4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2012, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
33 #ifndef _LUSTRE_SEC_H_
34 #define _LUSTRE_SEC_H_
36 /** \defgroup sptlrpc sptlrpc
46 struct ptlrpc_request;
47 struct ptlrpc_reply_state;
48 struct ptlrpc_bulk_desc;
57 struct ptlrpc_sec_policy;
58 struct ptlrpc_sec_cops;
59 struct ptlrpc_sec_sops;
61 struct ptlrpc_svc_ctx;
62 struct ptlrpc_cli_ctx;
63 struct ptlrpc_ctx_ops;
66 * \addtogroup flavor flavor
68 * RPC flavor is represented by a 32 bits integer. Currently the high 12 bits
69 * are unused, must be set to 0 for future expansion.
71 * ------------------------------------------------------------------------
72 * | 4b (bulk svc) | 4b (bulk type) | 4b (svc) | 4b (mech) | 4b (policy) |
73 * ------------------------------------------------------------------------
83 SPTLRPC_POLICY_NULL = 0,
84 SPTLRPC_POLICY_PLAIN = 1,
85 SPTLRPC_POLICY_GSS = 2,
89 enum sptlrpc_mech_null {
90 SPTLRPC_MECH_NULL = 0,
91 SPTLRPC_MECH_NULL_MAX,
94 enum sptlrpc_mech_plain {
95 SPTLRPC_MECH_PLAIN = 0,
96 SPTLRPC_MECH_PLAIN_MAX,
99 enum sptlrpc_mech_gss {
100 SPTLRPC_MECH_GSS_NULL = 0,
101 SPTLRPC_MECH_GSS_KRB5 = 1,
102 SPTLRPC_MECH_GSS_MAX,
105 enum sptlrpc_service_type {
106 SPTLRPC_SVC_NULL = 0, /**< no security */
107 SPTLRPC_SVC_AUTH = 1, /**< authentication only */
108 SPTLRPC_SVC_INTG = 2, /**< integrity */
109 SPTLRPC_SVC_PRIV = 3, /**< privacy */
113 enum sptlrpc_bulk_type {
114 SPTLRPC_BULK_DEFAULT = 0, /**< follow rpc flavor */
115 SPTLRPC_BULK_HASH = 1, /**< hash integrity */
119 enum sptlrpc_bulk_service {
120 SPTLRPC_BULK_SVC_NULL = 0, /**< no security */
121 SPTLRPC_BULK_SVC_AUTH = 1, /**< authentication only */
122 SPTLRPC_BULK_SVC_INTG = 2, /**< integrity */
123 SPTLRPC_BULK_SVC_PRIV = 3, /**< privacy */
124 SPTLRPC_BULK_SVC_MAX,
128 * compose/extract macros
130 #define FLVR_POLICY_OFFSET (0)
131 #define FLVR_MECH_OFFSET (4)
132 #define FLVR_SVC_OFFSET (8)
133 #define FLVR_BULK_TYPE_OFFSET (12)
134 #define FLVR_BULK_SVC_OFFSET (16)
136 #define MAKE_FLVR(policy, mech, svc, btype, bsvc) \
137 (((__u32)(policy) << FLVR_POLICY_OFFSET) | \
138 ((__u32)(mech) << FLVR_MECH_OFFSET) | \
139 ((__u32)(svc) << FLVR_SVC_OFFSET) | \
140 ((__u32)(btype) << FLVR_BULK_TYPE_OFFSET) | \
141 ((__u32)(bsvc) << FLVR_BULK_SVC_OFFSET))
146 #define SPTLRPC_FLVR_POLICY(flavor) \
147 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xF)
148 #define SPTLRPC_FLVR_MECH(flavor) \
149 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xF)
150 #define SPTLRPC_FLVR_SVC(flavor) \
151 ((((__u32)(flavor)) >> FLVR_SVC_OFFSET) & 0xF)
152 #define SPTLRPC_FLVR_BULK_TYPE(flavor) \
153 ((((__u32)(flavor)) >> FLVR_BULK_TYPE_OFFSET) & 0xF)
154 #define SPTLRPC_FLVR_BULK_SVC(flavor) \
155 ((((__u32)(flavor)) >> FLVR_BULK_SVC_OFFSET) & 0xF)
157 #define SPTLRPC_FLVR_BASE(flavor) \
158 ((((__u32)(flavor)) >> FLVR_POLICY_OFFSET) & 0xFFF)
159 #define SPTLRPC_FLVR_BASE_SUB(flavor) \
160 ((((__u32)(flavor)) >> FLVR_MECH_OFFSET) & 0xFF)
165 #define MAKE_BASE_SUBFLVR(mech, svc) \
