From 60a9fd37185edf57fc42bf6a5ad9b9c61fc10e14 Mon Sep 17 00:00:00 2001 From: Vitaly Fertman Date: Mon, 10 Dec 2012 01:26:51 +0400 Subject: [PATCH] LU-1403 ucred: ucred cleanup Add ucred_check() and ucred_assert() methods to ensure ucred is installed and/or initialised everywhere. As echo client may be sitting on mdd it needs to initialize md_ucred too. As echo client may be sitting on osc without mdd module loaded, make md_ucred a common key, move it to lu_object. Reviewed-by: Alexander Zarochentsev Reviewed-by: Andrew Perepechko Signed-off-by: Vitaly Fertman Xyratex-bug-id: MRP-484 Change-Id: I9c4aaa31148ff10e4a609393a0cf018cdf731d9c Reviewed-on: http://review.whamcloud.com/2733 Tested-by: Hudson Tested-by: Maloo Reviewed-by: Mike Pershin Reviewed-by: Oleg Drokin --- lustre/include/lu_object.h | 20 ++ lustre/include/lustre_eacl.h | 20 +- lustre/include/lustre_idmap.h | 14 +- lustre/include/md_object.h | 18 -- lustre/mdd/mdd_device.c | 18 +- lustre/mdd/mdd_dir.c | 85 ++++---- lustre/mdd/mdd_internal.h | 12 +- lustre/mdd/mdd_lov.c | 1 - lustre/mdd/mdd_object.c | 144 +++++++------ lustre/mdd/mdd_permission.c | 40 ++-- lustre/mdt/mdt_handler.c | 9 +- lustre/mdt/mdt_identity.c | 14 +- lustre/mdt/mdt_idmap.c | 20 +- lustre/mdt/mdt_internal.h | 3 +- lustre/mdt/mdt_lib.c | 464 ++++++++++++++++++++++-------------------- lustre/mdt/mdt_open.c | 22 +- lustre/mdt/mdt_xattr.c | 22 +- lustre/obdclass/acl.c | 28 +-- lustre/obdclass/idmap.c | 110 +++++----- lustre/obdclass/lu_object.c | 53 +++++ lustre/obdecho/echo_client.c | 31 +++ 21 files changed, 623 insertions(+), 525 deletions(-) diff --git a/lustre/include/lu_object.h b/lustre/include/lu_object.h index 953c34c..6e25c73 100644 --- a/lustre/include/lu_object.h +++ b/lustre/include/lu_object.h @@ -1280,6 +1280,26 @@ int lu_env_refill_by_tags(struct lu_env *env, __u32 ctags, __u32 stags); /** @} lu_context */ +struct lu_ucred { + __u32 uc_valid; + __u32 uc_o_uid; + __u32 uc_o_gid; + __u32 uc_o_fsuid; + __u32 uc_o_fsgid; + __u32 uc_uid; + __u32 uc_gid; + __u32 uc_fsuid; + __u32 uc_fsgid; + __u32 uc_suppgids[2]; + cfs_cap_t uc_cap; + __u32 uc_umask; + cfs_group_info_t *uc_ginfo; + struct md_identity *uc_identity; +}; +struct lu_ucred *lu_ucred(const struct lu_env *env); +struct lu_ucred *lu_ucred_check(const struct lu_env *env); +struct lu_ucred *lu_ucred_assert(const struct lu_env *env); + /** * Output site statistical counters into a buffer. Suitable for * ll_rd_*()-style functions. diff --git a/lustre/include/lustre_eacl.h b/lustre/include/lustre_eacl.h index 2781e39..60deb2e 100644 --- a/lustre/include/lustre_eacl.h +++ b/lustre/include/lustre_eacl.h @@ -74,9 +74,9 @@ typedef struct { #define CFS_ACL_XATTR_COUNT(size, prefix) \ (((size) - sizeof(prefix ## _header)) / sizeof(prefix ## _entry)) -extern int lustre_posix_acl_permission(struct md_ucred *mu, struct lu_attr *la, - int want, posix_acl_xattr_entry *entry, - int count); +extern int lustre_posix_acl_permission(struct lu_ucred *mu, struct lu_attr *la, + int want, posix_acl_xattr_entry *entry, + int count); extern int lustre_posix_acl_chmod_masq(posix_acl_xattr_entry *entry, __u32 mode, int count); extern int lustre_posix_acl_create_masq(posix_acl_xattr_entry *entry, @@ -90,16 +90,16 @@ extern int lustre_posix_acl_xattr_filter(posix_acl_xattr_header *header, int size, posix_acl_xattr_header **out); extern int -lustre_posix_acl_xattr_id2client(struct md_ucred *mu, - struct lustre_idmap_table *t, - posix_acl_xattr_header *header, - int size, int flags); +lustre_posix_acl_xattr_id2client(struct lu_ucred *mu, + struct lustre_idmap_table *t, + posix_acl_xattr_header *header, + int size, int flags); extern void lustre_posix_acl_xattr_free(posix_acl_xattr_header *header, int size); extern int -lustre_ext_acl_xattr_id2server(struct md_ucred *mu, - struct lustre_idmap_table *t, - ext_acl_xattr_header *header); +lustre_ext_acl_xattr_id2server(struct lu_ucred *mu, + struct lustre_idmap_table *t, + ext_acl_xattr_header *header); extern void lustre_ext_acl_xattr_free(ext_acl_xattr_header *header); extern int diff --git a/lustre/include/lustre_idmap.h b/lustre/include/lustre_idmap.h index 27f50b5..411f6a2 100644 --- a/lustre/include/lustre_idmap.h +++ b/lustre/include/lustre_idmap.h @@ -78,7 +78,7 @@ struct lustre_idmap_table { extern void lustre_groups_from_list(cfs_group_info_t *ginfo, gid_t *glist); extern void lustre_groups_sort(cfs_group_info_t *group_info); -extern int lustre_in_group_p(struct md_ucred *mu, gid_t grp); +extern int lustre_in_group_p(struct lu_ucred *mu, gid_t grp); extern int lustre_idmap_add(struct lustre_idmap_table *t, uid_t ruid, uid_t luid, @@ -86,12 +86,12 @@ extern int lustre_idmap_add(struct lustre_idmap_table *t, extern int lustre_idmap_del(struct lustre_idmap_table *t, uid_t ruid, uid_t luid, gid_t rgid, gid_t lgid); -extern int lustre_idmap_lookup_uid(struct md_ucred *mu, - struct lustre_idmap_table *t, - int reverse, uid_t uid); -extern int lustre_idmap_lookup_gid(struct md_ucred *mu, - struct lustre_idmap_table *t, - int reverse, gid_t gid); +extern int lustre_idmap_lookup_uid(struct lu_ucred *mu, + struct lustre_idmap_table *t, + int reverse, uid_t uid); +extern int lustre_idmap_lookup_gid(struct lu_ucred *mu, + struct lustre_idmap_table *t, + int reverse, gid_t gid); extern struct lustre_idmap_table *lustre_idmap_init(void); extern void lustre_idmap_fini(struct lustre_idmap_table *t); diff --git a/lustre/include/md_object.h b/lustre/include/md_object.h index 81d655f..f704dc9 100644 --- a/lustre/include/md_object.h +++ b/lustre/include/md_object.h @@ -75,23 +75,6 @@ enum { UCRED_NEW = 2 }; -struct md_ucred { - __u32 mu_valid; - __u32 mu_o_uid; - __u32 mu_o_gid; - __u32 mu_o_fsuid; - __u32 mu_o_fsgid; - __u32 mu_uid; - __u32 mu_gid; - __u32 mu_fsuid; - __u32 mu_fsgid; - __u32 mu_suppgids[2]; - cfs_cap_t mu_cap; - __u32 mu_umask; - cfs_group_info_t *mu_ginfo; - struct md_identity *mu_identity; -}; - enum { MD_CAPAINFO_MAX = 5 }; @@ -115,7 +98,6 @@ struct md_quota { * XXX should be moved into separate .h/.c together with all md security * related definitions. */ -struct md_ucred *md_ucred(const struct lu_env *env); struct md_capainfo *md_capainfo(const struct lu_env *env); struct md_quota *md_quota(const struct lu_env *env); diff --git a/lustre/mdd/mdd_device.c b/lustre/mdd/mdd_device.c index 17000c1..ebefc2f 100644 --- a/lustre/mdd/mdd_device.c +++ b/lustre/mdd/mdd_device.c @@ -1396,22 +1396,6 @@ static struct obd_ops mdd_obd_device_ops = { .o_health_check = mdd_obd_health_check }; -/* context key constructor/destructor: mdd_ucred_key_init, mdd_ucred_key_fini */ -LU_KEY_INIT_FINI(mdd_ucred, struct md_ucred); - -static struct lu_context_key mdd_ucred_key = { - .lct_tags = LCT_SESSION, - .lct_init = mdd_ucred_key_init, - .lct_fini = mdd_ucred_key_fini -}; - -struct md_ucred *md_ucred(const struct lu_env *env) -{ - LASSERT(env->le_ses != NULL); - return lu_context_key_get(env->le_ses, &mdd_ucred_key); -} -EXPORT_SYMBOL(md_ucred); - /* * context key constructor/destructor: * mdd_capainfo_key_init, mdd_capainfo_key_fini @@ -1686,7 +1670,7 @@ static int mdd_iocontrol(const struct lu_env *env, struct md_device *m, } /* type constructor/destructor: mdd_type_init, mdd_type_fini */ -LU_TYPE_INIT_FINI(mdd, &mdd_thread_key, &mdd_ucred_key, &mdd_capainfo_key); +LU_TYPE_INIT_FINI(mdd, &mdd_thread_key, &mdd_capainfo_key); const struct md_device_operations mdd_ops = { .mdo_statfs = mdd_statfs, diff --git a/lustre/mdd/mdd_dir.c b/lustre/mdd/mdd_dir.c index ab5247b..d4a6811 100644 --- a/lustre/mdd/mdd_dir.c +++ b/lustre/mdd/mdd_dir.c @@ -345,31 +345,31 @@ int mdd_may_unlink(const struct lu_env *env, struct mdd_object *pobj, * VTX feature has been checked already, no need check again. */ static inline int mdd_is_sticky(const struct lu_env *env, - struct mdd_object *pobj, - struct mdd_object *cobj) + struct mdd_object *pobj, + struct mdd_object *cobj) { - struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la; - struct md_ucred *uc = md_ucred(env); - int rc; + struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la; + struct lu_ucred *uc = lu_ucred_assert(env); + int rc; - if (pobj) { - rc = mdd_la_get(env, pobj, tmp_la, BYPASS_CAPA); - if (rc) - return rc; + if (pobj) { + rc = mdd_la_get(env, pobj, tmp_la, BYPASS_CAPA); + if (rc) + return rc; - if (!