lustre/mdt/mdt_identity.c

   1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
   2  * vim:expandtab:shiftwidth=8:tabstop=8:
   3  *
   4  * Copyright (C) 2004-2006 Cluster File Systems, Inc.
   5  *   Author: Lai Siyao <lsy@clusterfs.com>
   6  *   Author: Fan Yong <fanyong@clusterfs.com>
   7  *
   8  *   This file is part of Lustre, http://www.lustre.org.
   9  *
  10  *   Lustre is free software; you can redistribute it and/or
  11  *   modify it under the terms of version 2 of the GNU General Public
  12  *   License as published by the Free Software Foundation.
  13  *
  14  *   Lustre is distributed in the hope that it will be useful,
  15  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *   GNU General Public License for more details.
  18  *
  19  *   You should have received a copy of the GNU General Public License
  20  *   along with Lustre; if not, write to the Free Software
  21  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22  */
  23
  24 #ifndef EXPORT_SYMTAB
  25 #define EXPORT_SYMTAB
  26 #endif
  27 #define DEBUG_SUBSYSTEM S_MDS
  28
  29 #include <linux/config.h>
  30 #include <linux/module.h>
  31 #include <linux/kernel.h>
  32 #include <linux/mm.h>
  33 #include <linux/kmod.h>
  34 #include <linux/string.h>
  35 #include <linux/stat.h>
  36 #include <linux/errno.h>
  37 #include <linux/version.h>
  38 #include <linux/unistd.h>
  39 #include <asm/system.h>
  40 #include <asm/uaccess.h>
  41 #include <linux/fs.h>
  42 #include <linux/stat.h>
  43 #include <asm/uaccess.h>
  44 #include <linux/slab.h>
  45 #include <asm/segment.h>
  46
  47 #include <libcfs/kp30.h>
  48 #include <obd.h>
  49 #include <obd_class.h>
  50 #include <obd_support.h>
  51 #include <lustre_net.h>
  52 #include <lustre_import.h>
  53 #include <lustre_dlm.h>
  54 #include <lustre_lib.h>
  55 #include <lustre_ucache.h>
  56
  57 #include "mdt_internal.h"
  58
  59 static void mdt_identity_entry_init(struct upcall_cache_entry *entry,
  60                                     void *unused)
  61 {
  62         entry->u.identity.mi_uc_entry = entry;
  63 }
  64
  65 static void mdt_identity_entry_free(struct upcall_cache *cache,
  66                                     struct upcall_cache_entry *entry)
  67 {
  68         struct mdt_identity *identity = &entry->u.identity;
  69
  70         if (identity->mi_ginfo)
  71                 groups_free(identity->mi_ginfo);
  72
  73         if (identity->mi_nperms) {
  74                 LASSERT(identity->mi_perms);
  75                 OBD_FREE(identity->mi_perms,
  76                          identity->mi_nperms * sizeof(struct mdt_setxid_perm));
  77         }
  78 }
  79
  80 static int mdt_identity_do_upcall(struct upcall_cache *cache,
  81                                   struct upcall_cache_entry *entry)
  82 {
  83         char keystr[16];
  84         char *argv[] = {
  85                   [0] = cache->uc_upcall,
  86                   [1] = cache->uc_name,
  87                   [2] = keystr,
  88                   [3] = NULL
  89         };
  90         char *envp[] = {
  91                   [0] = "HOME=/",
  92                   [1] = "PATH=/sbin:/usr/sbin",
  93                   [2] = NULL
  94         };
  95         int rc;
  96         ENTRY;
  97
  98         snprintf(keystr, sizeof(keystr), LPU64, entry->ue_key);
  99
 100         LASSERTF(strcmp(cache->uc_upcall, "NONE"), "no upcall set!");
 101         CDEBUG(D_INFO, "The upcall is: %s \n", cache->uc_upcall);
 102
 103         rc = USERMODEHELPER(argv[0], argv, envp);
 104         if (rc < 0) {
 105                 CERROR("%s: error invoking upcall %s %s %s: rc %d; "
 106                        "check /proc/fs/lustre/mdt/%s/identity_upcall\n",
 107                        cache->uc_name, argv[0], argv[1], argv[2], rc,
 108                        cache->uc_name);
 109         } else {
 110                 CDEBUG(D_HA, "%s: invoked upcall %s %s %s\n", cache->uc_name,
 111                        argv[0], argv[1], argv[2]);
 112                 rc = 0;
 113         }
 114         RETURN(rc);
 115 }
 116
 117 static int mdt_identity_parse_downcall(struct upcall_cache *cache,
 118                                        struct upcall_cache_entry *entry,
 119                                        void *args)
 120 {
 121         struct mdt_identity *identity = &entry->u.identity;
 122         struct identity_downcall_data *data = args;
 123         struct group_info *ginfo;
 124         struct mdt_setxid_perm *perms = NULL;
 125         int size, i;
 126         ENTRY;
 127
 128         LASSERT(data);
 129         if (data->idd_ngroups > NGROUPS_MAX)
 130                 return -E2BIG;
 131
 132         ginfo = groups_alloc(data->idd_ngroups);
