Blame view
fs/nfsd/nfs4idmap.c
16.6 KB
1da177e4c
|
1 |
/* |
1da177e4c
|
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
* Mapping of UID/GIDs to name and vice versa. * * Copyright (c) 2002, 2003 The Regents of the University of * Michigan. All rights reserved. * * Marius Aamodt Eriksen <marius@umich.edu> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ |
1da177e4c
|
34 |
#include <linux/module.h> |
1da177e4c
|
35 |
#include <linux/seq_file.h> |
341eb1844
|
36 |
#include <linux/sched.h> |
5a0e3ad6a
|
37 |
#include <linux/slab.h> |
c2e76ef5e
|
38 |
#include <linux/sunrpc/svc_xprt.h> |
f5c8593b9
|
39 |
#include <net/net_namespace.h> |
2ca72e17e
|
40 |
#include "idmap.h" |
3c7260234
|
41 |
#include "nfsd.h" |
c2e76ef5e
|
42 |
#include "netns.h" |
1da177e4c
|
43 44 |
/* |
e9541ce8e
|
45 46 47 48 49 50 51 52 |
* Turn off idmapping when using AUTH_SYS. */ static bool nfs4_disable_idmapping = true; module_param(nfs4_disable_idmapping, bool, 0644); MODULE_PARM_DESC(nfs4_disable_idmapping, "Turn off server's NFSv4 idmapping when using 'sec=sys'"); /* |
1da177e4c
|
53 54 55 56 57 58 59 |
* Cache entry */ /* * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on * that. */ |
1da177e4c
|
60 61 62 |
struct ent { struct cache_head h; int type; /* User / Group */ |
b5663898e
|
63 |
u32 id; |
1da177e4c
|
64 65 |
char name[IDMAP_NAMESZ]; char authname[IDMAP_NAMESZ]; |
9d5afd949
|
66 |
struct rcu_head rcu_head; |
1da177e4c
|
67 |
}; |
1da177e4c
|
68 69 70 71 |
/* Common entry handling */ #define ENT_HASHBITS 8 #define ENT_HASHMAX (1 << ENT_HASHBITS) |
1da177e4c
|
72 |
|
f9ecc921b
|
73 74 |
static void ent_init(struct cache_head *cnew, struct cache_head *citm) |
1da177e4c
|
75 |
{ |
f9ecc921b
|
76 77 |
struct ent *new = container_of(cnew, struct ent, h); struct ent *itm = container_of(citm, struct ent, h); |
1da177e4c
|
78 79 80 81 |
new->id = itm->id; new->type = itm->type; strlcpy(new->name, itm->name, sizeof(new->name)); |
c8320ccdd
|
82 |
strlcpy(new->authname, itm->authname, sizeof(new->authname)); |
1da177e4c
|
83 |
} |
fd39ca9a8
|
84 |
static void |
baab935ff
|
85 |
ent_put(struct kref *ref) |
1da177e4c
|
86 |
{ |
baab935ff
|
87 |
struct ent *map = container_of(ref, struct ent, h.ref); |
9d5afd949
|
88 |
kfree_rcu(map, rcu_head); |
1da177e4c
|
89 |
} |
f9ecc921b
|
90 91 92 93 94 95 96 97 98 |
static struct cache_head * ent_alloc(void) { struct ent *e = kmalloc(sizeof(*e), GFP_KERNEL); if (e) return &e->h; else return NULL; } |
1da177e4c
|
99 100 101 |
/* * ID -> Name cache */ |
1da177e4c
|
102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
static uint32_t idtoname_hash(struct ent *ent) { uint32_t hash; hash = hash_str(ent->authname, ENT_HASHBITS); hash = hash_long(hash ^ ent->id, ENT_HASHBITS); /* Flip LSB for user/group */ if (ent->type == IDMAP_TYPE_GROUP) hash ^= 1; return hash; } |
65286b883
|
116 117 118 119 120 |
static int idtoname_upcall(struct cache_detail *cd, struct cache_head *h) { return sunrpc_cache_pipe_upcall_timeout(cd, h); } |
1da177e4c
|
121 122 123 124 125 126 127 128 |
