1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright 2008 Sun Microsystems, Inc. All rights reserved
30 * Use is subject to license terms.
33 * This file is part of Lustre, http://www.lustre.org/
34 * Lustre is a trademark of Sun Microsystems, Inc.
37 #ifndef _LUSTRE_SEC_H_
38 #define _LUSTRE_SEC_H_
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
55 struct ptlrpc_sec_policy;
56 struct ptlrpc_sec_cops;
57 struct ptlrpc_sec_sops;
59 struct ptlrpc_svc_ctx;
60 struct ptlrpc_cli_ctx;
61 struct ptlrpc_ctx_ops;
67 SPTLRPC_POLICY_NULL = 0,
68 SPTLRPC_POLICY_PLAIN = 1,
69 SPTLRPC_POLICY_GSS = 2,
73 enum sptlrpc_mech_null {
74 SPTLRPC_MECH_NULL = 0,
75 SPTLRPC_MECH_NULL_MAX,
78 enum sptlrpc_mech_plain {
79 SPTLRPC_MECH_PLAIN = 0,
80 SPTLRPC_MECH_PLAIN_MAX,
83 enum sptlrpc_mech_gss {
84 SPTLRPC_MECH_GSS_NULL = 0,
85 SPTLRPC_MECH_GSS_KRB5 = 1,
89 enum sptlrpc_service_type {
90 SPTLRPC_SVC_NULL = 0, /* no security */
91 SPTLRPC_SVC_AUTH = 1, /* auth only */
92 SPTLRPC_SVC_INTG = 2, /* integrity */
93 SPTLRPC_SVC_PRIV = 3, /* privacy */
97 enum sptlrpc_bulk_type {
98 SPTLRPC_BULK_DEFAULT = 0, /* follow rpc flavor */
99 SPTLRPC_BULK_HASH = 1, /* hash integrity */
103 enum sptlrpc_bulk_service {
104 SPTLRPC_BULK_SVC_NULL = 0,
105 SPTLRPC_BULK_SVC_AUTH = 1,
106 SPTLRPC_BULK_SVC_INTG = 2,
107 SPTLRPC_BULK_SVC_PRIV = 3,
108 SPTLRPC_BULK_SVC_MAX,
112 * rpc flavor compose/extract, represented as 32 bits. currently the
113 * high 12 bits are unused, must be set as 0.
115 * 4b (bulk svc) | 4b (bulk type) | 4b (svc) | 4b (mech) | 4b (policy)
117 #define FLVR_POLICY_OFFSET (0)
118 #define FLVR_MECH_OFFSET (4)
119 #define FLVR_SVC_OFFSET (8)
120 #define FLVR_BULK_TYPE_OFFSET (12)
121 #define FLVR_BULK_SVC_OFFSET (16)
123 #define MAKE_FLVR(policy, mech, svc, btype, bsvc) \
124 (((__u32)(policy) << FLVR_POLICY_OFFSET) | \
125 ((__u32)(mech) << FLVR_MECH_OFFSET) | \
126 ((__u32)(svc) << FLVR_SVC_OFFSET) | \
127 ((__u32)(btype) << FLVR_BULK_TYPE_OFFSET) | \
128 ((__u32)(bsvc) << FLVR_BULK_SVC_OFFSET))
133 #define SPTLRPC_FLVR_POLICY(flavor) \
134 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xF)
135 #define SPTLRPC_FLVR_MECH(flavor) \
136 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xF)
137 #define SPTLRPC_FLVR_SVC(flavor) \
138 ((((__u32)(flavor)) >> FLVR_SVC_OFFSET) & 0xF)
139 #define SPTLRPC_FLVR_BULK_TYPE(flavor) \
140 ((((__u32)(flavor)) >> FLVR_BULK_TYPE_OFFSET) & 0xF)
141 #define SPTLRPC_FLVR_BULK_SVC(flavor) \
142 ((((__u32)(flavor)) >> FLVR_BULK_SVC_OFFSET) & 0xF)
144 #define SPTLRPC_FLVR_BASE(flavor) \
145 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xFFF)
146 #define SPTLRPC_FLVR_BASE_SUB(flavor) \
147 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xFF)
152 #define MAKE_BASE_SUBFLVR(mech, svc) \
154 ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
156 #define SPTLRPC_SUBFLVR_KRB5N \
157 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
158 #define SPTLRPC_SUBFLVR_KRB5A \
159 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
160 #define SPTLRPC_SUBFLVR_KRB5I \
161 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
162 #define SPTLRPC_SUBFLVR_KRB5P \
163 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
168 #define SPTLRPC_FLVR_NULL \
169 MAKE_FLVR(SPTLRPC_POLICY_NULL, \
172 SPTLRPC_BULK_DEFAULT, \
173 SPTLRPC_BULK_SVC_NULL)
174 #define SPTLRPC_FLVR_PLAIN \
175 MAKE_FLVR(SPTLRPC_POLICY_PLAIN, \
176 SPTLRPC_MECH_PLAIN, \
179 SPTLRPC_BULK_SVC_INTG)
180 #define SPTLRPC_FLVR_KRB5N \
