2 * Modifications for Lustre
4 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
6 * Copyright (c) 2012, 2014, Intel Corporation.
8 * Author: Eric Mei <ericm@clusterfs.com>
12 * Neil Brown <neilb@cse.unsw.edu.au>
13 * J. Bruce Fields <bfields@umich.edu>
14 * Andy Adamson <andros@umich.edu>
15 * Dug Song <dugsong@monkey.org>
17 * RPCSEC_GSS server authentication.
18 * This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078
21 * The RPCSEC_GSS involves three stages:
24 * 3/ context destruction
26 * Context creation is handled largely by upcalls to user-space.
27 * In particular, GSS_Accept_sec_context is handled by an upcall
28 * Data exchange is handled entirely within the kernel
29 * In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel.
30 * Context destruction is handled in-kernel
31 * GSS_Delete_sec_context is in-kernel
33 * Context creation is initiated by a RPCSEC_GSS_INIT request arriving.
34 * The context handle and gss_token are used as a key into the rpcsec_init cache.
35 * The content of this cache includes some of the outputs of GSS_Accept_sec_context,
36 * being major_status, minor_status, context_handle, reply_token.
37 * These are sent back to the client.
38 * Sequence window management is handled by the kernel. The window size if currently
39 * a compile time constant.
41 * When user-space is happy that a context is established, it places an entry
42 * in the rpcsec_context cache. The key for this cache is the context_handle.
43 * The content includes:
44 * uid/gidlist - for determining access rights
46 * mechanism specific information, such as a key
50 #define DEBUG_SUBSYSTEM S_SEC
51 #include <linux/types.h>
52 #include <linux/init.h>
53 #include <linux/module.h>
54 #include <linux/random.h>
55 #include <linux/slab.h>
56 #include <linux/hash.h>
57 #include <linux/mutex.h>
58 #include <linux/sunrpc/cache.h>
62 #include <obd_class.h>
63 #include <obd_support.h>
64 #include <lustre_import.h>
65 #include <lustre_net.h>
66 #include <lustre_nodemap.h>
67 #include <lustre_sec.h>
70 #include "gss_internal.h"
72 #include "gss_crypto.h"
74 #define GSS_SVC_UPCALL_TIMEOUT (20)
76 static DEFINE_SPINLOCK(__ctx_index_lock);
77 static __u64 __ctx_index;
79 unsigned int krb5_allow_old_client_csum;
81 __u64 gss_get_next_ctx_index(void)
85 spin_lock(&__ctx_index_lock);
87 spin_unlock(&__ctx_index_lock);
92 static inline unsigned long hash_mem(char *buf, int length, int bits)
94 unsigned long hash = 0;
109 if ((len & (BITS_PER_LONG/8-1)) == 0)
110 hash = hash_long(hash^l, BITS_PER_LONG);
113 return hash >> (BITS_PER_LONG - bits);
116 /****************************************
117 * rpc sec init (rsi) cache *
118 ****************************************/
120 #define RSI_HASHBITS (6)
121 #define RSI_HASHMAX (1 << RSI_HASHBITS)
122 #define RSI_HASHMASK (RSI_HASHMAX - 1)
127 lnet_nid_t nid4; /* FIXME Support larger NID */
128 char nm_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
129 wait_queue_head_t waitq;
130 rawobj_t in_handle, in_token;
131 rawobj_t out_handle, out_token;
132 int major_status, minor_status;
133 #ifdef HAVE_CACHE_HASH_SPINLOCK
134 struct rcu_head rcu_head;
138 #ifdef HAVE_CACHE_HEAD_HLIST
139 static struct hlist_head rsi_table[RSI_HASHMAX];
141 static struct cache_head *rsi_table[RSI_HASHMAX];
143 static struct cache_detail rsi_cache;
144 static struct rsi *rsi_update(struct rsi *new, struct rsi *old);
145 static struct rsi *rsi_lookup(struct rsi *item);
147 #ifdef HAVE_CACHE_DETAIL_WRITERS
148 static inline int channel_users(struct cache_detail *cd)
150 return atomic_read(&cd->writers);
153 static inline int channel_users(struct cache_detail *cd)
155 return atomic_read(&cd->readers);
159 static inline int rsi_hash(struct rsi *item)
161 return hash_mem((char *)item->in_handle.data, item->in_handle.len,
163 hash_mem((char *)item->in_token.data, item->in_token.len,
167 static inline int __rsi_match(struct rsi *item, struct rsi *tmp)
