-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
* Modifications for Lustre
- * Copyright 2004 - 2006, Cluster File Systems, Inc.
- * All rights reserved
+ *
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Copyright (c) 2012, Intel Corporation.
+ *
* Author: Eric Mei <ericm@clusterfs.com>
*/
*
*/
-#ifndef EXPORT_SYMTAB
-# define EXPORT_SYMTAB
-#endif
#define DEBUG_SUBSYSTEM S_SEC
-#ifdef __KERNEL__
#include <linux/init.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/mutex.h>
-#else
-#include <liblustre.h>
-#endif
#include <obd.h>
#include <obd_class.h>
#include <obd_support.h>
-#include <lustre/lustre_idl.h>
#include <lustre_net.h>
#include <lustre_import.h>
#include <lustre_sec.h>
#include "gss_err.h"
#include "gss_internal.h"
#include "gss_api.h"
+#include "gss_crypto.h"
-static CFS_LIST_HEAD(registered_mechs);
-static spinlock_t registered_mechs_lock = SPIN_LOCK_UNLOCKED;
+static LIST_HEAD(registered_mechs);
+static DEFINE_SPINLOCK(registered_mechs_lock);
int lgss_mech_register(struct gss_api_mech *gm)
{
- spin_lock(®istered_mechs_lock);
- list_add(&gm->gm_list, ®istered_mechs);
- spin_unlock(®istered_mechs_lock);
- CWARN("Register %s mechanism\n", gm->gm_name);
- return 0;
+ spin_lock(®istered_mechs_lock);
+ list_add(&gm->gm_list, ®istered_mechs);
+ spin_unlock(®istered_mechs_lock);
+ CDEBUG(D_SEC, "register %s mechanism\n", gm->gm_name);
+ return 0;
}
void lgss_mech_unregister(struct gss_api_mech *gm)
{
- spin_lock(®istered_mechs_lock);
- list_del(&gm->gm_list);
- spin_unlock(®istered_mechs_lock);
- CWARN("Unregister %s mechanism\n", gm->gm_name);
+ spin_lock(®istered_mechs_lock);
+ list_del(&gm->gm_list);
+ spin_unlock(®istered_mechs_lock);
+ CDEBUG(D_SEC, "Unregister %s mechanism\n", gm->gm_name);
}
struct gss_api_mech *lgss_mech_get(struct gss_api_mech *gm)
{
- __module_get(gm->gm_owner);
- return gm;
+ __module_get(gm->gm_owner);
+ return gm;
}
struct gss_api_mech *lgss_name_to_mech(char *name)
{
- struct gss_api_mech *pos, *gm = NULL;
-
- spin_lock(®istered_mechs_lock);
- list_for_each_entry(pos, ®istered_mechs, gm_list) {
- if (0 == strcmp(name, pos->gm_name)) {
- if (!try_module_get(pos->gm_owner))
- continue;
- gm = pos;
- break;
- }
- }
- spin_unlock(®istered_mechs_lock);
- return gm;
+ struct gss_api_mech *pos, *gm = NULL;
+
+ spin_lock(®istered_mechs_lock);
+ list_for_each_entry(pos, ®istered_mechs, gm_list) {
+ if (0 == strcmp(name, pos->gm_name)) {
+ if (!try_module_get(pos->gm_owner))
+ continue;
+ gm = pos;
+ break;
+ }
+ }
+ spin_unlock(®istered_mechs_lock);
+ return gm;
}
struct gss_api_mech *lgss_subflavor_to_mech(__u32 subflavor)
{
- struct gss_api_mech *pos, *gm = NULL;
-
- spin_lock(®istered_mechs_lock);
- list_for_each_entry(pos, ®istered_mechs, gm_list) {
- if (!try_module_get(pos->gm_owner))
- continue;
- if (!mech_supports_subflavor(pos, subflavor)) {
- module_put(pos->gm_owner);
- continue;
- }
- gm = pos;
- break;
- }
- spin_unlock(®istered_mechs_lock);
- return gm;
+ struct gss_api_mech *pos, *gm = NULL;
+
+ spin_lock(®istered_mechs_lock);
+ list_for_each_entry(pos, ®istered_mechs, gm_list) {
+ if (!try_module_get(pos->gm_owner))
+ continue;
+ if (!mech_supports_subflavor(pos, subflavor)) {
+ module_put(pos->gm_owner);
+ continue;
+ }
+ gm = pos;
+ break;
+ }
+ spin_unlock(®istered_mechs_lock);
+ return gm;
}
void lgss_mech_put(struct gss_api_mech *gm)
