lustre/obdclass/idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  *
  30  * Copyright (c) 2012, Intel Corporation.
  31  */
  32 /*
  33  * This file is part of Lustre, http://www.lustre.org/
  34  * Lustre is a trademark of Sun Microsystems, Inc.
  35  *
  36  * lustre/obdclass/idmap.c
  37  *
  38  * Lustre user identity mapping.
  39  *
  40  * Author: Fan Yong <fanyong@clusterfs.com>
  41  */
  42
  43 #define DEBUG_SUBSYSTEM S_SEC
  44
  45 #include <lustre_idmap.h>
  46 #include <obd_support.h>
  47
  48 #define lustre_get_group_info(group_info) do {             \
  49         cfs_atomic_inc(&(group_info)->usage);              \
  50 } while (0)
  51
  52 #define lustre_put_group_info(group_info) do {             \
  53         if (cfs_atomic_dec_and_test(&(group_info)->usage)) \
  54                 cfs_groups_free(group_info);               \
  55 } while (0)
  56
  57 /*
  58  * groups_search() is copied from linux kernel!
  59  * A simple bsearch.
  60  */
  61 static int lustre_groups_search(cfs_group_info_t *group_info,
  62                                 gid_t grp)
  63 {
  64         int left, right;
  65
  66         if (!group_info)
  67                 return 0;
  68
  69         left = 0;
  70         right = group_info->ngroups;
  71         while (left < right) {
  72                 int mid = (left + right) / 2;
  73                 int cmp = grp - CFS_GROUP_AT(group_info, mid);
  74
  75                 if (cmp > 0)
  76                         left = mid + 1;
  77                 else if (cmp < 0)
  78                         right = mid;
  79                 else
  80                         return 1;
  81         }
  82         return 0;
  83 }
  84
  85 void lustre_groups_from_list(cfs_group_info_t *ginfo, gid_t *glist)
  86 {
  87         int i;
  88         int count = ginfo->ngroups;
  89
  90         /* fill group_info from gid array */
  91         for (i = 0; i < ginfo->nblocks && count > 0; i++) {
  92                 int cp_count = min(CFS_NGROUPS_PER_BLOCK, count);
  93                 int off = i * CFS_NGROUPS_PER_BLOCK;
  94                 int len = cp_count * sizeof(*glist);
  95
  96                 memcpy(ginfo->blocks[i], glist + off, len);
  97                 count -= cp_count;
  98         }
  99 }
 100 EXPORT_SYMBOL(lustre_groups_from_list);
 101
 102 /* groups_sort() is copied from linux kernel! */
 103 /* a simple shell-metzner sort */
 104 void lustre_groups_sort(cfs_group_info_t *group_info)
 105 {
 106         int base, max, stride;
 107         int gidsetsize = group_info->ngroups;
 108
 109         for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
 110                 ; /* nothing */
 111         stride /= 3;
 112
 113         while (stride) {
 114                 max = gidsetsize - stride;
 115                 for (base = 0; base < max; base++) {
 116                         int left = base;
 117                         int right = left + stride;
 118                         gid_t tmp = CFS_GROUP_AT(group_info, right);
 119
 120                         while (left >= 0 &&
 121                                CFS_GROUP_AT(group_info, left) > tmp) {
 122                                 CFS_GROUP_AT(group_info, right) =
 123                                     CFS_GROUP_AT(group_info, left);
 124                                 right = left;
 125                                 left -= stride;
 126                         }
 127                         CFS_GROUP_AT(group_info, right) = tmp;
 128                 }
 129                 stride /= 3;
 130         }
 131 }
 132 EXPORT_SYMBOL(lustre_groups_sort);
 133
 134 int lustre_in_group_p(struct lu_ucred *mu, gid_t grp)
 135 {
 136         int rc = 1;
 137
 138         if (grp != mu->uc_fsgid) {
 139                 cfs_group_info_t *group_info = NULL;
 140
 141                 if (mu->uc_ginfo || !mu->uc_identity ||
 142                     mu->uc_valid == UCRED_OLD)
 143                         if (grp == mu->uc_suppgids[0] ||
 144                             grp == mu->uc_suppgids[1])
 145                                 return 1;
 146
 147                 if (mu->uc_ginfo)
 148                         group_info = mu->uc_ginfo;
 149                 else if (mu->uc_identity)
 150                         group_info = mu->uc_identity->mi_ginfo;
