1 /* 2 * Mapping of UID/GIDs to name and vice versa. 3 * 4 * Copyright (c) 2002, 2003 The Regents of the University of 5 * Michigan. All rights reserved. 6 * 7 * Marius Aamodt Eriksen <marius@umich.edu> 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <linux/module.h> 36 #include <linux/nfsd_idmap.h> 37 #include <linux/seq_file.h> 38 #include <linux/sched.h> 39 #include <linux/slab.h> 40 41 /* 42 * Cache entry 43 */ 44 45 /* 46 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 47 * that. 48 */ 49 50 #define IDMAP_TYPE_USER 0 51 #define IDMAP_TYPE_GROUP 1 52 53 struct ent { 54 struct cache_head h; 55 int type; /* User / Group */ 56 uid_t id; 57 char name[IDMAP_NAMESZ]; 58 char authname[IDMAP_NAMESZ]; 59 }; 60 61 /* Common entry handling */ 62 63 #define ENT_HASHBITS 8 64 #define ENT_HASHMAX (1 << ENT_HASHBITS) 65 #define ENT_HASHMASK (ENT_HASHMAX - 1) 66 67 static void 68 ent_init(struct cache_head *cnew, struct cache_head *citm) 69 { 70 struct ent *new = container_of(cnew, struct ent, h); 71 struct ent *itm = container_of(citm, struct ent, h); 72 73 new->id = itm->id; 74 new->type = itm->type; 75 76 strlcpy(new->name, itm->name, sizeof(new->name)); 77 strlcpy(new->authname, itm->authname, sizeof(new->name)); 78 } 79 80 static void 81 ent_put(struct kref *ref) 82 { 83 struct ent *map = container_of(ref, struct ent, h.ref); 84 kfree(map); 85 } 86 87 static struct cache_head * 88 ent_alloc(void) 89 { 90 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 91 if (e) 92 return &e->h; 93 else 94 return NULL; 95 } 96 97 /* 98 * ID -> Name cache 99 */ 100 101 static struct cache_head *idtoname_table[ENT_HASHMAX]; 102 103 static uint32_t 104 idtoname_hash(struct ent *ent) 105 { 106 uint32_t hash; 107 108 hash = hash_str(ent->authname, ENT_HASHBITS); 109 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 110 111 /* Flip LSB for user/group */ 112 if (ent->type == IDMAP_TYPE_GROUP) 113 hash ^= 1; 114 115 return hash; 116 } 117 118 static void 119 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 120 int *blen) 121 { 122 struct ent *ent = container_of(ch, struct ent, h); 123 char idstr[11]; 124 125 qword_add(bpp, blen, ent->authname); 126 snprintf(idstr, sizeof(idstr), "%u", ent->id); 127 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 128 qword_add(bpp, blen, idstr); 129 130 (*bpp)[-1] = '\n'; 131 } 132 133 static int 134 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) 135 { 136 return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request); 137 } 138 139 static int 140 idtoname_match(struct cache_head *ca, struct cache_head *cb) 141 { 142 struct ent *a = container_of(ca, struct ent, h); 143 struct ent *b = container_of(cb, struct ent, h); 144 145 return (a->id == b->id && a->type == b->type && 146 strcmp(a->authname, b->authname) == 0); 147 } 148 149 static int 150 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 151 { 152 struct ent *ent; 153 154 if (h == NULL) { 155 seq_puts(m, "#domain type id [name]\n"); 156 return 0; 157 } 158 ent = container_of(h, struct ent, h); 159 seq_printf(m, "%s %s %u", ent->authname, 160 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 161 ent->id); 162 if (test_bit(CACHE_VALID, &h->flags)) 163 seq_printf(m, " %s", ent->name); 164 seq_printf(m, "\n"); 165 return 0; 166 } 167 168 static void 169 warn_no_idmapd(struct cache_detail *detail, int has_died) 170 { 171 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 172 has_died ? "died" : "not been started"); 173 } 174 175 176 static int idtoname_parse(struct cache_detail *, char *, int); 177 static struct ent *idtoname_lookup(struct ent *); 178 static struct ent *idtoname_update(struct ent *, struct ent *); 179 180 static struct cache_detail idtoname_cache = { 181 .owner = THIS_MODULE, 182 .hash_size = ENT_HASHMAX, 183 .hash_table = idtoname_table, 184 .name = "nfs4.idtoname", 185 .cache_put = ent_put, 186 .cache_upcall = idtoname_upcall, 187 .cache_parse = idtoname_parse, 188 .cache_show = idtoname_show, 189 .warn_no_listener = warn_no_idmapd, 190 .match = idtoname_match, 191 .init = ent_init, 192 .update = ent_init, 193 .alloc = ent_alloc, 194 }; 195 196 static int 197 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 198 { 199 struct ent ent, *res; 200 char *buf1, *bp; 201 int len; 202 int error = -EINVAL; 203 204 if (buf[buflen - 1] != '\n') 205 return (-EINVAL); 206 buf[buflen - 1]= '\0'; 207 208 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 209 if (buf1 == NULL) 210 return (-ENOMEM); 211 212 memset(&ent, 0, sizeof(ent)); 213 214 /* Authentication name */ 215 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 216 goto out; 217 memcpy(ent.authname, buf1, sizeof(ent.authname)); 218 219 /* Type */ 220 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 221 goto out; 222 ent.type = strcmp(buf1, "user") == 0 ? 223 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 224 225 /* ID */ 226 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 227 goto out; 228 ent.id = simple_strtoul(buf1, &bp, 10); 229 if (bp == buf1) 230 goto out; 231 232 /* expiry */ 233 ent.h.expiry_time = get_expiry(&buf); 234 if (ent.h.expiry_time == 0) 235 goto out; 236 237 error = -ENOMEM; 238 res = idtoname_lookup(&ent); 239 if (!res) 240 goto out; 241 242 /* Name */ 243 error = -EINVAL; 244 len = qword_get(&buf, buf1, PAGE_SIZE); 245 if (len < 0) 246 goto out; 247 if (len == 0) 248 set_bit(CACHE_NEGATIVE, &ent.h.flags); 249 else if (len >= IDMAP_NAMESZ) 250 goto out; 251 else 252 memcpy(ent.name, buf1, sizeof(ent.name)); 253 error = -ENOMEM; 254 res = idtoname_update(&ent, res); 255 if (res == NULL) 256 goto out; 257 258 cache_put(&res->h, &idtoname_cache); 259 260 error = 0; 261 out: 262 kfree(buf1); 263 264 return error; 265 } 266 267 268 static struct ent * 269 idtoname_lookup(struct ent *item) 270 { 271 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 272 &item->h, 273 idtoname_hash(item)); 274 if (ch) 275 return container_of(ch, struct ent, h); 276 else 277 return NULL; 278 } 279 280 static struct ent * 281 idtoname_update(struct ent *new, struct ent *old) 282 { 283 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 284 &new->h, &old->h, 285 idtoname_hash(new)); 286 if (ch) 287 return container_of(ch, struct ent, h); 288 else 289 return NULL; 290 } 291 292 293 /* 294 * Name -> ID cache 295 */ 296 297 static struct cache_head *nametoid_table[ENT_HASHMAX]; 298 299 static inline int 300 nametoid_hash(struct ent *ent) 301 { 302 return hash_str(ent->name, ENT_HASHBITS); 303 } 304 305 static void 306 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 307 int *blen) 308 { 309 struct ent *ent = container_of(ch, struct ent, h); 310 311 qword_add(bpp, blen, ent->authname); 312 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 313 qword_add(bpp, blen, ent->name); 314 315 (*bpp)[-1] = '\n'; 316 } 317 318 static int 319 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) 320 { 321 return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request); 322 } 323 324 static int 325 nametoid_match(struct cache_head *ca, struct cache_head *cb) 326 { 327 struct ent *a = container_of(ca, struct ent, h); 328 struct ent *b = container_of(cb, struct ent, h); 329 330 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 331 strcmp(a->authname, b->authname) == 0); 332 } 333 334 static int 335 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 336 { 337 struct ent *ent; 338 339 if (h == NULL) { 340 seq_puts(m, "#domain type name [id]\n"); 341 return 0; 342 } 343 ent = container_of(h, struct ent, h); 344 seq_printf(m, "%s %s %s", ent->authname, 345 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 346 ent->name); 347 if (test_bit(CACHE_VALID, &h->flags)) 348 seq_printf(m, " %u", ent->id); 349 seq_printf(m, "\n"); 350 return 0; 351 } 352 353 static struct ent *nametoid_lookup(struct ent *); 354 static struct ent *nametoid_update(struct ent *, struct ent *); 355 static int nametoid_parse(struct cache_detail *, char *, int); 356 357 static struct cache_detail nametoid_cache = { 358 .owner = THIS_MODULE, 359 .hash_size = ENT_HASHMAX, 360 .hash_table = nametoid_table, 361 .name = "nfs4.nametoid", 362 .cache_put = ent_put, 363 .cache_upcall = nametoid_upcall, 364 .cache_parse = nametoid_parse, 365 .cache_show = nametoid_show, 366 .warn_no_listener = warn_no_idmapd, 367 .match = nametoid_match, 368 .init = ent_init, 369 .update = ent_init, 370 .alloc = ent_alloc, 371 }; 372 373 static int 374 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 375 { 376 struct ent ent, *res; 377 char *buf1; 378 int error = -EINVAL; 379 380 if (buf[buflen - 1] != '\n') 381 return (-EINVAL); 382 buf[buflen - 1]= '\0'; 383 384 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 385 if (buf1 == NULL) 386 return (-ENOMEM); 387 388 memset(&ent, 0, sizeof(ent)); 389 390 /* Authentication name */ 391 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 392 goto out; 393 memcpy(ent.authname, buf1, sizeof(ent.authname)); 394 395 /* Type */ 396 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 397 goto out; 398 ent.type = strcmp(buf1, "user") == 0 ? 399 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 400 401 /* Name */ 402 error = qword_get(&buf, buf1, PAGE_SIZE); 403 if (error <= 0 || error >= IDMAP_NAMESZ) 404 goto out; 405 memcpy(ent.name, buf1, sizeof(ent.name)); 406 407 /* expiry */ 408 ent.h.expiry_time = get_expiry(&buf); 409 if (ent.h.expiry_time == 0) 410 goto out; 411 412 /* ID */ 413 error = get_int(&buf, &ent.id); 414 if (error == -EINVAL) 415 goto out; 416 if (error == -ENOENT) 417 set_bit(CACHE_NEGATIVE, &ent.h.flags); 418 419 error = -ENOMEM; 420 res = nametoid_lookup(&ent); 421 if (res == NULL) 422 goto out; 423 res = nametoid_update(&ent, res); 424 if (res == NULL) 425 goto out; 426 427 cache_put(&res->h, &nametoid_cache); 428 error = 0; 429 out: 430 kfree(buf1); 431 432 return (error); 433 } 434 435 436 static struct ent * 437 nametoid_lookup(struct ent *item) 438 { 439 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 440 &item->h, 441 nametoid_hash(item)); 442 if (ch) 443 return container_of(ch, struct ent, h); 444 else 445 return NULL; 446 } 447 448 static struct ent * 449 nametoid_update(struct ent *new, struct ent *old) 450 { 451 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 452 &new->h, &old->h, 453 nametoid_hash(new)); 454 if (ch) 455 return container_of(ch, struct ent, h); 456 else 457 return NULL; 458 } 459 460 /* 461 * Exported API 462 */ 463 464 int 465 nfsd_idmap_init(void) 466 { 467 int rv; 468 469 rv = cache_register(&idtoname_cache); 470 if (rv) 471 return rv; 472 rv = cache_register(&nametoid_cache); 473 if (rv) 474 cache_unregister(&idtoname_cache); 475 return rv; 476 } 477 478 void 479 nfsd_idmap_shutdown(void) 480 { 481 cache_unregister(&idtoname_cache); 482 cache_unregister(&nametoid_cache); 483 } 484 485 /* 486 * Deferred request handling 487 */ 488 489 struct idmap_defer_req { 490 struct cache_req req; 491 struct cache_deferred_req deferred_req; 492 wait_queue_head_t waitq; 493 atomic_t count; 494 }; 495 496 static inline void 497 put_mdr(struct idmap_defer_req *mdr) 498 { 499 if (atomic_dec_and_test(&mdr->count)) 500 kfree(mdr); 501 } 502 503 static inline void 504 get_mdr(struct idmap_defer_req *mdr) 505 { 506 atomic_inc(&mdr->count); 507 } 508 509 static void 510 idmap_revisit(struct cache_deferred_req *dreq, int toomany) 511 { 512 struct idmap_defer_req *mdr = 513 container_of(dreq, struct idmap_defer_req, deferred_req); 514 515 wake_up(&mdr->waitq); 516 put_mdr(mdr); 517 } 518 519 static struct cache_deferred_req * 520 idmap_defer(struct cache_req *req) 521 { 522 struct idmap_defer_req *mdr = 523 container_of(req, struct idmap_defer_req, req); 524 525 mdr->deferred_req.revisit = idmap_revisit; 526 get_mdr(mdr); 527 return (&mdr->deferred_req); 528 } 529 530 static inline int 531 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 532 struct cache_detail *detail, struct ent **item, 533 struct idmap_defer_req *mdr) 534 { 535 *item = lookup_fn(key); 536 if (!