167 ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET)))
169 #define SPTLRPC_SUBFLVR_KRB5N \
170 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL)
171 #define SPTLRPC_SUBFLVR_KRB5A \
172 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_AUTH)
173 #define SPTLRPC_SUBFLVR_KRB5I \
174 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_INTG)
175 #define SPTLRPC_SUBFLVR_KRB5P \
176 MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_PRIV)
181 #define SPTLRPC_FLVR_NULL \
182 MAKE_FLVR(SPTLRPC_POLICY_NULL, \
185 SPTLRPC_BULK_DEFAULT, \
186 SPTLRPC_BULK_SVC_NULL)
187 #define SPTLRPC_FLVR_PLAIN \
188 MAKE_FLVR(SPTLRPC_POLICY_PLAIN, \
189 SPTLRPC_MECH_PLAIN, \
192 SPTLRPC_BULK_SVC_INTG)
193 #define SPTLRPC_FLVR_KRB5N \
194 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
195 SPTLRPC_MECH_GSS_KRB5, \
197 SPTLRPC_BULK_DEFAULT, \
198 SPTLRPC_BULK_SVC_NULL)
199 #define SPTLRPC_FLVR_KRB5A \
200 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
201 SPTLRPC_MECH_GSS_KRB5, \
203 SPTLRPC_BULK_DEFAULT, \
204 SPTLRPC_BULK_SVC_NULL)
205 #define SPTLRPC_FLVR_KRB5I \
206 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
207 SPTLRPC_MECH_GSS_KRB5, \
209 SPTLRPC_BULK_DEFAULT, \
210 SPTLRPC_BULK_SVC_INTG)
211 #define SPTLRPC_FLVR_KRB5P \
212 MAKE_FLVR(SPTLRPC_POLICY_GSS, \
213 SPTLRPC_MECH_GSS_KRB5, \
215 SPTLRPC_BULK_DEFAULT, \
216 SPTLRPC_BULK_SVC_PRIV)
218 #define SPTLRPC_FLVR_DEFAULT SPTLRPC_FLVR_NULL
220 #define SPTLRPC_FLVR_INVALID ((__u32)0xFFFFFFFF)
221 #define SPTLRPC_FLVR_ANY ((__u32)0xFFF00000)
224 * extract the useful part from wire flavor
226 #define WIRE_FLVR(wflvr) (((__u32)(wflvr)) & 0x000FFFFF)
230 static inline void flvr_set_svc(__u32 *flvr, __u32 svc)
232 LASSERT(svc < SPTLRPC_SVC_MAX);
233 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
234 SPTLRPC_FLVR_MECH(*flvr),
236 SPTLRPC_FLVR_BULK_TYPE(*flvr),
237 SPTLRPC_FLVR_BULK_SVC(*flvr));
240 static inline void flvr_set_bulk_svc(__u32 *flvr, __u32 svc)
242 LASSERT(svc < SPTLRPC_BULK_SVC_MAX);
243 *flvr = MAKE_FLVR(SPTLRPC_FLVR_POLICY(*flvr),
244 SPTLRPC_FLVR_MECH(*flvr),
245 SPTLRPC_FLVR_SVC(*flvr),
246 SPTLRPC_FLVR_BULK_TYPE(*flvr),
250 struct bulk_spec_hash {
255 * Full description of flavors being used on a ptlrpc connection, include
256 * both regular RPC and bulk transfer parts.
258 struct sptlrpc_flavor {
260 * wire flavor, should be renamed to sf_wire.
264 * general flags of PTLRPC_SEC_FL_*
268 * rpc flavor specification
271 /* nothing for now */
274 * bulk flavor specification
277 struct bulk_spec_hash hash;
282 * identify the RPC is generated from what part of Lustre. It's encoded into
283 * RPC requests and to be checked by ptlrpc service.
285 enum lustre_sec_part {
294 enum lustre_sec_part sptlrpc_target_sec_part(struct obd_device *obd);
297 * A rule specifies a flavor to be used by a ptlrpc connection between
300 struct sptlrpc_rule {
301 __u32 sr_netid; /* LNET network ID */
302 __u8 sr_from; /* sec_part */
303 __u8 sr_to; /* sec_part */
305 struct sptlrpc_flavor sr_flvr;
309 * A set of rules in memory.
