lustre/obdclass/idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  *
  30  * Copyright (c) 2012, Intel Corporation.
  31  */
  32 /*
  33  * This file is part of Lustre, http://www.lustre.org/
  34  * Lustre is a trademark of Sun Microsystems, Inc.
  35  *
  36  * lustre/obdclass/idmap.c
  37  *
  38  * Lustre user identity mapping.
  39  *
  40  * Author: Fan Yong <fanyong@clusterfs.com>
  41  */
  42
  43 #define DEBUG_SUBSYSTEM S_SEC
  44
  45 #include <libcfs/lucache.h>
  46
  47 #include <lustre_idmap.h>
  48 #include <md_object.h>
  49 #include <obd_support.h>
  50
  51 #define lustre_get_group_info(group_info) do {             \
  52         atomic_inc(&(group_info)->usage);              \
  53 } while (0)
  54
  55 #define lustre_put_group_info(group_info) do {             \
  56         if (atomic_dec_and_test(&(group_info)->usage)) \
  57                 groups_free(group_info);                   \
  58 } while (0)
  59
  60 /*
  61  * groups_search() is copied from linux kernel!
  62  * A simple bsearch.
  63  */
  64 static int lustre_groups_search(struct group_info *group_info,
  65                                 gid_t grp)
  66 {
  67         int left, right;
  68
  69         if (!group_info)
  70                 return 0;
  71
  72         left = 0;
  73         right = group_info->ngroups;
  74         while (left < right) {
  75                 int mid = (left + right) / 2;
  76                 int cmp = grp -
  77                         from_kgid(&init_user_ns, CFS_GROUP_AT(group_info, mid));
  78
  79                 if (cmp > 0)
  80                         left = mid + 1;
  81                 else if (cmp < 0)
  82                         right = mid;
  83                 else
  84                         return 1;
  85         }
  86         return 0;
  87 }
  88
  89 void lustre_groups_from_list(struct group_info *ginfo, gid_t *glist)
  90 {
  91         int i;
  92         int count = ginfo->ngroups;
  93
  94         /* fill group_info from gid array */
  95         for (i = 0; i < ginfo->nblocks && count > 0; i++) {
  96                 int cp_count = min(CFS_NGROUPS_PER_BLOCK, count);
  97                 int off = i * CFS_NGROUPS_PER_BLOCK;
  98                 int len = cp_count * sizeof(*glist);
  99
 100                 memcpy(ginfo->blocks[i], glist + off, len);
 101                 count -= cp_count;
 102         }
 103 }
 104 EXPORT_SYMBOL(lustre_groups_from_list);
 105
 106 /* groups_sort() is copied from linux kernel! */
 107 /* a simple shell-metzner sort */
 108 void lustre_groups_sort(struct group_info *group_info)
 109 {
 110         int base, max, stride;
 111         int gidsetsize = group_info->ngroups;
 112
 113         for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
 114                 ; /* nothing */
 115         stride /= 3;
 116
 117         while (stride) {
 118                 max = gidsetsize - stride;
 119                 for (base = 0; base < max; base++) {
 120                         int left = base;
 121                         int right = left + stride;
 122                         gid_t tmp = from_kgid(&init_user_ns,
 123                                               CFS_GROUP_AT(group_info, right));
 124
 125                         while (left >= 0 &&
 126                                tmp < from_kgid(&init_user_ns,
 127                                                CFS_GROUP_AT(group_info, left))) {
 128                                 CFS_GROUP_AT(group_info, right) =
 129                                         CFS_GROUP_AT(group_info, left);
 130                                 right = left;
 131                                 left -= stride;
 132                         }
 133                         CFS_GROUP_AT(group_info, right) =
 134                                                 make_kgid(&init_user_ns, tmp);
 135                 }
 136                 stride /= 3;
 137         }
 138 }
 139 EXPORT_SYMBOL(lustre_groups_sort);
 140
 141 int lustre_in_group_p(struct lu_ucred *mu, gid_t grp)
 142 {
 143         int rc = 1;
 144
 145         if (grp != mu->uc_fsgid) {
 146                 struct group_info *group_info = NULL;
 147
 148                 if (mu->uc_ginfo || !mu->uc_identity ||
 149                     mu->uc_valid == UCRED_OLD)
 150                         if (grp == mu->uc_suppgids[0] ||
 151                             grp == mu->uc_suppgids[1])
