LU-3289 gss: Add two additional security flavors for sk

[fs/lustre-release.git] / lustre / include / lustre_sec.h

diff --git a/lustre/include/lustre_sec.h b/lustre/include/lustre_sec.h
index db2b553..306215a 100644 (file)
--- a/lustre/include/lustre_sec.h
+++ b/lustre/include/lustre_sec.h
@@ -54,6 +54,7 @@ struct brw_page;
 /* Linux specific */
 struct key;
 struct seq_file;
+struct lustre_cfg;
 
 /*
  * forward declaration
@@ -181,6 +182,10 @@ enum sptlrpc_bulk_service {
         MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
 #define SPTLRPC_SUBFLVR_KRB5P                                           \
         MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
+#define SPTLRPC_SUBFLVR_SKN                                             \
+       MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_NULL)
+#define SPTLRPC_SUBFLVR_SKA                                             \
+       MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_AUTH)
 #define SPTLRPC_SUBFLVR_SKI                                             \
        MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_INTG)
 #define SPTLRPC_SUBFLVR_SKPI                                            \
@@ -231,12 +236,24 @@ enum sptlrpc_bulk_service {
                   SPTLRPC_SVC_PRIV,                     \
                   SPTLRPC_BULK_DEFAULT,                 \
                   SPTLRPC_BULK_SVC_PRIV)
+#define SPTLRPC_FLVR_SKN                                \
+       MAKE_FLVR(SPTLRPC_POLICY_GSS,                   \
+                 SPTLRPC_MECH_GSS_SK,                  \
+                 SPTLRPC_SVC_NULL,                     \
+                 SPTLRPC_BULK_DEFAULT,                 \
+                 SPTLRPC_BULK_SVC_NULL)
+#define SPTLRPC_FLVR_SKA                                \
+       MAKE_FLVR(SPTLRPC_POLICY_GSS,                   \
+                 SPTLRPC_MECH_GSS_SK,                  \
+                 SPTLRPC_SVC_AUTH,                     \
+                 SPTLRPC_BULK_DEFAULT,                 \
+                 SPTLRPC_BULK_SVC_NULL)
 #define SPTLRPC_FLVR_SKI                                \
        MAKE_FLVR(SPTLRPC_POLICY_GSS,                   \
                  SPTLRPC_MECH_GSS_SK,                  \
                  SPTLRPC_SVC_INTG,                     \
                  SPTLRPC_BULK_DEFAULT,                 \
-                 SPTLRPC_BULK_SVC_PRIV)
+                 SPTLRPC_BULK_SVC_INTG)
 #define SPTLRPC_FLVR_SKPI                               \
        MAKE_FLVR(SPTLRPC_POLICY_GSS,                   \
                  SPTLRPC_MECH_GSS_SK,                  \
@@ -864,6 +881,20 @@ struct ptlrpc_sec {
        cfs_time_t                      ps_gc_next;     /* in seconds */
 };
 
+static inline int flvr_is_rootonly(__u32 flavor)
+{
+       return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS &&
+               (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL ||
+                SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK));
+}
+
+static inline int flvr_allows_user_desc(__u32 flavor)
+{
+       return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS &&
+               (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL ||
+                SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK));
+}
+
 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
 {
         return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);