*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; If not, see
- * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
- *
- * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
- * CA 95054 USA or visit www.sun.com if you need additional information or
- * have any questions.
+ * http://www.gnu.org/licenses/gpl-2.0.html
*
* GPL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
+ *
+ * Copyright (c) 2012, 2017, Intel Corporation.
*/
/*
* This file is part of Lustre, http://www.lustre.org/
struct ptlrpc_reply_state;
struct ptlrpc_bulk_desc;
struct brw_page;
+struct lu_env;
/* Linux specific */
struct key;
struct seq_file;
+struct lustre_cfg;
/*
* forward declaration
struct ptlrpc_svc_ctx;
struct ptlrpc_cli_ctx;
struct ptlrpc_ctx_ops;
+struct req_msg_field;
/**
* \addtogroup flavor flavor
enum sptlrpc_mech_gss {
SPTLRPC_MECH_GSS_NULL = 0,
SPTLRPC_MECH_GSS_KRB5 = 1,
+ SPTLRPC_MECH_GSS_SK = 2,
SPTLRPC_MECH_GSS_MAX,
};
((__u32)(mech) | \
((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
+#define SPTLRPC_SUBFLVR_GSSNULL \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_NULL, SPTLRPC_SVC_NULL)
#define SPTLRPC_SUBFLVR_KRB5N \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
#define SPTLRPC_SUBFLVR_KRB5A \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
#define SPTLRPC_SUBFLVR_KRB5P \
MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
+#define SPTLRPC_SUBFLVR_SKN \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_NULL)
+#define SPTLRPC_SUBFLVR_SKA \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_AUTH)
+#define SPTLRPC_SUBFLVR_SKI \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_INTG)
+#define SPTLRPC_SUBFLVR_SKPI \
+ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_SK, SPTLRPC_SVC_PRIV)
/*
* "end user" flavors
SPTLRPC_SVC_NULL, \
SPTLRPC_BULK_HASH, \
SPTLRPC_BULK_SVC_INTG)
+#define SPTLRPC_FLVR_GSSNULL \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_NULL, \
+ SPTLRPC_SVC_NULL, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_NULL)
#define SPTLRPC_FLVR_KRB5N \
MAKE_FLVR(SPTLRPC_POLICY_GSS, \
SPTLRPC_MECH_GSS_KRB5, \
SPTLRPC_SVC_PRIV, \
SPTLRPC_BULK_DEFAULT, \
SPTLRPC_BULK_SVC_PRIV)
+#define SPTLRPC_FLVR_SKN \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_NULL, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_NULL)
+#define SPTLRPC_FLVR_SKA \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_AUTH, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_NULL)
+#define SPTLRPC_FLVR_SKI \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_INTG, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_INTG)
+#define SPTLRPC_FLVR_SKPI \
+ MAKE_FLVR(SPTLRPC_POLICY_GSS, \
+ SPTLRPC_MECH_GSS_SK, \
+ SPTLRPC_SVC_PRIV, \
+ SPTLRPC_BULK_DEFAULT, \
+ SPTLRPC_BULK_SVC_PRIV)
#define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
void sptlrpc_conf_log_update_end(const char *logname);
void sptlrpc_conf_client_adapt(struct obd_device *obd);
int sptlrpc_conf_target_get_rules(struct obd_device *obd,
- struct sptlrpc_rule_set *rset,
- int initial);
+ struct sptlrpc_rule_set *rset);
void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
enum lustre_sec_part from,
lnet_nid_t nid,
PTLRPC_CTX_ERROR)
struct ptlrpc_cli_ctx {
- cfs_hlist_node_t cc_cache; /* linked into ctx cache */
- cfs_atomic_t cc_refcount;
- struct ptlrpc_sec *cc_sec;
- struct ptlrpc_ctx_ops *cc_ops;
- cfs_time_t cc_expire; /* in seconds */
- unsigned int cc_early_expire:1;
- unsigned long cc_flags;
- struct vfs_cred cc_vcred;
- cfs_spinlock_t cc_lock;
- cfs_list_t cc_req_list; /* waiting reqs linked here */
- cfs_list_t cc_gc_chain; /* linked to gc chain */
+ struct hlist_node cc_cache; /* linked into ctx cache */
+ atomic_t cc_refcount;
+ struct ptlrpc_sec *cc_sec;
+ struct ptlrpc_ctx_ops *cc_ops;
+ time64_t cc_expire; /* in seconds */
+ unsigned int cc_early_expire:1;
+ unsigned long cc_flags;
+ struct vfs_cred cc_vcred;
+ spinlock_t cc_lock;
+ struct list_head cc_req_list; /* waiting reqs linked here */
+ struct list_head cc_gc_chain; /* linked to gc chain */
};
/**
};
struct ptlrpc_sec_policy {
- cfs_module_t *sp_owner;
- char *sp_name;
- __u16 sp_policy; /* policy number */
- struct ptlrpc_sec_cops *sp_cops; /* client ops */
- struct ptlrpc_sec_sops *sp_sops; /* server ops */
+ struct module *sp_owner;
+ char *sp_name;
+ __u16 sp_policy; /* policy number */
+ struct ptlrpc_sec_cops *sp_cops; /* client ops */
+ struct ptlrpc_sec_sops *sp_sops; /* server ops */
};
#define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
* \see sptlrpc_import_sec_adapt().
