1 /* 2 * Mapping of UID/GIDs to name and vice versa. 3 * 4 * Copyright (c) 2002, 2003 The Regents of the University of 5 * Michigan. All rights reserved. 6 * 7 * Marius Aamodt Eriksen <marius@umich.edu> 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <linux/module.h> 36 #include <linux/seq_file.h> 37 #include <linux/sched.h> 38 #include <linux/slab.h> 39 #include "idmap.h" 40 #include "nfsd.h" 41 42 /* 43 * Cache entry 44 */ 45 46 /* 47 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on 48 * that. 49 */ 50 51 #define IDMAP_TYPE_USER 0 52 #define IDMAP_TYPE_GROUP 1 53 54 struct ent { 55 struct cache_head h; 56 int type; /* User / Group */ 57 uid_t id; 58 char name[IDMAP_NAMESZ]; 59 char authname[IDMAP_NAMESZ]; 60 }; 61 62 /* Common entry handling */ 63 64 #define ENT_HASHBITS 8 65 #define ENT_HASHMAX (1 << ENT_HASHBITS) 66 #define ENT_HASHMASK (ENT_HASHMAX - 1) 67 68 static void 69 ent_init(struct cache_head *cnew, struct cache_head *citm) 70 { 71 struct ent *new = container_of(cnew, struct ent, h); 72 struct ent *itm = container_of(citm, struct ent, h); 73 74 new->id = itm->id; 75 new->type = itm->type; 76 77 strlcpy(new->name, itm->name, sizeof(new->name)); 78 strlcpy(new->authname, itm->authname, sizeof(new->name)); 79 } 80 81 static void 82 ent_put(struct kref *ref) 83 { 84 struct ent *map = container_of(ref, struct ent, h.ref); 85 kfree(map); 86 } 87 88 static struct cache_head * 89 ent_alloc(void) 90 { 91 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 92 if (e) 93 return &e->h; 94 else 95 return NULL; 96 } 97 98 /* 99 * ID -> Name cache 100 */ 101 102 static struct cache_head *idtoname_table[ENT_HASHMAX]; 103 104 static uint32_t 105 idtoname_hash(struct ent *ent) 106 { 107 uint32_t hash; 108 109 hash = hash_str(ent->authname, ENT_HASHBITS); 110 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 111 112 /* Flip LSB for user/group */ 113 if (ent->type == IDMAP_TYPE_GROUP) 114 hash ^= 1; 115 116 return hash; 117 } 118 119 static void 120 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 121 int *blen) 122 { 123 struct ent *ent = container_of(ch, struct ent, h); 124 char idstr[11]; 125 126 qword_add(bpp, blen, ent->authname); 127 snprintf(idstr, sizeof(idstr), "%u", ent->id); 128 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 129 qword_add(bpp, blen, idstr); 130 131 (*bpp)[-1] = '\n'; 132 } 133 134 static int 135 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch) 136 { 137 return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request); 138 } 139 140 static int 141 idtoname_match(struct cache_head *ca, struct cache_head *cb) 142 { 143 struct ent *a = container_of(ca, struct ent, h); 144 struct ent *b = container_of(cb, struct ent, h); 145 146 return (a->id == b->id && a->type == b->type && 147 strcmp(a->authname, b->authname) == 0); 148 } 149 150 static int 151 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 152 { 153 struct ent *ent; 154 155 if (h == NULL) { 156 seq_puts(m, "#domain type id [name]\n"); 157 return 0; 158 } 159 ent = container_of(h, struct ent, h); 160 seq_printf(m, "%s %s %u", ent->authname, 161 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 162 ent->id); 163 if (test_bit(CACHE_VALID, &h->flags)) 164 seq_printf(m, " %s", ent->name); 165 seq_printf(m, "\n"); 166 return 0; 167 } 168 169 static void 170 warn_no_idmapd(struct cache_detail *detail, int has_died) 171 { 172 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 173 has_died ? "died" : "not been started"); 174 } 175 176 177 static int idtoname_parse(struct cache_detail *, char *, int); 178 static struct ent *idtoname_lookup(struct ent *); 179 static struct ent *idtoname_update(struct ent *, struct ent *); 180 181 static struct cache_detail idtoname_cache = { 182 .owner = THIS_MODULE, 183 .hash_size = ENT_HASHMAX, 184 .hash_table = idtoname_table, 185 .name = "nfs4.idtoname", 186 .cache_put = ent_put, 187 .cache_upcall = idtoname_upcall, 188 .cache_parse = idtoname_parse, 189 .cache_show = idtoname_show, 190 .warn_no_listener = warn_no_idmapd, 191 .match = idtoname_match, 192 .init = ent_init, 193 .update = ent_init, 194 .alloc = ent_alloc, 195 }; 196 197 static int 198 idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 199 { 200 struct ent ent, *res; 201 char *buf1, *bp; 202 int len; 203 int error = -EINVAL; 204 205 if (buf[buflen - 1] != '\n') 206 return (-EINVAL); 207 buf[buflen - 1]= '\0'; 208 209 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 210 if (buf1 == NULL) 211 return (-ENOMEM); 212 213 memset(&ent, 0, sizeof(ent)); 214 215 /* Authentication name */ 216 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 217 goto out; 218 memcpy(ent.authname, buf1, sizeof(ent.authname)); 219 220 /* Type */ 221 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 222 goto out; 223 ent.type = strcmp(buf1, "user") == 0 ? 