1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (c) 2003 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #define DEBUG_SUBSYSTEM S_MDS
24 #include <linux/config.h>
25 #include <linux/module.h>
26 #include <linux/kernel.h>
28 #include <linux/string.h>
29 #include <linux/stat.h>
30 #include <linux/errno.h>
31 #include <linux/version.h>
32 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0))
33 # include <linux/locks.h> // for wait_on_buffer
35 # include <linux/buffer_head.h> // for wait_on_buffer
37 #include <linux/unistd.h>
39 #include <asm/system.h>
40 #include <asm/uaccess.h>
43 #include <linux/stat.h>
44 #include <asm/uaccess.h>
45 #include <linux/slab.h>
46 #include <asm/segment.h>
48 #include <linux/obd_support.h>
49 #include <linux/lustre_lib.h>
50 #include <linux/lustre_ucache.h>
51 #include "mds_internal.h"
53 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
54 struct group_info *groups_alloc(int ngroups)
56 struct group_info *ginfo;
58 LASSERT(ngroups <= NGROUPS_SMALL);
60 OBD_ALLOC(ginfo, sizeof(*ginfo) + 1 * sizeof(gid_t *));
63 ginfo->ngroups = ngroups;
65 ginfo->blocks[0] = ginfo->small_block;
66 atomic_set(&ginfo->usage, 1);
71 void groups_free(struct group_info *ginfo)
73 LASSERT(ginfo->ngroups <= NGROUPS_SMALL);
74 LASSERT(ginfo->nblocks == 1);
75 LASSERT(ginfo->blocks[0] == ginfo->small_block);
77 OBD_FREE(ginfo, sizeof(*ginfo) + 1 * sizeof(gid_t *));
80 /* for 2.4 the group number is small, so simply search the
83 int groups_search(struct group_info *ginfo, gid_t grp)
90 for (i = 0; i < ginfo->ngroups; i++)
91 if (GROUP_AT(ginfo, i) == grp)
98 void groups_sort(struct group_info *ginfo)
100 int base, max, stride;
101 int gidsetsize = ginfo->ngroups;
103 for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
108 max = gidsetsize - stride;
109 for (base = 0; base < max; base++) {
111 int right = left + stride;
112 gid_t tmp = GROUP_AT(ginfo, right);
114 while (left >= 0 && GROUP_AT(ginfo, left) > tmp) {
115 GROUP_AT(ginfo, right) =
116 GROUP_AT(ginfo, left);
120 GROUP_AT(ginfo, right) = tmp;
126 int groups_search(struct group_info *ginfo, gid_t grp)
134 right = ginfo->ngroups;
135 while (left < right) {
136 int mid = (left + right) / 2;
137 int cmp = grp - GROUP_AT(ginfo, mid);
149 void groups_from_buffer(struct group_info *ginfo, __u32 *gids)
151 int i, ngroups = ginfo->ngroups;
153 for (i = 0; i < ginfo->nblocks; i++) {
154 int count = min(NGROUPS_PER_BLOCK, ngroups);
156 memcpy(ginfo->blocks[i], gids, count * sizeof(__u32));
157 gids += NGROUPS_PER_BLOCK;
162 void mds_pack_dentry2id(struct obd_device *obd,
163 struct lustre_id *id,
164 struct dentry *dentry,
167 id_ino(id) = dentry->d_inum;
168 id_gen(id) = dentry->d_generation;
171 id_fid(id) = dentry->d_fid;
172 id_group(id) = dentry->d_mdsnum;
176 void mds_pack_dentry2body(struct obd_device *obd,
178 struct dentry *dentry,
181 b->valid |= OBD_MD_FLID | OBD_MD_FLGENER |
185 b->valid |= OBD_MD_FID;
187 mds_pack_dentry2id(obd, &b->id1, dentry, fid);
190 int mds_pack_inode2id(struct obd_device *obd,
191 struct lustre_id *id,
199 /* we have to avoid deadlock. */
200 if (!down_trylock(&inode->i_sem)) {
201 rc = mds_read_inode_sid(obd, inode, id);
