1 /* 2 * fs/nfsd/nfs4idmap.c 3 * 4 * Mapping of UID/GIDs to name and vice versa. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of 7 * Michigan. All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its 21 * contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <linux/module.h> 38 #include <linux/init.h> 39 40 #include <linux/mm.h> 41 #include <linux/utsname.h> 42 #include <linux/errno.h> 43 #include <linux/string.h> 44 #include <linux/sunrpc/clnt.h> 45 #include <linux/nfs.h> 46 #include <linux/nfs4.h> 47 #include <linux/nfs_fs.h> 48 #include <linux/nfs_page.h> 49 #include <linux/sunrpc/cache.h> 50 #include <linux/nfsd_idmap.h> 51 #include <linux/list.h> 52 #include <linux/time.h> 53 #include <linux/seq_file.h> 54 #include <linux/sunrpc/svcauth.h> 55 56 /* 57 * Cache entry 58 */ 59 60 /* 61 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 62 * that. 63 */ 64 65 #define IDMAP_TYPE_USER 0 66 #define IDMAP_TYPE_GROUP 1 67 68 struct ent { 69 struct cache_head h; 70 int type; /* User / Group */ 71 uid_t id; 72 char name[IDMAP_NAMESZ]; 73 char authname[IDMAP_NAMESZ]; 74 }; 75 76 /* Common entry handling */ 77 78 #define ENT_HASHBITS 8 79 #define ENT_HASHMAX (1 << ENT_HASHBITS) 80 #define ENT_HASHMASK (ENT_HASHMAX - 1) 81 82 static void 83 ent_init(struct cache_head *cnew, struct cache_head *citm) 84 { 85 struct ent *new = container_of(cnew, struct ent, h); 86 struct ent *itm = container_of(citm, struct ent, h); 87 88 new->id = itm->id; 89 new->type = itm->type; 90 91 strlcpy(new->name, itm->name, sizeof(new->name)); 92 strlcpy(new->authname, itm->authname, sizeof(new->name)); 93 } 94 95 static void 96 ent_put(struct kref *ref) 97 { 98 struct ent *map = container_of(ref, struct ent, h.ref); 99 kfree(map); 100 } 101 102 static struct cache_head * 103 ent_alloc(void) 104 { 105 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 106 if (e) 107 return &e->h; 108 else 109 return NULL; 110 } 111 112 /* 113 * ID -> Name cache 114 */ 115 116 static struct cache_head *idtoname_table[ENT_HASHMAX]; 117 118 static uint32_t 119 idtoname_hash(struct ent *ent) 120 { 121 uint32_t hash; 122 123 hash = hash_str(ent->authname, ENT_HASHBITS); 124 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 125 126 /* Flip LSB for user/group */ 127 if (ent->type == IDMAP_TYPE_GROUP) 128 hash ^= 1; 129 130 return hash; 131 } 132 133 static void 134 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 135 int *blen) 136 { 137 struct ent *ent = container_of(ch, struct ent, h); 138 char idstr[11]; 139 140 qword_add(bpp, blen, ent->authname); 141 snprintf(idstr, sizeof(idstr), "%d", ent->id); 142 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 143 qword_add(bpp, blen, idstr); 144 145 (*bpp)[-1] = '\n'; 146 } 147 148 static int 149 idtoname_match(struct cache_head *ca, struct cache_head *cb) 150 { 151 struct ent *a = container_of(ca, struct ent, h); 152 struct ent *b = container_of(cb, struct ent, h); 153 154 return (a->id == b->id && a->type == b->type && 155 strcmp(a->authname, b->authname) == 0); 156 } 157 158 static int 159 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 160 { 161 struct ent *ent; 162 163 if (h == NULL) { 164 seq_puts(m, "#domain type id [name]\n"); 165 return 0; 166 } 167 ent = container_of(h, struct ent, h); 168 seq_printf(m, "%s %s %d", ent->authname, 169 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 170 ent->id); 171 if (test_bit(CACHE_VALID, &h->flags)) 172 seq_printf(m, " %s", ent->name); 173 seq_printf(m, "\n"); 174 return 0; 175 } 176 177 static void 178 warn_no_idmapd(struct cache_detail *detail) 179 { 180 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 181 detail->last_close? "died" : "not been started"); 182 } 183 184 185 static int idtoname_parse(struct cache_detail *, char *, int); 186 static struct ent *idtoname_lookup(struct