4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2012, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
33 #ifndef _LUSTRE_SEC_H_
34 #define _LUSTRE_SEC_H_
36 /** \defgroup sptlrpc sptlrpc
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
58 struct ptlrpc_sec_policy;
59 struct ptlrpc_sec_cops;
60 struct ptlrpc_sec_sops;
62 struct ptlrpc_svc_ctx;
63 struct ptlrpc_cli_ctx;
64 struct ptlrpc_ctx_ops;
67 * \addtogroup flavor flavor
69 * RPC flavor is represented by a 32 bits integer. Currently the high 12 bits
70 * are unused, must be set to 0 for future expansion.
72 * ------------------------------------------------------------------------
73 * | 4b (bulk svc) | 4b (bulk type) | 4b (svc) | 4b (mech) | 4b (policy) |
74 * ------------------------------------------------------------------------
84 SPTLRPC_POLICY_NULL = 0,
85 SPTLRPC_POLICY_PLAIN = 1,
86 SPTLRPC_POLICY_GSS = 2,
90 enum sptlrpc_mech_null {
91 SPTLRPC_MECH_NULL = 0,
92 SPTLRPC_MECH_NULL_MAX,
95 enum sptlrpc_mech_plain {
96 SPTLRPC_MECH_PLAIN = 0,
97 SPTLRPC_MECH_PLAIN_MAX,
100 enum sptlrpc_mech_gss {
101 SPTLRPC_MECH_GSS_NULL = 0,
102 SPTLRPC_MECH_GSS_KRB5 = 1,
103 SPTLRPC_MECH_GSS_MAX,
106 enum sptlrpc_service_type {
107 SPTLRPC_SVC_NULL = 0, /**< no security */
108 SPTLRPC_SVC_AUTH = 1, /**< authentication only */
109 SPTLRPC_SVC_INTG = 2, /**< integrity */
110 SPTLRPC_SVC_PRIV = 3, /**< privacy */
114 enum sptlrpc_bulk_type {
115 SPTLRPC_BULK_DEFAULT = 0, /**< follow rpc flavor */
116 SPTLRPC_BULK_HASH = 1, /**< hash integrity */
120 enum sptlrpc_bulk_service {
121 SPTLRPC_BULK_SVC_NULL = 0, /**< no security */
122 SPTLRPC_BULK_SVC_AUTH = 1, /**< authentication only */
123 SPTLRPC_BULK_SVC_INTG = 2, /**< integrity */
124 SPTLRPC_BULK_SVC_PRIV = 3, /**< privacy */
125 SPTLRPC_BULK_SVC_MAX,
129 * compose/extract macros
131 #define FLVR_POLICY_OFFSET (0)
132 #define FLVR_MECH_OFFSET (4)
133 #define FLVR_SVC_OFFSET (8)
134 #define FLVR_BULK_TYPE_OFFSET (12)
135 #define FLVR_BULK_SVC_OFFSET (16)
137 #define MAKE_FLVR(policy, mech, svc, btype, bsvc) \
138 (((__u32)(policy) << FLVR_POLICY_OFFSET) | \
139 ((__u32)(mech) << FLVR_MECH_OFFSET) | \
140 ((__u32)(svc) << FLVR_SVC_OFFSET) | \
141 ((__u32)(btype) << FLVR_BULK_TYPE_OFFSET) | \
142 ((__u32)(bsvc) << FLVR_BULK_SVC_OFFSET))
147 #define SPTLRPC_FLVR_POLICY(flavor) \
148 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xF)
149 #define SPTLRPC_FLVR_MECH(flavor) \
150 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xF)
151 #define SPTLRPC_FLVR_SVC(flavor) \
152 ((((__u32)(flavor)) >> FLVR_SVC_OFFSET) & 0xF)
153 #define SPTLRPC_FLVR_BULK_TYPE(flavor) \
154 ((((__u32)(flavor)) >> FLVR_BULK_TYPE_OFFSET) & 0xF)
155 #define SPTLRPC_FLVR_BULK_SVC(flavor) \
156 ((((__u32)(flavor)) >> FLVR_BULK_SVC_OFFSET) & 0xF)
158 #define SPTLRPC_FLVR_BASE(flavor) \
159 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xFFF)
