lustre/obdclass/idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  */
  30 /*
  31  * This file is part of Lustre, http://www.lustre.org/
  32  * Lustre is a trademark of Sun Microsystems, Inc.
  33  *
  34  * lustre/obdclass/idmap.c
  35  *
  36  * Lustre user identity mapping.
  37  *
  38  * Author: Fan Yong <fanyong@clusterfs.com>
  39  */
  40
  41 #ifndef EXPORT_SYMTAB
  42 # define EXPORT_SYMTAB
  43 #endif
  44
  45 #define DEBUG_SUBSYSTEM S_SEC
  46
  47 #include <lustre_idmap.h>
  48 #include <obd_support.h>
  49
  50 #define lustre_get_group_info(group_info) do {             \
  51         cfs_atomic_inc(&(group_info)->usage);              \
  52 } while (0)
  53
  54 #define lustre_put_group_info(group_info) do {             \
  55         if (cfs_atomic_dec_and_test(&(group_info)->usage)) \
  56                 cfs_groups_free(group_info);               \
  57 } while (0)
  58
  59 /*
  60  * groups_search() is copied from linux kernel!
  61  * A simple bsearch.
  62  */
  63 static int lustre_groups_search(cfs_group_info_t *group_info,
  64                                 gid_t grp)
  65 {
  66         int left, right;
  67
  68         if (!group_info)
  69                 return 0;
  70
  71         left = 0;
  72         right = group_info->ngroups;
  73         while (left < right) {
  74                 int mid = (left + right) / 2;
  75                 int cmp = grp - CFS_GROUP_AT(group_info, mid);
  76
  77                 if (cmp > 0)
  78                         left = mid + 1;
  79                 else if (cmp < 0)
  80                         right = mid;
  81                 else
  82                         return 1;
  83         }
  84         return 0;
  85 }
  86
  87 void lustre_groups_from_list(cfs_group_info_t *ginfo, gid_t *glist)
  88 {
  89         int i;
  90         int count = ginfo->ngroups;
  91
  92         /* fill group_info from gid array */
  93         for (i = 0; i < ginfo->nblocks && count > 0; i++) {
  94                 int cp_count = min(CFS_NGROUPS_PER_BLOCK, count);
  95                 int off = i * CFS_NGROUPS_PER_BLOCK;
  96                 int len = cp_count * sizeof(*glist);
  97
  98                 memcpy(ginfo->blocks[i], glist + off, len);
  99                 count -= cp_count;
 100         }
 101 }
 102 EXPORT_SYMBOL(lustre_groups_from_list);
 103
 104 /* groups_sort() is copied from linux kernel! */
 105 /* a simple shell-metzner sort */
 106 void lustre_groups_sort(cfs_group_info_t *group_info)
 107 {
 108         int base, max, stride;
 109         int gidsetsize = group_info->ngroups;
 110
 111         for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
 112                 ; /* nothing */
 113         stride /= 3;
 114
 115         while (stride) {
 116                 max = gidsetsize - stride;
 117                 for (base = 0; base < max; base++) {
 118                         int left = base;
 119                         int right = left + stride;
 120                         gid_t tmp = CFS_GROUP_AT(group_info, right);
 121
 122                         while (left >= 0 &&
 123                                CFS_GROUP_AT(group_info, left) > tmp) {
 124                                 CFS_GROUP_AT(group_info, right) =
 125                                     CFS_GROUP_AT(group_info, left);
 126                                 right = left;
 127                                 left -= stride;
 128                         }
 129                         CFS_GROUP_AT(group_info, right) = tmp;
 130                 }
 131                 stride /= 3;
 132         }
 133 }
 134 EXPORT_SYMBOL(lustre_groups_sort);
 135
 136 int lustre_in_group_p(struct md_ucred *mu, gid_t grp)
 137 {
 138         int rc = 1;
 139
 140         if (grp != mu->mu_fsgid) {
 141                 cfs_group_info_t *group_info = NULL;
 142
 143                 if (mu->mu_ginfo || !mu->mu_identity ||
 144                     mu->mu_valid == UCRED_OLD)
 145                         if (grp == mu->mu_suppgids[0] ||
 146                             grp == mu->mu_suppgids[1])
 147                                 return 1;
 148
 149                 if (mu->mu_ginfo)
 150                         group_info = mu->mu_ginfo;
 151                 else if (mu->mu_identity)
 152                         group_info = mu->mu_identity->mi_ginfo;
