Commit e6499c6f4b5f56a16f8b8ef60529c1da28b13aea
Committed by
Trond Myklebust
Trond Myklebust
1 parent
2d3fe01c36
Exists in
master
and in
20 other branches
NFS: Fall back on old idmapper if request_key() fails
This patch removes the CONFIG_NFS_USE_NEW_IDMAPPER compile option. First, the idmapper will attempt to map the id using /sbin/request-key and nfsidmap. If this fails (if /etc/request-key.conf is not configured properly) then the idmapper will call the legacy code to perform the mapping. I left a comment stating where the legacy code begins to make it easier for somebody to remove in the future. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Showing 4 changed files with 37 additions and 82 deletions Side-by-side Diff
fs/nfs/Kconfig
| ... | ... | @@ -132,15 +132,4 @@ |
| 132 | 132 | select DNS_RESOLVER |
| 133 | 133 | select KEYS |
| 134 | 134 | default y |
| 135 | - | |
| 136 | -config NFS_USE_NEW_IDMAPPER | |
| 137 | - bool "Use the new idmapper upcall routine" | |
| 138 | - depends on NFS_V4 && KEYS | |
| 139 | - help | |
| 140 | - Say Y here if you want NFS to use the new idmapper upcall functions. | |
| 141 | - You will need /sbin/request-key (usually provided by the keyutils | |
| 142 | - package). For details, read | |
| 143 | - <file:Documentation/filesystems/nfs/idmapper.txt>. | |
| 144 | - | |
| 145 | - If you are unsure, say N. |
fs/nfs/idmap.c
| ... | ... | @@ -142,8 +142,6 @@ |
| 142 | 142 | return snprintf(buf, buflen, "%u", id); |
| 143 | 143 | } |
| 144 | 144 | |
| 145 | -#ifdef CONFIG_NFS_USE_NEW_IDMAPPER | |
| 146 | - | |
| 147 | 145 | #include <linux/cred.h> |
| 148 | 146 | #include <linux/sunrpc/sched.h> |
| 149 | 147 | #include <linux/nfs4.h> |
| ... | ... | @@ -169,7 +167,7 @@ |
| 169 | 167 | .read = user_read, |
| 170 | 168 | }; |
| 171 | 169 | |
| 172 | -int nfs_idmap_init(void) | |
| 170 | +static int nfs_idmap_init_keyring(void) | |
| 173 | 171 | { |
| 174 | 172 | struct cred *cred; |
| 175 | 173 | struct key *keyring; |
| ... | ... | @@ -211,7 +209,7 @@ |
| 211 | 209 | return ret; |
| 212 | 210 | } |
| 213 | 211 | |
| 214 | -void nfs_idmap_quit(void) | |
| 212 | +static void nfs_idmap_quit_keyring(void) | |
| 215 | 213 | { |
| 216 | 214 | key_revoke(id_resolver_cache->thread_keyring); |
| 217 | 215 | unregister_key_type(&key_type_id_resolver); |
| ... | ... | @@ -328,43 +326,7 @@ |
| 328 | 326 | return ret; |
| 329 | 327 | } |
| 330 | 328 | |
| 331 | -int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) | |
| 332 | -{ | |
| 333 | - if (nfs_map_string_to_numeric(name, namelen, uid)) | |
| 334 | - return 0; | |
| 335 | - return nfs_idmap_lookup_id(name, namelen, "uid", uid); | |
| 336 | -} | |
| 337 | - | |
| 338 | -int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid) | |
| 339 | -{ | |
| 340 | - if (nfs_map_string_to_numeric(name, namelen, gid)) | |
| 341 | - return 0; | |
| 342 | - return nfs_idmap_lookup_id(name, namelen, "gid", gid); | |
| 343 | -} | |
| 344 | - | |
| 345 | -int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) | |
| 346 | -{ | |
| 347 | - int ret = -EINVAL; | |
| 348 | - | |
| 349 | - if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | |
| 350 | - ret = nfs_idmap_lookup_name(uid, "user", buf, buflen); | |
