X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=blobdiff_plain;f=lustre%2Fosd-ldiskfs%2Fosd_handler.c;h=02ea50566d1e7864b22688462eac2c317c00b992;hp=dec4da4e025c37cde333b0579598c084e3630cdf;hb=9b3b6c106b53c2c391d5e4347875a1cd3e150600;hpb=3917e62018878dfffac59ceed70f20b0419945d3;ds=sidebyside diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c index dec4da4..02ea505 100644 --- a/lustre/osd-ldiskfs/osd_handler.c +++ b/lustre/osd-ldiskfs/osd_handler.c @@ -1419,48 +1419,50 @@ static int capa_is_sane(const struct lu_env *env, } int osd_object_auth(const struct lu_env *env, struct dt_object *dt, - struct lustre_capa *capa, __u64 opc) + struct lustre_capa *capa, __u64 opc) { - const struct lu_fid *fid = lu_object_fid(&dt->do_lu); - struct osd_device *dev = osd_dev(dt->do_lu.lo_dev); - struct md_capainfo *ci; - int rc; + const struct lu_fid *fid = lu_object_fid(&dt->do_lu); + struct osd_device *osd = osd_dev(dt->do_lu.lo_dev); + struct lu_capainfo *lci; + int rc; - if (!dev->od_fl_capa) - return 0; + if (!osd->od_fl_capa) + return 0; - if (capa == BYPASS_CAPA) - return 0; + if (capa == BYPASS_CAPA) + return 0; - ci = md_capainfo(env); - if (unlikely(!ci)) - return 0; + lci = lu_capainfo_get(env); + if (unlikely(lci == NULL)) + return 0; - if (ci->mc_auth == LC_ID_NONE) - return 0; + if (lci->lci_auth == LC_ID_NONE) + return 0; - if (!capa) { - CERROR("no capability is provided for fid "DFID"\n", PFID(fid)); - return -EACCES; - } + if (capa == NULL) { + CERROR("%s: no capability provided for FID "DFID": rc = %d\n", + osd_name(osd), PFID(fid), -EACCES); + return -EACCES; + } - if (!lu_fid_eq(fid, &capa->lc_fid)) { - DEBUG_CAPA(D_ERROR, capa, "fid "DFID" mismatch with", - PFID(fid)); - return -EACCES; - } + if (!lu_fid_eq(fid, &capa->lc_fid)) { + DEBUG_CAPA(D_ERROR, capa, "fid "DFID" mismatch with", + PFID(fid)); + return -EACCES; + } - if (!capa_opc_supported(capa, opc)) { - DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc); - return -EACCES; - } + if (!capa_opc_supported(capa, opc)) { + DEBUG_CAPA(D_ERROR, capa, "opc "LPX64" not supported by", opc); + return -EACCES; + } - if ((rc = capa_is_sane(env, dev, capa, dev->od_capa_keys))) { - DEBUG_CAPA(D_ERROR, capa, "insane (rc %d)", rc); - return -EACCES; - } + rc = capa_is_sane(env, osd, capa, osd->od_capa_keys); + if (rc != 0) { + DEBUG_CAPA(D_ERROR, capa, "insane: rc = %d", rc); + return -EACCES; + } - return 0; + return 0; } static struct timespec *osd_inode_time(const struct lu_env *env, @@ -2878,90 +2880,89 @@ static int osd_xattr_del(const struct lu_env *env, struct dt_object *dt, } static struct obd_capa *osd_capa_get(const struct lu_env *env, - struct dt_object *dt, - struct lustre_capa *old, - __u64 opc) + struct dt_object *dt, + struct lustre_capa *old, __u64 opc) { - struct osd_thread_info *info = osd_oti_get(env); - const struct lu_fid *fid = lu_object_fid(&dt->do_lu); - struct osd_object *obj = osd_dt_obj(dt); - struct osd_device *dev = osd_obj2dev(obj); - struct lustre_capa_key *key = &info->oti_capa_key; - struct lustre_capa *capa = &info->oti_capa; - struct obd_capa *oc; - struct md_capainfo *ci; - int rc; - ENTRY; + struct osd_thread_info *info = osd_oti_get(env); + const struct lu_fid *fid = lu_object_fid(&dt->do_lu); + struct osd_object *obj = osd_dt_obj(dt); + struct osd_device *osd = osd_obj2dev(obj); + struct lustre_capa_key *key = &info->oti_capa_key; + struct lustre_capa *capa = &info->oti_capa; + struct obd_capa *oc; + struct lu_capainfo *lci; + int rc; + ENTRY; - if (!dev->od_fl_capa) - RETURN(ERR_PTR(-ENOENT)); + if (!osd->od_fl_capa) + RETURN(ERR_PTR(-ENOENT)); LASSERT(dt_object_exists(dt) && !dt_object_remote(dt)); - LINVRNT(osd_invariant(obj)); + LINVRNT(osd_invariant(obj)); - /* renewal sanity check */ - if (old && osd_object_auth(env, dt, old, opc)) - RETURN(ERR_PTR(-EACCES)); - - ci = md_capainfo(env); - if (unlikely(!ci)) - RETURN(ERR_PTR(-ENOENT)); - - switch (ci->mc_auth) { - case LC_ID_NONE: - RETURN(NULL); - case LC_ID_PLAIN: - capa->lc_uid = obj->oo_inode->i_uid; - capa->lc_gid = obj->oo_inode->i_gid; - capa->lc_flags = LC_ID_PLAIN; - break; - case LC_ID_CONVERT: { - __u32 d[4], s[4]; - - s[0] = obj->oo_inode->i_uid; - cfs_get_random_bytes(&(s[1]), sizeof(__u32)); - s[2] = obj->oo_inode->i_gid; - cfs_get_random_bytes(&(s[3]), sizeof(__u32)); - rc = capa_encrypt_id(d, s, key->lk_key, CAPA_HMAC_KEY_MAX_LEN); - if (unlikely(rc)) - RETURN(ERR_PTR(rc)); - - capa->lc_uid = ((__u64)d[1] << 32) | d[0]; - capa->lc_gid = ((__u64)d[3] << 32) | d[2]; - capa->lc_flags = LC_ID_CONVERT; - break; - } - default: - RETURN(ERR_PTR(-EINVAL)); + /* renewal sanity check */ + if (old && osd_object_auth(env, dt, old, opc)) + RETURN(ERR_PTR(-EACCES)); + + lci = lu_capainfo_get(env); + if (unlikely(lci == NULL)) + RETURN(ERR_PTR(-ENOENT)); + + switch (lci->lci_auth) { + case LC_ID_NONE: + RETURN(NULL); + case LC_ID_PLAIN: + capa->lc_uid = obj->oo_inode->i_uid; + capa->lc_gid = obj->oo_inode->i_gid; + capa->lc_flags = LC_ID_PLAIN; + break; + case LC_ID_CONVERT: { + __u32 d[4], s[4]; + + s[0] = obj->oo_inode->i_uid; + cfs_get_random_bytes(&(s[1]), sizeof(__u32)); + s[2] = obj->oo_inode->i_gid; + cfs_get_random_bytes(&(s[3]), sizeof(__u32)); + rc = capa_encrypt_id(d, s, key->lk_key, CAPA_HMAC_KEY_MAX_LEN); + if (unlikely(rc)) + RETURN(ERR_PTR(rc)); + + capa->lc_uid = ((__u64)d[1] << 32) | d[0]; + capa->lc_gid = ((__u64)d[3] << 32) | d[2]; + capa->lc_flags = LC_ID_CONVERT; + break; } + default: + RETURN(ERR_PTR(-EINVAL)); + } - capa->lc_fid = *fid; - capa->lc_opc = opc; - capa->lc_flags |= dev->od_capa_alg << 24; - capa->lc_timeout = dev->od_capa_timeout; - capa->lc_expiry = 0; + capa->lc_fid = *fid; + capa->lc_opc = opc; + capa->lc_flags |= osd->od_capa_alg << 24; + capa->lc_timeout = osd->od_capa_timeout; + capa->lc_expiry = 0; - oc = capa_lookup(dev->od_capa_hash, capa, 1); - if (oc) { - LASSERT(!capa_is_expired(oc)); - RETURN(oc); - } + oc = capa_lookup(osd->od_capa_hash, capa, 1); + if (oc) { + LASSERT(!capa_is_expired(oc)); + RETURN(oc); + } spin_lock(&capa_lock); - *key = dev->od_capa_keys[1]; + *key = osd->od_capa_keys[1]; spin_unlock(&capa_lock); - capa->lc_keyid = key->lk_keyid; - capa->lc_expiry = cfs_time_current_sec() + dev->od_capa_timeout; + capa->lc_keyid = key->lk_keyid; + capa->lc_expiry = cfs_time_current_sec() + osd->od_capa_timeout; - rc = capa_hmac(capa->lc_hmac, capa, key->lk_key); - if (rc) { - DEBUG_CAPA(D_ERROR, capa, "HMAC failed: %d for", rc); - RETURN(ERR_PTR(rc)); - } + rc = capa_hmac(capa->lc_hmac, capa, key->lk_key); + if (rc) { + DEBUG_CAPA(D_ERROR, capa, "HMAC failed: %d for", rc); + RETURN(ERR_PTR(rc)); + } - oc = capa_add(dev->od_capa_hash, capa); - RETURN(oc); + oc = capa_add(osd->od_capa_hash, capa); + RETURN(oc); } static int osd_object_sync(const struct lu_env *env, struct dt_object *dt)