lustre/include/linux/lustre_sec.h

   1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
   2  * vim:expandtab:shiftwidth=8:tabstop=8:
   3  *
   4  * Copyright (C) 2004 Cluster File Systems, Inc.
   5  *
   6  *   This file is part of Lustre, http://www.lustre.org.
   7  *
   8  *   Lustre is free software; you can redistribute it and/or
   9  *   modify it under the terms of version 2 of the GNU General Public
  10  *   License as published by the Free Software Foundation.
  11  *
  12  *   Lustre is distributed in the hope that it will be useful,
  13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *   GNU General Public License for more details.
  16  *
  17  *   You should have received a copy of the GNU General Public License
  18  *   along with Lustre; if not, write to the Free Software
  19  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20  */
  21
  22 #ifndef __LINUX_SEC_H_
  23 #define __LINUX_SEC_H_
  24
  25 /* forward declaration */
  26 struct obd_import;
  27 struct ptlrpc_request;
  28 struct ptlrpc_cred;
  29 struct ptlrpc_credops;
  30 struct ptlrpc_sec;
  31 struct ptlrpc_secops;
  32
  33 #define PTLRPC_SEC_MAX_FLAVORS   (4)
  34
  35 typedef struct ptlrpcs_flavor_s {
  36         __u32   flavor;
  37         __u32   subflavor;
  38 } ptlrpcs_flavor_t;
  39
  40 typedef struct {
  41         struct list_head        list;
  42         ptlrpcs_flavor_t        sec;
  43 } deny_sec_t;
  44
  45 enum ptlrpcs_security_type {
  46         PTLRPC_SEC_TYPE_NONE    = 0,    /* no security */
  47         PTLRPC_SEC_TYPE_AUTH    = 1,    /* authentication */
  48         PTLRPC_SEC_TYPE_PRIV    = 2,    /* privacy */
  49 };
  50
  51 /*
  52  * This header is prepended at any on-wire ptlrpc packets
  53  */
  54 struct ptlrpcs_wire_hdr {
  55         __u32   flavor;
  56         __u32   sectype;
  57         __u32   msg_len;
  58         __u32   sec_len;
  59 };
  60
  61 static inline
  62 struct ptlrpcs_wire_hdr *buf_to_sec_hdr(void *buf)
  63 {
  64         return (struct ptlrpcs_wire_hdr *) buf;
  65 }
  66
  67 static inline
  68 struct lustre_msg *buf_to_lustre_msg(void *buf)
  69 {
  70         return (struct lustre_msg *)
  71                ((char *) buf + sizeof(struct ptlrpcs_wire_hdr));
  72 }
  73
  74 static inline
  75 __u8 *buf_to_sec_data(void *buf)
  76 {
  77         struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(buf);
  78         return (__u8 *) (buf + sizeof(*hdr) + hdr->msg_len);
  79 }
  80
  81 enum ptlrpcs_flavors {
  82         PTLRPC_SEC_NULL = 0,
  83         PTLRPC_SEC_GSS  = 1,
  84 };
  85
  86 #define PTLRPC_SEC_GSS_VERSION (1)
  87
  88 enum ptlrpcs_gss_subflavors {
  89         PTLRPC_SEC_GSS_KRB5  = 0,
  90         PTLRPC_SEC_GSS_KRB5I = 1,
  91         PTLRPC_SEC_GSS_KRB5P = 2,
  92 };
  93
  94 enum ptlrpcs_gss_proc {
  95         PTLRPC_GSS_PROC_DATA =          0,
  96         PTLRPC_GSS_PROC_INIT =          1,
  97         PTLRPC_GSS_PROC_CONTINUE_INIT = 2,
  98         PTLRPC_GSS_PROC_DESTROY =       3,
  99         PTLRPC_GSS_PROC_ERR =           4,
 100 };
 101
 102 enum ptlrpcs_gss_svc {
 103         PTLRPC_GSS_SVC_NONE =           1,
 104         PTLRPC_GSS_SVC_INTEGRITY =      2,
 105         PTLRPC_GSS_SVC_PRIVACY =        3,
 106 };
 107
 108 enum ptlrpcs_error {
 109         PTLRPCS_OK =                    0,
 110         PTLRPCS_BADCRED =               1,
 111         PTLRPCS_REJECTEDCRED =          2,
 112         PTLRPCS_BADVERF =               3,
 113         PTLRPCS_REJECTEDVERF =          4,
 114         PTLRPCS_TOOWEAK =               5,
 115         /* GSS errors */
 116         PTLRPCS_GSS_CREDPROBLEM =       13,
 117         PTLRPCS_GSS_CTXPROBLEM =        14,
 118 };
 119
 120 struct vfs_cred {
 121         __u64   vc_pag;
 122         uid_t   vc_uid;
 123         gid_t   vc_gid;
 124         struct group_info *vc_ginfo;
 125 };
 126
 127 struct ptlrpc_credops {
 128         int     (*match)  (struct ptlrpc_cred *cred, struct vfs_cred *vcred);
 129         int     (*refresh)(struct ptlrpc_cred *cred);
 130         void    (*destroy)(struct ptlrpc_cred *cred);
 131         int     (*sign)   (struct ptlrpc_cred *cred,
 132                            struct ptlrpc_request *req);
 133         int     (*verify) (struct ptlrpc_cred *cred,
 134                            struct ptlrpc_request *req);