static void idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, int *blen) { struct ent *ent = container_of(ch, struct ent, h); char idstr[11]; qword_add(bpp, blen, ent->authname); |
0a725fc4d
|
129 |
snprintf(idstr, sizeof(idstr), "%u", ent->id); |
1da177e4c
|
130 131 132 133 134 135 |
qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); qword_add(bpp, blen, idstr); (*bpp)[-1] = ' '; } |
f9ecc921b
|
136 137 |
static int idtoname_match(struct cache_head *ca, struct cache_head *cb) |
1da177e4c
|
138 |
{ |
f9ecc921b
|
139 140 |
struct ent *a = container_of(ca, struct ent, h); struct ent *b = container_of(cb, struct ent, h); |
1da177e4c
|
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
return (a->id == b->id && a->type == b->type && strcmp(a->authname, b->authname) == 0); } static int idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { struct ent *ent; if (h == NULL) { seq_puts(m, "#domain type id [name] "); return 0; } ent = container_of(h, struct ent, h); |
0a725fc4d
|
156 |
seq_printf(m, "%s %s %u", ent->authname, |
1da177e4c
|
157 158 159 160 |
ent->type == IDMAP_TYPE_GROUP ? "group" : "user", ent->id); if (test_bit(CACHE_VALID, &h->flags)) seq_printf(m, " %s", ent->name); |
0b7cd9d9c
|
161 162 |
seq_putc(m, ' '); |
1da177e4c
|
163 164 165 166 |
return 0; } static void |
2da8ca26c
|
167 |
warn_no_idmapd(struct cache_detail *detail, int has_died) |
1da177e4c
|
168 169 170 |
{ printk("nfsd: nfsv4 idmapping failing: has idmapd %s? ", |
2da8ca26c
|
171 |
has_died ? "died" : "not been started"); |
1da177e4c
|
172 173 174 175 |
} static int idtoname_parse(struct cache_detail *, char *, int); |
f890edbbe
|
176 177 178 |
static struct ent *idtoname_lookup(struct cache_detail *, struct ent *); static struct ent *idtoname_update(struct cache_detail *, struct ent *, struct ent *); |
1da177e4c
|
179 |
|
ae2e408ec
|
180 |
static const struct cache_detail idtoname_cache_template = { |
f35279d3f
|
181 |
.owner = THIS_MODULE, |
1da177e4c
|
182 |
.hash_size = ENT_HASHMAX, |
1da177e4c
|
183 184 |
.name = "nfs4.idtoname", .cache_put = ent_put, |
65286b883
|
185 |
.cache_upcall = idtoname_upcall, |
73fb847a4
|
186 |
.cache_request = idtoname_request, |
1da177e4c
|
187 188 189 |
.cache_parse = idtoname_parse, .cache_show = idtoname_show, .warn_no_listener = warn_no_idmapd, |
f9ecc921b
|
190 191 192 193 |
.match = idtoname_match, .init = ent_init, .update = ent_init, .alloc = ent_alloc, |
1da177e4c
|
194 |
}; |
a254b246e
|
195 |
static int |
1da177e4c
|
196 197 198 199 |
idtoname_parse(struct cache_detail *cd, char *buf, int buflen) { struct ent ent, *res; char *buf1, *bp; |
c9b6cbe56
|
200 |
int len; |
1da177e4c
|
201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
int error = -EINVAL; if (buf[buflen - 1] != ' ') return (-EINVAL); buf[buflen - 1]= '\0'; buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); if (buf1 == NULL) return (-ENOMEM); memset(&ent, 0, sizeof(ent)); /* Authentication name */ |
13c82e8eb
|
215 216 |
len = qword_get(&buf, buf1, PAGE_SIZE); if (len <= 0 || len >= IDMAP_NAMESZ) |
1da177e4c
|
