2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* fs/nfs/idmap.c
|
|
|
|
*
|
|
|
|
* UID and GID to name mapping for clients.
|
|
|
|
*
|
|
|
|
* Copyright (c) 2002 The Regents of the University of Michigan.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Marius Aamodt Eriksen <marius@umich.edu>
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
*
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the University nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
|
|
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
|
|
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
2011-02-23 07:44:31 +08:00
|
|
|
#include <linux/types.h>
|
2012-02-25 03:14:51 +08:00
|
|
|
#include <linux/parser.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <net/net_namespace.h>
|
|
|
|
#include <linux/sunrpc/rpc_pipe_fs.h>
|
2012-01-08 02:22:46 +08:00
|
|
|
#include <linux/nfs_fs.h>
|
2012-01-27 05:54:24 +08:00
|
|
|
#include <linux/nfs_fs_sb.h>
|
2012-02-25 03:14:51 +08:00
|
|
|
#include <linux/key.h>
|
2012-01-27 05:54:24 +08:00
|
|
|
#include <linux/keyctl.h>
|
|
|
|
#include <linux/key-type.h>
|
|
|
|
#include <keys/user-type.h>
|
2019-02-15 00:20:25 +08:00
|
|
|
#include <keys/request_key_auth-type.h>
|
2012-01-27 05:54:24 +08:00
|
|
|
#include <linux/module.h>
|
2012-02-25 03:14:51 +08:00
|
|
|
|
2012-01-27 05:54:24 +08:00
|
|
|
#include "internal.h"
|
2012-01-26 19:11:41 +08:00
|
|
|
#include "netns.h"
|
2015-04-16 01:00:05 +08:00
|
|
|
#include "nfs4idmap.h"
|
2013-08-13 23:34:01 +08:00
|
|
|
#include "nfs4trace.h"
|
2012-01-27 05:54:24 +08:00
|
|
|
|
|
|
|
#define NFS_UINT_MAXLEN 11
|
|
|
|
|
2012-03-12 01:11:00 +08:00
|
|
|
static const struct cred *id_resolver_cache;
|
|
|
|
static struct key_type key_type_id_resolver_legacy;
|
2012-01-27 05:54:24 +08:00
|
|
|
|
2012-08-10 02:05:49 +08:00
|
|
|
struct idmap_legacy_upcalldata {
|
|
|
|
struct rpc_pipe_msg pipe_msg;
|
|
|
|
struct idmap_msg idmap_msg;
|
2019-02-15 00:20:25 +08:00
|
|
|
struct key *authkey;
|
2012-08-10 02:05:49 +08:00
|
|
|
struct idmap *idmap;
|
|
|
|
};
|
|
|
|
|
2012-09-28 04:15:00 +08:00
|
|
|
struct idmap {
|
2013-08-27 05:16:17 +08:00
|
|
|
struct rpc_pipe_dir_object idmap_pdo;
|
2012-09-28 04:15:00 +08:00
|
|
|
struct rpc_pipe *idmap_pipe;
|
|
|
|
struct idmap_legacy_upcalldata *idmap_upcall_data;
|
|
|
|
struct mutex idmap_mutex;
|
2019-04-25 05:46:47 +08:00
|
|
|
const struct cred *cred;
|
2012-09-28 04:15:00 +08:00
|
|
|
};
|
|
|
|
|
keys: Replace uid/gid/perm permissions checking with an ACL
Replace the uid/gid/perm permissions checking on a key with an ACL to allow
the SETATTR and SEARCH permissions to be split. This will also allow a
greater range of subjects to represented.
============
WHY DO THIS?
============
The problem is that SETATTR and SEARCH cover a slew of actions, not all of
which should be grouped together.
For SETATTR, this includes actions that are about controlling access to a
key:
(1) Changing a key's ownership.
(2) Changing a key's security information.
(3) Setting a keyring's restriction.
And actions that are about managing a key's lifetime:
(4) Setting an expiry time.
(5) Revoking a key.
and (proposed) managing a key as part of a cache:
(6) Invalidating a key.
Managing a key's lifetime doesn't really have anything to do with
controlling access to that key.
Expiry time is awkward since it's more about the lifetime of the content
and so, in some ways goes better with WRITE permission. It can, however,
be set unconditionally by a process with an appropriate authorisation token
for instantiating a key, and can also be set by the key type driver when a
key is instantiated, so lumping it with the access-controlling actions is
probably okay.
As for SEARCH permission, that currently covers:
(1) Finding keys in a keyring tree during a search.
(2) Permitting keyrings to be joined.
(3) Invalidation.
But these don't really belong together either, since these actions really
need to be controlled separately.
Finally, there are number of special cases to do with granting the
administrator special rights to invalidate or clear keys that I would like
to handle with the ACL rather than key flags and special checks.
===============
WHAT IS CHANGED
===============
The SETATTR permission is split to create two new permissions:
(1) SET_SECURITY - which allows the key's owner, group and ACL to be
changed and a restriction to be placed on a keyring.
(2) REVOKE - which allows a key to be revoked.
The SEARCH permission is split to create:
(1) SEARCH - which allows a keyring to be search and a key to be found.
(2) JOIN - which allows a keyring to be joined as a session keyring.
(3) INVAL - which allows a key to be invalidated.
The WRITE permission is also split to create:
(1) WRITE - which allows a key's content to be altered and links to be
added, removed and replaced in a keyring.
(2) CLEAR - which allows a keyring to be cleared completely. This is
split out to make it possible to give just this to an administrator.
(3) REVOKE - see above.
Keys acquire ACLs which consist of a series of ACEs, and all that apply are
unioned together. An ACE specifies a subject, such as:
(*) Possessor - permitted to anyone who 'possesses' a key
(*) Owner - permitted to the key owner
(*) Group - permitted to the key group
(*) Everyone - permitted to everyone
Note that 'Other' has been replaced with 'Everyone' on the assumption that
you wouldn't grant a permit to 'Other' that you wouldn't also grant to
everyone else.
Further subjects may be made available by later patches.
The ACE also specifies a permissions mask. The set of permissions is now:
VIEW Can view the key metadata
READ Can read the key content
WRITE Can update/modify the key content
SEARCH Can find the key by searching/requesting
LINK Can make a link to the key
SET_SECURITY Can change owner, ACL, expiry
INVAL Can invalidate
REVOKE Can revoke
JOIN Can join this keyring
CLEAR Can clear this keyring
The KEYCTL_SETPERM function is then deprecated.
The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set,
or if the caller has a valid instantiation auth token.
The KEYCTL_INVALIDATE function then requires INVAL.
The KEYCTL_REVOKE function then requires REVOKE.
The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an
existing keyring.
The JOIN permission is enabled by default for session keyrings and manually
created keyrings only.
======================
BACKWARD COMPATIBILITY
======================
To maintain backward compatibility, KEYCTL_SETPERM will translate the
permissions mask it is given into a new ACL for a key - unless
KEYCTL_SET_ACL has been called on that key, in which case an error will be
returned.
It will convert possessor, owner, group and other permissions into separate
ACEs, if each portion of the mask is non-zero.
SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE
permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned
on if a keyring is being altered.
The KEYCTL_DESCRIBE function translates the ACL back into a permissions
mask to return depending on possessor, owner, group and everyone ACEs.
It will make the following mappings:
(1) INVAL, JOIN -> SEARCH
(2) SET_SECURITY -> SETATTR
(3) REVOKE -> WRITE if SETATTR isn't already set
(4) CLEAR -> WRITE
Note that the value subsequently returned by KEYCTL_DESCRIBE may not match
the value set with KEYCTL_SETATTR.
=======
TESTING
=======
This passes the keyutils testsuite for all but a couple of tests:
(1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now
returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed
if the type doesn't have ->read(). You still can't actually read the
key.
(2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't
work as Other has been replaced with Everyone in the ACL.