204 rc = mds_read_inode_sid(obd, inode, id);
209 id_ino(id) = inode->i_ino;
210 id_gen(id) = inode->i_generation;
211 id_type(id) = (S_IFMT & inode->i_mode);
216 /* Note that we can copy all of the fields, just some will not be "valid" */
217 void mds_pack_inode2body(struct obd_device *obd, struct mds_body *b,
218 struct inode *inode, int fid)
220 b->valid |= OBD_MD_FLID | OBD_MD_FLCTIME | OBD_MD_FLUID |
221 OBD_MD_FLGID | OBD_MD_FLFLAGS | OBD_MD_FLTYPE |
222 OBD_MD_FLMODE | OBD_MD_FLNLINK | OBD_MD_FLGENER |
223 OBD_MD_FLATIME | OBD_MD_FLMTIME; /* bug 2020 */
225 if (!S_ISREG(inode->i_mode)) {
226 b->valid |= OBD_MD_FLSIZE | OBD_MD_FLBLOCKS |
227 OBD_MD_FLATIME | OBD_MD_FLMTIME |
230 b->atime = LTIME_S(inode->i_atime);
231 b->mtime = LTIME_S(inode->i_mtime);
232 b->ctime = LTIME_S(inode->i_ctime);
233 b->mode = inode->i_mode;
234 b->size = inode->i_size;
235 b->blocks = inode->i_blocks;
236 b->uid = inode->i_uid;
237 b->gid = inode->i_gid;
238 b->flags = inode->i_flags;
239 b->rdev = inode->i_rdev;
241 /* Return the correct link count for orphan inodes */
242 if (mds_inode_is_orphan(inode)) {
244 } else if (S_ISDIR(inode->i_mode)) {
247 b->nlink = inode->i_nlink;
251 b->valid |= OBD_MD_FID;
253 mds_pack_inode2id(obd, &b->id1, inode, fid);
257 static int mds_setattr_unpack(struct ptlrpc_request *req, int offset,
258 struct mds_update_record *r)
260 struct iattr *attr = &r->ur_iattr;
261 struct mds_rec_setattr *rec;
264 rec = lustre_swab_reqbuf(req, offset, sizeof(*rec),
265 lustre_swab_mds_rec_setattr);
269 r->ur_id1 = &rec->sa_id;
270 attr->ia_valid = rec->sa_valid;
271 attr->ia_mode = rec->sa_mode;
272 attr->ia_uid = rec->sa_uid;
273 attr->ia_gid = rec->sa_gid;
274 attr->ia_size = rec->sa_size;
275 LTIME_S(attr->ia_atime) = rec->sa_atime;
276 LTIME_S(attr->ia_mtime) = rec->sa_mtime;
277 LTIME_S(attr->ia_ctime) = rec->sa_ctime;
278 attr->ia_attr_flags = rec->sa_attr_flags;
280 LASSERT_REQSWAB (req, offset + 1);
281 if (req->rq_reqmsg->bufcount > offset + 1) {
282 r->ur_eadata = lustre_msg_buf (req->rq_reqmsg,
284 if (r->ur_eadata == NULL)
286 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 1];
289 if (req->rq_reqmsg->bufcount > offset + 2) {
290 r->ur_ea2data = lustre_msg_buf(req->rq_reqmsg, offset + 2, 0);
291 if (r->ur_ea2data == NULL)
294 r->ur_ea2datalen = req->rq_reqmsg->buflens[offset + 2];
300 static int mds_create_unpack(struct ptlrpc_request *req, int offset,
301 struct mds_update_record *r)
303 struct mds_rec_create *rec;
306 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
307 lustre_swab_mds_rec_create);
311 r->ur_id1 = &rec->cr_id;
312 r->ur_id2 = &rec->cr_replayid;
313 r->ur_mode = rec->cr_mode;
314 r->ur_rdev = rec->cr_rdev;
315 r->ur_time = rec->cr_time;
316 r->ur_flags = rec->cr_flags;
318 LASSERT_REQSWAB (req, offset + 1);
319 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
320 if (r->ur_name == NULL)
322 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
324 LASSERT_REQSWAB (req, offset + 2);
325 if (req->rq_reqmsg->bufcount > offset + 2) {
326 if (S_ISLNK(r->ur_mode)) {
327 r->ur_tgt = lustre_msg_string(req->rq_reqmsg,
329 if (r->ur_tgt == NULL)
