1/* 2 * fs/nfsd/nfs4idmap.c 3 * 4 * Mapping of UID/GIDs to name and vice versa. 5 * 6 * Copyright (c) 2002, 2003 The Regents of the University of 7 * Michigan. All rights reserved. 8 * 9 * Marius Aamodt Eriksen <marius@umich.edu> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its 21 * contributors may be used to endorse or promote products derived 22 * from this software without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 25 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 26 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37#include <linux/module.h> 38#include <linux/init.h> 39 40#include <linux/mm.h> 41#include <linux/utsname.h> 42#include <linux/errno.h> 43#include <linux/string.h> 44#include <linux/sunrpc/clnt.h> 45#include <linux/nfs.h> 46#include <linux/nfs4.h> 47#include <linux/nfs_fs.h> 48#include <linux/nfs_page.h> 49#include <linux/sunrpc/cache.h> 50#include <linux/nfsd_idmap.h> 51#include <linux/list.h> 52#include <linux/time.h> 53#include <linux/seq_file.h> 54#include <linux/sunrpc/svcauth.h> 55 56/* 57 * Cache entry 58 */ 59 60 61#define IDMAP_TYPE_USER 0 62#define IDMAP_TYPE_GROUP 1 63 64struct ent { 65 struct cache_head h; 66 int type; /* User / Group */ 67 uid_t id; 68 char name[IDMAP_NAMESZ]; 69 char authname[IDMAP_NAMESZ]; 70}; 71 72/* Common entry handling */ 73 74#define ENT_HASHBITS 8 75#define ENT_HASHMAX (1 << ENT_HASHBITS) 76#define ENT_HASHMASK (ENT_HASHMAX - 1) 77 78static void 79ent_init(struct cache_head *cnew, struct cache_head *citm) 80{ 81 struct ent *new = container_of(cnew, struct ent, h); 82 struct ent *itm = container_of(citm, struct ent, h); 83 84 new->id = itm->id; 85 new->type = itm->type; 86 87 strlcpy(new->name, itm->name, sizeof(new->name)); 88 strlcpy(new->authname, itm->authname, sizeof(new->name)); 89} 90 91static void 92ent_put(struct kref *ref) 93{ 94 struct ent *map = container_of(ref, struct ent, h.ref); 95 kfree(map); 96} 97 98static struct cache_head * 99ent_alloc(void) 100{ 101 struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); 102 if (e) 103 return &e->h; 104 else 105 return NULL; 106} 107 108/* 109 * ID -> Name cache 110 */ 111 112static struct cache_head *idtoname_table[ENT_HASHMAX]; 113 114static uint32_t 115idtoname_hash(struct ent *ent) 116{ 117 uint32_t hash; 118 119 hash = hash_str(ent->authname, ENT_HASHBITS); 120 hash = hash_long(hash ^ ent->id, ENT_HASHBITS); 121 122 /* Flip LSB for user/group */ 123 if (ent->type == IDMAP_TYPE_GROUP) 124 hash ^= 1; 125 126 return hash; 127} 128 129static void 130idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 131 int *blen) 132{ 133 struct ent *ent = container_of(ch, struct ent, h); 134 char idstr[11]; 135 136 qword_add(bpp, blen, ent->authname); 137 snprintf(idstr, sizeof(idstr), "%d", ent->id); 138 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 139 qword_add(bpp, blen, idstr); 140 141 (*bpp)[-1] = '\n'; 142} 143 144static int 145idtoname_match(struct cache_head *ca, struct cache_head *cb) 146{ 147 struct ent *a = container_of(ca, struct ent, h); 148 struct ent *b = container_of(cb, struct ent, h); 149 150 return (a->id == b->id && a->type == b->type && 151 strcmp(a->authname, b->authname) == 0); 152} 153 154static int 155idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 156{ 157 struct ent *ent; 158 159 if (h == NULL) { 160 seq_puts(m, "#domain type id [name]\n"); 161 return 0; 162 } 163 ent = container_of(h, struct ent, h); 164 seq_printf(m, "%s %s %d", ent->authname, 165 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 166 ent->id); 167 if (test_bit(CACHE_VALID, &h->flags)) 168 seq_printf(m, " %s", ent->name); 169 seq_printf(m, "\n"); 170 return 0; 171} 172 173static void 174warn_no_idmapd(struct cache_detail *detail) 175{ 176 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n", 177 detail->last_close? "died" : "not been started"); 178} 179 180 181static