4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2012, 2014, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
31 * lustre/ptlrpc/gss/gss_keyring.c
33 * Author: Eric Mei <ericm@clusterfs.com>
36 #define DEBUG_SUBSYSTEM S_SEC
37 #include <linux/init.h>
38 #include <linux/module.h>
39 #include <linux/slab.h>
40 #include <linux/dcache.h>
42 #include <linux/crypto.h>
43 #include <linux/key.h>
44 #include <linux/keyctl.h>
45 #include <linux/key-type.h>
46 #include <linux/mutex.h>
47 #include <asm/atomic.h>
49 #include <libcfs/linux/linux-list.h>
51 #include <obd_class.h>
52 #include <obd_support.h>
53 #include <uapi/linux/lustre/lustre_idl.h>
54 #include <lustre_sec.h>
55 #include <lustre_net.h>
56 #include <lustre_import.h>
59 #include "gss_internal.h"
62 #ifdef HAVE_GET_REQUEST_KEY_AUTH
63 #include <keys/request_key_auth-type.h>
66 static struct ptlrpc_sec_policy gss_policy_keyring;
67 static struct ptlrpc_ctx_ops gss_keyring_ctxops;
68 static struct key_type gss_key_type;
70 static int sec_install_rctx_kr(struct ptlrpc_sec *sec,
71 struct ptlrpc_svc_ctx *svc_ctx);
72 static void request_key_unlink(struct key *key);
75 * the timeout is only for the case that upcall child process die abnormally.
76 * in any other cases it should finally update kernel key.
78 * FIXME we'd better to incorporate the client & server side upcall timeouts
79 * into the framework of Adaptive Timeouts, but we need to figure out how to
80 * make sure that kernel knows the upcall processes is in-progress or died
83 #define KEYRING_UPCALL_TIMEOUT (obd_timeout + obd_timeout)
85 /* Check caller's namespace in gss_keyring upcall */
86 unsigned int gss_check_upcall_ns = 1;
88 /****************************************
90 ****************************************/
92 static inline void keyring_upcall_lock(struct gss_sec_keyring *gsec_kr)
94 #ifdef HAVE_KEYRING_UPCALL_SERIALIZED
95 mutex_lock(&gsec_kr->gsk_uc_lock);
99 static inline void keyring_upcall_unlock(struct gss_sec_keyring *gsec_kr)
101 #ifdef HAVE_KEYRING_UPCALL_SERIALIZED
102 mutex_unlock(&gsec_kr->gsk_uc_lock);
106 static inline void key_revoke_locked(struct key *key)
108 set_bit(KEY_FLAG_REVOKED, &key->flags);
111 static void ctx_upcall_timeout_kr(cfs_timer_cb_arg_t data)
113 struct gss_cli_ctx_keyring *gctx_kr = cfs_from_timer(gctx_kr,
115 struct ptlrpc_cli_ctx *ctx = &(gctx_kr->gck_base.gc_base);
116 struct obd_import *imp = ctx->cc_sec->ps_import;
117 struct key *key = gctx_kr->gck_key;
121 "%s: GSS context (%p) negotiation timeout, revoking key (%p)\n",
122 imp->imp_obd->obd_name, ctx, key);
125 "%s: GSS context (%p) negotiation timeout, ignoring already unlinked key\n",
126 imp->imp_obd->obd_name, ctx);
130 key_revoke_locked(key);
133 static void ctx_start_timer_kr(struct ptlrpc_cli_ctx *ctx, time64_t timeout)
135 struct gss_cli_ctx_keyring *gctx_kr = ctx2gctx_keyring(ctx);
136 struct timer_list *timer = &gctx_kr->gck_timer;
140 CDEBUG(D_SEC, "ctx %p: start timer %llds\n", ctx, timeout);
142 cfs_timer_setup(timer, ctx_upcall_timeout_kr,
143 (unsigned long)gctx_kr, 0);
144 timer->expires = cfs_time_seconds(timeout) + jiffies;
149 * caller should make sure no race with other threads
152 void ctx_clear_timer_kr(struct ptlrpc_cli_ctx *ctx)
154 struct gss_cli_ctx_keyring *gctx_kr = ctx2gctx_keyring(ctx);
155 struct timer_list *timer = &gctx_kr->gck_timer;
157 CDEBUG(D_SEC, "ctx %p, key %p\n", ctx, gctx_kr->gck_key);
159 timer_delete_sync(timer);
163 struct ptlrpc_cli_ctx *ctx_create_kr(struct ptlrpc_sec *sec,
164 struct vfs_cred *vcred)
166 struct ptlrpc_cli_ctx *ctx;
167 struct gss_cli_ctx_keyring *gctx_kr;
169 OBD_ALLOC_PTR(gctx_kr);
173 cfs_timer_setup(&gctx_kr->gck_timer, NULL, 0, 0);
175 ctx = &gctx_kr->gck_base.gc_base;
177 if (gss_cli_ctx_init_common(sec, ctx, &gss_keyring_ctxops, vcred)) {
178 OBD_FREE_PTR(gctx_kr);
182 ctx->cc_expire = ktime_get_real_seconds() + KEYRING_UPCALL_TIMEOUT;
183 clear_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags);
184 atomic_inc(&ctx->cc_refcount); /* for the caller */
189 static void ctx_destroy_kr(struct ptlrpc_cli_ctx *ctx)
191 struct ptlrpc_sec *sec = ctx->cc_sec;
192 struct gss_cli_ctx_keyring *gctx_kr = ctx2gctx_keyring(ctx);
194 CDEBUG(D_SEC, "destroying ctx %p\n", ctx);
196 /* at this time the association with key has been broken. */
198 LASSERT(atomic_read(&sec->ps_refcount) > 0);
199 LASSERT(atomic_read(&sec->ps_nctx) > 0);
200 LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
201 LASSERT(gctx_kr->gck_key == NULL);
203 ctx_clear_timer_kr(ctx);
205 if (gss_cli_ctx_fini_common(sec, ctx))
208 OBD_FREE_PTR(gctx_kr);
210 atomic_dec(&sec->ps_nctx);
211 sptlrpc_sec_put(sec);
214 static void ctx_release_kr(struct ptlrpc_cli_ctx *ctx, int sync)
219 atomic_inc(&ctx->cc_refcount);
220 sptlrpc_gc_add_ctx(ctx);
224 static void ctx_put_kr(struct ptlrpc_cli_ctx *ctx, int sync)
226 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
228 if (atomic_dec_and_test(&ctx->cc_refcount))
229 ctx_release_kr(ctx, sync);
233 * key <-> ctx association and rules:
234 * - ctx might not bind with any key
235 * - key/ctx binding is protected by key semaphore (if the key present)
236 * - key and ctx each take a reference of the other
237 * - ctx enlist/unlist is protected by ctx spinlock
238 * - never enlist a ctx after it's been unlisted
239 * - whoever do enlist should also do bind, lock key before enlist:
240 * - lock key -> lock ctx -> enlist -> unlock ctx -> bind -> unlock key
241 * - whoever do unlist should also do unbind:
242 * - lock key -> lock ctx -> unlist -> unlock ctx -> unbind -> unlock key
243 * - lock ctx -> unlist -> unlock ctx -> lock key -> unbind -> unlock key
246 static inline void spin_lock_if(spinlock_t *lock, int condition)
252 static inline void spin_unlock_if(spinlock_t *lock, int condition)
258 static void ctx_enlist_kr(struct ptlrpc_cli_ctx *ctx, int is_root, int locked)
260 struct ptlrpc_sec *sec = ctx->cc_sec;
261 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
263 LASSERT(!test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags));
264 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
266 spin_lock_if(&sec->ps_lock, !locked);
268 atomic_inc(&ctx->cc_refcount);
269 set_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags);
270 hlist_add_head(&ctx->cc_cache, &gsec_kr->gsk_clist);
272 gsec_kr->gsk_root_ctx = ctx;
274 spin_unlock_if(&sec->ps_lock, !locked);
278 * Note after this get called, caller should not access ctx again because
279 * it might have been freed, unless caller hold at least one refcount of
282 * return non-zero if we indeed unlist this ctx.
