#ifndef _LUSTRE_NODEMAP_H
#define _LUSTRE_NODEMAP_H
-#include <uapi/linux/lustre/lustre_idl.h>
+#include <uapi/linux/lustre/lustre_disk.h>
+#include <uapi/linux/lustre/lustre_ioctl.h>
#define LUSTRE_NODEMAP_NAME "nodemap"
#define LUSTRE_NODEMAP_DEFAULT_ID 0
-/** enums containing the types of ids contained in a nodemap
- * kept so other modules (mgs, mdt, etc) can define the type
- * of search easily
- */
-
-enum nodemap_id_type {
- NODEMAP_UID,
- NODEMAP_GID,
- NODEMAP_PROJID,
-};
-
-enum nodemap_tree_type {
- NODEMAP_FS_TO_CLIENT,
- NODEMAP_CLIENT_TO_FS,
-};
-
-enum nodemap_mapping_modes {
- NODEMAP_MAP_BOTH_LEGACY = 0x0, /* for compatibility */
- NODEMAP_MAP_UID = 0x01,
- NODEMAP_MAP_GID = 0x02,
- NODEMAP_MAP_BOTH = 0x03, /* for compatibility */
- NODEMAP_MAP_PROJID = 0x04,
- NODEMAP_MAP_ALL = NODEMAP_MAP_UID |
- NODEMAP_MAP_GID |
- NODEMAP_MAP_PROJID,
+static const struct nodemap_rbac_name {
+ enum nodemap_rbac_roles nrn_mode;
+ const char *nrn_name;
+} nodemap_rbac_names[] = {
+ { NODEMAP_RBAC_FILE_PERMS, "file_perms" },
+ { NODEMAP_RBAC_DNE_OPS, "dne_ops" },
+ { NODEMAP_RBAC_QUOTA_OPS, "quota_ops" },
+ { NODEMAP_RBAC_BYFID_OPS, "byfid_ops" },
+ { NODEMAP_RBAC_CHLG_OPS, "chlg_ops" },
+ { NODEMAP_RBAC_FSCRYPT_ADMIN, "fscrypt_admin" },
};
struct nodemap_pde {
nmf_deny_unknown:1,
nmf_allow_root_access:1,
nmf_enable_audit:1,
- nmf_forbid_encryption:1;
+ nmf_forbid_encryption:1,
+ nmf_readonly_mount:1;
/* bitmap for mapping type */
- enum nodemap_mapping_modes
- nmf_map_mode;
+ enum nodemap_mapping_modes nmf_map_mode;
+ /* bitmap for rbac, enum nodemap_rbac_roles */
+ enum nodemap_rbac_roles nmf_rbac;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
void nodemap_activate(const bool value);
int nodemap_add(const char *nodemap_name);
int nodemap_del(const char *nodemap_name);
-int nodemap_add_member(lnet_nid_t nid, struct obd_export *exp);
+int nodemap_add_member(struct lnet_nid *nid, struct obd_export *exp);
void nodemap_del_member(struct obd_export *exp);
-int nodemap_parse_range(const char *range_string, lnet_nid_t range[2]);
+int nodemap_parse_range(const char *range_string, struct lnet_nid range[2],
+ u8 *netmask);
int nodemap_parse_idmap(char *idmap_string, __u32 idmap[2]);
-int nodemap_add_range(const char *name, const lnet_nid_t nid[2]);
-int nodemap_del_range(const char *name, const lnet_nid_t nid[2]);
+int nodemap_add_range(const char *name, const struct lnet_nid nid[2],
+ u8 netmask);
+int nodemap_del_range(const char *name, const struct lnet_nid nid[2],
+ u8 netmask);
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
int nodemap_set_mapping_mode(const char *name,
enum nodemap_mapping_modes map_mode);
+int nodemap_set_rbac(const char *name, enum nodemap_rbac_roles rbac);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
int nodemap_set_squash_projid(const char *name, projid_t projid);
int nodemap_set_audit_mode(const char *name, bool enable_audit);
int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
+int nodemap_set_readonly_mount(const char *name, bool readonly_mount);
bool nodemap_can_setquota(struct lu_nodemap *nodemap, __u32 qc_type, __u32 id);
int nodemap_add_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
enum nodemap_tree_type tree_type);
#ifdef HAVE_SERVER_SUPPORT
-void nodemap_test_nid(lnet_nid_t nid, char *name_buf, size_t name_len);
+void nodemap_test_nid(struct lnet_nid *nid, char *name_buf, size_t name_len);
#else
-#define nodemap_test_nid(nid, name_buf, name_len) do {} while(0)
+#define nodemap_test_nid(nid, name_buf, name_len) do {} while (0)
#endif
-int nodemap_test_id(lnet_nid_t nid, enum nodemap_id_type idtype,
- __u32 client_id, __u32 *fs_id);
+int nodemap_test_id(struct lnet_nid *nid, enum nodemap_id_type idtype,
+ u32 client_id, u32 *fs_id);
+
+int server_iocontrol_nodemap(struct obd_device *obd,
+ struct obd_ioctl_data *data, bool dynamic);
+
struct nm_config_file *nm_config_file_register_mgs(const struct lu_env *env,
struct dt_object *obj,
- struct local_oid_storage *los);
+ struct local_oid_storage *l);
struct dt_device;
struct nm_config_file *nm_config_file_register_tgt(const struct lu_env *env,
struct dt_device *dev,
- struct local_oid_storage *los);
+ struct local_oid_storage *l);
void nm_config_file_deregister_mgs(const struct lu_env *env,
struct nm_config_file *ncf);
void nm_config_file_deregister_tgt(const struct lu_env *env,
/* Pointer to default nodemap as it is needed more often */
struct lu_nodemap *nmc_default_nodemap;
+ /* list of netmask + address prefix */
+ struct list_head nmc_netmask_setup;
+
/**
* Lock required to access the range tree.
*/