LU-9929 nodemap: add default ACL unmapping handling

This patch adds default ACL unmapping code to mdt_getxattr
functions so that clients can get a correctly unmapped id.
Also, test_23b is added to sanity-sec.sh to verify this fix.

Change-Id: I6562372c58ca9772f16f7d6b0b98b45ada87971a
Test-Parameters: testlist=sanity-sec
Signed-off-by: Emoly Liu <emoly.liu@intel.com>
Reviewed-on: https://review.whamcloud.com/29010
Tested-by: Jenkins
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Fan Yong <fan.yong@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Stephan Thiell <sthiell@stanford.edu>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 34e46cd..61be6b2 100644 (file)
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -401,7 +401,7 @@ out_xattr:
        }
 out:
         ptlrpc_req_finished(req);
        }
 out:
         ptlrpc_req_finished(req);

-        return rc;
+       RETURN(rc);

 }
 
 static int ll_xattr_get_common(const struct xattr_handler *handler,
 }
 
 static int ll_xattr_get_common(const struct xattr_handler *handler,


@@ -413,6 +413,8 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
        char *fullname;
        int rc;
 
        char *fullname;
        int rc;
 

+       ENTRY;
+

        ll_stats_ops_tally(ll_i2sbi(inode), LPROC_LL_GETXATTR, 1);
 
        rc = xattr_type_filter(sbi, handler);
        ll_stats_ops_tally(ll_i2sbi(inode), LPROC_LL_GETXATTR, 1);
 
        rc = xattr_type_filter(sbi, handler);


@@ -455,7 +457,7 @@ static int ll_xattr_get_common(const struct xattr_handler *handler,
        rc = ll_xattr_list(inode, fullname, handler->flags, buffer, size,
                           OBD_MD_FLXATTR);
        kfree(fullname);
        rc = ll_xattr_list(inode, fullname, handler->flags, buffer, size,
                           OBD_MD_FLXATTR);
        kfree(fullname);

-       return rc;
+       RETURN(rc);

 }
 
 static ssize_t ll_getxattr_lov(struct inode *inode, void *buf, size_t buf_size)
 }
 
 static ssize_t ll_getxattr_lov(struct inode *inode, void *buf, size_t buf_size)


@@ -528,7 +530,7 @@ out_req:
                if (req)
                        ptlrpc_req_finished(req);
 
                if (req)
                        ptlrpc_req_finished(req);
 

-               return rc;
+               RETURN(rc);

        } else {
                RETURN(-ENODATA);
        }
        } else {
                RETURN(-ENODATA);
        }

diff --git a/lustre/llite/xattr_cache.c b/lustre/llite/xattr_cache.c
index fca7ab0..50dcbe7 100644 (file)
--- a/lustre/llite/xattr_cache.c
+++ b/lustre/llite/xattr_cache.c
@@ -482,7 +482,7 @@ err_req:
                rc = -EAGAIN;
 
        ptlrpc_req_finished(req);
                rc = -EAGAIN;
 
        ptlrpc_req_finished(req);

-       return rc;
+       RETURN(rc);

 }
 
 /**
 }
 
 /**


@@ -547,6 +547,6 @@ int ll_xattr_cache_get(struct inode *inode,
 out:
        up_read(&lli->lli_xattrs_list_rwsem);
 
 out:
        up_read(&lli->lli_xattrs_list_rwsem);
 

-       return rc;
+       RETURN(rc);

 }
 
 }
 

diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c
index ee6f744..3cd39f4 100644 (file)
--- a/lustre/mdt/mdt_xattr.c
+++ b/lustre/mdt/mdt_xattr.c
@@ -117,6 +117,36 @@ static int mdt_getxattr_pack_reply(struct mdt_thread_info * info)
         RETURN(size);
 }
 
         RETURN(size);
 }
 

+static int mdt_nodemap_map_acl(struct mdt_thread_info *info, void *buf,
+                              size_t size, const char *name,
+                              enum nodemap_tree_type tree_type)
+{
+       struct lu_nodemap      *nodemap;
+       struct obd_export      *exp = info->mti_exp;
+       int                     rc = size;
+
+       ENTRY;
+
+       if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0 ||
+           strcmp(name, XATTR_NAME_ACL_DEFAULT) == 0) {
+               if (size > info->mti_mdt->mdt_max_ea_size ||
+                    (!exp_connect_large_acl(exp) &&
+                     size > LUSTRE_POSIX_ACL_MAX_SIZE_OLD))
+                       GOTO(out, rc = -ERANGE);
+
+               nodemap = nodemap_get_from_exp(exp);
+               if (IS_ERR(nodemap))
+                       GOTO(out, rc = PTR_ERR(nodemap));
+
+               rc = nodemap_map_acl(nodemap, buf, size, tree_type);
+               nodemap_putref(nodemap);
+               if (rc < 0)
+                       GOTO(out, rc);
+       }
+out:
+       RETURN(rc);
+}
+

 static int mdt_getxattr_all(struct mdt_thread_info *info,
                            struct mdt_body *reqbody, struct mdt_body *repbody,
                            struct lu_buf *buf, struct md_object *next)
 static int mdt_getxattr_all(struct mdt_thread_info *info,
                            struct mdt_body *reqbody, struct mdt_body *repbody,
                            struct lu_buf *buf, struct md_object *next)


