From 9d06de39731ae16d030cda672ae771496d4f0952 Mon Sep 17 00:00:00 2001 From: Fan Yong Date: Wed, 11 May 2016 07:09:18 +0800 Subject: [PATCH] LU-6971 cleanup: not support remote client anymore There are several obsolete sub commands for lfs to work with remote client. We do not support that anymore, and should be deleted along with any kernel code related to remote client. Signed-off-by: Fan Yong Change-Id: I06f4348b2b3def5ac4aa75676b1b5b7ccc4ab10e Reviewed-on: http://review.whamcloud.com/19789 Tested-by: Jenkins Reviewed-by: Andreas Dilger Tested-by: Maloo Reviewed-by: James Simmons Reviewed-by: Lai Siyao Reviewed-by: Oleg Drokin --- lustre/autoconf/lustre-core.m4 | 15 - lustre/contrib/wireshark/packet-lustre.c | 2 +- lustre/include/lu_target.h | 12 - lustre/include/lustre/lustre_idl.h | 74 ++-- lustre/include/lustre/lustre_user.h | 16 +- lustre/include/lustre_eacl.h | 29 -- lustre/include/lustre_export.h | 16 - lustre/include/lustre_idmap.h | 38 -- lustre/include/lustre_net.h | 1 - lustre/include/lustre_req_layout.h | 2 +- lustre/include/lustre_swab.h | 1 - lustre/include/obd.h | 4 - lustre/include/obd_class.h | 11 - lustre/llite/Makefile.in | 2 +- lustre/llite/dir.c | 28 +- lustre/llite/file.c | 21 +- lustre/llite/llite_internal.h | 82 +--- lustre/llite/llite_lib.c | 79 +--- lustre/llite/llite_rmtacl.c | 300 --------------- lustre/llite/lproc_llite.c | 5 +- lustre/llite/remote_perm.c | 314 ---------------- lustre/llite/super25.c | 21 -- lustre/llite/xattr.c | 95 +---- lustre/lmv/lmv_obd.c | 22 -- lustre/mdc/mdc_locks.c | 22 +- lustre/mdc/mdc_reint.c | 2 +- lustre/mdc/mdc_request.c | 76 +--- lustre/mdt/Makefile.in | 2 +- lustre/mdt/mdt_handler.c | 108 ++---- lustre/mdt/mdt_identity.c | 50 +-- lustre/mdt/mdt_idmap.c | 364 ------------------ lustre/mdt/mdt_internal.h | 15 +- lustre/mdt/mdt_lib.c | 196 ++++------ lustre/mdt/mdt_open.c | 14 +- lustre/mdt/mdt_xattr.c | 146 +------- lustre/obdclass/Makefile.in | 3 +- lustre/obdclass/acl.c | 618 +------------------------------ lustre/obdclass/idmap.c | 308 --------------- lustre/obdclass/lprocfs_status.c | 1 - lustre/ofd/ofd_dev.c | 2 - lustre/ofd/ofd_io.c | 4 - lustre/osc/osc_cache.c | 5 +- lustre/osc/osc_page.c | 4 +- lustre/ptlrpc/gss/sec_gss.c | 1 - lustre/ptlrpc/layout.c | 18 +- lustre/ptlrpc/pack_generic.c | 13 - lustre/ptlrpc/wiretest.c | 48 --- lustre/target/tgt_handler.c | 48 +-- lustre/tests/Makefile.am | 4 - lustre/tests/rmtacl/README | 1 - lustre/tests/rmtacl/cp.test | 50 --- lustre/tests/rmtacl/getfacl-noacl.test | 63 ---- lustre/tests/rmtacl/inheritance.test | 131 ------- lustre/tests/rmtacl/make-tree | 45 --- lustre/tests/rmtacl/misc.test | 431 --------------------- lustre/tests/rmtacl/permissions.test | 284 -------------- lustre/tests/rmtacl/run | 275 -------------- lustre/tests/rmtacl/setfacl.test | 144 ------- lustre/tests/sanity-sec.sh | 101 +---- lustre/tests/setup_kerberos.sh | 103 +----- lustre/utils/l_getidentity.c | 4 - lustre/utils/lfs.c | 28 +- lustre/utils/liblustreapi.c | 311 ---------------- lustre/utils/wirecheck.c | 25 -- lustre/utils/wiretest.c | 48 --- 65 files changed, 220 insertions(+), 5086 deletions(-) delete mode 100644 lustre/llite/llite_rmtacl.c delete mode 100644 lustre/llite/remote_perm.c delete mode 100644 lustre/mdt/mdt_idmap.c delete mode 100644 lustre/tests/rmtacl/README delete mode 100644 lustre/tests/rmtacl/cp.test delete mode 100644 lustre/tests/rmtacl/getfacl-noacl.test delete mode 100644 lustre/tests/rmtacl/inheritance.test delete mode 100755 lustre/tests/rmtacl/make-tree delete mode 100644 lustre/tests/rmtacl/misc.test delete mode 100644 lustre/tests/rmtacl/permissions.test delete mode 100755 lustre/tests/rmtacl/run delete mode 100644 lustre/tests/rmtacl/setfacl.test diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4 index f056134..b78e53c 100644 --- a/lustre/autoconf/lustre-core.m4 +++ b/lustre/autoconf/lustre-core.m4 @@ -215,20 +215,6 @@ LB_CHECK_EXPORT([delete_from_page_cache], [mm/filemap.c], ]) # LC_EXPORT_TRUNCATE_COMPLETE_PAGE # -# LC_CONFIG_RMTCLIENT -# -dnl FIXME -dnl the AES symbol usually tied with arch, e.g. CRYPTO_AES_586 -dnl FIXME -AC_DEFUN([LC_CONFIG_RMTCLIENT], [ -LB_CHECK_CONFIG_IM([CRYPTO_AES], [], - [AC_MSG_WARN([ - -Lustre remote client require that CONFIG_CRYPTO_AES is enabled in your kernel. -])]) -]) # LC_CONFIG_RMTCLIENT - -# # LC_CONFIG_GSS_KEYRING # # default 'auto', tests for dependencies, if found, enables; @@ -2120,7 +2106,6 @@ AC_DEFUN([LC_PROG_LINUX], [ LC_LLITE_LLOOP_MODULE LC_GLIBC_SUPPORT_FHANDLES - LC_CONFIG_RMTCLIENT LC_CONFIG_GSS LC_HAVE_VOID_OPENSSL_HMAC_FUNCS diff --git a/lustre/contrib/wireshark/packet-lustre.c b/lustre/contrib/wireshark/packet-lustre.c index f21c3fc..9a10809 100644 --- a/lustre/contrib/wireshark/packet-lustre.c +++ b/lustre/contrib/wireshark/packet-lustre.c @@ -8310,7 +8310,7 @@ static int reint_opcode_process(tvbuff_t *tvb _U_, int offset _U_, packet_info * offset=lustre_dissect_struct_mdt_rec_create(tvb, offset, pinfo, tree, hf_lustre_mdt_rec_create); offset=lustre_dissect_struct_capa(tvb, offset, pinfo, tree, hf_lustre_capa, LUSTRE_REQ_REC_OFF+1); offset=lustre_dissect_element_string(tvb, offset, pinfo, tree, hf_lustre_reint_name, LUSTRE_REQ_REC_OFF+2); - /* REINT_CREATE_SLAVE / SYM / RMT_ACL */ + /* REINT_CREATE_SLAVE / SYM */ if (LUSTRE_BUFCOUNT > 4) { /* for CREATE_SYM this is actually name of target - encoded in mdt_rec_create.cr_mode */ offset=lustre_dissect_element_data(tvb, offset, pinfo, tree, hf_lustre_reint_name, LUSTRE_REQ_REC_OFF+3); diff --git a/lustre/include/lu_target.h b/lustre/include/lu_target.h index dc5596b..a08bd45 100644 --- a/lustre/include/lu_target.h +++ b/lustre/include/lu_target.h @@ -513,18 +513,6 @@ static inline int is_serious(int rc) return (rc < 0 && -rc & ESERIOUS); } -/** - * Do not return server-side uid/gid to remote client - */ -static inline void tgt_drop_id(struct obd_export *exp, struct obdo *oa) -{ - if (unlikely(exp_connect_rmtclient(exp))) { - oa->o_uid = -1; - oa->o_gid = -1; - oa->o_valid &= ~(OBD_MD_FLUID | OBD_MD_FLGID); - } -} - /* * Unified target generic handers macros and generic functions. */ diff --git a/lustre/include/lustre/lustre_idl.h b/lustre/include/lustre/lustre_idl.h index ee739cc..23e0b1a 100644 --- a/lustre/include/lustre/lustre_idl.h +++ b/lustre/include/lustre/lustre_idl.h @@ -1196,8 +1196,16 @@ struct ptlrpc_body_v2 { *to be reused.*/ #define OBD_CONNECT_ATTRFID 0x4000ULL /*Server can GetAttr By Fid*/ #define OBD_CONNECT_NODEVOH 0x8000ULL /*No open hndl on specl nodes*/ -#define OBD_CONNECT_RMT_CLIENT 0x10000ULL /*Remote client */ -#define OBD_CONNECT_RMT_CLIENT_FORCE 0x20000ULL /*Remote client by force */ +#define OBD_CONNECT_RMT_CLIENT 0x10000ULL /* Remote client, never used + * in production. Removed in + * 2.9. Keep this flag to + * avoid reusing. + */ +#define OBD_CONNECT_RMT_CLIENT_FORCE 0x20000ULL /* Remote client by force, + * never used in production. + * Removed in 2.9. Keep this + * flag to avoid reusing. + */ #define OBD_CONNECT_BRW_SIZE 0x40000ULL /*Max bytes per rpc */ #define OBD_CONNECT_QUOTA64 0x80000ULL /*Not used since 2.4 */ #define OBD_CONNECT_MDS_CAPA 0x100000ULL /*MDS capability */ @@ -1279,16 +1287,13 @@ struct ptlrpc_body_v2 { #endif #define MDT_CONNECT_SUPPORTED (OBD_CONNECT_RDONLY | OBD_CONNECT_VERSION | \ - OBD_CONNECT_ACL | OBD_CONNECT_XATTR | \ - OBD_CONNECT_IBITS | \ - OBD_CONNECT_NODEVOH | OBD_CONNECT_ATTRFID | \ - OBD_CONNECT_CANCELSET | OBD_CONNECT_AT | \ - OBD_CONNECT_RMT_CLIENT | \ - OBD_CONNECT_RMT_CLIENT_FORCE | \ - OBD_CONNECT_BRW_SIZE | OBD_CONNECT_MDS_MDS | \ - OBD_CONNECT_FID | LRU_RESIZE_CONNECT_FLAG | \ - OBD_CONNECT_VBR | OBD_CONNECT_LOV_V3 | \ - OBD_CONNECT_FULL20 | \ + OBD_CONNECT_ACL | OBD_CONNECT_XATTR | \ + OBD_CONNECT_IBITS | OBD_CONNECT_NODEVOH | \ + OBD_CONNECT_ATTRFID | OBD_CONNECT_CANCELSET | \ + OBD_CONNECT_AT | OBD_CONNECT_BRW_SIZE | \ + OBD_CONNECT_MDS_MDS | OBD_CONNECT_FID | \ + LRU_RESIZE_CONNECT_FLAG | OBD_CONNECT_VBR | \ + OBD_CONNECT_LOV_V3 | OBD_CONNECT_FULL20 | \ OBD_CONNECT_64BITHASH | OBD_CONNECT_JOBSTATS | \ OBD_CONNECT_EINPROGRESS | \ OBD_CONNECT_LIGHTWEIGHT | OBD_CONNECT_UMASK | \ @@ -1306,17 +1311,15 @@ struct ptlrpc_body_v2 { #define MDT_CONNECT_SUPPORTED2 OBD_CONNECT2_FILE_SECCTX #define OST_CONNECT_SUPPORTED (OBD_CONNECT_SRVLOCK | OBD_CONNECT_GRANT | \ - OBD_CONNECT_REQPORTAL | OBD_CONNECT_VERSION | \ - OBD_CONNECT_TRUNCLOCK | OBD_CONNECT_INDEX | \ - OBD_CONNECT_BRW_SIZE | \ - OBD_CONNECT_CANCELSET | OBD_CONNECT_AT | \ - LRU_RESIZE_CONNECT_FLAG | OBD_CONNECT_CKSUM | \ - OBD_CONNECT_RMT_CLIENT | \ - OBD_CONNECT_RMT_CLIENT_FORCE | OBD_CONNECT_VBR | \ - OBD_CONNECT_MDS | OBD_CONNECT_SKIP_ORPHAN | \ - OBD_CONNECT_GRANT_SHRINK | OBD_CONNECT_FULL20 | \ - OBD_CONNECT_64BITHASH | OBD_CONNECT_MAXBYTES | \ - OBD_CONNECT_MAX_EASIZE | \ + OBD_CONNECT_REQPORTAL | OBD_CONNECT_VERSION | \ + OBD_CONNECT_TRUNCLOCK | OBD_CONNECT_INDEX | \ + OBD_CONNECT_BRW_SIZE | OBD_CONNECT_CANCELSET | \ + OBD_CONNECT_AT | LRU_RESIZE_CONNECT_FLAG | \ + OBD_CONNECT_CKSUM | OBD_CONNECT_VBR | \ + OBD_CONNECT_MDS | OBD_CONNECT_SKIP_ORPHAN | \ + OBD_CONNECT_GRANT_SHRINK | OBD_CONNECT_FULL20 |\ + OBD_CONNECT_64BITHASH | OBD_CONNECT_MAXBYTES | \ + OBD_CONNECT_MAX_EASIZE | \ OBD_CONNECT_EINPROGRESS | \ OBD_CONNECT_JOBSTATS | \ OBD_CONNECT_LIGHTWEIGHT | OBD_CONNECT_LVB_TYPE|\ @@ -1707,7 +1710,7 @@ lov_mds_md_max_stripe_count(size_t buf_size, __u32 lmm_magic) #define OBD_MD_FLXATTRLS (0x0000002000000000ULL) /* xattr list */ #define OBD_MD_FLXATTRRM (0x0000004000000000ULL) /* xattr remove */ #define OBD_MD_FLACL (0x0000008000000000ULL) /* ACL */ -#define OBD_MD_FLRMTPERM (0x0000010000000000ULL) /* remote permission */ +/* OBD_MD_FLRMTPERM (0x0000010000000000ULL) remote perm, obsolete */ #define OBD_MD_FLMDSCAPA (0x0000020000000000ULL) /* MDS capability */ #define OBD_MD_FLOSSCAPA (0x0000040000000000ULL) /* OSS capability */ #define OBD_MD_FLCKSPLIT (0x0000080000000000ULL) /* Check split on server */ @@ -1718,10 +1721,10 @@ lov_mds_md_max_stripe_count(size_t buf_size, __u32 lmm_magic) * client holds the lock */ #define OBD_MD_FLOBJCOUNT (0x0000400000000000ULL) /* for multiple destroy */ -#define OBD_MD_FLRMTLSETFACL (0x0001000000000000ULL) /* lfs lsetfacl case */ -#define OBD_MD_FLRMTLGETFACL (0x0002000000000000ULL) /* lfs lgetfacl case */ -#define OBD_MD_FLRMTRSETFACL (0x0004000000000000ULL) /* lfs rsetfacl case */ -#define OBD_MD_FLRMTRGETFACL (0x0008000000000000ULL) /* lfs rgetfacl case */ +/* OBD_MD_FLRMTLSETFACL (0x0001000000000000ULL) lfs lsetfacl, obsolete */ +/* OBD_MD_FLRMTLGETFACL (0x0002000000000000ULL) lfs lgetfacl, obsolete */ +/* OBD_MD_FLRMTRSETFACL (0x0004000000000000ULL) lfs rsetfacl, obsolete */ +/* OBD_MD_FLRMTRGETFACL (0x0008000000000000ULL) lfs rgetfacl, obsolete */ #define OBD_MD_FLDATAVERSION (0x0010000000000000ULL) /* iversion sum */ #define OBD_MD_CLOSE_INTENT_EXECED (0x0020000000000000ULL) /* close intent @@ -2248,21 +2251,6 @@ enum { CFS_SETUID_PERM = 0x01, CFS_SETGID_PERM = 0x02, CFS_SETGRP_PERM = 0x04, - CFS_RMTACL_PERM = 0x08, - CFS_RMTOWN_PERM = 0x10 -}; - -/* inode access permission for remote user, the inode info are omitted, - * for client knows them. */ -struct mdt_remote_perm { - __u32 rp_uid; - __u32 rp_gid; - __u32 rp_fsuid; - __u32 rp_fsuid_h; - __u32 rp_fsgid; - __u32 rp_fsgid_h; - __u32 rp_access_perm; /* MAY_READ/WRITE/EXEC */ - __u32 rp_padding; }; struct mdt_rec_setattr { diff --git a/lustre/include/lustre/lustre_user.h b/lustre/include/lustre/lustre_user.h index 78a4cba..80dbc0b 100644 --- a/lustre/include/lustre/lustre_user.h +++ b/lustre/include/lustre/lustre_user.h @@ -260,7 +260,7 @@ struct ll_futimes_3 { #define IOC_OBD_STATFS _IOWR('f', 164, struct obd_statfs *) /* IOC_LOV_GETINFO 165 obsolete */ #define LL_IOC_FLUSHCTX _IOW ('f', 166, long) -#define LL_IOC_RMTACL _IOW ('f', 167, long) +/* LL_IOC_RMTACL 167 obsolete */ #define LL_IOC_GETOBDCOUNT _IOR ('f', 168, long) #define LL_IOC_LLOOP_ATTACH _IOWR('f', 169, long) #define LL_IOC_LLOOP_DETACH _IOWR('f', 170, long) @@ -331,7 +331,6 @@ enum ll_lease_type { #define LL_FILE_READAHEA 0x00000004 #define LL_FILE_LOCKED_DIRECTIO 0x00000008 /* client-side locks with dio */ #define LL_FILE_LOCKLESS_IO 0x00000010 /* server-side locks with cio */ -#define LL_FILE_RMTACL 0x00000020 #define LOV_USER_MAGIC_V1 0x0BD10BD0 #define LOV_USER_MAGIC LOV_USER_MAGIC_V1 @@ -605,19 +604,6 @@ struct identity_downcall_data { __u32 idd_groups[0]; }; -/* for non-mapped uid/gid */ -#define NOBODY_UID 99 -#define NOBODY_GID 99 - -#define INVALID_ID (-1) - -enum { - RMT_LSETFACL = 1, - RMT_LGETFACL = 2, - RMT_RSETFACL = 3, - RMT_RGETFACL = 4 -}; - #ifdef NEED_QUOTA_DEFS #ifndef QIF_BLIMITS #define QIF_BLIMITS 1 diff --git a/lustre/include/lustre_eacl.h b/lustre/include/lustre_eacl.h index a8c1dfe..965fd6c 100644 --- a/lustre/include/lustre_eacl.h +++ b/lustre/include/lustre_eacl.h @@ -85,36 +85,7 @@ extern int lustre_posix_acl_create_masq(posix_acl_xattr_entry *entry, __u32 *pmode, int count); extern int lustre_posix_acl_equiv_mode(posix_acl_xattr_entry *entry, mode_t *mode_p, int count); - -extern int -lustre_posix_acl_xattr_id2client(struct lu_ucred *mu, - struct lustre_idmap_table *t, - posix_acl_xattr_header *header, - int size, int flags); - -extern int -lustre_ext_acl_xattr_id2server(struct lu_ucred *mu, - struct lustre_idmap_table *t, - ext_acl_xattr_header *header); #endif /* HAVE_SERVER_SUPPORT */ - -extern ext_acl_xattr_header * -lustre_posix_acl_xattr_2ext(posix_acl_xattr_header *header, int size); -extern int -lustre_posix_acl_xattr_filter(posix_acl_xattr_header *header, int size, - posix_acl_xattr_header **out); -extern void -lustre_posix_acl_xattr_free(posix_acl_xattr_header *header, int size); -extern void -lustre_ext_acl_xattr_free(ext_acl_xattr_header *header); -extern int -lustre_acl_xattr_merge2posix(posix_acl_xattr_header *posix_header, int size, - ext_acl_xattr_header *ext_header, - posix_acl_xattr_header **out); -extern ext_acl_xattr_header * -lustre_acl_xattr_merge2ext(posix_acl_xattr_header *posix_header, int size, - ext_acl_xattr_header *ext_header); - #endif /* CONFIG_FS_POSIX_ACL */ /** @} eacl */ diff --git a/lustre/include/lustre_export.h b/lustre/include/lustre_export.h index 8e94a66..4e7a296 100644 --- a/lustre/include/lustre_export.h +++ b/lustre/include/lustre_export.h @@ -108,8 +108,6 @@ struct mdt_export_data { /** List of all files opened by client on this MDT */ struct list_head med_open_head; spinlock_t med_open_lock; /* med_open_head, mfd_list */ - struct mutex med_idmap_mutex; - struct lustre_idmap_table *med_idmap; }; struct ec_export_data { /* echo client */ @@ -353,20 +351,6 @@ static inline int exp_connect_lru_resize(struct obd_export *exp) return !!(exp_connect_flags(exp) & OBD_CONNECT_LRU_RESIZE); } -static inline int exp_connect_rmtclient(struct obd_export *exp) -{ - LASSERT(exp != NULL); - return !!(exp_connect_flags(exp) & OBD_CONNECT_RMT_CLIENT); -} - -static inline int client_is_remote(struct obd_export *exp) -{ - struct obd_import *imp = class_exp2cliimp(exp); - - return !!(imp->imp_connect_data.ocd_connect_flags & - OBD_CONNECT_RMT_CLIENT); -} - static inline int exp_connect_vbr(struct obd_export *exp) { LASSERT(exp != NULL); diff --git a/lustre/include/lustre_idmap.h b/lustre/include/lustre_idmap.h index a7d3841..0d80f5c 100644 --- a/lustre/include/lustre_idmap.h +++ b/lustre/include/lustre_idmap.h @@ -54,29 +54,6 @@ #define CFS_GROUP_AT(gi, i) \ ((gi)->blocks[(i) / CFS_NGROUPS_PER_BLOCK][(i) % CFS_NGROUPS_PER_BLOCK]) -enum { - CFS_IC_NOTHING = 0, /* convert nothing */ - CFS_IC_ALL = 1, /* convert all items */ - CFS_IC_MAPPED = 2, /* convert mapped uid/gid */ - CFS_IC_UNMAPPED = 3 /* convert unmapped uid/gid */ -}; - -#define CFS_IDMAP_NOTFOUND (-1) - -#define CFS_IDMAP_HASHSIZE 32 - -enum lustre_idmap_idx { - RMT_UIDMAP_IDX, - LCL_UIDMAP_IDX, - RMT_GIDMAP_IDX, - LCL_GIDMAP_IDX, - CFS_IDMAP_N_HASHES -}; - -struct lustre_idmap_table { - spinlock_t lit_lock; - struct list_head lit_idmaps[CFS_IDMAP_N_HASHES][CFS_IDMAP_HASHSIZE]; -}; struct lu_ucred; @@ -84,21 +61,6 @@ extern void lustre_groups_from_list(struct group_info *ginfo, gid_t *glist); extern void lustre_groups_sort(struct group_info *group_info); extern int lustre_in_group_p(struct lu_ucred *mu, gid_t grp); -extern int lustre_idmap_add(struct lustre_idmap_table *t, - uid_t ruid, uid_t luid, - gid_t rgid, gid_t lgid); -extern int lustre_idmap_del(struct lustre_idmap_table *t, - uid_t ruid, uid_t luid, - gid_t rgid, gid_t lgid); -extern int lustre_idmap_lookup_uid(struct lu_ucred *mu, - struct lustre_idmap_table *t, - int reverse, uid_t uid); -extern int lustre_idmap_lookup_gid(struct lu_ucred *mu, - struct lustre_idmap_table *t, - int reverse, gid_t gid); -extern struct lustre_idmap_table *lustre_idmap_init(void); -extern void lustre_idmap_fini(struct lustre_idmap_table *t); - /** @} idmap */ #endif diff --git a/lustre/include/lustre_net.h b/lustre/include/lustre_net.h index 019aec0..a76c426 100644 --- a/lustre/include/lustre_net.h +++ b/lustre/include/lustre_net.h @@ -1066,7 +1066,6 @@ struct ptlrpc_request { rq_bulk_write:1, /* request bulk write */ /* server authentication flags */ rq_auth_gss:1, /* authenticated by gss */ - rq_auth_remote:1, /* authed as remote user */ rq_auth_usr_root:1, /* authed as root */ rq_auth_usr_mdt:1, /* authed as mdt */ rq_auth_usr_ost:1, /* authed as ost */ diff --git a/lustre/include/lustre_req_layout.h b/lustre/include/lustre_req_layout.h index 134edba..9fdc1e5 100644 --- a/lustre/include/lustre_req_layout.h +++ b/lustre/include/lustre_req_layout.h @@ -173,7 +173,7 @@ extern struct req_format RQF_MDS_GET_INFO; extern struct req_format RQF_MDS_READPAGE; extern struct req_format RQF_MDS_REINT; extern struct req_format RQF_MDS_REINT_CREATE; -extern struct req_format RQF_MDS_REINT_CREATE_RMT_ACL; +extern struct req_format RQF_MDS_REINT_CREATE_ACL; extern struct req_format RQF_MDS_REINT_CREATE_SLAVE; extern struct req_format RQF_MDS_REINT_CREATE_SYM; extern struct req_format RQF_MDS_REINT_OPEN; diff --git a/lustre/include/lustre_swab.h b/lustre/include/lustre_swab.h index c63d483..8fb884c 100644 --- a/lustre/include/lustre_swab.h +++ b/lustre/include/lustre_swab.h @@ -66,7 +66,6 @@ void lustre_swab_lquota_lvb(struct lquota_lvb *lvb); void lustre_swab_generic_32s(__u32 *val); void lustre_swab_mdt_body(struct mdt_body *b); void lustre_swab_mdt_ioepoch(struct mdt_ioepoch *b); -void lustre_swab_mdt_remote_perm(struct mdt_remote_perm *p); void lustre_swab_mdt_rec_setattr(struct mdt_rec_setattr *sa); void lustre_swab_mdt_rec_reint(struct mdt_rec_reint *rr); void lustre_swab_lmv_desc(struct lmv_desc *ld); diff --git a/lustre/include/obd.h b/lustre/include/obd.h index 4efe7f1..ab5265d 100644 --- a/lustre/include/obd.h +++ b/lustre/include/obd.h @@ -976,7 +976,6 @@ struct lustre_md { #ifdef CONFIG_FS_POSIX_ACL struct posix_acl *posix_acl; #endif - struct mdt_remote_perm *remote_perm; }; struct md_open_data { @@ -1106,9 +1105,6 @@ struct md_ops { union ldlm_policy_data *, enum ldlm_mode, enum ldlm_cancel_flags flags, void *opaque); - int (*m_get_remote_perm)(struct obd_export *, const struct lu_fid *, - u32, struct ptlrpc_request **); - int (*m_get_fid_from_lsm)(struct obd_export *, const struct lmv_stripe_md *, const char *name, int namelen, diff --git a/lustre/include/obd_class.h b/lustre/include/obd_class.h index 386b2e6..de5d32c 100644 --- a/lustre/include/obd_class.h +++ b/lustre/include/obd_class.h @@ -1577,17 +1577,6 @@ static inline int md_init_ea_size(struct obd_export *exp, __u32 ea_size, RETURN(MDP(exp->exp_obd, init_ea_size)(exp, ea_size, def_ea_size)); } -static inline int md_get_remote_perm(struct obd_export *exp, - const struct lu_fid *fid, u32 suppgid, - struct ptlrpc_request **request) -{ - ENTRY; - EXP_CHECK_MD_OP(exp, get_remote_perm); - EXP_MD_COUNTER_INCREMENT(exp, get_remote_perm); - - RETURN(MDP(exp->exp_obd, get_remote_perm)(exp, fid, suppgid, request)); -} - static inline int md_intent_getattr_async(struct obd_export *exp, struct md_enqueue_info *minfo) { diff --git a/lustre/llite/Makefile.in b/lustre/llite/Makefile.in index f5247a2..c34f918 100644 --- a/lustre/llite/Makefile.in +++ b/lustre/llite/Makefile.in @@ -2,7 +2,7 @@ MODULES := lustre @LLITE_LLOOP_TRUE@MODULES += llite_lloop lustre-objs := dcache.o dir.o file.o llite_lib.o llite_nfs.o lustre-objs += rw.o lproc_llite.o namei.o symlink.o llite_mmap.o -lustre-objs += xattr.o xattr_cache.o remote_perm.o llite_rmtacl.o +lustre-objs += xattr.o xattr_cache.o lustre-objs += rw26.o super25.o statahead.o xattr_security.o lustre-objs += glimpse.o lustre-objs += lcommon_cl.o diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c index ea21381..160e328 100644 --- a/lustre/llite/dir.c +++ b/lustre/llite/dir.c @@ -948,17 +948,15 @@ static int quotactl_ioctl(struct ll_sb_info *sbi, struct if_quotactl *qctl) switch (cmd) { case Q_SETQUOTA: case Q_SETINFO: - if (!cfs_capable(CFS_CAP_SYS_ADMIN) || - sbi->ll_flags & LL_SBI_RMT_CLIENT) - RETURN(-EPERM); - break; + if (!cfs_capable(CFS_CAP_SYS_ADMIN)) + RETURN(-EPERM); + break; case Q_GETQUOTA: if (((type == USRQUOTA && !uid_eq(current_euid(), make_kuid(&init_user_ns, id))) || (type == GRPQUOTA && !in_egroup_p(make_kgid(&init_user_ns, id)))) && - (!cfs_capable(CFS_CAP_SYS_ADMIN) || - sbi->ll_flags & LL_SBI_RMT_CLIENT)) + (!cfs_capable(CFS_CAP_SYS_ADMIN))) RETURN(-EPERM); break; case Q_GETINFO: @@ -969,9 +967,6 @@ static int quotactl_ioctl(struct ll_sb_info *sbi, struct if_quotactl *qctl) } if (valid != QC_GENERAL) { - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - RETURN(-EOPNOTSUPP); - if (cmd == Q_GETINFO) qctl->qc_cmd = Q_GETOINFO; else if (cmd == Q_GETQUOTA) @@ -1486,21 +1481,6 @@ out_rmdir: RETURN(ll_get_obd_name(inode, cmd, arg)); case LL_IOC_FLUSHCTX: RETURN(ll_flush_ctx(inode)); -#ifdef CONFIG_FS_POSIX_ACL - case LL_IOC_RMTACL: { - if (sbi->ll_flags & LL_SBI_RMT_CLIENT && - inode == inode->i_sb->s_root->d_inode) { - struct ll_file_data *fd = LUSTRE_FPRIVATE(file); - - LASSERT(fd != NULL); - rc = rct_add(&sbi->ll_rct, current_pid(), arg); - if (!rc) - fd->fd_flags |= LL_FILE_RMTACL; - RETURN(rc); - } else - RETURN(0); - } -#endif case LL_IOC_GETOBDCOUNT: { u32 count, vallen; struct obd_export *exp; diff --git a/lustre/llite/file.c b/lustre/llite/file.c index 328be3b..244fa88 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -322,20 +322,6 @@ int ll_file_release(struct inode *inode, struct file *file) CDEBUG(D_VFSTRACE, "VFS Op:inode="DFID"(%p)\n", PFID(ll_inode2fid(inode)), inode); -#ifdef CONFIG_FS_POSIX_ACL - if (sbi->ll_flags & LL_SBI_RMT_CLIENT && - inode == inode->i_sb->s_root->d_inode) { - struct ll_file_data *fd = LUSTRE_FPRIVATE(file); - - LASSERT(fd != NULL); - if (unlikely(fd->fd_flags & LL_FILE_RMTACL)) { - fd->fd_flags &= ~LL_FILE_RMTACL; - rct_del(&sbi->ll_rct, current_pid()); - et_search_free(&sbi->ll_et, current_pid()); - } - } -#endif - if (inode->i_sb->s_root != file->f_path.dentry) ll_stats_ops_tally(sbi, LPROC_LL_RELEASE, 1); fd = LUSTRE_FPRIVATE(file); @@ -3689,12 +3675,7 @@ int ll_inode_permission(struct inode *inode, int mask, struct nameidata *nd) } ll_stats_ops_tally(sbi, LPROC_LL_INODE_PERM, 1); - - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - rc = lustre_check_remote_perm(inode, mask); - else - rc = ll_generic_permission(inode, mask, flags, ll_check_acl); - + rc = ll_generic_permission(inode, mask, flags, ll_check_acl); /* restore current process's credentials and FS capability */ if (squash_id) { revert_creds(old_cred); diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h index afed256..da95fb6 100644 --- a/lustre/llite/llite_internal.h +++ b/lustre/llite/llite_internal.h @@ -90,9 +90,6 @@ struct ll_dentry_data { #define LLI_INODE_MAGIC 0x111d0de5 #define LLI_INODE_DEAD 0xdeadd00d -/* remote client permission cache */ -#define REMOTE_PERM_HASHSIZE 16 - struct ll_getname_data { #ifdef HAVE_DIR_CONTEXT struct dir_context ctx; @@ -102,18 +99,6 @@ struct ll_getname_data { int lgd_found; /* inode matched? */ }; -/* llite setxid/access permission for user on remote client */ -struct ll_remote_perm { - struct hlist_node lrp_list; - uid_t lrp_uid; - gid_t lrp_gid; - uid_t lrp_fsuid; - gid_t lrp_fsgid; - int lrp_access_perm; /* MAY_READ/WRITE/EXEC, this - is access permission with - lrp_fsuid/lrp_fsgid. */ -}; - struct ll_grouplock { struct lu_env *lg_env; struct cl_io *lg_io; @@ -128,9 +113,6 @@ struct ll_inode_info { volatile unsigned long lli_flags; struct posix_acl *lli_posix_acl; - struct hlist_head *lli_remote_perms; - struct mutex lli_rmtperm_mutex; - /* identifying fields for both metadata and data stacks. */ struct lu_fid lli_fid; /* master inode fid for stripe directory */ @@ -139,7 +121,6 @@ struct ll_inode_info { /* open count currently used by capability only, indicate whether * capability needs renewal */ atomic_t lli_open_count; - cfs_time_t lli_rmtperm_time; /* We need all three because every inode may be opened in different * modes */ @@ -429,7 +410,7 @@ enum stats_track_type { #define LL_SBI_FLOCK 0x04 #define LL_SBI_USER_XATTR 0x08 /* support user xattr */ #define LL_SBI_ACL 0x10 /* support ACL */ -#define LL_SBI_RMT_CLIENT 0x40 /* remote client */ +/* LL_SBI_RMT_CLIENT 0x40 remote client */ #define LL_SBI_MDS_CAPA 0x80 /* support mds capa, obsolete */ #define LL_SBI_OSS_CAPA 0x100 /* support oss capa, obsolete */ #define LL_SBI_LOCALFLOCK 0x200 /* Local flocks support by kernel */ @@ -455,7 +436,7 @@ enum stats_track_type { "user_xattr", \ "acl", \ "???", \ - "rmt_client", \ + "???", \ "mds_capa", \ "oss_capa", \ "flock", \ @@ -474,35 +455,6 @@ enum stats_track_type { "fast_read", \ } -#define RCE_HASHES 32 - -struct rmtacl_ctl_entry { - struct list_head rce_list; - pid_t rce_key; /* hash key */ - int rce_ops; /* acl operation type */ -}; - -struct rmtacl_ctl_table { - spinlock_t rct_lock; - struct list_head rct_entries[RCE_HASHES]; -}; - -#define EE_HASHES 32 - -struct eacl_entry { - struct list_head ee_list; - pid_t ee_key; /* hash key */ - struct lu_fid ee_fid; - int ee_type; /* ACL type for ACCESS or DEFAULT */ - ext_acl_xattr_header *ee_acl; -}; - -struct eacl_table { - spinlock_t et_lock; - struct list_head et_entries[EE_HASHES]; -}; - - /* This is embedded into llite super-blocks to keep track of connect * flags (capabilities) supported by all imports given mount is * connected to. */ @@ -576,9 +528,6 @@ struct ll_sb_info { dev_t ll_sdev_orig; /* save s_dev before assign for * clustred nfs */ - struct rmtacl_ctl_table ll_rct; - struct eacl_table ll_et; - /* root squash */ struct root_squash_info ll_squash; }; @@ -1144,14 +1093,6 @@ ssize_t ll_getxattr(struct dentry *dentry, const char *name, ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size); int ll_removexattr(struct dentry *dentry, const char *name); -/* llite/remote_perm.c */ -extern struct kmem_cache *ll_remote_perm_cachep; -extern struct kmem_cache *ll_rmtperm_hash_cachep; - -void free_rmtperm_hash(struct hlist_head *hash); -int ll_update_remote_perm(struct inode *inode, struct mdt_remote_perm *perm); -int lustre_check_remote_perm(struct inode *inode, int mask); - /** * Common IO arguments for various VFS I/O interfaces. */ @@ -1165,25 +1106,6 @@ enum ras_update_flags { void ll_ra_count_put(struct ll_sb_info *sbi, unsigned long len); void ll_ra_stats_inc(struct inode *inode, enum ra_stat which); -/* llite/llite_rmtacl.c */ -#ifdef CONFIG_FS_POSIX_ACL -u64 rce_ops2valid(int ops); -struct rmtacl_ctl_entry *rct_search(struct rmtacl_ctl_table *rct, pid_t key); -int rct_add(struct rmtacl_ctl_table *rct, pid_t key, int ops); -int rct_del(struct rmtacl_ctl_table *rct, pid_t key); -void rct_init(struct rmtacl_ctl_table *rct); -void rct_fini(struct rmtacl_ctl_table *rct); - -void ee_free(struct eacl_entry *ee); -int ee_add(struct eacl_table *et, pid_t key, struct lu_fid *fid, int type, - ext_acl_xattr_header *header); -struct eacl_entry *et_search_del(struct eacl_table *et, pid_t key, - struct lu_fid *fid, int type); -void et_search_free(struct eacl_table *et, pid_t key); -void et_init(struct eacl_table *et); -void et_fini(struct eacl_table *et); -#endif - /* statahead.c */ #define LL_SA_RPC_MIN 2 diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 710cbcb..62c348b 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -199,11 +199,11 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, OBD_CONNECT_MDS_CAPA | OBD_CONNECT_OSS_CAPA | OBD_CONNECT_CANCELSET | OBD_CONNECT_FID | OBD_CONNECT_AT | OBD_CONNECT_LOV_V3 | - OBD_CONNECT_RMT_CLIENT | OBD_CONNECT_VBR | - OBD_CONNECT_FULL20 | OBD_CONNECT_64BITHASH| + OBD_CONNECT_VBR | OBD_CONNECT_FULL20 | + OBD_CONNECT_64BITHASH | OBD_CONNECT_EINPROGRESS | OBD_CONNECT_JOBSTATS | OBD_CONNECT_LVB_TYPE | - OBD_CONNECT_LAYOUTLOCK | OBD_CONNECT_PINGLESS | + OBD_CONNECT_LAYOUTLOCK | OBD_CONNECT_PINGLESS| OBD_CONNECT_MAX_EASIZE | OBD_CONNECT_FLOCK_DEAD | OBD_CONNECT_DISP_STRIPE | OBD_CONNECT_LFSCK | @@ -245,8 +245,6 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, /* real client */ data->ocd_connect_flags |= OBD_CONNECT_REAL; - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - data->ocd_connect_flags |= OBD_CONNECT_RMT_CLIENT_FORCE; /* always ping even if server suppress_pings */ if (sbi->ll_flags & LL_SBI_ALWAYS_PING) @@ -345,19 +343,6 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, sbi->ll_flags &= ~LL_SBI_ACL; } - if (data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) { - if (!(sbi->ll_flags & LL_SBI_RMT_CLIENT)) { - sbi->ll_flags |= LL_SBI_RMT_CLIENT; - LCONSOLE_INFO("client is set as remote by default.\n"); - } - } else { - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { - sbi->ll_flags &= ~LL_SBI_RMT_CLIENT; - LCONSOLE_INFO("client claims to be remote, but server " - "rejected, forced to be local.\n"); - } - } - if (data->ocd_connect_flags & OBD_CONNECT_64BITHASH) sbi->ll_flags |= LL_SBI_64BIT_HASH; @@ -389,14 +374,13 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, * back its backend blocksize for grant calculation purpose */ data->ocd_grant_blkbits = PAGE_SHIFT; - data->ocd_connect_flags = OBD_CONNECT_GRANT | OBD_CONNECT_VERSION | + data->ocd_connect_flags = OBD_CONNECT_GRANT | OBD_CONNECT_VERSION | OBD_CONNECT_REQPORTAL | OBD_CONNECT_BRW_SIZE | - OBD_CONNECT_CANCELSET | OBD_CONNECT_FID | - OBD_CONNECT_SRVLOCK | OBD_CONNECT_TRUNCLOCK| - OBD_CONNECT_AT | OBD_CONNECT_RMT_CLIENT | - OBD_CONNECT_OSS_CAPA | OBD_CONNECT_VBR| - OBD_CONNECT_FULL20 | OBD_CONNECT_64BITHASH | - OBD_CONNECT_MAXBYTES | + OBD_CONNECT_CANCELSET | OBD_CONNECT_FID | + OBD_CONNECT_SRVLOCK | OBD_CONNECT_TRUNCLOCK| + OBD_CONNECT_AT | OBD_CONNECT_OSS_CAPA | + OBD_CONNECT_VBR | OBD_CONNECT_FULL20 | + OBD_CONNECT_64BITHASH | OBD_CONNECT_MAXBYTES | OBD_CONNECT_EINPROGRESS | OBD_CONNECT_JOBSTATS | OBD_CONNECT_LVB_TYPE | OBD_CONNECT_LAYOUTLOCK | @@ -424,9 +408,6 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, #ifdef HAVE_LRU_RESIZE_SUPPORT data->ocd_connect_flags |= OBD_CONNECT_LRU_RESIZE; #endif - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - data->ocd_connect_flags |= OBD_CONNECT_RMT_CLIENT_FORCE; - /* always ping even if server suppress_pings */ if (sbi->ll_flags & LL_SBI_ALWAYS_PING) data->ocd_connect_flags &= ~OBD_CONNECT_PINGLESS; @@ -493,9 +474,7 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, /* make root inode * XXX: move this to after cbd setup? */ valid = OBD_MD_FLGETATTR | OBD_MD_FLBLOCKS | OBD_MD_FLMODEASIZE; - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - valid |= OBD_MD_FLRMTPERM; - else if (sbi->ll_flags & LL_SBI_ACL) + if (sbi->ll_flags & LL_SBI_ACL) valid |= OBD_MD_FLACL; OBD_ALLOC_PTR(op_data); @@ -543,13 +522,6 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, GOTO(out_root, err); } -#ifdef CONFIG_FS_POSIX_ACL - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { - rct_init(&sbi->ll_rct); - et_init(&sbi->ll_et); - } -#endif - checksum = sbi->ll_flags & LL_SBI_CHECKSUM; err = obd_set_info_async(NULL, sbi->ll_dt_exp, sizeof(KEY_CHECKSUM), KEY_CHECKSUM, sizeof(checksum), &checksum, @@ -739,13 +711,6 @@ static void client_common_put_super(struct super_block *sb) struct ll_sb_info *sbi = ll_s2sbi(sb); ENTRY; -#ifdef CONFIG_FS_POSIX_ACL - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { - et_fini(&sbi->ll_et); - rct_fini(&sbi->ll_rct); - } -#endif - cl_sb_fini(sb); obd_fid_fini(sbi->ll_dt_exp->exp_obd); @@ -852,11 +817,6 @@ static int ll_options(char *options, int *flags) tmp = ll_set_opt("rootcontext", s1, 1); if (tmp) goto next; - tmp = ll_set_opt("remote_client", s1, LL_SBI_RMT_CLIENT); - if (tmp) { - *flags |= tmp; - goto next; - } tmp = ll_set_opt("user_fid2path", s1, LL_SBI_USER_FID2PATH); if (tmp) { *flags |= tmp; @@ -938,12 +898,9 @@ void ll_lli_init(struct ll_inode_info *lli) lli->lli_flags = 0; spin_lock_init(&lli->lli_lock); lli->lli_posix_acl = NULL; - lli->lli_remote_perms = NULL; - mutex_init(&lli->lli_rmtperm_mutex); /* Do not set lli_fid, it has been initialized already. */ fid_zero(&lli->lli_pfid); atomic_set(&lli->lli_open_count, 0); - lli->lli_rmtperm_time = 0; lli->lli_mds_read_och = NULL; lli->lli_mds_write_och = NULL; lli->lli_mds_exec_och = NULL; @@ -1469,17 +1426,9 @@ void ll_clear_inode(struct inode *inode) ll_xattr_cache_destroy(inode); - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { - LASSERT(lli->lli_posix_acl == NULL); - if (lli->lli_remote_perms) { - free_rmtperm_hash(lli->lli_remote_perms); - lli->lli_remote_perms = NULL; - } - } #ifdef CONFIG_FS_POSIX_ACL - else if (lli->lli_posix_acl) { + if (lli->lli_posix_acl) { LASSERT(atomic_read(&lli->lli_posix_acl->a_refcount) == 1); - LASSERT(lli->lli_remote_perms == NULL); posix_acl_release(lli->lli_posix_acl); lli->lli_posix_acl = NULL; } @@ -1881,12 +1830,8 @@ int ll_update_inode(struct inode *inode, struct lustre_md *md) return rc; } - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { - if (body->mbo_valid & OBD_MD_FLRMTPERM) - ll_update_remote_perm(inode, md->remote_perm); - } #ifdef CONFIG_FS_POSIX_ACL - else if (body->mbo_valid & OBD_MD_FLACL) { + if (body->mbo_valid & OBD_MD_FLACL) { spin_lock(&lli->lli_lock); if (lli->lli_posix_acl) posix_acl_release(lli->lli_posix_acl); diff --git a/lustre/llite/llite_rmtacl.c b/lustre/llite/llite_rmtacl.c deleted file mode 100644 index 7188a49..0000000 --- a/lustre/llite/llite_rmtacl.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * GPL HEADER START - * - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 only, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License version 2 for more details (a copy is included - * in the LICENSE file that accompanied this code). - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; If not, see - * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - * - * GPL HEADER END - */ -/* - * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * Use is subject to license terms. - * - * Copyright (c) 2012, 2014, Intel Corporation. - */ -/* - * This file is part of Lustre, http://www.lustre.org/ - * Lustre is a trademark of Sun Microsystems, Inc. - * - * lustre/llite/llite_rmtacl.c - * - * Lustre Remote User Access Control List. - * - * Author: Fan Yong - */ - -#define DEBUG_SUBSYSTEM S_LLITE - -#ifdef CONFIG_FS_POSIX_ACL - -#include -#include "llite_internal.h" - -static inline __u32 rce_hashfunc(uid_t id) -{ - return id & (RCE_HASHES - 1); -} - -static inline __u32 ee_hashfunc(uid_t id) -{ - return id & (EE_HASHES - 1); -} - -u64 rce_ops2valid(int ops) -{ - switch (ops) { - case RMT_LSETFACL: - return OBD_MD_FLRMTLSETFACL; - case RMT_LGETFACL: - return OBD_MD_FLRMTLGETFACL; - case RMT_RSETFACL: - return OBD_MD_FLRMTRSETFACL; - case RMT_RGETFACL: - return OBD_MD_FLRMTRGETFACL; - default: - return 0; - } -} - -static struct rmtacl_ctl_entry *rce_alloc(pid_t key, int ops) -{ - struct rmtacl_ctl_entry *rce; - - OBD_ALLOC_PTR(rce); - if (!rce) - return NULL; - - INIT_LIST_HEAD(&rce->rce_list); - rce->rce_key = key; - rce->rce_ops = ops; - - return rce; -} - -static void rce_free(struct rmtacl_ctl_entry *rce) -{ - if (!list_empty(&rce->rce_list)) - list_del(&rce->rce_list); - - OBD_FREE_PTR(rce); -} - -static struct rmtacl_ctl_entry *__rct_search(struct rmtacl_ctl_table *rct, - pid_t key) -{ - struct rmtacl_ctl_entry *rce; - struct list_head *head = &rct->rct_entries[rce_hashfunc(key)]; - - list_for_each_entry(rce, head, rce_list) - if (rce->rce_key == key) - return rce; - - return NULL; -} - -struct rmtacl_ctl_entry *rct_search(struct rmtacl_ctl_table *rct, pid_t key) -{ - struct rmtacl_ctl_entry *rce; - - spin_lock(&rct->rct_lock); - rce = __rct_search(rct, key); - spin_unlock(&rct->rct_lock); - return rce; -} - -int rct_add(struct rmtacl_ctl_table *rct, pid_t key, int ops) -{ - struct rmtacl_ctl_entry *rce, *e; - - rce = rce_alloc(key, ops); - if (rce == NULL) - return -ENOMEM; - - spin_lock(&rct->rct_lock); - e = __rct_search(rct, key); - if (unlikely(e != NULL)) { - CWARN("Unexpected stale rmtacl_entry found: " - "[key: %d] [ops: %d]\n", (int)key, ops); - rce_free(e); - } - list_add_tail(&rce->rce_list, &rct->rct_entries[rce_hashfunc(key)]); - spin_unlock(&rct->rct_lock); - - return 0; -} - -int rct_del(struct rmtacl_ctl_table *rct, pid_t key) -{ - struct rmtacl_ctl_entry *rce; - - spin_lock(&rct->rct_lock); - rce = __rct_search(rct, key); - if (rce) - rce_free(rce); - spin_unlock(&rct->rct_lock); - - return rce ? 0 : -ENOENT; -} - -void rct_init(struct rmtacl_ctl_table *rct) -{ - int i; - - spin_lock_init(&rct->rct_lock); - for (i = 0; i < RCE_HASHES; i++) - INIT_LIST_HEAD(&rct->rct_entries[i]); -} - -void rct_fini(struct rmtacl_ctl_table *rct) -{ - struct rmtacl_ctl_entry *rce; - int i; - - spin_lock(&rct->rct_lock); - for (i = 0; i < RCE_HASHES; i++) - while (!list_empty(&rct->rct_entries[i])) { - rce = list_entry(rct->rct_entries[i].next, - struct rmtacl_ctl_entry, rce_list); - rce_free(rce); - } - spin_unlock(&rct->rct_lock); -} - - -static struct eacl_entry *ee_alloc(pid_t key, struct lu_fid *fid, int type, - ext_acl_xattr_header *header) -{ - struct eacl_entry *ee; - - OBD_ALLOC_PTR(ee); - if (!ee) - return NULL; - - INIT_LIST_HEAD(&ee->ee_list); - ee->ee_key = key; - ee->ee_fid = *fid; - ee->ee_type = type; - ee->ee_acl = header; - - return ee; -} - -void ee_free(struct eacl_entry *ee) -{ - if (!list_empty(&ee->ee_list)) - list_del(&ee->ee_list); - - if (ee->ee_acl) - lustre_ext_acl_xattr_free(ee->ee_acl); - - OBD_FREE_PTR(ee); -} - -static struct eacl_entry *__et_search_del(struct eacl_table *et, pid_t key, - struct lu_fid *fid, int type) -{ - struct eacl_entry *ee; - struct list_head *head = &et->et_entries[ee_hashfunc(key)]; - - LASSERT(fid != NULL); - list_for_each_entry(ee, head, ee_list) - if (ee->ee_key == key) { - if (lu_fid_eq(&ee->ee_fid, fid) && - ee->ee_type == type) { - list_del_init(&ee->ee_list); - return ee; - } - } - - return NULL; -} - -struct eacl_entry *et_search_del(struct eacl_table *et, pid_t key, - struct lu_fid *fid, int type) -{ - struct eacl_entry *ee; - - spin_lock(&et->et_lock); - ee = __et_search_del(et, key, fid, type); - spin_unlock(&et->et_lock); - return ee; -} - -void et_search_free(struct eacl_table *et, pid_t key) -{ - struct eacl_entry *ee, *next; - struct list_head *head = &et->et_entries[ee_hashfunc(key)]; - - spin_lock(&et->et_lock); - list_for_each_entry_safe(ee, next, head, ee_list) - if (ee->ee_key == key) - ee_free(ee); - - spin_unlock(&et->et_lock); -} - -int ee_add(struct eacl_table *et, pid_t key, struct lu_fid *fid, int type, - ext_acl_xattr_header *header) -{ - struct eacl_entry *ee, *e; - - ee = ee_alloc(key, fid, type, header); - if (ee == NULL) - return -ENOMEM; - - spin_lock(&et->et_lock); - e = __et_search_del(et, key, fid, type); - if (unlikely(e != NULL)) { - CWARN("Unexpected stale eacl_entry found: " - "[key: %d] [fid: "DFID"] [type: %d]\n", - (int)key, PFID(fid), type); - ee_free(e); - } - list_add_tail(&ee->ee_list, &et->et_entries[ee_hashfunc(key)]); - spin_unlock(&et->et_lock); - - return 0; -} - -void et_init(struct eacl_table *et) -{ - int i; - - spin_lock_init(&et->et_lock); - for (i = 0; i < EE_HASHES; i++) - INIT_LIST_HEAD(&et->et_entries[i]); -} - -void et_fini(struct eacl_table *et) -{ - struct eacl_entry *ee; - int i; - - spin_lock(&et->et_lock); - for (i = 0; i < EE_HASHES; i++) - while (!list_empty(&et->et_entries[i])) { - ee = list_entry(et->et_entries[i].next, - struct eacl_entry, ee_list); - ee_free(ee); - } - spin_unlock(&et->et_lock); -} - -#endif diff --git a/lustre/llite/lproc_llite.c b/lustre/llite/lproc_llite.c index fdbe966..1738a68 100644 --- a/lustre/llite/lproc_llite.c +++ b/lustre/llite/lproc_llite.c @@ -178,10 +178,7 @@ static int ll_client_type_seq_show(struct seq_file *m, void *v) LASSERT(sbi != NULL); - if (sbi->ll_flags & LL_SBI_RMT_CLIENT) - seq_puts(m, "remote client\n"); - else - seq_puts(m, "local client\n"); + seq_puts(m, "local client\n"); return 0; } LPROC_SEQ_FOPS_RO(ll_client_type); diff --git a/lustre/llite/remote_perm.c b/lustre/llite/remote_perm.c deleted file mode 100644 index c708b00..0000000 --- a/lustre/llite/remote_perm.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * GPL HEADER START - * - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 only, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License version 2 for more details (a copy is included - * in the LICENSE file that accompanied this code). - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; If not, see - * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - * - * GPL HEADER END - */ -/* - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Use is subject to license terms. - * - * Copyright (c) 2012, 2014, Intel Corporation. - */ -/* - * This file is part of Lustre, http://www.lustre.org/ - * Lustre is a trademark of Sun Microsystems, Inc. - * - * lustre/llite/remote_perm.c - * - * Lustre Permission Cache for Remote Client - * - * Author: Lai Siyao - * Author: Fan Yong - */ - -#define DEBUG_SUBSYSTEM S_LLITE - -#include -#include -#include -#include -#ifdef HAVE_UIDGID_HEADER -# include -#endif - -#include -#include -#include -#include -#include -#include - -#include "llite_internal.h" - -struct kmem_cache *ll_remote_perm_cachep; -struct kmem_cache *ll_rmtperm_hash_cachep; - -static inline struct ll_remote_perm *alloc_ll_remote_perm(void) -{ - struct ll_remote_perm *lrp; - - OBD_SLAB_ALLOC_PTR_GFP(lrp, ll_remote_perm_cachep, GFP_KERNEL); - if (lrp) - INIT_HLIST_NODE(&lrp->lrp_list); - return lrp; -} - -static inline void free_ll_remote_perm(struct ll_remote_perm *lrp) -{ - if (!lrp) - return; - - if (!hlist_unhashed(&lrp->lrp_list)) - hlist_del(&lrp->lrp_list); - OBD_SLAB_FREE(lrp, ll_remote_perm_cachep, sizeof(*lrp)); -} - -static struct hlist_head *alloc_rmtperm_hash(void) -{ - struct hlist_head *hash; - int i; - - OBD_SLAB_ALLOC_GFP(hash, ll_rmtperm_hash_cachep, - REMOTE_PERM_HASHSIZE * sizeof(*hash), - GFP_NOFS); - if (!hash) - return NULL; - - for (i = 0; i < REMOTE_PERM_HASHSIZE; i++) - INIT_HLIST_HEAD(hash + i); - - return hash; -} - -void free_rmtperm_hash(struct hlist_head *hash) -{ - int i; - struct ll_remote_perm *lrp; - struct hlist_node __maybe_unused *node; - struct hlist_node *next; - - if(!hash) - return; - - for (i = 0; i < REMOTE_PERM_HASHSIZE; i++) - cfs_hlist_for_each_entry_safe(lrp, node, next, hash + i, - lrp_list) - free_ll_remote_perm(lrp); - OBD_SLAB_FREE(hash, ll_rmtperm_hash_cachep, - REMOTE_PERM_HASHSIZE * sizeof(*hash)); -} - -static inline int remote_perm_hashfunc(uid_t uid) -{ - return uid & (REMOTE_PERM_HASHSIZE - 1); -} - -/* NB: setxid permission is not checked here, instead it's done on - * MDT when client get remote permission. */ -static int do_check_remote_perm(struct ll_inode_info *lli, int mask) -{ - struct hlist_head *head; - struct ll_remote_perm *lrp; - struct hlist_node __maybe_unused *node; - int found = 0, rc; - ENTRY; - - if (!lli->lli_remote_perms) - RETURN(-ENOENT); - - head = lli->lli_remote_perms + - remote_perm_hashfunc(from_kuid(&init_user_ns, current_uid())); - - spin_lock(&lli->lli_lock); - cfs_hlist_for_each_entry(lrp, node, head, lrp_list) { - if (lrp->lrp_uid != from_kuid(&init_user_ns, current_uid())) - continue; - if (lrp->lrp_gid != from_kgid(&init_user_ns, current_gid())) - continue; - if (lrp->lrp_fsuid != from_kuid(&init_user_ns, current_fsuid())) - continue; - if (lrp->lrp_fsgid != from_kgid(&init_user_ns, current_fsgid())) - continue; - found = 1; - break; - } - - if (!found) - GOTO(out, rc = -ENOENT); - - CDEBUG(D_SEC, "found remote perm: %u/%u/%u/%u - %#x\n", - lrp->lrp_uid, lrp->lrp_gid, lrp->lrp_fsuid, lrp->lrp_fsgid, - lrp->lrp_access_perm); - rc = ((lrp->lrp_access_perm & mask) == mask) ? 0 : -EACCES; - -out: - spin_unlock(&lli->lli_lock); - return rc; -} - -int ll_update_remote_perm(struct inode *inode, struct mdt_remote_perm *perm) -{ - struct ll_inode_info *lli = ll_i2info(inode); - struct ll_remote_perm *lrp = NULL, *tmp = NULL; - struct hlist_head *head, *perm_hash = NULL; - struct hlist_node __maybe_unused *node; - ENTRY; - - LASSERT(ll_i2sbi(inode)->ll_flags & LL_SBI_RMT_CLIENT); - -#if 0 - if (perm->rp_uid != current->uid || - perm->rp_gid != current->gid || - perm->rp_fsuid != current->fsuid || - perm->rp_fsgid != current->fsgid) { - /* user might setxid in this small period */ - CDEBUG(D_SEC, - "remote perm user %u/%u/%u/%u != current %u/%u/%u/%u\n", - perm->rp_uid, perm->rp_gid, perm->rp_fsuid, - perm->rp_fsgid, current->uid, current->gid, - current->fsuid, current->fsgid); - RETURN(-EAGAIN); - } -#endif - - if (!lli->lli_remote_perms) { - perm_hash = alloc_rmtperm_hash(); - if (perm_hash == NULL) { - CERROR("alloc lli_remote_perms failed!\n"); - RETURN(-ENOMEM); - } - } - - spin_lock(&lli->lli_lock); - - if (!lli->lli_remote_perms) - lli->lli_remote_perms = perm_hash; - else if (perm_hash) - free_rmtperm_hash(perm_hash); - - head = lli->lli_remote_perms + remote_perm_hashfunc(perm->rp_uid); - -again: - cfs_hlist_for_each_entry(tmp, node, head, lrp_list) { - if (tmp->lrp_uid != perm->rp_uid) - continue; - if (tmp->lrp_gid != perm->rp_gid) - continue; - if (tmp->lrp_fsuid != perm->rp_fsuid) - continue; - if (tmp->lrp_fsgid != perm->rp_fsgid) - continue; - if (lrp) - free_ll_remote_perm(lrp); - lrp = tmp; - break; - } - - if (!lrp) { - spin_unlock(&lli->lli_lock); - lrp = alloc_ll_remote_perm(); - if (!lrp) { - CERROR("alloc memory for ll_remote_perm failed!