1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright 2008 Sun Microsystems, Inc. All rights reserved
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
55 struct ptlrpc_sec_policy;
56 struct ptlrpc_sec_cops;
57 struct ptlrpc_sec_sops;
59 struct ptlrpc_svc_ctx;
60 struct ptlrpc_cli_ctx;
61 struct ptlrpc_ctx_ops;
67 SPTLRPC_POLICY_NULL = 0,
68 SPTLRPC_POLICY_PLAIN = 1,
69 SPTLRPC_POLICY_GSS = 2,
73 enum sptlrpc_mech_null {
74 SPTLRPC_MECH_NULL = 0,
75 SPTLRPC_MECH_NULL_MAX,
78 enum sptlrpc_mech_plain {
79 SPTLRPC_MECH_PLAIN = 0,
80 SPTLRPC_MECH_PLAIN_MAX,
83 enum sptlrpc_mech_gss {
84 SPTLRPC_MECH_GSS_NULL = 0,
85 SPTLRPC_MECH_GSS_KRB5 = 1,
89 enum sptlrpc_service_type {
90 SPTLRPC_SVC_NULL = 0, /* no security */
91 SPTLRPC_SVC_AUTH = 1, /* auth only */
92 SPTLRPC_SVC_INTG = 2, /* integrity */
93 SPTLRPC_SVC_PRIV = 3, /* privacy */
98 * rpc flavor compose/extract, represented as 16 bits
100 * 4b (reserved) | 4b (svc) | 4b (mech) | 4b (policy)
102 #define RPC_FLVR_POLICY_OFFSET (0)
103 #define RPC_FLVR_MECH_OFFSET (4)
104 #define RPC_FLVR_SVC_OFFSET (8)
106 #define MAKE_RPC_FLVR(policy, mech, svc) \
107 (((__u16)(policy) << RPC_FLVR_POLICY_OFFSET) | \
108 ((__u16)(mech) << RPC_FLVR_MECH_OFFSET) | \
109 ((__u16)(svc) << RPC_FLVR_SVC_OFFSET))
111 #define MAKE_RPC_SUBFLVR(mech, svc) \
113 ((__u16)(svc) << (RPC_FLVR_SVC_OFFSET - RPC_FLVR_MECH_OFFSET)))
115 #define RPC_FLVR_SUB(flavor) \
116 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xFF)
118 #define RPC_FLVR_POLICY(flavor) \
119 ((((__u16)(flavor)) >> RPC_FLVR_POLICY_OFFSET) & 0xF)
120 #define RPC_FLVR_MECH(flavor) \
121 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xF)
122 #define RPC_FLVR_SVC(flavor) \
123 ((((__u16)(flavor)) >> RPC_FLVR_SVC_OFFSET) & 0xF)
128 #define SPTLRPC_SUBFLVR_KRB5N \
129 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
130 #define SPTLRPC_SUBFLVR_KRB5A \
131 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
132 #define SPTLRPC_SUBFLVR_KRB5I \
133 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
134 #define SPTLRPC_SUBFLVR_KRB5P \
135 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
140 #define SPTLRPC_FLVR_NULL \
141 MAKE_RPC_FLVR(SPTLRPC_POLICY_NULL, \
144 #define SPTLRPC_FLVR_PLAIN \
145 MAKE_RPC_FLVR(SPTLRPC_POLICY_PLAIN, \
146 SPTLRPC_MECH_PLAIN, \
148 #define SPTLRPC_FLVR_KRB5N \
149 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
150 SPTLRPC_MECH_GSS_KRB5, \
152 #define SPTLRPC_FLVR_KRB5A \
153 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
154 SPTLRPC_MECH_GSS_KRB5, \
156 #define SPTLRPC_FLVR_KRB5I \
157 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
158 SPTLRPC_MECH_GSS_KRB5, \
160 #define SPTLRPC_FLVR_KRB5P \
161 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
162 SPTLRPC_MECH_GSS_KRB5, \
165 #define SPTLRPC_FLVR_ANY ((__u16) 0xf000)
166 #define SPTLRPC_FLVR_INVALID ((__u16) 0xffff)
168 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
171 * 32 bits wire flavor (msg->lm_secflvr), lower 12 bits is the rpc flavor,
172 * higher 20 bits is not defined right now.
