From: Sebastien Buisson <sbuisson@ddn.com>
Date: Mon, 8 Mar 2021 14:20:00 +0000 (+0100)
Subject: LU-14479 ssk: explicitly set perm on key
X-Git-Tag: 2.14.52~199
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=f265033840996dcdffb2f05a64b51b51391a273c

LU-14479 ssk: explicitly set perm on key

When an SSK key is loaded, either via lgss_sk command or thanks to
skpath mount option, try to set permissions on the key.
This is to avoid a 'Permission denied' error when a Lustre client or
server wants to make use of the key later on.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I1ed712ae4d07be306cc76b4e59fab303437558bb
Reviewed-on: https://review.whamcloud.com/41929
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/utils/gss/sk_utils.c b/lustre/utils/gss/sk_utils.c
index 2e356a1..fb37758 100755
--- a/lustre/utils/gss/sk_utils.c
+++ b/lustre/utils/gss/sk_utils.c
@@ -174,11 +174,18 @@ static key_serial_t sk_load_key(const struct sk_keyfile_config *skc,
 
 	key = add_key("user", description, &payload, sizeof(payload),
 		      KEY_SPEC_USER_KEYRING);
-	if (key != -1)
+	if (key != -1) {
+		key_perm_t perm = KEY_POS_ALL | KEY_USR_ALL |
+			KEY_GRP_ALL | KEY_OTH_ALL;
+
+		if (keyctl_setperm(key, perm) < 0)
+			printerr(2, "Failed to set perm 0x%x on key %d\n",
+				 perm, key);
 		printerr(2, "Added key %d with description %s\n", key,
 			 description);
-	else
+	} else {
 		printerr(0, "Failed to add key with %s\n", description);
+	}
 
 	return key;
 }