1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004-2007 Cluster File Systems, Inc.
5 * Author: Eric Mei <ericm@clusterfs.com>
7 * This file is part of Lustre, http://www.lustre.org.
9 * Lustre is free software; you can redistribute it and/or
10 * modify it under the terms of version 2 of the GNU General Public
11 * License as published by the Free Software Foundation.
13 * Lustre is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with Lustre; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DEBUG_SUBSYSTEM S_SEC
28 #include <libcfs/libcfs.h>
30 #include <liblustre.h>
31 #include <libcfs/list.h>
33 #include <linux/crypto.h>
34 #include <linux/key.h>
38 #include <obd_class.h>
39 #include <obd_support.h>
40 #include <lustre_net.h>
41 #include <lustre_import.h>
42 #include <lustre_dlm.h>
43 #include <lustre_sec.h>
45 #include "ptlrpc_internal.h"
47 /***********************************************
49 ***********************************************/
51 static rwlock_t policy_lock = RW_LOCK_UNLOCKED;
52 static struct ptlrpc_sec_policy *policies[SPTLRPC_POLICY_MAX] = {
56 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy)
58 __u16 number = policy->sp_policy;
60 LASSERT(policy->sp_name);
61 LASSERT(policy->sp_cops);
62 LASSERT(policy->sp_sops);
64 if (number >= SPTLRPC_POLICY_MAX)
67 write_lock(&policy_lock);
68 if (unlikely(policies[number])) {
69 write_unlock(&policy_lock);
72 policies[number] = policy;
73 write_unlock(&policy_lock);
75 CDEBUG(D_SEC, "%s: registered\n", policy->sp_name);
78 EXPORT_SYMBOL(sptlrpc_register_policy);
80 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy)
82 __u16 number = policy->sp_policy;
84 LASSERT(number < SPTLRPC_POLICY_MAX);
86 write_lock(&policy_lock);
87 if (unlikely(policies[number] == NULL)) {
88 write_unlock(&policy_lock);
89 CERROR("%s: already unregistered\n", policy->sp_name);
93 LASSERT(policies[number] == policy);
94 policies[number] = NULL;
95 write_unlock(&policy_lock);
97 CDEBUG(D_SEC, "%s: unregistered\n", policy->sp_name);
100 EXPORT_SYMBOL(sptlrpc_unregister_policy);
103 struct ptlrpc_sec_policy * sptlrpc_rpcflavor2policy(__u16 flavor)
105 static DECLARE_MUTEX(load_mutex);
106 static atomic_t loaded = ATOMIC_INIT(0);
107 struct ptlrpc_sec_policy *policy;
108 __u16 number = RPC_FLVR_POLICY(flavor), flag = 0;
110 if (number >= SPTLRPC_POLICY_MAX)
114 read_lock(&policy_lock);
115 policy = policies[number];
116 if (policy && !try_module_get(policy->sp_owner))
119 flag = atomic_read(&loaded);
120 read_unlock(&policy_lock);
122 /* if failure, try to load gss module, once */
123 if (unlikely(policy == NULL) && flag == 0 &&
124 number == SPTLRPC_POLICY_GSS) {
125 mutex_down(&load_mutex);
126 if (atomic_read(&loaded) == 0) {
127 if (request_module("ptlrpc_gss") != 0)
128 CERROR("Unable to load module ptlrpc_gss\n");
130 CWARN("module ptlrpc_gss loaded on demand\n");
132 atomic_set(&loaded, 1);
134 mutex_up(&load_mutex);
142 __u16 sptlrpc_name2rpcflavor(const char *name)
144 if (!strcmp(name, "null"))
145 return SPTLRPC_FLVR_NULL;
146 if (!strcmp(name, "plain"))
147 return SPTLRPC_FLVR_PLAIN;
148 if (!strcmp(name, "krb5n"))
149 return SPTLRPC_FLVR_KRB5N;
150 if (!strcmp(name, "krb5i"))
151 return SPTLRPC_FLVR_KRB5I;
152 if (!strcmp(name, "krb5p"))
153 return SPTLRPC_FLVR_KRB5P;
155 return SPTLRPC_FLVR_INVALID;
157 EXPORT_SYMBOL(sptlrpc_name2rpcflavor);
159 const char *sptlrpc_rpcflavor2name(__u16 flavor)
162 case SPTLRPC_FLVR_NULL:
164 case SPTLRPC_FLVR_PLAIN:
166 case SPTLRPC_FLVR_KRB5N:
168 case SPTLRPC_FLVR_KRB5A:
170 case SPTLRPC_FLVR_KRB5I:
172 case SPTLRPC_FLVR_KRB5P:
175 CERROR("invalid rpc flavor 0x%x(p%u,s%u,v%u)\n", flavor,
176 RPC_FLVR_POLICY(flavor), RPC_FLVR_MECH(flavor),
177 RPC_FLVR_SVC(flavor));
181 EXPORT_SYMBOL(sptlrpc_rpcflavor2name);
183 int sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize)
187 if (sf->sf_bulk_ciph != BULK_CIPH_ALG_NULL)
189 else if (sf->sf_bulk_hash != BULK_HASH_ALG_NULL)
194 snprintf(buf, bufsize, "%s-%s:%s/%s",
195 sptlrpc_rpcflavor2name(sf->sf_rpc), bulk,
196 sptlrpc_get_hash_name(sf->sf_bulk_hash),
197 sptlrpc_get_ciph_name(sf->sf_bulk_ciph));
200 EXPORT_SYMBOL(sptlrpc_flavor2name);
202 /**************************************************
203 * client context APIs *
204 **************************************************/
207 struct ptlrpc_cli_ctx *get_my_ctx(struct ptlrpc_sec *sec)
209 struct vfs_cred vcred;
210 int create = 1, remove_dead = 1;
213 LASSERT(sec->ps_policy->sp_cops->lookup_ctx);
215 if (sec->ps_flvr.sf_flags & (PTLRPC_SEC_FL_REVERSE |
216 PTLRPC_SEC_FL_ROOTONLY)) {
219 if (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE) {
224 vcred.vc_uid = cfs_current()->uid;
225 vcred.vc_gid = cfs_current()->gid;
228 return sec->ps_policy->sp_cops->lookup_ctx(sec, &vcred,
229 create, remove_dead);
232 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx)
234 LASSERT(atomic_read(&ctx->cc_refcount) > 0);
235 atomic_inc(&ctx->cc_refcount);
238 EXPORT_SYMBOL(sptlrpc_cli_ctx_get);
240 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync)
242 struct ptlrpc_sec *sec = ctx->cc_sec;
245 LASSERT(atomic_read(&ctx->cc_refcount));
247 if (!atomic_dec_and_test(&ctx->cc_refcount))
250 sec->ps_policy->sp_cops->release_ctx(sec, ctx, sync);
252 EXPORT_SYMBOL(sptlrpc_cli_ctx_put);
255 * expire the context immediately.
256 * the caller must hold at least 1 ref on the ctx.
258 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx)
260 LASSERT(ctx->cc_ops->die);
261 ctx->cc_ops->die(ctx, 0);
263 EXPORT_SYMBOL(sptlrpc_cli_ctx_expire);
265 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx)
267 struct ptlrpc_request *req, *next;
269 spin_lock(&ctx->cc_lock);
270 list_for_each_entry_safe(req, next, &ctx->cc_req_list, rq_ctx_chain) {
271 list_del_init(&req->rq_ctx_chain);
272 ptlrpc_wake_client_req(req);
274 spin_unlock(&ctx->cc_lock);
276 EXPORT_SYMBOL(sptlrpc_cli_ctx_wakeup);
278 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize)
280 LASSERT(ctx->cc_ops);
282 if (ctx->cc_ops->display == NULL)
285 return ctx->cc_ops->display(ctx, buf, bufsize);
288 static int sptlrpc_import_sec_check_expire(struct obd_import *imp)
292 spin_lock(&imp->imp_lock);
293 if (imp->imp_sec_expire &&
294 imp->imp_sec_expire < cfs_time_current_sec()) {
296 imp->imp_sec_expire = 0;
298 spin_unlock(&imp->imp_lock);
303 CDEBUG(D_SEC, "found delayed sec adapt expired, do it now\n");
304 return sptlrpc_import_sec_adapt(imp, NULL, 0);
307 int sptlrpc_req_get_ctx(struct ptlrpc_request *req)
309 struct obd_import *imp = req->rq_import;
310 struct ptlrpc_sec *sec;
314 LASSERT(!req->rq_cli_ctx);
317 if (unlikely(imp->imp_sec_expire)) {
318 rc = sptlrpc_import_sec_check_expire(imp);
323 sec = sptlrpc_import_sec_ref(imp);
325 CERROR("import %p (%s) with no ptlrpc_sec\n",
326 imp, ptlrpc_import_state_name(imp->imp_state));
330 if (unlikely(sec->ps_dying)) {
331 CERROR("attempt to use dying sec %p\n", sec);
335 req->rq_cli_ctx = get_my_ctx(sec);
337 sptlrpc_sec_put(sec);
339 if (!req->rq_cli_ctx) {
340 CERROR("req %p: fail to get context\n", req);
348 * if @sync == 0, this function should return quickly without sleep;
349 * otherwise might trigger ctx destroying rpc to server.