174 #define WIRE_FLVR_RPC(wflvr) (((__u16) (wflvr)) & 0x0FFF)
176 static inline void rpc_flvr_set_svc(__u16 *flvr, __u16 svc)
178 LASSERT(svc < SPTLRPC_SVC_MAX);
179 *flvr = MAKE_RPC_FLVR(RPC_FLVR_POLICY(*flvr),
180 RPC_FLVR_MECH(*flvr),
185 struct sptlrpc_flavor {
186 __u16 sf_rpc; /* rpc flavor */
187 __u8 sf_bulk_ciph; /* bulk cipher alg */
188 __u8 sf_bulk_hash; /* bulk hash alg */
189 __u32 sf_flags; /* general flags */
192 enum lustre_sec_part {
201 const char *sptlrpc_part2name(enum lustre_sec_part sp);
202 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
204 struct sptlrpc_rule {
205 __u32 sr_netid; /* LNET network ID */
206 __u8 sr_from; /* sec_part */
207 __u8 sr_to; /* sec_part */
209 struct sptlrpc_flavor sr_flvr;
212 struct sptlrpc_rule_set {
215 struct sptlrpc_rule *srs_rules;
218 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
220 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
222 memset(set, 0, sizeof(*set));
225 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
226 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set, int expand);
227 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
228 struct sptlrpc_rule *rule,
230 int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
231 enum lustre_sec_part from,
232 enum lustre_sec_part to,
234 struct sptlrpc_flavor *sf);
235 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
237 int sptlrpc_process_config(struct lustre_cfg *lcfg);
238 void sptlrpc_conf_log_start(const char *logname);
239 void sptlrpc_conf_log_stop(const char *logname);
240 void sptlrpc_conf_log_update_begin(const char *logname);
241 void sptlrpc_conf_log_update_end(const char *logname);
242 void sptlrpc_conf_client_adapt(struct obd_device *obd);
243 int sptlrpc_conf_target_get_rules(struct obd_device *obd,
244 struct sptlrpc_rule_set *rset,
246 void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
247 enum lustre_sec_part from,
249 struct sptlrpc_flavor *flavor);
251 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
252 * and should be enough for other future mechanisms but not sure.
253 * Only used by pre-allocated request/reply pool.
255 #define SPTLRPC_MAX_PAYLOAD (1024)
263 struct ptlrpc_ctx_ops {
264 int (*match) (struct ptlrpc_cli_ctx *ctx,
265 struct vfs_cred *vcred);
266 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
267 int (*validate) (struct ptlrpc_cli_ctx *ctx);
268 void (*die) (struct ptlrpc_cli_ctx *ctx,
270 int (*display) (struct ptlrpc_cli_ctx *ctx,
271 char *buf, int bufsize);
275 int (*sign) (struct ptlrpc_cli_ctx *ctx,
276 struct ptlrpc_request *req);
277 int (*verify) (struct ptlrpc_cli_ctx *ctx,
278 struct ptlrpc_request *req);
279 int (*seal) (struct ptlrpc_cli_ctx *ctx,
280 struct ptlrpc_request *req);
281 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
282 struct ptlrpc_request *req);
286 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
287 struct ptlrpc_request *req,
288 struct ptlrpc_bulk_desc *desc);
289 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
290 struct ptlrpc_request *req,
291 struct ptlrpc_bulk_desc *desc);
294 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
295 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
296 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
297 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
298 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
299 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
301 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
302 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
303 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
304 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
305 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
306 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
308 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
309 PTLRPC_CTX_UPTODATE | \
313 struct ptlrpc_cli_ctx {
314 struct hlist_node cc_cache; /* linked into ctx cache */
315 atomic_t cc_refcount;
316 struct ptlrpc_sec *cc_sec;
317 struct ptlrpc_ctx_ops *cc_ops;
318 cfs_time_t cc_expire; /* in seconds */
319 unsigned int cc_early_expire:1;
320 unsigned long cc_flags;
321 struct vfs_cred cc_vcred;
323 struct list_head cc_req_list; /* waiting reqs linked here */
324 struct list_head cc_gc_chain; /* linked to gc chain */
327 struct ptlrpc_sec_cops {
329 * ptlrpc_sec constructor/destructor
331 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