311 * Rules are generated and stored on MGS, and propagated to MDT, OST,
312 * and client when needed.
314 struct sptlrpc_rule_set {
317 struct sptlrpc_rule *srs_rules;
320 int sptlrpc_parse_flavor(const char *str, struct sptlrpc_flavor *flvr);
321 bool sptlrpc_flavor_has_bulk(struct sptlrpc_flavor *flvr);
323 static inline void sptlrpc_rule_set_init(struct sptlrpc_rule_set *set)
325 memset(set, 0, sizeof(*set));
328 int sptlrpc_process_config(struct lustre_cfg *lcfg);
329 void sptlrpc_conf_log_start(const char *logname);
330 void sptlrpc_conf_log_stop(const char *logname);
331 void sptlrpc_conf_log_update_begin(const char *logname);
332 void sptlrpc_conf_log_update_end(const char *logname);
333 void sptlrpc_conf_client_adapt(struct obd_device *obd);
335 /* The maximum length of security payload. 1024 is enough for Kerberos 5,
336 * and should be enough for other future mechanisms but not sure.
337 * Only used by pre-allocated request/reply pool.
339 #define SPTLRPC_MAX_PAYLOAD (1024)
346 struct ptlrpc_ctx_ops {
348 * To determine whether it's suitable to use the \a ctx for \a vcred.
350 int (*match)(struct ptlrpc_cli_ctx *ctx, struct vfs_cred *vcred);
353 * To bring the \a ctx uptodate.
355 int (*refresh)(struct ptlrpc_cli_ctx *ctx);
358 * Validate the \a ctx.
360 int (*validate)(struct ptlrpc_cli_ctx *ctx);
363 * Force the \a ctx to die.
365 void (*force_die)(struct ptlrpc_cli_ctx *ctx, int grace);
366 int (*display)(struct ptlrpc_cli_ctx *ctx, char *buf, int bufsize);
369 * Sign the request message using \a ctx.
371 * \pre req->rq_reqmsg point to request message.
372 * \pre req->rq_reqlen is the request message length.
373 * \post req->rq_reqbuf point to request message with signature.
374 * \post req->rq_reqdata_len is set to the final request message size.
376 * \see null_ctx_sign(), plain_ctx_sign(), gss_cli_ctx_sign().
378 int (*sign)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
381 * Verify the reply message using \a ctx.
383 * \pre req->rq_repdata point to reply message with signature.
384 * \pre req->rq_repdata_len is the total reply message length.
385 * \post req->rq_repmsg point to reply message without signature.
386 * \post req->rq_replen is the reply message length.
388 * \see null_ctx_verify(), plain_ctx_verify(), gss_cli_ctx_verify().
390 int (*verify)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
393 * Encrypt the request message using \a ctx.
395 * \pre req->rq_reqmsg point to request message in clear text.
396 * \pre req->rq_reqlen is the request message length.
397 * \post req->rq_reqbuf point to request message.
398 * \post req->rq_reqdata_len is set to the final request message size.
400 * \see gss_cli_ctx_seal().
402 int (*seal)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
405 * Decrypt the reply message using \a ctx.
407 * \pre req->rq_repdata point to encrypted reply message.
408 * \pre req->rq_repdata_len is the total cipher text length.
409 * \post req->rq_repmsg point to reply message in clear text.
410 * \post req->rq_replen is the reply message length in clear text.
412 * \see gss_cli_ctx_unseal().
414 int (*unseal)(struct ptlrpc_cli_ctx *ctx, struct ptlrpc_request *req);
417 * Wrap bulk request data. This is called before wrapping RPC
420 * \pre bulk buffer is descripted by desc->bd_iov and
421 * desc->bd_iov_count. note for read it's just buffer, no data
422 * need to be sent; for write it contains data in clear text.
423 * \post when necessary, ptlrpc_bulk_sec_desc was properly prepared
424 * (usually inside of RPC request message).
425 * - encryption: cipher text bulk buffer is descripted by
426 * desc->bd_enc_iov and desc->bd_iov_count (currently assume iov
427 * count remains the same).
428 * - otherwise: bulk buffer is still desc->bd_iov and
429 * desc->bd_iov_count.
431 * \return 0: success.
432 * \return -ev: error code.
434 * \see plain_cli_wrap_bulk(), gss_cli_ctx_wrap_bulk().