{
- module_put(gm->gm_owner);
+ module_put(gm->gm_owner);
}
/* The mech could probably be determined from the token instead, but it's just
struct gss_api_mech *mech,
struct gss_ctx **ctx_id)
{
- OBD_ALLOC_PTR(*ctx_id);
- if (*ctx_id == NULL)
- return GSS_S_FAILURE;
+ OBD_ALLOC_PTR(*ctx_id);
+ if (*ctx_id == NULL)
+ return GSS_S_FAILURE;
- (*ctx_id)->mech_type = lgss_mech_get(mech);
+ (*ctx_id)->mech_type = lgss_mech_get(mech);
+ (*ctx_id)->hash_func = gss_digest_hash;
- LASSERT(mech);
- LASSERT(mech->gm_ops);
- LASSERT(mech->gm_ops->gss_import_sec_context);
- return mech->gm_ops->gss_import_sec_context(input_token, *ctx_id);
+ LASSERT(mech);
+ LASSERT(mech->gm_ops);
+ LASSERT(mech->gm_ops->gss_import_sec_context);
+ return mech->gm_ops->gss_import_sec_context(input_token, *ctx_id);
}
__u32 lgss_copy_reverse_context(struct gss_ctx *ctx_id,
- struct gss_ctx **ctx_id_new)
+ struct gss_ctx **ctx_id_new)
{
- struct gss_api_mech *mech = ctx_id->mech_type;
- __u32 major;
+ struct gss_api_mech *mech = ctx_id->mech_type;
+ __u32 major;
- LASSERT(mech);
+ LASSERT(mech);
- OBD_ALLOC_PTR(*ctx_id_new);
- if (*ctx_id_new == NULL)
- return GSS_S_FAILURE;
+ OBD_ALLOC_PTR(*ctx_id_new);
+ if (*ctx_id_new == NULL)
+ return GSS_S_FAILURE;
- (*ctx_id_new)->mech_type = lgss_mech_get(mech);
+ (*ctx_id_new)->mech_type = lgss_mech_get(mech);
+ (*ctx_id_new)->hash_func = ctx_id->hash_func;
- LASSERT(mech);
- LASSERT(mech->gm_ops);
- LASSERT(mech->gm_ops->gss_copy_reverse_context);
+ LASSERT(mech);
+ LASSERT(mech->gm_ops);
+ LASSERT(mech->gm_ops->gss_copy_reverse_context);
- major = mech->gm_ops->gss_copy_reverse_context(ctx_id, *ctx_id_new);
- if (major != GSS_S_COMPLETE) {
- lgss_mech_put(mech);
- OBD_FREE_PTR(*ctx_id_new);
- *ctx_id_new = NULL;
- }
- return major;
+ major = mech->gm_ops->gss_copy_reverse_context(ctx_id, *ctx_id_new);
+ if (major != GSS_S_COMPLETE) {
+ lgss_mech_put(mech);
+ OBD_FREE_PTR(*ctx_id_new);
+ *ctx_id_new = NULL;
+ }
+ return major;
}
/*
* this interface is much simplified, currently we only need endtime.
*/
__u32 lgss_inquire_context(struct gss_ctx *context_handle,
- unsigned long *endtime)
+ time64_t *endtime)
{
LASSERT(context_handle);
LASSERT(context_handle->mech_type);
__u32 lgss_get_mic(struct gss_ctx *context_handle,
int msgcnt,
rawobj_t *msg,
+ int iovcnt,
+ lnet_kiov_t *iovs,
rawobj_t *mic_token)
{
LASSERT(context_handle);
->gss_get_mic(context_handle,
msgcnt,
msg,
+ iovcnt,
+ iovs,
mic_token);
}
__u32 lgss_verify_mic(struct gss_ctx *context_handle,
int msgcnt,
rawobj_t *msg,
+ int iovcnt,
+ lnet_kiov_t *iovs,
rawobj_t *mic_token)
{
LASSERT(context_handle);
->gss_verify_mic(context_handle,
msgcnt,
msg,
+ iovcnt,
+ iovs,
mic_token);
}
-#if 0
__u32 lgss_wrap(struct gss_ctx *context_handle,
- __u32 qop,
- rawobj_buf_t *inbuf,
- rawobj_t *outbuf)
+ rawobj_t *gsshdr,
+ rawobj_t *msg,
+ int msg_buflen,
+ rawobj_t *out_token)
{
LASSERT(context_handle);
LASSERT(context_handle->mech_type);
LASSERT(context_handle->mech_type->gm_ops->gss_wrap);
return context_handle->mech_type->gm_ops
- ->gss_wrap(context_handle, qop, inbuf, outbuf);
+ ->gss_wrap(context_handle, gsshdr, msg, msg_buflen, out_token);
}
-#endif
-__u32 lgss_wrap(struct gss_ctx *context_handle,
- rawobj_t *msg,
- int msg_buflen,
- rawobj_t *out_token)
+__u32 lgss_unwrap(struct gss_ctx *context_handle,
+ rawobj_t *gsshdr,
+ rawobj_t *token,
