lustre/ptlrpc/gss/lproc_gss.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.gnu.org/licenses/gpl-2.0.html
  19  *
  20  * GPL HEADER END
  21  */
  22 /*
  23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Copyright (c) 2012, 2016, Intel Corporation.
  27  */
  28 /*
  29  * This file is part of Lustre, http://www.lustre.org/
  30  */
  31
  32 #define DEBUG_SUBSYSTEM S_SEC
  33 #include <linux/init.h>
  34 #include <linux/module.h>
  35 #include <linux/slab.h>
  36 #include <linux/dcache.h>
  37 #include <linux/fs.h>
  38 #include <linux/mutex.h>
  39
  40 #include <obd.h>
  41 #include <obd_class.h>
  42 #include <obd_support.h>
  43 #include <lustre_net.h>
  44 #include <lustre_import.h>
  45 #include <lprocfs_status.h>
  46 #include <lustre_sec.h>
  47
  48 #include "gss_err.h"
  49 #include "gss_internal.h"
  50 #include "gss_api.h"
  51
  52 static struct dentry *gss_debugfs_dir_lk;
  53 static struct dentry *gss_debugfs_dir;
  54 static struct proc_dir_entry *gss_lprocfs_dir;
  55
  56 /*
  57  * statistic of "out-of-sequence-window"
  58  */
  59 static struct {
  60         spinlock_t      oos_lock;
  61         atomic_t        oos_cli_count;          /* client occurrence */
  62         int             oos_cli_behind;         /* client max seqs behind */
  63         atomic_t        oos_svc_replay[3];      /* server replay detected */
  64         atomic_t        oos_svc_pass[3];        /* server verified ok */
  65 } gss_stat_oos = {
  66         .oos_cli_count  = ATOMIC_INIT(0),
  67         .oos_cli_behind = 0,
  68         .oos_svc_replay = { ATOMIC_INIT(0), },
  69         .oos_svc_pass   = { ATOMIC_INIT(0), },
  70 };
  71
  72 void gss_stat_oos_record_cli(int behind)
  73 {
  74         atomic_inc(&gss_stat_oos.oos_cli_count);
  75
  76         spin_lock(&gss_stat_oos.oos_lock);
  77         if (behind > gss_stat_oos.oos_cli_behind)
  78                 gss_stat_oos.oos_cli_behind = behind;
  79         spin_unlock(&gss_stat_oos.oos_lock);
  80 }
  81
  82 void gss_stat_oos_record_svc(int phase, int replay)
  83 {
  84         LASSERT(phase >= 0 && phase <= 2);
  85
  86         if (replay)
  87                 atomic_inc(&gss_stat_oos.oos_svc_replay[phase]);
  88         else
  89                 atomic_inc(&gss_stat_oos.oos_svc_pass[phase]);
  90 }
  91
  92 static int gss_proc_oos_seq_show(struct seq_file *m, void *v)
  93 {
  94         seq_printf(m, "seqwin:             %u\n"
  95                    "backwin:            %u\n"
  96                    "client fall behind seqwin\n"
  97                    "  occurrence:       %d\n"
  98                    "  max seq behind:   %d\n"
  99                    "server replay detected:\n"
 100                    "  phase 0:          %d\n"
 101                    "  phase 1:          %d\n"
 102                    "  phase 2:          %d\n"
 103                    "server verify ok:\n"
 104                    "  phase 2:          %d\n",
 105                    GSS_SEQ_WIN_MAIN,
 106                    GSS_SEQ_WIN_BACK,
 107                    atomic_read(&gss_stat_oos.oos_cli_count),
 108                    gss_stat_oos.oos_cli_behind,
 109                    atomic_read(&gss_stat_oos.oos_svc_replay[0]),
 110                    atomic_read(&gss_stat_oos.oos_svc_replay[1]),
 111                    atomic_read(&gss_stat_oos.oos_svc_replay[2]),
 112                    atomic_read(&gss_stat_oos.oos_svc_pass[2]));
 113         return 0;
 114 }
 115 LDEBUGFS_SEQ_FOPS_RO(gss_proc_oos);
 116
 117 static ssize_t
 118 gss_proc_write_secinit(struct file *file, const char *buffer,
 119                                   size_t count, loff_t *off)
 120 {
 121         int rc;
 122
 123         rc = gss_do_ctx_init_rpc((char *) buffer, count);
 124         if (rc) {
 125                 LASSERT(rc < 0);
 126                 return rc;
 127         }
 128         return count;
 129 }
 130
 131 static const struct file_operations gss_proc_secinit = {
 132         .write = gss_proc_write_secinit,
 133 };
 134
 135 static int
 136 sptlrpc_krb5_allow_old_client_csum_seq_show(struct seq_file *m,
