nfs4idmap.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662
  1. /*
  2. * fs/nfsd/nfs4idmap.c
  3. *
  4. * Mapping of UID/GIDs to name and vice versa.
  5. *
  6. * Copyright (c) 2002, 2003 The Regents of the University of
  7. * Michigan. All rights reserved.
  8. *
  9. * Marius Aamodt Eriksen <marius@umich.edu>
  10. *
  11. * Redistribution and use in source and binary forms, with or without
  12. * modification, are permitted provided that the following conditions
  13. * are met:
  14. *
  15. * 1. Redistributions of source code must retain the above copyright
  16. * notice, this list of conditions and the following disclaimer.
  17. * 2. Redistributions in binary form must reproduce the above copyright
  18. * notice, this list of conditions and the following disclaimer in the
  19. * documentation and/or other materials provided with the distribution.
  20. * 3. Neither the name of the University nor the names of its
  21. * contributors may be used to endorse or promote products derived
  22. * from this software without specific prior written permission.
  23. *
  24. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  25. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  26. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  27. * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  28. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  29. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  30. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  31. * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  32. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  33. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  34. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  35. */
  36. #include <linux/module.h>
  37. #include <linux/init.h>
  38. #include <linux/mm.h>
  39. #include <linux/utsname.h>
  40. #include <linux/errno.h>
  41. #include <linux/string.h>
  42. #include <linux/sunrpc/clnt.h>
  43. #include <linux/nfs.h>
  44. #include <linux/nfs4.h>
  45. #include <linux/nfs_fs.h>
  46. #include <linux/nfs_page.h>
  47. #include <linux/smp_lock.h>
  48. #include <linux/sunrpc/cache.h>
  49. #include <linux/nfsd_idmap.h>
  50. #include <linux/list.h>
  51. #include <linux/sched.h>
  52. #include <linux/time.h>
  53. #include <linux/seq_file.h>
  54. #include <linux/sunrpc/svcauth.h>
  55. /*
  56. * Cache entry
  57. */
  58. /*
  59. * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
  60. * that.
  61. */
  62. #define IDMAP_TYPE_USER 0
  63. #define IDMAP_TYPE_GROUP 1
  64. struct ent {
  65. struct cache_head h;
  66. int type; /* User / Group */
  67. uid_t id;
  68. char name[IDMAP_NAMESZ];
  69. char authname[IDMAP_NAMESZ];
  70. };
  71. /* Common entry handling */
  72. #define ENT_HASHBITS 8
  73. #define ENT_HASHMAX (1 << ENT_HASHBITS)
  74. #define ENT_HASHMASK (ENT_HASHMAX - 1)
  75. static void
  76. ent_init(struct cache_head *cnew, struct cache_head *citm)
  77. {
  78. struct ent *new = container_of(cnew, struct ent, h);
  79. struct ent *itm = container_of(citm, struct ent, h);
  80. new->id = itm->id;
  81. new->type = itm->type;
  82. strlcpy(new->name, itm->name, sizeof(new->name));
  83. strlcpy(new->authname, itm->authname, sizeof(new->name));
  84. }
  85. static void
  86. ent_put(struct kref *ref)
  87. {
  88. struct ent *map = container_of(ref, struct ent, h.ref);
  89. kfree(map);
  90. }
  91. static struct cache_head *
  92. ent_alloc(void)
  93. {
  94. struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL);
  95. if (e)
  96. return &e->h;
  97. else
  98. return NULL;
  99. }
  100. /*
  101. * ID -> Name cache
  102. */
  103. static struct cache_head *idtoname_table[ENT_HASHMAX];
  104. static uint32_t
  105. idtoname_hash(struct ent *ent)
  106. {
  107. uint32_t hash;
  108. hash = hash_str(ent->authname, ENT_HASHBITS);
  109. hash = hash_long(hash ^ ent->id, ENT_HASHBITS);
  110. /* Flip LSB for user/group */
  111. if (ent->type == IDMAP_TYPE_GROUP)
  112. hash ^= 1;
  113. return hash;
  114. }
  115. static void
  116. idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
  117. int *blen)
  118. {
  119. struct ent *ent = container_of(ch, struct ent, h);
  120. char idstr[11];
  121. qword_add(bpp, blen, ent->authname);
  122. snprintf(idstr, sizeof(idstr), "%d", ent->id);
  123. qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
  124. qword_add(bpp, blen, idstr);
  125. (*bpp)[-1] = '\n';
  126. }
  127. static int
  128. idtoname_match(struct cache_head *ca, struct cache_head *cb)
