.TH LCTL-NODEMAP_ADD_IDMAP 8 "2015-01-20" Lustre "configuration utilities"
.SH NAME
-lctl-nodemap_add_idmap \- define a range of NIDs for a nodemap
+lctl-nodemap_add_idmap \- define ID mappings for a nodemap
.SH SYNOPSIS
.br
-.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid}>
-<--idmap clientid:fsid>
+.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid|projid}>
+.B <--idmap clientid:fsid>
.br
.SH DESCRIPTION
-.B nodemap_add_idmap adds an identity mapping to a nodemap. Clients that are
-members of the given nodemap will have the identities of their users mapped
-accordingly.
+.B nodemap_add_idmap
+adds an identity mapping to a nodemap. Clients that are members of the given
+nodemap will have the identities of their users mapped accordingly.
.SH OPTIONS
.I name
is the name of the nodemap that this idmap should be added to.
.I idtype
-is either "uid" or "gid" depending on if it is a user ID or group ID that is to
-be mapped.
+is either "uid" or "gid" or "projid" depending on if it is a user ID or group
+ID or project ID that is to be mapped.
.I idmap
is the identity to map, and what it should be mapped to. The first digit is the
.nf
# lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001
# lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002
+# lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1
.fi
.SH AVAILABILITY
lctl-nodemap_del_idmap \- delete an existing idmap from a nodemap
.SH SYNOPSIS
.br
-.B lctl nodemap_del_idmap <--name name> <--idtype [uid|gid]>
-<--idmap clientid:fsid>
+.B lctl nodemap_del_idmap <--name name> <--idtype {uid|gid|projid}>
+.B <--idmap clientid:fsid>
.br
.SH DESCRIPTION
.B nodemap_del_idmap
-deletes an idmap from a nodemap. Users or groups in the nodemap with that ID
-will be squashed, if the trusted flag is not enabled.
+deletes an idmap from a nodemap. Users or groups or projects in the nodemap with
+that ID will be squashed, if the trusted flag is not enabled.
.SH OPTIONS
.I name
is the name of the nodemap that this idmap should be deleted from.
-
.I idtype
-is either "uid" or "gid" depending on if it is a user or group mapping that is
-to be removed.
+is either "uid" or "gid" or "projid" depending on if it is a user or group or
+project ID mapping that is to be removed.
.I idmap
is the identity map to delete.
.nf
# lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001
# lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002
+# lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1
.fi
.SH AVAILABILITY
.I nodemap_name
is the name of the nodemap to modify
-
.I property_name
is one of the following properties:
+.RS 0.3i
.PP
admin
.RS 4
Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to.
.RE
.PP
+squash_projid
+.RS 4
+Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to.
+.RE
+.PP
deny_unknown
.RS 4
Defaults to off. If set to on then unknown (squashed) users will be denied
The reason not to record file system events from given clients is to prevent
some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs.
.RE
+.PP
+map_mode
+.RS 4
+Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs.
+Other possible values (multiple can be specified, comma separated) are uid to
+map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs.
+.RE
+.RE
.I value
is the value to set for the property. Should be 0 or 1 for admin and trusted.
.nf
# lctl nodemap_modify --name remotesite --property trusted --value 1
# lctl nodemap_modify --name remotesite --property admin --value 1
+# lctl nodemap_modify --name remotesite --property map_mode --value uid_only
# lctl nodemap_modify --name otherremotesite --property squash_uid --value 101
.fi
enum nodemap_id_type {
NODEMAP_UID,
NODEMAP_GID,
+ NODEMAP_PROJID,
};
enum nodemap_tree_type {
};
enum nodemap_mapping_modes {
- NODEMAP_MAP_BOTH,
- NODEMAP_MAP_UID_ONLY,
- NODEMAP_MAP_GID_ONLY,
+ NODEMAP_MAP_UID = 0x01,
+ NODEMAP_MAP_GID = 0x02,
+ NODEMAP_MAP_BOTH = 0x03, /* for compatibility */
+ NODEMAP_MAP_PROJID = 0x04,
+ NODEMAP_MAP_ALL = NODEMAP_MAP_UID |
+ NODEMAP_MAP_GID |
+ NODEMAP_MAP_PROJID,
};
struct nodemap_pde {
bool nmf_trust_client_ids:1,
nmf_deny_unknown:1,
nmf_allow_root_access:1,
- nmf_map_uid_only:1,
- nmf_map_gid_only:1,
nmf_enable_audit:1,
nmf_forbid_encryption:1;
+ /* bitmap for mapping type */
+ enum nodemap_mapping_modes
+ nmf_map_mode;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
uid_t nm_squash_uid;
/* GID to squash unmapped GIDs */
gid_t nm_squash_gid;
+ /* PROJID to squash unmapped PROJIDs */
+ projid_t nm_squash_projid;