Signed-off-by: David Howells <dhowells@redhat.com>
2019-06-28 06:03:07 +08:00
|
|
|
static struct key_acl nfs_idmap_key_acl = {
|
|
|
|
.usage = REFCOUNT_INIT(1),
|
|
|
|
.nr_ace = 2,
|
|
|
|
.possessor_viewable = true,
|
|
|
|
.aces = {
|
|
|
|
KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_SEARCH | KEY_ACE_READ),
|
|
|
|
KEY_OWNER_ACE(KEY_ACE_VIEW),
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct key_acl nfs_idmap_keyring_acl = {
|
|
|
|
.usage = REFCOUNT_INIT(1),
|
|
|
|
.nr_ace = 2,
|
|
|
|
.aces = {
|
|
|
|
KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
|
|
|
|
KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2019-04-25 05:46:47 +08:00
|
|
|
static struct user_namespace *idmap_userns(const struct idmap *idmap)
|
|
|
|
{
|
|
|
|
if (idmap && idmap->cred)
|
|
|
|
return idmap->cred->user_ns;
|
|
|
|
return &init_user_ns;
|
|
|
|
}
|
|
|
|
|
2012-01-08 02:22:46 +08:00
|
|
|
/**
|
|
|
|
* nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
|
|
|
|
* @fattr: fully initialised struct nfs_fattr
|
|
|
|
* @owner_name: owner name string cache
|
|
|
|
* @group_name: group name string cache
|
|
|
|
*/
|
|
|
|
void nfs_fattr_init_names(struct nfs_fattr *fattr,
|
|
|
|
struct nfs4_string *owner_name,
|
|
|
|
struct nfs4_string *group_name)
|
|
|
|
{
|
|
|
|
fattr->owner_name = owner_name;
|
|
|
|
fattr->group_name = group_name;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nfs_fattr_free_owner_name(struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
fattr->valid &= ~NFS_ATTR_FATTR_OWNER_NAME;
|
|
|
|
kfree(fattr->owner_name->data);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void nfs_fattr_free_group_name(struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
fattr->valid &= ~NFS_ATTR_FATTR_GROUP_NAME;
|
|
|
|
kfree(fattr->group_name->data);
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
struct nfs4_string *owner = fattr->owner_name;
|
2013-02-01 19:21:47 +08:00
|
|
|
kuid_t uid;
|
2012-01-08 02:22:46 +08:00
|
|
|
|
|
|
|
if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME))
|
|
|
|
return false;
|
|
|
|
if (nfs_map_name_to_uid(server, owner->data, owner->len, &uid) == 0) {
|
|
|
|
fattr->uid = uid;
|
|
|
|
fattr->valid |= NFS_ATTR_FATTR_OWNER;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
struct nfs4_string *group = fattr->group_name;
|
2013-02-01 19:21:47 +08:00
|
|
|
kgid_t gid;
|
2012-01-08 02:22:46 +08:00
|
|
|
|
|
|
|
if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME))
|
|
|
|
return false;
|
|
|
|
if (nfs_map_group_to_gid(server, group->data, group->len, &gid) == 0) {
|
|
|
|
fattr->gid = gid;
|
|
|
|
fattr->valid |= NFS_ATTR_FATTR_GROUP;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* nfs_fattr_free_names - free up the NFSv4 owner and group strings
|
|
|
|
* @fattr: a fully initialised nfs_fattr structure
|
|
|
|
*/
|
|
|
|
void nfs_fattr_free_names(struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
if (fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)
|
|
|
|
nfs_fattr_free_owner_name(fattr);
|
|
|
|
if (fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)
|
|
|
|
nfs_fattr_free_group_name(fattr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* nfs_fattr_map_and_free_names - map owner/group strings into uid/gid and free
|
|
|
|
* @server: pointer to the filesystem nfs_server structure
|
|
|
|
* @fattr: a fully initialised nfs_fattr structure
|
|
|
|
*
|
|
|
|
* This helper maps the cached NFSv4 owner/group strings in fattr into
|
|
|
|
* their numeric uid/gid equivalents, and then frees the cached strings.
|
|
|
|
*/
|
|
|
|
void nfs_fattr_map_and_free_names(struct nfs_server *server, struct nfs_fattr *fattr)
|
|
|
|
{
|
|
|
|
if (nfs_fattr_map_owner_name(server, fattr))
|
|
|
|
nfs_fattr_free_owner_name(fattr);
|
|
|
|
if (nfs_fattr_map_group_name(server, fattr))
|
|
|
|
nfs_fattr_free_group_name(fattr);
|
|
|
|
}
|
2011-02-23 07:44:31 +08:00
|
|
|
|
2014-12-12 06:02:04 +08:00
|
|
|
int nfs_map_string_to_numeric(const char *name, size_t namelen, __u32 *res)
|
2011-02-23 07:44:31 +08:00
|
|
|
{
|
|
|
|
unsigned long val;
|
|
|
|
char buf[16];
|
|
|
|
|
|
|
|
if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf))
|
|
|
|
return 0;
|
|
|
|
memcpy(buf, name, namelen);
|
|
|
|
buf[namelen] = '\0';
|
2012-09-27 03:51:46 +08:00
|
|
|
if (kstrtoul(buf, 0, &val) != 0)
|
2011-02-23 07:44:31 +08:00
|
|
|
return 0;
|
|
|
|
*res = val;
|
|
|
|
return 1;
|
|
|
|
}
|
2014-12-12 06:02:04 +08:00
|
|
|
EXPORT_SYMBOL_GPL(nfs_map_string_to_numeric);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-02-23 07:44:31 +08:00
|
|
|
static int nfs_map_numeric_to_string(__u32 id, char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
return snprintf(buf, buflen, "%u", id);
|
|
|
|
}
|
|
|
|
|
2012-03-12 01:11:00 +08:00
|
|
|
static struct key_type key_type_id_resolver = {
|
2010-09-30 03:41:49 +08:00
|
|
|
.name = "id_resolver",
|
2014-07-19 01:56:35 +08:00
|
|
|
.preparse = user_preparse,
|
|
|
|
.free_preparse = user_free_preparse,
|
|
|
|
.instantiate = generic_key_instantiate,
|
2010-09-30 03:41:49 +08:00
|
|
|
.revoke = user_revoke,
|
|
|
|
.destroy = user_destroy,
|
|
|
|
.describe = user_describe,
|
|
|
|
.read = user_read,
|
|
|
|
};
|
|
|
|
|
2015-07-14 02:01:29 +08:00
|
|
|
int nfs_idmap_init(void)
|
2010-09-30 03:41:49 +08:00
|
|
|
{
|
|
|
|
struct cred *cred;
|
|
|
|
struct key *keyring;
|
|
|
|
int ret = 0;
|
|
|
|
|
2012-01-27 02:32:22 +08:00
|
|
|
printk(KERN_NOTICE "NFS: Registering the %s key type\n",
|
|
|
|
key_type_id_resolver.name);
|
2010-09-30 03:41:49 +08:00
|
|
|
|
|
|
|
cred = prepare_kernel_cred(NULL);
|
|
|
|
if (!cred)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2013-02-01 19:03:16 +08:00
|
|
|
keyring = keyring_alloc(".id_resolver",
|
|
|
|
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
|
keys: Replace uid/gid/perm permissions checking with an ACL
Replace the uid/gid/perm permissions checking on a key with an ACL to allow
the SETATTR and SEARCH permissions to be split. This will also allow a
greater range of subjects to represented.
============
WHY DO THIS?
============
The problem is that SETATTR and SEARCH cover a slew of actions, not all of
which should be grouped together.
For SETATTR, this includes actions that are about controlling access to a
key:
(1) Changing a key's ownership.
(2) Changing a key's security information.
(3) Setting a keyring's restriction.
And actions that are about managing a key's lifetime:
(4) Setting an expiry time.
(5) Revoking a key.
and (proposed) managing a key as part of a cache:
(6) Invalidating a key.
Managing a key's lifetime doesn't really have anything to do with
controlling access to that key.
Expiry time is awkward since it's more about the lifetime of the content
and so, in some ways goes better with WRITE permission. It can, however,
be set unconditionally by a process with an appropriate authorisation token
for instantiating a key, and can also be set by the key type driver when a
key is instantiated, so lumping it with the access-controlling actions is
probably okay.
As for SEARCH permission, that currently covers:
(1) Finding keys in a keyring tree during a search.
(2) Permitting keyrings to be joined.
(3) Invalidation.
