2 * Mapping of UID/GIDs to name and vice versa.
4 * Copyright (c) 2002, 2003 The Regents of the University of
5 * Michigan. All rights reserved.
7 * Marius Aamodt Eriksen <marius@umich.edu>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <linux/module.h>
36 #include <linux/seq_file.h>
37 #include <linux/sched.h>
38 #include <linux/slab.h>
39 #include <linux/sunrpc/svc_xprt.h>
40 #include <net/net_namespace.h>
46 * Turn off idmapping when using AUTH_SYS.
48 static bool nfs4_disable_idmapping
= true;
49 module_param(nfs4_disable_idmapping
, bool, 0644);
50 MODULE_PARM_DESC(nfs4_disable_idmapping
,
51 "Turn off server's NFSv4 idmapping when using 'sec=sys'");
58 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
64 int type
; /* User / Group */
66 char name
[IDMAP_NAMESZ
];
67 char authname
[IDMAP_NAMESZ
];
70 /* Common entry handling */
72 #define ENT_HASHBITS 8
73 #define ENT_HASHMAX (1 << ENT_HASHBITS)
76 ent_init(struct cache_head
*cnew
, struct cache_head
*citm
)
78 struct ent
*new = container_of(cnew
, struct ent
, h
);
79 struct ent
*itm
= container_of(citm
, struct ent
, h
);
82 new->type
= itm
->type
;
84 strlcpy(new->name
, itm
->name
, sizeof(new->name
));
85 strlcpy(new->authname
, itm
->authname
, sizeof(new->name
));
89 ent_put(struct kref
*ref
)
91 struct ent
*map
= container_of(ref
, struct ent
, h
.ref
);
95 static struct cache_head
*
98 struct ent
*e
= kmalloc(sizeof(*e
), GFP_KERNEL
);
110 idtoname_hash(struct ent
*ent
)
114 hash
= hash_str(ent
->authname
, ENT_HASHBITS
);
115 hash
= hash_long(hash
^ ent
->id
, ENT_HASHBITS
);
117 /* Flip LSB for user/group */
118 if (ent
->type
== IDMAP_TYPE_GROUP
)
125 idtoname_request(struct cache_detail
*cd
, struct cache_head
*ch
, char **bpp
,
128 struct ent
*ent
= container_of(ch
, struct ent
, h
);
131 qword_add(bpp
, blen
, ent
->authname
);
132 snprintf(idstr
, sizeof(idstr
), "%u", ent
->id
);
133 qword_add(bpp
, blen
, ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user");
134 qword_add(bpp
, blen
, idstr
);
140 idtoname_match(struct cache_head
*ca
, struct cache_head
*cb
)
142 struct ent
*a
= container_of(ca
, struct ent
, h
);
143 struct ent
*b
= container_of(cb
, struct ent
, h
);
145 return (a
->id
== b
->id
&& a
->type
== b
->type
&&
146 strcmp(a
->authname
, b
->authname
) == 0);
150 idtoname_show(struct seq_file
*m
, struct cache_detail
*cd
, struct cache_head
*h
)
155 seq_puts(m
, "#domain type id [name]\n");
158 ent
= container_of(h
, struct ent
, h
);
159 seq_printf(m
, "%s %s %u", ent
->authname
,
160 ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user",
162 if (test_bit(CACHE_VALID
, &h
->flags
))
163 seq_printf(m
, " %s", ent
->name
);
169 warn_no_idmapd(struct cache_detail
*detail
, int has_died
)
171 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
172 has_died
? "died" : "not been started");
176 static int idtoname_parse(struct cache_detail
*, char *, int);
177 static struct ent
*idtoname_lookup(struct cache_detail
*, struct ent
*);
178 static struct ent
*idtoname_update(struct cache_detail
*, struct ent
*,
181 static struct cache_detail idtoname_cache_template
= {
182 .owner
= THIS_MODULE
,
183 .hash_size
= ENT_HASHMAX
,
184 .name
= "nfs4.idtoname",
185 .cache_put
= ent_put
,
186 .cache_request
= idtoname_request
,
187 .cache_parse
= idtoname_parse
,
188 .cache_show
= idtoname_show
,
189 .warn_no_listener
= warn_no_idmapd
,
190 .match
= idtoname_match
,
197 idtoname_parse(struct cache_detail
*cd
, char *buf
, int buflen
)
199 struct ent ent
, *res
;
204 if (buf
[buflen
- 1] != '\n')
206 buf
[buflen
- 1]= '\0';
208 buf1
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
212 memset(&ent
, 0, sizeof(ent
));
214 /* Authentication name */
215 len
= qword_get(&buf
, buf1
, PAGE_SIZE
);
216 if (len
<= 0 || len
>= IDMAP_NAMESZ
)
218 memcpy(ent
.authname
, buf1
, sizeof(ent
.authname
));
221 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
223 ent
.type
= strcmp(buf1
, "user") == 0 ?