181 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
182 SPTLRPC_MECH_GSS_KRB5, \
184 SPTLRPC_BULK_DEFAULT, \
185 SPTLRPC_BULK_SVC_NULL)
186 #define SPTLRPC_FLVR_KRB5A \
187 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
188 SPTLRPC_MECH_GSS_KRB5, \
190 SPTLRPC_BULK_DEFAULT, \
191 SPTLRPC_BULK_SVC_NULL)
192 #define SPTLRPC_FLVR_KRB5I \
193 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
194 SPTLRPC_MECH_GSS_KRB5, \
196 SPTLRPC_BULK_DEFAULT, \
197 SPTLRPC_BULK_SVC_INTG)
198 #define SPTLRPC_FLVR_KRB5P \
199 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
200 SPTLRPC_MECH_GSS_KRB5, \
202 SPTLRPC_BULK_DEFAULT, \
203 SPTLRPC_BULK_SVC_PRIV)
205 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
207 #define SPTLRPC_FLVR_INVALID ((__u32) 0xFFFFFFFF)
208 #define SPTLRPC_FLVR_ANY ((__u32) 0xFFF00000)
211 * extract the useful part from wire flavor
213 #define WIRE_FLVR(wflvr) (((__u32) (wflvr)) & 0x000FFFFF)
215 static inline void flvr_set_svc(__u32 *flvr, __u32 svc)
217 LASSERT(svc < SPTLRPC_SVC_MAX);
218 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
219 SPTLRPC_FLVR_MECH(*flvr),
221 SPTLRPC_FLVR_BULK_TYPE(*flvr),
222 SPTLRPC_FLVR_BULK_SVC(*flvr));
225 static inline void flvr_set_bulk_svc(__u32 *flvr, __u32 svc)
227 LASSERT(svc < SPTLRPC_BULK_SVC_MAX);
228 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
229 SPTLRPC_FLVR_MECH(*flvr),
230 SPTLRPC_FLVR_SVC(*flvr),
231 SPTLRPC_FLVR_BULK_TYPE(*flvr),
235 struct bulk_spec_hash {
239 struct sptlrpc_flavor {
240 __u32 sf_rpc; /* wire flavor - should be renamed to sf_wire */
241 __u32 sf_flags; /* general flags */
243 * rpc flavor specification
246 /* nothing for now */
249 * bulk flavor specification
252 struct bulk_spec_hash hash;
256 enum lustre_sec_part {
265 const char *sptlrpc_part2name(enum lustre_sec_part sp);
266 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
268 struct sptlrpc_rule {
269 __u32 sr_netid; /* LNET network ID */
270 __u8 sr_from; /* sec_part */
271 __u8 sr_to; /* sec_part */
273 struct sptlrpc_flavor sr_flvr;
276 struct sptlrpc_rule_set {
279 struct sptlrpc_rule *srs_rules;
282 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
283 int sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr);
285 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
287 memset(set, 0, sizeof(*set));
290 void sptlrpc_rule_set_free(struct sptlrpc_rule_set *set);
291 int sptlrpc_rule_set_expand(struct sptlrpc_rule_set *set);
292 int sptlrpc_rule_set_merge(struct sptlrpc_rule_set *set,
293 struct sptlrpc_rule *rule);
294 int sptlrpc_rule_set_choose(struct sptlrpc_rule_set *rset,
295 enum lustre_sec_part from,
296 enum lustre_sec_part to,
298 struct sptlrpc_flavor *sf);
299 void sptlrpc_rule_set_dump(struct sptlrpc_rule_set *set);
301 int sptlrpc_process_config(struct lustre_cfg *lcfg);
302 void sptlrpc_conf_log_start(const char *logname);
303 void sptlrpc_conf_log_stop(const char *logname);
304 void sptlrpc_conf_log_update_begin(const char *logname);
305 void sptlrpc_conf_log_update_end(const char *logname);
306 void sptlrpc_conf_client_adapt(struct obd_device *obd);
307 int sptlrpc_conf_target_get_rules(struct obd_device *obd,
308 struct sptlrpc_rule_set *rset,
310 void sptlrpc_target_choose_flavor(struct sptlrpc_rule_set *rset,
311 enum lustre_sec_part from,
313 struct sptlrpc_flavor *flavor);
315 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
316 * and should be enough for other future mechanisms but not sure.