284 static int ctx_unlist_kr(struct ptlrpc_cli_ctx *ctx, int locked)
286 struct ptlrpc_sec *sec = ctx->cc_sec;
287 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
289 /* if hashed bit has gone, leave the job to somebody who is doing it */
290 if (test_and_clear_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0)
293 /* drop ref inside spin lock to prevent race with other operations */
294 spin_lock_if(&sec->ps_lock, !locked);
296 if (gsec_kr->gsk_root_ctx == ctx)
297 gsec_kr->gsk_root_ctx = NULL;
298 hlist_del_init(&ctx->cc_cache);
299 atomic_dec(&ctx->cc_refcount);
301 spin_unlock_if(&sec->ps_lock, !locked);
307 * Get specific payload. Newer kernels support 4 slots.
310 key_get_payload(struct key *key, unsigned int index)
312 void *key_ptr = NULL;
314 #ifdef HAVE_KEY_PAYLOAD_DATA_ARRAY
315 key_ptr = key->payload.data[index];
318 key_ptr = key->payload.data;
324 * Set specific payload. Newer kernels support 4 slots.
326 static int key_set_payload(struct key *key, unsigned int index,
327 struct ptlrpc_cli_ctx *ctx)
331 #ifdef HAVE_KEY_PAYLOAD_DATA_ARRAY
333 key->payload.data[index] = ctx;
336 key->payload.data = ctx;
344 * bind a key with a ctx together.
345 * caller must hold write lock of the key, as well as ref on key & ctx.
347 static void bind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
349 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
350 LASSERT(ll_read_key_usage(key) > 0);
351 LASSERT(ctx2gctx_keyring(ctx)->gck_key == NULL);
352 LASSERT(!key_get_payload(key, 0));
354 /* at this time context may or may not in list. */
356 atomic_inc(&ctx->cc_refcount);
357 ctx2gctx_keyring(ctx)->gck_key = key;
358 LASSERT(!key_set_payload(key, 0, ctx));
362 * unbind a key and a ctx.
363 * caller must hold write lock, as well as a ref of the key.
365 static void unbind_key_ctx(struct key *key, struct ptlrpc_cli_ctx *ctx)
367 LASSERT(key_get_payload(key, 0) == ctx);
368 LASSERT(test_bit(PTLRPC_CTX_CACHED_BIT, &ctx->cc_flags) == 0);
370 /* must revoke the key, or others may treat it as newly created */
371 key_revoke_locked(key);
372 request_key_unlink(key);
374 key_set_payload(key, 0, NULL);
375 ctx2gctx_keyring(ctx)->gck_key = NULL;
377 /* once ctx get split from key, the timer is meaningless */
378 ctx_clear_timer_kr(ctx);
385 * given a ctx, unbind with its coupled key, if any.
386 * unbind could only be called once, so we don't worry the key be released
389 static void unbind_ctx_kr(struct ptlrpc_cli_ctx *ctx)
391 struct key *key = ctx2gctx_keyring(ctx)->gck_key;
394 LASSERT(key_get_payload(key, 0) == ctx);
397 down_write(&key->sem);
398 unbind_key_ctx(key, ctx);
405 * given a key, unbind with its coupled ctx, if any.
406 * caller must hold write lock, as well as a ref of the key.
408 static void unbind_key_locked(struct key *key)
410 struct ptlrpc_cli_ctx *ctx = key_get_payload(key, 0);
413 unbind_key_ctx(key, ctx);
417 * unlist a ctx, and unbind from coupled key
419 static void kill_ctx_kr(struct ptlrpc_cli_ctx *ctx)
421 if (ctx_unlist_kr(ctx, 0))
426 * given a key, unlist and unbind with the coupled ctx (if any).
427 * caller must hold write lock, as well as a ref of the key.
429 static void kill_key_locked(struct key *key)
431 struct ptlrpc_cli_ctx *ctx = key_get_payload(key, 0);
433 if (ctx && ctx_unlist_kr(ctx, 0))
434 unbind_key_locked(key);
438 * caller should hold one ref on contexts in freelist.
440 static void dispose_ctx_list_kr(struct hlist_head *freelist)
442 struct hlist_node *next;
443 struct ptlrpc_cli_ctx *ctx;
444 struct gss_cli_ctx *gctx;
446 hlist_for_each_entry_safe(ctx, next, freelist, cc_cache) {
447 hlist_del_init(&ctx->cc_cache);
449 /* reverse ctx: update current seq to buddy svcctx if exist.
450 * ideally this should be done at gss_cli_ctx_finalize(), but
451 * the ctx destroy could be delayed by:
452 * 1) ctx still has reference;
453 * 2) ctx destroy is asynchronous;
454 * and reverse import call inval_all_ctx() require this be done
455 * _immediately_ otherwise newly created reverse ctx might copy
456 * the very old sequence number from svcctx. */
457 gctx = ctx2gctx(ctx);
458 if (!rawobj_empty(&gctx->gc_svc_handle) &&
459 sec_is_reverse(gctx->gc_base.cc_sec)) {
460 gss_svc_upcall_update_sequence(&gctx->gc_svc_handle,
461 (__u32) atomic_read(&gctx->gc_seq));
464 /* we need to wakeup waiting reqs here. the context might
465 * be forced released before upcall finished, then the
466 * late-arrived downcall can't find the ctx even. */
467 sptlrpc_cli_ctx_wakeup(ctx);
475 * lookup a root context directly in a sec, return root ctx with a
476 * reference taken or NULL.