int idtoname_parse(struct cache_detail *, char *, int); 182static struct ent *idtoname_lookup(struct ent *); 183static struct ent *idtoname_update(struct ent *, struct ent *); 184 185static struct cache_detail idtoname_cache = { 186 .owner = THIS_MODULE, 187 .hash_size = ENT_HASHMAX, 188 .hash_table = idtoname_table, 189 .name = "nfs4.idtoname", 190 .cache_put = ent_put, 191 .cache_request = idtoname_request, 192 .cache_parse = idtoname_parse, 193 .cache_show = idtoname_show, 194 .warn_no_listener = warn_no_idmapd, 195 .match = idtoname_match, 196 .init = ent_init, 197 .update = ent_init, 198 .alloc = ent_alloc, 199}; 200 201int 202idtoname_parse(struct cache_detail *cd, char *buf, int buflen) 203{ 204 struct ent ent, *res; 205 char *buf1, *bp; 206 int error = -EINVAL; 207 208 if (buf[buflen - 1] != '\n') 209 return (-EINVAL); 210 buf[buflen - 1]= '\0'; 211 212 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 213 if (buf1 == NULL) 214 return (-ENOMEM); 215 216 memset(&ent, 0, sizeof(ent)); 217 218 /* Authentication name */ 219 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 220 goto out; 221 memcpy(ent.authname, buf1, sizeof(ent.authname)); 222 223 /* Type */ 224 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 225 goto out; 226 ent.type = strcmp(buf1, "user") == 0 ? 227 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 228 229 /* ID */ 230 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 231 goto out; 232 ent.id = simple_strtoul(buf1, &bp, 10); 233 if (bp == buf1) 234 goto out; 235 236 /* expiry */ 237 ent.h.expiry_time = get_expiry(&buf); 238 if (ent.h.expiry_time == 0) 239 goto out; 240 241 error = -ENOMEM; 242 res = idtoname_lookup(&ent); 243 if (!res) 244 goto out; 245 246 /* Name */ 247 error = qword_get(&buf, buf1, PAGE_SIZE); 248 if (error == -EINVAL) 249 goto out; 250 if (error == -ENOENT) 251 set_bit(CACHE_NEGATIVE, &ent.h.flags); 252 else { 253 if (error >= IDMAP_NAMESZ) { 254 error = -EINVAL; 255 goto out; 256 } 257 memcpy(ent.name, buf1, sizeof(ent.name)); 258 } 259 error = -ENOMEM; 260 res = idtoname_update(&ent, res); 261 if (res == NULL) 262 goto out; 263 264 cache_put(&res->h, &idtoname_cache); 265 266 error = 0; 267out: 268 kfree(buf1); 269 270 return error; 271} 272 273 274static struct ent * 275idtoname_lookup(struct ent *item) 276{ 277 struct cache_head *ch = sunrpc_cache_lookup(&idtoname_cache, 278 &item->h, 279 idtoname_hash(item)); 280 if (ch) 281 return container_of(ch, struct ent, h); 282 else 283 return NULL; 284} 285 286static struct ent * 287idtoname_update(struct ent *new, struct ent *old) 288{ 289 struct cache_head *ch = sunrpc_cache_update(&idtoname_cache, 290 &new->h, &old->h, 291 idtoname_hash(new)); 292 if (ch) 293 return container_of(ch, struct ent, h); 294 else 295 return NULL; 296} 297 298 299/* 300 * Name -> ID cache 301 */ 302 303static struct cache_head *nametoid_table[ENT_HASHMAX]; 304 305static inline int 306nametoid_hash(struct ent *ent) 307{ 308 return hash_str(ent->name, ENT_HASHBITS); 309} 310 311static void 312nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, 313 int *blen) 314{ 315 struct ent *ent = container_of(ch, struct ent, h); 316 317 qword_add(bpp, blen, ent->authname); 318 qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); 319 qword_add(bpp, blen, ent->name); 320 321 (*bpp)[-1] = '\n'; 322} 323 324static int 325nametoid_match(struct cache_head *ca, struct cache_head *cb) 326{ 327 struct ent *a = container_of(ca, struct ent, h); 328 struct ent *b = container_of(cb, struct ent, h); 329 330 return (a->type == b->type && strcmp(a->name, b->name) == 0 && 331 strcmp(a->authname, b->authname) == 0); 332} 333 334static int 335nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) 336{ 337 struct ent *ent; 338 339 if (h == NULL) { 340 seq_puts(m, "#domain type name [id]\n"); 341 return 0; 342 } 343 ent = container_of(h, struct