X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fmdt%2Fmdt_idmap.c;h=389c2798c2a53a6c84a48fde1d05f7374e45e183;hb=ea383222e031cdceffbdf2e3afab3b6d1fd53c8e;hp=2b5022572546b4332d414a74225dd4a3f1f24a05;hpb=11c2c0ec77125041e9c8143a80e7e51aede653ea;p=fs%2Flustre-release.git diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c index 2b50225..389c279 100644 --- a/lustre/mdt/mdt_idmap.c +++ b/lustre/mdt/mdt_idmap.c @@ -26,6 +26,8 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. * Use is subject to license terms. + * + * Copyright (c) 2012, 2013, Intel Corporation. */ /* * This file is part of Lustre, http://www.lustre.org/ @@ -43,12 +45,15 @@ #include #include #include +#include +#ifdef HAVE_UIDGID_HEADER +# include +#endif #include #include #include #include #include -#include #include #include #include @@ -56,7 +61,6 @@ #include #include -#include #include #include #include @@ -68,179 +72,55 @@ #include "mdt_internal.h" -#define mdt_init_sec_none(reply, exp) \ -do { \ - reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT | \ - OBD_CONNECT_RMT_CLIENT_FORCE | \ - OBD_CONNECT_MDS_CAPA | \ - OBD_CONNECT_OSS_CAPA); \ - cfs_spin_lock(&exp->exp_lock); \ - exp->exp_connect_flags = reply->ocd_connect_flags; \ - cfs_spin_unlock(&exp->exp_lock); \ -} while (0) - -int mdt_init_sec_level(struct mdt_thread_info *info) -{ - struct mdt_device *mdt = info->mti_mdt; - struct ptlrpc_request *req = mdt_info_req(info); - char *client = libcfs_nid2str(req->rq_peer.nid); - struct obd_export *exp = req->rq_export; - struct obd_device *obd = exp->exp_obd; - struct obd_connect_data *data, *reply; - int rc = 0, remote; - ENTRY; - - data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA); - reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA); - if (data == NULL || reply == NULL) - RETURN(-EFAULT); - - /* connection from MDT is always trusted */ - if (req->rq_auth_usr_mdt) { - mdt_init_sec_none(reply, exp); - RETURN(0); - } - - /* no GSS support case */ - if (!req->rq_auth_gss) { - if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) { - CWARN("client %s -> target %s does not user GSS, " - "can not run under security level %d.\n", - client, obd->obd_name, mdt->mdt_sec_level); - RETURN(-EACCES); - } else { - mdt_init_sec_none(reply, exp); - RETURN(0); - } - } - - /* old version case */ - if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) || - !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) || - !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) { - if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) { - CWARN("client %s -> target %s uses old version, " - "can not run under security level %d.\n", - client, obd->obd_name, mdt->mdt_sec_level); - RETURN(-EACCES); - } else { - CWARN("client %s -> target %s uses old version, " - "run under security level %d.\n", - client, obd->obd_name, mdt->mdt_sec_level); - mdt_init_sec_none(reply, exp); - RETURN(0); - } - } - - remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE; - if (remote) { - if (!req->rq_auth_remote) - CDEBUG(D_SEC, "client (local realm) %s -> target %s " - "asked to be remote.\n", client, obd->obd_name); - } else if (req->rq_auth_remote) { - remote = 1; - CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set " - "as remote by default.\n", client, obd->obd_name); - } - - if (remote) { - if (!mdt->mdt_opts.mo_oss_capa) { - CDEBUG(D_SEC, "client %s -> target %s is set as remote," - " but OSS capabilities are not enabled: %d.