X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Futils%2Fgss%2Flgss_utils.c;h=b87d5d6cde1e1bb2c08518b643aa88a65081d228;hp=9b723a6b96ab28851adca64b060ec5bd070babeb;hb=ce8735993473c1055038f7422350c96b092d707d;hpb=65701b4a30efdb695776bcf690a2b3cabc928da1

diff --git a/lustre/utils/gss/lgss_utils.c b/lustre/utils/gss/lgss_utils.c
index 9b723a6..b87d5d6 100644
--- a/lustre/utils/gss/lgss_utils.c
+++ b/lustre/utils/gss/lgss_utils.c
@@ -1,11 +1,9 @@
-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
  * Modifications for Lustre
  *
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  *
- * Copyright (c) 2011, Whamcloud, Inc.
+ * Copyright (c) 2011, Intel Corporation.
  *
  * Author: Eric Mei <ericm@clusterfs.com>
  */
@@ -118,7 +116,7 @@ static struct lgss_mutex_s {
         key_t           sem_key;
         int             sem_id;
 } lgss_mutexes[LGSS_MUTEX_MAX] = {
-        [LGSS_MUTEX_KRB5]       = { "keyring",  0x4292d473, 0 },
+	[LGSS_MUTEX_KRB5] = { "keyring", 0x4292d473, 0 },
 };
 
 static int lgss_mutex_get(struct lgss_mutex_s *mutex)
@@ -226,11 +224,25 @@ int lgss_mutex_unlock(lgss_mutex_id_t mid)
  ****************************************/
 
 /* from kerberos source, gssapi_krb5.c */
-gss_OID_desc krb5oid =
-        {9, "\052\206\110\206\367\022\001\002\002"};
-
-gss_OID_desc spkm3oid =
-        {7, "\053\006\001\005\005\001\003"};
+gss_OID_desc krb5oid = {
+	.length = 9,
+	.elements = "\052\206\110\206\367\022\001\002\002"
+};
+gss_OID_desc spkm3oid = {
+	.length = 7,
+	.elements = "\053\006\001\005\005\001\003"
+};
+/* null and sk come from IU's oid space */
+gss_OID_desc nulloid = {
+	.length = 12,
+	.elements = "\053\006\001\004\001\311\146\215\126\001\000\000"
+};
+#ifdef HAVE_OPENSSL_SSK
+gss_OID_desc skoid = {
+	.length = 12,
+	.elements = "\053\006\001\004\001\311\146\215\126\001\000\001"
+};
+#endif
 
 /****************************************
  * log facilities                       *
@@ -328,9 +340,15 @@ void __logmsg_gss(loglevel_t level, const char *func, const gss_OID mech,
 
 struct lgss_mech_type *lgss_name2mech(const char *mech_name)
 {
-        if (strcmp(mech_name, "krb5") == 0)
-                return &lgss_mech_krb5;
-        return NULL;
+	if (strcmp(mech_name, "krb5") == 0)
+		return &lgss_mech_krb5;
+	if (strcmp(mech_name, "gssnull") == 0)
+		return &lgss_mech_null;
+#ifdef HAVE_OPENSSL_SSK
+	if (strcmp(mech_name, "sk") == 0)
+		return &lgss_mech_sk;
+#endif
+	return NULL;
 }
 
 int lgss_mech_initialize(struct lgss_mech_type *mech)
@@ -364,7 +382,7 @@ struct lgss_cred * lgss_create_cred(struct lgss_mech_type *mech)
 
 void lgss_destroy_cred(struct lgss_cred *cred)
 {
-        lassert(cred->lc_mech);
+	lassert(cred->lc_mech != NULL);
         lassert(cred->lc_mech_cred == NULL);
 
         logmsg(LL_TRACE, "destroying a %s cred at %p\n",
@@ -376,7 +394,7 @@ int lgss_prepare_cred(struct lgss_cred *cred)
 {
         struct lgss_mech_type   *mech = cred->lc_mech;
 
-        lassert(mech);
+	lassert(mech != NULL);
 
         logmsg(LL_TRACE, "preparing %s cred %p\n", mech->lmt_name, cred);
 
@@ -389,13 +407,13 @@ void lgss_release_cred(struct lgss_cred *cred)
 {
         struct lgss_mech_type   *mech = cred->lc_mech;
 
-        lassert(mech);
+	lassert(mech != NULL);
 
         logmsg(LL_TRACE, "releasing %s cred %p\n", mech->lmt_name, cred);
 
         if (cred->lc_mech_cred) {
                 lassert(cred->lc_mech != NULL);
-                lassert(cred->lc_mech->lmt_release_cred);
+		lassert(cred->lc_mech->lmt_release_cred != NULL);
 
                 cred->lc_mech->lmt_release_cred(cred);
         }
@@ -405,7 +423,7 @@ int lgss_using_cred(struct lgss_cred *cred)
 {
         struct lgss_mech_type   *mech = cred->lc_mech;
 
-        lassert(mech);
+	lassert(mech != NULL);
 
         logmsg(LL_TRACE, "using %s cred %p\n", mech->lmt_name, cred);
 
@@ -414,6 +432,22 @@ int lgss_using_cred(struct lgss_cred *cred)
         return 0;
 }
 
+int lgss_validate_cred(struct lgss_cred *cred, gss_buffer_desc *token,
+		       gss_buffer_desc *ctx_token)
+{
+	struct lgss_mech_type *mech = cred->lc_mech;
+
+	lassert(mech != NULL);
+
+	logmsg(LL_TRACE, "validate %s cred %p with token %p\n", mech->lmt_name,
+	       cred, token);
+
+	if (mech->lmt_validate_cred)
+		return mech->lmt_validate_cred(cred, token, ctx_token);
+
+	return 0;
+}
+
 /****************************************
  * helper functions                     *
  ****************************************/
@@ -432,7 +466,8 @@ int lgss_get_service_str(char **string, uint32_t lsvc, uint64_t tgt_nid)
         }
 
         if (lnet_nid2hostname(tgt_nid, namebuf, max_namelen)) {
-                logmsg(LL_ERR,"can't resolve hostname from nid %llx\n",tgt_nid);
+		logmsg(LL_ERR, "cannot resolve hostname from nid %"PRIx64"\n",
+		       tgt_nid);
                 return -1;
         }