4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2011, 2016, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
31 * lustre/ptlrpc/gss/gss_cli_upcall.c
33 * Author: Eric Mei <ericm@clusterfs.com>
36 #define DEBUG_SUBSYSTEM S_SEC
37 #include <linux/init.h>
38 #include <linux/module.h>
39 #include <linux/slab.h>
40 #include <linux/dcache.h>
42 #include <linux/mutex.h>
45 #include <obd_class.h>
46 #include <obd_support.h>
47 #include <lustre_net.h>
48 #include <lustre_import.h>
49 #include <lustre_sec.h>
50 #include <uapi/linux/lustre/lgss.h>
53 #include "gss_internal.h"
56 /**********************************************
57 * gss context init/fini helper *
58 **********************************************/
61 int ctx_init_pack_request(struct obd_import *imp,
62 struct ptlrpc_request *req,
68 struct lustre_msg *msg = req->rq_reqbuf;
70 struct gss_header *ghdr;
71 struct ptlrpc_user_desc *pud;
73 __u32 *p, size, offset = 2;
76 LASSERT(msg->lm_bufcount <= 4);
77 LASSERT(req->rq_cli_ctx);
78 LASSERT(req->rq_cli_ctx->cc_sec);
81 ghdr = lustre_msg_buf(msg, 0, sizeof(*ghdr));
82 ghdr->gh_version = PTLRPC_GSS_VERSION;
83 ghdr->gh_sp = (__u8) imp->imp_sec->ps_part;
85 ghdr->gh_proc = PTLRPC_GSS_PROC_INIT;
87 ghdr->gh_svc = SPTLRPC_SVC_NULL;
88 ghdr->gh_handle.len = 0;
90 /* fix the user desc */
91 if (req->rq_pack_udesc) {
92 ghdr->gh_flags |= LUSTRE_GSS_PACK_USER;
94 pud = lustre_msg_buf(msg, offset, sizeof(*pud));
96 pud->pud_uid = pud->pud_fsuid = uid;
97 pud->pud_gid = pud->pud_fsgid = gid;
103 /* new clients are expected to set KCSUM flag */
104 ghdr->gh_flags |= LUSTRE_GSS_PACK_KCSUM;
106 /* security payload */
107 p = lustre_msg_buf(msg, offset, 0);
108 size = msg->lm_buflens[offset];
111 /* 1. lustre svc type */
113 *p++ = cpu_to_le32(lustre_srv);
117 obj.len = strlen(imp->imp_obd->u.cli.cl_target_uuid.uuid) + 1;
118 obj.data = imp->imp_obd->u.cli.cl_target_uuid.uuid;
119 if (rawobj_serialize(&obj, &p, &size))
122 /* 3. reverse context handle. actually only needed by root user,
123 * but we send it anyway. */
124 gsec = sec2gsec(req->rq_cli_ctx->cc_sec);
125 obj.len = sizeof(gsec->gs_rvs_hdl);
126 obj.data = (__u8 *) &gsec->gs_rvs_hdl;
127 if (rawobj_serialize(&obj, &p, &size))
130 /* 4. now the token */
131 total_size = sizeof(__u32) + token_size;
132 if (size < total_size) {
133 CERROR("%s: security token is too large (%d > %d): rc = %d\n",
134 imp->imp_obd->obd_name, total_size, size, -E2BIG);
137 *p++ = cpu_to_le32(((__u32) token_size));
138 if (copy_from_user(p, token, token_size)) {
139 CERROR("can't copy token\n");
143 if (size > sizeof(__u32) + round_up(token_size, 4)) {
144 size -= sizeof(__u32) + round_up(token_size, 4);
145 req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset,
146 msg->lm_buflens[offset] - size, 0);
152 int ctx_init_parse_reply(struct lustre_msg *msg, int swabbed,
153 char __user *outbuf, long outlen)
155 struct gss_rep_header *ghdr;
156 __u32 obj_len, round_len;
157 __u32 status, effective = 0;
159 if (msg->lm_bufcount != 3) {
160 CERROR("unexpected bufcount %u\n", msg->lm_bufcount);
164 ghdr = (struct gss_rep_header *) gss_swab_header(msg, 0, swabbed);
166 CERROR("unable to extract gss reply header\n");
170 if (ghdr->gh_version != PTLRPC_GSS_VERSION) {
171 CERROR("invalid gss version %u\n", ghdr->gh_version);
175 if (outlen < (4 + 2) * 4 + round_up(ghdr->gh_handle.len, 4) +
176 round_up(msg->lm_buflens[2], 4)) {
177 CERROR("output buffer size %ld too small\n", outlen);
