4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
40 /** \defgroup sptlrpc sptlrpc
50 struct ptlrpc_request;
51 struct ptlrpc_reply_state;
52 struct ptlrpc_bulk_desc;
61 struct ptlrpc_sec_policy;
62 struct ptlrpc_sec_cops;
63 struct ptlrpc_sec_sops;
65 struct ptlrpc_svc_ctx;
66 struct ptlrpc_cli_ctx;
67 struct ptlrpc_ctx_ops;
70 * \addtogroup flavor flavor
72 * RPC flavor is represented by a 32 bits integer. Currently the high 12 bits
73 * are unused, must be set to 0 for future expansion.
75 * ------------------------------------------------------------------------
76 * | 4b (bulk svc) | 4b (bulk type) | 4b (svc) | 4b (mech) | 4b (policy) |
77 * ------------------------------------------------------------------------
87 SPTLRPC_POLICY_NULL = 0,
88 SPTLRPC_POLICY_PLAIN = 1,
89 SPTLRPC_POLICY_GSS = 2,
93 enum sptlrpc_mech_null {
94 SPTLRPC_MECH_NULL = 0,
95 SPTLRPC_MECH_NULL_MAX,
98 enum sptlrpc_mech_plain {
99 SPTLRPC_MECH_PLAIN = 0,
100 SPTLRPC_MECH_PLAIN_MAX,
103 enum sptlrpc_mech_gss {
104 SPTLRPC_MECH_GSS_NULL = 0,
105 SPTLRPC_MECH_GSS_KRB5 = 1,
106 SPTLRPC_MECH_GSS_MAX,
109 enum sptlrpc_service_type {
110 SPTLRPC_SVC_NULL = 0, /**< no security */
111 SPTLRPC_SVC_AUTH = 1, /**< authentication only */
112 SPTLRPC_SVC_INTG = 2, /**< integrity */
113 SPTLRPC_SVC_PRIV = 3, /**< privacy */
117 enum sptlrpc_bulk_type {
118 SPTLRPC_BULK_DEFAULT = 0, /**< follow rpc flavor */
119 SPTLRPC_BULK_HASH = 1, /**< hash integrity */
123 enum sptlrpc_bulk_service {
124 SPTLRPC_BULK_SVC_NULL = 0, /**< no security */
125 SPTLRPC_BULK_SVC_AUTH = 1, /**< authentication only */
126 SPTLRPC_BULK_SVC_INTG = 2, /**< integrity */
127 SPTLRPC_BULK_SVC_PRIV = 3, /**< privacy */
128 SPTLRPC_BULK_SVC_MAX,
132 * compose/extract macros
134 #define FLVR_POLICY_OFFSET (0)
135 #define FLVR_MECH_OFFSET (4)
136 #define FLVR_SVC_OFFSET (8)
137 #define FLVR_BULK_TYPE_OFFSET (12)
138 #define FLVR_BULK_SVC_OFFSET (16)
140 #define MAKE_FLVR(policy, mech, svc, btype, bsvc) \
141 (((__u32)(policy) << FLVR_POLICY_OFFSET) | \
142 ((__u32)(mech) << FLVR_MECH_OFFSET) | \
143 ((__u32)(svc) << FLVR_SVC_OFFSET) | \
144 ((__u32)(btype) << FLVR_BULK_TYPE_OFFSET) | \
145 ((__u32)(bsvc) << FLVR_BULK_SVC_OFFSET))
150 #define SPTLRPC_FLVR_POLICY(flavor) \
151 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xF)
152 #define SPTLRPC_FLVR_MECH(flavor) \
153 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xF)
154 #define SPTLRPC_FLVR_SVC(flavor) \
155 ((((__u32)(flavor)) >> FLVR_SVC_OFFSET) & 0xF)
156 #define SPTLRPC_FLVR_BULK_TYPE(flavor) \
157 ((((__u32)(flavor)) >> FLVR_BULK_TYPE_OFFSET) & 0xF)
158 #define SPTLRPC_FLVR_BULK_SVC(flavor) \
159 ((((__u32)(flavor)) >> FLVR_BULK_SVC_OFFSET) & 0xF)
161 #define SPTLRPC_FLVR_BASE(flavor) \
162 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xFFF)
163 #define SPTLRPC_FLVR_BASE_SUB(flavor) \
164 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xFF)
169 #define MAKE_BASE_SUBFLVR(mech, svc) \
171 ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
173 #define SPTLRPC_SUBFLVR_KRB5N \
