*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; If not, see
- * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
+ * http://www.gnu.org/licenses/gpl-2.0.html
*
* GPL HEADER END
*/
/*
* Copyright (C) 2013, Trustees of Indiana University
+ *
+ * Copyright (c) 2017, Intel Corporation.
+ *
* Author: Joshua Walgenbach <jjw@iu.edu>
*/
#ifndef _LUSTRE_NODEMAP_H
#define _LUSTRE_NODEMAP_H
-#include <lustre/lustre_idl.h>
+#include <uapi/linux/lustre/lustre_disk.h>
+#include <uapi/linux/lustre/lustre_ioctl.h>
#define LUSTRE_NODEMAP_NAME "nodemap"
#define LUSTRE_NODEMAP_DEFAULT_ID 0
-/** enums containing the types of ids contained in a nodemap
- * kept so other modules (mgs, mdt, etc) can define the type
- * of search easily
- */
-
-enum nodemap_id_type {
- NODEMAP_UID,
- NODEMAP_GID,
-};
-
-enum nodemap_tree_type {
- NODEMAP_FS_TO_CLIENT,
- NODEMAP_CLIENT_TO_FS,
+static const struct nodemap_rbac_name {
+ enum nodemap_rbac_roles nrn_mode;
+ const char *nrn_name;
+} nodemap_rbac_names[] = {
+ { NODEMAP_RBAC_FILE_PERMS, "file_perms" },
+ { NODEMAP_RBAC_DNE_OPS, "dne_ops" },
+ { NODEMAP_RBAC_QUOTA_OPS, "quota_ops" },
+ { NODEMAP_RBAC_BYFID_OPS, "byfid_ops" },
+ { NODEMAP_RBAC_CHLG_OPS, "chlg_ops" },
+ { NODEMAP_RBAC_FSCRYPT_ADMIN, "fscrypt_admin" },
};
struct nodemap_pde {
char nm_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
/* flags to govern nodemap behavior */
bool nmf_trust_client_ids:1,
- nmf_allow_root_access:1;
+ nmf_deny_unknown:1,
+ nmf_allow_root_access:1,
+ nmf_enable_audit:1,
+ nmf_forbid_encryption:1,
+ nmf_readonly_mount:1;
+ /* bitmap for mapping type */
+ enum nodemap_mapping_modes nmf_map_mode;
+ /* bitmap for rbac, enum nodemap_rbac_roles */
+ enum nodemap_rbac_roles nmf_rbac;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
uid_t nm_squash_uid;
/* GID to squash unmapped GIDs */
gid_t nm_squash_gid;
+ /* PROJID to squash unmapped PROJIDs */
+ projid_t nm_squash_projid;
/* NID range list */
struct list_head nm_ranges;
/* lock for idmap red/black trees */
- rwlock_t nm_idmap_lock;
+ struct rw_semaphore nm_idmap_lock;
/* UID map keyed by local UID */
struct rb_root nm_fs_to_client_uidmap;
/* UID map keyed by remote UID */
struct rb_root nm_fs_to_client_gidmap;
/* GID map keyed by remote UID */
struct rb_root nm_client_to_fs_gidmap;
+ /* PROJID map keyed by local UID */
+ struct rb_root nm_fs_to_client_projidmap;
+ /* PROJID map keyed by remote UID */
+ struct rb_root nm_client_to_fs_projidmap;
/* attached client members of this nodemap */
struct mutex nm_member_list_lock;
struct list_head nm_member_list;
/* access by nodemap name */
struct hlist_node nm_hash;
struct nodemap_pde *nm_pde_data;
+ /* fileset the nodes of this nodemap are restricted to */
+ char nm_fileset[PATH_MAX+1];
+ /* information about the expected SELinux policy on the nodes */
+ char nm_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH + 1];
/* used when loading/unloading nodemaps */
struct list_head nm_list;
* not be needed.