(tmp_la->la_mode & S_ISVTX) || - (tmp_la->la_uid == uc->mu_fsuid)) - return 0; - } + if (!(tmp_la->la_mode & S_ISVTX) || + (tmp_la->la_uid == uc->uc_fsuid)) + return 0; + } - rc = mdd_la_get(env, cobj, tmp_la, BYPASS_CAPA); - if (rc) - return rc; + rc = mdd_la_get(env, cobj, tmp_la, BYPASS_CAPA); + if (rc) + return rc; - if (tmp_la->la_uid == uc->mu_fsuid) - return 0; + if (tmp_la->la_uid == uc->uc_fsuid) + return 0; - return !mdd_capable(uc, CFS_CAP_FOWNER); + return !mdd_capable(uc, CFS_CAP_FOWNER); } /* @@ -499,27 +499,28 @@ static int __mdd_index_delete_only(const struct lu_env *env, struct mdd_object * } static int __mdd_index_insert_only(const struct lu_env *env, - struct mdd_object *pobj, - const struct lu_fid *lf, const char *name, - struct thandle *handle, - struct lustre_capa *capa) + struct mdd_object *pobj, + const struct lu_fid *lf, const char *name, + struct thandle *handle, + struct lustre_capa *capa) { - struct dt_object *next = mdd_object_child(pobj); - int rc; - ENTRY; + struct dt_object *next = mdd_object_child(pobj); + int rc; + ENTRY; - if (dt_try_as_dir(env, next)) { - struct md_ucred *uc = md_ucred(env); + if (dt_try_as_dir(env, next)) { + struct lu_ucred *uc = lu_ucred_check(env); + int ignore_quota; - rc = next->do_index_ops->dio_insert(env, next, - (struct dt_rec*)lf, - (const struct dt_key *)name, - handle, capa, uc->mu_cap & - CFS_CAP_SYS_RESOURCE_MASK); - } else { - rc = -ENOTDIR; - } - RETURN(rc); + ignore_quota = uc ? uc->uc_cap & CFS_CAP_SYS_RESOURCE_MASK : 1; + rc = next->do_index_ops->dio_insert(env, next, + (struct dt_rec*)lf, + (const struct dt_key *)name, + handle, capa, ignore_quota); + } else { + rc = -ENOTDIR; + } + RETURN(rc); } /* insert named index, add reference if isdir */ @@ -1795,7 +1796,7 @@ static int mdd_create(const struct lu_env *env, struct md_object *pobj, inserted = 1; if (S_ISLNK(attr->la_mode)) { - struct md_ucred *uc = md_ucred(env); + struct lu_ucred *uc = lu_ucred_assert(env); struct dt_object *dt = mdd_object_child(son); const char *target_name = spec->u.sp_symname; int sym_len = strlen(target_name); @@ -1803,10 +1804,10 @@ static int mdd_create(const struct lu_env *env, struct md_object *pobj, loff_t pos = 0; buf = mdd_buf_get_const(env, target_name, sym_len); - rc = dt->do_body_ops->dbo_write(env, dt, buf, &pos, handle, - mdd_object_capa(env, son), - uc->mu_cap & - CFS_CAP_SYS_RESOURCE_MASK); + rc = dt->do_body_ops->dbo_write(env, dt, buf, &pos, handle, + mdd_object_capa(env, son), + uc->uc_cap & + CFS_CAP_SYS_RESOURCE_MASK); if (rc == sym_len) rc = 0; diff --git a/lustre/mdd/mdd_internal.h b/lustre/mdd/mdd_internal.h index ce3898b..b7ff16d 100644 --- a/lustre/mdd/mdd_internal.h +++ b/lustre/mdd/mdd_internal.h @@ -453,11 +453,11 @@ struct lu_object *mdd_object_alloc(const struct lu_env *env, #define mdd_cap_raised(c, flag) (mdd_cap_t(c) & MDD_CAP_TO_MASK(flag)) /* capable() is copied from linux kernel! */ -static inline int mdd_capable(struct md_ucred *uc, cfs_cap_t cap) +static inline int mdd_capable(struct lu_ucred *uc, cfs_cap_t cap) { - if (mdd_cap_raised(uc->mu_cap, cap)) - return 1; - return 0; + if (mdd_cap_raised(uc->uc_cap, cap)) + return 1; + return 0; } int mdd_acl_chmod(const struct lu_env *env, struct mdd_object *o, __u32 mode, @@ -846,7 +846,7 @@ int mdo_create_obj(const struct lu_env *env, struct mdd_object *o, struct thandle *handle) { struct dt_object *next = mdd_object_child(o); - struct md_ucred *uc = md_ucred(env); + struct lu_ucred *uc = lu_ucred(env); __u32 saved; int rc; @@ -854,7 +854,7 @@ int mdo_create_obj(const struct lu_env *env, struct mdd_object *o, * LU-974 enforce client umask in creation. * TODO: CMD needs to handle this for remote object. */ - saved = xchg(¤t->fs->umask, uc->mu_umask & S_IRWXUGO); + saved = xchg(¤t->fs->umask, uc->uc_umask & S_IRWXUGO); rc = next->do_ops->do_create(env, next, attr, hint, dof, handle); diff --git a/lustre/mdd/mdd_lov.c b/lustre/mdd/mdd_lov.c index b6a0015..991d6f4 100644 --- a/lustre/mdd/mdd_lov.c +++ b/lustre/mdd/mdd_lov.c @@ -81,4 +81,3 @@ int mdd_get_md(const struct lu_env *env, struct mdd_object *obj, RETURN(rc); } - diff --git a/lustre/mdd/mdd_object.c b/lustre/mdd/mdd_object.c index a393b0f..d4eff75 100644 --- a/lustre/mdd/mdd_object.c +++ b/lustre/mdd/mdd_object.c @@ -720,7 +720,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, struct lu_attr *la, const unsigned long flags) { struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la; - struct md_ucred *uc; + struct lu_ucred *uc; int rc; ENTRY; @@ -735,12 +735,11 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if (la->la_valid & (LA_NLINK | LA_RDEV | LA_BLKSIZE)) RETURN(-EPERM); - /* export destroy does not have ->le_ses, but we may want - * to drop LUSTRE_SOM_FL. */ - if (!env->le_ses) - RETURN(0); - - uc = md_ucred(env); + /* export destroy does not have ->le_ses, but we may want + * to drop LUSTRE_SOM_FL. */ + uc = lu_ucred_check(env); + if (uc == NULL) + RETURN(0); rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA); if (rc) @@ -771,9 +770,9 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, unsigned int newflags = la->la_flags & (LUSTRE_IMMUTABLE_FL | LUSTRE_APPEND_FL); - if ((uc->mu_fsuid != tmp_la->la_uid) && - !mdd_capable(uc, CFS_CAP_FOWNER)) - RETURN(-EPERM); + if ((uc->uc_fsuid != tmp_la->la_uid) && + !mdd_capable(uc, CFS_CAP_FOWNER)) + RETURN(-EPERM); /* XXX: the IMMUTABLE and APPEND_ONLY flags can * only be changed by the relevant capability. */ @@ -794,17 +793,17 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, !(flags & MDS_PERM_BYPASS)) RETURN(-EPERM); - /* Check for setting the obj time. */ - if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) && - !(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) { - if ((uc->mu_fsuid != tmp_la->la_uid) && - !mdd_capable(uc, CFS_CAP_FOWNER)) { + /* Check for setting the obj time. */ + if ((la->la_valid & (LA_MTIME | LA_ATIME | LA_CTIME)) && + !(la->la_valid & ~(LA_MTIME | LA_ATIME | LA_CTIME))) { + if ((uc->uc_fsuid != tmp_la->la_uid) && + !mdd_capable(uc, CFS_CAP_FOWNER)) { rc = mdd_permission_internal(env, obj, tmp_la, MAY_WRITE); - if (rc) - RETURN(rc); - } - } + if (rc) + RETURN(rc); + } + } if (la->la_valid & LA_KILL_SUID) { la->la_valid &= ~LA_KILL_SUID; @@ -830,9 +829,9 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, /* Make sure a caller can chmod. */ if (la->la_valid & LA_MODE) { if (!