int ptlrpc_user_desc_do_idmap(struct ptlrpc_request *req,
struct ptlrpc_user_desc *pud)
{
struct mdt_export_data *med = mdt_req2med(req);
struct lustre_idmap_table *idmap = med->med_idmap;
uid_t uid, fsuid;
gid_t gid, fsgid;
/* Only remote client need desc_to_idmap. */
if (!exp_connect_rmtclient(req->rq_export))
return 0;
uid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_uid);
if (uid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "no mapping for uid %u\n", pud->pud_uid);
return -EACCES;
}
if (pud->pud_uid == pud->pud_fsuid) {
fsuid = uid;
} else {
fsuid = lustre_idmap_lookup_uid(NULL, idmap, 0, pud->pud_fsuid);
if (fsuid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "no mapping for fsuid %u\n",
pud->pud_fsuid);
return -EACCES;
}
}
gid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_gid);
if (gid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "no mapping for gid %u\n", pud->pud_gid);
return -EACCES;
}
if (pud->pud_gid == pud->pud_fsgid) {
fsgid = gid;
} else {
fsgid = lustre_idmap_lookup_gid(NULL, idmap, 0, pud->pud_fsgid);
if (fsgid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "no mapping for fsgid %u\n",
pud->pud_fsgid);
return -EACCES;
}
}
pud->pud_uid = uid;
pud->pud_gid = gid;
pud->pud_fsuid = fsuid;
pud->pud_fsgid = fsgid;
return 0;
}
/* Do not ignore root_squash for non-setattr case. */
int mdt_fix_attr_ucred(struct mdt_thread_info *info, __u32 op)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct md_ucred *uc = mdt_ucred(info);
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_export_data *med = mdt_req2med(req);
struct lustre_idmap_table *idmap = med->med_idmap;
if ((uc->mu_valid != UCRED_OLD) && (uc->mu_valid != UCRED_NEW))
return -EINVAL;
if (op != REINT_SETATTR) {
if ((attr->la_valid & LA_UID) && (attr->la_uid != -1))
attr->la_uid = uc->mu_fsuid;
/* for S_ISGID, inherit gid from his parent, such work will be
* done in cmm/mdd layer, here set all cases as uc->mu_fsgid. */
if ((attr->la_valid & LA_GID) && (attr->la_gid != -1))
attr->la_gid = uc->mu_fsgid;
} else if (exp_connect_rmtclient(info->mti_exp)) {
/* NB: -1 case will be handled by mdt_fix_attr() later. */
if ((attr->la_valid & LA_UID) && (attr->la_uid != -1)) {
uid_t uid = lustre_idmap_lookup_uid(uc, idmap, 0,
attr->la_uid);
if (uid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "Deny chown to uid %u\n",
attr->la_uid);
return -EPERM;
}
attr->la_uid = uid;
}
if ((attr->la_valid & LA_GID) && (attr->la_gid != -1)) {
gid_t gid = lustre_idmap_lookup_gid(uc, idmap, 0,
attr->la_gid);
if (gid == CFS_IDMAP_NOTFOUND) {
CDEBUG(D_SEC, "Deny chown to gid %u\n",
attr->la_gid);
return -EPERM;
}
attr->la_gid = gid;
}
}
return 0;
}
static int
mdt_getxattr_one(struct mdt_thread_info *info,
char *xattr_name, struct md_object *next,
struct lu_buf *buf, struct mdt_export_data *med,
struct lu_ucred *uc)
{
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int flags = CFS_IC_NOTHING, rc;
ENTRY;
CDEBUG(D_INODE, "getxattr %s\n", xattr_name);
rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);
if (rc < 0) {
CERROR("getxattr failed: %d\n", rc);
GOTO(out, rc);
}
if (info->mti_body->valid &
(OBD_MD_FLRMTLSETFACL | OBD_MD_FLRMTLGETFACL))
flags = CFS_IC_ALL;
else if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL)
flags = CFS_IC_MAPPED;
if (rc > 0 && flags != CFS_IC_NOTHING) {
int rc1;
if (unlikely(!remote))
GOTO(out, rc = -EINVAL);
rc1 = lustre_posix_acl_xattr_id2client(uc,
med->med_idmap,
(posix_acl_xattr_header *)(buf->lb_buf),
rc, flags);
if (unlikely(rc1 < 0))
rc = rc1;
}
out:
return rc;
}
int mdt_init_idmap(struct tgt_session_info *tsi)
{
struct ptlrpc_request *req = tgt_ses_req(tsi);
struct mdt_export_data *med = mdt_req2med(req);
struct obd_export *exp = req->rq_export;
char *client = libcfs_nid2str(req->rq_peer.nid);
int rc = 0;
ENTRY;
if (exp_connect_rmtclient(exp)) {
mutex_lock(&med->med_idmap_mutex);
if (!med->med_idmap)