331 r->ur_tgtlen = req->rq_reqmsg->buflens[offset + 2];
332 } else if (S_ISDIR(r->ur_mode)) {
333 /* Stripe info for mkdir - just a 16bit integer */
334 if (req->rq_reqmsg->buflens[offset + 2] != 2) {
335 CERROR("mkdir stripe info does not match "
336 "expected size %d vs 2\n",
337 req->rq_reqmsg->buflens[offset + 2]);
340 r->ur_eadata = lustre_swab_buf (req->rq_reqmsg,
341 offset + 2, 2, __swab16s);
342 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
344 /* Hm, no other users so far? */
351 static int mds_link_unpack(struct ptlrpc_request *req, int offset,
352 struct mds_update_record *r)
354 struct mds_rec_link *rec;
357 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
358 lustre_swab_mds_rec_link);
362 r->ur_id1 = &rec->lk_id1;
363 r->ur_id2 = &rec->lk_id2;
364 r->ur_time = rec->lk_time;
366 LASSERT_REQSWAB (req, offset + 1);
367 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
368 if (r->ur_name == NULL)
370 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
374 static int mds_unlink_unpack(struct ptlrpc_request *req, int offset,
375 struct mds_update_record *r)
377 struct mds_rec_unlink *rec;
380 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
381 lustre_swab_mds_rec_unlink);
385 r->ur_mode = rec->ul_mode;
386 r->ur_id1 = &rec->ul_id1;
387 r->ur_id2 = &rec->ul_id2;
388 r->ur_time = rec->ul_time;
390 LASSERT_REQSWAB (req, offset + 1);
391 r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
392 if (r->ur_name == NULL)
394 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
398 static int mds_rename_unpack(struct ptlrpc_request *req, int offset,
399 struct mds_update_record *r)
401 struct mds_rec_rename *rec;
404 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
405 lustre_swab_mds_rec_rename);
409 r->ur_id1 = &rec->rn_id1;
410 r->ur_id2 = &rec->rn_id2;
411 r->ur_time = rec->rn_time;
413 LASSERT_REQSWAB (req, offset + 1);
414 r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
415 if (r->ur_name == NULL)
417 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
419 LASSERT_REQSWAB (req, offset + 2);
420 r->ur_tgt = lustre_msg_string(req->rq_reqmsg, offset + 2, 0);
421 if (r->ur_tgt == NULL)
423 r->ur_tgtlen = req->rq_reqmsg->buflens[offset + 2];
427 static int mds_open_unpack(struct ptlrpc_request *req, int offset,
428 struct mds_update_record *r)
430 struct mds_rec_create *rec;
433 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
434 lustre_swab_mds_rec_create);
438 r->ur_id1 = &rec->cr_id;
439 r->ur_id2 = &rec->cr_replayid;
440 r->ur_mode = rec->cr_mode;
441 r->ur_rdev = rec->cr_rdev;
442 r->ur_time = rec->cr_time;
443 r->ur_flags = rec->cr_flags;
445 LASSERT_REQSWAB (req, offset + 1);
446 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
447 if (r->ur_name == NULL)
449 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
451 LASSERT_REQSWAB (req, offset + 2);
452 if (req->rq_reqmsg->bufcount > offset + 2) {
453 r->ur_eadata = lustre_msg_buf(req->rq_reqmsg, offset + 2, 0);
454 if (r->ur_eadata == NULL)
456 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
461 typedef int (*update_unpacker)(struct ptlrpc_request *req, int offset,
462 struct mds_update_record *r);