*item) 537 return -ENOMEM; 538 return cache_check(detail, &(*item)->h, &mdr->req); 539 } 540 541 static inline int 542 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 543 struct ent *key, struct cache_detail *detail, 544 struct ent **item) 545 { 546 int ret = -ENOMEM; 547 548 *item = lookup_fn(key); 549 if (!*item) 550 goto out_err; 551 ret = -ETIMEDOUT; 552 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 553 || (*item)->h.expiry_time < get_seconds() 554 || detail->flush_time > (*item)->h.last_refresh) 555 goto out_put; 556 ret = -ENOENT; 557 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 558 goto out_put; 559 return 0; 560 out_put: 561 cache_put(&(*item)->h, detail); 562 out_err: 563 *item = NULL; 564 return ret; 565 } 566 567 static int 568 idmap_lookup(struct svc_rqst *rqstp, 569 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 570 struct cache_detail *detail, struct ent **item) 571 { 572 struct idmap_defer_req *mdr; 573 int ret; 574 575 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 576 if (!mdr) 577 return -ENOMEM; 578 atomic_set(&mdr->count, 1); 579 init_waitqueue_head(&mdr->waitq); 580 mdr->req.defer = idmap_defer; 581 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 582 if (ret == -EAGAIN) { 583 wait_event_interruptible_timeout(mdr->waitq, 584 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 585 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 586 } 587 put_mdr(mdr); 588 return ret; 589 } 590 591 static char * 592 rqst_authname(struct svc_rqst *rqstp) 593 { 594 struct auth_domain *clp; 595 596 clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; 597 return clp->name; 598 } 599 600 static int 601 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 602 uid_t *id) 603 { 604 struct ent *item, key = { 605 .type = type, 606 }; 607 int ret; 608 609 if (namelen + 1 > sizeof(key.name)) 610 return -EINVAL; 611 memcpy(key.name, name, namelen); 612 key.name[namelen] = '\0'; 613 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 614 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 615 if (ret == -ENOENT) 616 ret = -ESRCH; /* nfserr_badname */ 617 if (ret) 618 return ret; 619 *id = item->id; 620 cache_put(&item->h, &nametoid_cache); 621 return 0; 622 } 623 624 static int 625 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 626 { 627 struct ent *item, key = { 628 .id = id, 629 .type = type, 630 }; 631 int ret; 632 633 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 634 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 635 if (ret == -ENOENT) 636 return sprintf(name, "%u", id); 637 if (ret) 638 return ret; 639 ret = strlen(item->name); 640 BUG_ON(ret > IDMAP_NAMESZ); 641 memcpy(name, item->name, ret); 642 cache_put(&item->h, &idtoname_cache); 643 return ret; 644 } 645 646 int 647 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 648 __u32 *id) 649 { 650 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 651 } 652 653 int 654 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 655 __u32 *id) 656 { 657 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 658 } 659 660 int 661 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 662 { 663 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 664 } 665 666 int 667 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 668 { 669 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 670 } 671