\n", - client, obd->obd_name, mdt->mdt_opts.mo_oss_capa); - RETURN(-EACCES); - } - } else { - if (req->rq_auth_uid == INVALID_UID) { - CDEBUG(D_SEC, "client %s -> target %s: user is not " - "authenticated!\n", client, obd->obd_name); - RETURN(-EACCES); - } - } - - switch (mdt->mdt_sec_level) { - case LUSTRE_SEC_NONE: - if (!remote) { - mdt_init_sec_none(reply, exp); - break; - } else { - CDEBUG(D_SEC, "client %s -> target %s is set as remote, " - "can not run under security level %d.\n", - client, obd->obd_name, mdt->mdt_sec_level); - RETURN(-EACCES); - } - case LUSTRE_SEC_REMOTE: - if (!remote) - mdt_init_sec_none(reply, exp); - break; - case LUSTRE_SEC_ALL: - if (!remote) { - reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT | - OBD_CONNECT_RMT_CLIENT_FORCE); - if (!mdt->mdt_opts.mo_mds_capa) - reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA; - if (!mdt->mdt_opts.mo_oss_capa) - reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA; - - cfs_spin_lock(&exp->exp_lock); - exp->exp_connect_flags = reply->ocd_connect_flags; - cfs_spin_unlock(&exp->exp_lock); - } - break; - default: - RETURN(-EINVAL); - } - - RETURN(rc); -} - -int mdt_init_idmap(struct mdt_thread_info *info) +int mdt_init_idmap(struct tgt_session_info *tsi) { - struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_export_data *med = mdt_req2med(req); - struct obd_export *exp = req->rq_export; - char *client = libcfs_nid2str(req->rq_peer.nid); - struct obd_device *obd = exp->exp_obd; - int rc = 0; - ENTRY; - - if (exp_connect_rmtclient(exp)) { - cfs_mutex_lock(&med->med_idmap_mutex); - if (!med->med_idmap) - med->med_idmap = lustre_idmap_init(); - cfs_mutex_unlock(&med->med_idmap_mutex); - - if (IS_ERR(med->med_idmap)) { - long err = PTR_ERR(med->med_idmap); - - med->med_idmap = NULL; - CERROR("client %s -> target %s " - "failed to init idmap [%ld]!\n", - client, obd->obd_name, err); - RETURN(err); - } else if (!med->med_idmap) { - CERROR("client %s -> target %s " - "failed to init(2) idmap!\n", - client, obd->obd_name); - RETURN(-ENOMEM); - } - - CDEBUG(D_SEC, "client %s -> target %s is remote.\n", - client, obd->obd_name); - /* NB, MDS_CONNECT establish root idmap too! */ - rc = mdt_handle_idmap(info); - } - RETURN(rc); + struct ptlrpc_request *req = tgt_ses_req(tsi); + struct mdt_export_data *med = mdt_req2med(req); + struct obd_export *exp = req->rq_export; + char *client = libcfs_nid2str(req->rq_peer.nid); + int rc = 0; + ENTRY; + + if (exp_connect_rmtclient(exp)) { + mutex_lock(&med->med_idmap_mutex); + if (!med->med_idmap) + med->med_idmap = lustre_idmap_init(); + mutex_unlock(&med->med_idmap_mutex); + + if (IS_ERR(med->med_idmap)) { + long err = PTR_ERR(med->med_idmap); + + med->med_idmap = NULL; + CERROR("%s: client %s -> target %s " + "failed to init idmap [%ld]!\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt), err); + RETURN(err); + } else if (!med->med_idmap) { + CERROR("%s: client %s -> target %s " + "failed to init(2) idmap!\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt)); + RETURN(-ENOMEM); + } + + CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n", + tgt_name(tsi->tsi_tgt), client, + tgt_name(tsi->tsi_tgt)); + /* NB, MDS_CONNECT establish root idmap too! */ + rc = mdt_handle_idmap(tsi); + } + RETURN(rc); } void mdt_cleanup_idmap(struct mdt_export_data *med) { - cfs_mutex_lock(&med->med_idmap_mutex); + mutex_lock(&med->med_idmap_mutex); if (med->med_idmap != NULL) { lustre_idmap_fini(med->med_idmap); med->med_idmap = NULL; } - cfs_mutex_unlock(&med->med_idmap_mutex); + mutex_unlock(&med->med_idmap_mutex); } static inline void