1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (C) 2004-2006 Cluster File Systems, Inc.
5 * Author: Lai Siyao <lsy@clusterfs.com>
6 * Author: Fan Yong <fanyong@clusterfs.com>
8 * This file is part of Lustre, http://www.lustre.org.
10 * Lustre is free software; you can redistribute it and/or
11 * modify it under the terms of version 2 of the GNU General Public
12 * License as published by the Free Software Foundation.
14 * Lustre is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with Lustre; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DEBUG_SUBSYSTEM S_MDS
29 #ifndef AUTOCONF_INCLUDED
30 #include <linux/config.h>
32 #include <linux/module.h>
33 #include <linux/kernel.h>
35 #include <linux/kmod.h>
36 #include <linux/string.h>
37 #include <linux/stat.h>
38 #include <linux/errno.h>
39 #include <linux/version.h>
40 #include <linux/unistd.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
44 #include <linux/stat.h>
45 #include <asm/uaccess.h>
46 #include <linux/slab.h>
47 #include <asm/segment.h>
49 #include <libcfs/kp30.h>
51 #include <obd_class.h>
52 #include <obd_support.h>
53 #include <lustre_net.h>
54 #include <lustre_import.h>
55 #include <lustre_dlm.h>
56 #include <lustre_lib.h>
57 #include <lustre_ucache.h>
59 #include "mdt_internal.h"
61 static void mdt_identity_entry_init(struct upcall_cache_entry *entry,
64 entry->u.identity.mi_uc_entry = entry;
67 static void mdt_identity_entry_free(struct upcall_cache *cache,
68 struct upcall_cache_entry *entry)
70 struct md_identity *identity = &entry->u.identity;
72 if (identity->mi_ginfo) {
73 groups_free(identity->mi_ginfo);
74 identity->mi_ginfo = NULL;
77 if (identity->mi_nperms) {
78 LASSERT(identity->mi_perms);
79 OBD_FREE(identity->mi_perms,
80 identity->mi_nperms * sizeof(struct md_perm));
81 identity->mi_nperms = 0;
85 static int mdt_identity_do_upcall(struct upcall_cache *cache,
86 struct upcall_cache_entry *entry)
90 [0] = cache->uc_upcall,
97 [1] = "PATH=/sbin:/usr/sbin",
103 snprintf(keystr, sizeof(keystr), LPU64, entry->ue_key);
105 LASSERTF(strcmp(cache->uc_upcall, "NONE"), "no upcall set!");
106 CDEBUG(D_INFO, "The upcall is: %s \n", cache->uc_upcall);
108 rc = USERMODEHELPER(argv[0], argv, envp);
110 CERROR("%s: error invoking upcall %s %s %s: rc %d; "
111 "check /proc/fs/lustre/mdt/%s/identity_upcall\n",
112 cache->uc_name, argv[0], argv[1], argv[2], rc,
115 CDEBUG(D_HA, "%s: invoked upcall %s %s %s\n", cache->uc_name,
116 argv[0], argv[1], argv[2]);
122 static int mdt_identity_parse_downcall(struct upcall_cache *cache,
123 struct upcall_cache_entry *entry,
126 struct md_identity *identity = &entry->u.identity;
127 struct identity_downcall_data *data = args;
128 struct group_info *ginfo;
129 struct md_perm *perms = NULL;
134 if (data->idd_ngroups > NGROUPS_MAX)
137 ginfo = groups_alloc(data->idd_ngroups);
139 CERROR("failed to alloc %d groups\n", data->idd_ngroups);
143 lustre_groups_from_list(ginfo, data->idd_groups);
144 lustre_groups_sort(ginfo);
146 if (data->idd_nperms) {
147 size = data->idd_nperms * sizeof(*perms);
148 OBD_ALLOC(perms, size);
150 CERROR("failed to alloc %d permissions\n",
156 for (i = 0; i < data->idd_nperms; i++) {
157 perms[i].mp_nid = data->idd_perms[i].pdd_nid;
158 perms[i].mp_perm = data->idd_perms[i].pdd_perm;
162 identity->mi_uid = data->idd_uid;
163 identity->mi_gid = data->idd_gid;
164 identity->mi_ginfo = ginfo;
165 identity->mi_nperms = data->idd_nperms;
166 identity->mi_perms = perms;
168 CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n",
169 identity, identity->mi_uid, identity->mi_gid,
170 identity->mi_ginfo->ngroups, identity->mi_nperms);
175 struct md_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid)
177 struct upcall_cache_entry *entry;
182 entry = upcall_cache_get_entry(cache, (__u64)uid, NULL);
184 CERROR("upcall_cache_get_entry failed: %ld\n", PTR_ERR(entry));
188 return &entry->u.identity;
191 void mdt_identity_put(struct upcall_cache *cache, struct md_identity *identity)
197 upcall_cache_put_entry(cache, identity->mi_uc_entry);
200 struct upcall_cache_ops mdt_identity_upcall_cache_ops = {
201 .init_entry = mdt_identity_entry_init,
202 .free_entry = mdt_identity_entry_free,
203 .do_upcall = mdt_identity_do_upcall,
204 .parse_downcall = mdt_identity_parse_downcall,
207 void mdt_flush_identity(struct upcall_cache *cache, int uid)
210 upcall_cache_flush_idle(cache);
212 upcall_cache_flush_one(cache, (__u64)uid, NULL);
216 * If there is LNET_NID_ANY in perm[i].mp_nid,
217 * it must be perm[0].mp_nid, and act as default perm.
219 __u32 mdt_identity_get_perm(struct md_identity *identity,
220 __u32 is_rmtclient, lnet_nid_t nid)
222 struct md_perm *perm;
226 LASSERT(is_rmtclient == 0);
227 return CFS_SETGRP_PERM;
230 perm = identity->mi_perms;
231 /* check exactly matched nid first */
232 for (i = identity->mi_nperms - 1; i > 0; i--) {
233 if (perm[i].mp_nid != nid)
235 return perm[i].mp_perm;
238 /* check LNET_NID_ANY then */
239 if ((identity->mi_nperms > 0) &&
240 ((perm[0].mp_nid == nid) || (perm[0].mp_nid == LNET_NID_ANY)))
241 return perm[0].mp_perm;
243 /* return default last */
244 return is_rmtclient ? 0 : CFS_SETGRP_PERM;
247 int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o,
250 struct ptlrpc_request *req = mdt_info_req(info);
251 struct md_ucred *uc = mdt_ucred(info);
252 struct md_object *next = mdt_object_child(o);
253 struct mdt_export_data *med = mdt_req2med(req);
254 struct mdt_remote_perm *perm = buf;
258 /* remote client request always pack ptlrpc_user_desc! */
261 if (!med->med_rmtclient)
264 if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
267 perm->rp_uid = uc->mu_o_uid;
268 perm->rp_gid = uc->mu_o_gid;
269 perm->rp_fsuid = uc->mu_o_fsuid;
270 perm->rp_fsgid = uc->mu_o_fsgid;
272 perm->rp_access_perm = 0;
273 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_READ) == 0)
274 perm->rp_access_perm |= MAY_READ;
275 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_WRITE) == 0)
276 perm->rp_access_perm |= MAY_WRITE;
277 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_EXEC) == 0)
278 perm->rp_access_perm |= MAY_EXEC;