X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fobdfilter%2Ffilter_capa.c;h=1fbddb6d4c16b73b02b0cab642dfcee8cd8be2b8;hb=33b82aa398e5ecd3c29d0a9eb5f5eba73611c6f6;hp=cfec3ea10d4f83a7e9afa6d0cf5f42262dd8680e;hpb=6ddb9147058c5da4d4f8e2099ad309e994f2c0c5;p=fs%2Flustre-release.git diff --git a/lustre/obdfilter/filter_capa.c b/lustre/obdfilter/filter_capa.c index cfec3ea..1fbddb6 100644 --- a/lustre/obdfilter/filter_capa.c +++ b/lustre/obdfilter/filter_capa.c @@ -1,24 +1,41 @@ /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- * vim:expandtab:shiftwidth=8:tabstop=8: * - * Copyright (C) 2004, 2005 Cluster File Systems, Inc. + * GPL HEADER START * - * Author: Lai Siyao + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 only, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License version 2 for more details (a copy is included + * in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; If not, see + * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf * - * This file is part of Lustre, http://www.lustre.org. + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. * - * Lustre is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. + * GPL HEADER END + */ +/* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved + * Use is subject to license terms. + */ +/* + * This file is part of Lustre, http://www.lustre.org/ + * Lustre is a trademark of Sun Microsystems, Inc. * - * Lustre is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * lustre/obdfilter/filter_capa.c * - * You should have received a copy of the GNU General Public License - * along with Lustre; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * Author: Lai Siyao */ #define DEBUG_SUBSYSTEM S_FILTER @@ -29,333 +46,180 @@ #include #include -#include -#include +#include +#include #include "filter_internal.h" -/* - * FIXME - * keep this as simple as possible. we suppose the blacklist usually - * be empry or very short (<5), since long term blacklist should be - * done on MDS side. A more sophisticated blacklist will be implemented - * later. - * - * note blacklist didn't take effect when OSS capability disabled. this - * looks reasonable to me. - */ -#define BLACKLIST_MAX (32) -static int nblacklist = 0; -static uid_t blacklist[BLACKLIST_MAX]; -static spinlock_t blacklist_lock = SPIN_LOCK_UNLOCKED; - -int blacklist_display(char *buf, int bufsize) +static inline __u32 filter_ck_keyid(struct filter_capa_key *key) { - char one[16]; - int i; - LASSERT(buf); - - buf[0] = '\0'; - spin_lock(&blacklist_lock); - for (i = 0; i < nblacklist; i++) { - snprintf(one, 16, "%u\n", blacklist[i]); - strncat(buf, one, bufsize); - } - spin_unlock(&blacklist_lock); - return strnlen(buf, bufsize); + return key->k_key.lk_keyid; } -void blacklist_add(uid_t uid) -{ - int i; - - spin_lock(&blacklist_lock); - if (nblacklist == BLACKLIST_MAX) { - CERROR("can't add more in blacklist\n"); - spin_unlock(&blacklist_lock); - return; - } - - for (i = 0; i < nblacklist; i++) { - if (blacklist[i] == uid) { - spin_unlock(&blacklist_lock); - return; - } - } - - blacklist[nblacklist++] = uid; - spin_unlock(&blacklist_lock); -} - -void blacklist_del(uid_t uid) +int filter_update_capa_key(struct obd_device *obd, struct lustre_capa_key *new) { + struct filter_obd *filter = &obd->u.filter; + struct filter_capa_key *k, *keys[2] = { NULL, NULL }; int i; - spin_lock(&blacklist_lock); - for (i = 0; i < nblacklist; i++) { - if (blacklist[i] == uid) { - nblacklist--; - while (i < nblacklist) { - blacklist[i] = blacklist[i+1]; - i++; - } - spin_unlock(&blacklist_lock); - return; - } - } - spin_unlock(&blacklist_lock); -} - -int blacklist_check(uid_t uid) -{ - int i, rc = 0; + spin_lock(&capa_lock); + list_for_each_entry(k, &filter->fo_capa_keys, k_list) { + if (k->k_key.lk_mdsid != new->lk_mdsid) + continue; - spin_lock(&blacklist_lock); - for (i = 0; i < nblacklist; i++) { - if (blacklist[i] == uid) { - rc = 1; - break; + if (keys[0]) { + keys[1] = k; + if (filter_ck_keyid(keys[1]) > filter_ck_keyid(keys[0])) + keys[1] = keys[0], keys[0] = k; + } else { + keys[0] = k; } } - spin_unlock(&blacklist_lock); - return rc; -} - - -void filter_free_capa_keys(struct filter_obd *filter) -{ - struct filter_capa_key *key, *n; + spin_unlock(&capa_lock); - spin_lock(&filter->fo_capa_lock); - list_for_each_entry_safe(key, n, &filter->fo_capa_keys, k_list) { - list_del_init(&key->k_list); - OBD_FREE(key, sizeof(*key)); - } - spin_unlock(&filter->fo_capa_lock); -} - -int filter_update_capa_key(struct obd_device *obd, struct lustre_capa_key *key) -{ - struct filter_obd *filter = &obd->u.filter; - struct filter_capa_key *tmp = NULL, *rkey = NULL, *bkey = NULL; - int rc = 0; - ENTRY; - - spin_lock(&filter->fo_capa_lock); - list_for_each_entry(tmp, &filter->fo_capa_keys, k_list) { - if (tmp->k_key.lk_mdsid != le32_to_cpu(key->lk_mdsid)) + for (i = 0; i < 2; i++) { + if (!keys[i]) continue; + if (filter_ck_keyid(keys[i]) != new->lk_keyid) + continue; + /* maybe because of recovery or other reasons, MDS sent the + * the old capability key again. + */ + spin_lock(&capa_lock); + keys[i]->k_key = *new; + spin_unlock(&capa_lock); - if (rkey == NULL) - rkey = tmp; - else - bkey = tmp; - } - spin_unlock(&filter->fo_capa_lock); - - if (rkey && bkey && capa_key_cmp(&rkey->k_key, &bkey->k_key) < 0) { - tmp = rkey; - rkey = bkey; - bkey = tmp; + RETURN(0); } - if (bkey) { - tmp = bkey; - - DEBUG_CAPA_KEY(D_INFO, &tmp->k_key, "filter update"); + if (keys[1]) { + /* if OSS already have two keys, update the old one */ + k = keys[1]; } else { - OBD_ALLOC(tmp, sizeof(*tmp)); - if (!tmp) - GOTO(out, rc = -ENOMEM); - - DEBUG_CAPA_KEY(D_INFO, &tmp->k_key, "filter new"); + OBD_ALLOC_PTR(k); + if (!k) + RETURN(-ENOMEM); + CFS_INIT_LIST_HEAD(&k->k_list); } - /* fields in lustre_capa_key are in cpu order */ - spin_lock(&filter->fo_capa_lock); - tmp->k_key.lk_mdsid = le32_to_cpu(key->lk_mdsid); - tmp->k_key.lk_keyid = le32_to_cpu(key->lk_keyid); - tmp->k_key.lk_expiry = le64_to_cpu(key->lk_expiry); - memcpy(&tmp->k_key.lk_key, key->lk_key, sizeof(key->lk_key)); - - if (!bkey) - list_add_tail(&tmp->k_list, &filter->fo_capa_keys); - spin_unlock(&filter->fo_capa_lock); -out: - RETURN(rc); -} - -int filter_verify_fid(struct obd_export *exp, struct inode *inode, - struct lustre_capa *capa) -{ - struct lustre_id fid; - int rc; - - if (!capa) - return 0; - - ENTRY; - rc = fsfilt_get_md(exp->exp_obd, inode, &fid, sizeof(fid), EA_SID); - if (rc < 