/* NID range list */
struct list_head nm_ranges;
/* lock for idmap red/black trees */
struct rb_root nm_fs_to_client_gidmap;
/* GID map keyed by remote UID */
struct rb_root nm_client_to_fs_gidmap;
+ /* PROJID map keyed by local UID */
+ struct rb_root nm_fs_to_client_projidmap;
+ /* PROJID map keyed by remote UID */
+ struct rb_root nm_client_to_fs_projidmap;
/* attached client members of this nodemap */
struct mutex nm_member_list_lock;
struct list_head nm_member_list;
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
-int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode);
+int nodemap_set_mapping_mode(const char *name,
+ enum nodemap_mapping_modes map_mode);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
+int nodemap_set_squash_projid(const char *name, projid_t projid);
int nodemap_set_audit_mode(const char *name, bool enable_audit);
int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
bool nodemap_can_setquota(const struct lu_nodemap *nodemap);
* id mapping
*/
LCFG_NODEMAP_ADMIN = 0x00ce049, /**< allow cluster to use id 0 */
+ LCFG_NODEMAP_ADD_PROJIDMAP = 0x00ce04a, /**< add a projidmap */
+ LCFG_NODEMAP_DEL_PROJIDMAP = 0x00ce04b, /**< delete a projidmap */
LCFG_NODEMAP_TRUSTED = 0x00ce050, /**< trust a clusters ids */
LCFG_NODEMAP_SQUASH_UID = 0x00ce051, /**< default map uid */
LCFG_NODEMAP_SQUASH_GID = 0x00ce052, /**< default map gid */
LCFG_NODEMAP_AUDIT_MODE = 0x00ce05a, /**< set the audit mode */
LCFG_NODEMAP_SET_SEPOL = 0x00ce05b, /**< set SELinux policy */
LCFG_NODEMAP_FORBID_ENCRYPT = 0x00ce05c, /**< forbid encryption */
+ LCFG_NODEMAP_SQUASH_PROJID = 0x00ce05d, /**< default map projid */
};
struct lustre_cfg_bufs {
char ncr_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
__u8 ncr_flags;
__u16 ncr_padding1;
- __u32 ncr_padding2;
+ __u32 ncr_squash_projid;
__u32 ncr_squash_uid;
__u32 ncr_squash_gid;
};
nid = libcfs_str2nid(nidstr);
if (strcmp(idtype_str, "uid") == 0)
idtype = NODEMAP_UID;
- else
+ else if (strcmp(idtype_str, "gid") == 0)
idtype = NODEMAP_GID;
+ else if (strcmp(idtype_str, "projid") == 0)
+ idtype = NODEMAP_PROJID;
+ else
+ GOTO(out_lcfg, rc = -EINVAL);
rc = kstrtoul(client_idstr, 10, &client_id);
if (rc != 0)
case LCFG_NODEMAP_DEL_UIDMAP:
case LCFG_NODEMAP_ADD_GIDMAP:
case LCFG_NODEMAP_DEL_GIDMAP:
+ case LCFG_NODEMAP_ADD_PROJIDMAP:
+ case LCFG_NODEMAP_DEL_PROJIDMAP:
case LCFG_NODEMAP_SET_FILESET:
case LCFG_NODEMAP_SET_SEPOL:
if (lcfg->lcfg_bufcount != 3)
case LCFG_NODEMAP_DENY_UNKNOWN:
case LCFG_NODEMAP_SQUASH_UID:
case LCFG_NODEMAP_SQUASH_GID:
+ case LCFG_NODEMAP_SQUASH_PROJID:
case LCFG_NODEMAP_MAP_MODE:
case LCFG_NODEMAP_AUDIT_MODE:
case LCFG_NODEMAP_FORBID_ENCRYPT:
bool_switch);
break;
case LCFG_NODEMAP_MAP_MODE:
- if (strcmp("both", param) == 0)
- rc = nodemap_set_mapping_mode(nodemap_name,
- NODEMAP_MAP_BOTH);
- else if (strcmp("uid_only", param) == 0)
- rc = nodemap_set_mapping_mode(nodemap_name,
- NODEMAP_MAP_UID_ONLY);
- else if (strcmp("gid_only", param) == 0)
- rc = nodemap_set_mapping_mode(nodemap_name,
- NODEMAP_MAP_GID_ONLY);
- else
- rc = -EINVAL;
+ {
+ char *p;
+ __u8 map_mode = 0;
+
+ if ((p = strstr(param, "all")) != NULL) {
+ if ((p == param || *(p-1) == ',') &&
+ (*(p+3) == '\0' || *(p+3) == ',')) {
+ map_mode = NODEMAP_MAP_ALL;
+ } else {
+ rc = -EINVAL;
+ break;
+ }
+ } else {
+ while ((p = strsep(¶m, ",")) != NULL) {
+ if (!*p)
+ break;
+
+ if (strcmp("both", p) == 0)
+ map_mode |= NODEMAP_MAP_BOTH;
+ else if (strcmp("uid_only", p) == 0 ||
+ strcmp("uid", p) == 0)
+ map_mode |= NODEMAP_MAP_UID;
+ else if (strcmp("gid_only", p) == 0 ||
+ strcmp("gid", p) == 0)
+ map_mode |= NODEMAP_MAP_GID;
+ else if (strcmp("projid_only", p) == 0 ||
+ strcmp("projid", p) == 0)
+ map_mode |= NODEMAP_MAP_PROJID;
+ else
+ break;
+ }
+ if (p) {
+ rc = -EINVAL;
+ break;
+ }
+ }
+
+ rc = nodemap_set_mapping_mode(nodemap_name, map_mode);
break;
+ }
case LCFG_NODEMAP_TRUSTED:
rc = kstrtobool(param, &bool_switch);
if (rc)
break;
rc = nodemap_set_squash_gid(nodemap_name, int_id);
break;
+ case LCFG_NODEMAP_SQUASH_PROJID:
+ rc = kstrtouint(param, 10, &int_id);
+ if (rc)
+ break;
+ rc = nodemap_set_squash_projid(nodemap_name, int_id);
+ break;
case LCFG_NODEMAP_ADD_UIDMAP:
case LCFG_NODEMAP_ADD_GIDMAP:
+ case LCFG_NODEMAP_ADD_PROJIDMAP:
rc = nodemap_parse_idmap(param, idmap);
if (rc != 0)
break;
if (cmd == LCFG_NODEMAP_ADD_UIDMAP)
rc = nodemap_add_idmap(nodemap_name, NODEMAP_UID,
idmap);
- else
+ else if (cmd == LCFG_NODEMAP_ADD_GIDMAP)
rc = nodemap_add_idmap(nodemap_name, NODEMAP_GID,
idmap);
