LCFG_NODEMAP_TEST_ID = 0x00ce056, /**< test uid/gid mapping */
LCFG_NODEMAP_SET_FILESET = 0x00ce057, /**< set fileset */
LCFG_NODEMAP_DENY_UNKNOWN = 0x00ce058, /**< deny squashed nodemap users */
+ LCFG_NODEMAP_MAP_MODE = 0x00ce059, /**< set the mapping mode */
};
struct lustre_cfg_bufs {
NODEMAP_CLIENT_TO_FS,
};
+enum nodemap_mapping_modes {
+ NODEMAP_MAP_BOTH,
+ NODEMAP_MAP_UID_ONLY,
+ NODEMAP_MAP_GID_ONLY,
+};
+
struct nodemap_pde {
char npe_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
struct proc_dir_entry *npe_proc_entry;
/* flags to govern nodemap behavior */
bool nmf_trust_client_ids:1,
nmf_deny_unknown:1,
- nmf_allow_root_access:1;
+ nmf_allow_root_access:1,
+ nmf_map_uid_only:1,
+ nmf_map_gid_only:1;
/* unique ID set by MGS */
unsigned int nm_id;
/* nodemap ref counter */
int nodemap_set_allow_root(const char *name, bool allow_root);
int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
+int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode);
int nodemap_set_squash_uid(const char *name, uid_t uid);
int nodemap_set_squash_gid(const char *name, gid_t gid);
bool nodemap_can_setquota(const struct lu_nodemap *nodemap);
case LCFG_NODEMAP_DENY_UNKNOWN:
case LCFG_NODEMAP_SQUASH_UID:
case LCFG_NODEMAP_SQUASH_GID:
+ case LCFG_NODEMAP_MAP_MODE:
if (lcfg->lcfg_bufcount != 4)
GOTO(out_lcfg, rc = -EINVAL);
nodemap_name = lustre_cfg_string(lcfg, 1);
bool_switch = simple_strtoul(param, NULL, 10);
rc = nodemap_set_deny_unknown(nodemap_name, bool_switch);
break;
+ case LCFG_NODEMAP_MAP_MODE:
+ if (strcmp("both", param) == 0)
+ rc = nodemap_set_mapping_mode(nodemap_name,
+ NODEMAP_MAP_BOTH);
+ else if (strcmp("uid_only", param) == 0)
+ rc = nodemap_set_mapping_mode(nodemap_name,
+ NODEMAP_MAP_UID_ONLY);
+ else if (strcmp("gid_only", param) == 0)
+ rc = nodemap_set_mapping_mode(nodemap_name,
+ NODEMAP_MAP_GID_ONLY);
+ else
+ rc = -EINVAL;
+ break;
case LCFG_NODEMAP_TRUSTED:
bool_switch = simple_strtoul(param, NULL, 10);
rc = nodemap_set_trust_client_ids(nodemap_name, bool_switch);
if (unlikely(nodemap == NULL))
goto out;
+ if (nodemap->nmf_map_uid_only && id_type == NODEMAP_GID)
+ goto out;
+
+ if (nodemap->nmf_map_gid_only && id_type == NODEMAP_UID)
+ goto out;
+
if (id == 0) {
if (nodemap->nmf_allow_root_access)
goto out;
nodemap->nmf_trust_client_ids = 0;
nodemap->nmf_allow_root_access = 0;
nodemap->nmf_deny_unknown = 0;
+ nodemap->nmf_map_uid_only = 0;
+ nodemap->nmf_map_gid_only = 0;
nodemap->nm_squash_uid = NODEMAP_NOBODY_UID;
nodemap->nm_squash_gid = NODEMAP_NOBODY_GID;
default_nodemap->nmf_allow_root_access;
nodemap->nmf_deny_unknown =
default_nodemap->nmf_deny_unknown;
+ nodemap->nmf_map_uid_only =
+ default_nodemap->nmf_map_uid_only;
+ nodemap->nmf_map_gid_only =
+ default_nodemap->nmf_map_gid_only;
nodemap->nm_squash_uid = default_nodemap->nm_squash_uid;
nodemap->nm_squash_gid = default_nodemap->nm_squash_gid;
}
EXPORT_SYMBOL(nodemap_set_trust_client_ids);
+int nodemap_set_mapping_mode(const char *name, enum nodemap_mapping_modes mode)
+{
+ struct lu_nodemap *nodemap = NULL;
+ int rc = 0;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(name);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap))
+ GOTO(out, rc = PTR_ERR(nodemap));
+
+ switch (mode) {
+ case NODEMAP_MAP_BOTH:
+ nodemap->nmf_map_uid_only = 0;
+ nodemap->nmf_map_gid_only = 0;
+ break;
+ case NODEMAP_MAP_UID_ONLY:
+ nodemap->nmf_map_uid_only = 1;
+ nodemap->nmf_map_gid_only = 0;
+ break;
+ case NODEMAP_MAP_GID_ONLY:
+ nodemap->nmf_map_uid_only = 0;
+ nodemap->nmf_map_gid_only = 1;
+ break;
+ default:
+ CWARN("cannot set unknown mapping mode, mode = %d\n", mode);
+ }
+ rc = nodemap_idx_nodemap_update(nodemap);
+
+ nm_member_revoke_locks(nodemap);
+ nodemap_putref(nodemap);
+out:
+ return rc;
+}
+EXPORT_SYMBOL(nodemap_set_mapping_mode);
+
/**
* Update the squash_uid for a nodemap.
