1 /* 2 * fs/nfsd/nfs4idmap.c 3 * 4 * Mapping of UID/GIDs to name and vice versa. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of 7 * Michigan. All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its 21 * contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <linux/module.h> 38 #include <linux/init.h> 39 40 #include <linux/mm.h> 41 #include <linux/utsname.h> 42 #include <linux/errno.h> 43 #include <linux/string.h> 44 #include <linux/sunrpc/clnt.h> 45 #include <linux/nfs.h> 46 #include <linux/nfs4.h> 47 #include <linux/nfs_fs.h> 48 #include <linux/nfs_page.h> 49 #include <linux/sunrpc/cache.h> 50 #include <linux/nfsd_idmap.h> 51 #include <linux/list.h> 52 #include <linux/time.h> 53 #include <linux/seq_file.h> 54 #include <linux/sunrpc/svcauth.h> 55 56 /* 57 * Cache entry 58 */ 59 60 /* 61 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 62 * that. 63 */ 64 65 #define IDMAP_TYPE_USER 0 66 #define IDMAP_TYPE_GROUP 1 67 68 struct ent { 69 struct cache_head h; 70 int type; /* User / Group */ 71 uid_t id; 72 char name[IDMAP_NAMESZ]; 73 char authname[IDMAP_NAMESZ]; 74 }; 75 76 /* Common entry handling */ 77 78 #define ENT_HASHBITS 8 79 #define ENT_HASHMAX (1 << ENT_HASHBITS) 80 #define ENT_HASHMASK (ENT_HASHMAX - 1) 81 82 static void 83 ent_init(struct cache_head *cnew, struct cache_head *citm) 84 { 85 struct ent *new = container_of(cnew, struct ent, h); 86 struct ent *itm = container_of(citm, struct ent, h); 87 88 new->id = itm->id; 89 new->type = itm->type; 90 91 strlcpy(new->name, itm->name, sizeof(new->name)); 92 strlcpy(new->authname, itm->authname, sizeof(new->name)); 93 } 94 95 static void 96 ent_put(struct kref *ref) 97 { 98 struct ent *map = container_of(ref, struct ent, h.ref); 99 kfree(map); 100 } 101 102 static struct cache_head * 103 ent_alloc(void) 104 { 105 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 106 if (e) 107 return &e->h; 108 else 109 return NULL; 110 } 111 112 /* 113 * ID -> Name cache 114 */ 115 116 static struct cache_head *idtoname_table[ENT_HASHMAX]; 117 118 static uint32_t 119 idtoname_hash(struct ent *ent) 120 { 121 uint32_t hash; 122 123 hash = hash_str(ent->authname, ENT_HASHBITS); 124 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 125 126 /* Flip LSB for user/group */ 127 if (ent->type == IDMAP_TYPE_GROUP) 128 hash ^= 1; 129 130 return hash; 131 } 132 133 static void 134 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 135 int *blen) 136 { 137 struct ent *ent = container_of(ch, struct ent, h); 138 char idstr[11]; 139 140 qword_add(bpp, blen, ent->authname); 141 snprintf(idstr, sizeof(idstr), "%u", ent->id); 142 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 143 qword_add(bpp, blen, idstr); 144 145 (*bpp)[-1] = '\n'; 146 } 147 148 static int 149 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) 150 { 151 return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request); 152 } 153 154 static int 155 idtoname_match(struct cache_head *ca, struct cache_head *cb) 156 { 157 struct ent *a = container_of(ca, struct ent, h); 158 struct ent *b = container_of(cb, struct ent, h); 159 160 return (a->id == b->id && a->type == b->type && 161 strcmp(a->authname, b->authname) == 0); 162 } 163 164 static int 165 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 166 { 167 struct ent *ent; 168 169 if (h == NULL) { 170 seq_puts(m, "#domain type id [name]\n"); 171 return 0; 172 } 173 ent = container_of(h, struct ent, h); 174 seq_printf(m, "%s %s %u", ent->authname, 175 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 176 ent->id); 177 if (test_bit(CACHE_VALID, &h->flags)) 178 seq_printf(m, " %s", ent->name); 179 seq_printf(m, "\n"); 180 return 0; 181 } 182 183 static void 184 warn_no_idmapd(struct cache_detail *detail, int has_died) 185 { 186 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 187 has_died ? "died" : "not been started"); 188 } 189 190 191 static int idtoname_parse(struct cache_detail *, char *, int); 192 static struct ent *idtoname_lookup(struct ent *); 193 static struct ent *idtoname_update(struct ent *, struct ent *); 194 195 static struct cache_detail idtoname_cache = { 196 .owner = THIS_MODULE, 197 .hash_size = ENT_HASHMAX, 198 .hash_table = idtoname_table, 199 .name = "nfs4.idtoname", 200 .cache_put = ent_put, 201 .cache_upcall = idtoname_upcall, 202 .cache_parse = idtoname_parse, 203 .cache_show = idtoname_show, 204 .warn_no_listener = warn_no_idmapd, 205 .match = idtoname_match, 206 .init = ent_init, 207 .update = ent_init, 208 .alloc = ent_alloc, 209 }; 210 211 static int 212 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 213 { 214 struct ent ent, *res; 215 char *buf1, *bp; 216 int len; 217 int error = -EINVAL; 218 219 if (buf[buflen - 1] != '\n') 220 return (-EINVAL); 221 buf[buflen - 1]= '\0'; 222 223 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 224 if (buf1 == NULL) 225 return (-ENOMEM); 226 227 memset(&ent, 0, sizeof(ent)); 228 229 /* Authentication name */ 230 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 231 goto out; 232 memcpy(ent.authname, buf1, sizeof(ent.authname)); 233 234 /* Type */ 235 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 236 goto out; 237 ent.type = strcmp(buf1, "user") == 0 ? 238 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 239 240 /* ID */ 241 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 242 goto out; 243 ent.id = simple_strtoul(buf1, &bp, 10); 244 if (bp == buf1) 245 goto out; 246 247 /* expiry */ 248 ent.h.expiry_time = get_expiry(&buf); 249 if (ent.h.expiry_time == 0) 250 goto out; 251 252 error = -ENOMEM; 253 res = idtoname_lookup(&ent); 254 if (!res) 255 goto out; 256 257 /* Name */ 258 error = -EINVAL; 259 len = qword_get(&buf, buf1, PAGE_SIZE); 260 if (len < 0) 261 goto out; 262 if (len == 0) 263 set_bit(CACHE_NEGATIVE, &ent.h.flags); 264 else if (len >= IDMAP_NAMESZ) 265 goto out; 266 else 267 memcpy(ent.name, buf1, sizeof(ent.name)); 268 error = -ENOMEM; 269 res = idtoname_update(&ent, res); 270 if (res == NULL) 271 goto out; 272 273 cache_put(&res->h, &idtoname_cache); 274 275 error = 0; 276 out: 277 kfree(buf1); 278 279 return error; 280 } 281 282 283 static struct ent * 284 idtoname_lookup(struct ent *item) 285 { 286 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 287 &item->h, 288 idtoname_hash(item)); 289 if (ch) 290 return container_of(ch, struct ent, h); 291 else 292 return NULL; 293 } 294 295 static struct ent * 296 idtoname_update(struct ent *new, struct ent *old) 297 { 298 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 299 &new->h, &old->h, 300 idtoname_hash(new)); 301 if (ch) 302 return container_of(ch, struct ent, h); 303 else 304 return NULL; 305 } 306 307 308 /* 309 * Name -> ID cache 310 */ 311 312 static struct cache_head *nametoid_table[ENT_HASHMAX]; 313 314 static inline int 315 nametoid_hash(struct ent *ent) 316 { 317 return hash_str(ent->name, ENT_HASHBITS); 318 } 319 320 static void 321 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 322 int *blen) 323 { 324 struct ent *ent = container_of(ch, struct ent, h); 325 326 qword_add(bpp, blen, ent->authname); 327 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 328 qword_add(bpp, blen, ent->name); 329 330 (*bpp)[-1] = '\n'; 331 } 332 333 static int 334 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) 335 { 336 return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request); 337 } 338 339 static int 340 nametoid_match(struct cache_head *ca, struct cache_head *cb) 341 { 342 struct ent *a = container_of(ca, struct ent, h); 343 struct ent *b = container_of(cb, struct ent, h); 344 345 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 346 strcmp(a->authname, b->authname) == 0); 347 } 348 349 static int 350 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 351 { 352 struct ent *ent; 353 354 if (h == NULL) { 355 seq_puts(m, "#domain type name [id]\n"); 356 return 0; 357 } 358 