med->med_idmap = lustre_idmap_init();
mutex_unlock(&med->med_idmap_mutex);
if (IS_ERR(med->med_idmap)) {
long err = PTR_ERR(med->med_idmap);
med->med_idmap = NULL;
CERROR("%s: client %s -> target %s "
"failed to init idmap [%ld]!\n",
tgt_name(tsi->tsi_tgt), client,
tgt_name(tsi->tsi_tgt), err);
RETURN(err);
} else if (!med->med_idmap) {
CERROR("%s: client %s -> target %s "
"failed to init(2) idmap!\n",
tgt_name(tsi->tsi_tgt), client,
tgt_name(tsi->tsi_tgt));
RETURN(-ENOMEM);
}
CDEBUG(D_SEC, "%s: client %s -> target %s is remote.\n",
tgt_name(tsi->tsi_tgt), client,
tgt_name(tsi->tsi_tgt));
/* NB, MDS_CONNECT establish root idmap too! */
rc = mdt_handle_idmap(tsi);
}
RETURN(rc);
}
/*
* Reverse mapping
*/
void mdt_body_reverse_idmap(struct mdt_thread_info *info, struct mdt_body *body)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct lu_ucred *uc = mdt_ucred(info);
struct mdt_export_data *med = mdt_req2med(req);
struct lustre_idmap_table *idmap = med->med_idmap;
if (!exp_connect_rmtclient(info->mti_exp))
return;
if (body->mbo_valid & OBD_MD_FLUID) {
uid_t uid;
uid = lustre_idmap_lookup_uid(uc, idmap, 1, body->mbo_uid);
if (uid == CFS_IDMAP_NOTFOUND) {
uid = NOBODY_UID;
if (body->mbo_valid & OBD_MD_FLMODE)
body->mbo_mode = (body->mbo_mode & ~S_IRWXU) |
((body->mbo_mode & S_IRWXO) << 6);
}
body->mbo_uid = uid;
}
if (body->mbo_valid & OBD_MD_FLGID) {
gid_t gid;
gid = lustre_idmap_lookup_gid(uc, idmap, 1, body->mbo_gid);
if (gid == CFS_IDMAP_NOTFOUND) {
gid = NOBODY_GID;
if (body->mbo_valid & OBD_MD_FLMODE)
body->mbo_mode = (body->mbo_mode & ~S_IRWXG) |
((body->mbo_mode & S_IRWXO) << 3);
}
body->mbo_gid = gid;
}
}
int mdt_init_idmap(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_export_data *med = mdt_req2med(req);
struct obd_export *exp = req->rq_export;
char *client = libcfs_nid2str(req->rq_peer.nid);
struct obd_device *obd = exp->exp_obd;
int rc = 0;
ENTRY;
if (exp_connect_rmtclient(exp)) {
cfs_down(&med->med_idmap_sem);
if (!med->med_idmap)
med->med_idmap = lustre_idmap_init();
cfs_up(&med->med_idmap_sem);
if (IS_ERR(med->med_idmap)) {
long err = PTR_ERR(med->med_idmap);
med->med_idmap = NULL;
CERROR("client %s -> target %s "
"failed to init idmap [%ld]!\n",
client, obd->obd_name, err);
RETURN(err);
} else if (!med->med_idmap) {
CERROR("client %s -> target %s "
"failed to init(2) idmap!\n",
client, obd->obd_name);
RETURN(-ENOMEM);
}
CDEBUG(D_SEC, "client %s -> target %s is remote.\n",
client, obd->obd_name);
/* NB, MDS_CONNECT establish root idmap too! */
rc = mdt_handle_idmap(info);
}
RETURN(rc);
}
int mdt_reint_setxattr(struct mdt_thread_info *info,
struct mdt_lock_handle *unused)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct md_ucred *uc = mdt_ucred(info);
struct mdt_lock_handle *lh;
const struct lu_env *env = info->mti_env;
struct lu_buf *buf = &info->mti_buf;
struct mdt_reint_record *rr = &info->mti_rr;
struct md_attr *ma = &info->mti_attr;
struct lu_attr *attr = &info->mti_attr.ma_attr;
struct mdt_object *obj;
struct md_object *child;
__u64 valid = attr->la_valid;
const char *xattr_name = rr->rr_name;
int xattr_len = rr->rr_eadatalen;
__u64 lockpart;
int rc;
posix_acl_xattr_header *new_xattr = NULL;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
ENTRY;
CDEBUG(D_INODE, "setxattr for "DFID"\n", PFID(rr->rr_fid1));
if (OBD_FAIL_CHECK(OBD_FAIL_MDS_SETXATTR))
RETURN(err_serious(-ENOMEM));
CDEBUG(D_INODE, "%s xattr %s\n",
valid & OBD_MD_FLXATTR ? "set" : "remove", xattr_name);
rc = mdt_init_ucred_reint(info);
if (rc != 0)
RETURN(rc);
if (valid & OBD_MD_FLRMTRSETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->mu_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
}
if (strncmp(xattr_name, XATTR_USER_PREFIX,
sizeof(XATTR_USER_PREFIX) - 1) == 0) {
if (!(req->rq_export->exp_connect_flags & OBD_CONNECT_XATTR))
GOTO(out, rc = -EOPNOTSUPP);
if (strcmp(xattr_name, XATTR_NAME_LOV) == 0)
GOTO(out, rc = -EACCES);
