lustre/mdt/mdt_idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  */
  30 /*
  31  * This file is part of Lustre, http://www.lustre.org/
  32  * Lustre is a trademark of Sun Microsystems, Inc.
  33  *
  34  * lustre/mdt/mdt_idmap.c
  35  *
  36  * Author: Lai Siyao <lsy@clusterfs.com>
  37  * Author: Fan Yong <fanyong@clusterfs.com>
  38  */
  39
  40 #define DEBUG_SUBSYSTEM S_MDS
  41
  42 #include <linux/module.h>
  43 #include <linux/kernel.h>
  44 #include <linux/mm.h>
  45 #include <linux/kmod.h>
  46 #include <linux/string.h>
  47 #include <linux/stat.h>
  48 #include <linux/errno.h>
  49 #include <linux/version.h>
  50 #include <linux/unistd.h>
  51 #include <asm/system.h>
  52 #include <asm/uaccess.h>
  53 #include <linux/fs.h>
  54 #include <linux/stat.h>
  55 #include <asm/uaccess.h>
  56 #include <linux/slab.h>
  57
  58 #include <libcfs/libcfs.h>
  59 #include <libcfs/lucache.h>
  60 #include <obd.h>
  61 #include <obd_class.h>
  62 #include <obd_support.h>
  63 #include <lustre_net.h>
  64 #include <lustre_import.h>
  65 #include <lustre_dlm.h>
  66 #include <lustre_sec.h>
  67 #include <lustre_lib.h>
  68
  69 #include "mdt_internal.h"
  70
  71 #define mdt_init_sec_none(reply, exp)                                   \
  72 do {                                                                    \
  73         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |          \
  74                                       OBD_CONNECT_RMT_CLIENT_FORCE |    \
  75                                       OBD_CONNECT_MDS_CAPA |            \
  76                                       OBD_CONNECT_OSS_CAPA);            \
  77         cfs_spin_lock(&exp->exp_lock);                                  \
  78         exp->exp_connect_flags = reply->ocd_connect_flags;              \
  79         cfs_spin_unlock(&exp->exp_lock);                                \
  80 } while (0)
  81
  82 int mdt_init_sec_level(struct mdt_thread_info *info)
  83 {
  84         struct mdt_device *mdt = info->mti_mdt;
  85         struct ptlrpc_request *req = mdt_info_req(info);
  86         char *client = libcfs_nid2str(req->rq_peer.nid);
  87         struct obd_export *exp = req->rq_export;
  88         struct obd_device *obd = exp->exp_obd;
  89         struct obd_connect_data *data, *reply;
  90         int rc = 0, remote;
  91         ENTRY;
  92
  93         data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA);
  94         reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA);
  95         if (data == NULL || reply == NULL)
  96                 RETURN(-EFAULT);
  97
  98         /* connection from MDT is always trusted */
  99         if (req->rq_auth_usr_mdt) {
 100                 mdt_init_sec_none(reply, exp);
 101                 RETURN(0);
 102         }
 103
 104         /* no GSS support case */
 105         if (!req->rq_auth_gss) {
 106                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 107                         CWARN("client %s -> target %s does not user GSS, "
 108                               "can not run under security level %d.\n",
 109                               client, obd->obd_name, mdt->mdt_sec_level);
 110                         RETURN(-EACCES);
 111                 } else {
 112                         mdt_init_sec_none(reply, exp);
 113                         RETURN(0);
 114                 }
 115         }
 116
 117         /* old version case */
 118         if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) ||
 119                      !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) ||
 120                      !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) {
 121                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 122                         CWARN("client %s -> target %s uses old version, "
 123                               "can not run under security level %d.\n",
 124                               client, obd->obd_name, mdt->mdt_sec_level);
 125                         RETURN(-EACCES);
 126                 } else {
 127                         CWARN("client %s -> target %s uses old version, "
 128                               "run under security level %d.\n",
 129                               client, obd->obd_name, mdt->mdt_sec_level);
 130                         mdt_init_sec_none(reply, exp);
 131                         RETURN(0);
 132                 }
 133         }
 134
 135         remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE;
 136         if (remote) {
 137                 if (!req->rq_auth_remote)
 138                         CDEBUG(D_SEC, "client (local realm) %s -> target %s "
 139                                "asked to be remote.\n", client, obd->obd_name);