464 static update_unpacker mds_unpackers[REINT_MAX + 1] = {
465 [REINT_SETATTR] mds_setattr_unpack,
466 [REINT_CREATE] mds_create_unpack,
467 [REINT_LINK] mds_link_unpack,
468 [REINT_UNLINK] mds_unlink_unpack,
469 [REINT_RENAME] mds_rename_unpack,
470 [REINT_OPEN] mds_open_unpack,
473 int mds_update_unpack(struct ptlrpc_request *req, int offset,
474 struct mds_update_record *rec)
482 * NB don't lustre_swab_reqbuf() here. We're just taking a peek and we
483 * want to leave it to the specific unpacker once we've identified the
486 opcodep = lustre_msg_buf (req->rq_reqmsg, offset, sizeof(*opcodep));
491 if (lustre_msg_swabbed (req->rq_reqmsg))
494 if (opcode > REINT_MAX ||
495 mds_unpackers[opcode] == NULL) {
496 CERROR ("Unexpected opcode %d\n", opcode);
502 rec->ur_opcode = opcode;
504 rc = mds_unpackers[opcode](req, offset, rec);
507 rec->ur_fsuid = req->rq_uid;
512 /********************************
513 * MDS uid/gid mapping handling *
514 ********************************/
517 struct mds_idmap_entry* idmap_alloc_entry(__u32 rmt_id, __u32 lcl_id)
519 struct mds_idmap_entry *e;
521 OBD_ALLOC(e, sizeof(*e));
525 INIT_LIST_HEAD(&e->rmt_hash);
526 INIT_LIST_HEAD(&e->lcl_hash);
527 atomic_set(&e->refcount, 1);
534 void idmap_free_entry(struct mds_idmap_entry *e)
536 if (!list_empty(&e->rmt_hash))
537 list_del(&e->rmt_hash);
538 if (!list_empty(&e->lcl_hash))
539 list_del(&e->lcl_hash);
540 OBD_FREE(e, sizeof(*e));
544 int idmap_insert_entry(struct list_head *rmt_hash, struct list_head *lcl_hash,
545 struct mds_idmap_entry *new, const char *warn_msg)
547 struct list_head *rmt_head = &rmt_hash[MDS_IDMAP_HASHFUNC(new->rmt_id)];
548 struct list_head *lcl_head = &lcl_hash[MDS_IDMAP_HASHFUNC(new->lcl_id)];
549 struct mds_idmap_entry *e;
551 list_for_each_entry(e, rmt_head, rmt_hash) {
552 if (e->rmt_id == new->rmt_id &&
553 e->lcl_id == new->lcl_id) {
554 atomic_inc(&e->refcount);
557 if (e->rmt_id == new->rmt_id && warn_msg)
558 CWARN("%s: rmt id %u already map to %u (new %u)\n",
559 warn_msg, e->rmt_id, e->lcl_id, new->lcl_id);
560 if (e->lcl_id == new->lcl_id && warn_msg)
561 CWARN("%s: lcl id %u already be mapped from %u "
562 "(new %u)\n", warn_msg,
563 e->lcl_id, e->rmt_id, new->rmt_id);
566 list_add_tail(rmt_head, &new->rmt_hash);
567 list_add_tail(lcl_head, &new->lcl_hash);
572 int idmap_remove_entry(struct list_head *rmt_hash, struct list_head *lcl_hash,
573 __u32 rmt_id, __u32 lcl_id)
575 struct list_head *rmt_head = &rmt_hash[MDS_IDMAP_HASHFUNC(rmt_id)];
576 struct mds_idmap_entry *e;
578 list_for_each_entry(e, rmt_head, rmt_hash) {
579 if (e->rmt_id == rmt_id && e->lcl_id == lcl_id) {
580 if (atomic_dec_and_test(&e->refcount)) {
581 list_del(&e->rmt_hash);
582 list_del(&e->lcl_hash);
583 OBD_FREE(e, sizeof(*e));
592 int mds_idmap_add(struct mds_idmap_table *tbl,
593 uid_t rmt_uid, uid_t lcl_uid,
594 gid_t rmt_gid, gid_t lcl_gid)
596 struct mds_idmap_entry *ue, *ge;
602 ue = idmap_alloc_entry(rmt_uid, lcl_uid);
605 ge = idmap_alloc_entry(rmt_gid, lcl_gid);
607 idmap_free_entry(ue);
611 spin_lock(&tbl->mit_lock);
613 if (idmap_insert_entry(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX],
614 tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX],