217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 |
goto out; memcpy(ent.authname, buf1, sizeof(ent.authname)); /* Type */ if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) goto out; ent.type = strcmp(buf1, "user") == 0 ? IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; /* ID */ if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) goto out; ent.id = simple_strtoul(buf1, &bp, 10); if (bp == buf1) goto out; /* expiry */ ent.h.expiry_time = get_expiry(&buf); if (ent.h.expiry_time == 0) goto out; |
f9ecc921b
|
237 |
error = -ENOMEM; |
f890edbbe
|
238 |
res = idtoname_lookup(cd, &ent); |
f9ecc921b
|
239 240 |
if (!res) goto out; |
1da177e4c
|
241 |
/* Name */ |
c9b6cbe56
|
242 243 |
error = -EINVAL; len = qword_get(&buf, buf1, PAGE_SIZE); |
13c82e8eb
|
244 |
if (len < 0 || len >= IDMAP_NAMESZ) |
1da177e4c
|
245 |
goto out; |
c9b6cbe56
|
246 |
if (len == 0) |
1da177e4c
|
247 |
set_bit(CACHE_NEGATIVE, &ent.h.flags); |
d4395e03f
|
248 |
else |
1da177e4c
|
249 |
memcpy(ent.name, buf1, sizeof(ent.name)); |
1da177e4c
|
250 |
error = -ENOMEM; |
f890edbbe
|
251 |
res = idtoname_update(cd, &ent, res); |
f9ecc921b
|
252 |
if (res == NULL) |
1da177e4c
|
253 |
goto out; |
f890edbbe
|
254 |
cache_put(&res->h, cd); |
1da177e4c
|
255 256 257 |
error = 0; out: kfree(buf1); |
1da177e4c
|
258 259 |
return error; } |
f9ecc921b
|
260 |
static struct ent * |
f890edbbe
|
261 |
idtoname_lookup(struct cache_detail *cd, struct ent *item) |
f9ecc921b
|
262 |
{ |
9d5afd949
|
263 264 |
struct cache_head *ch = sunrpc_cache_lookup_rcu(cd, &item->h, idtoname_hash(item)); |
f9ecc921b
|
265 266 267 268 269 270 271 |
if (ch) return container_of(ch, struct ent, h); else return NULL; } static struct ent * |
f890edbbe
|
272 |
idtoname_update(struct cache_detail *cd, struct ent *new, struct ent *old) |
f9ecc921b
|
273 |
{ |
f890edbbe
|
274 |
struct cache_head *ch = sunrpc_cache_update(cd, &new->h, &old->h, |
f9ecc921b
|
275 276 277 278 279 280 |
idtoname_hash(new)); if (ch) return container_of(ch, struct ent, h); else return NULL; } |
1da177e4c
|
281 282 283 284 |
/* * Name -> ID cache */ |
1da177e4c
|
285 286 287 288 289 |
static inline int nametoid_hash(struct ent *ent) { return hash_str(ent->name, ENT_HASHBITS); } |
65286b883
|
290 291 292 293 294 |
static int nametoid_upcall(struct cache_detail *cd, struct cache_head *h) { return sunrpc_cache_pipe_upcall_timeout(cd, h); } |
fd39ca9a8
|
295 |
static void |
1da177e4c
|
296 297 298 299 300 301 302 303 304 305 306 307 |
nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp, int *blen) { struct ent *ent = container_of(ch, struct ent, h); qword_add(bpp, blen, ent->authname); qword_add(bpp, blen, ent->type == IDMAP_TYPE_GROUP ? "group" : "user"); qword_add(bpp, blen, ent->name); (*bpp)[-1] = ' '; } |
f9ecc921b
|
308 309 |
static int nametoid_match(struct cache_head *ca, struct cache_head *cb) |
1da177e4c
|
310 |
{ |
f9ecc921b
|
311 312 |
struct ent *a = container_of(ca, struct ent, h); struct ent *b = container_of(cb, struct ent, h); |
1da177e4c
|
313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 |
