lustre/mdt/mdt_idmap.c

   1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
   2  * vim:expandtab:shiftwidth=8:tabstop=8:
   3  *
   4  * GPL HEADER START
   5  *
   6  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License version 2 only,
  10  * as published by the Free Software Foundation.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * General Public License version 2 for more details (a copy is included
  16  * in the LICENSE file that accompanied this code).
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * version 2 along with this program; If not, see
  20  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  21  *
  22  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  23  * CA 95054 USA or visit www.sun.com if you need additional information or
  24  * have any questions.
  25  *
  26  * GPL HEADER END
  27  */
  28 /*
  29  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  30  * Use is subject to license terms.
  31  */
  32 /*
  33  * This file is part of Lustre, http://www.lustre.org/
  34  * Lustre is a trademark of Sun Microsystems, Inc.
  35  *
  36  * lustre/mdt/mdt_idmap.c
  37  *
  38  * Author: Lai Siyao <lsy@clusterfs.com>
  39  * Author: Fan Yong <fanyong@clusterfs.com>
  40  */
  41
  42 #ifndef EXPORT_SYMTAB
  43 #define EXPORT_SYMTAB
  44 #endif
  45 #define DEBUG_SUBSYSTEM S_MDS
  46
  47 #ifndef AUTOCONF_INCLUDED
  48 #include <linux/config.h>
  49 #endif
  50 #include <linux/module.h>
  51 #include <linux/kernel.h>
  52 #include <linux/mm.h>
  53 #include <linux/kmod.h>
  54 #include <linux/string.h>
  55 #include <linux/stat.h>
  56 #include <linux/errno.h>
  57 #include <linux/version.h>
  58 #include <linux/unistd.h>
  59 #include <asm/system.h>
  60 #include <asm/uaccess.h>
  61 #include <linux/fs.h>
  62 #include <linux/stat.h>
  63 #include <asm/uaccess.h>
  64 #include <linux/slab.h>
  65
  66 #include <libcfs/libcfs.h>
  67 #include <libcfs/lucache.h>
  68 #include <obd.h>
  69 #include <obd_class.h>
  70 #include <obd_support.h>
  71 #include <lustre_net.h>
  72 #include <lustre_import.h>
  73 #include <lustre_dlm.h>
  74 #include <lustre_sec.h>
  75 #include <lustre_lib.h>
  76
  77 #include "mdt_internal.h"
  78
  79 #define mdt_init_sec_none(reply, exp)                                   \
  80 do {                                                                    \
  81         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |          \
  82                                       OBD_CONNECT_RMT_CLIENT_FORCE |    \
  83                                       OBD_CONNECT_MDS_CAPA |            \
  84                                       OBD_CONNECT_OSS_CAPA);            \
  85 } while (0)
  86
  87 int mdt_init_sec_level(struct mdt_thread_info *info)
  88 {
  89         struct mdt_device *mdt = info->mti_mdt;
  90         struct ptlrpc_request *req = mdt_info_req(info);
  91         char *client = libcfs_nid2str(req->rq_peer.nid);
  92         struct obd_export *exp = req->rq_export;
  93         struct obd_device *obd = exp->exp_obd;
  94         struct obd_connect_data *data, *reply;
  95         int rc = 0, remote;
  96         ENTRY;
  97
  98         data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA);
  99         reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA);
 100         if (data == NULL || reply == NULL)
 101                 RETURN(-EFAULT);
 102
 103         /* connection from MDT is always trusted */
 104         if (req->rq_auth_usr_mdt) {
 105                 mdt_init_sec_none(reply, exp);
 106                 RETURN(0);
 107         }
 108
 109         /* no GSS support case */
 110         if (!req->rq_auth_gss) {
 111                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 112                         CWARN("client %s -> target %s does not user GSS, "
 113                               "can not run under security level %d.\n",
 114                               client, obd->obd_name, mdt->mdt_sec_level);
 115                         RETURN(-EACCES);
 116                 } else {
 117                         mdt_init_sec_none(reply, exp);
 118                         RETURN(0);
 119                 }
 120         }
 121
 122         /* old version case */
 123         if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) ||
 124                      !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) ||
 125                      !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) {
 126                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 127                         CWARN("client %s -> target %s uses old version, "
 128                               "can not run under security level %d.\n",
 129                               client, obd->obd_name, mdt->mdt_sec_level);
 130                         RETURN(-EACCES);
 131                 } else {
