lustre/mdt/mdt_idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  *
  30  * Copyright (c) 2012, Intel Corporation.
  31  */
  32 /*
  33  * This file is part of Lustre, http://www.lustre.org/
  34  * Lustre is a trademark of Sun Microsystems, Inc.
  35  *
  36  * lustre/mdt/mdt_idmap.c
  37  *
  38  * Author: Lai Siyao <lsy@clusterfs.com>
  39  * Author: Fan Yong <fanyong@clusterfs.com>
  40  */
  41
  42 #define DEBUG_SUBSYSTEM S_MDS
  43
  44 #include <linux/module.h>
  45 #include <linux/kernel.h>
  46 #include <linux/mm.h>
  47 #include <linux/kmod.h>
  48 #include <linux/string.h>
  49 #include <linux/stat.h>
  50 #include <linux/errno.h>
  51 #include <linux/version.h>
  52 #include <linux/unistd.h>
  53 #include <asm/uaccess.h>
  54 #include <linux/fs.h>
  55 #include <linux/stat.h>
  56 #include <asm/uaccess.h>
  57 #include <linux/slab.h>
  58
  59 #include <libcfs/libcfs.h>
  60 #include <libcfs/lucache.h>
  61 #include <obd.h>
  62 #include <obd_class.h>
  63 #include <obd_support.h>
  64 #include <lustre_net.h>
  65 #include <lustre_import.h>
  66 #include <lustre_dlm.h>
  67 #include <lustre_sec.h>
  68 #include <lustre_lib.h>
  69
  70 #include "mdt_internal.h"
  71
  72 #define mdt_init_sec_none(reply, exp)                                   \
  73 do {                                                                    \
  74         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |          \
  75                                       OBD_CONNECT_RMT_CLIENT_FORCE |    \
  76                                       OBD_CONNECT_MDS_CAPA |            \
  77                                       OBD_CONNECT_OSS_CAPA);            \
  78 } while (0)
  79
  80 int mdt_init_sec_level(struct mdt_thread_info *info)
  81 {
  82         struct mdt_device *mdt = info->mti_mdt;
  83         struct ptlrpc_request *req = mdt_info_req(info);
  84         char *client = libcfs_nid2str(req->rq_peer.nid);
  85         struct obd_connect_data *data, *reply;
  86         int rc = 0, remote;
  87         ENTRY;
  88
  89         data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA);
  90         reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA);
  91         if (data == NULL || reply == NULL)
  92                 RETURN(-EFAULT);
  93
  94         /* connection from MDT is always trusted */
  95         if (req->rq_auth_usr_mdt) {
  96                 mdt_init_sec_none(reply, exp);
  97                 RETURN(0);
  98         }
  99
 100         /* no GSS support case */
 101         if (!req->rq_auth_gss) {
 102                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 103                         CWARN("%s: client %s -> target %s does not user GSS, "
 104                               "can not run under security level %d.\n",
 105                               mdt_obd_name(mdt), client, mdt_obd_name(mdt),
 106                               mdt->mdt_sec_level);
 107                         RETURN(-EACCES);
 108                 } else {
 109                         mdt_init_sec_none(reply, exp);
 110                         RETURN(0);
 111                 }
 112         }
 113
 114         /* old version case */
 115         if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) ||
 116                      !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) ||
 117                      !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) {
 118                 if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
 119                         CWARN("%s: client %s -> target %s uses old version, "
 120                               "can not run under security level %d.\n",
 121                               mdt_obd_name(mdt), client, mdt_obd_name(mdt),
 122                               mdt->mdt_sec_level);
 123                         RETURN(-EACCES);
 124                 } else {
 125                         CWARN("%s: client %s -> target %s uses old version, "
 126                               "run under security level %d.\n",
 127                               mdt_obd_name(mdt), client, mdt_obd_name(mdt),
 128                               mdt->mdt_sec_level);
 129                         mdt_init_sec_none(reply, exp);
 130                         RETURN(0);
 131                 }
 132         }
 133
 134         remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE;
 135         if (remote) {
 136                 if (!req->rq_auth_remote)
 137                         CDEBUG(D_SEC, "%s: client (local realm) %s -> "
 138                                "target %s asked to be remote.\n",
 139                                mdt_obd_name(mdt), client, mdt_obd_name(mdt));
 140         } else if (req->rq_auth_remote) {
 141                 remote = 1;
