From: Andrew Korty <ajk@xxxxxx> This change implements the gssnull security flavor for the purpose of testing the Lustre GSS code. It provides and uses a null GSS mechanism so this testing doesn't have to involve any code related to Kerberos or any other authentication method. Signed-off-by: Andrew Korty <ajk@xxxxxx> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3289 Reviewed-on: http://review.whamcloud.com/8475 Reviewed-by: Andreas Dilger <andreas.dilger@xxxxxxxxx> Reviewed-by: Thomas Stibor <thomas@xxxxxxxxxx> Signed-off-by: Oleg Drokin <oleg.drokin@xxxxxxxxx> --- drivers/staging/lustre/lustre/include/lustre_sec.h | 8 + drivers/staging/lustre/lustre/ptlrpc/gss/Makefile | 2 +- .../lustre/lustre/ptlrpc/gss/gss_internal.h | 4 + .../lustre/lustre/ptlrpc/gss/gss_null_mech.c | 195 +++++++++++++++++++++ drivers/staging/lustre/lustre/ptlrpc/gss/sec_gss.c | 8 +- drivers/staging/lustre/lustre/ptlrpc/sec.c | 4 + 6 files changed, 219 insertions(+), 2 deletions(-) create mode 100644 drivers/staging/lustre/lustre/ptlrpc/gss/gss_null_mech.c diff --git a/drivers/staging/lustre/lustre/include/lustre_sec.h b/drivers/staging/lustre/lustre/include/lustre_sec.h index bf3ee39..40d463f 100644 --- a/drivers/staging/lustre/lustre/include/lustre_sec.h +++ b/drivers/staging/lustre/lustre/include/lustre_sec.h @@ -170,6 +170,8 @@ enum sptlrpc_bulk_service { ((__u32)(mech) | \ ((__u32)(svc) << (FLVR_SVC_OFFSET - FLVR_MECH_OFFSET))) +#define SPTLRPC_SUBFLVR_GSSNULL \ + MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_NULL, SPTLRPC_SVC_NULL) #define SPTLRPC_SUBFLVR_KRB5N \ MAKE_BASE_SUBFLVR(SPTLRPC_MECH_GSS_KRB5, SPTLRPC_SVC_NULL) #define SPTLRPC_SUBFLVR_KRB5A \ @@ -194,6 +196,12 @@ enum sptlrpc_bulk_service { SPTLRPC_SVC_NULL, \ SPTLRPC_BULK_HASH, \ SPTLRPC_BULK_SVC_INTG) +#define SPTLRPC_FLVR_GSSNULL \ + MAKE_FLVR(SPTLRPC_POLICY_GSS, \ + SPTLRPC_MECH_GSS_NULL, \ + SPTLRPC_SVC_NULL, \ + SPTLRPC_BULK_DEFAULT, \ + SPTLRPC_BULK_SVC_NULL) #define SPTLRPC_FLVR_KRB5N \ MAKE_FLVR(SPTLRPC_POLICY_GSS, \ SPTLRPC_MECH_GSS_KRB5, \ diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/Makefile b/drivers/staging/lustre/lustre/ptlrpc/gss/Makefile index 8cdfbee..ab16596 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/gss/Makefile +++ b/drivers/staging/lustre/lustre/ptlrpc/gss/Makefile @@ -2,7 +2,7 @@ obj-$(CONFIG_LUSTRE_FS) := ptlrpc_gss.o ptlrpc_gss-y := sec_gss.o gss_bulk.o gss_cli_upcall.o gss_svc_upcall.o \ gss_rawobj.o lproc_gss.o gss_generic_token.o \ - gss_mech_switch.o gss_krb5_mech.o + gss_mech_switch.o gss_krb5_mech.o gss_null_mech.o ccflags-y := -I$(src)/../include diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_internal.h b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_internal.h index cbfc47c..1a0c7d5 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_internal.h +++ b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_internal.h @@ -498,6 +498,10 @@ void gss_stat_oos_record_svc(int phase, int replay); int __init gss_init_lproc(void); void __exit gss_exit_lproc(void); +/* gss_null_mech.c */ +int __init init_null_module(void); +void cleanup_null_module(void); + /* gss_krb5_mech.c */ int __init init_kerberos_module(void); void __exit