 132                         CWARN("client %s -> target %s uses old version, "
 133                               "run under security level %d.\n",
 134                               client, obd->obd_name, mdt->mdt_sec_level);
 135                         mdt_init_sec_none(reply, exp);
 136                         RETURN(0);
 137                 }
 138         }
 139
 140         remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE;
 141         if (remote) {
 142                 if (!req->rq_auth_remote)
 143                         CDEBUG(D_SEC, "client (local realm) %s -> target %s "
 144                                "asked to be remote.\n", client, obd->obd_name);
 145         } else if (req->rq_auth_remote) {
 146                 remote = 1;
 147                 CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set "
 148                        "as remote by default.\n", client, obd->obd_name);
 149         }
 150
 151         if (remote) {
 152                 if (!mdt->mdt_opts.mo_oss_capa) {
 153                         CDEBUG(D_SEC, "client %s -> target %s is set as remote,"
 154                                " but OSS capabilities are not enabled: %d.\n",
 155                                client, obd->obd_name, mdt->mdt_opts.mo_oss_capa);
 156                         RETURN(-EACCES);
 157                 }
 158         } else {
 159                 if (req->rq_auth_uid == INVALID_UID) {
 160                         CDEBUG(D_SEC, "client %s -> target %s: user is not "
 161                                "authenticated!\n", client, obd->obd_name);
 162                         RETURN(-EACCES);
 163                 }
 164         }
 165
 166         switch (mdt->mdt_sec_level) {
 167         case LUSTRE_SEC_NONE:
 168                 if (!remote) {
 169                         mdt_init_sec_none(reply, exp);
 170                         break;
 171                 } else {
 172                         CDEBUG(D_SEC, "client %s -> target %s is set as remote, "
 173                                "can not run under security level %d.\n",
 174                                client, obd->obd_name, mdt->mdt_sec_level);
 175                         RETURN(-EACCES);
 176                 }
 177         case LUSTRE_SEC_REMOTE:
 178                 if (!remote)
 179                         mdt_init_sec_none(reply, exp);
 180                 break;
 181         case LUSTRE_SEC_ALL:
 182                 if (!remote) {
 183                         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
 184                                                       OBD_CONNECT_RMT_CLIENT_FORCE);
 185                         if (!mdt->mdt_opts.mo_mds_capa)
 186                                 reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
 187                         if (!mdt->mdt_opts.mo_oss_capa)
 188                                 reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
 189                 }
 190                 break;
 191         default:
 192                 RETURN(-EINVAL);
 193         }
 194
 195         RETURN(rc);
 196 }
 197
 198 int mdt_init_idmap(struct mdt_thread_info *info)
 199 {
 200         struct ptlrpc_request *req = mdt_info_req(info);
 201         struct mdt_export_data *med = mdt_req2med(req);
 202         struct obd_export *exp = req->rq_export;
 203         char *client = libcfs_nid2str(req->rq_peer.nid);
 204         struct obd_device *obd = exp->exp_obd;
 205         int rc = 0;
 206         ENTRY;
 207
 208         if (exp_connect_rmtclient(exp)) {
 209                 cfs_down(&med->med_idmap_sem);
 210                 if (!med->med_idmap)
 211                         med->med_idmap = lustre_idmap_init();
 212                 cfs_up(&med->med_idmap_sem);
 213
 214                 if (IS_ERR(med->med_idmap)) {
 215                         long err = PTR_ERR(med->med_idmap);
 216
 217                         med->med_idmap = NULL;
 218                         CERROR("client %s -> target %s "
 219                                "failed to init idmap [%ld]!\n",
 220                                client, obd->obd_name, err);
 221                         RETURN(err);
 222                 } else if (!med->med_idmap) {
 223                         CERROR("client %s -> target %s "
 224                                "failed to init(2) idmap!\n",
 225                                client, obd->obd_name);
 226                         RETURN(-ENOMEM);
 227                 }
 228
 229                 CDEBUG(D_SEC, "client %s -> target %s is remote.\n",
 230                        client, obd->obd_name);
 231                 /* NB, MDS_CONNECT establish root idmap too! */
 232                 rc = mdt_handle_idmap(info);
 233         }
 234         RETURN(rc);
 235 }
 236
 237 void mdt_cleanup_idmap(struct mdt_export_data *med)
 238 {