ent = container_of(h, struct ent, h); 359 seq_printf(m, "%s %s %s", ent->authname, 360 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 361 ent->name); 362 if (test_bit(CACHE_VALID, &h->flags)) 363 seq_printf(m, " %u", ent->id); 364 seq_printf(m, "\n"); 365 return 0; 366 } 367 368 static struct ent *nametoid_lookup(struct ent *); 369 static struct ent *nametoid_update(struct ent *, struct ent *); 370 static int nametoid_parse(struct cache_detail *, char *, int); 371 372 static struct cache_detail nametoid_cache = { 373 .owner = THIS_MODULE, 374 .hash_size = ENT_HASHMAX, 375 .hash_table = nametoid_table, 376 .name = "nfs4.nametoid", 377 .cache_put = ent_put, 378 .cache_upcall = nametoid_upcall, 379 .cache_parse = nametoid_parse, 380 .cache_show = nametoid_show, 381 .warn_no_listener = warn_no_idmapd, 382 .match = nametoid_match, 383 .init = ent_init, 384 .update = ent_init, 385 .alloc = ent_alloc, 386 }; 387 388 static int 389 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 390 { 391 struct ent ent, *res; 392 char *buf1; 393 int error = -EINVAL; 394 395 if (buf[buflen - 1] != '\n') 396 return (-EINVAL); 397 buf[buflen - 1]= '\0'; 398 399 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 400 if (buf1 == NULL) 401 return (-ENOMEM); 402 403 memset(&ent, 0, sizeof(ent)); 404 405 /* Authentication name */ 406 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 407 goto out; 408 memcpy(ent.authname, buf1, sizeof(ent.authname)); 409 410 /* Type */ 411 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 412 goto out; 413 ent.type = strcmp(buf1, "user") == 0 ? 414 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 415 416 /* Name */ 417 error = qword_get(&buf, buf1, PAGE_SIZE); 418 if (error <= 0 || error >= IDMAP_NAMESZ) 419 goto out; 420 memcpy(ent.name, buf1, sizeof(ent.name)); 421 422 /* expiry */ 423 ent.h.expiry_time = get_expiry(&buf); 424 if (ent.h.expiry_time == 0) 425 goto out; 426 427 /* ID */ 428 error = get_int(&buf, &ent.id); 429 if (error == -EINVAL) 430 goto out; 431 if (error == -ENOENT) 432 set_bit(CACHE_NEGATIVE, &ent.h.flags); 433 434 error = -ENOMEM; 435 res = nametoid_lookup(&ent); 436 if (res == NULL) 437 goto out; 438 res = nametoid_update(&ent, res); 439 if (res == NULL) 440 goto out; 441 442 cache_put(&res->h, &nametoid_cache); 443 error = 0; 444 out: 445 kfree(buf1); 446 447 return (error); 448 } 449 450 451 static struct ent * 452 nametoid_lookup(struct ent *item) 453 { 454 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 455 &item->h, 456 nametoid_hash(item)); 457 if (ch) 458 return container_of(ch, struct ent, h); 459 else 460 return NULL; 461 } 462 463 static struct ent * 464 nametoid_update(struct ent *new, struct ent *old) 465 { 466 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 467 &new->h, &old->h, 468 nametoid_hash(new)); 469 if (ch) 470 return container_of(ch, struct ent, h); 471 else 472 return NULL; 473 } 474 475 /* 476 * Exported API 477 */ 478 479 int 480 nfsd_idmap_init(void) 481 { 482 int rv; 483 484 rv = cache_register(&idtoname_cache); 485 if (rv) 486 return rv; 487 rv = cache_register(&nametoid_cache); 488 if (rv) 489 cache_unregister(&idtoname_cache); 490 return rv; 491 } 492 493 void 494 nfsd_idmap_shutdown(void) 495 { 496 cache_unregister(&idtoname_cache); 497 cache_unregister(&nametoid_cache); 498 } 499 500 /* 501 * Deferred request handling 502 */ 503 504 struct idmap_defer_req { 505 struct cache_req req; 506 struct cache_deferred_req deferred_req; 507 wait_queue_head_t waitq; 508 atomic_t count; 509 }; 510 511 static inline void 512 put_mdr(struct idmap_defer_req *mdr) 513 { 514 if (atomic_dec_and_test(&mdr->count)) 515 kfree(mdr); 516 } 517 518 static inline void 519 get_mdr(struct idmap_defer_req *mdr) 520 { 521 atomic_inc(&mdr->count); 522 } 523 524 static void 525 idmap_revisit(struct cache_deferred_req *dreq, int toomany) 526 { 527 struct idmap_defer_req *mdr = 528 container_of(dreq, struct idmap_defer_req, deferred_req); 529 530 wake_up(&mdr->waitq); 531 put_mdr(mdr); 532 } 533 534 static struct cache_deferred_req * 535 idmap_defer(struct cache_req *req) 536 { 537 struct idmap_defer_req *mdr = 538 container_of(req, struct idmap_defer_req, req); 539 540 mdr->deferred_req.revisit = idmap_revisit; 541 get_mdr(mdr); 542 return (&mdr->deferred_req); 543 } 544 545 static inline int 546 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 547 struct cache_detail *detail, struct ent **item, 548 struct idmap_defer_req *mdr) 549 { 550 *item = lookup_fn(key); 551 if (!