But these don't really belong together either, since these actions really
need to be controlled separately.
Finally, there are number of special cases to do with granting the
administrator special rights to invalidate or clear keys that I would like
to handle with the ACL rather than key flags and special checks.
===============
WHAT IS CHANGED
===============
The SETATTR permission is split to create two new permissions:
(1) SET_SECURITY - which allows the key's owner, group and ACL to be
changed and a restriction to be placed on a keyring.
(2) REVOKE - which allows a key to be revoked.
The SEARCH permission is split to create:
(1) SEARCH - which allows a keyring to be search and a key to be found.
(2) JOIN - which allows a keyring to be joined as a session keyring.
(3) INVAL - which allows a key to be invalidated.
The WRITE permission is also split to create:
(1) WRITE - which allows a key's content to be altered and links to be
added, removed and replaced in a keyring.
(2) CLEAR - which allows a keyring to be cleared completely. This is
split out to make it possible to give just this to an administrator.
(3) REVOKE - see above.
Keys acquire ACLs which consist of a series of ACEs, and all that apply are
unioned together. An ACE specifies a subject, such as:
(*) Possessor - permitted to anyone who 'possesses' a key
(*) Owner - permitted to the key owner
(*) Group - permitted to the key group
(*) Everyone - permitted to everyone
Note that 'Other' has been replaced with 'Everyone' on the assumption that
you wouldn't grant a permit to 'Other' that you wouldn't also grant to
everyone else.
Further subjects may be made available by later patches.
The ACE also specifies a permissions mask. The set of permissions is now:
VIEW Can view the key metadata
READ Can read the key content
WRITE Can update/modify the key content
SEARCH Can find the key by searching/requesting
LINK Can make a link to the key
SET_SECURITY Can change owner, ACL, expiry
INVAL Can invalidate
REVOKE Can revoke
JOIN Can join this keyring
CLEAR Can clear this keyring
The KEYCTL_SETPERM function is then deprecated.
The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set,
or if the caller has a valid instantiation auth token.
The KEYCTL_INVALIDATE function then requires INVAL.
The KEYCTL_REVOKE function then requires REVOKE.
The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an
existing keyring.
The JOIN permission is enabled by default for session keyrings and manually
created keyrings only.
======================
BACKWARD COMPATIBILITY
======================
To maintain backward compatibility, KEYCTL_SETPERM will translate the
permissions mask it is given into a new ACL for a key - unless
KEYCTL_SET_ACL has been called on that key, in which case an error will be
returned.
It will convert possessor, owner, group and other permissions into separate
ACEs, if each portion of the mask is non-zero.
SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE
permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned
on if a keyring is being altered.
The KEYCTL_DESCRIBE function translates the ACL back into a permissions
mask to return depending on possessor, owner, group and everyone ACEs.
It will make the following mappings:
(1) INVAL, JOIN -> SEARCH
(2) SET_SECURITY -> SETATTR
(3) REVOKE -> WRITE if SETATTR isn't already set
(4) CLEAR -> WRITE
Note that the value subsequently returned by KEYCTL_DESCRIBE may not match
the value set with KEYCTL_SETATTR.
=======
TESTING
=======
This passes the keyutils testsuite for all but a couple of tests:
(1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now
returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed
if the type doesn't have ->read(). You still can't actually read the
key.
(2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't
work as Other has been replaced with Everyone in the ACL.
Signed-off-by: David Howells <dhowells@redhat.com>
2019-06-28 06:03:07 +08:00
|
|
|
&nfs_idmap_keyring_acl,
|
KEYS: Add a facility to restrict new links into a keyring
Add a facility whereby proposed new links to be added to a keyring can be
vetted, permitting them to be rejected if necessary. This can be used to
block public keys from which the signature cannot be verified or for which
the signature verification fails. It could also be used to provide
blacklisting.
This affects operations like add_key(), KEYCTL_LINK and KEYCTL_INSTANTIATE.
To this end:
(1) A function pointer is added to the key struct that, if set, points to
the vetting function. This is called as:
int (*restrict_link)(struct key *keyring,
const struct key_type *key_type,
unsigned long key_flags,
const union key_payload *key_payload),
where 'keyring' will be the keyring being added to, key_type and
key_payload will describe the key being added and key_flags[*] can be
AND'ed with KEY_FLAG_TRUSTED.
[*] This parameter will be removed in a later patch when
KEY_FLAG_TRUSTED is removed.
The function should return 0 to allow the link to take place or an
error (typically -ENOKEY, -ENOPKG or -EKEYREJECTED) to reject the
link.
The pointer should not be set directly, but rather should be set
through keyring_alloc().
Note that if called during add_key(), preparse is called before this
method, but a key isn't actually allocated until after this function
is called.
(2) KEY_ALLOC_BYPASS_RESTRICTION is added. This can be passed to
key_create_or_update() or key_instantiate_and_link() to bypass the
restriction check.
(3) KEY_FLAG_TRUSTED_ONLY is removed. The entire contents of a keyring
with this restriction emplaced can be considered 'trustworthy' by
virtue of being in the keyring when that keyring is consulted.
(4) key_alloc() and keyring_alloc() take an extra argument that will be
used to set restrict_link in the new key. This ensures that the
pointer is set before the key is published, thus preventing a window
of unrestrictedness. Normally this argument will be NULL.
(5) As a temporary affair, keyring_restrict_trusted_only() is added. It
should be passed to keyring_alloc() as the extra argument instead of
setting KEY_FLAG_TRUSTED_ONLY on a keyring. This will be replaced in
a later patch with functions that look in the appropriate places for
authoritative keys.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-04-06 23:14:24 +08:00
|
|
|
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
|
2010-09-30 03:41:49 +08:00
|
|
|
if (IS_ERR(keyring)) {
|
|
|
|
ret = PTR_ERR(keyring);
|
|
|
|
goto failed_put_cred;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = register_key_type(&key_type_id_resolver);
|
|
|
|
if (ret < 0)
|
|
|
|
goto failed_put_key;
|
|
|
|
|
2012-07-25 23:53:36 +08:00
|
|
|
ret = register_key_type(&key_type_id_resolver_legacy);
|
|
|
|
if (ret < 0)
|
|
|
|
goto failed_reg_legacy;
|
|
|
|
|
2012-01-18 23:31:45 +08:00
|
|
|
set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
|
2010-09-30 03:41:49 +08:00
|
|
|
cred->thread_keyring = keyring;
|
|
|
|
cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
|
|
|
|
id_resolver_cache = cred;
|
|
|
|
return 0;
|
|
|
|
|
2012-07-25 23:53:36 +08:00
|
|
|
failed_reg_legacy:
|
|
|
|
unregister_key_type(&key_type_id_resolver);
|
2010-09-30 03:41:49 +08:00
|
|
|
failed_put_key:
|
|
|
|
key_put(keyring);
|
|
|
|
failed_put_cred:
|
|
|
|
put_cred(cred);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2015-07-14 02:01:29 +08:00
|
|
|
void nfs_idmap_quit(void)
|
2010-09-30 03:41:49 +08:00
|
|
|
{
|
|
|
|
key_revoke(id_resolver_cache->thread_keyring);
|
|
|
|
unregister_key_type(&key_type_id_resolver);
|
2012-07-25 23:53:36 +08:00
|
|
|
unregister_key_type(&key_type_id_resolver_legacy);
|
2010-09-30 03:41:49 +08:00
|
|
|
put_cred(id_resolver_cache);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Assemble the description to pass to request_key()
|
|
|
|
* This function will allocate a new string and update dest to point
|
|
|
|
* at it. The caller is responsible for freeing dest.
|
|
|
|
*
|
|
|
|
* On error 0 is returned. Otherwise, the length of dest is returned.
