int mdt_reint_setxattr(struct mdt_thread_info *info,
struct mdt_lock_handle *unused)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct md_ucred *uc = mdt_ucred(info);
struct mdt_lock_handle *lh;
const struct lu_env *env = info->mti_env;
struct lu_buf *buf = &info->mti_buf;
struct mdt_reint_record *rr = &info->mti_rr;
struct md_attr *ma = &info->mti_attr;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_object *obj;
struct md_object *child;
__u64 valid = attr->la_valid;
const char *xattr_name = rr->rr_name;
int xattr_len = rr->rr_eadatalen;
__u64 lockpart;
int rc;
posix_acl_xattr_header *new_xattr = NULL;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
ENTRY;
CDEBUG(D_INODE, "setxattr for "DFID"\n", PFID(rr->rr_fid1));
if (OBD_FAIL_CHECK(OBD_FAIL_MDS_SETXATTR))
RETURN(err_serious(-ENOMEM));
CDEBUG(D_INODE, "%s xattr %s\n",
valid & OBD_MD_FLXATTR ? "set" : "remove", xattr_name);
rc = mdt_init_ucred_reint(info);
if (rc != 0)
RETURN(rc);
if (valid & OBD_MD_FLRMTRSETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->mu_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
}
if (strncmp(xattr_name, XATTR_USER_PREFIX,
sizeof(XATTR_USER_PREFIX) - 1) == 0) {
if (!(req->rq_export->exp_connect_flags & OBD_CONNECT_XATTR))
GOTO(out, rc = -EOPNOTSUPP);
if (strcmp(xattr_name, XATTR_NAME_LOV) == 0)
GOTO(out, rc = -EACCES);
if (strcmp(xattr_name, XATTR_NAME_LMA) == 0)
GOTO(out, rc = 0);
if (strcmp(xattr_name, XATTR_NAME_LINK) == 0)
GOTO(out, rc = 0);
} else if ((valid & OBD_MD_FLXATTR) &&
(strncmp(xattr_name, XATTR_NAME_ACL_ACCESS,
sizeof(XATTR_NAME_ACL_ACCESS) - 1) == 0 ||
strncmp(xattr_name, XATTR_NAME_ACL_DEFAULT,
sizeof(XATTR_NAME_ACL_DEFAULT) - 1) == 0)) {
/* currently lustre limit acl access size */
if (xattr_len > LUSTRE_POSIX_ACL_MAX_SIZE)
GOTO(out, -ERANGE);
}
lockpart = MDS_INODELOCK_UPDATE;
/* Revoke all clients' lookup lock, since the access
* permissions for this inode is changed when ACL_ACCESS is
* set. This isn't needed for ACL_DEFAULT, since that does
* not change the access permissions of this inode, nor any
* other existing inodes. It is setting the ACLs inherited
* by new directories/files at create time. */
if (!strcmp(xattr_name, XATTR_NAME_ACL_ACCESS))
lockpart |= MDS_INODELOCK_LOOKUP;
lh = &info->mti_lh[MDT_LH_PARENT];
/* ACLs were sent to clients under LCK_CR locks, so taking LCK_EX
* to cancel them. */
mdt_lock_reg_init(lh, LCK_EX);
obj = mdt_object_find_lock(info, rr->rr_fid1, lh, lockpart);
if (IS_ERR(obj))
GOTO(out, rc = PTR_ERR(obj));
info->mti_mos = obj;
rc = mdt_version_get_check_save(info, obj, 0);
if (rc)
GOTO(out_unlock, rc);
if (unlikely(!(valid & OBD_MD_FLCTIME))) {
/* This isn't strictly an error, but all current clients
* should set OBD_MD_FLCTIME when setting attributes. */
CWARN("%s: client miss to set OBD_MD_FLCTIME when "
"setxattr %s: [object "DFID"] [valid "LPU64"]\n",
info->mti_exp->exp_obd->obd_name, xattr_name,
PFID(rr->rr_fid1), valid);
attr->la_ctime = cfs_time_current_sec();
}
attr->la_valid = LA_CTIME;
child = mdt_object_child(obj);
if (valid & OBD_MD_FLXATTR) {
char *xattr = (void *)rr->rr_eadata;
if (xattr_len > 0) {
int flags = 0;
if (valid & OBD_MD_FLRMTLSETFACL) {
