From 87383c55e74a219e72bcf861a2d2e81d978a927f Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Thu, 11 Oct 2018 22:38:53 +0900
Subject: [PATCH] LU-9795 gss: properly handle mgssec

Secured connection to MGS must have all 3 root, mds and oss flags set
by convention.

Also add regression tests for mgssec in sanity-sec.

Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="32 33",SHARED_KEY=true
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I655913b15a551c205cdc3e16fffd48193c8da1fe
Reviewed-on: https://review.whamcloud.com/33357
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/ptlrpc/gss/gss_sk_mech.c    |   2 +-
 lustre/ptlrpc/gss/gss_svc_upcall.c |   7 ++
 lustre/ptlrpc/gss/sec_gss.c        |  21 ++--
 lustre/tests/sanity-sec.sh         | 204 +++++++++++++++++++++++++++++++++++++
 4 files changed, 223 insertions(+), 11 deletions(-)

diff --git a/lustre/ptlrpc/gss/gss_sk_mech.c b/lustre/ptlrpc/gss/gss_sk_mech.c
index 5877726..b830d71 100644
--- a/lustre/ptlrpc/gss/gss_sk_mech.c
+++ b/lustre/ptlrpc/gss/gss_sk_mech.c
@@ -253,7 +253,7 @@ __u32 gss_import_sec_context_sk(rawobj_t *inbuf, struct gss_ctx *gss_context)
 
 	gss_context->internal_ctx_id = skc;
 	CDEBUG(D_SEC, "successfully imported sk%s context\n",
-	       privacy ? "pi" : "i");
+	       privacy ? " (with privacy)" : "");
 
 	return GSS_S_COMPLETE;
 
diff --git a/lustre/ptlrpc/gss/gss_svc_upcall.c b/lustre/ptlrpc/gss/gss_svc_upcall.c
index 4b2d927..a00b541 100644
--- a/lustre/ptlrpc/gss/gss_svc_upcall.c
+++ b/lustre/ptlrpc/gss/gss_svc_upcall.c
@@ -857,6 +857,13 @@ int gss_svc_upcall_install_rvs_ctx(struct obd_import *imp,
 		break;
 	case LUSTRE_SP_CLI:
 		rsci.ctx.gsc_usr_root = 1;
+		break;
+	case LUSTRE_SP_MGS:
+		/* by convention, all 3 set to 1 means MGS */
+		rsci.ctx.gsc_usr_mds = 1;
+		rsci.ctx.gsc_usr_oss = 1;
+		rsci.ctx.gsc_usr_root = 1;
+		break;
 	default:
 		break;
 	}
diff --git a/lustre/ptlrpc/gss/sec_gss.c b/lustre/ptlrpc/gss/sec_gss.c
index 7ba1700..e1a53a0 100644
--- a/lustre/ptlrpc/gss/sec_gss.c
+++ b/lustre/ptlrpc/gss/sec_gss.c
@@ -2054,16 +2054,17 @@ int gss_svc_handle_init(struct ptlrpc_request *req,
         if (rc != SECSVC_OK)
                 RETURN(rc);
 
-        if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_oss ||
-            grctx->src_ctx->gsc_usr_root)
-                CWARN("create svc ctx %p: user from %s authenticated as %s\n",
-                      grctx->src_ctx, libcfs_nid2str(req->rq_peer.nid),
-                      grctx->src_ctx->gsc_usr_mds ? "mds" :
-                        (grctx->src_ctx->gsc_usr_oss ? "oss" : "root"));
-        else
-                CWARN("create svc ctx %p: accept user %u from %s\n",
-                      grctx->src_ctx, grctx->src_ctx->gsc_uid,
-                      libcfs_nid2str(req->rq_peer.nid));
+	if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_oss ||
+	    grctx->src_ctx->gsc_usr_root)
+		CWARN("create svc ctx %p: user from %s authenticated as %s\n",
+		      grctx->src_ctx, libcfs_nid2str(req->rq_peer.nid),
+		      grctx->src_ctx->gsc_usr_root ? "root" :
+		      (grctx->src_ctx->gsc_usr_mds ? "mds" :
+		       (grctx->src_ctx->gsc_usr_oss ? "oss" : "null")));
+	else
+		CWARN("create svc ctx %p: accept user %u from %s\n",
+		      grctx->src_ctx, grctx->src_ctx->gsc_uid,
+		      libcfs_nid2str(req->rq_peer.nid));
 
