lustre/obdclass/idmap.c

   1 /*
   2  * GPL HEADER START
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 only,
   8  * as published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License version 2 for more details (a copy is included
  14  * in the LICENSE file that accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * version 2 along with this program; If not, see
  18  * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf
  19  *
  20  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  21  * CA 95054 USA or visit www.sun.com if you need additional information or
  22  * have any questions.
  23  *
  24  * GPL HEADER END
  25  */
  26 /*
  27  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  28  * Use is subject to license terms.
  29  *
  30  * Copyright (c) 2012, Intel Corporation.
  31  */
  32 /*
  33  * This file is part of Lustre, http://www.lustre.org/
  34  * Lustre is a trademark of Sun Microsystems, Inc.
  35  *
  36  * lustre/obdclass/idmap.c
  37  *
  38  * Lustre user identity mapping.
  39  *
  40  * Author: Fan Yong <fanyong@clusterfs.com>
  41  */
  42
  43 #define DEBUG_SUBSYSTEM S_SEC
  44
  45 #include <lustre_idmap.h>
  46 #include <md_object.h>
  47 #include <obd_support.h>
  48
  49 #define lustre_get_group_info(group_info) do {             \
  50         cfs_atomic_inc(&(group_info)->usage);              \
  51 } while (0)
  52
  53 #define lustre_put_group_info(group_info) do {             \
  54         if (cfs_atomic_dec_and_test(&(group_info)->usage)) \
  55                 cfs_groups_free(group_info);               \
  56 } while (0)
  57
  58 /*
  59  * groups_search() is copied from linux kernel!
  60  * A simple bsearch.
  61  */
  62 static int lustre_groups_search(cfs_group_info_t *group_info,
  63                                 gid_t grp)
  64 {
  65         int left, right;
  66
  67         if (!group_info)
  68                 return 0;
  69
  70         left = 0;
  71         right = group_info->ngroups;
  72         while (left < right) {
  73                 int mid = (left + right) / 2;
  74                 int cmp = grp - CFS_GROUP_AT(group_info, mid);
  75
  76                 if (cmp > 0)
  77                         left = mid + 1;
  78                 else if (cmp < 0)
  79                         right = mid;
  80                 else
  81                         return 1;
  82         }
  83         return 0;
  84 }
  85
  86 void lustre_groups_from_list(cfs_group_info_t *ginfo, gid_t *glist)
  87 {
  88         int i;
  89         int count = ginfo->ngroups;
  90
  91         /* fill group_info from gid array */
  92         for (i = 0; i < ginfo->nblocks && count > 0; i++) {
  93                 int cp_count = min(CFS_NGROUPS_PER_BLOCK, count);
  94                 int off = i * CFS_NGROUPS_PER_BLOCK;
  95                 int len = cp_count * sizeof(*glist);
  96
  97                 memcpy(ginfo->blocks[i], glist + off, len);
  98                 count -= cp_count;
  99         }
 100 }
 101 EXPORT_SYMBOL(lustre_groups_from_list);
 102
 103 /* groups_sort() is copied from linux kernel! */
 104 /* a simple shell-metzner sort */
 105 void lustre_groups_sort(cfs_group_info_t *group_info)
 106 {
 107         int base, max, stride;
 108         int gidsetsize = group_info->ngroups;
 109
 110         for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
 111                 ; /* nothing */
 112         stride /= 3;
 113
 114         while (stride) {
 115                 max = gidsetsize - stride;
 116                 for (base = 0; base < max; base++) {
 117                         int left = base;
 118                         int right = left + stride;
 119                         gid_t tmp = CFS_GROUP_AT(group_info, right);
 120
 121                         while (left >= 0 &&
 122                                CFS_GROUP_AT(group_info, left) > tmp) {
 123                                 CFS_GROUP_AT(group_info, right) =
 124                                     CFS_GROUP_AT(group_info, left);
 125                                 right = left;
 126                                 left -= stride;
 127                         }
 128                         CFS_GROUP_AT(group_info, right) = tmp;
 129                 }
 130                 stride /= 3;
 131         }
 132 }
 133 EXPORT_SYMBOL(lustre_groups_sort);
 134
 135 int lustre_in_group_p(struct lu_ucred *mu, gid_t grp)
 136 {
 137         int rc = 1;
 138
 139         if (grp != mu->uc_fsgid) {