|
|
|
|
*/
|
|
|
|
static ssize_t nfs_idmap_get_desc(const char *name, size_t namelen,
|
|
|
|
const char *type, size_t typelen, char **desc)
|
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
size_t desclen = typelen + namelen + 2;
|
|
|
|
|
|
|
|
*desc = kmalloc(desclen, GFP_KERNEL);
|
2010-10-28 14:05:57 +08:00
|
|
|
if (!*desc)
|
2010-09-30 03:41:49 +08:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
cp = *desc;
|
|
|
|
memcpy(cp, type, typelen);
|
|
|
|
cp += typelen;
|
|
|
|
*cp++ = ':';
|
|
|
|
|
|
|
|
memcpy(cp, name, namelen);
|
|
|
|
cp += namelen;
|
|
|
|
*cp = '\0';
|
|
|
|
return desclen;
|
|
|
|
}
|
|
|
|
|
2013-06-27 02:09:46 +08:00
|
|
|
static struct key *nfs_idmap_request_key(const char *name, size_t namelen,
|
|
|
|
const char *type, struct idmap *idmap)
|
2010-09-30 03:41:49 +08:00
|
|
|
{
|
|
|
|
char *desc;
|
2019-04-25 05:46:47 +08:00
|
|
|
struct key *rkey = ERR_PTR(-EAGAIN);
|
2010-09-30 03:41:49 +08:00
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
ret = nfs_idmap_get_desc(name, namelen, type, strlen(type), &desc);
|
2017-09-21 05:53:46 +08:00
|
|
|
if (ret < 0)
|
2013-06-27 02:09:46 +08:00
|
|
|
return ERR_PTR(ret);
|
|
|
|
|
2019-04-25 05:46:47 +08:00
|
|
|
if (!idmap->cred || idmap->cred->user_ns == &init_user_ns)
|
keys: Replace uid/gid/perm permissions checking with an ACL
Replace the uid/gid/perm permissions checking on a key with an ACL to allow
the SETATTR and SEARCH permissions to be split. This will also allow a
greater range of subjects to represented.
============
WHY DO THIS?
============
The problem is that SETATTR and SEARCH cover a slew of actions, not all of
which should be grouped together.
For SETATTR, this includes actions that are about controlling access to a
key:
(1) Changing a key's ownership.
(2) Changing a key's security information.
(3) Setting a keyring's restriction.
And actions that are about managing a key's lifetime:
(4) Setting an expiry time.
(5) Revoking a key.
and (proposed) managing a key as part of a cache:
(6) Invalidating a key.
Managing a key's lifetime doesn't really have anything to do with
controlling access to that key.
Expiry time is awkward since it's more about the lifetime of the content
and so, in some ways goes better with WRITE permission. It can, however,
be set unconditionally by a process with an appropriate authorisation token
for instantiating a key, and can also be set by the key type driver when a
key is instantiated, so lumping it with the access-controlling actions is
probably okay.
As for SEARCH permission, that currently covers:
(1) Finding keys in a keyring tree during a search.
(2) Permitting keyrings to be joined.
(3) Invalidation.
But these don't really belong together either, since these actions really
need to be controlled separately.
Finally, there are number of special cases to do with granting the
administrator special rights to invalidate or clear keys that I would like
to handle with the ACL rather than key flags and special checks.
===============
WHAT IS CHANGED
===============
The SETATTR permission is split to create two new permissions:
(1) SET_SECURITY - which allows the key's owner, group and ACL to be
changed and a restriction to be placed on a keyring.
(2) REVOKE - which allows a key to be revoked.
The SEARCH permission is split to create:
(1) SEARCH - which allows a keyring to be search and a key to be found.
(2) JOIN - which allows a keyring to be joined as a session keyring.
(3) INVAL - which allows a key to be invalidated.
The WRITE permission is also split to create:
(1) WRITE - which allows a key's content to be altered and links to be
added, removed and replaced in a keyring.
(2) CLEAR - which allows a keyring to be cleared completely. This is
split out to make it possible to give just this to an administrator.
(3) REVOKE - see above.
Keys acquire ACLs which consist of a series of ACEs, and all that apply are
unioned together. An ACE specifies a subject, such as:
(*) Possessor - permitted to anyone who 'possesses' a key
(*) Owner - permitted to the key owner
(*) Group - permitted to the key group
(*) Everyone - permitted to everyone
Note that 'Other' has been replaced with 'Everyone' on the assumption that
you wouldn't grant a permit to 'Other' that you wouldn't also grant to
everyone else.
Further subjects may be made available by later patches.
The ACE also specifies a permissions mask. The set of permissions is now:
VIEW Can view the key metadata
READ Can read the key content
WRITE Can update/modify the key content
SEARCH Can find the key by searching/requesting
LINK Can make a link to the key
SET_SECURITY Can change owner, ACL, expiry
INVAL Can invalidate
REVOKE Can revoke
JOIN Can join this keyring
CLEAR Can clear this keyring
The KEYCTL_SETPERM function is then deprecated.
The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set,
or if the caller has a valid instantiation auth token.
The KEYCTL_INVALIDATE function then requires INVAL.
The KEYCTL_REVOKE function then requires REVOKE.
The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an
existing keyring.
The JOIN permission is enabled by default for session keyrings and manually
created keyrings only.
======================
BACKWARD COMPATIBILITY
======================
To maintain backward compatibility, KEYCTL_SETPERM will translate the
permissions mask it is given into a new ACL for a key - unless
KEYCTL_SET_ACL has been called on that key, in which case an error will be
returned.
It will convert possessor, owner, group and other permissions into separate
ACEs, if each portion of the mask is non-zero.
SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE
permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned
on if a keyring is being altered.
The KEYCTL_DESCRIBE function translates the ACL back into a permissions
mask to return depending on possessor, owner, group and everyone ACEs.
It will make the following mappings:
(1) INVAL, JOIN -> SEARCH
(2) SET_SECURITY -> SETATTR
(3) REVOKE -> WRITE if SETATTR isn't already set
(4) CLEAR -> WRITE
Note that the value subsequently returned by KEYCTL_DESCRIBE may not match
the value set with KEYCTL_SETATTR.
=======
TESTING
=======
This passes the keyutils testsuite for all but a couple of tests:
(1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now
returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed
if the type doesn't have ->read(). You still can't actually read the
key.
(2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't
work as Other has been replaced with Everyone in the ACL.
Signed-off-by: David Howells <dhowells@redhat.com>
2019-06-28 06:03:07 +08:00
|
|
|
rkey = request_key(&key_type_id_resolver, desc, "",
|
|
|
|
&nfs_idmap_key_acl);
|
2013-06-27 02:09:46 +08:00
|
|
|
if (IS_ERR(rkey)) {
|
|
|
|
mutex_lock(&idmap->idmap_mutex);
|
|
|
|
rkey = request_key_with_auxdata(&key_type_id_resolver_legacy,
|
keys: Replace uid/gid/perm permissions checking with an ACL
Replace the uid/gid/perm permissions checking on a key with an ACL to allow
the SETATTR and SEARCH permissions to be split. This will also allow a
greater range of subjects to represented.
============
WHY DO THIS?
============
The problem is that SETATTR and SEARCH cover a slew of actions, not all of
which should be grouped together.
For SETATTR, this includes actions that are about controlling access to a
key:
(1) Changing a key's ownership.
(2) Changing a key's security information.
(3) Setting a keyring's restriction.
And actions that are about managing a key's lifetime:
(4) Setting an expiry time.
(5) Revoking a key.
and (proposed) managing a key as part of a cache:
(6) Invalidating a key.
Managing a key's lifetime doesn't really have anything to do with
controlling access to that key.
Expiry time is awkward since it's more about the lifetime of the content
and so, in some ways goes better with WRITE permission. It can, however,
be set unconditionally by a process with an appropriate authorisation token
for instantiating a key, and can also be set by the key type driver when a
key is instantiated, so lumping it with the access-controlling actions is
probably okay.
As for SEARCH permission, that currently covers:
(1) Finding keys in a keyring tree during a search.
(2) Permitting keyrings to be joined.
(3) Invalidation.
But these don't really belong together either, since these actions really
need to be controlled separately.
Finally, there are number of special cases to do with granting the
administrator special rights to invalidate or clear keys that I would like
to handle with the ACL rather than key flags and special checks.
===============
WHAT IS CHANGED
===============
The SETATTR permission is split to create two new permissions:
(1) SET_SECURITY - which allows the key's owner, group and ACL to be
changed and a restriction to be placed on a keyring.
(2) REVOKE - which allows a key to be revoked.
