From: fanyong Date: Fri, 29 Sep 2006 17:04:53 +0000 (+0000) Subject: (1) add lproc for root_squash, identity upcall and remote facl upcall. X-Git-Tag: v1_8_0_110~486^2~755 X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=ce5d0ca7d093bf60fb1c677edae9e4bc324a707f;p=fs%2Flustre-release.git (1) add lproc for root_squash, identity upcall and remote facl upcall. (2) do not use no_gss_support flag. (3) some change for connect flags. (4) some fixes after landing env stuff. --- diff --git a/lustre/include/lustre_param.h b/lustre/include/lustre_param.h index c95744f..21136a1 100644 --- a/lustre/include/lustre_param.h +++ b/lustre/include/lustre_param.h @@ -56,6 +56,5 @@ int do_lcfg(char *cfgname, lnet_nid_t nid, int cmd, #define PARAM_ROOTSQUASH_UID PARAM_ROOTSQUASH"uid=" #define PARAM_ROOTSQUASH_GID PARAM_ROOTSQUASH"gid=" #define PARAM_ROOTSQUASH_SKIPS PARAM_ROOTSQUASH"skips=" -#define PARAM_GSS_SUPPORT PARAM_SEC"gss=" #endif // _LUSTRE_PARAM_H diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index 5b470a2..54a2876 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -204,10 +204,12 @@ static int client_common_fill_super(struct super_block *sb, /* real client */ data->ocd_connect_flags |= OBD_CONNECT_REAL; if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { + data->ocd_connect_flags &= ~OBD_CONNECT_LCL_CLIENT; data->ocd_connect_flags |= OBD_CONNECT_RMT_CLIENT; data->ocd_nllu = nllu; data->ocd_nllg = nllg; } else { + data->ocd_connect_flags &= ~OBD_CONNECT_RMT_CLIENT; data->ocd_connect_flags |= OBD_CONNECT_LCL_CLIENT; } @@ -263,13 +265,22 @@ static int client_common_fill_super(struct super_block *sb, if (data->ocd_connect_flags & OBD_CONNECT_JOIN) sbi->ll_flags |= LL_SBI_JOIN; - if ((sbi->ll_flags & LL_SBI_RMT_CLIENT) && - !(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT)) { - /* sometimes local client claims to be remote, but mds - * will disagree when client gss not applied. */ - LCONSOLE_INFO("client claims to be remote, but server " - "rejected, forced to be local\n"); - sbi->ll_flags &= ~LL_SBI_RMT_CLIENT; + if (sbi->ll_flags & LL_SBI_RMT_CLIENT) { + if (!(data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT)) { + /* sometimes local client claims to be remote, but mdt + * will disagree when client gss not applied. */ + LCONSOLE_INFO("client claims to be remote, but server " + "rejected, forced to be local.\n"); + sbi->ll_flags &= ~LL_SBI_RMT_CLIENT; + } + } else { + if (!(data->ocd_connect_flags & OBD_CONNECT_LCL_CLIENT)) { + /* with gss applied, remote client can not claim to be + * local, so mdt maybe force client to be remote. */ + LCONSOLE_INFO("client claims to be local, but server " + "rejected, forced to be remote.\n"); + sbi->ll_flags |= LL_SBI_RMT_CLIENT; + } } if (data->ocd_connect_flags & OBD_CONNECT_MDS_CAPA) { @@ -1219,7 +1230,7 @@ void ll_clear_inode(struct inode *inode) #ifdef CONFIG_FS_POSIX_ACL if (lli->lli_posix_acl) { LASSERT(atomic_read(&lli->lli_posix_acl->a_refcount) == 1); -// LASSERT(lli->lli_remote_perms == NULL); + LASSERT(lli->lli_remote_perms == NULL); posix_acl_release(lli->lli_posix_acl); lli->lli_posix_acl = NULL; } diff --git a/lustre/mdt/Makefile.in b/lustre/mdt/Makefile.in index af73004..cc854bb 100644 --- a/lustre/mdt/Makefile.in +++ b/lustre/mdt/Makefile.in @@ -1,5 +1,5 @@ MODULES := mdt mdt-objs := mdt_handler.o mdt_lib.o mdt_reint.o mdt_xattr.o mdt_recovery.o -mdt-objs += mdt_open.o mdt_idmap.o mdt_identity.o mdt_rmtacl.o mdt_capa.o +mdt-objs += mdt_open.o mdt_idmap.o mdt_identity.o mdt_rmtacl.o mdt_capa.o mdt_lproc.o @INCLUDE_RULES@ diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 7a83ebd..4345416 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -259,6 +259,7 @@ static int mdt_getattr_internal(struct mdt_thread_info *info, struct mdt_device *mdt = info->mti_mdt; const struct mdt_body *reqbody = info->mti_body; struct ptlrpc_request *req = mdt_info_req(info); + struct mdt_export_data *med = &req->rq_export->exp_mdt_data; struct md_attr *ma = &info->mti_attr; struct lu_attr *la = &ma->ma_attr; struct req_capsule *pill = &info->mti_pill; @@ -350,14 +351,19 @@ static int mdt_getattr_internal(struct mdt_thread_info *info, repbody->max_cookiesize); } - if (reqbody->valid & OBD_MD_FLRMTPERM) { - buffer->lb_buf = req_capsule_server_get(pill, &RMF_ACL); + if (med->med_rmtclient && (reqbody->valid & OBD_MD_FLRMTPERM)) { + void *buf = req_capsule_server_get(pill, &RMF_ACL); + /* mdt_getattr_lock only */ - rc = mdt_pack_remote_perm(info, o, buffer); - if (rc) + rc = mdt_pack_remote_perm(info, o, buf); + if (rc) { + repbody->valid &= ~OBD_MD_FLRMTPERM; + repbody->aclsize = 0; RETURN(rc); - repbody->valid |= OBD_MD_FLRMTPERM; - repbody->aclsize = sizeof(struct mdt_remote_perm); + } else { + repbody->valid |= OBD_MD_FLRMTPERM; + repbody->aclsize = sizeof(struct mdt_remote_perm); + } } #ifdef CONFIG_FS_POSIX_ACL else if ((req->rq_export->exp_connect_flags & OBD_CONNECT_ACL) && @@ -661,12 +667,6 @@ static int lu_device_is_mdt(struct lu_device *d) return ergo(d != NULL && d->ld_ops != NULL, d->ld_ops == &mdt_lu_ops); } -static inline struct mdt_device *mdt_dev(struct lu_device *d) -{ - LASSERT(lu_device_is_mdt(d)); - return container_of0(d, struct mdt_device, mdt_md_dev.md_lu_dev); -} - static int mdt_connect(struct mdt_thread_info *info) { int rc; @@ -3277,8 +3277,6 @@ static int mdt_init0(const struct lu_env *env, struct mdt_device *m, if(obd->obd_recovering == 0) mdt_postrecov(env, m); - m->mdt_opts.mo_no_gss_support = 1; - RETURN(0); err_stop_service: @@ -3369,18 +3367,6 @@ static int mdt_process_config(const struct lu_env *env, val++; if (class_match_param(key, - PARAM_GSS_SUPPORT, 0) == 0) { - if (memcmp(val, "no", 2) == 0) { - m->mdt_opts.mo_no_gss_support = 1; - } else if (memcmp(val, "yes", 3) == 0) { - m->mdt_opts.mo_no_gss_support = 0; - } else { - CERROR("Can't parse param %s\n", key); - rc = -EINVAL; - /* continue parsing other params */ - continue; - } - } else if (class_match_param(key, PARAM_ROOTSQUASH_UID, 0) == 0) { if (!m->mdt_rootsquash_info) OBD_ALLOC_PTR(m->mdt_rootsquash_info); @@ -4004,20 +3990,6 @@ static struct lu_device_type mdt_device_type = { .ldt_ctx_tags = LCT_MD_THREAD }; -static struct lprocfs_vars lprocfs_mdt_obd_vars[] = { - { "uuid", lprocfs_rd_uuid, 0, 0 }, - { "recovery_status", lprocfs_obd_rd_recovery_status, 0, 0 }, - { "num_exports", lprocfs_rd_num_exports, 0, 0 }, - { 0 } -}; - -static struct lprocfs_vars lprocfs_mdt_module_vars[] = { - { "num_refs", lprocfs_rd_numrefs, 