0) { - CERROR("get fid from object failed! rc:%d\n", rc); - RETURN(rc); - } else if (rc > 0) { - if (capa->lc_mdsid != id_group(&fid) || - capa->lc_ino != id_ino(&fid)) - RETURN(-EINVAL); - } + spin_lock(&capa_lock); + k->k_key = *new; + if (list_empty(&k->k_list)) + list_add(&k->k_list, &filter->fo_capa_keys); + spin_unlock(&capa_lock); + DEBUG_CAPA_KEY(D_SEC, new, "new"); RETURN(0); } -static void dump_capa_hmac(char *buf, char *key) -{ - int i, n = 0; - - for (i = 0; i < CAPA_DIGEST_SIZE; i++) - n += sprintf(buf + n, "%02x", (unsigned char) key[i]); -} - -int -filter_verify_capa(int cmd, struct obd_export *exp, struct lustre_capa *capa) +int filter_auth_capa(struct obd_export *exp, struct lu_fid *fid, __u64 mdsid, + struct lustre_capa *capa, __u64 opc) { struct obd_device *obd = exp->exp_obd; struct filter_obd *filter = &obd->u.filter; - struct obd_capa *ocapa; - struct lustre_capa tcapa; - struct filter_capa_key *rkey = NULL, *bkey = NULL, *tmp, capa_keys[2]; - int rc = 0; + struct filter_capa_key *k; + struct lustre_capa_key key; + struct obd_capa *oc; + __u8 *hmac; + int keys_ready = 0, key_found = 0, rc = 0; + ENTRY; /* capability is disabled */ - if (filter->fo_capa_stat == 0) + if (!filter->fo_fl_oss_capa) RETURN(0); - ENTRY; if (capa == NULL) { - CDEBUG(D_ERROR, "no capa has been passed\n"); - RETURN(-EACCES); - } - - if (blacklist_check(capa->lc_uid)) { - DEBUG_CAPA(D_ERROR, capa, "found in blacklist\n"); + if (fid) + CERROR("mdsno/fid/opc "LPU64"/"DFID"/"LPX64 + ": no capability has been passed\n", + mdsid, PFID(fid), opc); + else + CERROR("mdsno/opc "LPU64"/"LPX64 + ": no capability has been passed\n", + mdsid, opc); RETURN(-EACCES); } - if (cmd == OBD_BRW_WRITE && !(capa->lc_op & (CAPA_WRITE | CAPA_TRUNC))) { - DEBUG_CAPA(D_ERROR, capa, "have no write access\n"); - RETURN(-EACCES); + if (opc == CAPA_OPC_OSS_READ) { + if (!(capa->lc_opc & CAPA_OPC_OSS_RW)) + rc = -EACCES; + } else if (!capa_opc_supported(capa, opc)) { + rc = -EACCES; } - if (cmd == OBD_BRW_READ && !(capa->lc_op & (CAPA_WRITE | CAPA_READ))) { - DEBUG_CAPA(D_ERROR, capa, "have no read access\n"); - RETURN(-EACCES); - } - - if (OBD_FAIL_CHECK(OBD_FAIL_FILTER_VERIFY_CAPA)) - RETURN(-EACCES); - - if (capa_expired(capa)) { - DEBUG_CAPA(D_INFO | D_ERROR, capa, "expired"); - RETURN(-ESTALE); + if (rc) { + DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc); + RETURN(rc); } - ocapa = capa_get(capa->lc_uid, capa->lc_op, capa->lc_mdsid, - capa->lc_ino, capa->lc_igen, FILTER_CAPA); -verify: - if (ocapa) { - struct timeval tv; - - /* fo_capa_lock protects capa too */ - do_gettimeofday(&tv); - spin_lock(&filter->fo_capa_lock); - if (capa->lc_keyid == ocapa->c_capa.lc_keyid) { - rc = memcmp(capa, &ocapa->c_capa, sizeof(*capa)); - } else if (ocapa->c_bvalid && - capa->lc_keyid == ocapa->c_bkeyid) { - rc = memcmp(capa->lc_hmac, ocapa->c_bhmac, - sizeof(capa->lc_hmac)); - } else { - /* ocapa is obsolete too */ - ocapa->c_bvalid = 0; - goto new_capa; + oc = capa_lookup(filter->fo_capa_hash, capa, 0); + if (oc) { + spin_lock(&oc->c_lock); + if (capa_is_expired(oc)) { + DEBUG_CAPA(D_ERROR, capa, "expired"); + rc = -ESTALE; } + spin_unlock(&oc->c_lock); - if (rc && __capa_is_to_expire(ocapa, &tv)) { - /* client