 140                 cfs_group_info_t *group_info = NULL;
 141
 142                 if (mu->uc_ginfo || !mu->uc_identity ||
 143                     mu->uc_valid == UCRED_OLD)
 144                         if (grp == mu->uc_suppgids[0] ||
 145                             grp == mu->uc_suppgids[1])
 146                                 return 1;
 147
 148                 if (mu->uc_ginfo)
 149                         group_info = mu->uc_ginfo;
 150                 else if (mu->uc_identity)
 151                         group_info = mu->uc_identity->mi_ginfo;
 152
 153                 if (!group_info)
 154                         return 0;
 155
 156                 lustre_get_group_info(group_info);
 157                 rc = lustre_groups_search(group_info, grp);
 158                 lustre_put_group_info(group_info);
 159         }
 160         return rc;
 161 }
 162 EXPORT_SYMBOL(lustre_in_group_p);
 163
 164 struct lustre_idmap_entry {
 165         cfs_list_t       lie_rmt_uid_hash; /* hashed as lie_rmt_uid; */
 166         cfs_list_t       lie_lcl_uid_hash; /* hashed as lie_lcl_uid; */
 167         cfs_list_t       lie_rmt_gid_hash; /* hashed as lie_rmt_gid; */
 168         cfs_list_t       lie_lcl_gid_hash; /* hashed as lie_lcl_gid; */
 169         uid_t            lie_rmt_uid;      /* remote uid */
 170         uid_t            lie_lcl_uid;      /* local uid */
 171         gid_t            lie_rmt_gid;      /* remote gid */
 172         gid_t            lie_lcl_gid;      /* local gid */
 173 };
 174
 175 static inline __u32 lustre_idmap_hashfunc(__u32 id)
 176 {
 177         return id & (CFS_IDMAP_HASHSIZE - 1);
 178 }
 179
 180 static
 181 struct lustre_idmap_entry *idmap_entry_alloc(uid_t rmt_uid, uid_t lcl_uid,
 182                                              gid_t rmt_gid, gid_t lcl_gid)
 183 {
 184         struct lustre_idmap_entry *e;
 185
 186         OBD_ALLOC_PTR(e);
 187         if (e == NULL)
 188                 return NULL;
 189
 190         CFS_INIT_LIST_HEAD(&e->lie_rmt_uid_hash);
 191         CFS_INIT_LIST_HEAD(&e->lie_lcl_uid_hash);
 192         CFS_INIT_LIST_HEAD(&e->lie_rmt_gid_hash);
 193         CFS_INIT_LIST_HEAD(&e->lie_lcl_gid_hash);
 194         e->lie_rmt_uid = rmt_uid;
 195         e->lie_lcl_uid = lcl_uid;
 196         e->lie_rmt_gid = rmt_gid;
 197         e->lie_lcl_gid = lcl_gid;
 198
 199         return e;
 200 }
 201
 202 static void idmap_entry_free(struct lustre_idmap_entry *e)
 203 {
 204         if (!cfs_list_empty(&e->lie_rmt_uid_hash))
 205                 cfs_list_del(&e->lie_rmt_uid_hash);
 206         if (!cfs_list_empty(&e->lie_lcl_uid_hash))
 207                 cfs_list_del(&e->lie_lcl_uid_hash);
 208         if (!cfs_list_empty(&e->lie_rmt_gid_hash))
 209                 cfs_list_del(&e->lie_rmt_gid_hash);
 210         if (!cfs_list_empty(&e->lie_lcl_gid_hash))
 211                 cfs_list_del(&e->lie_lcl_gid_hash);
 212         OBD_FREE_PTR(e);
 213 }
 214
 215 /*
 216  * return value
 217  * NULL: not found entry
 218  * ERR_PTR(-EACCES): found 1(remote):N(local) mapped entry
 219  * others: found normal entry
 220  */
 221 static
 222 struct lustre_idmap_entry *idmap_search_entry(struct lustre_idmap_table *t,
 223                                               uid_t rmt_uid, uid_t lcl_uid,
 224                                               gid_t rmt_gid, gid_t lcl_gid)
 225 {
 226         cfs_list_t *head;
 227         struct lustre_idmap_entry *e;
 228
 229         head = &t->lit_idmaps[RMT_UIDMAP_IDX][lustre_idmap_hashfunc(rmt_uid)];
 230         cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 231                 if (e->lie_rmt_uid == rmt_uid) {
 232                         if (e->lie_lcl_uid == lcl_uid) {
 233                                 if (e->lie_rmt_gid == rmt_gid &&
 234                                     e->lie_lcl_gid == lcl_gid)
 235                                         /* must be quaternion match */
 236                                         return e;
 237                         } else {
 238                                 /* 1:N uid mapping */
 239                                 CERROR("rmt uid %u already be mapped to %u"
 240                                        " (new %u)\n", e->lie_rmt_uid,
 241                                        e->lie_lcl_uid, lcl_uid);
 242                                 return ERR_PTR(-EACCES);
 243                         }
 244                 }
 245
 246         head = &t->lit_idmaps[RMT_GIDMAP_IDX][lustre_idmap_hashfunc(rmt_gid)];