+ else if (cmd == LCFG_NODEMAP_ADD_PROJIDMAP)
+ rc = nodemap_add_idmap(nodemap_name, NODEMAP_PROJID,
+ idmap);
+ else
+ rc = -EINVAL;
break;
case LCFG_NODEMAP_DEL_UIDMAP:
case LCFG_NODEMAP_DEL_GIDMAP:
+ case LCFG_NODEMAP_DEL_PROJIDMAP:
rc = nodemap_parse_idmap(param, idmap);
if (rc != 0)
break;
if (cmd == LCFG_NODEMAP_DEL_UIDMAP)
rc = nodemap_del_idmap(nodemap_name, NODEMAP_UID,
idmap);
- else
+ else if (cmd == LCFG_NODEMAP_DEL_GIDMAP)
rc = nodemap_del_idmap(nodemap_name, NODEMAP_GID,
idmap);
+ else if (cmd == LCFG_NODEMAP_DEL_PROJIDMAP)
+ rc = nodemap_del_idmap(nodemap_name, NODEMAP_PROJID,
+ idmap);
+ else
+ rc = -EINVAL;
break;
case LCFG_NODEMAP_SET_FILESET:
rc = nodemap_set_fileset(nodemap_name, param);
* mapping function for nodemap idmaps
*
* \param nodemap lu_nodemap structure defining nodemap
- * \param node_type NODEMAP_UID or NODEMAP_GID
+ * \param node_type NODEMAP_UID or NODEMAP_GID or NODEMAP_PROJID
* \param tree_type NODEMAP_CLIENT_TO_FS or
* NODEMAP_FS_TO_CLIENT
* \param id id to map
if (unlikely(nodemap == NULL))
goto out;
- if (nodemap->nmf_map_uid_only && id_type == NODEMAP_GID)
+ if (id_type == NODEMAP_UID &&
+ !(nodemap->nmf_map_mode & NODEMAP_MAP_UID))
goto out;
- if (nodemap->nmf_map_gid_only && id_type == NODEMAP_UID)
+ if (id_type == NODEMAP_GID &&
+ !(nodemap->nmf_map_mode & NODEMAP_MAP_GID))
+ goto out;
+
+ if (id_type == NODEMAP_PROJID &&
+ !(nodemap->nmf_map_mode & NODEMAP_MAP_PROJID))
goto out;
if (id == 0) {
squash:
if (id_type == NODEMAP_UID)
RETURN(nodemap->nm_squash_uid);
- else
+ if (id_type == NODEMAP_GID)
RETURN(nodemap->nm_squash_gid);
+ if (id_type == NODEMAP_PROJID)
+ RETURN(nodemap->nm_squash_projid);
out:
RETURN(id);
}
nodemap->nm_client_to_fs_uidmap = RB_ROOT;
nodemap->nm_fs_to_client_gidmap = RB_ROOT;
nodemap->nm_client_to_fs_gidmap = RB_ROOT;
+ nodemap->nm_fs_to_client_projidmap = RB_ROOT;
+ nodemap->nm_client_to_fs_projidmap = RB_ROOT;
if (is_default) {
nodemap->nm_id = LUSTRE_NODEMAP_DEFAULT_ID;
nodemap->nmf_trust_client_ids = 0;
nodemap->nmf_allow_root_access = 0;
nodemap->nmf_deny_unknown = 0;
- nodemap->nmf_map_uid_only = 0;
- nodemap->nmf_map_gid_only = 0;
+ nodemap->nmf_map_mode = NODEMAP_MAP_ALL;
nodemap->nmf_enable_audit = 1;
nodemap->nmf_forbid_encryption = 0;
nodemap->nm_squash_uid = NODEMAP_NOBODY_UID;
nodemap->nm_squash_gid = NODEMAP_NOBODY_GID;
+ nodemap->nm_squash_projid = NODEMAP_NOBODY_PROJID;
nodemap->nm_fileset[0] = '\0';
nodemap->nm_sepol[0] = '\0';
if (!is_default)
default_nodemap->nmf_trust_client_ids;
nodemap->nmf_allow_root_access =
default_nodemap->nmf_allow_root_access;
- nodemap->nmf_deny_unknown =
- default_nodemap->nmf_deny_unknown;
- nodemap->nmf_map_uid_only =
- default_nodemap->nmf_map_uid_only;
- nodemap->nmf_map_gid_only =
- default_nodemap->nmf_map_gid_only;
- nodemap->nmf_enable_audit =
- default_nodemap->nmf_enable_audit;
+ nodemap->nmf_deny_unknown = default_nodemap->nmf_deny_unknown;
+ nodemap->nmf_map_mode = default_nodemap->nmf_map_mode;
+ nodemap->nmf_enable_audit = default_nodemap->nmf_enable_audit;
nodemap->nmf_forbid_encryption =
default_nodemap->nmf_forbid_encryption;
nodemap->nm_squash_uid = default_nodemap->nm_squash_uid;
nodemap->nm_squash_gid = default_nodemap->nm_squash_gid;
+ nodemap->nm_squash_projid = default_nodemap->nm_squash_projid;
nodemap->nm_fileset[0] = '\0';
nodemap->nm_sepol[0] = '\0';
}
}
EXPORT_SYMBOL(nodemap_set_trust_client_ids);
-int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode)
+int nodemap_set_mapping_mode(const char *name,
+ enum nodemap_mapping_modes map_mode)
{
struct lu_nodemap *nodemap = NULL;
int rc = 0;
if (IS_ERR(nodemap))
GOTO(out, rc = PTR_ERR(nodemap));
- switch (mode) {
- case NODEMAP_MAP_BOTH:
- nodemap->nmf_map_uid_only = 0;
- nodemap->nmf_map_gid_only = 0;
- break;
- case NODEMAP_MAP_UID_ONLY:
- nodemap->nmf_map_uid_only = 1;
- nodemap->nmf_map_gid_only = 0;
- break;
- case NODEMAP_MAP_GID_ONLY:
- nodemap->nmf_map_uid_only = 0;
- nodemap->nmf_map_gid_only = 1;
- break;
- default:
- CWARN("cannot set unknown mapping mode, mode = %d\n", mode);
- }
+ nodemap->nmf_map_mode = map_mode;
rc = nodemap_idx_nodemap_update(nodemap);
nm_member_revoke_locks(nodemap);
* \param gid the new gid to squash unknown gids to
* \retval 0 on success
*
- * Update the squash_gid for a nodemap. The squash_uid is the gid
+ * Update the squash_gid for a nodemap. The squash_gid is the gid
* that the all client gids are mapped to if nodemap is active,
* the trust_client_ids flag is not set, and the gid is not in
* the idmap tree.
EXPORT_SYMBOL(nodemap_set_squash_gid);
/**
+ * Update the squash_projid for a nodemap.
+ *
+ * \param name nodemap name
+ * \param gid the new projid to squash unknown projids to
+ * \retval 0 on success
+ *
+ * Update the squash_projid for a nodemap. The squash_projid is the projid
+ * that the all client projids are mapped to if nodemap is active,
+ * the trust_client_ids flag is not set, and the projid is not in
+ * the idmap tree.
+ */
+int nodemap_set_squash_projid(const char *name, projid_t projid)
+{
+ struct lu_nodemap *nodemap = NULL;
+ int rc = 0;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(name);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap))
+ GOTO(out, rc = PTR_ERR(nodemap));
+
+ nodemap->nm_squash_projid = projid;
+ rc = nodemap_idx_nodemap_update(nodemap);
+
+ nm_member_revoke_locks(nodemap);
+ nodemap_putref(nodemap);
+out:
+ return rc;
+}
+EXPORT_SYMBOL(nodemap_set_squash_projid);
+
+/**
* Returns true if this nodemap has root user access. Always returns true if
* nodemaps are not active.
*
if (id_type == NODEMAP_UID) {
fwd_root = &nodemap->nm_client_to_fs_uidmap;
bck_root = &nodemap->nm_fs_to_client_uidmap;
- } else {
+ } else if (id_type == NODEMAP_GID) {
fwd_root = &nodemap->nm_client_to_fs_gidmap;
bck_root = &nodemap->nm_fs_to_client_gidmap;
+ } else if (id_type == NODEMAP_PROJID) {
+ fwd_root = &nodemap->nm_client_to_fs_projidmap;
+ bck_root = &nodemap->nm_fs_to_client_projidmap;
+ } else {
+ RETURN(ERR_PTR(-EINVAL));
}
fwd_node = &fwd_root->rb_node;
void idmap_delete(enum nodemap_id_type id_type, struct lu_idmap *idmap,
struct lu_nodemap *nodemap)
{
- struct rb_root *fwd_root;
- struct rb_root *bck_root;
+ struct rb_root *fwd_root;
+ struct rb_root *bck_root;
if (id_type == NODEMAP_UID) {
fwd_root = &nodemap->nm_client_to_fs_uidmap;
bck_root = &nodemap->nm_fs_to_client_uidmap;
- } else {
+ } else if (id_type == NODEMAP_GID) {
fwd_root = &nodemap->nm_client_to_fs_gidmap;
bck_root = &nodemap->nm_fs_to_client_gidmap;
+ } else if (id_type == NODEMAP_PROJID) {
+ fwd_root = &nodemap->nm_client_to_fs_projidmap;
+ bck_root = &nodemap->nm_fs_to_client_projidmap;
+ } else {
+ return;
}
rb_erase(&idmap->id_client_to_fs, fwd_root);
root = &nodemap->nm_fs_to_client_gidmap;
else if (id_type == NODEMAP_GID && tree_type == NODEMAP_CLIENT_TO_FS)
root = &nodemap->nm_client_to_fs_gidmap;
+ else if (id_type == NODEMAP_PROJID && tree_type == NODEMAP_FS_TO_CLIENT)
+ root = &nodemap->nm_fs_to_client_projidmap;
+ else if (id_type == NODEMAP_PROJID && tree_type == NODEMAP_CLIENT_TO_FS)
+ root = &nodemap->nm_client_to_fs_projidmap;
node = root->rb_node;
id_client_to_fs) {
idmap_destroy(idmap);
}
+
+ root = nodemap->nm_client_to_fs_projidmap;
+ nm_rbtree_postorder_for_each_entry_safe(idmap, temp, &root,
+ id_client_to_fs) {
+ idmap_destroy(idmap);
+ }
}
#define DEFAULT_NODEMAP "default"
-/* Default nobody uid and gid values */
-
+/* Default nobody uid, gid and projid values */
#define NODEMAP_NOBODY_UID 99
#define NODEMAP_NOBODY_GID 99
+#define NODEMAP_NOBODY_PROJID 99
struct lprocfs_static_vars;
NODEMAP_RANGE_IDX = 2, /* nid range assigned to a nm cluster */
NODEMAP_UIDMAP_IDX = 3, /* uid map assigned to a nm cluster */
NODEMAP_GIDMAP_IDX = 4, /* gid map assigned to a nm cluster */
+ NODEMAP_PROJIDMAP_IDX = 5, /* projid map assigned to nm cluster */
NODEMAP_GLOBAL_IDX = 15, /* stores nodemap activation status */
};
"fs_id: %u }", idmap->id_client,
idmap->id_fs);
}
+ for (node = rb_first(&nodemap->nm_client_to_fs_projidmap);
+ node; node = rb_next(node)) {
+ if (cont)
+ seq_printf(m, ",\n");
+ idmap = rb_entry(node, struct lu_idmap, id_client_to_fs);
+ if (idmap != NULL)
+ seq_printf(m,
+ " { idtype: projid, client_id: %u, fs_id: %u }",
+ idmap->id_client,
+ idmap->id_fs);
+ }
up_read(&nodemap->nm_idmap_lock);
seq_printf(m, "\n");
seq_printf(m, "]\n");
}
/**
+ * Reads and prints the squash PROJID for the given nodemap.