\n"); - RETURN(-ENOMEM); - } - spin_lock(&lli->lli_lock); - goto again; - } - - lrp->lrp_access_perm = perm->rp_access_perm; - if (lrp != tmp) { - lrp->lrp_uid = perm->rp_uid; - lrp->lrp_gid = perm->rp_gid; - lrp->lrp_fsuid = perm->rp_fsuid; - lrp->lrp_fsgid = perm->rp_fsgid; - hlist_add_head(&lrp->lrp_list, head); - } - lli->lli_rmtperm_time = cfs_time_current(); - spin_unlock(&lli->lli_lock); - - CDEBUG(D_SEC, "new remote perm@%p: %u/%u/%u/%u - %#x\n", - lrp, lrp->lrp_uid, lrp->lrp_gid, lrp->lrp_fsuid, lrp->lrp_fsgid, - lrp->lrp_access_perm); - - RETURN(0); -} - -int lustre_check_remote_perm(struct inode *inode, int mask) -{ - struct ll_inode_info *lli = ll_i2info(inode); - struct ll_sb_info *sbi = ll_i2sbi(inode); - struct ptlrpc_request *req = NULL; - struct mdt_remote_perm *perm; - cfs_time_t save; - int i = 0, rc; - ENTRY; - - do { - save = lli->lli_rmtperm_time; - rc = do_check_remote_perm(lli, mask); - if (!rc || (rc != -ENOENT && i)) - break; - - might_sleep(); - - mutex_lock(&lli->lli_rmtperm_mutex); - /* check again */ - if (save != lli->lli_rmtperm_time) { - rc = do_check_remote_perm(lli, mask); - if (!rc || (rc != -ENOENT && i)) { - mutex_unlock(&lli->lli_rmtperm_mutex); - break; - } - } - - if (i++ > 5) { - CERROR("check remote perm falls in dead loop!\n"); - LBUG(); - } - - rc = md_get_remote_perm(sbi->ll_md_exp, ll_inode2fid(inode), - ll_i2suppgid(inode), &req); - if (rc) { - mutex_unlock(&lli->lli_rmtperm_mutex); - break; - } - - perm = req_capsule_server_swab_get(&req->rq_pill, &RMF_ACL, - lustre_swab_mdt_remote_perm); - if (unlikely(perm == NULL)) { - mutex_unlock(&lli->lli_rmtperm_mutex); - rc = -EPROTO; - break; - } - - rc = ll_update_remote_perm(inode, perm); - mutex_unlock(&lli->lli_rmtperm_mutex); - if (rc == -ENOMEM) - break; - - ptlrpc_req_finished(req); - req = NULL; - } while (1); - ptlrpc_req_finished(req); - RETURN(rc); -} diff --git a/lustre/llite/super25.c b/lustre/llite/super25.c index bfc42cc..db0646c 100644 --- a/lustre/llite/super25.c +++ b/lustre/llite/super25.c @@ -129,19 +129,6 @@ static int __init lustre_init(void) if (ll_file_data_slab == NULL) GOTO(out_cache, rc = -ENOMEM); - ll_remote_perm_cachep = kmem_cache_create("ll_remote_perm_cache", - sizeof(struct ll_remote_perm), - 0, 0, NULL); - if (ll_remote_perm_cachep == NULL) - GOTO(out_cache, rc = -ENOMEM); - - ll_rmtperm_hash_cachep = kmem_cache_create("ll_rmtperm_hash_cache", - REMOTE_PERM_HASHSIZE * - sizeof(struct hlist_head), - 0, 0, NULL); - if (ll_rmtperm_hash_cachep == NULL) - GOTO(out_cache, rc = -ENOMEM); - entry = lprocfs_register("llite", proc_lustre_root, NULL, NULL); if (IS_ERR(entry)) { rc = PTR_ERR(entry); @@ -201,12 +188,6 @@ out_cache: if (ll_file_data_slab != NULL) kmem_cache_destroy(ll_file_data_slab); - if (ll_remote_perm_cachep != NULL) - kmem_cache_destroy(ll_remote_perm_cachep); - - if (ll_rmtperm_hash_cachep != NULL) - kmem_cache_destroy(ll_rmtperm_hash_cachep); - return rc; } @@ -223,8 +204,6 @@ static void __exit lustre_exit(void) vvp_global_fini(); kmem_cache_destroy(ll_inode_cachep); - kmem_cache_destroy(ll_rmtperm_hash_cachep); - kmem_cache_destroy(ll_remote_perm_cachep); kmem_cache_destroy(ll_file_data_slab); } diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c index 6e282af..282fe80 100644 --- a/lustre/llite/xattr.c +++ b/lustre/llite/xattr.c @@ -119,9 +119,6 @@ int ll_setxattr_common(struct inode *inode, const char *name, struct ll_sb_info *sbi = ll_i2sbi(inode); struct ptlrpc_request *req = NULL; int xattr_type, rc; - posix_acl_xattr_header *new_value = NULL; - struct rmtacl_ctl_entry *rce = NULL; - ext_acl_xattr_header *acl = NULL; const char *pv = value; ENTRY; @@ -146,7 +143,7 @@ int ll_setxattr_common(struct inode *inode, const char *name, #endif return -EPERM; - /* b10667: ignore lustre special xattr for now */ + /* b10667: ignore lustre special xattr for now */ if (strcmp(name, XATTR_NAME_HSM) == 0 || (xattr_type == XATTR_TRUSTED_T && strcmp(name, XATTR_NAME_LOV) == 0) || @@ -164,60 +161,8 @@ int ll_setxattr_common(struct inode *inode, const char *name, strcmp(name, "security.selinux") == 0) RETURN(-EOPNOTSUPP); -#ifdef CONFIG_FS_POSIX_ACL - if (sbi->ll_flags & LL_SBI_RMT_CLIENT && - (xattr_type == XATTR_ACL_ACCESS_T || - xattr_type == XATTR_ACL_DEFAULT_T)) { - rce = rct_search(&sbi->ll_rct, current_pid()); - if (rce == NULL || - (rce->rce_ops != RMT_LSETFACL && - rce->rce_ops != RMT_RSETFACL)) - RETURN(-EOPNOTSUPP); - - if (rce->rce_ops == RMT_LSETFACL) { - struct eacl_entry *ee; - - ee = et_search_del(&sbi->ll_et, current_pid(), - ll_inode2fid(inode), xattr_type); - LASSERT(ee != NULL); - if (valid & OBD_MD_FLXATTR) { - acl = lustre_acl_xattr_merge2ext( - (posix_acl_xattr_header *)value, - size, ee->ee_acl); - if (IS_ERR(acl)) { - ee_free(ee); - RETURN(PTR_ERR(acl)); - } - size = CFS_ACL_XATTR_SIZE(\ - le32_to_cpu(acl->a_count), \ - ext_acl_xattr); - pv = (const char *)acl; - } - ee_free(ee); - } else if (rce->rce_ops == RMT_RSETFACL) { - int acl_size = lustre_posix_acl_xattr_filter( - (posix_acl_xattr_header *)value, - size, &new_value); - if (unlikely(acl_size < 0)) - RETURN(acl_size); - size = acl_size; - - pv = (const char *)new_value; - } else - RETURN(-EOPNOTSUPP); - - valid |= rce_ops2valid(rce->rce_ops); - } -#endif rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, name, pv, size, 0, flags, ll_i2suppgid(inode), &req); - -#ifdef CONFIG_FS_POSIX_ACL - if (new_value != NULL) - lustre_posix_acl_xattr_free(new_value, size); - if (acl != NULL) - lustre_ext_acl_xattr_free(acl); -#endif if (rc) { if (rc == -EOPNOTSUPP && xattr_type == XATTR_USER_T) { LCONSOLE_INFO("Disabling user_xattr feature because " @@ -362,7 +307,6 @@ int ll_getxattr_common(struct inode *inode, const char *name, struct mdt_body *body; int xattr_type, rc; void *xdata; - struct rmtacl_ctl_entry *rce = NULL; struct ll_inode_info *lli = ll_i2info(inode); ENTRY; @@ -394,26 +338,12 @@ int ll_getxattr_common(struct inode *inode, const char *name, RETURN(-EOPNOTSUPP); #ifdef CONFIG_FS_POSIX_ACL - if (sbi->ll_flags & LL_SBI_RMT_CLIENT && - (xattr_type == XATTR_ACL_ACCESS_T || - xattr_type == XATTR_ACL_DEFAULT_T)) { - rce = rct_search(&sbi->ll_rct, current_pid()); - if (rce == NULL || - (rce->rce_ops != RMT_LSETFACL && - rce->rce_ops != RMT_LGETFACL && - rce->rce_ops != RMT_RSETFACL && - rce->rce_ops != RMT_RGETFACL)) - RETURN(-EOPNOTSUPP); - } - /* posix acl is under protection of LOOKUP lock. when calling to this, * we just have path resolution to the target inode, so we have great * chance that cached ACL is uptodate. */ - if (xattr_type == XATTR_ACL_ACCESS_T && - !(sbi->ll_flags & LL_SBI_RMT_CLIENT)) { - - struct posix_acl *acl; + if (xattr_type == XATTR_ACL_ACCESS_T) { + struct posix_acl *acl; spin_lock(&lli->lli_lock); acl = posix_acl_dup(lli->lli_posix_acl); @@ -456,8 +386,7 @@ do_getxattr: } else { getxattr_nocache: rc = md_getxattr(sbi->ll_md_exp, ll_inode2fid(inode), - valid | (rce ? rce_ops2valid(rce->rce_ops) : 0), - name, NULL, 0, size, 0, &req); + valid, name, NULL, 0, size, 0, &req); if (rc < 0) GOTO(out_xattr, rc); @@ -488,22 +417,6 @@ getxattr_nocache: rc = body->mbo_eadatasize; } -#ifdef CONFIG_FS_POSIX_ACL - if (rce != NULL && rce->rce_ops == RMT_LSETFACL) { - ext_acl_xattr_header *acl; - - acl = lustre_posix_acl_xattr_2ext(buffer, rc); - if (IS_ERR(acl)) - GOTO(out, rc = PTR_ERR(acl)); - - rc = ee_add(&sbi->ll_et, current_pid(), ll_inode2fid(inode), - xattr_type, acl); - if (unlikely(rc < 0)) { - lustre_ext_acl_xattr_free(acl); - GOTO(out, rc); - } - } -#endif EXIT; out_xattr: diff --git a/lustre/lmv/lmv_obd.c b/lustre/lmv/lmv_obd.c index f91804e..d146c0b 100644 --- a/lustre/lmv/lmv_obd.c +++ b/lustre/lmv/lmv_obd.c @@ -3128,27 +3128,6 @@ int lmv_clear_open_replay_data(struct obd_export *exp, RETURN(md_clear_open_replay_data(tgt->ltd_exp, och)); } -static int lmv_get_remote_perm(struct obd_export *exp, const struct lu_fid *fid, - u32 suppgid, struct ptlrpc_request **request) -{ - struct obd_device *obd = exp->exp_obd; - struct lmv_obd *lmv = &obd->u.lmv; - struct lmv_tgt_desc *tgt; - int rc; - ENTRY; - - rc = lmv_check_connect(obd); - if (rc) - RETURN(rc); - - tgt = lmv_find_target(lmv, fid); - if (IS_ERR(tgt)) - RETURN(PTR_ERR(tgt)); - - rc = md_get_remote_perm(tgt->ltd_exp, fid, suppgid, request); - RETURN(rc); -} - int lmv_intent_getattr_async(struct obd_export *exp, struct md_enqueue_info *minfo) { @@ -3364,7 +3343,6 @@ struct md_ops lmv_md_ops = { .m_merge_attr = lmv_merge_attr, .m_set_open_replay_data = lmv_set_open_replay_data, .m_clear_open_replay_data = lmv_clear_open_replay_data, - .m_get_remote_perm = lmv_get_remote_perm, .m_intent_getattr_async = lmv_intent_getattr_async, .m_revalidate_lock = lmv_revalidate_lock, .m_get_fid_from_lsm = lmv_get_fid_from_lsm, diff --git a/lustre/mdc/mdc_locks.c b/lustre/mdc/mdc_locks.c index 8c3cacd..115a733 100644 --- a/lustre/mdc/mdc_locks.c +++ b/lustre/mdc/mdc_locks.c @@ -315,11 +315,6 @@ mdc_intent_open_pack(struct obd_export *exp, struct lookup_intent *it, req_capsule_set_size(&req->rq_pill, &RMF_MDT_MD, RCL_SERVER, obddev->u.cli.cl_max_mds_easize); - - /* for remote client, fetch remote perm for current user */ - if (client_is_remote(exp)) - req_capsule_set_size(&req->rq_pill, &RMF_ACL, RCL_SERVER, - sizeof(struct mdt_remote_perm)); ptlrpc_request_set_replen(req); return req; } @@ -417,9 +412,7 @@ static struct ptlrpc_request *mdc_intent_getattr_pack(struct obd_export *exp, struct obd_device *obddev = class_exp2obd(exp); u64 valid = OBD_MD_FLGETATTR | OBD_MD_FLEASIZE | OBD_MD_FLMODEASIZE | OBD_MD_FLDIREA | - OBD_MD_MEA | - (client_is_remote(exp) ? - OBD_MD_FLRMTPERM : OBD_MD_FLACL); + OBD_MD_MEA | OBD_MD_FLACL; struct ldlm_intent *lit; int rc; __u32 easize; @@ -452,9 +445,6 @@ static struct ptlrpc_request *mdc_intent_getattr_pack(struct obd_export *exp, mdc_getattr_pack(req, valid, it->it_flags, op_data, easize); req_capsule_set_size(&req->rq_pill, &RMF_MDT_MD, RCL_SERVER, easize); - if (client_is_remote(exp)) - req_capsule_set_size(&req->rq_pill, &RMF_ACL, RCL_SERVER, - sizeof(struct mdt_remote_perm)); ptlrpc_request_set_replen(req); RETURN(req); } @@ -659,16 +649,6 @@ static int mdc_finish_enqueue(struct obd_export *exp, body->mbo_eadatasize); } } - - if (body->mbo_valid & OBD_MD_FLRMTPERM) { - struct mdt_remote_perm *perm; - - LASSERT(client_is_remote(exp)); - perm = req_capsule_server_swab_get(pill, &RMF_ACL, - lustre_swab_mdt_remote_perm); - if (perm == NULL) - RETURN(-EPROTO); - } } else if (it->it_op & IT_LAYOUT) { /* maybe the lock was granted right away and layout * is packed into RMF_DLM_LVB of req */ diff --git a/lustre/mdc/mdc_reint.c b/lustre/mdc/mdc_reint.c index de52c9d..4abd2bc 100644 --- a/lustre/mdc/mdc_reint.c +++ b/lustre/mdc/mdc_reint.c @@ -186,7 +186,7 @@ rebuild: MDS_INODELOCK_UPDATE); req = ptlrpc_request_alloc(class_exp2cliimp(exp), - &RQF_MDS_REINT_CREATE_RMT_ACL); + &RQF_MDS_REINT_CREATE_ACL); if (req == NULL) { ldlm_lock_list_put(&cancels, l_bl_ast, count); RETURN(-ENOMEM); diff --git a/lustre/mdc/mdc_request.c b/lustre/mdc/mdc_request.c index e189c1f..de8aa42 100644 --- a/lustre/mdc/mdc_request.c +++ b/lustre/mdc/mdc_request.c @@ -191,16 +191,6 @@ static int mdc_getattr_common(struct obd_export *exp, RETURN(-EPROTO); } - if (body->mbo_valid & OBD_MD_FLRMTPERM) { - struct mdt_remote_perm *perm; - - LASSERT(client_is_remote(exp)); - perm = req_capsule_server_swab_get(pill, &RMF_ACL, - lustre_swab_mdt_remote_perm); - if (perm == NULL) - RETURN(-EPROTO); - } - RETURN(0); } @@ -232,11 +222,6 @@ static int mdc_getattr(struct obd_export *exp, struct md_op_data *op_data, req_capsule_set_size(&req->rq_pill, &RMF_MDT_MD, RCL_SERVER, op_data->op_mode); - if (op_data->op_valid & OBD_MD_FLRMTPERM) { - LASSERT(client_is_remote(exp)); - req_capsule_set_size(&req->rq_pill, &RMF_ACL, RCL_SERVER, - sizeof(struct mdt_remote_perm)); - } ptlrpc_request_set_replen(req); rc = mdc_getattr_common(exp, req); @@ -532,14 +517,7 @@ int mdc_get_lustre_md(struct obd_export *exp, struct ptlrpc_request *req, } rc = 0; - if (md->body->mbo_valid & OBD_MD_FLRMTPERM) { - /* remote permission */ - LASSERT(client_is_remote(exp)); - md->remote_perm = req_capsule_server_swab_get(pill, &RMF_ACL, - lustre_swab_mdt_remote_perm); - if (!md->remote_perm) - GOTO(out, rc = -EPROTO); - } else if (md->body->mbo_valid & OBD_MD_FLACL) { + if (md->body->mbo_valid & OBD_MD_FLACL) { /* for ACL, it's possible that FLACL is set but aclsize is zero. * only when aclsize != 0 there's an actual segment for ACL * in reply buffer. @@ -1538,7 +1516,7 @@ static int mdc_ioc_hsm_progress(struct obd_export *exp, if (req == NULL) GOTO(out, rc = -ENOMEM); - mdc_pack_body(req, NULL, OBD_MD_FLRMTPERM, 0, -1, 0); + mdc_pack_body(req, NULL, 0, 0, -1, 0); /* Copy hsm_progress struct */ req_hpk = req_capsule_client_get(&req->rq_pill, &RMF_MDS_HSM_PROGRESS); @@ -1573,7 +1551,7 @@ static int mdc_ioc_hsm_ct_register(struct obd_import *imp, __u32 archives) if (req == NULL) GOTO(out, rc = -ENOMEM); - mdc_pack_body(req, NULL, OBD_MD_FLRMTPERM, 0, -1, 0); + mdc_pack_body(req, NULL, 0, 0, -1, 0); /* Copy hsm_progress struct */ archive_mask = req_capsule_client_get(&req->rq_pill, @@ -1612,7 +1590,7 @@ static int mdc_ioc_hsm_current_action(struct obd_export *exp, RETURN(rc); } - mdc_pack_body(req, &op_data->op_fid1, OBD_MD_FLRMTPERM, 0, + mdc_pack_body(req, &op_data->op_fid1, 0, 0, op_data->op_suppgids[0], 0); ptlrpc_request_set_replen(req); @@ -1646,7 +1624,7 @@ static int mdc_ioc_hsm_ct_unregister(struct obd_import *imp) if (req == NULL) GOTO(out, rc = -ENOMEM); - mdc_pack_body(req, NULL, OBD_MD_FLRMTPERM, 0, -1, 0); + mdc_pack_body(req, NULL, 0, 0, -1, 0); ptlrpc_request_set_replen(req); @@ -1677,7 +1655,7 @@ static int mdc_ioc_hsm_state_get(struct obd_export *exp, RETURN(rc); } - mdc_pack_body(req, &op_data->op_fid1, OBD_MD_FLRMTPERM, 0, + mdc_pack_body(req, &op_data->op_fid1, 0, 0, op_data->op_suppgids[0], 0); ptlrpc_request_set_replen(req); @@ -1718,7 +1696,7 @@ static int mdc_ioc_hsm_state_set(struct obd_export *exp, RETURN(rc); } - mdc_pack_body(req, &op_data->op_fid1, OBD_MD_FLRMTPERM, 0, + mdc_pack_body(req, &op_data->op_fid1, 0, 0, op_data->op_suppgids[0], 0); /* Copy states */ @@ -1766,7 +1744,7 @@ static int mdc_ioc_hsm_request(struct obd_export *exp, RETURN(rc); } - mdc_pack_body(req, NULL, OBD_MD_FLRMTPERM, 0, -1, 0); + mdc_pack_body(req, NULL, 0, 0, -1, 0); /* Copy hsm_request struct */ req_hr = req_capsule_client_get(&req->rq_pill, &RMF_MDS_HSM_REQUEST); @@ -2731,43 +2709,6 @@ static int mdc_process_config(struct obd_device *obd, size_t len, void *buf) return (rc > 0 ? 0: rc); } - -/* get remote permission for current user on fid */ -static int mdc_get_remote_perm(struct obd_export *exp, const struct lu_fid *fid, - u32 suppgid, struct ptlrpc_request **request) -{ - struct ptlrpc_request *req; - int rc; - ENTRY; - - LASSERT(client_is_remote(exp)); - - *request = NULL; - req = ptlrpc_request_alloc(class_exp2cliimp(exp), &RQF_MDS_GETATTR); - if (req == NULL) - RETURN(-ENOMEM); - - rc = ptlrpc_request_pack(req, LUSTRE_MDS_VERSION, MDS_GETATTR); - if (rc) { - ptlrpc_request_free(req); - RETURN(rc); - } - - mdc_pack_body(req, fid, OBD_MD_FLRMTPERM, 0, suppgid, 0); - - req_capsule_set_size(&req->rq_pill, &RMF_ACL, RCL_SERVER, - sizeof(struct mdt_remote_perm)); - - ptlrpc_request_set_replen(req); - - rc = ptlrpc_queue_wait(req); - if (rc) - ptlrpc_req_finished(req); - else - *request = req; - RETURN(rc); -} - static struct obd_ops mdc_obd_ops = { .o_owner = THIS_MODULE, .o_setup = mdc_setup, @@ -2815,7 +2756,6 @@ static struct md_ops mdc_md_ops = { .m_free_lustre_md = mdc_free_lustre_md, .m_set_open_replay_data = mdc_set_open_replay_data, .m_clear_open_replay_data = mdc_clear_open_replay_data, - .m_get_remote_perm = mdc_get_remote_perm, .m_intent_getattr_async = mdc_intent_getattr_async, .m_revalidate_lock = mdc_revalidate_lock }; diff --git a/lustre/mdt/Makefile.in b/lustre/mdt/Makefile.in index 0b0e6a4..559b9f6 100644 --- a/lustre/mdt/Makefile.in +++ b/lustre/mdt/Makefile.in @@ -1,6 +1,6 @@ MODULES := mdt mdt-objs := mdt_handler.o mdt_lib.o mdt_reint.o mdt_xattr.o mdt_recovery.o -mdt-objs += mdt_open.o mdt_idmap.o mdt_identity.o mdt_lproc.o mdt_fs.o +mdt-objs += mdt_open.o mdt_identity.o mdt_lproc.o mdt_fs.o mdt-objs += mdt_lvb.o mdt_hsm.o mdt_mds.o mdt-objs += mdt_hsm_cdt_actions.o mdt-objs += mdt_hsm_cdt_requests.o diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index f786f00..3a9419b 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -582,9 +582,6 @@ void mdt_pack_attr2body(struct mdt_thread_info *info, struct mdt_body *b, PFID(fid), b->mbo_nlink, b->mbo_mode, b->mbo_valid); } - if (info != NULL) - mdt_body_reverse_idmap(info, b); - if (!(attr->la_valid & LA_TYPE)) return; @@ -1138,23 +1135,8 @@ static int mdt_getattr_internal(struct mdt_thread_info *info, repbody->mbo_max_mdsize); } - if (exp_connect_rmtclient(info->mti_exp) && - reqbody->mbo_valid & OBD_MD_FLRMTPERM) { - void *buf = req_capsule_server_get(pill, &RMF_ACL); - - /* mdt_getattr_lock only */ - rc = mdt_pack_remote_perm(info, o, buf); - if (rc) { - repbody->mbo_valid &= ~OBD_MD_FLRMTPERM; - repbody->mbo_aclsize = 0; - RETURN(rc); - } else { - repbody->mbo_valid |= OBD_MD_FLRMTPERM; - repbody->mbo_aclsize = sizeof(struct mdt_remote_perm); - } - } #ifdef CONFIG_FS_POSIX_ACL - else if ((exp_connect_flags(req->rq_export) & OBD_CONNECT_ACL) && + if ((exp_connect_flags(req->rq_export) & OBD_CONNECT_ACL) && (reqbody->mbo_valid & OBD_MD_FLACL)) { struct lu_nodemap *nodemap = nodemap_get_from_exp(exp); if (IS_ERR(nodemap)) @@ -1227,18 +1209,13 @@ static int mdt_getattr(struct tgt_session_info *tsi) repbody->mbo_eadatasize = 0; repbody->mbo_aclsize = 0; - if (reqbody->mbo_valid & OBD_MD_FLRMTPERM) - rc = mdt_init_ucred(info, reqbody); - else - rc = mdt_check_ucred(info); + rc = mdt_check_ucred(info); if (unlikely(rc)) GOTO(out_shrink, rc); info->mti_cross_ref = !!(reqbody->mbo_valid & OBD_MD_FLCROSSREF); rc = mdt_getattr_internal(info, obj, 0); - if (reqbody->mbo_valid & OBD_MD_FLRMTPERM) - mdt_exit_ucred(info); EXIT; out_shrink: mdt_client_compatibility(info); @@ -1842,6 +1819,26 @@ free_rdpg: return rc; } +static int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) +{ + struct lu_ucred *uc = mdt_ucred_check(info); + struct lu_attr *attr = &info->mti_attr.ma_attr; + + if (uc == NULL) + return -EINVAL; + + if (op != REINT_SETATTR) { + if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) + attr->la_uid = uc->uc_fsuid; + /* for S_ISGID, inherit gid from his parent, such work will be + * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */ + if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) + attr->la_gid = uc->uc_fsgid; + } + + return 0; +} + static int mdt_reint_internal(struct mdt_thread_info *info, struct mdt_lock_handle *lhc, __u32 op) @@ -2094,32 +2091,7 @@ static int mdt_quotactl(struct tgt_session_info *tsi) GOTO(out_nodemap, rc = -EFAULT); } - /* map uid/gid for remote client */ id = oqctl->qc_id; - if (exp_connect_rmtclient(exp)) { - struct lustre_idmap_table *idmap; - - idmap = exp->exp_mdt_data.med_idmap; - - if (unlikely(oqctl->qc_cmd != Q_GETQUOTA && - oqctl->qc_cmd != Q_GETINFO)) - GOTO(out_nodemap, rc = -EPERM); - - if (oqctl->qc_type == USRQUOTA) - id = lustre_idmap_lookup_uid(NULL, idmap, 0, - oqctl->qc_id); - else if (oqctl->qc_type == GRPQUOTA) - id = lustre_idmap_lookup_gid(NULL, idmap, 0, - oqctl->qc_id); - else - GOTO(out_nodemap, rc = -EINVAL); - - if (id == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_QUOTA, "no mapping for id %u\n", oqctl->qc_id); - GOTO(out_nodemap, rc = -EACCES); - } - } - if (oqctl->qc_type == USRQUOTA) id = nodemap_map_id(nodemap, NODEMAP_UID, NODEMAP_CLIENT_TO_FS, id); @@ -2218,21 +2190,9 @@ static int mdt_llog_ctxt_unclone(const struct lu_env *env, */ static int mdt_sec_ctx_handle(struct tgt_session_info *tsi) { - int rc; - - rc = mdt_handle_idmap(tsi); - if (unlikely(rc)) { - struct ptlrpc_request *req = tgt_ses_req(tsi); - __u32 opc; - - opc = lustre_msg_get_opc(req->rq_reqmsg); - if (opc == SEC_CTX_INIT || opc == SEC_CTX_INIT_CONT) - sptlrpc_svc_ctx_invalidate(req); - } - CFS_FAIL_TIMEOUT(OBD_FAIL_SEC_CTX_HDL_PAUSE, cfs_fail_val); - return rc; + return 0; } /* @@ -3034,11 +2994,6 @@ struct mdt_thread_info *tsi2mdt_info(struct tgt_session_info *tsi) static int mdt_tgt_connect(struct tgt_session_info *tsi) { - struct ptlrpc_request *req = tgt_ses_req(tsi); - int rc; - - ENTRY; - if (OBD_FAIL_CHECK(OBD_FAIL_TGT_DELAY_CONDITIONAL) && cfs_fail_val == tsi2mdt_info(tsi)->mti_mdt->mdt_seq_site.ss_node_id) { @@ -3046,17 +3001,7 @@ static int mdt_tgt_connect(struct tgt_session_info *tsi) schedule_timeout(msecs_to_jiffies(3 * MSEC_PER_SEC)); } - rc = tgt_connect(tsi); - if (rc != 0) - RETURN(rc); - - rc = mdt_init_idmap(tsi); - if (rc != 0) - GOTO(err, rc); - RETURN(0); -err: - obd_disconnect(class_export_get(req->rq_export)); - return rc; + return tgt_connect(tsi); } enum mdt_it_code { @@ -5417,8 +5362,6 @@ static int mdt_init_export(struct obd_export *exp) INIT_LIST_HEAD(&med->med_open_head); spin_lock_init(&med->med_open_lock); - mutex_init(&med->med_idmap_mutex); - med->med_idmap = NULL; spin_lock(&exp->exp_lock); exp->exp_connecting = 1; spin_unlock(&exp->exp_lock); @@ -5450,9 +5393,6 @@ static int mdt_destroy_export(struct obd_export *exp) { ENTRY; - if (exp_connect_rmtclient(exp)) - mdt_cleanup_idmap(&exp->exp_mdt_data); - target_destroy_export(exp); /* destroy can be called from failed obd_setup, so * checking uuid is safer than obd_self_export */ diff --git a/lustre/mdt/mdt_identity.c b/lustre/mdt/mdt_identity.c index 595a6d0..235444c 100644 --- a/lustre/mdt/mdt_identity.c +++ b/lustre/mdt/mdt_identity.c @@ -245,16 +245,14 @@ void mdt_flush_identity(struct upcall_cache *cache, int uid) * If there is LNET_NID_ANY in perm[i].mp_nid, * it must be perm[0].mp_nid, and act as default perm. */ -__u32 mdt_identity_get_perm(struct md_identity *identity, - __u32 is_rmtclient, lnet_nid_t nid) +__u32 mdt_identity_get_perm(struct md_identity *identity, lnet_nid_t nid) { - struct md_perm *perm; - int i; - if (!identity) { - LASSERT(is_rmtclient == 0); - return CFS_SETGRP_PERM; - } + struct md_perm *perm; + int i; + + if (!identity) + return CFS_SETGRP_PERM; perm = identity->mi_perms; /* check exactly matched nid first */ @@ -270,39 +268,5 @@ __u32 mdt_identity_get_perm(struct md_identity *identity, return perm[0].mp_perm; /* return default last */ - return is_rmtclient ? 