174 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
175 #define SPTLRPC_SUBFLVR_KRB5A \
176 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
177 #define SPTLRPC_SUBFLVR_KRB5I \
178 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
179 #define SPTLRPC_SUBFLVR_KRB5P \
180 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
185 #define SPTLRPC_FLVR_NULL \
186 MAKE_FLVR(SPTLRPC_POLICY_NULL, \
189 SPTLRPC_BULK_DEFAULT, \
190 SPTLRPC_BULK_SVC_NULL)
191 #define SPTLRPC_FLVR_PLAIN \
192 MAKE_FLVR(SPTLRPC_POLICY_PLAIN, \
193 SPTLRPC_MECH_PLAIN, \
196 SPTLRPC_BULK_SVC_INTG)
197 #define SPTLRPC_FLVR_KRB5N \
198 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
199 SPTLRPC_MECH_GSS_KRB5, \
201 SPTLRPC_BULK_DEFAULT, \
202 SPTLRPC_BULK_SVC_NULL)
203 #define SPTLRPC_FLVR_KRB5A \
204 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
205 SPTLRPC_MECH_GSS_KRB5, \
207 SPTLRPC_BULK_DEFAULT, \
208 SPTLRPC_BULK_SVC_NULL)
209 #define SPTLRPC_FLVR_KRB5I \
210 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
211 SPTLRPC_MECH_GSS_KRB5, \
213 SPTLRPC_BULK_DEFAULT, \
214 SPTLRPC_BULK_SVC_INTG)
215 #define SPTLRPC_FLVR_KRB5P \
216 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
217 SPTLRPC_MECH_GSS_KRB5, \
219 SPTLRPC_BULK_DEFAULT, \
220 SPTLRPC_BULK_SVC_PRIV)
222 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
224 #define SPTLRPC_FLVR_INVALID ((__u32) 0xFFFFFFFF)
225 #define SPTLRPC_FLVR_ANY ((__u32) 0xFFF00000)
228 * extract the useful part from wire flavor
230 #define WIRE_FLVR(wflvr) (((__u32) (wflvr)) & 0x000FFFFF)
234 static inline void flvr_set_svc(__u32 *flvr, __u32 svc)
236 LASSERT(svc < SPTLRPC_SVC_MAX);
237 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
238 SPTLRPC_FLVR_MECH(*flvr),
240 SPTLRPC_FLVR_BULK_TYPE(*flvr),
241 SPTLRPC_FLVR_BULK_SVC(*flvr));
244 static inline void flvr_set_bulk_svc(__u32 *flvr, __u32 svc)
246 LASSERT(svc < SPTLRPC_BULK_SVC_MAX);
247 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
248 SPTLRPC_FLVR_MECH(*flvr),
249 SPTLRPC_FLVR_SVC(*flvr),
250 SPTLRPC_FLVR_BULK_TYPE(*flvr),
254 struct bulk_spec_hash {
259 * Full description of flavors being used on a ptlrpc connection, include
260 * both regular RPC and bulk transfer parts.
262 struct sptlrpc_flavor {
264 * wire flavor, should be renamed to sf_wire.
268 * general flags of PTLRPC_SEC_FL_*
272 * rpc flavor specification
275 /* nothing for now */
278 * bulk flavor specification
281 struct bulk_spec_hash hash;
286 * identify the RPC is generated from what part of Lustre. It's encoded into
287 * RPC requests and to be checked by ptlrpc service.
289 enum lustre_sec_part {
298 const char *sptlrpc_part2name(enum lustre_sec_part sp);
299 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
302 * A rule specifies a flavor to be used by a ptlrpc connection between
305 struct sptlrpc_rule {
306 __u32 sr_netid; /* LNET network ID */
307 __u8 sr_from; /* sec_part */
308 __u8 sr_to; /* sec_part */
310 struct sptlrpc_flavor sr_flvr;
314 * A set of rules in memory.
