4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (C) 2013, Trustees of Indiana University
25 * Copyright (c) 2017, Intel Corporation.
27 * Author: Joshua Walgenbach <jjw@iu.edu>
30 #ifndef _LUSTRE_NODEMAP_H
31 #define _LUSTRE_NODEMAP_H
33 #include <uapi/linux/lustre/lustre_idl.h>
35 #define LUSTRE_NODEMAP_NAME "nodemap"
37 #define LUSTRE_NODEMAP_DEFAULT_ID 0
39 static const struct nodemap_rbac_name {
40 enum nodemap_rbac_roles nrn_mode;
42 } nodemap_rbac_names[] = {
43 { NODEMAP_RBAC_FILE_PERMS, "file_perms" },
44 { NODEMAP_RBAC_DNE_OPS, "dne_ops" },
45 { NODEMAP_RBAC_QUOTA_OPS, "quota_ops" },
46 { NODEMAP_RBAC_BYFID_OPS, "byfid_ops" },
47 { NODEMAP_RBAC_CHLG_OPS, "chlg_ops" },
48 { NODEMAP_RBAC_FSCRYPT_ADMIN, "fscrypt_admin" },
52 char npe_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
53 struct proc_dir_entry *npe_proc_entry;
54 struct list_head npe_list_member;
57 /** The nodemap id 0 will be the default nodemap. It will have a configuration
58 * set by the MGS, but no ranges will be allowed as all NIDs that do not map
59 * will be added to the default nodemap
63 /* human readable ID */
64 char nm_name[LUSTRE_NODEMAP_NAME_LENGTH + 1];
65 /* flags to govern nodemap behavior */
66 bool nmf_trust_client_ids:1,
68 nmf_allow_root_access:1,
70 nmf_forbid_encryption:1,
72 /* bitmap for mapping type */
73 enum nodemap_mapping_modes nmf_map_mode;
74 /* bitmap for rbac, enum nodemap_rbac_roles */
75 enum nodemap_rbac_roles nmf_rbac;
76 /* unique ID set by MGS */
78 /* nodemap ref counter */
80 /* UID to squash unmapped UIDs */
82 /* GID to squash unmapped GIDs */
84 /* PROJID to squash unmapped PROJIDs */
85 projid_t nm_squash_projid;
87 struct list_head nm_ranges;
88 /* lock for idmap red/black trees */
89 struct rw_semaphore nm_idmap_lock;
90 /* UID map keyed by local UID */
91 struct rb_root nm_fs_to_client_uidmap;
92 /* UID map keyed by remote UID */
93 struct rb_root nm_client_to_fs_uidmap;
94 /* GID map keyed by local UID */
95 struct rb_root nm_fs_to_client_gidmap;
96 /* GID map keyed by remote UID */
97 struct rb_root nm_client_to_fs_gidmap;
98 /* PROJID map keyed by local UID */
99 struct rb_root nm_fs_to_client_projidmap;
100 /* PROJID map keyed by remote UID */
101 struct rb_root nm_client_to_fs_projidmap;
102 /* attached client members of this nodemap */
103 struct mutex nm_member_list_lock;
104 struct list_head nm_member_list;
105 /* access by nodemap name */
106 struct hlist_node nm_hash;
107 struct nodemap_pde *nm_pde_data;
108 /* fileset the nodes of this nodemap are restricted to */
109 char nm_fileset[PATH_MAX+1];
110 /* information about the expected SELinux policy on the nodes */
111 char nm_sepol[LUSTRE_NODEMAP_SEPOL_LENGTH + 1];
113 /* used when loading/unloading nodemaps */
114 struct list_head nm_list;
117 /* Store handles to local MGC storage to save config locally. In future
118 * versions of nodemap, mgc will receive the config directly and so this might
121 struct nm_config_file {
122 struct local_oid_storage *ncf_los;
123 struct dt_object *ncf_obj;
124 struct list_head ncf_list;
127 void nodemap_activate(const bool value);
128 int nodemap_add(const char *nodemap_name);
129 int nodemap_del(const char *nodemap_name);
130 int nodemap_add_member(lnet_nid_t nid, struct obd_export *exp);
131 void nodemap_del_member(struct obd_export *exp);
132 int nodemap_parse_range(const char *range_string, lnet_nid_t range[2]);
133 int nodemap_parse_idmap(char *idmap_string, __u32 idmap[2]);
134 int nodemap_add_range(const char *name, const lnet_nid_t nid[2]);
135 int nodemap_del_range(const char *name, const lnet_nid_t nid[2]);
136 int nodemap_set_allow_root(const char *name, bool allow_root);
