2 * Mapping of UID/GIDs to name and vice versa.
4 * Copyright (c) 2002, 2003 The Regents of the University of
5 * Michigan. All rights reserved.
7 * Marius Aamodt Eriksen <marius@umich.edu>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include <linux/module.h>
36 #include <linux/seq_file.h>
37 #include <linux/sched.h>
38 #include <linux/slab.h>
39 #include <net/net_namespace.h>
44 * Turn off idmapping when using AUTH_SYS.
46 static bool nfs4_disable_idmapping
= true;
47 module_param(nfs4_disable_idmapping
, bool, 0644);
48 MODULE_PARM_DESC(nfs4_disable_idmapping
,
49 "Turn off server's NFSv4 idmapping when using 'sec=sys'");
56 * XXX we know that IDMAP_NAMESZ < PAGE_SIZE, but it's ugly to rely on
60 #define IDMAP_TYPE_USER 0
61 #define IDMAP_TYPE_GROUP 1
65 int type
; /* User / Group */
67 char name
[IDMAP_NAMESZ
];
68 char authname
[IDMAP_NAMESZ
];
71 /* Common entry handling */
73 #define ENT_HASHBITS 8
74 #define ENT_HASHMAX (1 << ENT_HASHBITS)
77 ent_init(struct cache_head
*cnew
, struct cache_head
*citm
)
79 struct ent
*new = container_of(cnew
, struct ent
, h
);
80 struct ent
*itm
= container_of(citm
, struct ent
, h
);
83 new->type
= itm
->type
;
85 strlcpy(new->name
, itm
->name
, sizeof(new->name
));
86 strlcpy(new->authname
, itm
->authname
, sizeof(new->name
));
90 ent_put(struct kref
*ref
)
92 struct ent
*map
= container_of(ref
, struct ent
, h
.ref
);
96 static struct cache_head
*
99 struct ent
*e
= kmalloc(sizeof(*e
), GFP_KERNEL
);
110 static struct cache_head
*idtoname_table
[ENT_HASHMAX
];
113 idtoname_hash(struct ent
*ent
)
117 hash
= hash_str(ent
->authname
, ENT_HASHBITS
);
118 hash
= hash_long(hash
^ ent
->id
, ENT_HASHBITS
);
120 /* Flip LSB for user/group */
121 if (ent
->type
== IDMAP_TYPE_GROUP
)
128 idtoname_request(struct cache_detail
*cd
, struct cache_head
*ch
, char **bpp
,
131 struct ent
*ent
= container_of(ch
, struct ent
, h
);
134 qword_add(bpp
, blen
, ent
->authname
);
135 snprintf(idstr
, sizeof(idstr
), "%u", ent
->id
);
136 qword_add(bpp
, blen
, ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user");
137 qword_add(bpp
, blen
, idstr
);
143 idtoname_upcall(struct cache_detail
*cd
, struct cache_head
*ch
)
145 return sunrpc_cache_pipe_upcall(cd
, ch
, idtoname_request
);
149 idtoname_match(struct cache_head
*ca
, struct cache_head
*cb
)
151 struct ent
*a
= container_of(ca
, struct ent
, h
);
152 struct ent
*b
= container_of(cb
, struct ent
, h
);
154 return (a
->id
== b
->id
&& a
->type
== b
->type
&&
155 strcmp(a
->authname
, b
->authname
) == 0);
159 idtoname_show(struct seq_file
*m
, struct cache_detail
*cd
, struct cache_head
*h
)
164 seq_puts(m
, "#domain type id [name]\n");
167 ent
= container_of(h
, struct ent
, h
);
168 seq_printf(m
, "%s %s %u", ent
->authname
,
169 ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user",
171 if (test_bit(CACHE_VALID
, &h
->flags
))
172 seq_printf(m
, " %s", ent
->name
);
178 warn_no_idmapd(struct cache_detail