317 * Only used by pre-allocated request/reply pool.
319 #define SPTLRPC_MAX_PAYLOAD (1024)
327 struct ptlrpc_ctx_ops {
328 int (*match) (struct ptlrpc_cli_ctx *ctx,
329 struct vfs_cred *vcred);
330 int (*refresh) (struct ptlrpc_cli_ctx *ctx);
331 int (*validate) (struct ptlrpc_cli_ctx *ctx);
332 void (*die) (struct ptlrpc_cli_ctx *ctx,
334 int (*display) (struct ptlrpc_cli_ctx *ctx,
335 char *buf, int bufsize);
339 int (*sign) (struct ptlrpc_cli_ctx *ctx,
340 struct ptlrpc_request *req);
341 int (*verify) (struct ptlrpc_cli_ctx *ctx,
342 struct ptlrpc_request *req);
343 int (*seal) (struct ptlrpc_cli_ctx *ctx,
344 struct ptlrpc_request *req);
345 int (*unseal) (struct ptlrpc_cli_ctx *ctx,
346 struct ptlrpc_request *req);
350 int (*wrap_bulk) (struct ptlrpc_cli_ctx *ctx,
351 struct ptlrpc_request *req,
352 struct ptlrpc_bulk_desc *desc);
353 int (*unwrap_bulk) (struct ptlrpc_cli_ctx *ctx,
354 struct ptlrpc_request *req,
355 struct ptlrpc_bulk_desc *desc);
358 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
359 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
360 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
361 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
362 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
363 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
365 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
366 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
367 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
368 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
369 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
370 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
372 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
373 PTLRPC_CTX_UPTODATE | \
377 struct ptlrpc_cli_ctx {
378 struct hlist_node cc_cache; /* linked into ctx cache */
379 atomic_t cc_refcount;
380 struct ptlrpc_sec *cc_sec;
381 struct ptlrpc_ctx_ops *cc_ops;
382 cfs_time_t cc_expire; /* in seconds */
383 unsigned int cc_early_expire:1;
384 unsigned long cc_flags;
385 struct vfs_cred cc_vcred;
387 struct list_head cc_req_list; /* waiting reqs linked here */
388 struct list_head cc_gc_chain; /* linked to gc chain */
391 struct ptlrpc_sec_cops {
393 * ptlrpc_sec constructor/destructor
395 struct ptlrpc_sec * (*create_sec) (struct obd_import *imp,
396 struct ptlrpc_svc_ctx *ctx,
397 struct sptlrpc_flavor *flavor);
398 void (*destroy_sec) (struct ptlrpc_sec *sec);
403 void (*kill_sec) (struct ptlrpc_sec *sec);
408 struct ptlrpc_cli_ctx * (*lookup_ctx) (struct ptlrpc_sec *sec,
409 struct vfs_cred *vcred,
412 void (*release_ctx) (struct ptlrpc_sec *sec,
413 struct ptlrpc_cli_ctx *ctx,
415 int (*flush_ctx_cache)
416 (struct ptlrpc_sec *sec,
420 void (*gc_ctx) (struct ptlrpc_sec *sec);
425 int (*install_rctx)(struct obd_import *imp,
426 struct ptlrpc_sec *sec,
427 struct ptlrpc_cli_ctx *ctx);
430 * request/reply buffer manipulation
432 int (*alloc_reqbuf)(struct ptlrpc_sec *sec,
433 struct ptlrpc_request *req,
434 int lustre_msg_size);
435 void (*free_reqbuf) (struct ptlrpc_sec *sec,
436 struct ptlrpc_request *req);
437 int (*alloc_repbuf)(struct ptlrpc_sec *sec,
438 struct ptlrpc_request *req,
439 int lustre_msg_size);