 151
 152                 if (!group_info)
 153                         return 0;
 154
 155                 lustre_get_group_info(group_info);
 156                 rc = lustre_groups_search(group_info, grp);
 157                 lustre_put_group_info(group_info);
 158         }
 159         return rc;
 160 }
 161 EXPORT_SYMBOL(lustre_in_group_p);
 162
 163 struct lustre_idmap_entry {
 164         cfs_list_t       lie_rmt_uid_hash; /* hashed as lie_rmt_uid; */
 165         cfs_list_t       lie_lcl_uid_hash; /* hashed as lie_lcl_uid; */
 166         cfs_list_t       lie_rmt_gid_hash; /* hashed as lie_rmt_gid; */
 167         cfs_list_t       lie_lcl_gid_hash; /* hashed as lie_lcl_gid; */
 168         uid_t            lie_rmt_uid;      /* remote uid */
 169         uid_t            lie_lcl_uid;      /* local uid */
 170         gid_t            lie_rmt_gid;      /* remote gid */
 171         gid_t            lie_lcl_gid;      /* local gid */
 172 };
 173
 174 static inline __u32 lustre_idmap_hashfunc(__u32 id)
 175 {
 176         return id & (CFS_IDMAP_HASHSIZE - 1);
 177 }
 178
 179 static
 180 struct lustre_idmap_entry *idmap_entry_alloc(uid_t rmt_uid, uid_t lcl_uid,
 181                                              gid_t rmt_gid, gid_t lcl_gid)
 182 {
 183         struct lustre_idmap_entry *e;
 184
 185         OBD_ALLOC_PTR(e);
 186         if (e == NULL)
 187                 return NULL;
 188
 189         CFS_INIT_LIST_HEAD(&e->lie_rmt_uid_hash);
 190         CFS_INIT_LIST_HEAD(&e->lie_lcl_uid_hash);
 191         CFS_INIT_LIST_HEAD(&e->lie_rmt_gid_hash);
 192         CFS_INIT_LIST_HEAD(&e->lie_lcl_gid_hash);
 193         e->lie_rmt_uid = rmt_uid;
 194         e->lie_lcl_uid = lcl_uid;
 195         e->lie_rmt_gid = rmt_gid;
 196         e->lie_lcl_gid = lcl_gid;
 197
 198         return e;
 199 }
 200
 201 static void idmap_entry_free(struct lustre_idmap_entry *e)
 202 {
 203         if (!cfs_list_empty(&e->lie_rmt_uid_hash))
 204                 cfs_list_del(&e->lie_rmt_uid_hash);
 205         if (!cfs_list_empty(&e->lie_lcl_uid_hash))
 206                 cfs_list_del(&e->lie_lcl_uid_hash);
 207         if (!cfs_list_empty(&e->lie_rmt_gid_hash))
 208                 cfs_list_del(&e->lie_rmt_gid_hash);
 209         if (!cfs_list_empty(&e->lie_lcl_gid_hash))
 210                 cfs_list_del(&e->lie_lcl_gid_hash);
 211         OBD_FREE_PTR(e);
 212 }
 213
 214 /*
 215  * return value
 216  * NULL: not found entry
 217  * ERR_PTR(-EACCES): found 1(remote):N(local) mapped entry
 218  * others: found normal entry
 219  */
 220 static
 221 struct lustre_idmap_entry *idmap_search_entry(struct lustre_idmap_table *t,
 222                                               uid_t rmt_uid, uid_t lcl_uid,
 223                                               gid_t rmt_gid, gid_t lcl_gid)
 224 {
 225         cfs_list_t *head;
 226         struct lustre_idmap_entry *e;
 227
 228         head = &t->lit_idmaps[RMT_UIDMAP_IDX][lustre_idmap_hashfunc(rmt_uid)];
 229         cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 230                 if (e->lie_rmt_uid == rmt_uid) {
 231                         if (e->lie_lcl_uid == lcl_uid) {
 232                                 if (e->lie_rmt_gid == rmt_gid &&
 233                                     e->lie_lcl_gid == lcl_gid)
 234                                         /* must be quaternion match */
 235                                         return e;
 236                         } else {
 237                                 /* 1:N uid mapping */
 238                                 CERROR("rmt uid %u already be mapped to %u"
 239                                        " (new %u)\n", e->lie_rmt_uid,
 240                                        e->lie_lcl_uid, lcl_uid);
 241                                 return ERR_PTR(-EACCES);
 242                         }
 243                 }
 244
 245         head = &t->lit_idmaps[RMT_GIDMAP_IDX][lustre_idmap_hashfunc(rmt_gid)];
 246         cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 247                 if (e->lie_rmt_gid == rmt_gid) {
 248                         if (e->lie_lcl_gid == lcl_gid) {
 249                                 if (unlikely(e->lie_rmt_uid == rmt_uid &&
 250                                     e->lie_lcl_uid == lcl_uid))