*/
struct nm_config_file {
- struct dt_object *ncf_obj;
- struct list_head ncf_list;
+ struct local_oid_storage *ncf_los;
+ struct dt_object *ncf_obj;
+ struct list_head ncf_list;
};
void nodemap_activate(const bool value);
int nodemap_add(const char *nodemap_name);
int nodemap_del(const char *nodemap_name);
-int nodemap_add_member(lnet_nid_t nid, struct obd_export *exp);
+int nodemap_add_member(struct lnet_nid *nid, struct obd_export *exp);
void nodemap_del_member(struct obd_export *exp);
-int nodemap_parse_range(const char *range_string, lnet_nid_t range[2]);
+int nodemap_parse_range(const char *range_string, struct lnet_nid range[2],
+ u8 *netmask);
int nodemap_parse_idmap(char *idmap_string, __u32 idmap[2]);
-int nodemap_add_range(const char *name, const lnet_nid_t nid[2]);
-int nodemap_del_range(const char *name, const lnet_nid_t nid[2]);
+int nodemap_add_range(const char *name, const struct lnet_nid nid[2],
+ u8 netmask);
+int nodemap_del_range(const char *name, const struct lnet_nid nid[2],
+ u8 netmask);
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
+int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
+int nodemap_set_mapping_mode(const char *name,
+ enum nodemap_mapping_modes map_mode);
+int nodemap_set_rbac(const char *name, enum nodemap_rbac_roles rbac);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
-bool nodemap_can_setquota(const struct lu_nodemap *nodemap);
+int nodemap_set_squash_projid(const char *name, projid_t projid);
+int nodemap_set_audit_mode(const char *name, bool enable_audit);
+int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
+int nodemap_set_readonly_mount(const char *name, bool readonly_mount);
+bool nodemap_can_setquota(struct lu_nodemap *nodemap, __u32 qc_type, __u32 id);
int nodemap_add_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
int nodemap_del_idmap(const char *name, enum nodemap_id_type id_type,
const __u32 map[2]);
+int nodemap_set_fileset(const char *name, const char *fileset);
+char *nodemap_get_fileset(const struct lu_nodemap *nodemap);
+int nodemap_set_sepol(const char *name, const char *sepol);
+const char *nodemap_get_sepol(const struct lu_nodemap *nodemap);
__u32 nodemap_map_id(struct lu_nodemap *nodemap,
enum nodemap_id_type id_type,
enum nodemap_tree_type tree_type, __u32 id);
ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
enum nodemap_tree_type tree_type);
-void nodemap_test_nid(lnet_nid_t nid, char *name_buf, size_t name_len);
-__u32 nodemap_test_id(lnet_nid_t nid, enum nodemap_id_type idtype,
- __u32 client_id);
-struct nm_config_file *nm_config_file_register(const struct lu_env *env,
- struct dt_object *obj);
-void nm_config_file_deregister(const struct lu_env *env,
- struct nm_config_file *ncf);
+#ifdef HAVE_SERVER_SUPPORT
+void nodemap_test_nid(struct lnet_nid *nid, char *name_buf, size_t name_len);
+#else
+#define nodemap_test_nid(nid, name_buf, name_len) do {} while (0)
+#endif
+int nodemap_test_id(struct lnet_nid *nid, enum nodemap_id_type idtype,
+ u32 client_id, u32 *fs_id);
+
+int server_iocontrol_nodemap(struct obd_device *obd,
+ struct obd_ioctl_data *data, bool dynamic);
+
+
+struct nm_config_file *nm_config_file_register_mgs(const struct lu_env *env,
+ struct dt_object *obj,
+ struct local_oid_storage *l);
+struct dt_device;
+struct nm_config_file *nm_config_file_register_tgt(const struct lu_env *env,
+ struct dt_device *dev,
+ struct local_oid_storage *l);
+void nm_config_file_deregister_mgs(const struct lu_env *env,
+ struct nm_config_file *ncf);
+void nm_config_file_deregister_tgt(const struct lu_env *env,
+ struct nm_config_file *ncf);
struct lu_nodemap *nodemap_get_from_exp(struct obd_export *exp);
void nodemap_putref(struct lu_nodemap *nodemap);
#ifdef HAVE_SERVER_SUPPORT
+
struct nodemap_range_tree {
- struct interval_node *nmrt_range_interval_root;
+ struct interval_tree_root nmrt_range_interval_root;
unsigned int nmrt_range_highest_id;
};
/* Pointer to default nodemap as it is needed more often */
struct lu_nodemap *nmc_default_nodemap;
+ /* list of netmask + address prefix */
+ struct list_head nmc_netmask_setup;
+
/**
* Lock required to access the range tree.
*/
struct nodemap_config *nodemap_config_alloc(void);
void nodemap_config_dealloc(struct nodemap_config *config);
-void nodemap_config_set_active(struct nodemap_config *config);
+void nodemap_config_set_active_mgc(struct nodemap_config *config);
int nodemap_process_idx_pages(struct nodemap_config *config, union lu_page *lip,
struct lu_nodemap **recent_nodemap);
+
#else /* disable nodemap processing in MGC of non-servers */
static inline int nodemap_process_idx_pages(void *config,
union lu_page *lip,