 142                 CDEBUG(D_SEC, "%s: client (remote realm) %s -> "
 143                        "target %s is set as remote by default.\n",
 144                        mdt_obd_name(mdt), client, mdt_obd_name(mdt));
 145         }
 146
 147         if (remote) {
 148                 if (!mdt->mdt_opts.mo_oss_capa) {
 149                         CDEBUG(D_SEC, "%s: client %s -> target %s is set as "
 150                                "remote,but OSS capabilities are not enabled: "
 151                                "%d.\n",
 152                                mdt_obd_name(mdt), client, mdt_obd_name(mdt),
 153                                mdt->mdt_opts.mo_oss_capa);
 154                         RETURN(-EACCES);
 155                 }
 156         } else {
 157                 if (req->rq_auth_uid == INVALID_UID) {
 158                         CDEBUG(D_SEC, "%s: client %s -> target %s: user is not "
 159                                "authenticated!\n",
 160                                mdt_obd_name(mdt), client, mdt_obd_name(mdt));
 161                         RETURN(-EACCES);
 162                 }
 163         }
 164
 165         switch (mdt->mdt_sec_level) {
 166         case LUSTRE_SEC_NONE:
 167                 if (!remote) {
 168                         mdt_init_sec_none(reply, exp);
 169                         break;
 170                 } else {
 171                         CDEBUG(D_SEC, "%s: client %s -> target %s is set as "
 172                                "remote, can not run under security level %d.\n",
 173                                mdt_obd_name(mdt), client, mdt_obd_name(mdt),
 174                                mdt->mdt_sec_level);
 175                         RETURN(-EACCES);
 176                 }
 177         case LUSTRE_SEC_REMOTE:
 178                 if (!remote)
 179                         mdt_init_sec_none(reply, exp);
 180                 break;
 181         case LUSTRE_SEC_ALL:
 182                 if (!remote) {
 183                         reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
 184                                                       OBD_CONNECT_RMT_CLIENT_FORCE);
 185                         if (!mdt->mdt_opts.mo_mds_capa)
 186                                 reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
 187                         if (!mdt->mdt_opts.mo_oss_capa)
 188                                 reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
 189                 }
 190                 break;
 191         default:
 192                 RETURN(-EINVAL);
 193         }
 194
 195         RETURN(rc);
 196 }
 197
 198 int mdt_init_idmap(struct mdt_thread_info *info)
 199 {
 200         struct ptlrpc_request *req = mdt_info_req(info);
 201         struct mdt_export_data *med = mdt_req2med(req);
 202         struct obd_export *exp = req->rq_export;
 203         char *client = libcfs_nid2str(req->rq_peer.nid);
 204         int rc = 0;
 205         ENTRY;
 206
 207         if (exp_connect_rmtclient(exp)) {
 208                 mutex_lock(&med->med_idmap_mutex);
 209                 if (!med->med_idmap)
 210                         med->med_idmap = lustre_idmap_init();
 211                 mutex_unlock(&med->med_idmap_mutex);
 212
 213                 if (IS_ERR(med->med_idmap)) {
 214                         long err = PTR_ERR(med->med_idmap);
 215
 216                         med->med_idmap = NULL;
 217                         CERROR("%s: client %s -> target %s "
 218                                "failed to init idmap [%ld]!\n",
 219                                mdt_obd_name(info->mti_mdt), client,
 220                                mdt_obd_name(info->mti_mdt), err);
 221                         RETURN(err);
 222                 } else if (!med->med_idmap) {
 223                         CERROR("%s: client %s -> target %s "
 224                                "failed to init(2) idmap!\n",
 225                                mdt_obd_name(info->mti_mdt), client,
 226                                mdt_obd_name(info->mti_mdt));
 227                         RETURN(-ENOMEM);
 228                 }
 229
 230                 CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n",
 231                         mdt_obd_name(info->mti_mdt), client,
 232                         mdt_obd_name(info->mti_mdt));
 233                 /* NB, MDS_CONNECT establish root idmap too! */
 234                 rc = mdt_handle_idmap(info);
 235         }
 236         RETURN(rc);
 237 }
 238
 239 void mdt_cleanup_idmap(struct mdt_export_data *med)
 240 {
 241         mutex_lock(&med->med_idmap_mutex);
 242         if (med->med_idmap != NULL) {
 243                 lustre_idmap_fini(med->med_idmap);
 244                 med->med_idmap = NULL;
 245         }
 246         mutex_unlock(&med->med_idmap_mutex);
 247 }
 248
 249 static inline void mdt_revoke_export_locks(struct obd_export *exp)
 250 {
 251         /* don't revoke locks during recovery */
 252         if (exp->exp_obd->obd_recovering)
 253                 return;
 254
 255         ldlm_revoke_export_locks(exp);
 256 }
 257
 258 int mdt_handle_idmap(struct mdt_thread_info *info)
 259 {
 260         struct ptlrpc_request *req = mdt_info_req(info);
 261         struct mdt_device *mdt = info->mti_mdt;
 262         struct mdt_export_data *med;
 263         struct ptlrpc_user_desc *pud = req->rq_user_desc;
 264         struct md_identity *identity;
 265         __u32 opc;
 266         int rc = 0;
 267         ENTRY;
 268
 269         if (!req->rq_export)
 270                 RETURN(0);
 271
 272         med = mdt_req2med(req);
 273         if (!exp_connect_rmtclient(info->mti_exp))
 274                 RETURN(0);
 275
 276         opc = lustre_msg_get_opc(req->rq_reqmsg);
 277         /* Bypass other opc */
 278         if ((opc != SEC_CTX_INIT) && (opc != SEC_CTX_INIT_CONT) &&
 279             (opc != SEC_CTX_FINI) && (opc != MDS_CONNECT))
 280                 RETURN(0);
 281
 282         LASSERT(med->med_idmap);
 283
 284         if (unlikely(!pud)) {
 285                 CDEBUG(D_SEC, "remote client must run with rq_user_desc "
 286                        "present\n");
 287                 RETURN(-EACCES);
 288         }
 289
 290         if (req->rq_auth_mapped_uid == INVALID_UID) {
 291                 CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
 292                        "/etc/lustre/idmap.conf!\n");
 293                 RETURN(-EACCES);
 294         }
 295
 296         if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
 297                 CDEBUG(D_SEC, "remote client must run with identity_get "
 298                        "enabled!\n");
 299                 RETURN(-EACCES);
 300         }
 301
 302         identity = mdt_identity_get(mdt->mdt_identity_cache,
 303                                     req->rq_auth_mapped_uid);
 304         if (IS_ERR(identity)) {
 305                 CDEBUG(D_SEC, "can't get mdt identity(%u), no mapping added\n",
 306                        req->rq_auth_mapped_uid);
 307                 RETURN(-EACCES);
 308         }
 309
 310         switch (opc) {
 311                 case SEC_CTX_INIT:
 312                 case SEC_CTX_INIT_CONT:
 313                 case MDS_CONNECT:
 314                         rc = lustre_idmap_add(med->med_idmap,
 315                                               pud->pud_uid, identity->mi_uid,
 316                                               pud->pud_gid, identity->mi_gid);
 317                         break;
 318                 case SEC_CTX_FINI:
 319                         rc = lustre_idmap_del(med->med_idmap,
 320                                               pud->pud_uid, identity->mi_uid,
 321                                               pud->pud_gid, identity->mi_gid);
 322                         break;
 323         }
 324
 325         mdt_identity_put(mdt->mdt_identity_cache, identity);
 326
 327         if (rc)
 328                 RETURN(rc);
 329
 330         switch (opc) {
 331                 case SEC_CTX_INIT:
 332                 case SEC_CTX_INIT_CONT:
 333                 case SEC_CTX_FINI:
 334                         mdt_revoke_export_locks(req->rq_export);
 335                         break;
 336         }
 337
 338         RETURN(0);
 339 }
 340
 341 int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req,
 342                               struct ptlrpc_user_desc *pud)
 343 {
 344         struct mdt_export_data    *med = mdt_req2med(req);
 345         struct lustre_idmap_table *idmap = med->med_idmap;
 346         uid_t uid, fsuid;
 347         gid_t gid, fsgid;
 348
 349         /* Only remote client need desc_to_idmap. */
 350         if (!exp_connect_rmtclient(req->rq_export))
 351                 return 0;
 352
 353         uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid);
 354         if (uid == CFS_IDMAP_NOTFOUND) {
 355                 CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid);
 356                 return -EACCES;
 357         }
 358
 359         if (pud->pud_uid == pud->pud_fsuid) {
 360                 fsuid = uid;
 361         } else {
 362                 fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid);
 363                 if (fsuid == CFS_IDMAP_NOTFOUND) {
 364                         CDEBUG(D_SEC, "no mapping for fsuid %u\n",
 365                                pud->pud_fsuid);
 366                         return -EACCES;
 367                 }
 368         }
 369
 370         gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid);