 251                                         /* after uid mapping search above,
 252                                          * we should never come here */
 253                                         LBUG();
 254                         } else {
 255                                 /* 1:N gid mapping */
 256                                 CERROR("rmt gid %u already be mapped to %u"
 257                                        " (new %u)\n", e->lie_rmt_gid,
 258                                        e->lie_lcl_gid, lcl_gid);
 259                                 return ERR_PTR(-EACCES);
 260                         }
 261                 }
 262
 263         return NULL;
 264 }
 265
 266 static __u32 idmap_lookup_uid(cfs_list_t *hash, int reverse,
 267                               __u32 uid)
 268 {
 269         cfs_list_t *head = &hash[lustre_idmap_hashfunc(uid)];
 270         struct lustre_idmap_entry *e;
 271
 272         if (!reverse) {
 273                 cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 274                         if (e->lie_rmt_uid == uid)
 275                                 return e->lie_lcl_uid;
 276         } else {
 277                 cfs_list_for_each_entry(e, head, lie_lcl_uid_hash)
 278                         if (e->lie_lcl_uid == uid)
 279                                 return e->lie_rmt_uid;
 280         }
 281
 282         return CFS_IDMAP_NOTFOUND;
 283 }
 284
 285 static __u32 idmap_lookup_gid(cfs_list_t *hash, int reverse, __u32 gid)
 286 {
 287         cfs_list_t *head = &hash[lustre_idmap_hashfunc(gid)];
 288         struct lustre_idmap_entry *e;
 289
 290         if (!reverse) {
 291                 cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 292                         if (e->lie_rmt_gid == gid)
 293                                 return e->lie_lcl_gid;
 294         } else {
 295                 cfs_list_for_each_entry(e, head, lie_lcl_gid_hash)
 296                         if (e->lie_lcl_gid == gid)
 297                                 return e->lie_rmt_gid;
 298         }
 299
 300         return CFS_IDMAP_NOTFOUND;
 301 }
 302
 303 int lustre_idmap_add(struct lustre_idmap_table *t,
 304                      uid_t ruid, uid_t luid,
 305                      gid_t rgid, gid_t lgid)
 306 {
 307         struct lustre_idmap_entry *e0, *e1;
 308
 309         LASSERT(t);
 310
 311         spin_lock(&t->lit_lock);
 312         e0 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 313         spin_unlock(&t->lit_lock);
 314         if (!e0) {
 315                 e0 = idmap_entry_alloc(ruid, luid, rgid, lgid);
 316                 if (!e0)
 317                         return -ENOMEM;
 318
 319                 spin_lock(&t->lit_lock);
 320                 e1 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 321                 if (e1 == NULL) {
 322                         cfs_list_add_tail(&e0->lie_rmt_uid_hash,
 323                                           &t->lit_idmaps[RMT_UIDMAP_IDX]
 324                                           [lustre_idmap_hashfunc(ruid)]);
 325                         cfs_list_add_tail(&e0->lie_lcl_uid_hash,
 326                                           &t->lit_idmaps[LCL_UIDMAP_IDX]
 327                                           [lustre_idmap_hashfunc(luid)]);
 328                         cfs_list_add_tail(&e0->lie_rmt_gid_hash,
 329                                           &t->lit_idmaps[RMT_GIDMAP_IDX]
 330                                           [lustre_idmap_hashfunc(rgid)]);
 331                         cfs_list_add_tail(&e0->lie_lcl_gid_hash,
 332                                           &t->lit_idmaps[LCL_GIDMAP_IDX]
 333                                           [lustre_idmap_hashfunc(lgid)]);
 334                 }
 335                 spin_unlock(&t->lit_lock);
 336                 if (e1 != NULL) {
 337                         idmap_entry_free(e0);
 338                         if (IS_ERR(e1))
 339                                 return PTR_ERR(e1);
 340                 }
 341         } else if (IS_ERR(e0)) {
 342                 return PTR_ERR(e0);
 343         }
 344
 345         return 0;
 346 }
 347 EXPORT_SYMBOL(lustre_idmap_add);
 348
 349 int lustre_idmap_del(struct lustre_idmap_table *t,
 350                     uid_t ruid, uid_t luid,