return (a->type == b->type && strcmp(a->name, b->name) == 0 && strcmp(a->authname, b->authname) == 0); } static int nametoid_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h) { struct ent *ent; if (h == NULL) { seq_puts(m, "#domain type name [id] "); return 0; } ent = container_of(h, struct ent, h); seq_printf(m, "%s %s %s", ent->authname, ent->type == IDMAP_TYPE_GROUP ? "group" : "user", ent->name); if (test_bit(CACHE_VALID, &h->flags)) |
0a725fc4d
|
332 |
seq_printf(m, " %u", ent->id); |
0b7cd9d9c
|
333 334 |
seq_putc(m, ' '); |
1da177e4c
|
335 336 |
return 0; } |
f890edbbe
|
337 338 339 |
static struct ent *nametoid_lookup(struct cache_detail *, struct ent *); static struct ent *nametoid_update(struct cache_detail *, struct ent *, struct ent *); |
fd39ca9a8
|
340 |
static int nametoid_parse(struct cache_detail *, char *, int); |
1da177e4c
|
341 |
|
ae2e408ec
|
342 |
static const struct cache_detail nametoid_cache_template = { |
f35279d3f
|
343 |
.owner = THIS_MODULE, |
1da177e4c
|
344 |
.hash_size = ENT_HASHMAX, |
1da177e4c
|
345 346 |
.name = "nfs4.nametoid", .cache_put = ent_put, |
65286b883
|
347 |
.cache_upcall = nametoid_upcall, |
73fb847a4
|
348 |
.cache_request = nametoid_request, |
1da177e4c
|
349 350 351 |
.cache_parse = nametoid_parse, .cache_show = nametoid_show, .warn_no_listener = warn_no_idmapd, |
f9ecc921b
|
352 353 354 355 |
.match = nametoid_match, .init = ent_init, .update = ent_init, .alloc = ent_alloc, |
1da177e4c
|
356 |
}; |
fd39ca9a8
|
357 |
static int |
1da177e4c
|
358 359 360 361 |
nametoid_parse(struct cache_detail *cd, char *buf, int buflen) { struct ent ent, *res; char *buf1; |
48c348b09
|
362 |
int len, error = -EINVAL; |
1da177e4c
|
363 364 365 366 367 368 369 370 371 372 373 374 375 |
if (buf[buflen - 1] != ' ') return (-EINVAL); buf[buflen - 1]= '\0'; buf1 = kmalloc(PAGE_SIZE, GFP_KERNEL); if (buf1 == NULL) return (-ENOMEM); memset(&ent, 0, sizeof(ent)); /* Authentication name */ |
13c82e8eb
|
376 377 |
len = qword_get(&buf, buf1, PAGE_SIZE); if (len <= 0 || len >= IDMAP_NAMESZ) |
1da177e4c
|
378 379 380 381 382 383 384 385 386 387 |
goto out; memcpy(ent.authname, buf1, sizeof(ent.authname)); /* Type */ if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) goto out; ent.type = strcmp(buf1, "user") == 0 ? IDMAP_TYPE_USER : IDMAP_TYPE_GROUP; /* Name */ |
48c348b09
|
388 389 |
len = qword_get(&buf, buf1, PAGE_SIZE); if (len <= 0 || len >= IDMAP_NAMESZ) |
1da177e4c
|
390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 |
goto out; memcpy(ent.name, buf1, sizeof(ent.name)); /* expiry */ ent.h.expiry_time = get_expiry(&buf); if (ent.h.expiry_time == 0) goto out; /* ID */ error = get_int(&buf, &ent.id); if (error == -EINVAL) goto out; if (error == -ENOENT) set_bit(CACHE_NEGATIVE, &ent.h.flags); error = -ENOMEM; |
f890edbbe
|
406 |
res = nametoid_lookup(cd, &ent); |
f9ecc921b
|
407 408 |
if (res == NULL) goto out; |
f890edbbe
|
409 |
res = nametoid_update(cd, &ent, res); |
f9ecc921b
|
410 |
if (res == NULL) |
1da177e4c
|
411 |
goto out; |
f890edbbe
