xref: /openbmc/linux/fs/nfsd/nfs4idmap.c (revision 565d76cb)
1 /*
2  *  Mapping of UID/GIDs to name and vice versa.
3  *
4  *  Copyright (c) 2002, 2003 The Regents of the University of
5  *  Michigan.  All rights reserved.
6  *
7  *  Marius Aamodt Eriksen <marius@umich.edu>
8  *
9  *  Redistribution and use in source and binary forms, with or without
10  *  modification, are permitted provided that the following conditions
11  *  are met:
12  *
13  *  1. Redistributions of source code must retain the above copyright
14  *     notice, this list of conditions and the following disclaimer.
15  *  2. Redistributions in binary form must reproduce the above copyright
16  *     notice, this list of conditions and the following disclaimer in the
17  *     documentation and/or other materials provided with the distribution.
18  *  3. Neither the name of the University nor the names of its
19  *     contributors may be used to endorse or promote products derived
20  *     from this software without specific prior written permission.
21  *
22  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #include <linux/module.h>
36 #include <linux/seq_file.h>
37 #include <linux/sched.h>
38 #include <linux/slab.h>
39 #include "idmap.h"
40 #include "nfsd.h"
41 
42 /*
43  * Cache entry
44  */
45 
46 /*
47  * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
48  * that.
49  */
50 
51 #define IDMAP_TYPE_USER  0
52 #define IDMAP_TYPE_GROUP 1
53 
54 struct ent {
55 	struct cache_head h;
56 	int               type;		       /* User / Group */
57 	uid_t             id;
58 	char              name[IDMAP_NAMESZ];
59 	char              authname[IDMAP_NAMESZ];
60 };
61 
62 /* Common entry handling */
63 
64 #define ENT_HASHBITS          8
65 #define ENT_HASHMAX           (1 << ENT_HASHBITS)
66 #define ENT_HASHMASK          (ENT_HASHMAX - 1)
67 
68 static void
69 ent_init(struct cache_head *cnew, struct cache_head *citm)
70 {
71 	struct ent *new = container_of(cnew, struct ent, h);
72 	struct ent *itm = container_of(citm, struct ent, h);
73 
74 	new->id = itm->id;
75 	new->type = itm->type;
76 
77 	strlcpy(new->name, itm->name, sizeof(new->name));
78 	strlcpy(new->authname, itm->authname, sizeof(new->name));
79 }
80 
81 static void
82 ent_put(struct kref *ref)
83 {
84 	struct ent *map = container_of(ref, struct ent, h.ref);
85 	kfree(map);
86 }
87 
88 static struct cache_head *
89 ent_alloc(void)
90 {
91 	struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL);
92 	if (e)
93 		return &e->h;
94 	else
95 		return NULL;
96 }
97 
98 /*
99  * ID -> Name cache
100  */
101 
102 static struct cache_head *idtoname_table[ENT_HASHMAX];
103 
104 static uint32_t
105 idtoname_hash(struct ent *ent)
106 {
107 	uint32_t hash;
108 
109 	hash = hash_str(ent->authname, ENT_HASHBITS);
110 	hash = hash_long(hash ^ ent->id, ENT_HASHBITS);
111 
112 	/* Flip LSB for user/group */
113 	if (ent->type == IDMAP_TYPE_GROUP)
114 		hash ^= 1;
115 
116 	return hash;
117 }
118 
119 static void
120 idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
121     int *blen)
122 {
123  	struct ent *ent = container_of(ch, struct ent, h);
124 	char idstr[11];
125 
126 	qword_add(bpp, blen, ent->authname);
127 	snprintf(idstr, sizeof(idstr), "%u", ent->id);
128 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
129 	qword_add(bpp, blen, idstr);
130 
131 	(*bpp)[-1] = '\n';
132 }
133 
134 static int
135 idtoname_upcall(struct cache_detail *cd, struct cache_head *ch)
136 {