The SEARCH permission is split to create:
(1) SEARCH - which allows a keyring to be search and a key to be found.
(2) JOIN - which allows a keyring to be joined as a session keyring.
(3) INVAL - which allows a key to be invalidated.
The WRITE permission is also split to create:
(1) WRITE - which allows a key's content to be altered and links to be
added, removed and replaced in a keyring.
(2) CLEAR - which allows a keyring to be cleared completely. This is
split out to make it possible to give just this to an administrator.
(3) REVOKE - see above.
Keys acquire ACLs which consist of a series of ACEs, and all that apply are
unioned together. An ACE specifies a subject, such as:
(*) Possessor - permitted to anyone who 'possesses' a key
(*) Owner - permitted to the key owner
(*) Group - permitted to the key group
(*) Everyone - permitted to everyone
Note that 'Other' has been replaced with 'Everyone' on the assumption that
you wouldn't grant a permit to 'Other' that you wouldn't also grant to
everyone else.
Further subjects may be made available by later patches.
The ACE also specifies a permissions mask. The set of permissions is now:
VIEW Can view the key metadata
READ Can read the key content
WRITE Can update/modify the key content
SEARCH Can find the key by searching/requesting
LINK Can make a link to the key
SET_SECURITY Can change owner, ACL, expiry
INVAL Can invalidate
REVOKE Can revoke
JOIN Can join this keyring
CLEAR Can clear this keyring
The KEYCTL_SETPERM function is then deprecated.
The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set,
or if the caller has a valid instantiation auth token.
The KEYCTL_INVALIDATE function then requires INVAL.
The KEYCTL_REVOKE function then requires REVOKE.
The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an
existing keyring.
The JOIN permission is enabled by default for session keyrings and manually
created keyrings only.
======================
BACKWARD COMPATIBILITY
======================
To maintain backward compatibility, KEYCTL_SETPERM will translate the
permissions mask it is given into a new ACL for a key - unless
KEYCTL_SET_ACL has been called on that key, in which case an error will be
returned.
It will convert possessor, owner, group and other permissions into separate
ACEs, if each portion of the mask is non-zero.
SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE
permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned
on if a keyring is being altered.
The KEYCTL_DESCRIBE function translates the ACL back into a permissions
mask to return depending on possessor, owner, group and everyone ACEs.
It will make the following mappings:
(1) INVAL, JOIN -> SEARCH
(2) SET_SECURITY -> SETATTR
(3) REVOKE -> WRITE if SETATTR isn't already set
(4) CLEAR -> WRITE
Note that the value subsequently returned by KEYCTL_DESCRIBE may not match
the value set with KEYCTL_SETATTR.
=======
TESTING
=======
This passes the keyutils testsuite for all but a couple of tests:
(1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now
returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed
if the type doesn't have ->read(). You still can't actually read the
key.
(2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't
work as Other has been replaced with Everyone in the ACL.
Signed-off-by: David Howells <dhowells@redhat.com>
2019-06-28 06:03:07 +08:00
|
|
|
desc, NULL, "", 0, idmap,
|
|
|
|
&nfs_idmap_key_acl);
|
2013-06-27 02:09:46 +08:00
|
|
|
mutex_unlock(&idmap->idmap_mutex);
|
|
|
|
}
|
2014-07-18 03:45:08 +08:00
|
|
|
if (!IS_ERR(rkey))
|
|
|
|
set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
|
2013-06-27 02:09:46 +08:00
|
|
|
|
|
|
|
kfree(desc);
|
|
|
|
return rkey;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
|
|
|
|
const char *type, void *data,
|
|
|
|
size_t data_size, struct idmap *idmap)
|
|
|
|
{
|
|
|
|
const struct cred *saved_cred;
|
|
|
|
struct key *rkey;
|
2015-10-21 21:04:48 +08:00
|
|
|
const struct user_key_payload *payload;
|
2013-06-27 02:09:46 +08:00
|
|
|
ssize_t ret;
|
2010-09-30 03:41:49 +08:00
|
|
|
|
|
|
|
saved_cred = override_creds(id_resolver_cache);
|
2013-06-27 02:09:46 +08:00
|
|
|
rkey = nfs_idmap_request_key(name, namelen, type, idmap);
|
2010-09-30 03:41:49 +08:00
|
|
|
revert_creds(saved_cred);
|
2012-02-25 03:14:51 +08:00
|
|
|
|
2010-09-30 03:41:49 +08:00
|
|
|
if (IS_ERR(rkey)) {
|
|
|
|
ret = PTR_ERR(rkey);
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
ret = key_validate(rkey);
|
|
|
|
if (ret < 0)
|
|
|
|
goto out_up;
|
|
|
|
|
2017-03-01 23:11:23 +08:00
|
|
|
payload = user_key_payload_rcu(rkey);
|
2010-09-30 03:41:49 +08:00
|
|
|
if (IS_ERR_OR_NULL(payload)) {
|
|
|
|
ret = PTR_ERR(payload);
|
|
|
|
goto out_up;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = payload->datalen;
|
|
|
|
if (ret > 0 && ret <= data_size)
|
|
|
|
memcpy(data, payload->data, ret);
|
|
|
|
else
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
|
|
|
out_up:
|
|
|
|
rcu_read_unlock();
|
|
|
|
key_put(rkey);
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ID -> Name */
|
2012-02-25 03:14:51 +08:00
|
|
|
static ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf,
|
|
|
|
size_t buflen, struct idmap *idmap)
|
2010-09-30 03:41:49 +08:00
|
|
|
{
|
|
|
|
char id_str[NFS_UINT_MAXLEN];
|
|
|
|
int id_len;
|
|
|
|
ssize_t ret;
|
|
|
|
|
2018-05-30 05:47:30 +08:00
|
|
|
id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str));
|
2012-02-25 03:14:51 +08:00
|
|
|
ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap);
|
2010-09-30 03:41:49 +08:00
|
|
|
if (ret < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Name -> ID */
|
2012-02-25 03:14:51 +08:00
|
|
|
static int nfs_idmap_lookup_id(const char *name, size_t namelen, const char *type,
|
|
|
|
__u32 *id, struct idmap *idmap)
|
2010-09-30 03:41:49 +08:00
|
|
|
{
|
|
|
|
char id_str[NFS_UINT_MAXLEN];
|
|
|
|
long id_long;
|
|
|
|
ssize_t data_size;
|
|
|
|
int ret = 0;
|
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
data_size = nfs_idmap_get_key(name, namelen, type, id_str, NFS_UINT_MAXLEN, idmap);
|
2010-09-30 03:41:49 +08:00
|
|
|
if (data_size <= 0) {
|
|
|
|
ret = -EINVAL;
|
|
|
|
} else {
|
2012-09-27 03:51:46 +08:00
|
|
|
ret = kstrtol(id_str, 10, &id_long);
|
2017-06-23 23:16:25 +08:00
|
|
|
if (!ret)
|
|
|
|
*id = (__u32)id_long;
|
2010-09-30 03:41:49 +08:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2012-01-27 05:54:23 +08:00
|
|
|
/* idmap classic begins here */
|
2011-02-23 07:44:31 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
enum {
|
|
|
|
