils/gss/sk_utils.c
+++ b/lustre/utils/gss/sk_utils.c
@@ -22,6 +22,8 @@
 /*
  * Copyright (C) 2015, Trustees of Indiana University
  *
+ * Copyright (c) 2016, Intel Corporation.
+ *
  * Author: Jeremy Filizetti <jfilizet@iu.edu>
  */
 
@@ -109,14 +111,22 @@ struct sk_keyfile_config *sk_read_file(char *filename)
 
        /* allow standard input override */
        if (strcmp(filename, "-") == 0)
-               fd = dup(STDIN_FILENO);
+               fd = STDIN_FILENO;
        else
                fd = open(filename, O_RDONLY);
 
        if (fd == -1) {
-               printerr(0, "Error opening file %s: %s\n", filename,
+               printerr(0, "Error opening key file '%s': %s\n", filename,
                         strerror(errno));
                goto out_free;
+       } else if (fd != STDIN_FILENO) {
+               struct stat st;
+
+               rc = fstat(fd, &st);
+               if (rc == 0 && (st.st_mode & ~(S_IFREG | 0600)))
+                       fprintf(stderr, "warning: "
+                               "secret key '%s' has insecure file mode %#o\n",
+                               filename, st.st_mode);
        }
 
        ptr = (char *)config;
@@ -138,7 +148,8 @@ struct sk_keyfile_config *sk_read_file(char *filename)
                remain -= rc;
        }
 
-       close(fd);
+       if (fd != STDIN_FILENO)
+               close(fd);
        sk_config_disk_to_cpu(config);
        return config;
 
@@ -993,8 +1004,10 @@ int sk_kdf(gss_buffer_desc *derived_key , gss_buffer_desc *origin_key,
                        return rc;
                }
 
-               LASSERT(sk_hmac_types[hmac_alg].sht_bytes ==
-                       tmp_hash.length);
+               if (sk_hmac_types[hmac_alg].sht_bytes != tmp_hash.length) {
+                       free(tmp_hash.value);
+                       return -EINVAL;
+               }
 
                bytes = (remain < tmp_hash.length) ? remain : tmp_hash.length;
                memcpy(keydata, tmp_hash.value, bytes);