xref: /openbmc/linux/fs/nfsd/nfs4idmap.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  *  fs/nfsd/nfs4idmap.c
3  *
4  *  Mapping of UID/GIDs to name and vice versa.
5  *
6  *  Copyright (c) 2002, 2003 The Regents of the University of
7  *  Michigan.  All rights reserved.
8  *
9  *  Marius Aamodt Eriksen <marius@umich.edu>
10  *
11  *  Redistribution and use in source and binary forms, with or without
12  *  modification, are permitted provided that the following conditions
13  *  are met:
14  *
15  *  1. Redistributions of source code must retain the above copyright
16  *     notice, this list of conditions and the following disclaimer.
17  *  2. Redistributions in binary form must reproduce the above copyright
18  *     notice, this list of conditions and the following disclaimer in the
19  *     documentation and/or other materials provided with the distribution.
20  *  3. Neither the name of the University nor the names of its
21  *     contributors may be used to endorse or promote products derived
22  *     from this software without specific prior written permission.
23  *
24  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
25  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
26  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
32  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
33  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35  */
36 
37 #include <linux/module.h>
38 #include <linux/init.h>
39 
40 #include <linux/mm.h>
41 #include <linux/utsname.h>
42 #include <linux/errno.h>
43 #include <linux/string.h>
44 #include <linux/sunrpc/clnt.h>
45 #include <linux/nfs.h>
46 #include <linux/nfs4.h>
47 #include <linux/nfs_fs.h>
48 #include <linux/nfs_page.h>
49 #include <linux/sunrpc/cache.h>
50 #include <linux/nfsd_idmap.h>
51 #include <linux/list.h>
52 #include <linux/time.h>
53 #include <linux/seq_file.h>
54 #include <linux/sunrpc/svcauth.h>
55 
56 /*
57  * Cache entry
58  */
59 
60 /*
61  * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
62  * that.
63  */
64 
65 #define IDMAP_TYPE_USER  0
66 #define IDMAP_TYPE_GROUP 1
67 
68 struct ent {
69 	struct cache_head h;
70 	int               type;		       /* User / Group */
71 	uid_t             id;
72 	char              name[IDMAP_NAMESZ];
73 	char              authname[IDMAP_NAMESZ];
74 };
75 
76 /* Common entry handling */
77 
78 #define ENT_HASHBITS          8
79 #define ENT_HASHMAX           (1 << ENT_HASHBITS)
80 #define ENT_HASHMASK          (ENT_HASHMAX - 1)
81 
82 static void
83 ent_init(struct cache_head *cnew, struct cache_head *citm)
84 {
85 	struct ent *new = container_of(cnew, struct ent, h);
86 	struct ent *itm = container_of(citm, struct ent, h);
87 
88 	new->id = itm->id;
89 	new->type = itm->type;
90 
91 	strlcpy(new->name, itm->name, sizeof(new->name));
92 	strlcpy(new->authname, itm->authname, sizeof(new->name));
93 }
94 
95 static void
96 ent_put(struct kref *ref)
97 {
98 	struct ent *map = container_of(ref, struct ent, h.ref);
99 	kfree(map);
100 }
101 
102 static struct cache_head *
103 ent_alloc(void)
104 {
105 	struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL);
106 	if (e)
107 		return &e->h;
108 	else
109 		return NULL;
110 }
111 
112 /*
113  * ID -> Name cache
114  */
115 
116 static struct cache_head *idtoname_table[ENT_HASHMAX];
117 
118 static uint32_t
119 idtoname_hash(struct ent *ent)
120 {
121 	uint32_t hash;
122 
123 	hash = hash_str(ent->authname, ENT_HASHBITS);
124 	hash = hash_long(hash ^ ent->id, ENT_HASHBITS);
125 
126 	/* Flip LSB for user/group */
127 	if (ent->type == IDMAP_TYPE_GROUP)
128 		hash ^= 1;
129 
130 	return hash;
131 }
132 
133 static void
134 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
135     int *blen)
136 {
137  	struct ent *ent = container_of(ch, struct ent, h);
138 	char idstr[11];
139 
140 	qword_add(bpp, blen, ent->authname);
141 	snprintf(idstr, sizeof(idstr), "%d", ent->id);
142 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
143 	qword_add(bpp, blen, idstr);
144 
145 	(*bpp)[-1] = '\n';
146 }
147 
148 static int
149 idtoname_match(struct cache_head *ca, struct cache_head *cb)
150 {
151 	struct ent *a = container_of(ca, struct ent, h);
152 	struct ent *b = container_of(cb, struct ent, h);
153 
154 	return (a->id == b->id && a->type == b->type &&
155 	    strcmp(a->authname, b->authname) == 0);