@@ -155,7 +185,10 @@ static int mdt_getxattr_all(struct mdt_thread_info *info,
                rc = mo_xattr_get(env, next, buf, b);
                if (rc < 0)
                        GOTO(out_shrink, rc);
                rc = mo_xattr_get(env, next, buf, b);
                if (rc < 0)
                        GOTO(out_shrink, rc);

-
+               rc = mdt_nodemap_map_acl(info, buf->lb_buf, rc, b,
+                                        NODEMAP_FS_TO_CLIENT);
+               if (rc < 0)
+                       GOTO(out_shrink, rc);

                sizes[eavallens] = rc;
                eavallens++;
                eavallen += rc;
                sizes[eavallens] = rc;
                eavallens++;
                eavallen += rc;


@@ -223,9 +256,11 @@ int mdt_getxattr(struct mdt_thread_info *info)
        valid = info->mti_body->mbo_valid & (OBD_MD_FLXATTR | OBD_MD_FLXATTRLS);
 
        if (valid == OBD_MD_FLXATTR) {
        valid = info->mti_body->mbo_valid & (OBD_MD_FLXATTR | OBD_MD_FLXATTRLS);
 
        if (valid == OBD_MD_FLXATTR) {

-               char *xattr_name = req_capsule_client_get(info->mti_pill,
-                                                         &RMF_NAME);
+               const char *xattr_name = req_capsule_client_get(info->mti_pill,
+                                                               &RMF_NAME);

                rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);
                rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);

+               rc = mdt_nodemap_map_acl(info, buf->lb_buf, rc, xattr_name,
+                                        NODEMAP_FS_TO_CLIENT);

        } else if (valid == OBD_MD_FLXATTRLS) {
                CDEBUG(D_INODE, "listxattr\n");
 
        } else if (valid == OBD_MD_FLXATTRLS) {
                CDEBUG(D_INODE, "listxattr\n");
 


@@ -261,7 +296,6 @@ int mdt_reint_setxattr(struct mdt_thread_info *info,
        struct lu_attr          *attr = &info->mti_attr.ma_attr;
        struct mdt_object       *obj;
        struct md_object        *child;
        struct lu_attr          *attr = &info->mti_attr.ma_attr;
        struct mdt_object       *obj;
        struct md_object        *child;

-       struct obd_export       *exp = info->mti_exp;

        __u64                    valid = attr->la_valid;
        const char              *xattr_name = rr->rr_name.ln_name;
        int                      xattr_len = rr->rr_eadatalen;
        __u64                    valid = attr->la_valid;
        const char              *xattr_name = rr->rr_name.ln_name;
        int                      xattr_len = rr->rr_eadatalen;


@@ -305,23 +339,10 @@ int mdt_reint_setxattr(struct mdt_thread_info *info,
        } else if ((valid & OBD_MD_FLXATTR) &&
                   (strcmp(xattr_name, XATTR_NAME_ACL_ACCESS) == 0 ||
                    strcmp(xattr_name, XATTR_NAME_ACL_DEFAULT) == 0)) {
        } else if ((valid & OBD_MD_FLXATTR) &&
                   (strcmp(xattr_name, XATTR_NAME_ACL_ACCESS) == 0 ||
                    strcmp(xattr_name, XATTR_NAME_ACL_DEFAULT) == 0)) {

-               struct lu_nodemap *nodemap;
-
-               if ((xattr_len > info->mti_mdt->mdt_max_ea_size) ||
-                    (!exp_connect_large_acl(exp) &&
-                     xattr_len > LUSTRE_POSIX_ACL_MAX_SIZE_OLD))
-                       GOTO(out, rc = -ERANGE);
-
-               nodemap = nodemap_get_from_exp(exp);
-               if (IS_ERR(nodemap))
-                       GOTO(out, rc = PTR_ERR(nodemap));
-
-               rc = nodemap_map_acl(nodemap, rr->rr_eadata, xattr_len,
-                                    NODEMAP_CLIENT_TO_FS);
-               nodemap_putref(nodemap);
+               rc = mdt_nodemap_map_acl(info, rr->rr_eadata, xattr_len,
+                                        xattr_name, NODEMAP_CLIENT_TO_FS);

                if (rc < 0)
                        GOTO(out, rc);
                if (rc < 0)
                        GOTO(out, rc);

