1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * Copyright (c) 2003 Cluster File Systems, Inc.
6 * This file is part of Lustre, http://www.lustre.org.
8 * Lustre is free software; you can redistribute it and/or
9 * modify it under the terms of version 2 of the GNU General Public
10 * License as published by the Free Software Foundation.
12 * Lustre is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Lustre; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #define DEBUG_SUBSYSTEM S_MDS
24 #include <linux/config.h>
25 #include <linux/module.h>
26 #include <linux/kernel.h>
28 #include <linux/string.h>
29 #include <linux/stat.h>
30 #include <linux/errno.h>
31 #include <linux/version.h>
32 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0))
33 # include <linux/locks.h> // for wait_on_buffer
35 # include <linux/buffer_head.h> // for wait_on_buffer
37 #include <linux/unistd.h>
39 #include <asm/system.h>
40 #include <asm/uaccess.h>
43 #include <linux/stat.h>
44 #include <asm/uaccess.h>
45 #include <linux/slab.h>
46 #include <asm/segment.h>
48 #include <linux/obd_support.h>
49 #include <linux/lustre_lib.h>
50 #include <linux/lustre_ucache.h>
51 #include "mds_internal.h"
53 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
54 struct group_info *groups_alloc(int ngroups)
56 struct group_info *ginfo;
58 LASSERT(ngroups <= NGROUPS_SMALL);
60 OBD_ALLOC(ginfo, sizeof(*ginfo) + 1 * sizeof(gid_t *));
63 ginfo->ngroups = ngroups;
65 ginfo->blocks[0] = ginfo->small_block;
66 atomic_set(&ginfo->usage, 1);
71 void groups_free(struct group_info *ginfo)
73 LASSERT(ginfo->ngroups <= NGROUPS_SMALL);
74 LASSERT(ginfo->nblocks == 1);
75 LASSERT(ginfo->blocks[0] == ginfo->small_block);
77 OBD_FREE(ginfo, sizeof(*ginfo) + 1 * sizeof(gid_t *));
80 /* for 2.4 the group number is small, so simply search the
83 int groups_search(struct group_info *ginfo, gid_t grp)
90 for (i = 0; i < ginfo->ngroups; i++)
91 if (GROUP_AT(ginfo, i) == grp)
98 void groups_sort(struct group_info *ginfo)
100 int base, max, stride;
101 int gidsetsize = ginfo->ngroups;
103 for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
108 max = gidsetsize - stride;
109 for (base = 0; base < max; base++) {
111 int right = left + stride;
112 gid_t tmp = GROUP_AT(ginfo, right);
114 while (left >= 0 && GROUP_AT(ginfo, left) > tmp) {
115 GROUP_AT(ginfo, right) =
116 GROUP_AT(ginfo, left);
120 GROUP_AT(ginfo, right) = tmp;
126 int groups_search(struct group_info *ginfo, gid_t grp)
134 right = ginfo->ngroups;
135 while (left < right) {
136 int mid = (left + right) / 2;
137 int cmp = grp - GROUP_AT(ginfo, mid);
149 void groups_from_buffer(struct group_info *ginfo, __u32 *gids)
151 int i, ngroups = ginfo->ngroups;
153 for (i = 0; i < ginfo->nblocks; i++) {
154 int count = min(NGROUPS_PER_BLOCK, ngroups);
156 memcpy(ginfo->blocks[i], gids, count * sizeof(__u32));
157 gids += NGROUPS_PER_BLOCK;
162 void mds_pack_dentry2id(struct obd_device *obd,
163 struct lustre_id *id,
164 struct dentry *dentry,
167 id_ino(id) = dentry->d_inum;
168 id_gen(id) = dentry->d_generation;
171 id_fid(id) = dentry->d_fid;
172 id_group(id) = dentry->d_mdsnum;
176 void mds_pack_dentry2body(struct obd_device *obd,
178 struct dentry *dentry,
181 b->valid |= OBD_MD_FLID | OBD_MD_FLGENER |
