From b05331b94f0e6a51d50c329a326463b84a77d473 Mon Sep 17 00:00:00 2001 From: Patrick Farrell Date: Mon, 16 Sep 2013 07:48:19 -0500 Subject: [PATCH] LU-3490 autoconf: disable GSS when required libraries missing Add 'auto' functionality to GSS keyring configuration to match GSS configuration. When using the 'auto' setting for GSS and GSS keyring, set enable_gss/enable_gss_keyring to 'yes' if configuration tests pass so GSS is actually built. Disable GSS/KRB5 if both krb5_derive_key and krb5int_derive_key are missing. In some distro such as Sles11sp1 and Ubuntu 10.04, both of these libraries are missing Remove #ifdef HAVE_STRUCT_CRED since it's not defined anywhere. This is due to incomplete cleanup of autoconf from LU-2800 Signed-off-by: Patrick Farrell Signed-off-by: Minh Diep Change-Id: I36eb1370afe42cbac3ac924ca8100acaa25558d9 Reviewed-on: http://review.whamcloud.com/7622 Tested-by: Hudson Reviewed-by: Dmitry Eremin Tested-by: Maloo Reviewed-by: Andreas Dilger --- lustre/autoconf/kerberos5.m4 | 9 ++++- lustre/autoconf/lustre-core.m4 | 90 ++++++++++++++++++++++++----------------- lustre/ptlrpc/gss/gss_keyring.c | 5 --- 3 files changed, 62 insertions(+), 42 deletions(-) diff --git a/lustre/autoconf/kerberos5.m4 b/lustre/autoconf/kerberos5.m4 index a167f72..80fa4b3 100644 --- a/lustre/autoconf/kerberos5.m4 +++ b/lustre/autoconf/kerberos5.m4 @@ -40,7 +40,6 @@ AC_DEFUN([AC_KERBEROS_V5],[ -f $dir/lib64/libgssapi_krb5.so -o \ -f $dir/lib/x86_64-linux-gnu/libgssapi_krb5.so -o \ -f $dir/lib/libgssapi_krb5.so \) ; then - AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) KRBDIR="$dir" dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the dnl private function (gss_krb5_ccache_name) to get correct @@ -106,6 +105,14 @@ AC_DEFUN([AC_KERBEROS_V5],[ AC_CHECK_LIB($gssapi_lib, krb5int_derive_key, AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available]), ,$KRBLIBS) + dnl Check for krb5_derive_key + AC_CHECK_LIB($gssapi_lib, krb5_derive_key, + AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available]), ,$KRBLIBS) + + AS_IF([test "x$HAVE_KRB5INT_DERIVE_KEY" = "x1" -o "x$HAVE_KRB5_DERIVE_KEY" = "x1"], + [AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])], + [KRBDIR=""; AC_MSG_WARN(Disable gss/krb5 due to missing both krb5int_derive_key and krb5_derive_key functions!)]) + dnl If they specified a directory and it didn't work, give them a warning if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index 89a73ae..ed73058 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -262,25 +262,35 @@ AC_DEFUN([LC_CONFIG_RMTCLIENT], ]) # -# LC_CONFIG_GSS_KEYRING (default enabled, if gss is enabled) +# LC_CONFIG_GSS_KEYRING (default 'auto', tests for dependencies, if found, enables; only called if gss is enabled) # AC_DEFUN([LC_CONFIG_GSS_KEYRING], [AC_MSG_CHECKING([whether to enable gss keyring backend]) AC_ARG_ENABLE([gss_keyring], [AC_HELP_STRING([--disable-gss-keyring], [disable gss keyring backend])], - [],[enable_gss_keyring='yes']) + [],[enable_gss_keyring='auto']) AC_MSG_RESULT([$enable_gss_keyring]) if test x$enable_gss_keyring != xno; then - LB_LINUX_CONFIG_IM([KEYS],[], - [AC_MSG_ERROR([GSS keyring backend require that CONFIG_KEYS be enabled in your kernel.])]) + LB_LINUX_CONFIG_IM([KEYS],[], + [gss_keyring_conf_test='fail'; + AC_MSG_WARN([GSS keyring backend require that CONFIG_KEYS be enabled in your kernel.])]) - AC_CHECK_LIB([keyutils], [keyctl_search], [], - [AC_MSG_ERROR([libkeyutils is not found, which is required by gss keyring backend])],) + AC_CHECK_LIB([keyutils], [keyctl_search], [], + [gss_keyring_conf_test='fail'; + AC_MSG_WARN([libkeyutils is not found, which is required by gss keyring