0 : CFS_SETGRP_PERM; -} - -int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o, - void *buf) -{ - struct lu_ucred *uc = mdt_ucred_check(info); - struct md_object *next = mdt_object_child(o); - struct mdt_remote_perm *perm = buf; - - ENTRY; - - /* remote client request always pack ptlrpc_user_desc! */ - LASSERT(perm); - - if (!exp_connect_rmtclient(info->mti_exp)) - RETURN(-EBADE); - - if (uc == NULL) - RETURN(-EINVAL); - - perm->rp_uid = uc->uc_o_uid; - perm->rp_gid = uc->uc_o_gid; - perm->rp_fsuid = uc->uc_o_fsuid; - perm->rp_fsgid = uc->uc_o_fsgid; - - perm->rp_access_perm = 0; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_READ) == 0) - perm->rp_access_perm |= MAY_READ; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_WRITE) == 0) - perm->rp_access_perm |= MAY_WRITE; - if (mo_permission(info->mti_env, NULL, next, NULL, MAY_EXEC) == 0) - perm->rp_access_perm |= MAY_EXEC; - - RETURN(0); + return CFS_SETGRP_PERM; } diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c deleted file mode 100644 index 389c279..0000000 --- a/lustre/mdt/mdt_idmap.c +++ /dev/null @@ -1,364 +0,0 @@ -/* - * GPL HEADER START - * - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 only, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License version 2 for more details (a copy is included - * in the LICENSE file that accompanied this code). - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; If not, see - * http://www.sun.com/software/products/lustre/docs/GPLv2.pdf - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - * - * GPL HEADER END - */ -/* - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Use is subject to license terms. - * - * Copyright (c) 2012, 2013, Intel Corporation. - */ -/* - * This file is part of Lustre, http://www.lustre.org/ - * Lustre is a trademark of Sun Microsystems, Inc. - * - * lustre/mdt/mdt_idmap.c - * - * Author: Lai Siyao - * Author: Fan Yong - */ - -#define DEBUG_SUBSYSTEM S_MDS - -#include -#include -#include -#include -#include -#ifdef HAVE_UIDGID_HEADER -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mdt_internal.h" - -int mdt_init_idmap(struct tgt_session_info *tsi) -{ - struct ptlrpc_request *req = tgt_ses_req(tsi); - struct mdt_export_data *med = mdt_req2med(req); - struct obd_export *exp = req->rq_export; - char *client = libcfs_nid2str(req->rq_peer.nid); - int rc = 0; - ENTRY; - - if (exp_connect_rmtclient(exp)) { - mutex_lock(&med->med_idmap_mutex); - if (!med->med_idmap) - med->med_idmap = lustre_idmap_init(); - mutex_unlock(&med->med_idmap_mutex); - - if (IS_ERR(med->med_idmap)) { - long err = PTR_ERR(med->med_idmap); - - med->med_idmap = NULL; - CERROR("%s: client %s -> target %s " - "failed to init idmap [%ld]!\n", - tgt_name(tsi->tsi_tgt), client, - tgt_name(tsi->tsi_tgt), err); - RETURN(err); - } else if (!med->med_idmap) { - CERROR("%s: client %s -> target %s " - "failed to init(2) idmap!\n", - tgt_name(tsi->tsi_tgt), client, - tgt_name(tsi->tsi_tgt)); - RETURN(-ENOMEM); - } - - CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n", - tgt_name(tsi->tsi_tgt), client, - tgt_name(tsi->tsi_tgt)); - /* NB, MDS_CONNECT establish root idmap too! */ - rc = mdt_handle_idmap(tsi); - } - RETURN(rc); -} - -void mdt_cleanup_idmap(struct mdt_export_data *med) -{ - mutex_lock(&med->med_idmap_mutex); - if (med->med_idmap != NULL) { - lustre_idmap_fini(med->med_idmap); - med->med_idmap = NULL; - } - mutex_unlock(&med->med_idmap_mutex); -} - -static inline void mdt_revoke_export_locks(struct obd_export *exp) -{ - /* don't revoke locks during recovery */ - if (exp->exp_obd->obd_recovering) - return; - - ldlm_revoke_export_locks(exp); -} - -int mdt_handle_idmap(struct tgt_session_info *tsi) -{ - struct ptlrpc_request *req = tgt_ses_req(tsi); - struct mdt_device *mdt = mdt_exp2dev(req->rq_export); - struct mdt_export_data *med; - struct ptlrpc_user_desc *pud = req->rq_user_desc; - struct md_identity *identity; - __u32 opc; - int rc = 0; - ENTRY; - - if (!req->rq_export) - RETURN(0); - - med = mdt_req2med(req); - if (!exp_connect_rmtclient(req->rq_export)) - RETURN(0); - - opc = lustre_msg_get_opc(req->rq_reqmsg); - /* Bypass other opc */ - if ((opc != SEC_CTX_INIT) && (opc != SEC_CTX_INIT_CONT) && - (opc != SEC_CTX_FINI) && (opc != MDS_CONNECT)) - RETURN(0); - - LASSERT(med->med_idmap); - - if (unlikely(!pud)) { - CDEBUG(D_SEC, "remote client must run with rq_user_desc " - "present\n"); - RETURN(-EACCES); - } - - if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) { - CDEBUG(D_SEC, "invalid authorized mapped uid, please check " - "/etc/lustre/idmap.conf!\n"); - RETURN(-EACCES); - } - - if (is_identity_get_disabled(mdt->mdt_identity_cache)) { - CDEBUG(D_SEC, "remote client must run with identity_get " - "enabled!\n"); - RETURN(-EACCES); - } - - identity = mdt_identity_get(mdt->mdt_identity_cache, - req->rq_auth_mapped_uid); - if (IS_ERR(identity)) { - CDEBUG(D_SEC, "can't get mdt identity(%u), no mapping added\n", - req->rq_auth_mapped_uid); - RETURN(-EACCES); - } - - switch (opc) { - case SEC_CTX_INIT: - case SEC_CTX_INIT_CONT: - case MDS_CONNECT: - rc = lustre_idmap_add(med->med_idmap, - pud->pud_uid, identity->mi_uid, - pud->pud_gid, identity->mi_gid); - break; - case SEC_CTX_FINI: - rc = lustre_idmap_del(med->med_idmap, - pud->pud_uid, identity->mi_uid, - pud->pud_gid, identity->mi_gid); - break; - } - - mdt_identity_put(mdt->mdt_identity_cache, identity); - - if (rc) - RETURN(rc); - - switch (opc) { - case SEC_CTX_INIT: - case SEC_CTX_INIT_CONT: - case SEC_CTX_FINI: - mdt_revoke_export_locks(req->rq_export); - break; - } - - RETURN(0); -} - -int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, - struct ptlrpc_user_desc *pud) -{ - struct mdt_export_data *med = mdt_req2med(req); - struct lustre_idmap_table *idmap = med->med_idmap; - uid_t uid, fsuid; - gid_t gid, fsgid; - - /* Only remote client need desc_to_idmap. */ - if (!exp_connect_rmtclient(req->rq_export)) - return 0; - - uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid); - if (uid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid); - return -EACCES; - } - - if (pud->pud_uid == pud->pud_fsuid) { - fsuid = uid; - } else { - fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid); - if (fsuid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "no mapping for fsuid %u\n", - pud->pud_fsuid); - return -EACCES; - } - } - - gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid); - if (gid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid); - return -EACCES; - } - - if (pud->pud_gid == pud->pud_fsgid) { - fsgid = gid; - } else { - fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid); - if (fsgid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "no mapping for fsgid %u\n", - pud->pud_fsgid); - return -EACCES; - } - } - - pud->pud_uid = uid; - pud->pud_gid = gid; - pud->pud_fsuid = fsuid; - pud->pud_fsgid = fsgid; - - return 0; -} - -/* - * Reverse mapping - */ -void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) -{ - struct ptlrpc_request *req = mdt_info_req(info); - struct lu_ucred *uc = mdt_ucred(info); - struct mdt_export_data *med = mdt_req2med(req); - struct lustre_idmap_table *idmap = med->med_idmap; - - if (!exp_connect_rmtclient(info->mti_exp)) - return; - - if (body->mbo_valid & OBD_MD_FLUID) { - uid_t uid; - - uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid); - - if (uid == CFS_IDMAP_NOTFOUND) { - uid = NOBODY_UID; - if (body->mbo_valid & OBD_MD_FLMODE) - body->mbo_mode = (body->mbo_mode & ~S_IRWXU) | - ((body->mbo_mode & S_IRWXO) << 6); - } - - body->mbo_uid = uid; - } - - if (body->mbo_valid & OBD_MD_FLGID) { - gid_t gid; - - gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid); - - if (gid == CFS_IDMAP_NOTFOUND) { - gid = NOBODY_GID; - if (body->mbo_valid & OBD_MD_FLMODE) - body->mbo_mode = (body->mbo_mode & ~S_IRWXG) | - ((body->mbo_mode & S_IRWXO) << 3); - } - - body->mbo_gid = gid; - } -} - -/* Do not ignore root_squash for non-setattr case. */ -int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) -{ - struct ptlrpc_request *req = mdt_info_req(info); - struct lu_ucred *uc = mdt_ucred_check(info); - struct lu_attr *attr = &info->mti_attr.ma_attr; - struct mdt_export_data *med = mdt_req2med(req); - struct lustre_idmap_table *idmap = med->med_idmap; - - if (uc == NULL) - return -EINVAL; - - if (op != REINT_SETATTR) { - if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) - attr->la_uid = uc->uc_fsuid; - /* for S_ISGID, inherit gid from his parent, such work will be - * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */ - if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) - attr->la_gid = uc->uc_fsgid; - } else if (exp_connect_rmtclient(info->mti_exp)) { - /* NB: -1 case will be handled by mdt_fix_attr() later. */ - if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) { - uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0, - attr->la_uid); - - if (uid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "Deny chown to uid %u\n", - attr->la_uid); - return -EPERM; - } - - attr->la_uid = uid; - } - if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) { - gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0, - attr->la_gid); - - if (gid == CFS_IDMAP_NOTFOUND) { - CDEBUG(D_SEC, "Deny chown to gid %u\n", - attr->la_gid); - return -EPERM; - } - - attr->la_gid = gid; - } - } - - return 0; -} diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 9ec2f34..9015cc6 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -735,17 +735,6 @@ int mdt_links_read(struct mdt_thread_info *info, struct linkea_data *ldata); int mdt_close_internal(struct mdt_thread_info *info, struct ptlrpc_request *req, struct mdt_body *repbody); -/* mdt_idmap.c */ -int mdt_init_idmap(struct tgt_session_info *tsi); -void mdt_cleanup_idmap(struct mdt_export_data *); -int mdt_handle_idmap(struct tgt_session_info *tsi); -int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *, - struct ptlrpc_user_desc *); -void mdt_body_reverse_idmap(struct mdt_thread_info *, - struct mdt_body *); -int mdt_remote_perm_reverse_idmap(struct ptlrpc_request *, - struct mdt_remote_perm *); -int mdt_fix_attr_ucred(struct mdt_thread_info *, __u32); static inline struct mdt_device *mdt_dev(struct lu_device *d) { @@ -779,9 +768,7 @@ void mdt_identity_put(struct upcall_cache *, struct md_identity *); void mdt_flush_identity(struct upcall_cache *, int); -__u32 mdt_identity_get_perm(struct md_identity *, __u32, lnet_nid_t); - -int mdt_pack_remote_perm(struct mdt_thread_info *, struct mdt_object *, void *); +__u32 mdt_identity_get_perm(struct md_identity *, lnet_nid_t); /* mdt/mdt_recovery.c */ __u64 mdt_req_from_lrd(struct ptlrpc_request *req, struct tg_reply_data *trd); diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index d6dacde..a3b5693 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -149,7 +149,6 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, struct lu_ucred *ucred = mdt_ucred(info); lnet_nid_t peernid = req->rq_peer.nid; __u32 perm = 0; - __u32 remote = exp_connect_rmtclient(info->mti_exp); int setuid; int setgid; int rc = 0; @@ -175,72 +174,44 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_suppgids[1] = -1; } - /* sanity check: we expect the uid which client claimed is true */ - if (remote) { - if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) { - CDEBUG(D_SEC, "remote user not mapped, deny access!\n"); - RETURN(-EACCES); - } - - if (ptlrpc_user_desc_do_idmap(req, pud)) - RETURN(-EACCES); - - if (req->rq_auth_mapped_uid != pud->pud_uid) { - CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u " - "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, - req->rq_auth_mapped_uid, - pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid); - RETURN(-EACCES); - } - } else { - if (!flvr_is_rootonly(req->rq_flvr.sf_rpc) && - req->rq_auth_uid != pud->pud_uid) { - CDEBUG(D_SEC, "local client %s: auth uid %u " - "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, - pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid); - RETURN(-EACCES); - } - } + if (!flvr_is_rootonly(req->rq_flvr.sf_rpc) && + req->rq_auth_uid != pud->pud_uid) { + CDEBUG(D_SEC, "local client %s: auth uid %u " + "while client claims %u:%u/%u:%u\n", + libcfs_nid2str(peernid), req->rq_auth_uid, + pud->pud_uid, pud->pud_gid, + pud->pud_fsuid, pud->pud_fsgid); + RETURN(-EACCES); + } - if (is_identity_get_disabled(mdt->mdt_identity_cache)) { - if (remote) { - CDEBUG(D_SEC, "remote client must run with identity_get " - "enabled!\n"); - RETURN(-EACCES); - } else { - ucred->uc_identity = NULL; - perm = CFS_SETUID_PERM | CFS_SETGID_PERM | - CFS_SETGRP_PERM; - } - } else { - struct md_identity *identity; + if (is_identity_get_disabled(mdt->mdt_identity_cache)) { + ucred->uc_identity = NULL; + perm = CFS_SETUID_PERM | CFS_SETGID_PERM | CFS_SETGRP_PERM; + } else { + struct md_identity *identity; - identity = mdt_identity_get(mdt->mdt_identity_cache, - pud->pud_uid); - if (IS_ERR(identity)) { - if (unlikely(PTR_ERR(identity) == -EREMCHG && - !remote)) { + identity = mdt_identity_get(mdt->mdt_identity_cache, + pud->pud_uid); + if (IS_ERR(identity)) { + if (unlikely(PTR_ERR(identity) == -EREMCHG)) { ucred->uc_identity = NULL; - perm = CFS_SETUID_PERM | CFS_SETGID_PERM | - CFS_SETGRP_PERM; - } else { - CDEBUG(D_SEC, "Deny access without identity: uid %u\n", - pud->pud_uid); - RETURN(-EACCES); - } - } else { + perm = CFS_SETUID_PERM | CFS_SETGID_PERM | + CFS_SETGRP_PERM; + } else { + CDEBUG(D_SEC, + "Deny access without identity: uid %u\n", + pud->pud_uid); + RETURN(-EACCES); + } + } else { ucred->uc_identity = identity; perm = mdt_identity_get_perm(ucred->uc_identity, - remote, peernid); - } - } + peernid); + } + } - /* find out the setuid/setgid attempt */ - setuid = (pud->pud_uid != pud->pud_fsuid); + /* find out the setuid/setgid attempt */ + setuid = (pud->pud_uid != pud->pud_fsuid); setgid = ((pud->pud_gid != pud->pud_fsgid) || (ucred->uc_identity && (pud->pud_gid != ucred->uc_identity->mi_gid))); @@ -261,10 +232,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, GOTO(out, rc = -EACCES); } - /* - * NB: remote client not allowed to setgroups anyway. - */ - if (!remote && perm & CFS_SETGRP_PERM) { + if (perm & CFS_SETGRP_PERM) { if (pud->pud_ngroups) { /* setgroups for local client */ ucred->uc_ginfo = groups_alloc(pud->pud_ngroups); @@ -299,9 +267,6 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->uc_cap = pud->pud_cap & ~CFS_CAP_FS_MASK; else ucred->uc_cap = pud->pud_cap; - if (remote && !(perm & CFS_RMTOWN_PERM)) - ucred->uc_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK | - CFS_CAP_CHOWN_MASK); ucred->uc_valid = UCRED_NEW; ucred_set_jobid(info, ucred); @@ -334,17 +299,12 @@ out: */ bool allow_client_chgrp(struct mdt_thread_info *info, struct lu_ucred *uc) { - __u32 remote = exp_connect_rmtclient(info->mti_exp); __u32 perm; - /* 1. If identity_upcall is disabled, then forbid remote client to set - * supplementary group IDs, but permit local client to do that. */ - if (is_identity_get_disabled(info->mti_mdt->mdt_identity_cache)) { - if (remote) - return false; - + /* 1. If identity_upcall is disabled, + * permit local client to do anything. */ + if (is_identity_get_disabled(info->mti_mdt->mdt_identity_cache)) return true; - } /* 2. If fail to get related identities, then forbid any client to * set supplementary group IDs. */ @@ -352,7 +312,7 @@ bool allow_client_chgrp(struct mdt_thread_info *info, struct lu_ucred *uc) return false; /* 3. Check the permission in the identities. */ - perm = mdt_identity_get_perm(uc->uc_identity, remote, + perm = mdt_identity_get_perm(uc->uc_identity, mdt_info_req(info)->rq_peer.nid); if (perm & CFS_SETGRP_PERM) return true; @@ -369,7 +329,6 @@ int mdt_check_ucred(struct mdt_thread_info *info) struct md_identity *identity = NULL; lnet_nid_t peernid = req->rq_peer.nid; __u32 perm = 0; - __u32 remote = exp_connect_rmtclient(info->mti_exp); int setuid; int setgid; int rc = 0; @@ -380,63 +339,36 @@ int mdt_check_ucred(struct mdt_thread_info *info) if ((ucred->uc_valid == UCRED_OLD) || (ucred->uc_valid == UCRED_NEW)) RETURN(0); - if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc) - RETURN(0); - - /* sanity check: if we use strong authentication, we expect the - * uid which client claimed is true */ - if (remote) { - if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_mapped_uid))) { - CDEBUG(D_SEC, "remote user not mapped, deny access!\n"); - RETURN(-EACCES); - } + if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc) + RETURN(0); - if (ptlrpc_user_desc_do_idmap(req, pud)) - RETURN(-EACCES); - - if (req->rq_auth_mapped_uid != pud->pud_uid) { - CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u " - "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, - req->rq_auth_mapped_uid, - pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid); - RETURN(-EACCES); - } - } else { - if (!flvr_is_rootonly(req->rq_flvr.sf_rpc) && - req->rq_auth_uid != pud->pud_uid) { - CDEBUG(D_SEC, "local client %s: auth uid %u " - "while client claims %u:%u/%u:%u\n", - libcfs_nid2str(peernid), req->rq_auth_uid, - pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid); - RETURN(-EACCES); - } - } + /* sanity check: if we use strong authentication, we expect the + * uid which client claimed is true */ + if (!flvr_is_rootonly(req->rq_flvr.sf_rpc) && + req->rq_auth_uid != pud->pud_uid) { + CDEBUG(D_SEC, "local client %s: auth uid %u " + "while client claims %u:%u/%u:%u\n", + libcfs_nid2str(peernid), req->rq_auth_uid, + pud->pud_uid, pud->pud_gid, + pud->pud_fsuid, pud->pud_fsgid); + RETURN(-EACCES); + } - if (is_identity_get_disabled(mdt->mdt_identity_cache)) { - if (remote) { - CDEBUG(D_SEC, "remote client must run with identity_get " - "enabled!\n"); - RETURN(-EACCES); - } - RETURN(0); - } + if (is_identity_get_disabled(mdt->mdt_identity_cache)) + RETURN(0); - identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid); - if (IS_ERR(identity)) { - if (unlikely(PTR_ERR(identity) == -EREMCHG && - !remote)) { - RETURN(0); - } else { - CDEBUG(D_SEC, "Deny access without identity: uid %u\n", - pud->pud_uid); - RETURN(-EACCES); - } - } + identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid); + if (IS_ERR(identity)) { + if (unlikely(PTR_ERR(identity) == -EREMCHG)) { + RETURN(0); + } else { + CDEBUG(D_SEC, "Deny access without identity: uid %u\n", + pud->pud_uid); + RETURN(-EACCES); + } + } - perm = mdt_identity_get_perm(identity, remote, peernid); + perm = mdt_identity_get_perm(identity, peernid); /* find out the setuid/setgid attempt */ setuid = (pud->pud_uid != pud->pud_fsuid); setgid = (pud->pud_gid != pud->pud_fsgid || @@ -1131,7 +1063,7 @@ static int mdt_create_unpack(struct mdt_thread_info *info) if (tgt == NULL) RETURN(-EFAULT); } else { - req_capsule_extend(pill, &RQF_MDS_REINT_CREATE_RMT_ACL); + req_capsule_extend(pill, &RQF_MDS_REINT_CREATE_ACL); if (S_ISDIR(attr->la_mode) && req_capsule_get_size(pill, &RMF_EADATA, RCL_CLIENT) > 0) { sp->u.sp_ea.eadata = diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c index 06347ff..25938df 100644 --- a/lustre/mdt/mdt_open.c +++ b/lustre/mdt/mdt_open.c @@ -537,20 +537,8 @@ static int mdt_finish_open(struct mdt_thread_info *info, RETURN(-ENOENT); } - if (exp_connect_rmtclient(exp)) { - void *buf = req_capsule_server_get(info->mti_pill, &RMF_ACL); - - rc = mdt_pack_remote_perm(info, o, buf); - if (rc) { - repbody->mbo_valid &= ~OBD_MD_FLRMTPERM; - repbody->mbo_aclsize = 0; - } else { - repbody->mbo_valid |= OBD_MD_FLRMTPERM; - repbody->mbo_aclsize = sizeof(struct mdt_remote_perm); - } - } #ifdef CONFIG_FS_POSIX_ACL - else if (exp_connect_flags(exp) & OBD_CONNECT_ACL) { + if (exp_connect_flags(exp) & OBD_CONNECT_ACL) { struct lu_nodemap *nodemap = nodemap_get_from_exp(exp); if (IS_ERR(nodemap)) RETURN(PTR_ERR(nodemap)); diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c index 2e08a58..32fb823 100644 --- a/lustre/mdt/mdt_xattr.c +++ b/lustre/mdt/mdt_xattr.c @@ -117,55 +117,11 @@ static int mdt_getxattr_pack_reply(struct mdt_thread_info * info) RETURN(size); } -static int -mdt_getxattr_one(struct mdt_thread_info *info, - char *xattr_name, struct md_object *next, - struct lu_buf *buf, struct mdt_export_data *med, - struct lu_ucred *uc) -{ - __u32 remote = exp_connect_rmtclient(info->mti_exp); - int flags = CFS_IC_NOTHING, rc; - - ENTRY; - - CDEBUG(D_INODE, "getxattr %s\n", xattr_name); - - rc = mo_xattr_get(info->mti_env, next, buf, xattr_name); - if (rc < 0) - GOTO(out, rc); - - if (info->mti_body->mbo_valid & - (OBD_MD_FLRMTLSETFACL | OBD_MD_FLRMTLGETFACL)) - flags = CFS_IC_ALL; - else if (info->mti_body->mbo_valid & OBD_MD_FLRMTRGETFACL) - flags = CFS_IC_MAPPED; - - if (rc > 0 && flags != CFS_IC_NOTHING) { - int rc1; - - if (unlikely(!remote)) - GOTO(out, rc = -EINVAL); - - rc1 = lustre_posix_acl_xattr_id2client(uc, - med->med_idmap, - (posix_acl_xattr_header *)(buf->lb_buf), - rc, flags); - if (unlikely(rc1 < 0)) - rc = rc1; - } - -out: - return rc; -} - static int mdt_getxattr_all(struct mdt_thread_info *info, struct mdt_body *reqbody, struct mdt_body *repbody, struct lu_buf *buf, struct md_object *next) { const struct lu_env *env = info->mti_env; - struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_export_data *med = mdt_req2med(req); - struct lu_ucred *uc = mdt_ucred(info); char *v, *b, *eadatahead, *eadatatail; __u32 *sizes; int eadatasize, eavallen = 0, eavallens = 0, rc; @@ -196,7 +152,7 @@ static int mdt_getxattr_all(struct mdt_thread_info *info, for (b = eadatahead; b < eadatatail; b += strlen(b) + 1, v += rc) { buf->lb_buf = v; buf->lb_len = reqbody->mbo_eadatasize - eavallen; - rc = mdt_getxattr_one(info, b, next, buf, med, uc); + rc = mo_xattr_get(env, next, buf, b); if (rc < 0) GOTO(out_shrink, rc); @@ -227,14 +183,10 @@ out_shrink: int mdt_getxattr(struct mdt_thread_info *info) { struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_export_data *med = mdt_req2med(req); - struct lu_ucred *uc = lu_ucred(info->mti_env); struct mdt_body *reqbody; struct mdt_body *repbody = NULL; struct md_object *next; struct lu_buf *buf; - __u32 remote = exp_connect_rmtclient(info->mti_exp); - __u32 perm; int easize, rc; u64 valid; ENTRY; @@ -253,22 +205,6 @@ int mdt_getxattr(struct mdt_thread_info *info) RETURN(err_serious(rc)); next = mdt_object_child(info->mti_object); - - if (info->mti_body->mbo_valid & OBD_MD_FLRMTRGETFACL) { - if (unlikely(!remote)) - GOTO(out, rc = err_serious(-EINVAL)); - - perm = mdt_identity_get_perm(uc->uc_identity, remote, - req->rq_peer.nid); - if (!(perm & CFS_RMTACL_PERM)) - GOTO(out, rc = err_serious(-EPERM)); - - rc = mo_permission(info->mti_env, NULL, next, NULL, - MAY_RGETFACL); - if (rc) - GOTO(out, rc = err_serious(rc)); - } - easize = mdt_getxattr_pack_reply(info); if (easize < 0) GOTO(out, rc = err_serious(easize)); @@ -289,7 +225,7 @@ int mdt_getxattr(struct mdt_thread_info *info) if (valid == OBD_MD_FLXATTR) { char *xattr_name = req_capsule_client_get(info->mti_pill, &RMF_NAME); - rc = mdt_getxattr_one(info, xattr_name, next, buf, med, uc); + rc = mo_xattr_get(info->mti_env, next, buf, xattr_name); } else if (valid == OBD_MD_FLXATTRLS) { CDEBUG(D_INODE, "listxattr\n"); @@ -313,58 +249,10 @@ out: return rc; } -static int mdt_rmtlsetfacl(struct mdt_thread_info *info, - struct md_object *next, - const char *xattr_name, - ext_acl_xattr_header *header, - posix_acl_xattr_header **out) -{ - struct ptlrpc_request *req = mdt_info_req(info); - struct mdt_export_data *med = mdt_req2med(req); - struct lu_ucred *uc = mdt_ucred(info); - struct lu_buf *buf = &info->mti_buf; - int rc; - ENTRY; - - rc = lustre_ext_acl_xattr_id2server(uc, med->med_idmap, header); - if (rc) - RETURN(rc); - - rc = mo_xattr_get(info->mti_env, next, &LU_BUF_NULL, xattr_name); - if (rc == -ENODATA) - rc = 0; - else if (rc < 0) - RETURN(rc); - - buf->lb_len = rc; - if (buf->lb_len > 0) { - OBD_ALLOC_LARGE(buf->lb_buf, buf->lb_len); - if (unlikely(buf->lb_buf == NULL)) - RETURN(-ENOMEM); - - rc = mo_xattr_get(info->mti_env, next, buf, xattr_name); - if (rc < 0) { - CERROR("getxattr failed: %d\n", rc); - GOTO(_out, rc); - } - } else - buf->lb_buf = NULL; - - rc = lustre_acl_xattr_merge2posix((posix_acl_xattr_header *)(buf->lb_buf), - buf->lb_len, header, out); - EXIT; - -_out: - if (rc <= 0 && buf->lb_buf != NULL) - OBD_FREE_LARGE(buf->lb_buf, buf->lb_len); - return rc; -} - int mdt_reint_setxattr(struct mdt_thread_info *info, struct mdt_lock_handle *unused) { struct ptlrpc_request *req = mdt_info_req(info); - struct lu_ucred *uc = lu_ucred(info->mti_env); struct mdt_lock_handle *lh; const struct lu_env *env = info->mti_env; struct lu_buf *buf = &info->mti_buf; @@ -379,9 +267,6 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, int xattr_len = rr->rr_eadatalen; __u64 lockpart; int rc; - posix_acl_xattr_header *new_xattr = NULL; - __u32 remote = exp_connect_rmtclient(info->mti_exp); - __u32 perm; ENTRY; CDEBUG(D_INODE, "setxattr for "DFID": %s %s\n", PFID(rr->rr_fid1), @@ -397,16 +282,6 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, if (rc != 0) RETURN(rc); - if (valid & OBD_MD_FLRMTRSETFACL) { - if (unlikely(!remote)) - GOTO(out, rc = err_serious(-EINVAL)); - - perm = mdt_identity_get_perm(uc->uc_identity, remote, - req->rq_peer.nid); - if (!