184 if (copy_to_user(outbuf, &status, 4))
187 if (copy_to_user(outbuf, &ghdr->gh_major, 4))
190 if (copy_to_user(outbuf, &ghdr->gh_minor, 4))
193 if (copy_to_user(outbuf, &ghdr->gh_seqwin, 4))
199 obj_len = ghdr->gh_handle.len;
200 round_len = (obj_len + 3) & ~3;
201 if (copy_to_user(outbuf, &obj_len, 4))
204 if (copy_to_user(outbuf, (char *) ghdr->gh_handle.data, round_len))
207 effective += 4 + round_len;
210 obj_len = msg->lm_buflens[2];
211 round_len = (obj_len + 3) & ~3;
212 if (copy_to_user(outbuf, &obj_len, 4))
215 if (copy_to_user(outbuf, lustre_msg_buf(msg, 2, 0), round_len))
218 effective += 4 + round_len;
223 int gss_do_ctx_init_rpc(char __user *buffer, unsigned long count)
225 struct obd_import *imp = NULL, *imp0;
226 struct ptlrpc_request *req;
227 struct lgssd_ioctl_param param;
228 struct obd_device *obd;
233 if (count != sizeof(param)) {
234 CERROR("ioctl size %lu, expect %lu, please check lgss_keyring version\n",
235 count, (unsigned long) sizeof(param));
238 if (copy_from_user(¶m, buffer, sizeof(param))) {
239 CERROR("failed copy data from lgssd\n");
243 if (param.version != GSSD_INTERFACE_VERSION) {
244 CERROR("gssd interface version %d (expect %d)\n",
245 param.version, GSSD_INTERFACE_VERSION);
250 if (strncpy_from_user(obdname, (const char __user *)param.uuid,
251 sizeof(obdname)) <= 0) {
252 CERROR("Invalid obdname pointer\n");
256 obd = class_name2obd(obdname);
259 CERROR("%s: no such obd: rc = %d\n", obdname, rc);
263 if (unlikely(!obd->obd_set_up)) {
265 CERROR("%s: obd not setup: rc = %d\n", obdname, rc);
269 spin_lock(&obd->obd_dev_lock);
270 if (obd->obd_stopping) {
272 CERROR("%s: obd has stopped: rc = %d\n", obdname, rc);
273 spin_unlock(&obd->obd_dev_lock);
277 if (!obd->obd_type || obd->obd_magic != OBD_DEVICE_MAGIC) {
279 CERROR("%s: obd not valid: rc = %d\n", obdname, rc);
280 spin_unlock(&obd->obd_dev_lock);
284 if (strcmp(obd->obd_type->typ_name, LUSTRE_MDC_NAME) &&
285 strcmp(obd->obd_type->typ_name, LUSTRE_OSC_NAME) &&
286 strcmp(obd->obd_type->typ_name, LUSTRE_MGC_NAME) &&
287 strcmp(obd->obd_type->typ_name, LUSTRE_LWP_NAME) &&
288 strcmp(obd->obd_type->typ_name, LUSTRE_OSP_NAME)) {
290 CERROR("%s: obd is not a client device: rc = %d\n",
292 spin_unlock(&obd->obd_dev_lock);
295 spin_unlock(&obd->obd_dev_lock);
297 with_imp_locked(obd, imp0, rc) {
298 if (!imp0->imp_obd || !imp0->imp_sec)
301 imp = class_import_get(imp0);
305 CERROR("%s: import has gone: rc = %d\n", obd->obd_name, rc);
309 if (imp->imp_deactive) {
311 CERROR("%s: import has been deactivated: rc = %d\n",
313 class_import_put(imp);
317 req = ptlrpc_request_alloc_pack(imp, &RQF_SEC_CTX, LUSTRE_OBD_VERSION,
319 if (!req || !req->rq_cli_ctx || !req->rq_cli_ctx->cc_sec) {
320 param.status = -ENOMEM;
324 if (req->rq_cli_ctx->cc_sec->ps_id != param.secid) {
326 CWARN("%s: original secid %d, now has changed to %d, cancel this negotiation: rc = %d\n",
327 obd->obd_name, param.secid,
328 req->rq_cli_ctx->cc_sec->ps_id, rc);
334 rc = ctx_init_pack_request(imp, req,
336 param.uid, param.gid,
337 param.send_token_size,
338 (char __user *)param.send_token);
344 ptlrpc_request_set_replen(req);
346 rc = ptlrpc_queue_wait(req);
348 /* If any _real_ denial be made, we expect server return
349 * -EACCES reply or return success but indicate gss error
350 * inside reply messsage. All other errors are treated as
351 * timeout, caller might try the negotiation repeatedly,
352 * leave recovery decisions to general ptlrpc layer.
354 * FIXME maybe some other error code shouldn't be treated
359 param.status = -ETIMEDOUT;
361 "%s: ctx init req got %d, returning to userspace status %llu\n",
362 obd->obd_name, rc, param.status);
366 LASSERT(req->rq_repdata);
367 lsize = ctx_init_parse_reply(req->rq_repdata,
368 req_capsule_rep_need_swab(&req->rq_pill),
369 (char __user *)param.reply_buf,
370 param.reply_buf_size);
372 param.status = (int) lsize;
377 param.reply_length = lsize;
380 if (copy_to_user(buffer, ¶m, sizeof(param)))
385 class_import_put(imp);
386 ptlrpc_req_finished(req);
390 int gss_do_ctx_fini_rpc(struct gss_cli_ctx *gctx)
392 struct ptlrpc_cli_ctx *ctx = &gctx->gc_base;
393 struct obd_import *imp = ctx->cc_sec->ps_import;
394 struct ptlrpc_request *req;
395 struct ptlrpc_user_desc *pud;
399 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
401 if (cli_ctx_is_error(ctx) || !cli_ctx_is_uptodate(ctx)) {
402 CDEBUG(D_SEC, "ctx %p(%u->%s) not uptodate, "
403 "don't send destroy rpc\n", ctx,
404 ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec));
410 CDEBUG(D_SEC, "%s ctx %p idx %#llx (%u->%s)\n",
411 sec_is_reverse(ctx->cc_sec) ?
412 "server finishing reverse" : "client finishing forward",
413 ctx, gss_handle_to_u64(&gctx->gc_handle),
414 ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec));
416 gctx->gc_proc = PTLRPC_GSS_PROC_DESTROY;
418 req = ptlrpc_request_alloc(imp, &RQF_SEC_CTX);
420 CWARN("ctx %p(%u): fail to prepare rpc, destroy locally\n",
421 ctx, ctx->cc_vcred.vc_uid);
422 GOTO(out, rc = -ENOMEM);
425 rc = ptlrpc_request_bufs_pack(req, LUSTRE_OBD_VERSION, SEC_CTX_FINI,
430 /* fix the user desc */
431 if (req->rq_pack_udesc) {
432 /* we rely the fact that this request is in AUTH mode,
433 * and user_desc at offset 2. */
434 pud = lustre_msg_buf(req->rq_reqbuf, 2, sizeof(*pud));
436 pud->pud_uid = pud->pud_fsuid = ctx->cc_vcred.vc_uid;
437 pud->pud_gid = pud->pud_fsgid = ctx->cc_vcred.vc_gid;
439 pud->pud_ngroups = 0;
442 req->rq_phase = RQ_PHASE_RPC;
443 rc = ptl_send_rpc(req, 1);
445 CWARN("ctx %p(%u->%s): rpc error %d, destroy locally\n", ctx,
446 ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec), rc);
449 ptlrpc_req_finished(req);
454 int __init gss_init_cli_upcall(void)
459 void gss_exit_cli_upcall(void)