 135         int     (*seal)   (struct ptlrpc_cred *cred,
 136                            struct ptlrpc_request *req);
 137         int     (*unseal) (struct ptlrpc_cred *cred,
 138                            struct ptlrpc_request *req);
 139 };
 140
 141 #define PTLRPC_CRED_UPTODATE    0x00000001 /* uptodate */
 142 #define PTLRPC_CRED_DEAD        0x00000002 /* mark expired gracefully */
 143 #define PTLRPC_CRED_ERROR       0x00000004 /* fatal error (refresh, etc.) */
 144 #define PTLRPC_CRED_FLAGS_MASK  0x00000007
 145
 146 struct ptlrpc_cred {
 147         struct list_head        pc_hash;   /* linked into hash table */
 148         atomic_t                pc_refcount;
 149         struct ptlrpc_sec      *pc_sec;
 150         struct ptlrpc_credops  *pc_ops;
 151         unsigned long           pc_expire;
 152         int                     pc_flags;
 153         /* XXX maybe should not be here */
 154         __u64                   pc_pag;
 155         uid_t                   pc_uid;
 156 };
 157
 158 struct ptlrpc_secops {
 159         struct ptlrpc_sec *   (*create_sec)    (ptlrpcs_flavor_t *flavor,
 160                                                 const char *pipe_dir,
 161                                                 void *pipe_data);
 162         void                  (*destroy_sec)   (struct ptlrpc_sec *sec);
 163         struct ptlrpc_cred *  (*create_cred)   (struct ptlrpc_sec *sec,
 164                                                 struct vfs_cred *vcred);
 165         /* buffer manipulation */
 166         int                   (*alloc_reqbuf)  (struct ptlrpc_sec *sec,
 167                                                 struct ptlrpc_request *req,
 168                                                 int lustre_msg_size);
 169         int                   (*alloc_repbuf)  (struct ptlrpc_sec *sec,
 170                                                 struct ptlrpc_request *req,
 171                                                 int lustre_msg_size);
 172         void                  (*free_reqbuf)   (struct ptlrpc_sec *sec,
 173                                                 struct ptlrpc_request *req);
 174         void                  (*free_repbuf)   (struct ptlrpc_sec *sec,
 175                                                 struct ptlrpc_request *req);
 176         /* security payload size estimation */
 177         int                   (*est_req_payload)(struct ptlrpc_sec *sec,
 178                                                  int msgsize);
 179         int                   (*est_rep_payload)(struct ptlrpc_sec *sec,
 180                                                  int msgsize);
 181 };
 182
 183 struct ptlrpc_sec_type {
 184         struct module          *pst_owner;
 185         char                   *pst_name;
 186         atomic_t                pst_inst;       /* instance, debug only */
 187         ptlrpcs_flavor_t        pst_flavor;
 188         struct ptlrpc_secops   *pst_ops;
 189 };
 190
 191 #define PTLRPC_CREDCACHE_NR     8
 192 #define PTLRPC_CREDCACHE_MASK   (PTLRPC_CREDCACHE_NR - 1)
 193
 194 struct ptlrpc_sec {
 195         struct ptlrpc_sec_type *ps_type;
 196         struct list_head        ps_credcache[PTLRPC_CREDCACHE_NR];
 197         spinlock_t              ps_lock;        /* protect cred cache */
 198         __u32                   ps_sectype;
 199         ptlrpcs_flavor_t        ps_flavor;
 200         atomic_t                ps_refcount;
 201         atomic_t                ps_credcount;
 202         struct obd_import      *ps_import;
 203         /* actual security model need initialize following fields */
 204         unsigned long           ps_expire;      /* cache expire interval */
 205         unsigned long           ps_nextgc;      /* next gc time */
 206         unsigned int            ps_flags;
 207 };
 208
 209 /* sec.c */
 210 int  ptlrpcs_register(struct ptlrpc_sec_type *type);
 211 int  ptlrpcs_unregister(struct ptlrpc_sec_type *type);
 212
 213 struct ptlrpc_sec * ptlrpcs_sec_create(ptlrpcs_flavor_t *flavor,
 214                                        struct obd_import *import,
 215                                        const char *pipe_dir,
 216                                        void *pipe_data);
 217 void ptlrpcs_sec_put(struct ptlrpc_sec *sec);