169 return (rawobj_equal(&item->in_handle, &tmp->in_handle) &&
170 rawobj_equal(&item->in_token, &tmp->in_token));
173 static void rsi_free(struct rsi *rsi)
175 rawobj_free(&rsi->in_handle);
176 rawobj_free(&rsi->in_token);
177 rawobj_free(&rsi->out_handle);
178 rawobj_free(&rsi->out_token);
181 /* See handle_channel_req() userspace for where the upcall data is read */
182 static void rsi_request(struct cache_detail *cd,
183 struct cache_head *h,
184 char **bpp, int *blen)
186 struct rsi *rsi = container_of(h, struct rsi, h);
189 /* if in_handle is null, provide kernel suggestion */
190 if (rsi->in_handle.len == 0)
191 index = gss_get_next_ctx_index();
193 qword_addhex(bpp, blen, (char *) &rsi->lustre_svc,
194 sizeof(rsi->lustre_svc));
195 qword_addhex(bpp, blen, (char *) &rsi->nid4, sizeof(rsi->nid4));
196 qword_addhex(bpp, blen, (char *) &index, sizeof(index));
197 qword_addhex(bpp, blen, (char *) rsi->nm_name,
198 strlen(rsi->nm_name) + 1);
199 qword_addhex(bpp, blen, rsi->in_handle.data, rsi->in_handle.len);
200 qword_addhex(bpp, blen, rsi->in_token.data, rsi->in_token.len);
204 static inline void __rsi_init(struct rsi *new, struct rsi *item)
206 new->out_handle = RAWOBJ_EMPTY;
207 new->out_token = RAWOBJ_EMPTY;
209 new->in_handle = item->in_handle;
210 item->in_handle = RAWOBJ_EMPTY;
211 new->in_token = item->in_token;
212 item->in_token = RAWOBJ_EMPTY;
214 new->lustre_svc = item->lustre_svc;
215 new->nid4 = item->nid4;
216 memcpy(new->nm_name, item->nm_name, sizeof(item->nm_name));
217 init_waitqueue_head(&new->waitq);
220 static inline void __rsi_update(struct rsi *new, struct rsi *item)
222 LASSERT(new->out_handle.len == 0);
223 LASSERT(new->out_token.len == 0);
225 new->out_handle = item->out_handle;
226 item->out_handle = RAWOBJ_EMPTY;
227 new->out_token = item->out_token;
228 item->out_token = RAWOBJ_EMPTY;
230 new->major_status = item->major_status;
231 new->minor_status = item->minor_status;
234 #ifdef HAVE_CACHE_HASH_SPINLOCK
235 static void rsi_free_rcu(struct rcu_head *head)
237 struct rsi *rsi = container_of(head, struct rsi, rcu_head);
239 #ifdef HAVE_CACHE_HEAD_HLIST
240 LASSERT(hlist_unhashed(&rsi->h.cache_list));
242 LASSERT(rsi->h.next == NULL);
248 static void rsi_put(struct kref *ref)
250 struct rsi *rsi = container_of(ref, struct rsi, h.ref);
252 call_rcu(&rsi->rcu_head, rsi_free_rcu);
254 #else /* !HAVE_CACHE_HASH_SPINLOCK */
255 static void rsi_put(struct kref *ref)
257 struct rsi *rsi = container_of(ref, struct rsi, h.ref);
259 #ifdef HAVE_CACHE_HEAD_HLIST
260 LASSERT(hlist_unhashed(&rsi->h.cache_list));
262 LASSERT(rsi->h.next == NULL);
267 #endif /* HAVE_CACHE_HASH_SPINLOCK */
269 static int rsi_match(struct cache_head *a, struct cache_head *b)
271 struct rsi *item = container_of(a, struct rsi, h);
272 struct rsi *tmp = container_of(b, struct rsi, h);
274 return __rsi_match(item, tmp);
277 static void rsi_init(struct cache_head *cnew, struct cache_head *citem)
279 struct rsi *new = container_of(cnew, struct rsi, h);
280 struct rsi *item = container_of(citem, struct rsi, h);
282 __rsi_init(new, item);
285 static void update_rsi(struct cache_head *cnew, struct cache_head *citem)
287 struct rsi *new = container_of(cnew, struct rsi, h);
288 struct rsi *item = container_of(citem, struct rsi, h);
290 __rsi_update(new, item);
293 static struct cache_head *rsi_alloc(void)
304 static int rsi_parse(struct cache_detail *cd, char *mesg, int mlen)
308 struct rsi rsii, *rsip = NULL;
310 int status = -EINVAL;
313 memset(&rsii, 0, sizeof(rsii));
316 len = qword_get(&mesg, buf, mlen);
319 if (rawobj_alloc(&rsii.in_handle, buf, len)) {
325 len = qword_get(&mesg, buf, mlen);
328 if (rawobj_alloc(&rsii.in_token, buf, len)) {
333 rsip = rsi_lookup(&rsii);
336 if (!test_bit(CACHE_PENDING, &rsip->h.flags)) {
337 /* If this is not a pending request, it probably means
338 * someone wrote arbitrary data to the init channel.
