X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fptlrpc%2Fgss%2Fsec_gss.c;h=377e3679fb9099bde49f216e9d6c048a4bc08fbc;hb=67d4ed9e1a9b46ddf97b032bec4f4c559d0f06ed;hp=35dd68c22887c7918599a6c0a5c99d485f7d1463;hpb=676f57c42c9332bc956025663eb767cf834e5cba;p=fs%2Flustre-release.git diff --git a/lustre/ptlrpc/gss/sec_gss.c b/lustre/ptlrpc/gss/sec_gss.c index 35dd68c..377e367 100644 --- a/lustre/ptlrpc/gss/sec_gss.c +++ b/lustre/ptlrpc/gss/sec_gss.c @@ -1,9 +1,9 @@ -/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- - * vim:expandtab:shiftwidth=8:tabstop=8: - * +/* * Modifications for Lustre * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * + * Copyright (c) 2011, 2013, Intel Corporation. * * Author: Eric Mei */ @@ -46,9 +46,6 @@ * */ -#ifndef EXPORT_SYMTAB -# define EXPORT_SYMTAB -#endif #define DEBUG_SUBSYSTEM S_SEC #ifdef __KERNEL__ #include @@ -56,7 +53,6 @@ #include #include #include -#include #include #include #else @@ -77,6 +73,7 @@ #include "gss_api.h" #include +#include /* * early reply have fixed size, respectively in privacy and integrity mode. @@ -111,17 +108,21 @@ void gss_header_swabber(struct gss_header *ghdr) __swab32s(&ghdr->gh_handle.len); } -struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment) +struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment, + int swabbed) { struct gss_header *ghdr; - ghdr = lustre_swab_buf(msg, segment, sizeof(*ghdr), - gss_header_swabber); + ghdr = lustre_msg_buf(msg, segment, sizeof(*ghdr)); + if (ghdr == NULL) + return NULL; + + if (swabbed) + gss_header_swabber(ghdr); - if (ghdr && - sizeof(*ghdr) + ghdr->gh_handle.len > msg->lm_buflens[segment]) { - CERROR("gss header require length %u, now %u received\n", - (unsigned int) sizeof(*ghdr) + ghdr->gh_handle.len, + if (sizeof(*ghdr) + ghdr->gh_handle.len > msg->lm_buflens[segment]) { + CERROR("gss header has length %d, now %u received\n", + (int) sizeof(*ghdr) + ghdr->gh_handle.len, msg->lm_buflens[segment]); return NULL; } @@ -129,6 +130,7 @@ struct gss_header *gss_swab_header(struct lustre_msg *msg, int segment) return ghdr; } +#if 0 static void gss_netobj_swabber(netobj_t *obj) { @@ -149,6 +151,7 @@ netobj_t *gss_swab_netobj(struct lustre_msg *msg, int segment) return obj; } +#endif /* * payload should be obtained from mechanism. but currently since we @@ -291,7 +294,7 @@ __u32 gss_unseal_msg(struct gss_ctx *mechctx, /* allocate a temporary clear text buffer, same sized as token, * we assume the final clear text size <= token size */ clear_buflen = lustre_msg_buflen(msgbuf, 1); - OBD_ALLOC(clear_buf, clear_buflen); + OBD_ALLOC_LARGE(clear_buf, clear_buflen); if (!clear_buf) RETURN(GSS_S_FAILURE); @@ -317,7 +320,7 @@ __u32 gss_unseal_msg(struct gss_ctx *mechctx, major = GSS_S_COMPLETE; out_free: - OBD_FREE(clear_buf, clear_buflen); + OBD_FREE_LARGE(clear_buf, clear_buflen); RETURN(major); } @@ -327,11 +330,11 @@ out_free: int cli_ctx_expire(struct ptlrpc_cli_ctx *ctx) { - LASSERT(atomic_read(&ctx->cc_refcount)); + LASSERT(cfs_atomic_read(&ctx->cc_refcount)); - if (!test_and_set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags)) { + if (!test_and_set_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags)) { if (!ctx->cc_early_expire) - clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); + clear_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); CWARN("ctx %p(%u->%s) get expired: %lu(%+lds)\n", ctx, ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec), @@ -339,6 +342,7 @@ int cli_ctx_expire(struct ptlrpc_cli_ctx *ctx) ctx->cc_expire == 0 ? 0 : cfs_time_sub(ctx->cc_expire, cfs_time_current_sec())); + sptlrpc_cli_ctx_wakeup(ctx); return 1; } @@ -384,7 +388,7 @@ void gss_cli_ctx_uptodate(struct gss_cli_ctx *gctx) * someone else, in which case nobody will make further use * of it. we don't care, and mark it UPTODATE will help * destroying server side context when it be destroied. */ - set_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); + set_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags); if (sec_is_reverse(ctx->cc_sec)) { CWARN("server installed reverse ctx %p idx "LPX64", " @@ -403,6 +407,8 @@ void gss_cli_ctx_uptodate(struct gss_cli_ctx *gctx) gss_sec_install_rctx(ctx->cc_sec->ps_import, ctx->cc_sec, ctx); } + + sptlrpc_cli_ctx_wakeup(ctx); } static void gss_cli_ctx_finalize(struct gss_cli_ctx *gctx) @@ -504,7 +510,7 @@ int gss_do_check_seq(unsigned long *window, __u32 win_size, __u32 *max_seq, */ switch (phase) { case 0: - if (test_bit(seq_num % win_size, window)) + if (test_bit(seq_num % win_size, window)) goto replay; break; case 1: @@ -534,9 +540,9 @@ replay: */ int gss_check_seq_num(struct gss_svc_seq_data *ssd, __u32 seq_num, int set) { - int rc = 0; + int rc = 0; - spin_lock(&ssd->ssd_lock); + spin_lock(&ssd->ssd_lock); if (set == 0) { /* @@ -570,8 +576,8 @@ int gss_check_seq_num(struct gss_svc_seq_data *ssd, __u32 seq_num, int set) gss_stat_oos_record_svc(2, 0); } exit: - spin_unlock(&ssd->ssd_lock); - return rc; + spin_unlock(&ssd->ssd_lock); + return rc; } /*************************************** @@ -661,7 +667,7 @@ int gss_cli_ctx_sign(struct ptlrpc_cli_ctx *ctx, flags |= LUSTRE_GSS_PACK_USER; redo: - seq = atomic_inc_return(&gctx->gc_seq); + seq = cfs_atomic_inc_return(&gctx->gc_seq); rc = gss_sign_msg(req->rq_reqbuf, gctx->gc_mechctx, ctx->cc_sec->ps_part, @@ -678,8 +684,8 @@ redo: * * Note: null mode dosen't check sequence number. */ if (svc != SPTLRPC_SVC_NULL && - atomic_read(&gctx->gc_seq) - seq > GSS_SEQ_REPACK_THRESHOLD) { - int behind = atomic_read(&gctx->gc_seq) - seq; + cfs_atomic_read(&gctx->gc_seq) - seq > GSS_SEQ_REPACK_THRESHOLD) { + int behind = cfs_atomic_read(&gctx->gc_seq) - seq; gss_stat_oos_record_cli(behind); CWARN("req %p: %u behind, retry signing\n", req, behind); @@ -762,7 +768,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, struct gss_header *ghdr, *reqhdr; struct lustre_msg *msg = req->rq_repdata; __u32 