         if (gw->gw_flags & LUSTRE_GSS_PACK_USER) {
                 if (reqbuf->lm_bufcount < 4) {
diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index 9ee4e65..c5d9663 100755
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -2302,6 +2302,210 @@ test_31() {
 }
 run_test 31 "client mount option '-o network'"
 
+cleanup_32() {
+	# umount client
+	zconf_umount_clients ${clients_arr[0]} $MOUNT
+
+	# disable sk flavor enforcement on MGS
+	set_rule _mgs any any null
+
+	# stop gss daemon on MGS
+	if ! combined_mgs_mds ; then
+		send_sigint $mgs_HOST lsvcgssd
+	fi
+
+	# re-mount client
+	MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
+	mountcli
+
+	restore_to_default_flavor
+}
+
+test_32() {
+	if ! $SHARED_KEY; then
+		skip "need shared key feature for this test"
+	fi
+
+	stack_trap cleanup_32 EXIT
+
+	# restore to default null flavor
+	save_flvr=$SK_FLAVOR
+	SK_FLAVOR=null
+	restore_to_default_flavor || error "cannot set null flavor"
+	SK_FLAVOR=$save_flvr
+
+	# umount client
+	if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
+		umount_client $MOUNT2 || error "umount $MOUNT2 failed"
+	fi
+	if $(grep -q $MOUNT' ' /proc/mounts); then
+	umount_client $MOUNT || error "umount $MOUNT failed"
+	fi
+
+	# start gss daemon on MGS
+	if combined_mgs_mds ; then
+		send_sigint $mds_HOST lsvcgssd
+	fi
+	start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
+
+	# add mgs key type and MGS NIDs in key on MGS
+	do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+				$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not modify keyfile on MGS"
+
+	# load modified key file on MGS
+	do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not load keyfile on MGS"
+
+	# add MGS NIDs in key on client
+	do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+				$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not modify keyfile on MGS"
+
+	# set perms for per-nodemap keys else permission denied
+	do_nodes $(comma_list $(all_nodes)) \
+		 "keyctl show | grep lustre | cut -c1-11 |
+				sed -e 's/ //g;' |
+				xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+	# re-mount client with mgssec=skn
+	save_opts=$MOUNT_OPTS
+	if [ -z "$MOUNT_OPTS" ]; then
+		MOUNT_OPTS="-o mgssec=skn"
+	else
+		MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+	fi
+	zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+		error "mount ${clients_arr[0]} with mgssec=skn failed"
+	MOUNT_OPTS=$save_opts
+
+	# umount client
+	zconf_umount_clients ${clients_arr[0]} $MOUNT ||
+		error "umount ${clients_arr[0]} failed"
+
+	# enforce ska flavor on MGS
+	set_rule _mgs any any ska
+
+	# re-mount client without mgssec
+	zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
+		error "mount ${clients_arr[0]} without mgssec should fail"
+
+	# re-mount client with mgssec=skn
+	save_opts=$MOUNT_OPTS
+	if [ -z "$MOUNT_OPTS" ]; then
+		MOUNT_OPTS="-o mgssec=skn"
+	else
+		MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+	fi
+	zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS &&
