X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;ds=sidebyside;f=lustre%2Fptlrpc%2Fgss%2Fgss_internal.h;h=39c2e8dbb3ed65142bd83d83d4fdd7ccc03aad14;hb=ee7ca785615f2da71932512d8545763836ef8197;hp=78ae0d5a73fc2a69837f87f517f3446e3046d215;hpb=aa145aa1fdfab120acd3de5cf5af067d9ca516f6;p=fs%2Flustre-release.git

diff --git a/lustre/ptlrpc/gss/gss_internal.h b/lustre/ptlrpc/gss/gss_internal.h
index 78ae0d5..39c2e8d 100644
--- a/lustre/ptlrpc/gss/gss_internal.h
+++ b/lustre/ptlrpc/gss/gss_internal.h
@@ -1,16 +1,18 @@
-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
  * Modified from NFSv4 project for Lustre
  *
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  *
+ * Copyright (c) 2012, 2016, Intel Corporation.
+ *
  * Author: Eric Mei <ericm@clusterfs.com>
  */
 
 #ifndef __PTLRPC_GSS_GSS_INTERNAL_H_
 #define __PTLRPC_GSS_GSS_INTERNAL_H_
 
+#include <crypto/hash.h>
+#include <libcfs/libcfs_crypto.h>
 #include <lustre_sec.h>
 
 /*
@@ -71,17 +73,16 @@ int buffer_extract_bytes(const void **buf, __u32 *buflen,
  */
 #define GSS_GC_INTERVAL                 (60 * 60) /* 60 minutes */
 
-static inline
-unsigned long gss_round_ctx_expiry(unsigned long expiry,
-                                   unsigned long sec_flags)
+static inline time64_t gss_round_ctx_expiry(time64_t expiry,
+					    unsigned long sec_flags)
 {
-        if (sec_flags & PTLRPC_SEC_FL_REVERSE)
-                return expiry;
+	if (sec_flags & PTLRPC_SEC_FL_REVERSE)
+		return expiry;
 
-        if (get_seconds() + __TIMEOUT_DELTA <= expiry)
-                return expiry - __TIMEOUT_DELTA;
+	if (ktime_get_real_seconds() + __TIMEOUT_DELTA <= expiry)
+		return expiry - __TIMEOUT_DELTA;
 
-        return expiry;
+	return expiry;
 }
 
 /*
@@ -92,7 +93,11 @@ unsigned long gss_round_ctx_expiry(unsigned long expiry,
 /*
  * XXX make it visible of kernel and lgssd/lsvcgssd
  */
-#define GSSD_INTERFACE_VERSION          (1)
+enum {
+	GSSD_INTERFACE_VERSION_V1 = 1,
+	GSSD_INTERFACE_VERSION_V2 = 2,
+	GSSD_INTERFACE_VERSION = GSSD_INTERFACE_VERSION_V2,
+};
 
 #define PTLRPC_GSS_VERSION              (1)
 
@@ -112,23 +117,32 @@ enum ptlrpc_gss_tgt {
 };
 
 enum ptlrpc_gss_header_flags {
-        LUSTRE_GSS_PACK_BULK            = 1,
-        LUSTRE_GSS_PACK_USER            = 2,
+	LUSTRE_GSS_PACK_BULK            = 1,
+	LUSTRE_GSS_PACK_USER            = 2,
+	LUSTRE_GSS_PACK_KCSUM           = 4,
 };
 
 static inline
 __u32 import_to_gss_svc(struct obd_import *imp)
 {
-        const char *name = imp->imp_obd->obd_type->typ_name;
-
-        if (!strcmp(name, LUSTRE_MGC_NAME))
-                return LUSTRE_GSS_TGT_MGS;
-        if (!strcmp(name, LUSTRE_MDC_NAME))
-                return LUSTRE_GSS_TGT_MDS;
-        if (!strcmp(name, LUSTRE_OSC_NAME))
-                return LUSTRE_GSS_TGT_OSS;
-        LBUG();
-        return 0;
+	int cl_sp_to = LUSTRE_SP_ANY;
+
+	if (imp->imp_obd)
+		cl_sp_to = imp->imp_obd->u.cli.cl_sp_to;
+
+	switch (cl_sp_to) {
+	case LUSTRE_SP_MDT:
+		return LUSTRE_GSS_TGT_MDS;
+	case LUSTRE_SP_OST:
+		return LUSTRE_GSS_TGT_OSS;
+	case LUSTRE_SP_MGC:
+	case LUSTRE_SP_MGS:
+		return LUSTRE_GSS_TGT_MGS;
+	case LUSTRE_SP_CLI:
+	case LUSTRE_SP_ANY:
+	default:
+		return 0;
+	}
 }
 
