4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
27 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
28 * Use is subject to license terms.
30 * Copyright (c) 2012, Intel Corporation.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
40 /** \defgroup sptlrpc sptlrpc
50 struct ptlrpc_request;
51 struct ptlrpc_reply_state;
52 struct ptlrpc_bulk_desc;
61 struct ptlrpc_sec_policy;
62 struct ptlrpc_sec_cops;
63 struct ptlrpc_sec_sops;
65 struct ptlrpc_svc_ctx;
66 struct ptlrpc_cli_ctx;
67 struct ptlrpc_ctx_ops;
70 * \addtogroup flavor flavor
72 * RPC flavor is represented by a 32 bits integer. Currently the high 12 bits
73 * are unused, must be set to 0 for future expansion.
75 * ------------------------------------------------------------------------
76 * | 4b (bulk svc) | 4b (bulk type) | 4b (svc) | 4b (mech) | 4b (policy) |
77 * ------------------------------------------------------------------------
87 SPTLRPC_POLICY_NULL = 0,
88 SPTLRPC_POLICY_PLAIN = 1,
89 SPTLRPC_POLICY_GSS = 2,
93 enum sptlrpc_mech_null {
94 SPTLRPC_MECH_NULL = 0,
95 SPTLRPC_MECH_NULL_MAX,
98 enum sptlrpc_mech_plain {
99 SPTLRPC_MECH_PLAIN = 0,
100 SPTLRPC_MECH_PLAIN_MAX,
103 enum sptlrpc_mech_gss {
104 SPTLRPC_MECH_GSS_NULL = 0,
105 SPTLRPC_MECH_GSS_KRB5 = 1,
106 SPTLRPC_MECH_GSS_MAX,
109 enum sptlrpc_service_type {
110 SPTLRPC_SVC_NULL = 0, /**< no security */
111 SPTLRPC_SVC_AUTH = 1, /**< authentication only */
112 SPTLRPC_SVC_INTG = 2, /**< integrity */
113 SPTLRPC_SVC_PRIV = 3, /**< privacy */
117 enum sptlrpc_bulk_type {
118 SPTLRPC_BULK_DEFAULT = 0, /**< follow rpc flavor */
119 SPTLRPC_BULK_HASH = 1, /**< hash integrity */
123 enum sptlrpc_bulk_service {
124 SPTLRPC_BULK_SVC_NULL = 0, /**< no security */
125 SPTLRPC_BULK_SVC_AUTH = 1, /**< authentication only */
126 SPTLRPC_BULK_SVC_INTG = 2, /**< integrity */
127 SPTLRPC_BULK_SVC_PRIV = 3, /**< privacy */
128 SPTLRPC_BULK_SVC_MAX,
132 * compose/extract macros
134 #define FLVR_POLICY_OFFSET (0)
135 #define FLVR_MECH_OFFSET (4)
136 #define FLVR_SVC_OFFSET (8)
137 #define FLVR_BULK_TYPE_OFFSET (12)
138 #define FLVR_BULK_SVC_OFFSET (16)
140 #define MAKE_FLVR(policy, mech, svc, btype, bsvc) \
141 (((__u32)(policy) << FLVR_POLICY_OFFSET) | \
142 ((__u32)(mech) << FLVR_MECH_OFFSET) | \
143 ((__u32)(svc) << FLVR_SVC_OFFSET) | \
144 ((__u32)(btype) << FLVR_BULK_TYPE_OFFSET) | \
145 ((__u32)(bsvc) << FLVR_BULK_SVC_OFFSET))
150 #define SPTLRPC_FLVR_POLICY(flavor) \
151 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xF)
152 #define SPTLRPC_FLVR_MECH(flavor) \
153 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xF)
154 #define SPTLRPC_FLVR_SVC(flavor) \
155 ((((__u32)(flavor)) >> FLVR_SVC_OFFSET) & 0xF)
156 #define SPTLRPC_FLVR_BULK_TYPE(flavor) \
157 ((((__u32)(flavor)) >> FLVR_BULK_TYPE_OFFSET) & 0xF)
158 #define SPTLRPC_FLVR_BULK_SVC(flavor) \
159 ((((__u32)(flavor)) >> FLVR_BULK_SVC_OFFSET) & 0xF)
161 #define SPTLRPC_FLVR_BASE(flavor) \
162 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xFFF)
163 #define SPTLRPC_FLVR_BASE_SUB(flavor) \