major; - int pack_bulk, rc = 0; + int pack_bulk, swabbed, rc = 0; ENTRY; LASSERT(req->rq_cli_ctx == ctx); @@ -783,7 +789,9 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - ghdr = gss_swab_header(msg, 0); + swabbed = ptlrpc_rep_need_swab(req); + + ghdr = gss_swab_header(msg, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(-EPROTO); @@ -821,7 +829,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - if (lustre_msg_swabbed(msg)) + if (swabbed) gss_header_swabber(ghdr); major = gss_verify_msg(msg, gctx->gc_mechctx, reqhdr->gh_svc); @@ -851,7 +859,7 @@ int gss_cli_ctx_verify(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - rc = bulk_sec_desc_unpack(msg, 2); + rc = bulk_sec_desc_unpack(msg, 2, swabbed); if (rc) { CERROR("unpack bulk desc: %d\n", rc); RETURN(rc); @@ -909,7 +917,7 @@ int gss_cli_ctx_seal(struct ptlrpc_cli_ctx *ctx, LASSERT(req->rq_reqbuf != req->rq_clrbuf); LASSERT(req->rq_reqbuf_len >= wiresize); } else { - OBD_ALLOC(req->rq_reqbuf, wiresize); + OBD_ALLOC_LARGE(req->rq_reqbuf, wiresize); if (!req->rq_reqbuf) RETURN(-ENOMEM); req->rq_reqbuf_len = wiresize; @@ -933,7 +941,7 @@ int gss_cli_ctx_seal(struct ptlrpc_cli_ctx *ctx, ghdr->gh_flags |= LUSTRE_GSS_PACK_USER; redo: - ghdr->gh_seq = atomic_inc_return(&gctx->gc_seq); + ghdr->gh_seq = cfs_atomic_inc_return(&gctx->gc_seq); /* buffer objects */ hdrobj.len = PTLRPC_GSS_HEADER_SIZE; @@ -952,14 +960,14 @@ redo: LASSERT(token.len <= buflens[1]); /* see explain in gss_cli_ctx_sign() */ - if (unlikely(atomic_read(&gctx->gc_seq) - ghdr->gh_seq > + if (unlikely(cfs_atomic_read(&gctx->gc_seq) - ghdr->gh_seq > GSS_SEQ_REPACK_THRESHOLD)) { - int behind = atomic_read(&gctx->gc_seq) - ghdr->gh_seq; + int behind = cfs_atomic_read(&gctx->gc_seq) - ghdr->gh_seq; gss_stat_oos_record_cli(behind); CWARN("req %p: %u behind, retry sealing\n", req, behind); - ghdr->gh_seq = atomic_inc_return(&gctx->gc_seq); + ghdr->gh_seq = cfs_atomic_inc_return(&gctx->gc_seq); goto redo; } @@ -969,7 +977,7 @@ redo: err_free: if (!req->rq_pool) { - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = NULL; req->rq_reqbuf_len = 0; } @@ -982,7 +990,7 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, struct gss_cli_ctx *gctx; struct gss_header *ghdr; struct lustre_msg *msg = req->rq_repdata; - int msglen, pack_bulk, rc; + int msglen, pack_bulk, swabbed, rc; __u32 major; ENTRY; @@ -991,8 +999,9 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, LASSERT(msg); gctx = container_of(ctx, struct gss_cli_ctx, gc_base); + swabbed = ptlrpc_rep_need_swab(req); - ghdr = gss_swab_header(msg, 0); + ghdr = gss_swab_header(msg, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(-EPROTO); @@ -1015,7 +1024,7 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, RETURN(-EPROTO); } - if (lustre_msg_swabbed(msg)) + if (swabbed) gss_header_swabber(ghdr); /* use rq_repdata_len as buffer size, which assume unseal @@ -1030,7 +1039,8 