137 	return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request);
138 }
139 
140 static int
141 idtoname_match(struct cache_head *ca, struct cache_head *cb)
142 {
143 	struct ent *a = container_of(ca, struct ent, h);
144 	struct ent *b = container_of(cb, struct ent, h);
145 
146 	return (a->id == b->id && a->type == b->type &&
147 	    strcmp(a->authname, b->authname) == 0);
148 }
149 
150 static int
151 idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
152 {
153 	struct ent *ent;
154 
155 	if (h == NULL) {
156 		seq_puts(m, "#domain type id [name]\n");
157 		return 0;
158 	}
159 	ent = container_of(h, struct ent, h);
160 	seq_printf(m, "%s %s %u", ent->authname,
161 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
162 			ent->id);
163 	if (test_bit(CACHE_VALID, &h->flags))
164 		seq_printf(m, " %s", ent->name);
165 	seq_printf(m, "\n");
166 	return 0;
167 }
168 
169 static void
170 warn_no_idmapd(struct cache_detail *detail, int has_died)
171 {
172 	printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
173 			has_died ? "died" : "not been started");
174 }
175 
176 
177 static int         idtoname_parse(struct cache_detail *, char *, int);
178 static struct ent *idtoname_lookup(struct ent *);
179 static struct ent *idtoname_update(struct ent *, struct ent *);
180 
181 static struct cache_detail idtoname_cache = {
182 	.owner		= THIS_MODULE,
183 	.hash_size	= ENT_HASHMAX,
184 	.hash_table	= idtoname_table,
185 	.name		= "nfs4.idtoname",
186 	.cache_put	= ent_put,
187 	.cache_upcall	= idtoname_upcall,
188 	.cache_parse	= idtoname_parse,
189 	.cache_show	= idtoname_show,
190 	.warn_no_listener = warn_no_idmapd,
191 	.match		= idtoname_match,
192 	.init		= ent_init,
193 	.update		= ent_init,
194 	.alloc		= ent_alloc,
195 };
196 
197 static int
198 idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
199 {
200 	struct ent ent, *res;
201 	char *buf1, *bp;
202 	int len;
203 	int error = -EINVAL;
204 
205 	if (buf[buflen - 1] != '\n')
206 		return (-EINVAL);
207 	buf[buflen - 1]= '\0';
208 
209 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
210 	if (buf1 == NULL)
211 		return (-ENOMEM);
212 
213 	memset(&ent, 0, sizeof(ent));
214 
215 	/* Authentication name */
216 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
217 		goto out;
218 	memcpy(ent.authname, buf1, sizeof(ent.authname));
219 
220 	/* Type */
221 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
222 		goto out;
223 	ent.type = strcmp(buf1, "user") == 0 ?
224 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
225 
226 	/* ID */
227 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
228 		goto out;
229 	ent.id = simple_strtoul(buf1, &bp, 10);
230 	if (bp == buf1)
231 		goto out;
232 
233 	/* expiry */
234 	ent.h.expiry_time = get_expiry(&buf);
235 	if (ent.h.expiry_time == 0)
236 		goto out;
237 
238 	error = -ENOMEM;
239 	res = idtoname_lookup(&ent);
240 	if (!res)
241 		goto out;
242 
243 	/* Name */
244 	error = -EINVAL;
245 	len = qword_get(&buf, buf1, PAGE_SIZE);
246 	if (len < 0)
247 		goto out;
248 	if (len == 0)
249 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
250 	else if (len >= IDMAP_NAMESZ)
251 		goto out;
252 	else
253 		memcpy(ent.name, buf1, sizeof(ent.name));
254 	error = -ENOMEM;
255 	res = idtoname_update(&ent, res);
256 	if (res == NULL)
257 		goto out;
258 
259 	cache_put(&res->h, &idtoname_cache);
260 
261 	error = 0;
262 out:
263 	kfree(buf1);
264 
265 	return error;
266 }
267 
268 
269 static struct ent *
270 idtoname_lookup(struct ent *item)