 239         cfs_down(&med->med_idmap_sem);
 240         if (med->med_idmap != NULL) {
 241                 lustre_idmap_fini(med->med_idmap);
 242                 med->med_idmap = NULL;
 243         }
 244         cfs_up(&med->med_idmap_sem);
 245 }
 246
 247 static inline void mdt_revoke_export_locks(struct obd_export *exp)
 248 {
 249         /* don't revoke locks during recovery */
 250         if (exp->exp_obd->obd_recovering)
 251                 return;
 252
 253         ldlm_revoke_export_locks(exp);
 254 }
 255
 256 int mdt_handle_idmap(struct mdt_thread_info *info)
 257 {
 258         struct ptlrpc_request *req = mdt_info_req(info);
 259         struct mdt_device *mdt = info->mti_mdt;
 260         struct mdt_export_data *med;
 261         struct ptlrpc_user_desc *pud = req->rq_user_desc;
 262         struct md_identity *identity;
 263         __u32 opc;
 264         int rc = 0;
 265         ENTRY;
 266
 267         if (!req->rq_export)
 268                 RETURN(0);
 269
 270         med = mdt_req2med(req);
 271         if (!exp_connect_rmtclient(info->mti_exp))
 272                 RETURN(0);
 273
 274         opc = lustre_msg_get_opc(req->rq_reqmsg);
 275         /* Bypass other opc */
 276         if ((opc != SEC_CTX_INIT) && (opc != SEC_CTX_INIT_CONT) &&
 277             (opc != SEC_CTX_FINI) && (opc != MDS_CONNECT))
 278                 RETURN(0);
 279
 280         LASSERT(med->med_idmap);
 281
 282         if (unlikely(!pud)) {
 283                 CDEBUG(D_SEC, "remote client must run with rq_user_desc "
 284                        "present\n");
 285                 RETURN(-EACCES);
 286         }
 287
 288         if (req->rq_auth_mapped_uid == INVALID_UID) {
 289                 CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
 290                        "/etc/lustre/idmap.conf!\n");
 291                 RETURN(-EACCES);
 292         }
 293
 294         if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
 295                 CDEBUG(D_SEC, "remote client must run with identity_get "
 296                        "enabled!\n");
 297                 RETURN(-EACCES);
 298         }
 299
 300         identity = mdt_identity_get(mdt->mdt_identity_cache,
 301                                     req->rq_auth_mapped_uid);
 302         if (IS_ERR(identity)) {
 303                 CDEBUG(D_SEC, "can't get mdt identity(%u), no mapping added\n",
 304                        req->rq_auth_mapped_uid);
 305                 RETURN(-EACCES);
 306         }
 307
 308         switch (opc) {
 309                 case SEC_CTX_INIT:
 310                 case SEC_CTX_INIT_CONT:
 311                 case MDS_CONNECT:
 312                         rc = lustre_idmap_add(med->med_idmap,
 313                                               pud->pud_uid, identity->mi_uid,
 314                                               pud->pud_gid, identity->mi_gid);
 315                         break;
 316                 case SEC_CTX_FINI:
 317                         rc = lustre_idmap_del(med->med_idmap,
 318                                               pud->pud_uid, identity->mi_uid,
 319                                               pud->pud_gid, identity->mi_gid);
 320                         break;
 321         }
 322
 323         mdt_identity_put(mdt->mdt_identity_cache, identity);
 324
 325         if (rc)
 326                 RETURN(rc);
 327
 328         switch (opc) {
 329                 case SEC_CTX_INIT:
 330                 case SEC_CTX_INIT_CONT:
 331                 case SEC_CTX_FINI:
 332                         mdt_revoke_export_locks(req->rq_export);
 333                         break;
 334         }
 335
 336         RETURN(0);
 337 }
 338
 339 int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req,
 340                               struct ptlrpc_user_desc *pud)
 341 {
 342         struct mdt_export_data    *med = mdt_req2med(req);
 343         struct lustre_idmap_table *idmap = med->med_idmap;
 344         uid_t uid, fsuid;
 345         gid_t gid, fsgid;
 346
 347         /* Only remote client need desc_to_idmap. */
 348         if (!exp_connect_rmtclient(req->rq_export))
 349                 return 0;
 350
 351         uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid);
 352         if (uid == CFS_IDMAP_NOTFOUND) {
 353                 CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid);
 354                 return -EACCES;
 355         }
 356
 357         if (pud->pud_uid == pud->pud_fsuid) {
 358                 fsuid = uid;
 359         } else {
 360                 fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid);
 361                 if (fsuid == CFS_IDMAP_NOTFOUND) {
 362                         CDEBUG(D_SEC, "no mapping for fsuid %u\n",
 363                                pud->pud_fsuid);
 364                         return -EACCES;
 365                 }
 366         }
 367