224 IDMAP_TYPE_USER
: IDMAP_TYPE_GROUP
;
227 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
229 ent
.id
= simple_strtoul(buf1
, &bp
, 10);
234 ent
.h
.expiry_time
= get_expiry(&buf
);
235 if (ent
.h
.expiry_time
== 0)
239 res
= idtoname_lookup(cd
, &ent
);
245 len
= qword_get(&buf
, buf1
, PAGE_SIZE
);
246 if (len
< 0 || len
>= IDMAP_NAMESZ
)
249 set_bit(CACHE_NEGATIVE
, &ent
.h
.flags
);
251 memcpy(ent
.name
, buf1
, sizeof(ent
.name
));
253 res
= idtoname_update(cd
, &ent
, res
);
257 cache_put(&res
->h
, cd
);
265 idtoname_lookup(struct cache_detail
*cd
, struct ent
*item
)
267 struct cache_head
*ch
= sunrpc_cache_lookup(cd
, &item
->h
,
268 idtoname_hash(item
));
270 return container_of(ch
, struct ent
, h
);
276 idtoname_update(struct cache_detail
*cd
, struct ent
*new, struct ent
*old
)
278 struct cache_head
*ch
= sunrpc_cache_update(cd
, &new->h
, &old
->h
,
281 return container_of(ch
, struct ent
, h
);
292 nametoid_hash(struct ent
*ent
)
294 return hash_str(ent
->name
, ENT_HASHBITS
);
298 nametoid_request(struct cache_detail
*cd
, struct cache_head
*ch
, char **bpp
,
301 struct ent
*ent
= container_of(ch
, struct ent
, h
);
303 qword_add(bpp
, blen
, ent
->authname
);
304 qword_add(bpp
, blen
, ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user");
305 qword_add(bpp
, blen
, ent
->name
);
311 nametoid_match(struct cache_head
*ca
, struct cache_head
*cb
)
313 struct ent
*a
= container_of(ca
, struct ent
, h
);
314 struct ent
*b
= container_of(cb
, struct ent
, h
);
316 return (a
->type
== b
->type
&& strcmp(a
->name
, b
->name
) == 0 &&
317 strcmp(a
->authname
, b
->authname
) == 0);
321 nametoid_show(struct seq_file
*m
, struct cache_detail
*cd
, struct cache_head
*h
)
326 seq_puts(m
, "#domain type name [id]\n");
329 ent
= container_of(h
, struct ent
, h
);
330 seq_printf(m
, "%s %s %s", ent
->authname
,
331 ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user",
333 if (test_bit(CACHE_VALID
, &h
->flags
))
334 seq_printf(m
, " %u", ent
->id
);
339 static struct ent
*nametoid_lookup(struct cache_detail
*, struct ent
*);
340 static struct ent
*nametoid_update(struct cache_detail
*, struct ent
*,
342 static int nametoid_parse(struct cache_detail
*, char *, int);
344 static struct cache_detail nametoid_cache_template
= {
345 .owner
= THIS_MODULE
,
346 .hash_size
= ENT_HASHMAX
,
347 .name
= "nfs4.nametoid",
348 .cache_put
= ent_put
,
349 .cache_request
= nametoid_request
,
350 .cache_parse
= nametoid_parse
,
351 .cache_show
= nametoid_show
,
352 .warn_no_listener
= warn_no_idmapd
,
353 .match
= nametoid_match
,
360 nametoid_parse(struct cache_detail
*cd
, char *buf
, int buflen
)
362 struct ent ent
, *res
;
364 int len
, error
= -EINVAL
;
366 if (buf
[buflen
- 1] != '\n')
368 buf
[buflen
- 1]= '\0';
370 buf1
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
374 memset(&ent
, 0, sizeof(ent
));
376 /* Authentication name */
377 len
= qword_get(&buf
, buf1
, PAGE_SIZE
);
378 if (len
<= 0 || len
>= IDMAP_NAMESZ
)
380 memcpy(ent
.authname
, buf1
, sizeof(ent
.authname
));
383 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
385 ent
.type
= strcmp(buf1
, "user") == 0 ?