339 * Directly return -EINVAL in this case.
347 expiry = get_expiry(&mesg);
351 len = qword_get(&mesg, buf, mlen);
356 status = kstrtoint(buf, 10, &rsii.major_status);
361 len = qword_get(&mesg, buf, mlen);
367 status = kstrtoint(buf, 10, &rsii.minor_status);
372 len = qword_get(&mesg, buf, mlen);
375 if (rawobj_alloc(&rsii.out_handle, buf, len)) {
381 len = qword_get(&mesg, buf, mlen);
384 if (rawobj_alloc(&rsii.out_token, buf, len)) {
389 rsii.h.expiry_time = expiry;
390 rsip = rsi_update(&rsii, rsip);
395 wake_up(&rsip->waitq);
396 cache_put(&rsip->h, &rsi_cache);
402 CERROR("rsi parse error %d\n", status);
406 static struct cache_detail rsi_cache = {
407 .hash_size = RSI_HASHMAX,
408 .hash_table = rsi_table,
409 .name = "auth.sptlrpc.init",
410 .cache_put = rsi_put,
411 .cache_request = rsi_request,
412 .cache_upcall = sunrpc_cache_pipe_upcall,
413 .cache_parse = rsi_parse,
416 .update = update_rsi,
420 static struct rsi *rsi_lookup(struct rsi *item)
422 struct cache_head *ch;
423 int hash = rsi_hash(item);
425 ch = sunrpc_cache_lookup(&rsi_cache, &item->h, hash);
427 return container_of(ch, struct rsi, h);
432 static struct rsi *rsi_update(struct rsi *new, struct rsi *old)
434 struct cache_head *ch;
435 int hash = rsi_hash(new);
437 ch = sunrpc_cache_update(&rsi_cache, &new->h, &old->h, hash);
439 return container_of(ch, struct rsi, h);
444 /****************************************
445 * rpc sec context (rsc) cache *
446 ****************************************/
448 #define RSC_HASHBITS (10)
449 #define RSC_HASHMAX (1 << RSC_HASHBITS)
450 #define RSC_HASHMASK (RSC_HASHMAX - 1)
454 struct obd_device *target;
456 struct gss_svc_ctx ctx;
457 #ifdef HAVE_CACHE_HASH_SPINLOCK
458 struct rcu_head rcu_head;
462 #ifdef HAVE_CACHE_HEAD_HLIST
463 static struct hlist_head rsc_table[RSC_HASHMAX];
465 static struct cache_head *rsc_table[RSC_HASHMAX];
467 static struct cache_detail rsc_cache;
468 static struct rsc *rsc_update(struct rsc *new, struct rsc *old);
469 static struct rsc *rsc_lookup(struct rsc *item);
471 static void rsc_free(struct rsc *rsci)
473 rawobj_free(&rsci->handle);
474 rawobj_free(&rsci->ctx.gsc_rvs_hdl);
475 lgss_delete_sec_context(&rsci->ctx.gsc_mechctx);
478 static inline int rsc_hash(struct rsc *rsci)
480 return hash_mem((char *)rsci->handle.data,
481 rsci->handle.len, RSC_HASHBITS);
484 static inline int __rsc_match(struct rsc *new, struct rsc *tmp)
486 return rawobj_equal(&new->handle, &tmp->handle);
489 static inline void __rsc_init(struct rsc *new, struct rsc *tmp)
491 new->handle = tmp->handle;
492 tmp->handle = RAWOBJ_EMPTY;
495 memset(&new->ctx, 0, sizeof(new->ctx));
496 new->ctx.gsc_rvs_hdl = RAWOBJ_EMPTY;
499 static inline void __rsc_update(struct rsc *new, struct rsc *tmp)
502 memset(&tmp->ctx, 0, sizeof(tmp->ctx));
503 tmp->ctx.gsc_rvs_hdl = RAWOBJ_EMPTY;
504 tmp->ctx.gsc_mechctx = NULL;
507 memset(&new->ctx.gsc_seqdata, 0, sizeof(new->ctx.gsc_seqdata));
508 spin_lock_init(&new->ctx.gsc_seqdata.ssd_lock);
511 #ifdef HAVE_CACHE_HASH_SPINLOCK
512 static void rsc_free_rcu(struct rcu_head *head)