479 struct ptlrpc_cli_ctx * sec_lookup_root_ctx_kr(struct ptlrpc_sec *sec)
481 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
482 struct ptlrpc_cli_ctx *ctx = NULL;
483 time64_t now = ktime_get_real_seconds();
485 spin_lock(&sec->ps_lock);
487 ctx = gsec_kr->gsk_root_ctx;
489 if (ctx == NULL && unlikely(sec_is_reverse(sec))) {
490 struct ptlrpc_cli_ctx *tmp;
492 /* For reverse context, browse list and pick the one with
493 * shortest expire time and that has not expired yet.
494 * This one is most likely to have an established peer context
497 hlist_for_each_entry(tmp, &gsec_kr->gsk_clist, cc_cache) {
498 if (ctx == NULL || ctx->cc_expire == 0 ||
499 (tmp->cc_expire > now &&
500 tmp->cc_expire < ctx->cc_expire) ||
501 (ctx->cc_expire < now &&
502 tmp->cc_expire > ctx->cc_expire)) {
504 /* promote to be root_ctx */
505 gsec_kr->gsk_root_ctx = ctx;
511 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
512 LASSERT(!hlist_empty(&gsec_kr->gsk_clist));
513 atomic_inc(&ctx->cc_refcount);
516 spin_unlock(&sec->ps_lock);
521 #define RVS_CTX_EXPIRE_NICE (10)
524 void rvs_sec_install_root_ctx_kr(struct ptlrpc_sec *sec,
525 struct ptlrpc_cli_ctx *new_ctx,
528 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
529 struct ptlrpc_cli_ctx *ctx;
533 LASSERT(sec_is_reverse(sec));
535 spin_lock(&sec->ps_lock);
537 now = ktime_get_real_seconds();
539 /* set all existing ctxs short expiry */
540 hlist_for_each_entry(ctx, &gsec_kr->gsk_clist, cc_cache) {
541 if (ctx->cc_expire > now + RVS_CTX_EXPIRE_NICE) {
542 ctx->cc_early_expire = 1;
543 ctx->cc_expire = now + RVS_CTX_EXPIRE_NICE;
547 /* if there's root_ctx there, instead obsolete the current
548 * immediately, we leave it continue operating for a little while.
549 * hopefully when the first backward rpc with newest ctx send out,
550 * the client side already have the peer ctx well established. */
551 ctx_enlist_kr(new_ctx, gsec_kr->gsk_root_ctx ? 0 : 1, 1);
554 bind_key_ctx(key, new_ctx);
556 spin_unlock(&sec->ps_lock);
559 static void construct_key_desc(void *buf, int bufsize,
560 struct ptlrpc_sec *sec, uid_t uid)
562 snprintf(buf, bufsize, "%d@%x", uid, sec->ps_id);
563 ((char *)buf)[bufsize - 1] = '\0';
566 /****************************************
568 ****************************************/
571 struct ptlrpc_sec * gss_sec_create_kr(struct obd_import *imp,
572 struct ptlrpc_svc_ctx *svcctx,
573 struct sptlrpc_flavor *sf)
575 struct gss_sec_keyring *gsec_kr;
578 OBD_ALLOC(gsec_kr, sizeof(*gsec_kr));
582 INIT_HLIST_HEAD(&gsec_kr->gsk_clist);
583 gsec_kr->gsk_root_ctx = NULL;
584 mutex_init(&gsec_kr->gsk_root_uc_lock);
585 #ifdef HAVE_KEYRING_UPCALL_SERIALIZED
586 mutex_init(&gsec_kr->gsk_uc_lock);
589 if (gss_sec_create_common(&gsec_kr->gsk_base, &gss_policy_keyring,
593 if (svcctx != NULL &&
594 sec_install_rctx_kr(&gsec_kr->gsk_base.gs_base, svcctx)) {
595 gss_sec_destroy_common(&gsec_kr->gsk_base);
599 RETURN(&gsec_kr->gsk_base.gs_base);
602 OBD_FREE(gsec_kr, sizeof(*gsec_kr));
607 void gss_sec_destroy_kr(struct ptlrpc_sec *sec)
609 struct gss_sec *gsec = sec2gsec(sec);
610 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
612 CDEBUG(D_SEC, "destroy %s@%p\n", sec->ps_policy->sp_name, sec);
614 LASSERT(atomic_read(&sec->ps_nctx) == 0);
615 LASSERT(hlist_empty(&gsec_kr->gsk_clist));
616 LASSERT(gsec_kr->gsk_root_ctx == NULL);
618 gss_sec_destroy_common(gsec);
620 OBD_FREE(gsec_kr, sizeof(*gsec_kr));
623 static inline int user_is_root(struct ptlrpc_sec *sec, struct vfs_cred *vcred)
625 /* except the ROOTONLY flag, treat it as root user only if real uid
626 * is 0, euid/fsuid being 0 are handled as setuid scenarios */
627 if (sec_is_rootonly(sec) || (vcred->vc_uid == 0))
634 * When lookup_user_key is available use the kernel API rather than directly
635 * accessing the uid_keyring and session_keyring via the current process
638 #ifdef HAVE_LOOKUP_USER_KEY
640 #ifdef HAVE_KEY_NEED_UNLINK
641 /* from Linux security/keys/internal.h: */
642 # ifndef KEY_LOOKUP_PARTIAL
643 # define KEY_LOOKUP_PARTIAL 0x2
646 # define KEY_NEED_UNLINK 0
647 # ifndef KEY_LOOKUP_FOR_UNLINK
648 # define KEY_LOOKUP_FOR_UNLINK 0x4
650 # define KEY_LOOKUP_PARTIAL KEY_LOOKUP_FOR_UNLINK
651 #endif /* HAVE_KEY_NEED_UNLINK */
653 static struct key *_user_key(key_serial_t id)
658 ref = lookup_user_key(id, KEY_LOOKUP_PARTIAL, KEY_NEED_UNLINK);
661 return key_ref_to_ptr(ref);
664 static inline struct key *get_user_session_keyring(const struct cred *cred)
666 return _user_key(KEY_SPEC_USER_SESSION_KEYRING);
669 static inline struct key *get_user_keyring(const struct cred *cred)
671 return _user_key(KEY_SPEC_USER_KEYRING);
674 static inline struct key *get_session_keyring(const struct cred *cred)
676 return _user_key(KEY_SPEC_SESSION_KEYRING);
679 static inline struct key *get_user_session_keyring(const struct cred *cred)
681 return key_get(cred->user->session_keyring);
684 static inline struct key *get_user_keyring(const struct cred *cred)
686 return key_get(cred->user->uid_keyring);
689 static inline struct key *get_session_keyring(const struct cred *cred)
691 return key_get(cred->session_keyring);
696 * unlink request key from it's ring, which is linked during request_key().