271 {
272 	struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache,
273 						    &item->h,
274 						    idtoname_hash(item));
275 	if (ch)
276 		return container_of(ch, struct ent, h);
277 	else
278 		return NULL;
279 }
280 
281 static struct ent *
282 idtoname_update(struct ent *new, struct ent *old)
283 {
284 	struct cache_head *ch = sunrpc_cache_update(&idtoname_cache,
285 						    &new->h, &old->h,
286 						    idtoname_hash(new));
287 	if (ch)
288 		return container_of(ch, struct ent, h);
289 	else
290 		return NULL;
291 }
292 
293 
294 /*
295  * Name -> ID cache
296  */
297 
298 static struct cache_head *nametoid_table[ENT_HASHMAX];
299 
300 static inline int
301 nametoid_hash(struct ent *ent)
302 {
303 	return hash_str(ent->name, ENT_HASHBITS);
304 }
305 
306 static void
307 nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
308     int *blen)
309 {
310  	struct ent *ent = container_of(ch, struct ent, h);
311 
312 	qword_add(bpp, blen, ent->authname);
313 	qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user");
314 	qword_add(bpp, blen, ent->name);
315 
316 	(*bpp)[-1] = '\n';
317 }
318 
319 static int
320 nametoid_upcall(struct cache_detail *cd, struct cache_head *ch)
321 {
322 	return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request);
323 }
324 
325 static int
326 nametoid_match(struct cache_head *ca, struct cache_head *cb)
327 {
328 	struct ent *a = container_of(ca, struct ent, h);
329 	struct ent *b = container_of(cb, struct ent, h);
330 
331 	return (a->type == b->type && strcmp(a->name, b->name) == 0 &&
332 	    strcmp(a->authname, b->authname) == 0);
333 }
334 
335 static int
336 nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
337 {
338 	struct ent *ent;
339 
340 	if (h == NULL) {
341 		seq_puts(m, "#domain type name [id]\n");
342 		return 0;
343 	}
344 	ent = container_of(h, struct ent, h);
345 	seq_printf(m, "%s %s %s", ent->authname,
346 			ent->type == IDMAP_TYPE_GROUP ? "group" : "user",
347 			ent->name);
348 	if (test_bit(CACHE_VALID, &h->flags))
349 		seq_printf(m, " %u", ent->id);
350 	seq_printf(m, "\n");
351 	return 0;
352 }
353 
354 static struct ent *nametoid_lookup(struct ent *);
355 static struct ent *nametoid_update(struct ent *, struct ent *);
356 static int         nametoid_parse(struct cache_detail *, char *, int);
357 
358 static struct cache_detail nametoid_cache = {
359 	.owner		= THIS_MODULE,
360 	.hash_size	= ENT_HASHMAX,
361 	.hash_table	= nametoid_table,
362 	.name		= "nfs4.nametoid",
363 	.cache_put	= ent_put,
364 	.cache_upcall	= nametoid_upcall,
365 	.cache_parse	= nametoid_parse,
366 	.cache_show	= nametoid_show,
367 	.warn_no_listener = warn_no_idmapd,
368 	.match		= nametoid_match,
369 	.init		= ent_init,
370 	.update		= ent_init,
371 	.alloc		= ent_alloc,
372 };
373 
374 static int
375 nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
376 {
377 	struct ent ent, *res;
378 	char *buf1;
379 	int error = -EINVAL;
380 
381 	if (buf[buflen - 1] != '\n')
382 		return (-EINVAL);
383 	buf[buflen - 1]= '\0';
384 
385 	buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL);
386 	if (buf1 == NULL)
387 		return (-ENOMEM);
388 
389 	memset(&ent, 0, sizeof(ent));
390 
391 	/* Authentication name */
392 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
393 		goto out;
394 	memcpy(ent.authname, buf1, sizeof(ent.authname));
395 
396 	/* Type */
397 	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
398 		goto out;
399 	ent.type = strcmp(buf1, "user") == 0 ?