Opt_find_uid, Opt_find_gid, Opt_find_user, Opt_find_group, Opt_find_err
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
static const match_table_t nfs_idmap_tokens = {
|
|
|
|
{ Opt_find_uid, "uid:%s" },
|
|
|
|
{ Opt_find_gid, "gid:%s" },
|
|
|
|
{ Opt_find_user, "user:%s" },
|
|
|
|
{ Opt_find_group, "group:%s" },
|
|
|
|
{ Opt_find_err, NULL }
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2019-02-15 00:20:25 +08:00
|
|
|
static int nfs_idmap_legacy_upcall(struct key *, void *);
|
2007-12-21 03:54:35 +08:00
|
|
|
static ssize_t idmap_pipe_downcall(struct file *, const char __user *,
|
|
|
|
size_t);
|
2012-08-10 02:05:49 +08:00
|
|
|
static void idmap_release_pipe(struct inode *);
|
2007-12-21 03:54:35 +08:00
|
|
|
static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-08-10 03:14:15 +08:00
|
|
|
static const struct rpc_pipe_ops idmap_upcall_ops = {
|
2011-09-23 09:50:10 +08:00
|
|
|
.upcall = rpc_pipe_generic_upcall,
|
2007-12-21 03:54:35 +08:00
|
|
|
.downcall = idmap_pipe_downcall,
|
2012-08-10 02:05:49 +08:00
|
|
|
.release_pipe = idmap_release_pipe,
|
2007-12-21 03:54:35 +08:00
|
|
|
.destroy_msg = idmap_pipe_destroy_msg,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2012-03-12 01:11:00 +08:00
|
|
|
static struct key_type key_type_id_resolver_legacy = {
|
2012-07-25 23:53:36 +08:00
|
|
|
.name = "id_legacy",
|
2014-07-19 01:56:35 +08:00
|
|
|
.preparse = user_preparse,
|
|
|
|
.free_preparse = user_free_preparse,
|
|
|
|
.instantiate = generic_key_instantiate,
|
2012-02-25 03:14:51 +08:00
|
|
|
.revoke = user_revoke,
|
|
|
|
.destroy = user_destroy,
|
|
|
|
.describe = user_describe,
|
|
|
|
.read = user_read,
|
|
|
|
.request_key = nfs_idmap_legacy_upcall,
|
|
|
|
};
|
|
|
|
|
2013-08-27 05:16:17 +08:00
|
|
|
static void nfs_idmap_pipe_destroy(struct dentry *dir,
|
|
|
|
struct rpc_pipe_dir_object *pdo)
|
2012-01-10 20:13:11 +08:00
|
|
|
{
|
2013-08-27 05:16:17 +08:00
|
|
|
struct idmap *idmap = pdo->pdo_data;
|
|
|
|
struct rpc_pipe *pipe = idmap->idmap_pipe;
|
|
|
|
|
2013-08-27 05:26:51 +08:00
|
|
|
if (pipe->dentry) {
|
2012-01-10 20:13:11 +08:00
|
|
|
rpc_unlink(pipe->dentry);
|
2013-08-27 05:26:51 +08:00
|
|
|
pipe->dentry = NULL;
|
|
|
|
}
|
2012-01-10 20:13:11 +08:00
|
|
|
}
|
|
|
|
|
2013-08-27 05:16:17 +08:00
|
|
|
static int nfs_idmap_pipe_create(struct dentry *dir,
|
|
|
|
struct rpc_pipe_dir_object *pdo)
|
2012-01-10 20:13:11 +08:00
|
|
|
{
|
2013-08-27 05:16:17 +08:00
|
|
|
struct idmap *idmap = pdo->pdo_data;
|
|
|
|
struct rpc_pipe *pipe = idmap->idmap_pipe;
|
2012-01-10 20:13:11 +08:00
|
|
|
struct dentry *dentry;
|
|
|
|
|
|
|
|
dentry = rpc_mkpipe_dentry(dir, "idmap", idmap, pipe);
|
|
|
|
if (IS_ERR(dentry))
|
|
|
|
return PTR_ERR(dentry);
|
|
|
|
pipe->dentry = dentry;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-08-27 05:16:17 +08:00
|
|
|
static const struct rpc_pipe_dir_object_ops nfs_idmap_pipe_dir_object_ops = {
|
|
|
|
.create = nfs_idmap_pipe_create,
|
|
|
|
.destroy = nfs_idmap_pipe_destroy,
|
|
|
|
};
|
2012-01-10 20:13:11 +08:00
|
|
|
|
2006-08-23 08:06:09 +08:00
|
|
|
int
|
2006-08-23 08:06:08 +08:00
|
|
|
nfs_idmap_new(struct nfs_client *clp)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct idmap *idmap;
|
2011-12-26 20:44:06 +08:00
|
|
|
struct rpc_pipe *pipe;
|
2006-08-23 08:06:09 +08:00
|
|
|
int error;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-12-21 03:54:35 +08:00
|
|
|
idmap = kzalloc(sizeof(*idmap), GFP_KERNEL);
|
|
|
|
if (idmap == NULL)
|
|
|
|
return -ENOMEM;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-04-25 05:46:47 +08:00
|
|
|
mutex_init(&idmap->idmap_mutex);
|
|
|
|
idmap->cred = get_cred(clp->cl_rpcclient->cl_cred);
|
|
|
|
|
2013-08-27 05:16:17 +08:00
|
|
|
rpc_init_pipe_dir_object(&idmap->idmap_pdo,
|
|
|
|
&nfs_idmap_pipe_dir_object_ops,
|
|
|
|
idmap);
|
|
|
|
|
2011-12-26 20:44:06 +08:00
|
|
|
pipe = rpc_mkpipe_data(&idmap_upcall_ops, 0);
|
|
|
|
if (IS_ERR(pipe)) {
|
|
|
|
error = PTR_ERR(pipe);
|
2013-08-27 05:16:17 +08:00
|
|
|
goto err;
|
2011-12-26 20:44:06 +08:00
|
|
|
}
|
|
|
|
idmap->idmap_pipe = pipe;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-08-27 05:16:17 +08:00
|
|
|
error = rpc_add_pipe_dir_object(clp->cl_net,
|
|
|
|
&clp->cl_rpcclient->cl_pipedir_objects,
|
|
|
|
&idmap->idmap_pdo);
|
|
|
|
if (error)
|
|
|
|
goto err_destroy_pipe;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
clp->cl_idmap = idmap;
|
2006-08-23 08:06:09 +08:00
|
|
|
return 0;
|
2013-08-27 05:16:17 +08:00
|
|
|
err_destroy_pipe:
|
|
|
|
rpc_destroy_pipe_data(idmap->idmap_pipe);
|
|
|
|
err:
|
2019-04-25 05:46:47 +08:00
|
|
|
put_cred(idmap->cred);
|
2013-08-27 05:16:17 +08:00
|
|
|
kfree(idmap);
|
|
|
|
return error;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2006-08-23 08:06:08 +08:00
|
|
|
nfs_idmap_delete(struct nfs_client *clp)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct idmap *idmap = clp->cl_idmap;
|
|
|
|
|
|
|
|
if (!idmap)
|
|
|
|
return;
|
|
|
|
clp->cl_idmap = NULL;
|
2013-08-27 05:16:17 +08:00
|
|
|
rpc_remove_pipe_dir_object(clp->cl_net,
|
|
|
|
&clp->cl_rpcclient->cl_pipedir_objects,
|
|
|
|
&idmap->idmap_pdo);
|
|
|
|
rpc_destroy_pipe_data(idmap->idmap_pipe);
|
2019-04-25 05:46:47 +08:00
|
|
|
put_cred(idmap->cred);
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree(idmap);
|
|
|
|
}
|
|
|
|
|
2012-08-10 02:05:49 +08:00
|
|
|
static int nfs_idmap_prepare_message(char *desc, struct idmap *idmap,
|
|
|
|
struct idmap_msg *im,
|
2012-02-25 03:14:51 +08:00
|
|
|
struct rpc_pipe_msg *msg)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-02-25 03:14:51 +08:00
|
|
|
substring_t substr;
|
|
|
|
int token, ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
im->im_type = IDMAP_TYPE_GROUP;
|
|
|
|
token = match_token(desc, nfs_idmap_tokens, &substr);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
switch (token) {
|
|
|
|
case Opt_find_uid:
|
|
|
|
im->im_type = IDMAP_TYPE_USER;
|
2018-08-01 10:18:44 +08:00
|
|
|
/* Fall through */
|
2012-02-25 03:14:51 +08:00
|
|
|
case Opt_find_gid:
|
|
|
|
im->im_conv = IDMAP_CONV_NAMETOID;
|
|
|
|
ret = match_strlcpy(im->im_name, &substr, IDMAP_NAMESZ);
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
case Opt_find_user:
|
|
|
|
im->im_type = IDMAP_TYPE_USER;
|
2018-08-01 10:18:44 +08:00
|
|
|
/* Fall through */
|
2012-02-25 03:14:51 +08:00
|
|
|
case Opt_find_group:
|
|
|
|
im->im_conv = IDMAP_CONV_IDTONAME;
|
|
|
|
ret = match_int(&substr, &im->im_id);
|
2018-06-28 11:09:45 +08:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