386 IDMAP_TYPE_USER
: IDMAP_TYPE_GROUP
;
389 len
= qword_get(&buf
, buf1
, PAGE_SIZE
);
390 if (len
<= 0 || len
>= IDMAP_NAMESZ
)
392 memcpy(ent
.name
, buf1
, sizeof(ent
.name
));
395 ent
.h
.expiry_time
= get_expiry(&buf
);
396 if (ent
.h
.expiry_time
== 0)
400 error
= get_int(&buf
, &ent
.id
);
401 if (error
== -EINVAL
)
403 if (error
== -ENOENT
)
404 set_bit(CACHE_NEGATIVE
, &ent
.h
.flags
);
407 res
= nametoid_lookup(cd
, &ent
);
410 res
= nametoid_update(cd
, &ent
, res
);
414 cache_put(&res
->h
, cd
);
423 nametoid_lookup(struct cache_detail
*cd
, struct ent
*item
)
425 struct cache_head
*ch
= sunrpc_cache_lookup(cd
, &item
->h
,
426 nametoid_hash(item
));
428 return container_of(ch
, struct ent
, h
);
434 nametoid_update(struct cache_detail
*cd
, struct ent
*new, struct ent
*old
)
436 struct cache_head
*ch
= sunrpc_cache_update(cd
, &new->h
, &old
->h
,
439 return container_of(ch
, struct ent
, h
);
449 nfsd_idmap_init(struct net
*net
)
452 struct nfsd_net
*nn
= net_generic(net
, nfsd_net_id
);
454 nn
->idtoname_cache
= cache_create_net(&idtoname_cache_template
, net
);
455 if (IS_ERR(nn
->idtoname_cache
))
456 return PTR_ERR(nn
->idtoname_cache
);
457 rv
= cache_register_net(nn
->idtoname_cache
, net
);
459 goto destroy_idtoname_cache
;
460 nn
->nametoid_cache
= cache_create_net(&nametoid_cache_template
, net
);
461 if (IS_ERR(nn
->nametoid_cache
)) {
462 rv
= PTR_ERR(nn
->nametoid_cache
);
463 goto unregister_idtoname_cache
;
465 rv
= cache_register_net(nn
->nametoid_cache
, net
);
467 goto destroy_nametoid_cache
;
470 destroy_nametoid_cache
:
471 cache_destroy_net(nn
->nametoid_cache
, net
);
472 unregister_idtoname_cache
:
473 cache_unregister_net(nn
->idtoname_cache
, net
);
474 destroy_idtoname_cache
:
475 cache_destroy_net(nn
->idtoname_cache
, net
);
480 nfsd_idmap_shutdown(struct net
*net
)
482 struct nfsd_net
*nn
= net_generic(net
, nfsd_net_id
);
484 cache_unregister_net(nn
->idtoname_cache
, net
);
485 cache_unregister_net(nn
->nametoid_cache
, net
);
486 cache_destroy_net(nn
->idtoname_cache
, net
);
487 cache_destroy_net(nn
->nametoid_cache
, net
);
491 idmap_lookup(struct svc_rqst
*rqstp
,
492 struct ent
*(*lookup_fn
)(struct cache_detail
*, struct ent
*),
493 struct ent
*key
, struct cache_detail
*detail
, struct ent
**item
)
497 *item
= lookup_fn(detail
, key
);
501 ret
= cache_check(detail
, &(*item
)->h
, &rqstp
->rq_chandle
);
503 if (ret
== -ETIMEDOUT
) {
504 struct ent
*prev_item
= *item
;
505 *item
= lookup_fn(detail
, key
);
506 if (*item
!= prev_item
)
508 cache_put(&(*item
)->h
, detail
);
514 rqst_authname(struct svc_rqst
*rqstp
)
516 struct auth_domain
*clp
;
518 clp
= rqstp
->rq_gssclient
? rqstp
->rq_gssclient
: rqstp
->rq_client
;
523 idmap_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
,
526 struct ent
*item
, key
= {
530 struct nfsd_net
*nn
= net_generic(SVC_NET(rqstp
), nfsd_net_id
);
532 if (namelen
+ 1 > sizeof(key
.name
))
533 return nfserr_badowner
;
534 memcpy(key
.name
, name
, namelen
);
535 key
.name
[namelen
] = '\0';