 247         cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 248                 if (e->lie_rmt_gid == rmt_gid) {
 249                         if (e->lie_lcl_gid == lcl_gid) {
 250                                 if (unlikely(e->lie_rmt_uid == rmt_uid &&
 251                                     e->lie_lcl_uid == lcl_uid))
 252                                         /* after uid mapping search above,
 253                                          * we should never come here */
 254                                         LBUG();
 255                         } else {
 256                                 /* 1:N gid mapping */
 257                                 CERROR("rmt gid %u already be mapped to %u"
 258                                        " (new %u)\n", e->lie_rmt_gid,
 259                                        e->lie_lcl_gid, lcl_gid);
 260                                 return ERR_PTR(-EACCES);
 261                         }
 262                 }
 263
 264         return NULL;
 265 }
 266
 267 static __u32 idmap_lookup_uid(cfs_list_t *hash, int reverse,
 268                               __u32 uid)
 269 {
 270         cfs_list_t *head = &hash[lustre_idmap_hashfunc(uid)];
 271         struct lustre_idmap_entry *e;
 272
 273         if (!reverse) {
 274                 cfs_list_for_each_entry(e, head, lie_rmt_uid_hash)
 275                         if (e->lie_rmt_uid == uid)
 276                                 return e->lie_lcl_uid;
 277         } else {
 278                 cfs_list_for_each_entry(e, head, lie_lcl_uid_hash)
 279                         if (e->lie_lcl_uid == uid)
 280                                 return e->lie_rmt_uid;
 281         }
 282
 283         return CFS_IDMAP_NOTFOUND;
 284 }
 285
 286 static __u32 idmap_lookup_gid(cfs_list_t *hash, int reverse, __u32 gid)
 287 {
 288         cfs_list_t *head = &hash[lustre_idmap_hashfunc(gid)];
 289         struct lustre_idmap_entry *e;
 290
 291         if (!reverse) {
 292                 cfs_list_for_each_entry(e, head, lie_rmt_gid_hash)
 293                         if (e->lie_rmt_gid == gid)
 294                                 return e->lie_lcl_gid;
 295         } else {
 296                 cfs_list_for_each_entry(e, head, lie_lcl_gid_hash)
 297                         if (e->lie_lcl_gid == gid)
 298                                 return e->lie_rmt_gid;
 299         }
 300
 301         return CFS_IDMAP_NOTFOUND;
 302 }
 303
 304 int lustre_idmap_add(struct lustre_idmap_table *t,
 305                      uid_t ruid, uid_t luid,
 306                      gid_t rgid, gid_t lgid)
 307 {
 308         struct lustre_idmap_entry *e0, *e1;
 309
 310         LASSERT(t);
 311
 312         spin_lock(&t->lit_lock);
 313         e0 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 314         spin_unlock(&t->lit_lock);
 315         if (!e0) {
 316                 e0 = idmap_entry_alloc(ruid, luid, rgid, lgid);
 317                 if (!e0)
 318                         return -ENOMEM;
 319
 320                 spin_lock(&t->lit_lock);
 321                 e1 = idmap_search_entry(t, ruid, luid, rgid, lgid);
 322                 if (e1 == NULL) {
 323                         cfs_list_add_tail(&e0->lie_rmt_uid_hash,
 324                                           &t->lit_idmaps[RMT_UIDMAP_IDX]
 325                                           [lustre_idmap_hashfunc(ruid)]);
 326                         cfs_list_add_tail(&e0->lie_lcl_uid_hash,
 327                                           &t->lit_idmaps[LCL_UIDMAP_IDX]
 328                                           [lustre_idmap_hashfunc(luid)]);
 329                         cfs_list_add_tail(&e0->lie_rmt_gid_hash,
 330                                           &t->lit_idmaps[RMT_GIDMAP_IDX]
 331                                           [lustre_idmap_hashfunc(rgid)]);
 332                         cfs_list_add_tail(&e0->lie_lcl_gid_hash,
 333                                           &t->lit_idmaps[LCL_GIDMAP_IDX]
 334                                           [lustre_idmap_hashfunc(lgid)]);
 335                 }
 336                 spin_unlock(&t->lit_lock);
 337                 if (e1 != NULL) {
 338                         idmap_entry_free(e0);
 339                         if (IS_ERR(e1))
 340                                 return PTR_ERR(e1);
 341                 }
 342         } else if (IS_ERR(e0)) {
 343                 return PTR_ERR(e0);
 344         }
 345