224 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 225 226 /* ID */ 227 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 228 goto out; 229 ent.id = simple_strtoul(buf1, &bp, 10); 230 if (bp == buf1) 231 goto out; 232 233 /* expiry */ 234 ent.h.expiry_time = get_expiry(&buf); 235 if (ent.h.expiry_time == 0) 236 goto out; 237 238 error = -ENOMEM; 239 res = idtoname_lookup(&ent); 240 if (!res) 241 goto out; 242 243 /* Name */ 244 error = -EINVAL; 245 len = qword_get(&buf, buf1, PAGE_SIZE); 246 if (len < 0) 247 goto out; 248 if (len == 0) 249 set_bit(CACHE_NEGATIVE, &ent.h.flags); 250 else if (len >= IDMAP_NAMESZ) 251 goto out; 252 else 253 memcpy(ent.name, buf1, sizeof(ent.name)); 254 error = -ENOMEM; 255 res = idtoname_update(&ent, res); 256 if (res == NULL) 257 goto out; 258 259 cache_put(&res->h, &idtoname_cache); 260 261 error = 0; 262 out: 263 kfree(buf1); 264 265 return error; 266 } 267 268 269 static struct ent * 270 idtoname_lookup(struct ent *item) 271 { 272 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 273 &item->h, 274 idtoname_hash(item)); 275 if (ch) 276 return container_of(ch, struct ent, h); 277 else 278 return NULL; 279 } 280 281 static struct ent * 282 idtoname_update(struct ent *new, struct ent *old) 283 { 284 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 285 &new->h, &old->h, 286 idtoname_hash(new)); 287 if (ch) 288 return container_of(ch, struct ent, h); 289 else 290 return NULL; 291 } 292 293 294 /* 295 * Name -> ID cache 296 */ 297 298 static struct cache_head *nametoid_table[ENT_HASHMAX]; 299 300 static inline int 301 nametoid_hash(struct ent *ent) 302 { 303 return hash_str(ent->name, ENT_HASHBITS); 304 } 305 306 static void 307 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 308 int *blen) 309 { 310 struct ent *ent = container_of(ch, struct ent, h); 311 312 qword_add(bpp, blen, ent->authname); 313 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 314 qword_add(bpp, blen, ent->name); 315 316 (*bpp)[-1] = '\n'; 317 } 318 319 static int 320 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch) 321 { 322 return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request); 323 } 324 325 static int 326 nametoid_match(struct cache_head *ca, struct cache_head *cb) 327 { 328 struct ent *a = container_of(ca, struct ent, h); 329 struct ent *b = container_of(cb, struct ent, h); 330 331 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 332 strcmp(a->authname, b->authname) == 0); 333 } 334 335 static int 336 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 337 { 338 struct ent *ent; 339 340 if (h == NULL) { 341 seq_puts(m, "#domain type name [id]\n"); 342 return 0; 343 } 344 ent = container_of(h, struct ent, h); 345 seq_printf(m, "%s %s %s", ent->authname, 346 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 347 ent->name); 348 if (test_bit(CACHE_VALID, &h->flags)) 349 seq_printf(m, " %u", ent->id); 350 seq_printf(m, "\n"); 351 return 0; 352 } 353 354 static struct ent *nametoid_lookup(struct ent *); 355 static struct ent *nametoid_update(struct ent *, struct ent *); 356 static int nametoid_parse(struct cache_detail *, char *, int); 357 358 static struct cache_detail nametoid_cache = { 359 .owner = THIS_MODULE, 360 .hash_size = ENT_HASHMAX, 361 .hash_table = nametoid_table, 362 .name = "nfs4.nametoid", 363 .cache_put = ent_put, 364 .cache_upcall = nametoid_upcall, 365 .cache_parse = nametoid_parse, 366 .cache_show = nametoid_show, 367 .warn_no_listener = warn_no_idmapd, 368 .match = nametoid_match, 369 .init = ent_init, 370 .update = ent_init, 371 .alloc = ent_alloc, 372 }; 373 374 static int 375 nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 376 { 377 struct ent ent, *res; 378 char *buf1; 379 int error = -EINVAL; 380 381 if (buf[buflen - 1] != '\n') 382 return (-EINVAL); 383 buf[buflen - 1]= '\0'; 384 385 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 386 if (buf1 == NULL) 387 return (-ENOMEM); 388 389 memset(&ent, 0, sizeof(ent)); 390 391 /* Authentication name */ 392 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 393 goto out; 394 memcpy(ent.authname, buf1, sizeof(ent.authname)); 395 396 /* Type */ 397 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 398 goto out; 399 ent.type = strcmp(buf1, "user") == 0 ? 