1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright 2008 Sun Microsystems, Inc. All rights reserved
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
55 struct ptlrpc_sec_policy;
56 struct ptlrpc_sec_cops;
57 struct ptlrpc_sec_sops;
59 struct ptlrpc_svc_ctx;
60 struct ptlrpc_cli_ctx;
61 struct ptlrpc_ctx_ops;
67 SPTLRPC_POLICY_NULL = 0,
68 SPTLRPC_POLICY_PLAIN = 1,
69 SPTLRPC_POLICY_GSS = 2,
73 enum sptlrpc_mech_null {
74 SPTLRPC_MECH_NULL = 0,
75 SPTLRPC_MECH_NULL_MAX,
78 enum sptlrpc_mech_plain {
79 SPTLRPC_MECH_PLAIN = 0,
80 SPTLRPC_MECH_PLAIN_MAX,
83 enum sptlrpc_mech_gss {
84 SPTLRPC_MECH_GSS_NULL = 0,
85 SPTLRPC_MECH_GSS_KRB5 = 1,
89 enum sptlrpc_service_type {
90 SPTLRPC_SVC_NULL = 0, /* no security */
91 SPTLRPC_SVC_AUTH = 1, /* auth only */
92 SPTLRPC_SVC_INTG = 2, /* integrity */
93 SPTLRPC_SVC_PRIV = 3, /* privacy */
98 * rpc flavor compose/extract, represented as 16 bits
100 * 4b (reserved) | 4b (svc) | 4b (mech) | 4b (policy)
102 #define RPC_FLVR_POLICY_OFFSET (0)
103 #define RPC_FLVR_MECH_OFFSET (4)
104 #define RPC_FLVR_SVC_OFFSET (8)
106 #define MAKE_RPC_FLVR(policy, mech, svc) \
107 (((__u16)(policy) << RPC_FLVR_POLICY_OFFSET) | \
108 ((__u16)(mech) << RPC_FLVR_MECH_OFFSET) | \
109 ((__u16)(svc) << RPC_FLVR_SVC_OFFSET))
111 #define MAKE_RPC_SUBFLVR(mech, svc) \
113 ((__u16)(svc) << (RPC_FLVR_SVC_OFFSET - RPC_FLVR_MECH_OFFSET)))
115 #define RPC_FLVR_SUB(flavor) \
116 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xFF)
118 #define RPC_FLVR_POLICY(flavor) \
119 ((((__u16)(flavor)) >> RPC_FLVR_POLICY_OFFSET) & 0xF)
120 #define RPC_FLVR_MECH(flavor) \
121 ((((__u16)(flavor)) >> RPC_FLVR_MECH_OFFSET) & 0xF)
122 #define RPC_FLVR_SVC(flavor) \
123 ((((__u16)(flavor)) >> RPC_FLVR_SVC_OFFSET) & 0xF)
128 #define SPTLRPC_SUBFLVR_KRB5N \
129 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
130 #define SPTLRPC_SUBFLVR_KRB5A \
131 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
132 #define SPTLRPC_SUBFLVR_KRB5I \
133 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
134 #define SPTLRPC_SUBFLVR_KRB5P \
135 MAKE_RPC_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
140 #define SPTLRPC_FLVR_NULL \
141 MAKE_RPC_FLVR(SPTLRPC_POLICY_NULL, \
144 #define SPTLRPC_FLVR_PLAIN \
145 MAKE_RPC_FLVR(SPTLRPC_POLICY_PLAIN, \
146 SPTLRPC_MECH_PLAIN, \
148 #define SPTLRPC_FLVR_KRB5N \
149 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
150 SPTLRPC_MECH_GSS_KRB5, \
152 #define SPTLRPC_FLVR_KRB5A \
153 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
154 SPTLRPC_MECH_GSS_KRB5, \
156 #define SPTLRPC_FLVR_KRB5I \
157 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
158 SPTLRPC_MECH_GSS_KRB5, \
160 #define SPTLRPC_FLVR_KRB5P \
161 MAKE_RPC_FLVR(SPTLRPC_POLICY_GSS, \
162 SPTLRPC_MECH_GSS_KRB5, \
165 #define SPTLRPC_FLVR_INVALID ((__u16) -1)
167 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
170 * 32 bits wire flavor (msg->lm_secflvr), lower 12 bits is the rpc flavor,
171 * higher 20 bits is not defined right now.
173 #define WIRE_FLVR_RPC(wflvr) (((__u16) (wflvr)) & 0x0FFF)
175 static inline void rpc_flvr_set_svc(__u16 *flvr, __u16 svc)
177 LASSERT(svc < SPTLRPC_SVC_MAX);
178 *flvr = MAKE_RPC_FLVR(RPC_FLVR_POLICY(*flvr),
179 RPC_FLVR_MECH(*flvr),
184 struct sptlrpc_flavor {
185 __u16 sf_rpc; /* rpc flavor */
186 __u8 sf_bulk_ciph; /* bulk cipher alg */
187 __u8 sf_bulk_hash; /* bulk hash alg */
188 __u32 sf_flags; /* general flags */
191 enum lustre_sec_part {
200 const char *sptlrpc_part2name(enum lustre_sec_part sp);
201 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
203 struct sptlrpc_rule {
204 __u32 sr_netid; /* LNET network ID */
205 __u8 sr_from; /* sec_part */
206 __u8 sr_to; /* sec_part */
208 struct sptlrpc_flavor sr_flvr;
211 struct sptlrpc_rule_set {
214 struct sptlrpc_rule *srs_rules;
217 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
219 memset(set, 0, sizeof(*set));
222 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
223 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set, int expand);
224 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
225 struct sptlrpc_rule *rule,
227 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
229 int sptlrpc_process_config(struct lustre_cfg *lcfg);
230 void sptlrpc_conf_log_start(const char *logname);
231 void sptlrpc_conf_log_stop(const char *logname);
232 void sptlrpc_conf_log_update_begin(const char *logname);
233 void sptlrpc_conf_log_update_end(const char *logname);
234 void sptlrpc_conf_client_adapt(struct obd_device *obd);
235 int sptlrpc_conf_target_get_rules(struct obd_device *obd,
236 struct sptlrpc_rule_set *rset,
238 void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
239 enum lustre_sec_part from,
241 struct sptlrpc_flavor *flavor);
243 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
244 * and should be enough for other future mechanisms but not sure.
245 * Only used by pre-allocated request/reply pool.
247 #define SPTLRPC_MAX_PAYLOAD (1024)
255 struct ptlrpc_ctx_ops {
256 int (*match) (struct ptlrpc_cli_ctx *ctx,
257 struct vfs_cred *vcred);
258 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
259 int (*validate) (struct ptlrpc_cli_ctx *ctx);
260 void (*die) (struct ptlrpc_cli_ctx *ctx,
262 int (*display) (struct ptlrpc_cli_ctx *ctx,
263 char *buf, int bufsize);
267 int (*sign) (struct ptlrpc_cli_ctx *ctx,
268 struct ptlrpc_request *req);
269 int (*verify) (struct ptlrpc_cli_ctx *ctx,
270 struct ptlrpc_request *req);
271 int (*seal) (struct ptlrpc_cli_ctx *ctx,
272 struct ptlrpc_request *req);
273 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
274 struct ptlrpc_request *req);
278 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
279 struct ptlrpc_request *req,
280 struct ptlrpc_bulk_desc *desc);
281 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
282 struct ptlrpc_request *req,
283 struct ptlrpc_bulk_desc *desc);
286 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
287 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
288 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
289 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
290 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
291 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
293 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
294 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
295 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
296 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
297 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
298 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
300 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
301 PTLRPC_CTX_UPTODATE | \
305 struct ptlrpc_cli_ctx {
306 struct hlist_node cc_cache; /* linked into ctx cache */
307 atomic_t cc_refcount;
308 struct ptlrpc_sec *cc_sec;
309 struct ptlrpc_ctx_ops *cc_ops;
310 cfs_time_t cc_expire; /* in seconds */
311 unsigned int cc_early_expire:1;
312 unsigned long cc_flags;
313 struct vfs_cred cc_vcred;
315 struct list_head cc_req_list; /* waiting reqs linked here */
316 struct list_head cc_gc_chain; /* linked to gc chain */
319 struct ptlrpc_sec_cops {
321 * ptlrpc_sec constructor/destructor
323 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
324 struct ptlrpc_svc_ctx *ctx,
325 struct sptlrpc_flavor *flavor);
326 void (*destroy_sec) (struct ptlrpc_sec *sec);
331 void (*kill_sec) (struct ptlrpc_sec *sec);
336 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
337 struct vfs_cred *vcred,
340 void (*release_ctx) (struct ptlrpc_sec *sec,
341 struct ptlrpc_cli_ctx *ctx,
343 int (*flush_ctx_cache)
344 (struct ptlrpc_sec *sec,
348 void (*gc_ctx) (struct ptlrpc_sec *sec);
353 int (*install_rctx)(struct obd_import *imp,
354 struct ptlrpc_sec *sec,
355 struct ptlrpc_cli_ctx *ctx);
358 * request/reply buffer manipulation
360 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
361 struct ptlrpc_request *req,
362 int lustre_msg_size);
363 void (*free_reqbuf) (struct ptlrpc_sec *sec,
364 struct ptlrpc_request *req);
365 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
366 struct ptlrpc_request *req,
367 int lustre_msg_size);
368 void (*free_repbuf) (struct ptlrpc_sec *sec,
369 struct ptlrpc_request *req);
370 int (*enlarge_reqbuf)
371 (struct ptlrpc_sec *sec,
372 struct ptlrpc_request *req,
373 int segment, int newsize);
377 int (*display) (struct ptlrpc_sec *sec,
378 struct seq_file *seq);
381 struct ptlrpc_sec_sops {
382 int (*accept) (struct ptlrpc_request *req);
383 int (*authorize) (struct ptlrpc_request *req);
384 void (*invalidate_ctx)
385 (struct ptlrpc_svc_ctx *ctx);
386 /* buffer manipulation */
387 int (*alloc_rs) (struct ptlrpc_request *req,
389 void (*free_rs) (struct ptlrpc_reply_state *rs);
390 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
391 /* reverse credential */
392 int (*install_rctx)(struct obd_import *imp,
393 struct ptlrpc_svc_ctx *ctx);
395 int (*unwrap_bulk) (struct ptlrpc_request *req,
396 struct ptlrpc_bulk_desc *desc);
397 int (*wrap_bulk) (struct ptlrpc_request *req,
398 struct ptlrpc_bulk_desc *desc);
401 struct ptlrpc_sec_policy {
402 struct module *sp_owner;
404 __u16 sp_policy; /* policy number */
405 struct ptlrpc_sec_cops *sp_cops; /* client ops */
406 struct ptlrpc_sec_sops *sp_sops; /* server ops */
409 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
410 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
411 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
412 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
413 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
416 struct ptlrpc_sec_policy *ps_policy;
417 atomic_t ps_refcount;
418 atomic_t ps_nctx; /* statistic only */
419 int ps_id; /* unique identifier */
420 struct sptlrpc_flavor ps_flvr; /* flavor */
421 enum lustre_sec_part ps_part;
422 unsigned int ps_dying:1;
423 struct obd_import *ps_import; /* owning import */
424 spinlock_t ps_lock; /* protect ccache */
428 struct list_head ps_gc_list;
429 cfs_time_t ps_gc_interval; /* in seconds */
430 cfs_time_t ps_gc_next; /* in seconds */
433 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
435 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
438 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
440 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
444 struct ptlrpc_svc_ctx {
445 atomic_t sc_refcount;
446 struct ptlrpc_sec_policy *sc_policy;
450 * user identity descriptor
452 #define LUSTRE_MAX_GROUPS (128)
454 struct ptlrpc_user_desc {
467 enum sptlrpc_bulk_hash_alg {
468 BULK_HASH_ALG_NULL = 0,
469 BULK_HASH_ALG_ADLER32,
473 BULK_HASH_ALG_SHA256,
474 BULK_HASH_ALG_SHA384,
475 BULK_HASH_ALG_SHA512,
482 enum sptlrpc_bulk_cipher_alg {
483 BULK_CIPH_ALG_NULL = 0,
485 BULK_CIPH_ALG_AES128,
486 BULK_CIPH_ALG_AES192,
487 BULK_CIPH_ALG_AES256,
488 BULK_CIPH_ALG_CAST128,
489 BULK_CIPH_ALG_CAST256,
490 BULK_CIPH_ALG_TWOFISH128,
491 BULK_CIPH_ALG_TWOFISH256,
495 struct sptlrpc_hash_type {
498 unsigned int sht_size;
501 struct sptlrpc_ciph_type {
505 unsigned int sct_ivsize;
506 unsigned int sct_keysize;
509 const struct sptlrpc_hash_type *sptlrpc_get_hash_type(__u8 hash_alg);
510 const char * sptlrpc_get_hash_name(__u8 hash_alg);
511 const struct sptlrpc_ciph_type *sptlrpc_get_ciph_type(__u8 ciph_alg);
512 const char *sptlrpc_get_ciph_name(__u8 ciph_alg);
514 #define CIPHER_MAX_BLKSIZE (16)
515 #define CIPHER_MAX_KEYSIZE (64)
517 struct ptlrpc_bulk_sec_desc {
521 __u8 bsd_hash_alg; /* hash algorithm */
522 __u8 bsd_ciph_alg; /* cipher algorithm */
523 __u8 bsd_key[CIPHER_MAX_KEYSIZE]; /* encrypt key seed */
531 struct proc_dir_entry;
532 extern struct proc_dir_entry *sptlrpc_proc_root;
535 * round size up to next power of 2, for slab allocation.
536 * @size must be sane (can't overflow after round up)
538 static inline int size_roundup_power2(int size)
551 * internal support libraries
553 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
554 int segment, int newsize);
559 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
560 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
562 __u16 sptlrpc_name2rpcflavor(const char *name);
563 const char *sptlrpc_rpcflavor2name(__u16 flavor);
564 int sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
567 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
569 __module_get(policy->sp_owner);
574 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
576 module_put(policy->sp_owner);
583 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
585 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
589 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
591 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
595 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
597 return (cli_ctx_status(ctx) != 0);
601 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
603 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
607 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
609 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
613 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
615 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
619 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
621 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
627 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
628 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
631 * internal apis which only used by policy impelentation
633 int sptlrpc_get_next_secid(void);
634 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
637 * exported client context api
639 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
640 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
641 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
642 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
643 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
646 * exported client context wrap/buffers
648 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
649 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
650 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
651 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
652 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
653 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
654 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
655 int segment, int newsize);
656 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
657 struct ptlrpc_request **req_ret);
658 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
660 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
663 * exported higher interface of import & request
665 int sptlrpc_import_sec_adapt(struct obd_import *imp,
666 struct ptlrpc_svc_ctx *ctx,
668 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
669 void sptlrpc_import_sec_put(struct obd_import *imp);
671 int sptlrpc_import_check_ctx(struct obd_import *imp);
672 void sptlrpc_import_inval_all_ctx(struct obd_import *imp);
673 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
674 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
675 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
676 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
677 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
678 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
679 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
680 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
682 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
685 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
686 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
687 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
690 const char * sec2target_str(struct ptlrpc_sec *sec);
691 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
696 enum secsvc_accept_res {
702 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
703 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
704 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
705 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
706 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
707 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
708 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
710 int sptlrpc_target_export_check(struct obd_export *exp,
711 struct ptlrpc_request *req);
712 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
713 struct sptlrpc_rule_set *rset);
718 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
719 struct ptlrpc_svc_ctx *ctx);
720 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
721 struct ptlrpc_cli_ctx *ctx);
723 /* bulk security api */
724 int sptlrpc_enc_pool_add_user(void);
725 int sptlrpc_enc_pool_del_user(void);
726 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
727 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
729 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
730 struct ptlrpc_bulk_desc *desc);
731 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
732 int nob, obd_count pg_count,
733 struct brw_page **pga);
734 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
735 struct ptlrpc_bulk_desc *desc);
736 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
737 struct ptlrpc_bulk_desc *desc);
738 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
739 struct ptlrpc_bulk_desc *desc);
741 /* user descriptor helpers */
742 static inline int sptlrpc_user_desc_size(int ngroups)
744 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
747 int sptlrpc_current_user_desc_size(void);
748 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
749 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset);
751 /* bulk helpers (internal use only by policies) */
752 int bulk_sec_desc_size(__u8 hash_alg, int request, int read);
753 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset);
755 int bulk_csum_cli_request(struct ptlrpc_bulk_desc *desc, int read,
756 __u32 alg, struct lustre_msg *rmsg, int roff);
757 int bulk_csum_cli_reply(struct ptlrpc_bulk_desc *desc, int read,
758 struct lustre_msg *rmsg, int roff,
759 struct lustre_msg *vmsg, int voff);
760 int bulk_csum_svc(struct ptlrpc_bulk_desc *desc, int read,
761 struct ptlrpc_bulk_sec_desc *bsdv, int vsize,
762 struct ptlrpc_bulk_sec_desc *bsdr, int rsize);
764 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
765 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
769 LUSTRE_SEC_REMOTE = 1,
770 LUSTRE_SEC_SPECIFY = 2,
774 #endif /* _LUSTRE_SEC_H_ */