(flags & MDS_PERM_BYPASS) && - (uc->mu_fsuid != tmp_la->la_uid) && - !mdd_capable(uc, CFS_CAP_FOWNER)) - RETURN(-EPERM); + (uc->uc_fsuid != tmp_la->la_uid) && + !mdd_capable(uc, CFS_CAP_FOWNER)) + RETURN(-EPERM); if (la->la_mode == (cfs_umode_t) -1) la->la_mode = tmp_la->la_mode; @@ -853,10 +852,10 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if (la->la_valid & LA_UID) { if (la->la_uid == (uid_t) -1) la->la_uid = tmp_la->la_uid; - if (((uc->mu_fsuid != tmp_la->la_uid) || - (la->la_uid != tmp_la->la_uid)) && - !mdd_capable(uc, CFS_CAP_CHOWN)) - RETURN(-EPERM); + if (((uc->uc_fsuid != tmp_la->la_uid) || + (la->la_uid != tmp_la->la_uid)) && + !mdd_capable(uc, CFS_CAP_CHOWN)) + RETURN(-EPERM); /* If the user or group of a non-directory has been * changed by a non-root user, remove the setuid bit. @@ -878,11 +877,11 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, if (la->la_valid & LA_GID) { if (la->la_gid == (gid_t) -1) la->la_gid = tmp_la->la_gid; - if (((uc->mu_fsuid != tmp_la->la_uid) || - ((la->la_gid != tmp_la->la_gid) && - !lustre_in_group_p(uc, la->la_gid))) && - !mdd_capable(uc, CFS_CAP_CHOWN)) - RETURN(-EPERM); + if (((uc->uc_fsuid != tmp_la->la_uid) || + ((la->la_gid != tmp_la->la_gid) && + !lustre_in_group_p(uc, la->la_gid))) && + !mdd_capable(uc, CFS_CAP_CHOWN)) + RETURN(-EPERM); /* Likewise, if the user or group of a non-directory * has been changed by a non-root user, remove the @@ -920,7 +919,7 @@ static int mdd_fix_attr(const struct lu_env *env, struct mdd_object *obj, } else { if (la->la_valid & (LA_SIZE | LA_BLOCKS)) { if (!((flags & MDS_OPEN_OWNEROVERRIDE) && - (uc->mu_fsuid == tmp_la->la_uid)) && + (uc->uc_fsuid == tmp_la->la_uid)) && !(flags & MDS_PERM_BYPASS)) { rc = mdd_permission_internal(env, obj, tmp_la, MAY_WRITE); @@ -1160,25 +1159,25 @@ stop: } static int mdd_xattr_sanity_check(const struct lu_env *env, - struct mdd_object *obj) + struct mdd_object *obj) { - struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la; - struct md_ucred *uc = md_ucred(env); - int rc; - ENTRY; + struct lu_attr *tmp_la = &mdd_env_info(env)->mti_la; + struct lu_ucred *uc = lu_ucred_assert(env); + int rc; + ENTRY; - if (mdd_is_immutable(obj) || mdd_is_append(obj)) - RETURN(-EPERM); + if (mdd_is_immutable(obj) || mdd_is_append(obj)) + RETURN(-EPERM); - rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA); - if (rc) - RETURN(rc); + rc = mdd_la_get(env, obj, tmp_la, BYPASS_CAPA); + if (rc) + RETURN(rc); - if ((uc->mu_fsuid != tmp_la->la_uid) && - !mdd_capable(uc, CFS_CAP_FOWNER)) - RETURN(-EPERM); + if ((uc->uc_fsuid != tmp_la->la_uid) && + !mdd_capable(uc, CFS_CAP_FOWNER)) + RETURN(-EPERM); - RETURN(rc); + RETURN(rc); } static int mdd_declare_xattr_set(const struct lu_env *env, @@ -1351,28 +1350,27 @@ void mdd_object_make_hint(const struct lu_env *env, struct mdd_object *parent, */ int accmode(const struct lu_env *env, struct lu_attr *la, int flags) { - int res = 0; - - /* Sadly, NFSD reopens a file repeatedly during operation, so the - * "acc_mode = 0" allowance for newly-created files isn't honoured. - * NFSD uses the MDS_OPEN_OWNEROVERRIDE flag to say that a file - * owner can write to a file even if it is marked readonly to hide - * its brokenness. (bug 5781) */ - if (flags & MDS_OPEN_OWNEROVERRIDE) { - struct md_ucred *uc = md_ucred(env); - - if ((uc == NULL) || (uc->mu_valid == UCRED_INIT) || - (la->la_uid == uc->mu_fsuid)) - return 0; - } + int res = 0; + + /* Sadly, NFSD reopens a file repeatedly during operation, so the + * "acc_mode = 0" allowance for newly-created files isn't honoured. + * NFSD uses the MDS_OPEN_OWNEROVERRIDE flag to say that a file + * owner can write to a file even if it is marked readonly to hide + * its brokenness. (bug 5781) */ + if (flags & MDS_OPEN_OWNEROVERRIDE) { + struct lu_ucred *uc = lu_ucred_check(env); + + if ((uc == NULL) || (la->la_uid == uc->uc_fsuid)) + return 0; + } - if (flags & FMODE_READ) - res |= MAY_READ; - if (flags & (FMODE_WRITE | MDS_OPEN_TRUNC | MDS_OPEN_APPEND)) - res |= MAY_WRITE; - if (flags & MDS_FMODE_EXEC) - res = MAY_EXEC; - return res; + if (flags & FMODE_READ) + res |= MAY_READ; + if (flags & (FMODE_WRITE | MDS_OPEN_TRUNC | MDS_OPEN_APPEND)) + res |= MAY_WRITE; + if (flags & MDS_FMODE_EXEC) + res = MAY_EXEC; + return res; } static int mdd_open_sanity_check(const struct lu_env *env, @@ -1421,13 +1419,13 @@ static int mdd_open_sanity_check(const struct lu_env *env, * Now, flag -- O_NOATIME does not be packed by client. */ if (flag & O_NOATIME) { - struct md_ucred *uc = md_ucred(env); + struct lu_ucred *uc = lu_ucred(env); - if (uc && ((uc->mu_valid == UCRED_OLD) || - (uc->mu_valid == UCRED_NEW)) && - (uc->mu_fsuid != tmp_la->la_uid) && - !mdd_capable(uc, CFS_CAP_FOWNER)) - RETURN(-EPERM); + if (uc && ((uc->uc_valid == UCRED_OLD) || + (uc->uc_valid == UCRED_NEW)) && + (uc->uc_fsuid != tmp_la->la_uid) && + !mdd_capable(uc, CFS_CAP_FOWNER)) + RETURN(-EPERM); } #endif diff --git a/lustre/mdd/mdd_permission.c b/lustre/mdd/mdd_permission.c index abedd81..3486f7e 100644 --- a/lustre/mdd/mdd_permission.c +++ b/lustre/mdd/mdd_permission.c @@ -231,7 +231,7 @@ static int mdd_check_acl(const struct lu_env *env, struct mdd_object *obj, struct lu_attr *la, int mask) { #ifdef CONFIG_FS_POSIX_ACL - struct md_ucred *uc = md_ucred(env); + struct lu_ucred *uc = lu_ucred_assert(env); posix_acl_xattr_header *head; posix_acl_xattr_entry *entry; struct lu_buf *buf; @@ -263,7 +263,7 @@ static int mdd_check_acl(const struct lu_env *env, struct mdd_object *obj, int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj, struct lu_attr *la, int mask, int role) { - struct md_ucred *uc = md_ucred(env); + struct lu_ucred *uc = lu_ucred(env); __u32 mode; int rc; ENTRY; @@ -271,13 +271,13 @@ int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj, if (mask == 0) RETURN(0); - /* These means unnecessary for permission check */ - if ((uc == NULL) || (uc->mu_valid == UCRED_INIT)) - RETURN(0); + /* These means unnecessary for permission check */ + if ((uc == NULL) || (uc->uc_valid == UCRED_INIT)) + RETURN(0); - /* Invalid user credit */ - if (uc->mu_valid == UCRED_INVALID) - RETURN(-EACCES); + /* Invalid user credit */ + if (uc->uc_valid == UCRED_INVALID) + RETURN(-EACCES); /* * Nobody gets write access to an immutable file. @@ -293,8 +293,8 @@ int __mdd_permission_internal(const struct lu_env *env, struct mdd_object *obj, } mode = la->la_mode; - if (uc->mu_fsuid == la->la_uid) { - mode >>= 6; + if (uc->uc_fsuid == la->la_uid) { + mode >>= 6; } else { if (mode & S_IRWXG) { if (role != -1) @@ -334,7 +334,7 @@ int mdd_permission(const struct lu_env *env, struct md_attr *ma, int mask) { struct mdd_object *mdd_pobj, *mdd_cobj; - struct md_ucred *uc = NULL; + struct lu_ucred *uc = NULL; struct lu_attr *la = &mdd_env_info(env)->mti_cattr; int check_create, check_link; int check_unlink; @@ -389,7 +389,7 @@ int mdd_permission(const struct lu_env *env, } if (!rc && (check_vtx_part || check_vtx_full)) { - uc = md_ucred(env); + uc = lu_ucred_assert(env); if (likely(!la)) { la = &mdd_env_info(env)->mti_la; rc = mdd_la_get(env, mdd_cobj, la, BYPASS_CAPA); @@ -397,10 +397,10 @@ int mdd_permission(const struct lu_env *env, RETURN(rc); } - if (!(la->la_mode & S_ISVTX) || (la->la_uid == uc->mu_fsuid) || - (check_vtx_full && (ma->ma_attr.la_valid & LA_UID) && - (ma->ma_attr.la_uid == uc->mu_fsuid))) { - ma->ma_attr_flags |= MDS_VTX_BYPASS; + if (!