440 void (*free_repbuf) (struct ptlrpc_sec *sec,
441 struct ptlrpc_request *req);
442 int (*enlarge_reqbuf)
443 (struct ptlrpc_sec *sec,
444 struct ptlrpc_request *req,
445 int segment, int newsize);
449 int (*display) (struct ptlrpc_sec *sec,
450 struct seq_file *seq);
453 struct ptlrpc_sec_sops {
454 int (*accept) (struct ptlrpc_request *req);
455 int (*authorize) (struct ptlrpc_request *req);
456 void (*invalidate_ctx)
457 (struct ptlrpc_svc_ctx *ctx);
458 /* buffer manipulation */
459 int (*alloc_rs) (struct ptlrpc_request *req,
461 void (*free_rs) (struct ptlrpc_reply_state *rs);
462 void (*free_ctx) (struct ptlrpc_svc_ctx *ctx);
463 /* reverse context */
464 int (*install_rctx)(struct obd_import *imp,
465 struct ptlrpc_svc_ctx *ctx);
467 int (*prep_bulk) (struct ptlrpc_request *req,
468 struct ptlrpc_bulk_desc *desc);
469 int (*unwrap_bulk) (struct ptlrpc_request *req,
470 struct ptlrpc_bulk_desc *desc);
471 int (*wrap_bulk) (struct ptlrpc_request *req,
472 struct ptlrpc_bulk_desc *desc);
475 struct ptlrpc_sec_policy {
476 struct module *sp_owner;
478 __u16 sp_policy; /* policy number */
479 struct ptlrpc_sec_cops *sp_cops; /* client ops */
480 struct ptlrpc_sec_sops *sp_sops; /* server ops */
483 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
484 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
485 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
486 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
487 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
490 struct ptlrpc_sec_policy *ps_policy;
491 atomic_t ps_refcount;
492 atomic_t ps_nctx; /* statistic only */
493 int ps_id; /* unique identifier */
494 struct sptlrpc_flavor ps_flvr; /* flavor */
495 enum lustre_sec_part ps_part;
496 unsigned int ps_dying:1;
497 struct obd_import *ps_import; /* owning import */
498 spinlock_t ps_lock; /* protect ccache */
502 struct list_head ps_gc_list;
503 cfs_time_t ps_gc_interval; /* in seconds */
504 cfs_time_t ps_gc_next; /* in seconds */
507 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
509 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
512 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
514 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
518 struct ptlrpc_svc_ctx {
519 atomic_t sc_refcount;
520 struct ptlrpc_sec_policy *sc_policy;
524 * user identity descriptor
526 #define LUSTRE_MAX_GROUPS (128)
528 struct ptlrpc_user_desc {
541 enum sptlrpc_bulk_hash_alg {
542 BULK_HASH_ALG_NULL = 0,
543 BULK_HASH_ALG_ADLER32,
547 BULK_HASH_ALG_SHA256,
548 BULK_HASH_ALG_SHA384,
549 BULK_HASH_ALG_SHA512,
553 struct sptlrpc_hash_type {
556 unsigned int sht_size;
559 const struct sptlrpc_hash_type *sptlrpc_get_hash_type(__u8 hash_alg);
560 const char * sptlrpc_get_hash_name(__u8 hash_alg);
561 __u8 sptlrpc_get_hash_alg(const char *algname);
567 struct ptlrpc_bulk_sec_desc {
568 __u8 bsd_version; /* 0 */
569 __u8 bsd_type; /* SPTLRPC_BULK_XXX */
570 __u8 bsd_svc; /* SPTLRPC_BULK_SVC_XXXX */
571 __u8 bsd_flags; /* flags */
572 __u32 bsd_nob; /* nob of bulk data */
573 __u8 bsd_data[0]; /* policy-specific token */
580 struct proc_dir_entry;
581 extern struct proc_dir_entry *sptlrpc_proc_root;
584 * round size up to next power of 2, for slab allocation.