-

                /* ACLs were mapped out, return an error so the user knows */
                if (rc != xattr_len)
                        GOTO(out, rc = -EPERM);
                /* ACLs were mapped out, return an error so the user knows */
                if (rc != xattr_len)
                        GOTO(out, rc = -EPERM);

diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c
index a6ef9ca..ba5f4a7 100644 (file)
--- a/lustre/ptlrpc/nodemap_handler.c
+++ b/lustre/ptlrpc/nodemap_handler.c
@@ -701,17 +701,19 @@ ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
        posix_acl_xattr_entry   *end;
        int                      count;
 
        posix_acl_xattr_entry   *end;
        int                      count;
 

+       ENTRY;
+

        if (!nodemap_active)
        if (!nodemap_active)

-               return size;
+               RETURN(size);

 
        if (unlikely(nodemap == NULL))
 
        if (unlikely(nodemap == NULL))

-               return size;
+               RETURN(size);

 
        count = posix_acl_xattr_count(size);
        if (count < 0)
 
        count = posix_acl_xattr_count(size);
        if (count < 0)

-               return -EINVAL;
+               RETURN(-EINVAL);

        if (count == 0)
        if (count == 0)

-               return 0;
+               RETURN(0);

 
        for (end = entry + count; entry != end; entry++) {
                __u16 tag = le16_to_cpu(entry->e_tag);
 
        for (end = entry + count; entry != end; entry++) {
                __u16 tag = le16_to_cpu(entry->e_tag);


@@ -741,7 +743,7 @@ ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
                new_entry++;
        }
 
                new_entry++;
        }
 

-       return (void *)new_entry - (void *)header;
+       RETURN((void *)new_entry - (void *)header);

 }
 EXPORT_SYMBOL(nodemap_map_acl);
 
 }
 EXPORT_SYMBOL(nodemap_map_acl);
 

diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index 5c517b1..64e3a08 100755 (executable)
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -1554,7 +1554,7 @@ nodemap_acl_test() {
        return 1
 }
 
        return 1
 }
 

-test_23() {
+test_23a() {

        nodemap_version_check || return 0
        nodemap_test_setup
 
        nodemap_version_check || return 0
        nodemap_test_setup
 


@@ -1606,7 +1606,57 @@ test_23() {
 
        nodemap_test_cleanup
 }
 
        nodemap_test_cleanup
 }

-run_test 23 "test mapped ACLs"
+run_test 23a "test mapped regular ACLs"
+
+test_23b() { #LU-9929
+       remote_mgs_nodsh && skip "remote MGS with nodsh" && return
+       [ $(lustre_version_code mgs) -lt $(version_code 2.10.53) ] &&
+               skip "Need MGS >= 2.10.53" && return
+
+       nodemap_test_setup
+       trap nodemap_test_cleanup EXIT
+
+       local testdir=$DIR/$tdir
+       local fs_id=$((IDBASE+10))
+       local unmapped_id
+       local mapped_id
+       local fs_user
+
+       do_facet mgs $LCTL nodemap_modify --name c0 --property admin --value 1
+       wait_nm_sync c0 admin_nodemap
+
+       # Add idmap $ID0:$fs_id (500:60010)
+       do_facet mgs $LCTL nodemap_add_idmap --name c0 --idtype gid \
+               --idmap $ID0:$fs_id ||
+               error "add idmap $ID0:$fs_id to nodemap c0 failed"
+
+       # set/getfacl default acl on client0 (unmapped gid=500)
+       rm -rf $testdir
+       mkdir -p $testdir
+       # Here, USER0=$(getent passwd | grep :$ID0:$ID0: | cut -d: -f1)
+       setfacl -R -d -m group:$USER0:rwx $testdir ||
+               error "setfacl $testdir on ${clients_arr[0]} failed"
+       unmapped_id=$(getfacl $testdir | grep -E "default:group:.*:rwx" |
+                       awk -F: '{print $3}')
+       [ "$unmapped_id" = "$USER0" ] ||
+               error "gid=$ID0 was not unmapped correctly on ${clients_arr[0]}"
+
+       # getfacl default acl on MGS (mapped gid=60010)
+       zconf_mount $mgs_HOST $MOUNT
+       do_rpc_nodes $mgs_HOST is_mounted $MOUNT ||
+               error "mount lustre on MGS failed"
+       mapped_id=$(do_node $mgs_HOST getfacl $testdir |
+                       grep -E "default:group:.*:rwx" | awk -F: '{print $3}')
+       fs_user=$(do_facet mgs getent passwd |
+                       grep :$fs_id:$fs_id: | cut -d: -f1)
+       [ $mapped_id -eq $fs_id -o "$mapped_id" = "$fs_user" ] ||
+               error "Should return gid=$fs_id or $fs_user on MGS"
+
+       rm -rf $testdir
+       do_facet mgs umount $MOUNT
+       nodemap_test_cleanup
+}
+run_test 23b "test mapped default ACLs"

 
 test_24() {
        nodemap_test_setup
 
 test_24() {
        nodemap_test_setup