1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #ifndef __LINUX_SEC_H_
23 #define __LINUX_SEC_H_
25 /* forward declaration */
27 struct ptlrpc_request;
29 struct ptlrpc_credops;
33 #define PTLRPC_SEC_MAX_FLAVORS (4)
35 typedef struct ptlrpcs_flavor_s {
41 struct list_head list;
45 enum ptlrpcs_security_type {
46 PTLRPC_SEC_TYPE_NONE = 0, /* no security */
47 PTLRPC_SEC_TYPE_AUTH = 1, /* authentication */
48 PTLRPC_SEC_TYPE_PRIV = 2, /* privacy */
52 * This header is prepended at any on-wire ptlrpc packets
54 struct ptlrpcs_wire_hdr {
62 struct ptlrpcs_wire_hdr *buf_to_sec_hdr(void *buf)
64 return (struct ptlrpcs_wire_hdr *) buf;
68 struct lustre_msg *buf_to_lustre_msg(void *buf)
70 return (struct lustre_msg *)
71 ((char *) buf + sizeof(struct ptlrpcs_wire_hdr));
75 __u8 *buf_to_sec_data(void *buf)
77 struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(buf);
78 return (__u8 *) (buf + sizeof(*hdr) + hdr->msg_len);
81 enum ptlrpcs_flavors {
86 #define PTLRPC_SEC_GSS_VERSION (1)
88 enum ptlrpcs_gss_subflavors {
89 PTLRPC_SEC_GSS_KRB5 = 0,
90 PTLRPC_SEC_GSS_KRB5I = 1,
91 PTLRPC_SEC_GSS_KRB5P = 2,
94 enum ptlrpcs_gss_proc {
95 PTLRPC_GSS_PROC_DATA = 0,
96 PTLRPC_GSS_PROC_INIT = 1,
97 PTLRPC_GSS_PROC_CONTINUE_INIT = 2,
98 PTLRPC_GSS_PROC_DESTROY = 3,
99 PTLRPC_GSS_PROC_ERR = 4,
102 enum ptlrpcs_gss_svc {
103 PTLRPC_GSS_SVC_NONE = 1,
104 PTLRPC_GSS_SVC_INTEGRITY = 2,
105 PTLRPC_GSS_SVC_PRIVACY = 3,
111 PTLRPCS_REJECTEDCRED = 2,
113 PTLRPCS_REJECTEDVERF = 4,
116 PTLRPCS_GSS_CREDPROBLEM = 13,
117 PTLRPCS_GSS_CTXPROBLEM = 14,
124 struct group_info *vc_ginfo;
127 struct ptlrpc_credops {
128 int (*match) (struct ptlrpc_cred *cred, struct vfs_cred *vcred);
129 int (*refresh)(struct ptlrpc_cred *cred);
130 void (*destroy)(struct ptlrpc_cred *cred);
131 int (*sign) (struct ptlrpc_cred *cred,
132 struct ptlrpc_request *req);
133 int (*verify) (struct ptlrpc_cred *cred,
134 struct ptlrpc_request *req);
135 int (*seal) (struct ptlrpc_cred *cred,
136 struct ptlrpc_request *req);
137 int (*unseal) (struct ptlrpc_cred *cred,
138 struct ptlrpc_request *req);
141 #define PTLRPC_CRED_UPTODATE 0x00000001 /* uptodate */
142 #define PTLRPC_CRED_DEAD 0x00000002 /* mark expired gracefully */
143 #define PTLRPC_CRED_ERROR 0x00000004 /* fatal error (refresh, etc.) */
144 #define PTLRPC_CRED_FLAGS_MASK 0x00000007
147 struct list_head pc_hash; /* linked into hash table */
148 atomic_t pc_refcount;
149 struct ptlrpc_sec *pc_sec;
150 struct ptlrpc_credops *pc_ops;
151 unsigned long pc_expire;
153 /* XXX maybe should not be here */
158 struct ptlrpc_secops {
159 struct ptlrpc_sec * (*create_sec) (ptlrpcs_flavor_t *flavor,
160 const char *pipe_dir,
162 void (*destroy_sec) (struct ptlrpc_sec *sec);
163 struct ptlrpc_cred * (*create_cred) (struct ptlrpc_sec *sec,
164 struct vfs_cred *vcred);
165 /* buffer manipulation */
166 int (*alloc_reqbuf) (struct ptlrpc_sec *sec,
167 struct ptlrpc_request *req,
168 int lustre_msg_size);
169 int (*alloc_repbuf) (struct ptlrpc_sec *sec,
170 struct ptlrpc_request *req,
171 int lustre_msg_size);
172 void (*free_reqbuf) (struct ptlrpc_sec *sec,
173 struct ptlrpc_request *req);
174 void (*free_repbuf) (struct ptlrpc_sec *sec,
175 struct ptlrpc_request *req);
176 /* security payload size estimation */
177 int (*est_req_payload)(struct ptlrpc_sec *sec,
179 int (*est_rep_payload)(struct ptlrpc_sec *sec,
183 struct ptlrpc_sec_type {