185 b->valid |= OBD_MD_FID;
187 mds_pack_dentry2id(obd, &b->id1, dentry, fid);
190 int mds_pack_inode2id(struct obd_device *obd,
191 struct lustre_id *id,
199 /* we have to avoid deadlock. */
200 if (!down_trylock(&inode->i_sem)) {
201 rc = mds_read_inode_sid(obd, inode, id);
204 rc = mds_read_inode_sid(obd, inode, id);
209 id_ino(id) = inode->i_ino;
210 id_gen(id) = inode->i_generation;
211 id_type(id) = (S_IFMT & inode->i_mode);
216 /* Note that we can copy all of the fields, just some will not be "valid" */
217 void mds_pack_inode2body(struct obd_device *obd, struct mds_body *b,
218 struct inode *inode, int fid)
220 b->valid |= OBD_MD_FLID | OBD_MD_FLCTIME | OBD_MD_FLUID |
221 OBD_MD_FLGID | OBD_MD_FLFLAGS | OBD_MD_FLTYPE |
222 OBD_MD_FLMODE | OBD_MD_FLNLINK | OBD_MD_FLGENER |
223 OBD_MD_FLATIME | OBD_MD_FLMTIME; /* bug 2020 */
225 if (!S_ISREG(inode->i_mode)) {
226 b->valid |= OBD_MD_FLSIZE | OBD_MD_FLBLOCKS |
227 OBD_MD_FLATIME | OBD_MD_FLMTIME |
230 b->atime = LTIME_S(inode->i_atime);
231 b->mtime = LTIME_S(inode->i_mtime);
232 b->ctime = LTIME_S(inode->i_ctime);
233 b->mode = inode->i_mode;
234 b->size = inode->i_size;
235 b->blocks = inode->i_blocks;
236 b->uid = inode->i_uid;
237 b->gid = inode->i_gid;
238 b->flags = inode->i_flags;
239 b->rdev = inode->i_rdev;
241 /* Return the correct link count for orphan inodes */
242 if (mds_inode_is_orphan(inode)) {
244 } else if (S_ISDIR(inode->i_mode)) {
247 b->nlink = inode->i_nlink;
251 b->valid |= OBD_MD_FID;
253 mds_pack_inode2id(obd, &b->id1, inode, fid);
257 static int mds_setattr_unpack(struct ptlrpc_request *req, int offset,
258 struct mds_update_record *r)
260 struct iattr *attr = &r->ur_iattr;
261 struct mds_rec_setattr *rec;
264 rec = lustre_swab_reqbuf(req, offset, sizeof(*rec),
265 lustre_swab_mds_rec_setattr);
269 r->ur_id1 = &rec->sa_id;
270 attr->ia_valid = rec->sa_valid;
271 attr->ia_mode = rec->sa_mode;
272 attr->ia_uid = rec->sa_uid;
273 attr->ia_gid = rec->sa_gid;
274 attr->ia_size = rec->sa_size;
275 LTIME_S(attr->ia_atime) = rec->sa_atime;
276 LTIME_S(attr->ia_mtime) = rec->sa_mtime;
277 LTIME_S(attr->ia_ctime) = rec->sa_ctime;
278 attr->ia_attr_flags = rec->sa_attr_flags;
280 LASSERT_REQSWAB (req, offset + 1);
281 if (req->rq_reqmsg->bufcount > offset + 1) {
282 r->ur_eadata = lustre_msg_buf (req->rq_reqmsg,
284 if (r->ur_eadata == NULL)
286 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 1];
289 if (req->rq_reqmsg->bufcount > offset + 2) {
290 r->ur_ea2data = lustre_msg_buf(req->rq_reqmsg, offset + 2, 0);
291 if (r->ur_ea2data == NULL)
294 r->ur_ea2datalen = req->rq_reqmsg->buflens[offset + 2];
300 static int mds_create_unpack(struct ptlrpc_request *req, int offset,
301 struct mds_update_record *r)
303 struct mds_rec_create *rec;
306 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
307 lustre_swab_mds_rec_create);
311 r->ur_id1 = &rec->cr_id;
312 r->ur_id2 = &rec->cr_replayid;
313 r->ur_mode = rec->cr_mode;
314 r->ur_rdev = rec->cr_rdev;
315 r->ur_time = rec->cr_time;
316 r->ur_flags = rec->cr_flags;
318 LASSERT_REQSWAB (req, offset + 1);
319 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
320 if (r->ur_name == NULL)
322 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
324 LASSERT_REQSWAB (req, offset + 2);