 137                                             void *data)
 138 {
 139         seq_printf(m, "%u\n", krb5_allow_old_client_csum);
 140         return 0;
 141 }
 142
 143 static ssize_t
 144 sptlrpc_krb5_allow_old_client_csum_seq_write(struct file *file,
 145                                              const char __user *buffer,
 146                                              size_t count, loff_t *off)
 147 {
 148         bool val;
 149         int rc;
 150
 151         rc = kstrtobool_from_user(buffer, count, &val);
 152         if (rc)
 153                 return rc;
 154
 155         krb5_allow_old_client_csum = val;
 156         return count;
 157 }
 158 LPROC_SEQ_FOPS(sptlrpc_krb5_allow_old_client_csum);
 159
 160 #ifdef HAVE_GSS_KEYRING
 161 static int sptlrpc_gss_check_upcall_ns_seq_show(struct seq_file *m, void *data)
 162 {
 163         seq_printf(m, "%u\n", gss_check_upcall_ns);
 164         return 0;
 165 }
 166
 167 static ssize_t sptlrpc_gss_check_upcall_ns_seq_write(struct file *file,
 168                                                      const char __user *buffer,
 169                                                      size_t count, loff_t *off)
 170 {
 171         bool val;
 172         int rc;
 173
 174         rc = kstrtobool_from_user(buffer, count, &val);
 175         if (rc)
 176                 return rc;
 177
 178         gss_check_upcall_ns = val;
 179         return count;
 180 }
 181 LPROC_SEQ_FOPS(sptlrpc_gss_check_upcall_ns);
 182 #endif /* HAVE_GSS_KEYRING */
 183
 184 static int rsi_upcall_seq_show(struct seq_file *m,
 185                                void *data)
 186 {
 187         down_read(&rsicache->uc_upcall_rwsem);
 188         seq_printf(m, "%s\n", rsicache->uc_upcall);
 189         up_read(&rsicache->uc_upcall_rwsem);
 190
 191         return 0;
 192 }
 193
 194 static ssize_t rsi_upcall_seq_write(struct file *file,
 195                                     const char __user *buffer,
 196                                     size_t count, loff_t *off)
 197 {
 198         int rc;
 199
 200         if (count >= UC_CACHE_UPCALL_MAXPATH) {
 201                 CERROR("%s: rsi upcall too long\n", rsicache->uc_name);
 202                 return -EINVAL;
 203         }
 204
 205         /* Remove any extraneous bits from the upcall (e.g. linefeeds) */
 206         down_write(&rsicache->uc_upcall_rwsem);
 207         rc = sscanf(buffer, "%s", rsicache->uc_upcall);
 208         up_write(&rsicache->uc_upcall_rwsem);
 209
 210         if (rc != 1) {
 211                 CERROR("%s: invalid rsi upcall provided\n", rsicache->uc_name);
 212                 return -EINVAL;
 213         }
 214
 215         CDEBUG(D_CONFIG, "%s: rsi upcall set to %s\n", rsicache->uc_name,
 216                rsicache->uc_upcall);
 217
 218         return count;
 219 }
 220 LPROC_SEQ_FOPS(rsi_upcall);
 221
 222 static ssize_t lprocfs_rsi_flush_seq_write(struct file *file,
 223                                            const char __user *buffer,
 224                                            size_t count, void *data)
 225 {
 226         int hash, rc;
 227
 228         rc = kstrtoint_from_user(buffer, count, 0, &hash);
 229         if (rc)
 230                 return rc;
 231
 232         rsi_flush(rsicache, hash);
 233         return count;
 234 }
 235 LPROC_SEQ_FOPS_WR_ONLY(gss, rsi_flush);
 236
 237 static ssize_t lprocfs_rsi_info_seq_write(struct file *file,
 238                                           const char __user *buffer,
 239                                           size_t count, void *data)
 240 {
 241         struct rsi_downcall_data *param;
 242         int size = sizeof(*param), rc, checked = 0;
 243
 244 again:
 245         if (count < size) {
 246                 CERROR("%s: invalid data count = %lu, size = %d\n",
 247                        rsicache->uc_name, (unsigned long)count, size);
 248                 return -EINVAL;
 249         }
 250
 251         OBD_ALLOC_LARGE(param, size);
 252         if (param == NULL)
 253                 return -ENOMEM;
 254
 255         if (copy_from_user(param, buffer, size)) {
