From: Emoly Liu <emoly.liu@intel.com>
Date: Fri, 22 Sep 2017 03:31:28 +0000 (+0800)
Subject: LU-9929 nodemap: add default ACL unmapping handling
X-Git-Tag: 2.10.54~16
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=62fee20556a4c90361bd28edb903dc77c9540133;p=fs%2Flustre-release.git

LU-9929 nodemap: add default ACL unmapping handling

This patch adds default ACL unmapping code to mdt_getxattr
functions so that clients can get a correctly unmapped id.
Also, test_23b is added to sanity-sec.sh to verify this fix.

Change-Id: I6562372c58ca9772f16f7d6b0b98b45ada87971a
Test-Parameters: testlist=sanity-sec
Signed-off-by: Emoly Liu <emoly.liu@intel.com>
Reviewed-on: https://review.whamcloud.com/29010
Tested-by: Jenkins
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Fan Yong <fan.yong@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Stephan Thiell <sthiell@stanford.edu>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 34e46cd..61be6b2 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -401,7 +401,7 @@ out_xattr:
 	}
 out:
         ptlrpc_req_finished(req);
-        return rc;
+	RETURN(rc);
 }
 
 static int ll_xattr_get_common(const struct xattr_handler *handler,
@@ -413,6 +413,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
 	char *fullname;
 	int rc;
 
+	ENTRY;
+
 	ll_stats_ops_tally(ll_i2sbi(inode), LPROC_LL_GETXATTR, 1);
 
 	rc = xattr_type_filter(sbi, handler);
@@ -455,7 +457,7 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
 	rc = ll_xattr_list(inode, fullname, handler->flags, buffer, size,
 			   OBD_MD_FLXATTR);
 	kfree(fullname);
-	return rc;
+	RETURN(rc);
 }
 
 static ssize_t ll_getxattr_lov(struct inode *inode, void *buf, size_t buf_size)
@@ -528,7 +530,7 @@ out_req:
 		if (req)
 			ptlrpc_req_finished(req);
 
-		return rc;
+		RETURN(rc);
 	} else {
 		RETURN(-ENODATA);
 	}
diff --git a/lustre/llite/xattr_cache.c b/lustre/llite/xattr_cache.c
index fca7ab0..50dcbe7 100644
--- a/lustre/llite/xattr_cache.c
+++ b/lustre/llite/xattr_cache.c
@@ -482,7 +482,7 @@ err_req:
 		rc = -EAGAIN;
 
 	ptlrpc_req_finished(req);
-	return rc;
+	RETURN(rc);
 }
 
 /**
@@ -547,6 +547,6 @@ int ll_xattr_cache_get(struct inode *inode,
 out:
 	up_read(&lli->lli_xattrs_list_rwsem);
 
-	return rc;
+	RETURN(rc);
 }
 
diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c
index ee6f744..3cd39f4 100644
--- a/lustre/mdt/mdt_xattr.c
+++ b/lustre/mdt/mdt_xattr.c
@@ -117,6 +117,36 @@ static int mdt_getxattr_pack_reply(struct mdt_thread_info * info)
         RETURN(size);
 }
 
+static int mdt_nodemap_map_acl(struct mdt_thread_info *info, void *buf,
+			       size_t size, const char *name,
+			       enum nodemap_tree_type tree_type)
+{
+	struct lu_nodemap      *nodemap;
+	struct obd_export      *exp = info->mti_exp;
+	int			rc = size;
+
+	ENTRY;
+
+	if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0 ||
+	    strcmp(name, XATTR_NAME_ACL_DEFAULT) == 0) {
+		if (size > info->mti_mdt->mdt_max_ea_size ||
+		     (!exp_connect_large_acl(exp) &&
+		      size > LUSTRE_POSIX_ACL_MAX_SIZE_OLD))
+			GOTO(out, rc = -ERANGE);
+
+		nodemap = nodemap_get_from_exp(exp);
+		if (IS_ERR(nodemap))
+			GOTO(out, rc = PTR_ERR(nodemap));
+
+		rc = nodemap_map_acl(nodemap, buf, size, tree_type);
+		nodemap_putref(nodemap);
+		if (rc < 0)
+			GOTO(out, rc);
+	}
+out:
+	RETURN(rc);
+}
+
 static int mdt_getxattr_all(struct mdt_thread_info *info,
 			    struct mdt_body *reqbody, struct mdt_body *repbody,
 			    struct lu_buf *buf, struct md_object *next)
@@ -155,7 +185,10 @@ static int mdt_getxattr_all(struct mdt_thread_info *info,
 		rc = mo_xattr_get(env, next, buf, b);
 		if (rc < 0)
 			GOTO(out_shrink, rc);
-
+		rc = mdt_nodemap_map_acl(info, buf->lb_buf, rc, b,
+					 NODEMAP_FS_TO_CLIENT);
+		if (rc < 0)
+			GOTO(out_shrink, rc);
 		sizes[eavallens] = rc;
 		eavallens++;
 		eavallen += rc;
@@ -223,9 +256,11 @@ int mdt_getxattr(struct mdt_thread_info *info)
 	valid = info->mti_body->mbo_valid & (OBD_MD_FLXATTR | OBD_MD_FLXATTRLS);
 
 	if (valid == OBD_MD_FLXATTR) {
-		char *xattr_name = req_capsule_client_get(info->mti_pill,
-							  &RMF_NAME);
+		const char *xattr_name = req_capsule_client_get(info->mti_pill,
+								&RMF_NAME);
 		rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);
+		rc = mdt_nodemap_map_acl(info, buf->lb_buf, rc, xattr_name,
+					 NODEMAP_FS_TO_CLIENT);
 	} else if (valid == OBD_MD_FLXATTRLS) {
 		CDEBUG(D_INODE, "listxattr\n");
 
@@ -261,7 +296,6 @@ int mdt_reint_setxattr(struct mdt_thread_info *info,
 	struct lu_attr		*attr = &info->mti_attr.ma_attr;
 	struct mdt_object	*obj;
 	struct md_object	*child;
-	struct obd_export	*exp = info->mti_exp;
 	__u64			 valid = attr->la_valid;
 	const char		*xattr_name = rr->rr_name.ln_name;
 	int			 xattr_len = rr->rr_eadatalen;
@@ -305,23 +339,10 @@ int mdt_reint_setxattr(struct mdt_thread_info *info,
 	} else if ((valid & OBD_MD_FLXATTR) &&
 		   (strcmp(xattr_name, XATTR_NAME_ACL_ACCESS) == 0 ||
 		    strcmp(xattr_name, XATTR_NAME_ACL_DEFAULT) == 0)) {
-		struct lu_nodemap *nodemap;
-
-		if ((xattr_len > info->mti_mdt->mdt_max_ea_size) ||
-		     (!exp_connect_large_acl(exp) &&
-		      xattr_len > LUSTRE_POSIX_ACL_MAX_SIZE_OLD))
-			GOTO(out, rc = -ERANGE);
-
-		nodemap = nodemap_get_from_exp(exp);
-		if (IS_ERR(nodemap))
-			GOTO(out, rc = PTR_ERR(nodemap));
-
-		rc = nodemap_map_acl(nodemap, rr->rr_eadata, xattr_len,
-				     NODEMAP_CLIENT_TO_FS);
-		nodemap_putref(nodemap);
+		rc = mdt_nodemap_map_acl(info, rr->rr_eadata, xattr_len,
+					 xattr_name, NODEMAP_CLIENT_TO_FS);
 		if (rc < 0)
 			GOTO(out, rc);
-
 		/* ACLs were mapped out, return an error so the user knows */
 		if (rc != xattr_len)
 			GOTO(out, rc = -EPERM);
diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c
index a6ef9ca..ba5f4a7 100644
--- a/lustre/ptlrpc/nodemap_handler.c
+++ b/lustre/ptlrpc/nodemap_handler.c
@@ -701,17 +701,19 @@ ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
 	posix_acl_xattr_entry	*end;
 	int			 count;
 
+	ENTRY;
+
 	if (!nodemap_active)
-		return size;
+		RETURN(size);
 
 	if (unlikely(nodemap == NULL))
-		return size;
+		RETURN(size);
 
 	count = posix_acl_xattr_count(size);
 	if (count < 0)
-		return -EINVAL;
+		RETURN(-EINVAL);
 	if (count == 0)
-		return 0;
+		RETURN(0);
 
 	for (end = entry + count; entry != end; entry++) {
 		__u16 tag = le16_to_cpu(entry->e_tag);
@@ -741,7 +743,7 @@ ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
 		new_entry++;
 	}
 
-	return (void *)new_entry - (void *)header;
+	RETURN((void *)new_entry - (void *)header);
 }
 EXPORT_SYMBOL(nodemap_map_acl);
 
diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index 5c517b1..64e3a08 100755
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -1554,7 +1554,7 @@ nodemap_acl_test() {
 	return 1
 }
 
-test_23() {
+test_23a() {
 	nodemap_version_check || return 0
 	nodemap_test_setup
 
@@ -1606,7 +1606,57 @@ test_23() {
 
 	nodemap_test_cleanup
 }
-run_test 23 "test mapped ACLs"
+run_test 23a "test mapped regular ACLs"
+
+test_23b() { #LU-9929
+	remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+	[ $(lustre_version_code mgs) -lt $(version_code 2.10.53) ] &&
+		skip "Need MGS >= 2.10.53" && return
+
+	nodemap_test_setup
+	trap nodemap_test_cleanup EXIT
+
+	local testdir=$DIR/$tdir
+	local fs_id=$((IDBASE+10))
+	local unmapped_id
+	local mapped_id
+	local fs_user
+
+	do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
+	wait_nm_sync c0 admin_nodemap
+
+	# Add idmap $ID0:$fs_id (500:60010)
+	do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
+		--idmap $ID0:$fs_id ||
+		error "add idmap $ID0:$fs_id to nodemap c0 failed"
+
+	# set/getfacl default acl on client0 (unmapped gid=500)
+	rm -rf $testdir
+	mkdir -p $testdir
+	# Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
+	setfacl -R -d -m group:$USER0:rwx $testdir ||
+		error "setfacl $testdir on ${clients_arr[0]} failed"
+	unmapped_id=$(getfacl $testdir | grep -E "default:group:.*:rwx" |
+			awk -F: '{print $3}')
+	[ "$unmapped_id" = "$USER0" ] ||
+		error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
+
+	# getfacl default acl on MGS (mapped gid=60010)
+	zconf_mount $mgs_HOST $MOUNT
+	do_rpc_nodes $mgs_HOST is_mounted $MOUNT ||
+		error "mount lustre on MGS failed"
+	mapped_id=$(do_node $mgs_HOST getfacl $testdir |
+			grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
+	fs_user=$(do_facet mgs getent passwd |
+			grep :$fs_id:$fs_id: | cut -d: -f1)
+	[ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
+		error "Should return gid=$fs_id or $fs_user on MGS"
+
+	rm -rf $testdir
+	do_facet mgs umount $MOUNT
+	nodemap_test_cleanup
+}
+run_test 23b "test mapped default ACLs"
 
 test_24() {
 	nodemap_test_setup