ent, h); 344 seq_printf(m, "%s %s %s", ent->authname, 345 ent->type == IDMAP_TYPE_GROUP ? "group" : "user", 346 ent->name); 347 if (test_bit(CACHE_VALID, &h->flags)) 348 seq_printf(m, " %d", ent->id); 349 seq_printf(m, "\n"); 350 return 0; 351} 352 353static struct ent *nametoid_lookup(struct ent *); 354static struct ent *nametoid_update(struct ent *, struct ent *); 355static int nametoid_parse(struct cache_detail *, char *, int); 356 357static struct cache_detail nametoid_cache = { 358 .owner = THIS_MODULE, 359 .hash_size = ENT_HASHMAX, 360 .hash_table = nametoid_table, 361 .name = "nfs4.nametoid", 362 .cache_put = ent_put, 363 .cache_request = nametoid_request, 364 .cache_parse = nametoid_parse, 365 .cache_show = nametoid_show, 366 .warn_no_listener = warn_no_idmapd, 367 .match = nametoid_match, 368 .init = ent_init, 369 .update = ent_init, 370 .alloc = ent_alloc, 371}; 372 373static int 374nametoid_parse(struct cache_detail *cd, char *buf, int buflen) 375{ 376 struct ent ent, *res; 377 char *buf1; 378 int error = -EINVAL; 379 380 if (buf[buflen - 1] != '\n') 381 return (-EINVAL); 382 buf[buflen - 1]= '\0'; 383 384 buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); 385 if (buf1 == NULL) 386 return (-ENOMEM); 387 388 memset(&ent, 0, sizeof(ent)); 389 390 /* Authentication name */ 391 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 392 goto out; 393 memcpy(ent.authname, buf1, sizeof(ent.authname)); 394 395 /* Type */ 396 if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) 397 goto out; 398 ent.type = strcmp(buf1, "user") == 0 ? 399 IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; 400 401 /* Name */ 402 error = qword_get(&buf, buf1, PAGE_SIZE); 403 if (error <= 0 || error >= IDMAP_NAMESZ) 404 goto out; 405 memcpy(ent.name, buf1, sizeof(ent.name)); 406 407 /* expiry */ 408 ent.h.expiry_time = get_expiry(&buf); 409 if (ent.h.expiry_time == 0) 410 goto out; 411 412 /* ID */ 413 error = get_int(&buf, &ent.id); 414 if (error == -EINVAL) 415 goto out; 416 if (error == -ENOENT) 417 set_bit(CACHE_NEGATIVE, &ent.h.flags); 418 419 error = -ENOMEM; 420 res = nametoid_lookup(&ent); 421 if (res == NULL) 422 goto out; 423 res = nametoid_update(&ent, res); 424 if (res == NULL) 425 goto out; 426 427 cache_put(&res->h, &nametoid_cache); 428 error = 0; 429out: 430 kfree(buf1); 431 432 return (error); 433} 434 435 436static struct ent * 437nametoid_lookup(struct ent *item) 438{ 439 struct cache_head *ch = sunrpc_cache_lookup(&nametoid_cache, 440 &item->h, 441 nametoid_hash(item)); 442 if (ch) 443 return container_of(ch, struct ent, h); 444 else 445 return NULL; 446} 447 448static struct ent * 449nametoid_update(struct ent *new, struct ent *old) 450{ 451 struct cache_head *ch = sunrpc_cache_update(&nametoid_cache, 452 &new->h, &old->h, 453 nametoid_hash(new)); 454 if (ch) 455 return container_of(ch, struct ent, h); 456 else 457 return NULL; 458} 459 460/* 461 * Exported API 462 */ 463 464void 465nfsd_idmap_init(void) 466{ 467 cache_register(&idtoname_cache); 468 cache_register(&nametoid_cache); 469} 470 471void 472nfsd_idmap_shutdown(void) 473{ 474 if (cache_unregister(&idtoname_cache)) 475 printk(KERN_ERR "nfsd: failed to unregister idtoname cache\n"); 476 if (cache_unregister(&nametoid_cache)) 477 printk(KERN_ERR "nfsd: failed to unregister nametoid cache\n"); 478} 479 480/* 481 * Deferred request handling 482 */ 483 484struct idmap_defer_req { 485 struct cache_req req; 486 struct cache_deferred_req deferred_req; 487 wait_queue_head_t waitq; 488 atomic_t count; 489}; 490 491static inline void 492put_mdr(struct idmap_defer_req *mdr) 493{ 494 if (atomic_dec_and_test(&mdr->count)) 495 kfree(mdr); 496} 497 498static inline void 499get_mdr(struct idmap_defer_req *mdr) 500{ 501 atomic_inc(&mdr->count); 502} 503 504static void 505idmap_revisit(struct cache_deferred_req *dreq, int toomany) 506{ 507 struct