4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2011, 2012, Whamcloud, Inc.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/ofd/ofd_capa.c
38 * Author: Lai Siyao <laisiyao@whamcloud.com>
41 #define DEBUG_SUBSYSTEM S_FILTER
43 #include "ofd_internal.h"
45 static inline __u32 ofd_ck_keyid(struct filter_capa_key *key)
47 return key->k_key.lk_keyid;
50 int ofd_update_capa_key(struct ofd_device *ofd, struct lustre_capa_key *new)
52 struct obd_device *obd = ofd_obd(ofd);
53 struct filter_capa_key *k, *keys[2] = { NULL, NULL };
56 cfs_spin_lock(&capa_lock);
57 cfs_list_for_each_entry(k, &obd->u.filter.fo_capa_keys, k_list) {
58 if (k->k_key.lk_seq != new->lk_seq)
63 if (ofd_ck_keyid(keys[1]) > ofd_ck_keyid(keys[0]))
64 keys[1] = keys[0], keys[0] = k;
69 cfs_spin_unlock(&capa_lock);
71 for (i = 0; i < 2; i++) {
74 if (ofd_ck_keyid(keys[i]) != new->lk_keyid)
76 /* maybe because of recovery or other reasons, MDS sent the
77 * the old capability key again.
79 cfs_spin_lock(&capa_lock);
80 keys[i]->k_key = *new;
81 cfs_spin_unlock(&capa_lock);
87 /* if OSS already have two keys, update the old one */
93 CFS_INIT_LIST_HEAD(&k->k_list);
96 cfs_spin_lock(&capa_lock);
98 if (cfs_list_empty(&k->k_list))
99 cfs_list_add(&k->k_list, &obd->u.filter.fo_capa_keys);
100 cfs_spin_unlock(&capa_lock);
102 DEBUG_CAPA_KEY(D_SEC, new, "new");
106 int ofd_auth_capa(struct obd_export *exp, struct lu_fid *fid, obd_seq seq,
107 struct lustre_capa *capa, __u64 opc)
109 struct filter_obd *filter = &exp->exp_obd->u.filter;
110 struct filter_capa_key *k;
111 struct lustre_capa_key key;
114 int keys_ready = 0, key_found = 0, rc = 0;
118 /* skip capa check for llog and obdecho */
119 if (!fid_seq_is_mdt(seq))
122 /* capability is disabled */
123 if (!filter->fo_fl_oss_capa)
126 if (!(exp->exp_connect_flags & OBD_CONNECT_OSS_CAPA))
131 CERROR("seq/fid/opc "LPU64"/"DFID"/"LPX64
132 ": no capability has been passed\n",
133 seq, PFID(fid), opc);
135 CERROR("seq/opc "LPU64"/"LPX64
136 ": no capability has been passed\n",
141 if (opc == CAPA_OPC_OSS_READ) {
142 if (!(capa->lc_opc & CAPA_OPC_OSS_RW))
144 } else if (!capa_opc_supported(capa, opc)) {
149 DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc);
153 oc = capa_lookup(filter->fo_capa_hash, capa, 0);
155 cfs_spin_lock(&oc->c_lock);
156 if (capa_is_expired(oc)) {
157 DEBUG_CAPA(D_ERROR, capa, "expired");
160 cfs_spin_unlock(&oc->c_lock);
166 if (capa_is_expired_sec(capa)) {
167 DEBUG_CAPA(D_ERROR, capa, "expired");
171 cfs_spin_lock(&capa_lock);
172 cfs_list_for_each_entry(k, &filter->fo_capa_keys, k_list) {
173 if (k->k_key.lk_seq == seq) {
175 if (k->k_key.lk_keyid == capa_keyid(capa)) {
182 cfs_spin_unlock(&capa_lock);
185 CDEBUG(D_SEC, "MDS hasn't propagated capability keys yet, "
191 DEBUG_CAPA(D_ERROR, capa, "no matched capability key for");
195 OBD_ALLOC(hmac, CAPA_HMAC_MAX_LEN);
199 rc = capa_hmac(hmac, capa, key.lk_key);
201 DEBUG_CAPA(D_ERROR, capa, "HMAC failed: rc %d", rc);
202 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
206 rc = memcmp(hmac, capa->lc_hmac, CAPA_HMAC_MAX_LEN);
207 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
209 DEBUG_CAPA_KEY(D_ERROR, &key, "calculate HMAC with ");
210 DEBUG_CAPA(D_ERROR, capa, "HMAC mismatch");
214 /* store in capa hash */
215 oc = capa_add(filter->fo_capa_hash, capa);
220 void ofd_free_capa_keys(struct ofd_device *ofd)
222 struct obd_device *obd = ofd_obd(ofd);
223 struct filter_capa_key *key, *n;
225 cfs_spin_lock(&capa_lock);
226 cfs_list_for_each_entry_safe(key, n, &obd->u.filter.fo_capa_keys, k_list) {
227 cfs_list_del_init(&key->k_list);
230 cfs_spin_unlock(&capa_lock);