 152                                 return 1;
 153
 154                 if (mu->uc_ginfo)
 155                         group_info = mu->uc_ginfo;
 156                 else if (mu->uc_identity)
 157                         group_info = mu->uc_identity->mi_ginfo;
 158
 159                 if (!group_info)
 160                         return 0;
 161
 162                 lustre_get_group_info(group_info);
 163                 rc = lustre_groups_search(group_info, grp);
 164                 lustre_put_group_info(group_info);
 165         }
 166         return rc;
 167 }
 168 EXPORT_SYMBOL(lustre_in_group_p);
 169
 170 struct lustre_idmap_entry {
 171         cfs_list_t       lie_rmt_uid_hash; /* hashed as lie_rmt_uid; */
 172         cfs_list_t       lie_lcl_uid_hash; /* hashed as lie_lcl_uid; */
 173         cfs_list_t       lie_rmt_gid_hash; /* hashed as lie_rmt_gid; */
 174         cfs_list_t       lie_lcl_gid_hash; /* hashed as lie_lcl_gid; */
 175         uid_t            lie_rmt_uid;      /* remote uid */
 176         uid_t            lie_lcl_uid;      /* local uid */
 177         gid_t            lie_rmt_gid;      /* remote gid */
 178         gid_t            lie_lcl_gid;      /* local gid */
 179 };
 180
 181 static inline __u32 lustre_idmap_hashfunc(__u32 id)
 182 {
 183         return id & (CFS_IDMAP_HASHSIZE - 1);
 184 }
 185
 186 static
 187 struct lustre_idmap_entry *idmap_entry_alloc(uid_t rmt_uid, uid_t lcl_uid,
 188                                              gid_t rmt_gid, gid_t lcl_gid)
 189 {
 190         struct lustre_idmap_entry *e;
 191
 192         OBD_ALLOC_PTR(e);
 193         if (e == NULL)
 194                 return NULL;
 195
 196         CFS_INIT_LIST_HEAD(&e->lie_rmt_uid_hash);
 197         CFS_INIT_LIST_HEAD(&e->lie_lcl_uid_hash);
 198         CFS_INIT_LIST_HEAD(&e->lie_rmt_gid_hash);
 199         CFS_INIT_LIST_HEAD(&e->lie_lcl_gid_hash);
 200         e->lie_rmt_uid = rmt_uid;
 201         e->lie_lcl_uid = lcl_uid;
 202         e->lie_rmt_gid = rmt_gid;
 203         e->lie_lcl_gid = lcl_gid;
 204
 205         return e;
 206 }
 207
 208 static void idmap_entry_free(struct lustre_idmap_entry *e)
 209 {
 210         if (!cfs_list_empty(&e->lie_rmt_uid_hash))
 211                 cfs_list_del(&e->lie_rmt_uid_hash);
 212         if (!cfs_list_empty(&e->lie_lcl_uid_hash))
 213                 cfs_list_del(&e->lie_lcl_uid_hash);
 214         if (!cfs_list_empty(&e->lie_rmt_gid_hash))
 215                 cfs_list_del(&e->lie_rmt_gid_hash);
 216         if (!cfs_list_empty(&e->lie_lcl_gid_hash))
 217                 cfs_list_del(&e->lie_lcl_gid_hash);
 218         OBD_FREE_PTR(e);
 219 }
 220
 221 /*
 222  * return value
 223  * NULL: not found entry
 224  * ERR_PTR(-EACCES): found 1(remote):N(local) mapped entry
 225  * others: found normal entry
 226  */
 227 static
 228 struct lustre_idmap_entry *idmap_search_entry(struct lustre_idmap_table *t,
 229                                               uid_t rmt_uid, uid_t lcl_uid,
 230                                               gid_t rmt_gid, gid_t lcl_gid)
 231 {
 232         cfs_list_t *head;
 233         struct lustre_idmap_entry *e;
 234
 235         head = &t->lit_idmaps[RMT_UIDMAP_IDX][lustre_idmap_hashfunc(rmt_uid)];
 236         cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 237                 if (e->lie_rmt_uid == rmt_uid) {
 238                         if (e->lie_lcl_uid == lcl_uid) {
 239                                 if (e->lie_rmt_gid == rmt_gid &&
 240                                     e->lie_lcl_gid == lcl_gid)
 241                                         /* must be quaternion match */
 242                                         return e;
 243                         } else {
 244                                 /* 1:N uid mapping */
 245                                 CERROR("rmt uid %u already be mapped to %u"
 246                                        " (new %u)\n", e->lie_rmt_uid,
 247                                        e->lie_lcl_uid, lcl_uid);
 248                                 return ERR_PTR(-EACCES);
 249                         }
 250                 }
 251
 252         head = &t->lit_idmaps[RMT_GIDMAP_IDX][lustre_idmap_hashfunc(rmt_gid)];
 253         cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 254                 if (e->lie_rmt_gid == rmt_gid) {
 255                         if (e->lie_lcl_gid == lcl_gid) {