(la->la_mode & S_ISVTX) || (la->la_uid == uc->uc_fsuid) || + (check_vtx_full && (ma->ma_attr.la_valid & LA_UID) && + (ma->ma_attr.la_uid == uc->uc_fsuid))) { + ma->ma_attr_flags |= MDS_VTX_BYPASS; } else { ma->ma_attr_flags &= ~MDS_VTX_BYPASS; if (check_vtx_full) @@ -410,11 +410,11 @@ int mdd_permission(const struct lu_env *env, if (unlikely(!rc && check_rgetfacl)) { if (likely(!uc)) - uc = md_ucred(env); + uc = lu_ucred_assert(env); - if (la->la_uid != uc->mu_fsuid && - !mdd_capable(uc, CFS_CAP_FOWNER)) - rc = -EPERM; + if (la->la_uid != uc->uc_fsuid && + !mdd_capable(uc, CFS_CAP_FOWNER)) + rc = -EPERM; } RETURN(rc); diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 1c5d473..144fc0b 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -6249,9 +6249,14 @@ static void mdt_key_fini(const struct lu_context *ctx, /* context key: mdt_thread_key */ LU_CONTEXT_KEY_DEFINE(mdt, LCT_MD_THREAD); -struct md_ucred *mdt_ucred(const struct mdt_thread_info *info) +struct lu_ucred *mdt_ucred(const struct mdt_thread_info *info) { - return md_ucred(info->mti_env); + return lu_ucred(info->mti_env); +} + +struct lu_ucred *mdt_ucred_check(const struct mdt_thread_info *info) +{ + return lu_ucred_check(info->mti_env); } /** diff --git a/lustre/mdt/mdt_identity.c b/lustre/mdt/mdt_identity.c index f5c8403..e8612d1 100644 --- a/lustre/mdt/mdt_identity.c +++ b/lustre/mdt/mdt_identity.c @@ -277,7 +277,7 @@ __u32 mdt_identity_get_perm(struct md_identity *identity, int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o, void *buf) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred_check(info); struct md_object *next = mdt_object_child(o); struct mdt_remote_perm *perm = buf; @@ -289,13 +289,13 @@ int mdt_pack_remote_perm(struct mdt_thread_info *info, struct mdt_object *o, if (!exp_connect_rmtclient(info->mti_exp)) RETURN(-EBADE); - if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) - RETURN(-EINVAL); + if (uc == NULL) + RETURN(-EINVAL); - perm->rp_uid = uc->mu_o_uid; - perm->rp_gid = uc->mu_o_gid; - perm->rp_fsuid = uc->mu_o_fsuid; - perm->rp_fsgid = uc->mu_o_fsgid; + perm->rp_uid = uc->uc_o_uid; + perm->rp_gid = uc->uc_o_gid; + perm->rp_fsuid = uc->uc_o_fsuid; + perm->rp_fsgid = uc->uc_o_fsgid; perm->rp_access_perm = 0; if (mo_permission(info->mti_env, NULL, next, NULL, MAY_READ) == 0) diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c index be8430b..da581db 100644 --- a/lustre/mdt/mdt_idmap.c +++ b/lustre/mdt/mdt_idmap.c @@ -387,7 +387,7 @@ int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req, void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; @@ -425,21 +425,21 @@ void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body) int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred_check(info); struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_export_data *med = mdt_req2med(req); struct lustre_idmap_table *idmap = med->med_idmap; - if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW)) - return -EINVAL; + if (uc == NULL) + return -EINVAL; if (op != REINT_SETATTR) { - if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) - attr->la_uid = uc->mu_fsuid; - /* for S_ISGID, inherit gid from his parent, such work will be - * done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */ - if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) - attr->la_gid = uc->mu_fsgid; + if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) + attr->la_uid = uc->uc_fsuid; + /* for S_ISGID, inherit gid from his parent, such work will be + * done in cmm/mdd layer, here set all cases as uc->uc_fsgid. */ + if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) + attr->la_gid = uc->uc_fsgid; } else if (exp_connect_rmtclient(info->mti_exp)) { /* NB: -1 case will be handled by mdt_fix_attr() later. */ if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) { diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index a40e208..b990ba9 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -709,7 +709,8 @@ static inline int mdt_check_resent(struct mdt_thread_info *info, RETURN(0); } -struct md_ucred *mdt_ucred(const struct mdt_thread_info *info); +struct lu_ucred *mdt_ucred(const struct mdt_thread_info *info); +struct lu_ucred *mdt_ucred_check(const struct mdt_thread_info *info); static inline int is_identity_get_disabled(struct upcall_cache *cache) { diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index f5736a1..d34e873 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -60,22 +60,23 @@ typedef enum ucred_init_type { void mdt_exit_ucred(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); - struct mdt_device *mdt = info->mti_mdt; - - if (uc->mu_valid != UCRED_INIT) { - uc->mu_suppgids[0] = uc->mu_suppgids[1] = -1; - if (uc->mu_ginfo) { - cfs_put_group_info(uc->mu_ginfo); - uc->mu_ginfo = NULL; - } - if (uc->mu_identity) { - mdt_identity_put(mdt->mdt_identity_cache, - uc->mu_identity); - uc->mu_identity = NULL; - } - uc->mu_valid = UCRED_INIT; - } + struct lu_ucred *uc = mdt_ucred(info); + struct mdt_device *mdt = info->mti_mdt; + + LASSERT(uc != NULL); + if (uc->uc_valid != UCRED_INIT) { + uc->uc_suppgids[0] = uc->uc_suppgids[1] = -1; + if (uc->uc_ginfo) { + cfs_put_group_info(uc->uc_ginfo); + uc->uc_ginfo = NULL; + } + if (uc->uc_identity) { + mdt_identity_put(mdt->mdt_identity_cache, + uc->uc_identity); + uc->uc_identity = NULL; + } + uc->uc_valid = UCRED_INIT; + } } static int match_nosquash_list(struct rw_semaphore *sem, @@ -93,11 +94,12 @@ static int match_nosquash_list(struct rw_semaphore *sem, /* root_squash for inter-MDS operations */ static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) { - struct md_ucred *ucred = mdt_ucred(info); - ENTRY; + struct lu_ucred *ucred = mdt_ucred(info); + ENTRY; - if (!info->mti_mdt->mdt_squash_uid || ucred->mu_fsuid) - RETURN(0); + LASSERT(ucred != NULL); + if (!info->mti_mdt->mdt_squash_uid || ucred->uc_fsuid) + RETURN(0); if (match_nosquash_list(&info->mti_mdt->mdt_squash_sem, &info->mti_mdt->mdt_nosquash_nids, @@ -107,19 +109,19 @@ static int mdt_root_squash(struct mdt_thread_info *info, lnet_nid_t peernid) RETURN(0); } - CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", - libcfs_nid2str(peernid), - ucred->mu_fsuid, ucred->mu_fsgid, ucred->mu_cap, - info->mti_mdt->mdt_squash_uid, info->mti_mdt->mdt_squash_gid, - 0); + CDEBUG(D_OTHER, "squash req from %s, (%d:%d/%x)=>(%d:%d/%x)\n", + libcfs_nid2str(peernid), + ucred->uc_fsuid, ucred->uc_fsgid, ucred->uc_cap, + info->mti_mdt->mdt_squash_uid, info->mti_mdt->mdt_squash_gid, + 0); - ucred->mu_fsuid = info->mti_mdt->mdt_squash_uid; - ucred->mu_fsgid = info->mti_mdt->mdt_squash_gid; - ucred->mu_cap = 0; - ucred->mu_suppgids[0] = -1; - ucred->mu_suppgids[1] = -1; + ucred->uc_fsuid = info->mti_mdt->mdt_squash_uid; + ucred->uc_fsgid = info->mti_mdt->mdt_squash_gid; + ucred->uc_cap = 0; + ucred->uc_suppgids[0] = -1; + ucred->uc_suppgids[1] = -1; - RETURN(0); + RETURN(0); } static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, @@ -128,7 +130,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, struct ptlrpc_request *req = mdt_info_req(info); struct mdt_device *mdt = info->mti_mdt; struct ptlrpc_user_desc *pud = req->rq_user_desc; - struct md_ucred *ucred = mdt_ucred(info); + struct lu_ucred *ucred = mdt_ucred(info); lnet_nid_t peernid = req->rq_peer.nid; __u32 perm = 0; __u32 remote = exp_connect_rmtclient(info->mti_exp); @@ -141,20 +143,21 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, LASSERT(req->rq_auth_gss); LASSERT(!req->rq_auth_usr_mdt); LASSERT(req->rq_user_desc); + LASSERT(ucred != NULL); - ucred->mu_valid = UCRED_INVALID; + ucred->uc_valid = UCRED_INVALID; - ucred->mu_o_uid = pud->pud_uid; - ucred->mu_o_gid = pud->pud_gid; - ucred->mu_o_fsuid = pud->pud_fsuid; - ucred->mu_o_fsgid = pud->pud_fsgid; + ucred->uc_o_uid = pud->pud_uid; + ucred->uc_o_gid = pud->pud_gid; + ucred->uc_o_fsuid = pud->pud_fsuid; + ucred->uc_o_fsgid = pud->pud_fsgid; - if (type == BODY_INIT) { - struct mdt_body *body = (struct mdt_body *)buf; + if (type == BODY_INIT) { + struct mdt_body *body = (struct mdt_body *)buf; - ucred->mu_suppgids[0] = body->suppgid; - ucred->mu_suppgids[1] = -1; - } + ucred->uc_suppgids[0] = body->suppgid; + ucred->uc_suppgids[1] = -1; + } /* sanity check: we expect the uid which client claimed is true */ if (remote) { @@ -192,7 +195,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, "enabled!