 351                     gid_t rgid, gid_t lgid)
 352 {
 353         struct lustre_idmap_entry *e;
 354         int rc = 0;
 355
 356         LASSERT(t);
 357
 358         spin_lock(&t->lit_lock);
 359         e = idmap_search_entry(t, ruid, luid, rgid, lgid);
 360         if (IS_ERR(e))
 361                 rc = PTR_ERR(e);
 362         else if (e)
 363                 idmap_entry_free(e);
 364         spin_unlock(&t->lit_lock);
 365
 366         return rc;
 367 }
 368 EXPORT_SYMBOL(lustre_idmap_del);
 369
 370 int lustre_idmap_lookup_uid(struct lu_ucred *mu,
 371                             struct lustre_idmap_table *t,
 372                             int reverse, uid_t uid)
 373 {
 374         cfs_list_t *hash;
 375
 376         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 377                 if (!reverse) {
 378                         if (uid == mu->uc_o_uid)
 379                                 return mu->uc_uid;
 380                         else if (uid == mu->uc_o_fsuid)
 381                                 return mu->uc_fsuid;
 382                 } else {
 383                         if (uid == mu->uc_uid)
 384                                 return mu->uc_o_uid;
 385                         else if (uid == mu->uc_fsuid)
 386                                 return mu->uc_o_fsuid;
 387                 }
 388         }
 389
 390         if (t == NULL)
 391                 return CFS_IDMAP_NOTFOUND;
 392
 393         hash = t->lit_idmaps[reverse ? LCL_UIDMAP_IDX : RMT_UIDMAP_IDX];
 394
 395         spin_lock(&t->lit_lock);
 396         uid = idmap_lookup_uid(hash, reverse, uid);
 397         spin_unlock(&t->lit_lock);
 398
 399         return uid;
 400 }
 401 EXPORT_SYMBOL(lustre_idmap_lookup_uid);
 402
 403 int lustre_idmap_lookup_gid(struct lu_ucred *mu, struct lustre_idmap_table *t,
 404                             int reverse, gid_t gid)
 405 {
 406         cfs_list_t *hash;
 407
 408         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 409                 if (!reverse) {
 410                         if (gid == mu->uc_o_gid)
 411                                 return mu->uc_gid;
 412                         else if (gid == mu->uc_o_fsgid)
 413                                 return mu->uc_fsgid;
 414                 } else {
 415                         if (gid == mu->uc_gid)
 416                                 return mu->uc_o_gid;
 417                         else if (gid == mu->uc_fsgid)
 418                                 return mu->uc_o_fsgid;
 419                 }
 420         }
 421
 422         if (t == NULL)
 423                 return CFS_IDMAP_NOTFOUND;
 424
 425         hash = t->lit_idmaps[reverse ? LCL_GIDMAP_IDX : RMT_GIDMAP_IDX];
 426
 427         spin_lock(&t->lit_lock);
 428         gid = idmap_lookup_gid(hash, reverse, gid);
 429         spin_unlock(&t->lit_lock);
 430
 431         return gid;
 432 }
 433 EXPORT_SYMBOL(lustre_idmap_lookup_gid);
 434
 435 struct lustre_idmap_table *lustre_idmap_init(void)
 436 {
 437         struct lustre_idmap_table *t;
 438         int i, j;
 439
 440         OBD_ALLOC_PTR(t);
 441         if(unlikely(t == NULL))
 442                 return (ERR_PTR(-ENOMEM));
 443
 444         spin_lock_init(&t->lit_lock);
 445         for (i = 0; i < ARRAY_SIZE(t->lit_idmaps); i++)
 446                 for (j = 0; j < ARRAY_SIZE(t->lit_idmaps[i]); j++)
 447                         CFS_INIT_LIST_HEAD(&t->lit_idmaps[i][j]);
 448
 449         return t;
 450 }
 451 EXPORT_SYMBOL(lustre_idmap_init);
 452
 453 void lustre_idmap_fini(struct lustre_idmap_table *t)
 454 {
 455         cfs_list_t *list;
 456         struct lustre_idmap_entry *e;
 457         int i;
 458         LASSERT(t);
 459
 460         list = t->lit_idmaps[RMT_UIDMAP_IDX];
 461         spin_lock(&t->lit_lock);
 462         for (i = 0; i < CFS_IDMAP_HASHSIZE; i++)
 463                 while (!cfs_list_empty(&list[i])) {
 464                         e = cfs_list_entry(list[i].next,
 465                                            struct lustre_idmap_entry,
 466                                            lie_rmt_uid_hash);
 467                         idmap_entry_free(e);
 468                 }
 469         spin_unlock(&t->lit_lock);
 470
 471         OBD_FREE_PTR(t);
 472 }
 473 EXPORT_SYMBOL(lustre_idmap_fini);