1 /* 2 * fs/nfsd/nfs4idmap.c 3 * 4 * Mapping of UID/GIDs to name and vice versa. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of 7 * Michigan. All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its 21 * contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <linux/module.h> 38 #include <linux/init.h> 39 40 #include <linux/mm.h> 41 #include <linux/utsname.h> 42 #include <linux/errno.h> 43 #include <linux/string.h> 44 #include <linux/sunrpc/clnt.h> 45 #include <linux/nfs.h> 46 #include <linux/nfs4.h> 47 #include <linux/nfs_fs.h> 48 #include <linux/nfs_page.h> 49 #include <linux/sunrpc/cache.h> 50 #include <linux/nfsd_idmap.h> 51 #include <linux/list.h> 52 #include <linux/time.h> 53 #include <linux/seq_file.h> 54 #include <linux/sunrpc/svcauth.h> 55 56 /* 57 * Cache entry 58 */ 59 60 /* 61 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 62 * that. 63 */ 64 65 #define IDMAP_TYPE_USER 0 66 #define IDMAP_TYPE_GROUP 1 67 68 struct ent { 69 struct cache_head h; 70 int type; /* User / Group */ 71 uid_t id; 72 char name[IDMAP_NAMESZ]; 73 char authname[IDMAP_NAMESZ]; 74 }; 75 76 /* Common entry handling */ 77 78 #define ENT_HASHBITS 8 79 #define ENT_HASHMAX (1 << ENT_HASHBITS) 80 #define ENT_HASHMASK (ENT_HASHMAX - 1) 81 82 static void 83 ent_init(struct cache_head *cnew, struct cache_head *citm) 84 { 85 struct ent *new = container_of(cnew, struct ent, h); 86 struct ent *itm = container_of(citm, struct ent, h); 87 88 new->id = itm->id; 89 new->type = itm->type; 90 91 strlcpy(new->name, itm->name, sizeof(new->name)); 92 strlcpy(new->authname, itm->authname, sizeof(new->name)); 93 } 94 95 static void 96 ent_put(struct kref *ref) 97 { 98 struct ent *map = container_of(ref, struct ent, h.ref); 99 kfree(map); 100 } 101 102 static struct cache_head * 103 ent_alloc(void) 104 { 105 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 106 if (e) 107 return &e->h; 108 else 109 return NULL; 110 } 111 112 /* 113 * ID -> Name cache 114 */ 115 116 static struct cache_head *idtoname_table[ENT_HASHMAX]; 117 118 static uint32_t 119 idtoname_hash(struct ent *ent) 120 { 121 uint32_t hash; 122 123 hash = hash_str(ent->authname, ENT_HASHBITS); 124 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 125 126 /* Flip LSB for user/group */ 127 if (ent->type == IDMAP_TYPE_GROUP) 128 hash ^= 1; 129 130 return hash; 131 } 132 133 static void 134 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 135 int *blen) 136 { 137 struct ent *ent = container_of(ch, struct ent, h); 138 char idstr[11]; 139 140 qword_add(bpp, blen, ent->authname); 141 snprintf(idstr, sizeof(idstr), "%u", ent->id); 142 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 143 qword_add(bpp, blen, idstr); 144 145 (*bpp)[-1] = '\n'; 146 } 147 148 static int 149 idtoname_match(struct cache_head *ca, struct cache_head *cb) 150 { 151 struct ent *a = container_of(ca, struct ent, h); 152 struct ent *b = container_of(cb, struct ent, h); 153 154 return (a->id == b->id && a->type == b->type && 155 strcmp(a->authname, b->authname) == 0); 156 } 157 158 static int 159 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 160 { 161 struct ent *ent; 162 163 if (h == NULL) { 164 seq_puts(m, "#domain type id [name]\n"); 165 return 0; 166 } 167 ent = container_of(h, struct ent, h); 168 seq_printf(m, "%s %s %u", ent->authname, 169 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 170 ent->id); 171 if (test_bit(CACHE_VALID, &h->flags)) 172 seq_printf(m, " %s", ent->name); 173 seq_printf(m, "\n"); 174 return 0; 175 } 176 177 static void 178 warn_no_idmapd(struct cache_detail *detail) 179 { 180 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 181 detail->last_close? "died" : "not been started"); 182 } 183 184 185 static int idtoname_parse(struct cache_detail *, char *, int); 186 static struct ent *idtoname_lookup(struct ent *); 187 static struct ent *idtoname_update(struct ent *, struct ent *); 188 189 static struct cache_detail idtoname_cache = { 190 .owner = THIS_MODULE, 191 .hash_size = ENT_HASHMAX, 192 .hash_table = idtoname_table, 193 .name = "nfs4.idtoname", 194 .cache_put = ent_put, 195 .cache_request = idtoname_request, 196 .cache_parse = idtoname_parse, 197 .cache_show = idtoname_show, 198 .warn_no_listener = warn_no_idmapd, 199 .match = idtoname_match, 200 .init = ent_init, 201 .update = ent_init, 202 .alloc = ent_alloc, 203 }; 204 205 static int 206 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 207 { 208 struct ent ent, *res; 209 char *buf1, *bp; 210 int len; 211 int error = -EINVAL; 212 213 if (buf[buflen - 1] != '\n') 214 return (-EINVAL); 215 buf[buflen - 1]= '\0'; 216 217 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 218 if (buf1 == NULL) 219 return (-ENOMEM); 220 221 memset(&ent, 0, sizeof(ent)); 222 223 /* Authentication name */ 224 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 225 goto out; 226 memcpy(ent.authname, buf1, sizeof(ent.authname)); 227 228 /* Type */ 229 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 230 goto out; 231 ent.type = strcmp(buf1, "user") == 0 ? 232 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 233 234 /* ID */ 235 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 236 goto out; 237 ent.id = simple_strtoul(buf1, &bp, 10); 238 if (bp == buf1) 239 goto out; 240 241 /* expiry */ 242 ent.h.expiry_time = get_expiry(&buf); 243 if (ent.h.expiry_time == 0) 244 goto out; 245 246 error = -ENOMEM; 247 res = idtoname_lookup(&ent); 248 if (!res) 249 goto out; 250 251 /* Name */ 252 error = -EINVAL; 253 len = qword_get(&buf, buf1, PAGE_SIZE); 254 if (len < 0) 255 goto out; 256 if (len == 0) 257 set_bit(CACHE_NEGATIVE, &ent.h.flags); 258 else if (len >= IDMAP_NAMESZ) 259 goto out; 260 else 261 memcpy(ent.name, buf1, sizeof(ent.name)); 262 error = -ENOMEM; 263 res = idtoname_update(&ent, res); 264 if (res == NULL) 265 goto out; 266 267 cache_put(&res->h, &idtoname_cache); 268 269 error = 0; 270 out: 271 kfree(buf1); 272 273 return error; 274 } 275 276 277 static struct ent * 278 idtoname_lookup(struct ent *item) 279 { 280 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 281 &item->h, 282 idtoname_hash(item)); 283 if (ch) 284 return container_of(ch, struct ent, h); 285 else 286 return NULL; 287 } 288 289 static struct ent * 290 idtoname_update(struct ent *new, struct ent *old) 291 { 292 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 293 &new->h, &old->h, 294 idtoname_hash(new)); 295 if (ch) 296 return container_of(ch, struct ent, h); 297 else 298 return NULL; 299 } 300 301 302 /* 303 * Name -> ID cache 304 */ 305 306 static struct cache_head *nametoid_table[ENT_HASHMAX]; 307 308 static inline int 309 nametoid_hash(struct ent *ent) 310 { 311 return hash_str(ent->name, ENT_HASHBITS); 312 } 313 314 static void 315 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 316 int *blen) 317 { 318 struct ent *ent = container_of(ch, struct ent, h); 319 320 qword_add(bpp, blen, ent->authname); 321 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 322 qword_add(bpp, blen, ent->name); 323 324 (*bpp)[-1] = '\n'; 325 } 326 327 static int 328 nametoid_match(struct cache_head *ca, struct cache_head *cb) 329 { 330 struct ent *a = container_of(ca, struct ent, h); 331 struct ent *b = container_of(cb, struct ent, h); 332 333 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 334 strcmp(a->authname, b->authname) == 0); 335 } 336 337 static int 338 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 339 { 340 struct ent *ent; 341 342 if (h == NULL) { 343 seq_puts(m, "#domain type name [id]\n"); 344 return 0; 345 } 346 ent = container_of(h, struct ent, h); 347 seq_printf(m, "%s %s %s", ent->authname, 348 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 349 ent->name); 350 if (test_bit(CACHE_VALID, &h->flags)) 351 seq_printf(m, " %u", ent->id); 352 seq_printf(m, "\n"); 353 return 0; 354 } 355 356 static struct ent *nametoid_lookup(struct ent *); 357 static struct ent *nametoid_update(struct ent *, struct ent *); 358 static int nametoid_parse(struct cache_detail *, char *, int); 359 360 static struct cache_detail nametoid_cache = { 361 .owner = THIS_MODULE, 362 .hash_size = ENT_HASHMAX, 363 .hash_table = nametoid_table, 364 .name = "nfs4.nametoid", 365 .cache_put = ent_put, 366 .cache_request = nametoid_request, 367 .cache_parse = nametoid_parse, 368 .cache_show = nametoid_show, 369 .warn_no_listener = warn_no_idmapd, 370 .match = nametoid_match, 371 .init = ent_init, 372 .update = ent_init, 373 .alloc = ent_alloc, 374 }; 375 376 static int 377 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 378 { 379 struct ent ent, *res; 380 char *buf1; 381 int error = -EINVAL; 382 383 if (buf[buflen - 1] != '\n') 384 return (-EINVAL); 385 buf[buflen - 1]= '\0'; 386 387 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 388 if (buf1 == NULL) 389 return (-ENOMEM); 390 391 memset(&ent, 0, sizeof(ent)); 392 393 /* Authentication name */ 394 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 395 goto out; 396 memcpy(ent.authname, buf1, sizeof(ent.authname)); 397 398 /* Type */ 399 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 400 goto out; 401 ent.type = strcmp(buf1, "user") == 0 ? 402 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 403 404 /* Name */ 405 error = qword_get(&buf, buf1, PAGE_SIZE); 406 if (error <= 0 || error >= IDMAP_NAMESZ) 407 goto out; 408 memcpy(ent.name, buf1, sizeof(ent.name)); 409 410 /* expiry */ 411 ent.h.expiry_time = get_expiry(&buf); 412 if (ent.h.expiry_time == 0) 413 goto out; 414 415 /* ID */ 416 error = get_int(&buf, &ent.id); 417 if (error == -EINVAL) 418 goto out; 419 if (error == -ENOENT) 420 set_bit(CACHE_NEGATIVE, &ent.h.flags); 421 422 error = -ENOMEM; 423 res = nametoid_lookup(&ent); 424 if (res == NULL) 425 goto out; 426 res = nametoid_update(&ent, res); 427 if (res == NULL) 428 goto out; 429 430 cache_put(&res->h, &nametoid_cache); 431 error = 0; 432 out: 433 kfree(buf1); 434 435 return (error); 436 } 437 438 439 static struct ent * 440 nametoid_lookup(struct ent *item) 441 { 442 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 443 &item->h, 444 nametoid_hash(item)); 445 if (ch) 446 return container_of(ch, struct ent, h); 447 else 448 return NULL; 449 } 450 451 static struct ent * 452 nametoid_update(struct ent *new, struct ent *old) 453 { 454 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 455 &new->h, &old->h, 456 nametoid_hash(new)); 457 if (ch) 458 return container_of(ch, struct ent, h); 459 else 460 return NULL; 461 } 462 463 /* 464 * Exported API 465 */ 466 467 int 468 nfsd_idmap_init(void) 469 { 470 int rv; 471 472 rv = cache_register(&idtoname_cache); 473 if (rv) 474 return rv; 475 rv = cache_register(&nametoid_cache); 476 if (rv) 477 cache_unregister(&idtoname_cache); 478 return rv; 479 } 480 481 void 482 nfsd_idmap_shutdown(void) 483 { 484 cache_unregister(&idtoname_cache); 485 cache_unregister(&nametoid_cache); 486 } 487 488 /* 489 * Deferred request handling 490 */ 491 492 struct idmap_defer_req { 493 struct cache_req req; 494 struct cache_deferred_req deferred_req; 495 wait_queue_head_t waitq; 496 atomic_t count; 497 }; 498 499 static inline void 500 put_mdr(struct idmap_defer_req *mdr) 501 { 502 if (atomic_dec_and_test(&mdr->count)) 503 kfree(mdr); 504 } 505 506 static inline void 507 get_mdr(struct idmap_defer_req *mdr) 508 { 509 atomic_inc(&mdr->count); 510 } 511 512 static void 513 idmap_revisit(struct cache_deferred_req *dreq, int toomany) 514 { 515 struct idmap_defer_req *mdr = 516 container_of(dreq, struct idmap_defer_req, deferred_req); 517 518 wake_up(&mdr->waitq); 519 put_mdr(mdr); 520 } 521 522 static struct cache_deferred_req * 523 idmap_defer(struct cache_req *req) 524 { 525 struct idmap_defer_req *mdr = 526 container_of(req, struct idmap_defer_req, req); 527 528 mdr->deferred_req.revisit = idmap_revisit; 529 get_mdr(mdr); 530 return (&mdr->deferred_req); 531 } 532 533 static inline int 534 do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 535 struct cache_detail *detail, struct ent **item, 536 struct idmap_defer_req *mdr) 537 { 538 *item = lookup_fn(key); 539 if (!