  129. {
  130. struct ent *a = container_of(ca, struct ent, h);
  131. struct ent *b = container_of(cb, struct ent, h);
  132. return (a->id == b->id && a->type == b->type &&
  133. strcmp(a->authname, b->authname) == 0);
  134. }
  135. static int
  136. idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
  137. {
  138. struct ent *ent;
  139. if (h == NULL) {
  140. seq_puts(m, "#domain type id [name]\n");
  141. return 0;
  142. }
  143. ent = container_of(h, struct ent, h);
  144. seq_printf(m, "%s %s %d", ent->authname,
  145. ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
  146. ent->id);
  147. if (test_bit(CACHE_VALID, &h->flags))
  148. seq_printf(m, " %s", ent->name);
  149. seq_printf(m, "\n");
  150. return 0;
  151. }
  152. static void
  153. warn_no_idmapd(struct cache_detail *detail)
  154. {
  155. printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
  156. detail->last_close? "died" : "not been started");
  157. }
  158. static int idtoname_parse(struct cache_detail *, char *, int);
  159. static struct ent *idtoname_lookup(struct ent *);
  160. static struct ent *idtoname_update(struct ent *, struct ent *);
  161. static struct cache_detail idtoname_cache = {
  162. .owner = THIS_MODULE,
  163. .hash_size = ENT_HASHMAX,
  164. .hash_table = idtoname_table,
  165. .name = "nfs4.idtoname",
  166. .cache_put = ent_put,
  167. .cache_request = idtoname_request,
  168. .cache_parse = idtoname_parse,
  169. .cache_show = idtoname_show,
  170. .warn_no_listener = warn_no_idmapd,
  171. .match = idtoname_match,
  172. .init = ent_init,
  173. .update = ent_init,
  174. .alloc = ent_alloc,
  175. };
  176. int
  177. idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
  178. {
  179. struct ent ent, *res;
  180. char *buf1, *bp;
  181. int error = -EINVAL;
  182. if (buf[buflen - 1] != '\n')
  183. return (-EINVAL);
  184. buf[buflen - 1]= '\0';
  185. buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
  186. if (buf1 == NULL)
  187. return (-ENOMEM);
  188. memset(&ent, 0, sizeof(ent));
  189. /* Authentication name */
  190. if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
  191. goto out;
  192. memcpy(ent.authname, buf1, sizeof(ent.authname));
  193. /* Type */
  194. if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
  195. goto out;
  196. ent.type = strcmp(buf1, "user") == 0 ?
  197. IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
  198. /* ID */
  199. if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
  200. goto out;
  201. ent.id = simple_strtoul(buf1, &bp, 10);
  202. if (bp == buf1)
  203. goto out;
  204. /* expiry */
  205. ent.h.expiry_time = get_expiry(&buf);
  206. if (ent.h.expiry_time == 0)
  207. goto out;
  208. error = -ENOMEM;
  209. res = idtoname_lookup(&ent);
  210. if (!res)
  211. goto out;
  212. /* Name */
  213. error = qword_get(&buf, buf1, PAGE_SIZE);
  214. if (error == -EINVAL)
  215. goto out;
  216. if (error == -ENOENT)
  217. set_bit(CACHE_NEGATIVE, &ent.h.flags);
  218. else {
  219. if (error >= IDMAP_NAMESZ) {
  220. error = -EINVAL;
  221. goto out;
  222. }
  223. memcpy(ent.name, buf1, sizeof(ent.name));
  224. }
  225. error = -ENOMEM;
  226. res = idtoname_update(&ent, res);
  227. if (res == NULL)
  228. goto out;
  229. cache_put(&res->h, &idtoname_cache);
  230. error = 0;
  231. out:
  232. kfree(buf1);
  233. return error;
  234. }
  235. static struct ent *
  236. idtoname_lookup(struct ent *item)
  237. {
  238. struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache,
  239. &item->h,
  240. idtoname_hash(item));
  241. if (ch)
  242. return container_of(ch, struct ent, h);
  243. else
  244. return NULL;
  245. }
  246. static struct ent *
  247. idtoname_update(struct ent *new, struct ent *old)
  248. {
  249. struct cache_head *ch = sunrpc_cache_update(&idtoname_cache,
  250. &new->h, &old->h,
  251. idtoname_hash(new));
  252. if (ch)
  253. return container_of(ch, struct ent, h);
  254. else
  255. return NULL;
  256. }
  257. /*
  258. * Name -> ID cache
  259. */
  260. static struct cache_head *nametoid_table[ENT_HASHMAX];
  261. static inline int
  262. nametoid_hash(struct ent *ent)
  263. {
  264. return hash_str(ent->name, ENT_HASHBITS);
  265. }
  266. static void
  267. nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
  268. int *blen)
  269. {
  270. struct ent *ent = container_of(ch, struct ent, h);
  271. qword_add(bpp, blen, ent->authname);
  272. qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