+ rawobj_t *out_msg)
{
LASSERT(context_handle);
LASSERT(context_handle->mech_type);
LASSERT(context_handle->mech_type->gm_ops);
- LASSERT(context_handle->mech_type->gm_ops->gss_wrap);
+ LASSERT(context_handle->mech_type->gm_ops->gss_unwrap);
return context_handle->mech_type->gm_ops
- ->gss_wrap(context_handle, msg, msg_buflen, out_token);
+ ->gss_unwrap(context_handle, gsshdr, token, out_msg);
}
-__u32 lgss_unwrap(struct gss_ctx *context_handle,
- rawobj_t *token,
- rawobj_t *out_msg)
+
+__u32 lgss_prep_bulk(struct gss_ctx *context_handle,
+ struct ptlrpc_bulk_desc *desc)
{
LASSERT(context_handle);
LASSERT(context_handle->mech_type);
LASSERT(context_handle->mech_type->gm_ops);
- LASSERT(context_handle->mech_type->gm_ops->gss_unwrap);
+ LASSERT(context_handle->mech_type->gm_ops->gss_prep_bulk);
return context_handle->mech_type->gm_ops
- ->gss_unwrap(context_handle, token, out_msg);
+ ->gss_prep_bulk(context_handle, desc);
}
+__u32 lgss_wrap_bulk(struct gss_ctx *context_handle,
+ struct ptlrpc_bulk_desc *desc,
+ rawobj_t *token,
+ int adj_nob)
+{
+ LASSERT(context_handle);
+ LASSERT(context_handle->mech_type);
+ LASSERT(context_handle->mech_type->gm_ops);
+ LASSERT(context_handle->mech_type->gm_ops->gss_wrap_bulk);
-__u32 lgss_plain_encrypt(struct gss_ctx *ctx,
- int decrypt,
- int length,
- void *in_buf,
- void *out_buf)
+ return context_handle->mech_type->gm_ops
+ ->gss_wrap_bulk(context_handle, desc, token, adj_nob);
+}
+
+__u32 lgss_unwrap_bulk(struct gss_ctx *context_handle,
+ struct ptlrpc_bulk_desc *desc,
+ rawobj_t *token,
+ int adj_nob)
{
- LASSERT(ctx);
- LASSERT(ctx->mech_type);
- LASSERT(ctx->mech_type->gm_ops);
- LASSERT(ctx->mech_type->gm_ops->gss_plain_encrypt);
+ LASSERT(context_handle);
+ LASSERT(context_handle->mech_type);
+ LASSERT(context_handle->mech_type->gm_ops);
+ LASSERT(context_handle->mech_type->gm_ops->gss_unwrap_bulk);
- return ctx->mech_type->gm_ops
- ->gss_plain_encrypt(ctx, decrypt, length, in_buf, out_buf);
+ return context_handle->mech_type->gm_ops
+ ->gss_unwrap_bulk(context_handle, desc, token, adj_nob);
}
/* gss_delete_sec_context: free all resources associated with context_handle.
__u32 lgss_delete_sec_context(struct gss_ctx **context_handle)
{
- struct gss_api_mech *mech;
-
- CDEBUG(D_SEC, "deleting %p\n", *context_handle);
-
- if (!*context_handle)
- return(GSS_S_NO_CONTEXT);
-
- mech = (*context_handle)->mech_type;
- if ((*context_handle)->internal_ctx_id != 0) {
- LASSERT(mech);
- LASSERT(mech->gm_ops);
- LASSERT(mech->gm_ops->gss_delete_sec_context);
- mech->gm_ops->gss_delete_sec_context(
- (*context_handle)->internal_ctx_id);
- }
- if (mech)
- lgss_mech_put(mech);
-
- OBD_FREE_PTR(*context_handle);
- *context_handle=NULL;
- return GSS_S_COMPLETE;
+ struct gss_api_mech *mech;
+
+ if (!*context_handle)
+ return GSS_S_NO_CONTEXT;
+
+ CDEBUG(D_SEC, "deleting %p\n", *context_handle);
+
+ mech = (*context_handle)->mech_type;
+ if ((*context_handle)->internal_ctx_id != NULL) {
+ LASSERT(mech);
+ LASSERT(mech->gm_ops);
+ LASSERT(mech->gm_ops->gss_delete_sec_context);
+ mech->gm_ops->gss_delete_sec_context(
+ (*context_handle)->internal_ctx_id);
+ }
+ if (mech)
+ lgss_mech_put(mech);
+
+ OBD_FREE_PTR(*context_handle);
+ *context_handle = NULL;
+ return GSS_S_COMPLETE;
}
int lgss_display(struct gss_ctx *ctx,
git://git.whamcloud.com / fs / lustre-release.git / blobdiff