0, 0 }, - { 0 } -}; - -LPROCFS_INIT_VARS(mdt, lprocfs_mdt_module_vars, lprocfs_mdt_obd_vars); - static int __init mdt_mod_init(void) { struct lprocfs_static_vars lvars; diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c index af8686d..8a7d8fe 100644 --- a/lustre/mdt/mdt_idmap.c +++ b/lustre/mdt/mdt_idmap.c @@ -4,7 +4,7 @@ * Copyright (C) 2004-2006 Cluster File Systems, Inc. * Author: Lai Siyao * Author: Fan Yong - + * * * This file is part of Lustre, http://www.lustre.org. * @@ -130,6 +130,13 @@ int mdt_init_idmap(struct mdt_thread_info *info) if (data == NULL || reply == NULL) RETURN(-EFAULT); + if (!req->rq_auth_gss || req->rq_auth_usr_mdt) { + med->med_rmtclient = 0; + reply->ocd_connect_flags &= ~OBD_CONNECT_RMT_CLIENT; + //reply->ocd_connect_flags |= OBD_CONNECT_LCL_CLIENT; + RETURN(0); + } + remote = data->ocd_connect_flags & OBD_CONNECT_RMT_CLIENT; if (req->rq_auth_uid == INVALID_UID) { @@ -161,7 +168,7 @@ int mdt_init_idmap(struct mdt_thread_info *info) } reply->ocd_connect_flags &= ~OBD_CONNECT_LCL_CLIENT; - reply->ocd_connect_flags |= OBD_CONNECT_RMT_CLIENT; + //reply->ocd_connect_flags |= OBD_CONNECT_RMT_CLIENT; CDEBUG(D_SEC, "client %s -> target %s is remote.\n", client, obd->obd_name); @@ -169,7 +176,7 @@ int mdt_init_idmap(struct mdt_thread_info *info) rc = mdt_handle_idmap(info); } else { reply->ocd_connect_flags &= ~OBD_CONNECT_RMT_CLIENT; - reply->ocd_connect_flags |= OBD_CONNECT_LCL_CLIENT; + //reply->ocd_connect_flags |= OBD_CONNECT_LCL_CLIENT; } RETURN(rc); @@ -399,12 +406,6 @@ int mdt_handle_idmap(struct mdt_thread_info *info) LASSERT(pud); LASSERT(med->med_idmap); - if (mdt->mdt_opts.mo_no_gss_support) { - CWARN("The server is running with no GSS support now! " - "and don't permit remote client to access!\n"); - RETURN(-EACCES); - } - if (req->rq_auth_mapped_uid == INVALID_UID) { CERROR("invalid authorized mapped uid, please check " "/etc/lustre/idmap.conf!\n"); @@ -626,9 +627,6 @@ int mdt_remote_perm_reverse_idmap(struct ptlrpc_request *req, LASSERT(med->med_rmtclient); - if (req->rq_auth_usr_mdt) - return 0; - uid = mdt_idmap_lookup_uid(med->med_idmap, 1, perm->rp_uid); if (uid == MDT_IDMAP_NOTFOUND) { CERROR("no mapping for uid %u\n", perm->rp_uid); diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 50c5d3ce..ca6ff65 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -137,8 +137,7 @@ struct mdt_device { mo_acl :1, mo_compat_resname:1, mo_mds_capa :1, - mo_oss_capa :1, - mo_no_gss_support :1; + mo_oss_capa :1; } mdt_opts; /* lock to pretect epoch and write count */ @@ -584,6 +583,12 @@ void mdt_ck_thread_stop(struct mdt_device *mdt); void mdt_ck_timer_callback(unsigned long castmeharder); int mdt_capa_keys_init(const struct lu_env *env, struct mdt_device *mdt); +static inline struct mdt_device *mdt_dev(struct lu_device *d) +{ +// LASSERT(lu_device_is_mdt(d)); + return container_of0(d, struct mdt_device, mdt_md_dev.md_lu_dev); +} + static inline struct lustre_capa_key *red_capa_key(struct mdt_device *mdt) { return &mdt->mdt_capa_keys[1]; diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index ff85060..b039b1f 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -126,15 +126,11 @@ static int old_init_ucred(struct mdt_thread_info *info, uc->mu_valid = UCRED_INVALID; - if (!mdt->mdt_opts.mo_no_gss_support) { - /* get identity info of this user */ - identity = mdt_identity_get(mdt->mdt_identity_cache, - body->fsuid); - if (!identity) { - CERROR("Deny access without identity: uid %d\n", - body->fsuid); - RETURN(-EACCES); - } + /* get identity info of this user */ + identity = mdt_identity_get(mdt->mdt_identity_cache, body->fsuid); + if (!identity) { + CERROR("Deny access without identity: uid %d\n", body->fsuid); + RETURN(-EACCES); } uc->mu_valid = UCRED_OLD; @@ -161,15 +157,11 @@ static int old_init_ucred_reint(struct mdt_thread_info *info) uc->mu_valid = UCRED_INVALID; - if (!mdt->mdt_opts.mo_no_gss_support) { - /* get identity info of this user */ - identity = mdt_identity_get(mdt->mdt_identity_cache, - uc->mu_fsuid); - if (!identity) { - CERROR("Deny access without identity: uid %d\n", - uc->mu_fsuid); - RETURN(-EACCES); - } + /* get identity info of this user */ + identity = mdt_identity_get(mdt->mdt_identity_cache, uc->mu_fsuid); + if (!identity) { + CERROR("Deny access without identity: uid %d\n", uc->mu_fsuid); + RETURN(-EACCES); } uc->mu_valid = UCRED_OLD; @@ -290,31 +282,11 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, ucred->mu_valid = UCRED_INVALID; - if (mdt->mdt_opts.mo_no_gss_support && med->med_rmtclient) { - CWARN("The server is running with no GSS support now! " - "and don't permit remote client to access!\n"); - RETURN(-EACCES); - } - if (req->rq_auth_gss && req->rq_auth_uid == INVALID_UID) { CWARN("user not authenticated, deny access!\n"); RETURN(-EACCES); } - if (req->rq_auth_usr_mdt) { - switch (type) { - case BODY_INIT: - ucred->mu_valid = UCRED_INIT; - RETURN(old_init_ucred(info, (struct mdt_body *)buf)); - case REC_INIT: - ucred->mu_valid = UCRED_INIT; - RETURN(old_init_ucred_reint(info)); - default: - CWARN("Invalid ucred init type\n"); - RETURN(-EINVAL); - } - } - ucred->mu_o_uid = pud->pud_uid; ucred->mu_o_gid = pud->pud_gid; ucred->mu_o_fsuid = pud->pud_fsuid; @@ -354,9 +326,6 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, } } - if (mdt->mdt_opts.mo_no_gss_support) - goto check_squash; - identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid); if (!identity) { CERROR("Deny access without identity: uid %d\n", @@ -389,7 +358,6 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, GOTO(out, rc = -EACCES); } -check_squash: /* FIXME: The exact behavior of root_squash is not defined. */ root_squashed = mdt_squash_root(mdt, ucred, pud, peernid); if (!root_squashed) { @@ -406,9 +374,8 @@ check_squash: /* * NB: remote client not allowed to setgroups anyway. */ - if (pud->pud_ngroups && !med->med_rmtclient && - ((setxid_perm & LUSTRE_SETGRP_PERM) || - mdt->mdt_opts.mo_no_gss_support)) { + if (!med->med_rmtclient && pud->pud_ngroups && + (setxid_perm & LUSTRE_SETGRP_PERM)) { struct group_info *ginfo; /* setgroups for local client */ @@ -445,7 +412,7 @@ int mdt_init_ucred(struct mdt_thread_info *info, struct mdt_body *body) mdt_exit_ucred(info); - /* !rq_user_desc means null security */ + /* !rq_user_desc means null security, maybe inter-mds ops */ return req->rq_user_desc ? new_init_ucred(info, BODY_INIT, body) : old_init_ucred(info, body); } @@ -460,7 +427,7 @@ int mdt_init_ucred_reint(struct mdt_thread_info *info) mdt_exit_ucred(info); - /* !rq_user_desc means null security */ + /* !rq_user_desc means null security, maybe inter-mds ops */ return req->rq_user_desc ? new_init_ucred(info, REC_INIT, NULL) : old_init_ucred_reint(info); } diff --git a/lustre/mdt/mdt_lproc.c b/lustre/mdt/mdt_lproc.c new file mode 100644 index 0000000..0ee67a9 --- /dev/null +++ b/lustre/mdt/mdt_lproc.c @@ -0,0 +1,449 @@ +/* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*- + * vim:expandtab:shiftwidth=8:tabstop=8: + * + * Copyright (C) 2004-2006 Cluster File Systems, Inc. + * Author: Lai Siyao + * Author: Fan Yong + * + * This file is part of the Lustre file system, http://www.lustre.org + * Lustre is a trademark of Cluster File Systems, Inc. + * + * You may have signed or agreed to another license before downloading + * this software. If so, you are bound by the terms and conditions + * of that agreement, and the following does not apply to you. See the + * LICENSE file included with this distribution for more information. + * + * If you did not agree to a different license, then this copy of Lustre + * is open source software; you can redistribute it and/or modify it + * under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In either case, Lustre is distributed in the hope that it will be + * useful, but WITHOUT ANY WARRANTY; without even the implied warranty + * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * license text for more details. + * + */ + +#ifndef EXPORT_SYMTAB +# define EXPORT_SYMTAB +#endif +#define DEBUG_SUBSYSTEM S_MDS + +#include +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)) +#include +#endif + +#include + +/* LUSTRE_VERSION_CODE */ +#include +/* + * struct OBD_{ALLOC,FREE}*() + * MDT_FAIL_CHECK + */ +#include +/* struct obd_export */ +#include +/* struct obd_device */ +#include +#include +#include +#include +#include +#include "mdt_internal.h" + + +static int lprocfs_rd_identity_expire(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%lu\n", + mdt->mdt_identity_cache->uc_entry_expire / HZ); +} + +static int lprocfs_wr_identity_expire(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + int rc, val; + + rc = lprocfs_write_helper(buffer, count, &val); + if (rc) + return rc; + + mdt->mdt_identity_cache->uc_entry_expire = val * HZ; + return count; +} + +static int lprocfs_rd_identity_acquire_expire(char *page, char **start, + off_t off, int count, int *eof, + void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%lu\n", + mdt->mdt_identity_cache->uc_acquire_expire / HZ); +} + +static int lprocfs_wr_identity_acquire_expire(struct file *file, + const char *buffer, + unsigned long count, + void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + int rc, val; + + rc = lprocfs_write_helper(buffer, count, &val); + if (rc) + return rc; + + mdt->mdt_identity_cache->uc_acquire_expire = val * HZ; + return count; +} + +static int lprocfs_rd_identity_upcall(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%s\n", + mdt->mdt_identity_cache->uc_upcall); +} + +static int lprocfs_wr_identity_upcall(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct upcall_cache *hash = mdt->mdt_identity_cache; + char