Branch HEAD

b=12763
i=tappro
i=ericm
Disable uid in capa struct and capa sanity test.

diff --git a/lustre/include/dt_object.h b/lustre/include/dt_object.h
index 294f992..5eff04c 100644 (file)
--- a/lustre/include/dt_object.h
+++ b/lustre/include/dt_object.h
@@ -292,7 +292,7 @@ struct dt_object_operations {
         struct obd_capa *(*do_capa_get)(const struct lu_env *env,
                                         struct dt_object *dt,
                                         struct lustre_capa *old,
-                                        __u32 uid, __u64 opc);
+                                        __u64 opc);
 };
 
 /*

diff --git a/lustre/include/lustre/lustre_idl.h b/lustre/include/lustre/lustre_idl.h
index e8551cb..93cd4b8 100644 (file)
--- a/lustre/include/lustre/lustre_idl.h
+++ b/lustre/include/lustre/lustre_idl.h
@@ -1976,13 +1976,14 @@ typedef enum {
 /* NB take care when changing the sequence of elements this struct,
  * because the offset info is used in find_capa() */
 struct lustre_capa {
-        struct lu_fid   lc_fid;       /* fid */
-        __u64           lc_opc;       /* operations allowed */
-        __u32           lc_uid;       /* uid, this is legacy and for OSS only */
-        __u32           lc_flags;     /* HMAC algorithm & flags */
-        __u32           lc_keyid;     /* key used for the capability */
-        __u32           lc_timeout;   /* capa timeout value (sec) */
-        __u64           lc_expiry;    /* expiry time (sec) */
+        struct lu_fid   lc_fid;     /* fid */
+        __u64           lc_opc;     /* operations allowed */
+        __u32           lc_uid;     /* uid, it is obsolete, but maybe used in
+                                     * future, reserve it for 64-bits aligned.*/
+        __u32           lc_flags;   /* HMAC algorithm & flags */
+        __u32           lc_keyid;   /* key used for the capability */
+        __u32           lc_timeout; /* capa timeout value (sec) */
+        __u64           lc_expiry;  /* expiry time (sec) */
         __u8            lc_hmac[CAPA_HMAC_MAX_LEN];   /* HMAC */
 } __attribute__((packed));
 

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index cf82da1..741bbb6 100644 (file)
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -2411,7 +2411,7 @@ int ll_fsync(struct file *file, struct dentry *dentry, int data)
                                            OBD_MD_FLMTIME | OBD_MD_FLCTIME |
                                            OBD_MD_FLGROUP);
 
-                oc = ll_osscapa_get(inode, 0, CAPA_OPC_OSS_WRITE);
+                oc = ll_osscapa_get(inode, CAPA_OPC_OSS_WRITE);
                 err = obd_sync(ll_i2sbi(inode)->ll_dt_exp, oa, lsm,
                                0, OBD_OBJECT_EOF, oc);
                 capa_put(oc);

diff --git a/lustre/llite/llite_capa.c b/lustre/llite/llite_capa.c
index 536644d..c109778 100644 (file)
--- a/lustre/llite/llite_capa.c
+++ b/lustre/llite/llite_capa.c
@@ -295,16 +295,13 @@ void ll_capa_thread_stop(void)
                    ll_capa_thread.t_flags & SVC_STOPPED);
 }
 
-static struct obd_capa *do_lookup_oss_capa(struct inode *inode, uid_t uid,
-                                           int opc)
+static struct obd_capa *do_lookup_oss_capa(struct inode *inode, int opc)
 {
         struct ll_inode_info *lli = ll_i2info(inode);
         struct obd_capa *ocapa;
 
         /* inside capa_lock */
         list_for_each_entry(ocapa, &lli->lli_oss_capas, u.cli.lli_list) {
-                if (uid != capa_uid(&ocapa->c_capa))
-                        continue;
                 if ((capa_opc(&ocapa->c_capa) & opc) != opc)
                         continue;
 
@@ -319,8 +316,7 @@ static struct obd_capa *do_lookup_oss_capa(struct inode *inode, uid_t uid,
         return NULL;
 }
 
-/* FIXME: once uid is 0, this is mmaped IO, or fsync, truncate. */
-struct obd_capa *ll_osscapa_get(struct inode *inode, uid_t uid, __u64 opc)
+struct obd_capa *ll_osscapa_get(struct inode *inode, __u64 opc)
 {
         struct ll_inode_info *lli = ll_i2info(inode);
         struct obd_capa *ocapa;
@@ -337,8 +333,6 @@ struct obd_capa *ll_osscapa_get(struct inode *inode, uid_t uid, __u64 opc)
         list_for_each_entry(ocapa, &lli->lli_oss_capas, u.cli.lli_list) {
                 if (capa_is_expired(ocapa))
                         continue;
-                if (uid != 0 && uid != capa_uid(&ocapa->c_capa))
-                        continue;
                 if ((opc & CAPA_OPC_OSS_WRITE) &&
                     capa_opc_supported(&ocapa->c_capa, CAPA_OPC_OSS_WRITE)) {
                         found = 1; break;
@@ -452,8 +446,7 @@ static struct obd_capa *do_add_oss_capa(struct inode *inode,
                  inode->i_mode);
 
         /* FIXME: can't replace it so easily with fine-grained opc */
-        old = do_lookup_oss_capa(inode, capa_uid(capa),
-                                 capa_opc(capa) & CAPA_OPC_OSS_ONLY);
+        old = do_lookup_oss_capa(inode, capa_opc(capa) & CAPA_OPC_OSS_ONLY);
         if (!old) {
                 ocapa->u.cli.inode = inode;
                 INIT_LIST_HEAD(&ocapa->u.cli.lli_list);

diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h
index b61b3db..835ab91 100644 (file)
--- a/lustre/llite/llite_internal.h
+++ b/lustre/llite/llite_internal.h
@@ -419,8 +419,6 @@ struct ll_async_page {
         struct list_head llap_pglist_item;
         /* checksum for paranoid I/O debugging */
         __u32            llap_checksum;
-        /* uid who operate on this page, used to lookup fid capability only */
-        uid_t            llap_fsuid;
 };
 
 /*
@@ -777,7 +775,7 @@ void ll_capa_open(struct inode *inode);
 void ll_capa_close(struct inode *inode);
 
 struct obd_capa *ll_mdscapa_get(struct inode *inode);
-struct obd_capa *ll_osscapa_get(struct inode *inode, uid_t fsuid, __u64 opc);
+struct obd_capa *ll_osscapa_get(struct inode *inode, __u64 opc);
 
 void ll_truncate_free_capa(struct obd_capa *ocapa);
 void ll_clear_inode_capas(struct inode *inode);

diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 25c4179..8587902 100644 (file)
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -100,7 +100,7 @@ static int ll_brw(int cmd, struct inode *inode, struct obdo *oa,
         oinfo.oi_md = lsm;
         /* NB partial write, so we might not have CAPA_OPC_OSS_READ capa */
         opc = cmd & OBD_BRW_WRITE ? CAPA_OPC_OSS_WRITE : CAPA_OPC_OSS_RW;
-        oinfo.oi_capa = ll_osscapa_get(inode, current->fsuid, opc);
+        oinfo.oi_capa = ll_osscapa_get(inode, opc);
         rc = obd_brw(cmd, ll_i2dtexp(inode), &oinfo, 1, &pg, NULL);
         capa_put(oinfo.oi_capa);
         if (rc == 0)
@@ -193,7 +193,7 @@ void ll_truncate(struct inode *inode)
 
         ll_inode_size_unlock(inode, 0);
 
-        oinfo.oi_capa = ll_osscapa_get(inode, 0, CAPA_OPC_OSS_TRUNC);
+        oinfo.oi_capa = ll_osscapa_get(inode, CAPA_OPC_OSS_TRUNC);
         rc = obd_punch_rqset(ll_i2dtexp(inode), &oinfo, NULL);
         ll_truncate_free_capa(oinfo.oi_capa);
         if (rc)
@@ -433,8 +433,7 @@ static struct obd_capa *ll_ap_lookup_capa(void *data, int cmd)
         struct ll_async_page *llap = LLAP_FROM_COOKIE(data);
         int opc = cmd & OBD_BRW_WRITE ? CAPA_OPC_OSS_WRITE : CAPA_OPC_OSS_RW;
 
-        return ll_osscapa_get(llap->llap_page->mapping->host, llap->llap_fsuid,
-                              opc);
+        return ll_osscapa_get(llap->llap_page->mapping->host, opc);
 }
 
 static struct obd_async_page_ops ll_async_page_ops = {
@@ -1497,8 +1496,6 @@ int ll_readpage(struct file *filp, struct page *page)
         if (IS_ERR(llap))
                 GOTO(out, rc = PTR_ERR(llap));
 
-        llap->llap_fsuid = current->fsuid;
-
         if (ll_i2sbi(inode)->ll_ra_info.ra_max_pages)
                 ras_update(ll_i2sbi(inode), inode, &fd->fd_ras, page->index,
                            llap->llap_defer_uptodate);

diff --git a/lustre/llite/rw26.c b/lustre/llite/rw26.c
index f972a44..3cfc77d 100644 (file)
--- a/lustre/llite/rw26.c
+++ b/lustre/llite/rw26.c
@@ -189,7 +189,7 @@ static ssize_t ll_direct_IO_26_seg(int rw, struct inode *inode,
                                     LPROC_LL_DIRECT_READ, size);
                 opc = CAPA_OPC_OSS_RW;
         }
-        ocapa = ll_osscapa_get(inode, current->fsuid, opc);
+        ocapa = ll_osscapa_get(inode, opc);
         rc = obd_brw_rqset(rw == WRITE ? OBD_BRW_WRITE : OBD_BRW_READ,
                            ll_i2dtexp(inode), &oa, lsm, page_count, pga, NULL,
                            ocapa);

diff --git a/lustre/mdd/mdd_internal.h b/lustre/mdd/mdd_internal.h
index 8e2f8d3..3cbe6d0 100644 (file)
--- a/lustre/mdd/mdd_internal.h
+++ b/lustre/mdd/mdd_internal.h
@@ -565,11 +565,11 @@ int mdo_create_obj(const struct lu_env *env, struct mdd_object *o,
 static inline struct obd_capa *mdo_capa_get(const struct lu_env *env,
                                             struct mdd_object *obj, 
                                             struct lustre_capa *old,
-                                            __u32 uid, __u64 opc)
+                                            __u64 opc)
 {
         struct dt_object *next = mdd_object_child(obj);
         LASSERT(mdd_object_exists(obj));
-        return next->do_ops->do_capa_get(env, next, old, uid, opc);
+        return next->do_ops->do_capa_get(env, next, old, opc);
 }
 
 #endif

diff --git a/lustre/mdd/mdd_lov.c b/lustre/mdd/mdd_lov.c
index eef4fa5..98e9018 100644 (file)
--- a/lustre/mdd/mdd_lov.c
+++ b/lustre/mdd/mdd_lov.c
@@ -518,7 +518,7 @@ int mdd_lov_create(const struct lu_env *env, struct mdd_device *mdd,
                 oa->o_valid |= OBD_MD_FLFID | OBD_MD_FLGENER;
                 oinfo->oi_oa = oa;
                 oinfo->oi_md = lsm;
-                oinfo->oi_capa = mdo_capa_get(env, child, NULL, 0,
+                oinfo->oi_capa = mdo_capa_get(env, child, NULL,
                                               CAPA_OPC_MDS_DEFAULT);
                 if (IS_ERR(oinfo->oi_capa))
                         oinfo->oi_capa = NULL;
@@ -712,7 +712,7 @@ int mdd_lov_setattr_async(const struct lu_env *env, struct mdd_object *obj,
         if (rc)
                 RETURN(rc);
 
-        oc = mdo_capa_get(env, obj, NULL, 0, CAPA_OPC_MDS_DEFAULT);
+        oc = mdo_capa_get(env, obj, NULL, CAPA_OPC_MDS_DEFAULT);
         if (IS_ERR(oc))
                 oc = NULL;
 

diff --git a/lustre/mdd/mdd_permission.c b/lustre/mdd/mdd_permission.c
index 1195593..a6357f0 100644 (file)
--- a/lustre/mdd/mdd_permission.c
+++ b/lustre/mdd/mdd_permission.c
@@ -641,7 +641,7 @@ int mdd_capa_get(const struct lu_env *env, struct md_object *obj,
         int rc = 0;
         ENTRY;
 
-        oc = mdo_capa_get(env, mdd_obj, renewal ? capa : NULL, capa->lc_uid,
+        oc = mdo_capa_get(env, mdd_obj, renewal ? capa : NULL,
                           capa->lc_opc);
         if (IS_ERR(oc)) {
                 rc = PTR_ERR(oc);

diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c
index 856c7c7..9fe52e2 100644 (file)
--- a/lustre/mdt/mdt_lib.c
+++ b/lustre/mdt/mdt_lib.c
@@ -597,10 +597,20 @@ void mdt_shrink_reply(struct mdt_thread_info *info)
                 adjust += req_capsule_shrink(pill, &RMF_LOGCOOKIES,
                                             acl_size, adjust, 1);
 
