4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Use is subject to license terms.
26 * Copyright (c) 2011, 2016, Intel Corporation.
29 * This file is part of Lustre, http://www.lustre.org/
30 * Lustre is a trademark of Sun Microsystems, Inc.
32 * lustre/mdt/mdt_identity.c
34 * Author: Lai Siyao <lsy@clusterfs.com>
35 * Author: Fan Yong <fanyong@clusterfs.com>
38 #define DEBUG_SUBSYSTEM S_MDS
40 #include "mdt_internal.h"
42 static void mdt_identity_entry_init(struct upcall_cache_entry *entry,
45 entry->u.identity.mi_uc_entry = entry;
48 static void mdt_identity_entry_free(struct upcall_cache *cache,
49 struct upcall_cache_entry *entry)
51 struct md_identity *identity = &entry->u.identity;
53 if (identity->mi_ginfo) {
54 put_group_info(identity->mi_ginfo);
55 identity->mi_ginfo = NULL;
58 if (identity->mi_nperms) {
59 LASSERT(identity->mi_perms);
60 OBD_FREE_PTR_ARRAY(identity->mi_perms, identity->mi_nperms);
61 identity->mi_nperms = 0;
65 static int mdt_identity_do_upcall(struct upcall_cache *cache,
66 struct upcall_cache_entry *entry)
70 [0] = cache->uc_upcall,
77 [1] = "PATH=/sbin:/usr/sbin",
84 /* There is race condition:
85 * "uc_upcall" was changed just after "is_identity_get_disabled" check.
87 down_read(&cache->uc_upcall_rwsem);
88 CDEBUG(D_INFO, "The upcall is: '%s'\n", cache->uc_upcall);
90 if (unlikely(!strcmp(cache->uc_upcall, "NONE"))) {
92 CERROR("%s: extended identity requested for user '%llu' called with 'NONE' upcall: rc = %d\n",
93 cache->uc_name, entry->ue_key, rc);
97 if (unlikely(cache->uc_upcall[0] == '\0')) {
99 CERROR("%s: extended identity requested for user '%llu' called with empty upcall: rc = %d\n",
100 cache->uc_name, entry->ue_key, rc);
104 argv[0] = cache->uc_upcall;
105 snprintf(keystr, sizeof(keystr), "%llu", entry->ue_key);
108 rc = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
111 CERROR("%s: error invoking upcall %s %s %s: rc %d; check /proc/fs/lustre/mdt/%s/identity_upcall, time %ldus: rc = %d\n",
112 cache->uc_name, argv[0], argv[1], argv[2], rc,
113 cache->uc_name, (long)ktime_us_delta(end, start), rc);
115 CDEBUG(D_HA, "%s: invoked upcall %s %s %s, time %ldus\n",
116 cache->uc_name, argv[0], argv[1], argv[2],
117 (long)ktime_us_delta(end, start));
122 up_read(&cache->uc_upcall_rwsem);
126 static int mdt_identity_parse_downcall(struct upcall_cache *cache,
127 struct upcall_cache_entry *entry,
130 struct md_identity *identity = &entry->u.identity;
131 struct identity_downcall_data *data = args;
132 struct group_info *ginfo = NULL;
133 struct md_perm *perms = NULL;
138 if (data->idd_ngroups > NGROUPS_MAX) {
140 CERROR("%s: UID %u groups %u > maximum %u: rc = %d\n",
141 cache->uc_name, data->idd_uid, data->idd_ngroups, NGROUPS_MAX, rc);
145 if (data->idd_ngroups > 0) {
146 ginfo = groups_alloc(data->idd_ngroups);
149 CERROR("%s: failed to alloc %d groups: rc = %d\n",
150 cache->uc_name, data->idd_ngroups, rc);
154 lustre_groups_from_list(ginfo, data->idd_groups);
155 lustre_groups_sort(ginfo);
158 if (data->idd_nperms) {
159 size = data->idd_nperms * sizeof(*perms);
160 OBD_ALLOC(perms, size);
163 CERROR("%s: failed to alloc %d permissions: rc = %d\n",
164 cache->uc_name, data->idd_nperms, rc);
166 put_group_info(ginfo);
170 for (i = 0; i < data->idd_nperms; i++) {
171 perms[i].mp_nid = data->idd_perms[i].pdd_nid;
172 perms[i].mp_perm = data->idd_perms[i].pdd_perm;
176 identity->mi_uid = data->idd_uid;
177 identity->mi_gid = data->idd_gid;
178 identity->mi_ginfo = ginfo;
179 identity->mi_nperms = data->idd_nperms;
180 identity->mi_perms = perms;
182 CDEBUG(D_OTHER, "parse mdt identity@%p: %d:%d, ngroups %u, nperms %u\n",
183 identity, identity->mi_uid, identity->mi_gid,
184 data->idd_ngroups, data->idd_nperms);
190 struct md_identity *mdt_identity_get(struct upcall_cache *cache, __u32 uid)
192 struct upcall_cache_entry *entry;
195 return ERR_PTR(-ENOENT);
197 entry = upcall_cache_get_entry(cache, (__u64)uid, NULL);
198 if (unlikely(!entry))
199 return ERR_PTR(-ENOENT);
201 return ERR_CAST(entry);
203 return &entry->u.identity;
206 void mdt_identity_put(struct upcall_cache *cache, struct md_identity *identity)
212 upcall_cache_put_entry(cache, identity->mi_uc_entry);
215 struct upcall_cache_ops mdt_identity_upcall_cache_ops = {
216 .init_entry = mdt_identity_entry_init,
217 .free_entry = mdt_identity_entry_free,
218 .do_upcall = mdt_identity_do_upcall,
219 .parse_downcall = mdt_identity_parse_downcall,
222 void mdt_flush_identity(struct upcall_cache *cache, int uid)
225 upcall_cache_flush_idle(cache);
227 upcall_cache_flush_one(cache, (__u64)uid, NULL);
231 * If there is LNET_NID_ANY in perm[i].mp_nid,
232 * it must be perm[0].mp_nid, and act as default perm.
234 __u32 mdt_identity_get_perm(struct md_identity *identity, lnet_nid_t nid)
236 struct md_perm *perm;
240 return CFS_SETGRP_PERM;
242 perm = identity->mi_perms;
243 /* check exactly matched nid first */
244 for (i = identity->mi_nperms - 1; i > 0; i--) {
245 if (perm[i].mp_nid != nid)
247 return perm[i].mp_perm;
250 /* check LNET_NID_ANY then */
251 if ((identity->mi_nperms > 0) &&
252 ((perm[0].mp_nid == nid) || (perm[0].mp_nid == LNET_NID_ANY)))
253 return perm[0].mp_perm;
255 /* return default last */
256 return CFS_SETGRP_PERM;