4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/include/lustre_capa.h
38 * Author: Lai Siyao <lsy@clusterfs.com>
41 #ifndef __LINUX_CAPA_H_
42 #define __LINUX_CAPA_H_
44 /** \defgroup capa capa
53 #include <linux/crypto.h>
55 #include <lustre/lustre_idl.h>
57 #define CAPA_TIMEOUT 1800 /* sec, == 30 min */
58 #define CAPA_KEY_TIMEOUT (24 * 60 * 60) /* sec, == 1 days */
60 struct capa_hmac_alg {
66 #define DEF_CAPA_HMAC_ALG(name, type, len, keylen) \
67 [CAPA_HMAC_ALG_ ## type] = { \
70 .ha_keylen = keylen, \
75 cfs_list_t lli_list; /* link to lli_oss_capas */
79 cfs_hlist_node_t c_hash; /* link to capa hash */
83 cfs_list_t c_list; /* link to capa_list */
85 struct lustre_capa c_capa; /* capa */
86 cfs_atomic_t c_refc; /* ref count */
87 cfs_time_t c_expiry; /* jiffies */
88 spinlock_t c_lock; /* protect capa content */
92 struct client_capa cli;
93 struct target_capa tgt;
103 static inline struct lu_fid *capa_fid(struct lustre_capa *capa)
105 return &capa->lc_fid;
108 static inline __u64 capa_opc(struct lustre_capa *capa)
113 static inline __u64 capa_uid(struct lustre_capa *capa)
118 static inline __u64 capa_gid(struct lustre_capa *capa)
123 static inline __u32 capa_flags(struct lustre_capa *capa)
125 return capa->lc_flags & 0xffffff;
128 static inline __u32 capa_alg(struct lustre_capa *capa)
130 return (capa->lc_flags >> 24);
133 static inline __u32 capa_keyid(struct lustre_capa *capa)
135 return capa->lc_keyid;
138 static inline __u64 capa_key_seq(struct lustre_capa_key *key)
143 static inline __u32 capa_key_keyid(struct lustre_capa_key *key)
145 return key->lk_keyid;
148 static inline __u32 capa_timeout(struct lustre_capa *capa)
150 return capa->lc_timeout;
153 static inline __u32 capa_expiry(struct lustre_capa *capa)
155 return capa->lc_expiry;
158 void _debug_capa(struct lustre_capa *, struct libcfs_debug_msg_data *,
159 const char *fmt, ... );
160 #define DEBUG_CAPA(level, capa, fmt, args...) \
162 if (((level) & D_CANTMASK) != 0 || \
163 ((libcfs_debug & (level)) != 0 && \
164 (libcfs_subsystem_debug & DEBUG_SUBSYSTEM) != 0)) { \
165 LIBCFS_DEBUG_MSG_DATA_DECL(msgdata, level, NULL); \
166 _debug_capa((capa), &msgdata, fmt, ##args); \
170 #define DEBUG_CAPA_KEY(level, k, fmt, args...) \
172 CDEBUG(level, fmt " capability key@%p seq "LPU64" keyid %u\n", \
173 ##args, k, capa_key_seq(k), capa_key_keyid(k)); \
176 typedef int (* renew_capa_cb_t)(struct obd_capa *, struct lustre_capa *);
178 /* obdclass/capa.c */
179 extern cfs_list_t capa_list[];
180 extern spinlock_t capa_lock;
181 extern int capa_count[];
182 extern struct kmem_cache *capa_cachep;
184 cfs_hlist_head_t *init_capa_hash(void);
185 void cleanup_capa_hash(cfs_hlist_head_t *hash);
187 struct obd_capa *capa_add(cfs_hlist_head_t *hash,
188 struct lustre_capa *capa);
189 struct obd_capa *capa_lookup(cfs_hlist_head_t *hash,
190 struct lustre_capa *capa, int alive);