2012-02-25 03:14:51 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
default:
|
|
|
|
ret = -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
msg->data = im;
|
|
|
|
msg->len = sizeof(struct idmap_msg);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
out:
|
2007-12-21 03:54:35 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2012-09-28 03:44:19 +08:00
|
|
|
static bool
|
|
|
|
nfs_idmap_prepare_pipe_upcall(struct idmap *idmap,
|
2012-09-28 04:15:00 +08:00
|
|
|
struct idmap_legacy_upcalldata *data)
|
2012-09-28 03:44:19 +08:00
|
|
|
{
|
2012-09-28 04:15:00 +08:00
|
|
|
if (idmap->idmap_upcall_data != NULL) {
|
2012-09-28 03:44:19 +08:00
|
|
|
WARN_ON_ONCE(1);
|
|
|
|
return false;
|
|
|
|
}
|
2012-09-28 04:15:00 +08:00
|
|
|
idmap->idmap_upcall_data = data;
|
2012-09-28 03:44:19 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
nfs_idmap_complete_pipe_upcall_locked(struct idmap *idmap, int ret)
|
|
|
|
{
|
2019-02-15 00:20:25 +08:00
|
|
|
struct key *authkey = idmap->idmap_upcall_data->authkey;
|
2012-09-28 03:44:19 +08:00
|
|
|
|
2012-09-28 04:15:00 +08:00
|
|
|
kfree(idmap->idmap_upcall_data);
|
|
|
|
idmap->idmap_upcall_data = NULL;
|
2019-02-15 00:20:25 +08:00
|
|
|
complete_request_key(authkey, ret);
|
|
|
|
key_put(authkey);
|
2012-09-28 03:44:19 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
nfs_idmap_abort_pipe_upcall(struct idmap *idmap, int ret)
|
|
|
|
{
|
2012-09-28 04:15:00 +08:00
|
|
|
if (idmap->idmap_upcall_data != NULL)
|
2012-09-28 03:44:19 +08:00
|
|
|
nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
|
|
|
|
}
|
|
|
|
|
2019-02-15 00:20:25 +08:00
|
|
|
static int nfs_idmap_legacy_upcall(struct key *authkey, void *aux)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-08-10 02:05:49 +08:00
|
|
|
struct idmap_legacy_upcalldata *data;
|
2019-02-15 00:20:25 +08:00
|
|
|
struct request_key_auth *rka = get_request_key_auth(authkey);
|
2012-02-25 03:14:51 +08:00
|
|
|
struct rpc_pipe_msg *msg;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct idmap_msg *im;
|
2012-02-25 03:14:51 +08:00
|
|
|
struct idmap *idmap = (struct idmap *)aux;
|
2019-02-15 00:20:25 +08:00
|
|
|
struct key *key = rka->target_key;
|
2018-01-20 07:15:34 +08:00
|
|
|
int ret = -ENOKEY;
|
|
|
|
|
|
|
|
if (!aux)
|
|
|
|
goto out1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
/* msg and im are freed in idmap_pipe_destroy_msg */
|
2018-01-20 07:15:34 +08:00
|
|
|
ret = -ENOMEM;
|
2012-08-10 02:05:51 +08:00
|
|
|
data = kzalloc(sizeof(*data), GFP_KERNEL);
|
2012-08-10 02:05:49 +08:00
|
|
|
if (!data)
|
2012-02-25 03:14:51 +08:00
|
|
|
goto out1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-08-10 02:05:49 +08:00
|
|
|
msg = &data->pipe_msg;
|
|
|
|
im = &data->idmap_msg;
|
|
|
|
data->idmap = idmap;
|
2019-02-15 00:20:25 +08:00
|
|
|
data->authkey = key_get(authkey);
|
2012-08-10 02:05:49 +08:00
|
|
|
|
|
|
|
ret = nfs_idmap_prepare_message(key->description, idmap, im, msg);
|
2012-02-25 03:14:51 +08:00
|
|
|
if (ret < 0)
|
|
|
|
goto out2;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-09-28 03:44:19 +08:00
|
|
|
ret = -EAGAIN;
|
2012-09-28 04:15:00 +08:00
|
|
|
if (!nfs_idmap_prepare_pipe_upcall(idmap, data))
|
2012-09-29 00:03:09 +08:00
|
|
|
goto out2;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-03-12 23:33:00 +08:00
|
|
|
ret = rpc_queue_upcall(idmap->idmap_pipe, msg);
|
|
|
|
if (ret < 0)
|
2012-09-28 03:44:19 +08:00
|
|
|
nfs_idmap_abort_pipe_upcall(idmap, ret);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-03-12 23:33:00 +08:00
|
|
|
return ret;
|
2012-02-25 03:14:51 +08:00
|
|
|
out2:
|
2012-08-10 02:05:49 +08:00
|
|
|
kfree(data);
|
2012-02-25 03:14:51 +08:00
|
|
|
out1:
|
2019-02-15 00:20:25 +08:00
|
|
|
complete_request_key(authkey, ret);
|
2007-12-21 03:54:35 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-03-09 01:56:37 +08:00
|
|
|
static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2013-03-09 01:56:37 +08:00
|
|
|
return key_instantiate_and_link(key, data, datalen,
|
2012-02-25 03:14:51 +08:00
|
|
|
id_resolver_cache->thread_keyring,
|
|
|
|
authkey);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-09-28 04:15:00 +08:00
|
|
|
static int nfs_idmap_read_and_verify_message(struct idmap_msg *im,
|
|
|
|
struct idmap_msg *upcall,
|
|
|
|
struct key *key, struct key *authkey)
|
2012-02-25 03:14:51 +08:00
|
|
|
{
|
|
|
|
char id_str[NFS_UINT_MAXLEN];
|
2013-03-09 01:56:37 +08:00
|
|
|
size_t len;
|
2012-09-28 04:15:00 +08:00
|
|
|
int ret = -ENOKEY;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-09-28 04:15:00 +08:00
|
|
|
/* ret = -ENOKEY */
|
|
|
|
if (upcall->im_type != im->im_type || upcall->im_conv != im->im_conv)
|
|
|
|
goto out;
|
2012-02-25 03:14:51 +08:00
|
|
|
switch (im->im_conv) {
|
|
|
|
case IDMAP_CONV_NAMETOID:
|
2012-09-28 04:15:00 +08:00
|
|
|
if (strcmp(upcall->im_name, im->im_name) != 0)
|
|
|
|
break;
|
2013-03-09 01:56:37 +08:00
|
|
|
/* Note: here we store the NUL terminator too */
|
2018-05-30 05:47:30 +08:00
|
|
|
len = 1 + nfs_map_numeric_to_string(im->im_id, id_str,
|
|
|
|
sizeof(id_str));
|
2013-03-09 01:56:37 +08:00
|
|
|
ret = nfs_idmap_instantiate(key, authkey, id_str, len);
|
2012-02-25 03:14:51 +08:00
|
|
|
break;
|
|
|
|
case IDMAP_CONV_IDTONAME:
|
2012-09-28 04:15:00 +08:00
|
|
|
if (upcall->im_id != im->im_id)
|
|
|
|
break;
|
2013-03-09 01:56:37 +08:00
|
|
|
len = strlen(im->im_name);
|
|
|
|
ret = nfs_idmap_instantiate(key, authkey, im->im_name, len);
|
2012-02-25 03:14:51 +08:00
|
|
|
break;
|
2012-09-28 04:15:00 +08:00
|
|
|
default:
|
|
|
|
ret = -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2012-09-28 04:15:00 +08:00
|
|
|
out:
|
2005-04-17 06:20:36 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t
|
|
|
|
idmap_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
|
|
|
|
{
|
2019-02-15 00:20:25 +08:00
|
|
|
struct request_key_auth *rka;
|
2013-01-24 06:07:38 +08:00
|
|
|
struct rpc_inode *rpci = RPC_I(file_inode(filp));
|
2005-04-17 06:20:36 +08:00
|
|
|
struct idmap *idmap = (struct idmap *)rpci->private;
|
2019-02-15 00:20:25 +08:00
|
|
|
struct key *authkey;
|
2012-02-25 03:14:51 +08:00
|
|
|
struct idmap_msg im;
|
2007-12-21 03:54:49 +08:00
|
|
|
size_t namelen_in;
|
2012-09-28 03:44:19 +08:00
|
|
|
int ret = -ENOKEY;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-07-25 23:53:36 +08:00
|
|
|
/* If instantiation is successful, anyone waiting for key construction
|
|
|
|
* will have been woken up and someone else may now have used
|
|
|
|
* idmap_key_cons - so after this point we may no longer touch it.
