Whamcloud - gitweb
LU-14929 gss: detect libkeyutils dependency
[fs/lustre-release.git] / lustre / ptlrpc / gss / lproc_gss.c
1 /*
2  * GPL HEADER START
3  *
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 only,
8  * as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but
11  * WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * General Public License version 2 for more details (a copy is included
14  * in the LICENSE file that accompanied this code).
15  *
16  * You should have received a copy of the GNU General Public License
17  * version 2 along with this program; If not, see
18  * http://www.gnu.org/licenses/gpl-2.0.html
19  *
20  * GPL HEADER END
21  */
22 /*
23  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Copyright (c) 2012, 2016, Intel Corporation.
27  */
28 /*
29  * This file is part of Lustre, http://www.lustre.org/
30  */
31
32 #define DEBUG_SUBSYSTEM S_SEC
33 #include <linux/init.h>
34 #include <linux/module.h>
35 #include <linux/slab.h>
36 #include <linux/dcache.h>
37 #include <linux/fs.h>
38 #include <linux/mutex.h>
39
40 #include <obd.h>
41 #include <obd_class.h>
42 #include <obd_support.h>
43 #include <lustre_net.h>
44 #include <lustre_import.h>
45 #include <lprocfs_status.h>
46 #include <lustre_sec.h>
47
48 #include "gss_err.h"
49 #include "gss_internal.h"
50 #include "gss_api.h"
51
52 static struct dentry *gss_debugfs_dir_lk;
53 static struct dentry *gss_debugfs_dir;
54 static struct proc_dir_entry *gss_lprocfs_dir;
55
56 /*
57  * statistic of "out-of-sequence-window"
58  */
59 static struct {
60         spinlock_t      oos_lock;
61         atomic_t        oos_cli_count;          /* client occurrence */
62         int             oos_cli_behind;         /* client max seqs behind */
63         atomic_t        oos_svc_replay[3];      /* server replay detected */
64         atomic_t        oos_svc_pass[3];        /* server verified ok */
65 } gss_stat_oos = {
66         .oos_cli_count  = ATOMIC_INIT(0),
67         .oos_cli_behind = 0,
68         .oos_svc_replay = { ATOMIC_INIT(0), },
69         .oos_svc_pass   = { ATOMIC_INIT(0), },
70 };
71
72 void gss_stat_oos_record_cli(int behind)
73 {
74         atomic_inc(&gss_stat_oos.oos_cli_count);
75
76         spin_lock(&gss_stat_oos.oos_lock);
77         if (behind > gss_stat_oos.oos_cli_behind)
78                 gss_stat_oos.oos_cli_behind = behind;
79         spin_unlock(&gss_stat_oos.oos_lock);
80 }
81
82 void gss_stat_oos_record_svc(int phase, int replay)
83 {
84         LASSERT(phase >= 0 && phase <= 2);
85
86         if (replay)
87                 atomic_inc(&gss_stat_oos.oos_svc_replay[phase]);
88         else
89                 atomic_inc(&gss_stat_oos.oos_svc_pass[phase]);
90 }
91
92 static int gss_proc_oos_seq_show(struct seq_file *m, void *v)
93 {
94         seq_printf(m, "seqwin:             %u\n"
95                    "backwin:            %u\n"
96                    "client fall behind seqwin\n"
97                    "  occurrence:       %d\n"
98                    "  max seq behind:   %d\n"
99                    "server replay detected:\n"
100                    "  phase 0:          %d\n"
101                    "  phase 1:          %d\n"
102                    "  phase 2:          %d\n"
103                    "server verify ok:\n"
104                    "  phase 2:          %d\n",
105                    GSS_SEQ_WIN_MAIN,
106                    GSS_SEQ_WIN_BACK,
107                    atomic_read(&gss_stat_oos.oos_cli_count),
108                    gss_stat_oos.oos_cli_behind,
109                    atomic_read(&gss_stat_oos.oos_svc_replay[0]),
110                    atomic_read(&gss_stat_oos.oos_svc_replay[1]),
111                    atomic_read(&gss_stat_oos.oos_svc_replay[2]),
112                    atomic_read(&gss_stat_oos.oos_svc_pass[2]));
113         return 0;
114 }
115 LDEBUGFS_SEQ_FOPS_RO(gss_proc_oos);
116
117 static ssize_t
118 gss_proc_write_secinit(struct file *file, const char *buffer,
119                                   size_t count, loff_t *off)
120 {
121         int rc;
122
123         rc = gss_do_ctx_init_rpc((char *) buffer, count);
124         if (rc) {
125                 LASSERT(rc < 0);
126                 return rc;
127         }
128         return count;
129 }
130
131 static const struct file_operations gss_proc_secinit = {
132         .write = gss_proc_write_secinit,
133 };
134
135 int sptlrpc_krb5_allow_old_client_csum_seq_show(struct seq_file *m, void *data)
136 {