351 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync)
356 LASSERT(req->rq_cli_ctx);
358 /* request might be asked to release earlier while still
359 * in the context waiting list.
361 if (!list_empty(&req->rq_ctx_chain)) {
362 spin_lock(&req->rq_cli_ctx->cc_lock);
363 list_del_init(&req->rq_ctx_chain);
364 spin_unlock(&req->rq_cli_ctx->cc_lock);
367 sptlrpc_cli_ctx_put(req->rq_cli_ctx, sync);
368 req->rq_cli_ctx = NULL;
373 int sptlrpc_req_ctx_switch(struct ptlrpc_request *req,
374 struct ptlrpc_cli_ctx *oldctx,
375 struct ptlrpc_cli_ctx *newctx)
377 struct sptlrpc_flavor old_flvr;
382 if (likely(oldctx->cc_sec == newctx->cc_sec))
385 LASSERT(req->rq_reqmsg);
386 LASSERT(req->rq_reqlen);
387 LASSERT(req->rq_replen);
389 CWARN("req %p: switch ctx %p -> %p, switch sec %p(%s) -> %p(%s)\n",
391 oldctx->cc_sec, oldctx->cc_sec->ps_policy->sp_name,
392 newctx->cc_sec, newctx->cc_sec->ps_policy->sp_name);
395 old_flvr = req->rq_flvr;
397 /* save request message */
398 reqmsg_size = req->rq_reqlen;
399 OBD_ALLOC(reqmsg, reqmsg_size);
402 memcpy(reqmsg, req->rq_reqmsg, reqmsg_size);
404 /* release old req/rep buf */
405 req->rq_cli_ctx = oldctx;
406 sptlrpc_cli_free_reqbuf(req);
407 sptlrpc_cli_free_repbuf(req);
408 req->rq_cli_ctx = newctx;
410 /* recalculate the flavor */
411 sptlrpc_req_set_flavor(req, 0);
413 /* alloc new request buffer
414 * we don't need to alloc reply buffer here, leave it to the
415 * rest procedure of ptlrpc
417 rc = sptlrpc_cli_alloc_reqbuf(req, reqmsg_size);
419 LASSERT(req->rq_reqmsg);
420 memcpy(req->rq_reqmsg, reqmsg, reqmsg_size);
422 CWARN("failed to alloc reqbuf: %d\n", rc);
423 req->rq_flvr = old_flvr;
426 OBD_FREE(reqmsg, reqmsg_size);
431 * request must have a context. in any case of failure, restore the
432 * restore the old one. a request must have a ctx.
434 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req)
436 struct ptlrpc_cli_ctx *oldctx = req->rq_cli_ctx;
437 struct ptlrpc_cli_ctx *newctx;
442 LASSERT(test_bit(PTLRPC_CTX_DEAD_BIT, &oldctx->cc_flags));
444 sptlrpc_cli_ctx_get(oldctx);
445 sptlrpc_req_put_ctx(req, 0);
447 rc = sptlrpc_req_get_ctx(req);
449 LASSERT(!req->rq_cli_ctx);
451 /* restore old ctx */
452 req->rq_cli_ctx = oldctx;
456 newctx = req->rq_cli_ctx;
459 if (unlikely(newctx == oldctx)) {
461 * still get the old ctx, usually means system busy
463 CWARN("ctx (%p, fl %lx) doesn't switch, relax a little bit\n",
464 newctx, newctx->cc_flags);
466 schedule_timeout(HZ);
468 rc = sptlrpc_req_ctx_switch(req, oldctx, newctx);
470 /* restore old ctx */
471 sptlrpc_req_put_ctx(req, 0);
472 req->rq_cli_ctx = oldctx;
476 LASSERT(req->rq_cli_ctx == newctx);
479 sptlrpc_cli_ctx_put(oldctx, 1);
482 EXPORT_SYMBOL(sptlrpc_req_replace_dead_ctx);
485 int ctx_check_refresh(struct ptlrpc_cli_ctx *ctx)
487 if (cli_ctx_is_refreshed(ctx))
493 int ctx_refresh_timeout(void *data)
495 struct ptlrpc_request *req = data;
498 /* conn_cnt is needed in expire_one_request */
499 lustre_msg_set_conn_cnt(req->rq_reqmsg, req->rq_import->imp_conn_cnt);
501 rc = ptlrpc_expire_one_request(req);
502 /* if we started recovery, we should mark this ctx dead; otherwise
503 * in case of lgssd died nobody would retire this ctx, following
504 * connecting will still find the same ctx thus cause deadlock.
505 * there's an assumption that expire time of the request should be
506 * later than the context refresh expire time.
509 req->rq_cli_ctx->cc_ops->die(req->rq_cli_ctx, 0);
514 void ctx_refresh_interrupt(void *data)
516 struct ptlrpc_request *req = data;
518 spin_lock(&req->rq_lock);
520 spin_unlock(&req->rq_lock);
524 void req_off_ctx_list(struct ptlrpc_request *req, struct ptlrpc_cli_ctx *ctx)
526 spin_lock(&ctx->cc_lock);
527 if (!list_empty(&req->rq_ctx_chain))
528 list_del_init(&req->rq_ctx_chain);
529 spin_unlock(&ctx->cc_lock);
533 * the status of context could be subject to be changed by other threads at any
534 * time. we allow this race. but once we return with 0, the caller will
535 * suppose it's uptodated and keep using it until the owning rpc is done.
539 * = 0 - wait until success or fatal error occur
540 * > 0 - timeout value
542 * return 0 only if the context is uptodated.
544 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout)
546 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
547 struct l_wait_info lwi;
554 * during the process a request's context might change type even
555 * (e.g. from gss ctx to plain ctx), so each loop we need to re-check
559 /* skip special ctxs */
560 if (cli_ctx_is_eternal(ctx) || req->rq_ctx_init || req->rq_ctx_fini)
563 if (test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags)) {
564 LASSERT(ctx->cc_ops->refresh);
565 ctx->cc_ops->refresh(ctx);
567 LASSERT(test_bit(PTLRPC_CTX_NEW_BIT, &ctx->cc_flags) == 0);
569 LASSERT(ctx->cc_ops->validate);
570 if (ctx->cc_ops->validate(ctx) == 0) {
571 req_off_ctx_list(req, ctx);
575 if (unlikely(test_bit(PTLRPC_CTX_ERROR_BIT, &ctx->cc_flags))) {
577 req_off_ctx_list(req, ctx);
581 /* This is subtle. For resent message we have to keep original
582 * context to survive following situation:
583 * 1. the request sent to server
584 * 2. recovery was kick start
585 * 3. recovery finished, the request marked as resent
586 * 4. resend the request
587 * 5. old reply from server received (because xid is the same)
588 * 6. verify reply (has to be success)
589 * 7. new reply from server received, lnet drop it
591 * Note we can't simply change xid for resent request because
592 * server reply on it for reply reconstruction.
594 * Commonly the original context should be uptodate because we
595 * have a expiry nice time; And server will keep their half part
596 * context because we at least hold a ref of old context which
597 * prevent the context detroy RPC be sent. So server still can
598 * accept the request and finish RPC. Two cases:
599 * 1. If server side context has been trimed, a NO_CONTEXT will
600 * be returned, gss_cli_ctx_verify/unseal will switch to new
602 * 2. Current context never be refreshed, then we are fine: we
603 * never really send request with old context before.
