1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright 2008 Sun Microsystems, Inc. All rights reserved
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
55 struct ptlrpc_sec_policy;
56 struct ptlrpc_sec_cops;
57 struct ptlrpc_sec_sops;
59 struct ptlrpc_svc_ctx;
60 struct ptlrpc_cli_ctx;
61 struct ptlrpc_ctx_ops;
67 SPTLRPC_POLICY_NULL = 0,
68 SPTLRPC_POLICY_PLAIN = 1,
69 SPTLRPC_POLICY_GSS = 2,
73 enum sptlrpc_mech_null {
74 SPTLRPC_MECH_NULL = 0,
75 SPTLRPC_MECH_NULL_MAX,
78 enum sptlrpc_mech_plain {
79 SPTLRPC_MECH_PLAIN = 0,
80 SPTLRPC_MECH_PLAIN_MAX,
83 enum sptlrpc_mech_gss {
84 SPTLRPC_MECH_GSS_NULL = 0,
85 SPTLRPC_MECH_GSS_KRB5 = 1,
89 enum sptlrpc_service_type {
90 SPTLRPC_SVC_NULL = 0, /* no security */
91 SPTLRPC_SVC_AUTH = 1, /* auth only */
92 SPTLRPC_SVC_INTG = 2, /* integrity */
93 SPTLRPC_SVC_PRIV = 3, /* privacy */
98 * rpc flavor compose/extract, represented as 16 bits
100 * 4b (reserved) | 4b (svc) | 4b (mech) | 4b (policy)
102 #define RPC_FLVR_POLICY_OFFSET (0)
103 #define RPC_FLVR_MECH_OFFSET (4)
104 #define RPC_FLVR_SVC_OFFSET (8)
106 #define MAKE_RPC_FLVR(policy, mech, svc) \
107 (((__u16)(policy) << RPC_FLVR_POLICY_OFFSET) | \
108 ((__u16)(mech) << RPC_FLVR_MECH_OFFSET) | \
109 ((__u16)(svc) << RPC_FLVR_SVC_OFFSET))
111 #define MAKE_RPC_SUBFLVR(mech, svc) \
113 ((__u16)(svc) << (RPC_FLVR_SVC_OFFSET - RPC_FLVR_MECH_OFFSET)))
115 #define RPC_FLVR_SUB(flavor) \
116 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xFF)
118 #define RPC_FLVR_POLICY(flavor) \
119 ((((__u16)(flavor)) >> RPC_FLVR_POLICY_OFFSET) & 0xF)
120 #define RPC_FLVR_MECH(flavor) \
121 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xF)
122 #define RPC_FLVR_SVC(flavor) \
123 ((((__u16)(flavor)) >> RPC_FLVR_SVC_OFFSET) & 0xF)
128 #define SPTLRPC_SUBFLVR_KRB5N \
129 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
130 #define SPTLRPC_SUBFLVR_KRB5A \
131 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
132 #define SPTLRPC_SUBFLVR_KRB5I \
133 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
134 #define SPTLRPC_SUBFLVR_KRB5P \
135 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
140 #define SPTLRPC_FLVR_NULL \
141 MAKE_RPC_FLVR(SPTLRPC_POLICY_NULL, \
144 #define SPTLRPC_FLVR_PLAIN \
145 MAKE_RPC_FLVR(SPTLRPC_POLICY_PLAIN, \
146 SPTLRPC_MECH_PLAIN, \
148 #define SPTLRPC_FLVR_KRB5N \
149 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
150 SPTLRPC_MECH_GSS_KRB5, \
152 #define SPTLRPC_FLVR_KRB5A \
153 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
154 SPTLRPC_MECH_GSS_KRB5, \
156 #define SPTLRPC_FLVR_KRB5I \
157 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
158 SPTLRPC_MECH_GSS_KRB5, \
160 #define SPTLRPC_FLVR_KRB5P \
161 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
162 SPTLRPC_MECH_GSS_KRB5, \
165 #define SPTLRPC_FLVR_INVALID ((__u16) -1)
167 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
170 * 32 bits wire flavor (msg->lm_secflvr), lower 12 bits is the rpc flavor,
171 * higher 20 bits is not defined right now.