cleanup_kerberos_module(void); diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/gss_null_mech.c b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_null_mech.c new file mode 100644 index 0000000..3021d7d --- /dev/null +++ b/drivers/staging/lustre/lustre/ptlrpc/gss/gss_null_mech.c @@ -0,0 +1,195 @@ +/* + * GPL HEADER START + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 only, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License version 2 for more details (a copy is included + * in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; If not, see + * http://www.gnu.org/licenses/gpl-2.0.html + * + * GPL HEADER END + */ +/* + * Copyright (C) 2013, Trustees of Indiana University + * Author: Andrew Korty <ajk@xxxxxx> + */ + +#define DEBUG_SUBSYSTEM S_SEC +#include <linux/init.h> +#include <linux/module.h> +#include <linux/slab.h> +#include <linux/crypto.h> +#include <linux/mutex.h> + +#include <obd.h> +#include <obd_class.h> +#include <obd_support.h> + +#include "gss_err.h" +#include "gss_internal.h" +#include "gss_api.h" +#include "gss_asn1.h" + +struct null_ctx { +}; + +static +__u32 gss_import_sec_context_null(rawobj_t *inbuf, struct gss_ctx *gss_context) +{ + struct null_ctx *null_context; + + if (inbuf == NULL || inbuf->data == NULL) + return GSS_S_FAILURE; + + OBD_ALLOC_PTR(null_context); + if (null_context == NULL) + return GSS_S_FAILURE; + + gss_context->internal_ctx_id = null_context; + CDEBUG(D_SEC, "succesfully imported null context\n"); + + return GSS_S_COMPLETE; +} + +static +__u32 gss_copy_reverse_context_null(struct gss_ctx *gss_context_old, + struct gss_ctx *gss_context_new) +{ + struct null_ctx *null_context_old; + struct null_ctx *null_context_new; + + OBD_ALLOC_PTR(null_context_new); + if (null_context_new == NULL) + return GSS_S_FAILURE; + + null_context_old = gss_context_old->internal_ctx_id; + memcpy(null_context_new, null_context_old, sizeof(*null_context_new)); + gss_context_new->internal_ctx_id = null_context_new; + CDEBUG(D_SEC, "succesfully copied reverse null context\n"); + + return GSS_S_COMPLETE; +} + +static +__u32 gss_inquire_context_null(struct gss_ctx *gss_context, + unsigned long *endtime) +{ + *endtime = 0; + return GSS_S_COMPLETE; +} + +static +__u32 gss_wrap_null(struct gss_ctx *gss_context, rawobj_t *gss_header, + rawobj_t *message, int message_buffer_length, + rawobj_t *token) +{ + return GSS_S_COMPLETE; +} + +static +__u32 gss_unwrap_null(struct gss_ctx *gss_context, rawobj_t *gss_header, + rawobj_t *token, rawobj_t *message) +{ + return GSS_S_COMPLETE; +} + +static +__u32 gss_prep_bulk_null(struct gss_ctx *gss_context, + struct ptlrpc_bulk_desc *desc) +{ + return GSS_S_COMPLETE; +} + +static +__u32 gss_wrap_bulk_null(struct gss_ctx *gss_context, + struct ptlrpc_bulk_desc *desc, rawobj_t *token, + int adj_nob) +{ + return GSS_S_COMPLETE; +} + +static +__u32 gss_unwrap_bulk_null(struct gss_ctx *gss_context, + struct ptlrpc_bulk_desc *desc, + rawobj_t *token, int adj_nob) +{ + return GSS_S_COMPLETE; +} + +static +void gss_delete_sec_context_null(void *internal_context) +{ + struct null_ctx *null_context = internal_context; + + OBD_FREE_PTR(null_context); +} + +int gss_display_null(struct