605 if (test_bit(PTLRPC_CTX_UPTODATE_BIT, &ctx->cc_flags) &&
606 unlikely(req->rq_reqmsg) &&
607 lustre_msg_get_flags(req->rq_reqmsg) & MSG_RESENT) {
608 req_off_ctx_list(req, ctx);
612 if (unlikely(test_bit(PTLRPC_CTX_DEAD_BIT, &ctx->cc_flags))) {
613 rc = sptlrpc_req_replace_dead_ctx(req);
615 LASSERT(ctx == req->rq_cli_ctx);
616 CERROR("req %p: failed to replace dead ctx %p: %d\n",
619 LASSERT(list_empty(&req->rq_ctx_chain));
623 CWARN("req %p: replace dead ctx %p => ctx %p (%u->%s)\n",
624 req, ctx, req->rq_cli_ctx,
625 req->rq_cli_ctx->cc_vcred.vc_uid,
626 sec2target_str(req->rq_cli_ctx->cc_sec));
628 ctx = req->rq_cli_ctx;
629 LASSERT(list_empty(&req->rq_ctx_chain));
634 /* Now we're sure this context is during upcall, add myself into
637 spin_lock(&ctx->cc_lock);
638 if (list_empty(&req->rq_ctx_chain))
639 list_add(&req->rq_ctx_chain, &ctx->cc_req_list);
640 spin_unlock(&ctx->cc_lock);
643 RETURN(-EWOULDBLOCK);
646 /* Clear any flags that may be present from previous sends */
647 LASSERT(req->rq_receiving_reply == 0);
648 spin_lock(&req->rq_lock);
650 req->rq_timedout = 0;
653 spin_unlock(&req->rq_lock);
655 lwi = LWI_TIMEOUT_INTR(timeout * HZ, ctx_refresh_timeout,
656 ctx_refresh_interrupt, req);
657 rc = l_wait_event(req->rq_reply_waitq, ctx_check_refresh(ctx), &lwi);
659 /* following cases we could be here:
660 * - successfully refreshed;
662 * - timedout, and we don't want recover from the failure;
663 * - timedout, and waked up upon recovery finished;
664 * - someone else mark this ctx dead by force;
665 * - someone invalidate the req and call wake_client_req(),
666 * e.g. ptlrpc_abort_inflight();
668 if (!cli_ctx_is_refreshed(ctx)) {
669 /* timed out or interruptted */
670 req_off_ctx_list(req, ctx);
680 * Note this could be called in two situations:
681 * - new request from ptlrpc_pre_req(), with proper @opcode
682 * - old request which changed ctx in the middle, with @opcode == 0
684 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode)
686 struct ptlrpc_sec *sec;
688 LASSERT(req->rq_import);
689 LASSERT(req->rq_cli_ctx);
690 LASSERT(req->rq_cli_ctx->cc_sec);
691 LASSERT(req->rq_bulk_read == 0 || req->rq_bulk_write == 0);
693 /* special security flags accoding to opcode */
696 req->rq_bulk_read = 1;
699 req->rq_bulk_write = 1;
702 req->rq_ctx_init = 1;
705 req->rq_ctx_fini = 1;
708 /* init/fini rpc won't be resend, so can't be here */
709 LASSERT(req->rq_ctx_init == 0);
710 LASSERT(req->rq_ctx_fini == 0);
712 /* cleanup flags, which should be recalculated */
713 req->rq_pack_udesc = 0;
714 req->rq_pack_bulk = 0;
718 sec = req->rq_cli_ctx->cc_sec;
720 spin_lock(&sec->ps_lock);
721 req->rq_flvr = sec->ps_flvr;
722 spin_unlock(&sec->ps_lock);
724 /* force SVC_NULL for context initiation rpc, SVC_INTG for context
726 if (unlikely(req->rq_ctx_init))
727 rpc_flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_NULL);
728 else if (unlikely(req->rq_ctx_fini))
729 rpc_flvr_set_svc(&req->rq_flvr.sf_rpc, SPTLRPC_SVC_INTG);
731 /* user descriptor flag, null security can't do it anyway */
732 if ((sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_UDESC) &&
733 (req->rq_flvr.sf_rpc != SPTLRPC_FLVR_NULL))
734 req->rq_pack_udesc = 1;
736 /* bulk security flag */
737 if ((req->rq_bulk_read || req->rq_bulk_write) &&
738 (req->rq_flvr.sf_bulk_ciph != BULK_CIPH_ALG_NULL ||
739 req->rq_flvr.sf_bulk_hash != BULK_HASH_ALG_NULL))
740 req->rq_pack_bulk = 1;
743 void sptlrpc_request_out_callback(struct ptlrpc_request *req)
745 if (RPC_FLVR_SVC(req->rq_flvr.sf_rpc) != SPTLRPC_SVC_PRIV)
748 LASSERT(req->rq_clrbuf);
749 if (req->rq_pool || !req->rq_reqbuf)
752 OBD_FREE(req->rq_reqbuf, req->rq_reqbuf_len);
753 req->rq_reqbuf = NULL;
754 req->rq_reqbuf_len = 0;
758 * check whether current user have valid context for an import or not.
759 * might repeatedly try in case of non-fatal errors.
760 * return 0 on success, < 0 on failure
762 int sptlrpc_import_check_ctx(struct obd_import *imp)
764 struct ptlrpc_sec *sec;
765 struct ptlrpc_cli_ctx *ctx;
766 struct ptlrpc_request *req = NULL;
772 sec = sptlrpc_import_sec_ref(imp);
773 ctx = get_my_ctx(sec);
774 sptlrpc_sec_put(sec);
779 if (cli_ctx_is_eternal(ctx) ||
780 ctx->cc_ops->validate(ctx) == 0) {
781 sptlrpc_cli_ctx_put(ctx, 1);
789 spin_lock_init(&req->rq_lock);
790 atomic_set(&req->rq_refcount, 10000);
791 CFS_INIT_LIST_HEAD(&req->rq_ctx_chain);
792 init_waitqueue_head(&req->rq_reply_waitq);
793 req->rq_import = imp;
794 req->rq_cli_ctx = ctx;
796 rc = sptlrpc_req_refresh_ctx(req, 0);
797 LASSERT(list_empty(&req->rq_ctx_chain));
798 sptlrpc_cli_ctx_put(req->rq_cli_ctx, 1);
804 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req)
806 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
811 LASSERT(ctx->cc_sec);
812 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
814 /* we wrap bulk request here because now we can be sure
815 * the context is uptodate.
818 rc = sptlrpc_cli_wrap_bulk(req, req->rq_bulk);
823 switch (RPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
824 case SPTLRPC_SVC_NULL:
825 case SPTLRPC_SVC_AUTH:
826 case SPTLRPC_SVC_INTG:
827 LASSERT(ctx->cc_ops->sign);
828 rc = ctx->cc_ops->sign(ctx, req);
830 case SPTLRPC_SVC_PRIV:
831 LASSERT(ctx->cc_ops->seal);
832 rc = ctx->cc_ops->seal(ctx, req);
839 LASSERT(req->rq_reqdata_len);
840 LASSERT(req->rq_reqdata_len % 8 == 0);
841 LASSERT(req->rq_reqdata_len <= req->rq_reqbuf_len);
848 * rq_nob_received is the actual received data length
850 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req)
852 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
858 LASSERT(ctx->cc_sec);
859 LASSERT(ctx->cc_ops);
860 LASSERT(req->rq_repbuf);
862 req->rq_repdata_len = req->rq_nob_received;
864 if (req->rq_nob_received < sizeof(struct lustre_msg)) {
865 CERROR("replied data length %d too small\n",
866 req->rq_nob_received);
872 * v2 message, check request/reply policy match
874 rpc_flvr = WIRE_FLVR_RPC(req->rq_repbuf->lm_secflvr);
876 if (req->rq_repbuf->lm_magic == LUSTRE_MSG_MAGIC_V2_SWABBED)
877 __swab16s(&rpc_flvr);