137         seq_printf(m, "%u\n", krb5_allow_old_client_csum);
138         return 0;
139 }
140
141 ssize_t sptlrpc_krb5_allow_old_client_csum_seq_write(struct file *file,
142                                                      const char __user *buffer,
143                                                      size_t count, loff_t *off)
144 {
145         bool val;
146         int rc;
147
148         rc = kstrtobool_from_user(buffer, count, &val);
149         if (rc)
150                 return rc;
151
152         krb5_allow_old_client_csum = val;
153         return count;
154 }
155 LPROC_SEQ_FOPS(sptlrpc_krb5_allow_old_client_csum);
156
157 #ifdef HAVE_GSS_KEYRING
158 int sptlrpc_gss_check_upcall_ns_seq_show(struct seq_file *m, void *data)
159 {
160         seq_printf(m, "%u\n", gss_check_upcall_ns);
161         return 0;
162 }
163
164 ssize_t sptlrpc_gss_check_upcall_ns_seq_write(struct file *file,
165                                               const char __user *buffer,
166                                               size_t count, loff_t *off)
167 {
168         bool val;
169         int rc;
170
171         rc = kstrtobool_from_user(buffer, count, &val);
172         if (rc)
173                 return rc;
174
175         gss_check_upcall_ns = val;
176         return count;
177 }
178 LPROC_SEQ_FOPS(sptlrpc_gss_check_upcall_ns);
179 #endif /* HAVE_GSS_KEYRING */
180
181 static struct ldebugfs_vars gss_debugfs_vars[] = {
182         { .name =       "replays",
183           .fops =       &gss_proc_oos_fops      },
184         { .name =       "init_channel",
185           .fops =       &gss_proc_secinit,
186           .proc_mode =  0222                    },
187         { NULL }
188 };
189
190 static struct lprocfs_vars gss_lprocfs_vars[] = {
191         { .name =       "krb5_allow_old_client_csum",
192           .fops =       &sptlrpc_krb5_allow_old_client_csum_fops },
193 #ifdef HAVE_GSS_KEYRING
194         { .name =       "gss_check_upcall_ns",
195           .fops =       &sptlrpc_gss_check_upcall_ns_fops },
196 #endif
197         { NULL }
198 };
199
200 /*
201  * for userspace helper lgss_keyring.
202  *
203  * debug_level: [0, 4], defined in utils/gss/lgss_utils.h
204  */
205 static int gss_lk_debug_level = 1;
206
207 static int gss_lk_proc_dl_seq_show(struct seq_file *m, void *v)
208 {
209         seq_printf(m, "%u\n", gss_lk_debug_level);
210         return 0;
211 }
212
213 static ssize_t
214 gss_lk_proc_dl_seq_write(struct file *file, const char __user *buffer,
215                                 size_t count, loff_t *off)
216 {
217         unsigned int val;
218         int rc;
219
220         rc = kstrtouint_from_user(buffer, count, 0, &val);
221         if (rc < 0)
222                 return rc;
223
224         if (val > 4)
225                 return -ERANGE;
226
227         gss_lk_debug_level = val;
228
229         return count;
230 }
231 LDEBUGFS_SEQ_FOPS(gss_lk_proc_dl);
232
233 static struct ldebugfs_vars gss_lk_debugfs_vars[] = {
234         { .name =       "debug_level",
235           .fops =       &gss_lk_proc_dl_fops    },
236         { NULL }
237 };
238
239 void gss_exit_tunables(void)
240 {
241         debugfs_remove_recursive(gss_debugfs_dir_lk);
242         gss_debugfs_dir_lk = NULL;
243
244         debugfs_remove_recursive(gss_debugfs_dir);
245         gss_debugfs_dir = NULL;
246
247         if (!IS_ERR_OR_NULL(gss_lprocfs_dir))
248                 lprocfs_remove(&gss_lprocfs_dir);
249 }
250
251 int gss_init_tunables(void)
252 {
253         int     rc;
254
255         spin_lock_init(&gss_stat_oos.oos_lock);
256
257         gss_debugfs_dir = debugfs_create_dir("gss", sptlrpc_debugfs_dir);
258         ldebugfs_add_vars(gss_debugfs_dir, gss_debugfs_vars, NULL);
259
260         gss_debugfs_dir_lk = debugfs_create_dir("lgss_keyring",
261                                                 gss_debugfs_dir);
262         ldebugfs_add_vars(gss_debugfs_dir_lk, gss_lk_debugfs_vars, NULL);
263
264         gss_lprocfs_dir = lprocfs_register("gss", sptlrpc_lprocfs_dir,
265                                            gss_lprocfs_vars, NULL);
266         if (IS_ERR_OR_NULL(gss_lprocfs_dir)) {
267                 rc = gss_lprocfs_dir ? PTR_ERR(gss_lprocfs_dir) : -ENOMEM;
268                 gss_lprocfs_dir = NULL;
269                 GOTO(out, rc);
270         }
271
272         return 0;
273
274 out:
275         CERROR("failed to initialize gss lproc entries: %d\n", rc);
276         gss_exit_tunables();
277         return rc;
278 }