-        if ((req_capsule_has_field(pill, &RMF_CAPA1, RCL_SERVER) &&
-               !(body->valid & OBD_MD_FLMDSCAPA)))
-                adjust += req_capsule_shrink(pill, &RMF_CAPA1, 0, adjust, 1);
+        /* RMF_CAPA1 on server-side maybe for OBD_MD_FLMDSCAPA or
+         * OBD_MD_FLOSSCAPA. If RMF_CAPA2 exist also, RMF_CAPA1 is
+         * for OBD_MD_FLMDSCAPA only. */
+        if (req_capsule_has_field(pill, &RMF_CAPA1, RCL_SERVER)) {
+                if ((req_capsule_has_field(pill, &RMF_CAPA2, RCL_SERVER) &&
+                    !(body->valid & OBD_MD_FLMDSCAPA)) ||
+                    (!req_capsule_has_field(pill, &RMF_CAPA2, RCL_SERVER) &&
+                    !(body->valid & OBD_MD_FLMDSCAPA) &&
+                    !(body->valid & OBD_MD_FLOSSCAPA)))
+                        adjust += req_capsule_shrink(pill, &RMF_CAPA1,
+                                                     0, adjust, 1);
+        }
 
+        /* RMF_CAPA2 on server-side is for OBD_MD_FLOSSCAPA only. */
         if ((req_capsule_has_field(pill, &RMF_CAPA2, RCL_SERVER) &&
                 !(body->valid & OBD_MD_FLOSSCAPA)))
                 adjust += req_capsule_shrink(pill, &RMF_CAPA2, 0, adjust, 0);

diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c
index e83eede..0507d97 100644 (file)
--- a/lustre/mdt/mdt_open.c
+++ b/lustre/mdt/mdt_open.c
@@ -566,12 +566,11 @@ static int mdt_finish_open(struct mdt_thread_info *info,
         if (mdt->mdt_opts.mo_oss_capa &&
             S_ISREG(lu_object_attr(&o->mot_obj.mo_lu))) {
                 struct lustre_capa *capa;
-                struct md_ucred *ucred = mdt_ucred(info);
 
                 capa = req_capsule_server_get(&info->mti_pill, &RMF_CAPA2);
                 LASSERT(capa);
                 capa->lc_opc = CAPA_OPC_OSS_DEFAULT | capa_open_opc(flags);
-                capa->lc_uid = ucred->mu_o_fsuid;
+                capa->lc_uid = 0;
                 rc = mo_capa_get(info->mti_env, mdt_object_child(o), capa, 0);
                 if (rc)
                         RETURN(rc);

diff --git a/lustre/obdfilter/filter_capa.c b/lustre/obdfilter/filter_capa.c
index 83ccbed..c7d3ea2 100644 (file)
--- a/lustre/obdfilter/filter_capa.c
+++ b/lustre/obdfilter/filter_capa.c
@@ -34,93 +34,6 @@
 
 #include "filter_internal.h"
 
-/*
- * FIXME
- * keep this as simple as possible. we suppose the blacklist usually
- * be empry or very short (<5), since long term blacklist should be
- * done on MDS side. A more sophisticated blacklist will be implemented
- * later.
- *
- * note blacklist didn't take effect when OSS capability disabled. this
- * looks reasonable to me.
- */
-#define BLACKLIST_MAX   (32)
-static int nblacklist = 0;
-static uid_t blacklist[BLACKLIST_MAX];
-static spinlock_t blacklist_lock = SPIN_LOCK_UNLOCKED;
-
-int blacklist_display(char *buf, int bufsize)
-{
-        char one[16];
-        int i;
-        LASSERT(buf);
-
-        buf[0] = '\0';
-        spin_lock(&blacklist_lock);
-        for (i = 0; i < nblacklist; i++) {
-                snprintf(one, 16, "%u\n", blacklist[i]);
-                strncat(buf, one, bufsize);
-        }
-        spin_unlock(&blacklist_lock);
-        return strnlen(buf, bufsize);
-}
-
-void blacklist_add(uid_t uid)
-{
-        int i;
-
-        spin_lock(&blacklist_lock);
-        if (nblacklist == BLACKLIST_MAX) {
-                CERROR("can't add more in blacklist\n");
-                spin_unlock(&blacklist_lock);
-                return;
-        }
-
-        for (i = 0; i < nblacklist; i++) {
-                if (blacklist[i] == uid) {
-                        spin_unlock(&blacklist_lock);
-                        return;
-                }
-        }
-
-        blacklist[nblacklist++] = uid;
-        spin_unlock(&blacklist_lock);
-}
-
-void blacklist_del(uid_t uid)
-{
-        int i;
-
-        spin_lock(&blacklist_lock);
-        for (i = 0; i < nblacklist; i++) {
-                if (blacklist[i] == uid) {
-                        nblacklist--;
-                        while (i < nblacklist) {
-                                blacklist[i] = blacklist[i+1];
-                                i++;
-                        }
-                        spin_unlock(&blacklist_lock);
-                        return;
-                }
-        }
-        spin_unlock(&blacklist_lock);
-}
-
-static int blacklist_check(uid_t uid)
-{
-        int i, rc = 0;
-
-        spin_lock(&blacklist_lock);
-        for (i = 0; i < nblacklist; i++) {
-                if (blacklist[i] == uid) {
-                        rc = 1;
-                        break;
-                }
-        }
-        spin_unlock(&blacklist_lock);
-        return rc;
-}
-
 static inline __u32 filter_ck_keyid(struct filter_capa_key *key)
 {
         return key->k_key.lk_keyid;
@@ -210,12 +123,6 @@ int filter_auth_capa(struct obd_export *exp, struct lu_fid *fid, __u64 mdsid,
                 RETURN(-EACCES);
         }
 
-        if (blacklist_check(capa->lc_uid)) {
-                DEBUG_CAPA(D_ERROR, capa, "uid %u found in blacklist,",
-                           capa->lc_uid);
-                RETURN(-EACCES);
-        }
-
 #warning "enable fid check in filter_auth_capa() when fid stored in OSS object"
 
         if (opc == CAPA_OPC_OSS_READ) {

diff --git a/lustre/obdfilter/lproc_obdfilter.c b/lustre/obdfilter/lproc_obdfilter.c
index 123c1ed..9f9c953 100644 (file)
--- a/lustre/obdfilter/lproc_obdfilter.c
+++ b/lustre/obdfilter/lproc_obdfilter.c
@@ -231,41 +231,6 @@ static int lprocfs_filter_rd_capa_count(char *page, char **start, off_t off,
                         capa_count[CAPA_SITE_SERVER]);
 }
 