ent *); 187 static struct ent *idtoname_update(struct ent *, struct ent *); 188 189 static struct cache_detail idtoname_cache = { 190 .owner = THIS_MODULE, 191 .hash_size = ENT_HASHMAX, 192 .hash_table = idtoname_table, 193 .name = "nfs4.idtoname", 194 .cache_put = ent_put, 195 .cache_request = idtoname_request, 196 .cache_parse = idtoname_parse, 197 .cache_show = idtoname_show, 198 .warn_no_listener = warn_no_idmapd, 199 .match = idtoname_match, 200 .init = ent_init, 201 .update = ent_init, 202 .alloc = ent_alloc, 203 }; 204 205 int 206 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 207 { 208 struct ent ent, *res; 209 char *buf1, *bp; 210 int error = -EINVAL; 211 212 if (buf[buflen - 1] != '\n') 213 return (-EINVAL); 214 buf[buflen - 1]= '\0'; 215 216 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 217 if (buf1 == NULL) 218 return (-ENOMEM); 219 220 memset(&ent, 0, sizeof(ent)); 221 222 /* Authentication name */ 223 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 224 goto out; 225 memcpy(ent.authname, buf1, sizeof(ent.authname)); 226 227 /* Type */ 228 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 229 goto out; 230 ent.type = strcmp(buf1, "user") == 0 ? 231 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 232 233 /* ID */ 234 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 235 goto out; 236 ent.id = simple_strtoul(buf1, &bp, 10); 237 if (bp == buf1) 238 goto out; 239 240 /* expiry */ 241 ent.h.expiry_time = get_expiry(&buf); 242 if (ent.h.expiry_time == 0) 243 goto out; 244 245 error = -ENOMEM; 246 res = idtoname_lookup(&ent); 247 if (!res) 248 goto out; 249 250 /* Name */ 251 error = qword_get(&buf, buf1, PAGE_SIZE); 252 if (error == -EINVAL) 253 goto out; 254 if (error == -ENOENT) 255 set_bit(CACHE_NEGATIVE, &ent.h.flags); 256 else { 257 if (error >= IDMAP_NAMESZ) { 258 error = -EINVAL; 259 goto out; 260 } 261 memcpy(ent.name, buf1, sizeof(ent.name)); 262 } 263 error = -ENOMEM; 264 res = idtoname_update(&ent, res); 265 if (res == NULL) 266 goto out; 267 268 cache_put(&res->h, &idtoname_cache); 269 270 error = 0; 271 out: 272 kfree(buf1); 273 274 return error; 275 } 276 277 278 static struct ent * 279 idtoname_lookup(struct ent *item) 280 { 281 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 282 &item->h, 283 idtoname_hash(item)); 284 if (ch) 285 return container_of(ch, struct ent, h); 286 else 287 return NULL; 288 } 289 290 static struct ent * 291 idtoname_update(struct ent *new, struct ent *old) 292 { 293 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 294 &new->h, &old->h, 295 idtoname_hash(new)); 296 if (ch) 297 return container_of(ch, struct ent, h); 298 else 299 return NULL; 300 } 301 302 303 /* 304 * Name -> ID cache 305 */ 306 307 static struct cache_head *nametoid_table[ENT_HASHMAX]; 308 309 static inline int 310 nametoid_hash(struct ent *ent) 311 { 312 return hash_str(ent->name, ENT_HASHBITS); 313 } 314 315 static void 316 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 317 int *blen) 318 { 319 struct ent *ent = container_of(ch, struct ent, h); 320 321 qword_add(bpp, blen, ent->authname); 322 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 323 qword_add(bpp, blen, ent->name); 324 325 (*bpp)[-1] = '\n'; 326 } 327 328 static int 329 nametoid_match(struct cache_head *ca, struct cache_head *cb) 330 { 331 struct ent *a = container_of(ca, struct ent, h); 332 struct ent *b = container_of(cb, struct ent, h); 333 334 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 335 strcmp(a->authname, b->authname) == 0); 336 } 337 338 static int 339 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 340 { 341 struct ent *ent; 342 343 if (h == NULL) { 344 seq_puts(m, "#domain type name [id]\n"); 345 return 0; 346 } 347 ent = container_of(h, struct ent, h); 348 seq_printf(m, "%s %s %s", ent->authname, 349 