615 ue, "UID mapping")) {
616 idmap_free_entry(ue);
619 if (idmap_insert_entry(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX],
620 tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX],
621 ge, "GID mapping")) {
622 idmap_free_entry(ge);
625 spin_unlock(&tbl->mit_lock);
629 int mds_idmap_del(struct mds_idmap_table *tbl,
630 uid_t rmt_uid, uid_t lcl_uid,
631 gid_t rmt_gid, gid_t lcl_gid)
638 spin_lock(&tbl->mit_lock);
639 idmap_remove_entry(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX],
640 tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX],
642 idmap_remove_entry(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX],
643 tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX],
645 spin_unlock(&tbl->mit_lock);
650 __u32 idmap_lookup_id(struct list_head *hash, int reverse, __u32 id)
652 struct list_head *head = &hash[MDS_IDMAP_HASHFUNC(id)];
653 struct mds_idmap_entry *e;
656 list_for_each_entry(e, head, rmt_hash) {
660 return MDS_IDMAP_NOTFOUND;
662 list_for_each_entry(e, head, lcl_hash) {
666 return MDS_IDMAP_NOTFOUND;
670 int mds_idmap_lookup_uid(struct mds_idmap_table *tbl, int reverse, uid_t uid)
672 struct list_head *hash;
675 return MDS_IDMAP_NOTFOUND;
678 hash = tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX];
680 hash = tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX];
682 spin_lock(&tbl->mit_lock);
683 uid = idmap_lookup_id(hash, reverse, uid);
684 spin_unlock(&tbl->mit_lock);
689 int mds_idmap_lookup_gid(struct mds_idmap_table *tbl, int reverse, gid_t gid)
691 struct list_head *hash;
694 return MDS_IDMAP_NOTFOUND;
697 hash = tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX];
699 hash = tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX];
701 spin_lock(&tbl->mit_lock);
702 gid = idmap_lookup_id(hash, reverse, gid);
703 spin_unlock(&tbl->mit_lock);
708 struct mds_idmap_table *mds_idmap_alloc()
710 struct mds_idmap_table *tbl;
713 OBD_ALLOC(tbl, sizeof(*tbl));
717 spin_lock_init(&tbl->mit_lock);
718 for (i = 0; i < MDS_IDMAP_N_HASHES; i++)
719 for (j = 0; j < MDS_IDMAP_HASHSIZE; j++)
720 INIT_LIST_HEAD(&tbl->mit_idmaps[i][j]);
725 static void idmap_clear_rmt_hash(struct list_head *list)
727 struct mds_idmap_entry *e;
730 for (i = 0; i < MDS_IDMAP_HASHSIZE; i++) {
731 while (!list_empty(&list[i])) {
732 e = list_entry(list[i].next, struct mds_idmap_entry,
739 void mds_idmap_free(struct mds_idmap_table *tbl)
743 spin_lock(&tbl->mit_lock);
744 idmap_clear_rmt_hash(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX]);
745 idmap_clear_rmt_hash(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX]);
747 /* paranoid checking */
748 for (i = 0; i < MDS_IDMAP_HASHSIZE; i++) {
749 LASSERT(list_empty(&tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX][i]));
750 LASSERT(list_empty(&tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX][i]));
752 spin_unlock(&tbl->mit_lock);
754 OBD_FREE(tbl, sizeof(*tbl));
757 /*********************************
758 * helpers doing mapping for MDS *
759 *********************************/
762 * we allow remote setuid/setgid to an "authencated" one,
763 * this policy probably change later.