|
412 |
cache_put(&res->h, cd); |
1da177e4c
|
413 414 415 |
error = 0; out: kfree(buf1); |
1da177e4c
|
416 417 |
return (error); } |
f9ecc921b
|
418 419 |
static struct ent * |
f890edbbe
|
420 |
nametoid_lookup(struct cache_detail *cd, struct ent *item) |
f9ecc921b
|
421 |
{ |
9d5afd949
|
422 423 |
struct cache_head *ch = sunrpc_cache_lookup_rcu(cd, &item->h, nametoid_hash(item)); |
f9ecc921b
|
424 425 426 427 428 429 430 |
if (ch) return container_of(ch, struct ent, h); else return NULL; } static struct ent * |
f890edbbe
|
431 |
nametoid_update(struct cache_detail *cd, struct ent *new, struct ent *old) |
f9ecc921b
|
432 |
{ |
f890edbbe
|
433 |
struct cache_head *ch = sunrpc_cache_update(cd, &new->h, &old->h, |
f9ecc921b
|
434 435 436 437 438 439 |
nametoid_hash(new)); if (ch) return container_of(ch, struct ent, h); else return NULL; } |
1da177e4c
|
440 441 442 443 |
/* * Exported API */ |
dbf847ecb
|
444 |
int |
43ec1a20b
|
445 |
nfsd_idmap_init(struct net *net) |
1da177e4c
|
446 |
{ |
dbf847ecb
|
447 |
int rv; |
c2e76ef5e
|
448 |
struct nfsd_net *nn = net_generic(net, nfsd_net_id); |
dbf847ecb
|
449 |
|
c2e76ef5e
|
450 451 452 453 |
nn->idtoname_cache = cache_create_net(&idtoname_cache_template, net); if (IS_ERR(nn->idtoname_cache)) return PTR_ERR(nn->idtoname_cache); rv = cache_register_net(nn->idtoname_cache, net); |
dbf847ecb
|
454 |
if (rv) |
c2e76ef5e
|
455 |
goto destroy_idtoname_cache; |
9e75a4dee
|
456 457 |
nn->nametoid_cache = cache_create_net(&nametoid_cache_template, net); if (IS_ERR(nn->nametoid_cache)) { |
92566e287
|
458 |
rv = PTR_ERR(nn->nametoid_cache); |
c2e76ef5e
|
459 |
goto unregister_idtoname_cache; |
9e75a4dee
|
460 461 462 463 |
} rv = cache_register_net(nn->nametoid_cache, net); if (rv) goto destroy_nametoid_cache; |
c2e76ef5e
|
464 |
return 0; |
9e75a4dee
|
465 466 |
destroy_nametoid_cache: cache_destroy_net(nn->nametoid_cache, net); |
c2e76ef5e
|
467 468 469 470 |
unregister_idtoname_cache: cache_unregister_net(nn->idtoname_cache, net); destroy_idtoname_cache: cache_destroy_net(nn->idtoname_cache, net); |
dbf847ecb
|
471 |
return rv; |
1da177e4c
|
472 473 474 |
} void |
43ec1a20b
|
475 |
nfsd_idmap_shutdown(struct net *net) |
1da177e4c
|
476 |
{ |
c2e76ef5e
|
477 478 479 |
struct nfsd_net *nn = net_generic(net, nfsd_net_id); cache_unregister_net(nn->idtoname_cache, net); |
9e75a4dee
|
480 |
cache_unregister_net(nn->nametoid_cache, net); |
c2e76ef5e
|
481 |
cache_destroy_net(nn->idtoname_cache, net); |
9e75a4dee
|
482 |
cache_destroy_net(nn->nametoid_cache, net); |
1da177e4c
|
483 |
} |
1da177e4c
|
484 485 |
static int idmap_lookup(struct svc_rqst *rqstp, |
f890edbbe
|
486 487 |
struct ent *(*lookup_fn)(struct cache_detail *, struct ent *), struct ent *key, struct cache_detail *detail, struct ent **item) |
1da177e4c
|
488 |
{ |
1da177e4c
|
489 |
int ret; |
f890edbbe
|
490 |
*item = lookup_fn(detail, key); |
839049a87
|
491 |
if (!*item) |
1da177e4c
|
492 |
return -ENOMEM; |
839049a87
|
493 494 495 496 497 |
retry: ret = cache_check(detail, &(*item)->h, &rqstp->rq_chandle); if (ret == -ETIMEDOUT) { struct ent *prev_item = *item; |