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 350 ent->name); 351 if (test_bit(CACHE_VALID, &h->flags)) 352 seq_printf(m, " %d", ent->id); 353 seq_printf(m, "\n"); 354 return 0; 355 } 356 357 static struct ent *nametoid_lookup(struct ent *); 358 static struct ent *nametoid_update(struct ent *, struct ent *); 359 static int nametoid_parse(struct cache_detail *, char *, int); 360 361 static struct cache_detail nametoid_cache = { 362 .owner = THIS_MODULE, 363 .hash_size = ENT_HASHMAX, 364 .hash_table = nametoid_table, 365 .name = "nfs4.nametoid", 366 .cache_put = ent_put, 367 .cache_request = nametoid_request, 368 .cache_parse = nametoid_parse, 369 .cache_show = nametoid_show, 370 .warn_no_listener = warn_no_idmapd, 371 .match = nametoid_match, 372 .init = ent_init, 373 .update = ent_init, 374 .alloc = ent_alloc, 375 }; 376 377 static int 378 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 379 { 380 struct ent ent, *res; 381 char *buf1; 382 int error = -EINVAL; 383 384 if (buf[buflen - 1] != '\n') 385 return (-EINVAL); 386 buf[buflen - 1]= '\0'; 387 388 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 389 if (buf1 == NULL) 390 return (-ENOMEM); 391 392 memset(&ent, 0, sizeof(ent)); 393 394 /* Authentication name */ 395 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 396 goto out; 397 memcpy(ent.authname, buf1, sizeof(ent.authname)); 398 399 /* Type */ 400 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 401 goto out; 402 ent.type = strcmp(buf1, "user") == 0 ? 403 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 404 405 /* Name */ 406 error = qword_get(&buf, buf1, PAGE_SIZE); 407 if (error <= 0 || error >= IDMAP_NAMESZ) 408 goto out; 409 memcpy(ent.name, buf1, sizeof(ent.name)); 410 411 /* expiry */ 412 ent.h.expiry_time = get_expiry(&buf); 413 if (ent.h.expiry_time == 0) 414 goto out; 415 416 /* ID */ 417 error = get_int(&buf, &ent.id); 418 if (error == -EINVAL) 419 goto out; 420 if (error == -ENOENT) 421 set_bit(CACHE_NEGATIVE, &ent.h.flags); 422 423 error = -ENOMEM; 424 res = nametoid_lookup(&ent); 425 if (res == NULL) 426 goto out; 427 res = nametoid_update(&ent, res); 428 if (res == NULL) 429 goto out; 430 431 cache_put(&res->h, &nametoid_cache); 432 error = 0; 433 out: 434 kfree(buf1); 435 436 return (error); 437 } 438 439 440 static struct ent * 441 nametoid_lookup(struct ent *item) 442 { 443 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 444 &item->h, 445 nametoid_hash(item)); 446 if (ch) 447 return container_of(ch, struct ent, h); 448 else 449 return NULL; 450 } 451 452 static struct ent * 453 nametoid_update(struct ent *new, struct ent *old) 454 { 455 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 456 &new->h, &old->h, 457 nametoid_hash(new)); 458 if (ch) 459 return container_of(ch, struct ent, h); 460 else 461 return NULL; 462 } 463 464 /* 465 * Exported API 466 */ 467 468 void 469 nfsd_idmap_init(void) 470 { 471 cache_register(&idtoname_cache); 472 cache_register(&nametoid_cache); 473 } 474 475 void 476 nfsd_idmap_shutdown(void) 477 { 478 if (cache_unregister(&idtoname_cache)) 479 printk(KERN_ERR "nfsd: failed to unregister idtoname cache\n"); 480 if (cache_unregister(&nametoid_cache)) 481 printk(KERN_ERR "nfsd: failed to unregister nametoid cache\n"); 482 } 483 484 /* 485 * Deferred request handling 486 */ 487 488 struct idmap_defer_req { 489 struct cache_req req; 490 struct cache_deferred_req deferred_req; 491 wait_queue_head_t waitq; 492 atomic_t count; 493 }; 494 495 static inline void 496 put_mdr(struct idmap_defer_req *mdr) 497 { 498 if (atomic_dec_and_test(&mdr->count)) 499 kfree(mdr); 500 } 501 502 static inline void 503 get_mdr(struct idmap_defer_req *mdr) 504 { 505 atomic_inc(&mdr->count); 506 } 507 508 static void 509 idmap_revisit(struct cache_deferred_req *dreq, int toomany) 510 { 511 struct