xref: /openbmc/linux/fs/nfsd/nfs4idmap.c (revision 9d56dd3b083a3bec56e9da35ce07baca81030b03)
1 /*
2  *  Mapping of UID/GIDs to name and vice versa.
3  *
4  *  Copyright (c) 2002, 2003 The Regents of the University of
5  *  Michigan.  All rights reserved.
6  *
7  *  Marius Aamodt Eriksen <marius@umich.edu>
8  *
9  *  Redistribution and use in source and binary forms, with or without
10  *  modification, are permitted provided that the following conditions
11  *  are met:
12  *
13  *  1. Redistributions of source code must retain the above copyright
14  *     notice, this list of conditions and the following disclaimer.
15  *  2. Redistributions in binary form must reproduce the above copyright
16  *     notice, this list of conditions and the following disclaimer in the
17  *     documentation and/or other materials provided with the distribution.
18  *  3. Neither the name of the University nor the names of its
19  *     contributors may be used to endorse or promote products derived
20  *     from this software without specific prior written permission.
21  *
22  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #include <linux/module.h>
36 #include <linux/nfsd_idmap.h>
37 #include <linux/seq_file.h>
38 #include <linux/sched.h>
39 
40 /*
41  * Cache entry
42  */
43 
44 /*
45  * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
46  * that.
47  */
48 
49 #define IDMAP_TYPE_USER  0
50 #define IDMAP_TYPE_GROUP 1
51 
52 struct ent {
53 	struct cache_head h;
54 	int               type;		       /* User / Group */
55 	uid_t             id;
56 	char              name[IDMAP_NAMESZ];
57 	char              authname[IDMAP_NAMESZ];
58 };
59 
60 /* Common entry handling */
61 
62 #define ENT_HASHBITS          8
63 #define ENT_HASHMAX           (1 << ENT_HASHBITS)
64 #define ENT_HASHMASK          (ENT_HASHMAX - 1)
65 
66 static void
67 ent_init(struct cache_head *cnew, struct cache_head *citm)
68 {
69 	struct ent *new = container_of(cnew, struct ent, h);
70 	struct ent *itm = container_of(citm, struct ent, h);
71 
72 	new->id = itm->id;
73 	new->type = itm->type;
74 
75 	strlcpy(new->name, itm->name, sizeof(new->name));
76 	strlcpy(new->authname, itm->authname, sizeof(new->name));
77 }
78 
79 static void
80 ent_put(struct kref *ref)
81 {
82 	struct ent *map = container_of(ref, struct ent, h.ref);
83 	kfree(map);
84 }
85 
86 static struct cache_head *
87 ent_alloc(void)
88 {
89 	struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL);
90 	if (e)
91 		return &e->h;
92 	else
93 		return NULL;
94 }
95 
96 /*
97  * ID -> Name cache
98  */
99 
100 static struct cache_head *idtoname_table[ENT_HASHMAX];
101 
102 static uint32_t
103 idtoname_hash(struct ent *ent)
104 {
105 	uint32_t hash;
106 
107 	hash = hash_str(ent->authname, ENT_HASHBITS);
108 	hash = hash_long(hash ^ ent->id, ENT_HASHBITS);
109 
110 	/* Flip LSB for user/group */
111 	if (ent->type == IDMAP_TYPE_GROUP)
112 		hash ^= 1;
113 
114 	return hash;
115 }
116 
117 static void
118 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
119     int *blen)
120 {
121  	struct ent *ent = container_of(ch, struct ent, h);
122 	char idstr[11];
123 
124 	qword_add(bpp, blen, ent->authname);
125 	snprintf(idstr, sizeof(idstr), "%u", ent->id);
126 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
127 	qword_add(bpp, blen, idstr);
128 
129 	(*bpp)[-1] = '\n';
130 }
131 
132 static int
133 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch)
134 {
135 	return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request);
136 }
137 
138 static int
139 idtoname_match(struct cache_head *ca, struct cache_head *cb)
140 {
141 	struct ent *a = container_of(ca, struct ent, h);
142 	struct ent *b = container_of(cb, struct ent, h);
143 
144 	return (a->id == b->id && a->type == b->type &&
145 	    strcmp(a->authname, b->authname) == 0);
146 }
147 
148 static int
149 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
150 {
151 	struct ent *ent;
152 
153 	if (h == NULL) {
154 		seq_puts(m, "#domain type id [name]\n");
155 		return 0;
156 	}
157 	ent = container_of(h, struct ent, h);
158 	seq_printf(m, "%s %s %u", ent->authname,
159 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
160 			ent->id);
161 	if (test_bit(CACHE_VALID, &h->flags))
162 		seq_printf(m, " %s", ent->name);
