land b_hd_sec_client_oss onto HEAD.

[fs/lustre-release.git] / lustre / ldlm / ldlm_lib.c

diff --git a/lustre/ldlm/ldlm_lib.c b/lustre/ldlm/ldlm_lib.c
index d8028ea..a01334f 100644 (file)
--- a/lustre/ldlm/ldlm_lib.c
+++ b/lustre/ldlm/ldlm_lib.c
@@ -536,6 +536,54 @@ static inline int ptlrpc_peer_is_local(struct ptlrpc_peer *peer)
         return (memcmp(&peer->peer_id, &myid, sizeof(myid)) == 0);
 }
 
+/* To check whether the p_flavor is in deny list or not
+ * rc:
+ *      0           not found, pass
+ *      EPERM       found, refuse
+ */
+
+static int check_deny_list(struct list_head *head, ptlrpcs_flavor_t *p_flavor)
+{
+        deny_sec_t *p_deny_sec = NULL;
+        deny_sec_t *n_deny_sec = NULL;
+
+        list_for_each_entry_safe(p_deny_sec, n_deny_sec, head, list) {
+                if ((p_deny_sec->sec.flavor == p_flavor->flavor) &&
+                    (p_deny_sec->sec.subflavor == p_flavor->subflavor))
+                        return -EPERM;
+        }
+        return 0;
+}
+
+int target_check_deny_sec(struct obd_device *target, struct ptlrpc_request *req)
+{
+        struct gss_svc_data *svcdata;
+        ptlrpcs_flavor_t flavor;
+        int rc = 0;
+
+        /* XXX hacking */
+        svcdata = (struct gss_svc_data *) req->rq_sec_svcdata;
+        if (svcdata == NULL) {
+                flavor.flavor = PTLRPC_SEC_NULL;
+                flavor.subflavor = 0;
+        } else {
+                flavor.flavor = PTLRPC_SEC_GSS;
+                flavor.subflavor = svcdata->subflavor;
+        }
+
+        if (!strcmp(target->obd_type->typ_name, LUSTRE_MDS_NAME)) {
+                spin_lock(&target->u.mds.mds_denylist_lock);
+                rc = check_deny_list(&target->u.mds.mds_denylist, &flavor);
+                spin_unlock(&target->u.mds.mds_denylist_lock);
+        } else if (!strcmp(target->obd_type->typ_name, "obdfilter")) {
+                spin_lock(&target->u.filter.fo_denylist_lock);
+                rc = check_deny_list(&target->u.filter.fo_denylist, &flavor);
+                spin_unlock(&target->u.filter.fo_denylist_lock);
+        }
+
+        return rc;
+}
+
 int target_handle_connect(struct ptlrpc_request *req)
 {
         unsigned long connect_flags = 0, *cfp;
@@ -578,6 +626,11 @@ int target_handle_connect(struct ptlrpc_request *req)
                 GOTO(out, rc = -ENODEV);
         }
 
+        /* check the secure deny list of mds/ost */
+        rc = target_check_deny_sec(target, req);
+        if (rc != 0)
+                GOTO(out, rc);
+
         LASSERT_REQSWAB (req, offset + 1);
         str = lustre_msg_string(req->rq_reqmsg, offset + 1, sizeof(cluuid) - 1);
         if (str == NULL) {
@@ -1438,10 +1491,9 @@ int target_process_req_flags(struct obd_device *obd, struct ptlrpc_request *req)
                         exp->exp_req_replay_needed = 0;
                         atomic_dec(&obd->obd_req_replay_clients);
                         obd->obd_recoverable_clients--;
-                        if (atomic_read(&obd->obd_req_replay_clients) == 0) {
+                        if (atomic_read(&obd->obd_req_replay_clients) == 0)
                                 CDEBUG(D_HA, "all clients have replayed reqs\n");
-                                wake_up(&obd->obd_next_transno_waitq);
-                        }
+                        wake_up(&obd->obd_next_transno_waitq);
                 }
                 spin_unlock_bh(&obd->obd_processing_task_lock);
         }
@@ -1453,10 +1505,9 @@ int target_process_req_flags(struct obd_device *obd, struct ptlrpc_request *req)
                         LASSERT(atomic_read(&obd->obd_lock_replay_clients) > 0);
                         exp->exp_lock_replay_needed = 0;
                         atomic_dec(&obd->obd_lock_replay_clients);
-                        if (atomic_read(&obd->obd_lock_replay_clients) == 0) {
+                        if (atomic_read(&obd->obd_lock_replay_clients) == 0)
                                 CDEBUG(D_HA, "all clients have replayed locks\n");
-                                wake_up(&obd->obd_next_transno_waitq);
-                        }
+                        wake_up(&obd->obd_next_transno_waitq);
                 }
                 spin_unlock_bh(&obd->obd_processing_task_lock);
         }