879 if (RPC_FLVR_POLICY(rpc_flvr) !=
880 RPC_FLVR_POLICY(req->rq_flvr.sf_rpc)) {
881 CERROR("request policy was %u while reply with %u\n",
882 RPC_FLVR_POLICY(req->rq_flvr.sf_rpc),
883 RPC_FLVR_POLICY(rpc_flvr));
887 /* do nothing if it's null policy; otherwise unpack the
890 if (RPC_FLVR_POLICY(rpc_flvr) != SPTLRPC_POLICY_NULL &&
891 lustre_unpack_msg(req->rq_repbuf, req->rq_nob_received))
894 switch (RPC_FLVR_SVC(req->rq_flvr.sf_rpc)) {
895 case SPTLRPC_SVC_NULL:
896 case SPTLRPC_SVC_AUTH:
897 case SPTLRPC_SVC_INTG:
898 LASSERT(ctx->cc_ops->verify);
899 rc = ctx->cc_ops->verify(ctx, req);
901 case SPTLRPC_SVC_PRIV:
902 LASSERT(ctx->cc_ops->unseal);
903 rc = ctx->cc_ops->unseal(ctx, req);
909 LASSERT(rc || req->rq_repmsg || req->rq_resend);
913 /**************************************************
915 **************************************************/
918 * "fixed" sec (e.g. null) use sec_id < 0
920 static atomic_t sptlrpc_sec_id = ATOMIC_INIT(1);
922 int sptlrpc_get_next_secid(void)
924 return atomic_inc_return(&sptlrpc_sec_id);
926 EXPORT_SYMBOL(sptlrpc_get_next_secid);
928 /**************************************************
929 * client side high-level security APIs *
930 **************************************************/
932 static int sec_cop_flush_ctx_cache(struct ptlrpc_sec *sec, uid_t uid,
933 int grace, int force)
935 struct ptlrpc_sec_policy *policy = sec->ps_policy;
937 LASSERT(policy->sp_cops);
938 LASSERT(policy->sp_cops->flush_ctx_cache);
940 return policy->sp_cops->flush_ctx_cache(sec, uid, grace, force);
943 static void sec_cop_destroy_sec(struct ptlrpc_sec *sec)
945 struct ptlrpc_sec_policy *policy = sec->ps_policy;
947 LASSERT(atomic_read(&sec->ps_refcount) == 0);
948 LASSERT(atomic_read(&sec->ps_nctx) == 0);
949 LASSERT(policy->sp_cops->destroy_sec);
951 CDEBUG(D_SEC, "%s@%p: being destroied\n", sec->ps_policy->sp_name, sec);
953 policy->sp_cops->destroy_sec(sec);
954 sptlrpc_policy_put(policy);
957 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec)
959 sec_cop_destroy_sec(sec);
961 EXPORT_SYMBOL(sptlrpc_sec_destroy);
963 static void sptlrpc_sec_kill(struct ptlrpc_sec *sec)
965 LASSERT(atomic_read(&sec->ps_refcount) > 0);
967 if (sec->ps_policy->sp_cops->kill_sec) {
968 sec->ps_policy->sp_cops->kill_sec(sec);
970 sec_cop_flush_ctx_cache(sec, -1, 1, 1);
974 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec)
977 LASSERT(atomic_read(&sec->ps_refcount) > 0);
978 atomic_inc(&sec->ps_refcount);
983 EXPORT_SYMBOL(sptlrpc_sec_get);
985 void sptlrpc_sec_put(struct ptlrpc_sec *sec)
988 LASSERT(atomic_read(&sec->ps_refcount) > 0);
990 if (atomic_dec_and_test(&sec->ps_refcount)) {
991 LASSERT(atomic_read(&sec->ps_nctx) == 0);
993 sptlrpc_gc_del_sec(sec);
994 sec_cop_destroy_sec(sec);
998 EXPORT_SYMBOL(sptlrpc_sec_put);
1001 * it's policy module responsible for taking refrence of import
1004 struct ptlrpc_sec * sptlrpc_sec_create(struct obd_import *imp,
1005 struct ptlrpc_svc_ctx *svc_ctx,
1006 struct sptlrpc_flavor *sf,
1007 enum lustre_sec_part sp)
1009 struct ptlrpc_sec_policy *policy;
1010 struct ptlrpc_sec *sec;
1014 LASSERT(imp->imp_dlm_fake == 1);
1016 CDEBUG(D_SEC, "%s %s: reverse sec using flavor %s\n",
1017 imp->imp_obd->obd_type->typ_name,
1018 imp->imp_obd->obd_name,
1019 sptlrpc_rpcflavor2name(sf->sf_rpc));
1021 policy = sptlrpc_policy_get(svc_ctx->sc_policy);
1022 sf->sf_flags |= PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
1024 LASSERT(imp->imp_dlm_fake == 0);
1026 CDEBUG(D_SEC, "%s %s: select security flavor %s\n",
1027 imp->imp_obd->obd_type->typ_name,
1028 imp->imp_obd->obd_name,
1029 sptlrpc_rpcflavor2name(sf->sf_rpc));
1031 policy = sptlrpc_rpcflavor2policy(sf->sf_rpc);
1033 CERROR("invalid flavor 0x%x\n", sf->sf_rpc);
1038 sec = policy->sp_cops->create_sec(imp, svc_ctx, sf);
1040 atomic_inc(&sec->ps_refcount);
1044 if (sec->ps_gc_interval && policy->sp_cops->gc_ctx)
1045 sptlrpc_gc_add_sec(sec);
1047 sptlrpc_policy_put(policy);
1053 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp)
1055 struct ptlrpc_sec *sec;
1057 spin_lock(&imp->imp_lock);
1058 sec = sptlrpc_sec_get(imp->imp_sec);
1059 spin_unlock(&imp->imp_lock);
1063 EXPORT_SYMBOL(sptlrpc_import_sec_ref);
1065 static void sptlrpc_import_sec_install(struct obd_import *imp,
1066 struct ptlrpc_sec *sec)
1068 struct ptlrpc_sec *old_sec;
1070 LASSERT(atomic_read(&sec->ps_refcount) > 0);
1072 spin_lock(&imp->imp_lock);
1073 old_sec = imp->imp_sec;
1075 spin_unlock(&imp->imp_lock);
1078 sptlrpc_sec_kill(old_sec);
1080 /* balance the ref taken by this import */
1081 sptlrpc_sec_put(old_sec);
1085 static void sptlrpc_import_sec_adapt_inplace(struct obd_import *imp,
1086 struct ptlrpc_sec *sec,
1087 struct sptlrpc_flavor *sf)
1089 if (sf->sf_bulk_ciph != sec->ps_flvr.sf_bulk_ciph ||
1090 sf->sf_bulk_hash != sec->ps_flvr.sf_bulk_hash) {
1091 CWARN("imp %p (%s->%s): changing bulk flavor %s/%s -> %s/%s\n",
1092 imp, imp->imp_obd->obd_name,
1093 obd_uuid2str(&imp->imp_connection->c_remote_uuid),
1094 sptlrpc_get_ciph_name(sec->ps_flvr.sf_bulk_ciph),
1095 sptlrpc_get_hash_name(sec->ps_flvr.sf_bulk_hash),
1096 sptlrpc_get_ciph_name(sf->sf_bulk_ciph),
1097 sptlrpc_get_hash_name(sf->sf_bulk_hash));
1099 spin_lock(&sec->ps_lock);
1100 sec->ps_flvr.sf_bulk_ciph = sf->sf_bulk_ciph;
1101 sec->ps_flvr.sf_bulk_hash = sf->sf_bulk_hash;
1102 spin_unlock(&sec->ps_lock);
1105 if (!equi(sf->sf_flags & PTLRPC_SEC_FL_UDESC,
1106 sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_UDESC)) {
1107 CWARN("imp %p (%s->%s): %s shipping user descriptor\n",
1108 imp, imp->imp_obd->obd_name,
1109 obd_uuid2str(&imp->imp_connection->c_remote_uuid),
1110 (sf->sf_flags & PTLRPC_SEC_FL_UDESC) ? "start" : "stop");
1112 spin_lock(&sec->ps_lock);
1113 sec->ps_flvr.sf_flags &= ~PTLRPC_SEC_FL_UDESC;
1114 sec->ps_flvr.sf_flags |= sf->sf_flags & PTLRPC_SEC_FL_UDESC;
1115 spin_unlock(&sec->ps_lock);
1120 * for normal import, @svc_ctx should be NULL and @rpc_flavor is ignored;
1121 * for reverse import, @svc_ctx and @rpc_flavor is from incoming request.