+ *
+ * \param m seq file in proc fs
+ * \param data unused
+ * \retval 0 success
+ */
+static int nodemap_squash_projid_seq_show(struct seq_file *m, void *data)
+{
+ struct lu_nodemap *nodemap;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(m->private);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap)) {
+ int rc = PTR_ERR(nodemap);
+
+ CERROR("cannot find nodemap '%s': rc = %d\n",
+ (char *)m->private, rc);
+ return rc;
+ }
+
+ seq_printf(m, "%u\n", nodemap->nm_squash_projid);
+ nodemap_putref(nodemap);
+ return 0;
+}
+
+/**
* Reads and prints the trusted flag for the given nodemap.
*
* \param m seq file in proc fs
static int nodemap_map_mode_seq_show(struct seq_file *m, void *data)
{
struct lu_nodemap *nodemap;
+ bool need_sep = false;
int rc;
mutex_lock(&active_config_lock);
return rc;
}
- if (nodemap->nmf_map_uid_only)
- seq_printf(m, "uid_only\n");
- else if (nodemap->nmf_map_gid_only)
- seq_printf(m, "gid_only\n");
- else
- seq_printf(m, "both\n");
+ if (nodemap->nmf_map_mode == NODEMAP_MAP_ALL) {
+ seq_puts(m, "all\n");
+ } else {
+ if (nodemap->nmf_map_mode & NODEMAP_MAP_UID) {
+ seq_puts(m, "uid");
+ need_sep = true;
+ }
+ if (nodemap->nmf_map_mode & NODEMAP_MAP_GID) {
+ seq_puts(m, need_sep ? ",gid" : "gid");
+ need_sep = true;
+ }
+ if (nodemap->nmf_map_mode & NODEMAP_MAP_PROJID)
+ seq_puts(m, need_sep ? ",projid" : "projid");
+ seq_puts(m, "\n");
+ }
nodemap_putref(nodemap);
return 0;
LPROC_SEQ_FOPS_RO(nodemap_admin);
LPROC_SEQ_FOPS_RO(nodemap_squash_uid);
LPROC_SEQ_FOPS_RO(nodemap_squash_gid);
+LPROC_SEQ_FOPS_RO(nodemap_squash_projid);
LPROC_SEQ_FOPS_RO(nodemap_deny_unknown);
LPROC_SEQ_FOPS_RO(nodemap_map_mode);
.fops = &nodemap_squash_gid_fops,
},
{
+ .name = "squash_projid",
+ .fops = &nodemap_squash_projid_fops,
+ },
+ {
.name = "ranges",
.fops = &nodemap_ranges_fops,
},
.fops = &nodemap_squash_gid_fops,
},
{
+ .name = "squash_projid",
+ .fops = &nodemap_squash_projid_fops,
+ },
+ {
.name = "fileset",
.fops = &nodemap_fileset_fops,
},
NM_FL_ALLOW_ROOT_ACCESS = 0x1,
NM_FL_TRUST_CLIENT_IDS = 0x2,
NM_FL_DENY_UNKNOWN = 0x4,
- NM_FL_MAP_UID_ONLY = 0x8,
- NM_FL_MAP_GID_ONLY = 0x10,
+ NM_FL_MAP_UID = 0x8,
+ NM_FL_MAP_GID = 0x10,
NM_FL_ENABLE_AUDIT = 0x20,
NM_FL_FORBID_ENCRYPT = 0x40,
+ NM_FL_MAP_PROJID = 0x80,
};
static void nodemap_cluster_key_init(struct nodemap_key *nk, unsigned int nm_id)
strncpy(nr->ncr.ncr_name, nodemap->nm_name, sizeof(nr->ncr.ncr_name));
nr->ncr.ncr_squash_uid = cpu_to_le32(nodemap->nm_squash_uid);
nr->ncr.ncr_squash_gid = cpu_to_le32(nodemap->nm_squash_gid);
+ nr->ncr.ncr_squash_projid = cpu_to_le32(nodemap->nm_squash_projid);
nr->ncr.ncr_flags = cpu_to_le32(
(nodemap->nmf_trust_client_ids ?