697 * sadly, we have to 'guess' which keyring it's linked to.
699 static void request_key_unlink(struct key *key)
701 struct cred *cred = (struct cred *)current_cred(), *new_cred = NULL;
702 kuid_t kuid_orig = current_cred()->user->uid;
703 #ifdef HAVE_USER_UID_KEYRING
704 struct key *root_uid_keyring = NULL;
706 const struct cred *old_cred = NULL;
707 struct key *ring = NULL;
711 uid = from_kuid(current_user_ns(), kuid_orig);
712 key_uid = from_kuid(&init_user_ns, key->uid);
713 /* unlink key with user's creds if it's a user key */
714 if (key_uid != uid) {
715 new_cred = prepare_creds();
716 if (new_cred == NULL)
719 new_cred->uid = key->uid;
720 new_cred->user->uid = key->uid;
721 new_cred->user_ns = &init_user_ns;
722 #ifdef HAVE_USER_UID_KEYRING
723 root_uid_keyring = current_cred()->user->uid_keyring;
724 new_cred->user->uid_keyring = NULL;
726 old_cred = override_creds(new_cred);
730 /* User keys are linked to the user keyring. So get it now. */
732 /* Getting a key(ring) normally increases its refcount by 1.
733 * But if we overrode creds above, calling get_user_keyring()
734 * will add one more ref, because of the user switch.
736 ring = get_user_keyring(cred);
741 switch (cred->jit_keyring) {
742 case KEY_REQKEY_DEFL_DEFAULT:
743 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
744 #ifdef HAVE_GET_REQUEST_KEY_AUTH
745 if (cred->request_key_auth) {
746 struct request_key_auth *rka;
747 struct key *authkey = cred->request_key_auth;
749 down_read(&authkey->sem);
750 rka = get_request_key_auth(authkey);
751 if (!test_bit(KEY_FLAG_REVOKED, &authkey->flags))
752 ring = key_get(rka->dest_keyring);
753 up_read(&authkey->sem);
759 case KEY_REQKEY_DEFL_THREAD_KEYRING:
760 ring = key_get(cred->thread_keyring);
764 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
765 ring = key_get(cred->process_keyring);
769 case KEY_REQKEY_DEFL_SESSION_KEYRING:
771 ring = key_get(rcu_dereference(cred->session_keyring));
776 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
777 ring = get_user_session_keyring(cred);
779 case KEY_REQKEY_DEFL_USER_KEYRING:
780 ring = get_user_keyring(cred);
782 case KEY_REQKEY_DEFL_GROUP_KEYRING:
789 res = key_unlink(ring, key);
791 "Unlink key %08x (%p) from keyring %08x: %d\n",
792 key->serial, key, ring->serial, res);
793 /* matches key_get()/get_user_keyring() above */
797 "Missing keyring, key %08x (%p) could not be unlinked, ignored\n",
802 revert_creds(old_cred);
804 current_cred()->user->uid = kuid_orig;
805 #ifdef HAVE_USER_UID_KEYRING
806 /* We are switching creds back, so need to drop ref on keyring
807 * for kernel implementation based on user keyring pinned from
808 * the user_struct struct.
811 if (root_uid_keyring)
812 current_cred()->user->uid_keyring = root_uid_keyring;
818 * \retval a valid context on success
819 * \retval -ev error number or NULL on error
822 struct ptlrpc_cli_ctx * gss_sec_lookup_ctx_kr(struct ptlrpc_sec *sec,
823 struct vfs_cred *vcred,
824 int create, int remove_dead)
826 struct obd_import *imp = sec->ps_import;
827 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
828 struct ptlrpc_cli_ctx *ctx = NULL;
829 unsigned int is_root = 0, create_new = 0;
830 const struct cred *old_cred = NULL;
831 struct cred *new_cred = NULL;
836 const char *sec_part_flags = "";
839 struct lnet_nid primary;
842 LASSERT(imp != NULL);
844 is_root = user_is_root(sec, vcred);
846 /* a little bit optimization for root context */
848 ctx = sec_lookup_root_ctx_kr(sec);
850 * Only lookup directly for REVERSE sec, which should
853 if (ctx || sec_is_reverse(sec))
858 RETURN(ERR_PTR(-ENODATA));
860 /* for root context, obtain lock and check again, this time hold
861 * the root upcall lock, make sure nobody else populated new root
862 * context after last check.
865 mutex_lock(&gsec_kr->gsk_root_uc_lock);
867 ctx = sec_lookup_root_ctx_kr(sec);
871 /* update reverse handle for root user */
872 sec2gsec(sec)->gs_rvs_hdl = gss_get_next_ctx_index();
874 switch (sec->ps_part) {
876 sec_part_flags = "m";
879 sec_part_flags = "o";
882 sec_part_flags = "rmo";
885 sec_part_flags = "r";
892 switch (SPTLRPC_FLVR_SVC(sec->ps_flvr.sf_rpc)) {
893 case SPTLRPC_SVC_NULL:
896 case SPTLRPC_SVC_AUTH:
899 case SPTLRPC_SVC_INTG:
902 case SPTLRPC_SVC_PRIV:
910 /* in case of setuid, key will be constructed as owner of fsuid/fsgid,
911 * but we do authentication based on real uid/gid. the key permission
912 * bits will be exactly as POS_ALL, so only processes who subscribed
913 * this key could have the access, although the quota might be counted
914 * on others (fsuid/fsgid).
916 * keyring will use fsuid/fsgid as upcall parameters, so we have to
917 * encode real uid/gid into callout info.
920 /* But first we need to make sure the obd type is supported */
921 if (strcmp(imp->imp_obd->obd_type->typ_name, LUSTRE_MDC_NAME) &&
922 strcmp(imp->imp_obd->obd_type->typ_name, LUSTRE_OSC_NAME) &&
923 strcmp(imp->imp_obd->obd_type->typ_name, LUSTRE_MGC_NAME) &&
924 strcmp(imp->imp_obd->obd_type->typ_name, LUSTRE_LWP_NAME) &&
925 strcmp(imp->imp_obd->obd_type->typ_name, LUSTRE_OSP_NAME)) {
926 CERROR("obd %s is not a supported device\n",
927 imp->imp_obd->obd_name);
928 GOTO(out, ctx = NULL);
931 construct_key_desc(desc, sizeof(desc), sec, vcred->vc_uid);
933 /* callout info format:
934 * secid:mech:uid:gid:sec_flags:svc_flag:svc_type:peer_nid:target_uuid:
937 coinfo_size = sizeof(struct obd_uuid) + MAX_OBD_NAME + 64;
938 OBD_ALLOC(coinfo, coinfo_size);
942 /* Last callout parameter is pid of process whose namespace will be used
943 * for credentials' retrieval.