(perm & CFS_RMTACL_PERM)) - GOTO(out, rc = err_serious(-EPERM)); - } - if (strncmp(xattr_name, XATTR_USER_PREFIX, sizeof(XATTR_USER_PREFIX) - 1) == 0) { if (!(exp_connect_flags(req->rq_export) & OBD_CONNECT_XATTR)) @@ -491,21 +366,8 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, attr->la_valid = LA_CTIME; child = mdt_object_child(obj); if (valid & OBD_MD_FLXATTR) { - void *xattr = rr->rr_eadata; int flags = 0; - if (valid & OBD_MD_FLRMTLSETFACL) { - if (unlikely(!remote)) - GOTO(out_unlock, rc = -EINVAL); - - xattr_len = mdt_rmtlsetfacl(info, child, xattr_name, - xattr, &new_xattr); - if (xattr_len < 0) - GOTO(out_unlock, rc = xattr_len); - - xattr = new_xattr; - } - if (attr->la_flags & XATTR_REPLACE) flags |= LU_XATTR_REPLACE; @@ -515,7 +377,7 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, mdt_fail_write(env, info->mti_mdt->mdt_bottom, OBD_FAIL_MDS_SETXATTR_WRITE); - buf->lb_buf = xattr; + buf->lb_buf = rr->rr_eadata; buf->lb_len = xattr_len; rc = mo_xattr_set(env, child, buf, xattr_name, flags); /* update ctime after xattr changed */ @@ -540,8 +402,6 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, EXIT; out_unlock: mdt_object_unlock_put(info, obj, lh, rc); - if (unlikely(new_xattr != NULL)) - lustre_posix_acl_xattr_free(new_xattr, xattr_len); out: mdt_exit_ucred(info); return rc; diff --git a/lustre/obdclass/Makefile.in b/lustre/obdclass/Makefile.in index ca11c1b..9f9a8ea 100644 --- a/lustre/obdclass/Makefile.in +++ b/lustre/obdclass/Makefile.in @@ -12,10 +12,10 @@ obdclass-all-objs += lustre_handles.o lustre_peer.o local_storage.o obdclass-all-objs += statfs_pack.o obdo.o obd_config.o obd_mount.o obdclass-all-objs += lu_object.o dt_object.o obdclass-all-objs += cl_object.o cl_page.o cl_lock.o cl_io.o lu_ref.o -obdclass-all-objs += acl.o obdclass-all-objs += linkea.o obdclass-all-objs += kernelcomm.o +@SERVER_TRUE@obdclass-all-objs += acl.o @SERVER_TRUE@obdclass-all-objs += idmap.o @SERVER_TRUE@obdclass-all-objs += upcall_cache.o @SERVER_TRUE@obdclass-all-objs += lprocfs_jobstats.o @@ -31,6 +31,7 @@ EXTRA_PRE_CFLAGS := -I@LINUX@/fs -I@LDISKFS_DIR@ -I@LDISKFS_DIR@/ldiskfs EXTRA_DIST = $(obdclass-all-objs:.o=.c) llog_test.c llog_internal.h EXTRA_DIST += cl_internal.h local_storage.h +@SERVER_FALSE@EXTRA_DIST += acl.c @SERVER_FALSE@EXTRA_DIST += idmap.c @SERVER_FALSE@EXTRA_DIST += upcall_cache.c @SERVER_FALSE@EXTRA_DIST += lprocfs_jobstats.c diff --git a/lustre/obdclass/acl.c b/lustre/obdclass/acl.c index 31543fc..fadb382 100644 --- a/lustre/obdclass/acl.c +++ b/lustre/obdclass/acl.c @@ -52,34 +52,6 @@ #ifdef CONFIG_FS_POSIX_ACL -#define CFS_ACL_XATTR_VERSION POSIX_ACL_XATTR_VERSION - -enum { - ES_UNK = 0, /* unknown stat */ - ES_UNC = 1, /* ACL entry is not changed */ - ES_MOD = 2, /* ACL entry is modified */ - ES_ADD = 3, /* ACL entry is added */ - ES_DEL = 4 /* ACL entry is deleted */ -}; - -static inline void lustre_ext_acl_le_to_cpu(ext_acl_xattr_entry *d, - ext_acl_xattr_entry *s) -{ - d->e_tag = le16_to_cpu(s->e_tag); - d->e_perm = le16_to_cpu(s->e_perm); - d->e_id = le32_to_cpu(s->e_id); - d->e_stat = le32_to_cpu(s->e_stat); -} - -static inline void lustre_ext_acl_cpu_to_le(ext_acl_xattr_entry *d, - ext_acl_xattr_entry *s) -{ - d->e_tag = cpu_to_le16(s->e_tag); - d->e_perm = cpu_to_le16(s->e_perm); - d->e_id = cpu_to_le32(s->e_id); - d->e_stat = cpu_to_le32(s->e_stat); -} - static inline void lustre_posix_acl_le_to_cpu(posix_acl_xattr_entry *d, posix_acl_xattr_entry *s) { @@ -88,15 +60,14 @@ static inline void lustre_posix_acl_le_to_cpu(posix_acl_xattr_entry *d, d->e_id = le32_to_cpu(s->e_id); } -static inline void lustre_posix_acl_cpu_to_le(posix_acl_xattr_entry *d, +/*static inline void lustre_posix_acl_cpu_to_le(posix_acl_xattr_entry *d, posix_acl_xattr_entry *s) { d->e_tag = cpu_to_le16(s->e_tag); d->e_perm = cpu_to_le16(s->e_perm); d->e_id = cpu_to_le32(s->e_id); -} +}*/ -#ifdef HAVE_SERVER_SUPPORT /* * Check permission based on POSIX ACL. */ @@ -215,9 +186,9 @@ EXPORT_SYMBOL(lustre_posix_acl_chmod_masq); * Returns 0 if the acl can be exactly represented in the traditional * file mode permission bits, or else 1. Returns -E... on error. */ - int +int lustre_posix_acl_equiv_mode(posix_acl_xattr_entry *entry, mode_t *mode_p, - int count) + int count) { posix_acl_xattr_entry *pa, *pe; mode_t mode = 0; @@ -312,585 +283,4 @@ int lustre_posix_acl_create_masq(posix_acl_xattr_entry *entry, __u32 *pmode, return not_equiv; } EXPORT_SYMBOL(lustre_posix_acl_create_masq); - -/* - * Convert server-side uid/gid in the posix ACL items to the client-side ones. - * convert rule: - * @CFS_IC_NOTHING - * nothing to be converted. - * @CFS_IC_ALL - * mapped ids are converted to client-side ones, - * unmapped ones are converted to "nobody". - * @CFS_IC_MAPPED - * only mapped ids are converted to "nobody". - * @CFS_IC_UNMAPPED - * only unmapped ids are converted to "nobody". - */ -int lustre_posix_acl_xattr_id2client(struct lu_ucred *mu, - struct lustre_idmap_table *t, - posix_acl_xattr_header *header, - int size, int flags) -{ - int count, i; - __u32 id; - ENTRY; - - if (unlikely(size < 0)) - RETURN(-EINVAL); - else if (!size) - RETURN(0); - - if (unlikely(flags == CFS_IC_NOTHING)) - RETURN(0); - - count = CFS_ACL_XATTR_COUNT(size, posix_acl_xattr); - for (i = 0; i < count; i++) { - id = le32_to_cpu(header->a_entries[i].e_id); - switch (le16_to_cpu(header->a_entries[i].e_tag)) { - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - case ACL_MASK: - case ACL_OTHER: - if (id != ACL_UNDEFINED_ID) - RETURN(-EIO); - break; - case ACL_USER: - id = lustre_idmap_lookup_uid(mu, t, 1, id); - if (flags == CFS_IC_ALL) { - if (id == CFS_IDMAP_NOTFOUND) - id = NOBODY_UID; - header->a_entries[i].e_id = cpu_to_le32(id); - } else if (flags == CFS_IC_MAPPED) { - if (id != CFS_IDMAP_NOTFOUND) - header->a_entries[i].e_id = - cpu_to_le32(NOBODY_UID); - } else if (flags == CFS_IC_UNMAPPED) { - if (id == CFS_IDMAP_NOTFOUND) - header->a_entries[i].e_id = - cpu_to_le32(NOBODY_UID); - } - break; - case ACL_GROUP: - id = lustre_idmap_lookup_gid(mu, t, 1, id); - if (flags == CFS_IC_ALL) { - if (id == CFS_IDMAP_NOTFOUND) - id = NOBODY_GID; - header->a_entries[i].e_id = cpu_to_le32(id); - } else if (flags == CFS_IC_MAPPED) { - if (id != CFS_IDMAP_NOTFOUND) - header->a_entries[i].e_id = - cpu_to_le32(NOBODY_GID); - } else if (flags == CFS_IC_UNMAPPED) { - if (id == CFS_IDMAP_NOTFOUND) - header->a_entries[i].e_id = - cpu_to_le32(NOBODY_GID); - } - break; - default: - RETURN(-EIO); - } - } - - RETURN(0); -} -EXPORT_SYMBOL(lustre_posix_acl_xattr_id2client); - -/* - * Converts client-side uid/gid in the extended ACL items to server-side ones. - * convert rule: - * mapped ids are converted to server-side ones, - * unmapped ones cause "EPERM" error. - */ -int lustre_ext_acl_xattr_id2server(struct lu_ucred *mu, - struct lustre_idmap_table *t, - ext_acl_xattr_header *header) -{ - int i, count = le32_to_cpu(header->a_count); - __u32 id; - ENTRY; - - for (i = 0; i < count; i++) { - id = le32_to_cpu(header->a_entries[i].e_id); - switch (le16_to_cpu(header->a_entries[i].e_tag)) { - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - case ACL_MASK: - case ACL_OTHER: - if (id != ACL_UNDEFINED_ID) - RETURN(-EIO); - break; - case ACL_USER: - id = lustre_idmap_lookup_uid(mu, t, 0, id); - if (id == CFS_IDMAP_NOTFOUND) - RETURN(-EPERM); - else - header->a_entries[i].e_id = cpu_to_le32(id); - break; - case ACL_GROUP: - id = lustre_idmap_lookup_gid(mu, t, 0, id); - if (id == CFS_IDMAP_NOTFOUND) - RETURN(-EPERM); - else - header->a_entries[i].e_id = cpu_to_le32(id); - break; - default: - RETURN(-EIO); - } - } - - RETURN(0); -} -EXPORT_SYMBOL(lustre_ext_acl_xattr_id2server); -#endif /* HAVE_SERVER_SUPPORT */ - -/* if "new_count == 0", then "new = {a_version, NULL}", NOT NULL. */ -static int lustre_posix_acl_xattr_reduce_space(posix_acl_xattr_header **header, - int old_count, int new_count) -{ - int old_size = CFS_ACL_XATTR_SIZE(old_count, posix_acl_xattr); - int new_size = CFS_ACL_XATTR_SIZE(new_count, posix_acl_xattr); - posix_acl_xattr_header *new; - - if (unlikely(old_count <= new_count)) - return old_size; - - OBD_ALLOC(new, new_size); - if (unlikely(new == NULL)) - return -ENOMEM; - - memcpy(new, *header, new_size); - OBD_FREE(*header, old_size); - *header = new; - return new_size; -} - -/* if "new_count == 0", then "new = {0, NULL}", NOT NULL. */ -static int lustre_ext_acl_xattr_reduce_space(ext_acl_xattr_header **header, - int old_count) -{ - int ext_count = le32_to_cpu((*header)->a_count); - int ext_size = CFS_ACL_XATTR_SIZE(ext_count, ext_acl_xattr); - int old_size = CFS_ACL_XATTR_SIZE(old_count, ext_acl_xattr); - ext_acl_xattr_header *new; - - if (unlikely(old_count <= ext_count)) - return 0; - - OBD_ALLOC(new, ext_size); - if (unlikely(new == NULL)) - return -ENOMEM; - - memcpy(new, *header, ext_size); - OBD_FREE(*header, old_size); - *header = new; - return 0; -} - -/* - * Generate new extended ACL based on the posix ACL. - */ -ext_acl_xattr_header * -lustre_posix_acl_xattr_2ext(posix_acl_xattr_header *header, int size) -{ - int count, i, esize; - ext_acl_xattr_header *new; - ENTRY; - - if (unlikely(size < 0)) - RETURN(ERR_PTR(-EINVAL)); - else if (!size) - count = 0; - else - count = CFS_ACL_XATTR_COUNT(size, posix_acl_xattr); - esize = CFS_ACL_XATTR_SIZE(count, ext_acl_xattr); - OBD_ALLOC(new, esize); - if (unlikely(new == NULL)) - RETURN(ERR_PTR(-ENOMEM)); - - new->a_count = cpu_to_le32(count); - for (i = 0; i < count; i++) { - new->a_entries[i].e_tag = header->a_entries[i].e_tag; - new->a_entries[i].e_perm = header->a_entries[i].e_perm; - new->a_entries[i].e_id = header->a_entries[i].e_id; - new->a_entries[i].e_stat = cpu_to_le32(ES_UNK); - } - - RETURN(new); -} -EXPORT_SYMBOL(lustre_posix_acl_xattr_2ext); - -/* - * Filter out the "nobody" entries in the posix ACL. - */ -int lustre_posix_acl_xattr_filter(posix_acl_xattr_header *header, int size, - posix_acl_xattr_header **out) -{ - int count, i, j, rc = 0; - __u32 id; - posix_acl_xattr_header *new; - ENTRY; - - if (unlikely(size < 0)) - RETURN(-EINVAL); - else if (!size) - RETURN(0); - - OBD_ALLOC(new, size); - if (unlikely(new == NULL)) - RETURN(-ENOMEM); - - new->a_version = cpu_to_le32(CFS_ACL_XATTR_VERSION); - count = CFS_ACL_XATTR_COUNT(size, posix_acl_xattr); - for (i = 0, j = 0; i < count; i++) { - id = le32_to_cpu(header->a_entries[i].e_id); - switch (le16_to_cpu(header->a_entries[i].e_tag)) { - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - case ACL_MASK: - case ACL_OTHER: - if (id != ACL_UNDEFINED_ID) - GOTO(_out, rc = -EIO); - - memcpy(&new->a_entries[j++], &header->a_entries[i], - sizeof(posix_acl_xattr_entry)); - break; - case ACL_USER: - if (id != NOBODY_UID) - memcpy(&new->a_entries[j++], - &header->a_entries[i], - sizeof(posix_acl_xattr_entry)); - break; - case ACL_GROUP: - if (id != NOBODY_GID) - memcpy(&new->a_entries[j++], - &header->a_entries[i], - sizeof(posix_acl_xattr_entry)); - break; - default: - GOTO(_out, rc = -EIO); - } - } - - /* free unused space. */ - rc = lustre_posix_acl_xattr_reduce_space(&new, count, j); - if (rc >= 0) { - size = rc; - *out = new; - rc = 0; - } - EXIT; - -_out: - if (rc) { - OBD_FREE(new, size); - size = rc; - } - return size; -} -EXPORT_SYMBOL(lustre_posix_acl_xattr_filter); - -/* - * Release the posix ACL space. - */ -void lustre_posix_acl_xattr_free(posix_acl_xattr_header *header, int size) -{ - OBD_FREE(header, size); -} -EXPORT_SYMBOL(lustre_posix_acl_xattr_free); - -/* - * Release the extended ACL space. - */ -void lustre_ext_acl_xattr_free(ext_acl_xattr_header *header) -{ - OBD_FREE(header, CFS_ACL_XATTR_SIZE(le32_to_cpu(header->a_count), \ - ext_acl_xattr)); -} -EXPORT_SYMBOL(lustre_ext_acl_xattr_free); - -static ext_acl_xattr_entry * -lustre_ext_acl_xattr_search(ext_acl_xattr_header *header, - posix_acl_xattr_entry *entry, int *pos) -{ - int once, start, end, i, j, count = le32_to_cpu(header->a_count); - - once = 0; - start = *pos; - end = count; - -again: - for (i = start; i < end; i++) { - if (header->a_entries[i].e_tag == entry->e_tag && - header->a_entries[i].e_id == entry->e_id) { - j = i; - if (++i >= count) - i = 0; - *pos = i; - return &header->a_entries[j]; - } - } - - if (!once) { - once = 1; - start = 0; - end = *pos; - goto again; - } - - return NULL; -} - -/* - * Merge the posix ACL and the extended ACL into new posix ACL. - */ -int lustre_acl_xattr_merge2posix(posix_acl_xattr_header *posix_header, int size, - ext_acl_xattr_header *ext_header, - posix_acl_xattr_header **out) -{ - int posix_count, posix_size, i, j; - int ext_count = le32_to_cpu(ext_header->a_count), pos = 0, rc = 0; - posix_acl_xattr_entry pe = {ACL_MASK, 0, ACL_UNDEFINED_ID}; - posix_acl_xattr_header *new; - ext_acl_xattr_entry *ee, ae; - ENTRY; - - lustre_posix_acl_cpu_to_le(&pe, &pe); - ee = lustre_ext_acl_xattr_search(ext_header, &pe, &pos); - if (ee == NULL || le32_to_cpu(ee->e_stat) == ES_DEL) { - /* there are only base ACL entries at most. */ - posix_count = 3; - posix_size = CFS_ACL_XATTR_SIZE(posix_count, posix_acl_xattr); - OBD_ALLOC(new, posix_size); - if (unlikely(new == NULL)) - RETURN(-ENOMEM); - - new->a_version = cpu_to_le32(CFS_ACL_XATTR_VERSION); - for (i = 0, j = 0; i < ext_count; i++) { - lustre_ext_acl_le_to_cpu(&ae, - &ext_header->a_entries[i]); - switch (ae.e_tag) { - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - case ACL_OTHER: - if (ae.e_id != ACL_UNDEFINED_ID) - GOTO(_out, rc = -EIO); - - if (ae.e_stat != ES_DEL) { - new->a_entries[j].e_tag = - ext_header->a_entries[i].e_tag; - new->a_entries[j].e_perm = - ext_header->a_entries[i].e_perm; - new->a_entries[j++].e_id = - ext_header->a_entries[i].e_id; - } - break; - case ACL_MASK: - case ACL_USER: - case ACL_GROUP: - if (ae.e_stat == ES_DEL) - break; - default: - GOTO(_out, rc = -EIO); - } - } - } else { - /* maybe there are valid ACL_USER or ACL_GROUP entries in the - * original server-side ACL, they are regarded as ES_UNC stat.*/ - int ori_posix_count; - - if (unlikely(size < 0)) - RETURN(-EINVAL); - else if (!size) - ori_posix_count = 0; - else - ori_posix_count = - CFS_ACL_XATTR_COUNT(size, posix_acl_xattr); - posix_count = ori_posix_count + ext_count; - posix_size = - CFS_ACL_XATTR_SIZE(posix_count, posix_acl_xattr); - OBD_ALLOC(new, posix_size); - if (unlikely(new == NULL)) - RETURN(-ENOMEM); - - new->a_version = cpu_to_le32(CFS_ACL_XATTR_VERSION); - /* 1. process the unchanged ACL entries - * in the original server-side ACL. */ - pos = 0; - for (i = 0, j = 0; i < ori_posix_count; i++) { - ee = lustre_ext_acl_xattr_search(ext_header, - &posix_header->a_entries[i], &pos); - if (ee == NULL) - memcpy(&new->a_entries[j++], - &posix_header->a_entries[i], - sizeof(posix_acl_xattr_entry)); - } - - /* 2. process the non-deleted entries - * from client-side extended ACL. */ - for (i = 0; i < ext_count; i++) { - if (le16_to_cpu(ext_header->a_entries[i].e_stat) != - ES_DEL) { - new->a_entries[j].e_tag = - ext_header->a_entries[i].e_tag; - new->a_entries[j].e_perm = - ext_header->a_entries[i].e_perm; - new->a_entries[j++].e_id = - ext_header->a_entries[i].e_id; - } - } - } - - /* free unused space. */ - rc = lustre_posix_acl_xattr_reduce_space(&new, posix_count, j); - if (rc >= 0) { - posix_size = rc; - *out = new; - rc = 0; - } - EXIT; - -_out: - if (rc) { - OBD_FREE(new, posix_size); - posix_size = rc; - } - return posix_size; -} -EXPORT_SYMBOL(lustre_acl_xattr_merge2posix); - -/* - * Merge the posix ACL and the extended ACL into new extended ACL. - */ -ext_acl_xattr_header * -lustre_acl_xattr_merge2ext(posix_acl_xattr_header *posix_header, int size, - ext_acl_xattr_header *ext_header) -{ - int ori_ext_count, posix_count, ext_count, ext_size; - int i, j, pos = 0, rc = 0; - posix_acl_xattr_entry pae; - ext_acl_xattr_header *new; - ext_acl_xattr_entry *ee, eae; - ENTRY; - - if (unlikely(size < 0)) - RETURN(ERR_PTR(-EINVAL)); - else if (!size) - posix_count = 0; - else - posix_count = CFS_ACL_XATTR_COUNT(size, posix_acl_xattr); - ori_ext_count = le32_to_cpu(ext_header->a_count); - ext_count = posix_count + ori_ext_count; - ext_size = CFS_ACL_XATTR_SIZE(ext_count, ext_acl_xattr); - - OBD_ALLOC(new, ext_size); - if (unlikely(new == NULL)) - RETURN(ERR_PTR(-ENOMEM)); - - for (i = 0, j = 0; i < posix_count; i++) { - lustre_posix_acl_le_to_cpu(&pae, &posix_header->a_entries[i]); - switch (pae.e_tag) { - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - case ACL_MASK: - case ACL_OTHER: - if (pae.e_id != ACL_UNDEFINED_ID) - GOTO(out, rc = -EIO); - case ACL_USER: - /* ignore "nobody" entry. */ - if (pae.e_id == NOBODY_UID) - break; - - new->a_entries[j].e_tag = - posix_header->a_entries[i].e_tag; - new->a_entries[j].e_perm = - posix_header->a_entries[i].e_perm; - new->a_entries[j].e_id = - posix_header->a_entries[i].e_id; - ee = lustre_ext_acl_xattr_search(ext_header, - &posix_header->a_entries[i], &pos); - if (ee) { - if (posix_header->a_entries[i].e_perm != - ee->e_perm) - /* entry modified. */ - ee->e_stat = - new->a_entries[j++].e_stat = - cpu_to_le32(ES_MOD); - else - /* entry unchanged. */ - ee->e_stat = - new->a_entries[j++].e_stat = - cpu_to_le32(ES_UNC); - } else { - /* new entry. */ - new->a_entries[j++].e_stat = - cpu_to_le32(ES_ADD); - } - break; - case ACL_GROUP: - /* ignore "nobody" entry. */ - if (pae.e_id == NOBODY_GID) - break; - new->a_entries[j].e_tag = - posix_header->a_entries[i].e_tag; - new->a_entries[j].e_perm = - posix_header->a_entries[i].e_perm; - new->a_entries[j].e_id = - posix_header->a_entries[i].e_id; - ee = lustre_ext_acl_xattr_search(ext_header, - &posix_header->a_entries[i], &pos); - if (ee) { - if (posix_header->a_entries[i].e_perm != - ee->e_perm) - /* entry modified. */ - ee->e_stat = - new->a_entries[j++].e_stat = - cpu_to_le32(ES_MOD); - else - /* entry unchanged. */ - ee->e_stat = - new->a_entries[j++].e_stat = - cpu_to_le32(ES_UNC); - } else { - /* new entry. */ - new->a_entries[j++].e_stat = - cpu_to_le32(ES_ADD); - } - break; - default: - GOTO(out, rc = -EIO); - } - } - - /* process deleted entries. */ - for (i = 0; i < ori_ext_count; i++) { - lustre_ext_acl_le_to_cpu(&eae, &ext_header->a_entries[i]); - if (eae.e_stat == ES_UNK) { - /* ignore "nobody" entry. */ - if ((eae.e_tag == ACL_USER && eae.e_id == NOBODY_UID) || - (eae.e_tag == ACL_GROUP && eae.e_id == NOBODY_GID)) - continue; - - new->a_entries[j].e_tag = - ext_header->a_entries[i].e_tag; - new->a_entries[j].e_perm = - ext_header->a_entries[i].e_perm; - new->a_entries[j].e_id = ext_header->a_entries[i].e_id; - new->a_entries[j++].e_stat = cpu_to_le32(ES_DEL); - } - } - - new->a_count = cpu_to_le32(j); - /* free unused space. */ - rc = lustre_ext_acl_xattr_reduce_space(&new, ext_count); - EXIT; - -out: - if (rc) { - OBD_FREE(new, ext_size); - new = ERR_PTR(rc); - } - return new; -} -EXPORT_SYMBOL(lustre_acl_xattr_merge2ext); - #endif diff --git a/lustre/obdclass/idmap.c b/lustre/obdclass/idmap.c index a7cec60..6652f89 100644 --- a/lustre/obdclass/idmap.c +++ b/lustre/obdclass/idmap.c @@ -169,311 +169,3 @@ int lustre_in_group_p(struct lu_ucred *mu, gid_t grp) return rc; } EXPORT_SYMBOL(lustre_in_group_p); - -struct lustre_idmap_entry { - struct list_head lie_rmt_uid_hash; /* hashed as lie_rmt_uid; */ - struct list_head lie_lcl_uid_hash; /* hashed as lie_lcl_uid; */ - struct list_head lie_rmt_gid_hash; /* hashed as lie_rmt_gid; */ - struct list_head lie_lcl_gid_hash; /* hashed as lie_lcl_gid; */ - uid_t lie_rmt_uid; /* remote uid */ - uid_t lie_lcl_uid; /* local uid */ - gid_t lie_rmt_gid; /* remote gid */ - gid_t lie_lcl_gid; /* local gid */ -}; - -static inline __u32 lustre_idmap_hashfunc(__u32 id) -{ - return id & (CFS_IDMAP_HASHSIZE - 1); -} - -static -struct lustre_idmap_entry *idmap_entry_alloc(uid_t rmt_uid, uid_t lcl_uid, - gid_t rmt_gid, gid_t lcl_gid) -{ - struct lustre_idmap_entry *e; - - OBD_ALLOC_PTR(e); - if (e == NULL) - return NULL; - - INIT_LIST_HEAD(&e->lie_rmt_uid_hash); - INIT_LIST_HEAD(&e->lie_lcl_uid_hash); - INIT_LIST_HEAD(&e->lie_rmt_gid_hash); - INIT_LIST_HEAD(&e->lie_lcl_gid_hash); - e->lie_rmt_uid = rmt_uid; - e->lie_lcl_uid = lcl_uid; - e->lie_rmt_gid = rmt_gid; - e->lie_lcl_gid = lcl_gid; - - return e; -} - -static void idmap_entry_free(struct lustre_idmap_entry *e) -{ - list_del(&e->lie_rmt_uid_hash); - list_del(&e->lie_lcl_uid_hash); - list_del(&e->lie_rmt_gid_hash); - list_del(&e->lie_lcl_gid_hash); - OBD_FREE_PTR(e); -} - -/* - * return value - * NULL: not found entry - * ERR_PTR(-EACCES): found 1(remote):N(local) mapped entry - * others: found normal entry - */ -static -struct lustre_idmap_entry *idmap_search_entry(struct lustre_idmap_table *t, - uid_t rmt_uid, uid_t lcl_uid, - gid_t rmt_gid, gid_t lcl_gid) -{ - struct list_head *head; - struct lustre_idmap_entry *e; - - head = &t->lit_idmaps[RMT_UIDMAP_IDX][lustre_idmap_hashfunc(rmt_uid)]; - list_for_each_entry(e, head, lie_rmt_uid_hash) - if (e->lie_rmt_uid == rmt_uid) { - if (e->lie_lcl_uid == lcl_uid) { - if (e->lie_rmt_gid == rmt_gid && - e->lie_lcl_gid == lcl_gid) - /* must be quaternion match */ - return e; - } else { - /* 1:N uid mapping */ - CERROR("rmt uid %u already be mapped to %u" - " (new %u)\n", e->lie_rmt_uid, - e->lie_lcl_uid, lcl_uid); - return ERR_PTR(-EACCES); - } - } - - head = &t->lit_idmaps[RMT_GIDMAP_IDX][lustre_idmap_hashfunc(rmt_gid)]; - list_for_each_entry(e, head, lie_rmt_gid_hash) - if (e->lie_rmt_gid == rmt_gid) { - if (e->lie_lcl_gid == lcl_gid) { - if (unlikely(e->lie_rmt_uid == rmt_uid && - e->lie_lcl_uid == lcl_uid)) - /* after uid mapping search above, - * we should never come here */ - LBUG(); - } else { - /* 1:N gid mapping */ - CERROR("rmt gid %u already be mapped to %u" - " (new %u)\n", e->lie_rmt_gid, - e->lie_lcl_gid, lcl_gid); - return ERR_PTR(-EACCES); - } - } - - return NULL; -} - -static __u32 idmap_lookup_uid(struct list_head *hash, int reverse, - __u32 uid) -{ - struct list_head *head = &hash[lustre_idmap_hashfunc(uid)]; - struct lustre_idmap_entry *e; - - if (!reverse) { - list_for_each_entry(e, head, lie_rmt_uid_hash) - if (e->lie_rmt_uid == uid) - return e->lie_lcl_uid; - } else { - list_for_each_entry(e, head, lie_lcl_uid_hash) - if (e->lie_lcl_uid == uid) - return e->lie_rmt_uid; - } - - return CFS_IDMAP_NOTFOUND; -} - -static __u32 idmap_lookup_gid(struct list_head *hash, int reverse, __u32 gid) -{ - struct list_head *head = &hash[lustre_idmap_hashfunc(gid)]; - struct lustre_idmap_entry *e; - - if (!reverse) { - list_for_each_entry(e, head, lie_rmt_gid_hash) - if (e->lie_rmt_gid == gid) - return e->lie_lcl_gid; - } else { - list_for_each_entry(e, head, lie_lcl_gid_hash) - if (e->lie_lcl_gid == gid) - return e->lie_rmt_gid; - } - - return CFS_IDMAP_NOTFOUND; -} - -int lustre_idmap_add(struct lustre_idmap_table *t, - uid_t ruid, uid_t luid, - gid_t rgid, gid_t lgid) -{ - struct lustre_idmap_entry *e0, *e1; - - LASSERT(t); - - spin_lock(&t->lit_lock); - e0 = idmap_search_entry(t, ruid, luid, rgid, lgid); - spin_unlock(&t->lit_lock); - if (!e0) { - e0 = idmap_entry_alloc(ruid, luid, rgid, lgid); - if (!e0) - return -ENOMEM; - - spin_lock(&t->lit_lock); - e1 = idmap_search_entry(t, ruid, luid, rgid, lgid); - if (e1 == NULL) { - list_add_tail(&e0->lie_rmt_uid_hash, - &t->lit_idmaps[RMT_UIDMAP_IDX] - [lustre_idmap_hashfunc(ruid)]); - list_add_tail(&e0->lie_lcl_uid_hash, - &t->lit_idmaps[LCL_UIDMAP_IDX] - [lustre_idmap_hashfunc(luid)]); - list_add_tail(&e0->lie_rmt_gid_hash, - &t->lit_idmaps[RMT_GIDMAP_IDX] - [lustre_idmap_hashfunc(rgid)]); - list_add_tail(&e0->lie_lcl_gid_hash, - &t->lit_idmaps[LCL_GIDMAP_IDX] - [lustre_idmap_hashfunc(lgid)]); - } - spin_unlock(&t->lit_lock); - if (e1 != NULL) { - idmap_entry_free(e0); - if (IS_ERR(e1)) - return PTR_ERR(e1); - } - } else if (IS_ERR(e0)) { - return PTR_ERR(e0); - } - - return 0; -} -EXPORT_SYMBOL(lustre_idmap_add); - -int lustre_idmap_del(struct lustre_idmap_table *t, - uid_t ruid, uid_t luid, - gid_t rgid, gid_t lgid) -{ - struct lustre_idmap_entry *e; - int rc = 0; - - LASSERT(t); - - spin_lock(&t->lit_lock); - e = idmap_search_entry(t, ruid, luid, rgid, lgid); - if (IS_ERR(e)) - rc = PTR_ERR(e); - else if (e) - idmap_entry_free(e); - spin_unlock(&t->lit_lock); - - return rc; -} -EXPORT_SYMBOL(lustre_idmap_del); - -int lustre_idmap_lookup_uid(struct lu_ucred *mu, - struct lustre_idmap_table *t, - int reverse, uid_t uid) -{ - struct list_head *hash; - - if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) { - if (!reverse) { - if (uid == mu->uc_o_uid) - return mu->uc_uid; - else if (uid == mu->uc_o_fsuid) - return mu->uc_fsuid; - } else { - if (uid == mu->uc_uid) - return mu->uc_o_uid; - else if (uid == mu->uc_fsuid) - return mu->uc_o_fsuid; - } - } - - if (t == NULL) - return CFS_IDMAP_NOTFOUND; - - hash = t->lit_idmaps[reverse ? LCL_UIDMAP_IDX : RMT_UIDMAP_IDX]; - - spin_lock(&t->lit_lock); - uid = idmap_lookup_uid(hash, reverse, uid); - spin_unlock(&t->lit_lock); - - return uid; -} -EXPORT_SYMBOL(lustre_idmap_lookup_uid); - -int lustre_idmap_lookup_gid(struct lu_ucred *mu, struct lustre_idmap_table *t, - int reverse, gid_t gid) -{ - struct list_head *hash; - - if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) { - if (!reverse) { - if (gid == mu->uc_o_gid) - return mu->uc_gid; - else if (gid == mu->uc_o_fsgid) - return mu->uc_fsgid; - } else { - if (gid == mu->uc_gid) - return mu->uc_o_gid; - else if (gid == mu->uc_fsgid) - return mu->uc_o_fsgid; - } - } - - if (t == NULL) - return CFS_IDMAP_NOTFOUND; - - hash = t->lit_idmaps[reverse ? LCL_GIDMAP_IDX : RMT_GIDMAP_IDX]; - - spin_lock(&t->lit_lock); - gid = idmap_lookup_gid(hash, reverse, gid); - spin_unlock(&t->lit_lock); - - return gid; -} -EXPORT_SYMBOL(lustre_idmap_lookup_gid); - -struct lustre_idmap_table *lustre_idmap_init(void) -{ - struct lustre_idmap_table *t; - int i, j; - - OBD_ALLOC_PTR(t); - if(unlikely(t == NULL)) - return (ERR_PTR(-ENOMEM)); - - spin_lock_init(&t->lit_lock); - for (i = 0; i < ARRAY_SIZE(t->lit_idmaps); i++) - for (j = 0; j < ARRAY_SIZE(t->lit_idmaps[i]); j++) - INIT_LIST_HEAD(&t->lit_idmaps[i][j]); - - return t; -} -EXPORT_SYMBOL(lustre_idmap_init); - -void lustre_idmap_fini(struct lustre_idmap_table *t) -{ - struct list_head *list; - struct lustre_idmap_entry *e; - int i; - LASSERT(t); - - list = t->lit_idmaps[RMT_UIDMAP_IDX]; - spin_lock(&t->lit_lock); - for (i = 0; i < CFS_IDMAP_HASHSIZE; i++) - while (!list_empty(&list[i])) { - e = list_entry(list[i].next, - struct lustre_idmap_entry, - lie_rmt_uid_hash); - idmap_entry_free(e); - } - spin_unlock(&t->lit_lock); - - OBD_FREE_PTR(t); -} -EXPORT_SYMBOL(lustre_idmap_fini); diff --git a/lustre/obdclass/lprocfs_status.c b/lustre/obdclass/lprocfs_status.c index 7d7299c..491afcc 100644 --- a/lustre/obdclass/lprocfs_status.c +++ b/lustre/obdclass/lprocfs_status.c @@ -1421,7 +1421,6 @@ void lprocfs_init_mps_stats(int num_private_stats, struct lprocfs_stats *stats) LPROCFS_MD_OP_INIT(num_private_stats, stats, set_lock_data); LPROCFS_MD_OP_INIT(num_private_stats, stats, lock_match); LPROCFS_MD_OP_INIT(num_private_stats, stats, cancel_unused); - LPROCFS_MD_OP_INIT(num_private_stats, stats, get_remote_perm); LPROCFS_MD_OP_INIT(num_private_stats, stats, intent_getattr_async); LPROCFS_MD_OP_INIT(num_private_stats, stats, revalidate_lock); } diff --git a/lustre/ofd/ofd_dev.c b/lustre/ofd/ofd_dev.c index 0a2ec19..71ec9f7 100644 --- a/lustre/ofd/ofd_dev.c +++ b/lustre/ofd/ofd_dev.c @@ -1324,7 +1324,6 @@ static int ofd_getattr_hdl(struct tgt_session_info *tsi) obdo_from_la(&repbody->oa, &fti->fti_attr, OFD_VALID_FLAGS | LA_UID | LA_GID); - tgt_drop_id(tsi->tsi_exp, &repbody->oa); /* Store object version in reply */ curr_version = dt_version_get(tsi->tsi_env, @@ -1420,7 +1419,6 @@ static int ofd_setattr_hdl(struct tgt_session_info *tsi) obdo_from_la(&repbody->oa, &fti->fti_attr, OFD_VALID_FLAGS | LA_UID | LA_GID); - tgt_drop_id(tsi->tsi_exp, &repbody->oa); ofd_counter_incr(tsi->tsi_exp, LPROC_OFD_STATS_SETATTR, tsi->tsi_jobid, 1); diff --git a/lustre/ofd/ofd_io.c b/lustre/ofd/ofd_io.c index 0608cd9..3f6ff63 100644 --- a/lustre/ofd/ofd_io.c +++ b/lustre/ofd/ofd_io.c @@ -631,10 +631,6 @@ static int ofd_preprw_write(const struct lu_env *env, struct obd_export *exp, lnb[j+k].lnb_flags = rnb[i].rnb_flags; if (!(rnb[i].rnb_flags & OBD_BRW_GRANTED)) lnb[j+k].lnb_rc = -ENOSPC; - - /* remote client can't break through quota */ - if (exp_connect_rmtclient(exp)) - lnb[j+k].lnb_flags &= ~OBD_BRW_NOQUOTA; } j += rc; *nr_local += rc; diff --git a/lustre/osc/osc_cache.c b/lustre/osc/osc_cache.c index a336e3c..73a8c84 100644 --- a/lustre/osc/osc_cache.c +++ b/lustre/osc/osc_cache.c @@ -2282,7 +2282,7 @@ int osc_prep_async_page(struct osc_object *osc, struct osc_page *ops, oap->oap_obj_off = offset; LASSERT(!(offset & ~PAGE_MASK)); - if (!client_is_remote(exp) && cfs_capable(CFS_CAP_SYS_RESOURCE)) + if (cfs_capable(CFS_CAP_SYS_RESOURCE)) oap->oap_brw_flags = OBD_BRW_NOQUOTA; INIT_LIST_HEAD(&oap->oap_pending_item); @@ -2323,8 +2323,7 @@ int osc_queue_async_io(const struct lu_env *env, struct cl_io *io, /* Set the OBD_BRW_SRVLOCK before the page is queued. */ brw_flags |= ops->ops_srvlock ? OBD_BRW_SRVLOCK : 0; - if (!client_is_remote(osc_export(osc)) && - cfs_capable(CFS_CAP_SYS_RESOURCE)) { + if (cfs_capable(CFS_CAP_SYS_RESOURCE)) { brw_flags |= OBD_BRW_NOQUOTA; cmd |= OBD_BRW_NOQUOTA; } diff --git a/lustre/osc/osc_page.c b/lustre/osc/osc_page.c index 4f2e01b..ce87082 100644 --- a/lustre/osc/osc_page.c +++ b/lustre/osc/osc_page.c @@ -428,7 +428,6 @@ void osc_page_submit(const struct lu_env *env, struct osc_page *opg, enum cl_req_type crt, int brw_flags) { struct osc_async_page *oap = &opg->ops_oap; - struct osc_object *obj = oap->oap_obj; LINVRNT(osc_page_protected(env, opg, crt == CRT_WRITE ? CLM_WRITE : CLM_READ, 1)); @@ -443,8 +442,7 @@ void osc_page_submit(const struct lu_env *env, struct osc_page *opg, oap->oap_count = opg->ops_to - opg->ops_from; oap->oap_brw_flags = OBD_BRW_SYNC | brw_flags; - if (!client_is_remote(osc_export(obj)) && - cfs_capable(CFS_CAP_SYS_RESOURCE)) { + if (cfs_capable(CFS_CAP_SYS_RESOURCE)) { oap->oap_brw_flags |= OBD_BRW_NOQUOTA; oap->oap_cmd |= OBD_BRW_NOQUOTA; } diff --git a/lustre/ptlrpc/gss/sec_gss.c b/lustre/ptlrpc/gss/sec_gss.c index 9dd7898..1b5b9d1 100644 --- a/lustre/ptlrpc/gss/sec_gss.c +++ b/lustre/ptlrpc/gss/sec_gss.c @@ -2441,7 +2441,6 @@ int gss_svc_accept(struct ptlrpc_sec_policy *policy, struct ptlrpc_request *req) LASSERT (grctx->src_ctx); req->rq_auth_gss = 1; - req->rq_auth_remote = grctx->src_ctx->gsc_remote; req->rq_auth_usr_mdt = grctx->src_ctx->gsc_usr_mds; req->rq_auth_usr_ost = grctx->src_ctx->gsc_usr_oss; req->rq_auth_usr_root = grctx->src_ctx->gsc_usr_root; diff --git a/lustre/ptlrpc/layout.c b/lustre/ptlrpc/layout.c index 111d1d1..04a0da1 100644 --- a/lustre/ptlrpc/layout.c +++ b/lustre/ptlrpc/layout.c @@ -215,7 +215,7 @@ static const struct req_msg_field *mds_reint_create_slave_client[] = { &RMF_DLM_REQ }; -static const struct req_msg_field *mds_reint_create_rmt_acl_client[] = { +static const struct req_msg_field *mds_reint_create_acl_client[] = { &RMF_PTLRPC_BODY, &RMF_REC_REINT, &RMF_CAPA1, @@ -745,10 +745,10 @@ static struct req_format *req_formats[] = { &RQF_MDS_SYNC, &RQF_MDS_CLOSE, &RQF_MDS_INTENT_CLOSE, - &RQF_MDS_READPAGE, - &RQF_MDS_REINT, - &RQF_MDS_REINT_CREATE, - &RQF_MDS_REINT_CREATE_RMT_ACL, + &RQF_MDS_READPAGE, + &RQF_MDS_REINT, + &RQF_MDS_REINT_CREATE, + &RQF_MDS_REINT_CREATE_ACL, &RQF_MDS_REINT_CREATE_SLAVE, &RQF_MDS_REINT_CREATE_SYM, &RQF_MDS_REINT_OPEN, @@ -1369,10 +1369,10 @@ struct req_format RQF_MDS_REINT_CREATE = mds_reint_create_client, mdt_body_capa); EXPORT_SYMBOL(RQF_MDS_REINT_CREATE); -struct req_format RQF_MDS_REINT_CREATE_RMT_ACL = - DEFINE_REQ_FMT0("MDS_REINT_CREATE_RMT_ACL", - mds_reint_create_rmt_acl_client, mdt_body_capa); -EXPORT_SYMBOL(RQF_MDS_REINT_CREATE_RMT_ACL); +struct req_format RQF_MDS_REINT_CREATE_ACL = + DEFINE_REQ_FMT0("MDS_REINT_CREATE_ACL", + mds_reint_create_acl_client, mdt_body_capa); +EXPORT_SYMBOL(RQF_MDS_REINT_CREATE_ACL); struct req_format RQF_MDS_REINT_CREATE_SLAVE = DEFINE_REQ_FMT0("MDS_REINT_CREATE_EA", diff --git a/lustre/ptlrpc/pack_generic.c b/lustre/ptlrpc/pack_generic.c index dc7f535..e520f10 100644 --- a/lustre/ptlrpc/pack_generic.c +++ b/lustre/ptlrpc/pack_generic.c @@ -1953,19 +1953,6 @@ void lustre_swab_obd_quotactl (struct obd_quotactl *q) lustre_swab_obd_dqblk (&q->qc_dqblk); } -void lustre_swab_mdt_remote_perm (struct mdt_remote_perm *p) -{ - __swab32s (&p->rp_uid); - __swab32s (&p->rp_gid); - __swab32s (&p->rp_fsuid); - __swab32s (&p->rp_fsuid_h); - __swab32s (&p->rp_fsgid); - __swab32s (&p->rp_fsgid_h); - __swab32s (&p->rp_access_perm); - __swab32s (&p->rp_padding); -}; -EXPORT_SYMBOL(lustre_swab_mdt_remote_perm); - void lustre_swab_fid2path(struct getinfo_fid2path *gf) { lustre_swab_lu_fid(&gf->gf_fid); diff --git a/lustre/ptlrpc/wiretest.c b/lustre/ptlrpc/wiretest.c index 7247fe6..02d6624 100644 --- a/lustre/ptlrpc/wiretest.c +++ b/lustre/ptlrpc/wiretest.c @@ -1402,8 +1402,6 @@ void lustre_assert_wire_constants(void) OBD_MD_FLXATTRRM); LASSERTF(OBD_MD_FLACL == (0x0000008000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLACL); - LASSERTF(OBD_MD_FLRMTPERM == (0x0000010000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTPERM); LASSERTF(OBD_MD_FLMDSCAPA == (0x0000020000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLMDSCAPA); LASSERTF(OBD_MD_FLOSSCAPA == (0x0000040000000000ULL), "found 0x%.16llxULL\n", @@ -1414,14 +1412,6 @@ void lustre_assert_wire_constants(void) OBD_MD_FLCROSSREF); LASSERTF(OBD_MD_FLGETATTRLOCK == (0x0000200000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLGETATTRLOCK); - LASSERTF(OBD_MD_FLRMTLSETFACL == (0x0001000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTLSETFACL); - LASSERTF(OBD_MD_FLRMTLGETFACL == (0x0002000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTLGETFACL); - LASSERTF(OBD_MD_FLRMTRSETFACL == (0x0004000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTRSETFACL); - LASSERTF(OBD_MD_FLRMTRGETFACL == (0x0008000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTRGETFACL); LASSERTF(OBD_MD_FLDATAVERSION == (0x0010000000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLDATAVERSION); CLASSERT(OBD_FL_INLINEDATA == 0x00000001); @@ -2225,44 +2215,6 @@ void lustre_assert_wire_constants(void) LASSERTF((int)sizeof(((struct mdt_ioepoch *)0)->mio_padding) == 4, "found %lld\n", (long long)(int)sizeof(((struct mdt_ioepoch *)0)->mio_padding)); - /* Checks for struct mdt_remote_perm */ - LASSERTF((int)sizeof(struct mdt_remote_perm) == 32, "found %lld\n", - (long long)(int)sizeof(struct mdt_remote_perm)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_uid) == 0, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_uid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_uid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_uid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_gid) == 4, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_gid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_gid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_gid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_fsuid) == 8, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_fsuid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_fsuid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_fsuid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_fsgid) == 16, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_fsgid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_fsgid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_fsgid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_access_perm) == 24, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_access_perm)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_access_perm) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_access_perm)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_padding) == 28, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_padding)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_padding) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_padding)); - LASSERTF(CFS_SETUID_PERM == 0x00000001UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETUID_PERM); - LASSERTF(CFS_SETGID_PERM == 0x00000002UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETGID_PERM); - LASSERTF(CFS_SETGRP_PERM == 0x00000004UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETGRP_PERM); - LASSERTF(CFS_RMTACL_PERM == 0x00000008UL, "found 0x%.8xUL\n", - (unsigned)CFS_RMTACL_PERM); - LASSERTF(CFS_RMTOWN_PERM == 0x00000010UL, "found 0x%.8xUL\n", - (unsigned)CFS_RMTOWN_PERM); - /* Checks for struct mdt_rec_setattr */ LASSERTF((int)sizeof(struct mdt_rec_setattr) == 136, "found %lld\n", (long long)(int)sizeof(struct mdt_rec_setattr)); diff --git a/lustre/target/tgt_handler.c b/lustre/target/tgt_handler.c index 69ef827..d274d6b 100644 --- a/lustre/target/tgt_handler.c +++ b/lustre/target/tgt_handler.c @@ -835,8 +835,6 @@ EXPORT_SYMBOL(tgt_counter_incr); */ static inline void tgt_init_sec_none(struct obd_connect_data *reply) { - reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT | - OBD_CONNECT_RMT_CLIENT_FORCE); } static int tgt_init_sec_level(struct ptlrpc_request *req) @@ -845,7 +843,6 @@ static int tgt_init_sec_level(struct ptlrpc_request *req) char *client; struct obd_connect_data *data, *reply; int rc = 0; - bool remote; ENTRY; data = req_capsule_client_get(&req->rq_pill, &RMF_CONNECT_DATA); @@ -880,8 +877,7 @@ static int tgt_init_sec_level(struct ptlrpc_request *req) } /* old version case */ - if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT) || - !(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) || + if (unlikely(!(data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) || !(data->ocd_connect_flags & OBD_CONNECT_OSS_CAPA))) { if (tgt->lut_sec_level > LUSTRE_SEC_NONE) { CWARN("client %s -> target %s uses old version, " @@ -897,46 +893,18 @@ static int tgt_init_sec_level(struct ptlrpc_request *req) } } - remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT_FORCE; - if (remote) { - if (!req->rq_auth_remote) - CDEBUG(D_SEC, "client (local realm) %s -> target %s " - "asked to be remote.\n", client, tgt_name(tgt)); - } else if (req->rq_auth_remote) { - remote = true; - CDEBUG(D_SEC, "client (remote realm) %s -> target %s is set " - "as remote by default.\n", client, tgt_name(tgt)); + if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_uid))) { + CDEBUG(D_SEC, "client %s -> target %s: user is not " + "authenticated!\n", client, tgt_name(tgt)); + RETURN(-EACCES); } - if (remote == 0) { - if (!uid_valid(make_kuid(&init_user_ns, req->rq_auth_uid))) { - CDEBUG(D_SEC, "client %s -> target %s: user is not " - "authenticated!\n", client, tgt_name(tgt)); - RETURN(-EACCES); - } - } - - switch (tgt->lut_sec_level) { case LUSTRE_SEC_NONE: - if (remote) { - CDEBUG(D_SEC, - "client %s -> target %s is set as remote, " - "can not run under security level %d.\n", - client, tgt_name(tgt), tgt->lut_sec_level); - RETURN(-EACCES); - } - tgt_init_sec_none(reply); - break; case LUSTRE_SEC_REMOTE: - if (!remote) - tgt_init_sec_none(reply); + tgt_init_sec_none(reply); break; case LUSTRE_SEC_ALL: - if (remote) - break; - reply->ocd_connect_flags &= ~(OBD_CONNECT_RMT_CLIENT | - OBD_CONNECT_RMT_CLIENT_FORCE); reply->ocd_connect_flags &= ~OBD_CONNECT_OSS_CAPA; reply->ocd_connect_flags &= ~OBD_CONNECT_MDS_CAPA; break; @@ -1990,8 +1958,6 @@ out_commitrw: /* Must commit after prep above in all cases */ rc = obd_commitrw(tsi->tsi_env, OBD_BRW_READ, exp, &repbody->oa, 1, ioo, remote_nb, npages, local_nb, rc); - if (rc == 0) - tgt_drop_id(exp, &repbody->oa); out_lock: tgt_brw_unlock(ioo, remote_nb, &lockh, LCK_PR); @@ -2285,8 +2251,6 @@ skip_transfer: } LASSERT(j == npages); ptlrpc_lprocfs_brw(req, nob); - - tgt_drop_id(exp, &repbody->oa); } out_lock: tgt_brw_unlock(ioo, remote_nb, &lockh, LCK_PW); diff --git a/lustre/tests/Makefile.am b/lustre/tests/Makefile.am index 50ce363..31419a09 100644 --- a/lustre/tests/Makefile.am +++ b/lustre/tests/Makefile.am @@ -47,15 +47,11 @@ nobase_noinst_SCRIPTS += racer/file_link.sh racer/file_rename.sh racer/file_syml nobase_noinst_SCRIPTS += racer/dir_remote.sh racer/dir_migrate.sh racer/file_chmod.sh nobase_noinst_SCRIPTS += racer/file_chown.sh racer/file_delxattr.sh racer/file_getxattr.sh nobase_noinst_SCRIPTS += racer/file_mknod.sh racer/file_setxattr.sh racer/file_truncate.sh -nobase_noinst_SCRIPTS += rmtacl/make-tree rmtacl/run nobase_noinst_SCRIPTS += posix/posix.cfg nobase_noinst_DATA = acl/cp.test acl/getfacl-noacl.test acl/inheritance.test nobase_noinst_DATA += acl/misc.test acl/permissions.test acl/setfacl.test nobase_noinst_DATA += acl/974.test acl/974_remote.test nobase_noinst_DATA += acl/2561.test acl/2561_zfs.test acl/4924.test -nobase_noinst_DATA += rmtacl/misc.test rmtacl/permissions.test -nobase_noinst_DATA += rmtacl/setfacl.test rmtacl/cp.test -nobase_noinst_DATA += rmtacl/getfacl-noacl.test rmtacl/inheritance.test nobase_noinst_DATA += clientapi/simple_test.c EXTRA_DIST = $(noinst_SCRIPTS) $(noinst_DATA) \ diff --git a/lustre/tests/rmtacl/README b/lustre/tests/rmtacl/README deleted file mode 100644 index aa5230b..0000000 --- a/lustre/tests/rmtacl/README +++ /dev/null @@ -1 +0,0 @@ -- adapt based on test/acl/ diff --git a/lustre/tests/rmtacl/cp.test b/lustre/tests/rmtacl/cp.test deleted file mode 100644 index 2384dac..0000000 --- a/lustre/tests/rmtacl/cp.test +++ /dev/null @@ -1,50 +0,0 @@ -The "lfs cp" utility should only copy ACLs if `-p' is given. - - $ umask 022 - $ mkdir d - $ cd d - $ touch f - $ lfs lsetfacl -m u:bin:rw f - $ lfs ls -l f | awk -- '{ print $1 }' - > -rw-rw-r--+ - - $ lfs cp f g - $ lfs ls -l g | awk -- '{ print $1 }' - > -rw-r--r-- - - $ rm g - $ lfs cp -p f g - $ lfs ls -l f | awk -- '{ print $1 }' - > -rw-rw-r--+ - - $ mkdir h - $ echo blubb > h/x - $ lfs cp -rp h i - $ cat i/x - > blubb - - $ rm -r i - -Use to be "$lfs lsetfacl -R -m u:bin:rwX h", but RHEL4 uncorrectly set the x flag, -so we change to the following test - - $ lfs lsetfacl -R -m u:bin:rwx h - $ lfs lgetfacl --omit-header h/x - > user::rw- - > user:bin:rwx - > group::r-- - > mask::rwx - > other::r-- - > - - $ lfs cp -rp h i - $ lfs lgetfacl --omit-header i/x - > user::rw- - > user:bin:rwx - > group::r-- - > mask::rwx - > other::r-- - > - - $ cd .. - $ rm -r d diff --git a/lustre/tests/rmtacl/getfacl-noacl.test b/lustre/tests/rmtacl/getfacl-noacl.test deleted file mode 100644 index c449a4a..0000000 --- a/lustre/tests/rmtacl/getfacl-noacl.test +++ /dev/null @@ -1,63 +0,0 @@ -Getfacl utility option parsing tests. This test can be run on a -filesystem with or without ACL support. - - $ mkdir test - $ cd test - $ umask 027 - $ touch x - $ lfs lgetfacl --omit-header x - > user::rw- - > group::r-- - > other::--- - > - - $ lfs lgetfacl --omit-header --access x - > user::rw- - > group::r-- - > other::--- - > - - $ lfs lgetfacl --omit-header -d x - $ lfs lgetfacl --omit-header -d . - $ lfs lgetfacl --omit-header -d / - > getfacl: Removing leading '/' from absolute path names - - $ lfs lgetfacl --skip-base x - $ lfs lgetfacl --omit-header --all-effective x - > user::rw- - > group::r-- - > other::--- - > - - $ lfs lgetfacl --omit-header --no-effective x - > user::rw- - > group::r-- - > other::--- - > - - $ mkdir d - $ touch d/y - $ ln -s d l -The result of "lfs lgetfacl -dR . | grep file | sort" is related with -the dentry item order in parent directory. Such order depends on -FS implementation. Fix with -P (--physical) option. -# $ lfs lgetfacl -dR . | grep file | sort - $ lfs lgetfacl -dRP . | grep file | sort - > # file: . - > # file: d - > # file: d/y - > # file: x - - $ ln -s l ll -# $ lfs lgetfacl -dLR ll | grep file | sort -# (rhel4) -# > # file: ll -# > # file: ll/y -# (rhel5) -# > # file: l -# > # file: l/y - - $ rm l ll x - $ rm -rf d - $ cd .. - $ rmdir test diff --git a/lustre/tests/rmtacl/inheritance.test b/lustre/tests/rmtacl/inheritance.test deleted file mode 100644 index 40d25cb..0000000 --- a/lustre/tests/rmtacl/inheritance.test +++ /dev/null @@ -1,131 +0,0 @@ -ACL inheritance test. Run these tests on a filesystem with ACL support. - - - $ id -u - > 0 - - $ mkdir d - $ lfs lsetfacl -d -m group:bin:r-x d - $ lfs lgetfacl d - > # file: d - > # owner: root - > # group: root - > user::rwx - > group::r-x - > other::r-x - > default:user::rwx - > default:group::r-x - > default:group:bin:r-x - > default:mask::r-x - > default:other::r-x - > - - $ mkdir d/subdir - $ lfs lgetfacl d/subdir - > # file: d/subdir - > # owner: root - > # group: root - > user::rwx - > group::r-x - > group:bin:r-x - > mask::r-x - > other::r-x - > default:user::rwx - > default:group::r-x - > default:group:bin:r-x - > default:mask::r-x - > default:other::r-x - > - - $ touch d/f - $ lfs ls -l d/f | awk -- '{ print $1 }' - > -rw-r--r--+ - $ lfs lgetfacl d/f - > # file: d/f - > # owner: root - > # group: root - > user::rw- - > group::r-x #effective:r-- - > group:bin:r-x #effective:r-- - > mask::r-- - > other::r-- - > - - $ su bin - $ echo i >> d/f - > d/f: Permission denied - -Changed by CFS: (1). reduce the tree level to 2 (for shortening -time of local tests). (2). add one more lfs lgetfacl test since dir -might be distributed around MDS's. - - $ su - $ rm d/f - $ rmdir d/subdir - $ mv d tree - $ ./make-tree - $ lfs lgetfacl tree/dir0/dir5/file4 - > # file: tree/dir0/dir5/file4 - > # owner: root - > # group: root - > user::rw- - > group::r-x #effective:r-- - > group:bin:r-x #effective:r-- - > mask::r-- - > other::r-- - > - $ lfs lgetfacl tree/dir0/dir6/file4 - > # file: tree/dir0/dir6/file4 - > # owner: root - > # group: root - > user::rw- - > group::r-x #effective:r-- - > group:bin:r-x #effective:r-- - > mask::r-- - > other::r-- - > - $ echo