164 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xFF)
169 #define MAKE_BASE_SUBFLVR(mech, svc) \
171 ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
173 #define SPTLRPC_SUBFLVR_GSSNULL \
174 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_NULL, SPTLRPC_SVC_NULL)
175 #define SPTLRPC_SUBFLVR_KRB5N \
176 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
177 #define SPTLRPC_SUBFLVR_KRB5A \
178 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
179 #define SPTLRPC_SUBFLVR_KRB5I \
180 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
181 #define SPTLRPC_SUBFLVR_KRB5P \
182 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
187 #define SPTLRPC_FLVR_NULL \
188 MAKE_FLVR(SPTLRPC_POLICY_NULL, \
191 SPTLRPC_BULK_DEFAULT, \
192 SPTLRPC_BULK_SVC_NULL)
193 #define SPTLRPC_FLVR_PLAIN \
194 MAKE_FLVR(SPTLRPC_POLICY_PLAIN, \
195 SPTLRPC_MECH_PLAIN, \
198 SPTLRPC_BULK_SVC_INTG)
199 #define SPTLRPC_FLVR_GSSNULL \
200 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
201 SPTLRPC_MECH_GSS_NULL, \
203 SPTLRPC_BULK_DEFAULT, \
204 SPTLRPC_BULK_SVC_NULL)
205 #define SPTLRPC_FLVR_KRB5N \
206 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
207 SPTLRPC_MECH_GSS_KRB5, \
209 SPTLRPC_BULK_DEFAULT, \
210 SPTLRPC_BULK_SVC_NULL)
211 #define SPTLRPC_FLVR_KRB5A \
212 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
213 SPTLRPC_MECH_GSS_KRB5, \
215 SPTLRPC_BULK_DEFAULT, \
216 SPTLRPC_BULK_SVC_NULL)
217 #define SPTLRPC_FLVR_KRB5I \
218 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
219 SPTLRPC_MECH_GSS_KRB5, \
221 SPTLRPC_BULK_DEFAULT, \
222 SPTLRPC_BULK_SVC_INTG)
223 #define SPTLRPC_FLVR_KRB5P \
224 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
225 SPTLRPC_MECH_GSS_KRB5, \
227 SPTLRPC_BULK_DEFAULT, \
228 SPTLRPC_BULK_SVC_PRIV)
230 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
232 #define SPTLRPC_FLVR_INVALID ((__u32) 0xFFFFFFFF)
233 #define SPTLRPC_FLVR_ANY ((__u32) 0xFFF00000)
236 * extract the useful part from wire flavor
238 #define WIRE_FLVR(wflvr) (((__u32) (wflvr)) & 0x000FFFFF)
242 static inline void flvr_set_svc(__u32 *flvr, __u32 svc)
244 LASSERT(svc < SPTLRPC_SVC_MAX);
245 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
246 SPTLRPC_FLVR_MECH(*flvr),
248 SPTLRPC_FLVR_BULK_TYPE(*flvr),
249 SPTLRPC_FLVR_BULK_SVC(*flvr));
252 static inline void flvr_set_bulk_svc(__u32 *flvr, __u32 svc)
254 LASSERT(svc < SPTLRPC_BULK_SVC_MAX);
255 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
256 SPTLRPC_FLVR_MECH(*flvr),
257 SPTLRPC_FLVR_SVC(*flvr),
258 SPTLRPC_FLVR_BULK_TYPE(*flvr),
262 struct bulk_spec_hash {
267 * Full description of flavors being used on a ptlrpc connection, include
268 * both regular RPC and bulk transfer parts.
270 struct sptlrpc_flavor {
272 * wire flavor, should be renamed to sf_wire.
276 * general flags of PTLRPC_SEC_FL_*
280 * rpc flavor specification
283 /* nothing for now */
286 * bulk flavor specification
289 struct bulk_spec_hash hash;
294 * identify the RPC is generated from what part of Lustre. It's encoded into
295 * RPC requests and to be checked by ptlrpc service.