f890edbbe
|
498 |
*item = lookup_fn(detail, key); |
839049a87
|
499 500 501 |
if (*item != prev_item) goto retry; cache_put(&(*item)->h, detail); |
1da177e4c
|
502 |
} |
1da177e4c
|
503 504 |
return ret; } |
3ab4d8b12
|
505 506 507 508 509 510 511 512 |
static char * rqst_authname(struct svc_rqst *rqstp) { struct auth_domain *clp; clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client; return clp->name; } |
3c7260234
|
513 |
static __be32 |
1da177e4c
|
514 |
idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, |
b5663898e
|
515 |
u32 *id) |
1da177e4c
|
516 517 518 519 520 |
{ struct ent *item, key = { .type = type, }; int ret; |
9695c7057
|
521 |
struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); |
1da177e4c
|
522 523 |
if (namelen + 1 > sizeof(key.name)) |
3c7260234
|
524 |
return nfserr_badowner; |
1da177e4c
|
525 526 |
memcpy(key.name, name, namelen); key.name[namelen] = '\0'; |
3ab4d8b12
|
527 |
strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); |
9e75a4dee
|
528 |
ret = idmap_lookup(rqstp, nametoid_lookup, &key, nn->nametoid_cache, &item); |
1da177e4c
|
529 |
if (ret == -ENOENT) |
3c7260234
|
530 |
return nfserr_badowner; |
1da177e4c
|
531 |
if (ret) |
3c7260234
|
532 |
return nfserrno(ret); |
1da177e4c
|
533 |
*id = item->id; |
9e75a4dee
|
534 |
cache_put(&item->h, nn->nametoid_cache); |
1da177e4c
|
535 536 |
return 0; } |
ddd1ea563
|
537 |
static __be32 encode_ascii_id(struct xdr_stream *xdr, u32 id) |
3554116d3
|
538 539 540 |
{ char buf[11]; int len; |
ddd1ea563
|
541 |
__be32 *p; |
3554116d3
|
542 543 |
len = sprintf(buf, "%u", id); |
ddd1ea563
|
544 545 |
p = xdr_reserve_space(xdr, len + 4); if (!p) |
3554116d3
|
546 |
return nfserr_resource; |
ddd1ea563
|
547 |
p = xdr_encode_opaque(p, buf, len); |
3554116d3
|
548 549 |
return 0; } |
ddd1ea563
|
550 551 |
static __be32 idmap_id_to_name(struct xdr_stream *xdr, struct svc_rqst *rqstp, int type, u32 id) |
1da177e4c
|
552 553 554 555 556 |
{ struct ent *item, key = { .id = id, .type = type, }; |
ddd1ea563
|
557 |
__be32 *p; |
1da177e4c
|
558 |
int ret; |
9695c7057
|
559 |
struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); |
1da177e4c
|
560 |
|
3ab4d8b12
|
561 |
strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname)); |
c2e76ef5e
|
562 |
ret = idmap_lookup(rqstp, idtoname_lookup, &key, nn->idtoname_cache, &item); |
1da177e4c
|
563 |
if (ret == -ENOENT) |
ddd1ea563
|
564 |
return encode_ascii_id(xdr, id); |
1da177e4c
|
565 |
if (ret) |
3554116d3
|
566 |
return nfserrno(ret); |
1da177e4c
|
567 |
ret = strlen(item->name); |
3554116d3
|
568 |
WARN_ON_ONCE(ret > IDMAP_NAMESZ); |
ddd1ea563
|
569 570 |
p = xdr_reserve_space(xdr, ret + 4); if (!p) |
3554116d3
|
571 |
return nfserr_resource; |
ddd1ea563
|
572 |
p = xdr_encode_opaque(p, item->name, ret); |
c2e76ef5e
|
573 |
cache_put(&item->h, nn->idtoname_cache); |
3554116d3
|
574 |
return 0; |
1da177e4c
|
575 |
} |
e9541ce8e
|
576 |
static bool |
b5663898e
|
577 |
numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, u32 *id) |