1123 int sptlrpc_import_sec_adapt(struct obd_import *imp,
1124 struct ptlrpc_svc_ctx *svc_ctx,
1127 struct ptlrpc_connection *conn;
1128 struct sptlrpc_flavor sf;
1129 struct ptlrpc_sec *sec, *newsec;
1130 enum lustre_sec_part sp;
1136 conn = imp->imp_connection;
1138 if (svc_ctx == NULL) {
1139 /* normal import, determine flavor from rule set */
1140 sptlrpc_rule_set_choose(&imp->imp_obd->u.cli.cl_sptlrpc_rset,
1141 LUSTRE_SP_ANY, conn->c_self, &sf);
1143 sp = imp->imp_obd->u.cli.cl_sec_part;
1145 /* reverse import, determine flavor from incoming reqeust */
1146 sf.sf_rpc = rpc_flavor;
1147 sf.sf_bulk_ciph = BULK_CIPH_ALG_NULL;
1148 sf.sf_bulk_hash = BULK_HASH_ALG_NULL;
1149 sf.sf_flags = PTLRPC_SEC_FL_REVERSE | PTLRPC_SEC_FL_ROOTONLY;
1151 sp = sptlrpc_target_sec_part(imp->imp_obd);
1154 sec = sptlrpc_import_sec_ref(imp);
1156 if (svc_ctx == NULL) {
1157 /* normal import, only check rpc flavor, if just bulk
1158 * flavor or flags changed, we can handle it on the fly
1159 * without switching sec. */
1160 if (sf.sf_rpc == sec->ps_flvr.sf_rpc) {
1161 sptlrpc_import_sec_adapt_inplace(imp, sec, &sf);
1167 /* reverse import, do not compare bulk flavor */
1168 if (sf.sf_rpc == sec->ps_flvr.sf_rpc) {
1174 CWARN("%simport %p (%s%s%s): changing flavor "
1175 "(%s, %s/%s) -> (%s, %s/%s)\n",
1176 svc_ctx ? "reverse " : "",
1177 imp, imp->imp_obd->obd_name,
1178 svc_ctx == NULL ? "->" : "<-",
1179 obd_uuid2str(&conn->c_remote_uuid),
1180 sptlrpc_rpcflavor2name(sec->ps_flvr.sf_rpc),
1181 sptlrpc_get_hash_name(sec->ps_flvr.sf_bulk_hash),
1182 sptlrpc_get_ciph_name(sec->ps_flvr.sf_bulk_ciph),
1183 sptlrpc_rpcflavor2name(sf.sf_rpc),
1184 sptlrpc_get_hash_name(sf.sf_bulk_hash),
1185 sptlrpc_get_ciph_name(sf.sf_bulk_ciph));
1187 CWARN("%simport %p (%s%s%s) netid %x: "
1188 "select initial flavor (%s, %s/%s)\n",
1189 svc_ctx == NULL ? "" : "reverse ",
1190 imp, imp->imp_obd->obd_name,
1191 svc_ctx == NULL ? "->" : "<-",
1192 obd_uuid2str(&conn->c_remote_uuid),
1193 LNET_NIDNET(conn->c_self),
1194 sptlrpc_rpcflavor2name(sf.sf_rpc),
1195 sptlrpc_get_hash_name(sf.sf_bulk_hash),
1196 sptlrpc_get_ciph_name(sf.sf_bulk_ciph));
1199 mutex_down(&imp->imp_sec_mutex);
1201 newsec = sptlrpc_sec_create(imp, svc_ctx, &sf, sp);
1203 sptlrpc_import_sec_install(imp, newsec);
1206 CERROR("%simport %p (%s): failed to create new sec\n",
1207 svc_ctx == NULL ? "" : "reverse ",
1208 imp, obd_uuid2str(&conn->c_remote_uuid));
1212 mutex_up(&imp->imp_sec_mutex);
1215 sptlrpc_sec_put(sec);
1219 void sptlrpc_import_sec_put(struct obd_import *imp)
1222 sptlrpc_sec_kill(imp->imp_sec);
1224 sptlrpc_sec_put(imp->imp_sec);
1225 imp->imp_sec = NULL;
1229 static void import_flush_ctx_common(struct obd_import *imp,
1230 uid_t uid, int grace, int force)
1232 struct ptlrpc_sec *sec;
1237 sec = sptlrpc_import_sec_ref(imp);
1241 sec_cop_flush_ctx_cache(sec, uid, grace, force);
1242 sptlrpc_sec_put(sec);
1245 void sptlrpc_import_inval_all_ctx(struct obd_import *imp)
1247 /* use grace == 0 */
1248 import_flush_ctx_common(imp, -1, 0, 1);
1251 void sptlrpc_import_flush_root_ctx(struct obd_import *imp)
1253 /* it's important to use grace mode, see explain in
1254 * sptlrpc_req_refresh_ctx() */
1255 import_flush_ctx_common(imp, 0, 1, 1);
1258 void sptlrpc_import_flush_my_ctx(struct obd_import *imp)
1260 import_flush_ctx_common(imp, cfs_current()->uid, 1, 1);
1262 EXPORT_SYMBOL(sptlrpc_import_flush_my_ctx);
1264 void sptlrpc_import_flush_all_ctx(struct obd_import *imp)
1266 import_flush_ctx_common(imp, -1, 1, 1);
1268 EXPORT_SYMBOL(sptlrpc_import_flush_all_ctx);
1271 * when complete successfully, req->rq_reqmsg should point to the
1274 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize)
1276 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1277 struct ptlrpc_sec_policy *policy;
1281 LASSERT(atomic_read(&ctx->cc_refcount));
1282 LASSERT(ctx->cc_sec);
1283 LASSERT(ctx->cc_sec->ps_policy);
1284 LASSERT(req->rq_reqmsg == NULL);
1286 policy = ctx->cc_sec->ps_policy;
1287 rc = policy->sp_cops->alloc_reqbuf(ctx->cc_sec, req, msgsize);
1289 LASSERT(req->rq_reqmsg);
1290 LASSERT(req->rq_reqbuf || req->rq_clrbuf);
1292 /* zeroing preallocated buffer */
1294 memset(req->rq_reqmsg, 0, msgsize);
1300 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req)
1302 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1303 struct ptlrpc_sec_policy *policy;
1306 LASSERT(atomic_read(&ctx->cc_refcount));
1307 LASSERT(ctx->cc_sec);
1308 LASSERT(ctx->cc_sec->ps_policy);
1310 if (req->rq_reqbuf == NULL && req->rq_clrbuf == NULL)
1313 policy = ctx->cc_sec->ps_policy;
1314 policy->sp_cops->free_reqbuf(ctx->cc_sec, req);
1318 * NOTE caller must guarantee the buffer size is enough for the enlargement
1320 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
1321 int segment, int newsize)
1324 int oldsize, oldmsg_size, movesize;
1326 LASSERT(segment < msg->lm_bufcount);
1327 LASSERT(msg->lm_buflens[segment] <= newsize);
1329 if (msg->lm_buflens[segment] == newsize)
1332 /* nothing to do if we are enlarging the last segment */
1333 if (segment == msg->lm_bufcount - 1) {
1334 msg->lm_buflens[segment] = newsize;
1338 oldsize = msg->lm_buflens[segment];
1340 src = lustre_msg_buf(msg, segment + 1, 0);
1341 msg->lm_buflens[segment] = newsize;
1342 dst = lustre_msg_buf(msg, segment + 1, 0);
1343 msg->lm_buflens[segment] = oldsize;
1345 /* move from segment + 1 to end segment */
1346 LASSERT(msg->lm_magic == LUSTRE_MSG_MAGIC_V2);
1347 oldmsg_size = lustre_msg_size_v2(msg->lm_bufcount, msg->lm_buflens);
1348 movesize = oldmsg_size - ((unsigned long) src - (unsigned long) msg);
1349 LASSERT(movesize >= 0);
1352 memmove(dst, src, movesize);
1354 /* note we don't clear the ares where old data live, not secret */
1356 /* finally set new segment size */
1357 msg->lm_buflens[segment] = newsize;
1359 EXPORT_SYMBOL(_sptlrpc_enlarge_msg_inplace);
1362 * enlarge @segment of upper message req->rq_reqmsg to @newsize, all data
1363 * will be preserved after enlargement. this must be called after rq_reqmsg has
1364 * been intialized at least.
