-/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
- * vim:expandtab:shiftwidth=8:tabstop=8:
- *
+/*
* GPL HEADER START
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
+ *
+ * Copyright (c) 2012, Intel Corporation.
*/
/*
* This file is part of Lustre, http://www.lustre.org/
* Author: Fan Yong <fanyong@clusterfs.com>
*/
-#ifndef EXPORT_SYMTAB
-#define EXPORT_SYMTAB
-#endif
#define DEBUG_SUBSYSTEM S_MDS
-#ifndef AUTOCONF_INCLUDED
-#include <linux/config.h>
-#endif
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/errno.h>
#include <linux/version.h>
#include <linux/unistd.h>
-#include <asm/system.h>
#include <asm/uaccess.h>
#include <linux/fs.h>
#include <linux/stat.h>
#include <linux/slab.h>
#include <libcfs/libcfs.h>
+#include <libcfs/lucache.h>
#include <obd.h>
#include <obd_class.h>
#include <obd_support.h>
#include <lustre_dlm.h>
#include <lustre_sec.h>
#include <lustre_lib.h>
-#include <lustre_ucache.h>
#include "mdt_internal.h"
-#define mdt_init_sec_none(reply, exp) \
-do { \
- reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT | \
- OBD_CONNECT_RMT_CLIENT_FORCE | \
- OBD_CONNECT_MDS_CAPA | \
- OBD_CONNECT_OSS_CAPA); \
- cfs_spin_lock(&exp->exp_lock); \
- exp->exp_connect_flags = reply->ocd_connect_flags; \
- cfs_spin_unlock(&exp->exp_lock); \
-} while (0)
-
-int mdt_init_sec_level(struct mdt_thread_info *info)
-{
- struct mdt_device *mdt = info->mti_mdt;
- struct ptlrpc_request *req = mdt_info_req(info);
- char *client = libcfs_nid2str(req->rq_peer.nid);
- struct obd_export *exp = req->rq_export;
- struct obd_device *obd = exp->exp_obd;
- struct obd_connect_data *data, *reply;
- int rc = 0, remote;
- ENTRY;
-
- data = req_capsule_client_get(info->mti_pill, &RMF_CONNECT_DATA);
- reply = req_capsule_server_get(info->mti_pill, &RMF_CONNECT_DATA);
- if (data == NULL || reply == NULL)
- RETURN(-EFAULT);
-
- /* connection from MDT is always trusted */
- if (req->rq_auth_usr_mdt) {
- mdt_init_sec_none(reply, exp);
- RETURN(0);
- }
-
- /* no GSS support case */
- if (!req->rq_auth_gss) {
- if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
- CWARN("client %s -> target %s does not user GSS, "
- "can not run under security level %d.\n",
- client, obd->obd_name, mdt->mdt_sec_level);
- RETURN(-EACCES);
- } else {
- mdt_init_sec_none(reply, exp);
- RETURN(0);
- }
- }
-
- /* old version case */
- if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) ||
- !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) ||
- !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) {
- if (mdt->mdt_sec_level > LUSTRE_SEC_NONE) {
- CWARN("client %s -> target %s uses old version, "
- "can not run under security level %d.\n",
- client, obd->obd_name, mdt->mdt_sec_level);
- RETURN(-EACCES);
- } else {
- CWARN("client %s -> target %s uses old version, "
- "run under security level %d.\n",
- client, obd->obd_name, mdt->mdt_sec_level);
- mdt_init_sec_none(reply, exp);
- RETURN(0);
- }
- }
-
- remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE;
- if (remote) {
- if (!req->rq_auth_remote)
- CDEBUG(D_SEC, "client (local realm) %s -> target %s "
- "asked to be remote.\n", client, obd->obd_name);
- } else if (req->rq_auth_remote) {
- remote = 1;
- CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set "
- "as remote by default.\n", client, obd->obd_name);
- }
-
- if (remote) {
- if (!mdt->mdt_opts.mo_oss_capa) {
- CDEBUG(D_SEC, "client %s -> target %s is set as remote,"
- " but OSS capabilities are not enabled: %d.\n",
- client, obd->obd_name, mdt->mdt_opts.mo_oss_capa);
- RETURN(-EACCES);
- }
- } else {
- if (req->rq_auth_uid == INVALID_UID) {