 140         } else if (req->rq_auth_remote) {
 141                 remote = 1;
 142                 CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set "
 143                        "as remote by default.\n", client, obd->obd_name);
 144         }
 145
 146         if (remote) {
 147                 if (!mdt->mdt_opts.mo_oss_capa) {
 148                         CDEBUG(D_SEC, "client %s -> target %s is set as remote,"
 149                                " but OSS capabilities are not enabled: %d.\n",
 150                                client, obd->obd_name, mdt->mdt_opts.mo_oss_capa);
 151                         RETURN(-EACCES);
 152                 }
 153         } else {
 154                 if (req->rq_auth_uid == INVALID_UID) {
 155                         CDEBUG(D_SEC, "client %s -> target %s: user is not "
 156                                "authenticated!\n", client, obd->obd_name);
 157                         RETURN(-EACCES);
 158                 }
 159         }
 160
 161         switch (mdt->mdt_sec_level) {
 162         case LUSTRE_SEC_NONE:
 163                 if (!remote) {
 164                         mdt_init_sec_none(reply, exp);
 165                         break;
 166                 } else {
 167                         CDEBUG(D_SEC, "client %s -> target %s is set as remote, "
 168                                "can not run under security level %d.\n",
 169                                client, obd->obd_name, mdt->mdt_sec_level);
 170                         RETURN(-EACCES);
 171                 }
 172         case LUSTRE_SEC_REMOTE:
 173                 if (!remote)
 174                         mdt_init_sec_none(reply, exp);
 175                 break;
 176         case LUSTRE_SEC_ALL:
 177                 if (!remote) {
 178                         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
 179                                                       OBD_CONNECT_RMT_CLIENT_FORCE);
 180                         if (!mdt->mdt_opts.mo_mds_capa)
 181                                 reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
 182                         if (!mdt->mdt_opts.mo_oss_capa)
 183                                 reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
 184
 185                         cfs_spin_lock(&exp->exp_lock);
 186                         exp->exp_connect_flags = reply->ocd_connect_flags;
 187                         cfs_spin_unlock(&exp->exp_lock);
 188                 }
 189                 break;
 190         default:
 191                 RETURN(-EINVAL);
 192         }
 193
 194         RETURN(rc);
 195 }
 196
 197 int mdt_init_idmap(struct mdt_thread_info *info)
 198 {
 199         struct ptlrpc_request *req = mdt_info_req(info);
 200         struct mdt_export_data *med = mdt_req2med(req);
 201         struct obd_export *exp = req->rq_export;
 202         char *client = libcfs_nid2str(req->rq_peer.nid);
 203         struct obd_device *obd = exp->exp_obd;
 204         int rc = 0;
 205         ENTRY;
 206
 207         if (exp_connect_rmtclient(exp)) {
 208                 cfs_mutex_lock(&med->med_idmap_mutex);
 209                 if (!med->med_idmap)
 210                         med->med_idmap = lustre_idmap_init();
 211                 cfs_mutex_unlock(&med->med_idmap_mutex);
 212
 213                 if (IS_ERR(med->med_idmap)) {
 214                         long err = PTR_ERR(med->med_idmap);
 215
 216                         med->med_idmap = NULL;
 217                         CERROR("client %s -> target %s "
 218                                "failed to init idmap [%ld]!\n",
 219                                client, obd->obd_name, err);
 220                         RETURN(err);
 221                 } else if (!med->med_idmap) {
 222                         CERROR("client %s -> target %s "
 223                                "failed to init(2) idmap!\n",
 224                                client, obd->obd_name);
 225                         RETURN(-ENOMEM);
 226                 }
 227
 228                 CDEBUG(D_SEC, "client %s -> target %s is remote.\n",
 229                        client, obd->obd_name);
 230                 /* NB, MDS_CONNECT establish root idmap too! */
 231                 rc = mdt_handle_idmap(info);
 232         }
 233         RETURN(rc);
 234 }
 235
 236 void mdt_cleanup_idmap(struct mdt_export_data *med)
 237 {
 238         cfs_mutex_lock(&med->med_idmap_mutex);
 239         if (med->med_idmap != NULL) {
 240                 lustre_idmap_fini(med->med_idmap);
 241                 med->med_idmap = NULL;
 242         }
 243         cfs_mutex_unlock(&med->med_idmap_mutex);
 244 }
 245
 246 static inline void mdt_revoke_export_locks(struct obd_export *exp)