1366 * caller's attention: upon return, rq_reqmsg and rq_reqlen might have
1369 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
1370 int segment, int newsize)
1372 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1373 struct ptlrpc_sec_cops *cops;
1374 struct lustre_msg *msg = req->rq_reqmsg;
1378 LASSERT(msg->lm_bufcount > segment);
1379 LASSERT(msg->lm_buflens[segment] <= newsize);
1381 if (msg->lm_buflens[segment] == newsize)
1384 cops = ctx->cc_sec->ps_policy->sp_cops;
1385 LASSERT(cops->enlarge_reqbuf);
1386 return cops->enlarge_reqbuf(ctx->cc_sec, req, segment, newsize);
1388 EXPORT_SYMBOL(sptlrpc_cli_enlarge_reqbuf);
1390 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize)
1392 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1393 struct ptlrpc_sec_policy *policy;
1397 LASSERT(atomic_read(&ctx->cc_refcount));
1398 LASSERT(ctx->cc_sec);
1399 LASSERT(ctx->cc_sec->ps_policy);
1404 policy = ctx->cc_sec->ps_policy;
1405 RETURN(policy->sp_cops->alloc_repbuf(ctx->cc_sec, req, msgsize));
1408 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req)
1410 struct ptlrpc_cli_ctx *ctx = req->rq_cli_ctx;
1411 struct ptlrpc_sec_policy *policy;
1415 LASSERT(atomic_read(&ctx->cc_refcount));
1416 LASSERT(ctx->cc_sec);
1417 LASSERT(ctx->cc_sec->ps_policy);
1419 if (req->rq_repbuf == NULL)
1421 LASSERT(req->rq_repbuf_len);
1423 policy = ctx->cc_sec->ps_policy;
1424 policy->sp_cops->free_repbuf(ctx->cc_sec, req);
1428 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
1429 struct ptlrpc_cli_ctx *ctx)
1431 struct ptlrpc_sec_policy *policy = ctx->cc_sec->ps_policy;
1433 if (!policy->sp_cops->install_rctx)
1435 return policy->sp_cops->install_rctx(imp, ctx->cc_sec, ctx);
1438 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
1439 struct ptlrpc_svc_ctx *ctx)
1441 struct ptlrpc_sec_policy *policy = ctx->sc_policy;
1443 if (!policy->sp_sops->install_rctx)
1445 return policy->sp_sops->install_rctx(imp, ctx);
1448 /****************************************
1449 * server side security *
1450 ****************************************/
1452 static int flavor_allowed(struct sptlrpc_flavor *exp,
1453 struct ptlrpc_request *req)
1455 struct sptlrpc_flavor *flvr = &req->rq_flvr;
1457 if (exp->sf_rpc == flvr->sf_rpc)
1460 if ((req->rq_ctx_init || req->rq_ctx_fini) &&
1461 RPC_FLVR_POLICY(exp->sf_rpc) == RPC_FLVR_POLICY(flvr->sf_rpc) &&
1462 RPC_FLVR_MECH(exp->sf_rpc) == RPC_FLVR_MECH(flvr->sf_rpc))
1468 #define EXP_FLVR_UPDATE_EXPIRE (OBD_TIMEOUT_DEFAULT + 10)
1470 int sptlrpc_target_export_check(struct obd_export *exp,
1471 struct ptlrpc_request *req)
1473 struct sptlrpc_flavor flavor;
1478 /* client side export has no imp_reverse, skip
1479 * FIXME maybe we should check flavor this as well??? */
1480 if (exp->exp_imp_reverse == NULL)
1483 /* don't care about ctx fini rpc */
1484 if (req->rq_ctx_fini)
1487 spin_lock(&exp->exp_lock);
1489 /* if flavor just changed (exp->exp_flvr_changed != 0), we wait for
1490 * the first req with the new flavor, then treat it as current flavor,
1491 * adapt reverse sec according to it.
1492 * note the first rpc with new flavor might not be with root ctx, in
1493 * which case delay the sec_adapt by leaving exp_flvr_adapt == 1. */
1494 if (unlikely(exp->exp_flvr_changed) &&
1495 flavor_allowed(&exp->exp_flvr_old[1], req)) {
1496 /* make the new flavor as "current", and old ones as
1497 * about-to-expire */
1498 CDEBUG(D_SEC, "exp %p: just changed: %x->%x\n", exp,
1499 exp->exp_flvr.sf_rpc, exp->exp_flvr_old[1].sf_rpc);
1500 flavor = exp->exp_flvr_old[1];
1501 exp->exp_flvr_old[1] = exp->exp_flvr_old[0];
1502 exp->exp_flvr_expire[1] = exp->exp_flvr_expire[0];
1503 exp->exp_flvr_old[0] = exp->exp_flvr;
1504 exp->exp_flvr_expire[0] = cfs_time_current_sec() +
1505 EXP_FLVR_UPDATE_EXPIRE;
1506 exp->exp_flvr = flavor;
1508 /* flavor change finished */
1509 exp->exp_flvr_changed = 0;
1510 LASSERT(exp->exp_flvr_adapt == 1);
1512 /* if it's gss, we only interested in root ctx init */
1513 if (req->rq_auth_gss &&
1514 !(req->rq_ctx_init && (req->rq_auth_usr_root ||
1515 req->rq_auth_usr_mdt))) {
1516 spin_unlock(&exp->exp_lock);
1517 CDEBUG(D_SEC, "is good but not root(%d:%d:%d:%d)\n",
1518 req->rq_auth_gss, req->rq_ctx_init,
1519 req->rq_auth_usr_root, req->rq_auth_usr_mdt);
1523 exp->exp_flvr_adapt = 0;
1524 spin_unlock(&exp->exp_lock);
1526 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1527 req->rq_svc_ctx, flavor.sf_rpc);
1530 /* if it equals to the current flavor, we accept it, but need to
1531 * dealing with reverse sec/ctx */
1532 if (likely(flavor_allowed(&exp->exp_flvr, req))) {
1533 /* most cases should return here, we only interested in
1534 * gss root ctx init */
1535 if (!req->rq_auth_gss || !req->rq_ctx_init ||
1536 (!req->rq_auth_usr_root && !req->rq_auth_usr_mdt)) {
1537 spin_unlock(&exp->exp_lock);
1541 /* if flavor just changed, we should not proceed, just leave
1542 * it and current flavor will be discovered and replaced
1543 * shortly, and let _this_ rpc pass through */
1544 if (exp->exp_flvr_changed) {
1545 LASSERT(exp->exp_flvr_adapt);
1546 spin_unlock(&exp->exp_lock);
1550 if (exp->exp_flvr_adapt) {
1551 exp->exp_flvr_adapt = 0;
1552 CDEBUG(D_SEC, "exp %p (%x|%x|%x): do delayed adapt\n",
1553 exp, exp->exp_flvr.sf_rpc,
1554 exp->exp_flvr_old[0].sf_rpc,
1555 exp->exp_flvr_old[1].sf_rpc);
1556 flavor = exp->exp_flvr;
1557 spin_unlock(&exp->exp_lock);
1559 return sptlrpc_import_sec_adapt(exp->exp_imp_reverse,
1563 CDEBUG(D_SEC, "exp %p (%x|%x|%x): is current flavor, "
1564 "install rvs ctx\n", exp, exp->exp_flvr.sf_rpc,
1565 exp->exp_flvr_old[0].sf_rpc,
1566 exp->exp_flvr_old[1].sf_rpc);
1567 spin_unlock(&exp->exp_lock);
1569 return sptlrpc_svc_install_rvs_ctx(exp->exp_imp_reverse,
1574 if (exp->exp_flvr_expire[0]) {
1575 if (exp->exp_flvr_expire[0] >= cfs_time_current_sec()) {
1576 if (flavor_allowed(&exp->exp_flvr_old[0], req)) {
1577 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
1578 "middle one ("CFS_DURATION_T")\n", exp,
1579 exp->exp_flvr.sf_rpc,
1580 exp->exp_flvr_old[0].sf_rpc,
1581 exp->exp_flvr_old[1].sf_rpc,
1582 exp->exp_flvr_expire[0] -
1583 cfs_time_current_sec());
1584 spin_unlock(&exp->exp_lock);
1588 CDEBUG(D_SEC, "mark middle expired\n");
1589 exp->exp_flvr_expire[0] = 0;
1591 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match middle\n", exp,
1592 exp->exp_flvr.sf_rpc,
1593 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1594 req->rq_flvr.sf_rpc);
1597 /* now it doesn't match the current flavor, the only chance we can
1598 * accept it is match the old flavors which is not expired. */
1599 if (exp->exp_flvr_changed == 0 && exp->exp_flvr_expire[1]) {
1600 if (exp->exp_flvr_expire[1] >= cfs_time_current_sec()) {
1601 if (flavor_allowed(&exp->exp_flvr_old[1], req)) {
1602 CDEBUG(D_SEC, "exp %p (%x|%x|%x): match the "
1603 "oldest one ("CFS_DURATION_T")\n", exp,
1604 exp->exp_flvr.sf_rpc,
1605 exp->exp_flvr_old[0].sf_rpc,
1606 exp->exp_flvr_old[1].sf_rpc,
1607 exp->exp_flvr_expire[1] -
1608 cfs_time_current_sec());
1609 spin_unlock(&exp->exp_lock);
1613 CDEBUG(D_SEC, "mark oldest expired\n");