332 struct ptlrpc_svc_ctx *ctx,
333 struct sptlrpc_flavor *flavor);
334 void (*destroy_sec) (struct ptlrpc_sec *sec);
339 void (*kill_sec) (struct ptlrpc_sec *sec);
344 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
345 struct vfs_cred *vcred,
348 void (*release_ctx) (struct ptlrpc_sec *sec,
349 struct ptlrpc_cli_ctx *ctx,
351 int (*flush_ctx_cache)
352 (struct ptlrpc_sec *sec,
356 void (*gc_ctx) (struct ptlrpc_sec *sec);
361 int (*install_rctx)(struct obd_import *imp,
362 struct ptlrpc_sec *sec,
363 struct ptlrpc_cli_ctx *ctx);
366 * request/reply buffer manipulation
368 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
369 struct ptlrpc_request *req,
370 int lustre_msg_size);
371 void (*free_reqbuf) (struct ptlrpc_sec *sec,
372 struct ptlrpc_request *req);
373 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
374 struct ptlrpc_request *req,
375 int lustre_msg_size);
376 void (*free_repbuf) (struct ptlrpc_sec *sec,
377 struct ptlrpc_request *req);
378 int (*enlarge_reqbuf)
379 (struct ptlrpc_sec *sec,
380 struct ptlrpc_request *req,
381 int segment, int newsize);
385 int (*display) (struct ptlrpc_sec *sec,
386 struct seq_file *seq);
389 struct ptlrpc_sec_sops {
390 int (*accept) (struct ptlrpc_request *req);
391 int (*authorize) (struct ptlrpc_request *req);
392 void (*invalidate_ctx)
393 (struct ptlrpc_svc_ctx *ctx);
394 /* buffer manipulation */
395 int (*alloc_rs) (struct ptlrpc_request *req,
397 void (*free_rs) (struct ptlrpc_reply_state *rs);
398 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
399 /* reverse credential */
400 int (*install_rctx)(struct obd_import *imp,
401 struct ptlrpc_svc_ctx *ctx);
403 int (*unwrap_bulk) (struct ptlrpc_request *req,
404 struct ptlrpc_bulk_desc *desc);
405 int (*wrap_bulk) (struct ptlrpc_request *req,
406 struct ptlrpc_bulk_desc *desc);
409 struct ptlrpc_sec_policy {
410 struct module *sp_owner;
412 __u16 sp_policy; /* policy number */
413 struct ptlrpc_sec_cops *sp_cops; /* client ops */
414 struct ptlrpc_sec_sops *sp_sops; /* server ops */
417 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
418 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
419 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
420 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
421 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
424 struct ptlrpc_sec_policy *ps_policy;
425 atomic_t ps_refcount;
426 atomic_t ps_nctx; /* statistic only */
427 int ps_id; /* unique identifier */
428 struct sptlrpc_flavor ps_flvr; /* flavor */
429 enum lustre_sec_part ps_part;
430 unsigned int ps_dying:1;
431 struct obd_import *ps_import; /* owning import */
432 spinlock_t ps_lock; /* protect ccache */
436 struct list_head ps_gc_list;
437 cfs_time_t ps_gc_interval; /* in seconds */
438 cfs_time_t ps_gc_next; /* in seconds */
441 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
443 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
446 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
448 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
452 struct ptlrpc_svc_ctx {
453 atomic_t sc_refcount;
454 struct ptlrpc_sec_policy *sc_policy;
458 * user identity descriptor
460 #define LUSTRE_MAX_GROUPS (128)
462 struct ptlrpc_user_desc {
475 enum sptlrpc_bulk_hash_alg {
476 BULK_HASH_ALG_NULL = 0,
477 BULK_HASH_ALG_ADLER32,
481 BULK_HASH_ALG_SHA256,
482 BULK_HASH_ALG_SHA384,
483 BULK_HASH_ALG_SHA512,
490 enum sptlrpc_bulk_cipher_alg {
491 BULK_CIPH_ALG_NULL = 0,
493 BULK_CIPH_ALG_AES128,
494 BULK_CIPH_ALG_AES192,
495 BULK_CIPH_ALG_AES256,
496 BULK_CIPH_ALG_CAST128,
497 BULK_CIPH_ALG_CAST256,
498 BULK_CIPH_ALG_TWOFISH128,
499 BULK_CIPH_ALG_TWOFISH256,
503 struct sptlrpc_hash_type {
506 unsigned int sht_size;
509 struct sptlrpc_ciph_type {
513 unsigned int sct_ivsize;
514 unsigned int sct_keysize;
517 const struct sptlrpc_hash_type *sptlrpc_get_hash_type(__u8 hash_alg);
518 const char * sptlrpc_get_hash_name(__u8 hash_alg);
519 const struct sptlrpc_ciph_type *sptlrpc_get_ciph_type(__u8 ciph_alg);
520 const char *sptlrpc_get_ciph_name(__u8 ciph_alg);
522 #define CIPHER_MAX_BLKSIZE (16)
523 #define CIPHER_MAX_KEYSIZE (64)
525 struct ptlrpc_bulk_sec_desc {
529 __u8 bsd_hash_alg; /* hash algorithm */
530 __u8 bsd_ciph_alg; /* cipher algorithm */
531 __u8 bsd_key[CIPHER_MAX_KEYSIZE]; /* encrypt key seed */
539 struct proc_dir_entry;
540 extern struct proc_dir_entry *sptlrpc_proc_root;
543 * round size up to next power of 2, for slab allocation.