if (unlikely(!remote))
GOTO(out_unlock, rc = -EINVAL);
xattr_len = mdt_rmtlsetfacl(info, child,
xattr_name,
(ext_acl_xattr_header *)xattr,
&new_xattr);
if (xattr_len < 0)
GOTO(out_unlock, rc = xattr_len);
xattr = (char *)new_xattr;
}
if (attr->la_flags & XATTR_REPLACE)
flags |= LU_XATTR_REPLACE;
if (attr->la_flags & XATTR_CREATE)
flags |= LU_XATTR_CREATE;
mdt_fail_write(env, info->mti_mdt->mdt_bottom,
OBD_FAIL_MDS_SETXATTR_WRITE);
buf->lb_buf = xattr;
buf->lb_len = xattr_len;
rc = mo_xattr_set(env, child, buf, xattr_name, flags);
/* update ctime after xattr changed */
if (rc == 0) {
ma->ma_attr_flags |= MDS_PERM_BYPASS;
mo_attr_set(env, child, ma);
}
}
} else if (valid & OBD_MD_FLXATTRRM) {
rc = mo_xattr_del(env, child, xattr_name);
/* update ctime after xattr changed */
if (rc == 0) {
ma->ma_attr_flags |= MDS_PERM_BYPASS;
mo_attr_set(env, child, ma);
}
} else {
CDEBUG(D_INFO, "valid bits: "LPX64"\n", valid);
rc = -EINVAL;
}
if (rc == 0)
mdt_counter_incr(req->rq_export, LPROC_MDT_SETXATTR);
EXIT;
out_unlock:
mdt_object_unlock_put(info, obj, lh, rc);
if (unlikely(new_xattr != NULL))
lustre_posix_acl_xattr_free(new_xattr, xattr_len);
out:
mdt_exit_ucred(info);
return rc;
}
int mdt_getxattr(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_export_data *med = mdt_req2med(req);
struct md_ucred *uc = mdt_ucred(info);
struct mdt_body *reqbody;
struct mdt_body *repbody = NULL;
struct md_object *next;
struct lu_buf *buf;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
int easize, rc;
ENTRY;
LASSERT(info->mti_object != NULL);
LASSERT(lu_object_assert_exists(&info->mti_object->mot_obj.mo_lu));
CDEBUG(D_INODE, "getxattr "DFID"\n", PFID(&info->mti_body->fid1));
reqbody = req_capsule_client_get(info->mti_pill, &RMF_MDT_BODY);
if (reqbody == NULL)
RETURN(err_serious(-EFAULT));
rc = mdt_init_ucred(info, reqbody);
if (rc)
RETURN(err_serious(rc));
next = mdt_object_child(info->mti_object);
if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->mu_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
rc = mo_permission(info->mti_env, NULL, next, NULL,
MAY_RGETFACL);
if (rc)
GOTO(out, rc = err_serious(rc));
}
easize = mdt_getxattr_pack_reply(info);
if (easize < 0)
GOTO(out, rc = err_serious(easize));
repbody = req_capsule_server_get(info->mti_pill, &RMF_MDT_BODY);
LASSERT(repbody != NULL);
/* No need further getxattr. */
if (easize == 0 || reqbody->eadatasize == 0)
GOTO(out, rc = easize);
buf = &info->mti_buf;
buf->lb_buf = req_capsule_server_get(info->mti_pill, &RMF_EADATA);
buf->lb_len = easize;
if (info->mti_body->valid & OBD_MD_FLXATTR) {
int flags = CFS_IC_NOTHING;
char *xattr_name = req_capsule_client_get(info->mti_pill,
&RMF_NAME);
CDEBUG(D_INODE, "getxattr %s\n", xattr_name);
rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);
if (rc < 0) {
CERROR("getxattr failed: %d\n", rc);
GOTO(out, rc);
}
if (info->mti_body->valid &
(OBD_MD_FLRMTLSETFACL | OBD_MD_FLRMTLGETFACL))
flags = CFS_IC_ALL;
else if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL)
flags = CFS_IC_MAPPED;
if (rc > 0 && flags != CFS_IC_NOTHING) {
int rc1;
if (unlikely(!remote))
GOTO(out, rc = -EINVAL);
rc1 = lustre_posix_acl_xattr_id2client(uc,
