1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2006 Cluster File Systems, Inc.
6 * This file is part of the Lustre file system, http://www.lustre.org
7 * Lustre is a trademark of Cluster File Systems, Inc.
9 * You may have signed or agreed to another license before downloading
10 * this software. If so, you are bound by the terms and conditions
11 * of that agreement, and the following does not apply to you. See the
12 * LICENSE file included with this distribution for more information.
14 * If you did not agree to a different license, then this copy of Lustre
15 * is open source software; you can redistribute it and/or modify it
16 * under the terms of version 2 of the GNU General Public License as
17 * published by the Free Software Foundation.
19 * In either case, Lustre is distributed in the hope that it will be
20 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
21 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * license text for more details.
27 # define EXPORT_SYMTAB
29 #define DEBUG_SUBSYSTEM S_SEC
31 #include <linux/init.h>
32 #include <linux/module.h>
33 #include <linux/slab.h>
34 #include <linux/dcache.h>
36 #include <linux/mutex.h>
37 #include <linux/random.h>
39 #include <liblustre.h>
43 #include <obd_class.h>
44 #include <obd_support.h>
45 #include <lustre/lustre_idl.h>
46 #include <lustre_net.h>
47 #include <lustre_import.h>
48 #include <lustre_sec.h>
51 #include "gss_internal.h"
54 /**********************************************
55 * gss context init/fini helper *
56 **********************************************/
59 int ctx_init_pack_request(struct obd_import *imp,
60 struct ptlrpc_request *req,
66 struct lustre_msg *msg = req->rq_reqbuf;
68 struct gss_header *ghdr;
69 struct ptlrpc_user_desc *pud;
70 __u32 *p, size, offset = 2;
73 LASSERT(msg->lm_bufcount <= 4);
76 ghdr = lustre_msg_buf(msg, 0, sizeof(*ghdr));
77 ghdr->gh_version = PTLRPC_GSS_VERSION;
79 ghdr->gh_proc = PTLRPC_GSS_PROC_INIT;
81 ghdr->gh_svc = PTLRPC_GSS_SVC_NONE;
82 ghdr->gh_handle.len = 0;
84 /* fix the user desc */
85 if (SEC_FLAVOR_HAS_USER(req->rq_sec_flavor)) {
86 pud = lustre_msg_buf(msg, offset, sizeof(*pud));
88 pud->pud_uid = pud->pud_fsuid = uid;
89 pud->pud_gid = pud->pud_fsgid = gid;
95 /* security payload */
96 p = lustre_msg_buf(msg, offset, 0);
97 size = msg->lm_buflens[offset];
99 /* 1. lustre svc type */
101 *p++ = cpu_to_le32(lustre_srv);
105 obj.len = strlen(imp->imp_obd->u.cli.cl_target_uuid.uuid) + 1;
106 obj.data = imp->imp_obd->u.cli.cl_target_uuid.uuid;
107 if (rawobj_serialize(&obj, &p, &size))
110 /* 3. reverse context handle. actually only needed by root user,
111 * but we send it anyway.
113 gsec = container_of(imp->imp_sec, struct gss_sec, gs_base);
114 obj.len = sizeof(gsec->gs_rvs_hdl);
115 obj.data = (__u8 *) &gsec->gs_rvs_hdl;
116 if (rawobj_serialize(&obj, &p, &size))
119 /* 4. now the token */
120 LASSERT(size >= (sizeof(__u32) + token_size));
121 *p++ = cpu_to_le32(((__u32) token_size));
122 if (copy_from_user(p, token, token_size)) {
123 CERROR("can't copy token\n");
126 size -= sizeof(__u32) + size_round4(token_size);
128 req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset,
129 msg->lm_buflens[offset] - size, 0);
134 int ctx_init_parse_reply(struct lustre_msg *msg,
135 char __user *outbuf, long outlen)
137 struct gss_rep_header *ghdr;
138 __u32 obj_len, round_len;
139 __u32 status, effective = 0;
141 if (msg->lm_bufcount != 3) {
142 CERROR("unexpected bufcount %u\n", msg->lm_bufcount);
146 ghdr = (struct gss_rep_header *) gss_swab_header(msg, 0);
148 CERROR("unable to extract gss reply header\n");
152 if (ghdr->gh_version != PTLRPC_GSS_VERSION) {
153 CERROR("invalid gss version %u\n", ghdr->gh_version);
157 if (outlen < (4 + 2) * 4 + size_round4(ghdr->gh_handle.len) +
158 size_round4(msg->lm_buflens[2])) {
159 CERROR("output buffer size %ld too small\n", outlen);
166 if (copy_to_user(outbuf, &status, 4))
169 if (copy_to_user(outbuf, &ghdr->gh_major, 4))
172 if (copy_to_user(outbuf, &ghdr->gh_minor, 4))
175 if (copy_to_user(outbuf, &ghdr->gh_seqwin, 4))
181 obj_len = ghdr->gh_handle.len;
182 round_len = (obj_len + 3) & ~ 3;
183 if (copy_to_user(outbuf, &obj_len, 4))
186 if (copy_to_user(outbuf, (char *) ghdr->gh_handle.data, round_len))
189 effective += 4 + round_len;
192 obj_len = msg->lm_buflens[2];
193 round_len = (obj_len + 3) & ~ 3;
194 if (copy_to_user(outbuf, &obj_len, 4))
197 if (copy_to_user(outbuf, lustre_msg_buf(msg, 2, 0), round_len))
200 effective += 4 + round_len;
