X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Finclude%2Flustre_sec.h;h=59d5c388993ae04d60a4837900e03d2cbb931b15;hb=72057a3af19ee02d9a686bd7e7d074917e381310;hp=23652c27569850ceab2cf646a7afd05f8a9bb954;hpb=f87d9c7ef2030eaacf13834a1b7842e8b04d1320;p=fs%2Flustre-release.git diff --git a/lustre/include/lustre_sec.h b/lustre/include/lustre_sec.h index 23652c2..59d5c38 100644 --- a/lustre/include/lustre_sec.h +++ b/lustre/include/lustre_sec.h @@ -15,11 +15,7 @@ * * You should have received a copy of the GNU General Public License * version 2 along with this program; If not, see - * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. + * http://www.gnu.org/licenses/gpl-2.0.html * * GPL HEADER END */ @@ -54,6 +50,7 @@ struct brw_page; /* Linux specific */ struct key; struct seq_file; +struct lustre_cfg; /* * forward declaration @@ -103,6 +100,7 @@ enum sptlrpc_mech_plain { enum sptlrpc_mech_gss { SPTLRPC_MECH_GSS_NULL = 0, SPTLRPC_MECH_GSS_KRB5 = 1, + SPTLRPC_MECH_GSS_SK = 2, SPTLRPC_MECH_GSS_MAX, }; @@ -180,6 +178,14 @@ enum sptlrpc_bulk_service { MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG) #define SPTLRPC_SUBFLVR_KRB5P \ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV) +#define SPTLRPC_SUBFLVR_SKN \ + MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_NULL) +#define SPTLRPC_SUBFLVR_SKA \ + MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_AUTH) +#define SPTLRPC_SUBFLVR_SKI \ + MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_INTG) +#define SPTLRPC_SUBFLVR_SKPI \ + MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_PRIV) /* * "end user" flavors @@ -226,6 +232,30 @@ enum sptlrpc_bulk_service { SPTLRPC_SVC_PRIV, \ SPTLRPC_BULK_DEFAULT, \ SPTLRPC_BULK_SVC_PRIV) +#define SPTLRPC_FLVR_SKN \ + MAKE_FLVR(SPTLRPC_POLICY_GSS, \ + SPTLRPC_MECH_GSS_SK, \ + SPTLRPC_SVC_NULL, \ + SPTLRPC_BULK_DEFAULT, \ + SPTLRPC_BULK_SVC_NULL) +#define SPTLRPC_FLVR_SKA \ + MAKE_FLVR(SPTLRPC_POLICY_GSS, \ + SPTLRPC_MECH_GSS_SK, \ + SPTLRPC_SVC_AUTH, \ + SPTLRPC_BULK_DEFAULT, \ + SPTLRPC_BULK_SVC_NULL) +#define SPTLRPC_FLVR_SKI \ + MAKE_FLVR(SPTLRPC_POLICY_GSS, \ + SPTLRPC_MECH_GSS_SK, \ + SPTLRPC_SVC_INTG, \ + SPTLRPC_BULK_DEFAULT, \ + SPTLRPC_BULK_SVC_INTG) +#define SPTLRPC_FLVR_SKPI \ + MAKE_FLVR(SPTLRPC_POLICY_GSS, \ + SPTLRPC_MECH_GSS_SK, \ + SPTLRPC_SVC_PRIV, \ + SPTLRPC_BULK_DEFAULT, \ + SPTLRPC_BULK_SVC_PRIV) #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL @@ -514,17 +544,17 @@ struct ptlrpc_ctx_ops { PTLRPC_CTX_ERROR) struct ptlrpc_cli_ctx { - cfs_hlist_node_t cc_cache; /* linked into ctx cache */ - atomic_t cc_refcount; + struct hlist_node cc_cache; /* linked into ctx cache */ + atomic_t cc_refcount; struct ptlrpc_sec *cc_sec; struct ptlrpc_ctx_ops *cc_ops; - cfs_time_t cc_expire; /* in seconds */ - unsigned int cc_early_expire:1; - unsigned long cc_flags; - struct vfs_cred cc_vcred; + cfs_time_t cc_expire; /* in seconds */ + unsigned int cc_early_expire:1; + unsigned long cc_flags; + struct vfs_cred cc_vcred; spinlock_t cc_lock; - cfs_list_t cc_req_list; /* waiting reqs linked here */ - cfs_list_t cc_gc_chain; /* linked to gc chain */ + struct list_head cc_req_list; /* waiting reqs linked here */ + struct list_head cc_gc_chain; /* linked to gc chain */ }; /** @@ -839,14 +869,28 @@ struct ptlrpc_sec { struct obd_import *ps_import; spinlock_t ps_lock; - /* - * garbage collection - */ - cfs_list_t ps_gc_list; - cfs_time_t ps_gc_interval; /* in seconds */ - cfs_time_t ps_gc_next; /* in seconds */ + /* + * garbage collection + */ + struct list_head ps_gc_list; + cfs_time_t ps_gc_interval; /* in seconds */ + cfs_time_t ps_gc_next; /* in seconds */ }; +static inline int flvr_is_rootonly(__u32 flavor) +{ + return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS && + (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL || + SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK)); +} + +static inline int flvr_allows_user_desc(__u32 flavor) +{ + return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS && + (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL || + SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK)); +} + static inline int sec_is_reverse(struct ptlrpc_sec *sec) { return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE); @@ -1112,6 +1156,8 @@ int sptlrpc_enc_pool_add_user(void); int sptlrpc_enc_pool_del_user(void); int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc); void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc); +int get_free_pages_in_pool(void); +int pool_is_at_full_capacity(void); int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req, struct ptlrpc_bulk_desc *desc); @@ -1149,13 +1195,6 @@ int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed); #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN) #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE) -enum { - LUSTRE_SEC_NONE = 0, - LUSTRE_SEC_REMOTE = 1, - LUSTRE_SEC_SPECIFY = 2, - LUSTRE_SEC_ALL = 3 -}; - /** @} sptlrpc */ #endif /* _LUSTRE_SEC_H_ */