 256                 CERROR("%s: bad rsi data\n", rsicache->uc_name);
 257                 GOTO(out, rc = -EFAULT);
 258         }
 259
 260         if (checked == 0) {
 261                 checked = 1;
 262                 if (param->sid_magic != RSI_DOWNCALL_MAGIC) {
 263                         CERROR("%s: rsi downcall bad params\n",
 264                                rsicache->uc_name);
 265                         GOTO(out, rc = -EINVAL);
 266                 }
 267
 268                 rc = param->sid_len; /* save sid_len */
 269                 OBD_FREE_LARGE(param, size);
 270                 size = offsetof(struct rsi_downcall_data, sid_val[rc]);
 271                 goto again;
 272         }
 273
 274         rc = upcall_cache_downcall(rsicache, param->sid_err,
 275                                    param->sid_hash, param);
 276
 277 out:
 278         if (param != NULL)
 279                 OBD_FREE_LARGE(param, size);
 280
 281         return rc ? rc : count;
 282 }
 283 LPROC_SEQ_FOPS_WR_ONLY(gss, rsi_info);
 284
 285 static int rsi_entry_expire_seq_show(struct seq_file *m,
 286                                      void *data)
 287 {
 288         seq_printf(m, "%lld\n", rsicache->uc_entry_expire);
 289         return 0;
 290 }
 291
 292 static ssize_t rsi_entry_expire_seq_write(struct file *file,
 293                                           const char __user *buffer,
 294                                           size_t count, loff_t *off)
 295 {
 296         time64_t val;
 297         int rc;
 298
 299         rc = kstrtoll_from_user(buffer, count, 10, &val);
 300         if (rc)
 301                 return rc;
 302
 303         if (val < 0)
 304                 return -ERANGE;
 305
 306         rsicache->uc_entry_expire = val;
 307
 308         return count;
 309 }
 310 LPROC_SEQ_FOPS(rsi_entry_expire);
 311
 312 static int rsi_acquire_expire_seq_show(struct seq_file *m,
 313                                        void *data)
 314 {
 315         seq_printf(m, "%lld\n", rsicache->uc_acquire_expire);
 316         return 0;
 317 }
 318
 319 static ssize_t rsi_acquire_expire_seq_write(struct file *file,
 320                                             const char __user *buffer,
 321                                             size_t count, loff_t *off)
 322 {
 323         time64_t val;
 324         int rc;
 325
 326         rc = kstrtoll_from_user(buffer, count, 10, &val);
 327         if (rc)
 328                 return rc;
 329
 330         if (val < 0 || val > INT_MAX)
 331                 return -ERANGE;
 332
 333         rsicache->uc_acquire_expire = val;
 334
 335         return count;
 336 }
 337 LPROC_SEQ_FOPS(rsi_acquire_expire);
 338
 339 static ssize_t lprocfs_rsc_flush_seq_write(struct file *file,
 340                                            const char __user *buffer,
 341                                            size_t count, void *data)
 342 {
 343         int hash, rc;
 344
 345         rc = kstrtoint_from_user(buffer, count, 0, &hash);
 346         if (rc)
 347                 return rc;
 348
 349         rsc_flush(rsccache, hash);
 350         return count;
 351 }
 352 LPROC_SEQ_FOPS_WR_ONLY(gss, rsc_flush);
 353
 354 static ssize_t lprocfs_rsc_info_seq_write(struct file *file,
 355                                           const char __user *buffer,
 356                                           size_t count, void *data)
 357 {
 358         struct rsc_downcall_data *param;
 359         int size = sizeof(*param), rc, checked = 0;
 360         struct gss_rsc rsc = { 0 }, *rscp = NULL;
 361         char *mesg, *handle_buf;
 362
 363 again:
 364         if (count < size) {
 365                 CERROR("%s: invalid data count = %lu, size = %d\n",
 366                        rsccache->uc_name, (unsigned long)count, size);
 367                 return -EINVAL;
 368         }
 369
 370         OBD_ALLOC_LARGE(param, size);
 371         if (param == NULL)
 372                 return -ENOMEM;
 373
 374         if (copy_from_user(param, buffer, size)) {
 375                 CERROR("%s: bad rsc data\n", rsccache->uc_name);
 376                 GOTO(out, rc = -EFAULT);