 153
 154                 if (!group_info)
 155                         return 0;
 156
 157                 lustre_get_group_info(group_info);
 158                 rc = lustre_groups_search(group_info, grp);
 159                 lustre_put_group_info(group_info);
 160         }
 161         return rc;
 162 }
 163 EXPORT_SYMBOL(lustre_in_group_p);
 164
 165 struct lustre_idmap_entry {
 166         cfs_list_t       lie_rmt_uid_hash; /* hashed as lie_rmt_uid; */
 167         cfs_list_t       lie_lcl_uid_hash; /* hashed as lie_lcl_uid; */
 168         cfs_list_t       lie_rmt_gid_hash; /* hashed as lie_rmt_gid; */
 169         cfs_list_t       lie_lcl_gid_hash; /* hashed as lie_lcl_gid; */
 170         uid_t            lie_rmt_uid;      /* remote uid */
 171         uid_t            lie_lcl_uid;      /* local uid */
 172         gid_t            lie_rmt_gid;      /* remote gid */
 173         gid_t            lie_lcl_gid;      /* local gid */
 174 };
 175
 176 static inline __u32 lustre_idmap_hashfunc(__u32 id)
 177 {
 178         return id & (CFS_IDMAP_HASHSIZE - 1);
 179 }
 180
 181 static
 182 struct lustre_idmap_entry *idmap_entry_alloc(uid_t rmt_uid, uid_t lcl_uid,
 183                                              gid_t rmt_gid, gid_t lcl_gid)
 184 {
 185         struct lustre_idmap_entry *e;
 186
 187         OBD_ALLOC_PTR(e);
 188         if (e == NULL)
 189                 return NULL;
 190
 191         CFS_INIT_LIST_HEAD(&e->lie_rmt_uid_hash);
 192         CFS_INIT_LIST_HEAD(&e->lie_lcl_uid_hash);
 193         CFS_INIT_LIST_HEAD(&e->lie_rmt_gid_hash);
 194         CFS_INIT_LIST_HEAD(&e->lie_lcl_gid_hash);
 195         e->lie_rmt_uid = rmt_uid;
 196         e->lie_lcl_uid = lcl_uid;
 197         e->lie_rmt_gid = rmt_gid;
 198         e->lie_lcl_gid = lcl_gid;
 199
 200         return e;
 201 }
 202
 203 static void idmap_entry_free(struct lustre_idmap_entry *e)
 204 {
 205         if (!cfs_list_empty(&e->lie_rmt_uid_hash))
 206                 cfs_list_del(&e->lie_rmt_uid_hash);
 207         if (!cfs_list_empty(&e->lie_lcl_uid_hash))
 208                 cfs_list_del(&e->lie_lcl_uid_hash);
 209         if (!cfs_list_empty(&e->lie_rmt_gid_hash))
 210                 cfs_list_del(&e->lie_rmt_gid_hash);
 211         if (!cfs_list_empty(&e->lie_lcl_gid_hash))
 212                 cfs_list_del(&e->lie_lcl_gid_hash);
 213         OBD_FREE_PTR(e);
 214 }
 215
 216 /*
 217  * return value
 218  * NULL: not found entry
 219  * ERR_PTR(-EACCES): found 1(remote):N(local) mapped entry
 220  * others: found normal entry
 221  */
 222 static
 223 struct lustre_idmap_entry *idmap_search_entry(struct lustre_idmap_table *t,
 224                                               uid_t rmt_uid, uid_t lcl_uid,
 225                                               gid_t rmt_gid, gid_t lcl_gid)
 226 {
 227         cfs_list_t *head;
 228         struct lustre_idmap_entry *e;
 229
 230         head = &t->lit_idmaps[RMT_UIDMAP_IDX][lustre_idmap_hashfunc(rmt_uid)];
 231         cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 232                 if (e->lie_rmt_uid == rmt_uid) {
 233                         if (e->lie_lcl_uid == lcl_uid) {
 234                                 if (e->lie_rmt_gid == rmt_gid &&
 235                                     e->lie_lcl_gid == lcl_gid)
 236                                         /* must be quaternion match */
 237                                         return e;
 238                         } else {
 239                                 /* 1:N uid mapping */
 240                                 CERROR("rmt uid %u already be mapped to %u"
 241                                        " (new %u)\n", e->lie_rmt_uid,
 242                                        e->lie_lcl_uid, lcl_uid);
 243                                 return ERR_PTR(-EACCES);
 244                         }
 245                 }
 246
 247         head = &t->lit_idmaps[RMT_GIDMAP_IDX][lustre_idmap_hashfunc(rmt_gid)];
 248         cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 249                 if (e->lie_rmt_gid == rmt_gid) {
 250                         if (e->lie_lcl_gid == lcl_gid) {
 251                                 if (unlikely(e->lie_rmt_uid == rmt_uid &&
 252                                     e->lie_lcl_uid == lcl_uid))
