git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 16 May 2024 09:58:24 +0000 (11:58 +0200)
committer	Andreas Dilger <adilger@whamcloud.com>
	Wed, 19 Jun 2024 05:35:23 +0000 (05:35 +0000)
commit	12ffff3b8b01a690b56016db51aac9ac2dd72e2e
tree	8e20155c2af478c4c1d630efec61aac8338eebaf	tree \| snapshot
parent	89cf5e22f700f452065c27dd3d949c25ec61395e	commit \| diff

LU-17852 gss: do not use expired reverse gss contexts

On server side, a reverse context matches a gss context established
on client side. These reverse contexts have a expiration time, and are
replaced with fresh ones when they expire.
So get rid of expired reverse contexts when we find them in the
gsk_clist. And when we look up for a context, do not continue using
the current one if it is expired.

Add sanity-krb5 test_200 to check the expired reverse contexts.

Lustre-change: https://review.whamcloud.com/55127
Lustre-commit: TBD (from 29a26d4e74ceda192e63d49f130ef233dc3b3b55)

Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I11f2d8ab298073f9d5bedff187b67f2ca289ae47
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/55230
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

lustre/ptlrpc/gss/gss_keyring.c		diff \| blob \| history
lustre/ptlrpc/gss/gss_svc_upcall.c		diff \| blob \| history
lustre/ptlrpc/gss/sec_gss.c		diff \| blob \| history
lustre/tests/sanity-krb5.sh		diff \| blob \| history