NM_FL_TRUST_CLIENT_IDS : 0) |
NM_FL_ALLOW_ROOT_ACCESS : 0) |
(nodemap->nmf_deny_unknown ?
NM_FL_DENY_UNKNOWN : 0) |
- (nodemap->nmf_map_uid_only ?
- NM_FL_MAP_UID_ONLY : 0) |
- (nodemap->nmf_map_gid_only ?
- NM_FL_MAP_GID_ONLY : 0) |
+ (nodemap->nmf_map_mode & NODEMAP_MAP_UID ?
+ NM_FL_MAP_UID : 0) |
+ (nodemap->nmf_map_mode & NODEMAP_MAP_GID ?
+ NM_FL_MAP_GID : 0) |
+ (nodemap->nmf_map_mode & NODEMAP_MAP_PROJID ?
+ NM_FL_MAP_PROJID : 0) |
(nodemap->nmf_enable_audit ?
NM_FL_ENABLE_AUDIT : 0) |
(nodemap->nmf_forbid_encryption ?
if (id_type == NODEMAP_UID)
idx_type = NODEMAP_UIDMAP_IDX;
- else
+ else if (id_type == NODEMAP_GID)
idx_type = NODEMAP_GIDMAP_IDX;
+ else if (id_type == NODEMAP_PROJID)
+ idx_type = NODEMAP_PROJIDMAP_IDX;
+ else
+ idx_type = NODEMAP_EMPTY_IDX;
nk->nk_nodemap_id = cpu_to_le32(nm_idx_set_type(nm_id, idx_type));
nk->nk_id_client = cpu_to_le32(id_client);
rc = rc2;
}
+ root = nodemap->nm_client_to_fs_projidmap;
+ nm_rbtree_postorder_for_each_entry_safe(idmap, temp, &root,
+ id_client_to_fs) {
+ nodemap_idmap_key_init(&nk, nodemap->nm_id, NODEMAP_PROJID,
+ idmap->id_client);
+ rc2 = nodemap_idx_delete(&env, nodemap_mgs_ncf->ncf_obj,
+ &nk, NULL);
+ if (rc2 < 0)
+ rc = rc2;
+ }
+
list_for_each_entry_safe(range, range_temp, &nodemap->nm_ranges,
rn_list) {
nodemap_range_key_init(&nk, nodemap->nm_id, range->rn_id);
/* find the correct nodemap in the load list */
if (type == NODEMAP_RANGE_IDX || type == NODEMAP_UIDMAP_IDX ||
- type == NODEMAP_GIDMAP_IDX) {
+ type == NODEMAP_GIDMAP_IDX || type == NODEMAP_PROJIDMAP_IDX) {
struct lu_nodemap *tmp = NULL;
nodemap = *recent_nodemap;
le32_to_cpu(rec->ncr.ncr_squash_uid);
nodemap->nm_squash_gid =
le32_to_cpu(rec->ncr.ncr_squash_gid);
+ nodemap->nm_squash_projid =
+ le32_to_cpu(rec->ncr.ncr_squash_projid);
flags = le32_to_cpu(rec->ncr.ncr_flags);
nodemap->nmf_allow_root_access =
flags & NM_FL_TRUST_CLIENT_IDS;
nodemap->nmf_deny_unknown =
flags & NM_FL_DENY_UNKNOWN;
- nodemap->nmf_map_uid_only =
- flags & NM_FL_MAP_UID_ONLY;
- nodemap->nmf_map_gid_only =
- flags & NM_FL_MAP_GID_ONLY;
+ nodemap->nmf_map_mode = (flags & NM_FL_MAP_UID ?
+ NODEMAP_MAP_UID : 0) |
+ (flags & NM_FL_MAP_GID ?
+ NODEMAP_MAP_GID : 0) |
+ (flags & NM_FL_MAP_PROJID ?
+ NODEMAP_MAP_PROJID : 0);
nodemap->nmf_enable_audit =
flags & NM_FL_ENABLE_AUDIT;
nodemap->nmf_forbid_encryption =
break;
case NODEMAP_UIDMAP_IDX:
case NODEMAP_GIDMAP_IDX:
+ case NODEMAP_PROJIDMAP_IDX:
map[0] = le32_to_cpu(key->nk_id_client);
map[1] = le32_to_cpu(rec->nir.nir_id_fs);
if (type == NODEMAP_UIDMAP_IDX)
id_type = NODEMAP_UID;
- else
+ else if (type == NODEMAP_GIDMAP_IDX)
id_type = NODEMAP_GID;
+ else if (type == NODEMAP_PROJIDMAP_IDX)
+ id_type = NODEMAP_PROJID;
+ else
+ GOTO(out, rc = -EINVAL);
rc = nodemap_add_idmap_helper(nodemap, id_type, map);
if (rc != 0)
if (rc2 < 0)
rc = rc2;
}
+
+ root = nodemap->nm_client_to_fs_projidmap;
+ nm_rbtree_postorder_for_each_entry_safe(idmap, id_tmp, &root,
+ id_client_to_fs) {
+ nodemap_idmap_key_init(&nk, nodemap->nm_id,
+ NODEMAP_PROJID,
+ idmap->id_client);
+ nodemap_idmap_rec_init(&nr, idmap->id_fs);
+ rc2 = nodemap_idx_insert(env, o, &nk, &nr);
+ if (rc2 < 0)
+ rc = rc2;
+ }
}
nodemap_global_key_init(&nk);
nodemap_global_rec_init(&nr, active_config->nmc_nodemap_is_active);
(long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding1));
LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1) == 2, "found %lld\n",
(long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1));
- LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_padding2) == 20, "found %lld\n",