163 	seq_printf(m, "\n");
164 	return 0;
165 }
166 
167 static void
168 warn_no_idmapd(struct cache_detail *detail, int has_died)
169 {
170 	printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
171 			has_died ? "died" : "not been started");
172 }
173 
174 
175 static int         idtoname_parse(struct cache_detail *, char *, int);
176 static struct ent *idtoname_lookup(struct ent *);
177 static struct ent *idtoname_update(struct ent *, struct ent *);
178 
179 static struct cache_detail idtoname_cache = {
180 	.owner		= THIS_MODULE,
181 	.hash_size	= ENT_HASHMAX,
182 	.hash_table	= idtoname_table,
183 	.name		= "nfs4.idtoname",
184 	.cache_put	= ent_put,
185 	.cache_upcall	= idtoname_upcall,
186 	.cache_parse	= idtoname_parse,
187 	.cache_show	= idtoname_show,
188 	.warn_no_listener = warn_no_idmapd,
189 	.match		= idtoname_match,
190 	.init		= ent_init,
191 	.update		= ent_init,
192 	.alloc		= ent_alloc,
193 };
194 
195 static int
196 idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
197 {
198 	struct ent ent, *res;
199 	char *buf1, *bp;
200 	int len;
201 	int error = -EINVAL;
202 
203 	if (buf[buflen - 1] != '\n')
204 		return (-EINVAL);
205 	buf[buflen - 1]= '\0';
206 
207 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
208 	if (buf1 == NULL)
209 		return (-ENOMEM);
210 
211 	memset(&ent, 0, sizeof(ent));
212 
213 	/* Authentication name */
214 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
215 		goto out;
216 	memcpy(ent.authname, buf1, sizeof(ent.authname));
217 
218 	/* Type */
219 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
220 		goto out;
221 	ent.type = strcmp(buf1, "user") == 0 ?
222 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
223 
224 	/* ID */
225 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
226 		goto out;
227 	ent.id = simple_strtoul(buf1, &bp, 10);
228 	if (bp == buf1)
229 		goto out;
230 
231 	/* expiry */
232 	ent.h.expiry_time = get_expiry(&buf);
233 	if (ent.h.expiry_time == 0)
234 		goto out;
235 
236 	error = -ENOMEM;
237 	res = idtoname_lookup(&ent);
238 	if (!res)
239 		goto out;
240 
241 	/* Name */
242 	error = -EINVAL;
243 	len = qword_get(&buf, buf1, PAGE_SIZE);
244 	if (len < 0)
245 		goto out;
246 	if (len == 0)
247 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
248 	else if (len >= IDMAP_NAMESZ)
249 		goto out;
250 	else
251 		memcpy(ent.name, buf1, sizeof(ent.name));
252 	error = -ENOMEM;
253 	res = idtoname_update(&ent, res);
254 	if (res == NULL)
255 		goto out;
256 
257 	cache_put(&res->h, &idtoname_cache);
258 
259 	error = 0;
260 out:
261 	kfree(buf1);
262 
263 	return error;
264 }
265 
266 
267 static struct ent *
268 idtoname_lookup(struct ent *item)
269 {
270 	struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache,
271 						    &item->h,
272 						    idtoname_hash(item));
273 	if (ch)
274 		return container_of(ch, struct ent, h);
275 	else
276 		return NULL;
277 }
278 
279 static struct ent *
280 idtoname_update(struct ent *new, struct ent *old)
281 {
282 	struct cache_head *ch = sunrpc_cache_update(&idtoname_cache,
283 						    &new->h, &old->h,
284 						    idtoname_hash(new));
285 	if (ch)
286 		return container_of(ch, struct ent, h);
287 	else
288 		return NULL;
289 }
290 
291 
292 /*
293  * Name -> ID cache
294  */
295 
296 static struct cache_head *nametoid_table[ENT_HASHMAX];
297 
298 static inline int
299 nametoid_hash(struct ent *ent)
300 {
301 	return hash_str(ent->name, ENT_HASHBITS);
302 }
303 
304 static void
305 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
306     int *blen)
307 {
308  	struct ent *ent = container_of(ch, struct ent, h);
309 
310 	qword_add(bpp, blen, ent->authname);
311 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
312 	qword_add(bpp, blen, ent->name);
313 
314 	(*bpp)[-1] = '\n';
315 }
316 
317 static int
318 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch)
319 {
320 	return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request);
321 }
322 
323 static int
324 nametoid_match(struct cache_head *ca, struct cache_head *cb)
325 {
326 	struct ent *a = container_of(ca, struct ent, h);
327 	struct ent *b = container_of(cb, struct ent, h);
328 
329 	return (a->type == b->type && strcmp(a->name, b->name) == 0 &&