316 * Rules are generated and stored on MGS, and propagated to MDT, OST,
317 * and client when needed.
319 struct sptlrpc_rule_set {
322 struct sptlrpc_rule *srs_rules;
325 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
326 int sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr);
328 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
330 memset(set, 0, sizeof(*set));
333 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
334 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set);
335 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
336 struct sptlrpc_rule *rule);
337 int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
338 enum lustre_sec_part from,
339 enum lustre_sec_part to,
341 struct sptlrpc_flavor *sf);
342 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
344 int sptlrpc_process_config(struct lustre_cfg *lcfg);
345 void sptlrpc_conf_log_start(const char *logname);
346 void sptlrpc_conf_log_stop(const char *logname);
347 void sptlrpc_conf_log_update_begin(const char *logname);
348 void sptlrpc_conf_log_update_end(const char *logname);
349 void sptlrpc_conf_client_adapt(struct obd_device *obd);
350 void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
351 enum lustre_sec_part from,
353 struct sptlrpc_flavor *flavor);
355 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
356 * and should be enough for other future mechanisms but not sure.
357 * Only used by pre-allocated request/reply pool.
359 #define SPTLRPC_MAX_PAYLOAD (1024)
367 struct ptlrpc_ctx_ops {
369 * To determine whether it's suitable to use the \a ctx for \a vcred.
371 int (*match) (struct ptlrpc_cli_ctx *ctx,
372 struct vfs_cred *vcred);
375 * To bring the \a ctx uptodate.
377 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
380 * Validate the \a ctx.
382 int (*validate) (struct ptlrpc_cli_ctx *ctx);
385 * Force the \a ctx to die.
387 void (*force_die) (struct ptlrpc_cli_ctx *ctx,
389 int (*display) (struct ptlrpc_cli_ctx *ctx,
390 char *buf, int bufsize);
393 * Sign the request message using \a ctx.
395 * \pre req->rq_reqmsg point to request message.
396 * \pre req->rq_reqlen is the request message length.
397 * \post req->rq_reqbuf point to request message with signature.
398 * \post req->rq_reqdata_len is set to the final request message size.
400 * \see null_ctx_sign(), plain_ctx_sign(), gss_cli_ctx_sign().
402 int (*sign) (struct ptlrpc_cli_ctx *ctx,
403 struct ptlrpc_request *req);
406 * Verify the reply message using \a ctx.
408 * \pre req->rq_repdata point to reply message with signature.
409 * \pre req->rq_repdata_len is the total reply message length.
410 * \post req->rq_repmsg point to reply message without signature.
411 * \post req->rq_replen is the reply message length.
413 * \see null_ctx_verify(), plain_ctx_verify(), gss_cli_ctx_verify().
415 int (*verify) (struct ptlrpc_cli_ctx *ctx,
416 struct ptlrpc_request *req);
419 * Encrypt the request message using \a ctx.
421 * \pre req->rq_reqmsg point to request message in clear text.
422 * \pre req->rq_reqlen is the request message length.
423 * \post req->rq_reqbuf point to request message.
424 * \post req->rq_reqdata_len is set to the final request message size.
426 * \see gss_cli_ctx_seal().
428 int (*seal) (struct ptlrpc_cli_ctx *ctx,
429 struct ptlrpc_request *req);
432 * Decrypt the reply message using \a ctx.
434 * \pre req->rq_repdata point to encrypted reply message.
435 * \pre req->rq_repdata_len is the total cipher text length.
436 * \post req->rq_repmsg point to reply message in clear text.
437 * \post req->rq_replen is the reply message length in clear text.
439 * \see gss_cli_ctx_unseal().
441 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
442 struct ptlrpc_request *req);
445 * Wrap bulk request data. This is called before wrapping RPC
448 * \pre bulk buffer is descripted by desc->bd_iov and
449 * desc->bd_iov_count. note for read it's just buffer, no data
450 * need to be sent; for write it contains data in clear text.
451 * \post when necessary, ptlrpc_bulk_sec_desc was properly prepared
452 * (usually inside of RPC request message).