297 enum lustre_sec_part {
306 const char *sptlrpc_part2name(enum lustre_sec_part sp);
307 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
310 * A rule specifies a flavor to be used by a ptlrpc connection between
313 struct sptlrpc_rule {
314 __u32 sr_netid; /* LNET network ID */
315 __u8 sr_from; /* sec_part */
316 __u8 sr_to; /* sec_part */
318 struct sptlrpc_flavor sr_flvr;
322 * A set of rules in memory.
324 * Rules are generated and stored on MGS, and propagated to MDT, OST,
325 * and client when needed.
327 struct sptlrpc_rule_set {
330 struct sptlrpc_rule *srs_rules;
333 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
334 int sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr);
336 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
338 memset(set, 0, sizeof(*set));
341 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
342 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set);
343 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
344 struct sptlrpc_rule *rule);
345 int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
346 enum lustre_sec_part from,
347 enum lustre_sec_part to,
349 struct sptlrpc_flavor *sf);
350 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
352 int sptlrpc_process_config(struct lustre_cfg *lcfg);
353 void sptlrpc_conf_log_start(const char *logname);
354 void sptlrpc_conf_log_stop(const char *logname);
355 void sptlrpc_conf_log_update_begin(const char *logname);
356 void sptlrpc_conf_log_update_end(const char *logname);
357 void sptlrpc_conf_client_adapt(struct obd_device *obd);
358 int sptlrpc_conf_target_get_rules(struct obd_device *obd,
359 struct sptlrpc_rule_set *rset,
361 void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
362 enum lustre_sec_part from,
364 struct sptlrpc_flavor *flavor);
366 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
367 * and should be enough for other future mechanisms but not sure.
368 * Only used by pre-allocated request/reply pool.
370 #define SPTLRPC_MAX_PAYLOAD (1024)
378 struct ptlrpc_ctx_ops {
380 * To determine whether it's suitable to use the \a ctx for \a vcred.
382 int (*match) (struct ptlrpc_cli_ctx *ctx,
383 struct vfs_cred *vcred);
386 * To bring the \a ctx uptodate.
388 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
391 * Validate the \a ctx.
393 int (*validate) (struct ptlrpc_cli_ctx *ctx);
396 * Force the \a ctx to die.
398 void (*die) (struct ptlrpc_cli_ctx *ctx,
400 int (*display) (struct ptlrpc_cli_ctx *ctx,
401 char *buf, int bufsize);
404 * Sign the request message using \a ctx.
406 * \pre req->rq_reqmsg point to request message.
407 * \pre req->rq_reqlen is the request message length.
408 * \post req->rq_reqbuf point to request message with signature.
409 * \post req->rq_reqdata_len is set to the final request message size.
411 * \see null_ctx_sign(), plain_ctx_sign(), gss_cli_ctx_sign().
413 int (*sign) (struct ptlrpc_cli_ctx *ctx,
414 struct ptlrpc_request *req);
417 * Verify the reply message using \a ctx.
419 * \pre req->rq_repdata point to reply message with signature.
420 * \pre req->rq_repdata_len is the total reply message length.
421 * \post req->rq_repmsg point to reply message without signature.
422 * \post req->rq_replen is the reply message length.
424 * \see null_ctx_verify(), plain_ctx_verify(), gss_cli_ctx_verify().
426 int (*verify) (struct ptlrpc_cli_ctx *ctx,
427 struct ptlrpc_request *req);
430 * Encrypt the request message using \a ctx.
432 * \pre req->rq_reqmsg point to request message in clear text.
433 * \pre req->rq_reqlen is the request message length.
434 * \post req->rq_reqbuf point to request message.
435 * \post req->rq_reqdata_len is set to the final request message size.
437 * \see gss_cli_ctx_seal().
439 int (*seal) (struct ptlrpc_cli_ctx *ctx,
440 struct ptlrpc_request *req);
443 * Decrypt the reply message using \a ctx.
445 * \pre req->rq_repdata point to encrypted reply message.
446 * \pre req->rq_repdata_len is the total cipher text length.
447 * \post req->rq_repmsg point to reply message in clear text.
448 * \post req->rq_replen is the reply message length in clear text.
450 * \see gss_cli_ctx_unseal().
452 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
453 struct ptlrpc_request *req);
456 * Wrap bulk request data. This is called before wrapping RPC
459 * \pre bulk buffer is descripted by desc->bd_iov and
460 * desc->bd_iov_count. note for read it's just buffer, no data
461 * need to be sent; for write it contains data in clear text.