 253                                         /* after uid mapping search above,
 254                                          * we should never come here */
 255                                         LBUG();
 256                         } else {
 257                                 /* 1:N gid mapping */
 258                                 CERROR("rmt gid %u already be mapped to %u"
 259                                        " (new %u)\n", e->lie_rmt_gid,
 260                                        e->lie_lcl_gid, lcl_gid);
 261                                 return ERR_PTR(-EACCES);
 262                         }
 263                 }
 264
 265         return NULL;
 266 }
 267
 268 static __u32 idmap_lookup_uid(cfs_list_t *hash, int reverse,
 269                               __u32 uid)
 270 {
 271         cfs_list_t *head = &hash[lustre_idmap_hashfunc(uid)];
 272         struct lustre_idmap_entry *e;
 273
 274         if (!reverse) {
 275                 cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 276                         if (e->lie_rmt_uid == uid)
 277                                 return e->lie_lcl_uid;
 278         } else {
 279                 cfs_list_for_each_entry(e, head, lie_lcl_uid_hash)
 280                         if (e->lie_lcl_uid == uid)
 281                                 return e->lie_rmt_uid;
 282         }
 283
 284         return CFS_IDMAP_NOTFOUND;
 285 }
 286
 287 static __u32 idmap_lookup_gid(cfs_list_t *hash, int reverse, __u32 gid)
 288 {
 289         cfs_list_t *head = &hash[lustre_idmap_hashfunc(gid)];
 290         struct lustre_idmap_entry *e;
 291
 292         if (!reverse) {
 293                 cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 294                         if (e->lie_rmt_gid == gid)
 295                                 return e->lie_lcl_gid;
 296         } else {
 297                 cfs_list_for_each_entry(e, head, lie_lcl_gid_hash)
 298                         if (e->lie_lcl_gid == gid)
 299                                 return e->lie_rmt_gid;
 300         }
 301
 302         return CFS_IDMAP_NOTFOUND;
 303 }
 304
 305 int lustre_idmap_add(struct lustre_idmap_table *t,
 306                      uid_t ruid, uid_t luid,
 307                      gid_t rgid, gid_t lgid)
 308 {
 309         struct lustre_idmap_entry *e0, *e1;
 310
 311         LASSERT(t);
 312
 313         cfs_spin_lock(&t->lit_lock);
 314         e0 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 315         cfs_spin_unlock(&t->lit_lock);
 316         if (!e0) {
 317                 e0 = idmap_entry_alloc(ruid, luid, rgid, lgid);
 318                 if (!e0)
 319                         return -ENOMEM;
 320
 321                 cfs_spin_lock(&t->lit_lock);
 322                 e1 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 323                 if (e1 == NULL) {
 324                         cfs_list_add_tail(&e0->lie_rmt_uid_hash,
 325                                           &t->lit_idmaps[RMT_UIDMAP_IDX]
 326                                           [lustre_idmap_hashfunc(ruid)]);
 327                         cfs_list_add_tail(&e0->lie_lcl_uid_hash,
 328                                           &t->lit_idmaps[LCL_UIDMAP_IDX]
 329                                           [lustre_idmap_hashfunc(luid)]);
 330                         cfs_list_add_tail(&e0->lie_rmt_gid_hash,
 331                                           &t->lit_idmaps[RMT_GIDMAP_IDX]
 332                                           [lustre_idmap_hashfunc(rgid)]);
 333                         cfs_list_add_tail(&e0->lie_lcl_gid_hash,
 334                                           &t->lit_idmaps[LCL_GIDMAP_IDX]
 335                                           [lustre_idmap_hashfunc(lgid)]);
 336                 }
 337                 cfs_spin_unlock(&t->lit_lock);
 338                 if (e1 != NULL) {
 339                         idmap_entry_free(e0);
 340                         if (IS_ERR(e1))
 341                                 return PTR_ERR(e1);
 342                 }
 343         } else if (IS_ERR(e0)) {
 344                 return PTR_ERR(e0);
 345         }
 346
 347         return 0;
 348 }
 349 EXPORT_SYMBOL(lustre_idmap_add);
 350
 351 int lustre_idmap_del(struct lustre_idmap_table *t,
 352                     uid_t ruid, uid_t luid,
 353                     gid_t rgid, gid_t lgid)