160 #define SPTLRPC_FLVR_BASE_SUB(flavor) \
161 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xFF)
166 #define MAKE_BASE_SUBFLVR(mech, svc) \
168 ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
170 #define SPTLRPC_SUBFLVR_KRB5N \
171 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
172 #define SPTLRPC_SUBFLVR_KRB5A \
173 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
174 #define SPTLRPC_SUBFLVR_KRB5I \
175 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
176 #define SPTLRPC_SUBFLVR_KRB5P \
177 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
182 #define SPTLRPC_FLVR_NULL \
183 MAKE_FLVR(SPTLRPC_POLICY_NULL, \
186 SPTLRPC_BULK_DEFAULT, \
187 SPTLRPC_BULK_SVC_NULL)
188 #define SPTLRPC_FLVR_PLAIN \
189 MAKE_FLVR(SPTLRPC_POLICY_PLAIN, \
190 SPTLRPC_MECH_PLAIN, \
193 SPTLRPC_BULK_SVC_INTG)
194 #define SPTLRPC_FLVR_KRB5N \
195 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
196 SPTLRPC_MECH_GSS_KRB5, \
198 SPTLRPC_BULK_DEFAULT, \
199 SPTLRPC_BULK_SVC_NULL)
200 #define SPTLRPC_FLVR_KRB5A \
201 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
202 SPTLRPC_MECH_GSS_KRB5, \
204 SPTLRPC_BULK_DEFAULT, \
205 SPTLRPC_BULK_SVC_NULL)
206 #define SPTLRPC_FLVR_KRB5I \
207 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
208 SPTLRPC_MECH_GSS_KRB5, \
210 SPTLRPC_BULK_DEFAULT, \
211 SPTLRPC_BULK_SVC_INTG)
212 #define SPTLRPC_FLVR_KRB5P \
213 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
214 SPTLRPC_MECH_GSS_KRB5, \
216 SPTLRPC_BULK_DEFAULT, \
217 SPTLRPC_BULK_SVC_PRIV)
219 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
221 #define SPTLRPC_FLVR_INVALID ((__u32)0xFFFFFFFF)
222 #define SPTLRPC_FLVR_ANY ((__u32)0xFFF00000)
225 * extract the useful part from wire flavor
227 #define WIRE_FLVR(wflvr) (((__u32)(wflvr)) & 0x000FFFFF)
231 static inline void flvr_set_svc(__u32 *flvr, __u32 svc)
233 LASSERT(svc < SPTLRPC_SVC_MAX);
234 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
235 SPTLRPC_FLVR_MECH(*flvr),
237 SPTLRPC_FLVR_BULK_TYPE(*flvr),
238 SPTLRPC_FLVR_BULK_SVC(*flvr));
241 static inline void flvr_set_bulk_svc(__u32 *flvr, __u32 svc)
243 LASSERT(svc < SPTLRPC_BULK_SVC_MAX);
244 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
245 SPTLRPC_FLVR_MECH(*flvr),
246 SPTLRPC_FLVR_SVC(*flvr),
247 SPTLRPC_FLVR_BULK_TYPE(*flvr),
251 struct bulk_spec_hash {
256 * Full description of flavors being used on a ptlrpc connection, include
257 * both regular RPC and bulk transfer parts.
259 struct sptlrpc_flavor {
261 * wire flavor, should be renamed to sf_wire.
265 * general flags of PTLRPC_SEC_FL_*
269 * rpc flavor specification
272 /* nothing for now */
275 * bulk flavor specification
278 struct bulk_spec_hash hash;
283 * identify the RPC is generated from what part of Lustre. It's encoded into
284 * RPC requests and to be checked by ptlrpc service.