-static
-int lprocfs_filter_rd_blacklist(char *page, char **start, off_t off, int count,
-                                int *eof, void *data)
-{
-        int rc;
-
-        rc = blacklist_display(page, count);
-        *eof = 1;
-        return rc;
-}
-
-static
-int lprocfs_filter_wr_blacklist(struct file *file, const char *buffer,
-                                unsigned long count, void *data)
-{
-        int add;
-        uid_t uid = -1;
-
-        if (count < 2)
-                return count;
-        if (buffer[0] == '+')
-                add = 1;
-        else if (buffer[0] == '-')
-                add = 0;
-        else
-                return count;
-
-        sscanf(buffer + 1, "%u", &uid);
-        if (add)
-                blacklist_add(uid);
-        else
-                blacklist_del(uid);
-        return count;
-}
-
 static struct lprocfs_vars lprocfs_obd_vars[] = {
         { "uuid",         lprocfs_rd_uuid,          0, 0 },
         { "blocksize",    lprocfs_rd_blksize,       0, 0 },
@@ -302,8 +267,6 @@ static struct lprocfs_vars lprocfs_obd_vars[] = {
         { "capa",         lprocfs_filter_rd_capa,
                           lprocfs_filter_wr_capa, 0 },
         { "capa_count",   lprocfs_filter_rd_capa_count, 0, 0 },
-        { "blacklist",    lprocfs_filter_rd_blacklist,
-                          lprocfs_filter_wr_blacklist, 0 },
         { 0 }
 };
 

diff --git a/lustre/osd/osd_handler.c b/lustre/osd/osd_handler.c
index 37efb19..ea283e2 100644 (file)
--- a/lustre/osd/osd_handler.c
+++ b/lustre/osd/osd_handler.c
@@ -1492,7 +1492,7 @@ static int osd_xattr_del(const struct lu_env *env,
 static struct obd_capa *osd_capa_get(const struct lu_env *env,
                                      struct dt_object *dt,
                                      struct lustre_capa *old,
-                                     __u32 uid, __u64 opc)
+                                     __u64 opc)
 {
         struct osd_thread_info *info = osd_oti_get(env);
         const struct lu_fid *fid = lu_object_fid(&dt->do_lu);
@@ -1516,7 +1516,7 @@ static struct obd_capa *osd_capa_get(const struct lu_env *env,
 
         capa->lc_fid = *fid;
         capa->lc_opc = opc;
-        capa->lc_uid = uid;
+        capa->lc_uid = 0;
         capa->lc_flags = dev->od_capa_alg << 24;
         capa->lc_timeout = dev->od_capa_timeout;
         capa->lc_expiry = 0;

diff --git a/lustre/tests/Makefile.am b/lustre/tests/Makefile.am
index 234c50c..780f37e 100644 (file)
--- a/lustre/tests/Makefile.am
+++ b/lustre/tests/Makefile.am
@@ -34,7 +34,7 @@ noinst_PROGRAMS += small_write multiop sleeptest ll_sparseness_verify cmknod
 noinst_PROGRAMS += ll_sparseness_write mrename ll_dirstripe_verify mkdirmany rmdirmany
 noinst_PROGRAMS += openfilleddirunlink rename_many memhog iopentest1 iopentest2
 noinst_PROGRAMS += mmap_sanity flock_test writemany random-reads flocks_test
-noinst_PROGRAMS += ll_getstripe_info
+noinst_PROGRAMS += ll_getstripe_info write_time_limit
 if MPITESTS
 noinst_PROGRAMS += parallel_grouplock write_append_truncate createmany_mpi
 noinst_PROGRAMS += iam_ut

diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index b2f1950..d68531d 100644 (file)
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # Run select tests by setting SEC_ONLY, or as arguments to the script.
-# Skip specific tests by setting EXCEPT.
+# Skip specific tests by setting SEC_EXCEPT.
 #
 
 set -e
@@ -10,28 +10,35 @@ SRCDIR=`dirname $0`
 export PATH=$PWD/$SRCDIR:$SRCDIR:$PWD/$SRCDIR/../utils:$PATH:/sbin
 
 SEC_ONLY=${SEC_ONLY:-"$*"}
-ALWAYS_EXCEPT=${ALWAYS_EXCEPT:-""}
-# UPDATE THE COMMENT ABOVE WITH BUG NUMBERS WHEN CHANGING ALWAYS_EXCEPT!
-
-[ "$ALWAYS_EXCEPT$EXCEPT" ] && \
-       echo "Skipping tests: `echo $ALWAYS_EXCEPT $EXCEPT`"
+[ "$SEC_EXCEPT" ] && echo "Skipping tests: `echo $SEC_EXCEPT`"
 
 TMP=${TMP:-/tmp}
 LFS=${LFS:-lfs}
 LCTL=${LCTL:-lctl}
 RUNAS=${RUNAS:-runas}
+WTL=${WTL:-write_time_limit}
 
-log() {
+LPROC=/proc/fs/lustre
+ENABLE_IDENTITY=/usr/sbin/l_getidentity
+DISABLE_IDENTITY=NONE
+LUSTRE_CONF_DIR=/etc/lustre
+PERM_CONF=$LUSTRE_CONF_DIR/perm.conf
+LDLM_LPROC=$LPROC/ldlm
+LLITE_LPROC=$LPROC/llite
+MDC_LPROC=$LPROC/mdc
+MDT_LPROC=$LPROC/mdt
+OST_LPROC=$LPROC/obdfilter
+
+sec_log() {
        echo "$*"
        $LCTL mark "$*" 2> /dev/null || true
 }
 
 SANITYSECLOG=${SANITYSECLOG:-/tmp/sanity-sec.log}
-
 [ "$SANITYSECLOG" ] && rm -f $SANITYSECLOG || true
 
 sec_error() { 
-       log "FAIL: $TESTNAME $@"
+       sec_log "FAIL: $TESTNAME $@"
        if [ "$SANITYSECLOG" ]; then
                echo "FAIL: $TESTNAME $@" >> $SANITYSECLOG
        else
@@ -39,23 +46,28 @@ sec_error() {
        fi
 }
 
-pass() { 
+sec_pass() { 
        echo PASS $@
 }
 
+sec_skip () {
+       sec_log "$0: SKIP: $TESTNAME $@"
+       [ "$SANITYSECLOG" ] && echo "$0: SKIP: $TESTNAME $@" >> $SANITYSECLOG
+}
+
 ID1=500
 ID2=501
 
 USER1=`cat /etc/passwd|grep :$ID1:$ID1:|cut -d: -f1`
 USER2=`cat /etc/passwd|grep :$ID2:$ID2:|cut -d: -f1`
 
-if [ ! "$USER1" ]; then
+if [ -z "$USER1" ]; then
        echo "===== Please add user1 (uid=$ID1 gid=$ID1)! Skip sanity-sec ====="
        sec_error "===== Please add user1 (uid=$ID1 gid=$ID1)! ====="
        exit 0
 fi
 
-if [ ! "$USER2" ]; then
+if [ -z "$USER2" ]; then
        echo "===== Please add user2 (uid=$ID2 gid=$ID2)! Skip sanity-sec ====="
        sec_error "===== Please add user2 (uid=$ID2 gid=$ID2)! ====="
        exit 0
@@ -68,26 +80,88 @@ LUSTRE=${LUSTRE:-`dirname $0`/..}
 init_test_env $@
 . ${CONFIG:=$LUSTRE/tests/cfg/$NAME.sh}
 
-if $GSS_KRB5; then
-    $RUNAS -u $ID1 krb5_login.sh || exit 1
-    $RUNAS -u $ID2 krb5_login.sh || exit 1
+mounted_lustre_filesystems() {
+       awk '($3 ~ "lustre" && $1 ~ ":") { print $2 }' /proc/mounts
+}
+
+MOUNTED="`mounted_lustre_filesystems`"
+if [ -z "$MOUNTED" ]; then
+        formatall
+        setupall
+       MOUNTED="`mounted_lustre_filesystems`"
+       [ -z "$MOUNTED" ] && sec_error "NAME=$NAME not mounted"
+       S_MOUNTED=yes
 fi
 