436 int (*wrap_bulk)(struct ptlrpc_cli_ctx *ctx,
437 struct ptlrpc_request *req,
438 struct ptlrpc_bulk_desc *desc);
441 * Unwrap bulk reply data. This is called after wrapping RPC
444 * \pre bulk buffer is descripted by desc->bd_iov/desc->bd_enc_iov and
445 * desc->bd_iov_count, according to wrap_bulk().
446 * \post final bulk data in clear text is placed in buffer described
447 * by desc->bd_iov and desc->bd_iov_count.
448 * \return +ve nob of actual bulk data in clear text.
449 * \return -ve error code.
451 * \see plain_cli_unwrap_bulk(), gss_cli_ctx_unwrap_bulk().
453 int (*unwrap_bulk)(struct ptlrpc_cli_ctx *ctx,
454 struct ptlrpc_request *req,
455 struct ptlrpc_bulk_desc *desc);
458 #define PTLRPC_CTX_NEW_BIT (0) /* newly created */
459 #define PTLRPC_CTX_UPTODATE_BIT (1) /* uptodate */
460 #define PTLRPC_CTX_DEAD_BIT (2) /* mark expired gracefully */
461 #define PTLRPC_CTX_ERROR_BIT (3) /* fatal error (refresh, etc.) */
462 #define PTLRPC_CTX_CACHED_BIT (8) /* in ctx cache (hash etc.) */
463 #define PTLRPC_CTX_ETERNAL_BIT (9) /* always valid */
465 #define PTLRPC_CTX_NEW (1 << PTLRPC_CTX_NEW_BIT)
466 #define PTLRPC_CTX_UPTODATE (1 << PTLRPC_CTX_UPTODATE_BIT)
467 #define PTLRPC_CTX_DEAD (1 << PTLRPC_CTX_DEAD_BIT)
468 #define PTLRPC_CTX_ERROR (1 << PTLRPC_CTX_ERROR_BIT)
469 #define PTLRPC_CTX_CACHED (1 << PTLRPC_CTX_CACHED_BIT)
470 #define PTLRPC_CTX_ETERNAL (1 << PTLRPC_CTX_ETERNAL_BIT)
472 #define PTLRPC_CTX_STATUS_MASK (PTLRPC_CTX_NEW_BIT | \
473 PTLRPC_CTX_UPTODATE | \
477 struct ptlrpc_cli_ctx {
478 struct hlist_node cc_cache; /* linked into ctx cache */
479 atomic_t cc_refcount;
480 struct ptlrpc_sec *cc_sec;
481 struct ptlrpc_ctx_ops *cc_ops;
482 unsigned long cc_expire; /* in seconds */
483 unsigned int cc_early_expire:1;
484 unsigned long cc_flags;
485 struct vfs_cred cc_vcred;
487 struct list_head cc_req_list; /* waiting reqs linked here */
488 struct list_head cc_gc_chain; /* linked to gc chain */
492 * client side policy operation vector.
494 struct ptlrpc_sec_cops {
496 * Given an \a imp, create and initialize a ptlrpc_sec structure.
497 * \param ctx service context:
498 * - regular import: \a ctx should be NULL;
499 * - reverse import: \a ctx is obtained from incoming request.
500 * \param flavor specify what flavor to use.
502 * When necessary, policy module is responsible for taking reference
505 * \see null_create_sec(), plain_create_sec(), gss_sec_create_kr().
507 struct ptlrpc_sec *(*create_sec)(struct obd_import *imp,
508 struct ptlrpc_svc_ctx *ctx,
509 struct sptlrpc_flavor *flavor);
512 * Destructor of ptlrpc_sec. When called, refcount has been dropped
513 * to 0 and all contexts has been destroyed.
515 * \see null_destroy_sec(), plain_destroy_sec(), gss_sec_destroy_kr().
517 void (*destroy_sec)(struct ptlrpc_sec *sec);
520 * Notify that this ptlrpc_sec is going to die. Optionally, policy
521 * module is supposed to set sec->ps_dying and whatever necessary
524 * \see plain_kill_sec(), gss_sec_kill().
526 void (*kill_sec)(struct ptlrpc_sec *sec);
529 * Given \a vcred, lookup and/or create its context. The policy module
530 * is supposed to maintain its own context cache.
531 * XXX currently \a create and \a remove_dead is always 1, perhaps
532 * should be removed completely.
534 * \see null_lookup_ctx(), plain_lookup_ctx(), gss_sec_lookup_ctx_kr().