mdt_revoke_export_locks(struct obd_export *exp) @@ -252,10 +132,10 @@ static inline void mdt_revoke_export_locks(struct obd_export *exp) ldlm_revoke_export_locks(exp); } -int mdt_handle_idmap(struct mdt_thread_info *info) +int mdt_handle_idmap(struct tgt_session_info *tsi) { - struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_device *mdt = info->mti_mdt; + struct ptlrpc_request *req = tgt_ses_req(tsi); + struct mdt_device *mdt = mdt_exp2dev(req->rq_export); struct mdt_export_data *med; struct ptlrpc_user_desc *pud = req->rq_user_desc; struct md_identity *identity; @@ -267,7 +147,7 @@ int mdt_handle_idmap(struct mdt_thread_info *info) RETURN(0); med = mdt_req2med(req); - if (!exp_connect_rmtclient(info->mti_exp)) + if (!exp_connect_rmtclient(req->rq_export)) RETURN(0); opc = lustre_msg_get_opc(req->rq_reqmsg); @@ -284,7 +164,7 @@ int mdt_handle_idmap(struct mdt_thread_info *info) RETURN(-EACCES); } - if (req->rq_auth_mapped_uid == INVALID_UID) { + if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) { CDEBUG(D_SEC, "invalid authorized mapped uid, please check " "/etc/lustre/idmap.conf!\n"); RETURN(-EACCES); @@ -395,37 +275,41 @@ int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; if (!exp_connect_rmtclient(info->mti_exp)) return; - if (body->valid & OBD_MD_FLUID) { - uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid); + if (body->mbo_valid & OBD_MD_FLUID) { + uid_t uid; - if (uid == CFS_IDMAP_NOTFOUND) { - uid = NOBODY_UID; - if (body->valid & OBD_MD_FLMODE) - body->mode = (body->mode & ~S_IRWXU) | - ((body->mode & S_IRWXO) << 6); - } + uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid); - body->uid = uid; - } + if (uid == CFS_IDMAP_NOTFOUND) { + uid = NOBODY_UID; + if (body->mbo_valid & OBD_MD_FLMODE) + body->mbo_mode = (body->mbo_mode & ~S_IRWXU) | + ((body->mbo_mode & S_IRWXO) << 6); + } - if (body->valid & OBD_MD_FLGID) { - gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid); + body->mbo_uid = uid; + } - if (gid == CFS_IDMAP_NOTFOUND) { - gid = NOBODY_GID; - if (body->valid & OBD_MD_FLMODE) - body->mode = (body->mode & ~S_IRWXG) | - ((body->mode & S_IRWXO) << 3); - } + if (body->mbo_valid & OBD_MD_FLGID) { + gid_t gid; + + gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid); + + if (gid == CFS_IDMAP_NOTFOUND) { + gid = NOBODY_GID; + if (body->mbo_valid & OBD_MD_FLMODE) + body->mbo_mode = (body->mbo_mode & ~S_IRWXG) | + ((body->mbo_mode & S_IRWXO) << 3); + } - body->gid = gid; + body->mbo_gid = gid; } } @@ -433,21 +317,21 @@ void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred_check(info); struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; - if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) - return -EINVAL; + if (uc == NULL) + return -EINVAL; if (op != REINT_SETATTR) { - if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) - attr->la_uid = uc->mu_fsuid; - /* for S_ISGID, inherit gid from his parent, such work will be - * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */ - if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) - attr->la_gid = uc->mu_fsgid; + if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) + attr->la_uid = uc->uc_fsuid; + /* for S_ISGID, inherit gid from his parent, such work will be + * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */ + if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) + attr->la_gid = uc->uc_fsgid; } else if (exp_connect_rmtclient(info->mti_exp)) { /* NB: -1 case will be handled by mdt_fix_attr() later. */ if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {