1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #ifndef __LINUX_SEC_H_
23 #define __LINUX_SEC_H_
25 /* forward declaration */
27 struct ptlrpc_request;
29 struct ptlrpc_credops;
33 #define PTLRPC_SEC_MAX_FLAVORS (4)
35 typedef struct ptlrpcs_flavor_s {
41 struct list_head list;
45 enum ptlrpcs_security_type {
46 PTLRPC_SEC_TYPE_NONE = 0, /* no security */
47 PTLRPC_SEC_TYPE_AUTH = 1, /* authentication */
48 PTLRPC_SEC_TYPE_PRIV = 2, /* privacy */
52 * This header is prepended at any on-wire ptlrpc packets
54 struct ptlrpcs_wire_hdr {
62 struct ptlrpcs_wire_hdr *buf_to_sec_hdr(void *buf)
64 return (struct ptlrpcs_wire_hdr *) buf;
68 struct lustre_msg *buf_to_lustre_msg(void *buf)
70 return (struct lustre_msg *)
71 ((char *) buf + sizeof(struct ptlrpcs_wire_hdr));
75 __u8 *buf_to_sec_data(void *buf)
77 struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(buf);
78 return (__u8 *) (buf + sizeof(*hdr) + hdr->msg_len);
81 enum ptlrpcs_flavors {
86 #define PTLRPC_SEC_GSS_VERSION (1)
88 enum ptlrpcs_gss_subflavors {
89 PTLRPC_SEC_GSS_KRB5 = 0,
90 PTLRPC_SEC_GSS_KRB5I = 1,
91 PTLRPC_SEC_GSS_KRB5P = 2,
94 enum ptlrpcs_gss_proc {
95 PTLRPC_GSS_PROC_DATA = 0,
96 PTLRPC_GSS_PROC_INIT = 1,
97 PTLRPC_GSS_PROC_CONTINUE_INIT = 2,
98 PTLRPC_GSS_PROC_DESTROY = 3,
99 PTLRPC_GSS_PROC_ERR = 4,
102 enum ptlrpcs_gss_svc {
103 PTLRPC_GSS_SVC_NONE = 1,
104 PTLRPC_GSS_SVC_INTEGRITY = 2,
105 PTLRPC_GSS_SVC_PRIVACY = 3,
111 PTLRPCS_REJECTEDCRED = 2,
113 PTLRPCS_REJECTEDVERF = 4,
116 PTLRPCS_GSS_CREDPROBLEM = 13,
117 PTLRPCS_GSS_CTXPROBLEM = 14,
124 struct group_info *vc_ginfo;
127 struct ptlrpc_credops {
128 int (*match) (struct ptlrpc_cred *cred, struct vfs_cred *vcred);
129 int (*refresh)(struct ptlrpc_cred *cred);
130 void (*destroy)(struct ptlrpc_cred *cred);
131 int (*sign) (struct ptlrpc_cred *cred,
132 struct ptlrpc_request *req);
133 int (*verify) (struct ptlrpc_cred *cred,
134 struct ptlrpc_request *req);
135 int (*seal) (struct ptlrpc_cred *cred,
136 struct ptlrpc_request *req);
137 int (*unseal) (struct ptlrpc_cred *cred,
138 struct ptlrpc_request *req);
141 #define PTLRPC_CRED_UPTODATE 0x00000001 /* uptodate */
142 #define PTLRPC_CRED_DEAD 0x00000002 /* mark expired gracefully */
143 #define PTLRPC_CRED_ERROR 0x00000004 /* fatal error (refresh, etc.) */
144 #define PTLRPC_CRED_FLAGS_MASK 0x00000007
147 struct list_head pc_hash; /* linked into hash table */
148 atomic_t pc_refcount;
149 struct ptlrpc_sec *pc_sec;
150 struct ptlrpc_credops *pc_ops;
151 unsigned long pc_expire;
153 /* XXX maybe should not be here */
158 struct ptlrpc_secops {
159 struct ptlrpc_sec * (*create_sec) (ptlrpcs_flavor_t *flavor,
160 const char *pipe_dir,
162 void (*destroy_sec) (struct ptlrpc_sec *sec);
163 struct ptlrpc_cred * (*create_cred) (struct ptlrpc_sec *sec,
164 struct vfs_cred *vcred);
165 /* buffer manipulation */
166 int (*alloc_reqbuf) (struct ptlrpc_sec *sec,
167 struct ptlrpc_request *req,
168 int lustre_msg_size);
169 int (*alloc_repbuf) (struct ptlrpc_sec *sec,
170 struct ptlrpc_request *req,
171 int lustre_msg_size);
172 void (*free_reqbuf) (struct ptlrpc_sec *sec,
173 struct ptlrpc_request *req);
174 void (*free_repbuf) (struct ptlrpc_sec *sec,
175 struct ptlrpc_request *req);
176 /* security payload size estimation */
177 int (*est_req_payload)(struct ptlrpc_sec *sec,
179 int (*est_rep_payload)(struct ptlrpc_sec *sec,
183 struct ptlrpc_sec_type {
184 struct module *pst_owner;
186 atomic_t pst_inst; /* instance, debug only */