*item) 552 return -ENOMEM; 553 return cache_check(detail, &(*item)->h, &mdr->req); 554 } 555 556 static inline int 557 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 558 struct ent *key, struct cache_detail *detail, 559 struct ent **item) 560 { 561 int ret = -ENOMEM; 562 563 *item = lookup_fn(key); 564 if (!*item) 565 goto out_err; 566 ret = -ETIMEDOUT; 567 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 568 || (*item)->h.expiry_time < get_seconds() 569 || detail->flush_time > (*item)->h.last_refresh) 570 goto out_put; 571 ret = -ENOENT; 572 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 573 goto out_put; 574 return 0; 575 out_put: 576 cache_put(&(*item)->h, detail); 577 out_err: 578 *item = NULL; 579 return ret; 580 } 581 582 static int 583 idmap_lookup(struct svc_rqst *rqstp, 584 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 585 struct cache_detail *detail, struct ent **item) 586 { 587 struct idmap_defer_req *mdr; 588 int ret; 589 590 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 591 if (!mdr) 592 return -ENOMEM; 593 atomic_set(&mdr->count, 1); 594 init_waitqueue_head(&mdr->waitq); 595 mdr->req.defer = idmap_defer; 596 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 597 if (ret == -EAGAIN) { 598 wait_event_interruptible_timeout(mdr->waitq, 599 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 600 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 601 } 602 put_mdr(mdr); 603 return ret; 604 } 605 606 static char * 607 rqst_authname(struct svc_rqst *rqstp) 608 { 609 struct auth_domain *clp; 610 611 clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; 612 return clp->name; 613 } 614 615 static int 616 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 617 uid_t *id) 618 { 619 struct ent *item, key = { 620 .type = type, 621 }; 622 int ret; 623 624 if (namelen + 1 > sizeof(key.name)) 625 return -EINVAL; 626 memcpy(key.name, name, namelen); 627 key.name[namelen] = '\0'; 628 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 629 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 630 if (ret == -ENOENT) 631 ret = -ESRCH; /* nfserr_badname */ 632 if (ret) 633 return ret; 634 *id = item->id; 635 cache_put(&item->h, &nametoid_cache); 636 return 0; 637 } 638 639 static int 640 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 641 { 642 struct ent *item, key = { 643 .id = id, 644 .type = type, 645 }; 646 int ret; 647 648 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 649 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 650 if (ret == -ENOENT) 651 return sprintf(name, "%u", id); 652 if (ret) 653 return ret; 654 ret = strlen(item->name); 655 BUG_ON(ret > IDMAP_NAMESZ); 656 memcpy(name, item->name, ret); 657 cache_put(&item->h, &idtoname_cache); 658 return ret; 659 } 660 661 int 662 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 663 __u32 *id) 664 { 665 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 666 } 667 668 int 669 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 670 __u32 *id) 671 { 672 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 673 } 674 675 int 676 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 677 { 678 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 679 } 680 681 int 682 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 683 { 684 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 685 } 686