4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2012, 2016, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
33 #define DEBUG_SUBSYSTEM S_SEC
34 #include <linux/init.h>
35 #include <linux/module.h>
36 #include <linux/slab.h>
37 #include <linux/dcache.h>
39 #include <linux/mutex.h>
42 #include <obd_class.h>
43 #include <obd_support.h>
44 #include <lustre_net.h>
45 #include <lustre_import.h>
46 #include <lprocfs_status.h>
47 #include <lustre_sec.h>
50 #include "gss_internal.h"
53 static struct dentry *gss_debugfs_dir_lk;
54 static struct dentry *gss_debugfs_dir;
55 static struct proc_dir_entry *gss_lprocfs_dir;
58 * statistic of "out-of-sequence-window"
62 atomic_t oos_cli_count; /* client occurrence */
63 int oos_cli_behind; /* client max seqs behind */
64 atomic_t oos_svc_replay[3]; /* server replay detected */
65 atomic_t oos_svc_pass[3]; /* server verified ok */
67 .oos_cli_count = ATOMIC_INIT(0),
69 .oos_svc_replay = { ATOMIC_INIT(0), },
70 .oos_svc_pass = { ATOMIC_INIT(0), },
73 void gss_stat_oos_record_cli(int behind)
75 atomic_inc(&gss_stat_oos.oos_cli_count);
77 spin_lock(&gss_stat_oos.oos_lock);
78 if (behind > gss_stat_oos.oos_cli_behind)
79 gss_stat_oos.oos_cli_behind = behind;
80 spin_unlock(&gss_stat_oos.oos_lock);
83 void gss_stat_oos_record_svc(int phase, int replay)
85 LASSERT(phase >= 0 && phase <= 2);
88 atomic_inc(&gss_stat_oos.oos_svc_replay[phase]);
90 atomic_inc(&gss_stat_oos.oos_svc_pass[phase]);
93 static int gss_proc_oos_seq_show(struct seq_file *m, void *v)
95 seq_printf(m, "seqwin: %u\n"
97 "client fall behind seqwin\n"
99 " max seq behind: %d\n"
100 "server replay detected:\n"
104 "server verify ok:\n"
108 atomic_read(&gss_stat_oos.oos_cli_count),
109 gss_stat_oos.oos_cli_behind,
110 atomic_read(&gss_stat_oos.oos_svc_replay[0]),
111 atomic_read(&gss_stat_oos.oos_svc_replay[1]),
112 atomic_read(&gss_stat_oos.oos_svc_replay[2]),
113 atomic_read(&gss_stat_oos.oos_svc_pass[2]));
116 LDEBUGFS_SEQ_FOPS_RO(gss_proc_oos);
119 gss_proc_write_secinit(struct file *file, const char *buffer,
120 size_t count, loff_t *off)
124 rc = gss_do_ctx_init_rpc((char *) buffer, count);
132 static const struct file_operations gss_proc_secinit = {
133 .write = gss_proc_write_secinit,
136 int sptlrpc_krb5_allow_old_client_csum_seq_show(struct seq_file *m, void *data)
138 seq_printf(m, "%u\n", krb5_allow_old_client_csum);
142 ssize_t sptlrpc_krb5_allow_old_client_csum_seq_write(struct file *file,
143 const char __user *buffer,
144 size_t count, loff_t *off)
149 rc = kstrtobool_from_user(buffer, count, &val);
153 krb5_allow_old_client_csum = val;
156 LPROC_SEQ_FOPS(sptlrpc_krb5_allow_old_client_csum);
158 int sptlrpc_gss_check_upcall_ns_seq_show(struct seq_file *m, void *data)
160 seq_printf(m, "%u\n", gss_check_upcall_ns);
164 ssize_t sptlrpc_gss_check_upcall_ns_seq_write(struct file *file,
165 const char __user *buffer,
166 size_t count, loff_t *off)
171 rc = kstrtobool_from_user(buffer, count, &val);
175 gss_check_upcall_ns = val;
178 LPROC_SEQ_FOPS(sptlrpc_gss_check_upcall_ns);
180 static struct ldebugfs_vars gss_debugfs_vars[] = {
182 .fops = &gss_proc_oos_fops },
183 { .name = "init_channel",
184 .fops = &gss_proc_secinit,
189 static struct lprocfs_vars gss_lprocfs_vars[] = {
190 { .name = "krb5_allow_old_client_csum",
191 .fops = &sptlrpc_krb5_allow_old_client_csum_fops },
192 { .name = "gss_check_upcall_ns",
193 .fops = &sptlrpc_gss_check_upcall_ns_fops },
198 * for userspace helper lgss_keyring.
200 * debug_level: [0, 4], defined in utils/gss/lgss_utils.h
202 static int gss_lk_debug_level = 1;
204 static int gss_lk_proc_dl_seq_show(struct seq_file *m, void *v)
206 seq_printf(m, "%u\n", gss_lk_debug_level);
211 gss_lk_proc_dl_seq_write(struct file *file, const char __user *buffer,
212 size_t count, loff_t *off)
217 rc = kstrtouint_from_user(buffer, count, 0, &val);
224 gss_lk_debug_level = val;
228 LDEBUGFS_SEQ_FOPS(gss_lk_proc_dl);
230 static struct ldebugfs_vars gss_lk_debugfs_vars[] = {
231 { .name = "debug_level",
232 .fops = &gss_lk_proc_dl_fops },
236 void gss_exit_tunables(void)
238 debugfs_remove_recursive(gss_debugfs_dir_lk);
239 gss_debugfs_dir_lk = NULL;
241 debugfs_remove_recursive(gss_debugfs_dir);
242 gss_debugfs_dir = NULL;
244 if (!IS_ERR_OR_NULL(gss_lprocfs_dir))
245 lprocfs_remove(&gss_lprocfs_dir);
248 int gss_init_tunables(void)
252 spin_lock_init(&gss_stat_oos.oos_lock);
254 gss_debugfs_dir = debugfs_create_dir("gss", sptlrpc_debugfs_dir);
255 ldebugfs_add_vars(gss_debugfs_dir, gss_debugfs_vars, NULL);
257 gss_debugfs_dir_lk = debugfs_create_dir("lgss_keyring",
259 ldebugfs_add_vars(gss_debugfs_dir_lk, gss_lk_debugfs_vars, NULL);
261 gss_lprocfs_dir = lprocfs_register("gss", sptlrpc_lprocfs_dir,
262 gss_lprocfs_vars, NULL);
263 if (IS_ERR_OR_NULL(gss_lprocfs_dir)) {
264 rc = gss_lprocfs_dir ? PTR_ERR(gss_lprocfs_dir) : -ENOMEM;
265 gss_lprocfs_dir = NULL;
272 CERROR("failed to initialize gss lproc entries: %d\n", rc);