766 int mds_req_secdesc_do_map(struct mds_export_data *med,
767 struct mds_req_sec_desc *rsd)
769 struct mds_idmap_table *idmap = med->med_idmap;
773 uid = mds_idmap_lookup_uid(idmap, 0, rsd->rsd_uid);
774 if (uid == MDS_IDMAP_NOTFOUND) {
775 CERROR("can't find map for uid %u\n", rsd->rsd_uid);
779 if (rsd->rsd_uid == rsd->rsd_fsuid)
782 fsuid = mds_idmap_lookup_uid(idmap, 0, rsd->rsd_fsuid);
783 if (fsuid == MDS_IDMAP_NOTFOUND) {
784 CERROR("can't find map for fsuid %u\n", rsd->rsd_fsuid);
789 gid = mds_idmap_lookup_gid(idmap, 0, rsd->rsd_gid);
790 if (gid == MDS_IDMAP_NOTFOUND) {
791 CERROR("can't find map for gid %u\n", rsd->rsd_gid);
795 if (rsd->rsd_gid == rsd->rsd_fsgid)
798 fsgid = mds_idmap_lookup_gid(idmap, 0, rsd->rsd_fsgid);
799 if (fsgid == MDS_IDMAP_NOTFOUND) {
800 CERROR("can't find map for fsgid %u\n", rsd->rsd_fsgid);
807 rsd->rsd_fsuid = fsuid;
808 rsd->rsd_fsgid = fsgid;
813 void mds_body_do_reverse_map(struct mds_export_data *med,
814 struct mds_body *body)
819 if (!med->med_remote)
823 if (body->valid & OBD_MD_FLUID) {
824 uid = mds_idmap_lookup_uid(med->med_idmap, 1, body->uid);
825 if (uid == MDS_IDMAP_NOTFOUND) {
827 if (body->valid & OBD_MD_FLMODE) {
828 body->mode = (body->mode & ~S_IRWXU) |
829 ((body->mode & S_IRWXO) << 6);
834 if (body->valid & OBD_MD_FLGID) {
835 gid = mds_idmap_lookup_gid(med->med_idmap, 1, body->gid);
836 if (gid == MDS_IDMAP_NOTFOUND) {
838 if (body->valid & OBD_MD_FLMODE) {
839 body->mode = (body->mode & ~S_IRWXG) |
840 ((body->mode & S_IRWXO) << 3);
849 /**********************
850 * MDS ucred handling *
851 **********************/
853 static inline void drop_ucred_ginfo(struct lvfs_ucred *ucred)
855 if (ucred->luc_ginfo) {
856 put_group_info(ucred->luc_ginfo);
857 ucred->luc_ginfo = NULL;
861 static inline void drop_ucred_lsd(struct lvfs_ucred *ucred)
863 if (ucred->luc_lsd) {
864 mds_put_lsd(ucred->luc_lsd);
865 ucred->luc_lsd = NULL;
870 * the heart of the uid/gid handling and security checking.
872 * root could set any group_info if we allowed setgroups, while
873 * normal user only could 'reduce' their group members -- which
874 * is somewhat expensive.
876 int mds_init_ucred(struct lvfs_ucred *ucred,
877 struct ptlrpc_request *req,
878 struct mds_req_sec_desc *rsd)
880 struct mds_obd *mds = &req->rq_export->exp_obd->u.mds;
881 struct mds_export_data *med = &req->rq_export->u.eu_mds_data;
882 struct lustre_sec_desc *lsd;
883 ptl_nid_t peernid = req->rq_peer.peer_id.nid;
884 struct group_info *gnew;
885 unsigned int setuid, setgid, strong_sec, root_squashed;
891 LASSERT(rsd->rsd_ngroups <= LUSTRE_MAX_GROUPS);
893 /* XXX We'v no dedicated bits indicating whether GSS is used,
894 * and authenticated/mapped uid is valid. currently we suppose
895 * gss must initialize rq_sec_svcdata.
897 if (req->rq_sec_svcdata && req->rq_auth_uid == -1) {
898 CWARN("user not authenticated, deny access\n");
902 strong_sec = (req->rq_auth_uid != -1);
903 LASSERT(!(req->rq_remote_realm && !strong_sec));
905 /* if we use strong authentication for a local client, we
906 * expect the uid which client claimed is true.