453 * - encryption: cipher text bulk buffer is descripted by
454 * desc->bd_enc_iov and desc->bd_iov_count (currently assume iov
455 * count remains the same).
456 * - otherwise: bulk buffer is still desc->bd_iov and
457 * desc->bd_iov_count.
459 * \return 0: success.
460 * \return -ev: error code.
462 * \see plain_cli_wrap_bulk(), gss_cli_ctx_wrap_bulk().
464 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
465 struct ptlrpc_request *req,
466 struct ptlrpc_bulk_desc *desc);
469 * Unwrap bulk reply data. This is called after wrapping RPC
472 * \pre bulk buffer is descripted by desc->bd_iov/desc->bd_enc_iov and
473 * desc->bd_iov_count, according to wrap_bulk().
474 * \post final bulk data in clear text is placed in buffer described
475 * by desc->bd_iov and desc->bd_iov_count.
476 * \return +ve nob of actual bulk data in clear text.
477 * \return -ve error code.
479 * \see plain_cli_unwrap_bulk(), gss_cli_ctx_unwrap_bulk().
481 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
482 struct ptlrpc_request *req,
483 struct ptlrpc_bulk_desc *desc);
486 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
487 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
488 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
489 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
490 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
491 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
493 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
494 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
495 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
496 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
497 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
498 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
500 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
501 PTLRPC_CTX_UPTODATE | \
505 struct ptlrpc_cli_ctx {
506 struct hlist_node cc_cache; /* linked into ctx cache */
507 atomic_t cc_refcount;
508 struct ptlrpc_sec *cc_sec;
509 struct ptlrpc_ctx_ops *cc_ops;
510 unsigned long cc_expire; /* in seconds */
511 unsigned int cc_early_expire:1;
512 unsigned long cc_flags;
513 struct vfs_cred cc_vcred;
515 struct list_head cc_req_list; /* waiting reqs linked here */
516 struct list_head cc_gc_chain; /* linked to gc chain */
520 * client side policy operation vector.
522 struct ptlrpc_sec_cops {
524 * Given an \a imp, create and initialize a ptlrpc_sec structure.
525 * \param ctx service context:
526 * - regular import: \a ctx should be NULL;
527 * - reverse import: \a ctx is obtained from incoming request.
528 * \param flavor specify what flavor to use.
530 * When necessary, policy module is responsible for taking reference
533 * \see null_create_sec(), plain_create_sec(), gss_sec_create_kr().
535 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
536 struct ptlrpc_svc_ctx *ctx,
537 struct sptlrpc_flavor *flavor);
540 * Destructor of ptlrpc_sec. When called, refcount has been dropped
541 * to 0 and all contexts has been destroyed.
543 * \see null_destroy_sec(), plain_destroy_sec(), gss_sec_destroy_kr().
545 void (*destroy_sec) (struct ptlrpc_sec *sec);
548 * Notify that this ptlrpc_sec is going to die. Optionally, policy
549 * module is supposed to set sec->ps_dying and whatever necessary
552 * \see plain_kill_sec(), gss_sec_kill().
554 void (*kill_sec) (struct ptlrpc_sec *sec);
557 * Given \a vcred, lookup and/or create its context. The policy module
558 * is supposed to maintain its own context cache.
559 * XXX currently \a create and \a remove_dead is always 1, perhaps
560 * should be removed completely.
562 * \see null_lookup_ctx(), plain_lookup_ctx(), gss_sec_lookup_ctx_kr().
564 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
565 struct vfs_cred *vcred,
570 * Called then the reference of \a ctx dropped to 0. The policy module
571 * is supposed to destroy this context or whatever else according to
572 * its cache maintenance mechanism.
574 * \param sync if zero, we shouldn't wait for the context being
575 * destroyed completely.
577 * \see plain_release_ctx(), gss_sec_release_ctx_kr().
579 void (*release_ctx) (struct ptlrpc_sec *sec,
580 struct ptlrpc_cli_ctx *ctx,
584 * Flush the context cache.
586 * \param uid context of which user, -1 means all contexts.
587 * \param grace if zero, the PTLRPC_CTX_UPTODATE_BIT of affected
588 * contexts should be cleared immediately.
589 * \param force if zero, only idle contexts will be flushed.
591 * \see plain_flush_ctx_cache(), gss_sec_flush_ctx_cache_kr().
593 int (*flush_ctx_cache)
594 (struct ptlrpc_sec *sec,
600 * Called periodically by garbage collector to remove dead contexts
603 * \see gss_sec_gc_ctx_kr().
605 void (*gc_ctx) (struct ptlrpc_sec *sec);
608 * Given an context \a ctx, install a corresponding reverse service
609 * context on client side.
610 * XXX currently it's only used by GSS module, maybe we should remove
611 * this from general API.
613 int (*install_rctx)(struct obd_import *imp,
614 struct ptlrpc_sec *sec,
615 struct ptlrpc_cli_ctx *ctx);
618 * To allocate request buffer for \a req.
620 * \pre req->rq_reqmsg == NULL.
621 * \pre req->rq_reqbuf == NULL, otherwise it must be pre-allocated,
622 * we are not supposed to free it.
623 * \post if success, req->rq_reqmsg point to a buffer with size
624 * at least \a lustre_msg_size.
626 * \see null_alloc_reqbuf(), plain_alloc_reqbuf(), gss_alloc_reqbuf().
628 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
629 struct ptlrpc_request *req,
630 int lustre_msg_size);
633 * To free request buffer for \a req.
635 * \pre req->rq_reqbuf != NULL.
637 * \see null_free_reqbuf(), plain_free_reqbuf(), gss_free_reqbuf().
639 void (*free_reqbuf) (struct ptlrpc_sec *sec,
640 struct ptlrpc_request *req);
643 * To allocate reply buffer for \a req.
645 * \pre req->rq_repbuf == NULL.
646 * \post if success, req->rq_repbuf point to a buffer with size
647 * req->rq_repbuf_len, the size should be large enough to receive
648 * reply which be transformed from \a lustre_msg_size of clear text.
650 * \see null_alloc_repbuf(), plain_alloc_repbuf(), gss_alloc_repbuf().
652 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
653 struct ptlrpc_request *req,
654 int lustre_msg_size);
657 * To free reply buffer for \a req.
659 * \pre req->rq_repbuf != NULL.
660 * \post req->rq_repbuf == NULL.
661 * \post req->rq_repbuf_len == 0.
663 * \see null_free_repbuf(), plain_free_repbuf(), gss_free_repbuf().
665 void (*free_repbuf) (struct ptlrpc_sec *sec,
666 struct ptlrpc_request *req);
669 * To expand the request buffer of \a req, thus the \a segment in
670 * the request message pointed by req->rq_reqmsg can accommodate
671 * at least \a newsize of data.
673 * \pre req->rq_reqmsg->lm_buflens[segment] < newsize.
675 * \see null_enlarge_reqbuf(), plain_enlarge_reqbuf(),
676 * gss_enlarge_reqbuf().
678 int (*enlarge_reqbuf)
679 (struct ptlrpc_sec *sec,
680 struct ptlrpc_request *req,
681 int segment, int newsize);
685 int (*display) (struct ptlrpc_sec *sec,
686 struct seq_file *seq);
690 * server side policy operation vector.
692 struct ptlrpc_sec_sops {
694 * verify an incoming request.
696 * \pre request message is pointed by req->rq_reqbuf, size is
697 * req->rq_reqdata_len; and the message has been unpacked to
700 * \retval SECSVC_OK success, req->rq_reqmsg point to request message
701 * in clear text, size is req->rq_reqlen; req->rq_svc_ctx is set;
702 * req->rq_sp_from is decoded from request.
703 * \retval SECSVC_COMPLETE success, the request has been fully
704 * processed, and reply message has been prepared; req->rq_sp_from is
705 * decoded from request.
706 * \retval SECSVC_DROP failed, this request should be dropped.
708 * \see null_accept(), plain_accept(), gss_svc_accept_kr().
710 int (*accept) (struct ptlrpc_request *req);
713 * Perform security transformation upon reply message.