if (strcmp(xattr_name, XATTR_NAME_LMA) == 0)
GOTO(out, rc = 0);
if (strcmp(xattr_name, XATTR_NAME_LINK) == 0)
GOTO(out, rc = 0);
} else if ((valid & OBD_MD_FLXATTR) &&
(strncmp(xattr_name, XATTR_NAME_ACL_ACCESS,
sizeof(XATTR_NAME_ACL_ACCESS) - 1) == 0 ||
strncmp(xattr_name, XATTR_NAME_ACL_DEFAULT,
sizeof(XATTR_NAME_ACL_DEFAULT) - 1) == 0)) {
/* currently lustre limit acl access size */
if (xattr_len > LUSTRE_POSIX_ACL_MAX_SIZE)
GOTO(out, -ERANGE);
}
lockpart = MDS_INODELOCK_UPDATE;
/* Revoke all clients' lookup lock, since the access
* permissions for this inode is changed when ACL_ACCESS is
* set. This isn't needed for ACL_DEFAULT, since that does
* not change the access permissions of this inode, nor any
* other existing inodes. It is setting the ACLs inherited
* by new directories/files at create time. */
if (!strcmp(xattr_name, XATTR_NAME_ACL_ACCESS))
lockpart |= MDS_INODELOCK_LOOKUP;
lh = &info->mti_lh[MDT_LH_PARENT];
/* ACLs were sent to clients under LCK_CR locks, so taking LCK_EX
* to cancel them. */
mdt_lock_reg_init(lh, LCK_EX);
obj = mdt_object_find_lock(info, rr->rr_fid1, lh, lockpart);
if (IS_ERR(obj))
GOTO(out, rc = PTR_ERR(obj));
info->mti_mos = obj;
rc = mdt_version_get_check_save(info, obj, 0);
if (rc)
GOTO(out_unlock, rc);
if (unlikely(!(valid & OBD_MD_FLCTIME))) {
/* This isn't strictly an error, but all current clients
* should set OBD_MD_FLCTIME when setting attributes. */
CWARN("%s: client miss to set OBD_MD_FLCTIME when "
"setxattr %s: [object "DFID"] [valid "LPU64"]\n",
info->mti_exp->exp_obd->obd_name, xattr_name,
PFID(rr->rr_fid1), valid);
attr->la_ctime = cfs_time_current_sec();
}
attr->la_valid = LA_CTIME;
child = mdt_object_child(obj);
if (valid & OBD_MD_FLXATTR) {
char *xattr = (void *)rr->rr_eadata;
if (xattr_len > 0) {
int flags = 0;
if (valid & OBD_MD_FLRMTLSETFACL) {
if (unlikely(!remote))
GOTO(out_unlock, rc = -EINVAL);
xattr_len = mdt_rmtlsetfacl(info, child,
xattr_name,
(ext_acl_xattr_header *)xattr,
&new_xattr);
if (xattr_len < 0)
GOTO(out_unlock, rc = xattr_len);
xattr = (char *)new_xattr;
}
if (attr->la_flags & XATTR_REPLACE)
flags |= LU_XATTR_REPLACE;
if (attr->la_flags & XATTR_CREATE)
flags |= LU_XATTR_CREATE;
mdt_fail_write(env, info->mti_mdt->mdt_bottom,
OBD_FAIL_MDS_SETXATTR_WRITE);
buf->lb_buf = xattr;
buf->lb_len = xattr_len;
rc = mo_xattr_set(env, child, buf, xattr_name, flags);
/* update ctime after xattr changed */
if (rc == 0) {
ma->ma_attr_flags |= MDS_PERM_BYPASS;
mo_attr_set(env, child, ma);
}
}
} else if (valid & OBD_MD_FLXATTRRM) {
rc = mo_xattr_del(env, child, xattr_name);
/* update ctime after xattr changed */
if (rc == 0) {
ma->ma_attr_flags |= MDS_PERM_BYPASS;
mo_attr_set(env, child, ma);
}
} else {
CDEBUG(D_INFO, "valid bits: "LPX64"\n", valid);
rc = -EINVAL;
}
if (rc == 0)
mdt_counter_incr(req->rq_export, LPROC_MDT_SETXATTR);
EXIT;
out_unlock:
mdt_object_unlock_put(info, obj, lh, rc);
if (unlikely(new_xattr != NULL))
lustre_posix_acl_xattr_free(new_xattr, xattr_len);
out:
mdt_exit_ucred(info);
return rc;
}
int mdt_getxattr(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_export_data *med = mdt_req2med(req);
struct md_ucred *uc = mdt_ucred(info);
struct mdt_body *reqbody;
struct mdt_body *repbody = NULL;
struct md_object *next;
struct lu_buf *buf;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
int easize, rc;
ENTRY;
LASSERT(info->mti_object != NULL);
LASSERT(lu_object_assert_exists(&info->mti_object->mot_obj.mo_lu));
CDEBUG(D_INODE, "getxattr "DFID"\n", PFID(&info->mti_body->fid1));
reqbody = req_capsule_client_get(info->mti_pill, &RMF_MDT_BODY);
if (reqbody == NULL)
RETURN(err_serious(-EFAULT));
rc = mdt_init_ucred(info, reqbody);
if (rc)
RETURN(err_serious(rc));
next = mdt_object_child(info->mti_object);
if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->mu_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
rc = mo_permission(info->mti_env, NULL, next, NULL,
MAY_RGETFACL);
if (rc)
GOTO(out, rc = err_serious(rc));
}
easize = mdt_getxattr_pack_reply(info);
if (easize < 0)
GOTO(out, rc = err_serious(easize));
repbody = req_capsule_server_get(info->mti_pill, &RMF_MDT_BODY);
LASSERT(repbody != NULL);
/* No need further getxattr. */
if (easize == 0 || reqbody->eadatasize == 0)
GOTO(out, rc = easize);
buf = &info->mti_buf;
buf->lb_buf = req_capsule_server_get(info->mti_pill, &RMF_EADATA);
buf->lb_len = easize;
if (info->mti_body->valid & OBD_MD_FLXATTR) {
int flags = CFS_IC_NOTHING;
char *xattr_name = req_capsule_client_get(info->mti_pill,
&RMF_NAME);
CDEBUG(D_INODE, "getxattr %s\n", xattr_name);
rc = mo_xattr_get(info->mti_env, next, buf, xattr_name);
if (rc < 0) {
CERROR("getxattr failed: %d\n", rc);
GOTO(out, rc);
}
if (info->mti_body->valid &
(OBD_MD_FLRMTLSETFACL | OBD_MD_FLRMTLGETFACL))
flags = CFS_IC_ALL;
else if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL)
flags = CFS_IC_MAPPED;
if (rc > 0 && flags != CFS_IC_NOTHING) {
int rc1;
if (unlikely(!remote))
GOTO(out, rc = -EINVAL);
rc1 = lustre_posix_acl_xattr_id2client(uc,
med->med_idmap,
(posix_acl_xattr_header *)(buf->lb_buf),
rc, flags);
if (unlikely(rc1 < 0))
rc = rc1;
}
} else if (info->mti_body->valid & OBD_MD_FLXATTRLS) {
CDEBUG(D_INODE, "listxattr\n");
rc = mo_xattr_list(info->mti_env, next, buf);
if (rc < 0)
CDEBUG(D_INFO, "listxattr failed: %d\n", rc);
} else
LBUG();
EXIT;
out:
if (rc >= 0) {
mdt_counter_incr(req->rq_export, LPROC_MDT_GETXATTR);
repbody->eadatasize = rc;
rc = 0;
}
mdt_exit_ucred(info);
return rc;
}
int mdt_getxattr(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_export_data *med = mdt_req2med(req);
struct lu_ucred *uc = lu_ucred(info->mti_env);
struct mdt_body *reqbody;
struct mdt_body *repbody = NULL;
struct md_object *next;
struct lu_buf *buf;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
__u32 perm;
int easize, rc;
obd_valid valid;
ENTRY;
LASSERT(info->mti_object != NULL);
LASSERT(lu_object_assert_exists(&info->mti_object->mot_obj));
CDEBUG(D_INODE, "getxattr "DFID"\n", PFID(&info->mti_body->fid1));
reqbody = req_capsule_client_get(info->mti_pill, &RMF_MDT_BODY);
if (reqbody == NULL)
RETURN(err_serious(-EFAULT));
rc = mdt_init_ucred(info, reqbody);
if (rc)
RETURN(err_serious(rc));
next = mdt_object_child(info->mti_object);
if (info->mti_body->valid & OBD_MD_FLRMTRGETFACL) {
if (unlikely(!remote))
GOTO(out, rc = err_serious(-EINVAL));
perm = mdt_identity_get_perm(uc->uc_identity, remote,
req->rq_peer.nid);
if (!(perm & CFS_RMTACL_PERM))
GOTO(out, rc = err_serious(-EPERM));
rc = mo_permission(info->mti_env, NULL, next, NULL,
MAY_RGETFACL);
if (rc)
GOTO(out, rc = err_serious(rc));
}
easize = mdt_getxattr_pack_reply(info);
if (easize < 0)
GOTO(out, rc = err_serious(easize));
repbody = req_capsule_server_get(info->mti_pill, &RMF_MDT_BODY);
LASSERT(repbody != NULL);
/* No need further getxattr. */
if (easize == 0 || reqbody->eadatasize == 0)
GOTO(out, rc = easize);
buf = &info->mti_buf;
buf->lb_buf = req_capsule_server_get(info->mti_pill, &RMF_EADATA);
buf->lb_len = easize;
valid = info->mti_body->valid & (OBD_MD_FLXATTR | OBD_MD_FLXATTRLS);
if (valid == OBD_MD_FLXATTR) {
char *xattr_name = req_capsule_client_get(info->mti_pill,
&RMF_NAME);
rc = mdt_getxattr_one(info, xattr_name, next, buf, med, uc);
} else if (valid == OBD_MD_FLXATTRLS) {
CDEBUG(D_INODE, "listxattr\n");
rc = mo_xattr_list(info->mti_env, next, buf);
if (rc < 0)
CDEBUG(D_INFO, "listxattr failed: %d\n", rc);
} else if (valid == OBD_MD_FLXATTRALL) {
rc = mdt_getxattr_all(info, reqbody, repbody,
buf, next);
} else
LBUG();
EXIT;
out:
if (rc >= 0) {
mdt_counter_incr(req, LPROC_MDT_GETXATTR);
repbody->eadatasize = rc;
rc = 0;
}
mdt_exit_ucred(info);
return rc;
}
int mdt_check_ucred(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_ucred *ucred = mdt_ucred(info);
struct md_identity *identity = NULL;
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
if ((ucred->mu_valid == UCRED_OLD) || (ucred->mu_valid == UCRED_NEW))
RETURN(0);
if (!req->rq_auth_gss || req->rq_auth_usr_mdt || !req->rq_user_desc)
RETURN(0);
/* sanity check: if we use strong authentication, we expect the
* uid which client claimed is true */
if (remote) {
if (req->rq_auth_mapped_uid == INVALID_UID) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
}
RETURN(0);
}
identity = mdt_identity_get(mdt->mdt_identity_cache, pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
RETURN(0);
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
}
perm = mdt_identity_get_perm(identity, remote, peernid);
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = (pud->pud_gid != pud->pud_fsgid ||
pud->pud_gid != identity->mi_gid);
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid, identity->mi_gid,
libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
EXIT;
out:
mdt_identity_put(mdt->mdt_identity_cache, identity);
return rc;
}
static int new_init_ucred(struct mdt_thread_info *info, ucred_init_type_t type,
void *buf)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_ucred *ucred = mdt_ucred(info);
lnet_nid_t peernid = req->rq_peer.nid;
__u32 perm = 0;
__u32 remote = exp_connect_rmtclient(info->mti_exp);
int setuid;
int setgid;
int rc = 0;
ENTRY;
LASSERT(req->rq_auth_gss);
LASSERT(!req->rq_auth_usr_mdt);
LASSERT(req->rq_user_desc);
ucred->mu_valid = UCRED_INVALID;
ucred->mu_o_uid = pud->pud_uid;
ucred->mu_o_gid = pud->pud_gid;
ucred->mu_o_fsuid = pud->pud_fsuid;
ucred->mu_o_fsgid = pud->pud_fsgid;
if (type == BODY_INIT) {
struct mdt_body *body = (struct mdt_body *)buf;
ucred->mu_suppgids[0] = body->suppgid;
ucred->mu_suppgids[1] = -1;
}
/* sanity check: we expect the uid which client claimed is true */
if (remote) {
if (req->rq_auth_mapped_uid == INVALID_UID) {
CDEBUG(D_SEC, "remote user not mapped, deny access!\n");
RETURN(-EACCES);
}
if (ptlrpc_user_desc_do_idmap(req, pud))
RETURN(-EACCES);
if (req->rq_auth_mapped_uid != pud->pud_uid) {
CDEBUG(D_SEC, "remote client %s: auth/mapped uid %u/%u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
req->rq_auth_mapped_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
} else {
if (req->rq_auth_uid != pud->pud_uid) {
CDEBUG(D_SEC, "local client %s: auth uid %u "
"while client claims %u:%u/%u:%u\n",
libcfs_nid2str(peernid), req->rq_auth_uid,
pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid);
RETURN(-EACCES);
}
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
if (remote) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
} else {
ucred->mu_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
}
} else {
struct md_identity *identity;
identity = mdt_identity_get(mdt->mdt_identity_cache,
pud->pud_uid);
if (IS_ERR(identity)) {
if (unlikely(PTR_ERR(identity) == -EREMCHG &&
!remote)) {
ucred->mu_identity = NULL;
perm = CFS_SETUID_PERM | CFS_SETGID_PERM |
CFS_SETGRP_PERM;
} else {
CDEBUG(D_SEC, "Deny access without identity: uid %u\n",
pud->pud_uid);
RETURN(-EACCES);
}
} else {
ucred->mu_identity = identity;
perm = mdt_identity_get_perm(ucred->mu_identity,
remote, peernid);
}
}
/* find out the setuid/setgid attempt */
setuid = (pud->pud_uid != pud->pud_fsuid);
setgid = ((pud->pud_gid != pud->pud_fsgid) ||
(ucred->mu_identity &&
(pud->pud_gid != ucred->mu_identity->mi_gid)));
/* check permission of setuid */
if (setuid && !(perm & CFS_SETUID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setuid attempt (%u -> %u) from %s\n",
pud->pud_uid, pud->pud_fsuid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/* check permission of setgid */
if (setgid && !(perm & CFS_SETGID_PERM)) {
CDEBUG(D_SEC, "mdt blocked setgid attempt (%u:%u/%u:%u -> %u) "
"from %s\n", pud->pud_uid, pud->pud_gid,
pud->pud_fsuid, pud->pud_fsgid,
ucred->mu_identity->mi_gid, libcfs_nid2str(peernid));
GOTO(out, rc = -EACCES);
}
/*
* NB: remote client not allowed to setgroups anyway.