+[ `echo $MOUNT | wc -w` -gt 1 ] && sec_error "NAME=$NAME mounted more than once"
+
+DIR=${DIR:-$MOUNT}
+[ -z "`echo $DIR | grep $MOUNT`" ] && echo "$DIR not in $MOUNT" && \
+       sec_cleanup && exit 99
+
+[ `ls -l $LDLM_LPROC/namespaces 2>/dev/null | grep *-mdc-* | wc -l` -gt 1 ] \
+       && echo "skip multi-MDS test" && sec_cleanup && exit 0
+
+OST_COUNT=$(ls -l $LDLM_LPROC/namespaces 2>/dev/null | grep osc | grep -v MDT | wc -l)
+
+# for GSS_SUP
+GSS_REF=$(lsmod | grep ^ptlrpc_gss | awk '{print $3}')
+if [ ! -z "$GSS_REF" -a "$GSS_REF" != "0" ]; then
+       GSS_SUP=1
+       echo "with GSS support"
+else
+       GSS_SUP=0
+       echo "without GSS support"
+fi
+
+# for MDT_TYPE
+MDT_REF=$(lsmod | grep ^mdt | awk '{print $3}')
+if [ ! -z "$MDT_REF" -a "$MDT_REF" != "0" ]; then
+        MDT_TYPE="local"
+        echo "local mdt"
+else
+        MDT_TYPE="remote"
+        echo "remote mdt"
+fi
+
+MDT="`do_facet $SINGLEMDS ls -l $MDT_LPROC/ | grep MDT | awk '{print $9}'`"
+if [ ! -z "$MDT" ]; then
+       IDENTITY_UPCALL=$MDT_LPROC/$MDT/identity_upcall
+       IDENTITY_UPCALL_BAK="`more $IDENTITY_UPCALL`"
+       IDENTITY_FLUSH=$MDT_LPROC/$MDT/identity_flush
+       ROOTSQUASH_UID=$MDT_LPROC/$MDT/rootsquash_uid
+       ROOTSQUASH_GID=$MDT_LPROC/$MDT/rootsquash_gid
+       NOSQUASH_NIDS=$MDT_LPROC/$MDT/nosquash_nids
+       MDSCAPA=$MDT_LPROC/$MDT/capa
+       CAPA_TIMEOUT=$MDT_LPROC/$MDT/capa_timeout
+fi
+
+# for CLIENT_TYPE
+if [ -z "$(grep remote $LLITE_LPROC/*/client_type 2>/dev/null)" ]; then
+       CLIENT_TYPE="local"
+       echo "local client"
+else
+       CLIENT_TYPE="remote"
+       echo "remote client"
+fi
+
+SAVE_PWD=$PWD
+
 sec_run_one() {
        BEFORE=`date +%s`
-       log "== test $1 $2= `date +%H:%M:%S` ($BEFORE)"
+       sec_log "== test $1 $2= `date +%H:%M:%S` ($BEFORE)"
        export TESTNAME=test_$1
        test_$1 || sec_error "exit with rc=$?"
        unset TESTNAME
-       pass "($((`date +%s` - $BEFORE))s)"
+       sec_pass "($((`date +%s` - $BEFORE))s)"
 }
 
 build_test_filter() {
         for O in $SEC_ONLY; do
             eval SEC_ONLY_${O}=true
         done
-        for E in $EXCEPT $ALWAYS_EXCEPT; do
-            eval EXCEPT_${E}=true
+        for E in $SEC_EXCEPT; do
+            eval SEC_EXCEPT_${E}=true
         done
 }
 
@@ -115,12 +189,12 @@ sec_run_test() {
                  echo -n "."
                  return 0
        fi
-        testname=EXCEPT_$1
+        testname=SEC_EXCEPT_$1
         if [ ${!testname}x != x ]; then
                  echo "skipping excluded test $1"
                  return 0
         fi
-        testname=EXCEPT_$base
+        testname=SEC_EXCEPT_$base
         if [ ${!testname}x != x ]; then
                  echo "skipping excluded test $1 (base $base)"
                  return 0
@@ -129,75 +203,40 @@ sec_run_test() {
        return $?
 }
 
-mounted_lustre_filesystems() {
-       awk '($3 ~ "lustre" && $1 ~ ":") { print $2 }' /proc/mounts
-}
-
-MOUNTED="`mounted_lustre_filesystems`"
-if [ -z "$MOUNTED" ]; then
-        formatall
-        setupall
-       MOUNTED="`mounted_lustre_filesystems`"
-       [ -z "$MOUNTED" ] && sec_error "NAME=$NAME not mounted"
-       S_MOUNTED=yes
-fi
-
-[ `echo $MOUNT | wc -w` -gt 1 ] && sec_error "NAME=$NAME mounted more than once"
-
-DIR=${DIR:-$MOUNT}
-[ -z "`echo $DIR | grep $MOUNT`" ] && echo "$DIR not in $MOUNT" && \
-       sec_cleanup && exit 99
-
-[ `ls -l $LPROC/ldlm 2> /dev/null | grep lustre-MDT | wc -l` -gt 1 ] \
-       && echo "skip multi-MDS test" && sec_cleanup && exit 0
+build_test_filter
 
-if [ -z "`lsmod | grep mdt`" ]; then
-       LOCAL_MDT=0
-       echo "remote mdt"
-       EXCEPT="$EXCEPT 1 3"
-else
-       LOCAL_MDT=1
-       echo "local mdt"
-       EXCEPT="$EXCEPT 1 2 3"
-fi
+sec_login() {
+       local user=$1
+       local group=$2
 
-LPROC=/proc/fs/lustre
-ENABLE_IDENTITY=/usr/sbin/l_getidentity
-DISABLE_IDENTITY=NONE
-LUSTRE_CONF_DIR=/etc/lustre
-SETXID_CONF=$LUSTRE_CONF_DIR/setxid.conf
-SETXID_CONF_BAK=$LUSTRE_CONF_DIR/setxid.conf.bak
-
-if [ $LOCAL_MDT -eq 1 ]; then
-       MDT=$(\ls $LPROC/mdt 2> /dev/null | grep -v num_refs | tail -n 1)
-       IDENTITY_UPCALL=$LPROC/mdt/$MDT/identity_upcall
-       IDENTITY_UPCALL_BAK=`more $IDENTITY_UPCALL`
-       IDENTITY_FLUSH=$LPROC/mdt/$MDT/identity_flush
-       ROOTSQUASH_UID=$LPROC/mdt/$MDT/rootsquash_uid
-       ROOTSQUASH_GID=$LPROC/mdt/$MDT/rootsquash_gid
-       NOSQUASH_NIDS=$LPROC/mdt/$MDT/nosquash_nids
-fi
-
-CLIENT_TYPE=$LPROC/llite/*/client_type
-grep "local client" $CLIENT_TYPE > /dev/null 2>&1 && EXCEPT="$EXCEPT 2"
-grep "remote client" $CLIENT_TYPE > /dev/null 2>&1 && EXCEPT="$EXCEPT 1 3"
+       if ! $RUNAS -u $user krb5_login.sh; then
+               echo "$user login kerberos failed."
+               exit 1
+       fi
 
-build_test_filter
+       if ! $RUNAS -u $user -g $group ls $DIR > /dev/null; then
+               $RUNAS -u $user lfs flushctx -k
+               $RUNAS -u $user krb5_login.sh
+                if ! $RUNAS -u $user -g $group ls $DIR > /dev/null; then
+                        echo "init $user $group failed."
+                        exit 2
+                fi
+       fi
+}
 
 setup() {
-       if [ -f "$SETXID_CONF" ]; then
-               mv -f $SETXID_CONF $SETXID_CONF_BAK
-       else
-               rm -f $SETXID_CONF_BAK
+       if [ ! -z "$MDT" ]; then
+               do_facet $SINGLEMDS echo $ENABLE_IDENTITY > $IDENTITY_UPCALL
+               do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
        fi
 
-       if [ $LOCAL_MDT -eq 1 ]; then
-               echo $ENABLE_IDENTITY > $IDENTITY_UPCALL
-               echo -1 > $IDENTITY_FLUSH
+       if ! $RUNAS -u $ID1 ls $DIR > /dev/null 2>&1; then
+               sec_login $USER1 $USER1
        fi
 
-       $RUNAS -u $ID1 ls $DIR
-       $RUNAS -u $ID2 ls $DIR
+       if ! $RUNAS -u $ID2 ls $DIR > /dev/null 2>&1; then
+               sec_login $USER2 $USER2
+       fi
 }
 setup
 
@@ -225,34 +264,51 @@ sec_run_test 0 "uid permission ============================="
 
 # setuid/gid
 test_1() {
+       [ $GSS_SUP = 0 ] && sec_skip "without GSS support." && return
+       [ -z "$MDT" ] && sec_skip "do not support do_facet operations." && return
+
+       do_facet $SINGLEMDS rm -f $PERM_CONF
+       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
+
        rm -rf $DIR/d1
        mkdir $DIR/d1
 
        chown $USER1 $DIR/d1 || sec_error
        $RUNAS -u $ID2 -v $ID1 touch $DIR/d1/f0 && sec_error
-       echo "* $ID2 setuid" > $SETXID_CONF
+       do_facet $SINGLEMDS echo "\* $ID2 setuid" > $PERM_CONF
        echo "enable uid $ID2 setuid"
-       echo -1 > $IDENTITY_FLUSH
+       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
        $RUNAS -u $ID2 -v $ID1 touch $DIR/d1/f1 || sec_error
 
        chown root $DIR/d1
        chgrp $USER1 $DIR/d1
        chmod 770 $DIR/d1
        $RUNAS -u $ID2 -g $ID2 touch $DIR/d1/f2 && sec_error
-       echo "* $ID2 setuid,setgid" > $SETXID_CONF
+       $RUNAS -u $ID2 -g $ID2 -j $ID1 touch $DIR/d1/f3 && sec_error
+       do_facet $SINGLEMDS echo "\* $ID2 setuid,setgid" > $PERM_CONF
        echo "enable uid $ID2 setuid,setgid"
-       echo -1 > $IDENTITY_FLUSH
-       $RUNAS -u $ID2 -g $ID2 -j $ID1 touch $DIR/d1/f3 || sec_error
-       $RUNAS -u $ID2 -v $ID1 -g $ID2 -j $ID1 touch $DIR/d1/f4 || sec_error
+       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
+       $RUNAS -u $ID2 -g $ID2 -j $ID1 touch $DIR/d1/f4 || sec_error
+       $RUNAS -u $ID2 -v $ID1 -g $ID2 -j $ID1 touch $DIR/d1/f5 || sec_error
 
-       rm -f $SETXID_CONF
        rm -rf $DIR/d1
-       echo -1 > $IDENTITY_FLUSH
+
+       do_facet $SINGLEMDS rm -f $PERM_CONF
+       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
 }
 sec_run_test 1 "setuid/gid ============================="
 
-# lfs getfacl/setfacl
-test_2() {
+# remote_acl
+# for remote client only
+test_2 () {
+       [ "$CLIENT_TYPE" = "local" ] && \
+               sec_skip "remote_acl for remote client only" && return
+       [ -z "$(grep ^acl $MDC_LPROC/*-mdc-*/connect_flags)" ] && \
+               sec_skip "must have acl enabled" && return
+       [ -z "$(which setfacl 2>/dev/null)" ] && \
+               sec_skip "could not find setfacl" && return
+       [ "$UID" != 0 ] && sec_skip "must run as root" && return
+
        rm -rf $DIR/d2
        mkdir $DIR/d2
        chmod 755 $DIR/d2
@@ -265,93 +321,237 @@ test_2() {
 
        $LFS setfacl -m u:$USER1:w $DIR/d2/f0 || sec_error
        $LFS getfacl $DIR/d2/f0 || sec_error
-       echo "set user $USER1 write permission on file $DIR/d2/fo"
+       echo "set user $USER1 write permission on file $DIR/d2/f0"
        $RUNAS -u $ID1 touch $DIR/d2/f0 || sec_error
        $RUNAS -u $ID1 cat $DIR/d2/f0 && sec_error
 
        rm -rf $DIR/d2
 }
-sec_run_test 2 "lfs getfacl/setfacl ============================="
+sec_run_test 2 "rmtacl ============================="
 
 # rootsquash
+# for remote mdt only
 test_3() {
-       $LCTL conf_param $MDT.mdt.nosquash_nids=none
-       while grep LNET_NID_ANY $NOSQUASH_NIDS > /dev/null; do sleep 1; done
-       $LCTL conf_param $MDT.mdt.rootsquash_uid=0
-       while [ "`cat $ROOTSQUASH_UID`" -ne 0 ]; do sleep 1; done
-       $LCTL conf_param $MDT.mdt.rootsquash_gid=0
-       while [ "`cat $ROOTSQUASH_GID`" -ne 0 ]; do sleep 1; done
+       [ $GSS_SUP = 0 ] && sec_skip "without GSS support." && return
+       [ -z "$MDT" ] && sec_skip "do not support do_facet operations." && return
+        [ "$MDT_TYPE" = "local" ] && sec_skip "rootsquash for remote mdt only" && return
+
+       do_facet $SINGLEMDS echo "-\*" > $NOSQUASH_NIDS 
+       do_facet $SINGLEMDS echo 0 > $ROOTSQUASH_UID
+       do_facet $SINGLEMDS echo 0 > $ROOTSQUASH_GID
 
        rm -rf $DIR/d3
        mkdir $DIR/d3
        chown $USER1 $DIR/d3
        chmod 700 $DIR/d3
-       $LCTL conf_param $MDT.mdt.rootsquash_uid=$ID1
+       do_facet $SINGLEMDS echo $ID1 > $ROOTSQUASH_UID
        echo "set rootsquash uid = $ID1"
-       while [ "`cat $ROOTSQUASH_UID`" -ne $ID1 ]; do sleep 1; done
        touch $DIR/f3_0 && sec_error
        touch $DIR/d3/f3_1 || sec_error
 