945 if (gss_check_upcall_ns) {
946 /* For user's credentials (in which case sec_part_flags is
947 * empty), use current PID instead of import's reference
948 * PID to get reference namespace.
950 if (sec_part_flags[0] == '\0')
951 caller_pid = current->pid;
953 caller_pid = imp->imp_sec_refpid;
955 /* Do not switch namespace in gss keyring upcall. */
958 primary = imp->imp_connection->c_self;
959 LNetPrimaryNID(&primary);
961 /* FIXME !! Needs to support larger NIDs */
962 snprintf(coinfo, coinfo_size, "%d:%s:%u:%u:%s:%c:%d:%#llx:%s:%#llx:%d",
963 sec->ps_id, sec2gsec(sec)->gs_mech->gm_name,
964 vcred->vc_uid, vcred->vc_gid,
965 sec_part_flags, svc_flag, import_to_gss_svc(imp),
966 lnet_nid_to_nid4(&imp->imp_connection->c_peer.nid),
967 imp->imp_obd->obd_name,
968 lnet_nid_to_nid4(&primary),
971 CDEBUG(D_SEC, "requesting key for %s\n", desc);
974 /* If the session keyring is revoked, it must not be used by
975 * request_key(), otherwise we would get -EKEYREVOKED and
976 * the user keyring would not even be searched.
977 * So prepare new creds with no session keyring.
979 if (current_cred()->session_keyring &&
980 test_bit(KEY_FLAG_REVOKED,
981 ¤t_cred()->session_keyring->flags)) {
982 new_cred = prepare_creds();
984 new_cred->session_keyring = NULL;
985 old_cred = override_creds(new_cred);
990 keyring_upcall_lock(gsec_kr);
991 key = request_key(&gss_key_type, desc, coinfo);
992 keyring_upcall_unlock(gsec_kr);
994 revert_creds(old_cred);
998 OBD_FREE(coinfo, coinfo_size);
1001 CERROR("%s: request key failed for uid %d: rc = %ld\n",
1002 imp->imp_obd->obd_name, vcred->vc_uid,
1004 ctx = ERR_CAST(key);
1007 CDEBUG(D_SEC, "obtained key %08x for %s\n", key->serial, desc);
1009 /* We want user keys to be linked to the user keyring (see call to
1010 * keyctl_instantiate() from prepare_and_instantiate() in userspace).
1011 * But internally request_key() tends to also link the key to the
1012 * session keyring. So do our best to avoid that by trying to unlink
1013 * the key from the session keyring right now. It will spare us pain
1014 * when we need to remove the key later on.
1016 if (!is_root && current_cred()->session_keyring) {
1017 key_get(current_cred()->session_keyring);
1018 (void)key_unlink(current_cred()->session_keyring, key);
1019 key_put(current_cred()->session_keyring);
1021 /* once payload.data was pointed to a ctx, it never changes until
1022 * we de-associate them; but parallel request_key() may return
1023 * a key with payload.data == NULL at the same time. so we still
1024 * need wirtelock of key->sem to serialize them.
1026 down_write(&key->sem);
1028 ctx = key_get_payload(key, 0);
1030 LASSERT(atomic_read(&ctx->cc_refcount) >= 1);
1031 LASSERT(ctx2gctx_keyring(ctx)->gck_key == key);
1032 LASSERT(ll_read_key_usage(key) >= 2);
1034 /* simply take a ref and return. it's upper layer's
1035 * responsibility to detect & replace dead ctx.
1037 atomic_inc(&ctx->cc_refcount);
1039 /* pre initialization with a cli_ctx. this can't be done in
1040 * key_instantiate() because we'v no enough information
1043 ctx = ctx_create_kr(sec, vcred);
1045 ctx_enlist_kr(ctx, is_root, 0);
1046 bind_key_ctx(key, ctx);
1048 ctx_start_timer_kr(ctx, KEYRING_UPCALL_TIMEOUT);
1050 CDEBUG(D_SEC, "installed key %p <-> ctx %p (sec %p)\n",
1053 /* we'd prefer to call key_revoke(), but we more like
1054 * to revoke it within this key->sem locked period.
1056 CDEBUG(D_SEC, "revoking key %08x (%p)\n",
1058 key_revoke_locked(key);
1064 up_write(&key->sem);
1066 if (is_root && create_new)
1067 request_key_unlink(key);
1072 mutex_unlock(&gsec_kr->gsk_root_uc_lock);
1077 void gss_sec_release_ctx_kr(struct ptlrpc_sec *sec,
1078 struct ptlrpc_cli_ctx *ctx,
1081 LASSERT(atomic_read(&sec->ps_refcount) > 0);
1082 LASSERT(atomic_read(&ctx->cc_refcount) == 0);
1083 ctx_release_kr(ctx, sync);
1087 * flush context of normal user, we must resort to keyring itself to find out
1088 * contexts which belong to me.
1090 * Note here we suppose only to flush _my_ context, the "uid" will
1091 * be ignored in the search.
1094 void flush_user_ctx_cache_kr(struct ptlrpc_sec *sec,
1096 int grace, int force)
1101 /* nothing to do for reverse or rootonly sec */
1102 if (sec_is_reverse(sec) || sec_is_rootonly(sec))
1105 construct_key_desc(desc, sizeof(desc), sec, uid);
1107 /* there should be only one valid key, but we put it in the
1108 * loop in case of any weird cases */
1110 key = request_key(&gss_key_type, desc, NULL);
1112 CDEBUG(D_SEC, "No more key found for current user\n");
1116 down_write(&key->sem);
1118 kill_key_locked(key);
1120 /* kill_key_locked() should usually revoke the key, but we
1121 * revoke it again to make sure, e.g. some case the key may
1122 * not well coupled with a context. */
1123 key_revoke_locked(key);
1125 up_write(&key->sem);
1131 * flush context of root or all, we iterate through the list.