 371         if (gid == CFS_IDMAP_NOTFOUND) {
 372                 CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid);
 373                 return -EACCES;
 374         }
 375
 376         if (pud->pud_gid == pud->pud_fsgid) {
 377                 fsgid = gid;
 378         } else {
 379                 fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid);
 380                 if (fsgid == CFS_IDMAP_NOTFOUND) {
 381                         CDEBUG(D_SEC, "no mapping for fsgid %u\n",
 382                                pud->pud_fsgid);
 383                         return -EACCES;
 384                 }
 385         }
 386
 387         pud->pud_uid = uid;
 388         pud->pud_gid = gid;
 389         pud->pud_fsuid = fsuid;
 390         pud->pud_fsgid = fsgid;
 391
 392         return 0;
 393 }
 394
 395 /*
 396  * Reverse mapping
 397  */
 398 void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body)
 399 {
 400         struct ptlrpc_request     *req = mdt_info_req(info);
 401         struct lu_ucred           *uc = mdt_ucred(info);
 402         struct mdt_export_data    *med = mdt_req2med(req);
 403         struct lustre_idmap_table *idmap = med->med_idmap;
 404
 405         if (!exp_connect_rmtclient(info->mti_exp))
 406                 return;
 407
 408         if (body->valid & OBD_MD_FLUID) {
 409                 uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid);
 410
 411                 if (uid == CFS_IDMAP_NOTFOUND) {
 412                         uid = NOBODY_UID;
 413                         if (body->valid & OBD_MD_FLMODE)
 414                                 body->mode = (body->mode & ~S_IRWXU) |
 415                                              ((body->mode & S_IRWXO) << 6);
 416                 }
 417
 418                 body->uid = uid;
 419         }
 420
 421         if (body->valid & OBD_MD_FLGID) {
 422                 gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid);
 423
 424                 if (gid == CFS_IDMAP_NOTFOUND) {
 425                         gid = NOBODY_GID;
 426                         if (body->valid & OBD_MD_FLMODE)
 427                                 body->mode = (body->mode & ~S_IRWXG) |
 428                                              ((body->mode & S_IRWXO) << 3);
 429                 }
 430
 431                 body->gid = gid;
 432         }
 433 }
 434
 435 /* Do not ignore root_squash for non-setattr case. */
 436 int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op)
 437 {
 438         struct ptlrpc_request     *req = mdt_info_req(info);
 439         struct lu_ucred           *uc = mdt_ucred_check(info);
 440         struct lu_attr            *attr = &info->mti_attr.ma_attr;
 441         struct mdt_export_data    *med = mdt_req2med(req);
 442         struct lustre_idmap_table *idmap = med->med_idmap;
 443
 444         if (uc == NULL)
 445                 return -EINVAL;
 446
 447         if (op != REINT_SETATTR) {
 448                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
 449                         attr->la_uid = uc->uc_fsuid;
 450                 /* for S_ISGID, inherit gid from his parent, such work will be
 451                  * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */
 452                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
 453                         attr->la_gid = uc->uc_fsgid;
 454         } else if (exp_connect_rmtclient(info->mti_exp)) {
 455                 /* NB: -1 case will be handled by mdt_fix_attr() later. */
 456                 if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {
 457                         uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0,
 458                                                             attr->la_uid);
 459
 460                         if (uid == CFS_IDMAP_NOTFOUND) {
 461                                 CDEBUG(D_SEC, "Deny chown to uid %u\n",
 462                                        attr->la_uid);
 463                                 return -EPERM;
 464                         }
 465
 466                         attr->la_uid = uid;
 467                 }
 468                 if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) {
 469                         gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0,
 470                                                             attr->la_gid);
 471
 472                         if (gid == CFS_IDMAP_NOTFOUND) {
 473                                 CDEBUG(D_SEC, "Deny chown to gid %u\n",
 474                                        attr->la_gid);
 475                                 return -EPERM;
 476                         }
 477
 478                         attr->la_gid = gid;
 479                 }
 480         }
 481
 482         return 0;
 483 }