462 * \post when necessary, ptlrpc_bulk_sec_desc was properly prepared
463 * (usually inside of RPC request message).
464 * - encryption: cipher text bulk buffer is descripted by
465 * desc->bd_enc_iov and desc->bd_iov_count (currently assume iov
466 * count remains the same).
467 * - otherwise: bulk buffer is still desc->bd_iov and
468 * desc->bd_iov_count.
470 * \return 0: success.
471 * \return -ev: error code.
473 * \see plain_cli_wrap_bulk(), gss_cli_ctx_wrap_bulk().
475 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
476 struct ptlrpc_request *req,
477 struct ptlrpc_bulk_desc *desc);
480 * Unwrap bulk reply data. This is called after wrapping RPC
483 * \pre bulk buffer is descripted by desc->bd_iov/desc->bd_enc_iov and
484 * desc->bd_iov_count, according to wrap_bulk().
485 * \post final bulk data in clear text is placed in buffer described
486 * by desc->bd_iov and desc->bd_iov_count.
487 * \return +ve nob of actual bulk data in clear text.
488 * \return -ve error code.
490 * \see plain_cli_unwrap_bulk(), gss_cli_ctx_unwrap_bulk().
492 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
493 struct ptlrpc_request *req,
494 struct ptlrpc_bulk_desc *desc);
497 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
498 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
499 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
500 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
501 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
502 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
504 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
505 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
506 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
507 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
508 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
509 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
511 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
512 PTLRPC_CTX_UPTODATE | \
516 struct ptlrpc_cli_ctx {
517 cfs_hlist_node_t cc_cache; /* linked into ctx cache */
518 atomic_t cc_refcount;
519 struct ptlrpc_sec *cc_sec;
520 struct ptlrpc_ctx_ops *cc_ops;
521 cfs_time_t cc_expire; /* in seconds */
522 unsigned int cc_early_expire:1;
523 unsigned long cc_flags;
524 struct vfs_cred cc_vcred;
526 cfs_list_t cc_req_list; /* waiting reqs linked here */
527 cfs_list_t cc_gc_chain; /* linked to gc chain */
531 * client side policy operation vector.
533 struct ptlrpc_sec_cops {
535 * Given an \a imp, create and initialize a ptlrpc_sec structure.
536 * \param ctx service context:
537 * - regular import: \a ctx should be NULL;
538 * - reverse import: \a ctx is obtained from incoming request.
539 * \param flavor specify what flavor to use.
541 * When necessary, policy module is responsible for taking reference
544 * \see null_create_sec(), plain_create_sec(), gss_sec_create_kr().
546 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
547 struct ptlrpc_svc_ctx *ctx,
548 struct sptlrpc_flavor *flavor);
551 * Destructor of ptlrpc_sec. When called, refcount has been dropped
552 * to 0 and all contexts has been destroyed.
554 * \see null_destroy_sec(), plain_destroy_sec(), gss_sec_destroy_kr().
556 void (*destroy_sec) (struct ptlrpc_sec *sec);
559 * Notify that this ptlrpc_sec is going to die. Optionally, policy
560 * module is supposed to set sec->ps_dying and whatever necessary
563 * \see plain_kill_sec(), gss_sec_kill().
565 void (*kill_sec) (struct ptlrpc_sec *sec);
568 * Given \a vcred, lookup and/or create its context. The policy module
569 * is supposed to maintain its own context cache.
570 * XXX currently \a create and \a remove_dead is always 1, perhaps
571 * should be removed completely.
573 * \see null_lookup_ctx(), plain_lookup_ctx(), gss_sec_lookup_ctx_kr().
575 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
576 struct vfs_cred *vcred,
581 * Called then the reference of \a ctx dropped to 0. The policy module
582 * is supposed to destroy this context or whatever else according to
583 * its cache maintainance mechamism.
585 * \param sync if zero, we shouldn't wait for the context being
586 * destroyed completely.
588 * \see plain_release_ctx(), gss_sec_release_ctx_kr().
590 void (*release_ctx) (struct ptlrpc_sec *sec,
591 struct ptlrpc_cli_ctx *ctx,
595 * Flush the context cache.