*
}
/**
+ * Reads and prints the mapping mode for the given nodemap.
+ *
+ * \param m seq file in proc fs
+ * \param data unused
+ * \retval 0 success
+ */
+static int nodemap_map_mode_seq_show(struct seq_file *m, void *data)
+{
+ struct lu_nodemap *nodemap;
+ int rc;
+
+ mutex_lock(&active_config_lock);
+ nodemap = nodemap_lookup(m->private);
+ mutex_unlock(&active_config_lock);
+ if (IS_ERR(nodemap)) {
+ rc = PTR_ERR(nodemap);
+ CERROR("cannot find nodemap '%s': rc = %d\n",
+ (char *)m->private, rc);
+ return rc;
+ }
+
+ if (nodemap->nmf_map_uid_only)
+ seq_printf(m, "uid_only\n");
+ else if (nodemap->nmf_map_gid_only)
+ seq_printf(m, "gid_only\n");
+ else
+ seq_printf(m, "both\n");
+
+ nodemap_putref(nodemap);
+ return 0;
+}
+
+/**
* Reads and prints the deny_unknown flag for the given nodemap.
*
* \param m seq file in proc fs
#endif
LPROC_SEQ_FOPS_RO(nodemap_deny_unknown);
+LPROC_SEQ_FOPS_RO(nodemap_map_mode);
const struct file_operations nodemap_ranges_fops = {
.open = nodemap_ranges_open,
.fops = &nodemap_deny_unknown_fops,
},
{
+ .name = "map_mode",
+ .fops = &nodemap_map_mode_fops,
+ },
+ {
.name = "squash_uid",
.fops = &nodemap_squash_uid_fops,
},
NM_FL_ALLOW_ROOT_ACCESS = 0x1,
NM_FL_TRUST_CLIENT_IDS = 0x2,
NM_FL_DENY_UNKNOWN = 0x4,
+ NM_FL_MAP_UID_ONLY = 0x8,
+ NM_FL_MAP_GID_ONLY = 0x10,
};
static void nodemap_cluster_key_init(struct nodemap_key *nk, unsigned int nm_id)
(nodemap->nmf_allow_root_access ?
NM_FL_ALLOW_ROOT_ACCESS : 0) |
(nodemap->nmf_deny_unknown ?
- NM_FL_DENY_UNKNOWN : 0));
+ NM_FL_DENY_UNKNOWN : 0) |
+ (nodemap->nmf_map_uid_only ?
+ NM_FL_MAP_UID_ONLY : 0) |
+ (nodemap->nmf_map_gid_only ?
+ NM_FL_MAP_GID_ONLY : 0));
}
static void nodemap_idmap_key_init(struct nodemap_key *nk, unsigned int nm_id,
flags & NM_FL_TRUST_CLIENT_IDS;
nodemap->nmf_deny_unknown =
flags & NM_FL_DENY_UNKNOWN;
+ nodemap->nmf_map_uid_only =
+ flags & NM_FL_MAP_UID_ONLY;
+ nodemap->nmf_map_gid_only =
+ flags & NM_FL_MAP_GID_ONLY;
if (*recent_nodemap == NULL) {
*recent_nodemap = nodemap;
if (nodemap_name == NULL || param == NULL || value == NULL) {
fprintf(stderr, "usage: nodemap_modify --name <nodemap_name> "
"--property <property_name> --value <value>\n");
- fprintf(stderr, "valid properties: admin trusted "
+ fprintf(stderr, "valid properties: admin trusted map_mode "
"squash_uid squash_gid deny_unknown\n");
return -1;
}
cmd = LCFG_NODEMAP_SQUASH_UID;
} else if (strcmp("squash_gid", param) == 0) {
cmd = LCFG_NODEMAP_SQUASH_GID;
+ } else if (strcmp("map_mode", param) == 0) {
+ cmd = LCFG_NODEMAP_MAP_MODE;
} else {
fprintf(stderr, "error: %s: nodemap_modify invalid "
"subcommand: %s\n",