kernbuf[UC_CACHE_UPCALL_MAXPATH] = { '\0' }; + + if (count >= UC_CACHE_UPCALL_MAXPATH) { + CERROR("%s: identity upcall too long\n", obd->obd_name); + return -EINVAL; + } + + if (copy_from_user(kernbuf, buffer, + min(count, UC_CACHE_UPCALL_MAXPATH - 1))) + return -EFAULT; + + /* Remove any extraneous bits from the upcall (e.g. linefeeds) */ + sscanf(kernbuf, "%s", hash->uc_upcall); + + if (strcmp(hash->uc_name, obd->obd_name) != 0) + CWARN("%s: write to upcall name %s\n", + obd->obd_name, hash->uc_upcall); + CWARN("%s: identity upcall set to %s\n", obd->obd_name, hash->uc_upcall); + + return count; +} + +static int lprocfs_wr_identity_flush(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + upcall_cache_flush_idle(mdt->mdt_identity_cache); + return count; +} + +static int lprocfs_wr_identity_info(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct identity_downcall_data *tmp, *param = NULL; + int size = sizeof(*param), rc = 0; + + if (count < sizeof(*tmp)) { + CERROR("%s: invalid data size %lu\n", obd->obd_name, count); + return count; + } + + OBD_ALLOC_PTR(tmp); + if (!tmp) { + CERROR("%s: fail to alloc %d bytes\n", obd->obd_name, size); + return -ENOMEM; + } + + if (copy_from_user(tmp, buffer, size)) { + CERROR("%s: bad identity data\n", obd->obd_name); + GOTO(out, rc = -EFAULT); + } + + if (tmp->idd_magic != IDENTITY_DOWNCALL_MAGIC) { + CERROR("%s: MDS identity downcall bad params\n", obd->obd_name); + GOTO(out, rc = -EINVAL); + } + + if (tmp->idd_ngroups > NGROUPS_MAX) { + CERROR("%s: group count %d more than maximum %d\n", + obd->obd_name, tmp->idd_ngroups, NGROUPS_MAX); + GOTO(out, rc = -EINVAL); + } + + if (tmp->idd_ngroups) { + size = offsetof(struct identity_downcall_data, + idd_groups[tmp->idd_ngroups]); + OBD_ALLOC(param, size); + if (!param) { + CERROR("%s: fail to alloc %d bytes for uid %u" + " with %d groups\n", obd->obd_name, size, + tmp->idd_uid, tmp->idd_ngroups); + param = tmp; + param->idd_ngroups = 0; + } else if (copy_from_user(param, buffer, size)) { + CERROR("%s: uid %u bad supplementary group data\n", + obd->obd_name, tmp->idd_uid); + OBD_FREE(param, size); + param = tmp; + param->idd_ngroups = 0; + } + } else { + param = tmp; + } + + LASSERT(param->idd_ngroups <= NGROUPS_MAX); + LASSERT(param->idd_nperms <= N_SETXID_PERMS_MAX); + + rc = upcall_cache_downcall(mdt->mdt_identity_cache, param->idd_err, + param->idd_uid, param); + +out: + if (param && (param != tmp)) + OBD_FREE(param, size); + + OBD_FREE_PTR(tmp); + return rc ?: count; +} + +static int lprocfs_rd_rmtacl_expire(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%lu\n", + mdt->mdt_rmtacl_cache->uc_entry_expire / HZ); +} + +static int lprocfs_wr_rmtacl_expire(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + int rc, val; + + rc = lprocfs_write_helper(buffer, count, &val); + if (rc) + return rc; + + mdt->mdt_rmtacl_cache->uc_entry_expire = val * HZ; + return count; +} + +static int lprocfs_rd_rmtacl_acquire_expire(char *page, char **start, + off_t off, int count, int *eof, + void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%lu\n", + mdt->mdt_rmtacl_cache->uc_acquire_expire / HZ); +} + +static int lprocfs_wr_rmtacl_acquire_expire(struct file *file, + const char *buffer, + unsigned