*item) 540 return -ENOMEM; 541 return cache_check(detail, &(*item)->h, &mdr->req); 542 } 543 544 static inline int 545 do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 546 struct ent *key, struct cache_detail *detail, 547 struct ent **item) 548 { 549 int ret = -ENOMEM; 550 551 *item = lookup_fn(key); 552 if (!*item) 553 goto out_err; 554 ret = -ETIMEDOUT; 555 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 556 || (*item)->h.expiry_time < get_seconds() 557 || detail->flush_time > (*item)->h.last_refresh) 558 goto out_put; 559 ret = -ENOENT; 560 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 561 goto out_put; 562 return 0; 563 out_put: 564 cache_put(&(*item)->h, detail); 565 out_err: 566 *item = NULL; 567 return ret; 568 } 569 570 static int 571 idmap_lookup(struct svc_rqst *rqstp, 572 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 573 struct cache_detail *detail, struct ent **item) 574 { 575 struct idmap_defer_req *mdr; 576 int ret; 577 578 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 579 if (!mdr) 580 return -ENOMEM; 581 atomic_set(&mdr->count, 1); 582 init_waitqueue_head(&mdr->waitq); 583 mdr->req.defer = idmap_defer; 584 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 585 if (ret == -EAGAIN) { 586 wait_event_interruptible_timeout(mdr->waitq, 587 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 588 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 589 } 590 put_mdr(mdr); 591 return ret; 592 } 593 594 static char * 595 rqst_authname(struct svc_rqst *rqstp) 596 { 597 struct auth_domain *clp; 598 599 clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; 600 return clp->name; 601 } 602 603 static int 604 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 605 uid_t *id) 606 { 607 struct ent *item, key = { 608 .type = type, 609 }; 610 int ret; 611 612 if (namelen + 1 > sizeof(key.name)) 613 return -EINVAL; 614 memcpy(key.name, name, namelen); 615 key.name[namelen] = '\0'; 616 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 617 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 618 if (ret == -ENOENT) 619 ret = -ESRCH; /* nfserr_badname */ 620 if (ret) 621 return ret; 622 *id = item->id; 623 cache_put(&item->h, &nametoid_cache); 624 return 0; 625 } 626 627 static int 628 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 629 { 630 struct ent *item, key = { 631 .id = id, 632 .type = type, 633 }; 634 int ret; 635 636 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 637 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 638 if (ret == -ENOENT) 639 return sprintf(name, "%u", id); 640 if (ret) 641 return ret; 642 ret = strlen(item->name); 643 BUG_ON(ret > IDMAP_NAMESZ); 644 memcpy(name, item->name, ret); 645 cache_put(&item->h, &idtoname_cache); 646 return ret; 647 } 648 649 int 650 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 651 __u32 *id) 652 { 653 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 654 } 655 656 int 657 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 658 __u32 *id) 659 { 660 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 661 } 662 663 int 664 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 665 { 666 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 667 } 668 669 int 670 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 671 { 672 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 673 } 674