173 #define WIRE_FLVR_RPC(wflvr) (((__u16) (wflvr)) & 0x0FFF)
175 static inline void rpc_flvr_set_svc(__u16 *flvr, __u16 svc)
177 LASSERT(svc < SPTLRPC_SVC_MAX);
178 *flvr = MAKE_RPC_FLVR(RPC_FLVR_POLICY(*flvr),
179 RPC_FLVR_MECH(*flvr),
184 struct sptlrpc_flavor {
185 __u16 sf_rpc; /* rpc flavor */
186 __u8 sf_bulk_ciph; /* bulk cipher alg */
187 __u8 sf_bulk_hash; /* bulk hash alg */
188 __u32 sf_flags; /* general flags */
191 enum lustre_sec_part {
199 struct sptlrpc_rule {
200 __u32 sr_netid; /* LNET network ID */
201 __u8 sr_from; /* sec_part */
202 __u8 sr_to; /* sec_part */
204 struct sptlrpc_flavor sr_flvr;
207 struct sptlrpc_rule_set {
210 struct sptlrpc_rule *srs_rules;
213 #define SPTLRPC_CONF_LOG_MAX (64)
215 struct sptlrpc_conf_log {
216 __u32 scl_max; /* maximum rules # */
217 __u32 scl_nrule; /* rules # */
218 __u8 scl_part; /* which part am i */
222 struct sptlrpc_rule scl_rules[SPTLRPC_CONF_LOG_MAX];
225 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
227 memset(set, 0, sizeof(*set));
230 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
231 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set, int expand);
232 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
233 struct sptlrpc_rule *rule,
235 int sptlrpc_rule_set_from_log(struct sptlrpc_rule_set *rset,
236 struct sptlrpc_conf_log *log);
237 void sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
238 enum lustre_sec_part from,
240 struct sptlrpc_flavor *flavor);
241 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
243 struct sptlrpc_conf_log *sptlrpc_conf_log_alloc(void);
244 void sptlrpc_conf_log_free(struct sptlrpc_conf_log *log);
245 int sptlrpc_conf_log_populate(struct sptlrpc_rule_set *gen,
246 struct sptlrpc_rule_set *tgt,
247 enum lustre_sec_part from,
248 enum lustre_sec_part to,
249 unsigned int fl_udesc,
250 struct sptlrpc_conf_log *log);
251 struct sptlrpc_conf_log *sptlrpc_conf_log_extract(struct lustre_cfg *lcfg);
252 void sptlrpc_conf_log_cleanup(struct sptlrpc_conf_log *log);
253 void sptlrpc_conf_log_dump(struct sptlrpc_conf_log *log);
255 const char *sptlrpc_part2name(enum lustre_sec_part part);
256 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
258 int sptlrpc_cliobd_process_config(struct obd_device *obd,
259 struct lustre_cfg *lcfg);
261 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
262 * and should be enough for other future mechanisms but not sure.
263 * Only used by pre-allocated request/reply pool.
265 #define SPTLRPC_MAX_PAYLOAD (1024)
273 struct ptlrpc_ctx_ops {
274 int (*match) (struct ptlrpc_cli_ctx *ctx,
275 struct vfs_cred *vcred);
276 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
277 int (*validate) (struct ptlrpc_cli_ctx *ctx);
278 void (*die) (struct ptlrpc_cli_ctx *ctx,
280 int (*display) (struct ptlrpc_cli_ctx *ctx,
281 char *buf, int bufsize);
285 int (*sign) (struct ptlrpc_cli_ctx *ctx,
286 struct ptlrpc_request *req);
287 int (*verify) (struct ptlrpc_cli_ctx *ctx,
288 struct ptlrpc_request *req);
289 int (*seal) (struct ptlrpc_cli_ctx *ctx,
290 struct ptlrpc_request *req);
291 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
292 struct ptlrpc_request *req);
296 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
297 struct ptlrpc_request *req,
298 struct ptlrpc_bulk_desc *desc);
299 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
300 struct ptlrpc_request *req,
301 struct ptlrpc_bulk_desc *desc);
304 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
305 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
306 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
307 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
308 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
309 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
311 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
312 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
313 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
314 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
315 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
316 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
318 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
319 PTLRPC_CTX_UPTODATE | \
323 struct ptlrpc_cli_ctx {
324 struct hlist_node cc_cache; /* linked into ctx cache */
325 atomic_t cc_refcount;
326 struct ptlrpc_sec *cc_sec;
327 struct ptlrpc_ctx_ops *cc_ops;
328 cfs_time_t cc_expire; /* in seconds */
329 unsigned int cc_early_expire:1;
330 unsigned long cc_flags;
331 struct vfs_cred cc_vcred;
333 struct list_head cc_req_list; /* waiting reqs linked here */