e9541ce8e
|
578 579 580 581 582 583 584 585 586 587 |
{ int ret; char buf[11]; if (namelen + 1 > sizeof(buf)) /* too long to represent a 32-bit id: */ return false; /* Just to make sure it's null-terminated: */ memcpy(buf, name, namelen); buf[namelen] = '\0'; |
9959ba0c2
|
588 |
ret = kstrtouint(buf, 10, id); |
e9541ce8e
|
589 590 591 592 |
return ret == 0; } static __be32 |
b5663898e
|
593 |
do_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, u32 *id) |
e9541ce8e
|
594 |
{ |
d5497fc69
|
595 |
if (nfs4_disable_idmapping && rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS) |
e9541ce8e
|
596 597 598 599 600 601 602 603 |
if (numeric_name_to_id(rqstp, type, name, namelen, id)) return 0; /* * otherwise, fall through and try idmapping, for * backwards compatibility with clients sending names: */ return idmap_name_to_id(rqstp, type, name, namelen, id); } |
ddd1ea563
|
604 605 |
static __be32 encode_name_from_id(struct xdr_stream *xdr, struct svc_rqst *rqstp, int type, u32 id) |
e9541ce8e
|
606 |
{ |
d5497fc69
|
607 |
if (nfs4_disable_idmapping && rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS) |
ddd1ea563
|
608 609 |
return encode_ascii_id(xdr, id); return idmap_id_to_name(xdr, rqstp, type, id); |
e9541ce8e
|
610 |
} |
3c7260234
|
611 |
__be32 |
1da177e4c
|
612 |
nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, |
65e10f6d0
|
613 |
kuid_t *uid) |
1da177e4c
|
614 |
{ |
65e10f6d0
|
615 616 |
__be32 status; u32 id = -1; |
c3821b349
|
617 618 619 |
if (name == NULL || namelen == 0) return nfserr_inval; |
65e10f6d0
|
620 |
status = do_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, &id); |
e45d1a183
|
621 |
*uid = make_kuid(nfsd_user_namespace(rqstp), id); |
65e10f6d0
|
622 623 624 |
if (!uid_valid(*uid)) status = nfserr_badowner; return status; |
1da177e4c
|
625 |
} |
3c7260234
|
626 |
__be32 |
1da177e4c
|
627 |
nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, |
65e10f6d0
|
628 |
kgid_t *gid) |
1da177e4c
|
629 |
{ |
65e10f6d0
|
630 631 |
__be32 status; u32 id = -1; |
c3821b349
|
632 633 634 |
if (name == NULL || namelen == 0) return nfserr_inval; |
65e10f6d0
|
635 |
status = do_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, &id); |
e45d1a183
|
636 |
*gid = make_kgid(nfsd_user_namespace(rqstp), id); |
65e10f6d0
|
637 638 639 |
if (!gid_valid(*gid)) status = nfserr_badowner; return status; |
1da177e4c
|
640 |
} |
ddd1ea563
|
641 642 |
__be32 nfsd4_encode_user(struct xdr_stream *xdr, struct svc_rqst *rqstp, kuid_t uid) |
1da177e4c
|
643 |
{ |
e45d1a183
|
644 |
u32 id = from_kuid_munged(nfsd_user_namespace(rqstp), uid); |
ddd1ea563
|
645 |
return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_USER, id); |
1da177e4c
|
646 |
} |
ddd1ea563
|
647 648 |
__be32 nfsd4_encode_group(struct xdr_stream *xdr, struct svc_rqst *rqstp, kgid_t gid) |
1da177e4c
|
649 |
{ |
e45d1a183
|
650 |
u32 id = from_kgid_munged(nfsd_user_namespace(rqstp), gid); |
ddd1ea563
|
651 |
return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_GROUP, id); |
1da177e4c
|
652 |
} |