286 enum lustre_sec_part {
295 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
298 * A rule specifies a flavor to be used by a ptlrpc connection between
301 struct sptlrpc_rule {
302 __u32 sr_netid; /* LNET network ID */
303 __u8 sr_from; /* sec_part */
304 __u8 sr_to; /* sec_part */
306 struct sptlrpc_flavor sr_flvr;
310 * A set of rules in memory.
312 * Rules are generated and stored on MGS, and propagated to MDT, OST,
313 * and client when needed.
315 struct sptlrpc_rule_set {
318 struct sptlrpc_rule *srs_rules;
321 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
322 bool sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr);
324 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
326 memset(set, 0, sizeof(*set));
329 int sptlrpc_process_config(struct lustre_cfg *lcfg);
330 void sptlrpc_conf_log_start(const char *logname);
331 void sptlrpc_conf_log_stop(const char *logname);
332 void sptlrpc_conf_log_update_begin(const char *logname);
333 void sptlrpc_conf_log_update_end(const char *logname);
334 void sptlrpc_conf_client_adapt(struct obd_device *obd);
336 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
337 * and should be enough for other future mechanisms but not sure.
338 * Only used by pre-allocated request/reply pool.
340 #define SPTLRPC_MAX_PAYLOAD (1024)
347 struct ptlrpc_ctx_ops {
349 * To determine whether it's suitable to use the \a ctx for \a vcred.
351 int (*match)(struct ptlrpc_cli_ctx *ctx, struct vfs_cred *vcred);
354 * To bring the \a ctx uptodate.
356 int (*refresh)(struct ptlrpc_cli_ctx *ctx);
359 * Validate the \a ctx.
361 int (*validate)(struct ptlrpc_cli_ctx *ctx);
364 * Force the \a ctx to die.
366 void (*force_die)(struct ptlrpc_cli_ctx *ctx, int grace);
367 int (*display)(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
370 * Sign the request message using \a ctx.
372 * \pre req->rq_reqmsg point to request message.
373 * \pre req->rq_reqlen is the request message length.
374 * \post req->rq_reqbuf point to request message with signature.
375 * \post req->rq_reqdata_len is set to the final request message size.
377 * \see null_ctx_sign(), plain_ctx_sign(), gss_cli_ctx_sign().
379 int (*sign)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
382 * Verify the reply message using \a ctx.
384 * \pre req->rq_repdata point to reply message with signature.
385 * \pre req->rq_repdata_len is the total reply message length.
386 * \post req->rq_repmsg point to reply message without signature.
387 * \post req->rq_replen is the reply message length.
389 * \see null_ctx_verify(), plain_ctx_verify(), gss_cli_ctx_verify().
391 int (*verify)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
394 * Encrypt the request message using \a ctx.
396 * \pre req->rq_reqmsg point to request message in clear text.
397 * \pre req->rq_reqlen is the request message length.
398 * \post req->rq_reqbuf point to request message.
399 * \post req->rq_reqdata_len is set to the final request message size.
401 * \see gss_cli_ctx_seal().
403 int (*seal)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
406 * Decrypt the reply message using \a ctx.
408 * \pre req->rq_repdata point to encrypted reply message.
409 * \pre req->rq_repdata_len is the total cipher text length.
410 * \post req->rq_repmsg point to reply message in clear text.
411 * \post req->rq_replen is the reply message length in clear text.
413 * \see gss_cli_ctx_unseal().
415 int (*unseal)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
418 * Wrap bulk request data. This is called before wrapping RPC
421 * \pre bulk buffer is descripted by desc->bd_iov and
422 * desc->bd_iov_count. note for read it's just buffer, no data
423 * need to be sent; for write it contains data in clear text.
424 * \post when necessary, ptlrpc_bulk_sec_desc was properly prepared
425 * (usually inside of RPC request message).
426 * - encryption: cipher text bulk buffer is descripted by
427 * desc->bd_enc_iov and desc->bd_iov_count (currently assume iov
428 * count remains the same).