1134 void flush_spec_ctx_cache_kr(struct ptlrpc_sec *sec, uid_t uid, int grace,
1137 struct gss_sec_keyring *gsec_kr;
1138 struct hlist_head freelist = HLIST_HEAD_INIT;
1139 struct hlist_node *next;
1140 struct ptlrpc_cli_ctx *ctx;
1143 gsec_kr = sec2gsec_keyring(sec);
1145 spin_lock(&sec->ps_lock);
1146 hlist_for_each_entry_safe(ctx, next, &gsec_kr->gsk_clist,
1148 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
1150 if (uid != -1 && uid != ctx->cc_vcred.vc_uid)
1153 /* at this moment there's at least 2 base reference:
1154 * key association and in-list. */
1155 if (atomic_read(&ctx->cc_refcount) > 2) {
1158 CWARN("flush busy ctx %p(%u->%s, extra ref %d)\n",
1159 ctx, ctx->cc_vcred.vc_uid,
1160 sec2target_str(ctx->cc_sec),
1161 atomic_read(&ctx->cc_refcount) - 2);
1164 set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags);
1166 clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags);
1168 atomic_inc(&ctx->cc_refcount);
1170 if (ctx_unlist_kr(ctx, 1)) {
1171 hlist_add_head(&ctx->cc_cache, &freelist);
1173 LASSERT(atomic_read(&ctx->cc_refcount) >= 2);
1174 atomic_dec(&ctx->cc_refcount);
1177 spin_unlock(&sec->ps_lock);
1179 dispose_ctx_list_kr(&freelist);
1184 int gss_sec_flush_ctx_cache_kr(struct ptlrpc_sec *sec,
1185 uid_t uid, int grace, int force)
1189 CDEBUG(D_SEC, "sec %p(%d, nctx %d), uid %d, grace %d, force %d\n",
1190 sec, atomic_read(&sec->ps_refcount),
1191 atomic_read(&sec->ps_nctx),
1194 if (uid != -1 && uid != 0)
1195 flush_user_ctx_cache_kr(sec, uid, grace, force);
1197 flush_spec_ctx_cache_kr(sec, uid, grace, force);
1203 void gss_sec_gc_ctx_kr(struct ptlrpc_sec *sec)
1205 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
1206 struct hlist_head freelist = HLIST_HEAD_INIT;
1207 struct hlist_node *next;
1208 struct ptlrpc_cli_ctx *ctx;
1211 CDEBUG(D_SEC, "running gc\n");
1213 spin_lock(&sec->ps_lock);
1214 hlist_for_each_entry_safe(ctx, next, &gsec_kr->gsk_clist,
1216 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
1218 atomic_inc(&ctx->cc_refcount);
1220 if (cli_ctx_check_death(ctx) && ctx_unlist_kr(ctx, 1)) {
1221 hlist_add_head(&ctx->cc_cache, &freelist);
1222 CWARN("unhashed ctx %p\n", ctx);
1224 LASSERT(atomic_read(&ctx->cc_refcount) >= 2);
1225 atomic_dec(&ctx->cc_refcount);
1228 spin_unlock(&sec->ps_lock);
1230 dispose_ctx_list_kr(&freelist);
1235 int gss_sec_display_kr(struct ptlrpc_sec *sec, struct seq_file *seq)
1237 struct gss_sec_keyring *gsec_kr = sec2gsec_keyring(sec);
1238 struct hlist_node *next;
1239 struct ptlrpc_cli_ctx *ctx;
1240 struct gss_cli_ctx *gctx;
1241 struct ptlrpc_connection *conn;
1242 time64_t now = ktime_get_real_seconds();
1245 spin_lock(&sec->ps_lock);
1246 hlist_for_each_entry_safe(ctx, next, &gsec_kr->gsk_clist,
1252 gctx = ctx2gctx(ctx);
1253 key = ctx2gctx_keyring(ctx)->gck_key;
1254 if (sec_is_reverse(sec) &&
1255 ctx->cc_sec && ctx->cc_sec->ps_import &&
1256 ctx->cc_sec->ps_import->imp_connection)
1257 conn = ctx->cc_sec->ps_import->imp_connection;
1261 gss_cli_ctx_flags2str(ctx->cc_flags,
1262 flags_str, sizeof(flags_str));
1264 if (gctx->gc_mechctx)
1265 lgss_display(gctx->gc_mechctx, mech, sizeof(mech));
1267 snprintf(mech, sizeof(mech), "N/A");
1268 mech[sizeof(mech) - 1] = '\0';
1271 "- { %s%s%suid: %u, ctxref: %d, expire: %lld, delta: %lld, flags: [%s], seq: %d, win: %u, key: %08x, keyref: %d, hdl: \"%#llx:%#llx\", mech: \"%s\" }\n",
1272 conn ? "peer_nid: " : "",
1273 conn ? libcfs_nidstr(&conn->c_peer.nid) : "",
1275 ctx->cc_vcred.vc_uid, atomic_read(&ctx->cc_refcount),
1277 ctx->cc_expire ? ctx->cc_expire - now : 0,
1278 flags_str, atomic_read(&gctx->gc_seq),
1279 gctx->gc_win, key ? key->serial : 0,
1280 key ? ll_read_key_usage(key) : 0,
1281 gss_handle_to_u64(&gctx->gc_handle),
1282 gss_handle_to_u64(&gctx->gc_svc_handle),
1285 spin_unlock(&sec->ps_lock);
1290 /****************************************
1292 ****************************************/
1295 int gss_cli_ctx_refresh_kr(struct ptlrpc_cli_ctx *ctx)
1297 /* upcall is already on the way */
1298 struct gss_cli_ctx *gctx = ctx ? ctx2gctx(ctx) : NULL;
1300 /* record latest sequence number in buddy svcctx */
1301 if (gctx && !rawobj_empty(&gctx->gc_svc_handle) &&
1302 sec_is_reverse(gctx->gc_base.cc_sec)) {
1303 return gss_svc_upcall_update_sequence(&gctx->gc_svc_handle,
1304 (__u32)atomic_read(&gctx->gc_seq));
1310 int gss_cli_ctx_validate_kr(struct ptlrpc_cli_ctx *ctx)
1312 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
1313 LASSERT(ctx->cc_sec);
1315 if (cli_ctx_check_death(ctx)) {
1320 if (cli_ctx_is_ready(ctx))
1326 void gss_cli_ctx_die_kr(struct ptlrpc_cli_ctx *ctx, int grace)
1328 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
1329 LASSERT(ctx->cc_sec);
1331 cli_ctx_expire(ctx);
1335 /****************************************
1336 * (reverse) service *
1337 ****************************************/
1340 * reverse context could have nothing to do with keyrings. here we still keep
1341 * the version which bind to a key, for future reference.