908 if (!med->med_remote && strong_sec &&
909 req->rq_auth_uid != rsd->rsd_uid) {
910 CWARN("nid "LPX64": UID %u was authenticated while client "
911 "claimed %u, enforce to be %u\n",
912 peernid, req->rq_auth_uid, rsd->rsd_uid,
914 if (rsd->rsd_uid != rsd->rsd_fsuid)
915 rsd->rsd_uid = req->rq_auth_uid;
917 rsd->rsd_uid = rsd->rsd_fsuid = req->rq_auth_uid;
920 if (med->med_remote) {
923 if (req->rq_mapped_uid == MDS_IDMAP_NOTFOUND) {
924 CWARN("no mapping found, deny\n");
928 rc = mds_req_secdesc_do_map(med, rsd);
933 /* now lsd come into play */
934 ucred->luc_ginfo = NULL;
935 ucred->luc_lsd = lsd = mds_get_lsd(rsd->rsd_uid);
938 CERROR("Deny access without LSD: uid %d\n", rsd->rsd_uid);
942 /* find out the setuid/setgid attempt */
943 setuid = (rsd->rsd_uid != rsd->rsd_fsuid);
944 setgid = (rsd->rsd_gid != rsd->rsd_fsgid ||
945 rsd->rsd_gid != lsd->lsd_gid);
947 lsd_perms = mds_lsd_get_perms(lsd, med->med_remote, 0, peernid);
949 /* check permission of setuid */
950 if (setuid && !(lsd_perms & LSD_PERM_SETUID)) {
951 CWARN("mds blocked setuid attempt: %u -> %u\n",
952 rsd->rsd_uid, rsd->rsd_fsuid);
956 /* check permission of setgid */
957 if (setgid && !(lsd_perms & LSD_PERM_SETGID)) {
958 CWARN("mds blocked setgid attempt: %u -> %u\n",
959 rsd->rsd_gid, rsd->rsd_fsgid);
963 root_squashed = mds_squash_root(mds, rsd, &peernid);
965 /* remove privilege for non-root user */
967 rsd->rsd_cap &= ~CAP_FS_MASK;
969 /* by now every fields other than groups in rsd have been granted */
970 ucred->luc_uid = rsd->rsd_uid;
971 ucred->luc_gid = rsd->rsd_gid;
972 ucred->luc_fsuid = rsd->rsd_fsuid;
973 ucred->luc_fsgid = rsd->rsd_fsgid;
974 ucred->luc_cap = rsd->rsd_cap;
976 /* don't use any supplementary group for remote client or
977 * we squashed root */
978 if (med->med_remote || root_squashed)
981 /* install groups from LSD */
982 if (lsd->lsd_ginfo) {
983 ucred->luc_ginfo = lsd->lsd_ginfo;
984 get_group_info(ucred->luc_ginfo);
987 /* everything is done if we don't allow setgroups */
988 if (!(lsd_perms & LSD_PERM_SETGRP))
991 /* root could set any groups as he want (if allowed), normal
992 * users only could reduce his group array.
994 if (ucred->luc_uid == 0) {
995 drop_ucred_ginfo(ucred);
997 if (rsd->rsd_ngroups == 0)
1000 gnew = groups_alloc(rsd->rsd_ngroups);
1002 CERROR("out of memory\n");
1003 drop_ucred_lsd(ucred);
1006 groups_from_buffer(gnew, rsd->rsd_groups);
1007 groups_sort(gnew); /* don't rely on client doing this */
1009 ucred->luc_ginfo = gnew;
1011 __u32 set = 0, cur = 0;
1012 struct group_info *ginfo = ucred->luc_ginfo;
1017 /* Note: freeing a group_info count on 'nblocks' instead of
1018 * 'ngroups', thus we can safely alloc enough buffer and reduce
1019 * and ngroups number later.
1021 gnew = groups_alloc(rsd->rsd_ngroups);
1023 CERROR("out of memory\n");
1024 drop_ucred_ginfo(ucred);
1025 drop_ucred_lsd(ucred);
1029 while (cur < rsd->rsd_ngroups) {
1030 if (groups_search(ginfo, rsd->rsd_groups[cur])) {
1031 GROUP_AT(gnew, set) = rsd->rsd_groups[cur];
1036 gnew->ngroups = set;
1038 put_group_info(ucred->luc_ginfo);
1039 ucred->luc_ginfo = gnew;
1044 void mds_exit_ucred(struct lvfs_ucred *ucred)
1047 drop_ucred_ginfo(ucred);
1048 drop_ucred_lsd(ucred);