325 if (req->rq_reqmsg->bufcount > offset + 2) {
326 if (S_ISLNK(r->ur_mode)) {
327 r->ur_tgt = lustre_msg_string(req->rq_reqmsg,
329 if (r->ur_tgt == NULL)
331 r->ur_tgtlen = req->rq_reqmsg->buflens[offset + 2];
332 } else if (S_ISDIR(r->ur_mode) ) {
333 /* Stripe info for mkdir - just a 16bit integer */
334 if (req->rq_reqmsg->buflens[offset + 2] != 2) {
335 CERROR("mkdir stripe info does not match "
336 "expected size %d vs 2\n",
337 req->rq_reqmsg->buflens[offset + 2]);
340 r->ur_eadata = lustre_swab_buf (req->rq_reqmsg,
341 offset + 2, 2, __swab16s);
342 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
343 } else if (S_ISREG(r->ur_mode)){
344 r->ur_eadata = lustre_msg_buf (req->rq_reqmsg,
346 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
348 /* Hm, no other users so far? */
355 static int mds_link_unpack(struct ptlrpc_request *req, int offset,
356 struct mds_update_record *r)
358 struct mds_rec_link *rec;
361 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
362 lustre_swab_mds_rec_link);
366 r->ur_id1 = &rec->lk_id1;
367 r->ur_id2 = &rec->lk_id2;
368 r->ur_time = rec->lk_time;
370 LASSERT_REQSWAB (req, offset + 1);
371 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
372 if (r->ur_name == NULL)
374 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
378 static int mds_unlink_unpack(struct ptlrpc_request *req, int offset,
379 struct mds_update_record *r)
381 struct mds_rec_unlink *rec;
384 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
385 lustre_swab_mds_rec_unlink);
389 r->ur_mode = rec->ul_mode;
390 r->ur_id1 = &rec->ul_id1;
391 r->ur_id2 = &rec->ul_id2;
392 r->ur_time = rec->ul_time;
394 LASSERT_REQSWAB (req, offset + 1);
395 r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
396 if (r->ur_name == NULL)
398 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
402 static int mds_rename_unpack(struct ptlrpc_request *req, int offset,
403 struct mds_update_record *r)
405 struct mds_rec_rename *rec;
408 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
409 lustre_swab_mds_rec_rename);
413 r->ur_id1 = &rec->rn_id1;
414 r->ur_id2 = &rec->rn_id2;
415 r->ur_time = rec->rn_time;
417 LASSERT_REQSWAB (req, offset + 1);
418 r->ur_name = lustre_msg_string(req->rq_reqmsg, offset + 1, 0);
419 if (r->ur_name == NULL)
421 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
423 LASSERT_REQSWAB (req, offset + 2);
424 r->ur_tgt = lustre_msg_string(req->rq_reqmsg, offset + 2, 0);
425 if (r->ur_tgt == NULL)
427 r->ur_tgtlen = req->rq_reqmsg->buflens[offset + 2];
431 static int mds_open_unpack(struct ptlrpc_request *req, int offset,
432 struct mds_update_record *r)
434 struct mds_rec_create *rec;
437 rec = lustre_swab_reqbuf (req, offset, sizeof (*rec),
438 lustre_swab_mds_rec_create);
442 r->ur_id1 = &rec->cr_id;
443 r->ur_id2 = &rec->cr_replayid;
444 r->ur_mode = rec->cr_mode;
445 r->ur_rdev = rec->cr_rdev;
446 r->ur_time = rec->cr_time;
447 r->ur_flags = rec->cr_flags;
449 LASSERT_REQSWAB (req, offset + 1);
450 r->ur_name = lustre_msg_string (req->rq_reqmsg, offset + 1, 0);
451 if (r->ur_name == NULL)
453 r->ur_namelen = req->rq_reqmsg->buflens[offset + 1];
455 LASSERT_REQSWAB (req, offset + 2);
456 if (req->rq_reqmsg->bufcount > offset + 2) {