597 * \param uid context of which user, -1 means all contexts.
598 * \param grace if zero, the PTLRPC_CTX_UPTODATE_BIT of affected
599 * contexts should be cleared immediately.
600 * \param force if zero, only idle contexts will be flushed.
602 * \see plain_flush_ctx_cache(), gss_sec_flush_ctx_cache_kr().
604 int (*flush_ctx_cache)
605 (struct ptlrpc_sec *sec,
611 * Called periodically by garbage collector to remove dead contexts
614 * \see gss_sec_gc_ctx_kr().
616 void (*gc_ctx) (struct ptlrpc_sec *sec);
619 * Given an context \a ctx, install a corresponding reverse service
620 * context on client side.
621 * XXX currently it's only used by GSS module, maybe we should remove
622 * this from general API.
624 int (*install_rctx)(struct obd_import *imp,
625 struct ptlrpc_sec *sec,
626 struct ptlrpc_cli_ctx *ctx);
629 * To allocate request buffer for \a req.
631 * \pre req->rq_reqmsg == NULL.
632 * \pre req->rq_reqbuf == NULL, otherwise it must be pre-allocated,
633 * we are not supposed to free it.
634 * \post if success, req->rq_reqmsg point to a buffer with size
635 * at least \a lustre_msg_size.
637 * \see null_alloc_reqbuf(), plain_alloc_reqbuf(), gss_alloc_reqbuf().
639 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
640 struct ptlrpc_request *req,
641 int lustre_msg_size);
644 * To free request buffer for \a req.
646 * \pre req->rq_reqbuf != NULL.
648 * \see null_free_reqbuf(), plain_free_reqbuf(), gss_free_reqbuf().
650 void (*free_reqbuf) (struct ptlrpc_sec *sec,
651 struct ptlrpc_request *req);
654 * To allocate reply buffer for \a req.
656 * \pre req->rq_repbuf == NULL.
657 * \post if success, req->rq_repbuf point to a buffer with size
658 * req->rq_repbuf_len, the size should be large enough to receive
659 * reply which be transformed from \a lustre_msg_size of clear text.
661 * \see null_alloc_repbuf(), plain_alloc_repbuf(), gss_alloc_repbuf().
663 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
664 struct ptlrpc_request *req,
665 int lustre_msg_size);
668 * To free reply buffer for \a req.
670 * \pre req->rq_repbuf != NULL.
671 * \post req->rq_repbuf == NULL.
672 * \post req->rq_repbuf_len == 0.
674 * \see null_free_repbuf(), plain_free_repbuf(), gss_free_repbuf().
676 void (*free_repbuf) (struct ptlrpc_sec *sec,
677 struct ptlrpc_request *req);
680 * To expand the request buffer of \a req, thus the \a segment in
681 * the request message pointed by req->rq_reqmsg can accommodate
682 * at least \a newsize of data.
684 * \pre req->rq_reqmsg->lm_buflens[segment] < newsize.
686 * \see null_enlarge_reqbuf(), plain_enlarge_reqbuf(),
687 * gss_enlarge_reqbuf().
689 int (*enlarge_reqbuf)
690 (struct ptlrpc_sec *sec,
691 struct ptlrpc_request *req,
692 int segment, int newsize);
696 int (*display) (struct ptlrpc_sec *sec,
697 struct seq_file *seq);
701 * server side policy operation vector.
703 struct ptlrpc_sec_sops {
705 * verify an incoming request.
707 * \pre request message is pointed by req->rq_reqbuf, size is
708 * req->rq_reqdata_len; and the message has been unpacked to
711 * \retval SECSVC_OK success, req->rq_reqmsg point to request message
712 * in clear text, size is req->rq_reqlen; req->rq_svc_ctx is set;
713 * req->rq_sp_from is decoded from request.
714 * \retval SECSVC_COMPLETE success, the request has been fully
715 * processed, and reply message has been prepared; req->rq_sp_from is
716 * decoded from request.
717 * \retval SECSVC_DROP failed, this request should be dropped.
719 * \see null_accept(), plain_accept(), gss_svc_accept_kr().
721 int (*accept) (struct ptlrpc_request *req);
724 * Perform security transformation upon reply message.