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, break; } - if (lustre_unpack_msg(msg, msglen)) { + swabbed = __lustre_unpack_msg(msg, msglen); + if (swabbed < 0) { CERROR("Failed to unpack after decryption\n"); RETURN(-EPROTO); } @@ -1048,7 +1058,8 @@ int gss_cli_ctx_unseal(struct ptlrpc_cli_ctx *ctx, } /* bulk checksum is the last segment */ - if (bulk_sec_desc_unpack(msg, msg->lm_bufcount - 1)) + if (bulk_sec_desc_unpack(msg, msg->lm_bufcount - 1, + swabbed)) RETURN(-EPROTO); } @@ -1107,18 +1118,18 @@ int gss_sec_create_common(struct gss_sec *gsec, return -EOPNOTSUPP; } - spin_lock_init(&gsec->gs_lock); + spin_lock_init(&gsec->gs_lock); gsec->gs_rvs_hdl = 0ULL; /* initialize upper ptlrpc_sec */ sec = &gsec->gs_base; sec->ps_policy = policy; - atomic_set(&sec->ps_refcount, 0); - atomic_set(&sec->ps_nctx, 0); + cfs_atomic_set(&sec->ps_refcount, 0); + cfs_atomic_set(&sec->ps_nctx, 0); sec->ps_id = sptlrpc_get_next_secid(); sec->ps_flvr = *sf; sec->ps_import = class_import_get(imp); - spin_lock_init(&sec->ps_lock); + spin_lock_init(&sec->ps_lock); CFS_INIT_LIST_HEAD(&sec->ps_gc_list); if (!svcctx) { @@ -1144,8 +1155,8 @@ void gss_sec_destroy_common(struct gss_sec *gsec) ENTRY; LASSERT(sec->ps_import); - LASSERT(atomic_read(&sec->ps_refcount) == 0); - LASSERT(atomic_read(&sec->ps_nctx) == 0); + LASSERT(cfs_atomic_read(&sec->ps_refcount) == 0); + LASSERT(cfs_atomic_read(&sec->ps_nctx) == 0); if (gsec->gs_mech) { lgss_mech_put(gsec->gs_mech); @@ -1173,23 +1184,23 @@ int gss_cli_ctx_init_common(struct ptlrpc_sec *sec, struct gss_cli_ctx *gctx = ctx2gctx(ctx); gctx->gc_win = 0; - atomic_set(&gctx->gc_seq, 0); + cfs_atomic_set(&gctx->gc_seq, 0); CFS_INIT_HLIST_NODE(&ctx->cc_cache); - atomic_set(&ctx->cc_refcount, 0); + cfs_atomic_set(&ctx->cc_refcount, 0); ctx->cc_sec = sec; ctx->cc_ops = ctxops; ctx->cc_expire = 0; ctx->cc_flags = PTLRPC_CTX_NEW; ctx->cc_vcred = *vcred; - spin_lock_init(&ctx->cc_lock); + spin_lock_init(&ctx->cc_lock); CFS_INIT_LIST_HEAD(&ctx->cc_req_list); CFS_INIT_LIST_HEAD(&ctx->cc_gc_chain); /* take a ref on belonging sec, balanced in ctx destroying */ - atomic_inc(&sec->ps_refcount); + cfs_atomic_inc(&sec->ps_refcount); /* statistic only */ - atomic_inc(&sec->ps_nctx); + cfs_atomic_inc(&sec->ps_nctx); CDEBUG(D_SEC, "%s@%p: create ctx %p(%u->%s)\n", sec->ps_policy->sp_name, ctx->cc_sec, @@ -1207,8 +1218,8 @@ int gss_cli_ctx_fini_common(struct ptlrpc_sec *sec, { struct gss_cli_ctx *gctx = ctx2gctx(ctx); - LASSERT(atomic_read(&sec->ps_nctx) > 0); - LASSERT(atomic_read(&ctx->cc_refcount) == 0); + LASSERT(cfs_atomic_read(&sec->ps_nctx) > 0); + LASSERT(cfs_atomic_read(&ctx->cc_refcount) == 0); LASSERT(ctx->cc_sec == sec); /* @@ -1225,12 +1236,12 @@ int gss_cli_ctx_fini_common(struct ptlrpc_sec *sec, * asynchronous which finished by request_out_callback(). so * we add refcount, whoever drop finally drop the refcount to * 0 should responsible for the rest of destroy. */ - atomic_inc(&ctx->cc_refcount); + cfs_atomic_inc(&ctx->cc_refcount); gss_do_ctx_fini_rpc(gctx); gss_cli_ctx_finalize(gctx); - if (!atomic_dec_and_test(&ctx->cc_refcount)) + if (!cfs_atomic_dec_and_test(&ctx->cc_refcount)) return 1; } @@ -1303,7 +1314,7 @@ int gss_alloc_reqbuf_intg(struct ptlrpc_sec *sec, if (!req->rq_reqbuf) { bufsize = size_roundup_power2(bufsize); - OBD_ALLOC(req->rq_reqbuf, bufsize); + OBD_ALLOC_LARGE(req->rq_reqbuf, bufsize); if (!req->rq_reqbuf) RETURN(-ENOMEM); @@ -1390,7 +1401,7 @@ int gss_alloc_reqbuf_priv(struct ptlrpc_sec *sec, if (!req->rq_clrbuf) { clearsize = size_roundup_power2(clearsize); - OBD_ALLOC(req->rq_clrbuf, clearsize); + OBD_ALLOC_LARGE(req->rq_clrbuf, clearsize); if (!req->rq_clrbuf) RETURN(-ENOMEM); } @@ -1447,13 +1458,12 @@ void gss_free_reqbuf(struct ptlrpc_sec *sec, LASSERT(privacy); LASSERT(req->rq_clrbuf_len); - if (req->rq_pool && - req->rq_clrbuf >= req->rq_reqbuf && - (char *) req->rq_clrbuf < + if (req->rq_pool == NULL || + req->rq_clrbuf < req->rq_reqbuf || + (char *) req->rq_clrbuf >= (char *) req->rq_reqbuf + req->rq_reqbuf_len) - goto release_reqbuf; + OBD_FREE_LARGE(req->rq_clrbuf, req->rq_clrbuf_len); - OBD_FREE(req->rq_clrbuf, req->rq_clrbuf_len); req->rq_clrbuf = NULL; req->rq_clrbuf_len = 0; @@ -1461,13 +1471,11 @@ release_reqbuf: if (!req->rq_pool && req->rq_reqbuf) { LASSERT(req->rq_reqbuf_len); - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = NULL; req->rq_reqbuf_len = 0; } - req->rq_reqmsg = NULL; - EXIT; } @@ -1475,7 +1483,7 @@ static int do_alloc_repbuf(struct ptlrpc_request *req, int bufsize) { bufsize = size_roundup_power2(bufsize); - OBD_ALLOC(req->rq_repbuf, bufsize); + OBD_ALLOC_LARGE(req->rq_repbuf, bufsize); if (!req->rq_repbuf) return -ENOMEM; @@ -1595,11 +1603,11 @@ int gss_alloc_repbuf(struct ptlrpc_sec *sec, void gss_free_repbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req) { - OBD_FREE(req->rq_repbuf, req->rq_repbuf_len); + OBD_FREE_LARGE(req->rq_repbuf, req->rq_repbuf_len); req->rq_repbuf = NULL; req->rq_repbuf_len = 0; - - req->rq_repmsg = NULL; + req->rq_repdata = NULL; + req->rq_repdata_len = 0; } static int get_enlarged_msgsize(struct lustre_msg *msg, @@ -1691,13 +1699,13 @@ int gss_enlarge_reqbuf_intg(struct ptlrpc_sec *sec, if (req->rq_reqbuf_len < newbuf_size) { newbuf_size = size_roundup_power2(newbuf_size); - OBD_ALLOC(newbuf, newbuf_size); + OBD_ALLOC_LARGE(newbuf, newbuf_size); if (newbuf == NULL) RETURN(-ENOMEM); memcpy(newbuf, req->rq_reqbuf, req->rq_reqbuf_len); - OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len); + OBD_FREE_LARGE(req->rq_reqbuf, req->rq_reqbuf_len); req->rq_reqbuf = newbuf; req->rq_reqbuf_len = newbuf_size; req->rq_reqmsg = lustre_msg_buf(req->rq_reqbuf, 1, 0); @@ -1780,7 +1788,7 @@ int gss_enlarge_reqbuf_priv(struct ptlrpc_sec *sec, if (req->rq_clrbuf_len < newclrbuf_size) { newclrbuf_size = size_roundup_power2(newclrbuf_size); - OBD_ALLOC(newclrbuf, newclrbuf_size); + OBD_ALLOC_LARGE(newclrbuf, newclrbuf_size); if (newclrbuf == NULL) RETURN(-ENOMEM); @@ -1790,7 +1798,7 @@ int gss_enlarge_reqbuf_priv(struct ptlrpc_sec *sec, req->rq_clrbuf < req->rq_reqbuf || (char *) req->rq_clrbuf >= (char *) req->rq_reqbuf + req->rq_reqbuf_len) { - OBD_FREE(req->rq_clrbuf, req->rq_clrbuf_len); + OBD_FREE_LARGE(req->rq_clrbuf, req->rq_clrbuf_len); } req->rq_clrbuf = newclrbuf; @@ -1866,16 +1874,16 @@ void gss_svc_reqctx_free(struct gss_svc_reqctx *grctx) static inline void gss_svc_reqctx_addref(struct gss_svc_reqctx *grctx) { - LASSERT(atomic_read(&grctx->src_base.sc_refcount) > 0); - atomic_inc(&grctx->src_base.sc_refcount); + LASSERT(cfs_atomic_read(&grctx->src_base.sc_refcount) > 0); + cfs_atomic_inc(&grctx->src_base.sc_refcount); } static inline void gss_svc_reqctx_decref(struct gss_svc_reqctx *grctx) { - LASSERT(atomic_read(&grctx->src_base.sc_refcount) > 0); + LASSERT(cfs_atomic_read(&grctx->src_base.sc_refcount) > 0); - if (atomic_dec_and_test(&grctx->src_base.sc_refcount)) + if (cfs_atomic_dec_and_test(&grctx->src_base.sc_refcount)) gss_svc_reqctx_free(grctx); } @@ -1973,7 +1981,7 @@ int gss_svc_handle_init(struct ptlrpc_request *req, rawobj_t uuid_obj, rvs_hdl, in_token; __u32 lustre_svc; __u32 *secdata, seclen; - int rc; + int swabbed, rc; ENTRY; CDEBUG(D_SEC, "processing gss init(%d) request from %s\n", gw->gw_proc, @@ -1997,6 +2005,8 @@ int gss_svc_handle_init(struct ptlrpc_request *req, RETURN(SECSVC_DROP); } + swabbed = ptlrpc_req_need_swab(req); + /* ctx initiate payload is in last segment */ secdata = lustre_msg_buf(reqbuf, reqbuf->lm_bufcount - 1, 0); seclen = reqbuf->lm_buflens[reqbuf->lm_bufcount - 1]; @@ -2044,10 +2054,12 @@ int gss_svc_handle_init(struct ptlrpc_request *req, if (rc != SECSVC_OK) RETURN(rc); - if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_root) + if (grctx->src_ctx->gsc_usr_mds || grctx->src_ctx->gsc_usr_oss || + grctx->src_ctx->gsc_usr_root) CWARN("create svc ctx %p: user from %s authenticated as %s\n", grctx->src_ctx, libcfs_nid2str(req->rq_peer.nid), - grctx->src_ctx->gsc_usr_mds ? "mds" : "root"); + grctx->src_ctx->gsc_usr_mds ? "mds" : + (grctx->src_ctx->gsc_usr_oss ? "oss" : "root")); else CWARN("create svc ctx %p: accept user %u from %s\n", grctx->src_ctx, grctx->src_ctx->gsc_uid, @@ -2058,7 +2070,7 @@ int gss_svc_handle_init(struct ptlrpc_request *req, CERROR("missing user descriptor\n"); RETURN(SECSVC_DROP); } - if (sptlrpc_unpack_user_desc(reqbuf, 2)) { + if (sptlrpc_unpack_user_desc(reqbuf, 2, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(SECSVC_DROP); } @@ -2085,6 +2097,7 @@ int gss_svc_verify_request(struct ptlrpc_request *req, struct gss_svc_ctx *gctx = grctx->src_ctx; struct lustre_msg *msg = req->rq_reqbuf; int offset = 2; + int swabbed; ENTRY; *major = GSS_S_COMPLETE; @@ -2117,6 +2130,8 @@ int gss_svc_verify_request(struct ptlrpc_request *req, } verified: + swabbed = ptlrpc_req_need_swab(req); + /* user descriptor */ if (gw->gw_flags & LUSTRE_GSS_PACK_USER) { if (msg->lm_bufcount < (offset + 1)) { @@ -2124,7 +2139,7 @@ verified: RETURN(-EINVAL); } - if (sptlrpc_unpack_user_desc(msg, offset)) { + if (sptlrpc_unpack_user_desc(msg, offset, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(-EINVAL); } @@ -2141,7 +2156,7 @@ verified: RETURN(-EINVAL); } - if (bulk_sec_desc_unpack(msg, offset)) + if (bulk_sec_desc_unpack(msg, offset, swabbed)) RETURN(-EINVAL); req->rq_pack_bulk = 1; @@ -2162,7 +2177,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, { struct gss_svc_ctx *gctx = grctx->src_ctx; struct lustre_msg *msg = req->rq_reqbuf; - int msglen, offset = 1; + int swabbed, msglen, offset = 1; ENTRY; if (gss_check_seq_num(&gctx->gsc_seqdata, gw->gw_seq, 0)) { @@ -2184,7 +2199,8 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EACCES); } - if (lustre_unpack_msg(msg, msglen)) { + swabbed = __lustre_unpack_msg(msg, msglen); + if (swabbed < 0) { CERROR("Failed to unpack after decryption\n"); RETURN(-EINVAL); } @@ -2201,7 +2217,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EINVAL); } - if (sptlrpc_unpack_user_desc(msg, offset)) { + if (sptlrpc_unpack_user_desc(msg, offset, swabbed)) { CERROR("Mal-formed user descriptor\n"); RETURN(-EINVAL); } @@ -2217,7 +2233,7 @@ int gss_svc_unseal_request(struct ptlrpc_request *req, RETURN(-EINVAL); } - if (bulk_sec_desc_unpack(msg, offset)) + if (bulk_sec_desc_unpack(msg, offset, swabbed)) RETURN(-EINVAL); req->rq_pack_bulk = 1; @@ -2312,7 +2328,8 @@ int gss_svc_handle_destroy(struct ptlrpc_request *req, CERROR("missing user descriptor, ignore it\n"); RETURN(SECSVC_OK); } - if (sptlrpc_unpack_user_desc(req->rq_reqbuf, 2)) { + if (sptlrpc_unpack_user_desc(req->rq_reqbuf, 2, + ptlrpc_req_need_swab(req))) { CERROR("Mal-formed user descriptor, ignore it\n"); RETURN(SECSVC_OK); } @@ -2329,7 +2346,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) struct gss_header *ghdr; struct gss_svc_reqctx *grctx; struct gss_wire_ctx *gw; - int rc; + int swabbed, rc; ENTRY; LASSERT(req->rq_reqbuf); @@ -2340,7 +2357,9 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) RETURN(SECSVC_DROP); } - ghdr = gss_swab_header(req->rq_reqbuf, 0); + swabbed = ptlrpc_req_need_swab(req); + + ghdr = gss_swab_header(req->rq_reqbuf, 0, swabbed); if (ghdr == NULL) { CERROR("can't decode gss header\n"); RETURN(SECSVC_DROP); @@ -2361,7 +2380,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) RETURN(SECSVC_DROP); grctx->src_base.sc_policy = sptlrpc_policy_get(policy); - atomic_set(&grctx->src_base.sc_refcount, 1); + cfs_atomic_set(&grctx->src_base.sc_refcount, 1); req->rq_svc_ctx = &grctx->src_base; gw = &grctx->src_wirectx; @@ -2373,7 +2392,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) rawobj_from_netobj(&gw->gw_handle, &ghdr->gh_handle); /* keep original wire header which subject to checksum verification */ - if (lustre_msg_swabbed(req->rq_reqbuf)) + if (swabbed) gss_header_swabber(ghdr); switch(ghdr->gh_proc) { @@ -2400,6 +2419,7 