- (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding2));
- LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2) == 4, "found %lld\n",
- (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2));
+ LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid) == 20, "found %lld\n",
+ (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid));
+ LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid) == 4, "found %lld\n",
+ (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid));
LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid) == 24, "found %lld\n",
(long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid));
LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_uid) == 4, "found %lld\n",
(unsigned)LCFG_NODEMAP_ACTIVATE);
LASSERTF(LCFG_NODEMAP_ADMIN == 0x000ce049UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_ADMIN);
+ LASSERTF(LCFG_NODEMAP_ADD_PROJIDMAP == 0x000ce04aUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_ADD_PROJIDMAP);
+ LASSERTF(LCFG_NODEMAP_DEL_PROJIDMAP == 0x000ce04bUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_DEL_PROJIDMAP);
LASSERTF(LCFG_NODEMAP_TRUSTED == 0x000ce050UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_TRUSTED);
LASSERTF(LCFG_NODEMAP_SQUASH_UID == 0x000ce051UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_AUDIT_MODE);
LASSERTF(LCFG_NODEMAP_SET_SEPOL == 0x000ce05bUL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_SET_SEPOL);
+ LASSERTF(LCFG_NODEMAP_FORBID_ENCRYPT == 0x000ce05cUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_FORBID_ENCRYPT);
+ LASSERTF(LCFG_NODEMAP_SQUASH_PROJID == 0x000ce05dUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_SQUASH_PROJID);
#endif /* HAVE_SERVER_SUPPORT */
LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n",
(long long)PORTALS_CFG_TYPE);
add_idmaps() {
local i
local cmd="$LCTL nodemap_add_idmap"
+ local do_proj=true
local rc=0
+ (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
+
echo "Start to add idmaps ..."
for ((i = 0; i < NODEMAP_COUNT; i++)); do
local j
--idmap $client_id:$fs_id; then
rc=$((rc + 1))
fi
+ if $do_proj; then
+ if ! do_facet mgs $cmd --name $csum \
+ --idtype projid --idmap \
+ $client_id:$fs_id; then
+ rc=$((rc + 1))
+ fi
+ fi
done
done
delete_idmaps() {
local i
local cmd="$LCTL nodemap_del_idmap"
+ local do_proj=true
local rc=0
+ (( $MDS1_VERSION >= $(version_code 2.14.52) )) || do_proj=false
+
echo "Start to delete idmaps ..."
for ((i = 0; i < NODEMAP_COUNT; i++)); do
local j
--idmap $client_id:$fs_id; then
rc=$((rc + 1))
fi
+ if $do_proj; then
+ if ! do_facet mgs $cmd --name $csum \
+ --idtype projid --idmap \
+ $client_id:$fs_id; then
+ rc=$((rc + 1))
+ fi
+ fi
done
done
cmd[0]="$LCTL nodemap_modify --property squash_uid"
cmd[1]="$LCTL nodemap_modify --property squash_gid"
+ cmd[2]="$LCTL nodemap_modify --property squash_projid"
if ! do_facet mgs ${cmd[$3]} --name $1 --value $2; then
return 1
wait_nm_sync default squash_uid '' inactive
squash_id default 99 1
wait_nm_sync default squash_gid '' inactive
+if [ "$MDS1_VERSION" -ge $(version_code 2.14.50) ]; then
+ squash_id default 99 2
+ wait_nm_sync default squash_projid '' inactive
+fi
test_nid() {
local cmd
[[ $rc != 0 ]] && error "nodemap squash_gid with $rc" && return 3
rc=0
+ if (( $MDS1_VERSION >= $(version_code 2.14.52) )); then
+ for ((i = 0; i < NODEMAP_COUNT; i++)); do
+ if ! squash_id ${HOSTNAME_CHECKSUM}_${i} 88 2; then
+ rc=$((rc + 1))
+ fi
+ done
+ fi
+ [[ $rc != 0 ]] && error "nodemap squash_projid with $rc" && return 5
+
+ rc=0
delete_nodemaps
rc=$?