- CDEBUG(D_SEC, "client %s -> target %s: user is not "
- "authenticated!\n", client, obd->obd_name);
- RETURN(-EACCES);
- }
- }
-
- switch (mdt->mdt_sec_level) {
- case LUSTRE_SEC_NONE:
- if (!remote) {
- mdt_init_sec_none(reply, exp);
- break;
- } else {
- CDEBUG(D_SEC, "client %s -> target %s is set as remote, "
- "can not run under security level %d.\n",
- client, obd->obd_name, mdt->mdt_sec_level);
- RETURN(-EACCES);
- }
- case LUSTRE_SEC_REMOTE:
- if (!remote)
- mdt_init_sec_none(reply, exp);
- break;
- case LUSTRE_SEC_ALL:
- if (!remote) {
- reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT |
- OBD_CONNECT_RMT_CLIENT_FORCE);
- if (!mdt->mdt_opts.mo_mds_capa)
- reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA;
- if (!mdt->mdt_opts.mo_oss_capa)
- reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA;
-
- cfs_spin_lock(&exp->exp_lock);
- exp->exp_connect_flags = reply->ocd_connect_flags;
- cfs_spin_unlock(&exp->exp_lock);
- }
- break;
- default:
- RETURN(-EINVAL);
- }
-
- RETURN(rc);
-}
-
-int mdt_init_idmap(struct mdt_thread_info *info)
+int mdt_init_idmap(struct tgt_session_info *tsi)
{
- struct ptlrpc_request *req = mdt_info_req(info);
- struct mdt_export_data *med = mdt_req2med(req);
- struct obd_export *exp = req->rq_export;
- char *client = libcfs_nid2str(req->rq_peer.nid);
- struct obd_device *obd = exp->exp_obd;
- int rc = 0;
- ENTRY;
-
- if (exp_connect_rmtclient(exp)) {
- cfs_down(&med->med_idmap_sem);
- if (!med->med_idmap)
- med->med_idmap = lustre_idmap_init();
- cfs_up(&med->med_idmap_sem);
-
- if (IS_ERR(med->med_idmap)) {
- long err = PTR_ERR(med->med_idmap);
-
- med->med_idmap = NULL;
- CERROR("client %s -> target %s "
- "failed to init idmap [%ld]!\n",
- client, obd->obd_name, err);
- RETURN(err);
- } else if (!med->med_idmap) {
- CERROR("client %s -> target %s "
- "failed to init(2) idmap!\n",
- client, obd->obd_name);
- RETURN(-ENOMEM);
- }
-
- CDEBUG(D_SEC, "client %s -> target %s is remote.\n",
- client, obd->obd_name);
- /* NB, MDS_CONNECT establish root idmap too! */
- rc = mdt_handle_idmap(info);
- }
- RETURN(rc);
+ struct ptlrpc_request *req = tgt_ses_req(tsi);
+ struct mdt_export_data *med = mdt_req2med(req);
+ struct obd_export *exp = req->rq_export;
+ char *client = libcfs_nid2str(req->rq_peer.nid);
+ int rc = 0;
+ ENTRY;
+
+ if (exp_connect_rmtclient(exp)) {
+ mutex_lock(&med->med_idmap_mutex);
+ if (!med->med_idmap)
+ med->med_idmap = lustre_idmap_init();
+ mutex_unlock(&med->med_idmap_mutex);
+
+ if (IS_ERR(med->med_idmap)) {
+ long err = PTR_ERR(med->med_idmap);
+
+ med->med_idmap = NULL;
+ CERROR("%s: client %s -> target %s "
+ "failed to init idmap [%ld]!\n",
+ tgt_name(tsi->tsi_tgt), client,
+ tgt_name(tsi->tsi_tgt), err);
+ RETURN(err);
+ } else if (!med->med_idmap) {
+ CERROR("%s: client %s -> target %s "
+ "failed to init(2) idmap!\n",
+ tgt_name(tsi->tsi_tgt), client,
+ tgt_name(tsi->tsi_tgt));
+ RETURN(-ENOMEM);
+ }
+
+ CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n",
+ tgt_name(tsi->tsi_tgt), client,
+ tgt_name(tsi->tsi_tgt));
+ /* NB, MDS_CONNECT establish root idmap too! */
+ rc = mdt_handle_idmap(tsi);
+ }
+ RETURN(rc);
}
void mdt_cleanup_idmap(struct mdt_export_data *med)
{
- cfs_down(&med->med_idmap_sem);
+ mutex_lock(&med->med_idmap_mutex);
if (med->med_idmap != NULL) {
lustre_idmap_fini(med->med_idmap);
med->med_idmap = NULL;
}
- cfs_up(&med->med_idmap_sem);
+ mutex_unlock(&med->med_idmap_mutex);
}
static inline void mdt_revoke_export_locks(struct obd_export *exp)
ldlm_revoke_export_locks(exp);
}
-int mdt_handle_idmap(struct mdt_thread_info *info)
+int mdt_handle_idmap(struct tgt_session_info *tsi)
