1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004-2007 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #ifndef _LUSTRE_SEC_H_
23 #define _LUSTRE_SEC_H_
31 struct ptlrpc_request;
32 struct ptlrpc_reply_state;
33 struct ptlrpc_bulk_desc;
40 struct ptlrpc_sec_policy;
41 struct ptlrpc_sec_cops;
42 struct ptlrpc_sec_sops;
44 struct ptlrpc_svc_ctx;
45 struct ptlrpc_cli_ctx;
46 struct ptlrpc_ctx_ops;
52 SPTLRPC_POLICY_NULL = 0,
53 SPTLRPC_POLICY_PLAIN = 1,
54 SPTLRPC_POLICY_GSS = 2,
58 enum sptlrpc_mech_null {
59 SPTLRPC_MECH_NULL = 0,
60 SPTLRPC_MECH_NULL_MAX,
63 enum sptlrpc_mech_plain {
64 SPTLRPC_MECH_PLAIN = 0,
65 SPTLRPC_MECH_PLAIN_MAX,
68 enum sptlrpc_mech_gss {
69 SPTLRPC_MECH_GSS_NULL = 0,
70 SPTLRPC_MECH_GSS_KRB5 = 1,
74 enum sptlrpc_service_type {
75 SPTLRPC_SVC_NULL = 0, /* no security */
76 SPTLRPC_SVC_AUTH = 1, /* auth only */
77 SPTLRPC_SVC_INTG = 2, /* integrity */
78 SPTLRPC_SVC_PRIV = 3, /* privacy */
83 * rpc flavor compose/extract, represented as 16 bits
85 * 4b (reserved) | 4b (svc) | 4b (mech) | 4b (policy)
87 #define RPC_FLVR_POLICY_OFFSET (0)
88 #define RPC_FLVR_MECH_OFFSET (4)
89 #define RPC_FLVR_SVC_OFFSET (8)
91 #define MAKE_RPC_FLVR(policy, mech, svc) \
92 (((__u16)(policy) << RPC_FLVR_POLICY_OFFSET) | \
93 ((__u16)(mech) << RPC_FLVR_MECH_OFFSET) | \
94 ((__u16)(svc) << RPC_FLVR_SVC_OFFSET))
96 #define MAKE_RPC_SUBFLVR(mech, svc) \
98 ((__u16)(svc) << (RPC_FLVR_SVC_OFFSET - RPC_FLVR_MECH_OFFSET)))
100 #define RPC_FLVR_SUB(flavor) \
101 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xFF)
103 #define RPC_FLVR_POLICY(flavor) \
104 ((((__u16)(flavor)) >> RPC_FLVR_POLICY_OFFSET) & 0xF)
105 #define RPC_FLVR_MECH(flavor) \
106 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xF)
107 #define RPC_FLVR_SVC(flavor) \
108 ((((__u16)(flavor)) >> RPC_FLVR_SVC_OFFSET) & 0xF)
113 #define SPTLRPC_SUBFLVR_KRB5N \
114 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
115 #define SPTLRPC_SUBFLVR_KRB5A \
116 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
117 #define SPTLRPC_SUBFLVR_KRB5I \
118 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
119 #define SPTLRPC_SUBFLVR_KRB5P \
120 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
125 #define SPTLRPC_FLVR_NULL \
126 MAKE_RPC_FLVR(SPTLRPC_POLICY_NULL, \
129 #define SPTLRPC_FLVR_PLAIN \
130 MAKE_RPC_FLVR(SPTLRPC_POLICY_PLAIN, \
131 SPTLRPC_MECH_PLAIN, \
133 #define SPTLRPC_FLVR_KRB5N \
134 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
135 SPTLRPC_MECH_GSS_KRB5, \
137 #define SPTLRPC_FLVR_KRB5A \
138 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
139 SPTLRPC_MECH_GSS_KRB5, \
141 #define SPTLRPC_FLVR_KRB5I \
142 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
143 SPTLRPC_MECH_GSS_KRB5, \
145 #define SPTLRPC_FLVR_KRB5P \
146 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
147 SPTLRPC_MECH_GSS_KRB5, \
150 #define SPTLRPC_FLVR_INVALID ((__u16) -1)
152 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
155 * 32 bits wire flavor (msg->lm_secflvr), lower 12 bits is the rpc flavor,
156 * higher 20 bits is not defined right now.
