From c3faa54b8a221cb9e83699e06eaa9537a7ba744c Mon Sep 17 00:00:00 2001 From: fanyong Date: Fri, 3 Nov 2006 07:35:51 +0000 Subject: [PATCH] sanity check for user authenticate. --- lustre/mdt/mdt_handler.c | 20 ++++++++++--- lustre/mdt/mdt_idmap.c | 2 ++ lustre/mdt/mdt_internal.h | 2 ++ lustre/mdt/mdt_lib.c | 71 +++++++++++++++++++++++++++++++++++++++++++++-- lustre/mdt/mdt_xattr.c | 4 +-- 5 files changed, 91 insertions(+), 8 deletions(-) diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 80c6a8a..0e7ac25 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -290,6 +290,10 @@ static int mdt_getstatus(struct mdt_thread_info *info) ENTRY; + rc = mdt_check_ucred(info); + if (rc) + RETURN(err_serious(rc)); + if (MDT_FAIL_CHECK(OBD_FAIL_MDS_GETSTATUS_PACK)) RETURN(err_serious(-ENOMEM)); @@ -334,6 +338,9 @@ static int mdt_statfs(struct mdt_thread_info *info) OBD_FAIL_TIMEOUT(OBD_FAIL_MDS_STATFS_LCW_SLEEP, (MDT_SERVICE_WATCHDOG_TIMEOUT / 1000) + 1); + rc = mdt_check_ucred(info); + if (rc) + RETURN(err_serious(rc)); if (MDT_FAIL_CHECK(OBD_FAIL_MDS_STATFS_PACK)) { rc = err_serious(-ENOMEM); @@ -629,11 +636,12 @@ static int mdt_getattr(struct mdt_thread_info *info) repbody->eadatasize = 0; repbody->aclsize = 0; - if (reqbody->valid & OBD_MD_FLRMTPERM) { + if (reqbody->valid & OBD_MD_FLRMTPERM) rc = mdt_init_ucred(info, reqbody); - if (rc) - GOTO(out, rc); - } + else + rc = mdt_check_ucred(info); + if (rc) + GOTO(out, rc); /* don't check capability at all, because rename might * getattr for remote obj, and at that time no capability @@ -1195,6 +1203,10 @@ static int mdt_readpage(struct mdt_thread_info *info) if (reqbody == NULL || repbody == NULL) RETURN(err_serious(-EFAULT)); + rc = mdt_check_ucred(info); + if (rc) + RETURN(err_serious(rc)); + /* * prepare @rdpg before calling lower layers and transfer itself. Here * reqbody->size contains offset of where to start to read and diff --git a/lustre/mdt/mdt_idmap.c b/lustre/mdt/mdt_idmap.c index c5f346e..bd1deb0 100644 --- a/lustre/mdt/mdt_idmap.c +++ b/lustre/mdt/mdt_idmap.c @@ -225,8 +225,10 @@ void mdt_cleanup_idmap(struct mdt_export_data *med) static inline void mdt_revoke_export_locks(struct obd_export *exp) { +#if 0 if (!exp->exp_mdt_data.med_rmtclient) return; +#endif /* don't revoke locks during recovery */ if (exp->exp_obd->obd_recovering) diff --git a/lustre/mdt/mdt_internal.h b/lustre/mdt/mdt_internal.h index 58df070..79336ec3 100644 --- a/lustre/mdt/mdt_internal.h +++ b/lustre/mdt/mdt_internal.h @@ -550,6 +550,8 @@ const struct lu_buf *mdt_buf_const(const struct lu_env *env, void mdt_dump_lmm(int level, const struct lov_mds_md *lmm); +int mdt_check_ucred(struct mdt_thread_info *); + int mdt_init_ucred(struct mdt_thread_info *, struct mdt_body *); int mdt_init_ucred_reint(struct mdt_thread_info *); diff --git a/lustre/mdt/mdt_lib.c b/lustre/mdt/mdt_lib.c index 2ec8416..39b5d75 100644 --- a/lustre/mdt/mdt_lib.c +++ b/lustre/mdt/mdt_lib.c @@ -354,8 +354,7 @@ static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type, identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid); if (!identity) { - CERROR("Deny access without identity: uid %d\n", - ucred->mu_fsuid); + CERROR("Deny access without identity: uid %d\n", pud->pud_uid); RETURN(-EACCES); } @@ -431,6 +430,74 @@ out: RETURN(rc); } +int mdt_check_ucred(struct mdt_thread_info *info) +{ + struct ptlrpc_request *req = mdt_info_req(info); + struct mdt_export_data *med = mdt_req2med(req); + struct mdt_device *mdt = info->mti_mdt; + struct ptlrpc_user_desc *pud = req->rq_user_desc; + struct md_ucred *ucred = mdt_ucred(info); + struct mdt_identity *identity; + lnet_nid_t peernid = req->rq_peer.nid; + + ENTRY; + + if ((ucred->mu_valid == UCRED_OLD) || (ucred->mu_valid == UCRED_NEW)) + RETURN(0); + + /* !rq_user_desc means null security, maybe inter-mds ops */ + if (!req->rq_user_desc) + RETURN(0); + + if (req->rq_auth_gss && req->rq_auth_uid == INVALID_UID) { + CWARN("user not authenticated, deny access!\n"); + RETURN(-EACCES); + } + + /* sanity check: if we use strong authentication, we expect the + * uid which client claimed is true */ + if (req->rq_auth_gss) { + if (med->med_rmtclient) { + if (ptlrpc_user_desc_do_idmap(req, pud)) + RETURN(-EACCES); + + if (req->rq_auth_mapped_uid != pud->pud_uid) { + CERROR("remote client "LPU64": auth uid %u " + "while client claim %u:%u/%u:%u\n", + peernid, req->rq_auth_uid, pud->pud_uid, + pud->pud_gid, pud->pud_fsuid, + pud->pud_fsgid); + RETURN(-EACCES); + } + } else { + if (req->rq_auth_uid != pud->pud_uid) { + CERROR("local client "LPU64": auth uid %u " + "while client claim %u:%u/%u:%u\n", + peernid, req->rq_auth_uid, pud->pud_uid, + pud->pud_gid, pud->pud_fsuid, + pud->pud_fsgid); + RETURN(-EACCES); + } + } + } + + if (is_identity_get_disabled(mdt->mdt_identity_cache) && + med->med_rmtclient) { + CERROR("remote client must run with identity_get enabled!\n"); + RETURN(-EACCES); + } + + identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid); + if (!identity) { + CERROR("Deny access without identity: uid %d\n", pud->pud_uid); + RETURN(-EACCES); + } + + mdt_identity_put(mdt->mdt_identity_cache, identity); + + RETURN(0); +} + int mdt_init_ucred(struct mdt_thread_info *info, struct mdt_body *body) { struct ptlrpc_request *req = mdt_info_req(info); diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c index 1e4ed09..4f414b7 100644 --- a/lustre/mdt/mdt_xattr.c +++ b/lustre/mdt/mdt_xattr.c @@ -153,7 +153,7 @@ int mdt_getxattr(struct mdt_thread_info *info) rc = mdt_init_ucred(info, reqbody); if (rc) - RETURN(rc); + RETURN(err_serious(rc)); easize = mdt_getxattr_pack_reply(info); if (easize < 0) @@ -288,7 +288,7 @@ int mdt_setxattr(struct mdt_thread_info *info) rc = mdt_init_ucred(info, reqbody); if (rc) - RETURN(rc); + RETURN(err_serious(rc)); rc = mdt_setxattr_pack_reply(info); if (rc < 0) -- 1.8.3.1