 218 void ptlrpcs_sec_invalidate_cache(struct ptlrpc_sec *sec);
 219
 220 struct ptlrpc_cred * ptlrpcs_cred_lookup(struct ptlrpc_sec *sec,
 221                                          struct vfs_cred *vcred);
 222 void ptlrpcs_cred_put(struct ptlrpc_cred *cred, int sync);
 223
 224 static inline void ptlrpcs_cred_get(struct ptlrpc_cred *cred)
 225 {
 226         LASSERT(atomic_read(&cred->pc_refcount));
 227         atomic_inc(&cred->pc_refcount);
 228 }
 229
 230 static inline int ptlrpcs_cred_is_uptodate(struct ptlrpc_cred *cred)
 231 {
 232         LASSERT(cred);
 233         LASSERT(atomic_read(&cred->pc_refcount));
 234         return ((cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) ==
 235                 PTLRPC_CRED_UPTODATE);
 236 }
 237 static inline int ptlrpcs_cred_refresh(struct ptlrpc_cred *cred)
 238 {
 239         LASSERT(cred);
 240         LASSERT(atomic_read(&cred->pc_refcount));
 241         LASSERT(cred->pc_ops);
 242         LASSERT(cred->pc_ops->refresh);
 243         return cred->pc_ops->refresh(cred);
 244 }
 245 static inline void ptlrpcs_cred_die(struct ptlrpc_cred *cred)
 246 {
 247         LASSERT(atomic_read(&cred->pc_refcount));
 248         LASSERT(cred->pc_sec);
 249         if (!(cred->pc_flags & PTLRPC_CRED_DEAD)) {
 250                 spin_lock(&cred->pc_sec->ps_lock);
 251                 cred->pc_flags |= PTLRPC_CRED_DEAD;
 252                 cred->pc_flags &= ~PTLRPC_CRED_UPTODATE;
 253                 list_del_init(&cred->pc_hash);
 254                 spin_unlock(&cred->pc_sec->ps_lock);
 255         }
 256 }
 257 static inline int ptlrpcs_cred_is_dead(struct ptlrpc_cred *cred)
 258 {
 259         return(cred->pc_flags & PTLRPC_CRED_DEAD);
 260 }
 261
 262 static inline int ptlrpcs_est_req_payload(struct ptlrpc_sec *sec,
 263                                           int datasize)
 264 {
 265         struct ptlrpc_secops *ops;
 266
 267         LASSERT(sec);
 268         LASSERT(sec->ps_type);
 269         LASSERT(sec->ps_type->pst_ops);
 270
 271         ops = sec->ps_type->pst_ops;
 272         if (ops->est_req_payload)
 273                 return ops->est_req_payload(sec, datasize);
 274         else
 275                 return 0;
 276 }
 277
 278 static inline int ptlrpcs_est_rep_payload(struct ptlrpc_sec *sec,
 279                                           int datasize)
 280 {
 281         struct ptlrpc_secops *ops;
 282
 283         LASSERT(sec);
 284         LASSERT(sec->ps_type);
 285         LASSERT(sec->ps_type->pst_ops);
 286
 287         ops = sec->ps_type->pst_ops;
 288         if (ops->est_rep_payload)
 289                 return ops->est_rep_payload(sec, datasize);
 290         else
 291                 return 0;
 292 }
 293
 294 static inline int add_deny_security(char *sec, struct list_head *head)
 295 {
 296         int rc = 0;
 297         deny_sec_t      *p_deny_sec = NULL;
 298
 299         LASSERT(sec != NULL);
 300
 301         OBD_ALLOC(p_deny_sec, sizeof(*p_deny_sec));
 302         if (p_deny_sec == NULL) return -ENOMEM;
 303
 304         if (strcmp(sec, "null") == 0) {
 305                 p_deny_sec->sec.flavor = PTLRPC_SEC_NULL;
 306                 p_deny_sec->sec.subflavor = PTLRPC_SEC_NULL;
 307         }else if (strcmp(sec, "krb5i") == 0) {
 308                p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
 309                p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5I;
 310         }else if (strcmp(sec, "krb5p") == 0) {
 311                p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
 312                p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5P;
 313         }else{
 314                CERROR("unrecognized security type %s\n", (char*) sec);
 315                GOTO(out, rc = -EINVAL);
 316         }
 317
 318         list_add_tail(&p_deny_sec->list, head);
 319 out:
 320         if (rc) {
 321                 if (p_deny_sec)
 322                         OBD_FREE(p_deny_sec, sizeof(*p_deny_sec));
 323         }
 324         return rc;
 325 }
 326
 327 int ptlrpcs_cli_wrap_request(struct ptlrpc_request *req);
 328 int ptlrpcs_cli_unwrap_reply(struct ptlrpc_request *req);
 329 int ptlrpcs_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
 330 int ptlrpcs_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
 331 void ptlrpcs_cli_free_reqbuf(struct ptlrpc_request *req);