536 struct ptlrpc_cli_ctx *(*lookup_ctx)(struct ptlrpc_sec *sec,
537 struct vfs_cred *vcred,
538 int create, int remove_dead);
541 * Called then the reference of \a ctx dropped to 0. The policy module
542 * is supposed to destroy this context or whatever else according to
543 * its cache maintenance mechanism.
545 * \param sync if zero, we shouldn't wait for the context being
546 * destroyed completely.
548 * \see plain_release_ctx(), gss_sec_release_ctx_kr().
550 void (*release_ctx)(struct ptlrpc_sec *sec, struct ptlrpc_cli_ctx *ctx,
554 * Flush the context cache.
556 * \param uid context of which user, -1 means all contexts.
557 * \param grace if zero, the PTLRPC_CTX_UPTODATE_BIT of affected
558 * contexts should be cleared immediately.
559 * \param force if zero, only idle contexts will be flushed.
561 * \see plain_flush_ctx_cache(), gss_sec_flush_ctx_cache_kr().
563 int (*flush_ctx_cache)(struct ptlrpc_sec *sec, uid_t uid,
564 int grace, int force);
567 * Called periodically by garbage collector to remove dead contexts
570 * \see gss_sec_gc_ctx_kr().
572 void (*gc_ctx)(struct ptlrpc_sec *sec);
575 * Given an context \a ctx, install a corresponding reverse service
576 * context on client side.
577 * XXX currently it's only used by GSS module, maybe we should remove
578 * this from general API.
580 int (*install_rctx)(struct obd_import *imp, struct ptlrpc_sec *sec,
581 struct ptlrpc_cli_ctx *ctx);
584 * To allocate request buffer for \a req.
586 * \pre req->rq_reqmsg == NULL.
587 * \pre req->rq_reqbuf == NULL, otherwise it must be pre-allocated,
588 * we are not supposed to free it.
589 * \post if success, req->rq_reqmsg point to a buffer with size
590 * at least \a lustre_msg_size.
592 * \see null_alloc_reqbuf(), plain_alloc_reqbuf(), gss_alloc_reqbuf().
594 int (*alloc_reqbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
595 int lustre_msg_size);
598 * To free request buffer for \a req.
600 * \pre req->rq_reqbuf != NULL.
602 * \see null_free_reqbuf(), plain_free_reqbuf(), gss_free_reqbuf().
604 void (*free_reqbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
607 * To allocate reply buffer for \a req.
609 * \pre req->rq_repbuf == NULL.
610 * \post if success, req->rq_repbuf point to a buffer with size
611 * req->rq_repbuf_len, the size should be large enough to receive
612 * reply which be transformed from \a lustre_msg_size of clear text.
614 * \see null_alloc_repbuf(), plain_alloc_repbuf(), gss_alloc_repbuf().
616 int (*alloc_repbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req,
617 int lustre_msg_size);
620 * To free reply buffer for \a req.
622 * \pre req->rq_repbuf != NULL.
623 * \post req->rq_repbuf == NULL.
624 * \post req->rq_repbuf_len == 0.
626 * \see null_free_repbuf(), plain_free_repbuf(), gss_free_repbuf().
628 void (*free_repbuf)(struct ptlrpc_sec *sec, struct ptlrpc_request *req);
631 * To expand the request buffer of \a req, thus the \a segment in
632 * the request message pointed by req->rq_reqmsg can accommodate
633 * at least \a newsize of data.
635 * \pre req->rq_reqmsg->lm_buflens[segment] < newsize.
637 * \see null_enlarge_reqbuf(), plain_enlarge_reqbuf(),
638 * gss_enlarge_reqbuf().
640 int (*enlarge_reqbuf)(struct ptlrpc_sec *sec,
641 struct ptlrpc_request *req,
642 int segment, int newsize);
646 int (*display)(struct ptlrpc_sec *sec, struct seq_file *seq);
650 * server side policy operation vector.
652 struct ptlrpc_sec_sops {
654 * verify an incoming request.
656 * \pre request message is pointed by req->rq_reqbuf, size is
657 * req->rq_reqdata_len; and the message has been unpacked to
660 * \retval SECSVC_OK success, req->rq_reqmsg point to request message
661 * in clear text, size is req->rq_reqlen; req->rq_svc_ctx is set;
662 * req->rq_sp_from is decoded from request.
663 * \retval SECSVC_COMPLETE success, the request has been fully
664 * processed, and reply message has been prepared; req->rq_sp_from is
665 * decoded from request.
666 * \retval SECSVC_DROP failed, this request should be dropped.
