else
return -1;
- if (lgss_krb5_strcmp(krb5_princ_name(ctx, princ), princ_name)) {
+ if (lgss_krb5_strcmp(krb5_princ_name(ctx, princ), princ_name) &&
+ (strcmp(princ_name, LGSS_USR_ROOT_STR) ||
+ lgss_krb5_strcmp(krb5_princ_name(ctx, princ), LGSS_SVC_HOST_STR))) {
logmsg(LL_WARN, "%.*s: we expect %s instead\n",
krb5_princ_name(ctx, princ)->length,
krb5_princ_name(ctx, princ)->data,
princname = krb5_princ_name(ctx, kte.principal);
if ((root_flags & LGSS_ROOT_CRED_ROOT) != 0 &&
- lgss_krb5_strcmp(princname, LGSS_USR_ROOT_STR) == 0) {
+ (!lgss_krb5_strcmp(princname, LGSS_USR_ROOT_STR) ||
+ !lgss_krb5_strcmp(princname, LGSS_SVC_HOST_STR))) {
flag = LGSS_ROOT_CRED_ROOT;
} else if ((root_flags & LGSS_ROOT_CRED_MDT) != 0 &&
- lgss_krb5_strcmp(princname, LGSS_SVC_MDS_STR) == 0) {
+ !lgss_krb5_strcmp(princname, LGSS_SVC_MDS_STR)) {
flag = LGSS_ROOT_CRED_MDT;
} else if ((root_flags & LGSS_ROOT_CRED_OST) != 0 &&
- lgss_krb5_strcmp(princname, LGSS_SVC_OSS_STR) == 0) {
+ !lgss_krb5_strcmp(princname, LGSS_SVC_OSS_STR)) {
flag = LGSS_ROOT_CRED_OST;
} else {
logmsg(LL_TRACE, "not what we want, skip\n");
#define GSSD_SERVICE_MGS "lustre_mgs"
#define GSSD_SERVICE_MDS "lustre_mds"
#define GSSD_SERVICE_OSS "lustre_oss"
+#define GSSD_SERVICE_HOST "host"
#define LUSTRE_ROOT_NAME "lustre_root"
-#define LUSTRE_ROOT_NAMELEN 11
#endif /* _RPC_SVCGSSD_H_ */
/* Now we know we are dealing with a local realm */
- if (!strcmp(sname, LUSTRE_ROOT_NAME)) {
+ if (!strcmp(sname, LUSTRE_ROOT_NAME) ||
+ !strcmp(sname, GSSD_SERVICE_HOST)) {
cred->cr_uid = 0;
cred->cr_usr_root = 1;
goto valid;
}
fallthrough;
case LUSTRE_GSS_SVC_OSS:
- if (!strcmp(sname, LUSTRE_ROOT_NAME)) {
+ if (!strcmp(sname, LUSTRE_ROOT_NAME) ||
+ !strcmp(sname, GSSD_SERVICE_HOST)) {
cred->cr_uid = 0;
cred->cr_usr_root = 1;
} else if (!strcmp(sname, GSSD_SERVICE_MDS)) {