+		error "mount ${clients_arr[0]} with mgssec=skn should fail"
+	MOUNT_OPTS=$save_opts
+
+	# re-mount client with mgssec=ska
+	save_opts=$MOUNT_OPTS
+	if [ -z "$MOUNT_OPTS" ]; then
+		MOUNT_OPTS="-o mgssec=ska"
+	else
+		MOUNT_OPTS="$MOUNT_OPTS,mgssec=ska"
+	fi
+	zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+		error "mount ${clients_arr[0]} with mgssec=ska failed"
+	MOUNT_OPTS=$save_opts
+
+	exit 0
+}
+run_test 32 "check for mgssec"
+
+cleanup_33() {
+	# disable sk flavor enforcement
+	set_rule $FSNAME any cli2mdt null
+	wait_flavor cli2mdt null
+
+	# umount client
+	zconf_umount_clients ${clients_arr[0]} $MOUNT
+
+	# stop gss daemon on MGS
+	if ! combined_mgs_mds ; then
+		send_sigint $mgs_HOST lsvcgssd
+	fi
+
+	# re-mount client
+	MOUNT_OPTS=$(add_sk_mntflag $MOUNT_OPTS)
+	mountcli
+
+	restore_to_default_flavor
+}
+
+test_33() {
+	if ! $SHARED_KEY; then
+		skip "need shared key feature for this test"
+	fi
+
+	stack_trap cleanup_33 EXIT
+
+	# restore to default null flavor
+	save_flvr=$SK_FLAVOR
+	SK_FLAVOR=null
+	restore_to_default_flavor || error "cannot set null flavor"
+	SK_FLAVOR=$save_flvr
+
+	# umount client
+	if [ "$MOUNT_2" ] && $(grep -q $MOUNT2' ' /proc/mounts); then
+		umount_client $MOUNT2 || error "umount $MOUNT2 failed"
+	fi
+	if $(grep -q $MOUNT' ' /proc/mounts); then
+	umount_client $MOUNT || error "umount $MOUNT failed"
+	fi
+
+	# start gss daemon on MGS
+	if combined_mgs_mds ; then
+		send_sigint $mds_HOST lsvcgssd
+	fi
+	start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv -s -g"
+
+	# add mgs key type and MGS NIDs in key on MGS
+	do_nodes $mgs_HOST "lgss_sk -t mgs,server -g $MGSNID -m \
+				$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not modify keyfile on MGS"
+
+	# load modified key file on MGS
+	do_nodes $mgs_HOST "lgss_sk -l $SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not load keyfile on MGS"
+
+	# add MGS NIDs in key on client
+	do_nodes ${clients_arr[0]} "lgss_sk -g $MGSNID -m \
+				$SK_PATH/$FSNAME.key >/dev/null 2>&1" ||
+		error "could not modify keyfile on MGS"
+
+	# set perms for per-nodemap keys else permission denied
+	do_nodes $(comma_list $(all_nodes)) \
+		 "keyctl show | grep lustre | cut -c1-11 |
+				sed -e 's/ //g;' |
+				xargs -IX keyctl setperm X 0x3f3f3f3f"
+
+	# re-mount client with mgssec=skn
+	save_opts=$MOUNT_OPTS
+	if [ -z "$MOUNT_OPTS" ]; then
+		MOUNT_OPTS="-o mgssec=skn"
+	else
+		MOUNT_OPTS="$MOUNT_OPTS,mgssec=skn"
+	fi
+	zconf_mount_clients ${clients_arr[0]} $MOUNT $MOUNT_OPTS ||
+		error "mount ${clients_arr[0]} with mgssec=skn failed"
+	MOUNT_OPTS=$save_opts
+
+	# enforce ska flavor for cli2mdt
+	set_rule $FSNAME any cli2mdt ska
+	wait_flavor cli2mdt ska
+
+	# check error message
+	$LCTL dk | grep "faked source" &&
+		error "MGS connection srpc flags incorrect"
+
+	exit 0
+}
+run_test 33 "correct srpc flags for MGS connection"
+
 log "cleanup: ======================================================"
 
 sec_unsetup() {
-- 
1.8.3.1