 256                                 if (unlikely(e->lie_rmt_uid == rmt_uid &&
 257                                     e->lie_lcl_uid == lcl_uid))
 258                                         /* after uid mapping search above,
 259                                          * we should never come here */
 260                                         LBUG();
 261                         } else {
 262                                 /* 1:N gid mapping */
 263                                 CERROR("rmt gid %u already be mapped to %u"
 264                                        " (new %u)\n", e->lie_rmt_gid,
 265                                        e->lie_lcl_gid, lcl_gid);
 266                                 return ERR_PTR(-EACCES);
 267                         }
 268                 }
 269
 270         return NULL;
 271 }
 272
 273 static __u32 idmap_lookup_uid(cfs_list_t *hash, int reverse,
 274                               __u32 uid)
 275 {
 276         cfs_list_t *head = &hash[lustre_idmap_hashfunc(uid)];
 277         struct lustre_idmap_entry *e;
 278
 279         if (!reverse) {
 280                 cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 281                         if (e->lie_rmt_uid == uid)
 282                                 return e->lie_lcl_uid;
 283         } else {
 284                 cfs_list_for_each_entry(e, head, lie_lcl_uid_hash)
 285                         if (e->lie_lcl_uid == uid)
 286                                 return e->lie_rmt_uid;
 287         }
 288
 289         return CFS_IDMAP_NOTFOUND;
 290 }
 291
 292 static __u32 idmap_lookup_gid(cfs_list_t *hash, int reverse, __u32 gid)
 293 {
 294         cfs_list_t *head = &hash[lustre_idmap_hashfunc(gid)];
 295         struct lustre_idmap_entry *e;
 296
 297         if (!reverse) {
 298                 cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 299                         if (e->lie_rmt_gid == gid)
 300                                 return e->lie_lcl_gid;
 301         } else {
 302                 cfs_list_for_each_entry(e, head, lie_lcl_gid_hash)
 303                         if (e->lie_lcl_gid == gid)
 304                                 return e->lie_rmt_gid;
 305         }
 306
 307         return CFS_IDMAP_NOTFOUND;
 308 }
 309
 310 int lustre_idmap_add(struct lustre_idmap_table *t,
 311                      uid_t ruid, uid_t luid,
 312                      gid_t rgid, gid_t lgid)
 313 {
 314         struct lustre_idmap_entry *e0, *e1;
 315
 316         LASSERT(t);
 317
 318         spin_lock(&t->lit_lock);
 319         e0 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 320         spin_unlock(&t->lit_lock);
 321         if (!e0) {
 322                 e0 = idmap_entry_alloc(ruid, luid, rgid, lgid);
 323                 if (!e0)
 324                         return -ENOMEM;
 325
 326                 spin_lock(&t->lit_lock);
 327                 e1 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 328                 if (e1 == NULL) {
 329                         cfs_list_add_tail(&e0->lie_rmt_uid_hash,
 330                                           &t->lit_idmaps[RMT_UIDMAP_IDX]
 331                                           [lustre_idmap_hashfunc(ruid)]);
 332                         cfs_list_add_tail(&e0->lie_lcl_uid_hash,
 333                                           &t->lit_idmaps[LCL_UIDMAP_IDX]
 334                                           [lustre_idmap_hashfunc(luid)]);
 335                         cfs_list_add_tail(&e0->lie_rmt_gid_hash,
 336                                           &t->lit_idmaps[RMT_GIDMAP_IDX]
 337                                           [lustre_idmap_hashfunc(rgid)]);
 338                         cfs_list_add_tail(&e0->lie_lcl_gid_hash,
 339                                           &t->lit_idmaps[LCL_GIDMAP_IDX]
 340                                           [lustre_idmap_hashfunc(lgid)]);
 341                 }
 342                 spin_unlock(&t->lit_lock);
 343                 if (e1 != NULL) {
 344                         idmap_entry_free(e0);
 345                         if (IS_ERR(e1))
 346                                 return PTR_ERR(e1);
 347                 }
 348         } else if (IS_ERR(e0)) {
 349                 return PTR_ERR(e0);
 350         }
 351
 352         return 0;
 353 }
 354 EXPORT_SYMBOL(lustre_idmap_add);
 355