i >> tree/dir6/dir2/file2 - $ echo i > tree/dir1/f - $ lfs ls -l tree/dir1/f | awk -- '{ print $1 }' - > -rw-r--r--+ -in following item, the error message is dependant on distributions. -success on FC3, but not on FC2 and SLES3 etc. comment out by CFS. -# $ su bin -# $ echo i > tree/dir6/dir2/f -# > tree/dir6/dir2/f: No such file or directory -# $ su - - $ rm -rf tree - - -Original scripts, comment out by CFS. -# -# $ su -# $ rm d/f -# $ rmdir d/subdir -# $ mv d tree -# $ ./make-tree -# $ lfs lgetfacl tree/dir0/dir5/dir7/file4 -# > # file: tree/dir0/dir5/dir7/file4 -# > # owner: root -# > # group: root -# > user::rw- -# > group::r-x #effective:r-- -# > group:bin:r-x #effective:r-- -# > mask::r-- -# > other::r-- -# > -# $ echo i >> tree/dir6/dir2/dir1/file2 -# $ echo i > tree/dir1/f -# $ lfs ls -l tree/dir1/f | awk -- '{ print $1 }' -# > -rw-r--r--+ -# $ su bin -# $ echo i > tree/dir6/dir2/f -# > tree/dir6/dir2/f: No such file or directory -# $ su -# -# $ rm -rf tree - - - - diff --git a/lustre/tests/rmtacl/make-tree b/lustre/tests/rmtacl/make-tree deleted file mode 100755 index 6ade51d..0000000 --- a/lustre/tests/rmtacl/make-tree +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# reduce LEVELS from 3 => 2 by CFS -LEVELS=2 ; [ -z "$1" ] || LEVELS=$1 -DIRS=10 ; [ -z "$2" ] || DIRS=$2 -FILES=10 ; [ -z "$2" ] || FILES=$3 -NUMBER_OF_ACLS=50 ; [ -z "$3" ] || NUMBER_OF_ACLS=$4 - -function random_dir() { - mkdir -p $1 - #lfs lsetfacl -s "u::rwx,u:$[($RANDOM % $NUMBER_OF_ACLS)+1000]:rwx,g::rx,o:-" $1 -} - -function random_file() { - touch $1 - #lfs lsetfacl -s "u::rw,u:$[($RANDOM % $NUMBER_OF_ACLS)+1000]:rw,g::r,o:-" $1 -} - -function create () { - local LEVEL=$1 - if [ $LEVEL -eq 0 ]; then - local I=0 - while [ $I -lt $FILES ]; do - random_file file$I - I=$[$I+1] - done - else - local I=0 - while [ $I -lt $DIRS ]; do - random_dir dir$I - cd dir$I - create $[$LEVEL-1] - cd .. - I=$[$I+1] - done - fi - return -} - -mkdir -p tree -cd tree -create $LEVELS -cd .. -exit 0 - diff --git a/lustre/tests/rmtacl/misc.test b/lustre/tests/rmtacl/misc.test deleted file mode 100644 index 635be8f..0000000 --- a/lustre/tests/rmtacl/misc.test +++ /dev/null @@ -1,431 +0,0 @@ -Pretty comprehensive ACL tests. - -This must be run on a filesystem with ACL support. Also, you will need -two dummy users (bin and daemon) and a dummy group (daemon). - - $ umask 027 - $ touch f - -Only change a base ACL: - $ lfs lsetfacl -m u::r f - $ lfs lsetfacl -m u::rw,u:bin:rw f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw----+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > group::r-- - > mask::rw- - > other::--- - > - - $ rm f - $ umask 022 - $ touch f - $ lfs lsetfacl -m u:bin:rw f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw-r--+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > group::r-- - > mask::rw- - > other::r-- - > - - $rm f - $ umask 027 - $ mkdir d - $ lfs lsetfacl -m u:bin:rwx d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwx---+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:rwx - > group::r-x - > mask::rwx - > other::--- - > - - $ rmdir d - $ umask 022 - $ mkdir d - $ lfs lsetfacl -m u:bin:rwx d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwxr-x+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:rwx - > group::r-x - > mask::rwx - > other::r-x - > - - $ rmdir d - - -Multiple users - - $ umask 022 - $ touch f - $ lfs lsetfacl -m u:bin:rw,u:daemon:r f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw-r--+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > user:daemon:r-- - > group::r-- - > mask::rw- - > other::r-- - > - -Multiple groups - - $ lfs lsetfacl -m g:users:rw,g:daemon:r f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw-r--+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > user:daemon:r-- - > group::r-- - > group:daemon:r-- - > group:users:rw- - > mask::rw- - > other::r-- - > - -Remove one group - - $ lfs lsetfacl -x g:users f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw-r--+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > user:daemon:r-- - > group::r-- - > group:daemon:r-- - > mask::rw- - > other::r-- - > - -Remove one user - - $ lfs lsetfacl -x u:daemon f - $ lfs ls -dl f | awk '{print $1}' - > -rw-rw-r--+ - - $ lfs lgetfacl --omit-header f - > user::rw- - > user:bin:rw- - > group::r-- - > group:daemon:r-- - > mask::rw- - > other::r-- - > - - $ rm f - -Default ACL - - $ umask 027 - $ mkdir d - $ lfs lsetfacl -m u:bin:rwx,u:daemon:rw,d:u:bin:rwx,d:m:rx d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwx---+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:rwx - > user:daemon:rw- - > group::r-x - > mask::rwx - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > - -Umask now ignored? - - $ umask 027 - $ touch d/f - $ lfs ls -dl d/f | awk '{print $1}' - > -rw-r-----+ - - $ lfs lgetfacl --omit-header d/f - > user::rw- - > user:bin:rwx #effective:r-- - > group::r-x #effective:r-- - > mask::r-- - > other::--- - > - - $ rm d/f - $ umask 022 - $ touch d/f - $ lfs ls -dl d/f | awk '{print $1}' - > -rw-r-----+ - - $ lfs lgetfacl --omit-header d/f - > user::rw- - > user:bin:rwx #effective:r-- - > group::r-x #effective:r-- - > mask::r-- - > other::--- - > - - $ rm d/f - -Default ACL copying - - $ umask 000 - $ mkdir d/d - $ lfs ls -dl d/d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d/d - > user::rwx - > user:bin:rwx #effective:r-x - > group::r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > - - $ rmdir d/d - $ umask 022 - $ mkdir d/d - $ lfs ls -dl d/d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d/d - > user::rwx - > user:bin:rwx #effective:r-x - > group::r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > - -Add some users and groups - - $ lfs lsetfacl -nm u:daemon:rx,d:u:daemon:rx,g:users:rx,g:daemon:rwx d/d - $ lfs ls -dl d/d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d/d - > user::rwx - > user:bin:rwx #effective:r-x - > user:daemon:r-x - > group::r-x - > group:daemon:rwx #effective:r-x - > group:users:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:user:daemon:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > - -Symlink in directory with default ACL? - - $ ln -s d d/l - $ lfs ls -dl d/l | awk '{print $1}' - > lrwxrwxrwx - - $ lfs ls -dl -L d/l | awk '{print $1}' - > drwxr-x---+ - -# XXX:there is an issue with getfacl dealing symbol link -# $ lfs lgetfacl --omit-header d/l - $ cd d - $ lfs lgetfacl --omit-header l - > user::rwx - > user:bin:rwx #effective:r-x - > user:daemon:r-x - > group::r-x - > group:daemon:rwx #effective:r-x - > group:users:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:user:daemon:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > -# XXX - $ cd .. - - $ rm d/l - -Does mask manipulation work? - - $ lfs lsetfacl -m g:daemon:rx,u:bin:rx d/d - $ lfs ls -dl d/d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d/d - > user::rwx - > user:bin:r-x - > user:daemon:r-x - > group::r-x - > group:daemon:r-x - > group:users:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx #effective:r-x - > default:user:daemon:r-x - > default:group::r-x - > default:mask::r-x - > default:other::--- - > - - $ lfs lsetfacl -m d:u:bin:rwx d/d - $ lfs ls -dl d/d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d/d - > user::rwx - > user:bin:r-x - > user:daemon:r-x - > group::r-x - > group:daemon:r-x - > group:users:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:rwx - > default:user:daemon:r-x - > default:group::r-x - > default:mask::rwx - > default:other::--- - > - - $ rmdir d/d - -Remove the default ACL - - $ lfs lsetfacl -k d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwx---+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:rwx - > user:daemon:rw- - > group::r-x - > mask::rwx - > other::--- - > - -Reset to base entries - - $ lfs lsetfacl -b d - $ lfs ls -dl d | awk '{print $1}' - > drwxr-x--- - - $ lfs lgetfacl --omit-header d - > user::rwx - > group::r-x - > other::--- - > - -Now, chmod should change the group_obj entry - - $ chmod 775 d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwxr-x - - $ lfs lgetfacl --omit-header d - > user::rwx - > group::rwx - > other::r-x - > - - $ rmdir d - $ umask 002 - $ mkdir d - $ lfs lsetfacl -m u:daemon:rwx,u:bin:rx,d:u:daemon:rwx,d:u:bin:rx d - $ lfs ls -dl d | awk '{print $1}' - > drwxrwxr-x+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:r-x - > user:daemon:rwx - > group::rwx - > mask::rwx - > other::r-x - > default:user::rwx - > default:user:bin:r-x - > default:user:daemon:rwx - > default:group::rwx - > default:mask::rwx - > default:other::r-x - > - - $ chmod 750 d - $ lfs ls -dl d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:r-x - > user:daemon:rwx #effective:r-x - > group::rwx #effective:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:r-x - > default:user:daemon:rwx - > default:group::rwx - > default:mask::rwx - > default:other::r-x - > - - $ chmod 750 d - $ lfs ls -dl d | awk '{print $1}' - > drwxr-x---+ - - $ lfs lgetfacl --omit-header d - > user::rwx - > user:bin:r-x - > user:daemon:rwx #effective:r-x - > group::rwx #effective:r-x - > mask::r-x - > other::--- - > default:user::rwx - > default:user:bin:r-x - > default:user:daemon:rwx - > default:group::rwx - > default:mask::rwx - > default:other::r-x - > - - $ rmdir d diff --git a/lustre/tests/rmtacl/permissions.test b/lustre/tests/rmtacl/permissions.test deleted file mode 100644 index b7cb587..0000000 --- a/lustre/tests/rmtacl/permissions.test +++ /dev/null @@ -1,284 +0,0 @@ -This script tests if file permissions are properly checked with and -without ACLs. The script must be run as root to allow switching users. -The following users are required. They must be a member in the groups -listed in parentheses. - - bin (bin) - daemon (bin, daemon) - - -Cry immediately if we are not running as root. - - $ id -u - > 0 - - -First, set up a temporary directory and create a regular file with -defined permissions. - - $ mkdir d - $ cd d - $ umask 027 - $ touch f - $ lfs ls -l f | awk -- '{ print $1, $3, $4 }' - > -rw-r----- root root - - -Make sure root has access to the file. Verify that user daemon does not -have access to the file owned by root. - - $ echo root > f - - $ su daemon - $ echo daemon >> f - > f: Permission denied - - $ su - - -Now, change the ownership of the file to bin:bin and verify that this -gives user bin write access. - - $ chown bin:bin f - $ lfs ls -l f | awk -- '{ print $1, $3, $4 }' - > -rw-r----- bin bin - $ su bin - $ echo bin >> f - - -User daemon is a member in the owning group, which has only read access. -Verify this. - - $ su daemon - $ cat f - > root - > bin - - $ echo daemon >> f - > f: Permission denied - - -Now, add an ACL entry for user daemon that grants him rw- access. File -owners and users capable of CAP_FOWNER are allowed to change ACLs. - - $ su bin - $ lfs lsetfacl -m u:daemon:rw f - $ lfs lgetfacl --omit-header f - > user::rw- - > user:daemon:rw- - > group::r-- - > mask::rw- - > other::--- - > - - -Verify that the additional ACL entry grants user daemon write access. - - $ su daemon - $ echo daemon >> f - $ cat f - > root - > bin - > daemon - - -Remove write access from the group class permission bits, and -verify that this masks daemon's write permission. - - $ su bin - $ chmod g-w f - $ lfs lgetfacl --omit-header f - > user::rw- - > user:daemon:rw- #effective:r-- - > group::r-- - > mask::r-- - > other::--- - > - - $ su daemon - $ echo daemon >> f - > f: Permission denied - - -Add an entry for group daemon with rw- access, and change the -permissions for user daemon to r--. Also change the others permissions t -rw-. The user entry should take precedence, so daemon should be denied -access. - - $ su bin - $ lfs lsetfacl -m u:daemon:r,g:daemon:rw-,o::rw- f - - $ su daemon - $ echo daemon >> f - > f: Permission denied - - -Remove the entry for user daemon. The group daemon permissions should -now give user daemon rw- access. - - $ su bin - $ lfs lsetfacl -x u:daemon f - - $ su daemon - $ echo daemon2 >> f - $ cat f - > root - > bin - > daemon - > daemon2 - - -Set the group daemon permissions to r-- and verify that after than, user -daemon does not have write access anymore. - - $ su bin - $ lfs lsetfacl -m g:daemon:r f - - $ su daemon - $ echo daemon3 >> f - > f: Permission denied - - -Now, remove the group daemon entry. Because user daemon is a member in -the owning group, he should still have no write access. - - $ su bin - $ lfs lsetfacl -x g:daemon f - - $ su daemon - $ echo daemon4 >> f - > f: Permission denied - - -Change the owning group. The other permissions should now grant user -daemon write access. - - $ su - $ chgrp root f - - $ su daemon - $ echo daemon5 >> f - $ cat f - > root - > bin - > daemon - > daemon2 - > daemon5 - - -Verify that permissions in separate matching ACL entries do not -accumulate. - - $ su - $ lfs lsetfacl -m g:bin:r,g:daemon:w f - - $ su daemon - $ : < f # open for reading - $ : > f # open for writing - $ : <> f # open for read-write - > f: Permission denied - - -Test if directories can have ACLs. We assume that only one access check -algorithm is used for all file types the file system, so these tests -only need to verify that ACL permissions make a difference. - - $ su - $ mkdir -m 750 e - $ touch e/h - - $ su bin - $ shopt -s nullglob ; echo e/* - > - - $ echo i > e/i - > e/i: Permission denied - - $ su - $ lfs lsetfacl -m u:bin:rx e - - $ su bin - $ echo e/* - > e/h -following 2 lines seems not valid, which also failed on ext3 in FC3 enviroment, -although it pass in FC2. commented out by CFS (agreed with HP) -Replaced "echo" with "touch" can resolve such problem. -# $ echo i > e/i -# > e/i: Permission denied - $ touch e/i - > touch: cannot touch `e/i': Permission denied - - $ su - $ lfs lsetfacl -m u:bin:rwx e - - $ su bin - $ echo i > e/i - - -Test if symlinks are properly followed. - - $ su - $ touch g - $ ln -s g l - $ lfs lsetfacl -m u:bin:rw l - $ lfs ls -l g | awk -- '{ print $1, $3, $4 }' - > -rw-rw----+ root root - - -Test if ACLs are effective for block and character special files, fifos, -sockets. This is done by creating special files locally. The devices do -not need to exist: The access check is earlier in the code path than the -test if the device exists. - - - $ mknod -m 0660 hdt b 91 64 # /dev/hdt - $ mknod -m 0660 null c 1 3 # /dev/null - $ mkfifo -m 0660 fifo - - $ su bin - $ : < hdt - > hdt: Permission denied - $ : < null - > null: Permission denied - $ : < fifo - > fifo: Permission denied - - $ su - $ lfs lsetfacl -m u:bin:rw hdt null fifo - - $ su bin - $ : < hdt - > hdt: No such device or address - $ : < null - $ ( echo blah > fifo & ) ; cat fifo - > blah - - -Test if CAP_FOWNER is properly honored for directories. This addresses a -specific bug in XFS 1.2, which does not grant root access to files in -directories if the file has an ACL and only CAP_FOWNER would grant them. - - $ su - $ mkdir -m 600 x - $ chown daemon:daemon x - $ echo j > x/j - $ lfs ls -l x/j | awk -- '{ print $1, $3, $4 }' - > -rw-r----- root root - - $ lfs lsetfacl -m u:daemon:r x - - $ lfs ls -l x/j | awk -- '{ print $1, $3, $4 }' - > -rw-r----- root root - (With the bug this gives: `ls: x/j: Permission denied'.) - - $ echo k > x/k - (With the bug this gives: `x/k: Permission denied'.) - - $ chmod 750 x - - -Clean up. - - $ su - $ cd .. - $ rm -rf d diff --git a/lustre/tests/rmtacl/run b/lustre/tests/rmtacl/run deleted file mode 100755 index cfc8c05..0000000 --- a/lustre/tests/rmtacl/run +++ /dev/null @@ -1,275 +0,0 @@ -#!/usr/bin/perl -w -U - -# -# Possible improvements: -# -# - distinguish stdout and stderr output -# - add environment variable like assignments -# - run up to a specific line -# - resume at a specific line -# - -use strict; -use FileHandle; -use Getopt::Std; -use POSIX qw(isatty setuid); -use vars qw($opt_v); - -no warnings qw(taint); - -getopts('v'); - -my ($OK, $FAILED) = ("ok", "failed"); -if (isatty(fileno(STDOUT))) { - $OK = "\033[32m" . $OK . "\033[m"; - $FAILED = "\033[31m\033[1m" . $FAILED . "\033[m"; -} - -sub exec_test($$); -sub process_test($$$$); - -my ($prog, $in, $out) = ([], [], []); -my $line_number = 0; -my $prog_line; -my ($tests, $failed) = (0,0); - -for (;;) { - my $line = <>; $line_number++; - if (defined $line) { - # Substitute %VAR and %{VAR} with environment variables. - $line =~ s[%(?:(\w+)|\{(\w+)\})][$ENV{"$1$2"}]eg; - } - if (defined $line) { - if ($line =~ s/^\s*< ?//) { - push @$in, $line; - } elsif ($line =~ s/^\s*> ?//) { - push @$out, $line; - } else { - process_test($prog, $prog_line, $in, $out); - - $prog = []; - $prog_line = 0; - } - if ($line =~ s/^\s*\$ ?//) { - $line =~ s/\s+#.*//; # remove comments here... - $prog = [ map { s/\\(.)/$1/g; $_ } split /(? @$result) ? @$out : @$result; - for (my $n=0; $n < $nmax; $n++) { - if (!defined($out->[$n]) || !defined($result->[$n]) || - $out->[$n] ne $result->[$n]) { - $good = 0; - } - } - $tests++; - $failed++ unless $good; - print $good ? $OK : $FAILED, "\n"; - if (!$good) { - for (my $n=0; $n < $nmax; $n++) { - my $l = defined($out->[$n]) ? $out->[$n] : "~"; - chomp $l; - my $r = defined($result->[$n]) ? $result->[$n] : "~"; - chomp $r; - print sprintf("%-37s %s %-39s\n", $l, $l eq $r ? "|" : "?", $r); - } - } elsif ($opt_v) { - print join('', @$result); - } -} - - -sub su($) { - my ($user) = @_; - - $user ||= "root"; - - my ($login, $pass, $uid, $gid) = getpwnam($user) - or return [ "su: user $user does not exist\n" ]; - my @groups = (); - my $fh = new FileHandle("/etc/group") - or return [ "opening /etc/group: $!\n" ]; - while (<$fh>) { - chomp; - my ($group, $passwd, $gid, $users) = split /:/; - foreach my $u (split /,/, $users) { - push @groups, $gid - if ($user eq $u); - } - } - $fh->close; - - my $groups = join(" ", ($gid, $gid, @groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - $> = 0; - $( = $gid; - $) = $groups; - if ($!) { - return [ "su: $!\n" ]; - } - if ($uid != 0) { - $> = $uid; - #$< = $uid; - if ($!) { - return [ "su: $prog->[1]: $!\n" ]; - } - } - #print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub sg($) { - my ($group) = @_; - - my $gid = getgrnam($group) - or return [ "sg: group $group does not exist\n" ]; - my %groups = map { $_ eq $gid ? () : ($_ => 1) } (split /\s/, $)); - - #print STDERR "<<", join("/", keys %groups), ">>\n"; - my $groups = join(" ", ($gid, $gid, keys %groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - if ($> != 0) { - my $uid = $>; - $> = 0; - $( = $gid; - $) = $groups; - $> = $uid; - } else { - $( = $gid; - $) = $groups; - } - if ($!) { - return [ "sg: $!\n" ]; - } - print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub exec_test($$) { - my ($prog, $in) = @_; - local (*IN, *IN_DUP, *IN2, *OUT_DUP, *OUT, *OUT2); - my $needs_shell = (join('', @$prog) =~ /[][|<>"'`\$\*\?]/); - - if ($prog->[0] eq "umask") { - umask oct $prog->[1]; - return []; - } elsif ($prog->[0] eq "cd") { - if (!chdir $prog->[1]) { - return [ "chdir: $prog->[1]: $!\n" ]; - } - return []; - } elsif ($prog->[0] eq "su") { - return su($prog->[1]); - } elsif ($prog->[0] eq "sg") { - return sg($prog->[1]); - } - - pipe *IN2, *OUT - or die "Can't create pipe for reading: $!"; - open *IN_DUP, "<&STDIN" - or *IN_DUP = undef; - open *STDIN, "<&IN2" - or die "Can't duplicate pipe for reading: $!"; - close *IN2; - - open *OUT_DUP, ">&STDOUT" - or die "Can't duplicate STDOUT: $!"; - pipe *IN, *OUT2 - or die "Can't create pipe for writing: $!"; - open *STDOUT, ">&OUT2" - or die "Can't duplicate pipe for writing: $!"; - close *OUT2; - - *STDOUT->autoflush(); - *OUT->autoflush(); - - if (fork()) { - # Server - if (*IN_DUP) { - open *STDIN, "<&IN_DUP" - or die "Can't duplicate STDIN: $!"; - close *IN_DUP - or die "Can't close STDIN duplicate: $!"; - } - open *STDOUT, ">&OUT_DUP" - or die "Can't duplicate STDOUT: $!"; - close *OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - - foreach my $line (@$in) { - #print "> $line"; - print OUT $line; - } - close *OUT - or die "Can't close pipe for writing: $!"; - - my $result = []; - while () { - #print "< $_"; - if ($needs_shell) { - s#^/bin/sh: line \d+: ##; - s#^/bin/sh: ##; # temporarily added by ericm - } - push @$result, $_; - } - return $result; - } else { - # Client - $< = $>; - close IN - or die "Can't close read end for input pipe: $!"; - close OUT - or die "Can't close write end for output pipe: $!"; - close OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - local *ERR_DUP; - open ERR_DUP, ">&STDERR" - or die "Can't duplicate STDERR: $!"; - open STDERR, ">&STDOUT" - or die "Can't join STDOUT and STDERR: $!"; - - if ($needs_shell) { - exec ('/bin/sh', '-c', join(" ", @$prog)); - } else { - exec @$prog; - } - print STDERR $prog->[0], ": $!\n"; - exit; - } -} - diff --git a/lustre/tests/rmtacl/setfacl.test b/lustre/tests/rmtacl/setfacl.test deleted file mode 100644 index 14c473a..0000000 --- a/lustre/tests/rmtacl/setfacl.test +++ /dev/null @@ -1,144 +0,0 @@ -Setfacl utility tests. Run these tests on a filesystem with ACL support. - - $ mkdir d - $ chown bin:bin d - $ cd d - - $ su bin - $ sg bin - $ umask 027 - $ touch g - $ lfs ls -dl g | awk '{print $1}' - > -rw-r----- - - $ lfs lsetfacl -m m:- g - $ lfs ls -dl g | awk '{print $1}' - > -rw-------+ - - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rw- - > group::r-- #effective:--- - > mask::--- - > other::--- - > - - $ lfs lsetfacl -x m g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rw- - > group::r-- - > other::--- - > - - $ lfs lsetfacl -m u:daemon:rw g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rw- - > user:daemon:rw- - > group::r-- - > mask::rw- - > other::--- - > - - $ lfs lsetfacl -m u::rwx,g::r-x,o:- g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rwx - > user:daemon:rw- - > group::r-x - > mask::rwx - > other::--- - > - - $ lfs lsetfacl -m u::rwx,g::r-x,o:-,m:- g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rwx - > user:daemon:rw- #effective:--- - > group::r-x #effective:--- - > mask::--- - > other::--- - > - - $ lfs lsetfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rwx - > user:root:--- - > user:daemon:rw- #effective:--- - > group::r-x #effective:--- - > mask::--- - > other::--- - > - - $ lfs lsetfacl -m u::rwx,g::r-x,o:-,u:root:-,m:- g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rwx - > user:root:--- - > user:daemon:rw- #effective:--- - > group::r-x #effective:--- - > mask::--- - > other::--- - > - - $ lfs lsetfacl -m u::rwx,g::r-x,o:-,u:root:- g - $ lfs lgetfacl g - > # file: g - > # owner: bin - > # group: bin - > user::rwx - > user:root:--- - > user:daemon:rw- - > group::r-x - > mask::rwx - > other::--- - > - - $ lfs lsetfacl --test -x u: g - > setfacl: g: Malformed access ACL `user:root:---,user:daemon:rw-,group::r-x,mask::rwx,other::---': Missing or wrong entry at entry 1 - - $ lfs lsetfacl --test -x u:x - > setfacl: Option -x: Invalid argument near character 3 - - $ lfs lsetfacl -m d:u:root:rwx g - > setfacl: g: Only directories can have default ACLs - - $ lfs lsetfacl -x m g - > setfacl: g: Malformed access ACL `user::rwx,user:root:---,user:daemon:rw-,group::r-x,other::---': Missing or wrong entry at entry 5 - lfs lsetfacl --test -m d:u:daemon:rwx lfs lsetfacl - lfs lsetfacl --test -n -m d:u:daemon:rwx lfs lsetfacl - -Check if the mask is properly recalculated - - $ mkdir d - $ lfs lsetfacl --test -m u::rwx,u:bin:rwx,g::r-x,o::--- d - > d: u::rwx,u:bin:rwx,g::r-x,m::rwx,o::---,* - - $ lfs lsetfacl --test -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d - > d: u::rwx,u:bin:rwx,g::r-x,m::---,o::---,* - - $ lfs lsetfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,o::--- d - > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::rwx,d:o::--- - - $ lfs lsetfacl --test -d -m u::rwx,u:bin:rwx,g::r-x,m::---,o::--- d - > d: *,d:u::rwx,d:u:bin:rwx,d:g::r-x,d:m::---,d:o::--- - - $ su - $ cd .. - $ rm -r d diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index 9f3446f..fba1d5c 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -107,16 +107,6 @@ IDENTITY_FLUSH=mdt.