205 /* XXX move to where lgssd could see */
206 struct lgssd_ioctl_param {
207 int version; /* in */
209 int lustre_svc; /* in */
212 long send_token_size;/* in */
213 char *send_token; /* in */
214 long reply_buf_size; /* in */
215 char *reply_buf; /* in */
216 long status; /* out */
217 long reply_length; /* out */
220 int gss_do_ctx_init_rpc(__user char *buffer, unsigned long count)
222 struct obd_import *imp;
223 struct ptlrpc_request *req;
224 struct lgssd_ioctl_param param;
225 struct obd_device *obd;
228 int lmsg_size = sizeof(struct ptlrpc_body);
231 if (count != sizeof(param)) {
232 CERROR("ioctl size %lu, expect %lu, please check lgssd version\n",
233 count, (unsigned long) sizeof(param));
236 if (copy_from_user(¶m, buffer, sizeof(param))) {
237 CERROR("failed copy data from lgssd\n");
241 if (param.version != GSSD_INTERFACE_VERSION) {
242 CERROR("gssd interface version %d (expect %d)\n",
243 param.version, GSSD_INTERFACE_VERSION);
248 if (strncpy_from_user(obdname, param.uuid, sizeof(obdname)) <= 0) {
249 CERROR("Invalid obdname pointer\n");
253 obd = class_name2obd(obdname);
255 CERROR("no such obd %s\n", obdname);
259 imp = class_import_get(obd->u.cli.cl_import);
260 LASSERT(imp->imp_sec);
262 /* force this import to use v2 msg */
263 imp->imp_msg_magic = LUSTRE_MSG_MAGIC_V2;
265 req = ptlrpc_prep_req(imp, LUSTRE_OBD_VERSION, SEC_CTX_INIT,
266 1, &lmsg_size, NULL);
268 param.status = -ENOMEM;
273 rc = ctx_init_pack_request(imp, req,
275 param.uid, param.gid,
276 param.send_token_size,
283 req->rq_replen = lustre_msg_size_v2(1, &lmsg_size);
285 rc = ptlrpc_queue_wait(req);
287 /* If any _real_ denial be made, we expect server return
288 * -EACCES reply or return success but indicate gss error
289 * inside reply messsage. All other errors are treated as
290 * timeout, caller might try the negotiation repeatedly,
291 * leave recovery decisions to general ptlrpc layer.
293 * FIXME maybe some other error code shouldn't be treated
298 param.status = -ETIMEDOUT;
302 lsize = ctx_init_parse_reply(req->rq_repbuf,
303 param.reply_buf, param.reply_buf_size);
305 param.status = (int) lsize;
310 param.reply_length = lsize;
313 if (copy_to_user(buffer, ¶m, sizeof(param)))
318 class_import_put(imp);
319 ptlrpc_req_finished(req);
323 int gss_do_ctx_fini_rpc(struct gss_cli_ctx *gctx)
325 struct ptlrpc_cli_ctx *ctx = &gctx->gc_base;
326 struct obd_import *imp = ctx->cc_sec->ps_import;
327 struct ptlrpc_request *req;
328 struct ptlrpc_user_desc *pud;
329 int buflens = sizeof(struct ptlrpc_body);
333 if (ctx->cc_sec->ps_flags & PTLRPC_SEC_FL_REVERSE) {
334 CWARN("ctx %p(%u) is reverse, don't send destroy rpc\n",
335 ctx, ctx->cc_vcred.vc_uid);
340 * this could be called when import being tearing down, thus import's
341 * spinlock is held. A more clean solution might be: let gss worker
342 * thread handle the ctx destroying; don't wait reply for fini rpc.
344 if (imp->imp_invalid) {
345 CWARN("ctx %p(%u): skip because import is invalid\n",
346 ctx, ctx->cc_vcred.vc_uid);
349 RETURN(0); // XXX remove after using gss worker thread
351 if (test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags) ||
352 !test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags)) {
353 CWARN("ctx %p(%u->%s) already dead, don't send destroy rpc\n",
354 ctx, ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec));
360 CWARN("client destroy ctx %p(%u->%s)\n",
361 ctx, ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec));
363 /* context's refcount could be 0, steal one */
364 atomic_inc(&ctx->cc_refcount);
366 gctx->gc_proc = PTLRPC_GSS_PROC_DESTROY;
368 req = ptlrpc_prep_req_pool(imp, LUSTRE_OBD_VERSION, SEC_CTX_FINI,
369 1, &buflens, NULL, NULL, ctx);
371 CWARN("ctx %p(%u): fail to prepare rpc, destroy locally\n",
372 ctx, ctx->cc_vcred.vc_uid);
373 GOTO(out_ref, rc = -ENOMEM);
376 /* fix the user desc */
377 if (SEC_FLAVOR_HAS_USER(req->rq_sec_flavor)) {
378 /* we rely the fact that this request is in AUTH mode,
379 * and user_desc at offset 2.
381 pud = lustre_msg_buf(req->rq_reqbuf, 2, sizeof(*pud));
383 pud->pud_uid = pud->pud_fsuid = ctx->cc_vcred.vc_uid;
384 pud->pud_gid = pud->pud_fsgid = ctx->cc_vcred.vc_gid;
386 pud->pud_ngroups = 0;
389 req->rq_replen = lustre_msg_size_v2(1, &buflens);
391 rc = ptlrpc_queue_wait(req);
393 CWARN("ctx %p(%u): rpc error %d, destroy locally\n",
394 ctx, ctx->cc_vcred.vc_uid, rc);
397 ptlrpc_req_finished(req);
399 atomic_dec(&ctx->cc_refcount);
403 int __init gss_init_cli_upcall(void)
408 void __exit gss_exit_cli_upcall(void)