726 * \pre reply message is pointed by req->rq_reply_state->rs_msg, size
728 * \post req->rs_repdata_len is the final message size.
729 * \post req->rq_reply_off is set.
731 * \see null_authorize(), plain_authorize(), gss_svc_authorize().
733 int (*authorize) (struct ptlrpc_request *req);
736 * Invalidate server context \a ctx.
738 * \see gss_svc_invalidate_ctx().
740 void (*invalidate_ctx)
741 (struct ptlrpc_svc_ctx *ctx);
744 * Allocate a ptlrpc_reply_state.
746 * \param msgsize size of the reply message in clear text.
747 * \pre if req->rq_reply_state != NULL, then it's pre-allocated, we
748 * should simply use it; otherwise we'll responsible for allocating
750 * \post req->rq_reply_state != NULL;
751 * \post req->rq_reply_state->rs_msg != NULL;
753 * \see null_alloc_rs(), plain_alloc_rs(), gss_svc_alloc_rs().
755 int (*alloc_rs) (struct ptlrpc_request *req,
759 * Free a ptlrpc_reply_state.
761 void (*free_rs) (struct ptlrpc_reply_state *rs);
764 * Release the server context \a ctx.
766 * \see gss_svc_free_ctx().
768 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
771 * Install a reverse context based on the server context \a ctx.
773 * \see gss_svc_install_rctx_kr().
775 int (*install_rctx)(struct obd_import *imp,
776 struct ptlrpc_svc_ctx *ctx);
779 * Prepare buffer for incoming bulk write.
781 * \pre desc->bd_iov and desc->bd_iov_count describes the buffer
782 * intended to receive the write.
784 * \see gss_svc_prep_bulk().
786 int (*prep_bulk) (struct ptlrpc_request *req,
787 struct ptlrpc_bulk_desc *desc);
790 * Unwrap the bulk write data.
792 * \see plain_svc_unwrap_bulk(), gss_svc_unwrap_bulk().
794 int (*unwrap_bulk) (struct ptlrpc_request *req,
795 struct ptlrpc_bulk_desc *desc);
798 * Wrap the bulk read data.
800 * \see plain_svc_wrap_bulk(), gss_svc_wrap_bulk().
802 int (*wrap_bulk) (struct ptlrpc_request *req,
803 struct ptlrpc_bulk_desc *desc);
806 struct ptlrpc_sec_policy {
807 struct module *sp_owner;
809 __u16 sp_policy; /* policy number */
810 struct ptlrpc_sec_cops *sp_cops; /* client ops */
811 struct ptlrpc_sec_sops *sp_sops; /* server ops */
814 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
815 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
816 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
817 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
818 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
821 * The ptlrpc_sec represents the client side ptlrpc security facilities,
822 * each obd_import (both regular and reverse import) must associate with
825 * \see sptlrpc_import_sec_adapt().
828 struct ptlrpc_sec_policy *ps_policy;
829 atomic_t ps_refcount;
830 /** statistic only */
832 /** unique identifier */
834 struct sptlrpc_flavor ps_flvr;
835 enum lustre_sec_part ps_part;
836 /** after set, no more new context will be created */
837 unsigned int ps_dying:1;
839 struct obd_import *ps_import;
845 cfs_list_t ps_gc_list;
846 cfs_time_t ps_gc_interval; /* in seconds */
847 cfs_time_t ps_gc_next; /* in seconds */
850 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
852 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
855 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
857 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
861 struct ptlrpc_svc_ctx {
862 atomic_t sc_refcount;
863 struct ptlrpc_sec_policy *sc_policy;
867 * user identity descriptor
869 #define LUSTRE_MAX_GROUPS (128)
871 struct ptlrpc_user_desc {
884 enum sptlrpc_bulk_hash_alg {
885 BULK_HASH_ALG_NULL = 0,
886 BULK_HASH_ALG_ADLER32,
890 BULK_HASH_ALG_SHA256,
891 BULK_HASH_ALG_SHA384,
892 BULK_HASH_ALG_SHA512,
896 const char * sptlrpc_get_hash_name(__u8 hash_alg);
897 __u8 sptlrpc_get_hash_alg(const char *algname);
903 struct ptlrpc_bulk_sec_desc {
904 __u8 bsd_version; /* 0 */
905 __u8 bsd_type; /* SPTLRPC_BULK_XXX */
906 __u8 bsd_svc; /* SPTLRPC_BULK_SVC_XXXX */
907 __u8 bsd_flags; /* flags */
908 __u32 bsd_nob; /* nob of bulk data */
909 __u8 bsd_data[0]; /* policy-specific token */
916 struct proc_dir_entry;
917 extern struct proc_dir_entry *sptlrpc_proc_root;
920 * round size up to next power of 2, for slab allocation.
