lustre/include/linux/lustre_sec.h

   1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
   2  * vim:expandtab:shiftwidth=8:tabstop=8:
   3  *
   4  * Copyright (C) 2004 Cluster File Systems, Inc.
   5  *
   6  *   This file is part of Lustre, http://www.lustre.org.
   7  *
   8  *   Lustre is free software; you can redistribute it and/or
   9  *   modify it under the terms of version 2 of the GNU General Public
  10  *   License as published by the Free Software Foundation.
  11  *
  12  *   Lustre is distributed in the hope that it will be useful,
  13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *   GNU General Public License for more details.
  16  *
  17  *   You should have received a copy of the GNU General Public License
  18  *   along with Lustre; if not, write to the Free Software
  19  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20  */
  21
  22 #ifndef __LINUX_SEC_H_
  23 #define __LINUX_SEC_H_
  24
  25 //#include <linux/lustre_idl.h>
  26
  27 enum ptlrpcs_major_flavors {
  28         PTLRPCS_FLVR_MAJOR_NULL         = 0,
  29         PTLRPCS_FLVR_MAJOR_GSS          = 1,
  30         PTLRPCS_FLVR_MAJOR_MAX,
  31 };
  32
  33 enum ptlrpcs_null_minor_flavors {
  34         PTLRPCS_FLVR_MINOR_NULL         = 0,
  35         PTLRPCS_FLVR_MINOR_NULL_MAX,
  36 };
  37 enum ptlrpcs_gss_minor_flavors {
  38         PTLRPCS_FLVR_MINOR_GSS_NONE     = 0,
  39         PTLRPCS_FLVR_MINOR_GSS_KRB5     = 1,
  40         PTLRPCS_FLVR_MINOR_GSS_MAX,
  41 };
  42
  43 enum ptlrpcs_security_type {
  44         PTLRPCS_SVC_NONE                = 0,    /* no security */
  45         PTLRPCS_SVC_AUTH                = 1,    /* authentication */
  46         PTLRPCS_SVC_PRIV                = 2,    /* privacy */
  47         PTLRPCS_SVC_MAX,
  48 };
  49
  50 /*
  51  * flavor compose/extract
  52  */
  53 #define SEC_FLAVOR_MAJOR_OFFSET         (24)
  54 #define SEC_FLAVOR_RESERVE_OFFSET       (16)
  55 #define SEC_FLAVOR_SVC_OFFSET           (8)
  56 #define SEC_FLAVOR_MINOR_OFFSET         (0)
  57
  58 #define SEC_MAKE_FLAVOR(major, minor, svc)                      \
  59         (((__u32)(major) << SEC_FLAVOR_MAJOR_OFFSET) |          \
  60          ((__u32)(svc) << SEC_FLAVOR_SVC_OFFSET) |              \
  61          ((__u32)(minor) << SEC_FLAVOR_MINOR_OFFSET))
  62
  63 #define SEC_MAKE_SUBFLAVOR(minor, svc)                          \
  64         (((__u32)(svc) << SEC_FLAVOR_SVC_OFFSET) |              \
  65          ((__u32)(minor) << SEC_FLAVOR_MINOR_OFFSET))
  66
  67 #define SEC_FLAVOR_MAJOR(flavor)                                        \
  68         ((((__u32)(flavor)) >> SEC_FLAVOR_MAJOR_OFFSET) & 0xFF)
  69 #define SEC_FLAVOR_MINOR(flavor)                                        \
  70         ((((__u32)(flavor)) >> SEC_FLAVOR_MINOR_OFFSET) & 0xFF)
  71 #define SEC_FLAVOR_SVC(flavor)                                          \
  72         ((((__u32)(flavor)) >> SEC_FLAVOR_SVC_OFFSET) & 0xFF)
  73 #define SEC_FLAVOR_SUB(flavor)                                          \
  74         ((((__u32)(flavor)) >> SEC_FLAVOR_MINOR_OFFSET) & 0xFFFF)
  75
  76 /*
  77  * general gss flavors
  78  */
  79 #define PTLRPCS_FLVR_GSS_NONE                           \
  80         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
  81                         PTLRPCS_FLVR_MINOR_GSS_NONE,    \
  82                         PTLRPCS_SVC_NONE)
  83 #define PTLRPCS_FLVR_GSS_AUTH                           \
  84         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
  85                         PTLRPCS_FLVR_MINOR_GSS_NONE,    \
  86                         PTLRPCS_SVC_AUTH)
  87 #define PTLRPCS_FLVR_GSS_PRIV                           \
  88         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