\n"); RETURN(-EACCES); } else { - ucred->mu_identity = NULL; + ucred->uc_identity = NULL; perm = CFS_SETUID_PERM | CFS_SETGID_PERM | CFS_SETGRP_PERM; } @@ -204,7 +207,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, if (IS_ERR(identity)) { if (unlikely(PTR_ERR(identity) == -EREMCHG && !remote)) { - ucred->mu_identity = NULL; + ucred->uc_identity = NULL; perm = CFS_SETUID_PERM | CFS_SETGID_PERM | CFS_SETGRP_PERM; } else { @@ -213,17 +216,17 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, RETURN(-EACCES); } } else { - ucred->mu_identity = identity; - perm = mdt_identity_get_perm(ucred->mu_identity, - remote, peernid); + ucred->uc_identity = identity; + perm = mdt_identity_get_perm(ucred->uc_identity, + remote, peernid); } } /* find out the setuid/setgid attempt */ setuid = (pud->pud_uid != pud->pud_fsuid); - setgid = ((pud->pud_gid != pud->pud_fsgid) || - (ucred->mu_identity && - (pud->pud_gid != ucred->mu_identity->mi_gid))); + setgid = ((pud->pud_gid != pud->pud_fsgid) || + (ucred->uc_identity && + (pud->pud_gid != ucred->uc_identity->mi_gid))); /* check permission of setuid */ if (setuid && !(perm & CFS_SETUID_PERM)) { @@ -234,72 +237,72 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, /* check permission of setgid */ if (setgid && !(perm & CFS_SETGID_PERM)) { - CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) " - "from %s\n", pud->pud_uid, pud->pud_gid, - pud->pud_fsuid, pud->pud_fsgid, - ucred->mu_identity->mi_gid, libcfs_nid2str(peernid)); - GOTO(out, rc = -EACCES); + CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) " + "from %s\n", pud->pud_uid, pud->pud_gid, + pud->pud_fsuid, pud->pud_fsgid, + ucred->uc_identity->mi_gid, libcfs_nid2str(peernid)); + GOTO(out, rc = -EACCES); } /* * NB: remote client not allowed to setgroups anyway. */ - if (!remote && perm & CFS_SETGRP_PERM) { - if (pud->pud_ngroups) { - /* setgroups for local client */ - ucred->mu_ginfo = cfs_groups_alloc(pud->pud_ngroups); - if (!ucred->mu_ginfo) { - CERROR("failed to alloc %d groups\n", - pud->pud_ngroups); - GOTO(out, rc = -ENOMEM); - } - - lustre_groups_from_list(ucred->mu_ginfo, - pud->pud_groups); - lustre_groups_sort(ucred->mu_ginfo); - } else { - ucred->mu_ginfo = NULL; - } - } else { - ucred->mu_suppgids[0] = -1; - ucred->mu_suppgids[1] = -1; - ucred->mu_ginfo = NULL; - } + if (!remote && perm & CFS_SETGRP_PERM) { + if (pud->pud_ngroups) { + /* setgroups for local client */ + ucred->uc_ginfo = cfs_groups_alloc(pud->pud_ngroups); + if (!ucred->uc_ginfo) { + CERROR("failed to alloc %d groups\n", + pud->pud_ngroups); + GOTO(out, rc = -ENOMEM); + } + + lustre_groups_from_list(ucred->uc_ginfo, + pud->pud_groups); + lustre_groups_sort(ucred->uc_ginfo); + } else { + ucred->uc_ginfo = NULL; + } + } else { + ucred->uc_suppgids[0] = -1; + ucred->uc_suppgids[1] = -1; + ucred->uc_ginfo = NULL; + } - ucred->mu_uid = pud->pud_uid; - ucred->mu_gid = pud->pud_gid; - ucred->mu_fsuid = pud->pud_fsuid; - ucred->mu_fsgid = pud->pud_fsgid; + ucred->uc_uid = pud->pud_uid; + ucred->uc_gid = pud->pud_gid; + ucred->uc_fsuid = pud->pud_fsuid; + ucred->uc_fsgid = pud->pud_fsgid; - /* process root_squash here. */ - mdt_root_squash(info, peernid); + /* process root_squash here. */ + mdt_root_squash(info, peernid); - /* remove fs privilege for non-root user. */ - if (ucred->mu_fsuid) - ucred->mu_cap = pud->pud_cap & ~CFS_CAP_FS_MASK; - else - ucred->mu_cap = pud->pud_cap; - if (remote && !(perm & CFS_RMTOWN_PERM)) - ucred->mu_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK | - CFS_CAP_CHOWN_MASK); - ucred->mu_valid = UCRED_NEW; + /* remove fs privilege for non-root user. */ + if (ucred->uc_fsuid) + ucred->uc_cap = pud->pud_cap & ~CFS_CAP_FS_MASK; + else + ucred->uc_cap = pud->pud_cap; + if (remote && !(perm & CFS_RMTOWN_PERM)) + ucred->uc_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK | + CFS_CAP_CHOWN_MASK); + ucred->uc_valid = UCRED_NEW; - EXIT; + EXIT; out: - if (rc) { - if (ucred->mu_ginfo) { - cfs_put_group_info(ucred->mu_ginfo); - ucred->mu_ginfo = NULL; - } - if (ucred->mu_identity) { - mdt_identity_put(mdt->mdt_identity_cache, - ucred->mu_identity); - ucred->mu_identity = NULL; - } - } + if (rc) { + if (ucred->uc_ginfo) { + cfs_put_group_info(ucred->uc_ginfo); + ucred->uc_ginfo = NULL; + } + if (ucred->uc_identity) { + mdt_identity_put(mdt->mdt_identity_cache, + ucred->uc_identity); + ucred->uc_identity = NULL; + } + } - return rc; + return rc; } int mdt_check_ucred(struct mdt_thread_info *info) @@ -307,7 +310,7 @@ int mdt_check_ucred(struct mdt_thread_info *info) struct ptlrpc_request *req = mdt_info_req(info); struct mdt_device *mdt = info->mti_mdt; struct ptlrpc_user_desc *pud = req->rq_user_desc; - struct md_ucred *ucred = mdt_ucred(info); + struct lu_ucred *ucred = mdt_ucred(info); struct md_identity *identity = NULL; lnet_nid_t peernid = req->rq_peer.nid; __u32 perm = 0; @@ -318,8 +321,9 @@ int mdt_check_ucred(struct mdt_thread_info *info) ENTRY; - if ((ucred->mu_valid == UCRED_OLD) || (ucred->mu_valid == UCRED_NEW)) - RETURN(0); + LASSERT(ucred != NULL); + if ((ucred->uc_valid == UCRED_OLD) || (ucred->uc_valid == UCRED_NEW)) + RETURN(0); if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc) RETURN(0); @@ -406,95 +410,98 @@ out: } static int old_init_ucred(struct mdt_thread_info *info, - struct mdt_body *body) + struct mdt_body *body) { - struct md_ucred *uc = mdt_ucred(info); - struct mdt_device *mdt = info->mti_mdt; - struct md_identity *identity = NULL; + struct lu_ucred *uc = mdt_ucred(info); + struct mdt_device *mdt = info->mti_mdt; + struct md_identity *identity = NULL; - ENTRY; + ENTRY; - uc->mu_valid = UCRED_INVALID; - uc->mu_o_uid = uc->mu_uid = body->uid; - uc->mu_o_gid = uc->mu_gid = body->gid; - uc->mu_o_fsuid = uc->mu_fsuid = body->fsuid; - uc->mu_o_fsgid = uc->mu_fsgid = body->fsgid; - uc->mu_suppgids[0] = body->suppgid; - uc->mu_suppgids[1] = -1; - uc->mu_ginfo = NULL; - if (!is_identity_get_disabled(mdt->mdt_identity_cache)) { - identity = mdt_identity_get(mdt->mdt_identity_cache, - uc->mu_fsuid); - if (IS_ERR(identity)) { - if (unlikely(PTR_ERR(identity) == -EREMCHG)) { - identity = NULL; - } else { - CDEBUG(D_SEC, "Deny access without identity: " - "uid %u\n", uc->mu_fsuid); - RETURN(-EACCES); - } - } - } - uc->mu_identity = identity; + LASSERT(uc != NULL); + uc->uc_valid = UCRED_INVALID; + uc->uc_o_uid = uc->uc_uid = body->uid; + uc->uc_o_gid = uc->uc_gid = body->gid; + uc->uc_o_fsuid = uc->uc_fsuid = body->fsuid; + uc->uc_o_fsgid = uc->uc_fsgid = body->fsgid; + uc->uc_suppgids[0] = body->suppgid; + uc->uc_suppgids[1] = -1; + uc->uc_ginfo = NULL; + if (!is_identity_get_disabled(mdt->mdt_identity_cache)) { + identity = mdt_identity_get(mdt->mdt_identity_cache, + uc->uc_fsuid); + if (IS_ERR(identity)) { + if (unlikely(PTR_ERR(identity) == -EREMCHG)) { + identity = NULL; + } else { + CDEBUG(D_SEC, "Deny access without identity: " + "uid %u\n", uc->uc_fsuid); + RETURN(-EACCES); + } + } + } + uc->uc_identity = identity; - /* process root_squash