1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
36 * lustre/obdfilter/filter_capa.c
38 * Author: Lai Siyao <lsy@clusterfs.com>
41 #define DEBUG_SUBSYSTEM S_FILTER
44 #include <linux/version.h>
45 #include <asm/uaccess.h>
46 #include <linux/file.h>
47 #include <linux/kmod.h>
49 #include <lustre_fsfilt.h>
50 #include <lustre_capa.h>
52 #include "filter_internal.h"
54 static inline __u32 filter_ck_keyid(struct filter_capa_key *key)
56 return key->k_key.lk_keyid;
59 int filter_update_capa_key(struct obd_device *obd, struct lustre_capa_key *new)
61 struct filter_obd *filter = &obd->u.filter;
62 struct filter_capa_key *k, *keys[2] = { NULL, NULL };
65 cfs_spin_lock(&capa_lock);
66 cfs_list_for_each_entry(k, &filter->fo_capa_keys, k_list) {
67 if (k->k_key.lk_seq != new->lk_seq)
72 if (filter_ck_keyid(keys[1]) > filter_ck_keyid(keys[0]))
73 keys[1] = keys[0], keys[0] = k;
78 cfs_spin_unlock(&capa_lock);
80 for (i = 0; i < 2; i++) {
83 if (filter_ck_keyid(keys[i]) != new->lk_keyid)
85 /* maybe because of recovery or other reasons, MDS sent the
86 * the old capability key again.
88 cfs_spin_lock(&capa_lock);
89 keys[i]->k_key = *new;
90 cfs_spin_unlock(&capa_lock);
96 /* if OSS already have two keys, update the old one */
102 CFS_INIT_LIST_HEAD(&k->k_list);
105 cfs_spin_lock(&capa_lock);
107 if (cfs_list_empty(&k->k_list))
108 cfs_list_add(&k->k_list, &filter->fo_capa_keys);
109 cfs_spin_unlock(&capa_lock);
111 DEBUG_CAPA_KEY(D_SEC, new, "new");
115 int filter_auth_capa(struct obd_export *exp, struct lu_fid *fid, obd_seq seq,
116 struct lustre_capa *capa, __u64 opc)
118 struct obd_device *obd = exp->exp_obd;
119 struct filter_obd *filter = &obd->u.filter;
120 struct filter_capa_key *k;
121 struct lustre_capa_key key;
124 int keys_ready = 0, key_found = 0, rc = 0;
127 /* skip capa check for llog and obdecho */
128 if (!fid_seq_is_mdt(seq))
131 /* capability is disabled */
132 if (!filter->fo_fl_oss_capa)
135 if (!(exp->exp_connect_flags & OBD_CONNECT_OSS_CAPA))
140 CERROR("seq/fid/opc "LPU64"/"DFID"/"LPX64
141 ": no capability has been passed\n",
142 seq, PFID(fid), opc);
144 CERROR("seq/opc "LPU64"/"LPX64
145 ": no capability has been passed\n",
150 if (opc == CAPA_OPC_OSS_READ) {
151 if (!(capa->lc_opc & CAPA_OPC_OSS_RW))
153 } else if (!capa_opc_supported(capa, opc)) {
157 DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc);
161 oc = capa_lookup(filter->fo_capa_hash, capa, 0);
163 cfs_spin_lock(&oc->c_lock);
164 if (capa_is_expired(oc)) {
165 DEBUG_CAPA(D_ERROR, capa, "expired");
168 cfs_spin_unlock(&oc->c_lock);
174 if (capa_is_expired_sec(capa)) {
175 DEBUG_CAPA(D_ERROR, capa, "expired");
179 cfs_spin_lock(&capa_lock);
180 cfs_list_for_each_entry(k, &filter->fo_capa_keys, k_list) {
181 if (k->k_key.lk_seq == seq) {
183 if (k->k_key.lk_keyid == capa_keyid(capa)) {
190 cfs_spin_unlock(&capa_lock);
193 CDEBUG(D_SEC, "MDS hasn't propagated capability keys yet, "
199 DEBUG_CAPA(D_ERROR, capa, "no matched capability key for");
203 OBD_ALLOC(hmac, CAPA_HMAC_MAX_LEN);
207 rc = capa_hmac(hmac, capa, key.lk_key);
209 DEBUG_CAPA(D_ERROR, capa, "HMAC failed: rc %d", rc);
210 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
214 rc = memcmp(hmac, capa->lc_hmac, CAPA_HMAC_MAX_LEN);
215 OBD_FREE(hmac, CAPA_HMAC_MAX_LEN);
217 DEBUG_CAPA_KEY(D_ERROR, &key, "calculate HMAC with ");
218 DEBUG_CAPA(D_ERROR, capa, "HMAC mismatch");
222 /* store in capa hash */
223 oc = capa_add(filter->fo_capa_hash, capa);
228 int filter_capa_fixoa(struct obd_export *exp, struct obdo *oa, obd_seq seq,
229 struct lustre_capa *capa)
234 /* skip capa check for llog and obdecho */
235 if (!fid_seq_is_mdt(seq))
238 if (!(exp->exp_connect_flags & OBD_CONNECT_OSS_CAPA))
244 if (capa_flags(capa) == LC_ID_CONVERT) {
245 struct obd_device *obd = exp->exp_obd;
246 struct filter_obd *filter = &obd->u.filter;
247 struct filter_capa_key *k;
250 cfs_spin_lock(&capa_lock);
251 cfs_list_for_each_entry(k, &filter->fo_capa_keys, k_list) {
252 if (k->k_key.lk_seq == seq &&
253 k->k_key.lk_keyid == capa_keyid(capa)) {
258 cfs_spin_unlock(&capa_lock);
267 uid.id64 = capa_uid(capa);
268 gid.id64 = capa_gid(capa);
274 rc = capa_decrypt_id(d, s, k->k_key.lk_key,
275 CAPA_HMAC_KEY_MAX_LEN);
282 DEBUG_CAPA(D_ERROR, capa, "no matched capability key for");
290 void filter_free_capa_keys(struct filter_obd *filter)
292 struct filter_capa_key *key, *n;
294 cfs_spin_lock(&capa_lock);
295 cfs_list_for_each_entry_safe(key, n, &filter->fo_capa_keys, k_list) {
296 cfs_list_del_init(&key->k_list);
297 OBD_FREE(key, sizeof(*key));
299 cfs_spin_unlock(&capa_lock);
git://git.whamcloud.com / fs / lustre-release.git / blob