1343 #define HAVE_REVERSE_CTX_NOKEY
1345 #ifdef HAVE_REVERSE_CTX_NOKEY
1348 int sec_install_rctx_kr(struct ptlrpc_sec *sec,
1349 struct ptlrpc_svc_ctx *svc_ctx)
1351 struct ptlrpc_cli_ctx *cli_ctx;
1352 struct vfs_cred vcred = { .vc_uid = 0 };
1358 cli_ctx = ctx_create_kr(sec, &vcred);
1359 if (cli_ctx == NULL)
1362 rc = gss_copy_rvc_cli_ctx(cli_ctx, svc_ctx);
1364 CERROR("failed copy reverse cli ctx: %d\n", rc);
1366 ctx_put_kr(cli_ctx, 1);
1370 rvs_sec_install_root_ctx_kr(sec, cli_ctx, NULL);
1372 ctx_put_kr(cli_ctx, 1);
1377 #else /* ! HAVE_REVERSE_CTX_NOKEY */
1380 int sec_install_rctx_kr(struct ptlrpc_sec *sec,
1381 struct ptlrpc_svc_ctx *svc_ctx)
1383 struct ptlrpc_cli_ctx *cli_ctx = NULL;
1385 struct vfs_cred vcred = { .vc_uid = 0 };
1393 construct_key_desc(desc, sizeof(desc), sec, 0);
1395 key = key_alloc(&gss_key_type, desc, 0, 0,
1396 KEY_POS_ALL | KEY_USR_ALL, 1);
1398 CERROR("failed to alloc key: %ld\n", PTR_ERR(key));
1399 return PTR_ERR(key);
1402 rc = key_instantiate_and_link(key, NULL, 0, NULL, NULL);
1404 CERROR("failed to instantiate key: %d\n", rc);
1408 down_write(&key->sem);
1410 LASSERT(!key_get_payload(key, 0));
1412 cli_ctx = ctx_create_kr(sec, &vcred);
1413 if (cli_ctx == NULL) {
1418 rc = gss_copy_rvc_cli_ctx(cli_ctx, svc_ctx);
1420 CERROR("failed copy reverse cli ctx: %d\n", rc);
1424 rvs_sec_install_root_ctx_kr(sec, cli_ctx, key);
1426 ctx_put_kr(cli_ctx, 1);
1427 up_write(&key->sem);
1436 ctx_put_kr(cli_ctx, 1);
1438 up_write(&key->sem);
1444 #endif /* HAVE_REVERSE_CTX_NOKEY */
1446 /****************************************
1448 ****************************************/
1451 int gss_svc_accept_kr(struct ptlrpc_request *req)
1453 return gss_svc_accept(&gss_policy_keyring, req);
1457 int gss_svc_install_rctx_kr(struct obd_import *imp,
1458 struct ptlrpc_svc_ctx *svc_ctx)
1460 struct ptlrpc_sec *sec;
1463 sec = sptlrpc_import_sec_ref(imp);
1466 rc = sec_install_rctx_kr(sec, svc_ctx);
1467 sptlrpc_sec_put(sec);
1472 /****************************************
1474 ****************************************/
1477 #ifdef HAVE_KEY_TYPE_INSTANTIATE_2ARGS
1478 int gss_kt_instantiate(struct key *key, struct key_preparsed_payload *prep)
1480 const void *data = prep->data;
1481 size_t datalen = prep->datalen;
1483 int gss_kt_instantiate(struct key *key, const void *data, size_t datalen)
1486 struct key *keyring;
1491 CDEBUG(D_SEC, "instantiating key %08x (%p)\n", key->serial, key);
1493 if (data != NULL || datalen != 0) {
1494 CERROR("invalid: data %p, len %lu\n", data, (long)datalen);
1498 if (key_get_payload(key, 0)) {
1499 CERROR("key already have payload\n");
1503 /* link the key to session keyring, so following context negotiation
1504 * rpc fired from user space could find this key. This will be unlinked
1505 * automatically when upcall processes die.
1507 * we can't do this through keyctl from userspace, because the upcall
1508 * might be neither possessor nor owner of the key (setuid).
1510 * the session keyring is created upon upcall, and don't change all
1511 * the way until upcall finished, so rcu lock is not needed here.
1513 * But for end users, link to the user keyring. This simplifies key
1514 * management, makes them shared accross all user sessions, and avoids
1515 * unfortunate key leak if lfs flushctx is not called at user logout.
1517 uid = from_kuid(&init_user_ns, current_uid());
1519 keyring = get_session_keyring(current_cred());
1521 keyring = get_user_keyring(current_cred());
1524 rc = key_link(keyring, key);
1527 CERROR("failed to link key %08x to keyring %08x: %d\n",
1528 key->serial, keyring->serial, rc);
1533 "key %08x (%p) linked to keyring %08x and instantiated, ctx %p\n",
1534 key->serial, key, keyring->serial, key_get_payload(key, 0));
1541 * called with key semaphore write locked. it means we can operate
1542 * on the context without fear of loosing refcount.
1545 #ifdef HAVE_KEY_TYPE_INSTANTIATE_2ARGS
1546 int gss_kt_update(struct key *key, struct key_preparsed_payload *prep)
1548 const void *data = prep->data;
1549 __u32 datalen32 = (__u32) prep->datalen;
1551 int gss_kt_update(struct key *key, const void *data, size_t datalen)
1553 __u32 datalen32 = (__u32) datalen;
1555 struct ptlrpc_cli_ctx *ctx = key_get_payload(key, 0);
1556 struct gss_cli_ctx *gctx;
1557 rawobj_t tmpobj = RAWOBJ_EMPTY;
1561 CDEBUG(D_SEC, "updating key %08x (%p)\n", key->serial, key);
1563 if (data == NULL || datalen32 == 0) {
1564 CWARN("invalid: data %p, len %lu\n", data, (long)datalen32);
1568 /* if upcall finished negotiation too fast (mostly likely because
1569 * of local error happened) and call kt_update(), the ctx
1570 * might be still NULL. but the key will finally be associate
1571 * with a context, or be revoked. if key status is fine, return
1572 * -EAGAIN to allow userspace sleep a while and call again. */
1574 CDEBUG(D_SEC, "update too soon: key %08x (%p) flags %lx\n",
1575 key->serial, key, key->flags);
1577 rc = key_validate(key);
1584 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
1585 LASSERT(ctx->cc_sec);
1587 ctx_clear_timer_kr(ctx);
1589 /* don't proceed if already refreshed */
1590 if (cli_ctx_is_refreshed(ctx)) {
1591 CWARN("ctx already done refresh\n");
1595 sptlrpc_cli_ctx_get(ctx);
1596 gctx = ctx2gctx(ctx);
1598 rc = buffer_extract_bytes(&data, &datalen32, &gctx->gc_win,
1599 sizeof(gctx->gc_win));
1601 CERROR("failed extract seq_win\n");
