* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
- * Copyright (c) 2012, 2016, Intel Corporation.
+ * Copyright (c) 2012, 2017, Intel Corporation.
*/
/*
* This file is part of Lustre, http://www.lustre.org/
- * Lustre is a trademark of Sun Microsystems, Inc.
*/
#ifndef _LUSTRE_SEC_H_
void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set);
int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
- struct sptlrpc_rule *rule);
+ struct sptlrpc_rule *rule);
int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
- enum lustre_sec_part from,
- enum lustre_sec_part to,
- lnet_nid_t nid,
- struct sptlrpc_flavor *sf);
+ enum lustre_sec_part from,
+ enum lustre_sec_part to,
+ lnet_nid_t nid,
+ struct sptlrpc_flavor *sf);
void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
int sptlrpc_process_config(struct lustre_cfg *lcfg);
int sptlrpc_conf_target_get_rules(struct obd_device *obd,
struct sptlrpc_rule_set *rset);
void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
- enum lustre_sec_part from,
- lnet_nid_t nid,
- struct sptlrpc_flavor *flavor);
+ enum lustre_sec_part from,
+ lnet_nid_t nid,
+ struct sptlrpc_flavor *flavor);
/* The maximum length of security payload. 1024 is enough for Kerberos 5,
* and should be enough for other future mechanisms but not sure.
#define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
#define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
-#define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
-#define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
-#define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
-#define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
-#define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
-#define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
+#define PTLRPC_CTX_NEW BIT(PTLRPC_CTX_NEW_BIT)
+#define PTLRPC_CTX_UPTODATE BIT(PTLRPC_CTX_UPTODATE_BIT)
+#define PTLRPC_CTX_DEAD BIT(PTLRPC_CTX_DEAD_BIT)
+#define PTLRPC_CTX_ERROR BIT(PTLRPC_CTX_ERROR_BIT)
+#define PTLRPC_CTX_CACHED BIT(PTLRPC_CTX_CACHED_BIT)
+#define PTLRPC_CTX_ETERNAL BIT(PTLRPC_CTX_ETERNAL_BIT)
#define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
PTLRPC_CTX_UPTODATE | \
atomic_t cc_refcount;
struct ptlrpc_sec *cc_sec;
struct ptlrpc_ctx_ops *cc_ops;
- cfs_time_t cc_expire; /* in seconds */
+ time64_t cc_expire; /* in seconds */
unsigned int cc_early_expire:1;
unsigned long cc_flags;
struct vfs_cred cc_vcred;
/** owning import */
struct obd_import *ps_import;
spinlock_t ps_lock;
+ /** mtime of SELinux policy file */
+ ktime_t ps_sepol_mtime;
+ /** next check time of SELinux policy file */
+ ktime_t ps_sepol_checknext;
+ /**
+ * SELinux policy info
+ * sepol string format is:
+ * <mode>:<policy name>:<policy version>:<policy hash>
+ */
+ char ps_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH
+ + 1];
/*
* garbage collection
__u8 bsd_data[0]; /* policy-specific token */
};
-
-/*
- * lprocfs
- */
-struct proc_dir_entry;
-extern struct proc_dir_entry *sptlrpc_proc_root;
+extern struct dentry *sptlrpc_debugfs_dir;
+extern struct proc_dir_entry *sptlrpc_lprocfs_dir;
/*
* round size up to next power of 2, for slab allocation.
void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
void sptlrpc_request_out_callback(struct ptlrpc_request *req);
+int sptlrpc_get_sepol(struct ptlrpc_request *req);
/*
* exported higher interface of import & request
int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
+int sptlrpc_export_update_ctx(struct obd_export *exp);
int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
/* misc */
const char * sec2target_str(struct ptlrpc_sec *sec);
-int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
+int sptlrpc_lprocfs_cliobd_attach(struct obd_device *obd);
/*
* server side
int sptlrpc_enc_pool_add_user(void);
int sptlrpc_enc_pool_del_user(void);
int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
+int sptlrpc_enc_pool_get_pages_array(struct page **pa, unsigned int count);
void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
+void sptlrpc_enc_pool_put_pages_array(struct page **pa, unsigned int count);
int get_free_pages_in_pool(void);
int pool_is_at_full_capacity(void);
int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
-
-#define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
-#define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
-
/** @} sptlrpc */
#endif /* _LUSTRE_SEC_H_ */