diff options
Diffstat (limited to 'drivers/staging/lustre/lustre/ptlrpc/gss/gss_cli_upcall.c')
| -rw-r--r-- | drivers/staging/lustre/lustre/ptlrpc/gss/gss_cli_upcall.c | 446 |
1 files changed, 0 insertions, 446 deletions
diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_cli_upcall.c b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_cli_upcall.c deleted file mode 100644 index c279edf5b2a5..000000000000 --- a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_cli_upcall.c +++ /dev/null @@ -1,446 +0,0 @@ -/* - * GPL HEADER START - * - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 only, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License version 2 for more details (a copy is included - * in the LICENSE file that accompanied this code). - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; If not, see - * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - * - * GPL HEADER END - */ -/* - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Use is subject to license terms. - * - * Copyright (c) 2011, 2012, Intel Corporation. - */ -/* - * This file is part of Lustre, http://www.lustre.org/ - * Lustre is a trademark of Sun Microsystems, Inc. - * - * lustre/ptlrpc/gss/gss_cli_upcall.c - * - * Author: Eric Mei <ericm@clusterfs.com> - */ - -#define DEBUG_SUBSYSTEM S_SEC -#include <linux/init.h> -#include <linux/module.h> -#include <linux/slab.h> -#include <linux/dcache.h> -#include <linux/fs.h> -#include <linux/mutex.h> - -#include <obd.h> -#include <obd_class.h> -#include <obd_support.h> -#include <lustre/lustre_idl.h> -#include <lustre_net.h> -#include <lustre_import.h> -#include <lustre_sec.h> - -#include "gss_err.h" -#include "gss_internal.h" -#include "gss_api.h" - -/********************************************** - * gss context init/fini helper * - **********************************************/ - -static -int ctx_init_pack_request(struct obd_import *imp, - struct ptlrpc_request *req, - int lustre_srv, - uid_t uid, gid_t gid, - long token_size, - char __user *token) -{ - struct lustre_msg *msg = req->rq_reqbuf; - struct gss_sec *gsec; - struct gss_header *ghdr; - struct ptlrpc_user_desc *pud; - __u32 *p, size, offset = 2; - rawobj_t obj; - - LASSERT(msg->lm_bufcount <= 4); - LASSERT(req->rq_cli_ctx); - LASSERT(req->rq_cli_ctx->cc_sec); - - /* gss hdr */ - ghdr = lustre_msg_buf(msg, 0, sizeof(*ghdr)); - ghdr->gh_version = PTLRPC_GSS_VERSION; - ghdr->gh_sp = (__u8) imp->imp_sec->ps_part; - ghdr->gh_flags = 0; - ghdr->gh_proc = PTLRPC_GSS_PROC_INIT; - ghdr->gh_seq = 0; - ghdr->gh_svc = SPTLRPC_SVC_NULL; - ghdr->gh_handle.len = 0; - - /* fix the user desc */ - if (req->rq_pack_udesc) { - ghdr->gh_flags |= LUSTRE_GSS_PACK_USER; - - pud = lustre_msg_buf(msg, offset, sizeof(*pud)); - LASSERT(pud); - pud->pud_uid = pud->pud_fsuid = uid; - pud->pud_gid = pud->pud_fsgid = gid; - pud->pud_cap = 0; - pud->pud_ngroups = 0; - offset++; - } - - /* security payload */ - p = lustre_msg_buf(msg, offset, 0); - size = msg->lm_buflens[offset]; - LASSERT(p); - - /* 1. lustre svc type */ - LASSERT(size > 4); - *p++ = cpu_to_le32(lustre_srv); - size -= 4; - - /* 2. target uuid */ - obj.len = strlen(imp->imp_obd->u.cli.cl_target_uuid.uuid) + 1; - obj.data = imp->imp_obd->u.cli.cl_target_uuid.uuid; - if (rawobj_serialize(&obj, &p, &size)) - LBUG(); - - /* 3. reverse context handle. actually only needed by root user, - * but we send it anyway. */ - gsec = sec2gsec(req->rq_cli_ctx->cc_sec); - obj.len = sizeof(gsec->gs_rvs_hdl); - obj.data = (__u8 *) &gsec->gs_rvs_hdl; - if (rawobj_serialize(&obj, &p, &size)) - LBUG(); - - /* 4. now the token */ - LASSERT(size >= (sizeof(__u32) + token_size)); - *p++ = cpu_to_le32(((__u32) token_size)); - if (copy_from_user(p, token, token_size)) { - CERROR("can't copy token\n"); - return -EFAULT; - } - size -= sizeof(__u32) + cfs_size_round4(token_size); - - req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset, - msg->lm_buflens[offset] - size, 0); - return 0; -} - -static -int ctx_init_parse_reply(struct lustre_msg *msg, int swabbed, - char __user *outbuf, long outlen) -{ - struct gss_rep_header *ghdr; - __u32 obj_len, round_len; - __u32 status, effective = 0; - - if (msg->lm_bufcount != 3) { - CERROR("unexpected bufcount %u\n", msg->lm_bufcount); - return -EPROTO; - } - - ghdr = (struct gss_rep_header *) gss_swab_header(msg, 0, swabbed); - if (ghdr == NULL) { - CERROR("unable to extract gss reply header\n"); - return -EPROTO; - } - - if (ghdr->gh_version != PTLRPC_GSS_VERSION) { - CERROR("invalid gss version %u\n", ghdr->gh_version); - return -EPROTO; - } - - if (outlen < (4 + 2) * 4 + cfs_size_round4(ghdr->gh_handle.len) + - cfs_size_round4(msg->lm_buflens[2])) { - CERROR("output buffer size %ld too small\n", outlen); - return -EFAULT; - } - - status = 0; - effective = 0; - - if (copy_to_user(outbuf, &status, 4)) - return -EFAULT; - outbuf += 4; - if (copy_to_user(outbuf, &ghdr->gh_major, 4)) - return -EFAULT; - outbuf += 4; - if (copy_to_user(outbuf, &ghdr->gh_minor, 4)) - return -EFAULT; - outbuf += 4; - if (copy_to_user(outbuf, &ghdr->gh_seqwin, 4)) - return -EFAULT; - outbuf += 4; - effective += 4 * 4; - - /* handle */ - obj_len = ghdr->gh_handle.len; - round_len = (obj_len + 3) & ~ 3; - if (copy_to_user(outbuf, &obj_len, 4)) - return -EFAULT; - outbuf += 4; - if (copy_to_user(outbuf, (char *) ghdr->gh_handle.data, round_len)) - return -EFAULT; - outbuf += round_len; - effective += 4 + round_len; - - /* out token */ - obj_len = msg->lm_buflens[2]; - round_len = (obj_len + 3) & ~ 3; - if (copy_to_user(outbuf, &obj_len, 4)) - return -EFAULT; - outbuf += 4; - if (copy_to_user(outbuf, lustre_msg_buf(msg, 2, 0), round_len)) - return -EFAULT; - outbuf += round_len; - effective += 4 + round_len; - - return effective; -} - -/* XXX move to where lgssd could see */ -struct lgssd_ioctl_param { - int version; /* in */ - int secid; /* in */ - char *uuid; /* in */ - int lustre_svc; /* in */ - uid_t uid; /* in */ - gid_t gid; /* in */ - long send_token_size;/* in */ - char *send_token; /* in */ - long reply_buf_size; /* in */ - char *reply_buf; /* in */ - long status; /* out */ - long reply_length; /* out */ -}; - -int gss_do_ctx_init_rpc(__user char *buffer, unsigned long count) -{ - struct obd_import *imp; - struct ptlrpc_request *req; - struct lgssd_ioctl_param param; - struct obd_device *obd; - char obdname[64]; - long lsize; - int rc; - - if (count != sizeof(param)) { - CERROR("ioctl size %lu, expect %lu, please check lgss_keyring " - "version\n", count, (unsigned long) sizeof(param)); - return -EINVAL; - } - if (copy_from_user(¶m, buffer, sizeof(param))) { - CERROR("failed copy data from lgssd\n"); - return -EFAULT; - } - - if (param.version != GSSD_INTERFACE_VERSION) { - CERROR("gssd interface version %d (expect %d)\n", - param.version, GSSD_INTERFACE_VERSION); - return -EINVAL; - } - - /* take name */ - if (strncpy_from_user(obdname, param.uuid, sizeof(obdname)) <= 0) { - CERROR("Invalid obdname pointer\n"); - return -EFAULT; - } - - obd = class_name2obd(obdname); - if (!obd) { - CERROR("no such obd %s\n", obdname); - return -EINVAL; - } - - if (unlikely(!obd->obd_set_up)) { - CERROR("obd %s not setup\n", obdname); - return -EINVAL; - } - - spin_lock(&obd->obd_dev_lock); - if (obd->obd_stopping) { - CERROR("obd %s has stopped\n", obdname); - spin_unlock(&obd->obd_dev_lock); - return -EINVAL; - } - - if (strcmp(obd->obd_type->typ_name, LUSTRE_MDC_NAME) && - strcmp(obd->obd_type->typ_name, LUSTRE_OSC_NAME) && - strcmp(obd->obd_type->typ_name, LUSTRE_MGC_NAME)) { - CERROR("obd %s is not a client device\n", obdname); - spin_unlock(&obd->obd_dev_lock); - return -EINVAL; - } - spin_unlock(&obd->obd_dev_lock); - - down_read(&obd->u.cli.cl_sem); - if (obd->u.cli.cl_import == NULL) { - CERROR("obd %s: import has gone\n", obd->obd_name); - up_read(&obd->u.cli.cl_sem); - return -EINVAL; - } - imp = class_import_get(obd->u.cli.cl_import); - up_read(&obd->u.cli.cl_sem); - - if (imp->imp_deactive) { - CERROR("import has been deactivated\n"); - class_import_put(imp); - return -EINVAL; - } - - req = ptlrpc_request_alloc_pack(imp, &RQF_SEC_CTX, LUSTRE_OBD_VERSION, - SEC_CTX_INIT); - if (req == NULL) { - param.status = -ENOMEM; - goto out_copy; - } - - if (req->rq_cli_ctx->cc_sec->ps_id != param.secid) { - CWARN("original secid %d, now has changed to %d, " - "cancel this negotiation\n", param.secid, - req->rq_cli_ctx->cc_sec->ps_id); - param.status = -EINVAL; - goto out_copy; - } - - /* get token */ - rc = ctx_init_pack_request(imp, req, - param.lustre_svc, - param.uid, param.gid, - param.send_token_size, - param.send_token); - if (rc) { - param.status = rc; - goto out_copy; - } - - ptlrpc_request_set_replen(req); - - rc = ptlrpc_queue_wait(req); - if (rc) { - /* If any _real_ denial be made, we expect server return - * -EACCES reply or return success but indicate gss error - * inside reply message. All other errors are treated as - * timeout, caller might try the negotiation repeatedly, - * leave recovery decisions to general ptlrpc layer. - * - * FIXME maybe some other error code shouldn't be treated - * as timeout. */ - param.status = rc; - if (rc != -EACCES) - param.status = -ETIMEDOUT; - goto out_copy; - } - - LASSERT(req->rq_repdata); - lsize = ctx_init_parse_reply(req->rq_repdata, - ptlrpc_rep_need_swab(req), - param.reply_buf, param.reply_buf_size); - if (lsize < 0) { - param.status = (int) lsize; - goto out_copy; - } - - param.status = 0; - param.reply_length = lsize; - -out_copy: - if (copy_to_user(buffer, ¶m, sizeof(param))) - rc = -EFAULT; - else - rc = 0; - - class_import_put(imp); - ptlrpc_req_finished(req); - return rc; -} - -int gss_do_ctx_fini_rpc(struct gss_cli_ctx *gctx) -{ - struct ptlrpc_cli_ctx *ctx = &gctx->gc_base; - struct obd_import *imp = ctx->cc_sec->ps_import; - struct ptlrpc_request *req; - struct ptlrpc_user_desc *pud; - int rc; - - LASSERT(atomic_read(&ctx->cc_refcount) > 0); - - if (cli_ctx_is_error(ctx) || !cli_ctx_is_uptodate(ctx)) { - CDEBUG(D_SEC, "ctx %p(%u->%s) not uptodate, " - "don't send destroy rpc\n", ctx, - ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec)); - return 0; - } - - might_sleep(); - - CWARN("%s ctx %p idx "LPX64" (%u->%s)\n", - sec_is_reverse(ctx->cc_sec) ? - "server finishing reverse" : "client finishing forward", - ctx, gss_handle_to_u64(&gctx->gc_handle), - ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec)); - - gctx->gc_proc = PTLRPC_GSS_PROC_DESTROY; - - req = ptlrpc_request_alloc(imp, &RQF_SEC_CTX); - if (req == NULL) { - CWARN("ctx %p(%u): fail to prepare rpc, destroy locally\n", - ctx, ctx->cc_vcred.vc_uid); - GOTO(out, rc = -ENOMEM); - } - - rc = ptlrpc_request_bufs_pack(req, LUSTRE_OBD_VERSION, SEC_CTX_FINI, - NULL, ctx); - if (rc) { - ptlrpc_request_free(req); - GOTO(out_ref, rc); - } - - /* fix the user desc */ - if (req->rq_pack_udesc) { - /* we rely the fact that this request is in AUTH mode, - * and user_desc at offset 2. */ - pud = lustre_msg_buf(req->rq_reqbuf, 2, sizeof(*pud)); - LASSERT(pud); - pud->pud_uid = pud->pud_fsuid = ctx->cc_vcred.vc_uid; - pud->pud_gid = pud->pud_fsgid = ctx->cc_vcred.vc_gid; - pud->pud_cap = 0; - pud->pud_ngroups = 0; - } - - req->rq_phase = RQ_PHASE_RPC; - rc = ptl_send_rpc(req, 1); - if (rc) - CWARN("ctx %p(%u->%s): rpc error %d, destroy locally\n", ctx, - ctx->cc_vcred.vc_uid, sec2target_str(ctx->cc_sec), rc); - -out_ref: - ptlrpc_req_finished(req); -out: - return rc; -} - -int __init gss_init_cli_upcall(void) -{ - return 0; -} - -void __exit gss_exit_cli_upcall(void) -{ -} |