334 struct list_head cc_gc_chain; /* linked to gc chain */
337 struct ptlrpc_sec_cops {
339 * ptlrpc_sec constructor/destructor
341 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
342 struct ptlrpc_svc_ctx *ctx,
343 struct sptlrpc_flavor *flavor);
344 void (*destroy_sec) (struct ptlrpc_sec *sec);
349 void (*kill_sec) (struct ptlrpc_sec *sec);
354 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
355 struct vfs_cred *vcred,
358 void (*release_ctx) (struct ptlrpc_sec *sec,
359 struct ptlrpc_cli_ctx *ctx,
361 int (*flush_ctx_cache)
362 (struct ptlrpc_sec *sec,
366 void (*gc_ctx) (struct ptlrpc_sec *sec);
371 int (*install_rctx)(struct obd_import *imp,
372 struct ptlrpc_sec *sec,
373 struct ptlrpc_cli_ctx *ctx);
376 * request/reply buffer manipulation
378 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
379 struct ptlrpc_request *req,
380 int lustre_msg_size);
381 void (*free_reqbuf) (struct ptlrpc_sec *sec,
382 struct ptlrpc_request *req);
383 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
384 struct ptlrpc_request *req,
385 int lustre_msg_size);
386 void (*free_repbuf) (struct ptlrpc_sec *sec,
387 struct ptlrpc_request *req);
388 int (*enlarge_reqbuf)
389 (struct ptlrpc_sec *sec,
390 struct ptlrpc_request *req,
391 int segment, int newsize);
395 int (*display) (struct ptlrpc_sec *sec,
396 struct seq_file *seq);
399 struct ptlrpc_sec_sops {
400 int (*accept) (struct ptlrpc_request *req);
401 int (*authorize) (struct ptlrpc_request *req);
402 void (*invalidate_ctx)
403 (struct ptlrpc_svc_ctx *ctx);
404 /* buffer manipulation */
405 int (*alloc_rs) (struct ptlrpc_request *req,
407 void (*free_rs) (struct ptlrpc_reply_state *rs);
408 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
409 /* reverse credential */
410 int (*install_rctx)(struct obd_import *imp,
411 struct ptlrpc_svc_ctx *ctx);
413 int (*unwrap_bulk) (struct ptlrpc_request *req,
414 struct ptlrpc_bulk_desc *desc);
415 int (*wrap_bulk) (struct ptlrpc_request *req,
416 struct ptlrpc_bulk_desc *desc);
419 struct ptlrpc_sec_policy {
420 struct module *sp_owner;
422 __u16 sp_policy; /* policy number */
423 struct ptlrpc_sec_cops *sp_cops; /* client ops */
424 struct ptlrpc_sec_sops *sp_sops; /* server ops */
427 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
428 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
429 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
430 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
431 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
434 struct ptlrpc_sec_policy *ps_policy;
435 atomic_t ps_refcount;
436 atomic_t ps_nctx; /* statistic only */
437 int ps_id; /* unique identifier */
438 struct sptlrpc_flavor ps_flvr; /* flavor */
439 enum lustre_sec_part ps_part;
440 unsigned int ps_dying:1;
441 struct obd_import *ps_import; /* owning import */
442 spinlock_t ps_lock; /* protect ccache */
446 struct list_head ps_gc_list;
447 cfs_time_t ps_gc_interval; /* in seconds */
448 cfs_time_t ps_gc_next; /* in seconds */
451 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
453 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
456 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
458 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
462 struct ptlrpc_svc_ctx {
463 atomic_t sc_refcount;
464 struct ptlrpc_sec_policy *sc_policy;
468 * user identity descriptor
470 #define LUSTRE_MAX_GROUPS (128)
472 struct ptlrpc_user_desc {
485 enum sptlrpc_bulk_hash_alg {
486 BULK_HASH_ALG_NULL = 0,
487 BULK_HASH_ALG_ADLER32,
491 BULK_HASH_ALG_SHA256,
492 BULK_HASH_ALG_SHA384,
493 BULK_HASH_ALG_SHA512,
500 enum sptlrpc_bulk_cipher_alg {
501 BULK_CIPH_ALG_NULL = 0,
503 BULK_CIPH_ALG_AES128,
504 BULK_CIPH_ALG_AES192,
505 BULK_CIPH_ALG_AES256,
506 BULK_CIPH_ALG_CAST128,
507 BULK_CIPH_ALG_CAST256,
508 BULK_CIPH_ALG_TWOFISH128,
509 BULK_CIPH_ALG_TWOFISH256,
513 struct sptlrpc_hash_type {
516 unsigned int sht_size;
519 struct sptlrpc_ciph_type {
523 unsigned int sct_ivsize;
524 unsigned int sct_keysize;
527 const struct sptlrpc_hash_type *sptlrpc_get_hash_type(__u8 hash_alg);
528 const char * sptlrpc_get_hash_name(__u8 hash_alg);
529 const struct sptlrpc_ciph_type *sptlrpc_get_ciph_type(__u8 ciph_alg);
530 const char *sptlrpc_get_ciph_name(__u8 ciph_alg);
532 #define CIPHER_MAX_BLKSIZE (16)
533 #define CIPHER_MAX_KEYSIZE (64)
535 struct ptlrpc_bulk_sec_desc {
539 __u8 bsd_hash_alg; /* hash algorithm */
540 __u8 bsd_ciph_alg; /* cipher algorithm */
541 __u8 bsd_key[CIPHER_MAX_KEYSIZE]; /* encrypt key seed */
549 struct proc_dir_entry;
550 extern struct proc_dir_entry *sptlrpc_proc_root;
553 * round size up to next power of 2, for slab allocation.