*detail
, int has_died
)
180 printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
181 has_died
? "died" : "not been started");
185 static int idtoname_parse(struct cache_detail
*, char *, int);
186 static struct ent
*idtoname_lookup(struct cache_detail
*, struct ent
*);
187 static struct ent
*idtoname_update(struct cache_detail
*, struct ent
*,
190 static struct cache_detail idtoname_cache
= {
191 .owner
= THIS_MODULE
,
192 .hash_size
= ENT_HASHMAX
,
193 .hash_table
= idtoname_table
,
194 .name
= "nfs4.idtoname",
195 .cache_put
= ent_put
,
196 .cache_upcall
= idtoname_upcall
,
197 .cache_parse
= idtoname_parse
,
198 .cache_show
= idtoname_show
,
199 .warn_no_listener
= warn_no_idmapd
,
200 .match
= idtoname_match
,
207 idtoname_parse(struct cache_detail
*cd
, char *buf
, int buflen
)
209 struct ent ent
, *res
;
214 if (buf
[buflen
- 1] != '\n')
216 buf
[buflen
- 1]= '\0';
218 buf1
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
222 memset(&ent
, 0, sizeof(ent
));
224 /* Authentication name */
225 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
227 memcpy(ent
.authname
, buf1
, sizeof(ent
.authname
));
230 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
232 ent
.type
= strcmp(buf1
, "user") == 0 ?
233 IDMAP_TYPE_USER
: IDMAP_TYPE_GROUP
;
236 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
238 ent
.id
= simple_strtoul(buf1
, &bp
, 10);
243 ent
.h
.expiry_time
= get_expiry(&buf
);
244 if (ent
.h
.expiry_time
== 0)
248 res
= idtoname_lookup(cd
, &ent
);
254 len
= qword_get(&buf
, buf1
, PAGE_SIZE
);
258 set_bit(CACHE_NEGATIVE
, &ent
.h
.flags
);
259 else if (len
>= IDMAP_NAMESZ
)
262 memcpy(ent
.name
, buf1
, sizeof(ent
.name
));
264 res
= idtoname_update(cd
, &ent
, res
);
268 cache_put(&res
->h
, cd
);
279 idtoname_lookup(struct cache_detail
*cd
, struct ent
*item
)
281 struct cache_head
*ch
= sunrpc_cache_lookup(cd
, &item
->h
,
282 idtoname_hash(item
));
284 return container_of(ch
, struct ent
, h
);
290 idtoname_update(struct cache_detail
*cd
, struct ent
*new, struct ent
*old
)
292 struct cache_head
*ch
= sunrpc_cache_update(cd
, &new->h
, &old
->h
,
295 return container_of(ch
, struct ent
, h
);
305 static struct cache_head
*nametoid_table
[ENT_HASHMAX
];
308 nametoid_hash(struct ent
*ent
)
310 return hash_str(ent
->name
, ENT_HASHBITS
);
314 nametoid_request(struct cache_detail
*cd
, struct cache_head
*ch
, char **bpp
,
317 struct ent
*ent
= container_of(ch
, struct ent
, h
);
319 qword_add(bpp
, blen
, ent
->authname
);
320 qword_add(bpp
, blen
, ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user");
321 qword_add(bpp
, blen
, ent
->name
);
327 nametoid_upcall(struct cache_detail
*cd
, struct cache_head
*ch
)
329 return sunrpc_cache_pipe_upcall(cd
, ch
, nametoid_request
);
333 nametoid_match(struct cache_head
*ca
, struct cache_head
*cb
)
335 struct ent
*a
= container_of(ca
, struct ent
, h
);
336 struct ent
*b
= container_of(cb
, struct ent
, h
);
338 return (a
->type
