1 /* 2 * Mapping of UID/GIDs to name and vice versa. 3 * 4 * Copyright (c) 2002, 2003 The Regents of the University of 5 * Michigan. All rights reserved. 6 * 7 * Marius Aamodt Eriksen <marius@umich.edu> 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <linux/module.h> 36 #include <linux/nfsd_idmap.h> 37 #include <linux/seq_file.h> 38 #include <linux/sched.h> 39 40 /* 41 * Cache entry 42 */ 43 44 /* 45 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 46 * that. 47 */ 48 49 #define IDMAP_TYPE_USER 0 50 #define IDMAP_TYPE_GROUP 1 51 52 struct ent { 53 struct cache_head h; 54 int type; /* User / Group */ 55 uid_t id; 56 char name[IDMAP_NAMESZ]; 57 char authname[IDMAP_NAMESZ]; 58 }; 59 60 /* Common entry handling */ 61 62 #define ENT_HASHBITS 8 63 #define ENT_HASHMAX (1 << ENT_HASHBITS) 64 #define ENT_HASHMASK (ENT_HASHMAX - 1) 65 66 static void 67 ent_init(struct cache_head *cnew, struct cache_head *citm) 68 { 69 struct ent *new = container_of(cnew, struct ent, h); 70 struct ent *itm = container_of(citm, struct ent, h); 71 72 new->id = itm->id; 73 new->type = itm->type; 74 75 strlcpy(new->name, itm->name, sizeof(new->name)); 76 strlcpy(new->authname, itm->authname, sizeof(new->name)); 77 } 78 79 static void 80 ent_put(struct kref *ref) 81 { 82 struct ent *map = container_of(ref, struct ent, h.ref); 83 kfree(map); 84 } 85 86 static struct cache_head * 87 ent_alloc(void) 88 { 89 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 90 if (e) 91 return &e->h; 92 else 93 return NULL; 94 } 95 96 /* 97 * ID -> Name cache 98 */ 99 100 static struct cache_head *idtoname_table[ENT_HASHMAX]; 101 102 static uint32_t 103 idtoname_hash(struct ent *ent) 104 { 105 uint32_t hash; 106 107 hash = hash_str(ent->authname, ENT_HASHBITS); 108 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 109 110 /* Flip LSB for user/group */ 111 if (ent->type == IDMAP_TYPE_GROUP) 112 hash ^= 1; 113 114 return hash; 115 } 116 117 static void 118 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 119 int *blen) 120 { 121 struct ent *ent = container_of(ch, struct ent, h); 122 char idstr[11]; 123 124 qword_add(bpp, blen, ent->authname); 125 snprintf(idstr, sizeof(idstr), "%u", ent->id); 126 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 127 qword_add(bpp, blen, idstr); 128 129 (*bpp)[-1] = '\n'; 130 } 131 132 static int 133 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) 134 { 135 return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request); 136 } 137 138 static int 139 idtoname_match(struct cache_head *ca, struct cache_head *cb) 140 { 141 struct ent *a = container_of(ca, struct ent, h); 142 struct ent *b = container_of(cb, struct ent, h); 143 144 return (a->id == b->id && a->type == b->type && 145 strcmp(a->authname, b->authname) == 0); 146 } 147 148 static int 149 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 150 { 151 struct ent *ent; 152 153 if (h == NULL) { 154 seq_puts(m, "#domain type id [name]\n"); 155 return 0; 156 } 157 ent = container_of(h, struct ent, h); 158 seq_printf(m, "%s %s %u", ent->authname, 159 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 160 ent->id); 161 if (test_bit(CACHE_VALID, &h->flags)) 162 seq_printf(m, " %s", ent->name); 163 seq_printf(m, "\n"); 164 return 0; 165 } 166 167 static void 168 warn_no_idmapd(struct cache_detail *detail, int has_died) 169 { 170 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 171 has_died ? "died" : "not been started"); 172 } 173 174 175 static int idtoname_parse(struct cache_detail *, char *, int); 176 static struct ent *idtoname_lookup(struct ent *); 177 static struct ent *idtoname_update(struct ent *, struct ent *); 178 179 static struct cache_detail idtoname_cache = { 180 .owner = THIS_MODULE, 181 .hash_size = ENT_HASHMAX, 182 .hash_table = idtoname_table, 183 .name = "nfs4.idtoname", 184 .cache_put = ent_put, 185 .cache_upcall = idtoname_upcall, 186 .cache_parse = idtoname_parse, 187 .cache_show = idtoname_show, 188 .warn_no_listener = warn_no_idmapd, 189 .match = idtoname_match, 190 .init = ent_init, 191 .update = ent_init, 192 .alloc = ent_alloc, 193 }; 194 195 static int 196 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 197 { 198 struct ent ent, *res; 199 char *buf1, *bp; 200 int len; 201 int error = -EINVAL; 202 203 if (buf[buflen - 1] != '\n') 204 return (-EINVAL); 205 buf[buflen - 1]= '\0'; 206 207 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 208 if (buf1 == NULL) 209 return (-ENOMEM); 210 211 memset(&ent, 0, sizeof(ent)); 212 213 /* Authentication name */ 214 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 215 goto out; 216 memcpy(ent.authname, buf1, sizeof(ent.authname)); 217 218 /* Type */ 219 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 220 goto out; 221 ent.type = strcmp(buf1, "user") == 0 ? 222 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 223 224 /* ID */ 225 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 226 goto out; 227 ent.id = simple_strtoul(buf1, &bp, 10); 228 if (bp == buf1) 229 goto out; 230 231 /* expiry */ 232 ent.h.expiry_time = get_expiry(&buf); 233 if (ent.h.expiry_time == 0) 234 goto out; 235 236 error = -ENOMEM; 237 res = idtoname_lookup(&ent); 238 if (!res) 239 goto out; 240 241 /* Name */ 242 error = -EINVAL; 243 len = qword_get(&buf, buf1, PAGE_SIZE); 244 if (len < 0) 245 goto out; 246 if (len == 0) 247 set_bit(CACHE_NEGATIVE, &ent.h.flags); 248 else if (len >= IDMAP_NAMESZ) 249 goto out; 250 else 251 memcpy(ent.name, buf1, sizeof(ent.name)); 252 error = -ENOMEM; 253 res = idtoname_update(&ent, res); 254 if (res == NULL) 255 goto out; 256 257 cache_put(&res->h, &idtoname_cache); 258 259 error = 0; 260 out: 261 kfree(buf1); 262 263 return error; 264 } 265 266 267 static struct ent * 268 idtoname_lookup(struct ent *item) 269 { 270 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 271 &item->h, 272 idtoname_hash(item)); 273 if (ch) 274 return container_of(ch, struct ent, h); 275 else 276 return NULL; 277 } 278 279 static struct ent * 280 idtoname_update(struct ent *new, struct ent *old) 281 { 282 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 283 &new->h, &old->h, 284 idtoname_hash(new)); 285 if (ch) 286 return container_of(ch, struct ent, h); 287 else 288 return NULL; 289 } 290 291 292 /* 293 * Name -> ID cache 294 */ 295 296 static struct cache_head *nametoid_table[ENT_HASHMAX]; 297 298 static inline int 299 nametoid_hash(struct ent *ent) 300 { 301 return hash_str(ent->name, ENT_HASHBITS); 302 } 303 304 static void 305 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 306 int *blen) 307 { 308 struct ent *ent = container_of(ch, struct ent, h); 309 310 qword_add(bpp, blen, ent->authname); 311 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 312 qword_add(bpp, blen, ent->name); 313 314 (*bpp)[-1] = '\n'; 315 } 316 317 static int 318 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) 319 { 320 return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request); 321 } 322 323 static int 324 nametoid_match(struct cache_head *ca, struct cache_head *cb) 325 { 326 struct ent *a = container_of(ca, struct ent, h); 327 struct ent *b = container_of(cb, struct ent, h); 328 329 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 330 strcmp(a->authname, b->authname) == 0); 331 } 332 333 static int 334 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 335 { 336 struct ent *ent; 337 338 if (h == NULL) { 339 seq_puts(m, "#domain type name [id]\n"); 340 return 0; 341 } 342 ent = container_of(h, struct ent, h); 343 seq_printf(m, "%s %s %s", ent->authname, 344 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 345 ent->name); 346 if (test_bit(CACHE_VALID, &h->flags)) 347 seq_printf(m, " %u", ent->id); 348 seq_printf(m, "\n"); 349 return 0; 350 } 351 352 static struct ent *nametoid_lookup(struct ent *); 353 static struct ent *nametoid_update(struct ent *, struct ent *); 354 static int nametoid_parse(struct cache_detail *, char *, int); 355 356 static struct cache_detail nametoid_cache = { 357 .owner = THIS_MODULE, 358 .hash_size = ENT_HASHMAX, 359 .hash_table = nametoid_table, 360 .name = "nfs4.nametoid", 361 .cache_put = ent_put, 362 .cache_upcall = nametoid_upcall, 363 .cache_parse = nametoid_parse, 364 .cache_show = nametoid_show, 365 .warn_no_listener = warn_no_idmapd, 366 .match = nametoid_match, 367 .init = ent_init, 368 .update = ent_init, 369 .alloc = ent_alloc, 370 }; 371 372 static int 373 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 374 { 375 struct ent ent, *res; 376 char *buf1; 377 int error = -EINVAL; 378 379 if (buf[buflen - 1] != '\n') 380 return (-EINVAL); 381 buf[buflen - 1]= '\0'; 382 383 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 384 if (buf1 == NULL) 385 return (-ENOMEM); 386 387 memset(&ent, 0, sizeof(ent)); 388 389 /* Authentication name */ 390 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 391 goto out; 392 memcpy(ent.authname, buf1, sizeof(ent.authname)); 393 394 /* Type */ 395 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 396 goto out; 397 ent.type = strcmp(buf1, "user") == 0 ? 398 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 399 400 /* Name */ 401 error = qword_get(&buf, buf1, PAGE_SIZE); 402 if (error <= 0 || error >= IDMAP_NAMESZ) 403 goto out; 404 memcpy(ent.name, buf1, sizeof(ent.name)); 405 406 /* expiry */ 407 ent.h.expiry_time = get_expiry(&buf); 408 if (ent.h.expiry_time == 0) 409 goto out; 410 411 /* ID */ 412 error = get_int(&buf, &ent.id); 413 if (error == -EINVAL) 414 goto out; 415 if (error == -ENOENT) 416 set_bit(CACHE_NEGATIVE, &ent.h.flags); 417 418 error = -ENOMEM; 419 res = nametoid_lookup(&ent); 420 if (res == NULL) 421 goto out; 422 res = nametoid_update(&ent, res); 423 if (res == NULL) 424 goto out; 425 426 cache_put(&res->h, &nametoid_cache); 427 error = 0; 428 out: 429 kfree(buf1); 430 431 return (error); 432 } 433 434 435 static struct ent * 436 nametoid_lookup(struct ent *item) 437 { 438 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 439 &item->h, 440 nametoid_hash(item)); 441 if (ch) 442 return container_of(ch, struct ent, h); 443 else 444 return NULL; 445 } 446 447 static struct ent * 448 nametoid_update(struct ent *new, struct ent *old) 449 { 450 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 451 &new->h, &old->h, 452 nametoid_hash(new)); 453 if (ch) 454 return container_of(ch, struct ent, h); 455 else 456 return NULL; 457 } 458 459 /* 460 * Exported API 461 */ 462 463 int 464 nfsd_idmap_init(void) 465 { 466 int rv; 467 468 rv = cache_register(&idtoname_cache); 469 if (rv) 470 return rv; 471 rv = cache_register(&nametoid_cache); 472 if (rv) 473 cache_unregister(&idtoname_cache); 474 return rv; 475 } 476 477 void 478 nfsd_idmap_shutdown(void) 479 { 480 cache_unregister(&idtoname_cache); 481 cache_unregister(&nametoid_cache); 482 } 483 484 /* 485 * Deferred request handling 486 */ 487 488 struct idmap_defer_req { 489 struct cache_req req; 490 struct cache_deferred_req deferred_req; 491 wait_queue_head_t waitq; 492 atomic_t count; 493 }; 494 495 static inline void 496 put_mdr(struct idmap_defer_req *mdr) 497 { 498 if (atomic_dec_and_test(&mdr->count)) 499 kfree(mdr); 500 } 501 502 static inline void 503 get_mdr(struct idmap_defer_req *mdr) 504 { 505 atomic_inc(&mdr->count); 506 } 507 508 static void 509 idmap_revisit(struct cache_deferred_req *dreq, int toomany) 510 { 511 struct idmap_defer_req *mdr = 512 container_of(dreq, struct idmap_defer_req, deferred_req); 513 514 wake_up(&mdr->waitq); 515 put_mdr(mdr); 516 } 517 518 static struct cache_deferred_req * 519 idmap_defer(struct cache_req *req) 520 { 521 struct idmap_defer_req *mdr = 522 container_of(req, struct idmap_defer_req, req); 523 524 mdr->deferred_req.revisit = idmap_revisit; 525 get_mdr(mdr); 526 return (&mdr->deferred_req); 527 } 528 529 static inline int 530 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 531 struct cache_detail *detail, struct ent **item, 532 struct idmap_defer_req *mdr) 533 { 534 *item = lookup_fn(key); 535 if (!