715 * \pre reply message is pointed by req->rq_reply_state->rs_msg, size
717 * \post req->rs_repdata_len is the final message size.
718 * \post req->rq_reply_off is set.
720 * \see null_authorize(), plain_authorize(), gss_svc_authorize().
722 int (*authorize) (struct ptlrpc_request *req);
725 * Invalidate server context \a ctx.
727 * \see gss_svc_invalidate_ctx().
729 void (*invalidate_ctx)
730 (struct ptlrpc_svc_ctx *ctx);
733 * Allocate a ptlrpc_reply_state.
735 * \param msgsize size of the reply message in clear text.
736 * \pre if req->rq_reply_state != NULL, then it's pre-allocated, we
737 * should simply use it; otherwise we'll responsible for allocating
739 * \post req->rq_reply_state != NULL;
740 * \post req->rq_reply_state->rs_msg != NULL;
742 * \see null_alloc_rs(), plain_alloc_rs(), gss_svc_alloc_rs().
744 int (*alloc_rs) (struct ptlrpc_request *req,
748 * Free a ptlrpc_reply_state.
750 void (*free_rs) (struct ptlrpc_reply_state *rs);
753 * Release the server context \a ctx.
755 * \see gss_svc_free_ctx().
757 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
760 * Install a reverse context based on the server context \a ctx.
762 * \see gss_svc_install_rctx_kr().
764 int (*install_rctx)(struct obd_import *imp,
765 struct ptlrpc_svc_ctx *ctx);
768 * Prepare buffer for incoming bulk write.
770 * \pre desc->bd_iov and desc->bd_iov_count describes the buffer
771 * intended to receive the write.
773 * \see gss_svc_prep_bulk().
775 int (*prep_bulk) (struct ptlrpc_request *req,
776 struct ptlrpc_bulk_desc *desc);
779 * Unwrap the bulk write data.
781 * \see plain_svc_unwrap_bulk(), gss_svc_unwrap_bulk().
783 int (*unwrap_bulk) (struct ptlrpc_request *req,
784 struct ptlrpc_bulk_desc *desc);
787 * Wrap the bulk read data.
789 * \see plain_svc_wrap_bulk(), gss_svc_wrap_bulk().
791 int (*wrap_bulk) (struct ptlrpc_request *req,
792 struct ptlrpc_bulk_desc *desc);
795 struct ptlrpc_sec_policy {
796 struct module *sp_owner;
798 __u16 sp_policy; /* policy number */
799 struct ptlrpc_sec_cops *sp_cops; /* client ops */
800 struct ptlrpc_sec_sops *sp_sops; /* server ops */
803 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
804 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
805 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
806 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
807 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
810 * The ptlrpc_sec represents the client side ptlrpc security facilities,
811 * each obd_import (both regular and reverse import) must associate with
814 * \see sptlrpc_import_sec_adapt().
817 struct ptlrpc_sec_policy *ps_policy;
818 atomic_t ps_refcount;
819 /** statistic only */
821 /** unique identifier */
823 struct sptlrpc_flavor ps_flvr;
824 enum lustre_sec_part ps_part;
825 /** after set, no more new context will be created */
826 unsigned int ps_dying:1;
828 struct obd_import *ps_import;
834 struct list_head ps_gc_list;
835 unsigned long ps_gc_interval; /* in seconds */
836 unsigned long ps_gc_next; /* in seconds */
839 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
841 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
844 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
846 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
850 struct ptlrpc_svc_ctx {
851 atomic_t sc_refcount;
852 struct ptlrpc_sec_policy *sc_policy;
856 * user identity descriptor
858 #define LUSTRE_MAX_GROUPS (128)
860 struct ptlrpc_user_desc {
873 enum sptlrpc_bulk_hash_alg {
874 BULK_HASH_ALG_NULL = 0,
875 BULK_HASH_ALG_ADLER32,
879 BULK_HASH_ALG_SHA256,
880 BULK_HASH_ALG_SHA384,
881 BULK_HASH_ALG_SHA512,
885 const char *sptlrpc_get_hash_name(__u8 hash_alg);
886 __u8 sptlrpc_get_hash_alg(const char *algname);
892 struct ptlrpc_bulk_sec_desc {
893 __u8 bsd_version; /* 0 */
894 __u8 bsd_type; /* SPTLRPC_BULK_XXX */
895 __u8 bsd_svc; /* SPTLRPC_BULK_SVC_XXXX */
896 __u8 bsd_flags; /* flags */
897 __u32 bsd_nob; /* nob of bulk data */
898 __u8 bsd_data[0]; /* policy-specific token */
903 * round size up to next power of 2, for slab allocation.
904 * @size must be sane (can't overflow after round up)
906 static inline int size_roundup_power2(int size)
919 * internal support libraries
921 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
922 int segment, int newsize);
927 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
928 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
930 __u32 sptlrpc_name2flavor_base(const char *name);
931 const char *sptlrpc_flavor2name_base(__u32 flvr);
932 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
933 char *buf, int bufsize);
934 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
935 char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize);
938 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
940 __module_get(policy->sp_owner);
945 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
947 module_put(policy->sp_owner);
954 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
956 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
960 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
962 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
966 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
968 return (cli_ctx_status(ctx) != 0);
972 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
974 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
978 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
980 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
984 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
986 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
990 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
992 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
998 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
999 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
1002 * internal apis which only used by policy implementation
1004 int sptlrpc_get_next_secid(void);
1005 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
1008 * exported client context api
1010 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
1011 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
1012 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
1013 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
1014 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
1017 * exported client context wrap/buffers
1019 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
1020 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
1021 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
1022 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
1023 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
1024 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
1025 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
1026 int segment, int newsize);
1027 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
1028 struct ptlrpc_request **req_ret);
1029 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
1031 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
1034 * exported higher interface of import & request
1036 int sptlrpc_import_sec_adapt(struct obd_import *imp,
1037 struct ptlrpc_svc_ctx *ctx,
1038 struct sptlrpc_flavor *flvr);
1039 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
1040 void sptlrpc_import_sec_put(struct obd_import *imp);
1042 int sptlrpc_import_check_ctx(struct obd_import *imp);
1043 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
1044 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
1045 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
1046 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
1047 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
1048 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
1049 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
1050 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
1052 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
1055 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
1056 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
1057 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
1060 const char *sec2target_str(struct ptlrpc_sec *sec);
1064 #if defined (CONFIG_PROC_FS)
1065 struct proc_dir_entry;
1066 extern struct proc_dir_entry *sptlrpc_proc_root;
1067 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
1069 #define sptlrpc_proc_root NULL
1070 static inline int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev)
1077 enum secsvc_accept_res {
1083 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
1084 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
1085 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
1086 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
1087 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
1088 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
1089 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
1091 int sptlrpc_target_export_check(struct obd_export *exp,
1092 struct ptlrpc_request *req);
1093 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
1094 struct sptlrpc_rule_set *rset);
1099 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
1100 struct ptlrpc_svc_ctx *ctx);
1101 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
1102 struct ptlrpc_cli_ctx *ctx);
1104 /* bulk security api */
1105 int sptlrpc_enc_pool_add_user(void);
1106 int sptlrpc_enc_pool_del_user(void);
1107 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
1108 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
1110 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
1111 struct ptlrpc_bulk_desc *desc);
1112 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
1113 struct ptlrpc_bulk_desc *desc,
1115 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
1116 struct ptlrpc_bulk_desc *desc);
1118 /* bulk helpers (internal use only by policies) */
1119 int sptlrpc_get_bulk_checksum(struct ptlrpc_bulk_desc *desc, __u8 alg,
1120 void *buf, int buflen);
1122 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset, int swabbed);
1124 /* user descriptor helpers */
1125 static inline int sptlrpc_user_desc_size(int ngroups)
1127 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
1130 int sptlrpc_current_user_desc_size(void);
1131 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
1132 int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
1135 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
1136 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
1139 LUSTRE_SEC_NONE = 0,
1140 LUSTRE_SEC_REMOTE = 1,
1141 LUSTRE_SEC_SPECIFY = 2,
1147 #endif /* _LUSTRE_SEC_H_ */