457 r->ur_eadata = lustre_msg_buf(req->rq_reqmsg, offset + 2, 0);
458 if (r->ur_eadata == NULL)
460 r->ur_eadatalen = req->rq_reqmsg->buflens[offset + 2];
465 typedef int (*update_unpacker)(struct ptlrpc_request *req, int offset,
466 struct mds_update_record *r);
468 static update_unpacker mds_unpackers[REINT_MAX + 1] = {
469 [REINT_SETATTR] mds_setattr_unpack,
470 [REINT_CREATE] mds_create_unpack,
471 [REINT_LINK] mds_link_unpack,
472 [REINT_UNLINK] mds_unlink_unpack,
473 [REINT_RENAME] mds_rename_unpack,
474 [REINT_OPEN] mds_open_unpack,
477 int mds_update_unpack(struct ptlrpc_request *req, int offset,
478 struct mds_update_record *rec)
486 * NB don't lustre_swab_reqbuf() here. We're just taking a peek and we
487 * want to leave it to the specific unpacker once we've identified the
490 opcodep = lustre_msg_buf (req->rq_reqmsg, offset, sizeof(*opcodep));
495 if (lustre_msg_swabbed (req->rq_reqmsg))
498 if (opcode > REINT_MAX ||
499 mds_unpackers[opcode] == NULL) {
500 CERROR ("Unexpected opcode %d\n", opcode);
506 rec->ur_opcode = opcode;
508 rc = mds_unpackers[opcode](req, offset, rec);
511 rec->ur_fsuid = req->rq_uid;
516 /********************************
517 * MDS uid/gid mapping handling *
518 ********************************/
521 struct mds_idmap_entry* idmap_alloc_entry(__u32 rmt_id, __u32 lcl_id)
523 struct mds_idmap_entry *e;
525 OBD_ALLOC(e, sizeof(*e));
529 INIT_LIST_HEAD(&e->rmt_hash);
530 INIT_LIST_HEAD(&e->lcl_hash);
531 atomic_set(&e->refcount, 1);
538 void idmap_free_entry(struct mds_idmap_entry *e)
540 if (!list_empty(&e->rmt_hash))
541 list_del(&e->rmt_hash);
542 if (!list_empty(&e->lcl_hash))
543 list_del(&e->lcl_hash);
544 OBD_FREE(e, sizeof(*e));
548 int idmap_insert_entry(struct list_head *rmt_hash, struct list_head *lcl_hash,
549 struct mds_idmap_entry *new, const char *warn_msg)
551 struct list_head *rmt_head = &rmt_hash[MDS_IDMAP_HASHFUNC(new->rmt_id)];
552 struct list_head *lcl_head = &lcl_hash[MDS_IDMAP_HASHFUNC(new->lcl_id)];
553 struct mds_idmap_entry *e;
555 list_for_each_entry(e, rmt_head, rmt_hash) {
556 if (e->rmt_id == new->rmt_id &&
557 e->lcl_id == new->lcl_id) {
558 atomic_inc(&e->refcount);
561 if (e->rmt_id == new->rmt_id && warn_msg)
562 CWARN("%s: rmt id %u already map to %u (new %u)\n",
563 warn_msg, e->rmt_id, e->lcl_id, new->lcl_id);
564 if (e->lcl_id == new->lcl_id && warn_msg)
565 CWARN("%s: lcl id %u already be mapped from %u "
566 "(new %u)\n", warn_msg,
567 e->lcl_id, e->rmt_id, new->rmt_id);
570 list_add_tail(rmt_head, &new->rmt_hash);
571 list_add_tail(lcl_head, &new->lcl_hash);
576 int idmap_remove_entry(struct list_head *rmt_hash, struct list_head *lcl_hash,
577 __u32 rmt_id, __u32 lcl_id)
579 struct list_head *rmt_head = &rmt_hash[MDS_IDMAP_HASHFUNC(rmt_id)];
580 struct mds_idmap_entry *e;
582 list_for_each_entry(e, rmt_head, rmt_hash) {
583 if (e->rmt_id == rmt_id && e->lcl_id == lcl_id) {
584 if (atomic_dec_and_test(&e->refcount)) {
585 list_del(&e->rmt_hash);
586 list_del(&e->lcl_hash);
587 OBD_FREE(e, sizeof(*e));
596 int mds_idmap_add(struct mds_idmap_table *tbl,
597 uid_t rmt_uid, uid_t lcl_uid,
598 gid_t rmt_gid, gid_t lcl_gid)
600 struct mds_idmap_entry *ue, *ge;
606 ue = idmap_alloc_entry(rmt_uid, lcl_uid);
609 ge = idmap_alloc_entry(rmt_gid, lcl_gid);
611 idmap_free_entry(ue);
615 spin_lock(&tbl->mit_lock);
617 if (idmap_insert_entry(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX],
618 tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX],
619 ue, "UID mapping")) {
620 idmap_free_entry(ue);
623 if (idmap_insert_entry(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX],
624 tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX],
625 ge, "GID mapping")) {
626 idmap_free_entry(ge);
629 spin_unlock(&tbl->mit_lock);
633 int mds_idmap_del(struct mds_idmap_table *tbl,
634 uid_t rmt_uid, uid_t lcl_uid,
635 gid_t rmt_gid, gid_t lcl_gid)
642 spin_lock(&tbl->mit_lock);
643 idmap_remove_entry(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX],
644 tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX],
646 idmap_remove_entry(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX],
647 tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX],
649 spin_unlock(&tbl->mit_lock);
654 __u32 idmap_lookup_id(struct list_head *hash, int reverse, __u32 id)
656 struct list_head *head = &hash[MDS_IDMAP_HASHFUNC(id)];
657 struct mds_idmap_entry *e;
660 list_for_each_entry(e, head, rmt_hash) {
664 return MDS_IDMAP_NOTFOUND;
666 list_for_each_entry(e, head, lcl_hash) {
670 return MDS_IDMAP_NOTFOUND;
674 int mds_idmap_lookup_uid(struct mds_idmap_table *tbl, int reverse, uid_t uid)
676 struct list_head *hash;
679 return MDS_IDMAP_NOTFOUND;
682 hash = tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX];
684 hash = tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX];
686 spin_lock(&tbl->mit_lock);
687 uid = idmap_lookup_id(hash, reverse, uid);
688 spin_unlock(&tbl->mit_lock);
693 int mds_idmap_lookup_gid(struct mds_idmap_table *tbl, int reverse, gid_t gid)
695 struct list_head *hash;
698 return MDS_IDMAP_NOTFOUND;
701 hash = tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX];
703 hash = tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX];
705 spin_lock(&tbl->mit_lock);
706 gid = idmap_lookup_id(hash, reverse, gid);
707 spin_unlock(&tbl->mit_lock);
712 struct mds_idmap_table *mds_idmap_alloc()
714 struct mds_idmap_table *tbl;
717 OBD_ALLOC(tbl, sizeof(*tbl));
721 spin_lock_init(&tbl->mit_lock);
722 for (i = 0; i < MDS_IDMAP_N_HASHES; i++)
723 for (j = 0; j < MDS_IDMAP_HASHSIZE; j++)
724 INIT_LIST_HEAD(&tbl->mit_idmaps[i][j]);
729 static void idmap_clear_rmt_hash(struct list_head *list)
731 struct mds_idmap_entry *e;
734 for (i = 0; i < MDS_IDMAP_HASHSIZE; i++) {
735 while (!list_empty(&list[i])) {
736 e = list_entry(list[i].next, struct mds_idmap_entry,
743 void mds_idmap_free(struct mds_idmap_table *tbl)
747 spin_lock(&tbl->mit_lock);
748 idmap_clear_rmt_hash(tbl->mit_idmaps[MDS_RMT_UIDMAP_IDX]);
749 idmap_clear_rmt_hash(tbl->mit_idmaps[MDS_RMT_GIDMAP_IDX]);
751 /* paranoid checking */
752 for (i = 0; i < MDS_IDMAP_HASHSIZE; i++) {
753 LASSERT(list_empty(&tbl->mit_idmaps[MDS_LCL_UIDMAP_IDX][i]));
754 LASSERT(list_empty(&tbl->mit_idmaps[MDS_LCL_GIDMAP_IDX][i]));
756 spin_unlock(&tbl->mit_lock);
758 OBD_FREE(tbl, sizeof(*tbl));
761 /*********************************
762 * helpers doing mapping for MDS *
763 *********************************/
766 * we allow remote setuid/setgid to an "authencated" one,
767 * this policy probably change later.