should use new expiry now */ - ocapa->c_bvalid = 0; - goto new_capa; - } - spin_unlock(&filter->fo_capa_lock); + capa_put(oc); + RETURN(rc); + } - if (rc) { - char *key1 = NULL, *key2 = NULL; - OBD_ALLOC(key1, CAPA_DIGEST_SIZE * 2 + 1); - OBD_ALLOC(key2, CAPA_DIGEST_SIZE * 2 + 1); - if (key1 && key2) { - dump_capa_hmac(key1, capa->lc_hmac); - dump_capa_hmac(key2, ocapa->c_capa.lc_hmac); - DEBUG_CAPA(D_ERROR, capa, - "access denied for (%s != %s)", - key1, key2); + spin_lock(&capa_lock); + list_for_each_entry(k, &filter->fo_capa_keys, k_list) + if (k->k_key.lk_mdsid == mdsid) { + keys_ready = 1; + if (k->k_key.lk_keyid == capa_keyid(capa)) { + key = k->k_key; + key_found = 1; + break; } - if (key1) - OBD_FREE(key1, CAPA_DIGEST_SIZE * 2 + 1); - if (key2) - OBD_FREE(key2, CAPA_DIGEST_SIZE * 2 + 1); } - capa_put(ocapa); - RETURN(rc ? -EACCES : 0); - } + spin_unlock(&capa_lock); - spin_lock(&filter->fo_capa_lock); -new_capa: - list_for_each_entry(tmp, &filter->fo_capa_keys, k_list) { - if (tmp->k_key.lk_mdsid == capa->lc_mdsid) { - if (rkey == NULL) - rkey = tmp; - else - bkey = tmp; - } + if (!keys_ready) { + CDEBUG(D_SEC, "MDS hasn't propagated capability keys yet, " + "ignore check!\n"); + RETURN(0); } - if (rkey && bkey && capa_key_cmp(&rkey->k_key, &bkey->k_key) < 0) { - tmp = rkey; - rkey = bkey; - bkey = tmp; + if (!key_found) { + DEBUG_CAPA(D_ERROR, capa, "no matched capability key for"); + RETURN(-ESTALE); } - if ((!rkey || rkey->k_key.lk_keyid != capa->lc_keyid) && - (!bkey || bkey->k_key.lk_keyid != capa->lc_keyid)) { - spin_unlock(&filter->fo_capa_lock); - GOTO(out, rc = -ESTALE); - } + OBD_ALLOC(hmac, CAPA_HMAC_MAX_LEN); + if (hmac == NULL) + RETURN(-ENOMEM); - LASSERT(rkey); - capa_keys[0] = *rkey; - if (bkey) - capa_keys[1] = *bkey; - spin_unlock(&filter->fo_capa_lock); + rc = capa_hmac(hmac, capa, key.lk_key); + if (rc) { + DEBUG_CAPA(D_ERROR, capa, "HMAC failed: rc %d", rc); + OBD_FREE(hmac, CAPA_HMAC_MAX_LEN); + RETURN(rc); + } - tcapa = *capa; - tcapa.lc_keyid = capa_keys[0].k_key.lk_keyid; - capa_hmac(filter->fo_capa_hmac, capa_keys[0].k_key.lk_key, &tcapa); + rc = memcmp(hmac, capa->lc_hmac, CAPA_HMAC_MAX_LEN); + OBD_FREE(hmac, CAPA_HMAC_MAX_LEN); + if (rc) { + DEBUG_CAPA_KEY(D_ERROR, &key, "calculate HMAC with "); + DEBUG_CAPA(D_ERROR, capa, "HMAC mismatch"); + RETURN(-EACCES); + } - /* store in capa cache */ - ocapa = capa_renew(&tcapa, FILTER_CAPA); - if (!ocapa) - GOTO(out, rc = -ENOMEM); + /* store in capa hash */ + oc = capa_add(filter->fo_capa_hash, capa); + capa_put(oc); + RETURN(0); +} - if (bkey) { - tcapa.lc_keyid = capa_keys[1].k_key.lk_keyid; - capa_hmac(filter->fo_capa_hmac, capa_keys[1].k_key.lk_key, - &tcapa); +void filter_free_capa_keys(struct filter_obd *filter) +{ + struct filter_capa_key *key, *n; - spin_lock(&filter->fo_capa_lock); - memcpy(ocapa->c_bhmac, tcapa.lc_hmac, sizeof(ocapa->c_bhmac)); - ocapa->c_bkeyid = capa_keys[1].k_key.lk_keyid; - ocapa->c_bvalid = 1; - spin_unlock(&filter->fo_capa_lock); + spin_lock(&capa_lock); + list_for_each_entry_safe(key, n, &filter->fo_capa_keys, k_list) { + list_del_init(&key->k_list); + OBD_FREE(key, sizeof(*key)); } - goto verify; -out: - RETURN(rc); + spin_unlock(&capa_lock); }