| 351 | - if (ret < 0) | |
| 352 | - ret = nfs_map_numeric_to_string(uid, buf, buflen); | |
| 353 | - return ret; | |
| 354 | -} | |
| 355 | -int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen) | |
| 356 | -{ | |
| 357 | - int ret = -EINVAL; | |
| 358 | - | |
| 359 | - if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | |
| 360 | - ret = nfs_idmap_lookup_name(gid, "group", buf, buflen); | |
| 361 | - if (ret < 0) | |
| 362 | - ret = nfs_map_numeric_to_string(gid, buf, buflen); | |
| 363 | - return ret; | |
| 364 | -} | |
| 365 | - | |
| 366 | -#else /* CONFIG_NFS_USE_NEW_IDMAPPER not defined */ | |
| 367 | - | |
| 329 | +/* idmap classic begins here */ | |
| 368 | 330 | #include <linux/module.h> |
| 369 | 331 | #include <linux/mutex.h> |
| 370 | 332 | #include <linux/init.h> |
| 371 | 333 | |
| ... | ... | @@ -600,12 +562,21 @@ |
| 600 | 562 | |
| 601 | 563 | int nfs_idmap_init(void) |
| 602 | 564 | { |
| 603 | - return rpc_pipefs_notifier_register(&nfs_idmap_block); | |
| 565 | + int ret; | |
| 566 | + ret = nfs_idmap_init_keyring(); | |
| 567 | + if (ret != 0) | |
| 568 | + goto out; | |
| 569 | + ret = rpc_pipefs_notifier_register(&nfs_idmap_block); | |
| 570 | + if (ret != 0) | |
| 571 | + nfs_idmap_quit_keyring(); | |
| 572 | +out: | |
| 573 | + return ret; | |
| 604 | 574 | } |
| 605 | 575 | |
| 606 | 576 | void nfs_idmap_quit(void) |
| 607 | 577 | { |
| 608 | 578 | rpc_pipefs_notifier_unregister(&nfs_idmap_block); |
| 579 | + nfs_idmap_quit_keyring(); | |
| 609 | 580 | } |
| 610 | 581 | |
| 611 | 582 | /* |
| 612 | 583 | |
| 613 | 584 | |
| 614 | 585 | |
| 615 | 586 | |
| 616 | 587 | |
| ... | ... | @@ -930,19 +901,27 @@ |
| 930 | 901 | int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) |
| 931 | 902 | { |
| 932 | 903 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 904 | + int ret = -EINVAL; | |
| 933 | 905 | |
| 934 | 906 | if (nfs_map_string_to_numeric(name, namelen, uid)) |
| 935 | 907 | return 0; |
| 936 | - return nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid); | |
| 908 | + ret = nfs_idmap_lookup_id(name, namelen, "uid", uid); | |
| 909 | + if (ret < 0) | |
| 910 | + ret = nfs_idmap_id(idmap, &idmap->idmap_user_hash, name, namelen, uid); | |
| 911 | + return ret; | |
| 937 | 912 | } |
| 938 | 913 | |
| 939 | -int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *uid) | |
| 914 | +int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, __u32 *gid) | |
| 940 | 915 | { |
| 941 | 916 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 917 | + int ret = -EINVAL; | |
| 942 | 918 | |
| 943 | - if (nfs_map_string_to_numeric(name, namelen, uid)) | |
| 919 | + if (nfs_map_string_to_numeric(name, namelen, gid)) | |
| 944 | 920 | return 0; |
| 945 | - return nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, uid); | |
| 921 | + ret = nfs_idmap_lookup_id(name, namelen, "gid", gid); | |
| 922 | + if (ret < 0) | |
| 923 | + ret = nfs_idmap_id(idmap, &idmap->idmap_group_hash, name, namelen, gid); | |
| 924 | + return ret; | |
| 946 | 925 | } |
| 947 | 926 | |
| 948 | 927 | int nfs_map_uid_to_name(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) |
| 949 | 928 | |
