X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fmdt%2Fmdt_idmap.c;h=389c2798c2a53a6c84a48fde1d05f7374e45e183;hb=12ac7f2baa3691eaf74d468aedb7615f6ddf6d60;hp=fb810413b5d4c941672d8cd7e40914e48ee6003a;hpb=fe49c887644eb08b64377a3446415a0631912b96;p=fs%2Flustre-release.git diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c index fb81041..389c279 100644 --- a/lustre/mdt/mdt_idmap.c +++ b/lustre/mdt/mdt_idmap.c @@ -1,50 +1,66 @@ -/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- - * vim:expandtab:shiftwidth=8:tabstop=8: +/* + * GPL HEADER START + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 only, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License version 2 for more details (a copy is included + * in the LICENSE file that accompanied this code). * - * Copyright (C) 2004-2006 Cluster File Systems, Inc. - * Author: Lai Siyao - * Author: Fan Yong + * You should have received a copy of the GNU General Public License + * version 2 along with this program; If not, see + * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. * - * This file is part of Lustre, http://www.lustre.org. + * GPL HEADER END + */ +/* + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Use is subject to license terms. * - * Lustre is free software; you can redistribute it and/or - * modify it under the terms of version 2 of the GNU General Public - * License as published by the Free Software Foundation. + * Copyright (c) 2012, 2013, Intel Corporation. + */ +/* + * This file is part of Lustre, http://www.lustre.org/ + * Lustre is a trademark of Sun Microsystems, Inc. * - * Lustre is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * lustre/mdt/mdt_idmap.c * - * You should have received a copy of the GNU General Public License - * along with Lustre; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * Author: Lai Siyao + * Author: Fan Yong */ -#ifndef EXPORT_SYMTAB -#define EXPORT_SYMTAB -#endif #define DEBUG_SUBSYSTEM S_MDS -#include #include #include #include #include +#include +#ifdef HAVE_UIDGID_HEADER +# include +#endif #include #include #include #include #include -#include #include #include #include #include #include -#include +#include #include #include #include @@ -53,93 +69,58 @@ #include #include #include -#include #include "mdt_internal.h" -int mdt_init_idmap(struct mdt_thread_info *info) +int mdt_init_idmap(struct tgt_session_info *tsi) { - struct ptlrpc_request *req = mdt_info_req(info); - char *client = libcfs_nid2str(req->rq_peer.nid); - struct mdt_export_data *med = mdt_req2med(req); - struct obd_device *obd = req->rq_export->exp_obd; - struct obd_connect_data *data, *reply; - int rc = 0, remote; - ENTRY; - - data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA); - reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA); - if (data == NULL || reply == NULL) - RETURN(-EFAULT); - - if (!req->rq_auth_gss || req->rq_auth_usr_mdt) { - med->med_rmtclient = 0; - reply->ocd_connect_flags &= ~OBD_CONNECT_RMT_CLIENT; - RETURN(0); - } - - remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT; - - if (remote) { - med->med_rmtclient = 1; - if (!req->rq_auth_remote) - CDEBUG(D_SEC, "client (local realm) %s -> target %s " - "asked to be remote!\n", client, obd->obd_name); - } else if (req->rq_auth_remote) { - med->med_rmtclient = 1; - CDEBUG(D_SEC, "client (remote realm) %s -> target %s forced " - "to be remote!\n", client, obd->obd_name); - } - - if (med->med_rmtclient) { - down(&med->med_idmap_sem); - if (!med->med_idmap) - med->med_idmap = lustre_idmap_init(); - up(&med->med_idmap_sem); - - if (IS_ERR(med->med_idmap)) { - long err = PTR_ERR(med->med_idmap); - - med->med_idmap = NULL; - CERROR("client %s -> target %s " - "failed to init idmap [%ld]!\n", - client, obd->obd_name, err); - RETURN(err); - } else if (!med->med_idmap) { - CERROR("client %s -> target %s " - "failed to init(2) idmap!\n", - client, obd->obd_name); - RETURN(-ENOMEM); - } - - reply->ocd_connect_flags &= ~OBD_CONNECT_LCL_CLIENT; - CDEBUG(D_SEC, "client %s -> target %s is remote.\n", - client, obd->obd_name); - - /* NB, MDS_CONNECT establish root idmap too! */ - rc = mdt_handle_idmap(info); - } else { - if (req->rq_auth_uid == INVALID_UID) { - CDEBUG(D_SEC, "client %s -> target %s: user is not " - "authenticated!\n", client, obd->obd_name); - RETURN(-EACCES); - } - reply->ocd_connect_flags &= ~OBD_CONNECT_RMT_CLIENT; - } - - RETURN(rc); + struct ptlrpc_request *req = tgt_ses_req(tsi); + struct mdt_export_data *med = mdt_req2med(req); + struct obd_export *exp = req->rq_export; + char *client = libcfs_nid2str(req->rq_peer.nid); + int rc = 0; + ENTRY; + + if (exp_connect_rmtclient(exp)) { + mutex_lock(&med->med_idmap_mutex); + if (!med->med_idmap) + med->med_idmap = lustre_idmap_init(); + mutex_unlock(&med->med_idmap_mutex); + + if (IS_ERR(med->med_idmap)) { + long err = PTR_ERR(med->med_idmap); + + med->med_idmap = NULL; + CERROR("%s: client %s -> target %s " + "failed to init idmap [%ld]!