1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
6 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 only,
10 * as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License version 2 for more details (a copy is included
16 * in the LICENSE file that accompanied this code).
18 * You should have received a copy of the GNU General Public License
19 * version 2 along with this program; If not, see
20 * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
22 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
23 * CA 95054 USA or visit www.sun.com if you need additional information or
29 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
30 * Use is subject to license terms.
32 * Copyright (c) 2011 Whamcloud, Inc.
36 * This file is part of Lustre, http://www.lustre.org/
37 * Lustre is a trademark of Sun Microsystems, Inc.
39 * lustre/mdt/mdt_identity.c
41 * Author: Lai Siyao <lsy@clusterfs.com>
42 * Author: Fan Yong <fanyong@clusterfs.com>
48 #define DEBUG_SUBSYSTEM S_MDS
50 #ifndef AUTOCONF_INCLUDED
51 #include <linux/config.h>
53 #include <linux/module.h>
54 #include <linux/kernel.h>
56 #include <linux/kmod.h>
57 #include <linux/string.h>
58 #include <linux/stat.h>
59 #include <linux/errno.h>
60 #include <linux/version.h>
61 #include <linux/unistd.h>
62 #include <asm/system.h>
63 #include <asm/uaccess.h>
65 #include <linux/stat.h>
66 #include <asm/uaccess.h>
67 #include <linux/slab.h>
69 #include <libcfs/libcfs.h>
70 #include <libcfs/lucache.h>
72 #include <obd_class.h>
73 #include <obd_support.h>
74 #include <lustre_net.h>
75 #include <lustre_import.h>
76 #include <lustre_dlm.h>
77 #include <lustre_lib.h>
79 #include "mdt_internal.h"
81 static void mdt_identity_entry_init(struct upcall_cache_entry *entry,
84 entry->u.identity.mi_uc_entry = entry;
87 static void mdt_identity_entry_free(struct upcall_cache *cache,
88 struct upcall_cache_entry *entry)
90 struct md_identity *identity = &entry->u.identity;
92 if (identity->mi_ginfo) {
93 cfs_put_group_info(identity->mi_ginfo);
94 identity->mi_ginfo = NULL;
97 if (identity->mi_nperms) {
98 LASSERT(identity->mi_perms);
99 OBD_FREE(identity->mi_perms,
100 identity->mi_nperms * sizeof(struct md_perm));
101 identity->mi_nperms = 0;
105 static int mdt_identity_do_upcall(struct upcall_cache *cache,
106 struct upcall_cache_entry *entry)
110 [0] = cache->uc_upcall,
111 [1] = cache->uc_name,
117 [1] = "PATH=/sbin:/usr/sbin",
120 struct timeval start, end;
124 /* There is race condition:
125 * "uc_upcall" was changed just after "is_identity_get_disabled" check.
127 cfs_read_lock(&cache->uc_upcall_rwlock);
128 CDEBUG(D_INFO, "The upcall is: '%s'\n", cache->uc_upcall);
130 if (unlikely(!strcmp(cache->uc_upcall, "NONE"))) {
131 CERROR("no upcall set\n");
132 GOTO(out, rc = -EREMCHG);
135 argv[0] = cache->uc_upcall;
136 snprintf(keystr, sizeof(keystr), LPU64, entry->ue_key);
138 cfs_gettimeofday(&start);
139 rc = USERMODEHELPER(argv[0], argv, envp);
140 cfs_gettimeofday(&end);
142 CERROR("%s: error invoking upcall %s %s %s: rc %d; "
143 "check /proc/fs/lustre/mdt/%s/identity_upcall, "
145 cache->uc_name, argv[0], argv[1], argv[2], rc,
146 cache->uc_name, cfs_timeval_sub(&end, &start, NULL));
148 CDEBUG(D_HA, "%s: invoked upcall %s %s %s, time %ldus\n",
149 cache->uc_name, argv[0], argv[1], argv[2],
150 cfs_timeval_sub(&end, &start, NULL));
155 cfs_read_unlock(&cache->uc_upcall_rwlock);
159 static int mdt_identity_parse_downcall(struct upcall_cache *cache,
160 struct upcall_cache_entry *entry,
