From 8a770616a5ad21360ecba63c3643cadd245a2a50 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Tue, 29 Jun 2021 17:54:59 +0200 Subject: [PATCH] LU-14797 sec: add projid to nodemap Add the ability to create id maps of a new type, projid. This also requires adding a new value to map_mode, projid_only. Finally, a new property named squash_projid is used to map all project ID to a default one. Update lctl man pages to mention these additions. Update sanity-sec test_12 and test_15 to exercise projid mapping and squash_projid property. Signed-off-by: Sebastien Buisson Change-Id: I63eba8b0d33feaa7ece8c1788cb587fcb330357a Reviewed-on: https://review.whamcloud.com/44108 Tested-by: jenkins Reviewed-by: Andreas Dilger Tested-by: Maloo Reviewed-by: Patrick Farrell Reviewed-by: Oleg Drokin --- lustre/doc/lctl-nodemap-add-idmap.8 | 17 ++--- lustre/doc/lctl-nodemap-del-idmap.8 | 14 ++--- lustre/doc/lctl-nodemap-modify.8 | 16 ++++- lustre/include/lustre_nodemap.h | 26 ++++++-- lustre/include/uapi/linux/lustre/lustre_cfg.h | 3 + lustre/include/uapi/linux/lustre/lustre_idl.h | 2 +- lustre/mgs/mgs_handler.c | 9 ++- lustre/mgs/mgs_llog.c | 72 ++++++++++++++++++---- lustre/ptlrpc/nodemap_handler.c | 89 +++++++++++++++++---------- lustre/ptlrpc/nodemap_idmap.c | 28 +++++++-- lustre/ptlrpc/nodemap_internal.h | 5 +- lustre/ptlrpc/nodemap_lproc.c | 69 +++++++++++++++++++-- lustre/ptlrpc/nodemap_storage.c | 66 ++++++++++++++++---- lustre/ptlrpc/wiretest.c | 16 +++-- lustre/tests/sanity-sec.sh | 35 +++++++++++ lustre/utils/obd.c | 24 ++++++-- lustre/utils/wirecheck.c | 6 +- lustre/utils/wiretest.c | 16 +++-- 18 files changed, 404 insertions(+), 109 deletions(-) diff --git a/lustre/doc/lctl-nodemap-add-idmap.8 b/lustre/doc/lctl-nodemap-add-idmap.8 index b69b749..b7957fb 100644 --- a/lustre/doc/lctl-nodemap-add-idmap.8 +++ b/lustre/doc/lctl-nodemap-add-idmap.8 @@ -1,23 +1,23 @@ .TH LCTL-NODEMAP_ADD_IDMAP 8 "2015-01-20" Lustre "configuration utilities" .SH NAME -lctl-nodemap_add_idmap \- define a range of NIDs for a nodemap +lctl-nodemap_add_idmap \- define ID mappings for a nodemap .SH SYNOPSIS .br -.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid}> -<--idmap clientid:fsid> +.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid|projid}> +.B <--idmap clientid:fsid> .br .SH DESCRIPTION -.B nodemap_add_idmap adds an identity mapping to a nodemap. Clients that are -members of the given nodemap will have the identities of their users mapped -accordingly. +.B nodemap_add_idmap +adds an identity mapping to a nodemap. Clients that are members of the given +nodemap will have the identities of their users mapped accordingly. .SH OPTIONS .I name is the name of the nodemap that this idmap should be added to. .I idtype -is either "uid" or "gid" depending on if it is a user ID or group ID that is to -be mapped. +is either "uid" or "gid" or "projid" depending on if it is a user ID or group +ID or project ID that is to be mapped. .I idmap is the identity to map, and what it should be mapped to. The first digit is the @@ -28,6 +28,7 @@ that it should map to on the Lustre filesystem. .nf # lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001 # lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002 +# lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1 .fi .SH AVAILABILITY diff --git a/lustre/doc/lctl-nodemap-del-idmap.8 b/lustre/doc/lctl-nodemap-del-idmap.8 index 640f58c..a1a26e0 100644 --- a/lustre/doc/lctl-nodemap-del-idmap.8 +++ b/lustre/doc/lctl-nodemap-del-idmap.8 @@ -3,22 +3,21 @@ lctl-nodemap_del_idmap \- delete an existing idmap from a nodemap .SH SYNOPSIS .br -.B lctl nodemap_del_idmap <--name name> <--idtype [uid|gid]> -<--idmap clientid:fsid> +.B lctl nodemap_del_idmap <--name name> <--idtype {uid|gid|projid}> +.B <--idmap clientid:fsid> .br .SH DESCRIPTION .B nodemap_del_idmap -deletes an idmap from a nodemap. Users or groups in the nodemap with that ID -will be squashed, if the trusted flag is not enabled. +deletes an idmap from a nodemap. Users or groups or projects in the nodemap with +that ID will be squashed, if the trusted flag is not enabled. .SH OPTIONS .I name is the name of the nodemap that this idmap should be deleted from. - .I idtype -is either "uid" or "gid" depending on if it is a user or group mapping that is -to be removed. +is either "uid" or "gid" or "projid" depending on if it is a user or group or +project ID mapping that is to be removed. .I idmap is the identity map to delete. @@ -27,6 +26,7 @@ is the identity map to delete. .nf # lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001 # lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002 +# lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1 .fi .SH AVAILABILITY diff --git a/lustre/doc/lctl-nodemap-modify.8 b/lustre/doc/lctl-nodemap-modify.8 index 970cc56..ab599c3 100644 --- a/lustre/doc/lctl-nodemap-modify.8 +++ b/lustre/doc/lctl-nodemap-modify.8 @@ -14,9 +14,9 @@ modifies a property of the given nodemap. .I nodemap_name is the name of the nodemap to modify - .I property_name is one of the following properties: +.RS 0.3i .PP admin .RS 4 @@ -42,6 +42,11 @@ squash_gid Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to. .RE .PP +squash_projid +.RS 4 +Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to. +.RE +.PP deny_unknown .RS 4 Defaults to off. If set to on then unknown (squashed) users will be denied @@ -62,7 +67,15 @@ activated or not. The reason not to record file system events from given clients is to prevent some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs. .RE +.PP +map_mode +.RS 4 +Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs. +Other possible values (multiple can be specified, comma separated) are uid to +map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs. +.RE +.RE .I value is the value to set for the property. Should be 0 or 1 for admin and trusted. @@ -70,6 +83,7 @@ is the value to set for the property. Should be 0 or 1 for admin and trusted. .nf # lctl nodemap_modify --name remotesite --property trusted --value 1 # lctl nodemap_modify --name remotesite --property admin --value 1 +# lctl nodemap_modify --name remotesite --property map_mode --value uid_only # lctl nodemap_modify --name otherremotesite --property squash_uid --value 101 .fi diff --git a/lustre/include/lustre_nodemap.h b/lustre/include/lustre_nodemap.h index e8e8e41..7ac2c14 100644 --- a/lustre/include/lustre_nodemap.h +++ b/lustre/include/lustre_nodemap.h @@ -44,6 +44,7 @@ enum nodemap_id_type { NODEMAP_UID, NODEMAP_GID, + NODEMAP_PROJID, }; enum nodemap_tree_type { @@ -52,9 +53,13 @@ enum nodemap_tree_type { }; enum nodemap_mapping_modes { - NODEMAP_MAP_BOTH, - NODEMAP_MAP_UID_ONLY, - NODEMAP_MAP_GID_ONLY, + NODEMAP_MAP_UID = 0x01, + NODEMAP_MAP_GID = 0x02, + NODEMAP_MAP_BOTH = 0x03, /* for compatibility */ + NODEMAP_MAP_PROJID = 0x04, + NODEMAP_MAP_ALL = NODEMAP_MAP_UID | + NODEMAP_MAP_GID | + NODEMAP_MAP_PROJID, }; struct nodemap_pde { @@ -75,10 +80,11 @@ struct lu_nodemap { bool nmf_trust_client_ids:1, nmf_deny_unknown:1, nmf_allow_root_access:1, - nmf_map_uid_only:1, - nmf_map_gid_only:1, nmf_enable_audit:1, nmf_forbid_encryption:1; + /* bitmap for mapping type */ + enum nodemap_mapping_modes + nmf_map_mode; /* unique ID set by MGS */ unsigned int nm_id; /* nodemap ref counter */ @@ -87,6 +93,8 @@ struct lu_nodemap { uid_t nm_squash_uid; /* GID to squash unmapped GIDs */ gid_t nm_squash_gid; + /* PROJID to squash unmapped PROJIDs */ + projid_t nm_squash_projid; /* NID range list */ struct list_head nm_ranges; /* lock for idmap red/black trees */ @@ -99,6 +107,10 @@ struct lu_nodemap { struct rb_root nm_fs_to_client_gidmap; /* GID map keyed by remote UID */ struct rb_root nm_client_to_fs_gidmap; + /* PROJID map keyed by local UID */ + struct rb_root nm_fs_to_client_projidmap; + /* PROJID map keyed by remote UID */ + struct rb_root nm_client_to_fs_projidmap; /* attached client members of this nodemap */ struct mutex nm_member_list_lock; struct list_head nm_member_list; @@ -136,9 +148,11 @@ int nodemap_del_range(const char *name, const lnet_nid_t nid[2]); int nodemap_set_allow_root(const char *name, bool allow_root); int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids); int nodemap_set_deny_unknown(const char *name, bool deny_unknown); -int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode); +int nodemap_set_mapping_mode(const char *name, + enum nodemap_mapping_modes map_mode); int nodemap_set_squash_uid(const char *name, uid_t uid); int nodemap_set_squash_gid(const char *name, gid_t gid); +int nodemap_set_squash_projid(const char *name, projid_t projid); int nodemap_set_audit_mode(const char *name, bool enable_audit); int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption); bool nodemap_can_setquota(const struct lu_nodemap *nodemap); diff --git a/lustre/include/uapi/linux/lustre/lustre_cfg.h b/lustre/include/uapi/linux/lustre/lustre_cfg.h index 32bf292..97bd28f 100644 --- a/lustre/include/uapi/linux/lustre/lustre_cfg.h +++ b/lustre/include/uapi/linux/lustre/lustre_cfg.h @@ -118,6 +118,8 @@ enum lcfg_command_type { * id mapping */ LCFG_NODEMAP_ADMIN = 0x00ce049, /**< allow cluster to use id 0 */ + LCFG_NODEMAP_ADD_PROJIDMAP = 0x00ce04a, /**< add a projidmap */ + LCFG_NODEMAP_DEL_PROJIDMAP = 0x00ce04b, /**< delete a projidmap */ LCFG_NODEMAP_TRUSTED = 0x00ce050, /**< trust a clusters ids */ LCFG_NODEMAP_SQUASH_UID = 0x00ce051, /**< default map uid */ LCFG_NODEMAP_SQUASH_GID = 0x00ce052, /**< default map gid */ @@ -137,6 +139,7 @@ enum lcfg_command_type { LCFG_NODEMAP_AUDIT_MODE = 0x00ce05a, /**< set the audit mode */ LCFG_NODEMAP_SET_SEPOL = 0x00ce05b, /**< set SELinux policy */ LCFG_NODEMAP_FORBID_ENCRYPT = 0x00ce05c, /**< forbid encryption */ + LCFG_NODEMAP_SQUASH_PROJID = 0x00ce05d, /**< default map projid */ }; struct lustre_cfg_bufs { diff --git a/lustre/include/uapi/linux/lustre/lustre_idl.h b/lustre/include/uapi/linux/lustre/lustre_idl.h index 3cd00a0..0e28b08 100644 --- a/lustre/include/uapi/linux/lustre/lustre_idl.h +++ b/lustre/include/uapi/linux/lustre/lustre_idl.h @@ -3586,7 +3586,7 @@ struct nodemap_cluster_rec { char ncr_name[LUSTRE_NODEMAP_NAME_LENGTH + 1]; __u8 ncr_flags; __u16 ncr_padding1; - __u32 ncr_padding2; + __u32 ncr_squash_projid; __u32 ncr_squash_uid; __u32 ncr_squash_gid; }; diff --git a/lustre/mgs/mgs_handler.c b/lustre/mgs/mgs_handler.c index 3de752a..b6ec00d 100644 --- a/lustre/mgs/mgs_handler.c +++ b/lustre/mgs/mgs_handler.c @@ -814,8 +814,12 @@ static int mgs_iocontrol_nodemap(const struct lu_env *env, nid = libcfs_str2nid(nidstr); if (strcmp(idtype_str, "uid") == 0) idtype = NODEMAP_UID; - else + else if (strcmp(idtype_str, "gid") == 0) idtype = NODEMAP_GID; + else if (strcmp(idtype_str, "projid") == 0) + idtype = NODEMAP_PROJID; + else + GOTO(out_lcfg, rc = -EINVAL); rc = kstrtoul(client_idstr, 10, &client_id); if (rc != 0) @@ -839,6 +843,8 @@ static int mgs_iocontrol_nodemap(const struct lu_env *env, case LCFG_NODEMAP_DEL_UIDMAP: case LCFG_NODEMAP_ADD_GIDMAP: case LCFG_NODEMAP_DEL_GIDMAP: + case LCFG_NODEMAP_ADD_PROJIDMAP: + case LCFG_NODEMAP_DEL_PROJIDMAP: case LCFG_NODEMAP_SET_FILESET: case LCFG_NODEMAP_SET_SEPOL: if (lcfg->lcfg_bufcount != 3) @@ -852,6 +858,7 @@ static int mgs_iocontrol_nodemap(const struct lu_env *env, case LCFG_NODEMAP_DENY_UNKNOWN: case LCFG_NODEMAP_SQUASH_UID: case LCFG_NODEMAP_SQUASH_GID: + case LCFG_NODEMAP_SQUASH_PROJID: case LCFG_NODEMAP_MAP_MODE: case LCFG_NODEMAP_AUDIT_MODE: case LCFG_NODEMAP_FORBID_ENCRYPT: diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c index 9966018..36fc0d6 100644 --- a/lustre/mgs/mgs_llog.c +++ b/lustre/mgs/mgs_llog.c @@ -5501,18 +5501,46 @@ int mgs_nodemap_cmd(const struct lu_env *env, struct mgs_device *mgs, bool_switch); break; case LCFG_NODEMAP_MAP_MODE: - if (strcmp("both", param) == 0) - rc = nodemap_set_mapping_mode(nodemap_name, - NODEMAP_MAP_BOTH); - else if (strcmp("uid_only", param) == 0) - rc = nodemap_set_mapping_mode(nodemap_name, - NODEMAP_MAP_UID_ONLY); - else if (strcmp("gid_only", param) == 0) - rc = nodemap_set_mapping_mode(nodemap_name, - NODEMAP_MAP_GID_ONLY); - else - rc = -EINVAL; + { + char *p; + __u8 map_mode = 0; + + if ((p = strstr(param, "all")) != NULL) { + if ((p == param || *(p-1) == ',') && + (*(p+3) == '\0' || *(p+3) == ',')) { + map_mode = NODEMAP_MAP_ALL; + } else { + rc = -EINVAL; + break; + } + } else { + while ((p = strsep(¶m, ",")) != NULL) { + if (!*p) + break; + + if (strcmp("both", p) == 0) + map_mode |= NODEMAP_MAP_BOTH; + else if (strcmp("uid_only", p) == 0 || + strcmp("uid", p) == 0) + map_mode |= NODEMAP_MAP_UID; + else if (strcmp("gid_only", p) == 0 || + strcmp("gid", p) == 0) + map_mode |= NODEMAP_MAP_GID; + else if (strcmp("projid_only", p) == 0 || + strcmp("projid", p) == 0) + map_mode |= NODEMAP_MAP_PROJID; + else + break; + } + if (p) { + rc = -EINVAL; + break; + } + } + + rc = nodemap_set_mapping_mode(nodemap_name, map_mode); break; + } case LCFG_NODEMAP_TRUSTED: rc = kstrtobool(param, &bool_switch); if (rc) @@ -5531,29 +5559,47 @@ int mgs_nodemap_cmd(const struct lu_env *env, struct mgs_device *mgs, break; rc = nodemap_set_squash_gid(nodemap_name, int_id); break; + case LCFG_NODEMAP_SQUASH_PROJID: + rc = kstrtouint(param, 10, &int_id); + if (rc) + break; + rc = nodemap_set_squash_projid(nodemap_name, int_id); + break; case LCFG_NODEMAP_ADD_UIDMAP: case LCFG_NODEMAP_ADD_GIDMAP: + case LCFG_NODEMAP_ADD_PROJIDMAP: rc = nodemap_parse_idmap(param, idmap); if (rc != 0) break; if (cmd == LCFG_NODEMAP_ADD_UIDMAP) rc = nodemap_add_idmap(nodemap_name, NODEMAP_UID, idmap); - else + else if (cmd == LCFG_NODEMAP_ADD_GIDMAP) rc = nodemap_add_idmap(nodemap_name, NODEMAP_GID, idmap); + else if (cmd == LCFG_NODEMAP_ADD_PROJIDMAP) + rc = nodemap_add_idmap(nodemap_name, NODEMAP_PROJID, + idmap); + else + rc = -EINVAL; break; case LCFG_NODEMAP_DEL_UIDMAP: case LCFG_NODEMAP_DEL_GIDMAP: + case LCFG_NODEMAP_DEL_PROJIDMAP: rc = nodemap_parse_idmap(param, idmap); if (rc != 0) break; if (cmd == LCFG_NODEMAP_DEL_UIDMAP) rc = nodemap_del_idmap(nodemap_name, NODEMAP_UID, idmap); - else + else if (cmd == LCFG_NODEMAP_DEL_GIDMAP) rc = nodemap_del_idmap(nodemap_name, NODEMAP_GID, idmap); + else if (cmd == LCFG_NODEMAP_DEL_PROJIDMAP) + rc = nodemap_del_idmap(nodemap_name, NODEMAP_PROJID, + idmap); + else + rc = -EINVAL; break; case LCFG_NODEMAP_SET_FILESET: rc = nodemap_set_fileset(nodemap_name, param); diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c index aa1e5f2..34d04b8 100644 --- a/lustre/ptlrpc/nodemap_handler.c +++ b/lustre/ptlrpc/nodemap_handler.c @@ -633,7 +633,7 @@ EXPORT_SYMBOL(nodemap_get_from_exp); * mapping function for nodemap idmaps * * \param nodemap lu_nodemap structure defining nodemap - * \param node_type NODEMAP_UID or NODEMAP_GID + * \param node_type NODEMAP_UID or NODEMAP_GID or NODEMAP_PROJID * \param tree_type NODEMAP_CLIENT_TO_FS or * NODEMAP_FS_TO_CLIENT * \param id id to map @@ -669,10 +669,16 @@ __u32 nodemap_map_id(struct lu_nodemap *nodemap, if (unlikely(nodemap == NULL)) goto out; - if (nodemap->nmf_map_uid_only && id_type == NODEMAP_GID) + if (id_type == NODEMAP_UID && + !(nodemap->nmf_map_mode & NODEMAP_MAP_UID)) goto out; - if (nodemap->nmf_map_gid_only && id_type == NODEMAP_UID) + if (id_type == NODEMAP_GID && + !(nodemap->nmf_map_mode & NODEMAP_MAP_GID)) + goto out; + + if (id_type == NODEMAP_PROJID && + !(nodemap->nmf_map_mode & NODEMAP_MAP_PROJID)) goto out; if (id == 0) { @@ -705,8 +711,10 @@ __u32 nodemap_map_id(struct lu_nodemap *nodemap, squash: if (id_type == NODEMAP_UID) RETURN(nodemap->nm_squash_uid); - else + if (id_type == NODEMAP_GID) RETURN(nodemap->nm_squash_gid); + if (id_type == NODEMAP_PROJID) + RETURN(nodemap->nm_squash_projid); out: RETURN(id); } @@ -1156,6 +1164,8 @@ struct lu_nodemap *nodemap_create(const char *name, nodemap->nm_client_to_fs_uidmap = RB_ROOT; nodemap->nm_fs_to_client_gidmap = RB_ROOT; nodemap->nm_client_to_fs_gidmap = RB_ROOT; + nodemap->nm_fs_to_client_projidmap = RB_ROOT; + nodemap->nm_client_to_fs_projidmap = RB_ROOT; if (is_default) { nodemap->nm_id = LUSTRE_NODEMAP_DEFAULT_ID; @@ -1169,13 +1179,13 @@ struct lu_nodemap *nodemap_create(const char *name, nodemap->nmf_trust_client_ids = 0; nodemap->nmf_allow_root_access = 0; nodemap->nmf_deny_unknown = 0; - nodemap->nmf_map_uid_only = 0; - nodemap->nmf_map_gid_only = 0; + nodemap->nmf_map_mode = NODEMAP_MAP_ALL; nodemap->nmf_enable_audit = 1; nodemap->nmf_forbid_encryption = 0; nodemap->nm_squash_uid = NODEMAP_NOBODY_UID; nodemap->nm_squash_gid = NODEMAP_NOBODY_GID; + nodemap->nm_squash_projid = NODEMAP_NOBODY_PROJID; nodemap->nm_fileset[0] = '\0'; nodemap->nm_sepol[0] = '\0'; if (!is_default) @@ -1186,19 +1196,15 @@ struct lu_nodemap *nodemap_create(const char *name, default_nodemap->nmf_trust_client_ids; nodemap->nmf_allow_root_access = default_nodemap->nmf_allow_root_access; - nodemap->nmf_deny_unknown = - default_nodemap->nmf_deny_unknown; - nodemap->nmf_map_uid_only = - default_nodemap->nmf_map_uid_only; - nodemap->nmf_map_gid_only = - default_nodemap->nmf_map_gid_only; - nodemap->nmf_enable_audit = - default_nodemap->nmf_enable_audit; + nodemap->nmf_deny_unknown = default_nodemap->nmf_deny_unknown; + nodemap->nmf_map_mode = default_nodemap->nmf_map_mode; + nodemap->nmf_enable_audit = default_nodemap->nmf_enable_audit; nodemap->nmf_forbid_encryption = default_nodemap->nmf_forbid_encryption; nodemap->nm_squash_uid = default_nodemap->nm_squash_uid; nodemap->nm_squash_gid = default_nodemap->nm_squash_gid; + nodemap->nm_squash_projid = default_nodemap->nm_squash_projid; nodemap->nm_fileset[0] = '\0'; nodemap->nm_sepol[0] = '\0'; } @@ -1295,7 +1301,8 @@ out: } EXPORT_SYMBOL(nodemap_set_trust_client_ids); -int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode) +int nodemap_set_mapping_mode(const char *name, + enum nodemap_mapping_modes map_mode) { struct lu_nodemap *nodemap = NULL; int rc = 0; @@ -1306,22 +1313,7 @@ int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode) if (IS_ERR(nodemap)) GOTO(out, rc = PTR_ERR(nodemap)); - switch (mode) { - case NODEMAP_MAP_BOTH: - nodemap->nmf_map_uid_only = 0; - nodemap->nmf_map_gid_only = 0; - break; - case NODEMAP_MAP_UID_ONLY: - nodemap->nmf_map_uid_only = 1; - nodemap->nmf_map_gid_only = 0; - break; - case NODEMAP_MAP_GID_ONLY: - nodemap->nmf_map_uid_only = 0; - nodemap->nmf_map_gid_only = 1; - break; - default: - CWARN("cannot set unknown mapping mode, mode = %d\n", mode); - } + nodemap->nmf_map_mode = map_mode; rc = nodemap_idx_nodemap_update(nodemap); nm_member_revoke_locks(nodemap); @@ -1371,7 +1363,7 @@ EXPORT_SYMBOL(nodemap_set_squash_uid); * \param gid the new gid to squash unknown gids to * \retval 0 on success * - * Update the squash_gid for a nodemap. The squash_uid is the gid + * Update the squash_gid for a nodemap. The squash_gid is the gid * that the all client gids are mapped to if nodemap is active, * the trust_client_ids flag is not set, and the gid is not in * the idmap tree. @@ -1398,6 +1390,39 @@ out: EXPORT_SYMBOL(nodemap_set_squash_gid); /** + * Update the squash_projid for a nodemap. + * + * \param name nodemap name + * \param gid the new projid to squash unknown projids to + * \retval 0 on success + * + * Update the squash_projid for a nodemap. The squash_projid is the projid + * that the all client projids are mapped to if nodemap is active, + * the trust_client_ids flag is not set, and the projid is not in + * the idmap tree. + */ +int nodemap_set_squash_projid(const char *name, projid_t projid) +{ + struct lu_nodemap *nodemap = NULL; + int rc = 0; + + mutex_lock(&active_config_lock); + nodemap = nodemap_lookup(name); + mutex_unlock(&active_config_lock); + if (IS_ERR(nodemap)) + GOTO(out, rc = PTR_ERR(nodemap)); + + nodemap->nm_squash_projid = projid; + rc = nodemap_idx_nodemap_update(nodemap); + + nm_member_revoke_locks(nodemap); + nodemap_putref(nodemap); +out: + return rc; +} +EXPORT_SYMBOL(nodemap_set_squash_projid); + +/** * Returns true if this nodemap has root user access. Always returns true if * nodemaps are not active. * diff --git a/lustre/ptlrpc/nodemap_idmap.c b/lustre/ptlrpc/nodemap_idmap.c index a213ae6..50aac55 100644 --- a/lustre/ptlrpc/nodemap_idmap.c +++ b/lustre/ptlrpc/nodemap_idmap.c @@ -102,9 +102,14 @@ struct lu_idmap *idmap_insert(enum nodemap_id_type id_type, if (id_type == NODEMAP_UID) { fwd_root = &nodemap->nm_client_to_fs_uidmap; bck_root = &nodemap->nm_fs_to_client_uidmap; - } else { + } else if (id_type == NODEMAP_GID) { fwd_root = &nodemap->nm_client_to_fs_gidmap; bck_root = &nodemap->nm_fs_to_client_gidmap; + } else if (id_type == NODEMAP_PROJID) { + fwd_root = &nodemap->nm_client_to_fs_projidmap; + bck_root = &nodemap->nm_fs_to_client_projidmap; + } else { + RETURN(ERR_PTR(-EINVAL)); } fwd_node = &fwd_root->rb_node; @@ -173,15 +178,20 @@ struct lu_idmap *idmap_insert(enum nodemap_id_type id_type, void idmap_delete(enum nodemap_id_type id_type, struct lu_idmap *idmap, struct lu_nodemap *nodemap) { - struct rb_root *fwd_root; - struct rb_root *bck_root; + struct rb_root *fwd_root; + struct rb_root *bck_root; if (id_type == NODEMAP_UID) { fwd_root = &nodemap->nm_client_to_fs_uidmap; bck_root = &nodemap->nm_fs_to_client_uidmap; - } else { + } else if (id_type == NODEMAP_GID) { fwd_root = &nodemap->nm_client_to_fs_gidmap; bck_root = &nodemap->nm_fs_to_client_gidmap; + } else if (id_type == NODEMAP_PROJID) { + fwd_root = &nodemap->nm_client_to_fs_projidmap; + bck_root = &nodemap->nm_fs_to_client_projidmap; + } else { + return; } rb_erase(&idmap->id_client_to_fs, fwd_root); @@ -221,6 +231,10 @@ struct lu_idmap *idmap_search(struct lu_nodemap *nodemap, root = &nodemap->nm_fs_to_client_gidmap; else if (id_type == NODEMAP_GID && tree_type == NODEMAP_CLIENT_TO_FS) root = &nodemap->nm_client_to_fs_gidmap; + else if (id_type == NODEMAP_PROJID && tree_type == NODEMAP_FS_TO_CLIENT) + root = &nodemap->nm_fs_to_client_projidmap; + else if (id_type == NODEMAP_PROJID && tree_type == NODEMAP_CLIENT_TO_FS) + root = &nodemap->nm_client_to_fs_projidmap; node = root->rb_node; @@ -276,4 +290,10 @@ void idmap_delete_tree(struct lu_nodemap *nodemap) id_client_to_fs) { idmap_destroy(idmap); } + + root = nodemap->nm_client_to_fs_projidmap; + nm_rbtree_postorder_for_each_entry_safe(idmap, temp, &root, + id_client_to_fs) { + idmap_destroy(idmap); + } } diff --git a/lustre/ptlrpc/nodemap_internal.h b/lustre/ptlrpc/nodemap_internal.h index 96636ae..41c0bb0 100644 --- a/lustre/ptlrpc/nodemap_internal.h +++ b/lustre/ptlrpc/nodemap_internal.h @@ -35,10 +35,10 @@ #define DEFAULT_NODEMAP "default" -/* Default nobody uid and gid values */ - +/* Default nobody uid, gid and projid values */ #define NODEMAP_NOBODY_UID 99 #define NODEMAP_NOBODY_GID 99 +#define NODEMAP_NOBODY_PROJID 99 struct lprocfs_static_vars; @@ -91,6 +91,7 @@ enum nodemap_idx_type { NODEMAP_RANGE_IDX = 2, /* nid range assigned to a nm cluster */ NODEMAP_UIDMAP_IDX = 3, /* uid map assigned to a nm cluster */ NODEMAP_GIDMAP_IDX = 4, /* gid map assigned to a nm cluster */ + NODEMAP_PROJIDMAP_IDX = 5, /* projid map assigned to nm cluster */ NODEMAP_GLOBAL_IDX = 15, /* stores nodemap activation status */ }; diff --git a/lustre/ptlrpc/nodemap_lproc.c b/lustre/ptlrpc/nodemap_lproc.c index e6f109c..a9292a3 100644 --- a/lustre/ptlrpc/nodemap_lproc.c +++ b/lustre/ptlrpc/nodemap_lproc.c @@ -87,6 +87,17 @@ static int nodemap_idmap_show(struct seq_file *m, void *data) "fs_id: %u }", idmap->id_client, idmap->id_fs); } + for (node = rb_first(&nodemap->nm_client_to_fs_projidmap); + node; node = rb_next(node)) { + if (cont) + seq_printf(m, ",\n"); + idmap = rb_entry(node, struct lu_idmap, id_client_to_fs); + if (idmap != NULL) + seq_printf(m, + " { idtype: projid, client_id: %u, fs_id: %u }", + idmap->id_client, + idmap->id_fs); + } up_read(&nodemap->nm_idmap_lock); seq_printf(m, "\n"); seq_printf(m, "]\n"); @@ -495,6 +506,33 @@ static int nodemap_squash_gid_seq_show(struct seq_file *m, void *data) } /** + * Reads and prints the squash PROJID for the given nodemap. + * + * \param m seq file in proc fs + * \param data unused + * \retval 0 success + */ +static int nodemap_squash_projid_seq_show(struct seq_file *m, void *data) +{ + struct lu_nodemap *nodemap; + + mutex_lock(&active_config_lock); + nodemap = nodemap_lookup(m->private); + mutex_unlock(&active_config_lock); + if (IS_ERR(nodemap)) { + int rc = PTR_ERR(nodemap); + + CERROR("cannot find nodemap '%s': rc = %d\n", + (char *)m->private, rc); + return rc; + } + + seq_printf(m, "%u\n", nodemap->nm_squash_projid); + nodemap_putref(nodemap); + return 0; +} + +/** * Reads and prints the trusted flag for the given nodemap. * * \param m seq file in proc fs @@ -558,6 +596,7 @@ static int nodemap_admin_seq_show(struct seq_file *m, void *data) static int nodemap_map_mode_seq_show(struct seq_file *m, void *data) { struct lu_nodemap *nodemap; + bool need_sep = false; int rc; mutex_lock(&active_config_lock); @@ -570,12 +609,21 @@ static int nodemap_map_mode_seq_show(struct seq_file *m, void *data) return rc; } - if (nodemap->nmf_map_uid_only) - seq_printf(m, "uid_only\n"); - else if (nodemap->nmf_map_gid_only) - seq_printf(m, "gid_only\n"); - else - seq_printf(m, "both\n"); + if (nodemap->nmf_map_mode == NODEMAP_MAP_ALL) { + seq_puts(m, "all\n"); + } else { + if (nodemap->nmf_map_mode & NODEMAP_MAP_UID) { + seq_puts(m, "uid"); + need_sep = true; + } + if (nodemap->nmf_map_mode & NODEMAP_MAP_GID) { + seq_puts(m, need_sep ? ",gid" : "gid"); + need_sep = true; + } + if (nodemap->nmf_map_mode & NODEMAP_MAP_PROJID) + seq_puts(m, need_sep ? ",projid" : "projid"); + seq_puts(m, "\n"); + } nodemap_putref(nodemap); return 0; @@ -676,6 +724,7 @@ LPROC_SEQ_FOPS_RO(nodemap_trusted); LPROC_SEQ_FOPS_RO(nodemap_admin); LPROC_SEQ_FOPS_RO(nodemap_squash_uid); LPROC_SEQ_FOPS_RO(nodemap_squash_gid); +LPROC_SEQ_FOPS_RO(nodemap_squash_projid); LPROC_SEQ_FOPS_RO(nodemap_deny_unknown); LPROC_SEQ_FOPS_RO(nodemap_map_mode); @@ -741,6 +790,10 @@ static struct lprocfs_vars lprocfs_nodemap_vars[] = { .fops = &nodemap_squash_gid_fops, }, { + .name = "squash_projid", + .fops = &nodemap_squash_projid_fops, + }, + { .name = "ranges", .fops = &nodemap_ranges_fops, }, @@ -791,6 +844,10 @@ static struct lprocfs_vars lprocfs_default_nodemap_vars[] = { .fops = &nodemap_squash_gid_fops, }, { + .name = "squash_projid", + .fops = &nodemap_squash_projid_fops, + }, + { .name = "fileset", .fops = &nodemap_fileset_fops, }, diff --git a/lustre/ptlrpc/nodemap_storage.c b/lustre/ptlrpc/nodemap_storage.c index 4a3de3d..210d9d3 100644 --- a/lustre/ptlrpc/nodemap_storage.c +++ b/lustre/ptlrpc/nodemap_storage.c @@ -72,10 +72,11 @@ enum nm_flag_shifts { NM_FL_ALLOW_ROOT_ACCESS = 0x1, NM_FL_TRUST_CLIENT_IDS = 0x2, NM_FL_DENY_UNKNOWN = 0x4, - NM_FL_MAP_UID_ONLY = 0x8, - NM_FL_MAP_GID_ONLY = 0x10, + NM_FL_MAP_UID = 0x8, + NM_FL_MAP_GID = 0x10, NM_FL_ENABLE_AUDIT = 0x20, NM_FL_FORBID_ENCRYPT = 0x40, + NM_FL_MAP_PROJID = 0x80, }; static void nodemap_cluster_key_init(struct nodemap_key *nk, unsigned int nm_id) @@ -93,6 +94,7 @@ static void nodemap_cluster_rec_init(union nodemap_rec *nr, strncpy(nr->ncr.ncr_name, nodemap->nm_name, sizeof(nr->ncr.ncr_name)); nr->ncr.ncr_squash_uid = cpu_to_le32(nodemap->nm_squash_uid); nr->ncr.ncr_squash_gid = cpu_to_le32(nodemap->nm_squash_gid); + nr->ncr.ncr_squash_projid = cpu_to_le32(nodemap->nm_squash_projid); nr->ncr.ncr_flags = cpu_to_le32( (nodemap->nmf_trust_client_ids ? NM_FL_TRUST_CLIENT_IDS : 0) | @@ -100,10 +102,12 @@ static void nodemap_cluster_rec_init(union nodemap_rec *nr, NM_FL_ALLOW_ROOT_ACCESS : 0) | (nodemap->nmf_deny_unknown ? NM_FL_DENY_UNKNOWN : 0) | - (nodemap->nmf_map_uid_only ? - NM_FL_MAP_UID_ONLY : 0) | - (nodemap->nmf_map_gid_only ? - NM_FL_MAP_GID_ONLY : 0) | + (nodemap->nmf_map_mode & NODEMAP_MAP_UID ? + NM_FL_MAP_UID : 0) | + (nodemap->nmf_map_mode & NODEMAP_MAP_GID ? + NM_FL_MAP_GID : 0) | + (nodemap->nmf_map_mode & NODEMAP_MAP_PROJID ? + NM_FL_MAP_PROJID : 0) | (nodemap->nmf_enable_audit ? NM_FL_ENABLE_AUDIT : 0) | (nodemap->nmf_forbid_encryption ? @@ -118,8 +122,12 @@ static void nodemap_idmap_key_init(struct nodemap_key *nk, unsigned int nm_id, if (id_type == NODEMAP_UID) idx_type = NODEMAP_UIDMAP_IDX; - else + else if (id_type == NODEMAP_GID) idx_type = NODEMAP_GIDMAP_IDX; + else if (id_type == NODEMAP_PROJID) + idx_type = NODEMAP_PROJIDMAP_IDX; + else + idx_type = NODEMAP_EMPTY_IDX; nk->nk_nodemap_id = cpu_to_le32(nm_idx_set_type(nm_id, idx_type)); nk->nk_id_client = cpu_to_le32(id_client); @@ -476,6 +484,17 @@ int nodemap_idx_nodemap_del(const struct lu_nodemap *nodemap) rc = rc2; } + root = nodemap->nm_client_to_fs_projidmap; + nm_rbtree_postorder_for_each_entry_safe(idmap, temp, &root, + id_client_to_fs) { + nodemap_idmap_key_init(&nk, nodemap->nm_id, NODEMAP_PROJID, + idmap->id_client); + rc2 = nodemap_idx_delete(&env, nodemap_mgs_ncf->ncf_obj, + &nk, NULL); + if (rc2 < 0) + rc = rc2; + } + list_for_each_entry_safe(range, range_temp, &nodemap->nm_ranges, rn_list) { nodemap_range_key_init(&nk, nodemap->nm_id, range->rn_id); @@ -685,7 +704,7 @@ static int nodemap_process_keyrec(struct nodemap_config *config, /* find the correct nodemap in the load list */ if (type == NODEMAP_RANGE_IDX || type == NODEMAP_UIDMAP_IDX || - type == NODEMAP_GIDMAP_IDX) { + type == NODEMAP_GIDMAP_IDX || type == NODEMAP_PROJIDMAP_IDX) { struct lu_nodemap *tmp = NULL; nodemap = *recent_nodemap; @@ -746,6 +765,8 @@ static int nodemap_process_keyrec(struct nodemap_config *config, le32_to_cpu(rec->ncr.ncr_squash_uid); nodemap->nm_squash_gid = le32_to_cpu(rec->ncr.ncr_squash_gid); + nodemap->nm_squash_projid = + le32_to_cpu(rec->ncr.ncr_squash_projid); flags = le32_to_cpu(rec->ncr.ncr_flags); nodemap->nmf_allow_root_access = @@ -754,10 +775,12 @@ static int nodemap_process_keyrec(struct nodemap_config *config, flags & NM_FL_TRUST_CLIENT_IDS; nodemap->nmf_deny_unknown = flags & NM_FL_DENY_UNKNOWN; - nodemap->nmf_map_uid_only = - flags & NM_FL_MAP_UID_ONLY; - nodemap->nmf_map_gid_only = - flags & NM_FL_MAP_GID_ONLY; + nodemap->nmf_map_mode = (flags & NM_FL_MAP_UID ? + NODEMAP_MAP_UID : 0) | + (flags & NM_FL_MAP_GID ? + NODEMAP_MAP_GID : 0) | + (flags & NM_FL_MAP_PROJID ? + NODEMAP_MAP_PROJID : 0); nodemap->nmf_enable_audit = flags & NM_FL_ENABLE_AUDIT; nodemap->nmf_forbid_encryption = @@ -795,13 +818,18 @@ static int nodemap_process_keyrec(struct nodemap_config *config, break; case NODEMAP_UIDMAP_IDX: case NODEMAP_GIDMAP_IDX: + case NODEMAP_PROJIDMAP_IDX: map[0] = le32_to_cpu(key->nk_id_client); map[1] = le32_to_cpu(rec->nir.nir_id_fs); if (type == NODEMAP_UIDMAP_IDX) id_type = NODEMAP_UID; - else + else if (type == NODEMAP_GIDMAP_IDX) id_type = NODEMAP_GID; + else if (type == NODEMAP_PROJIDMAP_IDX) + id_type = NODEMAP_PROJID; + else + GOTO(out, rc = -EINVAL); rc = nodemap_add_idmap_helper(nodemap, id_type, map); if (rc != 0) @@ -1055,6 +1083,18 @@ struct dt_object *nodemap_save_config_cache(const struct lu_env *env, if (rc2 < 0) rc = rc2; } + + root = nodemap->nm_client_to_fs_projidmap; + nm_rbtree_postorder_for_each_entry_safe(idmap, id_tmp, &root, + id_client_to_fs) { + nodemap_idmap_key_init(&nk, nodemap->nm_id, + NODEMAP_PROJID, + idmap->id_client); + nodemap_idmap_rec_init(&nr, idmap->id_fs); + rc2 = nodemap_idx_insert(env, o, &nk, &nr); + if (rc2 < 0) + rc = rc2; + } } nodemap_global_key_init(&nk); nodemap_global_rec_init(&nr, active_config->nmc_nodemap_is_active); diff --git a/lustre/ptlrpc/wiretest.c b/lustre/ptlrpc/wiretest.c index 93d4fe2..61389ec 100644 --- a/lustre/ptlrpc/wiretest.c +++ b/lustre/ptlrpc/wiretest.c @@ -5357,10 +5357,10 @@ void lustre_assert_wire_constants(void) (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding1)); LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1) == 2, "found %lld\n", (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1)); - LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_padding2) == 20, "found %lld\n", - (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding2)); - LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2) == 4, "found %lld\n", - (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2)); + LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid) == 20, "found %lld\n", + (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid)); + LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid) == 4, "found %lld\n", + (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid)); LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid) == 24, "found %lld\n", (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid)); LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_uid) == 4, "found %lld\n", @@ -5847,6 +5847,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_ACTIVATE); LASSERTF(LCFG_NODEMAP_ADMIN == 0x000ce049UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_ADMIN); + LASSERTF(LCFG_NODEMAP_ADD_PROJIDMAP == 0x000ce04aUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_ADD_PROJIDMAP); + LASSERTF(LCFG_NODEMAP_DEL_PROJIDMAP == 0x000ce04bUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_DEL_PROJIDMAP); LASSERTF(LCFG_NODEMAP_TRUSTED == 0x000ce050UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_TRUSTED); LASSERTF(LCFG_NODEMAP_SQUASH_UID == 0x000ce051UL, "found 0x%.8xUL\n", @@ -5871,6 +5875,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_AUDIT_MODE); LASSERTF(LCFG_NODEMAP_SET_SEPOL == 0x000ce05bUL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_SET_SEPOL); + LASSERTF(LCFG_NODEMAP_FORBID_ENCRYPT == 0x000ce05cUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_FORBID_ENCRYPT); + LASSERTF(LCFG_NODEMAP_SQUASH_PROJID == 0x000ce05dUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_SQUASH_PROJID); #endif /* HAVE_SERVER_SUPPORT */ LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n", (long long)PORTALS_CFG_TYPE); diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index 8663aac..f0f26e2 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -313,8 +313,11 @@ delete_range() { add_idmaps() { local i local cmd="$LCTL nodemap_add_idmap" + local do_proj=true local rc=0 + (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false + echo "Start to add idmaps ..." for ((i = 0; i < NODEMAP_COUNT; i++)); do local j @@ -332,6 +335,13 @@ add_idmaps() { --idmap $client_id:$fs_id; then rc=$((rc + 1)) fi + if $do_proj; then + if ! do_facet mgs $cmd --name $csum \ + --idtype projid --idmap \ + $client_id:$fs_id; then + rc=$((rc + 1)) + fi + fi done done @@ -409,8 +419,11 @@ update_idmaps() { #LU-10040 delete_idmaps() { local i local cmd="$LCTL nodemap_del_idmap" + local do_proj=true local rc=0 + (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false + echo "Start to delete idmaps ..." for ((i = 0; i < NODEMAP_COUNT; i++)); do local j @@ -428,6 +441,13 @@ delete_idmaps() { --idmap $client_id:$fs_id; then rc=$((rc + 1)) fi + if $do_proj; then + if ! do_facet mgs $cmd --name $csum \ + --idtype projid --idmap \ + $client_id:$fs_id; then + rc=$((rc + 1)) + fi + fi done done @@ -469,6 +489,7 @@ squash_id() { cmd[0]="$LCTL nodemap_modify --property squash_uid" cmd[1]="$LCTL nodemap_modify --property squash_gid" + cmd[2]="$LCTL nodemap_modify --property squash_projid" if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then return 1 @@ -480,6 +501,10 @@ squash_id default 99 0 wait_nm_sync default squash_uid '' inactive squash_id default 99 1 wait_nm_sync default squash_gid '' inactive +if [ "$MDS1_VERSION" -ge $(version_code 2.14.50) ]; then + squash_id default 99 2 + wait_nm_sync default squash_projid '' inactive +fi test_nid() { local cmd @@ -901,6 +926,16 @@ test_12() { [[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3 rc=0 + if (( $MDS1_VERSION >= $(version_code 2.14.52) )); then + for ((i = 0; i < NODEMAP_COUNT; i++)); do + if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 2; then + rc=$((rc + 1)) + fi + done + fi + [[ $rc != 0 ]] && error "nodemap squash_projid with $rc" && return 5 + + rc=0 delete_nodemaps rc=$? [[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4 diff --git a/lustre/utils/obd.c b/lustre/utils/obd.c index 6775a41..416c4df 100644 --- a/lustre/utils/obd.c +++ b/lustre/utils/obd.c @@ -4487,7 +4487,7 @@ int jt_nodemap_modify(int argc, char **argv) fprintf(stderr, "usage: nodemap_modify --name --property --value \n"); fprintf(stderr, - "valid properties: admin trusted map_mode squash_uid squash_gid deny_unknown audit_mode forbid_encryption\n"); + "valid properties: admin trusted map_mode squash_uid squash_gid squash_projid deny_unknown audit_mode forbid_encryption\n"); return -1; } @@ -4501,6 +4501,8 @@ int jt_nodemap_modify(int argc, char **argv) cmd = LCFG_NODEMAP_SQUASH_UID; } else if (strcmp("squash_gid", param) == 0) { cmd = LCFG_NODEMAP_SQUASH_GID; + } else if (strcmp("squash_projid", param) == 0) { + cmd = LCFG_NODEMAP_SQUASH_PROJID; } else if (strcmp("map_mode", param) == 0) { cmd = LCFG_NODEMAP_MAP_MODE; } else if (strcmp("audit_mode", param) == 0) { @@ -4558,7 +4560,7 @@ int jt_nodemap_add_idmap(int argc, char **argv) if (!nodemap_name || !idmap || !idtype) { fprintf(stderr, - "usage: %s --name --idtype [uid | gid] --idmap :\n", + "usage: %s --name --idtype [uid | gid | projid] --idmap :\n", argv[0]); return -1; } @@ -4567,9 +4569,11 @@ int jt_nodemap_add_idmap(int argc, char **argv) cmd = LCFG_NODEMAP_ADD_UIDMAP; } else if (strcmp("gid", idtype) == 0) { cmd = LCFG_NODEMAP_ADD_GIDMAP; + } else if (strcmp("projid", idtype) == 0) { + cmd = LCFG_NODEMAP_ADD_PROJIDMAP; } else { fprintf(stderr, - "usage: %s --name --idtype [uid | gid] --idmap :\n", + "usage: %s --name --idtype [uid | gid | projid] --idmap :\n", argv[0]); return -1; } @@ -4617,15 +4621,23 @@ int jt_nodemap_del_idmap(int argc, char **argv) if (!nodemap_name || !idmap || !idtype) { fprintf(stderr, - "usage: %s --name --idtype [uid | gid] --idmap :\n", + "usage: %s --name --idtype [uid | gid | projid] --idmap :\n", argv[0]); return -1; } - if (strcmp("uid", idtype) == 0) + if (strcmp("uid", idtype) == 0) { cmd = LCFG_NODEMAP_DEL_UIDMAP; - else + } else if (strcmp("gid", idtype) == 0) { cmd = LCFG_NODEMAP_DEL_GIDMAP; + } else if (strcmp("projid", idtype) == 0) { + cmd = LCFG_NODEMAP_DEL_PROJIDMAP; + } else { + fprintf(stderr, + "usage: %s --name --idtype [uid | gid | projid] --idmap :\n", + argv[0]); + return -1; + } rc = nodemap_cmd(cmd, NULL, 0, argv[0], nodemap_name, idmap, NULL); if (rc != 0) { diff --git a/lustre/utils/wirecheck.c b/lustre/utils/wirecheck.c index 56d16cf..8206d8a 100644 --- a/lustre/utils/wirecheck.c +++ b/lustre/utils/wirecheck.c @@ -2547,7 +2547,7 @@ static void check_nodemap_cluster_rec(void) CHECK_MEMBER(nodemap_cluster_rec, ncr_name[LUSTRE_NODEMAP_NAME_LENGTH + 1]); CHECK_MEMBER(nodemap_cluster_rec, ncr_flags); CHECK_MEMBER(nodemap_cluster_rec, ncr_padding1); - CHECK_MEMBER(nodemap_cluster_rec, ncr_padding2); + CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_projid); CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_uid); CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_gid); } @@ -2779,6 +2779,8 @@ check_lustre_cfg(void) CHECK_VALUE_X(LCFG_NODEMAP_DEL_GIDMAP); CHECK_VALUE_X(LCFG_NODEMAP_ACTIVATE); CHECK_VALUE_X(LCFG_NODEMAP_ADMIN); + CHECK_VALUE_X(LCFG_NODEMAP_ADD_PROJIDMAP); + CHECK_VALUE_X(LCFG_NODEMAP_DEL_PROJIDMAP); CHECK_VALUE_X(LCFG_NODEMAP_TRUSTED); CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_UID); CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_GID); @@ -2791,6 +2793,8 @@ check_lustre_cfg(void) CHECK_VALUE_X(LCFG_NODEMAP_MAP_MODE); CHECK_VALUE_X(LCFG_NODEMAP_AUDIT_MODE); CHECK_VALUE_X(LCFG_NODEMAP_SET_SEPOL); + CHECK_VALUE_X(LCFG_NODEMAP_FORBID_ENCRYPT); + CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_PROJID); printf("#endif /* HAVE_SERVER_SUPPORT */\n"); #endif /* !HAVE_NATIVE_LINUX_CLIENT */ CHECK_VALUE(PORTALS_CFG_TYPE); diff --git a/lustre/utils/wiretest.c b/lustre/utils/wiretest.c index feefdcd..2e9c11b 100644 --- a/lustre/utils/wiretest.c +++ b/lustre/utils/wiretest.c @@ -5383,10 +5383,10 @@ void lustre_assert_wire_constants(void) (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding1)); LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1) == 2, "found %lld\n", (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1)); - LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_padding2) == 20, "found %lld\n", - (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding2)); - LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2) == 4, "found %lld\n", - (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2)); + LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid) == 20, "found %lld\n", + (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid)); + LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid) == 4, "found %lld\n", + (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid)); LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid) == 24, "found %lld\n", (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid)); LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_uid) == 4, "found %lld\n", @@ -5873,6 +5873,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_ACTIVATE); LASSERTF(LCFG_NODEMAP_ADMIN == 0x000ce049UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_ADMIN); + LASSERTF(LCFG_NODEMAP_ADD_PROJIDMAP == 0x000ce04aUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_ADD_PROJIDMAP); + LASSERTF(LCFG_NODEMAP_DEL_PROJIDMAP == 0x000ce04bUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_DEL_PROJIDMAP); LASSERTF(LCFG_NODEMAP_TRUSTED == 0x000ce050UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_TRUSTED); LASSERTF(LCFG_NODEMAP_SQUASH_UID == 0x000ce051UL, "found 0x%.8xUL\n", @@ -5897,6 +5901,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_AUDIT_MODE); LASSERTF(LCFG_NODEMAP_SET_SEPOL == 0x000ce05bUL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_SET_SEPOL); + LASSERTF(LCFG_NODEMAP_FORBID_ENCRYPT == 0x000ce05cUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_FORBID_ENCRYPT); + LASSERTF(LCFG_NODEMAP_SQUASH_PROJID == 0x000ce05dUL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_SQUASH_PROJID); #endif /* HAVE_SERVER_SUPPORT */ LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n", (long long)PORTALS_CFG_TYPE); -- 1.8.3.1