 247 {
 248         /* don't revoke locks during recovery */
 249         if (exp->exp_obd->obd_recovering)
 250                 return;
 251
 252         ldlm_revoke_export_locks(exp);
 253 }
 254
 255 int mdt_handle_idmap(struct mdt_thread_info *info)
 256 {
 257         struct ptlrpc_request *req = mdt_info_req(info);
 258         struct mdt_device *mdt = info->mti_mdt;
 259         struct mdt_export_data *med;
 260         struct ptlrpc_user_desc *pud = req->rq_user_desc;
 261         struct md_identity *identity;
 262         __u32 opc;
 263         int rc = 0;
 264         ENTRY;
 265
 266         if (!req->rq_export)
 267                 RETURN(0);
 268
 269         med = mdt_req2med(req);
 270         if (!exp_connect_rmtclient(info->mti_exp))
 271                 RETURN(0);
 272
 273         opc = lustre_msg_get_opc(req->rq_reqmsg);
 274         /* Bypass other opc */
 275         if ((opc != SEC_CTX_INIT) && (opc != SEC_CTX_INIT_CONT) &&
 276             (opc != SEC_CTX_FINI) && (opc != MDS_CONNECT))
 277                 RETURN(0);
 278
 279         LASSERT(med->med_idmap);
 280
 281         if (unlikely(!pud)) {
 282                 CDEBUG(D_SEC, "remote client must run with rq_user_desc "
 283                        "present\n");
 284                 RETURN(-EACCES);
 285         }
 286
 287         if (req->rq_auth_mapped_uid == INVALID_UID) {
 288                 CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
 289                        "/etc/lustre/idmap.conf!\n");
 290                 RETURN(-EACCES);
 291         }
 292
 293         if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
 294                 CDEBUG(D_SEC, "remote client must run with identity_get "
 295                        "enabled!\n");
 296                 RETURN(-EACCES);
 297         }
 298
 299         identity = mdt_identity_get(mdt->mdt_identity_cache,
 300                                     req->rq_auth_mapped_uid);
 301         if (IS_ERR(identity)) {
 302                 CDEBUG(D_SEC, "can't get mdt identity(%u), no mapping added\n",
 303                        req->rq_auth_mapped_uid);
 304                 RETURN(-EACCES);
 305         }
 306
 307         switch (opc) {
 308                 case SEC_CTX_INIT:
 309                 case SEC_CTX_INIT_CONT:
 310                 case MDS_CONNECT:
 311                         rc = lustre_idmap_add(med->med_idmap,
 312                                               pud->pud_uid, identity->mi_uid,
 313                                               pud->pud_gid, identity->mi_gid);
 314                         break;
 315                 case SEC_CTX_FINI:
 316                         rc = lustre_idmap_del(med->med_idmap,
 317                                               pud->pud_uid, identity->mi_uid,
 318                                               pud->pud_gid, identity->mi_gid);
 319                         break;
 320         }
 321
 322         mdt_identity_put(mdt->mdt_identity_cache, identity);
 323
 324         if (rc)
 325                 RETURN(rc);
 326
 327         switch (opc) {
 328                 case SEC_CTX_INIT:
 329                 case SEC_CTX_INIT_CONT:
 330                 case SEC_CTX_FINI:
 331                         mdt_revoke_export_locks(req->rq_export);
 332                         break;
 333         }
 334
 335         RETURN(0);
 336 }
 337
 338 int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req,
 339                               struct ptlrpc_user_desc *pud)
 340 {
 341         struct mdt_export_data    *med = mdt_req2med(req);
 342         struct lustre_idmap_table *idmap = med->med_idmap;
 343         uid_t uid, fsuid;
 344         gid_t gid, fsgid;
 345
 346         /* Only remote client need desc_to_idmap. */
 347         if (!exp_connect_rmtclient(req->rq_export))
 348                 return 0;
 349
 350         uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid);
 351         if (uid == CFS_IDMAP_NOTFOUND) {
 352                 CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid);
 353                 return -EACCES;
 354         }
 355
 356         if (pud->pud_uid == pud->pud_fsuid) {
 357                 fsuid = uid;
 358         } else {
 359                 fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid);
 360                 if (fsuid == CFS_IDMAP_NOTFOUND) {
 361                         CDEBUG(D_SEC, "no mapping for fsuid %u\n",
 362                                pud->pud_fsuid);
 363                         return -EACCES;
 364                 }
 365         }
 366
 367         gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid);
 368         if (gid == CFS_IDMAP_NOTFOUND) {