184 struct module *pst_owner;
186 atomic_t pst_inst; /* instance, debug only */
187 ptlrpcs_flavor_t pst_flavor;
188 struct ptlrpc_secops *pst_ops;
191 #define PTLRPC_CREDCACHE_NR 8
192 #define PTLRPC_CREDCACHE_MASK (PTLRPC_CREDCACHE_NR - 1)
195 struct ptlrpc_sec_type *ps_type;
196 struct list_head ps_credcache[PTLRPC_CREDCACHE_NR];
197 spinlock_t ps_lock; /* protect cred cache */
199 ptlrpcs_flavor_t ps_flavor;
200 atomic_t ps_refcount;
201 atomic_t ps_credcount;
202 struct obd_import *ps_import;
203 /* actual security model need initialize following fields */
204 unsigned long ps_expire; /* cache expire interval */
205 unsigned long ps_nextgc; /* next gc time */
206 unsigned int ps_flags;
210 int ptlrpcs_register(struct ptlrpc_sec_type *type);
211 int ptlrpcs_unregister(struct ptlrpc_sec_type *type);
213 struct ptlrpc_sec * ptlrpcs_sec_create(ptlrpcs_flavor_t *flavor,
214 struct obd_import *import,
215 const char *pipe_dir,
217 void ptlrpcs_sec_put(struct ptlrpc_sec *sec);
218 void ptlrpcs_sec_invalidate_cache(struct ptlrpc_sec *sec);
220 struct ptlrpc_cred * ptlrpcs_cred_lookup(struct ptlrpc_sec *sec,
221 struct vfs_cred *vcred);
222 void ptlrpcs_cred_put(struct ptlrpc_cred *cred, int sync);
224 static inline void ptlrpcs_cred_get(struct ptlrpc_cred *cred)
226 LASSERT(atomic_read(&cred->pc_refcount));
227 atomic_inc(&cred->pc_refcount);
230 static inline int ptlrpcs_cred_is_uptodate(struct ptlrpc_cred *cred)
233 LASSERT(atomic_read(&cred->pc_refcount));
234 return ((cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) ==
235 PTLRPC_CRED_UPTODATE);
237 static inline int ptlrpcs_cred_refresh(struct ptlrpc_cred *cred)
240 LASSERT(atomic_read(&cred->pc_refcount));
241 LASSERT(cred->pc_ops);
242 LASSERT(cred->pc_ops->refresh);
243 return cred->pc_ops->refresh(cred);
245 static inline void ptlrpcs_cred_die(struct ptlrpc_cred *cred)
247 LASSERT(atomic_read(&cred->pc_refcount));
248 LASSERT(cred->pc_sec);
249 if (!(cred->pc_flags & PTLRPC_CRED_DEAD)) {
250 spin_lock(&cred->pc_sec->ps_lock);
251 cred->pc_flags |= PTLRPC_CRED_DEAD;
252 cred->pc_flags &= ~PTLRPC_CRED_UPTODATE;
253 list_del_init(&cred->pc_hash);
254 spin_unlock(&cred->pc_sec->ps_lock);
257 static inline int ptlrpcs_cred_is_dead(struct ptlrpc_cred *cred)
259 return(cred->pc_flags & PTLRPC_CRED_DEAD);
262 static inline int ptlrpcs_est_req_payload(struct ptlrpc_sec *sec,
265 struct ptlrpc_secops *ops;
268 LASSERT(sec->ps_type);
269 LASSERT(sec->ps_type->pst_ops);
271 ops = sec->ps_type->pst_ops;
272 if (ops->est_req_payload)
273 return ops->est_req_payload(sec, datasize);
278 static inline int ptlrpcs_est_rep_payload(struct ptlrpc_sec *sec,
281 struct ptlrpc_secops *ops;
284 LASSERT(sec->ps_type);
285 LASSERT(sec->ps_type->pst_ops);
287 ops = sec->ps_type->pst_ops;
288 if (ops->est_rep_payload)
289 return ops->est_rep_payload(sec, datasize);
294 static inline int add_deny_security(char *sec, struct list_head *head)
297 deny_sec_t *p_deny_sec = NULL;
299 LASSERT(sec != NULL);
301 OBD_ALLOC(p_deny_sec, sizeof(*p_deny_sec));
302 if (p_deny_sec == NULL) return -ENOMEM;
304 if (strcmp(sec, "null") == 0) {
305 p_deny_sec->sec.flavor = PTLRPC_SEC_NULL;
306 p_deny_sec->sec.subflavor = PTLRPC_SEC_NULL;
307 }else if (strcmp(sec, "krb5i") == 0) {
308 p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
309 p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5I;
310 }else if (strcmp(sec, "krb5p") == 0) {
311 p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
312 p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5P;
314 CERROR("unrecognized security type %s\n", (char*) sec);
315 GOTO(out, rc = -EINVAL);
318 list_add_tail(&p_deny_sec->list, head);
322 OBD_FREE(p_deny_sec, sizeof(*p_deny_sec));
327 int ptlrpcs_cli_wrap_request(struct ptlrpc_request *req);
328 int ptlrpcs_cli_unwrap_reply(struct ptlrpc_request *req);
329 int ptlrpcs_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
330 int ptlrpcs_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
331 void ptlrpcs_cli_free_reqbuf(struct ptlrpc_request *req);
332 void ptlrpcs_cli_free_repbuf(struct ptlrpc_request *req);
334 /* higher interface */
335 int ptlrpcs_import_get_sec(struct obd_import *imp);
336 void ptlrpcs_import_drop_sec(struct obd_import *imp);
337 int ptlrpcs_req_get_cred(struct ptlrpc_request *req);
338 void ptlrpcs_req_drop_cred(struct ptlrpc_request *req);
339 int ptlrpcs_req_replace_dead_cred(struct ptlrpc_request *req);
340 int ptlrpcs_req_refresh_cred(struct ptlrpc_request *req);
342 /* internal helpers */
343 int sec_alloc_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
344 int msgsize, int secsize);
345 void sec_free_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
348 int ptlrpcs_null_init(void);
349 int ptlrpcs_null_exit(void);
351 /**********************************************************
353 **********************************************************/
355 struct ptlrpc_reply_state;
357 struct ptlrpc_svcsec {
358 struct module *pss_owner;
360 ptlrpcs_flavor_t pss_flavor;
363 int (*accept) (struct ptlrpc_request *req,
364 enum ptlrpcs_error *res);
365 int (*authorize) (struct ptlrpc_request *req);
366 int (*alloc_repbuf)(struct ptlrpc_svcsec *svcsec,
367 struct ptlrpc_request *req,
369 void (*free_repbuf) (struct ptlrpc_svcsec *svcsec,
370 struct ptlrpc_reply_state *rs);
371 void (*cleanup_req) (struct ptlrpc_svcsec *svcsec,
372 struct ptlrpc_request *req);
376 #define SVC_COMPLETE 2
382 * this should be a gss internal structure. fix these when we
383 * sort out the flavor issues.
386 typedef struct rawobj_s {
391 /* on-the-wire gss cred: */
392 struct rpc_gss_wire_cred {
393 __u32 gc_v; /* version */
394 __u32 gc_proc; /* control procedure */
395 __u32 gc_seq; /* sequence number */
396 __u32 gc_svc; /* service */
397 rawobj_t gc_ctx; /* context handle */
400 struct gss_svc_data {
401 __u32 subflavor; /* XXX */
402 /* decoded gss client cred: */
403 struct rpc_gss_wire_cred clcred;
404 /* internal used status */
405 unsigned int is_init:1,
412 int svcsec_register(struct ptlrpc_svcsec *ss);
413 int svcsec_unregister(struct ptlrpc_svcsec *ss);
414 int svcsec_accept(struct ptlrpc_request *req, enum ptlrpcs_error *res);
415 int svcsec_authorize(struct ptlrpc_request *req);
416 int svcsec_alloc_repbuf(struct ptlrpc_svcsec *svcsec,
417 struct ptlrpc_request *req, int msgsize);
418 void svcsec_cleanup_req(struct ptlrpc_request *req);
420 struct ptlrpc_svcsec * svcsec_get(struct ptlrpc_svcsec *sec);
421 void svcsec_put(struct ptlrpc_svcsec *sec);
423 /* internal helpers */
424 int svcsec_alloc_reply_state(struct ptlrpc_request *req,
425 int msgsize, int secsize);
426 void svcsec_free_reply_state(struct ptlrpc_reply_state *rs);
429 int svcsec_null_init(void);
430 int svcsec_null_exit(void);
432 #endif /* __LINUX_SEC_H_ */