RETURN(rc);
}
-/*
- * Concurrency: serialization provided by callers.
- */
-static int osd_init_capa_ctxt(const struct lu_env *env, struct dt_device *d,
- int mode, unsigned long timeout, __u32 alg,
- struct lustre_capa_key *keys)
-{
- struct osd_device *dev = osd_dt_dev(d);
- ENTRY;
-
- dev->od_fl_capa = mode;
- dev->od_capa_timeout = timeout;
- dev->od_capa_alg = alg;
- dev->od_capa_keys = keys;
- RETURN(0);
-}
-
/**
* Note: we do not count into QUOTA here.
* If we mount with --data_journal we may need more.
.dt_sync = osd_sync,
.dt_ro = osd_ro,
.dt_commit_async = osd_commit_async,
- .dt_init_capa_ctxt = osd_init_capa_ctxt,
};
static void osd_object_read_lock(const struct lu_env *env,
return obj->oo_owner == env;
}
-static int capa_is_sane(const struct lu_env *env,
- struct osd_device *dev,
- struct lustre_capa *capa,
- struct lustre_capa_key *keys)
-{
- struct osd_thread_info *oti = osd_oti_get(env);
- struct lustre_capa *tcapa = &oti->oti_capa;
- struct obd_capa *oc;
- int i, rc = 0;
- ENTRY;
-
- oc = capa_lookup(dev->od_capa_hash, capa, 0);
- if (oc) {
- if (capa_is_expired(oc)) {
- DEBUG_CAPA(D_ERROR, capa, "expired");
- rc = -ESTALE;
- }
- capa_put(oc);
- RETURN(rc);
- }
-
- if (capa_is_expired_sec(capa)) {
- DEBUG_CAPA(D_ERROR, capa, "expired");
- RETURN(-ESTALE);
- }
-
- spin_lock(&capa_lock);
- for (i = 0; i < 2; i++) {
- if (keys[i].lk_keyid == capa->lc_keyid) {
- oti->oti_capa_key = keys[i];
- break;
- }
- }
- spin_unlock(&capa_lock);
-
- if (i == 2) {
- DEBUG_CAPA(D_ERROR, capa, "no matched capa key");
- RETURN(-ESTALE);
- }
-
- rc = capa_hmac(tcapa->lc_hmac, capa, oti->oti_capa_key.lk_key);
- if (rc)
- RETURN(rc);
-
- if (memcmp(tcapa->lc_hmac, capa->lc_hmac, sizeof(capa->lc_hmac))) {
- DEBUG_CAPA(D_ERROR, capa, "HMAC mismatch");
- RETURN(-EACCES);
- }
-
- oc = capa_add(dev->od_capa_hash, capa);
- capa_put(oc);
-
- RETURN(0);
-}
-
-int osd_object_auth(const struct lu_env *env, struct dt_object *dt,
- struct lustre_capa *capa, __u64 opc)
-{
- const struct lu_fid *fid = lu_object_fid(&dt->do_lu);
- struct osd_device *osd = osd_dev(dt->do_lu.lo_dev);
- struct lu_capainfo *lci;
- int rc;
-
- if (!osd->od_fl_capa)
- return 0;
-
- if (capa == BYPASS_CAPA)
- return 0;
-
- lci = lu_capainfo_get(env);
- if (unlikely(lci == NULL))
- return 0;
-
- if (lci->lci_auth == LC_ID_NONE)
- return 0;
-
- if (capa == NULL) {
- CERROR("%s: no capability provided for FID "DFID": rc = %d\n",
- osd_name(osd), PFID(fid), -EACCES);
- return -EACCES;
- }
-
- if (!lu_fid_eq(fid, &capa->lc_fid)) {
- DEBUG_CAPA(D_ERROR, capa, "fid "DFID" mismatch with",
- PFID(fid));
- return -EACCES;
- }
-
- if (!capa_opc_supported(capa, opc)) {
- DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc);
- return -EACCES;
- }
-
- rc = capa_is_sane(env, osd, capa, osd->od_capa_keys);
- if (rc != 0) {
- DEBUG_CAPA(D_ERROR, capa, "insane: rc = %d", rc);
- return -EACCES;
- }
-
- return 0;
-}
-
static struct timespec *osd_inode_time(const struct lu_env *env,
struct inode *inode, __u64 seconds)
{
static int osd_attr_get(const struct lu_env *env,
struct dt_object *dt,
- struct lu_attr *attr,
- struct lustre_capa *capa)
+ struct lu_attr *attr)
{
struct osd_object *obj = osd_dt_obj(dt);
LASSERT(!dt_object_remote(dt));
LINVRNT(osd_invariant(obj));
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_READ))
- return -EACCES;
-
spin_lock(&obj->oo_guard);
osd_inode_getattr(env, obj->oo_inode, attr);
spin_unlock(&obj->oo_guard);
static int osd_attr_set(const struct lu_env *env,
struct dt_object *dt,
const struct lu_attr *attr,
- struct thandle *handle,
- struct lustre_capa *capa)
+ struct thandle *handle)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *inode;
LASSERT(!dt_object_remote(dt));
LASSERT(osd_invariant(obj));
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_WRITE))
- return -EACCES;
-
osd_trans_exec_op(env, handle, OSD_OT_ATTR_SET);
if (OBD_FAIL_CHECK(OBD_FAIL_OSD_FID_MAPPING)) {
* Concurrency: @dt is read locked.