1605 if (gctx->gc_win == 0) {
1606 __u32 nego_rpc_err, nego_gss_err;
1608 rc = buffer_extract_bytes(&data, &datalen32, &nego_rpc_err,
1609 sizeof(nego_rpc_err));
1611 CERROR("cannot extract RPC: rc = %d\n", rc);
1615 rc = buffer_extract_bytes(&data, &datalen32, &nego_gss_err,
1616 sizeof(nego_gss_err));
1618 CERROR("failed to extract gss rc = %d\n", rc);
1622 CERROR("negotiation: rpc err %d, gss err %x\n",
1623 nego_rpc_err, nego_gss_err);
1625 rc = nego_rpc_err ? nego_rpc_err : -EACCES;
1627 rc = rawobj_extract_local_alloc(&gctx->gc_handle,
1628 (__u32 **) &data, &datalen32);
1630 CERROR("failed extract handle\n");
1634 rc = rawobj_extract_local(&tmpobj,
1635 (__u32 **) &data, &datalen32);
1637 CERROR("failed extract mech\n");
1641 rc = lgss_import_sec_context(&tmpobj,
1642 sec2gsec(ctx->cc_sec)->gs_mech,
1644 if (rc != GSS_S_COMPLETE)
1645 CERROR("failed import context\n");
1650 CDEBUG(D_SEC, "update of key %08x (%p): %d\n", key->serial, key, rc);
1651 /* we don't care what current status of this ctx, even someone else
1652 * is operating on the ctx at the same time. we just add up our own
1655 gss_cli_ctx_uptodate(gctx);
1657 /* this will also revoke the key. has to be done before
1658 * wakeup waiters otherwise they can find the stale key */
1659 kill_key_locked(key);
1661 cli_ctx_expire(ctx);
1663 if (rc != -ERESTART)
1664 set_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags);
1667 /* let user space think it's a success */
1668 sptlrpc_cli_ctx_put(ctx, 1);
1672 #ifndef HAVE_KEY_MATCH_DATA
1674 gss_kt_match(const struct key *key, const void *desc)
1676 return strcmp(key->description, (const char *) desc) == 0 &&
1677 !test_bit(KEY_FLAG_REVOKED, &key->flags);
1679 #else /* ! HAVE_KEY_MATCH_DATA */
1681 gss_kt_match(const struct key *key, const struct key_match_data *match_data)
1683 const char *desc = match_data->raw_data;
1685 return strcmp(key->description, desc) == 0 &&
1686 !test_bit(KEY_FLAG_REVOKED, &key->flags);
1690 * Preparse the match criterion.
1692 static int gss_kt_match_preparse(struct key_match_data *match_data)
1694 match_data->lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT;
1695 match_data->cmp = gss_kt_match;
1698 #endif /* HAVE_KEY_MATCH_DATA */
1701 void gss_kt_destroy(struct key *key)
1704 LASSERT(!key_get_payload(key, 0));
1705 CDEBUG(D_SEC, "destroy key %08x %p\n", key->serial, key);
1710 void gss_kt_describe(const struct key *key, struct seq_file *s)
1712 if (key->description == NULL)
1713 seq_puts(s, "[null]");
1715 seq_puts(s, key->description);
1718 static void gss_kt_revoke(struct key *key)
1720 CDEBUG(D_SEC, "revoking key %08x (%p) ref %d\n",
1721 key->serial, key, ll_read_key_usage(key));
1722 kill_key_locked(key);
1723 key_revoke_locked(key);
1725 CDEBUG(D_SEC, "key %08x (%p) revoked ref %d\n",
1726 key->serial, key, ll_read_key_usage(key));
1729 static struct key_type gss_key_type =
1733 .instantiate = gss_kt_instantiate,
1734 .update = gss_kt_update,
1735 #ifdef HAVE_KEY_MATCH_DATA
1736 .match_preparse = gss_kt_match_preparse,
1738 .match = gss_kt_match,
1740 .destroy = gss_kt_destroy,
1741 .describe = gss_kt_describe,
1742 .revoke = gss_kt_revoke,
1745 /****************************************
1746 * lustre gss keyring policy *
1747 ****************************************/
1749 static struct ptlrpc_ctx_ops gss_keyring_ctxops = {
1750 .match = gss_cli_ctx_match,
1751 .refresh = gss_cli_ctx_refresh_kr,
1752 .validate = gss_cli_ctx_validate_kr,
1753 .die = gss_cli_ctx_die_kr,
1754 .sign = gss_cli_ctx_sign,
1755 .verify = gss_cli_ctx_verify,
1756 .seal = gss_cli_ctx_seal,
1757 .unseal = gss_cli_ctx_unseal,
1758 .wrap_bulk = gss_cli_ctx_wrap_bulk,
1759 .unwrap_bulk = gss_cli_ctx_unwrap_bulk,
1762 static struct ptlrpc_sec_cops gss_sec_keyring_cops = {
1763 .create_sec = gss_sec_create_kr,
1764 .destroy_sec = gss_sec_destroy_kr,
1765 .kill_sec = gss_sec_kill,
1766 .lookup_ctx = gss_sec_lookup_ctx_kr,
1767 .release_ctx = gss_sec_release_ctx_kr,
1768 .flush_ctx_cache = gss_sec_flush_ctx_cache_kr,
1769 .gc_ctx = gss_sec_gc_ctx_kr,
1770 .install_rctx = gss_sec_install_rctx,
1771 .alloc_reqbuf = gss_alloc_reqbuf,
1772 .free_reqbuf = gss_free_reqbuf,
1773 .alloc_repbuf = gss_alloc_repbuf,
1774 .free_repbuf = gss_free_repbuf,
1775 .enlarge_reqbuf = gss_enlarge_reqbuf,
1776 .display = gss_sec_display_kr,
1779 static struct ptlrpc_sec_sops gss_sec_keyring_sops = {
1780 .accept = gss_svc_accept_kr,
1781 .invalidate_ctx = gss_svc_invalidate_ctx,
1782 .alloc_rs = gss_svc_alloc_rs,
1783 .authorize = gss_svc_authorize,
1784 .free_rs = gss_svc_free_rs,
1785 .free_ctx = gss_svc_free_ctx,
1786 .prep_bulk = gss_svc_prep_bulk,
1787 .unwrap_bulk = gss_svc_unwrap_bulk,
1788 .wrap_bulk = gss_svc_wrap_bulk,
1789 .install_rctx = gss_svc_install_rctx_kr,
1792 static struct ptlrpc_sec_policy gss_policy_keyring = {
1793 .sp_owner = THIS_MODULE,
1794 .sp_name = "gss.keyring",
1795 .sp_policy = SPTLRPC_POLICY_GSS,
1796 .sp_cops = &gss_sec_keyring_cops,
1797 .sp_sops = &gss_sec_keyring_sops,
1801 int __init gss_init_keyring(void)
1805 rc = register_key_type(&gss_key_type);
1807 CERROR("failed to register keyring type: %d\n", rc);
1811 rc = sptlrpc_register_policy(&gss_policy_keyring);
1813 unregister_key_type(&gss_key_type);
1820 void __exit gss_exit_keyring(void)
1822 unregister_key_type(&gss_key_type);
1823 sptlrpc_unregister_policy(&gss_policy_keyring);