400 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 401 402 /* Name */ 403 error = qword_get(&buf, buf1, PAGE_SIZE); 404 if (error <= 0 || error >= IDMAP_NAMESZ) 405 goto out; 406 memcpy(ent.name, buf1, sizeof(ent.name)); 407 408 /* expiry */ 409 ent.h.expiry_time = get_expiry(&buf); 410 if (ent.h.expiry_time == 0) 411 goto out; 412 413 /* ID */ 414 error = get_int(&buf, &ent.id); 415 if (error == -EINVAL) 416 goto out; 417 if (error == -ENOENT) 418 set_bit(CACHE_NEGATIVE, &ent.h.flags); 419 420 error = -ENOMEM; 421 res = nametoid_lookup(&ent); 422 if (res == NULL) 423 goto out; 424 res = nametoid_update(&ent, res); 425 if (res == NULL) 426 goto out; 427 428 cache_put(&res->h, &nametoid_cache); 429 error = 0; 430 out: 431 kfree(buf1); 432 433 return (error); 434 } 435 436 437 static struct ent * 438 nametoid_lookup(struct ent *item) 439 { 440 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 441 &item->h, 442 nametoid_hash(item)); 443 if (ch) 444 return container_of(ch, struct ent, h); 445 else 446 return NULL; 447 } 448 449 static struct ent * 450 nametoid_update(struct ent *new, struct ent *old) 451 { 452 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 453 &new->h, &old->h, 454 nametoid_hash(new)); 455 if (ch) 456 return container_of(ch, struct ent, h); 457 else 458 return NULL; 459 } 460 461 /* 462 * Exported API 463 */ 464 465 int 466 nfsd_idmap_init(void) 467 { 468 int rv; 469 470 rv = cache_register(&idtoname_cache); 471 if (rv) 472 return rv; 473 rv = cache_register(&nametoid_cache); 474 if (rv) 475 cache_unregister(&idtoname_cache); 476 return rv; 477 } 478 479 void 480 nfsd_idmap_shutdown(void) 481 { 482 cache_unregister(&idtoname_cache); 483 cache_unregister(&nametoid_cache); 484 } 485 486 static int 487 idmap_lookup(struct svc_rqst *rqstp, 488 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 489 struct cache_detail *detail, struct ent **item) 490 { 491 int ret; 492 493 *item = lookup_fn(key); 494 if (!*item) 495 return -ENOMEM; 496 retry: 497 ret = cache_check(detail, &(*item)->h, &rqstp->rq_chandle); 498 499 if (ret == -ETIMEDOUT) { 500 struct ent *prev_item = *item; 501 *item = lookup_fn(key); 502 if (*item != prev_item) 503 goto retry; 504 cache_put(&(*item)->h, detail); 505 } 506 return ret; 507 } 508 509 static char * 510 rqst_authname(struct svc_rqst *rqstp) 511 { 512 struct auth_domain *clp; 513 514 clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; 515 return clp->name; 516 } 517 518 static __be32 519 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 520 uid_t *id) 521 { 522 struct ent *item, key = { 523 .type = type, 524 }; 525 int ret; 526 527 if (namelen + 1 > sizeof(key.name)) 528 return nfserr_badowner; 529 memcpy(key.name, name, namelen); 530 key.name[namelen] = '\0'; 531 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 532 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 533 if (ret == -ENOENT) 534 return nfserr_badowner; 535 if (ret) 536 return nfserrno(ret); 537 *id = item->id; 538 cache_put(&item->h, &nametoid_cache); 539 return 0; 540 } 541 542 static int 543 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 544 { 545 struct ent *item, key = { 546 .id = id, 547 .type = type, 548 }; 549 int ret; 550 551 strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); 552 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 553 if (ret == -ENOENT) 554 return sprintf(name, "%u", id); 555 if (ret) 556 return ret; 557 ret = strlen(item->name); 558 BUG_ON(ret > IDMAP_NAMESZ); 559 memcpy(name, item->name, ret); 560 cache_put(&item->h, &idtoname_cache); 561 return ret; 562 } 563 564 __be32 565 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 566 __u32 *id) 567 { 568 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 569 } 570 571 __be32 572 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 573 __u32 *id) 574 { 575 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 576 } 577 578 int 579 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 580 { 581 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 582 } 583 584 int 585 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 586 { 587 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 588 } 589