1614 exp->exp_flvr_expire[1] = 0;
1616 CDEBUG(D_SEC, "exp %p (%x|%x|%x): %x not match found\n",
1617 exp, exp->exp_flvr.sf_rpc,
1618 exp->exp_flvr_old[0].sf_rpc, exp->exp_flvr_old[1].sf_rpc,
1619 req->rq_flvr.sf_rpc);
1621 CDEBUG(D_SEC, "exp %p (%x|%x|%x): skip the last one\n",
1622 exp, exp->exp_flvr.sf_rpc, exp->exp_flvr_old[0].sf_rpc,
1623 exp->exp_flvr_old[1].sf_rpc);
1626 spin_unlock(&exp->exp_lock);
1628 CWARN("req %p: (%u|%u|%u|%u|%u) with unauthorized flavor %x\n",
1629 req, req->rq_auth_gss, req->rq_ctx_init, req->rq_ctx_fini,
1630 req->rq_auth_usr_root, req->rq_auth_usr_mdt, req->rq_flvr.sf_rpc);
1634 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
1635 struct sptlrpc_rule_set *rset)
1637 struct obd_export *exp;
1638 struct sptlrpc_flavor new_flvr;
1642 spin_lock(&obd->obd_dev_lock);
1644 list_for_each_entry(exp, &obd->obd_exports, exp_obd_chain) {
1645 if (exp->exp_connection == NULL)
1648 /* note if this export had just been updated flavor
1649 * (exp_flvr_changed == 1), this will override the
1651 spin_lock(&exp->exp_lock);
1652 sptlrpc_rule_set_choose(rset, exp->exp_sp_peer,
1653 exp->exp_connection->c_peer.nid,
1655 if (exp->exp_flvr_changed ||
1656 memcmp(&new_flvr, &exp->exp_flvr, sizeof(new_flvr))) {
1657 exp->exp_flvr_old[1] = new_flvr;
1658 exp->exp_flvr_expire[1] = 0;
1659 exp->exp_flvr_changed = 1;
1660 exp->exp_flvr_adapt = 1;
1661 CDEBUG(D_SEC, "exp %p (%s): updated flavor %x->%x\n",
1662 exp, sptlrpc_part2name(exp->exp_sp_peer),
1663 exp->exp_flvr.sf_rpc,
1664 exp->exp_flvr_old[1].sf_rpc);
1666 spin_unlock(&exp->exp_lock);
1669 spin_unlock(&obd->obd_dev_lock);
1671 EXPORT_SYMBOL(sptlrpc_target_update_exp_flavor);
1673 static int sptlrpc_svc_check_from(struct ptlrpc_request *req, int svc_rc)
1675 if (svc_rc == SECSVC_DROP)
1678 switch (req->rq_sp_from) {
1686 DEBUG_REQ(D_ERROR, req, "invalid source %u", req->rq_sp_from);
1690 if (!req->rq_auth_gss)
1693 if (unlikely(req->rq_sp_from == LUSTRE_SP_ANY)) {
1694 CERROR("not specific part\n");
1698 /* from MDT, must be authenticated as MDT */
1699 if (unlikely(req->rq_sp_from == LUSTRE_SP_MDT &&
1700 !req->rq_auth_usr_mdt)) {
1701 DEBUG_REQ(D_ERROR, req, "fake source MDT");
1705 /* from OST, must be callback to MDT and CLI, the reverse sec
1706 * was from mdt/root keytab, so it should be MDT or root FIXME */
1707 if (unlikely(req->rq_sp_from == LUSTRE_SP_OST &&
1708 !req->rq_auth_usr_mdt && !req->rq_auth_usr_root)) {
1709 DEBUG_REQ(D_ERROR, req, "fake source OST");
1716 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req)
1718 struct ptlrpc_sec_policy *policy;
1719 struct lustre_msg *msg = req->rq_reqbuf;
1724 LASSERT(req->rq_reqmsg == NULL);
1725 LASSERT(req->rq_repmsg == NULL);
1727 req->rq_sp_from = LUSTRE_SP_ANY;
1728 req->rq_auth_uid = INVALID_UID;
1729 req->rq_auth_mapped_uid = INVALID_UID;
1731 if (req->rq_reqdata_len < sizeof(struct lustre_msg)) {
1732 CERROR("request size %d too small\n", req->rq_reqdata_len);
1733 RETURN(SECSVC_DROP);
1739 if (msg->lm_magic == LUSTRE_MSG_MAGIC_V2)
1740 req->rq_flvr.sf_rpc = WIRE_FLVR_RPC(msg->lm_secflvr);
1742 req->rq_flvr.sf_rpc = WIRE_FLVR_RPC(__swab32(msg->lm_secflvr));
1744 /* unpack the wrapper message if the policy is not null */
1745 if ((RPC_FLVR_POLICY(req->rq_flvr.sf_rpc) != SPTLRPC_POLICY_NULL) &&
1746 lustre_unpack_msg(msg, req->rq_reqdata_len))
1747 RETURN(SECSVC_DROP);
1749 policy = sptlrpc_rpcflavor2policy(req->rq_flvr.sf_rpc);
1751 CERROR("unsupported rpc flavor %x\n", req->rq_flvr.sf_rpc);
1752 RETURN(SECSVC_DROP);
1755 LASSERT(policy->sp_sops->accept);
1756 rc = policy->sp_sops->accept(req);
1758 LASSERT(req->rq_reqmsg || rc != SECSVC_OK);
1759 sptlrpc_policy_put(policy);
1761 /* sanity check for the request source */
1762 rc = sptlrpc_svc_check_from(req, rc);
1764 /* FIXME move to proper place */
1765 if (rc == SECSVC_OK) {
1766 __u32 opc = lustre_msg_get_opc(req->rq_reqmsg);
1768 if (opc == OST_WRITE)
1769 req->rq_bulk_write = 1;
1770 else if (opc == OST_READ)
1771 req->rq_bulk_read = 1;
1774 LASSERT(req->rq_svc_ctx || rc == SECSVC_DROP);
1778 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req,
1781 struct ptlrpc_sec_policy *policy;
1782 struct ptlrpc_reply_state *rs;
1786 LASSERT(req->rq_svc_ctx);
1787 LASSERT(req->rq_svc_ctx->sc_policy);
1789 policy = req->rq_svc_ctx->sc_policy;
1790 LASSERT(policy->sp_sops->alloc_rs);
1792 rc = policy->sp_sops->alloc_rs(req, msglen);
1793 if (unlikely(rc == -ENOMEM)) {
1794 /* failed alloc, try emergency pool */
1795 rs = lustre_get_emerg_rs(req->rq_rqbd->rqbd_service);
1799 req->rq_reply_state = rs;
1800 rc = policy->sp_sops->alloc_rs(req, msglen);
1802 lustre_put_emerg_rs(rs);
1803 req->rq_reply_state = NULL;
1808 (req->rq_reply_state && req->rq_reply_state->rs_msg));
1813 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req)
1815 struct ptlrpc_sec_policy *policy;
1819 LASSERT(req->rq_svc_ctx);
1820 LASSERT(req->rq_svc_ctx->sc_policy);
1822 policy = req->rq_svc_ctx->sc_policy;
1823 LASSERT(policy->sp_sops->authorize);
1825 rc = policy->sp_sops->authorize(req);
1826 LASSERT(rc || req->rq_reply_state->rs_repdata_len);
1831 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs)
1833 struct ptlrpc_sec_policy *policy;
1834 unsigned int prealloc;
1837 LASSERT(rs->rs_svc_ctx);
1838 LASSERT(rs->rs_svc_ctx->sc_policy);
1840 policy = rs->rs_svc_ctx->sc_policy;
1841 LASSERT(policy->sp_sops->free_rs);
1843 prealloc = rs->rs_prealloc;
1844 policy->sp_sops->free_rs(rs);
1847 lustre_put_emerg_rs(rs);
1851 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req)
1853 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
1858 LASSERT(atomic_read(&ctx->sc_refcount) > 0);
1859 atomic_inc(&ctx->sc_refcount);
1862 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req)
1864 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
1869 LASSERT(atomic_read(&ctx->sc_refcount) > 0);
1870 if (atomic_dec_and_test(&ctx->sc_refcount)) {
1871 if (ctx->sc_policy->sp_sops->free_ctx)
1872 ctx->sc_policy->sp_sops->free_ctx(ctx);
1874 req->rq_svc_ctx = NULL;
1877 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req)
1879 struct ptlrpc_svc_ctx *ctx = req->rq_svc_ctx;
1884 LASSERT(atomic_read(&ctx->sc_refcount) > 0);
1885 if (ctx->sc_policy->sp_sops->invalidate_ctx)
1886 ctx->sc_policy->sp_sops->invalidate_ctx(ctx);
1888 EXPORT_SYMBOL(sptlrpc_svc_ctx_invalidate);
1890 /****************************************
1892 ****************************************/
1894 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
1895 struct ptlrpc_bulk_desc *desc)
1897 struct ptlrpc_cli_ctx *ctx;
1899 if (!req->rq_pack_bulk)
1902 LASSERT(req->rq_bulk_read || req->rq_bulk_write);
1904 ctx = req->rq_cli_ctx;
1905 if (ctx->cc_ops->wrap_bulk)
1906 return ctx->cc_ops->wrap_bulk(ctx, req, desc);
1909 EXPORT_SYMBOL(sptlrpc_cli_wrap_bulk);
1912 void pga_to_bulk_desc(int nob, obd_count pg_count, struct brw_page **pga,
1913 struct ptlrpc_bulk_desc *desc)
1920 for (i = 0; i < pg_count && nob > 0; i++) {
1922 desc->bd_iov[i].kiov_page = pga[i]->pg;
1923 desc->bd_iov[i].kiov_len = pga[i]->count > nob ?