514 struct rsc *rsci = container_of(head, struct rsc, rcu_head);
516 #ifdef HAVE_CACHE_HEAD_HLIST
517 LASSERT(hlist_unhashed(&rsci->h.cache_list));
519 LASSERT(rsci->h.next == NULL);
521 rawobj_free(&rsci->handle);
525 static void rsc_put(struct kref *ref)
527 struct rsc *rsci = container_of(ref, struct rsc, h.ref);
529 rawobj_free(&rsci->ctx.gsc_rvs_hdl);
530 lgss_delete_sec_context(&rsci->ctx.gsc_mechctx);
531 call_rcu(&rsci->rcu_head, rsc_free_rcu);
533 #else /* !HAVE_CACHE_HASH_SPINLOCK */
534 static void rsc_put(struct kref *ref)
536 struct rsc *rsci = container_of(ref, struct rsc, h.ref);
538 #ifdef HAVE_CACHE_HEAD_HLIST
539 LASSERT(hlist_unhashed(&rsci->h.cache_list));
541 LASSERT(rsci->h.next == NULL);
546 #endif /* HAVE_CACHE_HASH_SPINLOCK */
548 static int rsc_match(struct cache_head *a, struct cache_head *b)
550 struct rsc *new = container_of(a, struct rsc, h);
551 struct rsc *tmp = container_of(b, struct rsc, h);
553 return __rsc_match(new, tmp);
556 static void rsc_init(struct cache_head *cnew, struct cache_head *ctmp)
558 struct rsc *new = container_of(cnew, struct rsc, h);
559 struct rsc *tmp = container_of(ctmp, struct rsc, h);
561 __rsc_init(new, tmp);
564 static void update_rsc(struct cache_head *cnew, struct cache_head *ctmp)
566 struct rsc *new = container_of(cnew, struct rsc, h);
567 struct rsc *tmp = container_of(ctmp, struct rsc, h);
569 __rsc_update(new, tmp);
572 static struct cache_head * rsc_alloc(void)
583 static int rsc_parse(struct cache_detail *cd, char *mesg, int mlen)
586 int len, rv, tmp_int;
587 struct rsc rsci, *rscp = NULL;
589 int status = -EINVAL;
590 struct gss_api_mech *gm = NULL;
592 memset(&rsci, 0, sizeof(rsci));
595 len = qword_get(&mesg, buf, mlen);
596 if (len < 0) goto out;
598 if (rawobj_alloc(&rsci.handle, buf, len))
603 expiry = get_expiry(&mesg);
609 rv = get_int(&mesg, &tmp_int);
611 CERROR("fail to get remote flag\n");
614 rsci.ctx.gsc_remote = (tmp_int != 0);
617 rv = get_int(&mesg, &tmp_int);
619 CERROR("fail to get root user flag\n");
622 rsci.ctx.gsc_usr_root = (tmp_int != 0);
625 rv = get_int(&mesg, &tmp_int);
627 CERROR("fail to get mds user flag\n");
630 rsci.ctx.gsc_usr_mds = (tmp_int != 0);
633 rv = get_int(&mesg, &tmp_int);
635 CERROR("fail to get oss user flag\n");
638 rsci.ctx.gsc_usr_oss = (tmp_int != 0);
641 rv = get_int(&mesg, (int *) &rsci.ctx.gsc_mapped_uid);
643 CERROR("fail to get mapped uid\n");
647 rscp = rsc_lookup(&rsci);
651 /* uid, or NEGATIVE */
652 rv = get_int(&mesg, (int *) &rsci.ctx.gsc_uid);
656 CERROR("NOENT? set rsc entry negative\n");
657 set_bit(CACHE_NEGATIVE, &rsci.h.flags);
663 if (get_int(&mesg, (int *) &rsci.ctx.gsc_gid))
667 len = qword_get(&mesg, buf, mlen);
670 gm = lgss_name_to_mech(buf);
671 status = -EOPNOTSUPP;
676 /* mech-specific data: */
677 len = qword_get(&mesg, buf, mlen);
682 tmp_buf.data = (unsigned char *)buf;
683 if (lgss_import_sec_context(&tmp_buf, gm,
684 &rsci.ctx.gsc_mechctx))
687 /* set to seconds since machine booted */
688 expiry = ktime_get_seconds();
690 /* currently the expiry time passed down from user-space
691 * is invalid, here we retrive it from mech.
693 if (lgss_inquire_context(rsci.ctx.gsc_mechctx, &ctx_expiry)) {
694 CERROR("unable to get expire time, drop it\n");
698 /* ctx_expiry is the number of seconds since Jan 1 1970.
699 * We want just the number of seconds into the future.
701 expiry += ctx_expiry - ktime_get_real_seconds();
704 rsci.h.expiry_time = expiry;
705 rscp = rsc_update(&rsci, rscp);
712 cache_put(&rscp->h, &rsc_cache);
717 CERROR("parse rsc error %d\n", status);
721 static struct cache_detail rsc_cache = {
722 .hash_size = RSC_HASHMAX,
723 .hash_table = rsc_table,
724 .name = "auth.sptlrpc.context",
725 .cache_put = rsc_put,
726 .cache_parse = rsc_parse,
729 .update = update_rsc,
733 static struct rsc *rsc_lookup(struct rsc *item)
735 struct cache_head *ch;
736 int hash = rsc_hash(item);
738 ch = sunrpc_cache_lookup(&rsc_cache, &item->h, hash);
740 return container_of(ch, struct rsc, h);
745 static struct rsc *rsc_update(struct rsc *new, struct rsc *old)
747 struct cache_head *ch;
748 int hash = rsc_hash(new);
750 ch = sunrpc_cache_update(&rsc_cache, &new->h, &old->h, hash);
752 return container_of(ch, struct rsc, h);
757 #define COMPAT_RSC_PUT(item, cd) cache_put((item), (cd))
759 /****************************************
761 ****************************************/
763 static struct rsc *gss_svc_searchbyctx(rawobj_t *handle)
768 memset(&rsci, 0, sizeof(rsci));
769 if (rawobj_dup(&rsci.handle, handle))
772 found = rsc_lookup(&rsci);
776 if (cache_check(&rsc_cache, &found->h, NULL))
781 int gss_svc_upcall_install_rvs_ctx(struct obd_import *imp,
782 struct gss_sec *gsec,
783 struct gss_cli_ctx *gctx)
785 struct rsc rsci, *rscp = NULL;
791 memset(&rsci, 0, sizeof(rsci));
793 if (rawobj_alloc(&rsci.handle, (char *) &gsec->gs_rvs_hdl,
794 sizeof(gsec->gs_rvs_hdl)))
795 GOTO(out, rc = -ENOMEM);
797 rscp = rsc_lookup(&rsci);
799 GOTO(out, rc = -ENOMEM);
801 major = lgss_copy_reverse_context(gctx->gc_mechctx,
802 &rsci.ctx.gsc_mechctx);
803 if (major != GSS_S_COMPLETE)
804 GOTO(out, rc = -ENOMEM);
806 if (lgss_inquire_context(rsci.ctx.gsc_mechctx, &ctx_expiry)) {
807 CERROR("unable to get expire time, drop it\n");
808 GOTO(out, rc = -EINVAL);
810 rsci.h.expiry_time = ctx_expiry;
812 switch (imp->imp_obd->u.cli.cl_sp_to) {
