LU-14479 ssk: explicitly set perm on key

When an SSK key is loaded, either via lgss_sk command or thanks to
skpath mount option, try to set permissions on the key.
This is to avoid a 'Permission denied' error when a Lustre client or
server wants to make use of the key later on.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I1ed712ae4d07be306cc76b4e59fab303437558bb
Reviewed-on: https://review.whamcloud.com/41929
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/utils/gss/sk_utils.c b/lustre/utils/gss/sk_utils.c
index 2e356a1..fb37758 100755 (executable)
--- a/lustre/utils/gss/sk_utils.c
+++ b/lustre/utils/gss/sk_utils.c
@@ -174,11 +174,18 @@ static key_serial_t sk_load_key(const struct sk_keyfile_config *skc,
 
        key = add_key("user", description, &payload, sizeof(payload),
                      KEY_SPEC_USER_KEYRING);
-       if (key != -1)
+       if (key != -1) {
+               key_perm_t perm = KEY_POS_ALL | KEY_USR_ALL |
+                       KEY_GRP_ALL | KEY_OTH_ALL;
+
+               if (keyctl_setperm(key, perm) < 0)
+                       printerr(2, "Failed to set perm 0x%x on key %d\n",
+                                perm, key);
                printerr(2, "Added key %d with description %s\n", key,
                         description);
-       else
+       } else {
                printerr(0, "Failed to add key with %s\n", description);
+       }
 
        return key;
 }