*/
if (!remote && perm & CFS_SETGRP_PERM) {
if (pud->pud_ngroups) {
/* setgroups for local client */
ucred->mu_ginfo = cfs_groups_alloc(pud->pud_ngroups);
if (!ucred->mu_ginfo) {
CERROR("failed to alloc %d groups\n",
pud->pud_ngroups);
GOTO(out, rc = -ENOMEM);
}
lustre_groups_from_list(ucred->mu_ginfo,
pud->pud_groups);
lustre_groups_sort(ucred->mu_ginfo);
} else {
ucred->mu_ginfo = NULL;
}
} else {
ucred->mu_suppgids[0] = -1;
ucred->mu_suppgids[1] = -1;
ucred->mu_ginfo = NULL;
}
ucred->mu_uid = pud->pud_uid;
ucred->mu_gid = pud->pud_gid;
ucred->mu_fsuid = pud->pud_fsuid;
ucred->mu_fsgid = pud->pud_fsgid;
/* process root_squash here. */
mdt_root_squash(info, peernid);
/* remove fs privilege for non-root user. */
if (ucred->mu_fsuid)
ucred->mu_cap = pud->pud_cap & ~CFS_CAP_FS_MASK;
else
ucred->mu_cap = pud->pud_cap;
if (remote && !(perm & CFS_RMTOWN_PERM))
ucred->mu_cap &= ~(CFS_CAP_SYS_RESOURCE_MASK |
CFS_CAP_CHOWN_MASK);
ucred->mu_valid = UCRED_NEW;
EXIT;
out:
if (rc) {
if (ucred->mu_ginfo) {
cfs_put_group_info(ucred->mu_ginfo);
ucred->mu_ginfo = NULL;
}
if (ucred->mu_identity) {
mdt_identity_put(mdt->mdt_identity_cache,
ucred->mu_identity);
ucred->mu_identity = NULL;
}
}
return rc;
}
/**
* Prepare buffers for write request processing.
*
* This function converts remote buffers from client to local buffers
* and prepares the latter. If there is recovery in progress and required
* object is missing then it can be re-created before write.
*
* \param[in] env execution environment
* \param[in] exp OBD export of client
* \param[in] ofd OFD device
* \param[in] fid FID of object
* \param[in] la object attributes
* \param[in] oa OBDO structure from client
* \param[in] objcount always 1
* \param[in] obj object data
* \param[in] rnb remote buffers
* \param[in] nr_local number of local buffers
* \param[in] lnb local buffers
* \param[in] jobid job ID name
*
* \retval 0 on successful prepare
* \retval negative value on error
*/
static int ofd_preprw_write(const struct lu_env *env, struct obd_export *exp,
struct ofd_device *ofd, const struct lu_fid *fid,
struct lu_attr *la, struct obdo *oa,
int objcount, struct obd_ioobj *obj,
struct niobuf_remote *rnb, int *nr_local,
struct niobuf_local *lnb, char *jobid)
{
struct ofd_object *fo;
int i, j, k, rc = 0, tot_bytes = 0;
ENTRY;
LASSERT(env != NULL);
LASSERT(objcount == 1);
if (unlikely(exp->exp_obd->obd_recovering)) {
u64 seq = fid_seq(fid);
u64 oid = fid_oid(fid);
struct ofd_seq *oseq;
oseq = ofd_seq_load(env, ofd, seq);
if (IS_ERR(oseq)) {
CERROR("%s: Can't find FID Sequence "LPX64": rc = %d\n",
ofd_name(ofd), seq, (int)PTR_ERR(oseq));
GOTO(out, rc = -EINVAL);
}
if (oid > ofd_seq_last_oid(oseq)) {
int sync = 0;
int diff;
mutex_lock(&oseq->os_create_lock);
diff = oid - ofd_seq_last_oid(oseq);
/* Do sync create if the seq is about to used up */
if (fid_seq_is_idif(seq) || fid_seq_is_mdt0(seq)) {
if (unlikely(oid >= IDIF_MAX_OID - 1))
sync = 1;
} else if (fid_seq_is_norm(seq)) {
if (unlikely(oid >=
LUSTRE_DATA_SEQ_MAX_WIDTH - 1))
sync = 1;
} else {
CERROR("%s : invalid o_seq "DOSTID"\n",
ofd_name(ofd), POSTID(&oa->o_oi));
mutex_unlock(&oseq->os_create_lock);
ofd_seq_put(env, oseq);
GOTO(out, rc = -EINVAL);
}
while (diff > 0) {
u64 next_id = ofd_seq_last_oid(oseq) + 1;
int count = ofd_precreate_batch(ofd, diff);
rc = ofd_precreate_objects(env, ofd, next_id,
oseq, count, sync);
if (rc < 0) {
mutex_unlock(&oseq->os_create_lock);
ofd_seq_put(env, oseq);
GOTO(out, rc);