 346         return 0;
 347 }
 348 EXPORT_SYMBOL(lustre_idmap_add);
 349
 350 int lustre_idmap_del(struct lustre_idmap_table *t,
 351                     uid_t ruid, uid_t luid,
 352                     gid_t rgid, gid_t lgid)
 353 {
 354         struct lustre_idmap_entry *e;
 355         int rc = 0;
 356
 357         LASSERT(t);
 358
 359         spin_lock(&t->lit_lock);
 360         e = idmap_search_entry(t, ruid, luid, rgid, lgid);
 361         if (IS_ERR(e))
 362                 rc = PTR_ERR(e);
 363         else if (e)
 364                 idmap_entry_free(e);
 365         spin_unlock(&t->lit_lock);
 366
 367         return rc;
 368 }
 369 EXPORT_SYMBOL(lustre_idmap_del);
 370
 371 int lustre_idmap_lookup_uid(struct lu_ucred *mu,
 372                             struct lustre_idmap_table *t,
 373                             int reverse, uid_t uid)
 374 {
 375         cfs_list_t *hash;
 376
 377         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 378                 if (!reverse) {
 379                         if (uid == mu->uc_o_uid)
 380                                 return mu->uc_uid;
 381                         else if (uid == mu->uc_o_fsuid)
 382                                 return mu->uc_fsuid;
 383                 } else {
 384                         if (uid == mu->uc_uid)
 385                                 return mu->uc_o_uid;
 386                         else if (uid == mu->uc_fsuid)
 387                                 return mu->uc_o_fsuid;
 388                 }
 389         }
 390
 391         if (t == NULL)
 392                 return CFS_IDMAP_NOTFOUND;
 393
 394         hash = t->lit_idmaps[reverse ? LCL_UIDMAP_IDX : RMT_UIDMAP_IDX];
 395
 396         spin_lock(&t->lit_lock);
 397         uid = idmap_lookup_uid(hash, reverse, uid);
 398         spin_unlock(&t->lit_lock);
 399
 400         return uid;
 401 }
 402 EXPORT_SYMBOL(lustre_idmap_lookup_uid);
 403
 404 int lustre_idmap_lookup_gid(struct lu_ucred *mu, struct lustre_idmap_table *t,
 405                             int reverse, gid_t gid)
 406 {
 407         cfs_list_t *hash;
 408
 409         if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) {
 410                 if (!reverse) {
 411                         if (gid == mu->uc_o_gid)
 412                                 return mu->uc_gid;
 413                         else if (gid == mu->uc_o_fsgid)
 414                                 return mu->uc_fsgid;
 415                 } else {
 416                         if (gid == mu->uc_gid)
 417                                 return mu->uc_o_gid;
 418                         else if (gid == mu->uc_fsgid)
 419                                 return mu->uc_o_fsgid;
 420                 }
 421         }
 422
 423         if (t == NULL)
 424                 return CFS_IDMAP_NOTFOUND;
 425
 426         hash = t->lit_idmaps[reverse ? LCL_GIDMAP_IDX : RMT_GIDMAP_IDX];
 427
 428         spin_lock(&t->lit_lock);
 429         gid = idmap_lookup_gid(hash, reverse, gid);
 430         spin_unlock(&t->lit_lock);
 431
 432         return gid;
 433 }
 434 EXPORT_SYMBOL(lustre_idmap_lookup_gid);
 435
 436 struct lustre_idmap_table *lustre_idmap_init(void)
 437 {
 438         struct lustre_idmap_table *t;
 439         int i, j;
 440
 441         OBD_ALLOC_PTR(t);
 442         if(unlikely(t == NULL))
 443                 return (ERR_PTR(-ENOMEM));
 444
 445         spin_lock_init(&t->lit_lock);
 446         for (i = 0; i < ARRAY_SIZE(t->lit_idmaps); i++)
 447                 for (j = 0; j < ARRAY_SIZE(t->lit_idmaps[i]); j++)
 448                         CFS_INIT_LIST_HEAD(&t->lit_idmaps[i][j]);
 449
 450         return t;
 451 }
 452 EXPORT_SYMBOL(lustre_idmap_init);
 453
 454 void lustre_idmap_fini(struct lustre_idmap_table *t)
 455 {
 456         cfs_list_t *list;
 457         struct lustre_idmap_entry *e;
 458         int i;
 459         LASSERT(t);
 460
 461         list = t->lit_idmaps[RMT_UIDMAP_IDX];
 462         spin_lock(&t->lit_lock);
 463         for (i = 0; i < CFS_IDMAP_HASHSIZE; i++)
 464                 while (!cfs_list_empty(&list[i])) {
 465                         e = cfs_list_entry(list[i].next,
 466                                            struct lustre_idmap_entry,
 467                                            lie_rmt_uid_hash);
 468                         idmap_entry_free(e);
 469                 }
 470         spin_unlock(&t->lit_lock);
 471
 472         OBD_FREE_PTR(t);
 473 }
 474 EXPORT_SYMBOL(lustre_idmap_fini);