814 rsci.ctx.gsc_usr_mds = 1;
817 rsci.ctx.gsc_usr_oss = 1;
820 rsci.ctx.gsc_usr_root = 1;
823 /* by convention, all 3 set to 1 means MGS */
824 rsci.ctx.gsc_usr_mds = 1;
825 rsci.ctx.gsc_usr_oss = 1;
826 rsci.ctx.gsc_usr_root = 1;
832 rscp = rsc_update(&rsci, rscp);
834 GOTO(out, rc = -ENOMEM);
836 rscp->target = imp->imp_obd;
837 rawobj_dup(&gctx->gc_svc_handle, &rscp->handle);
839 CWARN("create reverse svc ctx %p to %s: idx %#llx\n",
840 &rscp->ctx, obd2cli_tgt(imp->imp_obd), gsec->gs_rvs_hdl);
844 cache_put(&rscp->h, &rsc_cache);
848 CERROR("create reverse svc ctx: idx %#llx, rc %d\n",
849 gsec->gs_rvs_hdl, rc);
853 int gss_svc_upcall_expire_rvs_ctx(rawobj_t *handle)
855 const time64_t expire = 20;
858 rscp = gss_svc_searchbyctx(handle);
860 CDEBUG(D_SEC, "reverse svcctx %p (rsc %p) expire soon\n",
863 rscp->h.expiry_time = ktime_get_real_seconds() + expire;
864 COMPAT_RSC_PUT(&rscp->h, &rsc_cache);
869 int gss_svc_upcall_dup_handle(rawobj_t *handle, struct gss_svc_ctx *ctx)
871 struct rsc *rscp = container_of(ctx, struct rsc, ctx);
873 return rawobj_dup(handle, &rscp->handle);
876 int gss_svc_upcall_update_sequence(rawobj_t *handle, __u32 seq)
880 rscp = gss_svc_searchbyctx(handle);
882 CDEBUG(D_SEC, "reverse svcctx %p (rsc %p) update seq to %u\n",
883 &rscp->ctx, rscp, seq + 1);
885 rscp->ctx.gsc_rvs_seq = seq + 1;
886 COMPAT_RSC_PUT(&rscp->h, &rsc_cache);
891 static struct cache_deferred_req* cache_upcall_defer(struct cache_req *req)
895 static struct cache_req cache_upcall_chandle = { cache_upcall_defer };
897 int gss_svc_upcall_handle_init(struct ptlrpc_request *req,
898 struct gss_svc_reqctx *grctx,
899 struct gss_wire_ctx *gw,
900 struct obd_device *target,
905 struct ptlrpc_reply_state *rs;
906 struct rsc *rsci = NULL;
907 struct rsi *rsip = NULL, rsikey;
908 wait_queue_entry_t wait;
909 int replen = sizeof(struct ptlrpc_body);
910 struct gss_rep_header *rephdr;
912 int rc = SECSVC_DROP;
913 struct lnet_nid primary;
916 memset(&rsikey, 0, sizeof(rsikey));
917 rsikey.lustre_svc = lustre_svc;
918 /* In case of MR, rq_peer is not the NID from which request is received,
919 * but primary NID of peer.
920 * So we need LNetPrimaryNID(rq_source) to match what the clients uses.