|
|
|
|
*/
|
2012-09-28 04:15:00 +08:00
|
|
|
if (idmap->idmap_upcall_data == NULL)
|
2012-09-28 03:44:19 +08:00
|
|
|
goto out_noupcall;
|
2012-07-25 23:53:36 +08:00
|
|
|
|
2019-02-15 00:20:25 +08:00
|
|
|
authkey = idmap->idmap_upcall_data->authkey;
|
|
|
|
rka = get_request_key_auth(authkey);
|
2012-07-25 23:53:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
if (mlen != sizeof(im)) {
|
|
|
|
ret = -ENOSPC;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
if (copy_from_user(&im, src, mlen) != 0) {
|
|
|
|
ret = -EFAULT;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2012-02-25 03:14:51 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
if (!(im.im_status & IDMAP_STATUS_SUCCESS)) {
|
2012-08-10 02:05:50 +08:00
|
|
|
ret = -ENOKEY;
|
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2012-02-25 03:14:51 +08:00
|
|
|
namelen_in = strnlen(im.im_name, IDMAP_NAMESZ);
|
|
|
|
if (namelen_in == 0 || namelen_in == IDMAP_NAMESZ) {
|
|
|
|
ret = -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
2012-09-28 04:15:00 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-09-28 04:15:00 +08:00
|
|
|
ret = nfs_idmap_read_and_verify_message(&im,
|
|
|
|
&idmap->idmap_upcall_data->idmap_msg,
|
2019-02-15 00:20:25 +08:00
|
|
|
rka->target_key, authkey);
|
2012-02-25 03:14:51 +08:00
|
|
|
if (ret >= 0) {
|
2019-02-15 00:20:25 +08:00
|
|
|
key_set_timeout(rka->target_key, nfs_idmap_cache_timeout);
|
2012-02-25 03:14:51 +08:00
|
|
|
ret = mlen;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
2012-09-28 03:44:19 +08:00
|
|
|
nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
|
|
|
|
out_noupcall:
|
2005-04-17 06:20:36 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2005-05-06 07:16:09 +08:00
|
|
|
static void
|
2005-04-17 06:20:36 +08:00
|
|
|
idmap_pipe_destroy_msg(struct rpc_pipe_msg *msg)
|
|
|
|
{
|
2012-08-10 02:05:49 +08:00
|
|
|
struct idmap_legacy_upcalldata *data = container_of(msg,
|
|
|
|
struct idmap_legacy_upcalldata,
|
|
|
|
pipe_msg);
|
|
|
|
struct idmap *idmap = data->idmap;
|
2012-09-28 03:44:19 +08:00
|
|
|
|
|
|
|
if (msg->errno)
|
|
|
|
nfs_idmap_abort_pipe_upcall(idmap, msg->errno);
|
2012-08-10 02:05:49 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
idmap_release_pipe(struct inode *inode)
|
|
|
|
{
|
|
|
|
struct rpc_inode *rpci = RPC_I(inode);
|
|
|
|
struct idmap *idmap = (struct idmap *)rpci->private;
|
2012-09-28 03:44:19 +08:00
|
|
|
|
|
|
|
nfs_idmap_abort_pipe_upcall(idmap, -EPIPE);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-02-01 19:21:47 +08:00
|
|
|
int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2011-02-23 07:44:31 +08:00
|
|
|
struct idmap *idmap = server->nfs_client->cl_idmap;
|
2013-02-01 19:21:47 +08:00
|
|
|
__u32 id = -1;
|
|
|
|
int ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-02-01 19:21:47 +08:00
|
|
|
if (!nfs_map_string_to_numeric(name, namelen, &id))
|
|
|
|
ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap);
|
|
|
|
if (ret == 0) {
|
2019-04-25 05:46:47 +08:00
|
|
|
*uid = make_kuid(idmap_userns(idmap), id);
|
2013-02-01 19:21:47 +08:00
|
|
|
if (!uid_valid(*uid))
|
|
|
|
ret = -ERANGE;
|
|
|
|
}
|
2013-08-13 23:34:01 +08:00
|
|
|
trace_nfs4_map_name_to_uid(name, namelen, id, ret);
|
2013-02-01 19:21:47 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-02-01 19:21:47 +08:00
|
|
|
int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, kgid_t *gid)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2011-02-23 07:44:31 +08:00
|
|
|
struct idmap *idmap = server->nfs_client->cl_idmap;
|
2013-02-01 19:21:47 +08:00
|
|
|
__u32 id = -1;
|
|
|
|
int ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2013-02-01 19:21:47 +08:00
|
|
|
if (!nfs_map_string_to_numeric(name, namelen, &id))
|
|
|
|
ret = nfs_idmap_lookup_id(name, namelen, "gid", &id, idmap);
|
|
|
|
if (ret == 0) {
|
2019-04-25 05:46:47 +08:00
|
|
|
*gid = make_kgid(idmap_userns(idmap), id);
|
2013-02-01 19:21:47 +08:00
|
|
|
if (!gid_valid(*gid))
|
|
|
|
ret = -ERANGE;
|
|
|
|
}
|
2013-08-13 23:34:01 +08:00
|
|
|
trace_nfs4_map_group_to_gid(name, namelen, id, ret);
|
2013-02-01 19:21:47 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-02-01 19:21:47 +08:00
|
|
|
int nfs_map_uid_to_name(const struct nfs_server *server, kuid_t uid, char *buf, size_t buflen)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2011-02-23 07:44:31 +08:00
|
|
|
struct idmap *idmap = server->nfs_client->cl_idmap;
|
2011-02-23 07:44:32 +08:00
|
|
|
int ret = -EINVAL;
|
2013-02-01 19:21:47 +08:00
|
|
|
__u32 id;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-04-25 05:46:47 +08:00
|
|
|
id = from_kuid_munged(idmap_userns(idmap), uid);
|
2011-02-23 07:44:32 +08:00
|
|
|
if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
|
2013-02-01 19:21:47 +08:00
|
|
|
ret = nfs_idmap_lookup_name(id, "user", buf, buflen, idmap);
|
2011-02-23 07:44:31 +08:00
|
|
|
if (ret < 0)
|
2013-02-01 19:21:47 +08:00
|
|
|
ret = nfs_map_numeric_to_string(id, buf, buflen);
|
2013-08-13 23:34:01 +08:00
|
|
|
trace_nfs4_map_uid_to_name(buf, ret, id, ret);
|
2011-02-23 07:44:31 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2013-02-01 19:21:47 +08:00
|
|
|
int nfs_map_gid_to_group(const struct nfs_server *server, kgid_t gid, char *buf, size_t buflen)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2011-02-23 07:44:31 +08:00
|
|
|
struct idmap *idmap = server->nfs_client->cl_idmap;
|
2011-02-23 07:44:32 +08:00
|
|
|
int ret = -EINVAL;
|
2013-02-01 19:21:47 +08:00
|
|
|
__u32 id;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-04-25 05:46:47 +08:00
|
|
|
id = from_kgid_munged(idmap_userns(idmap), gid);
|
2011-02-23 07:44:32 +08:00
|
|
|
if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
|
2013-02-01 19:21:47 +08:00
|
|
|
ret = nfs_idmap_lookup_name(id, "group", buf, buflen, idmap);
|
2011-02-23 07:44:31 +08:00
|
|
|
if (ret < 0)
|
2013-02-01 19:21:47 +08:00
|
|
|
ret = nfs_map_numeric_to_string(id, buf, buflen);
|
2013-08-13 23:34:01 +08:00
|
|
|
trace_nfs4_map_gid_to_group(buf, ret, id, ret);
|
2011-02-23 07:44:31 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|