| 950 | 929 | |
| 951 | 930 | |
| 952 | 931 | |
| ... | ... | @@ -950,23 +929,27 @@ |
| 950 | 929 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 951 | 930 | int ret = -EINVAL; |
| 952 | 931 | |
| 953 | - if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | |
| 954 | - ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf); | |
| 932 | + if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) { | |
| 933 | + ret = nfs_idmap_lookup_name(uid, "user", buf, buflen); | |
| 934 | + if (ret < 0) | |
| 935 | + ret = nfs_idmap_name(idmap, &idmap->idmap_user_hash, uid, buf); | |
| 936 | + } | |
| 955 | 937 | if (ret < 0) |
| 956 | 938 | ret = nfs_map_numeric_to_string(uid, buf, buflen); |
| 957 | 939 | return ret; |
| 958 | 940 | } |
| 959 | -int nfs_map_gid_to_group(const struct nfs_server *server, __u32 uid, char *buf, size_t buflen) | |
| 941 | +int nfs_map_gid_to_group(const struct nfs_server *server, __u32 gid, char *buf, size_t buflen) | |
| 960 | 942 | { |
| 961 | 943 | struct idmap *idmap = server->nfs_client->cl_idmap; |
| 962 | 944 | int ret = -EINVAL; |
| 963 | 945 | |
| 964 | - if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) | |
| 965 | - ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, uid, buf); | |
| 946 | + if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) { | |
| 947 | + ret = nfs_idmap_lookup_name(gid, "group", buf, buflen); | |
| 948 | + if (ret < 0) | |
| 949 | + ret = nfs_idmap_name(idmap, &idmap->idmap_group_hash, gid, buf); | |
| 950 | + } | |
| 966 | 951 | if (ret < 0) |
| 967 | - ret = nfs_map_numeric_to_string(uid, buf, buflen); | |
| 952 | + ret = nfs_map_numeric_to_string(gid, buf, buflen); | |
| 968 | 953 | return ret; |
| 969 | 954 | } |
| 970 | - | |
| 971 | -#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ |
fs/nfs/sysctl.c
| ... | ... | @@ -32,7 +32,6 @@ |
| 32 | 32 | .extra1 = (int *)&nfs_set_port_min, |
| 33 | 33 | .extra2 = (int *)&nfs_set_port_max, |
| 34 | 34 | }, |
| 35 | -#ifndef CONFIG_NFS_USE_NEW_IDMAPPER | |
| 36 | 35 | { |
| 37 | 36 | .procname = "idmap_cache_timeout", |
| 38 | 37 | .data = &nfs_idmap_cache_timeout, |
| ... | ... | @@ -40,7 +39,6 @@ |
| 40 | 39 | .mode = 0644, |
| 41 | 40 | .proc_handler = proc_dointvec_jiffies, |
| 42 | 41 | }, |
| 43 | -#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ | |
| 44 | 42 | #endif |
| 45 | 43 | { |
| 46 | 44 | .procname = "nfs_mountpoint_timeout", |
include/linux/nfs_idmap.h
| ... | ... | @@ -82,23 +82,8 @@ |
| 82 | 82 | {} |
| 83 | 83 | #endif |
| 84 | 84 | |
| 85 | -#ifdef CONFIG_NFS_USE_NEW_IDMAPPER | |
| 86 | - | |
| 87 | -static inline int nfs_idmap_new(struct nfs_client *clp) | |
| 88 | -{ | |
| 89 | - return 0; | |
| 90 | -} | |
| 91 | - | |
| 92 | -static inline void nfs_idmap_delete(struct nfs_client *clp) | |
| 93 | -{ | |
| 94 | -} | |
| 95 | - | |
| 96 | -#else /* CONFIG_NFS_USE_NEW_IDMAPPER not set */ | |
| 97 | - | |
| 98 | 85 | int nfs_idmap_new(struct nfs_client *); |
| 99 | 86 | void nfs_idmap_delete(struct nfs_client *); |
| 100 | - | |
| 101 | -#endif /* CONFIG_NFS_USE_NEW_IDMAPPER */ | |
| 102 | 87 | |
| 103 | 88 | void nfs_fattr_init_names(struct nfs_fattr *fattr, |
| 104 | 89 | struct nfs4_string *owner_name, |