med->med_idmap,
(posix_acl_xattr_header *)(buf->lb_buf),
rc, flags);
if (unlikely(rc1 < 0))
rc = rc1;
}
} else if (info->mti_body->valid & OBD_MD_FLXATTRLS) {
CDEBUG(D_INODE, "listxattr\n");
rc = mo_xattr_list(info->mti_env, next, buf);
if (rc < 0)
CDEBUG(D_INFO, "listxattr failed: %d\n", rc);
} else
LBUG();
EXIT;
out:
if (rc >= 0) {
mdt_counter_incr(req->rq_export, LPROC_MDT_GETXATTR);
repbody->eadatasize = rc;
rc = 0;
}
mdt_exit_ucred(info);
return rc;
}
int mdt_check_ucred(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_ucred *ucred = mdt_ucred(info);
struct md_identity *identity = NULL;
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
if ((ucred->mu_valid == UCRED_OLD) || (ucred->mu_valid == UCRED_NEW))
RETURN(0);
if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc)
RETURN(0);
/* sanity check: if we use strong authentication, we expect the
* uid which client claimed is true */
if (remote) {
if (req->rq_auth_mapped_uid == INVALID_UID) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
}
RETURN(0);
}
identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
RETURN(0);
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
}
perm = mdt_identity_get_perm(identity, remote, peernid);
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = (pud->pud_gid != pud->pud_fsgid ||
pud->pud_gid != identity->mi_gid);
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid, identity->mi_gid,
libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
EXIT;
out:
mdt_identity_put(mdt->mdt_identity_cache, identity);
return rc;
}
int mdt_getxattr(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_export_data *med = mdt_req2med(req);
struct lu_ucred *uc = lu_ucred(info->mti_env);
struct mdt_body *reqbody;
struct mdt_body *repbody = NULL;
struct md_object *next;
struct lu_buf *buf;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
int easize, rc;
obd_valid valid;
ENTRY;
LASSERT(info->mti_object != NULL);
LASSERT(lu_object_assert_exists(&info->mti_object->mot_obj));
CDEBUG(D_INODE, "getxattr "DFID"\n", PFID(&info->mti_body->fid1));
reqbody = req_capsule_client_get(info->mti_pill, &RMF_MDT_BODY);
if (reqbody == NULL)
RETURN(err_serious(-EFAULT));
rc = mdt_init_ucred(info, reqbody);
if (rc)
RETURN(err_serious(rc));
next = mdt_object_child(info->mti_object);
if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->uc_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
rc = mo_permission(info->mti_env, NULL, next, NULL,
MAY_RGETFACL);
if (rc)
GOTO(out, rc = err_serious(rc));
}
easize = mdt_getxattr_pack_reply(info);
if (easize < 0)
GOTO(out, rc = err_serious(easize));
repbody = req_capsule_server_get(info->mti_pill, &RMF_MDT_BODY);
LASSERT(repbody != NULL);
/* No need further getxattr. */
if (easize == 0 || reqbody->eadatasize == 0)
GOTO(out, rc = easize);
buf = &info->mti_buf;
buf->lb_buf = req_capsule_server_get(info->mti_pill, &RMF_EADATA);
buf->lb_len = easize;
valid = info->mti_body->valid & (OBD_MD_FLXATTR | OBD_MD_FLXATTRLS);
if (valid == OBD_MD_FLXATTR) {
char *xattr_name = req_capsule_client_get(info->mti_pill,
&RMF_NAME);
rc = mdt_getxattr_one(info, xattr_name, next, buf, med, uc);
} else if (valid == OBD_MD_FLXATTRLS) {