  273. qword_add(bpp, blen, ent->name);
  274. (*bpp)[-1] = '\n';
  275. }
  276. static int
  277. nametoid_match(struct cache_head *ca, struct cache_head *cb)
  278. {
  279. struct ent *a = container_of(ca, struct ent, h);
  280. struct ent *b = container_of(cb, struct ent, h);
  281. return (a->type == b->type && strcmp(a->name, b->name) == 0 &&
  282. strcmp(a->authname, b->authname) == 0);
  283. }
  284. static int
  285. nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
  286. {
  287. struct ent *ent;
  288. if (h == NULL) {
  289. seq_puts(m, "#domain type name [id]\n");
  290. return 0;
  291. }
  292. ent = container_of(h, struct ent, h);
  293. seq_printf(m, "%s %s %s", ent->authname,
  294. ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
  295. ent->name);
  296. if (test_bit(CACHE_VALID, &h->flags))
  297. seq_printf(m, " %d", ent->id);
  298. seq_printf(m, "\n");
  299. return 0;
  300. }
  301. static struct ent *nametoid_lookup(struct ent *);
  302. static struct ent *nametoid_update(struct ent *, struct ent *);
  303. static int nametoid_parse(struct cache_detail *, char *, int);
  304. static struct cache_detail nametoid_cache = {
  305. .owner = THIS_MODULE,
  306. .hash_size = ENT_HASHMAX,
  307. .hash_table = nametoid_table,
  308. .name = "nfs4.nametoid",
  309. .cache_put = ent_put,
  310. .cache_request = nametoid_request,
  311. .cache_parse = nametoid_parse,
  312. .cache_show = nametoid_show,
  313. .warn_no_listener = warn_no_idmapd,
  314. .match = nametoid_match,
  315. .init = ent_init,
  316. .update = ent_init,
  317. .alloc = ent_alloc,
  318. };
  319. static int
  320. nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
  321. {
  322. struct ent ent, *res;
  323. char *buf1;
  324. int error = -EINVAL;
  325. if (buf[buflen - 1] != '\n')
  326. return (-EINVAL);
  327. buf[buflen - 1]= '\0';
  328. buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
  329. if (buf1 == NULL)
  330. return (-ENOMEM);
  331. memset(&ent, 0, sizeof(ent));
  332. /* Authentication name */
  333. if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
  334. goto out;
  335. memcpy(ent.authname, buf1, sizeof(ent.authname));
  336. /* Type */
  337. if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
  338. goto out;
  339. ent.type = strcmp(buf1, "user") == 0 ?
  340. IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
  341. /* Name */
  342. error = qword_get(&buf, buf1, PAGE_SIZE);
  343. if (error <= 0 || error >= IDMAP_NAMESZ)
  344. goto out;
  345. memcpy(ent.name, buf1, sizeof(ent.name));
  346. /* expiry */
  347. ent.h.expiry_time = get_expiry(&buf);
  348. if (ent.h.expiry_time == 0)
  349. goto out;
  350. /* ID */
  351. error = get_int(&buf, &ent.id);
  352. if (error == -EINVAL)
  353. goto out;
  354. if (error == -ENOENT)
  355. set_bit(CACHE_NEGATIVE, &ent.h.flags);
  356. error = -ENOMEM;
  357. res = nametoid_lookup(&ent);
  358. if (res == NULL)
  359. goto out;
  360. res = nametoid_update(&ent, res);
  361. if (res == NULL)
  362. goto out;
  363. cache_put(&res->h, &nametoid_cache);
  364. error = 0;
  365. out:
  366. kfree(buf1);
  367. return (error);
  368. }
  369. static struct ent *
  370. nametoid_lookup(struct ent *item)
  371. {
  372. struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache,
  373. &item->h,
  374. nametoid_hash(item));
  375. if (ch)
  376. return container_of(ch, struct ent, h);
  377. else
  378. return NULL;
  379. }
  380. static struct ent *
  381. nametoid_update(struct ent *new, struct ent *old)
  382. {
  383. struct cache_head *ch = sunrpc_cache_update(&nametoid_cache,
  384. &new->h, &old->h,
  385. nametoid_hash(new));
  386. if (ch)
  387. return container_of(ch, struct ent, h);
  388. else
  389. return NULL;
  390. }
  391. /*
  392. * Exported API
  393. */
  394. void
  395. nfsd_idmap_init(void)
  396. {
  397. cache_register(&idtoname_cache);
  398. cache_register(&nametoid_cache);
  399. }
  400. void
  401. nfsd_idmap_shutdown(void)
  402. {
  403. if (cache_unregister(&idtoname_cache))
  404. printk(KERN_ERR "nfsd: failed to unregister idtoname cache\n");
  405. if (cache_unregister(&nametoid_cache))
  406. printk(KERN_ERR "nfsd: failed to unregister nametoid cache\n");
  407. }
  408. /*
  409. * Deferred request handling
  410. */
  411. struct idmap_defer_req {
  412. struct cache_req req;
  413. struct cache_deferred_req deferred_req;
  414. wait_queue_head_t waitq;
  415. atomic_t count;
  416. };
  417. static inline void