192 int capa_hmac(__u8 *hmac, struct lustre_capa *capa, __u8 *key);
193 int capa_encrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen);
194 int capa_decrypt_id(__u32 *d, __u32 *s, __u8 *key, int keylen);
195 void capa_cpy(void *dst, struct obd_capa *ocapa);
196 static inline struct obd_capa *alloc_capa(int site)
199 struct obd_capa *ocapa;
201 if (unlikely(site != CAPA_SITE_CLIENT && site != CAPA_SITE_SERVER))
202 return ERR_PTR(-EINVAL);
204 OBD_SLAB_ALLOC_PTR(ocapa, capa_cachep);
205 if (unlikely(!ocapa))
206 return ERR_PTR(-ENOMEM);
208 CFS_INIT_LIST_HEAD(&ocapa->c_list);
209 cfs_atomic_set(&ocapa->c_refc, 1);
210 spin_lock_init(&ocapa->c_lock);
211 ocapa->c_site = site;
212 if (ocapa->c_site == CAPA_SITE_CLIENT)
213 CFS_INIT_LIST_HEAD(&ocapa->u.cli.lli_list);
215 CFS_INIT_HLIST_NODE(&ocapa->u.tgt.c_hash);
219 return ERR_PTR(-EOPNOTSUPP);
223 static inline struct obd_capa *capa_get(struct obd_capa *ocapa)
228 cfs_atomic_inc(&ocapa->c_refc);
232 static inline void capa_put(struct obd_capa *ocapa)
237 if (cfs_atomic_read(&ocapa->c_refc) == 0) {
238 DEBUG_CAPA(D_ERROR, &ocapa->c_capa, "refc is 0 for");
242 if (cfs_atomic_dec_and_test(&ocapa->c_refc)) {
243 LASSERT(cfs_list_empty(&ocapa->c_list));
244 if (ocapa->c_site == CAPA_SITE_CLIENT) {
245 LASSERT(cfs_list_empty(&ocapa->u.cli.lli_list));
247 cfs_hlist_node_t *hnode;
249 hnode = &ocapa->u.tgt.c_hash;
250 LASSERT(!hnode->next && !hnode->pprev);
252 OBD_SLAB_FREE(ocapa, capa_cachep, sizeof(*ocapa));
256 static inline int open_flags_to_accmode(int flags)
260 if ((mode + 1) & O_ACCMODE)
268 static inline __u64 capa_open_opc(int mode)
270 return mode & FMODE_WRITE ? CAPA_OPC_OSS_WRITE : CAPA_OPC_OSS_READ;
273 static inline void set_capa_expiry(struct obd_capa *ocapa)
275 cfs_time_t expiry = cfs_time_sub((cfs_time_t)ocapa->c_capa.lc_expiry,
276 cfs_time_current_sec());
277 ocapa->c_expiry = cfs_time_add(cfs_time_current(),
278 cfs_time_seconds(expiry));
281 static inline int capa_is_expired_sec(struct lustre_capa *capa)
283 return (capa->lc_expiry - cfs_time_current_sec() <= 0);
286 static inline int capa_is_expired(struct obd_capa *ocapa)
288 return cfs_time_beforeq(ocapa->c_expiry, cfs_time_current());
291 static inline int capa_opc_supported(struct lustre_capa *capa, __u64 opc)
293 return (capa_opc(capa) & opc) == opc;
296 struct filter_capa_key {
298 struct lustre_capa_key k_key;
307 #define BYPASS_CAPA (struct lustre_capa *)ERR_PTR(-ENOENT)
313 /** there are at most 5 FIDs in one operation, see rename,
314 * NOTE the last one is a temporary one used for is_subdir() */
316 enum lc_auth_id lci_auth;
318 struct lu_fid lci_fid[LU_CAPAINFO_MAX];
319 struct lustre_capa *lci_capa[LU_CAPAINFO_MAX];
322 int lu_capainfo_init(void);
323 void lu_capainfo_fini(void);
324 struct lu_capainfo *lu_capainfo_get(const struct lu_env *env);
328 #endif /* __LINUX_CAPA_H_ */