== b
->type
&& strcmp(a
->name
, b
->name
) == 0 &&
339 strcmp(a
->authname
, b
->authname
) == 0);
343 nametoid_show(struct seq_file
*m
, struct cache_detail
*cd
, struct cache_head
*h
)
348 seq_puts(m
, "#domain type name [id]\n");
351 ent
= container_of(h
, struct ent
, h
);
352 seq_printf(m
, "%s %s %s", ent
->authname
,
353 ent
->type
== IDMAP_TYPE_GROUP
? "group" : "user",
355 if (test_bit(CACHE_VALID
, &h
->flags
))
356 seq_printf(m
, " %u", ent
->id
);
361 static struct ent
*nametoid_lookup(struct cache_detail
*, struct ent
*);
362 static struct ent
*nametoid_update(struct cache_detail
*, struct ent
*,
364 static int nametoid_parse(struct cache_detail
*, char *, int);
366 static struct cache_detail nametoid_cache
= {
367 .owner
= THIS_MODULE
,
368 .hash_size
= ENT_HASHMAX
,
369 .hash_table
= nametoid_table
,
370 .name
= "nfs4.nametoid",
371 .cache_put
= ent_put
,
372 .cache_upcall
= nametoid_upcall
,
373 .cache_parse
= nametoid_parse
,
374 .cache_show
= nametoid_show
,
375 .warn_no_listener
= warn_no_idmapd
,
376 .match
= nametoid_match
,
383 nametoid_parse(struct cache_detail
*cd
, char *buf
, int buflen
)
385 struct ent ent
, *res
;
389 if (buf
[buflen
- 1] != '\n')
391 buf
[buflen
- 1]= '\0';
393 buf1
= kmalloc(PAGE_SIZE
, GFP_KERNEL
);
397 memset(&ent
, 0, sizeof(ent
));
399 /* Authentication name */
400 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
402 memcpy(ent
.authname
, buf1
, sizeof(ent
.authname
));
405 if (qword_get(&buf
, buf1
, PAGE_SIZE
) <= 0)
407 ent
.type
= strcmp(buf1
, "user") == 0 ?
408 IDMAP_TYPE_USER
: IDMAP_TYPE_GROUP
;
411 error
= qword_get(&buf
, buf1
, PAGE_SIZE
);
412 if (error
<= 0 || error
>= IDMAP_NAMESZ
)
414 memcpy(ent
.name
, buf1
, sizeof(ent
.name
));
417 ent
.h
.expiry_time
= get_expiry(&buf
);
418 if (ent
.h
.expiry_time
== 0)
422 error
= get_int(&buf
, &ent
.id
);
423 if (error
== -EINVAL
)
425 if (error
== -ENOENT
)
426 set_bit(CACHE_NEGATIVE
, &ent
.h
.flags
);
429 res
= nametoid_lookup(cd
, &ent
);
432 res
= nametoid_update(cd
, &ent
, res
);
436 cache_put(&res
->h
, cd
);
446 nametoid_lookup(struct cache_detail
*cd
, struct ent
*item
)
448 struct cache_head
*ch
= sunrpc_cache_lookup(cd
, &item
->h
,
449 nametoid_hash(item
));
451 return container_of(ch
, struct ent
, h
);
457 nametoid_update(struct cache_detail
*cd
, struct ent
*new, struct ent
*old
)
459 struct cache_head
*ch
= sunrpc_cache_update(cd
, &new->h
, &old
->h
,
462 return container_of(ch
, struct ent
, h
);
472 nfsd_idmap_init(void)
476 rv
= cache_register_net(&idtoname_cache
, &init_net
);
479 rv
= cache_register_net(&nametoid_cache
, &init_net
);
481 cache_unregister_net(&idtoname_cache
, &init_net
);
486 nfsd_idmap_shutdown(void)
488 cache_unregister_net(&idtoname_cache
, &init_net
);
489 cache_unregister_net(&nametoid_cache
, &init_net
);
493 idmap_lookup(struct svc_rqst
*rqstp
,
494 struct ent
*(*lookup_fn
)(struct cache_detail
*, struct ent
*),
495 struct ent
*key
, struct cache_detail