 354 {
 355         struct lustre_idmap_entry *e;
 356         int rc = 0;
 357
 358         LASSERT(t);
 359
 360         cfs_spin_lock(&t->lit_lock);
 361         e = idmap_search_entry(t, ruid, luid, rgid, lgid);
 362         if (IS_ERR(e))
 363                 rc = PTR_ERR(e);
 364         else if (e)
 365                 idmap_entry_free(e);
 366         cfs_spin_unlock(&t->lit_lock);
 367
 368         return rc;
 369 }
 370 EXPORT_SYMBOL(lustre_idmap_del);
 371
 372 int lustre_idmap_lookup_uid(struct md_ucred *mu,
 373                             struct lustre_idmap_table *t,
 374                             int reverse, uid_t uid)
 375 {
 376         cfs_list_t *hash;
 377
 378         if (mu && (mu->mu_valid == UCRED_OLD || mu->mu_valid == UCRED_NEW)) {
 379                 if (!reverse) {
 380                         if (uid == mu->mu_o_uid)
 381                                 return mu->mu_uid;
 382                         else if (uid == mu->mu_o_fsuid)
 383                                 return mu->mu_fsuid;
 384                 } else {
 385                         if (uid == mu->mu_uid)
 386                                 return mu->mu_o_uid;
 387                         else if (uid == mu->mu_fsuid)
 388                                 return mu->mu_o_fsuid;
 389                 }
 390         }
 391
 392         if (t == NULL)
 393                 return CFS_IDMAP_NOTFOUND;
 394
 395         hash = t->lit_idmaps[reverse ? LCL_UIDMAP_IDX : RMT_UIDMAP_IDX];
 396
 397         cfs_spin_lock(&t->lit_lock);
 398         uid = idmap_lookup_uid(hash, reverse, uid);
 399         cfs_spin_unlock(&t->lit_lock);
 400
 401         return uid;
 402 }
 403 EXPORT_SYMBOL(lustre_idmap_lookup_uid);
 404
 405 int lustre_idmap_lookup_gid(struct md_ucred *mu, struct lustre_idmap_table *t,
 406                             int reverse, gid_t gid)
 407 {
 408         cfs_list_t *hash;
 409
 410         if (mu && (mu->mu_valid == UCRED_OLD || mu->mu_valid == UCRED_NEW)) {
 411                 if (!reverse) {
 412                         if (gid == mu->mu_o_gid)
 413                                 return mu->mu_gid;
 414                         else if (gid == mu->mu_o_fsgid)
 415                                 return mu->mu_fsgid;
 416                 } else {
 417                         if (gid == mu->mu_gid)
 418                                 return mu->mu_o_gid;
 419                         else if (gid == mu->mu_fsgid)
 420                                 return mu->mu_o_fsgid;
 421                 }
 422         }
 423
 424         if (t == NULL)
 425                 return CFS_IDMAP_NOTFOUND;
 426
 427         hash = t->lit_idmaps[reverse ? LCL_GIDMAP_IDX : RMT_GIDMAP_IDX];
 428
 429         cfs_spin_lock(&t->lit_lock);
 430         gid = idmap_lookup_gid(hash, reverse, gid);
 431         cfs_spin_unlock(&t->lit_lock);
 432
 433         return gid;
 434 }
 435 EXPORT_SYMBOL(lustre_idmap_lookup_gid);
 436
 437 struct lustre_idmap_table *lustre_idmap_init(void)
 438 {
 439         struct lustre_idmap_table *t;
 440         int i, j;
 441
 442         OBD_ALLOC_PTR(t);
 443         if(unlikely(t == NULL))
 444                 return (ERR_PTR(-ENOMEM));
 445
 446         cfs_spin_lock_init(&t->lit_lock);
 447         for (i = 0; i < ARRAY_SIZE(t->lit_idmaps); i++)
 448                 for (j = 0; j < ARRAY_SIZE(t->lit_idmaps[i]); j++)
 449                         CFS_INIT_LIST_HEAD(&t->lit_idmaps[i][j]);
 450
 451         return t;
 452 }
 453 EXPORT_SYMBOL(lustre_idmap_init);
 454
 455 void lustre_idmap_fini(struct lustre_idmap_table *t)
 456 {
 457         cfs_list_t *list;
 458         struct lustre_idmap_entry *e;
 459         int i;
 460         LASSERT(t);
 461
 462         list = t->lit_idmaps[RMT_UIDMAP_IDX];
 463         cfs_spin_lock(&t->lit_lock);
 464         for (i = 0; i < CFS_IDMAP_HASHSIZE; i++)
 465                 while (!cfs_list_empty(&list[i])) {
 466                         e = cfs_list_entry(list[i].next,
 467                                            struct lustre_idmap_entry,
 468                                            lie_rmt_uid_hash);
 469                         idmap_entry_free(e);
 470                 }
 471         cfs_spin_unlock(&t->lit_lock);
 472
 473         OBD_FREE_PTR(t);
 474 }
 475 EXPORT_SYMBOL(lustre_idmap_fini);