330 	    strcmp(a->authname, b->authname) == 0);
331 }
332 
333 static int
334 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
335 {
336 	struct ent *ent;
337 
338 	if (h == NULL) {
339 		seq_puts(m, "#domain type name [id]\n");
340 		return 0;
341 	}
342 	ent = container_of(h, struct ent, h);
343 	seq_printf(m, "%s %s %s", ent->authname,
344 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
345 			ent->name);
346 	if (test_bit(CACHE_VALID, &h->flags))
347 		seq_printf(m, " %u", ent->id);
348 	seq_printf(m, "\n");
349 	return 0;
350 }
351 
352 static struct ent *nametoid_lookup(struct ent *);
353 static struct ent *nametoid_update(struct ent *, struct ent *);
354 static int         nametoid_parse(struct cache_detail *, char *, int);
355 
356 static struct cache_detail nametoid_cache = {
357 	.owner		= THIS_MODULE,
358 	.hash_size	= ENT_HASHMAX,
359 	.hash_table	= nametoid_table,
360 	.name		= "nfs4.nametoid",
361 	.cache_put	= ent_put,
362 	.cache_upcall	= nametoid_upcall,
363 	.cache_parse	= nametoid_parse,
364 	.cache_show	= nametoid_show,
365 	.warn_no_listener = warn_no_idmapd,
366 	.match		= nametoid_match,
367 	.init		= ent_init,
368 	.update		= ent_init,
369 	.alloc		= ent_alloc,
370 };
371 
372 static int
373 nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
374 {
375 	struct ent ent, *res;
376 	char *buf1;
377 	int error = -EINVAL;
378 
379 	if (buf[buflen - 1] != '\n')
380 		return (-EINVAL);
381 	buf[buflen - 1]= '\0';
382 
383 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
384 	if (buf1 == NULL)
385 		return (-ENOMEM);
386 
387 	memset(&ent, 0, sizeof(ent));
388 
389 	/* Authentication name */
390 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
391 		goto out;
392 	memcpy(ent.authname, buf1, sizeof(ent.authname));
393 
394 	/* Type */
395 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
396 		goto out;
397 	ent.type = strcmp(buf1, "user") == 0 ?
398 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
399 
400 	/* Name */
401 	error = qword_get(&buf, buf1, PAGE_SIZE);
402 	if (error <= 0 || error >= IDMAP_NAMESZ)
403 		goto out;
404 	memcpy(ent.name, buf1, sizeof(ent.name));
405 
406 	/* expiry */
407 	ent.h.expiry_time = get_expiry(&buf);
408 	if (ent.h.expiry_time == 0)
409 		goto out;
410 
411 	/* ID */
412 	error = get_int(&buf, &ent.id);
413 	if (error == -EINVAL)
414 		goto out;
415 	if (error == -ENOENT)
416 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
417 
418 	error = -ENOMEM;
419 	res = nametoid_lookup(&ent);
420 	if (res == NULL)
421 		goto out;
422 	res = nametoid_update(&ent, res);
423 	if (res == NULL)
424 		goto out;
425 
426 	cache_put(&res->h, &nametoid_cache);
427 	error = 0;
428 out:
429 	kfree(buf1);
430 
431 	return (error);
432 }
433 
434 
435 static struct ent *
436 nametoid_lookup(struct ent *item)
437 {
438 	struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache,
439 						    &item->h,
440 						    nametoid_hash(item));
441 	if (ch)
442 		return container_of(ch, struct ent, h);
443 	else
444 		return NULL;
445 }
446 
447 static struct ent *
448 nametoid_update(struct ent *new, struct ent *old)
449 {
450 	struct cache_head *ch = sunrpc_cache_update(&nametoid_cache,
451 						    &new->h, &old->h,
452 						    nametoid_hash(new));
453 	if (ch)
454 		return container_of(ch, struct ent, h);
455 	else
456 		return NULL;
457 }
458 
459 /*
460  * Exported API
461  */
462 
463 int
464 nfsd_idmap_init(void)
465 {
466 	int rv;
467 
468 	rv = cache_register(&idtoname_cache);
469 	if (rv)
470 		return rv;
471 	rv = cache_register(&nametoid_cache);
472 	if (rv)
473 		cache_unregister(&idtoname_cache);
474 	return rv;
475 }
476 
477 void
478 nfsd_idmap_shutdown(void)
479 {
480 	cache_unregister(&idtoname_cache);
481 	cache_unregister(&nametoid_cache);
482 }
483 
484 /*
485  * Deferred request handling
486  */
487 
488 struct idmap_defer_req {
489        struct cache_req		req;
490        struct cache_deferred_req deferred_req;
491        wait_queue_head_t	waitq;
492        atomic_t			count;
493 };
494 
495 static inline void
496 put_mdr(struct idmap_defer_req *mdr)
497 {
498 	if (atomic_dec_and_test(&mdr->count))
499 		kfree(mdr);
500 }
501 
502 static inline void
503 get_mdr(struct idmap_defer_req *mdr)
504 {
505 	atomic_inc(&mdr->count);
506 }
507 