}
diff -= rc;
}
mutex_unlock(&oseq->os_create_lock);
}
ofd_seq_put(env, oseq);
}
fo = ofd_object_find(env, ofd, fid);
if (IS_ERR(fo))
GOTO(out, rc = PTR_ERR(fo));
LASSERT(fo != NULL);
ofd_read_lock(env, fo);
if (!ofd_object_exists(fo)) {
CERROR("%s: BRW to missing obj "DOSTID"\n",
exp->exp_obd->obd_name, POSTID(&obj->ioo_oid));
ofd_read_unlock(env, fo);
ofd_object_put(env, fo);
GOTO(out, rc = -ENOENT);
}
if (ofd->ofd_lfsck_verify_pfid && oa->o_valid & OBD_MD_FLFID) {
rc = ofd_verify_ff(env, fo, oa);
if (rc != 0) {
ofd_read_unlock(env, fo);
ofd_object_put(env, fo);
GOTO(out, rc);
}
}
/* Process incoming grant info, set OBD_BRW_GRANTED flag and grant some
* space back if possible */
ofd_grant_prepare_write(env, exp, oa, rnb, obj->ioo_bufcnt);
/* parse remote buffers to local buffers and prepare the latter */
*nr_local = 0;
for (i = 0, j = 0; i < obj->ioo_bufcnt; i++) {
rc = dt_bufs_get(env, ofd_object_child(fo),
rnb + i, lnb + j, 1);
if (unlikely(rc < 0))
GOTO(err, rc);
LASSERT(rc <= PTLRPC_MAX_BRW_PAGES);
/* correct index for local buffers to continue with */
for (k = 0; k < rc; k++) {
lnb[j+k].lnb_flags = rnb[i].rnb_flags;
if (!(rnb[i].rnb_flags & OBD_BRW_GRANTED))
lnb[j+k].lnb_rc = -ENOSPC;
/* remote client can't break through quota */
if (exp_connect_rmtclient(exp))
lnb[j+k].lnb_flags &= ~OBD_BRW_NOQUOTA;
}
j += rc;
*nr_local += rc;
LASSERT(j <= PTLRPC_MAX_BRW_PAGES);
tot_bytes += rnb[i].rnb_len;
}
LASSERT(*nr_local > 0 && *nr_local <= PTLRPC_MAX_BRW_PAGES);
rc = dt_write_prep(env, ofd_object_child(fo), lnb, *nr_local);
if (unlikely(rc != 0))
GOTO(err, rc);
ofd_counter_incr(exp, LPROC_OFD_STATS_WRITE, jobid, tot_bytes);
RETURN(0);
err:
dt_bufs_put(env, ofd_object_child(fo), lnb, *nr_local);
ofd_read_unlock(env, fo);
ofd_object_put(env, fo);
/* ofd_grant_prepare_write() was called, so we must commit */
ofd_grant_commit(exp, oa->o_grant_used, rc);
out:
/* let's still process incoming grant information packed in the oa,
* but without enforcing grant since we won't proceed with the write.
* Just like a read request actually. */
ofd_grant_prepare_read(env, exp, oa);
return rc;
}
int mdt_handle_idmap(struct mdt_thread_info *info)
{
struct ptlrpc_request *req = mdt_info_req(info);
struct mdt_device *mdt = info->mti_mdt;
struct mdt_export_data *med;
struct ptlrpc_user_desc *pud = req->rq_user_desc;
struct md_identity *identity;
__u32 opc;
int rc = 0;
ENTRY;
if (!req->rq_export)
RETURN(0);
med = mdt_req2med(req);
if (!exp_connect_rmtclient(info->mti_exp))
RETURN(0);
opc = lustre_msg_get_opc(req->rq_reqmsg);
/* Bypass other opc */
if ((opc != SEC_CTX_INIT) && (opc != SEC_CTX_INIT_CONT) &&
(opc != SEC_CTX_FINI) && (opc != MDS_CONNECT))
RETURN(0);
LASSERT(med->med_idmap);
if (unlikely(!pud)) {
CDEBUG(D_SEC, "remote client must run with rq_user_desc "
"present\n");
RETURN(-EACCES);
}
if (req->rq_auth_mapped_uid == INVALID_UID) {
CDEBUG(D_SEC, "invalid authorized mapped uid, please check "
"/etc/lustre/idmap.conf!\n");
RETURN(-EACCES);
}
if (is_identity_get_disabled(mdt->mdt_identity_cache)) {
CDEBUG(D_SEC, "remote client must run with identity_get "
"enabled!\n");
RETURN(-EACCES);
}
identity = mdt_identity_get(mdt->mdt_identity_cache,
req->rq_auth_mapped_uid);
if (IS_ERR(identity)) {
CDEBUG(D_SEC, "can't get mdt identity(%u), no mapping added\n",
req->rq_auth_mapped_uid);
RETURN(-EACCES);
}
switch (opc) {
case SEC_CTX_INIT:
case SEC_CTX_INIT_CONT:
case MDS_CONNECT:
rc = lustre_idmap_add(med->med_idmap,