1924 nob : pga[i]->count;
1925 desc->bd_iov[i].kiov_offset = pga[i]->off & ~CFS_PAGE_MASK;
1927 #warning FIXME for liblustre!
1928 desc->bd_iov[i].iov_base = pga[i]->pg->addr;
1929 desc->bd_iov[i].iov_len = pga[i]->count > nob ?
1930 nob : pga[i]->count;
1933 desc->bd_iov_count++;
1934 nob -= pga[i]->count;
1938 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
1939 int nob, obd_count pg_count,
1940 struct brw_page **pga)
1942 struct ptlrpc_bulk_desc *desc;
1943 struct ptlrpc_cli_ctx *ctx;
1946 if (!req->rq_pack_bulk)
1949 LASSERT(req->rq_bulk_read && !req->rq_bulk_write);
1951 OBD_ALLOC(desc, offsetof(struct ptlrpc_bulk_desc, bd_iov[pg_count]));
1953 CERROR("out of memory, can't verify bulk read data\n");
1957 pga_to_bulk_desc(nob, pg_count, pga, desc);
1959 ctx = req->rq_cli_ctx;
1960 if (ctx->cc_ops->unwrap_bulk)
1961 rc = ctx->cc_ops->unwrap_bulk(ctx, req, desc);
1963 OBD_FREE(desc, offsetof(struct ptlrpc_bulk_desc, bd_iov[pg_count]));
1967 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_read);
1969 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
1970 struct ptlrpc_bulk_desc *desc)
1972 struct ptlrpc_cli_ctx *ctx;
1974 if (!req->rq_pack_bulk)
1977 LASSERT(!req->rq_bulk_read && req->rq_bulk_write);
1979 ctx = req->rq_cli_ctx;
1980 if (ctx->cc_ops->unwrap_bulk)
1981 return ctx->cc_ops->unwrap_bulk(ctx, req, desc);
1985 EXPORT_SYMBOL(sptlrpc_cli_unwrap_bulk_write);
1987 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
1988 struct ptlrpc_bulk_desc *desc)
1990 struct ptlrpc_svc_ctx *ctx;
1992 if (!req->rq_pack_bulk)
1995 LASSERT(req->rq_bulk_read || req->rq_bulk_write);
1997 ctx = req->rq_svc_ctx;
1998 if (ctx->sc_policy->sp_sops->wrap_bulk)
1999 return ctx->sc_policy->sp_sops->wrap_bulk(req, desc);
2003 EXPORT_SYMBOL(sptlrpc_svc_wrap_bulk);
2005 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
2006 struct ptlrpc_bulk_desc *desc)
2008 struct ptlrpc_svc_ctx *ctx;
2010 if (!req->rq_pack_bulk)
2013 LASSERT(req->rq_bulk_read || req->rq_bulk_write);
2015 ctx = req->rq_svc_ctx;
2016 if (ctx->sc_policy->sp_sops->unwrap_bulk);
2017 return ctx->sc_policy->sp_sops->unwrap_bulk(req, desc);
2021 EXPORT_SYMBOL(sptlrpc_svc_unwrap_bulk);
2024 /****************************************
2025 * user descriptor helpers *
2026 ****************************************/
2028 int sptlrpc_current_user_desc_size(void)
2033 ngroups = current_ngroups;
2035 if (ngroups > LUSTRE_MAX_GROUPS)
2036 ngroups = LUSTRE_MAX_GROUPS;
2040 return sptlrpc_user_desc_size(ngroups);
2042 EXPORT_SYMBOL(sptlrpc_current_user_desc_size);
2044 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset)
2046 struct ptlrpc_user_desc *pud;
2048 pud = lustre_msg_buf(msg, offset, 0);
2050 pud->pud_uid = cfs_current()->uid;
2051 pud->pud_gid = cfs_current()->gid;
2052 pud->pud_fsuid = cfs_current()->fsuid;
2053 pud->pud_fsgid = cfs_current()->fsgid;
2054 pud->pud_cap = cfs_current()->cap_effective;
2055 pud->pud_ngroups = (msg->lm_buflens[offset] - sizeof(*pud)) / 4;
2059 if (pud->pud_ngroups > current_ngroups)
2060 pud->pud_ngroups = current_ngroups;
2061 memcpy(pud->pud_groups, cfs_current()->group_info->blocks[0],
2062 pud->pud_ngroups * sizeof(__u32));
2063 task_unlock(current);
2068 EXPORT_SYMBOL(sptlrpc_pack_user_desc);
2070 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset)
2072 struct ptlrpc_user_desc *pud;
2075 pud = lustre_msg_buf(msg, offset, sizeof(*pud));
2079 if (lustre_msg_swabbed(msg)) {
2080 __swab32s(&pud->pud_uid);
2081 __swab32s(&pud->pud_gid);
2082 __swab32s(&pud->pud_fsuid);
2083 __swab32s(&pud->pud_fsgid);
2084 __swab32s(&pud->pud_cap);
2085 __swab32s(&pud->pud_ngroups);
2088 if (pud->pud_ngroups > LUSTRE_MAX_GROUPS) {
2089 CERROR("%u groups is too large\n", pud->pud_ngroups);
2093 if (sizeof(*pud) + pud->pud_ngroups * sizeof(__u32) >
2094 msg->lm_buflens[offset]) {
2095 CERROR("%u groups are claimed but bufsize only %u\n",
2096 pud->pud_ngroups, msg->lm_buflens[offset]);
2100 if (lustre_msg_swabbed(msg)) {
2101 for (i = 0; i < pud->pud_ngroups; i++)
2102 __swab32s(&pud->pud_groups[i]);
2107 EXPORT_SYMBOL(sptlrpc_unpack_user_desc);
2109 /****************************************
2111 ****************************************/
2113 const char * sec2target_str(struct ptlrpc_sec *sec)
2115 if (!sec || !sec->ps_import || !sec->ps_import->imp_obd)
2117 if (sec_is_reverse(sec))
2119 return obd_uuid2str(&sec->ps_import->imp_obd->u.cli.cl_target_uuid);
2121 EXPORT_SYMBOL(sec2target_str);
2123 /****************************************
2124 * crypto API helper/alloc blkciper *
2125 ****************************************/
2128 #ifndef HAVE_ASYNC_BLOCK_CIPHER
2129 struct ll_crypto_cipher *ll_crypto_alloc_blkcipher(const char * algname,
2132 char buf[CRYPTO_MAX_ALG_NAME + 1];
2133 const char *pan = algname;
2136 if (strncmp("cbc(", algname, 4) == 0)
2137 flag |= CRYPTO_TFM_MODE_CBC;
2138 else if (strncmp("ecb(", algname, 4) == 0)
2139 flag |= CRYPTO_TFM_MODE_ECB;
2141 char *vp = strnchr(algname, CRYPTO_MAX_ALG_NAME, ')');
2143 memcpy(buf, algname + 4, vp - algname - 4);
2144 buf[vp - algname - 4] = '\0';
2150 return crypto_alloc_tfm(pan, flag);
2152 EXPORT_SYMBOL(ll_crypto_alloc_blkcipher);
2156 /****************************************
2157 * initialize/finalize *
2158 ****************************************/
2160 int __init sptlrpc_init(void)
2164 rc = sptlrpc_gc_start_thread();
2168 rc = sptlrpc_enc_pool_init();
2172 rc = sptlrpc_null_init();
2176 rc = sptlrpc_plain_init();
2180 rc = sptlrpc_lproc_init();
2187 sptlrpc_plain_fini();
2189 sptlrpc_null_fini();
2191 sptlrpc_enc_pool_fini();
2193 sptlrpc_gc_stop_thread();
2198 void __exit sptlrpc_fini(void)
2200 sptlrpc_lproc_fini();
2201 sptlrpc_plain_fini();
2202 sptlrpc_null_fini();
2203 sptlrpc_enc_pool_fini();
2204 sptlrpc_gc_stop_thread();
git://git.whamcloud.com / fs / lustre-release.git / blob