[[ $rc != 0 ]] && error "nodemap_del failed with $rc" && return 4
fprintf(stderr,
"usage: nodemap_modify --name <nodemap_name> --property <property_name> --value <value>\n");
fprintf(stderr,
- "valid properties: admin trusted map_mode squash_uid squash_gid deny_unknown audit_mode forbid_encryption\n");
+ "valid properties: admin trusted map_mode squash_uid squash_gid squash_projid deny_unknown audit_mode forbid_encryption\n");
return -1;
}
cmd = LCFG_NODEMAP_SQUASH_UID;
} else if (strcmp("squash_gid", param) == 0) {
cmd = LCFG_NODEMAP_SQUASH_GID;
+ } else if (strcmp("squash_projid", param) == 0) {
+ cmd = LCFG_NODEMAP_SQUASH_PROJID;
} else if (strcmp("map_mode", param) == 0) {
cmd = LCFG_NODEMAP_MAP_MODE;
} else if (strcmp("audit_mode", param) == 0) {
if (!nodemap_name || !idmap || !idtype) {
fprintf(stderr,
- "usage: %s --name <name> --idtype [uid | gid] --idmap <client id>:<filesystem id>\n",
+ "usage: %s --name <name> --idtype [uid | gid | projid] --idmap <client id>:<filesystem id>\n",
argv[0]);
return -1;
}
cmd = LCFG_NODEMAP_ADD_UIDMAP;
} else if (strcmp("gid", idtype) == 0) {
cmd = LCFG_NODEMAP_ADD_GIDMAP;
+ } else if (strcmp("projid", idtype) == 0) {
+ cmd = LCFG_NODEMAP_ADD_PROJIDMAP;
} else {
fprintf(stderr,
- "usage: %s --name <name> --idtype [uid | gid] --idmap <client id>:<filesystem id>\n",
+ "usage: %s --name <name> --idtype [uid | gid | projid] --idmap <client id>:<filesystem id>\n",
argv[0]);
return -1;
}
if (!nodemap_name || !idmap || !idtype) {
fprintf(stderr,
- "usage: %s --name <name> --idtype [uid | gid] --idmap <client id>:<filesystem id>\n",
+ "usage: %s --name <name> --idtype [uid | gid | projid] --idmap <client id>:<filesystem id>\n",
argv[0]);
return -1;
}
- if (strcmp("uid", idtype) == 0)
+ if (strcmp("uid", idtype) == 0) {
cmd = LCFG_NODEMAP_DEL_UIDMAP;
- else
+ } else if (strcmp("gid", idtype) == 0) {
cmd = LCFG_NODEMAP_DEL_GIDMAP;
+ } else if (strcmp("projid", idtype) == 0) {
+ cmd = LCFG_NODEMAP_DEL_PROJIDMAP;
+ } else {
+ fprintf(stderr,
+ "usage: %s --name <name> --idtype [uid | gid | projid] --idmap <client id>:<filesystem id>\n",
+ argv[0]);
+ return -1;
+ }
rc = nodemap_cmd(cmd, NULL, 0, argv[0], nodemap_name, idmap, NULL);
if (rc != 0) {
CHECK_MEMBER(nodemap_cluster_rec, ncr_name[LUSTRE_NODEMAP_NAME_LENGTH + 1]);
CHECK_MEMBER(nodemap_cluster_rec, ncr_flags);
CHECK_MEMBER(nodemap_cluster_rec, ncr_padding1);
- CHECK_MEMBER(nodemap_cluster_rec, ncr_padding2);
+ CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_projid);
CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_uid);
CHECK_MEMBER(nodemap_cluster_rec, ncr_squash_gid);
}
CHECK_VALUE_X(LCFG_NODEMAP_DEL_GIDMAP);
CHECK_VALUE_X(LCFG_NODEMAP_ACTIVATE);
CHECK_VALUE_X(LCFG_NODEMAP_ADMIN);
+ CHECK_VALUE_X(LCFG_NODEMAP_ADD_PROJIDMAP);
+ CHECK_VALUE_X(LCFG_NODEMAP_DEL_PROJIDMAP);
CHECK_VALUE_X(LCFG_NODEMAP_TRUSTED);
CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_UID);
CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_GID);
CHECK_VALUE_X(LCFG_NODEMAP_MAP_MODE);
CHECK_VALUE_X(LCFG_NODEMAP_AUDIT_MODE);
CHECK_VALUE_X(LCFG_NODEMAP_SET_SEPOL);
+ CHECK_VALUE_X(LCFG_NODEMAP_FORBID_ENCRYPT);
+ CHECK_VALUE_X(LCFG_NODEMAP_SQUASH_PROJID);
printf("#endif /* HAVE_SERVER_SUPPORT */\n");
#endif /* !HAVE_NATIVE_LINUX_CLIENT */
CHECK_VALUE(PORTALS_CFG_TYPE);
(long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding1));
LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1) == 2, "found %lld\n",
(long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding1));
- LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_padding2) == 20, "found %lld\n",
- (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_padding2));
- LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2) == 4, "found %lld\n",
- (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_padding2));
+ LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid) == 20, "found %lld\n",
+ (long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_projid));
+ LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid) == 4, "found %lld\n",
+ (long long)(int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_projid));
LASSERTF((int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid) == 24, "found %lld\n",
(long long)(int)offsetof(struct nodemap_cluster_rec, ncr_squash_uid));
LASSERTF((int)sizeof(((struct nodemap_cluster_rec *)0)->ncr_squash_uid) == 4, "found %lld\n",
(unsigned)LCFG_NODEMAP_ACTIVATE);
LASSERTF(LCFG_NODEMAP_ADMIN == 0x000ce049UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_ADMIN);
+ LASSERTF(LCFG_NODEMAP_ADD_PROJIDMAP == 0x000ce04aUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_ADD_PROJIDMAP);
+ LASSERTF(LCFG_NODEMAP_DEL_PROJIDMAP == 0x000ce04bUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_DEL_PROJIDMAP);
LASSERTF(LCFG_NODEMAP_TRUSTED == 0x000ce050UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_TRUSTED);
LASSERTF(LCFG_NODEMAP_SQUASH_UID == 0x000ce051UL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_AUDIT_MODE);
LASSERTF(LCFG_NODEMAP_SET_SEPOL == 0x000ce05bUL, "found 0x%.8xUL\n",
(unsigned)LCFG_NODEMAP_SET_SEPOL);
+ LASSERTF(LCFG_NODEMAP_FORBID_ENCRYPT == 0x000ce05cUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_FORBID_ENCRYPT);
+ LASSERTF(LCFG_NODEMAP_SQUASH_PROJID == 0x000ce05dUL, "found 0x%.8xUL\n",
+ (unsigned)LCFG_NODEMAP_SQUASH_PROJID);
#endif /* HAVE_SERVER_SUPPORT */
LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n",
(long long)PORTALS_CFG_TYPE);