-       $LCTL conf_param $MDT.mdt.rootsquash_uid=0
+       do_facet $SINGLEMDS echo 0 > $ROOTSQUASH_UID
        echo "disable rootsquash"
-       while [ "`cat $ROOTSQUASH_UID`" -ne 0 ]; do sleep 1; done
        chown root $DIR/d3
        chgrp $USER2 $DIR/d3
        chmod 770 $DIR/d3
 
-       $LCTL conf_param $MDT.mdt.rootsquash_uid=$ID1
+       do_facet $SINGLEMDS echo $ID1 > $ROOTSQUASH_UID
        echo "set rootsquash uid = $ID1"
-       while [ "`cat $ROOTSQUASH_UID`" -ne $ID1 ]; do sleep 1; done
        touch $DIR/d3/f3_2 && sec_error
-       $LCTL conf_param $MDT.mdt.rootsquash_gid=$ID2
+       do_facet $SINGLEMDS echo $ID2 > $ROOTSQUASH_GID
        echo "set rootsquash gid = $ID2"
-       while [ "`cat $ROOTSQUASH_GID`" -ne $ID2 ]; do sleep 1; done
        touch $DIR/d3/f3_3 || sec_error
 
-       $LCTL conf_param $MDT.mdt.nosquash_nids=*
+       do_facet $SINGLEMDS echo "+\*" > $NOSQUASH_NIDS
        echo "add host in rootsquash skip list"
-       while ! grep LNET_NID_ANY $NOSQUASH_NIDS > /dev/null;
-               do sleep 1;
-       done
        touch $DIR/f3_4 || sec_error
 
-       $LCTL conf_param $MDT.mdt.rootsquash_uid=0
-       while [ "`cat $ROOTSQUASH_UID`" -ne 0 ]; do sleep 1; done
-       $LCTL conf_param $MDT.mdt.rootsquash_gid=0
-       while [ "`cat $ROOTSQUASH_GID`" -ne 0 ]; do sleep 1; done
-       $LCTL conf_param $MDT.mdt.nosquash_nids=none
+       do_facet $SINGLEMDS echo 0 > $ROOTSQUASH_UID
+       do_facet $SINGLEMDS echo 0 > $ROOTSQUASH_GID
+       do_facet $SINGLEMDS echo "-\*" > $NOSQUASH_NIDS
        rm -rf $DIR/d3
        rm -f $DIR/f3_?
 }
 sec_run_test 3 "rootsquash ============================="
 
-# bug 3285 - supplementary group should always succeed (see do_init_ucred),
-# NB: the supplementary groups are set for local client only, as for remote
-# client, the groups of the specified uid on MDT will be obtained by
-# upcall /sbin/l_getidentity and used.
+# bug 3285 - supplementary group should always succeed.
+# NB: the supplementary groups are set for local client only,
+# as for remote client, the groups of the specified uid on MDT
+# will be obtained by upcall /sbin/l_getidentity and used.
 test_4() {
+       rm -rf $DIR/d4
         mkdir $DIR/d4
         chmod 771 $DIR/d4
         chgrp $ID1 $DIR/d4
        $RUNAS -u $ID1 ls $DIR/d4 || sec_error "setgroups(1) failed"
-       grep "local client" $CLIENT_TYPE > /dev/null 2>&1 && \
-               ($RUNAS -u $ID2 -G1,2,$ID1 ls $DIR/d4 || \
-                       sec_error "setgroups(2) failed")
+       if [ "$CLIENT_TYPE" != "remote" ]; then
+               if [ ! -z "$MDT" ]; then
+                       do_facet $SINGLEMDS echo "\* $ID2 setgrp" > $PERM_CONF
+                       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
+               fi
+               $RUNAS -u $ID2 -G1,2,$ID1 ls $DIR/d4 || sec_error "setgroups(2) failed"
+               if [ ! -z "$MDT" ]; then
+                       do_facet $SINGLEMDS rm -f $PERM_CONF
+                       do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
+               fi
+       fi
        $RUNAS -u $ID2 -G1,2 ls $DIR/d4 && sec_error "setgroups(3) failed"
        rm -rf $DIR/d4
 }
 sec_run_test 4 "set supplementary group ==============="
 
-log "cleanup: ======================================================"
+mds_capability_timeout() {
+        [ $# -lt 1 ] && echo "Miss mds capability timeout value" && return 1
 
