/*
- gssd.c
-
- Copyright (c) 2000 The Regents of the University of Michigan.
- All rights reserved.
-
- Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
- Copyright (c) 2002 Andy Adamson <andros@UMICH.EDU>.
- Copyright (c) 2002 Marius Aamodt Eriksen <marius@UMICH.EDU>.
- Copyright (c) 2002 J. Bruce Fields <bfields@UMICH.EDU>.
- All rights reserved, all wrongs reversed.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- 1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
- 3. Neither the name of the University nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-*/
+ * gssd.c
+ *
+ * Copyright (c) 2000 The Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+ * Copyright (c) 2002 Andy Adamson <andros@UMICH.EDU>.
+ * Copyright (c) 2002 Marius Aamodt Eriksen <marius@UMICH.EDU>.
+ * Copyright (c) 2002 J. Bruce Fields <bfields@UMICH.EDU>.
+ *
+ * Copyright (c) 2016, Intel Corporation.
+ *
+ * All rights reserved, all wrongs reversed.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
#include "config.h"
#include <fcntl.h>
#include <errno.h>
-
#include <unistd.h>
#include <err.h>
#include <stdio.h>
#include "gss_util.h"
#include "err_util.h"
#include "lsupport.h"
+#include <linux/lustre/lustre_ver.h>
+
+int null_enabled;
+int krb_enabled;
+int sk_enabled;
void
closeall(int min)
release_parent()
{
int status;
+ ssize_t sret __attribute__ ((unused));
if (pipefds[1] > 0) {
- write(pipefds[1], &status, 1);
+ sret = write(pipefds[1], &status, 1);
close(pipefds[1]);
pipefds[1] = -1;
}
}
static void
-usage(char *progname)
+usage(FILE *fp, char *progname)
{
- fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-m] [-o]\n",
+ fprintf(fp, "usage: %s [ -fnvmogk ]\n",
progname);
- exit(1);
+ fprintf(stderr, "-f - Run in foreground\n");
+ fprintf(stderr, "-n - Don't establish kerberos credentials\n");
+ fprintf(stderr, "-v - Verbosity\n");
+ fprintf(stderr, "-m - Service MDS\n");
+ fprintf(stderr, "-o - Service OSS\n");
+ fprintf(stderr, "-g - Service MGS\n");
+ fprintf(stderr, "-k - Enable kerberos support\n");
+#ifdef HAVE_OPENSSL_SSK
+ fprintf(stderr, "-s - Enable shared secret key support\n");
+#endif
+ fprintf(stderr, "-z - Enable gssnull support\n");
+
+ exit(fp == stderr);
}
int
int fg = 0;
int verbosity = 0;
int opt;
- int must_srv_mds = 0, must_srv_oss = 0;
- extern char *optarg;
+ int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0;
char *progname;
- while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
+ while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) {
switch (opt) {
- case 'f':
- fg = 1;
- break;
- case 'n':
- get_creds = 0;
- break;
- case 'v':
- verbosity++;
- break;
- case 'm':
- get_creds = 1;
- must_srv_mds = 1;
- break;
- case 'o':
- get_creds = 1;
- must_srv_oss = 1;
- break;
- default:
- usage(argv[0]);
- break;
+ case 'f':
+ fg = 1;
+ break;
+ case 'n':
+ get_creds = 0;
+ break;
+ case 'v':
+ verbosity++;
+ break;
+ case 'm':
+ get_creds = 1;
+ must_srv_mds = 1;
+ break;
+ case 'o':
+ get_creds = 1;
+ must_srv_oss = 1;
+ break;
+ case 'g':
+ get_creds = 1;
+ must_srv_mgs = 1;
+ break;
+ case 'k':
+ krb_enabled = 1;
+ break;
+ case 'h':
+ usage(stdout, argv[0]);
+ break;
+ case 's':
+#ifdef HAVE_OPENSSL_SSK
+ sk_enabled = 1;
+#else
+ fprintf(stderr, "error: request for SSK but service "
+ "support not enabled\n");
+ usage(stderr, argv[0]);
+#endif
+ break;
+ case 'z':
+ null_enabled = 1;
+ break;
+ default:
+ usage(stderr, argv[0]);
+ break;
}
}
else
progname = argv[0];
- initerr(progname, verbosity, fg);
+ if (!sk_enabled && !krb_enabled && !null_enabled) {
+#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0)
+ fprintf(stderr, "warning: no -k, -s, or -z option given, "
+ "assume -k for backward compatibility\n");
+ krb_enabled = 1;
+#else
+ fprintf(stderr, "error: need one of -k, -s, or -z options\n");
+ usage(stderr, argv[0]);
- if (gssd_check_mechs() != 0) {
- printerr(0, "ERROR: Problem with gssapi library\n");
- exit(1);
+#endif
}
+ initerr(progname, verbosity, fg);
- if (gssd_get_local_realm()) {
- printerr(0, "ERROR: Can't get Local Kerberos realm\n");
- exit(1);
- }
-
- if (get_creds && gssd_prepare_creds(must_srv_mds, must_srv_oss)) {
- printerr(0, "unable to obtain root (machine) credentials\n");
- printerr(0, "do you have a keytab entry for "
- "nfs/<your.host>@<YOUR.REALM> in "
- "/etc/krb5.keytab?\n");
- exit(1);
+ /* For kerberos use gss mechanisms but ignore for sk and null */
+ if (krb_enabled) {
+ if (gssd_check_mechs()) {
+ printerr(0, "ERROR: problem with gssapi library\n");
+ exit(1);
+ }
+ if (gssd_get_local_realm()) {
+ printerr(0, "ERROR: Can't get Local Kerberos realm\n");
+ exit(1);
+ }
+
+ if (get_creds &&
+ gssd_prepare_creds(must_srv_mgs, must_srv_mds,
+ must_srv_oss)) {
+ printerr(0, "unable to obtain root (machine) "
+ "credentials\n");
+ printerr(0, "do you have a keytab entry for "
+ "<lustre_xxs>/<your.host>@<YOUR.REALM> in "
+ "/etc/krb5.keytab?\n");
+ exit(1);
+ }
}
if (!fg)