429 * - otherwise: bulk buffer is still desc->bd_iov and
430 * desc->bd_iov_count.
432 * \return 0: success.
433 * \return -ev: error code.
435 * \see plain_cli_wrap_bulk(), gss_cli_ctx_wrap_bulk().
437 int (*wrap_bulk)(struct ptlrpc_cli_ctx *ctx,
438 struct ptlrpc_request *req,
439 struct ptlrpc_bulk_desc *desc);
442 * Unwrap bulk reply data. This is called after wrapping RPC
445 * \pre bulk buffer is descripted by desc->bd_iov/desc->bd_enc_iov and
446 * desc->bd_iov_count, according to wrap_bulk().
447 * \post final bulk data in clear text is placed in buffer described
448 * by desc->bd_iov and desc->bd_iov_count.
449 * \return +ve nob of actual bulk data in clear text.
450 * \return -ve error code.
452 * \see plain_cli_unwrap_bulk(), gss_cli_ctx_unwrap_bulk().
454 int (*unwrap_bulk)(struct ptlrpc_cli_ctx *ctx,
455 struct ptlrpc_request *req,
456 struct ptlrpc_bulk_desc *desc);
459 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
460 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
461 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
462 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
463 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
464 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
466 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
467 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
468 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
469 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
470 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
471 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
473 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
474 PTLRPC_CTX_UPTODATE | \
478 struct ptlrpc_cli_ctx {
479 struct hlist_node cc_cache; /* linked into ctx cache */
480 atomic_t cc_refcount;
481 struct ptlrpc_sec *cc_sec;
482 struct ptlrpc_ctx_ops *cc_ops;
483 unsigned long cc_expire; /* in seconds */
484 unsigned int cc_early_expire:1;
485 unsigned long cc_flags;
486 struct vfs_cred cc_vcred;
488 struct list_head cc_req_list; /* waiting reqs linked here */
489 struct list_head cc_gc_chain; /* linked to gc chain */
493 * client side policy operation vector.
495 struct ptlrpc_sec_cops {
497 * Given an \a imp, create and initialize a ptlrpc_sec structure.
498 * \param ctx service context:
499 * - regular import: \a ctx should be NULL;
500 * - reverse import: \a ctx is obtained from incoming request.
501 * \param flavor specify what flavor to use.
503 * When necessary, policy module is responsible for taking reference
506 * \see null_create_sec(), plain_create_sec(), gss_sec_create_kr().
508 struct ptlrpc_sec *(*create_sec)(struct obd_import *imp,
509 struct ptlrpc_svc_ctx *ctx,
510 struct sptlrpc_flavor *flavor);
513 * Destructor of ptlrpc_sec. When called, refcount has been dropped
514 * to 0 and all contexts has been destroyed.
516 * \see null_destroy_sec(), plain_destroy_sec(), gss_sec_destroy_kr().
518 void (*destroy_sec)(struct ptlrpc_sec *sec);
521 * Notify that this ptlrpc_sec is going to die. Optionally, policy
522 * module is supposed to set sec->ps_dying and whatever necessary
525 * \see plain_kill_sec(), gss_sec_kill().
527 void (*kill_sec)(struct ptlrpc_sec *sec);
530 * Given \a vcred, lookup and/or create its context. The policy module
531 * is supposed to maintain its own context cache.
532 * XXX currently \a create and \a remove_dead is always 1, perhaps
533 * should be removed completely.
535 * \see null_lookup_ctx(), plain_lookup_ctx(), gss_sec_lookup_ctx_kr().
537 struct ptlrpc_cli_ctx *(*lookup_ctx)(struct ptlrpc_sec *sec,
538 struct vfs_cred *vcred,
539 int create, int remove_dead);
542 * Called then the reference of \a ctx dropped to 0. The policy module
543 * is supposed to destroy this context or whatever else according to
544 * its cache maintenance mechanism.
546 * \param sync if zero, we shouldn't wait for the context being
547 * destroyed completely.