158 #define WIRE_FLVR_RPC(wflvr) (((__u16) (wflvr)) & 0x0FFF)
160 static inline void rpc_flvr_set_svc(__u16 *flvr, __u16 svc)
162 LASSERT(svc < SPTLRPC_SVC_MAX);
163 *flvr = MAKE_RPC_FLVR(RPC_FLVR_POLICY(*flvr),
164 RPC_FLVR_MECH(*flvr),
169 struct sptlrpc_flavor {
170 __u16 sf_rpc; /* rpc flavor */
171 __u8 sf_bulk_priv; /* bulk encrypt alg */
172 __u8 sf_bulk_csum; /* bulk checksum alg */
173 __u32 sf_flags; /* general flags */
176 enum lustre_sec_part {
184 struct sptlrpc_rule {
185 __u32 sr_netid; /* LNET network ID */
186 __u8 sr_from; /* sec_part */
187 __u8 sr_to; /* sec_part */
189 struct sptlrpc_flavor sr_flvr;
192 struct sptlrpc_rule_set {
195 struct sptlrpc_rule *srs_rules;
198 #define SPTLRPC_CONF_LOG_MAX (64)
200 struct sptlrpc_conf_log {
201 __u32 scl_max; /* maximum rules # */
202 __u32 scl_nrule; /* rules # */
203 __u8 scl_part; /* which part am i */
207 struct sptlrpc_rule scl_rules[SPTLRPC_CONF_LOG_MAX];
210 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
212 memset(set, 0, sizeof(*set));
215 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
216 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set, int expand);
217 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
218 struct sptlrpc_rule *rule,
220 int sptlrpc_rule_set_from_log(struct sptlrpc_rule_set *rset,
221 struct sptlrpc_conf_log *log);
222 void sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
223 enum lustre_sec_part from,
225 struct sptlrpc_flavor *flavor);
226 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
228 struct sptlrpc_conf_log *sptlrpc_conf_log_alloc(void);
229 void sptlrpc_conf_log_free(struct sptlrpc_conf_log *log);
230 int sptlrpc_conf_log_populate(struct sptlrpc_rule_set *gen,
231 struct sptlrpc_rule_set *tgt,
232 enum lustre_sec_part from,
233 enum lustre_sec_part to,
234 unsigned int fl_udesc,
235 struct sptlrpc_conf_log *log);
236 struct sptlrpc_conf_log *sptlrpc_conf_log_extract(struct lustre_cfg *lcfg);
237 void sptlrpc_conf_log_cleanup(struct sptlrpc_conf_log *log);
238 void sptlrpc_conf_log_dump(struct sptlrpc_conf_log *log);
240 const char *sptlrpc_part2name(enum lustre_sec_part part);
241 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
243 int sptlrpc_cliobd_process_config(struct obd_device *obd,
244 struct lustre_cfg *lcfg);
246 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
247 * and should be enough for other future mechanisms but not sure.
248 * Only used by pre-allocated request/reply pool.
250 #define SPTLRPC_MAX_PAYLOAD (1024)
258 struct ptlrpc_ctx_ops {
259 int (*match) (struct ptlrpc_cli_ctx *ctx,
260 struct vfs_cred *vcred);
261 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
262 int (*validate) (struct ptlrpc_cli_ctx *ctx);
263 void (*die) (struct ptlrpc_cli_ctx *ctx,
265 int (*display) (struct ptlrpc_cli_ctx *ctx,
266 char *buf, int bufsize);
270 int (*sign) (struct ptlrpc_cli_ctx *ctx,
271 struct ptlrpc_request *req);
272 int (*verify) (struct ptlrpc_cli_ctx *ctx,
273 struct ptlrpc_request *req);
274 int (*seal) (struct ptlrpc_cli_ctx *ctx,
275 struct ptlrpc_request *req);
276 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
277 struct ptlrpc_request *req);
281 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
282 struct ptlrpc_request *req,
283 struct ptlrpc_bulk_desc *desc);
284 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
285 struct ptlrpc_request *req,
286 struct ptlrpc_bulk_desc *desc);
289 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
290 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
291 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
292 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
293 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
294 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
296 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
297 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
298 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
299 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
300 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
301 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
303 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
304 PTLRPC_CTX_UPTODATE | \
308 struct ptlrpc_cli_ctx {
309 struct hlist_node cc_cache; /* linked into ctx cache */
310 atomic_t cc_refcount;
311 struct ptlrpc_sec *cc_sec;
