1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2005 Cluster File Systems, Inc.
6 * Author: Lai Siyao <lsy@clusterfs.com>
8 * This file is part of Lustre, http://www.lustre.org.
10 * Lustre is free software; you can redistribute it and/or
11 * modify it under the terms of version 2 of the GNU General Public
12 * License as published by the Free Software Foundation.
14 * Lustre is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with Lustre; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #define DEBUG_SUBSYSTEM S_FILTER
27 #include <linux/version.h>
28 #include <asm/uaccess.h>
29 #include <linux/file.h>
30 #include <linux/kmod.h>
32 #include <lustre_fsfilt.h>
33 #include <lustre_capa.h>
35 #include "filter_internal.h"
37 static inline __u32 filter_ck_keyid(struct filter_capa_key *key)
39 return key->k_key.lk_keyid;
42 int filter_update_capa_key(struct obd_device *obd, struct lustre_capa_key *new)
44 struct filter_obd *filter = &obd->u.filter;
45 struct filter_capa_key *k, *keys[2] = { NULL, NULL };
48 spin_lock(&capa_lock);
49 list_for_each_entry(k, &filter->fo_capa_keys, k_list) {
50 if (k->k_key.lk_mdsid != new->lk_mdsid)
55 if (filter_ck_keyid(keys[1]) > filter_ck_keyid(keys[0]))
56 keys[1] = keys[0], keys[0] = k;
61 spin_unlock(&capa_lock);
63 for (i = 0; i < 2; i++) {
66 if (filter_ck_keyid(keys[i]) != new->lk_keyid)
68 /* maybe because of recovery or other reasons, MDS sent the
69 * the old capability key again.
71 spin_lock(&capa_lock);
72 keys[i]->k_key = *new;
73 spin_unlock(&capa_lock);
79 /* if OSS already have two keys, update the old one */
85 INIT_LIST_HEAD(&k->k_list);
88 spin_lock(&capa_lock);
90 if (list_empty(&k->k_list))
91 list_add(&k->k_list, &filter->fo_capa_keys);
92 spin_unlock(&capa_lock);
94 DEBUG_CAPA_KEY(D_SEC, new, "new");
98 int filter_auth_capa(struct obd_export *exp, struct lu_fid *fid, __u64 mdsid,
99 struct lustre_capa *capa, __u64 opc)
101 struct obd_device *obd = exp->exp_obd;
102 struct filter_obd *filter = &obd->u.filter;
103 struct filter_capa_key *k;
104 struct lustre_capa_key key;
107 int keys_ready = 0, key_found = 0, rc = 0;
110 /* capability is disabled */
111 if (!filter->fo_fl_oss_capa)
116 CERROR("mdsno/fid/opc "LPU64"/"DFID"/"LPX64
117 ": no capability has been passed\n",
118 mdsid, PFID(fid), opc);
120 CERROR("mdsno/opc "LPU64"/"LPX64
121 ": no capability has been passed\n",
126 #warning "enable fid check in filter_auth_capa() when fid stored in OSS object"
128 if (opc == CAPA_OPC_OSS_READ) {
129 if (!(capa->lc_opc & CAPA_OPC_OSS_RW))
131 } else if (!capa_opc_supported(capa, opc)) {
135 DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc);
139 oc = capa_lookup(filter->fo_capa_hash, capa, 0);
141 spin_lock(&oc->c_lock);
142 if (capa_is_expired(oc)) {
143 DEBUG_CAPA(D_ERROR, capa, "expired");
146 spin_unlock(&oc->c_lock);
152 spin_lock(&capa_lock);
153 list_for_each_entry(k, &filter->fo_capa_keys, k_list)
154 if (k->k_key.lk_mdsid == mdsid) {
156 if (k->k_key.lk_keyid == capa_keyid(capa)) {
162 spin_unlock(&capa_lock);
165 CDEBUG(D_SEC, "MDS hasn't propagated capability keys yet, "
171 DEBUG_CAPA(D_ERROR, capa, "no matched capability key for");
175 OBD_ALLOC(hmac, CAPA_HMAC_MAX_LEN);
179 rc = capa_hmac(hmac, capa, key.lk_key);
181 DEBUG_CAPA(D_ERROR, capa, "HMAC failed: rc %d", rc);
182 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
186 rc = memcmp(hmac, capa->lc_hmac, CAPA_HMAC_MAX_LEN);
187 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
189 DEBUG_CAPA_KEY(D_ERROR, &key, "calculate HMAC with ");
190 DEBUG_CAPA(D_ERROR, capa, "HMAC mismatch");
194 /* store in capa hash */
195 oc = capa_add(filter->fo_capa_hash, capa);
200 void filter_free_capa_keys(struct filter_obd *filter)
202 struct filter_capa_key *key, *n;
204 spin_lock(&capa_lock);
205 list_for_each_entry_safe(key, n, &filter->fo_capa_keys, k_list) {
206 list_del_init(&key->k_list);
207 OBD_FREE(key, sizeof(*key));
209 spin_unlock(&capa_lock);