922 lnet_nid4_to_nid(req->rq_source.nid, &primary);
923 LNetPrimaryNID(&primary);
924 rsikey.nid4 = lnet_nid_to_nid4(&primary);
925 nodemap_test_nid(lnet_nid_to_nid4(&req->rq_peer.nid), rsikey.nm_name,
926 sizeof(rsikey.nm_name));
928 /* duplicate context handle. for INIT it always 0 */
929 if (rawobj_dup(&rsikey.in_handle, &gw->gw_handle)) {
930 CERROR("fail to dup context handle\n");
934 if (rawobj_dup(&rsikey.in_token, in_token)) {
935 CERROR("can't duplicate token\n");
936 rawobj_free(&rsikey.in_handle);
940 rsip = rsi_lookup(&rsikey);
943 CERROR("error in rsi_lookup.\n");
945 if (!gss_pack_err_notify(req, GSS_S_FAILURE, 0))
946 rc = SECSVC_COMPLETE;
951 cache_get(&rsip->h); /* take an extra ref */
953 add_wait_queue(&rsip->waitq, &wait);
956 /* Note each time cache_check() will drop a reference if return
957 * non-zero. We hold an extra reference on initial rsip, but must
958 * take care of following calls. */
959 rc = cache_check(&rsi_cache, &rsip->h, &cache_upcall_chandle);
968 cache_read_lock(&rsi_cache);
969 valid = test_bit(CACHE_VALID, &rsip->h.flags);
971 set_current_state(TASK_INTERRUPTIBLE);
972 cache_read_unlock(&rsi_cache);
975 unsigned long timeout;
977 timeout = cfs_time_seconds(GSS_SVC_UPCALL_TIMEOUT);
978 schedule_timeout(timeout);
983 CWARN("waited %ds timeout, drop\n", GSS_SVC_UPCALL_TIMEOUT);
987 CDEBUG(D_SEC, "cache_check return ENOENT, drop\n");
990 /* if not the first check, we have to release the extra
991 * reference we just added on it. */
993 cache_put(&rsip->h, &rsi_cache);
994 CDEBUG(D_SEC, "cache_check is good\n");
998 remove_wait_queue(&rsip->waitq, &wait);
999 cache_put(&rsip->h, &rsi_cache);
1002 GOTO(out, rc = SECSVC_DROP);
1005 rsci = gss_svc_searchbyctx(&rsip->out_handle);
1007 CERROR("authentication failed\n");
1009 /* gss mechanism returned major and minor code so we return
1010 * those in error message */
1011 if (!gss_pack_err_notify(req, rsip->major_status,
1012 rsip->minor_status))
1013 rc = SECSVC_COMPLETE;
1017 cache_get(&rsci->h);
1018 grctx->src_ctx = &rsci->ctx;
1021 if (gw->gw_flags & LUSTRE_GSS_PACK_KCSUM) {
1022 grctx->src_ctx->gsc_mechctx->hash_func = gss_digest_hash;
1023 } else if (!strcmp(grctx->src_ctx->gsc_mechctx->mech_type->gm_name,
1025 !krb5_allow_old_client_csum) {
1026 CWARN("%s: deny connection from '%s' due to missing 'krb_csum' feature, set 'sptlrpc.gss.krb5_allow_old_client_csum=1' to allow, but recommend client upgrade: rc = %d\n",
1027 target->obd_name, libcfs_nidstr(&req->rq_peer.nid),
1029 GOTO(out, rc = SECSVC_DROP);
1031 grctx->src_ctx->gsc_mechctx->hash_func =
1032 gss_digest_hash_compat;
1035 if (rawobj_dup(&rsci->ctx.gsc_rvs_hdl, rvs_hdl)) {
1036 CERROR("failed duplicate reverse handle\n");
1040 rsci->target = target;
1042 CDEBUG(D_SEC, "server create rsc %p(%u->%s)\n",
1043 rsci, rsci->ctx.gsc_uid, libcfs_nidstr(&req->rq_peer.nid));
1045 if (rsip->out_handle.len > PTLRPC_GSS_MAX_HANDLE_SIZE) {
1046 CERROR("handle size %u too large\n", rsip->out_handle.len);
1047 GOTO(out, rc = SECSVC_DROP);
1050 grctx->src_init = 1;
1051 grctx->src_reserve_len = round_up(rsip->out_token.len, 4);
1053 rc = lustre_pack_reply_v2(req, 1, &replen, NULL, 0);
1055 CERROR("failed to pack reply: %d\n", rc);
1056 GOTO(out, rc = SECSVC_DROP);
1059 rs = req->rq_reply_state;
1060 LASSERT(rs->rs_repbuf->lm_bufcount == 3);
1061 LASSERT(rs->rs_repbuf->lm_buflens[0] >=
1062 sizeof(*rephdr) + rsip->out_handle.len);