  89                         PTLRPCS_FLVR_MINOR_GSS_NONE,    \
  90                         PTLRPCS_SVC_PRIV)
  91
  92 /*
  93  * gss subflavors
  94  */
  95 #define PTLRPCS_SUBFLVR_KRB5                            \
  96         SEC_MAKE_SUBFLAVOR(PTLRPCS_FLVR_MINOR_GSS_KRB5, \
  97                            PTLRPCS_SVC_NONE)
  98 #define PTLRPCS_SUBFLVR_KRB5I                           \
  99         SEC_MAKE_SUBFLAVOR(PTLRPCS_FLVR_MINOR_GSS_KRB5, \
 100                            PTLRPCS_SVC_AUTH)
 101 #define PTLRPCS_SUBFLVR_KRB5P                           \
 102         SEC_MAKE_SUBFLAVOR(PTLRPCS_FLVR_MINOR_GSS_KRB5, \
 103                            PTLRPCS_SVC_PRIV)
 104
 105 /*
 106  * "end user" flavors
 107  */
 108 #define PTLRPCS_FLVR_NULL                               \
 109         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_NULL,        \
 110                         PTLRPCS_FLVR_MINOR_NULL,        \
 111                         PTLRPCS_SVC_NONE)
 112 #define PTLRPCS_FLVR_KRB5                               \
 113         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
 114                         PTLRPCS_FLVR_MINOR_GSS_KRB5,    \
 115                         PTLRPCS_SVC_NONE)
 116 #define PTLRPCS_FLVR_KRB5I                              \
 117         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
 118                         PTLRPCS_FLVR_MINOR_GSS_KRB5,    \
 119                         PTLRPCS_SVC_AUTH)
 120 #define PTLRPCS_FLVR_KRB5P                              \
 121         SEC_MAKE_FLAVOR(PTLRPCS_FLVR_MAJOR_GSS,         \
 122                         PTLRPCS_FLVR_MINOR_GSS_KRB5,    \
 123                         PTLRPCS_SVC_PRIV)
 124
 125 #define PTLRPCS_FLVR_INVALID    (-1)
 126
 127 __u32 ptlrpcs_name2flavor(const char *name);
 128 char *ptlrpcs_flavor2name(__u32 flavor);
 129
 130
 131 /* forward declaration */
 132 struct obd_import;
 133 struct ptlrpc_request;
 134 struct ptlrpc_cred;
 135 struct ptlrpc_credops;
 136 struct ptlrpc_sec;
 137 struct ptlrpc_secops;
 138
 139 typedef struct {
 140         struct list_head        list;
 141         __u32                   flavor;
 142 } deny_sec_t;
 143
 144 /*
 145  * This header is prepended at any on-wire ptlrpc packets
 146  */
 147 struct ptlrpcs_wire_hdr {
 148         __u32   flavor;
 149         __u32   unused;
 150         __u32   msg_len;
 151         __u32   sec_len;
 152 };
 153
 154 static inline
 155 struct ptlrpcs_wire_hdr *buf_to_sec_hdr(void *buf)
 156 {
 157         return (struct ptlrpcs_wire_hdr *) buf;
 158 }
 159
 160 static inline
 161 struct lustre_msg *buf_to_lustre_msg(void *buf)
 162 {
 163         return (struct lustre_msg *)
 164                ((char *) buf + sizeof(struct ptlrpcs_wire_hdr));
 165 }
 166
 167 static inline
 168 __u8 *buf_to_sec_data(void *buf)
 169 {
 170         struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(buf);
 171         return (__u8 *) (buf + sizeof(*hdr) + hdr->msg_len);
 172 }
 173
 174 #define PTLRPC_SEC_GSS_VERSION (1)
 175
 176 enum ptlrpcs_gss_proc {
 177         PTLRPCS_GSS_PROC_DATA           = 0,
 178         PTLRPCS_GSS_PROC_INIT           = 1,
 179         PTLRPCS_GSS_PROC_CONTINUE_INIT  = 2,
 180         PTLRPCS_GSS_PROC_DESTROY        = 3,
 181         PTLRPCS_GSS_PROC_ERR            = 4,
 182 };
 183
 184 enum ptlrpcs_gss_svc {
 185         PTLRPCS_GSS_SVC_NONE            = 1,
 186         PTLRPCS_GSS_SVC_INTEGRITY       = 2,
 187         PTLRPCS_GSS_SVC_PRIVACY         = 3,
 188 };
 189
 190 enum ptlrpcs_error {
 191         PTLRPCS_OK                      = 0,
 192         PTLRPCS_BADCRED                 = 1,
 193         PTLRPCS_REJECTEDCRED            = 2,
 194         PTLRPCS_BADVERF                 = 3,