pud->pud_uid, identity->mi_uid,
pud->pud_gid, identity->mi_gid);
break;
case SEC_CTX_FINI:
rc = lustre_idmap_del(med->med_idmap,
pud->pud_uid, identity->mi_uid,
pud->pud_gid, identity->mi_gid);
break;
}
mdt_identity_put(mdt->mdt_identity_cache, identity);
if (rc)
RETURN(rc);
switch (opc) {
case SEC_CTX_INIT:
case SEC_CTX_INIT_CONT:
case SEC_CTX_FINI:
mdt_revoke_export_locks(req->rq_export);
break;
}
RETURN(0);
}
static int ofd_preprw_write(const struct lu_env *env, struct obd_export *exp,
struct ofd_device *ofd, struct lu_fid *fid,
struct lu_attr *la, struct obdo *oa,
int objcount, struct obd_ioobj *obj,
struct niobuf_remote *rnb, int *nr_local,
struct niobuf_local *lnb, char *jobid)
{
struct ofd_object *fo;
int i, j, k, rc = 0, tot_bytes = 0;
ENTRY;
LASSERT(env != NULL);
LASSERT(objcount == 1);
if (unlikely(exp->exp_obd->obd_recovering)) {
struct ofd_thread_info *info = ofd_info(env);
/* copied from ofd_precreate_object */
/* XXX this should be consolidated to use the same code
* instead of a copy, due to the ongoing risk of bugs. */
memset(&info->fti_attr, 0, sizeof(info->fti_attr));
info->fti_attr.la_valid = LA_TYPE | LA_MODE;
info->fti_attr.la_mode = S_IFREG | S_ISUID | S_ISGID | 0666;
info->fti_attr.la_valid |= LA_ATIME | LA_MTIME | LA_CTIME;
/* Initialize a/c/m time so any client timestamp will always
* be newer and update the inode. ctime = 0 is also handled
* specially in osd_inode_setattr(). See LU-221, LU-1042 */
info->fti_attr.la_atime = 0;
info->fti_attr.la_mtime = 0;
info->fti_attr.la_ctime = 0;
fo = ofd_object_find_or_create(env, ofd, fid, &info->fti_attr);
} else {
fo = ofd_object_find(env, ofd, fid);
}
if (IS_ERR(fo))
GOTO(out, rc = PTR_ERR(fo));
LASSERT(fo != NULL);
ofd_read_lock(env, fo);
if (!ofd_object_exists(fo)) {
CERROR("%s: BRW to missing obj "DOSTID"\n",
exp->exp_obd->obd_name, POSTID(&obj->ioo_oid));
ofd_read_unlock(env, fo);
ofd_object_put(env, fo);
GOTO(out, rc = -ENOENT);
}
/* Process incoming grant info, set OBD_BRW_GRANTED flag and grant some
* space back if possible */
ofd_grant_prepare_write(env, exp, oa, rnb, obj->ioo_bufcnt);
/* parse remote buffers to local buffers and prepare the latter */
*nr_local = 0;
for (i = 0, j = 0; i < obj->ioo_bufcnt; i++) {
rc = dt_bufs_get(env, ofd_object_child(fo),
rnb + i, lnb + j, 1,
ofd_object_capa(env, fo));
if (unlikely(rc < 0))
GOTO(err, rc);
LASSERT(rc <= PTLRPC_MAX_BRW_PAGES);
/* correct index for local buffers to continue with */
for (k = 0; k < rc; k++) {
lnb[j+k].lnb_flags = rnb[i].rnb_flags;
if (!(rnb[i].rnb_flags & OBD_BRW_GRANTED))
lnb[j+k].lnb_rc = -ENOSPC;
/* remote client can't break through quota */
if (exp_connect_rmtclient(exp))
lnb[j+k].lnb_flags &= ~OBD_BRW_NOQUOTA;
}
j += rc;
*nr_local += rc;
LASSERT(j <= PTLRPC_MAX_BRW_PAGES);
tot_bytes += rnb[i].rnb_len;
}
LASSERT(*nr_local > 0 && *nr_local <= PTLRPC_MAX_BRW_PAGES);
rc = dt_write_prep(env, ofd_object_child(fo), lnb, *nr_local);
if (unlikely(rc != 0))
GOTO(err, rc);
ofd_counter_incr(exp, LPROC_OFD_STATS_WRITE, jobid, tot_bytes);
RETURN(0);
err:
dt_bufs_put(env, ofd_object_child(fo), lnb, *nr_local);
ofd_read_unlock(env, fo);
/* ofd_grant_prepare_write() was called, so we must commit */
ofd_grant_commit(env, exp, rc);
out:
/* let's still process incoming grant information packed in the oa,
* but without enforcing grant since we won't proceed with the write.
* Just like a read request actually. */
ofd_grant_prepare_read(env, exp, oa);
return rc;
}