 377         }
 378
 379         if (checked == 0) {
 380                 checked = 1;
 381                 if (param->scd_magic != RSC_DOWNCALL_MAGIC) {
 382                         CERROR("%s: rsc downcall bad params\n",
 383                                rsccache->uc_name);
 384                         GOTO(out, rc = -EINVAL);
 385                 }
 386
 387                 rc = param->scd_len; /* save scd_len */
 388                 OBD_FREE_LARGE(param, size);
 389                 size = offsetof(struct rsc_downcall_data, scd_val[rc]);
 390                 goto again;
 391         }
 392
 393         /* scd_val starts with handle.
 394          * Use it to create cache entry.
 395          */
 396         mesg = param->scd_val;
 397         gss_u32_read(&mesg, &rsc.sc_handle.len);
 398         if (!rsc.sc_handle.len) {
 399                 rc = -EINVAL;
 400                 goto out;
 401         }
 402         OBD_ALLOC_LARGE(handle_buf, rsc.sc_handle.len);
 403         if (!handle_buf) {
 404                 rc = -ENOMEM;
 405                 goto out;
 406         }
 407         memset(handle_buf, 0, rsc.sc_handle.len);
 408         mesg = param->scd_val;
 409         rc = gss_buffer_read(&mesg, handle_buf, rsc.sc_handle.len);
 410         if (rc < 0) {
 411                 OBD_FREE_LARGE(handle_buf, rsc.sc_handle.len);
 412                 rc = -EINVAL;
 413                 goto out;
 414         }
 415         rsc.sc_handle.data = handle_buf;
 416
 417         /* create cache entry on-the-fly */
 418         rscp = rsc_entry_get(rsccache, &rsc);
 419         __rsc_free(&rsc);
 420
 421         if (IS_ERR_OR_NULL(rscp)) {
 422                 if (IS_ERR(rscp))
 423                         rc = PTR_ERR(rscp);
 424                 else
 425                         rc = -EINVAL;
 426                 CERROR("%s: error in rsc_entry_get: rc = %d\n",
 427                        param->scd_mechname, rc);
 428                 goto out;
 429         }
 430
 431         /* now that entry has been created, downcall can be done,
 432          * but we have to tell acquiring is in progress
 433          */
 434         upcall_cache_update_entry(rsccache, rscp->sc_uc_entry,
 435                                   0, UC_CACHE_ACQUIRING);
 436         rc = upcall_cache_downcall(rsccache, param->scd_err,
 437                                    rscp->sc_uc_entry->ue_key, param);
 438
 439 out:
 440         if (!IS_ERR_OR_NULL(rscp))
 441                 rsc_entry_put(rsccache, rscp);
 442         if (param)
 443                 OBD_FREE_LARGE(param, size);
 444
 445         return rc ? rc : count;
 446 }
 447 LPROC_SEQ_FOPS_WR_ONLY(gss, rsc_info);
 448
 449 static struct ldebugfs_vars gss_debugfs_vars[] = {
 450         { .name =       "replays",
 451           .fops =       &gss_proc_oos_fops      },
 452         { .name =       "init_channel",
 453           .fops =       &gss_proc_secinit,
 454           .proc_mode =  0222                    },
 455         { NULL }
 456 };
 457
 458 static struct lprocfs_vars gss_lprocfs_vars[] = {
 459         { .name =       "krb5_allow_old_client_csum",
 460           .fops =       &sptlrpc_krb5_allow_old_client_csum_fops },
 461 #ifdef HAVE_GSS_KEYRING
 462         { .name =       "gss_check_upcall_ns",
 463           .fops =       &sptlrpc_gss_check_upcall_ns_fops },
 464 #endif
 465         { .name =       "rsi_upcall",
 466           .fops =       &rsi_upcall_fops },
 467         { .name =       "rsi_flush",
 468           .fops =       &gss_rsi_flush_fops },
 469         { .name =       "rsi_info",
 470           .fops =       &gss_rsi_info_fops },
 471         { .name =       "rsi_entry_expire",
 472           .fops =       &rsi_entry_expire_fops },
 473         { .name =       "rsi_acquire_expire",
 474           .fops =       &rsi_acquire_expire_fops },
 475         { .name =       "rsc_flush",
 476           .fops =       &gss_rsc_flush_fops },
 477         { .name =       "rsc_info",
 478           .fops =       &gss_rsc_info_fops },
 479         { NULL }
 480 };
 481
 482 /*
 483  * for userspace helper lgss_keyring.