  418. put_mdr(struct idmap_defer_req *mdr)
  419. {
  420. if (atomic_dec_and_test(&mdr->count))
  421. kfree(mdr);
  422. }
  423. static inline void
  424. get_mdr(struct idmap_defer_req *mdr)
  425. {
  426. atomic_inc(&mdr->count);
  427. }
  428. static void
  429. idmap_revisit(struct cache_deferred_req *dreq, int toomany)
  430. {
  431. struct idmap_defer_req *mdr =
  432. container_of(dreq, struct idmap_defer_req, deferred_req);
  433. wake_up(&mdr->waitq);
  434. put_mdr(mdr);
  435. }
  436. static struct cache_deferred_req *
  437. idmap_defer(struct cache_req *req)
  438. {
  439. struct idmap_defer_req *mdr =
  440. container_of(req, struct idmap_defer_req, req);
  441. mdr->deferred_req.revisit = idmap_revisit;
  442. get_mdr(mdr);
  443. return (&mdr->deferred_req);
  444. }
  445. static inline int
  446. do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key,
  447. struct cache_detail *detail, struct ent **item,
  448. struct idmap_defer_req *mdr)
  449. {
  450. *item = lookup_fn(key);
  451. if (!*item)
  452. return -ENOMEM;
  453. return cache_check(detail, &(*item)->h, &mdr->req);
  454. }
  455. static inline int
  456. do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *),
  457. struct ent *key, struct cache_detail *detail,
  458. struct ent **item)
  459. {
  460. int ret = -ENOMEM;
  461. *item = lookup_fn(key);
  462. if (!*item)
  463. goto out_err;
  464. ret = -ETIMEDOUT;
  465. if (!test_bit(CACHE_VALID, &(*item)->h.flags)
  466. || (*item)->h.expiry_time < get_seconds()
  467. || detail->flush_time > (*item)->h.last_refresh)
  468. goto out_put;
  469. ret = -ENOENT;
  470. if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags))
  471. goto out_put;
  472. return 0;
  473. out_put:
  474. cache_put(&(*item)->h, detail);
  475. out_err:
  476. *item = NULL;
  477. return ret;
  478. }
  479. static int
  480. idmap_lookup(struct svc_rqst *rqstp,
  481. struct ent *(*lookup_fn)(struct ent *), struct ent *key,
  482. struct cache_detail *detail, struct ent **item)
  483. {
  484. struct idmap_defer_req *mdr;
  485. int ret;
  486. mdr = kzalloc(sizeof(*mdr), GFP_KERNEL);
  487. if (!mdr)
  488. return -ENOMEM;
  489. atomic_set(&mdr->count, 1);
  490. init_waitqueue_head(&mdr->waitq);
  491. mdr->req.defer = idmap_defer;
  492. ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr);
  493. if (ret == -EAGAIN) {
  494. wait_event_interruptible_timeout(mdr->waitq,
  495. test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ);
  496. ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item);
  497. }
  498. put_mdr(mdr);
  499. return ret;
  500. }
  501. static int
  502. idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen,
  503. uid_t *id)
  504. {
  505. struct ent *item, key = {
  506. .type = type,
  507. };
  508. int ret;
  509. if (namelen + 1 > sizeof(key.name))
  510. return -EINVAL;
  511. memcpy(key.name, name, namelen);
  512. key.name[namelen] = '\0';
  513. strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
  514. ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
  515. if (ret == -ENOENT)
  516. ret = -ESRCH; /* nfserr_badname */
  517. if (ret)
  518. return ret;
  519. *id = item->id;
  520. cache_put(&item->h, &nametoid_cache);
  521. return 0;
  522. }
  523. static int
  524. idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
  525. {
  526. struct ent *item, key = {
  527. .id = id,
  528. .type = type,
  529. };
  530. int ret;
  531. strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
  532. ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
  533. if (ret == -ENOENT)
  534. return sprintf(name, "%u", id);
  535. if (ret)
  536. return ret;
  537. ret = strlen(item->name);
  538. BUG_ON(ret > IDMAP_NAMESZ);
  539. memcpy(name, item->name, ret);
  540. cache_put(&item->h, &idtoname_cache);
  541. return ret;
  542. }
  543. int
  544. nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen,
  545. __u32 *id)
  546. {
  547. return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
  548. }
  549. int
  550. nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen,
  551. __u32 *id)
  552. {
  553. return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
  554. }
  555. int
  556. nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
  557. {
  558. return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
  559. }
  560. int
  561. nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
  562. {
  563. return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
  564. }