CDEBUG(D_INODE, "listxattr\n");
rc = mo_xattr_list(info->mti_env, next, buf);
if (rc < 0)
CDEBUG(D_INFO, "listxattr failed: %d\n", rc);
} else if (valid == OBD_MD_FLXATTRALL) {
rc = mdt_getxattr_all(info, reqbody, repbody,
buf, next);
} else
LBUG();
EXIT;
out:
if (rc >= 0) {
mdt_counter_incr(req, LPROC_MDT_GETXATTR);
repbody->eadatasize = rc;
rc = 0;
}
mdt_exit_ucred(info);
return rc;
}
static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type,
void *buf)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_ucred *ucred = mdt_ucred(info);
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
LASSERT(req->rq_auth_gss);
LASSERT(!req->rq_auth_usr_mdt);
LASSERT(req->rq_user_desc);
ucred->mu_valid = UCRED_INVALID;
ucred->mu_o_uid = pud->pud_uid;
ucred->mu_o_gid = pud->pud_gid;
ucred->mu_o_fsuid = pud->pud_fsuid;
ucred->mu_o_fsgid = pud->pud_fsgid;
if (type == BODY_INIT) {
struct mdt_body *body = (struct mdt_body *)buf;
ucred->mu_suppgids[0] = body->suppgid;
ucred->mu_suppgids[1] = -1;
}
/* sanity check: we expect the uid which client claimed is true */
if (remote) {
if (req->rq_auth_mapped_uid == INVALID_UID) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
} else {
ucred->mu_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
}
} else {
struct md_identity *identity;
identity = mdt_identity_get(mdt->mdt_identity_cache,
pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
ucred->mu_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
} else {
ucred->mu_identity = identity;
perm = mdt_identity_get_perm(ucred->mu_identity,
remote, peernid);
}
}
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = ((pud->pud_gid != pud->pud_fsgid) ||
(ucred->mu_identity &&
(pud->pud_gid != ucred->mu_identity->mi_gid)));
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid,
ucred->mu_identity->mi_gid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/*
* NB: remote client not allowed to setgroups anyway.
*/
if (!remote && perm & CFS_SETGRP_PERM) {
if (pud->pud_ngroups) {
/* setgroups for local client */
ucred->mu_ginfo = cfs_groups_alloc(pud->pud_ngroups);
if (!ucred->mu_ginfo) {
CERROR("failed to alloc %d groups\n",
pud->pud_ngroups);
GOTO(out, rc = -ENOMEM);
}
lustre_groups_from_list(ucred->mu_ginfo,
pud->pud_groups);
lustre_groups_sort(ucred->mu_ginfo);
} else {
ucred->mu_ginfo = NULL;
}
} else {
ucred->mu_suppgids[0] = -1;
ucred->mu_suppgids[1] = -1;
ucred->mu_ginfo = NULL;
}
ucred->mu_uid = pud->pud_uid;
ucred->mu_gid = pud->pud_gid;
ucred->mu_fsuid = pud->pud_fsuid;
ucred->mu_fsgid = pud->pud_fsgid;
/* process root_squash here. */
mdt_root_squash(info, peernid);
/* remove fs privilege for non-root user. */
if (ucred->mu_fsuid)
ucred->mu_cap = pud->pud_cap & ~CFS_CAP_FS_MASK;
else
ucred->mu_cap = pud->pud_cap;
if (remote && !(perm & CFS_RMTOWN_PERM))
ucred->mu_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK |
CFS_CAP_CHOWN_MASK);
ucred->mu_valid = UCRED_NEW;
EXIT;
out:
if (rc) {
if (ucred->mu_ginfo) {
cfs_put_group_info(ucred->mu_ginfo);
ucred->mu_ginfo = NULL;
}
if (ucred->mu_identity) {
mdt_identity_put(mdt->mdt_identity_cache,
ucred->mu_identity);
ucred->mu_identity = NULL;
}
}
return rc;
}