gss_ctx *gss_context, char *buf, int bufsize) +{ + return snprintf(buf, bufsize, "null"); +} + +static struct gss_api_ops gss_null_ops = { + .gss_import_sec_context = gss_import_sec_context_null, + .gss_copy_reverse_context = gss_copy_reverse_context_null, + .gss_inquire_context = gss_inquire_context_null, + .gss_get_mic = NULL, + .gss_verify_mic = NULL, + .gss_wrap = gss_wrap_null, + .gss_unwrap = gss_unwrap_null, + .gss_prep_bulk = gss_prep_bulk_null, + .gss_wrap_bulk = gss_wrap_bulk_null, + .gss_unwrap_bulk = gss_unwrap_bulk_null, + .gss_delete_sec_context = gss_delete_sec_context_null, + .gss_display = gss_display_null, +}; + +static struct subflavor_desc gss_null_sfs[] = { + { + .sf_subflavor = SPTLRPC_SUBFLVR_GSSNULL, + .sf_qop = 0, + .sf_service = SPTLRPC_SVC_NULL, + .sf_name = "gssnull" + }, +}; + +/* + * currently we leave module owner NULL + */ +static struct gss_api_mech gss_null_mech = { + .gm_owner = NULL, /*THIS_MODULE, */ + .gm_name = "gssnull", + .gm_oid = (rawobj_t) { + 12, + "\053\006\001\004\001\311\146\215\126\001\000\000" + }, + .gm_ops = &gss_null_ops, + .gm_sf_num = 1, + .gm_sfs = gss_null_sfs, +}; + +int __init init_null_module(void) +{ + int status; + + status = lgss_mech_register(&gss_null_mech); + if (status) + CERROR("Failed to register null gss mechanism!\n"); + + return status; +} + +void cleanup_null_module(void) +{ + lgss_mech_unregister(&gss_null_mech); +} diff --git a/drivers/staging/lustre/lustre/ptlrpc/gss/sec_gss.c b/drivers/staging/lustre/lustre/ptlrpc/gss/sec_gss.c index 383601c..a3b4b21 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/gss/sec_gss.c +++ b/drivers/staging/lustre/lustre/ptlrpc/gss/sec_gss.c @@ -2832,10 +2832,14 @@ int __init sptlrpc_gss_init(void) if (rc) goto out_cli_upcall; - rc = init_kerberos_module(); + rc = init_null_module(); if (rc) goto out_svc_upcall; + rc = init_kerberos_module(); + if (rc) + goto out_null; + /* register policy after all other stuff be initialized, because it * might be in used immediately after the registration. */ @@ -2860,6 +2864,8 @@ out_keyring: out_kerberos: cleanup_kerberos_module(); +out_null: + cleanup_null_module(); out_svc_upcall: gss_exit_svc_upcall(); out_cli_upcall: diff --git a/drivers/staging/lustre/lustre/ptlrpc/sec.c b/drivers/staging/lustre/lustre/ptlrpc/sec.c index 5e75392..639791c 100644 --- a/drivers/staging/lustre/lustre/ptlrpc/sec.c +++ b/drivers/staging/lustre/lustre/ptlrpc/sec.c @@ -157,6 +157,8 @@ __u32 sptlrpc_name2flavor_base(const char *name) return SPTLRPC_FLVR_NULL; if (!strcmp(name, "plain")) return SPTLRPC_FLVR_PLAIN; + if (!strcmp(name, "gssnull")) + return SPTLRPC_FLVR_GSSNULL; if (!strcmp(name, "krb5n")) return SPTLRPC_FLVR_KRB5N; if (!strcmp(name, "krb5a")) @@ -178,6 +180,8 @@ const char *sptlrpc_flavor2name_base(__u32 flvr) return "null"; else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_PLAIN)) return "plain"; + else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_GSSNULL)) + return "gssnull"; else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5N)) return "krb5n"; else if (base == SPTLRPC_FLVR_BASE(SPTLRPC_FLVR_KRB5A)) -- 1.8.5.3 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel