lustre/sec/sec_null.c

   1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
   2  * vim:expandtab:shiftwidth=8:tabstop=8:
   3  *
   4  * Copyright (C) 2004 Cluster File Systems, Inc.
   5  *
   6  *   This file is part of Lustre, http://www.lustre.org.
   7  *
   8  *   Lustre is free software; you can redistribute it and/or
   9  *   modify it under the terms of version 2 of the GNU General Public
  10  *   License as published by the Free Software Foundation.
  11  *
  12  *   Lustre is distributed in the hope that it will be useful,
  13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *   GNU General Public License for more details.
  16  *
  17  *   You should have received a copy of the GNU General Public License
  18  *   along with Lustre; if not, write to the Free Software
  19  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20  */
  21
  22 #ifndef EXPORT_SYMTAB
  23 # define EXPORT_SYMTAB
  24 #endif
  25 #define DEBUG_SUBSYSTEM S_SEC
  26 #ifdef __KERNEL__
  27 #include <linux/init.h>
  28 #include <linux/module.h>
  29 #include <linux/slab.h>
  30 #else
  31 #include <liblustre.h>
  32 #endif
  33
  34 #include <libcfs/kp30.h>
  35 #include <linux/obd_support.h>
  36 #include <linux/lustre_net.h>
  37 #include <linux/lustre_sec.h>
  38
  39 static int null_cred_refresh(struct ptlrpc_cred *cred)
  40 {
  41         ENTRY;
  42         LASSERT(cred->pc_flags & PTLRPC_CRED_UPTODATE);
  43         RETURN(0);
  44 }
  45
  46 static int null_cred_match(struct ptlrpc_cred *cred,
  47                            struct vfs_cred *vcred)
  48 {
  49         ENTRY;
  50         RETURN(1);
  51 }
  52
  53 static int null_cred_sign(struct ptlrpc_cred *cred,
  54                           struct ptlrpc_request *req)
  55 {
  56         struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(req->rq_reqbuf);
  57         ENTRY;
  58
  59         hdr->sec_len = cpu_to_le32(0);
  60
  61         RETURN(0);
  62 }
  63
  64 static int null_cred_verify(struct ptlrpc_cred *cred,
  65                             struct ptlrpc_request *req)
  66 {
  67         struct ptlrpcs_wire_hdr *hdr = buf_to_sec_hdr(req->rq_repbuf);
  68
  69         if (hdr->sec_len != 0) {
  70                 CERROR("security payload %u not zero\n", hdr->sec_len);
  71                 RETURN(-EPROTO);
  72         }
  73
  74         req->rq_repmsg = (struct lustre_msg *)(hdr + 1);
  75         req->rq_replen = hdr->msg_len;
  76         CDEBUG(D_SEC, "set repmsg at %p, len %d\n",
  77                req->rq_repmsg, req->rq_replen);
  78
  79         RETURN(0);
  80 }
  81
  82 static void null_cred_destroy(struct ptlrpc_cred *cred)
  83 {
  84         LASSERT(!atomic_read(&cred->pc_refcount));
  85
  86         CDEBUG(D_SEC, "NULL_SEC: destroy cred %p\n", cred);
  87         OBD_FREE(cred, sizeof(*cred));
  88 }
  89
  90 static struct ptlrpc_credops null_credops = {
  91         .refresh        = null_cred_refresh,
  92         .match          = null_cred_match,
  93         .sign           = null_cred_sign,
  94         .verify         = null_cred_verify,
  95         .destroy        = null_cred_destroy,
  96 };
  97
  98 static
  99 struct ptlrpc_sec* null_create_sec(ptlrpcs_flavor_t *flavor,
 100                                    const char *pipe_dir,
 101                                    void *pipe_data)
 102 {
 103         struct ptlrpc_sec *sec;
 104         ENTRY;
 105
 106         LASSERT(flavor->flavor == PTLRPC_SEC_NULL);
 107
 108         OBD_ALLOC(sec, sizeof(*sec));
 109         if (!sec)
 110                 RETURN(ERR_PTR(-ENOMEM));
 111
 112         sec->ps_sectype = PTLRPC_SEC_TYPE_NONE;
 113         sec->ps_expire = (-1UL >> 1); /* never expire */
 114         sec->ps_nextgc = (-1UL >> 1);
 115         sec->ps_flags = 0;
 116
 117         CDEBUG(D_SEC, "Create NULL security module at %p\n", sec);
 118         RETURN(sec);
 119 }
 120
 121 static
 122 void null_destroy_sec(struct ptlrpc_sec *sec)
 123 {
 124         ENTRY;
 125
 126         CDEBUG(D_SEC, "Destroy NULL security module at %p\n", sec);
 127
 128         LASSERT(!atomic_read(&sec->ps_refcount));
 129         OBD_FREE(sec, sizeof(*sec));
 130         EXIT;
 131 }
 132
 133 static
 134 struct ptlrpc_cred* null_create_cred(struct ptlrpc_sec *sec,
 135                                      struct vfs_cred *vcred)
 136 {
 137         struct ptlrpc_cred *cred;
 138         ENTRY;
 139
 140         OBD_ALLOC(cred, sizeof(*cred));
 141         if (!cred)
 142                 RETURN(NULL);
 143
 144         INIT_LIST_HEAD(&cred->pc_hash);
 145         atomic_set(&cred->pc_refcount, 0);
 146         cred->pc_sec = sec;
 147         cred->pc_ops = &null_credops;
 148         cred->pc_expire = (-1UL >> 1); /* never expire */
 149         cred->pc_flags = PTLRPC_CRED_UPTODATE;
 150         cred->pc_pag = vcred->vc_pag;
 151         cred->pc_uid = vcred->vc_uid;
 152         CDEBUG(D_SEC, "create a null cred at %p("LPU64"/%u)\n",
 153                cred, vcred->vc_pag, vcred->vc_uid);
 154
 155         RETURN(cred);
 156 }
 157
 158 static struct ptlrpc_secops null_secops = {
 159         .create_sec     = null_create_sec,
 160         .destroy_sec    = null_destroy_sec,
 161         .create_cred    = null_create_cred,
 162 };
 163
 164 static struct ptlrpc_sec_type null_type = {
 165         .pst_owner      = THIS_MODULE,
 166         .pst_name       = "NULL_SEC",
 167         .pst_inst       = ATOMIC_INIT(0),
 168         .pst_flavor     = {PTLRPC_SEC_NULL, 0},
 169         .pst_ops        = &null_secops,
 170 };
 171
 172 int ptlrpcs_null_init(void)
 173 {
 174         int rc;
 175
 176         rc = ptlrpcs_register(&null_type);
 177         if (rc)
 178                 CERROR("failed to register NULL security: %d\n", rc);
 179
 180         return rc;
 181 }
 182
 183 int ptlrpcs_null_exit(void)
 184 {
 185         int rc;
 186
 187         rc = ptlrpcs_unregister(&null_type);
 188         if (rc)
 189                 CERROR("cannot unregister NULL security: %d\n", rc);
 190
 191         return rc;
 192 }