*/
static int osd_xattr_get(const struct lu_env *env, struct dt_object *dt,
- struct lu_buf *buf, const char *name,
- struct lustre_capa *capa)
+ struct lu_buf *buf, const char *name)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *inode = obj->oo_inode;
LASSERT(inode->i_op != NULL);
LASSERT(inode->i_op->getxattr != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_READ))
- return -EACCES;
-
return __osd_xattr_get(inode, dentry, name, buf->lb_buf, buf->lb_len);
}
* Concurrency: @dt is write locked.
*/
static int osd_xattr_set(const struct lu_env *env, struct dt_object *dt,
- const struct lu_buf *buf, const char *name, int fl,
- struct thandle *handle, struct lustre_capa *capa)
+ const struct lu_buf *buf, const char *name, int fl,
+ struct thandle *handle)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *inode = obj->oo_inode;
return sizeof(dt_obj_version_t);
}
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_WRITE))
- return -EACCES;
-
CDEBUG(D_INODE, DFID" set xattr '%s' with size %zu\n",
PFID(lu_object_fid(&dt->do_lu)), name, buf->lb_len);
* Concurrency: @dt is read locked.
*/
static int osd_xattr_list(const struct lu_env *env, struct dt_object *dt,
- const struct lu_buf *buf, struct lustre_capa *capa)
+ const struct lu_buf *buf)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *inode = obj->oo_inode;
LASSERT(inode->i_op != NULL);
LASSERT(inode->i_op->listxattr != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_READ))
- return -EACCES;
-
dentry->d_inode = inode;
dentry->d_sb = inode->i_sb;
return inode->i_op->listxattr(dentry, buf->lb_buf, buf->lb_len);
* Concurrency: @dt is write locked.
*/
static int osd_xattr_del(const struct lu_env *env, struct dt_object *dt,
- const char *name, struct thandle *handle,
- struct lustre_capa *capa)
+ const char *name, struct thandle *handle)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *inode = obj->oo_inode;
LASSERT(inode->i_op->removexattr != NULL);
LASSERT(handle != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_META_WRITE))
- return -EACCES;
-
osd_trans_exec_op(env, handle, OSD_OT_XATTR_SET);
ll_vfs_dq_init(inode);
return rc;
}
-static struct obd_capa *osd_capa_get(const struct lu_env *env,
- struct dt_object *dt,
- struct lustre_capa *old, __u64 opc)
-{
- struct osd_thread_info *info = osd_oti_get(env);
- const struct lu_fid *fid = lu_object_fid(&dt->do_lu);
- struct osd_object *obj = osd_dt_obj(dt);
- struct osd_device *osd = osd_obj2dev(obj);
- struct lustre_capa_key *key = &info->oti_capa_key;
- struct lustre_capa *capa = &info->oti_capa;
- struct obd_capa *oc;
- struct lu_capainfo *lci;
- int rc;
- ENTRY;
-
- if (!osd->od_fl_capa)
- RETURN(ERR_PTR(-ENOENT));
-
- if (!dt_object_exists(dt))
- RETURN(ERR_PTR(-ENOENT));
-
- LASSERT(!dt_object_remote(dt));
- LINVRNT(osd_invariant(obj));
-
- /* renewal sanity check */
- if (old && osd_object_auth(env, dt, old, opc))
- RETURN(ERR_PTR(-EACCES));
-
- lci = lu_capainfo_get(env);
- if (unlikely(lci == NULL))
- RETURN(ERR_PTR(-ENOENT));
-
- switch (lci->lci_auth) {
- case LC_ID_NONE:
- RETURN(NULL);
- case LC_ID_PLAIN:
- capa->lc_uid = i_uid_read(obj->oo_inode);
- capa->lc_gid = i_gid_read(obj->oo_inode);
- capa->lc_flags = LC_ID_PLAIN;
- break;
- case LC_ID_CONVERT: {
- __u32 d[4], s[4];
-
- s[0] = i_uid_read(obj->oo_inode);
- cfs_get_random_bytes(&(s[1]), sizeof(__u32));
- s[2] = i_uid_read(obj->oo_inode);
- cfs_get_random_bytes(&(s[3]), sizeof(__u32));
