From 1f8a750e3f591117f6e24952298dbde0cb49ba04 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Mon, 2 Jun 2025 10:41:59 +0200 Subject: [PATCH] LU-19079 nodemap: reserve cmds for gss identification Declare 2 new values in enum lcfg_command_type: LCFG_NODEMAP_GSS_IDENTIFY = 0x00ce065 LCFG_NODEMAP_LOOKUP_SHA = 0x00ce066 LCFG_NODEMAP_GSS_IDENTIFY is for a new nodemap property that would be named gss_identification. And LCFG_NODEMAP_LOOKUP_SHA is to be able to lookup a nodemap from the sha256 of its name. Declare a new value in enum nm_flag2_bits: NM_FL2_GSS_IDENTIFY = 0x8 This is to store on disk the value of the future gss_identification property. Reserve sanity-sec test_79 for testing the gss identification feature. Test-Parameters: trivial Signed-off-by: Sebastien Buisson Change-Id: I2e2648f2eeb0956d7cb0793865b3344d1e8ed5a0 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/59514 Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin Tested-by: jenkins Tested-by: Maloo --- lustre/include/uapi/linux/lustre/lustre_cfg.h | 2 ++ lustre/include/uapi/linux/lustre/lustre_disk.h | 1 + lustre/ptlrpc/wiretest.c | 6 ++++++ lustre/tests/sanity-sec.sh | 6 ++++++ lustre/utils/wirecheck.c | 3 +++ lustre/utils/wiretest.c | 6 ++++++ 6 files changed, 24 insertions(+) diff --git a/lustre/include/uapi/linux/lustre/lustre_cfg.h b/lustre/include/uapi/linux/lustre/lustre_cfg.h index 7802326..e436318 100644 --- a/lustre/include/uapi/linux/lustre/lustre_cfg.h +++ b/lustre/include/uapi/linux/lustre/lustre_cfg.h @@ -129,6 +129,8 @@ enum lcfg_command_type { LCFG_NODEMAP_DENY_MOUNT = 0x00ce060, /**< deny mount */ LCFG_NODEMAP_RAISE_PRIVS = 0x00ce061, /**< sub-nm raise privs */ LCFG_NODEMAP_SET_CAPS = 0x00ce063, /**< user capabilities */ + LCFG_NODEMAP_GSS_IDENTIFY = 0x00ce065, /**< gss identification */ + LCFG_NODEMAP_LOOKUP_SHA = 0x00ce066, /**< lookup nm sha */ }; struct lustre_cfg_bufs { diff --git a/lustre/include/uapi/linux/lustre/lustre_disk.h b/lustre/include/uapi/linux/lustre/lustre_disk.h index 4f111d8..2310291 100644 --- a/lustre/include/uapi/linux/lustre/lustre_disk.h +++ b/lustre/include/uapi/linux/lustre/lustre_disk.h @@ -261,6 +261,7 @@ enum nm_flag2_bits { NM_FL2_READONLY_MOUNT = 0x1, NM_FL2_DENY_MOUNT = 0x2, NM_FL2_FILESET_USE_IAM = 0x4, + NM_FL2_GSS_IDENTIFY = 0x8, }; /* Nodemap records, uses 32 byte record length. diff --git a/lustre/ptlrpc/wiretest.c b/lustre/ptlrpc/wiretest.c index 07da401..e45d40b 100644 --- a/lustre/ptlrpc/wiretest.c +++ b/lustre/ptlrpc/wiretest.c @@ -6563,6 +6563,8 @@ void lustre_assert_wire_constants(void) (unsigned int)NM_FL2_DENY_MOUNT); LASSERTF(NM_FL2_FILESET_USE_IAM == 0x00000004UL, "found 0x%.8xUL\n", (unsigned)NM_FL2_FILESET_USE_IAM); + LASSERTF(NM_FL2_GSS_IDENTIFY == 0x00000008UL, "found 0x%.8xUL\n", + (unsigned int)NM_FL2_GSS_IDENTIFY); LASSERTF(NODEMAP_UID == 0, "found %lld\n", (long long)NODEMAP_UID); LASSERTF(NODEMAP_GID == 1, "found %lld\n", @@ -7207,6 +7209,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_RAISE_PRIVS); LASSERTF(LCFG_NODEMAP_SET_CAPS == 0x00ce063UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_SET_CAPS); + LASSERTF(LCFG_NODEMAP_GSS_IDENTIFY == 0x000ce065UL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_GSS_IDENTIFY); + LASSERTF(LCFG_NODEMAP_LOOKUP_SHA == 0x000ce066UL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_LOOKUP_SHA); #endif /* HAVE_SERVER_SUPPORT */ LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n", (long long)PORTALS_CFG_TYPE); diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index be7d518..e023d71 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -8647,6 +8647,12 @@ test_77() { } run_test 77 "root offsetting" +test_79() { + # reserve test_79 + skip "not implemented yet" +} +#run_test 79 "ssk for nodemap identification" + log "cleanup: ======================================================" sec_unsetup() { diff --git a/lustre/utils/wirecheck.c b/lustre/utils/wirecheck.c index 00e3a30..fe5c87c 100644 --- a/lustre/utils/wirecheck.c +++ b/lustre/utils/wirecheck.c @@ -3102,6 +3102,7 @@ static void check_nodemap_key(void) CHECK_VALUE_X(NM_FL2_READONLY_MOUNT); CHECK_VALUE_X(NM_FL2_DENY_MOUNT); CHECK_VALUE_X(NM_FL2_FILESET_USE_IAM); + CHECK_VALUE_X(NM_FL2_GSS_IDENTIFY); CHECK_VALUE(NODEMAP_UID); CHECK_VALUE(NODEMAP_GID); @@ -3403,6 +3404,8 @@ check_lustre_cfg(void) CHECK_VALUE_X(LCFG_NODEMAP_DENY_MOUNT); CHECK_VALUE_X(LCFG_NODEMAP_RAISE_PRIVS); CHECK_VALUE_X(LCFG_NODEMAP_SET_CAPS); + CHECK_VALUE_X(LCFG_NODEMAP_GSS_IDENTIFY); + CHECK_VALUE_X(LCFG_NODEMAP_LOOKUP_SHA); printf("#endif /* HAVE_SERVER_SUPPORT */\n"); #endif /* !HAVE_NATIVE_LINUX_CLIENT */ CHECK_VALUE(PORTALS_CFG_TYPE); diff --git a/lustre/utils/wiretest.c b/lustre/utils/wiretest.c index 07679c9..450ce92 100644 --- a/lustre/utils/wiretest.c +++ b/lustre/utils/wiretest.c @@ -6608,6 +6608,8 @@ void lustre_assert_wire_constants(void) (unsigned int)NM_FL2_DENY_MOUNT); LASSERTF(NM_FL2_FILESET_USE_IAM == 0x00000004UL, "found 0x%.8xUL\n", (unsigned)NM_FL2_FILESET_USE_IAM); + LASSERTF(NM_FL2_GSS_IDENTIFY == 0x00000008UL, "found 0x%.8xUL\n", + (unsigned int)NM_FL2_GSS_IDENTIFY); LASSERTF(NODEMAP_UID == 0, "found %lld\n", (long long)NODEMAP_UID); LASSERTF(NODEMAP_GID == 1, "found %lld\n", @@ -7252,6 +7254,10 @@ void lustre_assert_wire_constants(void) (unsigned)LCFG_NODEMAP_RAISE_PRIVS); LASSERTF(LCFG_NODEMAP_SET_CAPS == 0x00ce063UL, "found 0x%.8xUL\n", (unsigned)LCFG_NODEMAP_SET_CAPS); + LASSERTF(LCFG_NODEMAP_GSS_IDENTIFY == 0x000ce065UL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_GSS_IDENTIFY); + LASSERTF(LCFG_NODEMAP_LOOKUP_SHA == 0x000ce066UL, "found 0x%.8xUL\n", + (unsigned)LCFG_NODEMAP_LOOKUP_SHA); #endif /* HAVE_SERVER_SUPPORT */ LASSERTF(PORTALS_CFG_TYPE == 1, "found %lld\n", (long long)PORTALS_CFG_TYPE); -- 1.8.3.1