 332 void ptlrpcs_cli_free_repbuf(struct ptlrpc_request *req);
 333
 334 /* higher interface */
 335 int  ptlrpcs_import_get_sec(struct obd_import *imp);
 336 void ptlrpcs_import_drop_sec(struct obd_import *imp);
 337 int  ptlrpcs_req_get_cred(struct ptlrpc_request *req);
 338 void ptlrpcs_req_drop_cred(struct ptlrpc_request *req);
 339 int  ptlrpcs_req_replace_dead_cred(struct ptlrpc_request *req);
 340 int  ptlrpcs_req_refresh_cred(struct ptlrpc_request *req);
 341
 342 /* internal helpers */
 343 int sec_alloc_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
 344                      int msgsize, int secsize);
 345 void sec_free_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
 346
 347 /* sec_null.c */
 348 int ptlrpcs_null_init(void);
 349 int ptlrpcs_null_exit(void);
 350
 351 /**********************************************************
 352  * Server side stuff
 353  **********************************************************/
 354
 355 struct ptlrpc_reply_state;
 356
 357 struct ptlrpc_svcsec {
 358         struct module           *pss_owner;
 359         char                    *pss_name;
 360         ptlrpcs_flavor_t         pss_flavor;
 361         int                      pss_sec_size;
 362
 363         int                    (*accept)      (struct ptlrpc_request *req,
 364                                                enum ptlrpcs_error *res);
 365         int                    (*authorize)   (struct ptlrpc_request *req);
 366         int                    (*alloc_repbuf)(struct ptlrpc_svcsec *svcsec,
 367                                                struct ptlrpc_request *req,
 368                                                int msgsize);
 369         void                   (*free_repbuf) (struct ptlrpc_svcsec *svcsec,
 370                                                struct ptlrpc_reply_state *rs);
 371         void                   (*cleanup_req) (struct ptlrpc_svcsec *svcsec,
 372                                                struct ptlrpc_request *req);
 373 };
 374
 375 #define SVC_OK          1
 376 #define SVC_COMPLETE    2
 377 #define SVC_DROP        3
 378 #define SVC_LOGIN       4
 379 #define SVC_LOGOUT      5
 380
 381 /* FIXME
 382  * this should be a gss internal structure. fix these when we
 383  * sort out the flavor issues.
 384  */
 385
 386 typedef struct rawobj_s {
 387         __u32           len;
 388         __u8           *data;
 389 } rawobj_t;
 390
 391 /* on-the-wire gss cred: */
 392 struct rpc_gss_wire_cred {
 393         __u32                   gc_v;           /* version */
 394         __u32                   gc_proc;        /* control procedure */
 395         __u32                   gc_seq;         /* sequence number */
 396         __u32                   gc_svc;         /* service */
 397         rawobj_t                gc_ctx;         /* context handle */
 398 };
 399
 400 struct gss_svc_data {
 401         __u32                           subflavor; /* XXX */
 402         /* decoded gss client cred: */
 403         struct rpc_gss_wire_cred        clcred;
 404         /* internal used status */
 405         unsigned int                    is_init:1,
 406                                         is_init_continue:1,
 407                                         is_err_notify:1,
 408                                         is_fini:1;
 409         int                             reserve_len;
 410 };
 411
 412 int svcsec_register(struct ptlrpc_svcsec *ss);
 413 int svcsec_unregister(struct ptlrpc_svcsec *ss);
 414 int svcsec_accept(struct ptlrpc_request *req, enum ptlrpcs_error *res);
 415 int svcsec_authorize(struct ptlrpc_request *req);
 416 int svcsec_alloc_repbuf(struct ptlrpc_svcsec *svcsec,
 417                         struct ptlrpc_request *req, int msgsize);
 418 void svcsec_cleanup_req(struct ptlrpc_request *req);
 419
 420 struct ptlrpc_svcsec * svcsec_get(struct ptlrpc_svcsec *sec);
 421 void svcsec_put(struct ptlrpc_svcsec *sec);
 422
 423 /* internal helpers */
 424 int svcsec_alloc_reply_state(struct ptlrpc_request *req,
 425                              int msgsize, int secsize);
 426 void svcsec_free_reply_state(struct ptlrpc_reply_state *rs);
 427
 428 /* svcsec_null.c */
 429 int svcsec_null_init(void);
 430 int svcsec_null_exit(void);
 431
 432 #endif /* __LINUX_SEC_H_ */