549 * \see plain_release_ctx(), gss_sec_release_ctx_kr().
551 void (*release_ctx)(struct ptlrpc_sec *sec, struct ptlrpc_cli_ctx *ctx,
555 * Flush the context cache.
557 * \param uid context of which user, -1 means all contexts.
558 * \param grace if zero, the PTLRPC_CTX_UPTODATE_BIT of affected
559 * contexts should be cleared immediately.
560 * \param force if zero, only idle contexts will be flushed.
562 * \see plain_flush_ctx_cache(), gss_sec_flush_ctx_cache_kr().
564 int (*flush_ctx_cache)(struct ptlrpc_sec *sec, uid_t uid,
565 int grace, int force);
568 * Called periodically by garbage collector to remove dead contexts
571 * \see gss_sec_gc_ctx_kr().
573 void (*gc_ctx)(struct ptlrpc_sec *sec);
576 * Given an context \a ctx, install a corresponding reverse service
577 * context on client side.
578 * XXX currently it's only used by GSS module, maybe we should remove
579 * this from general API.
581 int (*install_rctx)(struct obd_import *imp, struct ptlrpc_sec *sec,
582 struct ptlrpc_cli_ctx *ctx);
585 * To allocate request buffer for \a req.
587 * \pre req->rq_reqmsg == NULL.
588 * \pre req->rq_reqbuf == NULL, otherwise it must be pre-allocated,
589 * we are not supposed to free it.
590 * \post if success, req->rq_reqmsg point to a buffer with size
591 * at least \a lustre_msg_size.
593 * \see null_alloc_reqbuf(), plain_alloc_reqbuf(), gss_alloc_reqbuf().
595 int (*alloc_reqbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
596 int lustre_msg_size);
599 * To free request buffer for \a req.
601 * \pre req->rq_reqbuf != NULL.
603 * \see null_free_reqbuf(), plain_free_reqbuf(), gss_free_reqbuf().
605 void (*free_reqbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
608 * To allocate reply buffer for \a req.
610 * \pre req->rq_repbuf == NULL.
611 * \post if success, req->rq_repbuf point to a buffer with size
612 * req->rq_repbuf_len, the size should be large enough to receive
613 * reply which be transformed from \a lustre_msg_size of clear text.
615 * \see null_alloc_repbuf(), plain_alloc_repbuf(), gss_alloc_repbuf().
617 int (*alloc_repbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
618 int lustre_msg_size);
621 * To free reply buffer for \a req.
623 * \pre req->rq_repbuf != NULL.
624 * \post req->rq_repbuf == NULL.
625 * \post req->rq_repbuf_len == 0.
627 * \see null_free_repbuf(), plain_free_repbuf(), gss_free_repbuf().
629 void (*free_repbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
632 * To expand the request buffer of \a req, thus the \a segment in
633 * the request message pointed by req->rq_reqmsg can accommodate
634 * at least \a newsize of data.
636 * \pre req->rq_reqmsg->lm_buflens[segment] < newsize.
638 * \see null_enlarge_reqbuf(), plain_enlarge_reqbuf(),
639 * gss_enlarge_reqbuf().
641 int (*enlarge_reqbuf)(struct ptlrpc_sec *sec,
642 struct ptlrpc_request *req,
643 int segment, int newsize);
647 int (*display)(struct ptlrpc_sec *sec, struct seq_file *seq);
651 * server side policy operation vector.
653 struct ptlrpc_sec_sops {
655 * verify an incoming request.
657 * \pre request message is pointed by req->rq_reqbuf, size is
658 * req->rq_reqdata_len; and the message has been unpacked to
661 * \retval SECSVC_OK success, req->rq_reqmsg point to request message
662 * in clear text, size is req->rq_reqlen; req->rq_svc_ctx is set;
663 * req->rq_sp_from is decoded from request.
664 * \retval SECSVC_COMPLETE success, the request has been fully
665 * processed, and reply message has been prepared; req->rq_sp_from is
666 * decoded from request.