long count, + void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + int rc, val; + + rc = lprocfs_write_helper(buffer, count, &val); + if (rc) + return rc; + + mdt->mdt_rmtacl_cache->uc_acquire_expire = val * HZ; + return count; +} + +static int lprocfs_rd_rmtacl_upcall(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + + *eof = 1; + return snprintf(page, count, "%s\n", + mdt->mdt_rmtacl_cache->uc_upcall); +} + +static int lprocfs_wr_rmtacl_upcall(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct upcall_cache *hash = mdt->mdt_rmtacl_cache; + char kernbuf[UC_CACHE_UPCALL_MAXPATH] = { '\0' }; + + if (count >= UC_CACHE_UPCALL_MAXPATH) { + CERROR("%s: remote ACL upcall too long\n", obd->obd_name); + return -EINVAL; + } + + if (copy_from_user(kernbuf, buffer, + min(count, UC_CACHE_UPCALL_MAXPATH - 1))) + return -EFAULT; + + /* Remove any extraneous bits from the upcall (e.g. linefeeds) */ + sscanf(kernbuf, "%s", hash->uc_upcall); + + if (strcmp(hash->uc_name, obd->obd_name) != 0) + CWARN("%s: write to upcall name %s\n", + obd->obd_name, hash->uc_upcall); + CWARN("%s: remote ACL upcall set to %s\n", obd->obd_name, hash->uc_upcall); + + return count; +} + +static int lprocfs_wr_rmtacl_info(struct file *file, const char *buffer, + unsigned long count, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct rmtacl_downcall_data sparam, *param = &sparam; + int size = 0, rc = 0; + + if (count < sizeof(*param)) { + CERROR("%s: invalid data size %lu\n", obd->obd_name, count); + return count; + } + + if (copy_from_user(&sparam, buffer, sizeof(sparam))) { + CERROR("%s: bad remote acl data\n", obd->obd_name); + GOTO(out, rc = -EFAULT); + } + + if (sparam.add_magic != RMTACL_DOWNCALL_MAGIC) { + CERROR("%s: MDT remote acl downcall bad params\n", obd->obd_name); + GOTO(out, rc = -EINVAL); + } + + if (sparam.add_buflen) { + size = offsetof(struct rmtacl_downcall_data, + add_buf[sparam.add_buflen]); + OBD_ALLOC(param, size); + if (!param) { + CERROR("%s: fail to alloc %d bytes for ino "LPU64"\n", + obd->obd_name, size, sparam.add_ino); + param = &sparam; + param->add_buflen = 0; + } else if (copy_from_user(param, buffer, size)) { + CERROR("%s: ino "LPU64" bad remote acl data\n", + obd->obd_name, sparam.add_ino); + OBD_FREE(param, size); + param = &sparam; + param->add_buflen = 0; + } + } + + rc = upcall_cache_downcall(mdt->mdt_rmtacl_cache, 0, param->add_ino, + param); + +out: + if (param && (param != &sparam)) + OBD_FREE(param, size); + + return rc ?: count; +} + +static int lprocfs_rd_rootsquash_uid(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct rootsquash_info *rsi = mdt->mdt_rootsquash_info; + + *eof = 1; + return snprintf(page, count, "%u\n", + rsi ? rsi->rsi_uid : 0); +} + +static int lprocfs_rd_rootsquash_gid(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct rootsquash_info *rsi = mdt->mdt_rootsquash_info; + + *eof = 1; + return snprintf(page, count, "%u\n", + rsi ? rsi->rsi_gid : 0); +} + +static int lprocfs_rd_rootsquash_skips(char *page, char **start, off_t off, + int count, int *eof, void *data) +{ + struct obd_device *obd = data; + struct mdt_device *mdt = mdt_dev(obd->obd_lu_dev); + struct rootsquash_info *rsi = mdt->mdt_rootsquash_info; + int i, ret; + + ret = snprintf(page, count, "rootsquash skip list:\n"); + for (i = 0; rsi && (i < rsi->rsi_n_nosquash_nids); i++) { + ret += snprintf(page + ret, count - ret, "%s\n", + libcfs_nid2str(rsi->rsi_nosquash_nids[i])); + } + + *eof = 1; + return ret; +} + +static struct lprocfs_vars lprocfs_mdt_obd_vars[] = { + { "uuid", lprocfs_rd_uuid, 0, 0 }, + { "recovery_status", lprocfs_obd_rd_recovery_status, 0, 0 }, + { "num_exports", lprocfs_rd_num_exports, 0, 0 }, + { "identity_expire", lprocfs_rd_identity_expire, + lprocfs_wr_identity_expire, 0 }, + { "identity_acquire_expire", lprocfs_rd_identity_acquire_expire, + lprocfs_wr_identity_acquire_expire, 0 }, + { "identity_upcall", lprocfs_rd_identity_upcall, + lprocfs_wr_identity_upcall, 0 }, + { "identity_flush", 0, lprocfs_wr_identity_flush, 0 }, + { "identity_info", 0, lprocfs_wr_identity_info, 0 }, + { "rmtacl_expire", lprocfs_rd_rmtacl_expire, + lprocfs_wr_rmtacl_expire, 0 }, + { "rmtacl_acquire_expire", lprocfs_rd_rmtacl_acquire_expire, + lprocfs_wr_rmtacl_acquire_expire, 0 }, + { "rmtacl_upcall", lprocfs_rd_rmtacl_upcall, + lprocfs_wr_rmtacl_upcall, 0 }, + { "rmtacl_info", 0, lprocfs_wr_rmtacl_info, 0 }, + { "rootsquash_uid", lprocfs_rd_rootsquash_uid, 0, 0 }, + { "rootsquash_gid", lprocfs_rd_rootsquash_gid, 0, 0 }, + { "rootsquash_skips", lprocfs_rd_rootsquash_skips, 0, 0 }, + { 0 } +}; + +static struct lprocfs_vars lprocfs_mdt_module_vars[] = { + { "num_refs", lprocfs_rd_numrefs, 0, 0 }, + { 0 } +}; + +LPROCFS_INIT_VARS(mdt, lprocfs_mdt_module_vars, lprocfs_mdt_obd_vars); diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c index 6fa78ee..ce7a46a 100644 --- a/lustre/mdt/mdt_open.c +++ b/lustre/mdt/mdt_open.c @@ -321,6 +321,7 @@ static int mdt_mfd_open(struct mdt_thread_info *info, struct md_attr *ma = &info->mti_attr; struct lu_attr *la = &ma->ma_attr; struct mdt_file_data *mfd; + const struct mdt_body *reqbody = info->mti_body; struct mdt_body *repbody; int rc = 0; int isreg, isdir, islnk; @@ -337,11 +338,14 @@ static int mdt_mfd_open(struct mdt_thread_info *info, mdt_pack_attr2body(repbody, la, mdt_object_fid(o)); mdt_body_reverse_idmap(info, repbody); - if (med->med_rmtclient) { + if (med->med_rmtclient && (reqbody->valid & OBD_MD_FLRMTPERM)) { void *buf = req_capsule_server_get(&info->mti_pill, &RMF_ACL); rc = mdt_pack_remote_perm(info, o, buf); - if (rc == 0) { + if (rc) { + repbody->valid &= ~OBD_MD_FLRMTPERM; + repbody->aclsize = 0; + } else { repbody->valid |= OBD_MD_FLRMTPERM; repbody->aclsize = sizeof(struct mdt_remote_perm); } diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c index eb70c2a..e5b2331 100644 --- a/lustre/mgs/mgs_llog.c +++ b/lustre/mgs/mgs_llog.c @@ -1903,17 +1903,6 @@ static int mgs_write_log_params(struct obd_device *obd, struct fs_db *fsdb, GOTO(end_while, rc); } - if (!class_match_param(ptr, PARAM_GSS_SUPPORT, NULL)) { - /* Change mdt gss_support params */ - lustre_cfg_bufs_reset(&bufs, mti->mti_svname); - lustre_cfg_bufs_set(&bufs, 1, ptr, strlen(ptr)); - lcfg = lustre_cfg_new(LCFG_PARAM, &bufs); - rc = mgs_write_log_direct(obd, fsdb, mti->mti_svname, - mti->mti_svname, lcfg); - lustre_cfg_free(lcfg); - GOTO(end_while, rc); - } - LCONSOLE_WARN("Ignoring unrecognized param '%s'\n", ptr); end_while: