lustre/ptlrpc/gss/gss_mech_switch.c

   1 /*
   2  * Modifications for Lustre
   3  *
   4  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
   5  *
   6  * Author: Eric Mei <ericm@clusterfs.com>
   7  */
   8
   9 /*
  10  *  linux/net/sunrpc/gss_mech_switch.c
  11  *
  12  *  Copyright (c) 2001 The Regents of the University of Michigan.
  13  *  All rights reserved.
  14  *
  15  *  J. Bruce Fields   <bfields@umich.edu>
  16  *
  17  *  Redistribution and use in source and binary forms, with or without
  18  *  modification, are permitted provided that the following conditions
  19  *  are met:
  20  *
  21  *  1. Redistributions of source code must retain the above copyright
  22  *     notice, this list of conditions and the following disclaimer.
  23  *  2. Redistributions in binary form must reproduce the above copyright
  24  *     notice, this list of conditions and the following disclaimer in the
  25  *     documentation and/or other materials provided with the distribution.
  26  *  3. Neither the name of the University nor the names of its
  27  *     contributors may be used to endorse or promote products derived
  28  *     from this software without specific prior written permission.
  29  *
  30  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  31  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  32  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  33  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  34  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  35  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  36  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  37  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  38  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  39  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  40  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  41  *
  42  */
  43
  44 #ifndef EXPORT_SYMTAB
  45 # define EXPORT_SYMTAB
  46 #endif
  47 #define DEBUG_SUBSYSTEM S_SEC
  48 #ifdef __KERNEL__
  49 #include <linux/init.h>
  50 #include <linux/module.h>
  51 #include <linux/slab.h>
  52 #include <linux/mutex.h>
  53 #else
  54 #include <liblustre.h>
  55 #endif
  56
  57 #include <obd.h>
  58 #include <obd_class.h>
  59 #include <obd_support.h>
  60 #include <lustre/lustre_idl.h>
  61 #include <lustre_net.h>
  62 #include <lustre_import.h>
  63 #include <lustre_sec.h>
  64
  65 #include "gss_err.h"
  66 #include "gss_internal.h"
  67 #include "gss_api.h"
  68
  69 static CFS_LIST_HEAD(registered_mechs);
  70 static cfs_spinlock_t registered_mechs_lock = CFS_SPIN_LOCK_UNLOCKED;
  71
  72 int lgss_mech_register(struct gss_api_mech *gm)
  73 {
  74         cfs_spin_lock(&registered_mechs_lock);
  75         cfs_list_add(&gm->gm_list, &registered_mechs);
  76         cfs_spin_unlock(&registered_mechs_lock);
  77         CWARN("Register %s mechanism\n", gm->gm_name);
  78         return 0;
  79 }
  80
  81 void lgss_mech_unregister(struct gss_api_mech *gm)
  82 {
  83         cfs_spin_lock(&registered_mechs_lock);
  84         cfs_list_del(&gm->gm_list);
  85         cfs_spin_unlock(&registered_mechs_lock);
  86         CWARN("Unregister %s mechanism\n", gm->gm_name);
  87 }
  88
  89
  90 struct gss_api_mech *lgss_mech_get(struct gss_api_mech *gm)
  91 {
  92         __cfs_module_get(gm->gm_owner);
  93         return gm;
  94 }
  95
  96 struct gss_api_mech *lgss_name_to_mech(char *name)
  97 {
  98         struct gss_api_mech *pos, *gm = NULL;
  99
 100         cfs_spin_lock(&registered_mechs_lock);
 101         cfs_list_for_each_entry(pos, &registered_mechs, gm_list) {
 102                 if (0 == strcmp(name, pos->gm_name)) {
 103                         if (!cfs_try_module_get(pos->gm_owner))
 104                                 continue;
 105                         gm = pos;
 106                         break;
 107                 }
 108         }
 109         cfs_spin_unlock(&registered_mechs_lock);
 110         return gm;
 111
 112 }
 113
 114 static inline
 115 int mech_supports_subflavor(struct gss_api_mech *gm, __u32 subflavor)
 116 {
 117         int i;
 118
 119         for (i = 0; i < gm->gm_sf_num; i++) {
 120                 if (gm->gm_sfs[i].sf_subflavor == subflavor)
 121                         return 1;
 122         }
 123         return 0;
 124 }
 125
 126 struct gss_api_mech *lgss_subflavor_to_mech(__u32 subflavor)
 127 {
 128         struct gss_api_mech *pos, *gm = NULL;
 129