$MDT.identity_flush IDENTITY_UPCALL=mdt.$MDT.identity_upcall MDSSECLEVEL=mdt.$MDT.sec_level -# for CLIENT_TYPE -if [ -z "$(lctl get_param -n llite.*.client_type | grep remote 2>/dev/null)" ] -then - CLIENT_TYPE="local" - echo "local client" -else - CLIENT_TYPE="remote" - echo "remote client" -fi - SAVE_PWD=$PWD build_test_filter @@ -164,17 +154,7 @@ test_0() { chmod 0755 $DIR || error "chmod (1)" rm -rf $DIR/$tdir || error "rm (1)" mkdir -p $DIR/$tdir || error "mkdir (1)" - - if [ "$CLIENT_TYPE" = "remote" ]; then - do_facet $SINGLEMDS "echo '* 0 normtown' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - chown $USER0 $DIR/$tdir && error "chown (1)" - do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - else - chown $USER0 $DIR/$tdir || error "chown (2)" - fi - + chown $USER0 $DIR/$tdir || error "chown (2)" $RUNAS_CMD -u $ID0 ls $DIR || error "ls (1)" rm -f $DIR/f0 || error "rm (2)" $RUNAS_CMD -u $ID0 touch $DIR/f0 && error "touch (1)" @@ -188,11 +168,6 @@ test_0() { $RUNAS_CMD -u $ID1 touch $DIR/$tdir/f5 && error "touch (6)" touch $DIR/$tdir/f6 || error "touch (7)" rm -rf $DIR/$tdir || error "rm (3)" - - if [ "$CLIENT_TYPE" = "remote" ]; then - do_facet $SINGLEMDS "rm -f $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - fi } run_test 0 "uid permission =============================" @@ -200,11 +175,6 @@ run_test 0 "uid permission =============================" test_1() { [ $GSS_SUP = 0 ] && skip "without GSS support." && return - if [ "$CLIENT_TYPE" = "remote" ]; then - do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - fi - rm -rf $DIR/$tdir mkdir -p $DIR/$tdir @@ -235,60 +205,6 @@ test_1() { } run_test 1 "setuid/gid =============================" -run_rmtacl_subtest() { - $SAVE_PWD/rmtacl/run $SAVE_PWD/rmtacl/$1.test - return $? -} - -# remote_acl -# for remote client only -test_2 () { - [ "$CLIENT_TYPE" = "local" ] && - skip "remote_acl for remote client only" && return - [ -z "$(lctl get_param -n mdc.*-mdc-*.connect_flags | grep ^acl)" ] && - skip "must have acl enabled" && return - [ -z "$(which setfacl 2>/dev/null)" ] && - skip "could not find setfacl" && return - [ "$UID" != 0 ] && skip "must run as root" && return - - do_facet $SINGLEMDS "echo '* 0 rmtacl,rmtown' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - - sec_login root root - sec_login bin bin - sec_login daemon daemon - sec_login games users - - SAVE_UMASK=$(umask) - umask 0022 - cd $DIR - - echo "performing cp ..." - run_rmtacl_subtest cp || error "cp" - echo "performing getfacl-noacl..." - run_rmtacl_subtest getfacl-noacl || error "getfacl-noacl" - echo "performing misc..." - run_rmtacl_subtest misc || error "misc" - echo "performing permissions..." - run_rmtacl_subtest permissions || error "permissions" - echo "performing setfacl..." - run_rmtacl_subtest setfacl || error "setfacl" - - # inheritance test got from HP - echo "performing inheritance..." - cp $SAVE_PWD/rmtacl/make-tree . - chmod +x make-tree - run_rmtacl_subtest inheritance || error "inheritance" - rm -f make-tree - - cd $SAVE_PWD - umask $SAVE_UMASK - - do_facet $SINGLEMDS "rm -f $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" -} -run_test 2 "rmtacl =============================" - # bug 3285 - supplementary group should always succeed. # NB: the supplementary groups are set for local client only, # as for remote client, the groups of the specified uid on MDT @@ -301,22 +217,15 @@ test_4() { $server_version -lt $(version_code 2.5.50) ]] || { skip "Need MDS version at least 2.6.93 or 2.5.35"; return; } - if [ "$CLIENT_TYPE" = "remote" ]; then - do_facet $SINGLEMDS "echo '* 0 rmtown' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - fi - rm -rf $DIR/$tdir mkdir -p $DIR/$tdir chmod 0771 $DIR/$tdir chgrp $ID0 $DIR/$tdir $RUNAS_CMD -u $ID0 ls $DIR/$tdir || error "setgroups (1)" - if [ "$CLIENT_TYPE" = "local" ]; then - do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF" - do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" - $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir || - error "setgroups (2)" - fi + do_facet $SINGLEMDS "echo '* $ID1 setgrp' > $PERM_CONF" + do_facet $SINGLEMDS "lctl set_param -n $IDENTITY_FLUSH=-1" + $RUNAS_CMD -u $ID1 -G1,2,$ID0 ls $DIR/$tdir || + error "setgroups (2)" $RUNAS_CMD -u $ID1 -G1,2 ls $DIR/$tdir && error "setgroups (3)" rm -rf $DIR/$tdir diff --git a/lustre/tests/setup_kerberos.sh b/lustre/tests/setup_kerberos.sh index b6f9b89..c5d8fb0 100755 --- a/lustre/tests/setup_kerberos.sh +++ b/lustre/tests/setup_kerberos.sh @@ -36,14 +36,10 @@ Usage: $(basename $0) [:MDS_node:.. "RESET_KDC=false". 2) The script will create principals for some runas users and add them into - the Kerberos database by default. The UIDs of the runas users specified in + the Kerberos database by default. The UIDs of the runas users specified in "LOCAL_UIDS" variable need exist on KDC, MDS and Client nodes. If you do not need runas users, please set "CFG_RUNAS=false". - 3) The script will create idmap.conf and perm.conf under /etc/lustre dir on - MDS node for remote ACL by default. If you do not need remote ACL, please - set "CFG_IDMAP=false". - EOF } @@ -74,9 +70,8 @@ ACCEPTOR_PORT=${ACCEPTOR_PORT:-988} # check and configure runas users CFG_RUNAS=${CFG_RUNAS:-true} -# uids for local and remote users +# uids for local users LOCAL_UIDS=${LOCAL_UIDS:-"500 501"} -REMOTE_UIDS=${REMOTE_UIDS:-"500 501"} # for remote ACL testing # remove the original Kerberos and KDC settings RESET_KDC=${RESET_KDC:-true} @@ -99,12 +94,6 @@ KRB5_TICKET_LIFETIME=${KRB5_TICKET_LIFETIME:-"24h"} GSSAPI_MECH_CONF=${GSSAPI_MECH_CONF:-"/etc/gssapi_mech.conf"} REQUEST_KEY_CONF=${REQUEST_KEY_CONF:-"/etc/request-key.conf"} -# create configuration files for remote ACL testing -CFG_IDMAP=${CFG_IDMAP:-true} -LUSTRE_CONF_DIR=${LUSTRE_CONF_DIR:-"/etc/lustre"} -IDMAP_CONF=$LUSTRE_CONF_DIR/idmap.conf -PERM_CONF=$LUSTRE_CONF_DIR/perm.conf - # krb5 realm & domain KRB5_REALM=${KRB5_REALM:-"CO.CFS"} KRB5_DOMAIN=$(echo $KRB5_REALM | tr '[A-Z]' '[a-z]') @@ -324,7 +313,7 @@ check_users() { echo -n "Checking uid/gid $id/$id on $node..." user=$(my_do_node $node getent passwd | grep :$id:$id: | cut -d: -f1) if [ -z "$user" ]; then - echo -e "\nPlease set LOCAL_UIDS and REMOTE_UIDS to some users \ + echo -e "\nPlease set LOCAL_UIDS to some users \ which exist on KDC, MDS and client or add user/group $id/$id on these nodes." return 1 fi @@ -1003,84 +992,6 @@ exit ${PIPESTATUS[0]}) return 0 } -# -# create and install idmap.conf on the MDS -# -cfg_idmap_conf() { - local tmpcfg="$TMP/idmap.conf" - local fqdn - local user - local uid - local client_nids client_nid - local rc - - echo "+++ Installing idmap.conf on MDS" - echo "Getting Client NID..." - client_nids=$(get_client_nids) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $client_nids - return $rc - fi - - rm -f $tmpcfg - if $SPLIT_KEYTAB; then - for fqdn in $MY_CLIENTNODES; do - echo "lustre_root/$fqdn@$KRB5_REALM * 0" >> $tmpcfg - done - else - echo "lustre_root@$KRB5_REALM * 0" >> $tmpcfg - fi - cat <> $tmpcfg -bin@$KRB5_REALM * 1 -daemon@$KRB5_REALM * 2 -games@$KRB5_REALM * 12 -EOF - - for node in $MY_MDSNODES; do - for uid in $LOCAL_UIDS; do - user=$(my_do_node $node getent passwd $uid | cut -d: -f1) - for client_nid in $client_nids; do - echo "$user@$KRB5_REALM $client_nid $uid" >> $tmpcfg - done - done - done - - for node in $MY_MDSNODES; do - my_do_node $node "mkdir -p $LUSTRE_CONF_DIR" || return ${PIPESTATUS[0]} - $SCP $tmpcfg root@$node:$IDMAP_CONF || return ${PIPESTATUS[0]} - done - rm -f $tmpcfg - echo "OK!" -} - -# -# create and install perm.conf on the MDS for remote ACL testing -# -cfg_perm_conf() { - local tmpcfg="$TMP/perm.conf" - local uid - - echo "+++ Installing perm.conf on MDS" - - rm -f $tmpcfg - for node in $MY_MDSNODES; do - my_do_node $node "mkdir -p $LUSTRE_CONF_DIR" || return ${PIPESTATUS[0]} - - for uid in $LOCAL_UIDS $REMOTE_UIDS; do - if ! grep -q " $uid " $tmpcfg 2>/dev/null; then - echo "* $uid rmtacl" >> $tmpcfg - fi - done - - echo "* 0 setgid" >> $tmpcfg - - $SCP $tmpcfg root@$node:$PERM_CONF || return ${PIPESTATUS[0]} - done - rm -f $tmpcfg - echo "OK!" -} - # ******************************** Main Flow ******************************** # normalize_names || exit ${PIPESTATUS[0]} check_rsh || exit ${PIPESTATUS[0]} @@ -1088,9 +999,6 @@ check_entropy || exit ${PIPESTATUS[0]} if $CFG_RUNAS; then check_users || exit ${PIPESTATUS[0]} -elif $CFG_IDMAP; then - echo "Remote ACL operations need local and remote users!" - exit 1 fi check_kdc || exit ${PIPESTATUS[0]} @@ -1124,9 +1032,4 @@ fi cfg_kdc_princs || exit ${PIPESTATUS[0]} cfg_keytab || exit ${PIPESTATUS[0]} -if $CFG_IDMAP; then - cfg_idmap_conf || exit ${PIPESTATUS[0]} - cfg_perm_conf || exit ${PIPESTATUS[0]} -fi - echo "Complete successfully!" diff --git a/lustre/utils/l_getidentity.c b/lustre/utils/l_getidentity.c index c03c8f7..297a831 100644 --- a/lustre/utils/l_getidentity.c +++ b/lustre/utils/l_getidentity.c @@ -203,8 +203,6 @@ static perm_type_t perm_types[] = { { "setuid", CFS_SETUID_PERM }, { "setgid", CFS_SETGID_PERM }, { "setgrp", CFS_SETGRP_PERM }, - { "rmtacl", CFS_RMTACL_PERM }, - { "rmtown", CFS_RMTOWN_PERM }, { 0 } }; @@ -212,8 +210,6 @@ static perm_type_t noperm_types[] = { { "nosetuid", CFS_SETUID_PERM }, { "nosetgid", CFS_SETGID_PERM }, { "nosetgrp", CFS_SETGRP_PERM }, - { "normtacl", CFS_RMTACL_PERM }, - { "normtown", CFS_RMTOWN_PERM }, { 0 } }; diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c index 60bdab6..8776d2f 100644 --- a/lustre/utils/lfs.c +++ b/lustre/utils/lfs.c @@ -3361,36 +3361,44 @@ static int lfs_flushctx(int argc, char **argv) static int lfs_lsetfacl(int argc, char **argv) { - argv[0]++; - return(llapi_lsetfacl(argc, argv)); + fprintf(stderr, "local client sets facl for remote client.\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_lgetfacl(int argc, char **argv) { - argv[0]++; - return(llapi_lgetfacl(argc, argv)); + fprintf(stderr, "local client gets facl for remote client.\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_rsetfacl(int argc, char **argv) { - argv[0]++; - return(llapi_rsetfacl(argc, argv)); + fprintf(stderr, "remote client sets facl for remote client.\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_rgetfacl(int argc, char **argv) { - argv[0]++; - return(llapi_rgetfacl(argc, argv)); + fprintf(stderr, "remote client gets facl for remote client.\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_cp(int argc, char **argv) { - return(llapi_cp(argc, argv)); + fprintf(stderr, "remote client copy file(s).\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_ls(int argc, char **argv) { - return(llapi_ls(argc, argv)); + fprintf(stderr, "remote client lists directory contents.\n" + "obsolete, does not support it anymore.\n"); + return 0; } static int lfs_changelog(int argc, char **argv) diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c index 9880bd3..e0ed3bb 100644 --- a/lustre/utils/liblustreapi.c +++ b/lustre/utils/liblustreapi.c @@ -3519,317 +3519,6 @@ int llapi_quotactl(char *mnt, struct if_quotactl *qctl) return rc; } -#include -#include -#include -#include -#include -#include - -static int rmtacl_notify(int ops) -{ - FILE *fp; - struct mntent *mnt; - int found = 0, fd = 0, rc = 0; - - fp = setmntent(MOUNTED, "r"); - if (fp == NULL) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, - "error setmntent(%s)", MOUNTED); - return rc; - } - - while (1) { - mnt = getmntent(fp); - if (!mnt) - break; - - if (!llapi_is_lustre_mnt(mnt)) - continue; - - fd = open(mnt->mnt_dir, O_RDONLY | O_DIRECTORY); - if (fd < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, - "Can't open '%s'", mnt->mnt_dir); - goto out; - } - - rc = ioctl(fd, LL_IOC_RMTACL, ops); - close(fd); - if (rc < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, - "ioctl RMTACL on '%s' err %d", - mnt->mnt_dir, rc); - goto out; - } - - found++; - } - -out: - endmntent(fp); - return ((rc != 0) ? rc : found); -} - -static char *next_token(char *p, int div) -{ - if (p == NULL) - return NULL; - - if (div) - while (*p && *p != ':' && !isspace(*p)) - p++; - else - while (*p == ':' || isspace(*p)) - p++; - - return *p ? p : NULL; -} - -static int rmtacl_name2id(char *name, int is_user) -{ - if (is_user) { - struct passwd *pw; - - pw = getpwnam(name); - if (pw == NULL) - return INVALID_ID; - else - return (int)(pw->pw_uid); - } else { - struct group *gr; - - gr = getgrnam(name); - if (gr == NULL) - return INVALID_ID; - else - return (int)(gr->gr_gid); - } -} - -static int isodigit(int c) -{ - return (c >= '0' && c <= '7') ? 1 : 0; -} - -/* - * Whether the name is just digits string (uid/gid) already or not. - * Return value: - * 1: str is id - * 0: str is not id - */ -static int str_is_id(char *str) -{ - if (str == NULL) - return 0; - - if (*str == '0') { - str++; - if (*str == 'x' || *str == 'X') { /* for Hex. */ - if (!isxdigit(*(++str))) - return 0; - - while (isxdigit(*(++str))); - } else if (isodigit(*str)) { /* for Oct. */ - while (isodigit(*(++str))); - } - } else if (isdigit(*str)) { /* for Dec. */ - while (isdigit(*(++str))); - } - - return (*str == 0) ? 1 : 0; -} - -typedef struct { - char *name; - int length; - int is_user; - int next_token; -} rmtacl_name_t; - -#define RMTACL_OPTNAME(name) name, sizeof(name) - 1 - -static rmtacl_name_t rmtacl_namelist[] = { - { RMTACL_OPTNAME("user:"), 1, 0 }, - { RMTACL_OPTNAME("group:"), 0, 0 }, - { RMTACL_OPTNAME("default:user:"), 1, 0 }, - { RMTACL_OPTNAME("default:group:"), 0, 0 }, - /* for --tabular option */ - { RMTACL_OPTNAME("user"), 1, 1 }, - { RMTACL_OPTNAME("group"), 0, 1 }, - { 0 } -}; - -static int rgetfacl_output(char *str) -{ - char *start = NULL, *end = NULL; - int is_user = 0, n, id; - char c; - rmtacl_name_t *rn; - - if (str == NULL) - return -1; - - for (rn = rmtacl_namelist; rn->name; rn++) { - if(strncmp(str, rn->name, rn->length) == 0) { - if (!rn->next_token) - start = str + rn->length; - else - start = next_token(str + rn->length, 0); - is_user = rn->is_user; - break; - } - } - - end = next_token(start, 1); - if (end == NULL || start == end) { - n = printf("%s", str); - return n; - } - - c = *end; - *end = 0; - id = rmtacl_name2id(start, is_user); - if (id == INVALID_ID) { - if (str_is_id(start)) { - *end = c; - n = printf("%s", str); - } else - return -1; - } else if ((id == NOBODY_UID && is_user) || - (id == NOBODY_GID && !is_user)) { - *end = c; - n = printf("%s", str); - } else { - *end = c; - *start = 0; - n = printf("%s%d%s", str, id, end); - } - return n; -} - -static int child_status(int status) -{ - return WIFEXITED(status) ? WEXITSTATUS(status) : -1; -} - -static int do_rmtacl(int argc, char *argv[], int ops, int (output_func)(char *)) -{ - pid_t pid = 0; - int fd[2], status, rc; - FILE *fp; - char buf[PIPE_BUF]; - - if (output_func) { - if (pipe(fd) < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, "Can't create pipe"); - return rc; - } - - pid = fork(); - if (pid < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, "Can't fork"); - close(fd[0]); - close(fd[1]); - return rc; - } else if (!pid) { - /* child process redirects its output. */ - close(fd[0]); - close(1); - if (dup2(fd[1], 1) < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, - "Can't dup2 %d", fd[1]); - close(fd[1]); - return rc; - } - } else { - close(fd[1]); - } - } - - if (!pid) { - status = rmtacl_notify(ops); - if (status < 0) - return -errno; - - exit(execvp(argv[0], argv)); - } - - /* the following is parent process */ - fp = fdopen(fd[0], "r"); - if (fp == NULL) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, "fdopen %d failed", fd[0]); - kill(pid, SIGKILL); - close(fd[0]); - return rc; - } - - while (fgets(buf, PIPE_BUF, fp) != NULL) { - if (output_func(buf) < 0) - fprintf(stderr, "WARNING: unexpected error!\n[%s]\n", - buf); - } - fclose(fp); - close(fd[0]); - - if (waitpid(pid, &status, 0) < 0) { - rc = -errno; - llapi_error(LLAPI_MSG_ERROR, rc, "waitpid %d failed", pid); - return rc; - } - - return child_status(status); -} - -int llapi_lsetfacl(int argc, char *argv[]) -{ - return do_rmtacl(argc, argv, RMT_LSETFACL, NULL); -} - -int llapi_lgetfacl(int argc, char *argv[]) -{ - return do_rmtacl(argc, argv, RMT_LGETFACL, NULL); -} - -int llapi_rsetfacl(int argc, char *argv[]) -{ - return do_rmtacl(argc, argv, RMT_RSETFACL, NULL); -} - -int llapi_rgetfacl(int argc, char *argv[]) -{ - return do_rmtacl(argc, argv, RMT_RGETFACL, rgetfacl_output); -} - -int llapi_cp(int argc, char *argv[]) -{ - int rc; - - rc = rmtacl_notify(RMT_RSETFACL); - if (rc < 0) - return rc; - - exit(execvp(argv[0], argv)); -} - -int llapi_ls(int argc, char *argv[]) -{ - int rc; - - rc = rmtacl_notify(RMT_LGETFACL); - if (rc < 0) - return rc; - - exit(execvp(argv[0], argv)); -} - /* Print mdtname 'name' into 'buf' using 'format'. Add -MDT0000 if needed. * format must have %s%s, buf must be > 16 * Eg: if name = "lustre-MDT0000", "lustre", or "lustre-MDT0000_UUID" diff --git a/lustre/utils/wirecheck.c b/lustre/utils/wirecheck.c index 4eb1638..65831c1 100644 --- a/lustre/utils/wirecheck.c +++ b/lustre/utils/wirecheck.c @@ -636,16 +636,11 @@ check_obdo(void) CHECK_DEFINE_64X(OBD_MD_FLXATTRLS); CHECK_DEFINE_64X(OBD_MD_FLXATTRRM); CHECK_DEFINE_64X(OBD_MD_FLACL); - CHECK_DEFINE_64X(OBD_MD_FLRMTPERM); CHECK_DEFINE_64X(OBD_MD_FLMDSCAPA); CHECK_DEFINE_64X(OBD_MD_FLOSSCAPA); CHECK_DEFINE_64X(OBD_MD_FLCKSPLIT); CHECK_DEFINE_64X(OBD_MD_FLCROSSREF); CHECK_DEFINE_64X(OBD_MD_FLGETATTRLOCK); - CHECK_DEFINE_64X(OBD_MD_FLRMTLSETFACL); - CHECK_DEFINE_64X(OBD_MD_FLRMTLGETFACL); - CHECK_DEFINE_64X(OBD_MD_FLRMTRSETFACL); - CHECK_DEFINE_64X(OBD_MD_FLRMTRGETFACL); CHECK_DEFINE_64X(OBD_MD_FLDATAVERSION); CHECK_CVALUE_X(OBD_FL_INLINEDATA); @@ -1020,25 +1015,6 @@ check_mdt_ioepoch(void) } static void -check_mdt_remote_perm(void) -{ - BLANK_LINE(); - CHECK_STRUCT(mdt_remote_perm); - CHECK_MEMBER(mdt_remote_perm, rp_uid); - CHECK_MEMBER(mdt_remote_perm, rp_gid); - CHECK_MEMBER(mdt_remote_perm, rp_fsuid); - CHECK_MEMBER(mdt_remote_perm, rp_fsgid); - CHECK_MEMBER(mdt_remote_perm, rp_access_perm); - CHECK_MEMBER(mdt_remote_perm, rp_padding); - - CHECK_VALUE_X(CFS_SETUID_PERM); - CHECK_VALUE_X(CFS_SETGID_PERM); - CHECK_VALUE_X(CFS_SETGRP_PERM); - CHECK_VALUE_X(CFS_RMTACL_PERM); - CHECK_VALUE_X(CFS_RMTOWN_PERM); -} - -static void check_mdt_rec_setattr(void) { BLANK_LINE(); @@ -2652,7 +2628,6 @@ main(int argc, char **argv) check_ll_fid(); check_mdt_body(); check_mdt_ioepoch(); - check_mdt_remote_perm(); check_mdt_rec_setattr(); check_mdt_rec_create(); check_mdt_rec_link(); diff --git a/lustre/utils/wiretest.c b/lustre/utils/wiretest.c index 7b817b7..1ae1cdf 100644 --- a/lustre/utils/wiretest.c +++ b/lustre/utils/wiretest.c @@ -1417,8 +1417,6 @@ void lustre_assert_wire_constants(void) OBD_MD_FLXATTRRM); LASSERTF(OBD_MD_FLACL == (0x0000008000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLACL); - LASSERTF(OBD_MD_FLRMTPERM == (0x0000010000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTPERM); LASSERTF(OBD_MD_FLMDSCAPA == (0x0000020000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLMDSCAPA); LASSERTF(OBD_MD_FLOSSCAPA == (0x0000040000000000ULL), "found 0x%.16llxULL\n", @@ -1429,14 +1427,6 @@ void lustre_assert_wire_constants(void) OBD_MD_FLCROSSREF); LASSERTF(OBD_MD_FLGETATTRLOCK == (0x0000200000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLGETATTRLOCK); - LASSERTF(OBD_MD_FLRMTLSETFACL == (0x0001000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTLSETFACL); - LASSERTF(OBD_MD_FLRMTLGETFACL == (0x0002000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTLGETFACL); - LASSERTF(OBD_MD_FLRMTRSETFACL == (0x0004000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTRSETFACL); - LASSERTF(OBD_MD_FLRMTRGETFACL == (0x0008000000000000ULL), "found 0x%.16llxULL\n", - OBD_MD_FLRMTRGETFACL); LASSERTF(OBD_MD_FLDATAVERSION == (0x0010000000000000ULL), "found 0x%.16llxULL\n", OBD_MD_FLDATAVERSION); CLASSERT(OBD_FL_INLINEDATA == 0x00000001); @@ -2240,44 +2230,6 @@ void lustre_assert_wire_constants(void) LASSERTF((int)sizeof(((struct mdt_ioepoch *)0)->mio_padding) == 4, "found %lld\n", (long long)(int)sizeof(((struct mdt_ioepoch *)0)->mio_padding)); - /* Checks for struct mdt_remote_perm */ - LASSERTF((int)sizeof(struct mdt_remote_perm) == 32, "found %lld\n", - (long long)(int)sizeof(struct mdt_remote_perm)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_uid) == 0, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_uid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_uid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_uid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_gid) == 4, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_gid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_gid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_gid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_fsuid) == 8, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_fsuid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_fsuid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_fsuid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_fsgid) == 16, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_fsgid)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_fsgid) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_fsgid)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_access_perm) == 24, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_access_perm)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_access_perm) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_access_perm)); - LASSERTF((int)offsetof(struct mdt_remote_perm, rp_padding) == 28, "found %lld\n", - (long long)(int)offsetof(struct mdt_remote_perm, rp_padding)); - LASSERTF((int)sizeof(((struct mdt_remote_perm *)0)->rp_padding) == 4, "found %lld\n", - (long long)(int)sizeof(((struct mdt_remote_perm *)0)->rp_padding)); - LASSERTF(CFS_SETUID_PERM == 0x00000001UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETUID_PERM); - LASSERTF(CFS_SETGID_PERM == 0x00000002UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETGID_PERM); - LASSERTF(CFS_SETGRP_PERM == 0x00000004UL, "found 0x%.8xUL\n", - (unsigned)CFS_SETGRP_PERM); - LASSERTF(CFS_RMTACL_PERM == 0x00000008UL, "found 0x%.8xUL\n", - (unsigned)CFS_RMTACL_PERM); - LASSERTF(CFS_RMTOWN_PERM == 0x00000010UL, "found 0x%.8xUL\n", - (unsigned)CFS_RMTOWN_PERM); - /* Checks for struct mdt_rec_setattr */ LASSERTF((int)sizeof(struct mdt_rec_setattr) == 136, "found %lld\n", (long long)(int)sizeof(struct mdt_rec_setattr)); -- 1.8.3.1