156 }
157 
158 static int
159 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
160 {
161 	struct ent *ent;
162 
163 	if (h == NULL) {
164 		seq_puts(m, "#domain type id [name]\n");
165 		return 0;
166 	}
167 	ent = container_of(h, struct ent, h);
168 	seq_printf(m, "%s %s %d", ent->authname,
169 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
170 			ent->id);
171 	if (test_bit(CACHE_VALID, &h->flags))
172 		seq_printf(m, " %s", ent->name);
173 	seq_printf(m, "\n");
174 	return 0;
175 }
176 
177 static void
178 warn_no_idmapd(struct cache_detail *detail)
179 {
180 	printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
181 			detail->last_close? "died" : "not been started");
182 }
183 
184 
185 static int         idtoname_parse(struct cache_detail *, char *, int);
186 static struct ent *idtoname_lookup(struct ent *);
187 static struct ent *idtoname_update(struct ent *, struct ent *);
188 
189 static struct cache_detail idtoname_cache = {
190 	.owner		= THIS_MODULE,
191 	.hash_size	= ENT_HASHMAX,
192 	.hash_table	= idtoname_table,
193 	.name		= "nfs4.idtoname",
194 	.cache_put	= ent_put,
195 	.cache_request	= idtoname_request,
196 	.cache_parse	= idtoname_parse,
197 	.cache_show	= idtoname_show,
198 	.warn_no_listener = warn_no_idmapd,
199 	.match		= idtoname_match,
200 	.init		= ent_init,
201 	.update		= ent_init,
202 	.alloc		= ent_alloc,
203 };
204 
205 int
206 idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
207 {
208 	struct ent ent, *res;
209 	char *buf1, *bp;
210 	int error = -EINVAL;
211 
212 	if (buf[buflen - 1] != '\n')
213 		return (-EINVAL);
214 	buf[buflen - 1]= '\0';
215 
216 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
217 	if (buf1 == NULL)
218 		return (-ENOMEM);
219 
220 	memset(&ent, 0, sizeof(ent));
221 
222 	/* Authentication name */
223 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
224 		goto out;
225 	memcpy(ent.authname, buf1, sizeof(ent.authname));
226 
227 	/* Type */
228 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
229 		goto out;
230 	ent.type = strcmp(buf1, "user") == 0 ?
231 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
232 
233 	/* ID */
234 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
235 		goto out;
236 	ent.id = simple_strtoul(buf1, &bp, 10);
237 	if (bp == buf1)
238 		goto out;
239 
240 	/* expiry */
241 	ent.h.expiry_time = get_expiry(&buf);
242 	if (ent.h.expiry_time == 0)
243 		goto out;
244 
245 	error = -ENOMEM;
246 	res = idtoname_lookup(&ent);
247 	if (!res)
248 		goto out;
249 
250 	/* Name */
251 	error = qword_get(&buf, buf1, PAGE_SIZE);
252 	if (error == -EINVAL)
253 		goto out;
254 	if (error == -ENOENT)
255 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
256 	else {
257 		if (error >= IDMAP_NAMESZ) {
258 			error = -EINVAL;
259 			goto out;
260 		}
261 		memcpy(ent.name, buf1, sizeof(ent.name));
262 	}
263 	error = -ENOMEM;
264 	res = idtoname_update(&ent, res);
265 	if (res == NULL)
266 		goto out;
267 
268 	cache_put(&res->h, &idtoname_cache);
269 
270 	error = 0;
271 out:
272 	kfree(buf1);
273 
274 	return error;
275 }
276 
277 
278 static struct ent *
279 idtoname_lookup(struct ent *item)
280 {
281 	struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache,
282 						    &item->h,
283 						    idtoname_hash(item));
284 	if (ch)
285 		return container_of(ch, struct ent, h);
286 	else
287 		return NULL;
288 }
289 
290 static struct ent *
291 idtoname_update(struct ent *new, struct ent *old)
292 {
293 	struct cache_head *ch = sunrpc_cache_update(&idtoname_cache,
294 						    &new->h, &old->h,
295 						    idtoname_hash(new));
296 	if (ch)
297 		return container_of(ch, struct ent, h);
298 	else
299 		return NULL;
300 }
301 
302 
303 /*
304  * Name -> ID cache
305  */
306 
307 static struct cache_head *nametoid_table[ENT_HASHMAX];
308 
309 static inline int
310 nametoid_hash(struct ent *ent)
311 {
312 	return hash_str(ent->name, ENT_HASHBITS);
313 }
314 
315 static void
316 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
317     int *blen)
318 {
319  	struct ent *ent = container_of(ch, struct ent, h);
320 
321 	qword_add(bpp, blen, ent->authname);
322 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
323 	qword_add(bpp, blen, ent->name);
324 
325 	(*bpp)[-1] = '\n';
326 }
327 
328 static int
329 nametoid_match(struct cache_head *ca, struct cache_head *cb)
330 {
331 	struct ent *a = container_of(ca, struct ent, h);
332 	struct ent *b = container_of(cb, struct ent, h);
333 
334 	return (a->type == b->type && strcmp(a->name, b->name) == 0 &&
335 	    strcmp(a->authname, b->authname) == 0);
336 }
337 
338 static int
339 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
340 {
341 	struct ent *ent;
342 
343 	if (h == NULL) {
344 		seq_puts(m, "#domain type name [id]\n");
345 		return 0;
346 	}
347 	ent = container_of(h, struct ent, h);
348 	seq_printf(m, "%s %s %s", ent->authname,
349 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
350 			ent->name);
351 	if (test_bit(CACHE_VALID, &h->flags))
352 		seq_printf(m, " %d", ent->id);
353 	seq_printf(m, "\n");
354 	return 0;
355 }
356 
357 static struct ent *nametoid_lookup(struct ent *);
358 static struct ent *nametoid_update(struct ent *, struct ent *);
359 static int         nametoid_parse(struct cache_detail *, char *, int);
360 
361 static struct cache_detail nametoid_cache = {
362 	.owner		= THIS_MODULE,
363 	.hash_size	= ENT_HASHMAX,
364 	.hash_table	= nametoid_table,
365 	.name		= "nfs4.nametoid",
366 	.cache_put	= ent_put,
367 	.cache_request	= nametoid_request,
368 	.cache_parse	= nametoid_parse,
369 	.cache_show	= nametoid_show,
370 	.warn_no_listener = warn_no_idmapd,
371 	.match		= nametoid_match,
372 	.init		= ent_init,
373 	.update		= ent_init,
374 	.alloc		= ent_alloc,
375 };
376 
377 static int
378 nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
379 {
380 	struct ent ent, *res;
381 	char *buf1;
382 	int error = -EINVAL;
383 
384 	if (buf[buflen - 1] != '\n')
385 		return (-EINVAL);
386 	buf[buflen - 1]= '\0';
387 
388 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
389 	if (buf1 == NULL)
390 		return (-ENOMEM);
391 
392 	memset(&ent, 0, sizeof(ent));
393 
394 	/* Authentication name */
395 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
396 		goto out;
397 	memcpy(ent.authname, buf1, sizeof(ent.authname));
398 
399 	/* Type */
400 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
401 		goto out;
402 	ent.type = strcmp(buf1, "user") == 0 ?
403 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
404 
405 	/* Name */
406 	error = qword_get(&buf, buf1, PAGE_SIZE);
407 	if (error <= 0 || error >= IDMAP_NAMESZ)
408 		goto out;
409 	memcpy(ent.name, buf1, sizeof(ent.name));
410 
411 	/* expiry */
412 	ent.h.expiry_time = get_expiry(&buf);
413 	if (ent.h.expiry_time == 0)
414 		goto out;
415 
416 	/* ID */
417 	error = get_int(&buf, &ent.id);
418 	if (error == -EINVAL)
419 		goto out;
420 	if (error == -ENOENT)
421 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
422 
423 	error = -ENOMEM;
424 	res = nametoid_lookup(&ent);
425 	if (res == NULL)
426 		goto out;
427 	res = nametoid_update(&ent, res);
428 	if (res == NULL)
429 		goto out;
430 
431 	cache_put(&res->h, &nametoid_cache);
432 	error = 0;
433 out:
434 	kfree(buf1);
435 
436 	return (error);
437 }
438 
439 
440 static struct ent *
441 nametoid_lookup(struct ent *item)
442 {
443 	struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache,
444 						    &item->h,
445 						    nametoid_hash(item));
446 	if (ch)
447 		return container_of(ch, struct ent, h);
448 	else
449 		return NULL;
450 }
451 
452 static struct ent *
453 nametoid_update(struct ent *new, struct ent *old)
454 {
455 	struct cache_head *ch = sunrpc_cache_update(&nametoid_cache,
456 						    &new->h, &old->h,
457 						    nametoid_hash(new));
458 	if (ch)
459 		return container_of(ch, struct ent, h);
460 	else
461 		return NULL;
462 }
463 
464 /*
465  * Exported API
466  */
467 
468 void
469 nfsd_idmap_init(void)
470 {
471 	cache_register(&idtoname_cache);
472 	cache_register(&nametoid_cache);
473 }
474 
475 void
476 nfsd_idmap_shutdown(void)
477 {
478 	if (cache_unregister(&idtoname_cache))
479 		printk(KERN_ERR "nfsd: failed to unregister idtoname cache\n");
480 	if (cache_unregister(&nametoid_cache))
481 		printk(KERN_ERR "nfsd: failed to unregister nametoid cache\n");
482 }
483 
484 /*
485  * Deferred request handling
486  */
487 
488 struct idmap_defer_req {
489        struct cache_req		req;
490        struct cache_deferred_req deferred_req;
491        wait_queue_head_t	waitq;
492        atomic_t			count;
493 };
494 
495 static inline void