 130         cfs_spin_lock(&registered_mechs_lock);
 131         cfs_list_for_each_entry(pos, &registered_mechs, gm_list) {
 132                 if (!cfs_try_module_get(pos->gm_owner))
 133                         continue;
 134                 if (!mech_supports_subflavor(pos, subflavor)) {
 135                         cfs_module_put(pos->gm_owner);
 136                         continue;
 137                 }
 138                 gm = pos;
 139                 break;
 140         }
 141         cfs_spin_unlock(&registered_mechs_lock);
 142         return gm;
 143 }
 144
 145 void lgss_mech_put(struct gss_api_mech *gm)
 146 {
 147         cfs_module_put(gm->gm_owner);
 148 }
 149
 150 /* The mech could probably be determined from the token instead, but it's just
 151  * as easy for now to pass it in. */
 152 __u32 lgss_import_sec_context(rawobj_t *input_token,
 153                               struct gss_api_mech *mech,
 154                               struct gss_ctx **ctx_id)
 155 {
 156         OBD_ALLOC_PTR(*ctx_id);
 157         if (*ctx_id == NULL)
 158                 return GSS_S_FAILURE;
 159
 160         (*ctx_id)->mech_type = lgss_mech_get(mech);
 161
 162         LASSERT(mech);
 163         LASSERT(mech->gm_ops);
 164         LASSERT(mech->gm_ops->gss_import_sec_context);
 165         return mech->gm_ops->gss_import_sec_context(input_token, *ctx_id);
 166 }
 167
 168 __u32 lgss_copy_reverse_context(struct gss_ctx *ctx_id,
 169                                 struct gss_ctx **ctx_id_new)
 170 {
 171         struct gss_api_mech *mech = ctx_id->mech_type;
 172         __u32                major;
 173
 174         LASSERT(mech);
 175
 176         OBD_ALLOC_PTR(*ctx_id_new);
 177         if (*ctx_id_new == NULL)
 178                 return GSS_S_FAILURE;
 179
 180         (*ctx_id_new)->mech_type = lgss_mech_get(mech);
 181
 182         LASSERT(mech);
 183         LASSERT(mech->gm_ops);
 184         LASSERT(mech->gm_ops->gss_copy_reverse_context);
 185
 186         major = mech->gm_ops->gss_copy_reverse_context(ctx_id, *ctx_id_new);
 187         if (major != GSS_S_COMPLETE) {
 188                 lgss_mech_put(mech);
 189                 OBD_FREE_PTR(*ctx_id_new);
 190                 *ctx_id_new = NULL;
 191         }
 192         return major;
 193 }
 194
 195 /*
 196  * this interface is much simplified, currently we only need endtime.
 197  */
 198 __u32 lgss_inquire_context(struct gss_ctx *context_handle,
 199                            unsigned long  *endtime)
 200 {
 201         LASSERT(context_handle);
 202         LASSERT(context_handle->mech_type);
 203         LASSERT(context_handle->mech_type->gm_ops);
 204         LASSERT(context_handle->mech_type->gm_ops->gss_inquire_context);
 205
 206         return context_handle->mech_type->gm_ops
 207                 ->gss_inquire_context(context_handle,
 208                                       endtime);
 209 }
 210
 211 /* gss_get_mic: compute a mic over message and return mic_token. */
 212 __u32 lgss_get_mic(struct gss_ctx *context_handle,
 213                    int msgcnt,
 214                    rawobj_t *msg,
 215                    int iovcnt,
 216                    lnet_kiov_t *iovs,
 217                    rawobj_t *mic_token)
 218 {
 219         LASSERT(context_handle);
 220         LASSERT(context_handle->mech_type);
 221         LASSERT(context_handle->mech_type->gm_ops);
 222         LASSERT(context_handle->mech_type->gm_ops->gss_get_mic);
 223
 224         return context_handle->mech_type->gm_ops
 225                 ->gss_get_mic(context_handle,
 226                               msgcnt,
 227                               msg,
 228                               iovcnt,
 229                               iovs,
 230                               mic_token);
 231 }
 232
 233 /* gss_verify_mic: check whether the provided mic_token verifies message. */
 234 __u32 lgss_verify_mic(struct gss_ctx *context_handle,
 235                       int msgcnt,
 236                       rawobj_t *msg,
 237                       int iovcnt,
 238                       lnet_kiov_t *iovs,
 239                       rawobj_t *mic_token)
 240 {
 241         LASSERT(context_handle);
 242         LASSERT(context_handle->mech_type);
 243         LASSERT(context_handle->mech_type->gm_ops);
 244         LASSERT(context_handle->mech_type->gm_ops->gss_verify_mic);
 245
 246         return context_handle->mech_type->gm_ops
 247                 ->gss_verify_mic(context_handle,