\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt), err); + RETURN(err); + } else if (!med->med_idmap) { + CERROR("%s: client %s -> target %s " + "failed to init(2) idmap!\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt)); + RETURN(-ENOMEM); + } + + CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt)); + /* NB, MDS_CONNECT establish root idmap too! */ + rc = mdt_handle_idmap(tsi); + } + RETURN(rc); } void mdt_cleanup_idmap(struct mdt_export_data *med) { - LASSERT(med->med_rmtclient); - - down(&med->med_idmap_sem); + mutex_lock(&med->med_idmap_mutex); if (med->med_idmap != NULL) { lustre_idmap_fini(med->med_idmap); med->med_idmap = NULL; } - up(&med->med_idmap_sem); + mutex_unlock(&med->med_idmap_mutex); } static inline void mdt_revoke_export_locks(struct obd_export *exp) @@ -151,10 +132,10 @@ static inline void mdt_revoke_export_locks(struct obd_export *exp) ldlm_revoke_export_locks(exp); } -int mdt_handle_idmap(struct mdt_thread_info *info) +int mdt_handle_idmap(struct tgt_session_info *tsi) { - struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_device *mdt = info->mti_mdt; + struct ptlrpc_request *req = tgt_ses_req(tsi); + struct mdt_device *mdt = mdt_exp2dev(req->rq_export); struct mdt_export_data *med; struct ptlrpc_user_desc *pud = req->rq_user_desc; struct md_identity *identity; @@ -166,7 +147,7 @@ int mdt_handle_idmap(struct mdt_thread_info *info) RETURN(0); med = mdt_req2med(req); - if (!med->med_rmtclient) + if (!exp_connect_rmtclient(req->rq_export)) RETURN(0); opc = lustre_msg_get_opc(req->rq_reqmsg); @@ -183,7 +164,7 @@ int mdt_handle_idmap(struct mdt_thread_info *info) RETURN(-EACCES); } - if (req->rq_auth_mapped_uid == INVALID_UID) { + if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) { CDEBUG(D_SEC, "invalid authorized mapped uid, please check " "/etc/lustre/idmap.conf!\n"); RETURN(-EACCES); @@ -243,7 +224,7 @@ int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, gid_t gid, fsgid; /* Only remote client need desc_to_idmap. */ - if (!med->med_rmtclient) + if (!exp_connect_rmtclient(req->rq_export)) return 0; uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid); @@ -294,37 +275,41 @@ int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; - if (!med->med_rmtclient) + if (!exp_connect_rmtclient(info->mti_exp)) return; - if (body->valid & OBD_MD_FLUID) { - uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid); + if (body->mbo_valid & OBD_MD_FLUID) { + uid_t uid; - if (uid == CFS_IDMAP_NOTFOUND) { - uid = NOBODY_UID; - if (body->valid & OBD_MD_FLMODE) - body->mode = (body->mode & ~S_IRWXU) | - ((body->mode & S_IRWXO) << 6); - } + uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid); - body->uid = uid; - } + if (uid == CFS_IDMAP_NOTFOUND) { + uid = NOBODY_UID; + if (body->mbo_valid & OBD_MD_FLMODE) + body->mbo_mode = (body->mbo_mode & ~S_IRWXU) | + ((body->mbo_mode & S_IRWXO) << 6); + } - if (body->valid & OBD_MD_FLGID) { - gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid); + body->mbo_uid = uid; + } - if (gid == CFS_IDMAP_NOTFOUND) { - gid = NOBODY_GID; - if (body->valid & OBD_MD_FLMODE) - body->mode = (body->mode & ~S_IRWXG) | - ((body->mode & S_IRWXO) << 3); - } + if (body->mbo_valid & OBD_MD_FLGID) { + gid_t gid; + + gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid); + + if (gid == CFS_IDMAP_NOTFOUND) { + gid = NOBODY_GID; + if (body->mbo_valid & OBD_MD_FLMODE) + body->mbo_mode = (body->mbo_mode & ~S_IRWXG) | + ((body->mbo_mode & S_IRWXO) << 3); + } - body->gid = gid; + body->mbo_gid = gid; } } @@ -332,22 +317,22 @@ void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred_check(info); struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; - if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) - return -EINVAL; + if (uc == NULL) + return -EINVAL; if (op != REINT_SETATTR) { - if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) - attr->la_uid = uc->mu_fsuid; - /* for S_ISGID, inherit gid from his parent, such work will be - * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */ - if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) - attr->la_gid = uc->mu_fsgid; - } else if (med->med_rmtclient) { + if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) + attr->la_uid = uc->uc_fsuid; + /* for S_ISGID, inherit gid from his parent, such work will be + * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */ + if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) + attr->la_gid = uc->uc_fsgid; + } else if (exp_connect_rmtclient(info->mti_exp)) { /* NB: -1 case will be handled by mdt_fix_attr() later. */ if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) { uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0,