X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Fldlm%2Fldlm_lib.c;h=a01334f5c20935ecf0a32ccbd3d540ffe57597c8;hp=d8028ea22a7b5e5a428ccaf7a6c5910d74ea7bda;hb=27991cb0ca98c5e2e172ec241efbc168354831a5;hpb=6f6320cc43ec48f72994c02436909b276497c544 diff --git a/lustre/ldlm/ldlm_lib.c b/lustre/ldlm/ldlm_lib.c index d8028ea..a01334f 100644 --- a/lustre/ldlm/ldlm_lib.c +++ b/lustre/ldlm/ldlm_lib.c @@ -536,6 +536,54 @@ static inline int ptlrpc_peer_is_local(struct ptlrpc_peer *peer) return (memcmp(&peer->peer_id, &myid, sizeof(myid)) == 0); } +/* To check whether the p_flavor is in deny list or not + * rc: + * 0 not found, pass + * EPERM found, refuse + */ + +static int check_deny_list(struct list_head *head, ptlrpcs_flavor_t *p_flavor) +{ + deny_sec_t *p_deny_sec = NULL; + deny_sec_t *n_deny_sec = NULL; + + list_for_each_entry_safe(p_deny_sec, n_deny_sec, head, list) { + if ((p_deny_sec->sec.flavor == p_flavor->flavor) && + (p_deny_sec->sec.subflavor == p_flavor->subflavor)) + return -EPERM; + } + return 0; +} + +int target_check_deny_sec(struct obd_device *target, struct ptlrpc_request *req) +{ + struct gss_svc_data *svcdata; + ptlrpcs_flavor_t flavor; + int rc = 0; + + /* XXX hacking */ + svcdata = (struct gss_svc_data *) req->rq_sec_svcdata; + if (svcdata == NULL) { + flavor.flavor = PTLRPC_SEC_NULL; + flavor.subflavor = 0; + } else { + flavor.flavor = PTLRPC_SEC_GSS; + flavor.subflavor = svcdata->subflavor; + } + + if (!strcmp(target->obd_type->typ_name, LUSTRE_MDS_NAME)) { + spin_lock(&target->u.mds.mds_denylist_lock); + rc = check_deny_list(&target->u.mds.mds_denylist, &flavor); + spin_unlock(&target->u.mds.mds_denylist_lock); + } else if (!strcmp(target->obd_type->typ_name, "obdfilter")) { + spin_lock(&target->u.filter.fo_denylist_lock); + rc = check_deny_list(&target->u.filter.fo_denylist, &flavor); + spin_unlock(&target->u.filter.fo_denylist_lock); + } + + return rc; +} + int target_handle_connect(struct ptlrpc_request *req) { unsigned long connect_flags = 0, *cfp; @@ -578,6 +626,11 @@ int target_handle_connect(struct ptlrpc_request *req) GOTO(out, rc = -ENODEV); } + /* check the secure deny list of mds/ost */ + rc = target_check_deny_sec(target, req); + if (rc != 0) + GOTO(out, rc); + LASSERT_REQSWAB (req, offset + 1); str = lustre_msg_string(req->rq_reqmsg, offset + 1, sizeof(cluuid) - 1); if (str == NULL) { @@ -1438,10 +1491,9 @@ int target_process_req_flags(struct obd_device *obd, struct ptlrpc_request *req) exp->exp_req_replay_needed = 0; atomic_dec(&obd->obd_req_replay_clients); obd->obd_recoverable_clients--; - if (atomic_read(&obd->obd_req_replay_clients) == 0) { + if (atomic_read(&obd->obd_req_replay_clients) == 0) CDEBUG(D_HA, "all clients have replayed reqs\n"); - wake_up(&obd->obd_next_transno_waitq); - } + wake_up(&obd->obd_next_transno_waitq); } spin_unlock_bh(&obd->obd_processing_task_lock); } @@ -1453,10 +1505,9 @@ int target_process_req_flags(struct obd_device *obd, struct ptlrpc_request *req) LASSERT(atomic_read(&obd->obd_lock_replay_clients) > 0); exp->exp_lock_replay_needed = 0; atomic_dec(&obd->obd_lock_replay_clients); - if (atomic_read(&obd->obd_lock_replay_clients) == 0) { + if (atomic_read(&obd->obd_lock_replay_clients) == 0) CDEBUG(D_HA, "all clients have replayed locks\n"); - wake_up(&obd->obd_next_transno_waitq); - } + wake_up(&obd->obd_next_transno_waitq); } spin_unlock_bh(&obd->obd_processing_task_lock); }