187 ptlrpcs_flavor_t pst_flavor;
188 struct ptlrpc_secops *pst_ops;
191 #define PTLRPC_CREDCACHE_NR 8
192 #define PTLRPC_CREDCACHE_MASK (PTLRPC_CREDCACHE_NR - 1)
195 struct ptlrpc_sec_type *ps_type;
196 struct list_head ps_credcache[PTLRPC_CREDCACHE_NR];
197 spinlock_t ps_lock; /* protect cred cache */
199 ptlrpcs_flavor_t ps_flavor;
200 atomic_t ps_refcount;
201 atomic_t ps_credcount;
202 struct obd_import *ps_import;
203 /* actual security model need initialize following fields */
204 unsigned long ps_expire; /* cache expire interval */
205 unsigned long ps_nextgc; /* next gc time */
206 unsigned int ps_flags;
210 int ptlrpcs_register(struct ptlrpc_sec_type *type);
211 int ptlrpcs_unregister(struct ptlrpc_sec_type *type);
213 struct ptlrpc_sec * ptlrpcs_sec_create(ptlrpcs_flavor_t *flavor,
214 struct obd_import *import,
215 const char *pipe_dir,
217 void ptlrpcs_sec_put(struct ptlrpc_sec *sec);
218 void ptlrpcs_sec_invalidate_cache(struct ptlrpc_sec *sec);
220 struct ptlrpc_cred * ptlrpcs_cred_lookup(struct ptlrpc_sec *sec,
221 struct vfs_cred *vcred);
222 void ptlrpcs_cred_put(struct ptlrpc_cred *cred, int sync);
224 static inline void ptlrpcs_cred_get(struct ptlrpc_cred *cred)
226 LASSERT(atomic_read(&cred->pc_refcount));
227 atomic_inc(&cred->pc_refcount);
230 static inline int ptlrpcs_cred_is_uptodate(struct ptlrpc_cred *cred)
233 LASSERT(atomic_read(&cred->pc_refcount));
234 return ((cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) ==
235 PTLRPC_CRED_UPTODATE);
238 static inline int ptlrpcs_cred_refresh(struct ptlrpc_cred *cred)
241 LASSERT(atomic_read(&cred->pc_refcount));
242 LASSERT(cred->pc_ops);
243 LASSERT(cred->pc_ops->refresh);
244 return cred->pc_ops->refresh(cred);
247 /* we set the cred flags is safe since cred cache code don't
248 * touch cred with refcount > 0
250 static inline void ptlrpcs_cred_expire(struct ptlrpc_cred *cred)
252 LASSERT(atomic_read(&cred->pc_refcount));
253 LASSERT(cred->pc_sec);
255 if (cred->pc_flags & PTLRPC_CRED_DEAD)
257 cred->pc_flags |= PTLRPC_CRED_DEAD;
258 cred->pc_flags &= ~PTLRPC_CRED_UPTODATE;
259 CWARN("cred %p: get expired\n", cred);
262 /* usually called upon an UPTODATE cred */
263 static inline int ptlrpcs_cred_check_expire(struct ptlrpc_cred *cred)
265 LASSERT(atomic_read(&cred->pc_refcount));
266 if (cred->pc_expire == 0)
268 if (time_after(cred->pc_expire, get_seconds()))
270 ptlrpcs_cred_expire(cred);
274 static inline int ptlrpcs_est_req_payload(struct ptlrpc_sec *sec,
277 struct ptlrpc_secops *ops;
280 LASSERT(sec->ps_type);
281 LASSERT(sec->ps_type->pst_ops);
283 ops = sec->ps_type->pst_ops;
284 if (ops->est_req_payload)
285 return ops->est_req_payload(sec, datasize);
290 static inline int ptlrpcs_est_rep_payload(struct ptlrpc_sec *sec,
293 struct ptlrpc_secops *ops;
296 LASSERT(sec->ps_type);
297 LASSERT(sec->ps_type->pst_ops);
299 ops = sec->ps_type->pst_ops;
300 if (ops->est_rep_payload)
301 return ops->est_rep_payload(sec, datasize);
306 static inline int add_deny_security(char *sec, struct list_head *head)
309 deny_sec_t *p_deny_sec = NULL;
311 LASSERT(sec != NULL);
313 OBD_ALLOC(p_deny_sec, sizeof(*p_deny_sec));
314 if (p_deny_sec == NULL) return -ENOMEM;
316 if (strcmp(sec, "null") == 0) {
317 p_deny_sec->sec.flavor = PTLRPC_SEC_NULL;
318 p_deny_sec->sec.subflavor = PTLRPC_SEC_NULL;
319 }else if (strcmp(sec, "krb5i") == 0) {
320 p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
321 p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5I;
322 }else if (strcmp(sec, "krb5p") == 0) {
323 p_deny_sec->sec.flavor = PTLRPC_SEC_GSS;
324 p_deny_sec->sec.subflavor = PTLRPC_SEC_GSS_KRB5P;
326 CERROR("unrecognized security type %s\n", (char*) sec);
327 GOTO(out, rc = -EINVAL);
330 list_add_tail(&p_deny_sec->list, head);
334 OBD_FREE(p_deny_sec, sizeof(*p_deny_sec));
339 int ptlrpcs_cli_wrap_request(struct ptlrpc_request *req);
340 int ptlrpcs_cli_unwrap_reply(struct ptlrpc_request *req);
341 int ptlrpcs_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
342 int ptlrpcs_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
343 void ptlrpcs_cli_free_reqbuf(struct ptlrpc_request *req);
344 void ptlrpcs_cli_free_repbuf(struct ptlrpc_request *req);
346 /* higher interface */
347 int ptlrpcs_import_get_sec(struct obd_import *imp);
348 void ptlrpcs_import_drop_sec(struct obd_import *imp);
349 int ptlrpcs_req_get_cred(struct ptlrpc_request *req);
350 void ptlrpcs_req_drop_cred(struct ptlrpc_request *req);
351 int ptlrpcs_req_replace_dead_cred(struct ptlrpc_request *req);
352 int ptlrpcs_req_refresh_cred(struct ptlrpc_request *req);
353 int ptlrpcs_check_cred(struct obd_import *imp);
355 /* internal helpers */
356 int sec_alloc_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
357 int msgsize, int secsize);
358 void sec_free_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
361 int ptlrpcs_null_init(void);
362 int ptlrpcs_null_exit(void);
364 /**********************************************************
366 **********************************************************/
368 struct ptlrpc_reply_state;
370 struct ptlrpc_svcsec {
371 struct module *pss_owner;
373 ptlrpcs_flavor_t pss_flavor;
376 int (*accept) (struct ptlrpc_request *req,
377 enum ptlrpcs_error *res);
378 int (*authorize) (struct ptlrpc_request *req);
379 int (*alloc_repbuf)(struct ptlrpc_svcsec *svcsec,
380 struct ptlrpc_request *req,
382 void (*free_repbuf) (struct ptlrpc_svcsec *svcsec,
383 struct ptlrpc_reply_state *rs);
384 void (*cleanup_req) (struct ptlrpc_svcsec *svcsec,
385 struct ptlrpc_request *req);
389 #define SVC_COMPLETE 2
395 * this should be a gss internal structure. fix these when we
396 * sort out the flavor issues.
399 typedef struct rawobj_s {
404 /* on-the-wire gss cred: */
405 struct rpc_gss_wire_cred {
406 __u32 gc_v; /* version */
407 __u32 gc_proc; /* control procedure */
408 __u32 gc_seq; /* sequence number */
409 __u32 gc_svc; /* service */
410 rawobj_t gc_ctx; /* context handle */
413 struct gss_svc_data {
414 __u32 subflavor; /* XXX */
415 /* decoded gss client cred: */
416 struct rpc_gss_wire_cred clcred;
417 /* internal used status */
418 unsigned int is_init:1,
425 int svcsec_register(struct ptlrpc_svcsec *ss);
426 int svcsec_unregister(struct ptlrpc_svcsec *ss);
427 int svcsec_accept(struct ptlrpc_request *req, enum ptlrpcs_error *res);
428 int svcsec_authorize(struct ptlrpc_request *req);
429 int svcsec_alloc_repbuf(struct ptlrpc_svcsec *svcsec,
430 struct ptlrpc_request *req, int msgsize);
431 void svcsec_cleanup_req(struct ptlrpc_request *req);
433 struct ptlrpc_svcsec * svcsec_get(struct ptlrpc_svcsec *sec);
434 void svcsec_put(struct ptlrpc_svcsec *sec);
436 /* internal helpers */
437 int svcsec_alloc_reply_state(struct ptlrpc_request *req,
438 int msgsize, int secsize);
439 void svcsec_free_reply_state(struct ptlrpc_reply_state *rs);
442 int svcsec_null_init(void);
443 int svcsec_null_exit(void);
445 #endif /* __LINUX_SEC_H_ */