- rc = capa_encrypt_id(d, s, key->lk_key, CAPA_HMAC_KEY_MAX_LEN);
- if (unlikely(rc))
- RETURN(ERR_PTR(rc));
-
- capa->lc_uid = ((__u64)d[1] << 32) | d[0];
- capa->lc_gid = ((__u64)d[3] << 32) | d[2];
- capa->lc_flags = LC_ID_CONVERT;
- break;
- }
- default:
- RETURN(ERR_PTR(-EINVAL));
- }
-
- capa->lc_fid = *fid;
- capa->lc_opc = opc;
- capa->lc_flags |= osd->od_capa_alg << 24;
- capa->lc_timeout = osd->od_capa_timeout;
- capa->lc_expiry = 0;
-
- oc = capa_lookup(osd->od_capa_hash, capa, 1);
- if (oc) {
- LASSERT(!capa_is_expired(oc));
- RETURN(oc);
- }
-
- spin_lock(&capa_lock);
- *key = osd->od_capa_keys[1];
- spin_unlock(&capa_lock);
-
- capa->lc_keyid = key->lk_keyid;
- capa->lc_expiry = cfs_time_current_sec() + osd->od_capa_timeout;
-
- rc = capa_hmac(capa->lc_hmac, capa, key->lk_key);
- if (rc) {
- DEBUG_CAPA(D_ERROR, capa, "HMAC failed: %d for", rc);
- RETURN(ERR_PTR(rc));
- }
-
- oc = capa_add(osd->od_capa_hash, capa);
- RETURN(oc);
-}
-
static int osd_object_sync(const struct lu_env *env, struct dt_object *dt,
__u64 start, __u64 end)
{
RETURN(rc);
}
-static int osd_data_get(const struct lu_env *env, struct dt_object *dt,
- void **data)
-{
- struct osd_object *obj = osd_dt_obj(dt);
- ENTRY;
-
- *data = (void *)obj->oo_inode;
- RETURN(0);
-}
-
/*
* Index operations.
*/
static int osd_otable_it_attr_get(const struct lu_env *env,
struct dt_object *dt,
- struct lu_attr *attr,
- struct lustre_capa *capa)
+ struct lu_attr *attr)
{
attr->la_valid = 0;
return 0;
.do_declare_xattr_del = osd_declare_xattr_del,
.do_xattr_del = osd_xattr_del,
.do_xattr_list = osd_xattr_list,
- .do_capa_get = osd_capa_get,
.do_object_sync = osd_object_sync,
- .do_data_get = osd_data_get,
};
/**
.do_declare_xattr_del = osd_declare_xattr_del,
.do_xattr_del = osd_xattr_del,
.do_xattr_list = osd_xattr_list,
- .do_capa_get = osd_capa_get,
.do_object_sync = osd_object_sync,
- .do_data_get = osd_data_get,
};
static const struct dt_object_operations osd_obj_otable_it_ops = {
*/
static int osd_index_iam_delete(const struct lu_env *env, struct dt_object *dt,
const struct dt_key *key,
- struct thandle *handle,
- struct lustre_capa *capa)
+ struct thandle *handle)
{
struct osd_thread_info *oti = osd_oti_get(env);
struct osd_object *obj = osd_dt_obj(dt);
LASSERT(bag->ic_object == obj->oo_inode);
LASSERT(handle != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_DELETE))
- RETURN(-EACCES);
-
osd_trans_exec_op(env, handle, OSD_OT_DELETE);
ipd = osd_idx_ipd_get(env, bag);
* \retval -ve, on error
*/
static int osd_index_ea_delete(const struct lu_env *env, struct dt_object *dt,
- const struct dt_key *key, struct thandle *handle,
- struct lustre_capa *capa)
+ const struct dt_key *key, struct thandle *handle)
{
struct osd_object *obj = osd_dt_obj(dt);
struct inode *dir = obj->oo_inode;
LASSERT(oh->ot_handle != NULL);
LASSERT(oh->ot_handle->h_transaction != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_DELETE))
- RETURN(-EACCES);
-
ll_vfs_dq_init(dir);
dentry = osd_child_dentry_get(env, obj,
(char *)key, strlen((char *)key));
* \retval -ve failure
*/
static int osd_index_iam_lookup(const struct lu_env *env, struct dt_object *dt,
- struct dt_rec *rec, const struct dt_key *key,
- struct lustre_capa *capa)
+ struct dt_rec *rec, const struct dt_key *key)
{
struct osd_object *obj = osd_dt_obj(dt);
struct iam_path_descr *ipd;
LASSERT(!dt_object_remote(dt));