here. */ - mdt_root_squash(info, mdt_info_req(info)->rq_peer.nid); + /* process root_squash here. */ + mdt_root_squash(info, mdt_info_req(info)->rq_peer.nid); - /* remove fs privilege for non-root user. */ - if (uc->mu_fsuid) - uc->mu_cap = body->capability & ~CFS_CAP_FS_MASK; - else - uc->mu_cap = body->capability; - uc->mu_valid = UCRED_OLD; + /* remove fs privilege for non-root user. */ + if (uc->uc_fsuid) + uc->uc_cap = body->capability & ~CFS_CAP_FS_MASK; + else + uc->uc_cap = body->capability; + uc->uc_valid = UCRED_OLD; - RETURN(0); + RETURN(0); } static int old_init_ucred_reint(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); - struct mdt_device *mdt = info->mti_mdt; - struct md_identity *identity = NULL; + struct lu_ucred *uc = mdt_ucred(info); + struct mdt_device *mdt = info->mti_mdt; + struct md_identity *identity = NULL; - ENTRY; + ENTRY; - uc->mu_valid = UCRED_INVALID; - uc->mu_o_uid = uc->mu_o_fsuid = uc->mu_uid = uc->mu_fsuid; - uc->mu_o_gid = uc->mu_o_fsgid = uc->mu_gid = uc->mu_fsgid; - uc->mu_ginfo = NULL; - if (!is_identity_get_disabled(mdt->mdt_identity_cache)) { - identity = mdt_identity_get(mdt->mdt_identity_cache, - uc->mu_fsuid); - if (IS_ERR(identity)) { - if (unlikely(PTR_ERR(identity) == -EREMCHG)) { - identity = NULL; - } else { - CDEBUG(D_SEC, "Deny access without identity: " - "uid %u\n", uc->mu_fsuid); - RETURN(-EACCES); - } - } - } - uc->mu_identity = identity; + LASSERT(uc != NULL); + uc->uc_valid = UCRED_INVALID; + uc->uc_o_uid = uc->uc_o_fsuid = uc->uc_uid = uc->uc_fsuid; + uc->uc_o_gid = uc->uc_o_fsgid = uc->uc_gid = uc->uc_fsgid; + uc->uc_ginfo = NULL; + if (!is_identity_get_disabled(mdt->mdt_identity_cache)) { + identity = mdt_identity_get(mdt->mdt_identity_cache, + uc->uc_fsuid); + if (IS_ERR(identity)) { + if (unlikely(PTR_ERR(identity) == -EREMCHG)) { + identity = NULL; + } else { + CDEBUG(D_SEC, "Deny access without identity: " + "uid %u\n", uc->uc_fsuid); + RETURN(-EACCES); + } + } + } + uc->uc_identity = identity; - /* process root_squash here. */ - mdt_root_squash(info, mdt_info_req(info)->rq_peer.nid); + /* process root_squash here. */ + mdt_root_squash(info, mdt_info_req(info)->rq_peer.nid); - /* remove fs privilege for non-root user. */ - if (uc->mu_fsuid) - uc->mu_cap &= ~CFS_CAP_FS_MASK; - uc->mu_valid = UCRED_OLD; + /* remove fs privilege for non-root user. */ + if (uc->uc_fsuid) + uc->uc_cap &= ~CFS_CAP_FS_MASK; + uc->uc_valid = UCRED_OLD; - RETURN(0); + RETURN(0); } int mdt_init_ucred(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); - if ((uc->mu_valid == UCRED_OLD) || (uc->mu_valid == UCRED_NEW)) - return 0; + LASSERT(uc != NULL); + if ((uc->uc_valid == UCRED_OLD) || (uc->uc_valid == UCRED_NEW)) + return 0; mdt_exit_ucred(info); @@ -507,10 +514,11 @@ int mdt_init_ucred(struct mdt_thread_info *info, struct mdt_body *body) int mdt_init_ucred_reint(struct mdt_thread_info *info) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); - if ((uc->mu_valid == UCRED_OLD) || (uc->mu_valid == UCRED_NEW)) - return 0; + LASSERT(uc != NULL); + if ((uc->uc_valid == UCRED_OLD) || (uc->uc_valid == UCRED_NEW)) + return 0; mdt_exit_ucred(info); @@ -798,7 +806,7 @@ static __u64 mdt_attr_valid_xlate(__u64 in, struct mdt_reint_record *rr, static int mdt_setattr_unpack_rec(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct md_attr *ma = &info->mti_attr; struct lu_attr *la = &ma->ma_attr; struct req_capsule *pill = info->mti_pill; @@ -811,11 +819,12 @@ static int mdt_setattr_unpack_rec(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->sa_fsuid; - uc->mu_fsgid = rec->sa_fsgid; - uc->mu_cap = rec->sa_cap; - uc->mu_suppgids[0] = rec->sa_suppgid; - uc->mu_suppgids[1] = -1; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->sa_fsuid; + uc->uc_fsgid = rec->sa_fsgid; + uc->uc_cap = rec->sa_cap; + uc->uc_suppgids[0] = rec->sa_suppgid; + uc->uc_suppgids[1] = -1; rr->rr_fid1 = &rec->sa_fid; la->la_valid = mdt_attr_valid_xlate(attr_unpack(rec->sa_valid), rr, ma); @@ -901,12 +910,15 @@ int mdt_close_unpack(struct mdt_thread_info *info) if (rc) RETURN(rc); - RETURN(mdt_setattr_unpack_rec(info)); + rc = mdt_setattr_unpack_rec(info); + if (rc) + RETURN(rc); + RETURN(mdt_init_ucred_reint(info)); } static int mdt_create_unpack(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_rec_create *rec; struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_reint_record *rr = &info->mti_rr; @@ -920,12 +932,13 @@ static int mdt_create_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->cr_fsuid; - uc->mu_fsgid = rec->cr_fsgid; - uc->mu_cap = rec->cr_cap; - uc->mu_suppgids[0] = rec->cr_suppgid1; - uc->mu_suppgids[1] = -1; - uc->mu_umask = rec->cr_umask; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->cr_fsuid; + uc->uc_fsgid = rec->cr_fsgid; + uc->uc_cap = rec->cr_cap; + uc->uc_suppgids[0] = rec->cr_suppgid1; + uc->uc_suppgids[1] = -1; + uc->uc_umask = rec->cr_umask; rr->rr_fid1 = &rec->cr_fid1; rr->rr_fid2 = &rec->cr_fid2; @@ -971,7 +984,7 @@ static int mdt_create_unpack(struct mdt_thread_info *info) static int mdt_link_unpack(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_rec_link *rec; struct lu_attr *attr = &info->mti_attr.ma_attr; struct mdt_reint_record *rr = &info->mti_rr; @@ -984,11 +997,12 @@ static int mdt_link_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->lk_fsuid; - uc->mu_fsgid = rec->lk_fsgid; - uc->mu_cap = rec->lk_cap; - uc->mu_suppgids[0] = rec->lk_suppgid1; - uc->mu_suppgids[1] = rec->lk_suppgid2; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->lk_fsuid; + uc->uc_fsgid = rec->lk_fsgid; + uc->uc_cap = rec->lk_cap; + uc->uc_suppgids[0] = rec->lk_suppgid1; + uc->uc_suppgids[1] = rec->lk_suppgid2; attr->la_uid = rec->lk_fsuid; attr->la_gid = rec->lk_fsgid; @@ -1018,7 +1032,7 @@ static int mdt_link_unpack(struct mdt_thread_info *info) static int mdt_unlink_unpack(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_rec_unlink *rec; struct md_attr *ma = &info->mti_attr; struct lu_attr *attr = &info->mti_attr.ma_attr; @@ -1032,11 +1046,12 @@ static int mdt_unlink_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->ul_fsuid; - uc->mu_fsgid = rec->ul_fsgid; - uc->mu_cap = rec->ul_cap; - uc->mu_suppgids[0] = rec->ul_suppgid1; - uc->mu_suppgids[1] = -1; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->ul_fsuid; + uc->uc_fsgid = rec->ul_fsgid; + uc->uc_cap = rec->ul_cap; + uc->uc_suppgids[0] = rec->ul_suppgid1; + uc->uc_suppgids[1] = -1; attr->la_uid = rec->ul_fsuid; attr->la_gid = rec->ul_fsgid; @@ -1069,7 +1084,7 @@ static int mdt_unlink_unpack(struct mdt_thread_info *info) static int mdt_rename_unpack(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_rec_rename *rec; struct md_attr *ma = &info->mti_attr; struct lu_attr *attr = &info->mti_attr.ma_attr; @@ -1083,11 +1098,12 @@ static int mdt_rename_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->rn_fsuid; - uc->mu_fsgid = rec->rn_fsgid; - uc->mu_cap = rec->rn_cap; - uc->mu_suppgids[0] = rec->rn_suppgid1; - uc->mu_suppgids[1] = rec->rn_suppgid2; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->rn_fsuid; + uc->uc_fsgid = rec->rn_fsgid; + uc->uc_cap = rec->rn_cap; + uc->uc_suppgids[0] = rec->rn_suppgid1; + uc->uc_suppgids[1] = rec->rn_suppgid2; attr->la_uid = rec->rn_fsuid; attr->la_gid = rec->rn_fsgid; @@ -1151,7 +1167,7 @@ static void mdt_fix_lov_magic(struct mdt_thread_info *info) static int mdt_open_unpack(struct mdt_thread_info *info) { - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_rec_create *rec; struct lu_attr *attr = &info->mti_attr.ma_attr; struct req_capsule *pill = info->mti_pill; @@ -1165,12 +1181,13 @@ static int mdt_open_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->cr_fsuid; - uc->mu_fsgid = rec->cr_fsgid; - uc->mu_cap = rec->cr_cap; - uc->mu_suppgids[0] = rec->cr_suppgid1; - uc->mu_suppgids[1] = rec->cr_suppgid2; - uc->mu_umask = rec->cr_umask; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->cr_fsuid; + uc->uc_fsgid = rec->cr_fsgid; + uc->uc_cap = rec->cr_cap; + uc->uc_suppgids[0] = rec->cr_suppgid1; + uc->uc_suppgids[1] = rec->cr_suppgid2; + uc->uc_umask = rec->cr_umask; rr->rr_fid1 = &rec->cr_fid1; rr->rr_fid2 = &rec->cr_fid2; @@ -1244,7 +1261,7 @@ static int mdt_open_unpack(struct mdt_thread_info *info) static int mdt_setxattr_unpack(struct mdt_thread_info *info) { struct mdt_reint_record *rr = &info->mti_rr; - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct lu_attr *attr = &info->mti_attr.ma_attr; struct req_capsule *pill = info->mti_pill; struct mdt_rec_setxattr *rec; @@ -1258,11 +1275,12 @@ static int mdt_setxattr_unpack(struct mdt_thread_info *info) if (rec == NULL) RETURN(-EFAULT); - uc->mu_fsuid = rec->sx_fsuid; - uc->mu_fsgid = rec->sx_fsgid; - uc->mu_cap = rec->sx_cap; - uc->mu_suppgids[0] = rec->sx_suppgid1; - uc->mu_suppgids[1] = -1; + /* This prior initialization is needed for old_init_ucred_reint() */ + uc->uc_fsuid = rec->sx_fsuid; + uc->uc_fsgid = rec->sx_fsgid; + uc->uc_cap = rec->sx_cap; + uc->uc_suppgids[0] = rec->sx_suppgid1; + uc->uc_suppgids[1] = -1; rr->rr_opcode = rec->sx_opcode; rr->rr_fid1 = &rec->sx_fid; diff --git a/lustre/mdt/mdt_open.c b/lustre/mdt/mdt_open.c index 7e96491..d414f89 100644 --- a/lustre/mdt/mdt_open.c +++ b/lustre/mdt/mdt_open.c @@ -1675,6 +1675,7 @@ int mdt_close(struct mdt_thread_info *info) mdt_client_compatibility(info); if (rc == 0) mdt_fix_reply(info); + mdt_exit_ucred(info); RETURN(lustre_msg_get_status(req->rq_repmsg)); } @@ -1728,6 +1729,7 @@ int mdt_close(struct mdt_thread_info *info) rc = mdt_fix_reply(info); } + mdt_exit_ucred(info); if (OBD_FAIL_CHECK(OBD_FAIL_MDS_CLOSE_PACK)) RETURN(err_serious(-ENOMEM)); @@ -1768,8 +1770,10 @@ int mdt_done_writing(struct mdt_thread_info *info) if (rc) RETURN(err_serious(rc)); - if (mdt_check_resent(info, mdt_reconstruct_generic, NULL)) - RETURN(lustre_msg_get_status(req->rq_repmsg)); + if (mdt_check_resent(info, mdt_reconstruct_generic, NULL)) { + mdt_exit_ucred(info); + RETURN(lustre_msg_get_status(req->rq_repmsg)); + } med = &info->mti_exp->exp_mdt_data; spin_lock(&med->med_open_lock); @@ -1786,9 +1790,9 @@ int mdt_done_writing(struct mdt_thread_info *info) rc = info->mti_ioepoch->flags & MF_SOM_AU ? -EAGAIN : 0; mdt_empty_transno(info, rc); - RETURN(rc); - } - RETURN(-ESTALE); + } else + rc = -ESTALE; + GOTO(error_ucred, rc); } LASSERT(mfd->mfd_mode == MDS_FMODE_EPOCH || @@ -1803,12 +1807,14 @@ int mdt_done_writing(struct mdt_thread_info *info) info->mti_attr.ma_lmm_size = info->mti_mdt->mdt_max_mdsize; OBD_ALLOC_LARGE(info->mti_attr.ma_lmm, info->mti_mdt->mdt_max_mdsize); - if (info->mti_attr.ma_lmm == NULL) - RETURN(-ENOMEM); + if (info->mti_attr.ma_lmm == NULL) + GOTO(error_ucred, rc = -ENOMEM); rc = mdt_mfd_close(info, mfd); OBD_FREE_LARGE(info->mti_attr.ma_lmm, info->mti_mdt->mdt_max_mdsize); mdt_empty_transno(info, rc); - RETURN(rc); +error_ucred: + mdt_exit_ucred(info); + RETURN(rc); } diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c index 7d0ac80..d1915d7 100644 --- a/lustre/mdt/mdt_xattr.c +++ b/lustre/mdt/mdt_xattr.c @@ -111,7 +111,7 @@ int mdt_getxattr(struct mdt_thread_info *info) { struct ptlrpc_request *req = mdt_info_req(info); struct mdt_export_data *med = mdt_req2med(req); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_body *reqbody; struct mdt_body *repbody = NULL; struct md_object *next; @@ -130,7 +130,7 @@ int mdt_getxattr(struct mdt_thread_info *info) if (reqbody == NULL) RETURN(err_serious(-EFAULT)); - rc = mdt_init_ucred(info, reqbody); + rc = mdt_init_ucred(info, reqbody); if (rc) RETURN(err_serious(rc)); @@ -140,8 +140,8 @@ int mdt_getxattr(struct mdt_thread_info *info) if (unlikely(!remote)) GOTO(out, rc = err_serious(-EINVAL)); - perm = mdt_identity_get_perm(uc->mu_identity, remote, - req->rq_peer.nid); + perm = mdt_identity_get_perm(uc->uc_identity, remote, + req->rq_peer.nid); if (!(perm & CFS_RMTACL_PERM)) GOTO(out, rc = err_serious(-EPERM)); @@ -226,7 +226,7 @@ static int mdt_rmtlsetfacl(struct mdt_thread_info *info, { struct ptlrpc_request *req = mdt_info_req(info); struct mdt_export_data *med = mdt_req2med(req); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct lu_buf *buf = &info->mti_buf; int rc; ENTRY; @@ -269,7 +269,7 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, struct mdt_lock_handle *unused) { struct ptlrpc_request *req = mdt_info_req(info); - struct md_ucred *uc = mdt_ucred(info); + struct lu_ucred *uc = mdt_ucred(info); struct mdt_lock_handle *lh; const struct lu_env *env = info->mti_env; struct lu_buf *buf = &info->mti_buf; @@ -296,7 +296,7 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, CDEBUG(D_INODE, "%s xattr %s\n", valid & OBD_MD_FLXATTR ? "set" : "remove", xattr_name); - rc = mdt_init_ucred_reint(info); + rc = mdt_init_ucred_reint(info); if (rc != 0) RETURN(rc); @@ -304,8 +304,8 @@ int mdt_reint_setxattr(struct mdt_thread_info *info, if (unlikely(!remote)) GOTO(out, rc = err_serious(-EINVAL)); - perm = mdt_identity_get_perm(uc->mu_identity, remote, - req->rq_peer.nid); + perm = mdt_identity_get_perm(uc->uc_identity, remote, + req->rq_peer.nid); if (!(perm & CFS_RMTACL_PERM)) GOTO(out, rc = err_serious(-EPERM)); } @@ -422,6 +422,6 @@ out_unlock: if (unlikely(new_xattr != NULL)) lustre_posix_acl_xattr_free(new_xattr, xattr_len); out: - mdt_exit_ucred(info); - return rc; + mdt_exit_ucred(info); + return rc; } diff --git a/lustre/obdclass/acl.c b/lustre/obdclass/acl.c index 7adbd59..ca7524a 100644 --- a/lustre/obdclass/acl.c +++ b/lustre/obdclass/acl.c @@ -93,9 +93,9 @@ static inline void lustre_posix_acl_cpu_to_le(posix_acl_xattr_entry *d, /* * Check permission based on POSIX ACL. */ -int lustre_posix_acl_permission(struct md_ucred *mu, struct lu_attr *la, - int want, posix_acl_xattr_entry *entry, - int count) +int lustre_posix_acl_permission(struct lu_ucred *mu, struct lu_attr *la, + int want, posix_acl_xattr_entry *entry, + int count) { posix_acl_xattr_entry *pa, *pe, *mask_obj; posix_acl_xattr_entry ae, me; @@ -109,12 +109,12 @@ int lustre_posix_acl_permission(struct md_ucred *mu, struct lu_attr *la, switch (ae.e_tag) { case ACL_USER_OBJ: /* (May have been checked already) */ - if (la->la_uid == mu->mu_fsuid) - goto check_perm; + if (la->la_uid == mu->uc_fsuid) + goto check_perm; break; case ACL_USER: - if (ae.e_id == mu->mu_fsuid) - goto mask; + if (ae.e_id == mu->uc_fsuid) + goto mask; break; case ACL_GROUP_OBJ: if (lustre_in_group_p(mu, la->la_gid)) { @@ -465,10 +465,10 @@ EXPORT_SYMBOL(lustre_posix_acl_xattr_filter); * @CFS_IC_UNMAPPED * only unmapped ids are converted to "nobody". */ -int lustre_posix_acl_xattr_id2client(struct md_ucred *mu, - struct lustre_idmap_table *t, - posix_acl_xattr_header *header, - int size, int flags) +int lustre_posix_acl_xattr_id2client(struct lu_ucred *mu, + struct lustre_idmap_table *t, + posix_acl_xattr_header *header, + int size, int flags) { int count, i; __u32 id; @@ -548,9 +548,9 @@ EXPORT_SYMBOL(lustre_posix_acl_xattr_free); * mapped ids are converted to server-side ones, * unmapped ones cause "EPERM" error. */ -int lustre_ext_acl_xattr_id2server(struct md_ucred *mu, - struct lustre_idmap_table *t, - ext_acl_xattr_header *header) +int lustre_ext_acl_xattr_id2server(struct lu_ucred *mu, + struct lustre_idmap_table *t, + ext_acl_xattr_header *header) { int i, count = le32_to_cpu(header->a_count); diff --git a/lustre/obdclass/idmap.c b/lustre/obdclass/idmap.c index 605c039..5bd2e1f 100644 --- a/lustre/obdclass/idmap.c +++ b/lustre/obdclass/idmap.c @@ -129,32 +129,32 @@ void lustre_groups_sort(cfs_group_info_t *group_info) } EXPORT_SYMBOL(lustre_groups_sort); -int lustre_in_group_p(struct md_ucred *mu, gid_t grp) +int lustre_in_group_p(struct lu_ucred *mu, gid_t grp) { - int rc = 1; + int rc = 1; - if (grp != mu->mu_fsgid) { - cfs_group_info_t *group_info = NULL; + if (grp != mu->uc_fsgid) { + cfs_group_info_t *group_info = NULL; - if (mu->mu_ginfo || !mu->mu_identity || - mu->mu_valid == UCRED_OLD) - if (grp == mu->mu_suppgids[0] || - grp == mu->mu_suppgids[1]) - return 1; + if (mu->uc_ginfo || !mu->uc_identity || + mu->uc_valid == UCRED_OLD) + if (grp == mu->uc_suppgids[0] || + grp == mu->uc_suppgids[1]) + return 1; - if (mu->mu_ginfo) - group_info = mu->mu_ginfo; - else if (mu->mu_identity) - group_info = mu->mu_identity->mi_ginfo; + if (mu->uc_ginfo) + group_info = mu->uc_ginfo; + else if (mu->uc_identity) + group_info = mu->uc_identity->mi_ginfo; - if (!group_info) - return 0; + if (!group_info) + return 0; - lustre_get_group_info(group_info); - rc = lustre_groups_search(group_info, grp); - lustre_put_group_info(group_info); - } - return rc; + lustre_get_group_info(group_info); + rc = lustre_groups_search(group_info, grp); + lustre_put_group_info(group_info); + } + return rc; } EXPORT_SYMBOL(lustre_in_group_p); @@ -365,25 +365,25 @@ int lustre_idmap_del(struct lustre_idmap_table *t, } EXPORT_SYMBOL(lustre_idmap_del); -int lustre_idmap_lookup_uid(struct md_ucred *mu, - struct lustre_idmap_table *t, - int reverse, uid_t uid) +int lustre_idmap_lookup_uid(struct lu_ucred *mu, + struct lustre_idmap_table *t, + int reverse, uid_t uid) { - cfs_list_t *hash; - - if (mu && (mu->mu_valid == UCRED_OLD || mu->mu_valid == UCRED_NEW)) { - if (!reverse) { - if (uid == mu->mu_o_uid) - return mu->mu_uid; - else if (uid == mu->mu_o_fsuid) - return mu->mu_fsuid; - } else { - if (uid == mu->mu_uid) - return mu->mu_o_uid; - else if (uid == mu->mu_fsuid) - return mu->mu_o_fsuid; - } - } + cfs_list_t *hash; + + if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) { + if (!reverse) { + if (uid == mu->uc_o_uid) + return mu->uc_uid; + else if (uid == mu->uc_o_fsuid) + return mu->uc_fsuid; + } else { + if (uid == mu->uc_uid) + return mu->uc_o_uid; + else if (uid == mu->uc_fsuid) + return mu->uc_o_fsuid; + } + } if (t == NULL) return CFS_IDMAP_NOTFOUND; @@ -398,24 +398,24 @@ int lustre_idmap_lookup_uid(struct md_ucred *mu, } EXPORT_SYMBOL(lustre_idmap_lookup_uid); -int lustre_idmap_lookup_gid(struct md_ucred *mu, struct lustre_idmap_table *t, - int reverse, gid_t gid) +int lustre_idmap_lookup_gid(struct lu_ucred *mu, struct lustre_idmap_table *t, + int reverse, gid_t gid) { - cfs_list_t *hash; - - if (mu && (mu->mu_valid == UCRED_OLD || mu->mu_valid == UCRED_NEW)) { - if (!reverse) { - if (gid == mu->mu_o_gid) - return mu->mu_gid; - else if (gid == mu->mu_o_fsgid) - return mu->mu_fsgid; - } else { - if (gid == mu->mu_gid) - return mu->mu_o_gid; - else if (gid == mu->mu_fsgid) - return mu->mu_o_fsgid; - } - } + cfs_list_t *hash; + + if (mu && (mu->uc_valid == UCRED_OLD || mu->uc_valid == UCRED_NEW)) { + if (!reverse) { + if (gid == mu->uc_o_gid) + return mu->uc_gid; + else if (gid == mu->uc_o_fsgid) + return mu->uc_fsgid; + } else { + if (gid == mu->uc_gid) + return mu->uc_o_gid; + else if (gid == mu->uc_fsgid) + return mu->uc_o_fsgid; + } + } if (t == NULL) return CFS_IDMAP_NOTFOUND; diff --git a/lustre/obdclass/lu_object.c b/lustre/obdclass/lu_object.c index 8c7d253..dd46c1b 100644 --- a/lustre/obdclass/lu_object.c +++ b/lustre/obdclass/lu_object.c @@ -1936,6 +1936,52 @@ void dt_global_fini(void); int llo_global_init(void); void llo_global_fini(void); +/* context key constructor/destructor: lu_ucred_key_init, lu_ucred_key_fini */ +LU_KEY_INIT_FINI(lu_ucred, struct lu_ucred); + +static struct lu_context_key lu_ucred_key = { + .lct_tags = LCT_SESSION, + .lct_init = lu_ucred_key_init, + .lct_fini = lu_ucred_key_fini +}; + +/** + * Get ucred key if session exists and ucred key is allocated on it. + * Return NULL otherwise. + */ +struct lu_ucred *lu_ucred(const struct lu_env *env) +{ + if (!env->le_ses) + return NULL; + return lu_context_key_get(env->le_ses, &lu_ucred_key); +} +EXPORT_SYMBOL(lu_ucred); + +/** + * Get ucred key and check if it is properly initialized. + * Return NULL otherwise. + */ +struct lu_ucred *lu_ucred_check(const struct lu_env *env) +{ + struct lu_ucred *uc = lu_ucred(env); + if (uc && uc->uc_valid != UCRED_OLD && uc->uc_valid != UCRED_NEW) + return NULL; + return uc; +} +EXPORT_SYMBOL(lu_ucred_check); + +/** + * Get ucred key, which must exist and must be properly initialized. + * Assert otherwise. + */ +struct lu_ucred *lu_ucred_assert(const struct lu_env *env) +{ + struct lu_ucred *uc = lu_ucred_check(env); + LASSERT(uc != NULL); + return uc; +} +EXPORT_SYMBOL(lu_ucred_assert); + /** * Initialization of global lu_* data. */ @@ -1953,6 +1999,12 @@ int lu_global_init(void) result = lu_context_key_register(&lu_global_key); if (result != 0) return result; + + LU_CONTEXT_KEY_INIT(&lu_ucred_key); + result = lu_context_key_register(&lu_ucred_key); + if (result != 0) + return result; + /* * At this level, we don't know what tags are needed, so allocate them * conservatively. This should not be too bad, because this @@ -2009,6 +2061,7 @@ void lu_global_fini(void) } lu_context_key_degister(&lu_global_key); + lu_context_key_degister(&lu_ucred_key); /* * Tear shrinker environment down _after_ de-registering diff --git a/lustre/obdecho/echo_client.c b/lustre/obdecho/echo_client.c index 43619cc..0a11a3d 100644 --- a/lustre/obdecho/echo_client.c +++ b/lustre/obdecho/echo_client.c @@ -2091,6 +2091,33 @@ static struct lu_object *echo_resolve_path(const struct lu_env *env, RETURN(parent); } +static void echo_ucred_init(struct lu_env *env) +{ + struct lu_ucred *ucred = lu_ucred(env); + + ucred->uc_valid = UCRED_INVALID; + + ucred->uc_suppgids[0] = -1; + ucred->uc_suppgids[1] = -1; + + ucred->uc_uid = ucred->uc_o_uid = cfs_curproc_uid(); + ucred->uc_gid = ucred->uc_o_gid = cfs_curproc_gid(); + ucred->uc_fsuid = ucred->uc_o_fsuid = cfs_curproc_fsuid(); + ucred->uc_fsgid = ucred->uc_o_fsgid = cfs_curproc_fsgid(); + ucred->uc_cap = cfs_curproc_cap_pack(); + + /* remove fs privilege for non-root user. */ + if (ucred->uc_fsuid) + ucred->uc_cap &= ~CFS_CAP_FS_MASK; + ucred->uc_valid = UCRED_NEW; +} + +static void echo_ucred_fini(struct lu_env *env) +{ + struct lu_ucred *ucred = lu_ucred(env); + ucred->uc_valid = UCRED_INIT; +} + #define ECHO_MD_CTX_TAG (LCT_REMEMBER | LCT_MD_THREAD) #define ECHO_MD_SES_TAG (LCT_REMEMBER | LCT_SESSION) static int echo_md_handler(struct echo_device *ed, int command, @@ -2148,6 +2175,8 @@ static int echo_md_handler(struct echo_device *ed, int command, GOTO(out_name, rc = -EFAULT); } + echo_ucred_init(env); + switch (command) { case ECHO_MD_CREATE: case ECHO_MD_MKDIR: { @@ -2190,6 +2219,8 @@ static int echo_md_handler(struct echo_device *ed, int command, rc = -EINVAL; break; } + echo_ucred_fini(env); + out_name: if (name != NULL) OBD_FREE(name, namelen + 1); -- 1.8.3.1