 195         PTLRPCS_REJECTEDVERF            = 4,
 196         PTLRPCS_TOOWEAK                 = 5,
 197         /* GSS errors */
 198         PTLRPCS_GSS_CREDPROBLEM         = 13,
 199         PTLRPCS_GSS_CTXPROBLEM          = 14,
 200 };
 201
 202 struct vfs_cred {
 203         __u64                   vc_pag;
 204         uid_t                   vc_uid;
 205         gid_t                   vc_gid;
 206         struct group_info      *vc_ginfo;
 207 };
 208
 209 struct ptlrpc_credops {
 210         int     (*match)  (struct ptlrpc_cred *cred, struct vfs_cred *vcred);
 211         int     (*refresh)(struct ptlrpc_cred *cred);
 212         void    (*destroy)(struct ptlrpc_cred *cred);
 213         int     (*sign)   (struct ptlrpc_cred *cred,
 214                            struct ptlrpc_request *req);
 215         int     (*verify) (struct ptlrpc_cred *cred,
 216                            struct ptlrpc_request *req);
 217         int     (*seal)   (struct ptlrpc_cred *cred,
 218                            struct ptlrpc_request *req);
 219         int     (*unseal) (struct ptlrpc_cred *cred,
 220                            struct ptlrpc_request *req);
 221 };
 222
 223 #define PTLRPC_CRED_UPTODATE_BIT        0 /* uptodate */
 224 #define PTLRPC_CRED_DEAD_BIT            1 /* mark expired gracefully */
 225 #define PTLRPC_CRED_ERROR_BIT           2 /* fatal error (refresh, etc.) */
 226
 227 #define PTLRPC_CRED_UPTODATE            (1 << PTLRPC_CRED_UPTODATE_BIT)
 228 #define PTLRPC_CRED_DEAD                (1 << PTLRPC_CRED_DEAD_BIT)
 229 #define PTLRPC_CRED_ERROR               (1 << PTLRPC_CRED_ERROR_BIT)
 230
 231 #define PTLRPC_CRED_FLAGS_MASK          (PTLRPC_CRED_UPTODATE |         \
 232                                          PTLRPC_CRED_DEAD |             \
 233                                          PTLRPC_CRED_ERROR)
 234
 235 struct ptlrpc_cred {
 236         struct list_head        pc_hash;   /* linked into hash table */
 237         atomic_t                pc_refcount;
 238         struct ptlrpc_sec      *pc_sec;
 239         struct ptlrpc_credops  *pc_ops;
 240         unsigned long           pc_expire;
 241         unsigned long           pc_flags;
 242         /* XXX maybe should not be here */
 243         __u64                   pc_pag;
 244         uid_t                   pc_uid;
 245 };
 246
 247 struct ptlrpc_secops {
 248         struct ptlrpc_sec *   (*create_sec)    (__u32 flavor,
 249                                                 const char *pipe_dir,
 250                                                 void *pipe_data);
 251         void                  (*destroy_sec)   (struct ptlrpc_sec *sec);
 252         struct ptlrpc_cred *  (*create_cred)   (struct ptlrpc_sec *sec,
 253                                                 struct vfs_cred *vcred);
 254         /* buffer manipulation */
 255         int                   (*alloc_reqbuf)  (struct ptlrpc_sec *sec,
 256                                                 struct ptlrpc_request *req,
 257                                                 int lustre_msg_size);
 258         int                   (*alloc_repbuf)  (struct ptlrpc_sec *sec,
 259                                                 struct ptlrpc_request *req,
 260                                                 int lustre_msg_size);
 261         void                  (*free_reqbuf)   (struct ptlrpc_sec *sec,
 262                                                 struct ptlrpc_request *req);
 263         void                  (*free_repbuf)   (struct ptlrpc_sec *sec,
 264                                                 struct ptlrpc_request *req);
 265         /* security payload size estimation */
 266         int                   (*est_req_payload)(struct ptlrpc_sec *sec,
 267                                                  struct ptlrpc_request *req,
 268                                                  int msgsize);
 269         int                   (*est_rep_payload)(struct ptlrpc_sec *sec,
 270                                                  struct ptlrpc_request *req,
 271                                                  int msgsize);
 272 };
 273
 274 struct ptlrpc_sec_type {
 275         struct module          *pst_owner;
 276         char                   *pst_name;
 277         atomic_t                pst_inst;       /* instance, debug only */
 278         __u32                   pst_flavor;     /* major flavor */
 279         struct ptlrpc_secops   *pst_ops;
 280 };
 281
 282 #define PTLRPC_SEC_FL_MDS               0x0001 /* outgoing from MDS */
 283 #define PTLRPC_SEC_FL_REVERSE           0x0002 /* reverse sec */
 284 #define PTLRPC_SEC_FL_PAG               0x0004 /* enable PAG */
 285
 286 #define PTLRPC_CREDCACHE_NR     8
 287 #define PTLRPC_CREDCACHE_MASK   (PTLRPC_CREDCACHE_NR - 1)
 288
 289 struct ptlrpc_sec {
 290         struct ptlrpc_sec_type *ps_type;
 291         struct list_head        ps_credcache[PTLRPC_CREDCACHE_NR];
 292         spinlock_t              ps_lock;        /* protect cred cache */
 293         __u32                   ps_flavor;
 294         atomic_t                ps_refcount;
 295         atomic_t                ps_credcount;
 296         struct obd_import      *ps_import;
 297         /* actual security model need initialize following fields */
 298         unsigned long           ps_expire;      /* cache expire interval */
 299         unsigned long           ps_nextgc;      /* next gc time */
 300         unsigned long           ps_flags;
 301 };
 302
 303 /* sec.c */
 304 int  ptlrpcs_register(struct ptlrpc_sec_type *type);
 305 int  ptlrpcs_unregister(struct ptlrpc_sec_type *type);
 306
 307 struct ptlrpc_sec * ptlrpcs_sec_create(__u32 flavor,
 308                                        unsigned long flags,
 309                                        struct obd_import *import,
 310                                        const char *pipe_dir,
 311                                        void *pipe_data);
 312 void ptlrpcs_sec_put(struct ptlrpc_sec *sec);
 313 void ptlrpcs_sec_invalidate_cache(struct ptlrpc_sec *sec);
 314
 315 struct ptlrpc_cred * ptlrpcs_cred_lookup(struct ptlrpc_sec *sec,
 316                                          struct vfs_cred *vcred);
 317 void ptlrpcs_cred_put(struct ptlrpc_cred *cred, int sync);
 318
 319 static inline void ptlrpcs_cred_get(struct ptlrpc_cred *cred)
 320 {
 321         LASSERT(atomic_read(&cred->pc_refcount));
 322         atomic_inc(&cred->pc_refcount);
 323 }
 324
 325 static inline int ptlrpcs_cred_refresh(struct ptlrpc_cred *cred)
 326 {
 327         LASSERT(cred);
 328         LASSERT(atomic_read(&cred->pc_refcount));
 329         LASSERT(cred->pc_ops);
 330         LASSERT(cred->pc_ops->refresh);
 331         return cred->pc_ops->refresh(cred);
 332 }
 333
 334 static inline int ptlrpcs_cred_is_uptodate(struct ptlrpc_cred *cred)
 335 {
 336         smp_mb();
 337         return ((cred->pc_flags & PTLRPC_CRED_FLAGS_MASK) ==
 338                 PTLRPC_CRED_UPTODATE);
 339 }
 340
 341 static inline int ptlrpcs_cred_is_dead(struct ptlrpc_cred *cred)
 342 {
 343         smp_mb();
 344         return ((cred->pc_flags & (PTLRPC_CRED_DEAD | PTLRPC_CRED_ERROR)) != 0);
 345 }
 346
 347 #define ptlrpcs_cred_expire(cred)                                       \
 348         if (!test_and_set_bit(PTLRPC_CRED_DEAD_BIT, &cred->pc_flags)) { \
 349                 CWARN("cred %p: get expired\n", cred);                  \
 350                 clear_bit(PTLRPC_CRED_UPTODATE_BIT, &cred->pc_flags);   \
 351         }
 352
 353 static inline int ptlrpcs_cred_check_uptodate(struct ptlrpc_cred *cred)
 354 {
 355         LASSERT(atomic_read(&cred->pc_refcount));
 356
 357         if (!ptlrpcs_cred_is_uptodate(cred))
 358                 return 1;
 359
 360         if (cred->pc_expire == 0)
 361                 return 0;
 362         if (time_after(cred->pc_expire, get_seconds()))
 363                 return 0;
 364         ptlrpcs_cred_expire(cred);
 365         return 1;
 366 }
 367
 368 static inline int ptlrpcs_est_req_payload(struct ptlrpc_request *req,
 369                                           int datasize)
 370 {
 371         struct ptlrpc_sec *sec = req->rq_cred->pc_sec;
 372         struct ptlrpc_secops *ops;
 373
 374         LASSERT(sec);
 375         LASSERT(sec->ps_type);
 376         LASSERT(sec->ps_type->pst_ops);
 377
 378         ops = sec->ps_type->pst_ops;
 379         if (ops->est_req_payload)
 380                 return ops->est_req_payload(sec, req, datasize);
 381         else
 382                 return 0;
 383 }
 384
 385 static inline int ptlrpcs_est_rep_payload(struct ptlrpc_request *req,
 386                                           int datasize)
 387 {
 388         struct ptlrpc_sec *sec = req->rq_cred->pc_sec;
 389         struct ptlrpc_secops *ops;
 390
 391         LASSERT(sec);
 392         LASSERT(sec->ps_type);
 393         LASSERT(sec->ps_type->pst_ops);
 394
 395         ops = sec->ps_type->pst_ops;
 396         if (ops->est_rep_payload)
 397                 return ops->est_rep_payload(sec, req, datasize);
 398         else
 399                 return 0;
 400 }
 401
 402 static inline int add_deny_security(char *sec, struct list_head *head)
 403 {
 404         deny_sec_t     *p_deny_sec = NULL;
 405         int             rc = 0;
 406
 407         LASSERT(sec != NULL);
 408
 409         OBD_ALLOC(p_deny_sec, sizeof(*p_deny_sec));
 410         if (p_deny_sec == NULL)
 411                 return -ENOMEM;
 412
 413         p_deny_sec->flavor = ptlrpcs_name2flavor(sec);
 414         if (p_deny_sec->flavor == PTLRPCS_FLVR_INVALID) {
 415                 CERROR("unrecognized security type %s\n", (char*) sec);
 416                 rc = -EINVAL;
 417                 goto out;
 418         }
 419
 420         list_add_tail(&p_deny_sec->list, head);
 421 out:
 422         if (rc) {
 423                 if (p_deny_sec)
 424                         OBD_FREE(p_deny_sec, sizeof(*p_deny_sec));
 425         }
 426         return rc;
 427 }
 428
 429 int ptlrpcs_cli_wrap_request(struct ptlrpc_request *req);
 430 int ptlrpcs_cli_unwrap_reply(struct ptlrpc_request *req);
 431 int ptlrpcs_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
 432 int ptlrpcs_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
 433 void ptlrpcs_cli_free_reqbuf(struct ptlrpc_request *req);
 434 void ptlrpcs_cli_free_repbuf(struct ptlrpc_request *req);
 435
 436 /* higher interface */
 437 int  ptlrpcs_import_get_sec(struct obd_import *imp);
 438 void ptlrpcs_import_drop_sec(struct obd_import *imp);
 439 void ptlrpcs_import_flush_current_creds(struct obd_import *imp);
 440 int  ptlrpcs_req_get_cred(struct ptlrpc_request *req);
 441 void ptlrpcs_req_drop_cred(struct ptlrpc_request *req);
 442 int  ptlrpcs_req_replace_dead_cred(struct ptlrpc_request *req);
 443 int  ptlrpcs_req_refresh_cred(struct ptlrpc_request *req);
 444 int ptlrpcs_check_cred(struct obd_import *imp);
 445
 446 /* internal helpers */
 447 int sec_alloc_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
 448                      int msgsize, int secsize);
 449 void sec_free_reqbuf(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
 450
 451 /* sec_null.c */
 452 int ptlrpcs_null_init(void);
 453 int ptlrpcs_null_exit(void);
 454
 455 /**********************************************************
 456  * Server side stuff
 457  **********************************************************/
 458
 459 struct ptlrpc_reply_state;
 460
 461 struct ptlrpc_svcsec {
 462         struct module           *pss_owner;
 463         char                    *pss_name;
 464         __u32                    pss_flavor;    /* major flavor */
 465         int                      pss_sec_size;
 466
 467         int                    (*accept)      (struct ptlrpc_request *req,
 468                                                enum ptlrpcs_error *res);
 469         int                    (*authorize)   (struct ptlrpc_request *req);
 470         int                    (*alloc_repbuf)(struct ptlrpc_svcsec *svcsec,
 471                                                struct ptlrpc_request *req,
 472                                                int msgsize);
 473         void                   (*free_repbuf) (struct ptlrpc_svcsec *svcsec,
 474                                                struct ptlrpc_reply_state *rs);
 475         void                   (*cleanup_req) (struct ptlrpc_svcsec *svcsec,
 476                                                struct ptlrpc_request *req);
 477 };
 478
 479 #define SVC_OK          1
 480 #define SVC_COMPLETE    2
 481 #define SVC_DROP        3
 482 #define SVC_LOGIN       4
 483 #define SVC_LOGOUT      5
 484
 485 int svcsec_register(struct ptlrpc_svcsec *ss);
 486 int svcsec_unregister(struct ptlrpc_svcsec *ss);
 487 int svcsec_accept(struct ptlrpc_request *req, enum ptlrpcs_error *res);
 488 int svcsec_authorize(struct ptlrpc_request *req);
 489 int svcsec_alloc_repbuf(struct ptlrpc_svcsec *svcsec,
 490                         struct ptlrpc_request *req, int msgsize);
 491 void svcsec_cleanup_req(struct ptlrpc_request *req);
 492
 493 struct ptlrpc_svcsec * svcsec_get(struct ptlrpc_svcsec *sec);
 494 void svcsec_put(struct ptlrpc_svcsec *sec);
 495
 496 /* internal helpers */
 497 int svcsec_alloc_reply_state(struct ptlrpc_request *req,
 498                              int msgsize, int secsize);
 499 void svcsec_free_reply_state(struct ptlrpc_reply_state *rs);
 500
 501 /* svcsec_null.c */
 502 int svcsec_null_init(void);
 503 int svcsec_null_exit(void);
 504
 505 /* capability */
 506 #ifdef __KERNEL__
 507 #include <linux/crypto.h>
 508 #endif
 509
 510 #define NR_CAPAHASH 32
 511 #define CAPA_TIMEOUT 1800                /* sec, == 30 min */
 512 #define CAPA_KEY_TIMEOUT (24 * 60 * 60)  /* sec, == 1 day */
 513 #define CAPA_CACHE_SIZE 1000             /* for MDS & OST */
 514 #define CAPA_HMAC_ALG "sha1"
 515
 516 struct lustre_capa_data {
 517         __u32   lc_uid;       /* uid */
 518         __u32   lc_op;        /* operations allowed */
 519         __u64   lc_ino;       /* inode# */
 520         __u32   lc_mdsid;     /* mds# */
 521         __u32   lc_keyid;     /* key used for the capability */
 522         __u64   lc_expiry;    /* expiry time: servers have clocks */
 523         __u32   lc_flags;     /* security features for capability */
 524 } __attribute__((packed));
 525
 526 struct client_capa {
 527         struct inode             *inode;      /* this should be always valid
 528                                                * if c_refc > 0 */
 529         struct lustre_handle      handle;     /* handle of mds_file_data */
 530         struct list_head         *list;       /* the capa list belong to this client */
 531         struct timer_list        *timer;      /* timer belong to this client */
 532 };
 533
 534 struct filter_capa {
 535         int                       bvalid;     /* black key here valid or not */
 536         __u32                     bkeyid;     /* black key id */
 537         __u8                      bhmac[CAPA_DIGEST_SIZE]; /* black key */
 538 };
 539
 540 struct obd_capa {
 541         struct hlist_node         c_hash;
 542         struct list_head          c_list;
 543
 544         struct lustre_capa        c_capa;        /* capa */
 545         int                       c_type;
 546         atomic_t                  c_refc;
 547
 548         union {
 549                 struct client_capa       client;
 550                 struct filter_capa       filter;
 551         } u;
 552 };
 553
 554 #define c_inode   u.client.inode
 555 #define c_handle  u.client.handle
 556 #define c_bvalid  u.filter.bvalid
 557 #define c_bkeyid  u.filter.bkeyid
 558 #define c_bhmac   u.filter.bhmac
 559
 560 enum lustre_capa_type {
 561         CLIENT_CAPA = 0,
 562         MDS_CAPA    = 1,
 563         FILTER_CAPA = 2,
 564 };
 565
 566 extern spinlock_t capa_lock;
 567 extern struct hlist_head *capa_hash;
 568 extern struct list_head capa_list[];
 569 extern struct timer_list ll_capa_timer;
 570
 571 /* obdclass/capa.c */
 572 int capa_op(int flags);
 573 void __capa_get(struct obd_capa *ocapa);
 574 struct obd_capa *capa_get(uid_t uid, int capa_op, __u64 mdsid,
 575                           unsigned long ino, int type,
 576                           struct lustre_capa *capa, struct inode *inode,
 577                           struct lustre_handle *handle);
 578 void capa_put(struct obd_capa *ocapa, int type);
 579 int capa_renew(struct lustre_capa *capa, int type);
 580 void capa_hmac(struct crypto_tfm *tfm, __u8 *key, struct lustre_capa *capa);
 581 void capa_dup(void *dst, struct obd_capa *ocapa);
 582 void capa_dup2(void *dst, struct lustre_capa *capa);
 583 int capa_expired(struct lustre_capa *capa);
 584 int __capa_is_to_expire(struct obd_capa *ocapa);
 585 int capa_is_to_expire(struct obd_capa *ocapa);
 586
 587 #define CAPA_EXPIRY_SHIFT 10 /* 1024 sec */
 588 #define CAPA_EXPIRY       (1UL << PAGE_SHIFT)
 589 #define CAPA_EXPIRY_MASK  (~(CAPA_EXPIRY-1))
 590
 591 #define CAPA_PRE_EXPIRY_NOROUND 3       /* sec */
 592 #define CAPA_PRE_EXPIRY         300     /* sec */
 593
 594 /* struct lustre_capa.lc_flags */
 595 #define CAPA_FL_NOROUND   0x001 /* capa expiry not rounded */
 596
 597 static inline unsigned long capa_pre_expiry(struct lustre_capa *capa)
 598 {
 599         return (capa->lc_flags & CAPA_FL_NOROUND) ?
 600                         CAPA_PRE_EXPIRY_NOROUND : CAPA_PRE_EXPIRY;
 601 }
 602
 603 static inline __u64
 604 round_expiry(__u32 timeout)
 605 {
 606         struct timeval tv;
 607         __u64 expiry;
 608
 609         do_gettimeofday(&tv);
 610         expiry = tv.tv_sec + timeout;
 611
 612         if (timeout > CAPA_EXPIRY)
 613                 expiry = (expiry + CAPA_EXPIRY - 1) & CAPA_EXPIRY_MASK;
 614
 615         return expiry;
 616 }
 617
 618 static inline int
 619 capa_key_cmp(struct lustre_capa_key *k1, struct lustre_capa_key *k2)
 620 {
 621         return le32_to_cpu(k1->lk_keyid) - le32_to_cpu(k2->lk_keyid);
 622 }
 623
 624 static inline unsigned long
 625 expiry_to_jiffies(__u64 expiry)
 626 {
 627         /* sec -> jiffies */
 628         struct timeval tv;
 629
 630         do_gettimeofday(&tv);
 631         return jiffies + ((unsigned long)expiry - tv.tv_sec) * HZ;
 632 }
 633
 634 struct mds_capa_key {
 635         struct list_head        k_list;
 636
 637         struct lustre_capa_key *k_key;
 638         struct obd_device      *k_obd;
 639 };
 640
 641 struct filter_capa_key {
 642         struct list_head        k_list;
 643         struct lustre_capa_key  k_key;
 644 };
 645
 646 #endif /* __LINUX_SEC_H_ */