{
- struct ptlrpc_request *req = mdt_info_req(info);
- struct mdt_device *mdt = info->mti_mdt;
+ struct ptlrpc_request *req = tgt_ses_req(tsi);
+ struct mdt_device *mdt = mdt_exp2dev(req->rq_export);
struct mdt_export_data *med;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_identity *identity;
RETURN(0);
med = mdt_req2med(req);
- if (!exp_connect_rmtclient(info->mti_exp))
+ if (!exp_connect_rmtclient(req->rq_export))
RETURN(0);
opc = lustre_msg_get_opc(req->rq_reqmsg);
RETURN(-EACCES);
}
- if (req->rq_auth_mapped_uid == INVALID_UID) {
+ if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) {
CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
"/etc/lustre/idmap.conf!\n");
RETURN(-EACCES);
void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body)
{
struct ptlrpc_request *req = mdt_info_req(info);
- struct md_ucred *uc = mdt_ucred(info);
+ struct lu_ucred *uc = mdt_ucred(info);
struct mdt_export_data *med = mdt_req2med(req);
struct lustre_idmap_table *idmap = med->med_idmap;
if (!exp_connect_rmtclient(info->mti_exp))
return;
- if (body->valid & OBD_MD_FLUID) {
- uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->uid);
+ if (body->mbo_valid & OBD_MD_FLUID) {
+ uid_t uid;
- if (uid == CFS_IDMAP_NOTFOUND) {
- uid = NOBODY_UID;
- if (body->valid & OBD_MD_FLMODE)
- body->mode = (body->mode & ~S_IRWXU) |
- ((body->mode & S_IRWXO) << 6);
- }
+ uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid);
- body->uid = uid;
- }
+ if (uid == CFS_IDMAP_NOTFOUND) {
+ uid = NOBODY_UID;
+ if (body->mbo_valid & OBD_MD_FLMODE)
+ body->mbo_mode = (body->mbo_mode & ~S_IRWXU) |
+ ((body->mbo_mode & S_IRWXO) << 6);
+ }
- if (body->valid & OBD_MD_FLGID) {
- gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->gid);
+ body->mbo_uid = uid;
+ }
- if (gid == CFS_IDMAP_NOTFOUND) {
- gid = NOBODY_GID;
- if (body->valid & OBD_MD_FLMODE)
- body->mode = (body->mode & ~S_IRWXG) |
- ((body->mode & S_IRWXO) << 3);
- }
+ if (body->mbo_valid & OBD_MD_FLGID) {
+ gid_t gid;
+
+ gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid);
+
+ if (gid == CFS_IDMAP_NOTFOUND) {
+ gid = NOBODY_GID;
+ if (body->mbo_valid & OBD_MD_FLMODE)
+ body->mbo_mode = (body->mbo_mode & ~S_IRWXG) |
+ ((body->mbo_mode & S_IRWXO) << 3);
+ }
- body->gid = gid;
+ body->mbo_gid = gid;
}
}
int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op)
{
struct ptlrpc_request *req = mdt_info_req(info);
- struct md_ucred *uc = mdt_ucred(info);
+ struct lu_ucred *uc = mdt_ucred_check(info);
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_export_data *med = mdt_req2med(req);
struct lustre_idmap_table *idmap = med->med_idmap;
- if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
- return -EINVAL;
+ if (uc == NULL)
+ return -EINVAL;
if (op != REINT_SETATTR) {
- if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
- attr->la_uid = uc->mu_fsuid;
- /* for S_ISGID, inherit gid from his parent, such work will be
- * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */
- if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
- attr->la_gid = uc->mu_fsgid;
+ if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
+ attr->la_uid = uc->uc_fsuid;
+ /* for S_ISGID, inherit gid from his parent, such work will be
+ * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */
+ if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
+ attr->la_gid = uc->uc_fsgid;
} else if (exp_connect_rmtclient(info->mti_exp)) {
/* NB: -1 case will be handled by mdt_fix_attr() later. */
if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {
git://git.whamcloud.com / fs / lustre-release.git / blobdiff