*/
struct ptlrpc_sec {
- struct ptlrpc_sec_policy *ps_policy;
- cfs_atomic_t ps_refcount;
- /** statistic only */
- cfs_atomic_t ps_nctx;
- /** unique identifier */
- int ps_id;
+ struct ptlrpc_sec_policy *ps_policy;
+ atomic_t ps_refcount;
+ /** statistic only */
+ atomic_t ps_nctx;
+ /** unique identifier */
+ int ps_id;
struct sptlrpc_flavor ps_flvr;
enum lustre_sec_part ps_part;
/** after set, no more new context will be created */
unsigned int ps_dying:1;
/** owning import */
struct obd_import *ps_import;
- cfs_spinlock_t ps_lock;
-
- /*
- * garbage collection
- */
- cfs_list_t ps_gc_list;
- cfs_time_t ps_gc_interval; /* in seconds */
- cfs_time_t ps_gc_next; /* in seconds */
+ spinlock_t ps_lock;
+ /** mtime of SELinux policy file */
+ time_t ps_sepol_mtime;
+ /** next check time of SELinux policy file */
+ ktime_t ps_sepol_checknext;
+ /**
+ * SELinux policy info
+ * sepol string format is:
+ * <mode>:<policy name>:<policy version>:<policy hash>
+ */
+ char ps_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH
+ + 1];
+
+ /*
+ * garbage collection
+ */
+ struct list_head ps_gc_list;
+ time64_t ps_gc_interval; /* in seconds */
+ time64_t ps_gc_next; /* in seconds */
};
+static inline int flvr_is_rootonly(__u32 flavor)
+{
+ return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS &&
+ (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL ||
+ SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK));
+}
+
+static inline int flvr_allows_user_desc(__u32 flavor)
+{
+ return (SPTLRPC_FLVR_POLICY(flavor) == SPTLRPC_POLICY_GSS &&
+ (SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_NULL ||
+ SPTLRPC_FLVR_MECH(flavor) == SPTLRPC_MECH_GSS_SK));
+}
+
static inline int sec_is_reverse(struct ptlrpc_sec *sec)
{
return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
struct ptlrpc_svc_ctx {
- cfs_atomic_t sc_refcount;
- struct ptlrpc_sec_policy *sc_policy;
+ atomic_t sc_refcount;
+ struct ptlrpc_sec_policy *sc_policy;
};
/*
__u8 bsd_data[0]; /* policy-specific token */
};
-
-/*
- * lprocfs
- */
-struct proc_dir_entry;
-extern struct proc_dir_entry *sptlrpc_proc_root;
+extern struct dentry *sptlrpc_debugfs_dir;
+extern struct proc_dir_entry *sptlrpc_lprocfs_dir;
/*
* round size up to next power of 2, for slab allocation.
char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize);
-static inline
-struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
+static inline struct ptlrpc_sec_policy *
+sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
{
- __cfs_module_get(policy->sp_owner);
- return policy;
+ __module_get(policy->sp_owner);
+ return policy;
}
-static inline
-void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
+static inline void
+sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
{
- cfs_module_put(policy->sp_owner);
+ module_put(policy->sp_owner);
}
/*
int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
- int segment, int newsize);
+ const struct req_msg_field *field,
+ int newsize);
int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
struct ptlrpc_request **req_ret);
void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
void sptlrpc_request_out_callback(struct ptlrpc_request *req);
+int sptlrpc_get_sepol(struct ptlrpc_request *req);
/*
* exported higher interface of import & request
int sptlrpc_enc_pool_del_user(void);
int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
+int get_free_pages_in_pool(void);
+int pool_is_at_full_capacity(void);
int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
struct ptlrpc_bulk_desc *desc);
int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
-
-#define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
-#define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
-
-enum {
- LUSTRE_SEC_NONE = 0,
- LUSTRE_SEC_REMOTE = 1,
- LUSTRE_SEC_SPECIFY = 2,
- LUSTRE_SEC_ALL = 3
-};
-
/** @} sptlrpc */
#endif /* _LUSTRE_SEC_H_ */
git://git.whamcloud.com / fs / lustre-release.git / blobdiff