*item) 536 return -ENOMEM; 537 return cache_check(detail, &(*item)->h, &mdr->req); 538 } 539 540 static inline int 541 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 542 struct ent *key, struct cache_detail *detail, 543 struct ent **item) 544 { 545 int ret = -ENOMEM; 546 547 *item = lookup_fn(key); 548 if (!*item) 549 goto out_err; 550 ret = -ETIMEDOUT; 551 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 552 || (*item)->h.expiry_time < get_seconds() 553 || detail->flush_time > (*item)->h.last_refresh) 554 goto out_put; 555 ret = -ENOENT; 556 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 557 goto out_put; 558 return 0; 559 out_put: 560 cache_put(&(*item)->h, detail); 561 out_err: 562 *item = NULL; 563 return ret; 564 } 565 566 static int 567 idmap_lookup(struct svc_rqst *rqstp, 568 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 569 struct cache_detail *detail, struct ent **item) 570 { 571 struct idmap_defer_req *mdr; 572 int ret; 573 574 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 575 if (!mdr) 576 return -ENOMEM; 577 atomic_set(&mdr->count, 1); 578 init_waitqueue_head(&mdr->waitq); 579 mdr->req.defer = idmap_defer; 580 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 581 if (ret == -EAGAIN) { 582 wait_event_interruptible_timeout(mdr->waitq, 583 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 584 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 585 } 586 put_mdr(mdr); 587 return ret; 588 } 589 590 static char * 591 rqst_authname(struct svc_rqst *rqstp) 592 { 593 struct auth_domain *clp; 594 595 clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; 596 return clp->name; 597 } 598 599 static int 600 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 601 uid_t *id) 602 { 603 struct ent *item, key = { 604 .type = type, 605 }; 606 int ret; 607 608 if (namelen + 1 > sizeof(key.name)) 609 return -EINVAL; 610 memcpy(key.name, name, namelen); 611 key.name[namelen] = '\0'; 612 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 613 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 614 if (ret == -ENOENT) 615 ret = -ESRCH; /* nfserr_badname */ 616 if (ret) 617 return ret; 618 *id = item->id; 619 cache_put(&item->h, &nametoid_cache); 620 return 0; 621 } 622 623 static int 624 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 625 { 626 struct ent *item, key = { 627 .id = id, 628 .type = type, 629 }; 630 int ret; 631 632 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 633 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 634 if (ret == -ENOENT) 635 return sprintf(name, "%u", id); 636 if (ret) 637 return ret; 638 ret = strlen(item->name); 639 BUG_ON(ret > IDMAP_NAMESZ); 640 memcpy(name, item->name, ret); 641 cache_put(&item->h, &idtoname_cache); 642 return ret; 643 } 644 645 int 646 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 647 __u32 *id) 648 { 649 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 650 } 651 652 int 653 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 654 __u32 *id) 655 { 656 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 657 } 658 659 int 660 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 661 { 662 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 663 } 664 665 int 666 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 667 { 668 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 669 } 670