 133         if (!ginfo) {
 134                 CERROR("failed to alloc %d groups\n", data->idd_ngroups);
 135                 RETURN(-ENOMEM);
 136         }
 137
 138         groups_from_list(ginfo, data->idd_groups);
 139         groups_sort(ginfo);
 140         identity->mi_ginfo = ginfo;
 141
 142         if (data->idd_nperms) {
 143                 size = data->idd_nperms * sizeof(*perms);
 144                 OBD_ALLOC(perms, size);
 145                 if (!perms) {
 146                         CERROR("failed to alloc %d permissions\n",
 147                                data->idd_nperms);
 148                         put_group_info(ginfo);
 149                         RETURN(-ENOMEM);
 150                 }
 151                 for (i = 0; i < data->idd_nperms; i++) {
 152                         perms[i].mp_nid = data->idd_perms[i].pdd_nid;
 153                         perms[i].mp_perm = data->idd_perms[i].pdd_perm;
 154                 }
 155         }
 156
 157         identity->mi_uid = data->idd_uid;
 158         identity->mi_gid = data->idd_gid;
 159         identity->mi_ginfo = ginfo;
 160         identity->mi_nperms = data->idd_nperms;
 161         identity->mi_perms = perms;
 162
 163         CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n",
 164                identity, identity->mi_uid, identity->mi_gid,
 165                identity->mi_ginfo->ngroups, identity->mi_nperms);
 166
 167         RETURN(0);
 168 }
 169
 170 struct mdt_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid)
 171 {
 172         struct upcall_cache_entry *entry;
 173
 174         if (!cache)
 175                 return NULL;
 176
 177         entry = upcall_cache_get_entry(cache, (__u64)uid, NULL);
 178         if (IS_ERR(entry)) {
 179                 CERROR("upcall_cache_get_entry failed: %ld\n", PTR_ERR(entry));
 180                 return NULL;
 181         }
 182
 183         return &entry->u.identity;
 184 }
 185
 186 void mdt_identity_put(struct upcall_cache *cache, struct mdt_identity *identity)
 187 {
 188         if (!cache)
 189                 return;
 190
 191         LASSERT(identity);
 192         upcall_cache_put_entry(cache, identity->mi_uc_entry);
 193 }
 194
 195 struct upcall_cache_ops mdt_identity_upcall_cache_ops = {
 196         .init_entry     = mdt_identity_entry_init,
 197         .free_entry     = mdt_identity_entry_free,
 198         .do_upcall      = mdt_identity_do_upcall,
 199         .parse_downcall = mdt_identity_parse_downcall,
 200 };
 201
 202 void mdt_flush_identity(struct upcall_cache *cache, __u32 uid)
 203 {
 204         if (uid == -1)
 205                 upcall_cache_flush_idle(cache);
 206         else
 207                 upcall_cache_flush_one(cache, (__u64)uid, NULL);
 208 }
 209
 210 __u32 mdt_identity_get_setxid_perm(struct mdt_identity *identity,
 211                                    __u32 is_rmtclient, lnet_nid_t nid)
 212 {
 213         struct mdt_setxid_perm *perm = identity->mi_perms;
 214         int i;
 215
 216         for (i = 0; i < identity->mi_nperms; i++) {
 217                 if ((perm[i].mp_nid != LNET_NID_ANY) && (perm[i].mp_nid != nid))
 218                         continue;
 219                 return perm[i].mp_perm;
 220         }
 221
 222         /* default */
 223         return is_rmtclient ? 0 : LUSTRE_SETGRP_PERM;
 224 }
 225
 226 int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o,
 227                          void *buf)
 228 {
 229         struct ptlrpc_request   *req = mdt_info_req(info);
 230         struct md_ucred         *uc = &info->mti_uc;
 231         struct md_object        *next = mdt_object_child(o);
 232         struct mdt_export_data  *med = mdt_req2med(req);
 233         struct mdt_remote_perm  *perm = buf;
 234
 235         ENTRY;
 236
 237         /* remote client request always pack ptlrpc_user_desc! */
 238         LASSERT(perm);
 239
 240         if (!med->med_rmtclient)
 241                 RETURN(-EBADE);
 242
 243         if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
 244                 RETURN(-EINVAL);
 245
 246         perm->rp_uid = uc->mu_o_uid;
 247         perm->rp_gid = uc->mu_o_gid;
 248         perm->rp_fsuid = uc->mu_o_fsuid;
 249         perm->rp_fsgid = uc->mu_o_fsgid;
 250
 251         perm->rp_access_perm = 0;
 252         if (mo_permission(info->mti_ctxt, next, MAY_READ, uc) == 0)
 253                 perm->rp_access_perm |= MAY_READ;
 254         if (mo_permission(info->mti_ctxt, next, MAY_WRITE, uc) == 0)
 255                 perm->rp_access_perm |= MAY_WRITE;
 256         if (mo_permission(info->mti_ctxt, next, MAY_EXEC, uc) == 0)
 257                 perm->rp_access_perm |= MAY_EXEC;
 258
 259         RETURN(0);
 260 }