508 static void
509 idmap_revisit(struct cache_deferred_req *dreq, int toomany)
510 {
511 	struct idmap_defer_req *mdr =
512 		container_of(dreq, struct idmap_defer_req, deferred_req);
513 
514 	wake_up(&mdr->waitq);
515 	put_mdr(mdr);
516 }
517 
518 static struct cache_deferred_req *
519 idmap_defer(struct cache_req *req)
520 {
521 	struct idmap_defer_req *mdr =
522 		container_of(req, struct idmap_defer_req, req);
523 
524 	mdr->deferred_req.revisit = idmap_revisit;
525 	get_mdr(mdr);
526 	return (&mdr->deferred_req);
527 }
528 
529 static inline int
530 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key,
531 		struct cache_detail *detail, struct ent **item,
532 		struct idmap_defer_req *mdr)
533 {
534 	*item = lookup_fn(key);
535 	if (!*item)
536 		return -ENOMEM;
537 	return cache_check(detail, &(*item)->h, &mdr->req);
538 }
539 
540 static inline int
541 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *),
542 			struct ent *key, struct cache_detail *detail,
543 			struct ent **item)
544 {
545 	int ret = -ENOMEM;
546 
547 	*item = lookup_fn(key);
548 	if (!*item)
549 		goto out_err;
550 	ret = -ETIMEDOUT;
551 	if (!test_bit(CACHE_VALID, &(*item)->h.flags)
552 			|| (*item)->h.expiry_time < get_seconds()
553 			|| detail->flush_time > (*item)->h.last_refresh)
554 		goto out_put;
555 	ret = -ENOENT;
556 	if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags))
557 		goto out_put;
558 	return 0;
559 out_put:
560 	cache_put(&(*item)->h, detail);
561 out_err:
562 	*item = NULL;
563 	return ret;
564 }
565 
566 static int
567 idmap_lookup(struct svc_rqst *rqstp,
568 		struct ent *(*lookup_fn)(struct ent *), struct ent *key,
569 		struct cache_detail *detail, struct ent **item)
570 {
571 	struct idmap_defer_req *mdr;
572 	int ret;
573 
574 	mdr = kzalloc(sizeof(*mdr), GFP_KERNEL);
575 	if (!mdr)
576 		return -ENOMEM;
577 	atomic_set(&mdr->count, 1);
578 	init_waitqueue_head(&mdr->waitq);
579 	mdr->req.defer = idmap_defer;
580 	ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr);
581 	if (ret == -EAGAIN) {
582 		wait_event_interruptible_timeout(mdr->waitq,
583 			test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ);
584 		ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item);
585 	}
586 	put_mdr(mdr);
587 	return ret;
588 }
589 
590 static char *
591 rqst_authname(struct svc_rqst *rqstp)
592 {
593 	struct auth_domain *clp;
594 
595 	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
596 	return clp->name;
597 }
598 
599 static int
600 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen,
601 		uid_t *id)
602 {
603 	struct ent *item, key = {
604 		.type = type,
605 	};
606 	int ret;
607 
608 	if (namelen + 1 > sizeof(key.name))
609 		return -EINVAL;
610 	memcpy(key.name, name, namelen);
611 	key.name[namelen] = '\0';
612 	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
613 	ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
614 	if (ret == -ENOENT)
615 		ret = -ESRCH; /* nfserr_badname */
616 	if (ret)
617 		return ret;
618 	*id = item->id;
619 	cache_put(&item->h, &nametoid_cache);
620 	return 0;
621 }
622 
623 static int
624 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
625 {
626 	struct ent *item, key = {
627 		.id = id,
628 		.type = type,
629 	};
630 	int ret;
631 
632 	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
633 	ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
634 	if (ret == -ENOENT)
635 		return sprintf(name, "%u", id);
636 	if (ret)
637 		return ret;
638 	ret = strlen(item->name);
639 	BUG_ON(ret > IDMAP_NAMESZ);
640 	memcpy(name, item->name, ret);
641 	cache_put(&item->h, &idtoname_cache);
642 	return ret;
643 }
644 
645 int
646 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen,
647 		__u32 *id)
648 {
649 	return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
650 }
651 
652 int
653 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen,
654 		__u32 *id)
655 {
656 	return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
657 }
658 
659 int
660 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
661 {
662 	return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
663 }
664 
665 int
666 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
667 {
668 	return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
669 }
670