667 * \retval SECSVC_DROP failed, this request should be dropped.
669 * \see null_accept(), plain_accept(), gss_svc_accept_kr().
671 int (*accept)(struct ptlrpc_request *req);
674 * Perform security transformation upon reply message.
676 * \pre reply message is pointed by req->rq_reply_state->rs_msg, size
678 * \post req->rs_repdata_len is the final message size.
679 * \post req->rq_reply_off is set.
681 * \see null_authorize(), plain_authorize(), gss_svc_authorize().
683 int (*authorize)(struct ptlrpc_request *req);
686 * Invalidate server context \a ctx.
688 * \see gss_svc_invalidate_ctx().
690 void (*invalidate_ctx)(struct ptlrpc_svc_ctx *ctx);
693 * Allocate a ptlrpc_reply_state.
695 * \param msgsize size of the reply message in clear text.
696 * \pre if req->rq_reply_state != NULL, then it's pre-allocated, we
697 * should simply use it; otherwise we'll responsible for allocating
699 * \post req->rq_reply_state != NULL;
700 * \post req->rq_reply_state->rs_msg != NULL;
702 * \see null_alloc_rs(), plain_alloc_rs(), gss_svc_alloc_rs().
704 int (*alloc_rs)(struct ptlrpc_request *req, int msgsize);
707 * Free a ptlrpc_reply_state.
709 void (*free_rs)(struct ptlrpc_reply_state *rs);
712 * Release the server context \a ctx.
714 * \see gss_svc_free_ctx().
716 void (*free_ctx)(struct ptlrpc_svc_ctx *ctx);
719 * Install a reverse context based on the server context \a ctx.
721 * \see gss_svc_install_rctx_kr().
723 int (*install_rctx)(struct obd_import *imp, struct ptlrpc_svc_ctx *ctx);
726 * Prepare buffer for incoming bulk write.
728 * \pre desc->bd_iov and desc->bd_iov_count describes the buffer
729 * intended to receive the write.
731 * \see gss_svc_prep_bulk().
733 int (*prep_bulk)(struct ptlrpc_request *req,
734 struct ptlrpc_bulk_desc *desc);
737 * Unwrap the bulk write data.
739 * \see plain_svc_unwrap_bulk(), gss_svc_unwrap_bulk().
741 int (*unwrap_bulk)(struct ptlrpc_request *req,
742 struct ptlrpc_bulk_desc *desc);
745 * Wrap the bulk read data.
747 * \see plain_svc_wrap_bulk(), gss_svc_wrap_bulk().
749 int (*wrap_bulk)(struct ptlrpc_request *req,
750 struct ptlrpc_bulk_desc *desc);
753 struct ptlrpc_sec_policy {
754 struct module *sp_owner;
756 __u16 sp_policy; /* policy number */
757 struct ptlrpc_sec_cops *sp_cops; /* client ops */
758 struct ptlrpc_sec_sops *sp_sops; /* server ops */
761 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
762 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
763 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
764 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
765 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
768 * The ptlrpc_sec represents the client side ptlrpc security facilities,
769 * each obd_import (both regular and reverse import) must associate with
772 * \see sptlrpc_import_sec_adapt().