idmap_defer_req *mdr = 508 container_of(dreq, struct idmap_defer_req, deferred_req); 509 510 wake_up(&mdr->waitq); 511 put_mdr(mdr); 512} 513 514static struct cache_deferred_req * 515idmap_defer(struct cache_req *req) 516{ 517 struct idmap_defer_req *mdr = 518 container_of(req, struct idmap_defer_req, req); 519 520 mdr->deferred_req.revisit = idmap_revisit; 521 get_mdr(mdr); 522 return (&mdr->deferred_req); 523} 524 525static inline int 526do_idmap_lookup(struct ent *(*lookup_fn)(struct ent *), struct ent *key, 527 struct cache_detail *detail, struct ent **item, 528 struct idmap_defer_req *mdr) 529{ 530 *item = lookup_fn(key); 531 if (!*item) 532 return -ENOMEM; 533 return cache_check(detail, &(*item)->h, &mdr->req); 534} 535 536static inline int 537do_idmap_lookup_nowait(struct ent *(*lookup_fn)(struct ent *), 538 struct ent *key, struct cache_detail *detail, 539 struct ent **item) 540{ 541 int ret = -ENOMEM; 542 543 *item = lookup_fn(key); 544 if (!*item) 545 goto out_err; 546 ret = -ETIMEDOUT; 547 if (!test_bit(CACHE_VALID, &(*item)->h.flags) 548 || (*item)->h.expiry_time < get_seconds() 549 || detail->flush_time > (*item)->h.last_refresh) 550 goto out_put; 551 ret = -ENOENT; 552 if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags)) 553 goto out_put; 554 return 0; 555out_put: 556 cache_put(&(*item)->h, detail); 557out_err: 558 *item = NULL; 559 return ret; 560} 561 562static int 563idmap_lookup(struct svc_rqst *rqstp, 564 struct ent *(*lookup_fn)(struct ent *), struct ent *key, 565 struct cache_detail *detail, struct ent **item) 566{ 567 struct idmap_defer_req *mdr; 568 int ret; 569 570 mdr = kzalloc(sizeof(*mdr), GFP_KERNEL); 571 if (!mdr) 572 return -ENOMEM; 573 atomic_set(&mdr->count, 1); 574 init_waitqueue_head(&mdr->waitq); 575 mdr->req.defer = idmap_defer; 576 ret = do_idmap_lookup(lookup_fn, key, detail, item, mdr); 577 if (ret == -EAGAIN) { 578 wait_event_interruptible_timeout(mdr->waitq, 579 test_bit(CACHE_VALID, &(*item)->h.flags), 1 * HZ); 580 ret = do_idmap_lookup_nowait(lookup_fn, key, detail, item); 581 } 582 put_mdr(mdr); 583 return ret; 584} 585 586static int 587idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, 588 uid_t *id) 589{ 590 struct ent *item, key = { 591 .type = type, 592 }; 593 int ret; 594 595 if (namelen + 1 > sizeof(key.name)) 596 return -EINVAL; 597 memcpy(key.name, name, namelen); 598 key.name[namelen] = '\0'; 599 strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname)); 600 ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item); 601 if (ret == -ENOENT) 602 ret = -ESRCH; /* nfserr_badname */ 603 if (ret) 604 return ret; 605 *id = item->id; 606 cache_put(&item->h, &nametoid_cache); 607 return 0; 608} 609 610static int 611idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name) 612{ 613 struct ent *item, key = { 614 .id = id, 615 .type = type, 616 }; 617 int ret; 618 619 strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname)); 620 ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item); 621 if (ret == -ENOENT) 622 return sprintf(name, "%u", id); 623 if (ret) 624 return ret; 625 ret = strlen(item->name); 626 BUG_ON(ret > IDMAP_NAMESZ); 627 memcpy(name, item->name, ret); 628 cache_put(&item->h, &idtoname_cache); 629 return ret; 630} 631 632int 633nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, 634 __u32 *id) 635{ 636 return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id); 637} 638 639int 640nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, 641 __u32 *id) 642{ 643 return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id); 644} 645 646int 647nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 648{ 649 return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name); 650} 651 652int 653nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name) 654{ 655 return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name); 656} 657