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) req->rq_auth_gss = 1; req->rq_auth_remote = grctx->src_ctx->gsc_remote; req->rq_auth_usr_mdt = grctx->src_ctx->gsc_usr_mds; + req->rq_auth_usr_ost = grctx->src_ctx->gsc_usr_oss; req->rq_auth_usr_root = grctx->src_ctx->gsc_usr_root; req->rq_auth_uid = grctx->src_ctx->gsc_uid; req->rq_auth_mapped_uid = grctx->src_ctx->gsc_mapped_uid; @@ -2557,7 +2577,7 @@ int gss_svc_alloc_rs(struct ptlrpc_request *req, int msglen) /* pre-allocated */ LASSERT(rs->rs_size >= rs_size); } else { - OBD_ALLOC(rs, rs_size); + OBD_ALLOC_LARGE(rs, rs_size); if (rs == NULL) RETURN(-ENOMEM); @@ -2629,7 +2649,7 @@ static int gss_svc_seal(struct ptlrpc_request *req, /* allocate temporary cipher buffer */ token_buflen = gss_mech_payload(gctx->gsc_mechctx, msglen, 1); - OBD_ALLOC(token_buf, token_buflen); + OBD_ALLOC_LARGE(token_buf, token_buflen); if (token_buf == NULL) RETURN(-ENOMEM); @@ -2686,7 +2706,7 @@ static int gss_svc_seal(struct ptlrpc_request *req, rc = 0; out_free: - OBD_FREE(token_buf, token_buflen); + OBD_FREE_LARGE(token_buf, token_buflen); RETURN(rc); } @@ -2747,12 +2767,12 @@ void gss_svc_free_rs(struct ptlrpc_reply_state *rs) rs->rs_svc_ctx = NULL; if (!rs->rs_prealloc) - OBD_FREE(rs, rs->rs_size); + OBD_FREE_LARGE(rs, rs->rs_size); } void gss_svc_free_ctx(struct ptlrpc_svc_ctx *ctx) { - LASSERT(atomic_read(&ctx->sc_refcount) == 0); + LASSERT(cfs_atomic_read(&ctx->sc_refcount) == 0); gss_svc_reqctx_free(gss_svc_ctx2reqctx(ctx)); } @@ -2778,7 +2798,7 @@ int gss_copy_rvc_cli_ctx(struct ptlrpc_cli_ctx *cli_ctx, * each reverse root ctx will record its latest sequence number on its * buddy svcctx before be destroied, so here we continue use it. */ - atomic_set(&cli_gctx->gc_seq, svc_gctx->gsc_rvs_seq); + cfs_atomic_set(&cli_gctx->gc_seq, svc_gctx->gsc_rvs_seq); if (gss_svc_upcall_dup_handle(&cli_gctx->gc_svc_handle, svc_gctx)) { CERROR("failed to dup svc handle\n"); @@ -2843,9 +2863,13 @@ int __init sptlrpc_gss_init(void) if (rc) goto out_cli_upcall; - rc = init_kerberos_module(); - if (rc) - goto out_svc_upcall; + rc = init_null_module(); + if (rc) + goto out_svc_upcall; + + rc = init_kerberos_module(); + if (rc) + goto out_null; /* register policy after all other stuff be intialized, because it * might be in used immediately after the registration. */ @@ -2854,23 +2878,20 @@ int __init sptlrpc_gss_init(void) if (rc) goto out_kerberos; -#ifdef HAVE_GSS_PIPEFS rc = gss_init_pipefs(); if (rc) goto out_keyring; -#endif gss_init_at_reply_offset(); return 0; -#ifdef HAVE_GSS_PIPEFS out_keyring: gss_exit_keyring(); -#endif - out_kerberos: cleanup_kerberos_module(); +out_null: + cleanup_null_module(); out_svc_upcall: gss_exit_svc_upcall(); out_cli_upcall: @@ -2883,9 +2904,7 @@ out_lproc: static void __exit sptlrpc_gss_exit(void) { gss_exit_keyring(); -#ifdef HAVE_GSS_PIPEFS gss_exit_pipefs(); -#endif cleanup_kerberos_module(); gss_exit_svc_upcall(); gss_exit_cli_upcall();