 484  *
 485  * debug_level: [0, 4], defined in utils/gss/lgss_utils.h
 486  */
 487 static int gss_lk_debug_level = 1;
 488
 489 static int gss_lk_proc_dl_seq_show(struct seq_file *m, void *v)
 490 {
 491         seq_printf(m, "%u\n", gss_lk_debug_level);
 492         return 0;
 493 }
 494
 495 static ssize_t
 496 gss_lk_proc_dl_seq_write(struct file *file, const char __user *buffer,
 497                                 size_t count, loff_t *off)
 498 {
 499         unsigned int val;
 500         int rc;
 501
 502         rc = kstrtouint_from_user(buffer, count, 0, &val);
 503         if (rc < 0)
 504                 return rc;
 505
 506         if (val > 4)
 507                 return -ERANGE;
 508
 509         gss_lk_debug_level = val;
 510
 511         return count;
 512 }
 513 LDEBUGFS_SEQ_FOPS(gss_lk_proc_dl);
 514
 515 static struct ldebugfs_vars gss_lk_debugfs_vars[] = {
 516         { .name =       "debug_level",
 517           .fops =       &gss_lk_proc_dl_fops    },
 518         { NULL }
 519 };
 520
 521 void gss_exit_tunables(void)
 522 {
 523         debugfs_remove_recursive(gss_debugfs_dir_lk);
 524         gss_debugfs_dir_lk = NULL;
 525
 526         debugfs_remove_recursive(gss_debugfs_dir);
 527         gss_debugfs_dir = NULL;
 528
 529         if (!IS_ERR_OR_NULL(gss_lprocfs_dir))
 530                 lprocfs_remove(&gss_lprocfs_dir);
 531 }
 532
 533 int gss_init_tunables(void)
 534 {
 535         int     rc;
 536
 537         spin_lock_init(&gss_stat_oos.oos_lock);
 538
 539         gss_debugfs_dir = debugfs_create_dir("gss", sptlrpc_debugfs_dir);
 540         ldebugfs_add_vars(gss_debugfs_dir, gss_debugfs_vars, NULL);
 541
 542         gss_debugfs_dir_lk = debugfs_create_dir("lgss_keyring",
 543                                                 gss_debugfs_dir);
 544         ldebugfs_add_vars(gss_debugfs_dir_lk, gss_lk_debugfs_vars, NULL);
 545
 546         gss_lprocfs_dir = lprocfs_register("gss", sptlrpc_lprocfs_dir,
 547                                            gss_lprocfs_vars, NULL);
 548         if (IS_ERR_OR_NULL(gss_lprocfs_dir)) {
 549                 rc = gss_lprocfs_dir ? PTR_ERR(gss_lprocfs_dir) : -ENOMEM;
 550                 gss_lprocfs_dir = NULL;
 551                 GOTO(out, rc);
 552         }
 553
 554         return 0;
 555
 556 out:
 557         CERROR("failed to initialize gss lproc entries: %d\n", rc);
 558         gss_exit_tunables();
 559         return rc;
 560 }