536 strlcpy(key
.authname
, rqst_authname(rqstp
), sizeof(key
.authname
));
537 ret
= idmap_lookup(rqstp
, nametoid_lookup
, &key
, nn
->nametoid_cache
, &item
);
539 return nfserr_badowner
;
541 return nfserrno(ret
);
543 cache_put(&item
->h
, nn
->nametoid_cache
);
547 static __be32
encode_ascii_id(struct xdr_stream
*xdr
, u32 id
)
553 len
= sprintf(buf
, "%u", id
);
554 p
= xdr_reserve_space(xdr
, len
+ 4);
556 return nfserr_resource
;
557 p
= xdr_encode_opaque(p
, buf
, len
);
561 static __be32
idmap_id_to_name(struct xdr_stream
*xdr
,
562 struct svc_rqst
*rqstp
, int type
, u32 id
)
564 struct ent
*item
, key
= {
570 struct nfsd_net
*nn
= net_generic(SVC_NET(rqstp
), nfsd_net_id
);
572 strlcpy(key
.authname
, rqst_authname(rqstp
), sizeof(key
.authname
));
573 ret
= idmap_lookup(rqstp
, idtoname_lookup
, &key
, nn
->idtoname_cache
, &item
);
575 return encode_ascii_id(xdr
, id
);
577 return nfserrno(ret
);
578 ret
= strlen(item
->name
);
579 WARN_ON_ONCE(ret
> IDMAP_NAMESZ
);
580 p
= xdr_reserve_space(xdr
, ret
+ 4);
582 return nfserr_resource
;
583 p
= xdr_encode_opaque(p
, item
->name
, ret
);
584 cache_put(&item
->h
, nn
->idtoname_cache
);
589 numeric_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
, u32
*id
)
594 if (namelen
+ 1 > sizeof(buf
))
595 /* too long to represent a 32-bit id: */
597 /* Just to make sure it's null-terminated: */
598 memcpy(buf
, name
, namelen
);
600 ret
= kstrtouint(buf
, 10, id
);
605 do_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
, u32
*id
)
607 if (nfs4_disable_idmapping
&& rqstp
->rq_cred
.cr_flavor
< RPC_AUTH_GSS
)
608 if (numeric_name_to_id(rqstp
, type
, name
, namelen
, id
))
611 * otherwise, fall through and try idmapping, for
612 * backwards compatibility with clients sending names:
614 return idmap_name_to_id(rqstp
, type
, name
, namelen
, id
);
617 static __be32
encode_name_from_id(struct xdr_stream
*xdr
,
618 struct svc_rqst
*rqstp
, int type
, u32 id
)
620 if (nfs4_disable_idmapping
&& rqstp
->rq_cred
.cr_flavor
< RPC_AUTH_GSS
)
621 return encode_ascii_id(xdr
, id
);
622 return idmap_id_to_name(xdr
, rqstp
, type
, id
);
626 nfsd_map_name_to_uid(struct svc_rqst
*rqstp
, const char *name
, size_t namelen
,
631 status
= do_name_to_id(rqstp
, IDMAP_TYPE_USER
, name
, namelen
, &id
);
632 *uid
= make_kuid(&init_user_ns
, id
);
633 if (!uid_valid(*uid
))
634 status
= nfserr_badowner
;
639 nfsd_map_name_to_gid(struct svc_rqst
*rqstp
, const char *name
, size_t namelen
,
644 status
= do_name_to_id(rqstp
, IDMAP_TYPE_GROUP
, name
, namelen
, &id
);
645 *gid
= make_kgid(&init_user_ns
, id
);
646 if (!gid_valid(*gid
))
647 status
= nfserr_badowner
;
651 __be32
nfsd4_encode_user(struct xdr_stream
*xdr
, struct svc_rqst
*rqstp
,
654 u32 id
= from_kuid(&init_user_ns
, uid
);
655 return encode_name_from_id(xdr
, rqstp
, IDMAP_TYPE_USER
, id
);
658 __be32
nfsd4_encode_group(struct xdr_stream
*xdr
, struct svc_rqst
*rqstp
,
661 u32 id
= from_kgid(&init_user_ns
, gid
);
662 return encode_name_from_id(xdr
, rqstp
, IDMAP_TYPE_GROUP
, id
);