585 * @size must be sane (can't overflow after round up)
587 static inline int size_roundup_power2(int size)
600 * internal support libraries
602 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
603 int segment, int newsize);
608 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
609 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
611 __u32 sptlrpc_name2flavor_base(const char *name);
612 const char *sptlrpc_flavor2name_base(__u32 flvr);
613 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
614 char *buf, int bufsize);
615 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
616 char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize);
619 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
621 __module_get(policy->sp_owner);
626 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
628 module_put(policy->sp_owner);
635 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
637 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
641 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
643 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
647 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
649 return (cli_ctx_status(ctx) != 0);
653 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
655 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
659 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
661 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
665 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
667 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
671 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
673 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
679 struct ptlrpc_sec *sptlrpc_sec_get(struct ptlrpc_sec *sec);
680 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
683 * internal apis which only used by policy impelentation
685 int sptlrpc_get_next_secid(void);
686 void sptlrpc_sec_destroy(struct ptlrpc_sec *sec);
689 * exported client context api
691 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
692 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
693 void sptlrpc_cli_ctx_expire(struct ptlrpc_cli_ctx *ctx);
694 void sptlrpc_cli_ctx_wakeup(struct ptlrpc_cli_ctx *ctx);
695 int sptlrpc_cli_ctx_display(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
698 * exported client context wrap/buffers
700 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
701 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
702 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
703 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
704 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
705 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
706 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
707 int segment, int newsize);
708 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
709 struct ptlrpc_request **req_ret);
710 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
712 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
715 * exported higher interface of import & request
717 int sptlrpc_import_sec_adapt(struct obd_import *imp,
718 struct ptlrpc_svc_ctx *ctx,
719 struct sptlrpc_flavor *flvr);
720 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
721 void sptlrpc_import_sec_put(struct obd_import *imp);
723 int sptlrpc_import_check_ctx(struct obd_import *imp);
724 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
725 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
726 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
727 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
728 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
729 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
730 int sptlrpc_req_replace_dead_ctx(struct ptlrpc_request *req);
731 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
733 int sptlrpc_parse_rule(char *param, struct sptlrpc_rule *rule);
736 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
737 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
738 void sptlrpc_gc_add_ctx(struct ptlrpc_cli_ctx *ctx);
741 const char * sec2target_str(struct ptlrpc_sec *sec);
742 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
747 enum secsvc_accept_res {
753 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
754 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
755 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
756 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
757 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
758 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
759 void sptlrpc_svc_ctx_invalidate(struct ptlrpc_request *req);
761 int sptlrpc_target_export_check(struct obd_export *exp,
762 struct ptlrpc_request *req);
763 void sptlrpc_target_update_exp_flavor(struct obd_device *obd,
764 struct sptlrpc_rule_set *rset);
769 int sptlrpc_svc_install_rvs_ctx(struct obd_import *imp,
770 struct ptlrpc_svc_ctx *ctx);
771 int sptlrpc_cli_install_rvs_ctx(struct obd_import *imp,
772 struct ptlrpc_cli_ctx *ctx);
774 /* bulk security api */
775 int sptlrpc_enc_pool_add_user(void);
776 int sptlrpc_enc_pool_del_user(void);
777 int sptlrpc_enc_pool_get_pages(struct ptlrpc_bulk_desc *desc);
778 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
780 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
781 struct ptlrpc_bulk_desc *desc);
782 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
783 struct ptlrpc_bulk_desc *desc,
785 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
786 struct ptlrpc_bulk_desc *desc);
787 int sptlrpc_svc_prep_bulk(struct ptlrpc_request *req,
788 struct ptlrpc_bulk_desc *desc);
789 int sptlrpc_svc_wrap_bulk(struct ptlrpc_request *req,
790 struct ptlrpc_bulk_desc *desc);
791 int sptlrpc_svc_unwrap_bulk(struct ptlrpc_request *req,
792 struct ptlrpc_bulk_desc *desc);
794 /* bulk helpers (internal use only by policies) */
795 int sptlrpc_get_bulk_checksum(struct ptlrpc_bulk_desc *desc, __u8 alg,
796 void *buf, int buflen);
798 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset);
800 /* user descriptor helpers */
801 static inline int sptlrpc_user_desc_size(int ngroups)
803 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
806 int sptlrpc_current_user_desc_size(void);
807 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
808 int sptlrpc_unpack_user_desc(struct lustre_msg *msg, int offset);
811 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
812 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
816 LUSTRE_SEC_REMOTE = 1,
817 LUSTRE_SEC_SPECIFY = 2,
821 #endif /* _LUSTRE_SEC_H_ */