312 struct ptlrpc_ctx_ops *cc_ops;
313 cfs_time_t cc_expire; /* in seconds */
314 unsigned int cc_early_expire:1;
315 unsigned long cc_flags;
316 struct vfs_cred cc_vcred;
318 struct list_head cc_req_list; /* waiting reqs linked here */
319 struct list_head cc_gc_chain; /* linked to gc chain */
322 struct ptlrpc_sec_cops {
324 * ptlrpc_sec constructor/destructor
326 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
327 struct ptlrpc_svc_ctx *ctx,
328 struct sptlrpc_flavor *flavor);
329 void (*destroy_sec) (struct ptlrpc_sec *sec);
334 void (*kill_sec) (struct ptlrpc_sec *sec);
339 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
340 struct vfs_cred *vcred,
343 void (*release_ctx) (struct ptlrpc_sec *sec,
344 struct ptlrpc_cli_ctx *ctx,
346 int (*flush_ctx_cache)
347 (struct ptlrpc_sec *sec,
351 void (*gc_ctx) (struct ptlrpc_sec *sec);
356 int (*install_rctx)(struct obd_import *imp,
357 struct ptlrpc_sec *sec,
358 struct ptlrpc_cli_ctx *ctx);
361 * request/reply buffer manipulation
363 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
364 struct ptlrpc_request *req,
365 int lustre_msg_size);
366 void (*free_reqbuf) (struct ptlrpc_sec *sec,
367 struct ptlrpc_request *req);
368 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
369 struct ptlrpc_request *req,
370 int lustre_msg_size);
371 void (*free_repbuf) (struct ptlrpc_sec *sec,
372 struct ptlrpc_request *req);
373 int (*enlarge_reqbuf)
374 (struct ptlrpc_sec *sec,
375 struct ptlrpc_request *req,
376 int segment, int newsize);
380 int (*display) (struct ptlrpc_sec *sec,
381 struct seq_file *seq);
384 struct ptlrpc_sec_sops {
385 int (*accept) (struct ptlrpc_request *req);
386 int (*authorize) (struct ptlrpc_request *req);
387 void (*invalidate_ctx)
388 (struct ptlrpc_svc_ctx *ctx);
389 /* buffer manipulation */
390 int (*alloc_rs) (struct ptlrpc_request *req,
392 void (*free_rs) (struct ptlrpc_reply_state *rs);
393 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
394 /* reverse credential */
395 int (*install_rctx)(struct obd_import *imp,
396 struct ptlrpc_svc_ctx *ctx);
398 int (*unwrap_bulk) (struct ptlrpc_request *req,
399 struct ptlrpc_bulk_desc *desc);
400 int (*wrap_bulk) (struct ptlrpc_request *req,
401 struct ptlrpc_bulk_desc *desc);
404 struct ptlrpc_sec_policy {
405 struct module *sp_owner;
407 __u16 sp_policy; /* policy number */
408 struct ptlrpc_sec_cops *sp_cops; /* client ops */
409 struct ptlrpc_sec_sops *sp_sops; /* server ops */
412 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
413 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
414 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
415 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
416 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
419 struct ptlrpc_sec_policy *ps_policy;
420 atomic_t ps_refcount;
421 atomic_t ps_nctx; /* statistic only */
422 int ps_id; /* unique identifier */
423 struct sptlrpc_flavor ps_flvr; /* flavor */
424 enum lustre_sec_part ps_part;
425 unsigned int ps_dying:1;
426 struct obd_import *ps_import; /* owning import */
427 spinlock_t ps_lock; /* protect ccache */
431 struct list_head ps_gc_list;
432 cfs_time_t ps_gc_interval; /* in seconds */
433 cfs_time_t ps_gc_next; /* in seconds */
436 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
438 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
441 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
443 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
447 struct ptlrpc_svc_ctx {
448 atomic_t sc_refcount;
449 struct ptlrpc_sec_policy *sc_policy;
453 * user identity descriptor
455 #define LUSTRE_MAX_GROUPS (128)
457 struct ptlrpc_user_desc {
470 enum bulk_checksum_alg {
471 BULK_CSUM_ALG_NULL = 0,
475 BULK_CSUM_ALG_SHA256,
476 BULK_CSUM_ALG_SHA384,
477 BULK_CSUM_ALG_SHA512,
481 enum bulk_encrypt_alg {
482 BULK_PRIV_ALG_NULL = 0,
487 struct ptlrpc_bulk_sec_desc {
489 __u8 bsd_csum_alg; /* checksum algorithm */
490 __u8 bsd_priv_alg; /* encrypt algorithm */
492 __u8 bsd_iv[16]; /* encrypt iv */
496 const char * sptlrpc_bulk_csum_alg2name(__u8 csum_alg);
497 const char * sptlrpc_bulk_priv_alg2name(__u8 priv_alg);
498 __u32 sptlrpc_bulk_priv_alg2flags(__u8 priv_alg);
503 struct proc_dir_entry;
504 extern struct proc_dir_entry *sptlrpc_proc_root;
507 * round size up to next power of 2, for slab allocation.