-unsetup() {
-       if [ -f "$SETXID_CONF_BAK" ]; then
-               mv -f $SETXID_CONF_BAK $SETXID_CONF
+        echo "Set mds capability timeout as $1 seconds"
+       do_facet $SINGLEMDS echo $1 > $CAPA_TIMEOUT
+        return 0
+}
+
+mds_capability_switch() {
+        [ $# -lt 1 ] && echo "Miss mds capability switch value" && return 1
+
+        case $1 in
+                0) echo "Turn off mds capability";;
+                3) echo "Turn on mds capability";;
+                *) echo "Invalid mds capability switch value" && return 2;;
+        esac
+
+       do_facet $SINGLEMDS echo $1 > $MDSCAPA
+        return 0
+}
+
+oss_capability_switch() {
+        [ $# -lt 1 ] && echo "Miss oss capability switch value" && return 1
+
+        case $1 in
+                0) echo "Turn off oss capability";;
+                1) echo "Turn on oss capability";;
+                *) echo "Invalid oss capability switch value" && return 2;;
+        esac
+
+       i=0;
+       while [ $i -lt $OST_COUNT ]; do
+               j=$i;
+               i=`expr $i + 1`
+               OST="`do_facet ost$i ls -l $OST_LPROC/ | grep OST | awk '{print $9}' | grep $j$`"
+               do_facet ost$i echo $1 > $OST_LPROC/$OST/capa
+       done
+        return 0
+}
+
+turn_capability_on() {
+        local capa_timeout=${1:-"1800"}
+
+        # To turn on fid capability for the system,
+        # there is a requirement that fid capability
+        # is turned on on all MDS/OSS servers before
+        # client mount.
+
+        umount $MOUNT || return 1
+
+        mds_capability_switch 3 || return 2
+        oss_capability_switch 1 || return 3
+        mds_capability_timeout $capa_timeout || return 4
+
+        mount_client $MOUNT || return 5
+        return 0
+}
+
+turn_capability_off() {
+        # to turn off fid capability, you can just do
+        # it in a live system. But, please turn off
+        # capability of all OSS servers before MDS servers.
+
+        oss_capability_switch 0 || return 1
+        mds_capability_switch 0 || return 2
+        return 0
+}
+
+# We demonstrate that access to the objects in the filesystem are not
+# accessible without supplying secrets from the MDS by disabling a
+# proc variable on the mds so that it does not supply secrets. We then
+# try and access objects which result in failure.
+test_5() {
+        local file=$DIR/f5
+
+       [ -z "$MDT" ] && sec_skip "do not support do_facet operations." && return
+       turn_capability_off
+       rm -f $file
+
+        # Disable proc variable
+        mds_capability_switch 0 || return 1
+        oss_capability_switch 1 || return 2
+
+        # proc variable disabled -- access to the objects in the filesystem
+        # is not allowed 
+        echo "Should get Write error here : (proc variable are disabled "\
+            "-- access to the objects in the filesystem is denied."
+       $WTL $file 30
+       if [ $? == 0 ]; then
+               echo "Write worked well even though secrets not supplied."
+               return 3
+        fi
+
+        turn_capability_on || return 4
+        sleep 5
+
+        # proc variable enabled, secrets supplied -- write should work now
+        echo "Should not fail here : (proc variable enabled, secrets supplied "\
+            "-- write should work now)."
+       $WTL $file 30
+       if [ $? != 0 ]; then
+               echo "Write failed even though secrets supplied."
+               return 5
+        fi
+
+       turn_capability_off
+       rm -f $file
+}
+sec_run_test 5 "capa secrets ========================="
+
+# Expiry: A test program is performing I/O on a file. It has credential
+# with an expiry half a minute later. While the program is running the
+# credentials expire and no automatic extensions or renewals are
+# enabled. The program will demonstrate an I/O failure.
+test_6() {
+        local file=$DIR/f6
+
+       [ -z "$MDT" ] && sec_skip "do not support do_facet operations." && return
+       turn_capability_off
+       rm -f $file
+
+        turn_capability_on 30 || return 1
+        # Token expiry
+       $WTL $file 60 || return 2
+
+       # Reset MDS capability timeout
+       mds_capability_timeout 30 || exit 3
+       $WTL $file 60 &
+       local PID=$!
+       sleep 5
+
+        # To disable automatic renew, only need turn capa off on MDS.
+        mds_capability_switch 0 || return 4
+
+       echo "We expect I/O failure."
+        wait $PID
+       if [ $? == 0 ]; then
+               echo "no I/O failure got."
+               return 5
        fi
 
-       if [ $LOCAL_MDT -eq 1 ]; then
-               echo $IDENTITY_UPCALL_BAK > $IDENTITY_UPCALL
-               echo -1 > $IDENTITY_FLUSH
+       turn_capability_off
+       rm -f $file
+}
+sec_run_test 6 "capa expiry ========================="
+
+log "cleanup: ======================================================"
+
+unsetup() {
+       if [ ! -z "$MDT"  ]; then
+               do_facet $SINGLEMDS echo $IDENTITY_UPCALL_BAK > $IDENTITY_UPCALL
+               do_facet $SINGLEMDS echo -1 > $IDENTITY_FLUSH
        fi
 
        $RUNAS -u $ID1 ls $DIR
@@ -367,4 +567,6 @@ sec_cleanup() {
 sec_cleanup
 
 echo '=========================== finished ==============================='
-[ -f "$SANITYSECLOG" ] && cat $SANITYSECLOG && exit 1 || true
+[ -f "$SANITYSECLOG" ] && \
+       cat $SANITYSECLOG && grep -q FAIL $SANITYSECLOG && exit 1 || true
+echo "$0 completed"

diff --git a/lustre/tests/write_time_limit.c b/lustre/tests/write_time_limit.c
new file mode 100644 (file)
index 0000000..445b623
--- /dev/null
+++ b/lustre/tests/write_time_limit.c
@@ -0,0 +1,87 @@
+/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
+ * vim:expandtab:shiftwidth=8:tabstop=8:
+ */
+
+/* for O_DIRECT */
+#define _GNU_SOURCE
+
+#include<stdio.h>
+#include<errno.h>
+#include<fcntl.h>
+#include<sys/types.h>
+#include<sys/stat.h>
+#include<unistd.h>
+#include<signal.h>
+#include<stdlib.h>
+#include<string.h>
+
+#define BUFFERSIZE 4096
+
+/* This flag controls termination of the main loop. */
+volatile sig_atomic_t keep_going = 1;
+
+/* The signal handler just clears the flag and re-enables itself. */
+void catch_alarm(int sig)
+{
+       keep_going = 0;
+       signal(sig, catch_alarm);
+}
+
+int main(int argc, char **argv)
+{
+        char *file;
+        unsigned char buf[BUFFERSIZE];
+        int fd, i, rc;
+       unsigned int test_time;
+        mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+
+        if (argc != 3) {
+                printf("Invalid number of arguments.\n");
+                printf("Usage %s <file> <test_time_in_seconds>\n", argv[0]);
+                return -1;
+        }
+
+        file = argv[1];
+        test_time = atoi(argv[2]);
+
+       /* Establish a handler for SIGALRM signals. */
+       signal(SIGALRM, catch_alarm);
+
+               /* Set an alarm to go off in a little while. */
+               alarm(test_time);
+
+        fd = open(file, O_RDWR|O_TRUNC|O_CREAT|O_SYNC|O_LARGEFILE, mode);
+        if (fd < 0) {
+                fprintf(stderr, "Error: Cannot open file named ");
+                perror(file);
+                return -1;
+        }
+
+        memset(buf, 1, BUFFERSIZE);
+       while (keep_going) {
+                for (i = 0; i < 1024; i++) {
+                       rc = write(fd, buf, BUFFERSIZE);
+                       if (rc < 0) {
+                                fprintf(stderr, "Error: Write error ");
+                                perror(file);
+                               exit(-1);
+                        } else if (rc != BUFFERSIZE) {
+                                fprintf(stderr, "Error: Ddidn't write all data \n");
+                       }
+                }
+
+                if (ftruncate(fd, 0) < 0) {
+                        fprintf(stderr, "Error: Truncate error ");
+                        perror(file);
+                       exit(-1);
+                }
+        }
+
+        if (close(fd) < 0) {
+                fprintf(stderr, "Error: Cannot close ");
+                perror(file);
+                return -1;
+        }
+
+        return 0;
+}

diff --git a/lustre/utils/gss/context_mit.c b/lustre/utils/gss/context_mit.c
index 1d734f8..3edd60f 100644 (file)
--- a/lustre/utils/gss/context_mit.c
+++ b/lustre/utils/gss/context_mit.c
@@ -42,6 +42,7 @@
 
 #ifdef _NEW_BUILD_
 # include "lgss_utils.h"
+# include "write_bytes.h"
 #else
 # include "gss_util.h"
 # include "gss_oids.h"