544 * @size must be sane (can't overflow after round up)
546 static inline int size_roundup_power2(int size)
559 * internal support libraries
561 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
562 int segment, int newsize);
567 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
568 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
570 __u16 sptlrpc_name2rpcflavor(const char *name);
571 const char *sptlrpc_rpcflavor2name(__u16 flavor);
572 int sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
575 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
577 __module_get(policy->sp_owner);
582 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
584 module_put(policy->sp_owner);
591 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
593 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
597 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
599 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
603 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
605 return (cli_ctx_status(ctx) != 0);
609 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
611 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
615 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
617 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
621 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
623 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
627 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
629 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
635 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
636 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
639 * internal apis which only used by policy impelentation
641 int sptlrpc_get_next_secid(void);
642 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
645 * exported client context api
647 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
648 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
649 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
650 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
651 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
654 * exported client context wrap/buffers
656 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
657 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
658 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
659 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
660 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
661 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
662 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
663 int segment, int newsize);
664 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
665 struct ptlrpc_request **req_ret);
666 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
668 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
671 * exported higher interface of import & request
673 int sptlrpc_import_sec_adapt(struct obd_import *imp,
674 struct ptlrpc_svc_ctx *ctx,
676 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
677 void sptlrpc_import_sec_put(struct obd_import *imp);
679 int sptlrpc_import_check_ctx(struct obd_import *imp);
680 void sptlrpc_import_inval_all_ctx(struct obd_import *imp);
681 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
682 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
683 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
684 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
685 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
686 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
687 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
688 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
690 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
693 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
694 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
695 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
698 const char * sec2target_str(struct ptlrpc_sec *sec);
699 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
704 enum secsvc_accept_res {
710 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
711 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
712 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
713 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
714 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
715 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
716 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
718 int sptlrpc_target_export_check(struct obd_export *exp,
719 struct ptlrpc_request *req);
720 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
721 struct sptlrpc_rule_set *rset);
726 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
727 struct ptlrpc_svc_ctx *ctx);
728 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
729 struct ptlrpc_cli_ctx *ctx);
731 /* bulk security api */
732 int sptlrpc_enc_pool_add_user(void);
733 int sptlrpc_enc_pool_del_user(void);
734 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
735 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
737 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
738 struct ptlrpc_bulk_desc *desc);
739 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
740 int nob, obd_count pg_count,
741 struct brw_page **pga);
742 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
743 struct ptlrpc_bulk_desc *desc);
744 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
745 struct ptlrpc_bulk_desc *desc);
746 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
747 struct ptlrpc_bulk_desc *desc);
749 /* user descriptor helpers */
750 static inline int sptlrpc_user_desc_size(int ngroups)
752 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
755 int sptlrpc_current_user_desc_size(void);
756 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
757 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset);
759 /* bulk helpers (internal use only by policies) */
760 int bulk_sec_desc_size(__u8 hash_alg, int request, int read);
761 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset);
763 int bulk_csum_cli_request(struct ptlrpc_bulk_desc *desc, int read,
764 __u32 alg, struct lustre_msg *rmsg, int roff);
765 int bulk_csum_cli_reply(struct ptlrpc_bulk_desc *desc, int read,
766 struct lustre_msg *rmsg, int roff,
767 struct lustre_msg *vmsg, int voff);
768 int bulk_csum_svc(struct ptlrpc_bulk_desc *desc, int read,
769 struct ptlrpc_bulk_sec_desc *bsdv, int vsize,
770 struct ptlrpc_bulk_sec_desc *bsdr, int rsize);
772 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
773 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
777 LUSTRE_SEC_REMOTE = 1,
778 LUSTRE_SEC_SPECIFY = 2,
782 #endif /* _LUSTRE_SEC_H_ */