770 int mds_req_secdesc_do_map(struct mds_export_data *med,
771 struct mds_req_sec_desc *rsd)
773 struct mds_idmap_table *idmap = med->med_idmap;
777 uid = mds_idmap_lookup_uid(idmap, 0, rsd->rsd_uid);
778 if (uid == MDS_IDMAP_NOTFOUND) {
779 CERROR("can't find map for uid %u\n", rsd->rsd_uid);
783 if (rsd->rsd_uid == rsd->rsd_fsuid)
786 fsuid = mds_idmap_lookup_uid(idmap, 0, rsd->rsd_fsuid);
787 if (fsuid == MDS_IDMAP_NOTFOUND) {
788 CERROR("can't find map for fsuid %u\n", rsd->rsd_fsuid);
793 gid = mds_idmap_lookup_gid(idmap, 0, rsd->rsd_gid);
794 if (gid == MDS_IDMAP_NOTFOUND) {
795 CERROR("can't find map for gid %u\n", rsd->rsd_gid);
799 if (rsd->rsd_gid == rsd->rsd_fsgid)
802 fsgid = mds_idmap_lookup_gid(idmap, 0, rsd->rsd_fsgid);
803 if (fsgid == MDS_IDMAP_NOTFOUND) {
804 CERROR("can't find map for fsgid %u\n", rsd->rsd_fsgid);
811 rsd->rsd_fsuid = fsuid;
812 rsd->rsd_fsgid = fsgid;
817 void mds_body_do_reverse_map(struct mds_export_data *med,
818 struct mds_body *body)
823 if (!med->med_remote)
827 if (body->valid & OBD_MD_FLUID) {
828 uid = mds_idmap_lookup_uid(med->med_idmap, 1, body->uid);
829 if (uid == MDS_IDMAP_NOTFOUND) {
831 if (body->valid & OBD_MD_FLMODE) {
832 body->mode = (body->mode & ~S_IRWXU) |
833 ((body->mode & S_IRWXO) << 6);
838 if (body->valid & OBD_MD_FLGID) {
839 gid = mds_idmap_lookup_gid(med->med_idmap, 1, body->gid);
840 if (gid == MDS_IDMAP_NOTFOUND) {
842 if (body->valid & OBD_MD_FLMODE) {
843 body->mode = (body->mode & ~S_IRWXG) |
844 ((body->mode & S_IRWXO) << 3);
853 /**********************
854 * MDS ucred handling *
855 **********************/
857 static inline void drop_ucred_ginfo(struct lvfs_ucred *ucred)
859 if (ucred->luc_ginfo) {
860 put_group_info(ucred->luc_ginfo);
861 ucred->luc_ginfo = NULL;
865 static inline void drop_ucred_lsd(struct lvfs_ucred *ucred)
867 if (ucred->luc_lsd) {
868 mds_put_lsd(ucred->luc_lsd);
869 ucred->luc_lsd = NULL;
874 * the heart of the uid/gid handling and security checking.
876 * root could set any group_info if we allowed setgroups, while
877 * normal user only could 'reduce' their group members -- which
878 * is somewhat expensive.
880 int mds_init_ucred(struct lvfs_ucred *ucred,
881 struct ptlrpc_request *req,
882 struct mds_req_sec_desc *rsd)
884 struct mds_obd *mds = &req->rq_export->exp_obd->u.mds;
885 struct mds_export_data *med = &req->rq_export->u.eu_mds_data;
886 struct lustre_sec_desc *lsd;
887 ptl_nid_t peernid = req->rq_peer.peer_id.nid;
888 struct group_info *gnew;
889 unsigned int setuid, setgid, strong_sec, root_squashed;
895 LASSERT(rsd->rsd_ngroups <= LUSTRE_MAX_GROUPS);
897 /* XXX We'v no dedicated bits indicating whether GSS is used,
898 * and authenticated/mapped uid is valid. currently we suppose
899 * gss must initialize rq_sec_svcdata.
901 if (req->rq_sec_svcdata && req->rq_auth_uid == -1) {
902 CWARN("user not authenticated, deny access\n");
906 strong_sec = (req->rq_auth_uid != -1);
907 LASSERT(!(req->rq_remote_realm && !strong_sec));
909 /* if we use strong authentication for a local client, we
910 * expect the uid which client claimed is true.