1063 LASSERT(rs->rs_repbuf->lm_buflens[2] >= rsip->out_token.len);
1065 rephdr = lustre_msg_buf(rs->rs_repbuf, 0, 0);
1066 rephdr->gh_version = PTLRPC_GSS_VERSION;
1067 rephdr->gh_flags = 0;
1068 rephdr->gh_proc = PTLRPC_GSS_PROC_ERR;
1069 rephdr->gh_major = rsip->major_status;
1070 rephdr->gh_minor = rsip->minor_status;
1071 rephdr->gh_seqwin = GSS_SEQ_WIN;
1072 rephdr->gh_handle.len = rsip->out_handle.len;
1073 memcpy(rephdr->gh_handle.data, rsip->out_handle.data,
1074 rsip->out_handle.len);
1076 memcpy(lustre_msg_buf(rs->rs_repbuf, 2, 0), rsip->out_token.data,
1077 rsip->out_token.len);
1079 rs->rs_repdata_len = lustre_shrink_msg(rs->rs_repbuf, 2,
1080 rsip->out_token.len, 0);
1085 /* it looks like here we should put rsip also, but this mess up
1086 * with NFS cache mgmt code... FIXME
1089 * rsi_put(&rsip->h, &rsi_cache); */
1092 /* if anything went wrong, we don't keep the context too */
1093 if (rc != SECSVC_OK)
1094 set_bit(CACHE_NEGATIVE, &rsci->h.flags);
1096 CDEBUG(D_SEC, "create rsc with idx %#llx\n",
1097 gss_handle_to_u64(&rsci->handle));
1099 COMPAT_RSC_PUT(&rsci->h, &rsc_cache);
1104 struct gss_svc_ctx *gss_svc_upcall_get_ctx(struct ptlrpc_request *req,
1105 struct gss_wire_ctx *gw)
1109 rsc = gss_svc_searchbyctx(&gw->gw_handle);
1111 CWARN("Invalid gss ctx idx %#llx from %s\n",
1112 gss_handle_to_u64(&gw->gw_handle),
1113 libcfs_nidstr(&req->rq_peer.nid));
1120 void gss_svc_upcall_put_ctx(struct gss_svc_ctx *ctx)
1122 struct rsc *rsc = container_of(ctx, struct rsc, ctx);
1124 COMPAT_RSC_PUT(&rsc->h, &rsc_cache);
1127 void gss_svc_upcall_destroy_ctx(struct gss_svc_ctx *ctx)
1129 struct rsc *rsc = container_of(ctx, struct rsc, ctx);
1131 /* can't be found */
1132 set_bit(CACHE_NEGATIVE, &rsc->h.flags);
1133 /* to be removed at next scan */
1134 rsc->h.expiry_time = 1;
1137 int __init gss_init_svc_upcall(void)
1142 * this helps reducing context index confliction. after server reboot,
1143 * conflicting request from clients might be filtered out by initial
1144 * sequence number checking, thus no chance to sent error notification
1147 get_random_bytes(&__ctx_index, sizeof(__ctx_index));
1149 #ifdef HAVE_CACHE_HEAD_HLIST
1150 for (i = 0; i < rsi_cache.hash_size; i++)
1151 INIT_HLIST_HEAD(&rsi_cache.hash_table[i]);
1153 rc = cache_register_net(&rsi_cache, &init_net);
1157 #ifdef HAVE_CACHE_HEAD_HLIST
1158 for (i = 0; i < rsc_cache.hash_size; i++)
1159 INIT_HLIST_HEAD(&rsc_cache.hash_table[i]);
1161 rc = cache_register_net(&rsc_cache, &init_net);
1163 cache_unregister_net(&rsi_cache, &init_net);
1167 /* FIXME this looks stupid. we intend to give lsvcgssd a chance to open
1168 * the init upcall channel, otherwise there's big chance that the first
1169 * upcall issued before the channel be opened thus nfsv4 cache code will
1170 * drop the request directly, thus lead to unnecessary recovery time.
1171 * Here we wait at minimum 1.5 seconds.
1173 for (i = 0; i < 6; i++) {
1174 if (channel_users(&rsi_cache) > 0)
1176 schedule_timeout_uninterruptible(cfs_time_seconds(1) / 4);
1179 if (channel_users(&rsi_cache) == 0)
1181 "Init channel is not opened by lsvcgssd, following request might be dropped until lsvcgssd is active\n");
1186 void gss_exit_svc_upcall(void)
1188 cache_purge(&rsi_cache);
1189 cache_unregister_net(&rsi_cache, &init_net);
1191 cache_purge(&rsc_cache);
1192 cache_unregister_net(&rsc_cache, &init_net);
git://git.whamcloud.com / fs / lustre-release.git / blob