668 * \see null_accept(), plain_accept(), gss_svc_accept_kr().
670 int (*accept)(struct ptlrpc_request *req);
673 * Perform security transformation upon reply message.
675 * \pre reply message is pointed by req->rq_reply_state->rs_msg, size
677 * \post req->rs_repdata_len is the final message size.
678 * \post req->rq_reply_off is set.
680 * \see null_authorize(), plain_authorize(), gss_svc_authorize().
682 int (*authorize)(struct ptlrpc_request *req);
685 * Invalidate server context \a ctx.
687 * \see gss_svc_invalidate_ctx().
689 void (*invalidate_ctx)(struct ptlrpc_svc_ctx *ctx);
692 * Allocate a ptlrpc_reply_state.
694 * \param msgsize size of the reply message in clear text.
695 * \pre if req->rq_reply_state != NULL, then it's pre-allocated, we
696 * should simply use it; otherwise we'll responsible for allocating
698 * \post req->rq_reply_state != NULL;
699 * \post req->rq_reply_state->rs_msg != NULL;
701 * \see null_alloc_rs(), plain_alloc_rs(), gss_svc_alloc_rs().
703 int (*alloc_rs)(struct ptlrpc_request *req, int msgsize);
706 * Free a ptlrpc_reply_state.
708 void (*free_rs)(struct ptlrpc_reply_state *rs);
711 * Release the server context \a ctx.
713 * \see gss_svc_free_ctx().
715 void (*free_ctx)(struct ptlrpc_svc_ctx *ctx);
718 * Install a reverse context based on the server context \a ctx.
720 * \see gss_svc_install_rctx_kr().
722 int (*install_rctx)(struct obd_import *imp, struct ptlrpc_svc_ctx *ctx);
725 * Prepare buffer for incoming bulk write.
727 * \pre desc->bd_iov and desc->bd_iov_count describes the buffer
728 * intended to receive the write.
730 * \see gss_svc_prep_bulk().
732 int (*prep_bulk)(struct ptlrpc_request *req,
733 struct ptlrpc_bulk_desc *desc);
736 * Unwrap the bulk write data.
738 * \see plain_svc_unwrap_bulk(), gss_svc_unwrap_bulk().
740 int (*unwrap_bulk)(struct ptlrpc_request *req,
741 struct ptlrpc_bulk_desc *desc);
744 * Wrap the bulk read data.
746 * \see plain_svc_wrap_bulk(), gss_svc_wrap_bulk().
748 int (*wrap_bulk)(struct ptlrpc_request *req,
749 struct ptlrpc_bulk_desc *desc);
752 struct ptlrpc_sec_policy {
753 struct module *sp_owner;
755 __u16 sp_policy; /* policy number */
756 struct ptlrpc_sec_cops *sp_cops; /* client ops */
757 struct ptlrpc_sec_sops *sp_sops; /* server ops */
760 #define PTLRPC_SEC_FL_REVERSE 0x0001 /* reverse sec */
761 #define PTLRPC_SEC_FL_ROOTONLY 0x0002 /* treat everyone as root */
762 #define PTLRPC_SEC_FL_UDESC 0x0004 /* ship udesc */
763 #define PTLRPC_SEC_FL_BULK 0x0008 /* intensive bulk i/o expected */
764 #define PTLRPC_SEC_FL_PAG 0x0010 /* PAG mode */
767 * The ptlrpc_sec represents the client side ptlrpc security facilities,
768 * each obd_import (both regular and reverse import) must associate with
771 * \see sptlrpc_import_sec_adapt().
774 struct ptlrpc_sec_policy *ps_policy;
775 atomic_t ps_refcount;
776 /** statistic only */
778 /** unique identifier */
780 struct sptlrpc_flavor ps_flvr;
781 enum lustre_sec_part ps_part;
782 /** after set, no more new context will be created */
783 unsigned int ps_dying:1;
785 struct obd_import *ps_import;
791 struct list_head ps_gc_list;
792 unsigned long ps_gc_interval; /* in seconds */
793 time64_t ps_gc_next; /* in seconds */
796 static inline int sec_is_reverse(struct ptlrpc_sec *sec)
798 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_REVERSE);
801 static inline int sec_is_rootonly(struct ptlrpc_sec *sec)
803 return (sec->ps_flvr.sf_flags & PTLRPC_SEC_FL_ROOTONLY);
806 struct ptlrpc_svc_ctx {
807 atomic_t sc_refcount;
808 struct ptlrpc_sec_policy *sc_policy;
812 * user identity descriptor
814 #define LUSTRE_MAX_GROUPS (128)
816 struct ptlrpc_user_desc {
829 enum sptlrpc_bulk_hash_alg {
830 BULK_HASH_ALG_NULL = 0,
831 BULK_HASH_ALG_ADLER32,
835 BULK_HASH_ALG_SHA256,
836 BULK_HASH_ALG_SHA384,
837 BULK_HASH_ALG_SHA512,
841 const char *sptlrpc_get_hash_name(__u8 hash_alg);
842 __u8 sptlrpc_get_hash_alg(const char *algname);
848 struct ptlrpc_bulk_sec_desc {
849 __u8 bsd_version; /* 0 */
850 __u8 bsd_type; /* SPTLRPC_BULK_XXX */
851 __u8 bsd_svc; /* SPTLRPC_BULK_SVC_XXXX */
852 __u8 bsd_flags; /* flags */
853 __u32 bsd_nob; /* nob of bulk data */
854 __u8 bsd_data[0]; /* policy-specific token */
858 * round size up to next power of 2, for slab allocation.
859 * @size must be sane (can't overflow after round up)
861 static inline int size_roundup_power2(int size)
874 * internal support libraries
876 void _sptlrpc_enlarge_msg_inplace(struct lustre_msg *msg,
877 int segment, int newsize);
882 int sptlrpc_register_policy(struct ptlrpc_sec_policy *policy);
883 int sptlrpc_unregister_policy(struct ptlrpc_sec_policy *policy);
885 __u32 sptlrpc_name2flavor_base(const char *name);
886 const char *sptlrpc_flavor2name_base(__u32 flvr);
887 char *sptlrpc_flavor2name_bulk(struct sptlrpc_flavor *sf,
888 char *buf, int bufsize);
889 char *sptlrpc_flavor2name(struct sptlrpc_flavor *sf, char *buf, int bufsize);
892 struct ptlrpc_sec_policy *sptlrpc_policy_get(struct ptlrpc_sec_policy *policy)
894 __module_get(policy->sp_owner);
899 void sptlrpc_policy_put(struct ptlrpc_sec_policy *policy)
901 module_put(policy->sp_owner);
908 unsigned long cli_ctx_status(struct ptlrpc_cli_ctx *ctx)
910 return (ctx->cc_flags & PTLRPC_CTX_STATUS_MASK);
914 int cli_ctx_is_ready(struct ptlrpc_cli_ctx *ctx)
916 return (cli_ctx_status(ctx) == PTLRPC_CTX_UPTODATE);
920 int cli_ctx_is_refreshed(struct ptlrpc_cli_ctx *ctx)
922 return (cli_ctx_status(ctx) != 0);
926 int cli_ctx_is_uptodate(struct ptlrpc_cli_ctx *ctx)
928 return ((ctx->cc_flags & PTLRPC_CTX_UPTODATE) != 0);
932 int cli_ctx_is_error(struct ptlrpc_cli_ctx *ctx)
934 return ((ctx->cc_flags & PTLRPC_CTX_ERROR) != 0);
938 int cli_ctx_is_dead(struct ptlrpc_cli_ctx *ctx)
940 return ((ctx->cc_flags & (PTLRPC_CTX_DEAD | PTLRPC_CTX_ERROR)) != 0);
944 int cli_ctx_is_eternal(struct ptlrpc_cli_ctx *ctx)
946 return ((ctx->cc_flags & PTLRPC_CTX_ETERNAL) != 0);
952 void sptlrpc_sec_put(struct ptlrpc_sec *sec);
955 * internal apis which only used by policy implementation
957 int sptlrpc_get_next_secid(void);
960 * exported client context api
962 struct ptlrpc_cli_ctx *sptlrpc_cli_ctx_get(struct ptlrpc_cli_ctx *ctx);
963 void sptlrpc_cli_ctx_put(struct ptlrpc_cli_ctx *ctx, int sync);
966 * exported client context wrap/buffers
968 int sptlrpc_cli_wrap_request(struct ptlrpc_request *req);
969 int sptlrpc_cli_unwrap_reply(struct ptlrpc_request *req);
970 int sptlrpc_cli_alloc_reqbuf(struct ptlrpc_request *req, int msgsize);
971 void sptlrpc_cli_free_reqbuf(struct ptlrpc_request *req);
972 int sptlrpc_cli_alloc_repbuf(struct ptlrpc_request *req, int msgsize);
973 void sptlrpc_cli_free_repbuf(struct ptlrpc_request *req);
974 int sptlrpc_cli_enlarge_reqbuf(struct ptlrpc_request *req,
975 int segment, int newsize);
976 int sptlrpc_cli_unwrap_early_reply(struct ptlrpc_request *req,
977 struct ptlrpc_request **req_ret);
978 void sptlrpc_cli_finish_early_reply(struct ptlrpc_request *early_req);
980 void sptlrpc_request_out_callback(struct ptlrpc_request *req);
983 * exported higher interface of import & request
985 int sptlrpc_import_sec_adapt(struct obd_import *imp,
986 struct ptlrpc_svc_ctx *ctx,
987 struct sptlrpc_flavor *flvr);
988 struct ptlrpc_sec *sptlrpc_import_sec_ref(struct obd_import *imp);
989 void sptlrpc_import_sec_put(struct obd_import *imp);
991 int sptlrpc_import_check_ctx(struct obd_import *imp);
992 void sptlrpc_import_flush_root_ctx(struct obd_import *imp);
993 void sptlrpc_import_flush_my_ctx(struct obd_import *imp);
994 void sptlrpc_import_flush_all_ctx(struct obd_import *imp);
995 int sptlrpc_req_get_ctx(struct ptlrpc_request *req);
996 void sptlrpc_req_put_ctx(struct ptlrpc_request *req, int sync);
997 int sptlrpc_req_refresh_ctx(struct ptlrpc_request *req, long timeout);
998 void sptlrpc_req_set_flavor(struct ptlrpc_request *req, int opcode);
1001 void sptlrpc_gc_add_sec(struct ptlrpc_sec *sec);
1002 void sptlrpc_gc_del_sec(struct ptlrpc_sec *sec);
1005 const char *sec2target_str(struct ptlrpc_sec *sec);
1009 int sptlrpc_lprocfs_cliobd_attach(struct obd_device *dev);
1014 enum secsvc_accept_res {
1020 int sptlrpc_svc_unwrap_request(struct ptlrpc_request *req);
1021 int sptlrpc_svc_alloc_rs(struct ptlrpc_request *req, int msglen);
1022 int sptlrpc_svc_wrap_reply(struct ptlrpc_request *req);
1023 void sptlrpc_svc_free_rs(struct ptlrpc_reply_state *rs);
1024 void sptlrpc_svc_ctx_addref(struct ptlrpc_request *req);
1025 void sptlrpc_svc_ctx_decref(struct ptlrpc_request *req);
1027 int sptlrpc_target_export_check(struct obd_export *exp,
1028 struct ptlrpc_request *req);
1030 /* bulk security api */
1031 void sptlrpc_enc_pool_put_pages(struct ptlrpc_bulk_desc *desc);
1033 int sptlrpc_cli_wrap_bulk(struct ptlrpc_request *req,
1034 struct ptlrpc_bulk_desc *desc);
1035 int sptlrpc_cli_unwrap_bulk_read(struct ptlrpc_request *req,
1036 struct ptlrpc_bulk_desc *desc,
1038 int sptlrpc_cli_unwrap_bulk_write(struct ptlrpc_request *req,
1039 struct ptlrpc_bulk_desc *desc);
1041 /* bulk helpers (internal use only by policies) */
1042 int sptlrpc_get_bulk_checksum(struct ptlrpc_bulk_desc *desc, __u8 alg,
1043 void *buf, int buflen);
1045 int bulk_sec_desc_unpack(struct lustre_msg *msg, int offset, int swabbed);
1047 /* user descriptor helpers */
1048 static inline int sptlrpc_user_desc_size(int ngroups)
1050 return sizeof(struct ptlrpc_user_desc) + ngroups * sizeof(__u32);
1053 int sptlrpc_current_user_desc_size(void);
1054 int sptlrpc_pack_user_desc(struct lustre_msg *msg, int offset);
1055 int sptlrpc_unpack_user_desc(struct lustre_msg *req, int offset, int swabbed);
1057 #define CFS_CAP_CHOWN_MASK (1 << CFS_CAP_CHOWN)
1058 #define CFS_CAP_SYS_RESOURCE_MASK (1 << CFS_CAP_SYS_RESOURCE)
1061 LUSTRE_SEC_NONE = 0,
1062 LUSTRE_SEC_REMOTE = 1,
1063 LUSTRE_SEC_SPECIFY = 2,
1069 #endif /* _LUSTRE_SEC_H_ */