775 struct ptlrpc_sec_policy *ps_policy;
776 atomic_t ps_refcount;
777 /** statistic only */
779 /** unique identifier */
781 struct sptlrpc_flavor ps_flvr;
782 enum lustre_sec_part ps_part;
783 /** after set, no more new context will be created */
784 unsigned int ps_dying:1;
786 struct obd_import *ps_import;
792 struct list_head ps_gc_list;
793 unsigned long ps_gc_interval; /* in seconds */
794 time64_t ps_gc_next; /* in seconds */
797 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
799 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
802 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
804 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
807 struct ptlrpc_svc_ctx {
808 atomic_t sc_refcount;
809 struct ptlrpc_sec_policy *sc_policy;
813 * user identity descriptor
815 #define LUSTRE_MAX_GROUPS (128)
817 struct ptlrpc_user_desc {
830 enum sptlrpc_bulk_hash_alg {
831 BULK_HASH_ALG_NULL = 0,
832 BULK_HASH_ALG_ADLER32,
836 BULK_HASH_ALG_SHA256,
837 BULK_HASH_ALG_SHA384,
838 BULK_HASH_ALG_SHA512,
842 const char *sptlrpc_get_hash_name(__u8 hash_alg);
843 __u8 sptlrpc_get_hash_alg(const char *algname);
849 struct ptlrpc_bulk_sec_desc {
850 __u8 bsd_version; /* 0 */
851 __u8 bsd_type; /* SPTLRPC_BULK_XXX */
852 __u8 bsd_svc; /* SPTLRPC_BULK_SVC_XXXX */
853 __u8 bsd_flags; /* flags */
854 __u32 bsd_nob; /* nob of bulk data */
855 __u8 bsd_data[0]; /* policy-specific token */
859 * round size up to next power of 2, for slab allocation.
860 * @size must be sane (can't overflow after round up)
862 static inline int size_roundup_power2(int size)
875 * internal support libraries
877 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
878 int segment, int newsize);
883 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
884 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
886 __u32 sptlrpc_name2flavor_base(const char *name);
887 const char *sptlrpc_flavor2name_base(__u32 flvr);
888 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
889 char *buf, int bufsize);
890 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
893 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
895 __module_get(policy->sp_owner);
900 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
902 module_put(policy->sp_owner);
909 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
911 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
915 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
917 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
921 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
923 return (cli_ctx_status(ctx) != 0);
927 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
929 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
933 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
935 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
939 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
941 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
945 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
947 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
953 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
956 * internal apis which only used by policy implementation
958 int sptlrpc_get_next_secid(void);
961 * exported client context api
963 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
964 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
967 * exported client context wrap/buffers
969 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
970 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
971 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
972 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
973 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
974 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
975 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
976 int segment, int newsize);
977 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
978 struct ptlrpc_request **req_ret);
979 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
981 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
984 * exported higher interface of import & request
986 int sptlrpc_import_sec_adapt(struct obd_import *imp,
987 struct ptlrpc_svc_ctx *ctx,
988 struct sptlrpc_flavor *flvr);
989 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
990 void sptlrpc_import_sec_put(struct obd_import *imp);
992 int sptlrpc_import_check_ctx(struct obd_import *imp);
993 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
994 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
995 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
996 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
997 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
998 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
999 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
1002 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
1003 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
1006 const char *sec2target_str(struct ptlrpc_sec *sec);
1010 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
1015 enum secsvc_accept_res {
1021 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
1022 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
1023 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
1024 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
1025 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
1026 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
1028 int sptlrpc_target_export_check(struct obd_export *exp,
1029 struct ptlrpc_request *req);
1031 /* bulk security api */
1032 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
1033 int get_free_pages_in_pool(void);
1034 int pool_is_at_full_capacity(void);
1036 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
1037 struct ptlrpc_bulk_desc *desc);
1038 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
1039 struct ptlrpc_bulk_desc *desc,
1041 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
1042 struct ptlrpc_bulk_desc *desc);
1044 /* bulk helpers (internal use only by policies) */
1045 int sptlrpc_get_bulk_checksum(struct ptlrpc_bulk_desc *desc, __u8 alg,
1046 void *buf, int buflen);
1048 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset, int swabbed);
1050 /* user descriptor helpers */
1051 static inline int sptlrpc_user_desc_size(int ngroups)
1053 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
1056 int sptlrpc_current_user_desc_size(void);
1057 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
1058 int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
1060 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
1061 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
1064 LUSTRE_SEC_NONE = 0,
1065 LUSTRE_SEC_REMOTE = 1,
1066 LUSTRE_SEC_SPECIFY = 2,
1072 #endif /* _LUSTRE_SEC_H_ */