508 * @size must be sane (can't overflow after round up)
510 static inline int size_roundup_power2(int size)
523 * internal support libraries
525 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
526 int segment, int newsize);
531 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
532 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
534 __u16 sptlrpc_name2rpcflavor(const char *name);
535 const char *sptlrpc_rpcflavor2name(__u16 flavor);
536 int sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
539 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
541 __module_get(policy->sp_owner);
546 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
548 module_put(policy->sp_owner);
555 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
557 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
561 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
563 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
567 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
569 return (cli_ctx_status(ctx) != 0);
573 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
575 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
579 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
581 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
585 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
587 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
591 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
593 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
599 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
600 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
603 * internal apis which only used by policy impelentation
605 int sptlrpc_get_next_secid(void);
606 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
609 * exported client context api
611 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
612 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
613 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
614 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
615 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
618 * exported client context wrap/buffers
620 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
621 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
622 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
623 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
624 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
625 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
626 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
627 int segment, int newsize);
628 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
631 * exported higher interface of import & request
633 int sptlrpc_import_sec_adapt(struct obd_import *imp,
634 struct ptlrpc_svc_ctx *ctx,
636 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
637 void sptlrpc_import_sec_put(struct obd_import *imp);
639 int sptlrpc_import_check_ctx(struct obd_import *imp);
640 void sptlrpc_import_inval_all_ctx(struct obd_import *imp);
641 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
642 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
643 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
644 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
645 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
646 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
647 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
648 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
650 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
653 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
654 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
655 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
658 const char * sec2target_str(struct ptlrpc_sec *sec);
659 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
664 enum secsvc_accept_res {
670 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
671 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
672 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
673 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
674 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
675 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
676 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
678 int sptlrpc_target_export_check(struct obd_export *exp,
679 struct ptlrpc_request *req);
680 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
681 struct sptlrpc_rule_set *rset);
686 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
687 struct ptlrpc_svc_ctx *ctx);
688 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
689 struct ptlrpc_cli_ctx *ctx);
691 /* bulk security api */
692 int sptlrpc_enc_pool_add_user(void);
693 int sptlrpc_enc_pool_del_user(void);
694 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
695 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
697 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
698 struct ptlrpc_bulk_desc *desc);
699 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
700 int nob, obd_count pg_count,
701 struct brw_page **pga);
702 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
703 struct ptlrpc_bulk_desc *desc);
704 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
705 struct ptlrpc_bulk_desc *desc);
706 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
707 struct ptlrpc_bulk_desc *desc);
709 /* user descriptor helpers */
710 static inline int sptlrpc_user_desc_size(int ngroups)
712 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
715 int sptlrpc_current_user_desc_size(void);
716 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
717 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset);
719 /* bulk helpers (internal use only by policies) */
720 int bulk_sec_desc_size(__u8 csum_alg, int request, int read);
721 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset);
723 int bulk_csum_cli_request(struct ptlrpc_bulk_desc *desc, int read,
724 __u32 alg, struct lustre_msg *rmsg, int roff);
725 int bulk_csum_cli_reply(struct ptlrpc_bulk_desc *desc, int read,
726 struct lustre_msg *rmsg, int roff,
727 struct lustre_msg *vmsg, int voff);
728 int bulk_csum_svc(struct ptlrpc_bulk_desc *desc, int read,
729 struct ptlrpc_bulk_sec_desc *bsdv, int vsize,
730 struct ptlrpc_bulk_sec_desc *bsdr, int rsize);
733 #endif /* _LUSTRE_SEC_H_ */