*detail
, struct ent
**item
)
499 *item
= lookup_fn(detail
, key
);
503 ret
= cache_check(detail
, &(*item
)->h
, &rqstp
->rq_chandle
);
505 if (ret
== -ETIMEDOUT
) {
506 struct ent
*prev_item
= *item
;
507 *item
= lookup_fn(detail
, key
);
508 if (*item
!= prev_item
)
510 cache_put(&(*item
)->h
, detail
);
516 rqst_authname(struct svc_rqst
*rqstp
)
518 struct auth_domain
*clp
;
520 clp
= rqstp
->rq_gssclient
? rqstp
->rq_gssclient
: rqstp
->rq_client
;
525 idmap_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
,
528 struct ent
*item
, key
= {
533 if (namelen
+ 1 > sizeof(key
.name
))
534 return nfserr_badowner
;
535 memcpy(key
.name
, name
, namelen
);
536 key
.name
[namelen
] = '\0';
537 strlcpy(key
.authname
, rqst_authname(rqstp
), sizeof(key
.authname
));
538 ret
= idmap_lookup(rqstp
, nametoid_lookup
, &key
, &nametoid_cache
, &item
);
540 return nfserr_badowner
;
542 return nfserrno(ret
);
544 cache_put(&item
->h
, &nametoid_cache
);
549 idmap_id_to_name(struct svc_rqst
*rqstp
, int type
, uid_t id
, char *name
)
551 struct ent
*item
, key
= {
557 strlcpy(key
.authname
, rqst_authname(rqstp
), sizeof(key
.authname
));
558 ret
= idmap_lookup(rqstp
, idtoname_lookup
, &key
, &idtoname_cache
, &item
);
560 return sprintf(name
, "%u", id
);
563 ret
= strlen(item
->name
);
564 BUG_ON(ret
> IDMAP_NAMESZ
);
565 memcpy(name
, item
->name
, ret
);
566 cache_put(&item
->h
, &idtoname_cache
);
571 numeric_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
, uid_t
*id
)
576 if (namelen
+ 1 > sizeof(buf
))
577 /* too long to represent a 32-bit id: */
579 /* Just to make sure it's null-terminated: */
580 memcpy(buf
, name
, namelen
);
582 ret
= kstrtouint(name
, 10, id
);
587 do_name_to_id(struct svc_rqst
*rqstp
, int type
, const char *name
, u32 namelen
, uid_t
*id
)
589 if (nfs4_disable_idmapping
&& rqstp
->rq_flavor
< RPC_AUTH_GSS
)
590 if (numeric_name_to_id(rqstp
, type
, name
, namelen
, id
))
593 * otherwise, fall through and try idmapping, for
594 * backwards compatibility with clients sending names:
596 return idmap_name_to_id(rqstp
, type
, name
, namelen
, id
);
600 do_id_to_name(struct svc_rqst
*rqstp
, int type
, uid_t id
, char *name
)
602 if (nfs4_disable_idmapping
&& rqstp
->rq_flavor
< RPC_AUTH_GSS
)
603 return sprintf(name
, "%u", id
);
604 return idmap_id_to_name(rqstp
, type
, id
, name
);
608 nfsd_map_name_to_uid(struct svc_rqst
*rqstp
, const char *name
, size_t namelen
,
611 return do_name_to_id(rqstp
, IDMAP_TYPE_USER
, name
, namelen
, id
);
615 nfsd_map_name_to_gid(struct svc_rqst
*rqstp
, const char *name
, size_t namelen
,
618 return do_name_to_id(rqstp
, IDMAP_TYPE_GROUP
, name
, namelen
, id
);
622 nfsd_map_uid_to_name(struct svc_rqst
*rqstp
, __u32 id
, char *name
)
624 return do_id_to_name(rqstp
, IDMAP_TYPE_USER
, id
, name
);
628 nfsd_map_gid_to_name(struct svc_rqst
*rqstp
, __u32 id
, char *name
)
630 return do_id_to_name(rqstp
, IDMAP_TYPE_GROUP
, id
, name
);