137 int nodemap_set_trust_client_ids(const char *name, bool trust_client_ids);
138 int nodemap_set_deny_unknown(const char *name, bool deny_unknown);
139 int nodemap_set_mapping_mode(const char *name,
140 enum nodemap_mapping_modes map_mode);
141 int nodemap_set_rbac(const char *name, enum nodemap_rbac_roles rbac);
142 int nodemap_set_squash_uid(const char *name, uid_t uid);
143 int nodemap_set_squash_gid(const char *name, gid_t gid);
144 int nodemap_set_squash_projid(const char *name, projid_t projid);
145 int nodemap_set_audit_mode(const char *name, bool enable_audit);
146 int nodemap_set_forbid_encryption(const char *name, bool forbid_encryption);
147 int nodemap_set_readonly_mount(const char *name, bool readonly_mount);
148 bool nodemap_can_setquota(struct lu_nodemap *nodemap, __u32 qc_type, __u32 id);
149 int nodemap_add_idmap(const char *name, enum nodemap_id_type id_type,
151 int nodemap_del_idmap(const char *name, enum nodemap_id_type id_type,
153 int nodemap_set_fileset(const char *name, const char *fileset);
154 char *nodemap_get_fileset(const struct lu_nodemap *nodemap);
155 int nodemap_set_sepol(const char *name, const char *sepol);
156 const char *nodemap_get_sepol(const struct lu_nodemap *nodemap);
157 __u32 nodemap_map_id(struct lu_nodemap *nodemap,
158 enum nodemap_id_type id_type,
159 enum nodemap_tree_type tree_type, __u32 id);
160 ssize_t nodemap_map_acl(struct lu_nodemap *nodemap, void *buf, size_t size,
161 enum nodemap_tree_type tree_type);
162 #ifdef HAVE_SERVER_SUPPORT
163 void nodemap_test_nid(lnet_nid_t nid, char *name_buf, size_t name_len);
165 #define nodemap_test_nid(nid, name_buf, name_len) do {} while(0)
167 int nodemap_test_id(lnet_nid_t nid, enum nodemap_id_type idtype,
168 __u32 client_id, __u32 *fs_id);
170 struct nm_config_file *nm_config_file_register_mgs(const struct lu_env *env,
171 struct dt_object *obj,
172 struct local_oid_storage *los);
174 struct nm_config_file *nm_config_file_register_tgt(const struct lu_env *env,
175 struct dt_device *dev,
176 struct local_oid_storage *los);
177 void nm_config_file_deregister_mgs(const struct lu_env *env,
178 struct nm_config_file *ncf);
179 void nm_config_file_deregister_tgt(const struct lu_env *env,
180 struct nm_config_file *ncf);
181 struct lu_nodemap *nodemap_get_from_exp(struct obd_export *exp);
182 void nodemap_putref(struct lu_nodemap *nodemap);
184 #ifdef HAVE_SERVER_SUPPORT
186 struct nodemap_range_tree {
187 struct interval_tree_root nmrt_range_interval_root;
188 unsigned int nmrt_range_highest_id;
191 struct nodemap_config {
192 /* Highest numerical lu_nodemap.nm_id defined */
193 unsigned int nmc_nodemap_highest_id;
195 /* Simple flag to determine if nodemaps are active */
196 bool nmc_nodemap_is_active;
198 /* Pointer to default nodemap as it is needed more often */
199 struct lu_nodemap *nmc_default_nodemap;
202 * Lock required to access the range tree.
204 struct rw_semaphore nmc_range_tree_lock;
205 struct nodemap_range_tree nmc_range_tree;
208 * Hash keyed on nodemap name containing all
211 struct cfs_hash *nmc_nodemap_hash;
214 struct nodemap_config *nodemap_config_alloc(void);
215 void nodemap_config_dealloc(struct nodemap_config *config);
216 void nodemap_config_set_active_mgc(struct nodemap_config *config);
218 int nodemap_process_idx_pages(struct nodemap_config *config, union lu_page *lip,
219 struct lu_nodemap **recent_nodemap);
221 #else /* disable nodemap processing in MGC of non-servers */
222 static inline int nodemap_process_idx_pages(void *config,
224 struct lu_nodemap **recent_nodemap)
226 #endif /* HAVE_SERVER_SUPPORT */
228 int nodemap_get_config_req(struct obd_device *mgs_obd,
229 struct ptlrpc_request *req);
230 #endif /* _LUSTRE_NODEMAP_H */