 369                 CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid);
 370                 return -EACCES;
 371         }
 372
 373         if (pud->pud_gid == pud->pud_fsgid) {
 374                 fsgid = gid;
 375         } else {
 376                 fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid);
 377                 if (fsgid == CFS_IDMAP_NOTFOUND) {
 378                         CDEBUG(D_SEC, "no mapping for fsgid %u\n",
 379                                pud->pud_fsgid);
 380                         return -EACCES;
 381                 }
 382         }
 383
 384         pud->pud_uid = uid;
 385         pud->pud_gid = gid;
 386         pud->pud_fsuid = fsuid;
 387         pud->pud_fsgid = fsgid;
 388
 389         return 0;
 390 }
 391
 392 /*
 393  * Reverse mapping
 394  */
 395 void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body)
 396 {
 397         struct ptlrpc_request     *req = mdt_info_req(info);
 398         struct md_ucred           *uc = mdt_ucred(info);
 399         struct mdt_export_data    *med = mdt_req2med(req);
 400         struct lustre_idmap_table *idmap = med->med_idmap;
 401
 402         if (!exp_connect_rmtclient(info->mti_exp))
 403                 return;
 404
 405         if (body->valid & OBD_MD_FLUID) {
 406                 uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid);
 407
 408                 if (uid == CFS_IDMAP_NOTFOUND) {
 409                         uid = NOBODY_UID;
 410                         if (body->valid & OBD_MD_FLMODE)
 411                                 body->mode = (body->mode & ~S_IRWXU) |
 412                                              ((body->mode & S_IRWXO) << 6);
 413                 }
 414
 415                 body->uid = uid;
 416         }
 417
 418         if (body->valid & OBD_MD_FLGID) {
 419                 gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid);
 420
 421                 if (gid == CFS_IDMAP_NOTFOUND) {
 422                         gid = NOBODY_GID;
 423                         if (body->valid & OBD_MD_FLMODE)
 424                                 body->mode = (body->mode & ~S_IRWXG) |
 425                                              ((body->mode & S_IRWXO) << 3);
 426                 }
 427
 428                 body->gid = gid;
 429         }
 430 }
 431
 432 /* Do not ignore root_squash for non-setattr case. */
 433 int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op)
 434 {
 435         struct ptlrpc_request     *req = mdt_info_req(info);
 436         struct md_ucred           *uc = mdt_ucred(info);
 437         struct lu_attr            *attr = &info->mti_attr.ma_attr;
 438         struct mdt_export_data    *med = mdt_req2med(req);
 439         struct lustre_idmap_table *idmap = med->med_idmap;
 440
 441         if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
 442                 return -EINVAL;
 443
 444         if (op != REINT_SETATTR) {
 445                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
 446                         attr->la_uid = uc->mu_fsuid;
 447                 /* for S_ISGID, inherit gid from his parent, such work will be
 448                  * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */
 449                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
 450                         attr->la_gid = uc->mu_fsgid;
 451         } else if (exp_connect_rmtclient(info->mti_exp)) {
 452                 /* NB: -1 case will be handled by mdt_fix_attr() later. */
 453                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {
 454                         uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0,
 455                                                             attr->la_uid);
 456
 457                         if (uid == CFS_IDMAP_NOTFOUND) {
 458                                 CDEBUG(D_SEC, "Deny chown to uid %u\n",
 459                                        attr->la_uid);
 460                                 return -EPERM;
 461                         }
 462
 463                         attr->la_uid = uid;
 464                 }
 465                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) {
 466                         gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0,
 467                                                             attr->la_gid);
 468
 469                         if (gid == CFS_IDMAP_NOTFOUND) {
 470                                 CDEBUG(D_SEC, "Deny chown to gid %u\n",
 471                                        attr->la_gid);
 472                                 return -EPERM;
 473                         }
 474
 475                         attr->la_gid = gid;
 476                 }
 477         }
 478
 479         return 0;
 480 }