 248                                  msgcnt,
 249                                  msg,
 250                                  iovcnt,
 251                                  iovs,
 252                                  mic_token);
 253 }
 254
 255 __u32 lgss_wrap(struct gss_ctx *context_handle,
 256                 rawobj_t *gsshdr,
 257                 rawobj_t *msg,
 258                 int msg_buflen,
 259                 rawobj_t *out_token)
 260 {
 261         LASSERT(context_handle);
 262         LASSERT(context_handle->mech_type);
 263         LASSERT(context_handle->mech_type->gm_ops);
 264         LASSERT(context_handle->mech_type->gm_ops->gss_wrap);
 265
 266         return context_handle->mech_type->gm_ops
 267                 ->gss_wrap(context_handle, gsshdr, msg, msg_buflen, out_token);
 268 }
 269
 270 __u32 lgss_unwrap(struct gss_ctx *context_handle,
 271                   rawobj_t *gsshdr,
 272                   rawobj_t *token,
 273                   rawobj_t *out_msg)
 274 {
 275         LASSERT(context_handle);
 276         LASSERT(context_handle->mech_type);
 277         LASSERT(context_handle->mech_type->gm_ops);
 278         LASSERT(context_handle->mech_type->gm_ops->gss_unwrap);
 279
 280         return context_handle->mech_type->gm_ops
 281                 ->gss_unwrap(context_handle, gsshdr, token, out_msg);
 282 }
 283
 284
 285 __u32 lgss_prep_bulk(struct gss_ctx *context_handle,
 286                      struct ptlrpc_bulk_desc *desc)
 287 {
 288         LASSERT(context_handle);
 289         LASSERT(context_handle->mech_type);
 290         LASSERT(context_handle->mech_type->gm_ops);
 291         LASSERT(context_handle->mech_type->gm_ops->gss_prep_bulk);
 292
 293         return context_handle->mech_type->gm_ops
 294                 ->gss_prep_bulk(context_handle, desc);
 295 }
 296
 297 __u32 lgss_wrap_bulk(struct gss_ctx *context_handle,
 298                      struct ptlrpc_bulk_desc *desc,
 299                      rawobj_t *token,
 300                      int adj_nob)
 301 {
 302         LASSERT(context_handle);
 303         LASSERT(context_handle->mech_type);
 304         LASSERT(context_handle->mech_type->gm_ops);
 305         LASSERT(context_handle->mech_type->gm_ops->gss_wrap_bulk);
 306
 307         return context_handle->mech_type->gm_ops
 308                 ->gss_wrap_bulk(context_handle, desc, token, adj_nob);
 309 }
 310
 311 __u32 lgss_unwrap_bulk(struct gss_ctx *context_handle,
 312                        struct ptlrpc_bulk_desc *desc,
 313                        rawobj_t *token,
 314                        int adj_nob)
 315 {
 316         LASSERT(context_handle);
 317         LASSERT(context_handle->mech_type);
 318         LASSERT(context_handle->mech_type->gm_ops);
 319         LASSERT(context_handle->mech_type->gm_ops->gss_unwrap_bulk);
 320
 321         return context_handle->mech_type->gm_ops
 322                 ->gss_unwrap_bulk(context_handle, desc, token, adj_nob);
 323 }
 324
 325 /* gss_delete_sec_context: free all resources associated with context_handle.
 326  * Note this differs from the RFC 2744-specified prototype in that we don't
 327  * bother returning an output token, since it would never be used anyway. */
 328
 329 __u32 lgss_delete_sec_context(struct gss_ctx **context_handle)
 330 {
 331         struct gss_api_mech *mech;
 332
 333         CDEBUG(D_SEC, "deleting %p\n", *context_handle);
 334
 335         if (!*context_handle)
 336                 return(GSS_S_NO_CONTEXT);
 337
 338         mech = (*context_handle)->mech_type;
 339         if ((*context_handle)->internal_ctx_id != 0) {
 340                 LASSERT(mech);
 341                 LASSERT(mech->gm_ops);
 342                 LASSERT(mech->gm_ops->gss_delete_sec_context);
 343                 mech->gm_ops->gss_delete_sec_context(
 344                                         (*context_handle)->internal_ctx_id);
 345         }
 346         if (mech)
 347                 lgss_mech_put(mech);
 348
 349         OBD_FREE_PTR(*context_handle);
 350         *context_handle=NULL;
 351         return GSS_S_COMPLETE;
 352 }
 353
 354 int lgss_display(struct gss_ctx *ctx,
 355                  char           *buf,
 356                  int             bufsize)
 357 {
 358         LASSERT(ctx);
 359         LASSERT(ctx->mech_type);
 360         LASSERT(ctx->mech_type->gm_ops);
 361         LASSERT(ctx->mech_type->gm_ops->gss_display);
 362
 363         return ctx->mech_type->gm_ops->gss_display(ctx, buf, bufsize);
 364 }