LASSERT(bag->ic_object == obj->oo_inode);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_LOOKUP))
- RETURN(-EACCES);
-
ipd = osd_idx_ipd_get(env, bag);
if (IS_ERR(ipd))
RETURN(-ENOMEM);
static int osd_index_iam_insert(const struct lu_env *env, struct dt_object *dt,
const struct dt_rec *rec,
const struct dt_key *key, struct thandle *th,
- struct lustre_capa *capa, int ignore_quota)
+ int ignore_quota)
{
struct osd_object *obj = osd_dt_obj(dt);
struct iam_path_descr *ipd;
LASSERT(bag->ic_object == obj->oo_inode);
LASSERT(th != NULL);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_INSERT))
- RETURN(-EACCES);
-
osd_trans_exec_op(env, th, OSD_OT_INSERT);
ipd = osd_idx_ipd_get(env, bag);
* \retval -ve, on error
*/
static int osd_index_ea_insert(const struct lu_env *env, struct dt_object *dt,
- const struct dt_rec *rec,
- const struct dt_key *key, struct thandle *th,
- struct lustre_capa *capa, int ignore_quota)
+ const struct dt_rec *rec,
+ const struct dt_key *key, struct thandle *th,
+ int ignore_quota)
{
struct osd_object *obj = osd_dt_obj(dt);
struct osd_device *osd = osd_dev(dt->do_lu.lo_dev);
osd_trans_exec_op(env, th, OSD_OT_INSERT);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_INSERT))
- RETURN(-EACCES);
-
LASSERTF(fid_is_sane(fid), "fid"DFID" is insane!\n", PFID(fid));
rc = osd_remote_fid(env, osd, fid);
*/
static struct dt_it *osd_it_iam_init(const struct lu_env *env,
- struct dt_object *dt,
- __u32 unused,
- struct lustre_capa *capa)
+ struct dt_object *dt,
+ __u32 unused)
{
struct osd_it_iam *it;
struct osd_object *obj = osd_dt_obj(dt);
if (!dt_object_exists(dt))
return ERR_PTR(-ENOENT);
- if (osd_object_auth(env, dt, capa, CAPA_OPC_BODY_READ))
- return ERR_PTR(-EACCES);
-
OBD_ALLOC_PTR(it);
if (it == NULL)
return ERR_PTR(-ENOMEM);
*/
static struct dt_it *osd_it_ea_init(const struct lu_env *env,
struct dt_object *dt,
- __u32 attr,
- struct lustre_capa *capa)
+ __u32 attr)
{
struct osd_object *obj = osd_dt_obj(dt);
struct osd_thread_info *info = osd_oti_get(env);
* \retval -ve, on error
*/
static int osd_index_ea_lookup(const struct lu_env *env, struct dt_object *dt,
- struct dt_rec *rec, const struct dt_key *key,
- struct lustre_capa *capa)
+ struct dt_rec *rec, const struct dt_key *key)
{
struct osd_object *obj = osd_dt_obj(dt);
int rc = 0;
LASSERT(S_ISDIR(obj->oo_inode->i_mode));
LINVRNT(osd_invariant(obj));
- if (osd_object_auth(env, dt, capa, CAPA_OPC_INDEX_LOOKUP))
- return -EACCES;
-
rc = osd_ea_lookup_rec(env, obj, rec, key);
if (rc == 0)
rc = +1;
spin_lock_init(&o->od_osfs_lock);
mutex_init(&o->od_otable_mutex);
- o->od_capa_hash = init_capa_hash();
- if (o->od_capa_hash == NULL)
- GOTO(out, rc = -ENOMEM);
-
o->od_read_cache = 1;
o->od_writethrough_cache = 1;
o->od_readcache_max_filesize = OSD_MAX_CACHE_SIZE;
sizeof(o->od_svname));
if (cplen >= sizeof(o->od_svname)) {
rc = -E2BIG;
- GOTO(out_capa, rc);
+ GOTO(out, rc);
}
if (server_name_is_ost(o->od_svname))
o->od_full_scrub_threshold_rate = FULL_SCRUB_THRESHOLD_RATE_DEFAULT;
rc = osd_mount(env, o, cfg);
if (rc != 0)
- GOTO(out_capa, rc);
+ GOTO(out, rc);
rc = osd_obj_map_init(env, o);
if (rc != 0)
osd_obj_map_fini(o);
out_mnt:
osd_umount(env, o);
-out_capa:
- cleanup_capa_hash(o->od_capa_hash);
out:
return rc;
}
struct osd_device *o = osd_dev(d);
ENTRY;
- cleanup_capa_hash(o->od_capa_hash);
/* XXX: make osd top device in order to release reference */
d->ld_site->ls_top_dev = d;
lu_site_purge(env, d->ld_site, -1);