backend])],) - AC_DEFINE([HAVE_GSS_KEYRING], [1], - [Define this if you enable gss keyring backend]) + if test x$gss_keyring_conf_test != xfail; then + AC_DEFINE([HAVE_GSS_KEYRING], [1], [Define this if you enable gss keyring backend]) + enable_gss_keyring='yes' + else + if test x$enable_gss_keyring == xyes; then + AC_MSG_ERROR([Cannot enable gss_keyring. See above for details.]) + else + AC_MSG_WARN([Cannot enable gss keyring. See above for details.]) + fi + fi fi ]) @@ -292,7 +302,7 @@ AC_DEFUN([LC_CONFIG_SUNRPC], ]) # -# LC_CONFIG_GSS (default disabled) +# LC_CONFIG_GSS (default 'auto' (tests for dependencies, if found, enables)) # # Build gss and related tools of Lustre. Currently both kernel and user space # parts are depend on linux platform. @@ -306,35 +316,43 @@ AC_DEFUN([LC_CONFIG_GSS], if test x$enable_gss != xno; then LC_CONFIG_GSS_KEYRING - sunrpc_required=$enable_gss - LC_CONFIG_SUNRPC + sunrpc_required=$enable_gss + LC_CONFIG_SUNRPC sunrpc_required=no - AC_DEFINE([HAVE_GSS], [1], [Define this if you enable gss]) - - LB_LINUX_CONFIG_IM([CRYPTO_MD5],[], - [AC_MSG_WARN([kernel MD5 support is recommended by using GSS.])]) - LB_LINUX_CONFIG_IM([CRYPTO_SHA1],[], - [AC_MSG_WARN([kernel SHA1 support is recommended by using GSS.])]) - LB_LINUX_CONFIG_IM([CRYPTO_SHA256],[], - [AC_MSG_WARN([kernel SHA256 support is recommended by using GSS.])]) - LB_LINUX_CONFIG_IM([CRYPTO_SHA512],[], - [AC_MSG_WARN([kernel SHA512 support is recommended by using GSS.])]) - - require_krb5=$enable_gss - AC_KERBEROS_V5 - require_krb5=no - - if test x$KRBDIR != x; then - AC_CHECK_LIB([gssapi], [gss_export_lucid_sec_context], - [GSSAPI_LIBS="$GSSAPI_LDFLAGS -lgssapi"], - [AC_CHECK_LIB([gssglue], [gss_export_lucid_sec_context], - [GSSAPI_LIBS="$GSSAPI_LDFLAGS -lgssglue"], - [if test x$enable_gss == xyes; then - AC_MSG_ERROR([libgssapi or libgssglue is not found, which is required by GSS.]) - fi])],) - AC_SUBST(GSSAPI_LIBS) - fi + LB_LINUX_CONFIG_IM([CRYPTO_MD5],[], + [AC_MSG_WARN([kernel MD5 support is recommended by using GSS.])]) + LB_LINUX_CONFIG_IM([CRYPTO_SHA1],[], + [AC_MSG_WARN([kernel SHA1 support is recommended by using GSS.])]) + LB_LINUX_CONFIG_IM([CRYPTO_SHA256],[], + [AC_MSG_WARN([kernel SHA256 support is recommended by using GSS.])]) + LB_LINUX_CONFIG_IM([CRYPTO_SHA512],[], + [AC_MSG_WARN([kernel SHA512 support is recommended by using GSS.])]) + + require_krb5=$enable_gss + AC_KERBEROS_V5 + require_krb5=no + + if test x$KRBDIR != x; then + AC_CHECK_LIB([gssapi], [gss_export_lucid_sec_context], + [GSSAPI_LIBS="$GSSAPI_LDFLAGS -lgssapi"; + gss_conf_test='success'], + [AC_CHECK_LIB([gssglue], [gss_export_lucid_sec_context], + [GSSAPI_LIBS="$GSSAPI_LDFLAGS -lgssglue"; + gss_conf_test='success'], + [if test x$enable_gss == xyes; then + AC_MSG_ERROR([libgssapi or libgssglue is not found, which is required by GSS.]) + else + AC_MSG_WARN([libgssapi or libgssglue is not found, which is required by GSS.]) + fi])],) + AC_SUBST(GSSAPI_LIBS) + fi + + if test x$gss_conf_test == xsuccess; then + AC_DEFINE([HAVE_GSS], [1], [Define this is if you enable gss]) + enable_gss='yes' + fi + fi ]) diff --git a/lustre/ptlrpc/gss/gss_keyring.c b/lustre/ptlrpc/gss/gss_keyring.c index 1f1fe15..82e1c63 100644 --- a/lustre/ptlrpc/gss/gss_keyring.c +++ b/lustre/ptlrpc/gss/gss_keyring.c @@ -123,13 +123,8 @@ static int sec_install_rctx_kr(struct ptlrpc_sec *sec, ); \ } -#ifdef HAVE_STRUCT_CRED /* Since 2.6.29 */ #define key_cred(tsk) ((tsk)->cred) #define key_tgcred(tsk) ((tsk)->cred->tgcred) -#else -#define key_cred(tsk) (tsk) -#define key_tgcred(tsk) ((tsk)->signal) -#endif static inline void keyring_upcall_lock(struct gss_sec_keyring *gsec_kr) { -- 1.8.3.1