From 6ddb9147058c5da4d4f8e2099ad309e994f2c0c5 Mon Sep 17 00:00:00 2001
From: alex <alex>
Date: Tue, 20 Sep 2005 13:25:11 +0000
Subject: [PATCH] - warn if HMAC's don't match

---
 lustre/include/linux/lustre_sec.h |  6 +++---
 lustre/mdc/mdc_request.c          |  2 +-
 lustre/obdfilter/filter_capa.c    | 24 ++++++++++++++++++++++--
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/lustre/include/linux/lustre_sec.h b/lustre/include/linux/lustre_sec.h
index d7592a6064..e674037c20 100644
--- a/lustre/include/linux/lustre_sec.h
+++ b/lustre/include/linux/lustre_sec.h
@@ -575,11 +575,11 @@ enum lustre_capa_type {
 
 #define DEBUG_CAPA(level, capa, fmt, args...)                                  \
 do {                                                                           \
-CDEBUG(level, fmt " capa@%p uid %u ruid %u op %u ino "LPU64" igen %u mdsid %d "\
-       "keyid %d expiry "LPU64" flags %u, hmac %.*s\n",                        \
+CDEBUG(level, fmt " capa@%p uid %u/%u op %u ino "LPU64"/%u mdsid %d "          \
+       "keyid %d expiry "LPU64" flags %u\n",                                   \
        ##args, capa, (capa)->lc_uid, (capa)->lc_ruid, (capa)->lc_op,           \
        (capa)->lc_ino, (capa)->lc_igen, (capa)->lc_mdsid, (capa)->lc_keyid,    \
-       (capa)->lc_expiry, (capa)->lc_flags, CAPA_DIGEST_SIZE, (capa)->lc_hmac);\
+       (capa)->lc_expiry, (capa)->lc_flags);                                   \
 } while (0)
 
 #define DEBUG_CAPA_KEY(level, key, fmt, args...)                               \
diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c
index 103cb3f0c1..790852f862 100644
--- a/lustre/mdc/mdc_request.c
+++ b/lustre/mdc/mdc_request.c
@@ -112,7 +112,7 @@ mdc_interpret_getattr(struct ptlrpc_request *req, void *unused, int rc)
         ENTRY;
 
         if (rc) {
-                DEBUG_REQ(D_INFO, req,
+                DEBUG_REQ(rc == -ENOENT ? D_INFO : D_ERROR , req,
                           "async getattr failed: rc = %d", rc);
                 RETURN(rc);
         }
diff --git a/lustre/obdfilter/filter_capa.c b/lustre/obdfilter/filter_capa.c
index 7d94c73e5e..cfec3ea10d 100644
--- a/lustre/obdfilter/filter_capa.c
+++ b/lustre/obdfilter/filter_capa.c
@@ -208,6 +208,14 @@ int filter_verify_fid(struct obd_export *exp, struct inode *inode,
         RETURN(0);
 }
 
+static void dump_capa_hmac(char *buf, char *key)
+{
+        int i, n = 0;
+
+        for (i = 0; i < CAPA_DIGEST_SIZE; i++)
+                n += sprintf(buf + n, "%02x", (unsigned char) key[i]);
+}
+
 int
 filter_verify_capa(int cmd, struct obd_export *exp, struct lustre_capa *capa)
 {
@@ -279,8 +287,20 @@ verify:
                 spin_unlock(&filter->fo_capa_lock);
 
                 if (rc) {
-                        DEBUG_CAPA(D_ERROR, capa, "access denied");
-                        DEBUG_CAPA(D_ERROR, &ocapa->c_capa, "access denied");
+                        char *key1 = NULL, *key2 = NULL;
+                        OBD_ALLOC(key1, CAPA_DIGEST_SIZE * 2 + 1);
+                        OBD_ALLOC(key2, CAPA_DIGEST_SIZE * 2 + 1);
+                        if (key1 && key2) {
+                                dump_capa_hmac(key1, capa->lc_hmac);
+                                dump_capa_hmac(key2, ocapa->c_capa.lc_hmac);
+                                DEBUG_CAPA(D_ERROR, capa,
+                                           "access denied for (%s != %s)",
+                                           key1, key2);
+                        }
+                        if (key1)
+                                OBD_FREE(key1, CAPA_DIGEST_SIZE * 2 + 1);
+                        if (key2)
+                                OBD_FREE(key2, CAPA_DIGEST_SIZE * 2 + 1);
                 }
                 capa_put(ocapa);
                 RETURN(rc ? -EACCES : 0);
-- 
GitLab