idmap_defer_req *mdr = 512 container_of(dreq, struct idmap_defer_req, deferred_req); 513 514 wake_up(&mdr->waitq); 515 put_mdr(mdr); 516 } 517 518 static struct cache_deferred_req * 519 idmap_defer(struct cache_req *req) 520 { 521 struct idmap_defer_req *mdr = 522 container_of(req, struct idmap_defer_req, req); 523 524 mdr->deferred_req.revisit = idmap_revisit; 525 get_mdr(mdr); 526 return (&mdr->deferred_req); 527 } 528 529 static inline int 530 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 531 struct cache_detail *detail, struct ent **item, 532 struct idmap_defer_req *mdr) 533 { 534 *item = lookup_fn(key); 535 if (!*item) 536 return -ENOMEM; 537 return cache_check(detail, &(*item)->h, &mdr->req); 538 } 539 540 static inline int 541 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 542 struct ent *key, struct cache_detail *detail, 543 struct ent **item) 544 { 545 int ret = -ENOMEM; 546 547 *item = lookup_fn(key); 548 if (!*item) 549 goto out_err; 550 ret = -ETIMEDOUT; 551 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 552 || (*item)->h.expiry_time < get_seconds() 553 || detail->flush_time > (*item)->h.last_refresh) 554 goto out_put; 555 ret = -ENOENT; 556 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 557 goto out_put; 558 return 0; 559 out_put: 560 cache_put(&(*item)->h, detail); 561 out_err: 562 *item = NULL; 563 return ret; 564 } 565 566 static int 567 idmap_lookup(struct svc_rqst *rqstp, 568 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 569 struct cache_detail *detail, struct ent **item) 570 { 571 struct idmap_defer_req *mdr; 572 int ret; 573 574 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 575 if (!mdr) 576 return -ENOMEM; 577 atomic_set(&mdr->count, 1); 578 init_waitqueue_head(&mdr->waitq); 579 mdr->req.defer = idmap_defer; 580 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 581 if (ret == -EAGAIN) { 582 wait_event_interruptible_timeout(mdr->waitq, 583 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 584 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 585 } 586 put_mdr(mdr); 587 return ret; 588 } 589 590 static int 591 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 592 uid_t *id) 593 { 594 struct ent *item, key = { 595 .type = type, 596 }; 597 int ret; 598 599 if (namelen + 1 > sizeof(key.name)) 600 return -EINVAL; 601 memcpy(key.name, name, namelen); 602 key.name[namelen] = '\0'; 603 strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname)); 604 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 605 if (ret == -ENOENT) 606 ret = -ESRCH; /* nfserr_badname */ 607 if (ret) 608 return ret; 609 *id = item->id; 610 cache_put(&item->h, &nametoid_cache); 611 return 0; 612 } 613 614 static int 615 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 616 { 617 struct ent *item, key = { 618 .id = id, 619 .type = type, 620 }; 621 int ret; 622 623 strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname)); 624 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 625 if (ret == -ENOENT) 626 return sprintf(name, "%u", id); 627 if (ret) 628 return ret; 629 ret = strlen(item->name); 630 BUG_ON(ret > IDMAP_NAMESZ); 631 memcpy(name, item->name, ret); 632 cache_put(&item->h, &idtoname_cache); 633 return ret; 634 } 635 636 int 637 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 638 __u32 *id) 639 { 640 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 641 } 642 643 int 644 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 645 __u32 *id) 646 { 647 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 648 } 649 650 int 651 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 652 { 653 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 654 } 655 656 int 657 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 658 { 659 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 660 } 661