554 * @size must be sane (can't overflow after round up)
556 static inline int size_roundup_power2(int size)
569 * internal support libraries
571 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
572 int segment, int newsize);
577 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
578 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
580 __u16 sptlrpc_name2rpcflavor(const char *name);
581 const char *sptlrpc_rpcflavor2name(__u16 flavor);
582 int sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
585 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
587 __module_get(policy->sp_owner);
592 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
594 module_put(policy->sp_owner);
601 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
603 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
607 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
609 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
613 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
615 return (cli_ctx_status(ctx) != 0);
619 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
621 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
625 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
627 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
631 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
633 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
637 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
639 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
645 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
646 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
649 * internal apis which only used by policy impelentation
651 int sptlrpc_get_next_secid(void);
652 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
655 * exported client context api
657 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
658 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
659 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
660 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
661 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
664 * exported client context wrap/buffers
666 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
667 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
668 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
669 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
670 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
671 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
672 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
673 int segment, int newsize);
674 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
675 struct ptlrpc_request **req_ret);
676 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
678 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
681 * exported higher interface of import & request
683 int sptlrpc_import_sec_adapt(struct obd_import *imp,
684 struct ptlrpc_svc_ctx *ctx,
686 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
687 void sptlrpc_import_sec_put(struct obd_import *imp);
689 int sptlrpc_import_check_ctx(struct obd_import *imp);
690 void sptlrpc_import_inval_all_ctx(struct obd_import *imp);
691 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
692 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
693 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
694 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
695 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
696 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
697 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
698 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
700 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
703 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
704 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
705 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
708 const char * sec2target_str(struct ptlrpc_sec *sec);
709 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
714 enum secsvc_accept_res {
720 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
721 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
722 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
723 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
724 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
725 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
726 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
728 int sptlrpc_target_export_check(struct obd_export *exp,
729 struct ptlrpc_request *req);
730 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
731 struct sptlrpc_rule_set *rset);
736 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
737 struct ptlrpc_svc_ctx *ctx);
738 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
739 struct ptlrpc_cli_ctx *ctx);
741 /* bulk security api */
742 int sptlrpc_enc_pool_add_user(void);
743 int sptlrpc_enc_pool_del_user(void);
744 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
745 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
747 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
748 struct ptlrpc_bulk_desc *desc);
749 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
750 int nob, obd_count pg_count,
751 struct brw_page **pga);
752 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
753 struct ptlrpc_bulk_desc *desc);
754 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
755 struct ptlrpc_bulk_desc *desc);
756 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
757 struct ptlrpc_bulk_desc *desc);
759 /* user descriptor helpers */
760 static inline int sptlrpc_user_desc_size(int ngroups)
762 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
765 int sptlrpc_current_user_desc_size(void);
766 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
767 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset);
769 /* bulk helpers (internal use only by policies) */
770 int bulk_sec_desc_size(__u8 hash_alg, int request, int read);
771 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset);
773 int bulk_csum_cli_request(struct ptlrpc_bulk_desc *desc, int read,
774 __u32 alg, struct lustre_msg *rmsg, int roff);
775 int bulk_csum_cli_reply(struct ptlrpc_bulk_desc *desc, int read,
776 struct lustre_msg *rmsg, int roff,
777 struct lustre_msg *vmsg, int voff);
778 int bulk_csum_svc(struct ptlrpc_bulk_desc *desc, int read,
779 struct ptlrpc_bulk_sec_desc *bsdv, int vsize,
780 struct ptlrpc_bulk_sec_desc *bsdr, int rsize);
782 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
783 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
787 LUSTRE_SEC_REMOTE = 1,
788 LUSTRE_SEC_SPECIFY = 2,
792 #endif /* _LUSTRE_SEC_H_ */