496 put_mdr(struct idmap_defer_req *mdr)
497 {
498 	if (atomic_dec_and_test(&mdr->count))
499 		kfree(mdr);
500 }
501 
502 static inline void
503 get_mdr(struct idmap_defer_req *mdr)
504 {
505 	atomic_inc(&mdr->count);
506 }
507 
508 static void
509 idmap_revisit(struct cache_deferred_req *dreq, int toomany)
510 {
511 	struct idmap_defer_req *mdr =
512 		container_of(dreq, struct idmap_defer_req, deferred_req);
513 
514 	wake_up(&mdr->waitq);
515 	put_mdr(mdr);
516 }
517 
518 static struct cache_deferred_req *
519 idmap_defer(struct cache_req *req)
520 {
521 	struct idmap_defer_req *mdr =
522 		container_of(req, struct idmap_defer_req, req);
523 
524 	mdr->deferred_req.revisit = idmap_revisit;
525 	get_mdr(mdr);
526 	return (&mdr->deferred_req);
527 }
528 
529 static inline int
530 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key,
531 		struct cache_detail *detail, struct ent **item,
532 		struct idmap_defer_req *mdr)
533 {
534 	*item = lookup_fn(key);
535 	if (!*item)
536 		return -ENOMEM;
537 	return cache_check(detail, &(*item)->h, &mdr->req);
538 }
539 
540 static inline int
541 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *),
542 			struct ent *key, struct cache_detail *detail,
543 			struct ent **item)
544 {
545 	int ret = -ENOMEM;
546 
547 	*item = lookup_fn(key);
548 	if (!*item)
549 		goto out_err;
550 	ret = -ETIMEDOUT;
551 	if (!test_bit(CACHE_VALID, &(*item)->h.flags)
552 			|| (*item)->h.expiry_time < get_seconds()
553 			|| detail->flush_time > (*item)->h.last_refresh)
554 		goto out_put;
555 	ret = -ENOENT;
556 	if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags))
557 		goto out_put;
558 	return 0;
559 out_put:
560 	cache_put(&(*item)->h, detail);
561 out_err:
562 	*item = NULL;
563 	return ret;
564 }
565 
566 static int
567 idmap_lookup(struct svc_rqst *rqstp,
568 		struct ent *(*lookup_fn)(struct ent *), struct ent *key,
569 		struct cache_detail *detail, struct ent **item)
570 {
571 	struct idmap_defer_req *mdr;
572 	int ret;
573 
574 	mdr = kzalloc(sizeof(*mdr), GFP_KERNEL);
575 	if (!mdr)
576 		return -ENOMEM;
577 	atomic_set(&mdr->count, 1);
578 	init_waitqueue_head(&mdr->waitq);
579 	mdr->req.defer = idmap_defer;
580 	ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr);
581 	if (ret == -EAGAIN) {
582 		wait_event_interruptible_timeout(mdr->waitq,
583 			test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ);
584 		ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item);
585 	}
586 	put_mdr(mdr);
587 	return ret;
588 }
589 
590 static int
591 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen,
592 		uid_t *id)
593 {
594 	struct ent *item, key = {
595 		.type = type,
596 	};
597 	int ret;
598 
599 	if (namelen + 1 > sizeof(key.name))
600 		return -EINVAL;
601 	memcpy(key.name, name, namelen);
602 	key.name[namelen] = '\0';
603 	strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
604 	ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
605 	if (ret == -ENOENT)
606 		ret = -ESRCH; /* nfserr_badname */
607 	if (ret)
608 		return ret;
609 	*id = item->id;
610 	cache_put(&item->h, &nametoid_cache);
611 	return 0;
612 }
613 
614 static int
615 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
616 {
617 	struct ent *item, key = {
618 		.id = id,
619 		.type = type,
620 	};
621 	int ret;
622 
623 	strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
624 	ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
625 	if (ret == -ENOENT)
626 		return sprintf(name, "%u", id);
627 	if (ret)
628 		return ret;
629 	ret = strlen(item->name);
630 	BUG_ON(ret > IDMAP_NAMESZ);
631 	memcpy(name, item->name, ret);
632 	cache_put(&item->h, &idtoname_cache);
633 	return ret;
634 }
635 
636 int
637 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen,
638 		__u32 *id)
639 {
640 	return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
641 }
642 
643 int
644 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen,
645 		__u32 *id)
646 {
647 	return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
648 }
649 
650 int
651 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
652 {
653 	return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
654 }
655 
656 int
657 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
658 {
659 	return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
660 }
661