400 		IDMAP_TYPE_USER : IDMAP_TYPE_GROUP;
401 
402 	/* Name */
403 	error = qword_get(&buf, buf1, PAGE_SIZE);
404 	if (error <= 0 || error >= IDMAP_NAMESZ)
405 		goto out;
406 	memcpy(ent.name, buf1, sizeof(ent.name));
407 
408 	/* expiry */
409 	ent.h.expiry_time = get_expiry(&buf);
410 	if (ent.h.expiry_time == 0)
411 		goto out;
412 
413 	/* ID */
414 	error = get_int(&buf, &ent.id);
415 	if (error == -EINVAL)
416 		goto out;
417 	if (error == -ENOENT)
418 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
419 
420 	error = -ENOMEM;
421 	res = nametoid_lookup(&ent);
422 	if (res == NULL)
423 		goto out;
424 	res = nametoid_update(&ent, res);
425 	if (res == NULL)
426 		goto out;
427 
428 	cache_put(&res->h, &nametoid_cache);
429 	error = 0;
430 out:
431 	kfree(buf1);
432 
433 	return (error);
434 }
435 
436 
437 static struct ent *
438 nametoid_lookup(struct ent *item)
439 {
440 	struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache,
441 						    &item->h,
442 						    nametoid_hash(item));
443 	if (ch)
444 		return container_of(ch, struct ent, h);
445 	else
446 		return NULL;
447 }
448 
449 static struct ent *
450 nametoid_update(struct ent *new, struct ent *old)
451 {
452 	struct cache_head *ch = sunrpc_cache_update(&nametoid_cache,
453 						    &new->h, &old->h,
454 						    nametoid_hash(new));
455 	if (ch)
456 		return container_of(ch, struct ent, h);
457 	else
458 		return NULL;
459 }
460 
461 /*
462  * Exported API
463  */
464 
465 int
466 nfsd_idmap_init(void)
467 {
468 	int rv;
469 
470 	rv = cache_register(&idtoname_cache);
471 	if (rv)
472 		return rv;
473 	rv = cache_register(&nametoid_cache);
474 	if (rv)
475 		cache_unregister(&idtoname_cache);
476 	return rv;
477 }
478 
479 void
480 nfsd_idmap_shutdown(void)
481 {
482 	cache_unregister(&idtoname_cache);
483 	cache_unregister(&nametoid_cache);
484 }
485 
486 static int
487 idmap_lookup(struct svc_rqst *rqstp,
488 		struct ent *(*lookup_fn)(struct ent *), struct ent *key,
489 		struct cache_detail *detail, struct ent **item)
490 {
491 	int ret;
492 
493 	*item = lookup_fn(key);
494 	if (!*item)
495 		return -ENOMEM;
496  retry:
497 	ret = cache_check(detail, &(*item)->h, &rqstp->rq_chandle);
498 
499 	if (ret == -ETIMEDOUT) {
500 		struct ent *prev_item = *item;
501 		*item = lookup_fn(key);
502 		if (*item != prev_item)
503 			goto retry;
504 		cache_put(&(*item)->h, detail);
505 	}
506 	return ret;
507 }
508 
509 static char *
510 rqst_authname(struct svc_rqst *rqstp)
511 {
512 	struct auth_domain *clp;
513 
514 	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
515 	return clp->name;
516 }
517 
518 static __be32
519 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen,
520 		uid_t *id)
521 {
522 	struct ent *item, key = {
523 		.type = type,
524 	};
525 	int ret;
526 
527 	if (namelen + 1 > sizeof(key.name))
528 		return nfserr_badowner;
529 	memcpy(key.name, name, namelen);
530 	key.name[namelen] = '\0';
531 	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
532 	ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
533 	if (ret == -ENOENT)
534 		return nfserr_badowner;
535 	if (ret)
536 		return nfserrno(ret);
537 	*id = item->id;
538 	cache_put(&item->h, &nametoid_cache);
539 	return 0;
540 }
541 
542 static int
543 idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
544 {
545 	struct ent *item, key = {
546 		.id = id,
547 		.type = type,
548 	};
549 	int ret;
550 
551 	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
552 	ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
553 	if (ret == -ENOENT)
554 		return sprintf(name, "%u", id);
555 	if (ret)
556 		return ret;
557 	ret = strlen(item->name);
558 	BUG_ON(ret > IDMAP_NAMESZ);
559 	memcpy(name, item->name, ret);
560 	cache_put(&item->h, &idtoname_cache);
561 	return ret;
562 }
563 
564 __be32
565 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen,
566 		__u32 *id)
567 {
568 	return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
569 }
570 
571 __be32
572 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen,
573 		__u32 *id)
574 {
575 	return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
576 }
577 
578 int
579 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
580 {
581 	return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
582 }
583 
584 int
585 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
586 {
587 	return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
588 }
589