912 if (!med->med_remote && strong_sec &&
913 req->rq_auth_uid != rsd->rsd_uid) {
914 CWARN("nid "LPX64": UID %u was authenticated while client "
915 "claimed %u, enforce to be %u\n",
916 peernid, req->rq_auth_uid, rsd->rsd_uid,
918 if (rsd->rsd_uid != rsd->rsd_fsuid)
919 rsd->rsd_uid = req->rq_auth_uid;
921 rsd->rsd_uid = rsd->rsd_fsuid = req->rq_auth_uid;
924 if (med->med_remote) {
927 if (req->rq_mapped_uid == MDS_IDMAP_NOTFOUND) {
928 CWARN("no mapping found, deny\n");
932 rc = mds_req_secdesc_do_map(med, rsd);
937 /* now lsd come into play */
938 ucred->luc_ginfo = NULL;
939 ucred->luc_lsd = lsd = mds_get_lsd(rsd->rsd_uid);
942 CERROR("Deny access without LSD: uid %d\n", rsd->rsd_uid);
946 /* find out the setuid/setgid attempt */
947 setuid = (rsd->rsd_uid != rsd->rsd_fsuid);
948 setgid = (rsd->rsd_gid != rsd->rsd_fsgid ||
949 rsd->rsd_gid != lsd->lsd_gid);
951 lsd_perms = mds_lsd_get_perms(lsd, med->med_remote, 0, peernid);
953 /* check permission of setuid */
954 if (setuid && !(lsd_perms & LSD_PERM_SETUID)) {
955 CWARN("mds blocked setuid attempt: %u -> %u\n",
956 rsd->rsd_uid, rsd->rsd_fsuid);
960 /* check permission of setgid */
961 if (setgid && !(lsd_perms & LSD_PERM_SETGID)) {
962 CWARN("mds blocked setgid attempt: %u -> %u\n",
963 rsd->rsd_gid, rsd->rsd_fsgid);
967 root_squashed = mds_squash_root(mds, rsd, &peernid);
969 /* remove privilege for non-root user */
971 rsd->rsd_cap &= ~CAP_FS_MASK;
973 /* by now every fields other than groups in rsd have been granted */
974 ucred->luc_uid = rsd->rsd_uid;
975 ucred->luc_gid = rsd->rsd_gid;
976 ucred->luc_fsuid = rsd->rsd_fsuid;
977 ucred->luc_fsgid = rsd->rsd_fsgid;
978 ucred->luc_cap = rsd->rsd_cap;
980 /* don't use any supplementary group for remote client or
981 * we squashed root */
982 if (med->med_remote || root_squashed)
985 /* install groups from LSD */
986 if (lsd->lsd_ginfo) {
987 ucred->luc_ginfo = lsd->lsd_ginfo;
988 get_group_info(ucred->luc_ginfo);
991 /* everything is done if we don't allow setgroups */
992 if (!(lsd_perms & LSD_PERM_SETGRP))
995 /* root could set any groups as he want (if allowed), normal
996 * users only could reduce his group array.
998 if (ucred->luc_uid == 0) {
999 drop_ucred_ginfo(ucred);
1001 if (rsd->rsd_ngroups == 0)
1004 gnew = groups_alloc(rsd->rsd_ngroups);
1006 CERROR("out of memory\n");
1007 drop_ucred_lsd(ucred);
1010 groups_from_buffer(gnew, rsd->rsd_groups);
1011 groups_sort(gnew); /* don't rely on client doing this */
1013 ucred->luc_ginfo = gnew;
1015 __u32 set = 0, cur = 0;
1016 struct group_info *ginfo = ucred->luc_ginfo;
1021 /* Note: freeing a group_info count on 'nblocks' instead of
1022 * 'ngroups', thus we can safely alloc enough buffer and reduce
1023 * and ngroups number later.
1025 gnew = groups_alloc(rsd->rsd_ngroups);
1027 CERROR("out of memory\n");
1028 drop_ucred_ginfo(ucred);
1029 drop_ucred_lsd(ucred);
1033 while (cur < rsd->rsd_ngroups) {
1034 if (groups_search(ginfo, rsd->rsd_groups[cur])) {
1035 GROUP_AT(gnew, set) = rsd->rsd_groups[cur];
1040 gnew->ngroups = set;
1042 put_group_info(ucred->luc_ginfo);
1043 ucred->luc_ginfo = gnew;
1048 void mds_exit_ucred(struct lvfs_ucred *ucred)
1051 drop_ucred_ginfo(ucred);
1052 drop_ucred_lsd(ucred);
git://git.whamcloud.com / fs / lustre-release.git / blob