921 * @size must be sane (can't overflow after round up)
923 static inline int size_roundup_power2(int size)
936 * internal support libraries
938 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
939 int segment, int newsize);
944 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
945 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
947 __u32 sptlrpc_name2flavor_base(const char *name);
948 const char *sptlrpc_flavor2name_base(__u32 flvr);
949 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
950 char *buf, int bufsize);
951 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
952 char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize);
954 static inline struct ptlrpc_sec_policy *
955 sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
957 __module_get(policy->sp_owner);
962 sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
964 module_put(policy->sp_owner);
971 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
973 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
977 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
979 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
983 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
985 return (cli_ctx_status(ctx) != 0);
989 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
991 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
995 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
997 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
1001 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
1003 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
1007 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
1009 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
1015 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
1016 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
1019 * internal apis which only used by policy impelentation
1021 int sptlrpc_get_next_secid(void);
1022 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
1025 * exported client context api
1027 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
1028 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
1029 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
1030 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
1031 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
1034 * exported client context wrap/buffers
1036 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
1037 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
1038 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
1039 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
1040 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
1041 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
1042 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
1043 int segment, int newsize);
1044 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
1045 struct ptlrpc_request **req_ret);
1046 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
1048 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
1051 * exported higher interface of import & request
1053 int sptlrpc_import_sec_adapt(struct obd_import *imp,
1054 struct ptlrpc_svc_ctx *ctx,
1055 struct sptlrpc_flavor *flvr);
1056 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
1057 void sptlrpc_import_sec_put(struct obd_import *imp);
1059 int sptlrpc_import_check_ctx(struct obd_import *imp);
1060 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
1061 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
1062 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
1063 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
1064 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
1065 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
1066 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
1067 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
1069 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
1072 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
1073 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
1074 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
1077 const char * sec2target_str(struct ptlrpc_sec *sec);
1078 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
1083 enum secsvc_accept_res {
1089 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
1090 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
1091 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
1092 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
1093 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
1094 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
1095 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
1097 int sptlrpc_target_export_check(struct obd_export *exp,
1098 struct ptlrpc_request *req);
1099 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
1100 struct sptlrpc_rule_set *rset);
1105 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
1106 struct ptlrpc_svc_ctx *ctx);
1107 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
1108 struct ptlrpc_cli_ctx *ctx);
1110 /* bulk security api */
1111 int sptlrpc_enc_pool_add_user(void);
1112 int sptlrpc_enc_pool_del_user(void);
1113 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
1114 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
1116 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
1117 struct ptlrpc_bulk_desc *desc);
1118 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
1119 struct ptlrpc_bulk_desc *desc,
1121 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
1122 struct ptlrpc_bulk_desc *desc);
1123 #ifdef HAVE_SERVER_SUPPORT
1124 int sptlrpc_svc_prep_bulk(struct ptlrpc_request *req,
1125 struct ptlrpc_bulk_desc *desc);
1126 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
1127 struct ptlrpc_bulk_desc *desc);
1128 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
1129 struct ptlrpc_bulk_desc *desc);
1132 /* bulk helpers (internal use only by policies) */
1133 int sptlrpc_get_bulk_checksum(struct ptlrpc_bulk_desc *desc, __u8 alg,
1134 void *buf, int buflen);
1136 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset, int swabbed);
1138 /* user descriptor helpers */
1139 static inline int sptlrpc_user_desc_size(int ngroups)
1141 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
1144 int sptlrpc_current_user_desc_size(void);
1145 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
1146 int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
1149 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
1150 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
1153 LUSTRE_SEC_NONE = 0,
1154 LUSTRE_SEC_REMOTE = 1,
1155 LUSTRE_SEC_SPECIFY = 2,
1161 #endif /* _LUSTRE_SEC_H_ */