 /*
@@ -207,7 +221,7 @@ static inline __u64 gss_handle_to_u64(rawobj_t *handle)
                                          GSS_SEQ_WIN_MAIN / 4)
 
 struct gss_svc_seq_data {
-        cfs_spinlock_t          ssd_lock;
+	spinlock_t		ssd_lock;
         /*
          * highest sequence number seen so far, for main and back window
          */
@@ -261,34 +275,34 @@ struct gss_svc_reqctx {
 };
 
 struct gss_cli_ctx {
-        struct ptlrpc_cli_ctx   gc_base;
-        __u32                   gc_flavor;
-        __u32                   gc_proc;
-        __u32                   gc_win;
-        cfs_atomic_t            gc_seq;
-        rawobj_t                gc_handle;
-        struct gss_ctx         *gc_mechctx;
-        /* handle for the buddy svc ctx */
-        rawobj_t                gc_svc_handle;
+	struct ptlrpc_cli_ctx	gc_base;
+	__u32			gc_flavor;
+	__u32			gc_proc;
+	__u32			gc_win;
+	atomic_t		gc_seq;
+	rawobj_t		gc_handle;
+	struct gss_ctx		*gc_mechctx;
+	/* handle for the buddy svc ctx */
+	rawobj_t		gc_svc_handle;
 };
 
 struct gss_cli_ctx_keyring {
-        struct gss_cli_ctx      gck_base;
-        struct key             *gck_key;
-        struct timer_list      *gck_timer;
+	struct gss_cli_ctx      gck_base;
+	struct key             *gck_key;
+	struct timer_list       gck_timer;
 };
 
 struct gss_sec {
-        struct ptlrpc_sec       gs_base;
-        struct gss_api_mech    *gs_mech;
-        cfs_spinlock_t          gs_lock;
-        __u64                   gs_rvs_hdl;
+	struct ptlrpc_sec	gs_base;
+	struct gss_api_mech	*gs_mech;
+	spinlock_t		gs_lock;
+	__u64			gs_rvs_hdl;
 };
 
 struct gss_sec_pipefs {
-        struct gss_sec          gsp_base;
-        int                     gsp_chash_size;  /* must be 2^n */
-        cfs_hlist_head_t        gsp_chash[0];
+	struct gss_sec		gsp_base;
+	int			gsp_chash_size;	/* must be 2^n */
+	struct hlist_head	gsp_chash[0];
 };
 
 /*
@@ -301,7 +315,7 @@ struct gss_sec_keyring {
         /*
          * all contexts listed here. access is protected by sec spinlock.
          */
-        cfs_hlist_head_t        gsk_clist;
+	struct hlist_head	gsk_clist;
         /*
          * specially point to root ctx (only one at a time). access is
          * protected by sec spinlock.
@@ -310,10 +324,10 @@ struct gss_sec_keyring {
         /*
          * specially serialize upcalls for root context.
          */
-        cfs_mutex_t             gsk_root_uc_lock;
+	struct mutex			gsk_root_uc_lock;
 
 #ifdef HAVE_KEYRING_UPCALL_SERIALIZED
-        cfs_mutex_t             gsk_uc_lock;        /* serialize upcalls */
+	struct mutex		gsk_uc_lock;	/* serialize upcalls */
 #endif
 };
 
@@ -344,6 +358,14 @@ static inline struct gss_sec_keyring *sec2gsec_keyring(struct ptlrpc_sec *sec)
         return container_of(sec2gsec(sec), struct gss_sec_keyring, gsk_base);
 }
 
+#ifdef HAVE_CACHE_HASH_SPINLOCK
+# define sunrpc_cache_lookup(c, i, h) sunrpc_cache_lookup_rcu((c), (i), (h))
+# define cache_read_lock(cdetail)   spin_lock(&((cdetail)->hash_lock))
+# define cache_read_unlock(cdetail) spin_unlock(&((cdetail)->hash_lock))
+#else /* ! HAVE_CACHE_HASH_SPINLOCK */
+# define cache_read_lock(cdetail)   read_lock(&((cdetail)->hash_lock))
+# define cache_read_unlock(cdetail) read_unlock(&((cdetail)->hash_lock))
+#endif
 
 #define GSS_CTX_INIT_MAX_LEN            (1024)
 
@@ -427,12 +449,22 @@ int gss_cli_ctx_fini_common(struct ptlrpc_sec *sec,
 void gss_cli_ctx_flags2str(unsigned long flags, char *buf, int bufsize);
 
 /* gss_keyring.c */
+#ifndef HAVE_GSS_KEYRING
+static inline int  __init gss_init_keyring(void) { return 0; }
+static inline void __exit gss_exit_keyring(void) { return; }
+#else
 int  __init gss_init_keyring(void);
 void __exit gss_exit_keyring(void);
+#endif
 
 /* gss_pipefs.c */
+#ifndef HAVE_GSS_PIPEFS
+static inline int  __init gss_init_pipefs(void) { return 0; }
+static inline void __exit gss_exit_pipefs(void) { return; }
+#else
 int  __init gss_init_pipefs(void);
 void __exit gss_exit_pipefs(void);
+#endif
 
 /* gss_bulk.c */
 int gss_cli_prep_bulk(struct ptlrpc_request *req,
@@ -450,10 +482,6 @@ int gss_svc_unwrap_bulk(struct ptlrpc_request *req,
 int gss_svc_wrap_bulk(struct ptlrpc_request *req,
                       struct ptlrpc_bulk_desc *desc);
 
-/* gss_mech_switch.c */
-int init_kerberos_module(void);
-void cleanup_kerberos_module(void);
-
 /* gss_generic_token.c */
 int g_token_size(rawobj_t *mech, unsigned int body_size);
 void g_make_token_header(rawobj_t *mech, int body_size, unsigned char **buf);
@@ -462,11 +490,11 @@ __u32 g_verify_token_header(rawobj_t *mech, int *body_size,
 
 
 /* gss_cli_upcall.c */
-int gss_do_ctx_init_rpc(char *buffer, unsigned long count);
+int gss_do_ctx_init_rpc(char __user *buffer, unsigned long count);
 int gss_do_ctx_fini_rpc(struct gss_cli_ctx *gctx);
 
 int  __init gss_init_cli_upcall(void);
-void __exit gss_exit_cli_upcall(void);
+void gss_exit_cli_upcall(void);
 
 /* gss_svc_upcall.c */
 __u64 gss_get_next_ctx_index(void);
@@ -489,19 +517,32 @@ void gss_svc_upcall_put_ctx(struct gss_svc_ctx *ctx);
 void gss_svc_upcall_destroy_ctx(struct gss_svc_ctx *ctx);
 
 int  __init gss_init_svc_upcall(void);
-void __exit gss_exit_svc_upcall(void);
+void gss_exit_svc_upcall(void);
+extern unsigned int krb5_allow_old_client_csum;
 
 /* lproc_gss.c */
 void gss_stat_oos_record_cli(int behind);
 void gss_stat_oos_record_svc(int phase, int replay);
 
-int  __init gss_init_lproc(void);
-void __exit gss_exit_lproc(void);
+int  __init gss_init_tunables(void);
+void gss_exit_tunables(void);
+
+/* gss_null_mech.c */
+int __init init_null_module(void);
+void cleanup_null_module(void);
 
 /* gss_krb5_mech.c */
 int __init init_kerberos_module(void);
-void __exit cleanup_kerberos_module(void);
+void cleanup_kerberos_module(void);
 
+/* gss_sk_mech.c */
+#ifdef HAVE_OPENSSL_SSK
+int __init init_sk_module(void);
+void cleanup_sk_module(void);
+#else
+static inline int init_sk_module(void) { return 0; }
+static inline void cleanup_sk_module(void) { return; }
+#endif /* HAVE_OPENSSL_SSK */
 
 /* debug */
 static inline
@@ -523,4 +564,13 @@ void __dbg_memdump(char *name, void *ptr, int size)
         OBD_FREE(buf, bufsize);
 }
 
+static inline unsigned int ll_read_key_usage(struct key *key)
+{
+#ifdef HAVE_KEY_USAGE_REFCOUNT
+	return refcount_read(&key->usage);
+#else
+	return atomic_read(&key->usage);
+#endif
+}
+
 #endif /* __PTLRPC_GSS_GSS_INTERNAL_H_ */