 368         gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid);
 369         if (gid == CFS_IDMAP_NOTFOUND) {
 370                 CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid);
 371                 return -EACCES;
 372         }
 373
 374         if (pud->pud_gid == pud->pud_fsgid) {
 375                 fsgid = gid;
 376         } else {
 377                 fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid);
 378                 if (fsgid == CFS_IDMAP_NOTFOUND) {
 379                         CDEBUG(D_SEC, "no mapping for fsgid %u\n",
 380                                pud->pud_fsgid);
 381                         return -EACCES;
 382                 }
 383         }
 384
 385         pud->pud_uid = uid;
 386         pud->pud_gid = gid;
 387         pud->pud_fsuid = fsuid;
 388         pud->pud_fsgid = fsgid;
 389
 390         return 0;
 391 }
 392
 393 /*
 394  * Reverse mapping
 395  */
 396 void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body)
 397 {
 398         struct ptlrpc_request     *req = mdt_info_req(info);
 399         struct md_ucred           *uc = mdt_ucred(info);
 400         struct mdt_export_data    *med = mdt_req2med(req);
 401         struct lustre_idmap_table *idmap = med->med_idmap;
 402
 403         if (!exp_connect_rmtclient(info->mti_exp))
 404                 return;
 405
 406         if (body->valid & OBD_MD_FLUID) {
 407                 uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid);
 408
 409                 if (uid == CFS_IDMAP_NOTFOUND) {
 410                         uid = NOBODY_UID;
 411                         if (body->valid & OBD_MD_FLMODE)
 412                                 body->mode = (body->mode & ~S_IRWXU) |
 413                                              ((body->mode & S_IRWXO) << 6);
 414                 }
 415
 416                 body->uid = uid;
 417         }
 418
 419         if (body->valid & OBD_MD_FLGID) {
 420                 gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid);
 421
 422                 if (gid == CFS_IDMAP_NOTFOUND) {
 423                         gid = NOBODY_GID;
 424                         if (body->valid & OBD_MD_FLMODE)
 425                                 body->mode = (body->mode & ~S_IRWXG) |
 426                                              ((body->mode & S_IRWXO) << 3);
 427                 }
 428
 429                 body->gid = gid;
 430         }
 431 }
 432
 433 /* Do not ignore root_squash for non-setattr case. */
 434 int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op)
 435 {
 436         struct ptlrpc_request     *req = mdt_info_req(info);
 437         struct md_ucred           *uc = mdt_ucred(info);
 438         struct lu_attr            *attr = &info->mti_attr.ma_attr;
 439         struct mdt_export_data    *med = mdt_req2med(req);
 440         struct lustre_idmap_table *idmap = med->med_idmap;
 441
 442         if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
 443                 return -EINVAL;
 444
 445         if (op != REINT_SETATTR) {
 446                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
 447                         attr->la_uid = uc->mu_fsuid;
 448                 /* for S_ISGID, inherit gid from his parent, such work will be
 449                  * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */
 450                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
 451                         attr->la_gid = uc->mu_fsgid;
 452         } else if (exp_connect_rmtclient(info->mti_exp)) {
 453                 /* NB: -1 case will be handled by mdt_fix_attr() later. */
 454                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {
 455                         uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0,
 456                                                             attr->la_uid);
 457
 458                         if (uid == CFS_IDMAP_NOTFOUND) {
 459                                 CDEBUG(D_SEC, "Deny chown to uid %u\n",
 460                                        attr->la_uid);
 461                                 return -EPERM;
 462                         }
 463
 464                         attr->la_uid = uid;
 465                 }
 466                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) {
 467                         gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0,
 468                                                             attr->la_gid);
 469
 470                         if (gid == CFS_IDMAP_NOTFOUND) {
 471                                 CDEBUG(D_SEC, "Deny chown to gid %u\n",
 472                                        attr->la_gid);
 473                                 return -EPERM;
 474                         }
 475
 476                         attr->la_gid = gid;
 477                 }
 478         }
 479
 480         return 0;
 481 }