 356 int lustre_idmap_del(struct lustre_idmap_table *t,
 357                     uid_t ruid, uid_t luid,
 358                     gid_t rgid, gid_t lgid)
 359 {
 360         struct lustre_idmap_entry *e;
 361         int rc = 0;
 362
 363         LASSERT(t);
 364
 365         spin_lock(&t->lit_lock);
 366         e = idmap_search_entry(t, ruid, luid, rgid, lgid);
 367         if (IS_ERR(e))
 368                 rc = PTR_ERR(e);
 369         else if (e)
 370                 idmap_entry_free(e);
 371         spin_unlock(&t->lit_lock);
 372
 373         return rc;
 374 }
 375 EXPORT_SYMBOL(lustre_idmap_del);
 376
 377 int lustre_idmap_lookup_uid(struct lu_ucred *mu,
 378                             struct lustre_idmap_table *t,
 379                             int reverse, uid_t uid)
 380 {
 381         cfs_list_t *hash;
 382
 383         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 384                 if (!reverse) {
 385                         if (uid == mu->uc_o_uid)
 386                                 return mu->uc_uid;
 387                         else if (uid == mu->uc_o_fsuid)
 388                                 return mu->uc_fsuid;
 389                 } else {
 390                         if (uid == mu->uc_uid)
 391                                 return mu->uc_o_uid;
 392                         else if (uid == mu->uc_fsuid)
 393                                 return mu->uc_o_fsuid;
 394                 }
 395         }
 396
 397         if (t == NULL)
 398                 return CFS_IDMAP_NOTFOUND;
 399
 400         hash = t->lit_idmaps[reverse ? LCL_UIDMAP_IDX : RMT_UIDMAP_IDX];
 401
 402         spin_lock(&t->lit_lock);
 403         uid = idmap_lookup_uid(hash, reverse, uid);
 404         spin_unlock(&t->lit_lock);
 405
 406         return uid;
 407 }
 408 EXPORT_SYMBOL(lustre_idmap_lookup_uid);
 409
 410 int lustre_idmap_lookup_gid(struct lu_ucred *mu, struct lustre_idmap_table *t,
 411                             int reverse, gid_t gid)
 412 {
 413         cfs_list_t *hash;
 414
 415         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 416                 if (!reverse) {
 417                         if (gid == mu->uc_o_gid)
 418                                 return mu->uc_gid;
 419                         else if (gid == mu->uc_o_fsgid)
 420                                 return mu->uc_fsgid;
 421                 } else {
 422                         if (gid == mu->uc_gid)
 423                                 return mu->uc_o_gid;
 424                         else if (gid == mu->uc_fsgid)
 425                                 return mu->uc_o_fsgid;
 426                 }
 427         }
 428
 429         if (t == NULL)
 430                 return CFS_IDMAP_NOTFOUND;
 431
 432         hash = t->lit_idmaps[reverse ? LCL_GIDMAP_IDX : RMT_GIDMAP_IDX];
 433
 434         spin_lock(&t->lit_lock);
 435         gid = idmap_lookup_gid(hash, reverse, gid);
 436         spin_unlock(&t->lit_lock);
 437
 438         return gid;
 439 }
 440 EXPORT_SYMBOL(lustre_idmap_lookup_gid);
 441
 442 struct lustre_idmap_table *lustre_idmap_init(void)
 443 {
 444         struct lustre_idmap_table *t;
 445         int i, j;
 446
 447         OBD_ALLOC_PTR(t);
 448         if(unlikely(t == NULL))
 449                 return (ERR_PTR(-ENOMEM));
 450
 451         spin_lock_init(&t->lit_lock);
 452         for (i = 0; i < ARRAY_SIZE(t->lit_idmaps); i++)
 453                 for (j = 0; j < ARRAY_SIZE(t->lit_idmaps[i]); j++)
 454                         CFS_INIT_LIST_HEAD(&t->lit_idmaps[i][j]);
 455
 456         return t;
 457 }
 458 EXPORT_SYMBOL(lustre_idmap_init);
 459
 460 void lustre_idmap_fini(struct lustre_idmap_table *t)
 461 {
 462         cfs_list_t *list;
 463         struct lustre_idmap_entry *e;
 464         int i;
 465         LASSERT(t);
 466
 467         list = t->lit_idmaps[RMT_UIDMAP_IDX];
 468         spin_lock(&t->lit_lock);
 469         for (i = 0; i < CFS_IDMAP_HASHSIZE; i++)
 470                 while (!cfs_list_empty(&list[i])) {
 471                         e = cfs_list_entry(list[i].next,
 472                                            struct lustre_idmap_entry,
 473                                            lie_rmt_uid_hash);
 474                         idmap_entry_free(e);
 475                 }
 476         spin_unlock(&t->lit_lock);
 477
 478         OBD_FREE_PTR(t);
 479 }
 480 EXPORT_SYMBOL(lustre_idmap_fini);