163 struct md_identity *identity = &entry->u.identity;
164 struct identity_downcall_data *data = args;
165 cfs_group_info_t *ginfo = NULL;
166 struct md_perm *perms = NULL;
171 if (data->idd_ngroups > NGROUPS_MAX)
174 if (data->idd_ngroups > 0) {
175 ginfo = cfs_groups_alloc(data->idd_ngroups);
177 CERROR("failed to alloc %d groups\n", data->idd_ngroups);
181 lustre_groups_from_list(ginfo, data->idd_groups);
182 lustre_groups_sort(ginfo);
185 if (data->idd_nperms) {
186 size = data->idd_nperms * sizeof(*perms);
187 OBD_ALLOC(perms, size);
189 CERROR("failed to alloc %d permissions\n",
192 cfs_put_group_info(ginfo);
196 for (i = 0; i < data->idd_nperms; i++) {
197 perms[i].mp_nid = data->idd_perms[i].pdd_nid;
198 perms[i].mp_perm = data->idd_perms[i].pdd_perm;
202 identity->mi_uid = data->idd_uid;
203 identity->mi_gid = data->idd_gid;
204 identity->mi_ginfo = ginfo;
205 identity->mi_nperms = data->idd_nperms;
206 identity->mi_perms = perms;
208 CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n",
209 identity, identity->mi_uid, identity->mi_gid,
210 data->idd_ngroups, data->idd_nperms);
215 struct md_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid)
217 struct upcall_cache_entry *entry;
220 return ERR_PTR(-ENOENT);
222 entry = upcall_cache_get_entry(cache, (__u64)uid, NULL);
224 return ERR_PTR(PTR_ERR(entry));
225 else if (unlikely(!entry))
226 return ERR_PTR(-ENOENT);
228 return &entry->u.identity;
231 void mdt_identity_put(struct upcall_cache *cache, struct md_identity *identity)
237 upcall_cache_put_entry(cache, identity->mi_uc_entry);
240 struct upcall_cache_ops mdt_identity_upcall_cache_ops = {
241 .init_entry = mdt_identity_entry_init,
242 .free_entry = mdt_identity_entry_free,
243 .do_upcall = mdt_identity_do_upcall,
244 .parse_downcall = mdt_identity_parse_downcall,
247 void mdt_flush_identity(struct upcall_cache *cache, int uid)
250 upcall_cache_flush_idle(cache);
252 upcall_cache_flush_one(cache, (__u64)uid, NULL);
256 * If there is LNET_NID_ANY in perm[i].mp_nid,
257 * it must be perm[0].mp_nid, and act as default perm.
259 __u32 mdt_identity_get_perm(struct md_identity *identity,
260 __u32 is_rmtclient, lnet_nid_t nid)
262 struct md_perm *perm;
266 LASSERT(is_rmtclient == 0);
267 return CFS_SETGRP_PERM;
270 perm = identity->mi_perms;
271 /* check exactly matched nid first */
272 for (i = identity->mi_nperms - 1; i > 0; i--) {
273 if (perm[i].mp_nid != nid)
275 return perm[i].mp_perm;
278 /* check LNET_NID_ANY then */
279 if ((identity->mi_nperms > 0) &&
280 ((perm[0].mp_nid == nid) || (perm[0].mp_nid == LNET_NID_ANY)))
281 return perm[0].mp_perm;
283 /* return default last */
284 return is_rmtclient ? 0 : CFS_SETGRP_PERM;
287 int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o,
290 struct md_ucred *uc = mdt_ucred(info);
291 struct md_object *next = mdt_object_child(o);
292 struct mdt_remote_perm *perm = buf;
296 /* remote client request always pack ptlrpc_user_desc! */
299 if (!exp_connect_rmtclient(info->mti_exp))
302 if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
305 perm->rp_uid = uc->mu_o_uid;
306 perm->rp_gid = uc->mu_o_gid;
307 perm->rp_fsuid = uc->mu_o_fsuid;
308 perm->rp_fsgid = uc->mu_o_fsgid;
310 perm->rp_access_perm = 0;
311 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_READ) == 0)
312 perm->rp_access_perm |= MAY_READ;
313 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_WRITE) == 0)
314 perm->rp_access_perm |= MAY_WRITE;
315 if (mo_permission(info->mti_env, NULL, next, NULL, MAY_EXEC) == 0)
316 perm->rp_access_perm |= MAY_EXEC;