^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) * fs/nfs/idmap.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * UID and GID to name mapping for clients.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Copyright (c) 2002 The Regents of the University of Michigan.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * All rights reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Marius Aamodt Eriksen <marius@umich.edu>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * Redistribution and use in source and binary forms, with or without
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * modification, are permitted provided that the following conditions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * are met:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) * 1. Redistributions of source code must retain the above copyright
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) * notice, this list of conditions and the following disclaimer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * 2. Redistributions in binary form must reproduce the above copyright
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * notice, this list of conditions and the following disclaimer in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * documentation and/or other materials provided with the distribution.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * 3. Neither the name of the University nor the names of its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * contributors may be used to endorse or promote products derived
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * from this software without specific prior written permission.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <linux/parser.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #include <net/net_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #include <linux/sunrpc/rpc_pipe_fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #include <linux/nfs_fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #include <linux/nfs_fs_sb.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #include <linux/key.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #include <linux/keyctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #include <linux/key-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) #include <keys/user-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) #include <keys/request_key_auth-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) #include <linux/user_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) #include "internal.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #include "netns.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) #include "nfs4idmap.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) #include "nfs4trace.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) #define NFS_UINT_MAXLEN 11
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) static const struct cred *id_resolver_cache;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) static struct key_type key_type_id_resolver_legacy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) struct idmap_legacy_upcalldata {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) struct rpc_pipe_msg pipe_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) struct idmap_msg idmap_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) struct key *authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) struct idmap *idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) struct idmap {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) struct rpc_pipe_dir_object idmap_pdo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) struct rpc_pipe *idmap_pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) struct idmap_legacy_upcalldata *idmap_upcall_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) struct mutex idmap_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) struct user_namespace *user_ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) static struct user_namespace *idmap_userns(const struct idmap *idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) if (idmap && idmap->user_ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) return idmap->user_ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) return &init_user_ns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) * @fattr: fully initialised struct nfs_fattr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) * @owner_name: owner name string cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) * @group_name: group name string cache
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) void nfs_fattr_init_names(struct nfs_fattr *fattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) struct nfs4_string *owner_name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) struct nfs4_string *group_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) fattr->owner_name = owner_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) fattr->group_name = group_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) static void nfs_fattr_free_owner_name(struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) fattr->valid &= ~NFS_ATTR_FATTR_OWNER_NAME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) kfree(fattr->owner_name->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) static void nfs_fattr_free_group_name(struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) fattr->valid &= ~NFS_ATTR_FATTR_GROUP_NAME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) kfree(fattr->group_name->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) struct nfs4_string *owner = fattr->owner_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) kuid_t uid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) if (nfs_map_name_to_uid(server, owner->data, owner->len, &uid) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) fattr->uid = uid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) fattr->valid |= NFS_ATTR_FATTR_OWNER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) static bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) struct nfs4_string *group = fattr->group_name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) kgid_t gid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) if (nfs_map_group_to_gid(server, group->data, group->len, &gid) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) fattr->gid = gid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) fattr->valid |= NFS_ATTR_FATTR_GROUP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) * nfs_fattr_free_names - free up the NFSv4 owner and group strings
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) * @fattr: a fully initialised nfs_fattr structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) void nfs_fattr_free_names(struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) if (fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) nfs_fattr_free_owner_name(fattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) if (fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) nfs_fattr_free_group_name(fattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) * nfs_fattr_map_and_free_names - map owner/group strings into uid/gid and free
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) * @server: pointer to the filesystem nfs_server structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) * @fattr: a fully initialised nfs_fattr structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) * This helper maps the cached NFSv4 owner/group strings in fattr into
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) * their numeric uid/gid equivalents, and then frees the cached strings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) void nfs_fattr_map_and_free_names(struct nfs_server *server, struct nfs_fattr *fattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) if (nfs_fattr_map_owner_name(server, fattr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) nfs_fattr_free_owner_name(fattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) if (nfs_fattr_map_group_name(server, fattr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) nfs_fattr_free_group_name(fattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) int nfs_map_string_to_numeric(const char *name, size_t namelen, __u32 *res)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) unsigned long val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) char buf[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) memcpy(buf, name, namelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) buf[namelen] = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) if (kstrtoul(buf, 0, &val) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) *res = val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) EXPORT_SYMBOL_GPL(nfs_map_string_to_numeric);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) static int nfs_map_numeric_to_string(__u32 id, char *buf, size_t buflen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) return snprintf(buf, buflen, "%u", id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) static struct key_type key_type_id_resolver = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) .name = "id_resolver",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) .preparse = user_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) .free_preparse = user_free_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) .instantiate = generic_key_instantiate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) .revoke = user_revoke,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) .destroy = user_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) .describe = user_describe,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) .read = user_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) int nfs_idmap_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) struct cred *cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) struct key *keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) printk(KERN_NOTICE "NFS: Registering the %s key type\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) key_type_id_resolver.name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) cred = prepare_kernel_cred(NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) if (!cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) keyring = keyring_alloc(".id_resolver",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) (KEY_POS_ALL & ~KEY_POS_SETATTR) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) KEY_USR_VIEW | KEY_USR_READ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) if (IS_ERR(keyring)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) ret = PTR_ERR(keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) goto failed_put_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) ret = register_key_type(&key_type_id_resolver);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) goto failed_put_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) ret = register_key_type(&key_type_id_resolver_legacy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) goto failed_reg_legacy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) cred->thread_keyring = keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) id_resolver_cache = cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) failed_reg_legacy:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) unregister_key_type(&key_type_id_resolver);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) failed_put_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) key_put(keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) failed_put_cred:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) put_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) void nfs_idmap_quit(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) key_revoke(id_resolver_cache->thread_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) unregister_key_type(&key_type_id_resolver);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) unregister_key_type(&key_type_id_resolver_legacy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) put_cred(id_resolver_cache);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) * Assemble the description to pass to request_key()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) * This function will allocate a new string and update dest to point
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) * at it. The caller is responsible for freeing dest.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) * On error 0 is returned. Otherwise, the length of dest is returned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) static ssize_t nfs_idmap_get_desc(const char *name, size_t namelen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) const char *type, size_t typelen, char **desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) char *cp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) size_t desclen = typelen + namelen + 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) *desc = kmalloc(desclen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) if (!*desc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) cp = *desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) memcpy(cp, type, typelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) cp += typelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) *cp++ = ':';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) memcpy(cp, name, namelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) cp += namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) *cp = '\0';
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) return desclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) static struct key *nfs_idmap_request_key(const char *name, size_t namelen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) const char *type, struct idmap *idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) char *desc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) struct key *rkey = ERR_PTR(-EAGAIN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) ssize_t ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) ret = nfs_idmap_get_desc(name, namelen, type, strlen(type), &desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) return ERR_PTR(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) if (!idmap->user_ns || idmap->user_ns == &init_user_ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) rkey = request_key(&key_type_id_resolver, desc, "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) if (IS_ERR(rkey)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) mutex_lock(&idmap->idmap_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) rkey = request_key_with_auxdata(&key_type_id_resolver_legacy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) desc, NULL, "", 0, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) mutex_unlock(&idmap->idmap_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) if (!IS_ERR(rkey))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) kfree(desc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) return rkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) const char *type, void *data,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) size_t data_size, struct idmap *idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) const struct cred *saved_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) struct key *rkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) const struct user_key_payload *payload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) ssize_t ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) saved_cred = override_creds(id_resolver_cache);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) rkey = nfs_idmap_request_key(name, namelen, type, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) revert_creds(saved_cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) if (IS_ERR(rkey)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) ret = PTR_ERR(rkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) rkey->perm |= KEY_USR_VIEW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) ret = key_validate(rkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) goto out_up;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) payload = user_key_payload_rcu(rkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) if (IS_ERR_OR_NULL(payload)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) ret = PTR_ERR(payload);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) goto out_up;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) ret = payload->datalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) if (ret > 0 && ret <= data_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) memcpy(data, payload->data, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) out_up:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) key_put(rkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) /* ID -> Name */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) static ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) size_t buflen, struct idmap *idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) char id_str[NFS_UINT_MAXLEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) int id_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) ssize_t ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) /* Name -> ID */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) static int nfs_idmap_lookup_id(const char *name, size_t namelen, const char *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) __u32 *id, struct idmap *idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) char id_str[NFS_UINT_MAXLEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) long id_long;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) ssize_t data_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) data_size = nfs_idmap_get_key(name, namelen, type, id_str, NFS_UINT_MAXLEN, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) if (data_size <= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) ret = kstrtol(id_str, 10, &id_long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) if (!ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) *id = (__u32)id_long;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) /* idmap classic begins here */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) enum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) Opt_find_uid, Opt_find_gid, Opt_find_user, Opt_find_group, Opt_find_err
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) static const match_table_t nfs_idmap_tokens = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) { Opt_find_uid, "uid:%s" },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) { Opt_find_gid, "gid:%s" },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) { Opt_find_user, "user:%s" },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) { Opt_find_group, "group:%s" },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) { Opt_find_err, NULL }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) static int nfs_idmap_legacy_upcall(struct key *, void *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) static ssize_t idmap_pipe_downcall(struct file *, const char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) size_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) static void idmap_release_pipe(struct inode *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) static const struct rpc_pipe_ops idmap_upcall_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) .upcall = rpc_pipe_generic_upcall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) .downcall = idmap_pipe_downcall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) .release_pipe = idmap_release_pipe,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) .destroy_msg = idmap_pipe_destroy_msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) static struct key_type key_type_id_resolver_legacy = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) .name = "id_legacy",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) .preparse = user_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) .free_preparse = user_free_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) .instantiate = generic_key_instantiate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) .revoke = user_revoke,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) .destroy = user_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) .describe = user_describe,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) .read = user_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) .request_key = nfs_idmap_legacy_upcall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) static void nfs_idmap_pipe_destroy(struct dentry *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) struct rpc_pipe_dir_object *pdo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) struct idmap *idmap = pdo->pdo_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) struct rpc_pipe *pipe = idmap->idmap_pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) if (pipe->dentry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) rpc_unlink(pipe->dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) pipe->dentry = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) static int nfs_idmap_pipe_create(struct dentry *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) struct rpc_pipe_dir_object *pdo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) struct idmap *idmap = pdo->pdo_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) struct rpc_pipe *pipe = idmap->idmap_pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) struct dentry *dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) dentry = rpc_mkpipe_dentry(dir, "idmap", idmap, pipe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) if (IS_ERR(dentry))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) return PTR_ERR(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) pipe->dentry = dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) static const struct rpc_pipe_dir_object_ops nfs_idmap_pipe_dir_object_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) .create = nfs_idmap_pipe_create,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) .destroy = nfs_idmap_pipe_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) nfs_idmap_new(struct nfs_client *clp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) struct idmap *idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) struct rpc_pipe *pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) idmap = kzalloc(sizeof(*idmap), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) if (idmap == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) mutex_init(&idmap->idmap_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) idmap->user_ns = get_user_ns(clp->cl_rpcclient->cl_cred->user_ns);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) rpc_init_pipe_dir_object(&idmap->idmap_pdo,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) &nfs_idmap_pipe_dir_object_ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) pipe = rpc_mkpipe_data(&idmap_upcall_ops, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) if (IS_ERR(pipe)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) error = PTR_ERR(pipe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) idmap->idmap_pipe = pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) error = rpc_add_pipe_dir_object(clp->cl_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) &clp->cl_rpcclient->cl_pipedir_objects,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) &idmap->idmap_pdo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) if (error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) goto err_destroy_pipe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) clp->cl_idmap = idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) err_destroy_pipe:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) rpc_destroy_pipe_data(idmap->idmap_pipe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) put_user_ns(idmap->user_ns);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) kfree(idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) nfs_idmap_delete(struct nfs_client *clp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) struct idmap *idmap = clp->cl_idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) if (!idmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) clp->cl_idmap = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) rpc_remove_pipe_dir_object(clp->cl_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) &clp->cl_rpcclient->cl_pipedir_objects,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) &idmap->idmap_pdo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) rpc_destroy_pipe_data(idmap->idmap_pipe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) put_user_ns(idmap->user_ns);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) kfree(idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) static int nfs_idmap_prepare_message(char *desc, struct idmap *idmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) struct idmap_msg *im,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) struct rpc_pipe_msg *msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) substring_t substr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) int token, ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) im->im_type = IDMAP_TYPE_GROUP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) token = match_token(desc, nfs_idmap_tokens, &substr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) switch (token) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) case Opt_find_uid:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) im->im_type = IDMAP_TYPE_USER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) fallthrough;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) case Opt_find_gid:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) im->im_conv = IDMAP_CONV_NAMETOID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) ret = match_strlcpy(im->im_name, &substr, IDMAP_NAMESZ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) case Opt_find_user:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) im->im_type = IDMAP_TYPE_USER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) fallthrough;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) case Opt_find_group:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) im->im_conv = IDMAP_CONV_IDTONAME;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) ret = match_int(&substr, &im->im_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) msg->data = im;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) msg->len = sizeof(struct idmap_msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) static bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) nfs_idmap_prepare_pipe_upcall(struct idmap *idmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) struct idmap_legacy_upcalldata *data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) if (idmap->idmap_upcall_data != NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) idmap->idmap_upcall_data = data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) nfs_idmap_complete_pipe_upcall_locked(struct idmap *idmap, int ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) struct key *authkey = idmap->idmap_upcall_data->authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) kfree(idmap->idmap_upcall_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) idmap->idmap_upcall_data = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) complete_request_key(authkey, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) key_put(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) nfs_idmap_abort_pipe_upcall(struct idmap *idmap, int ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) if (idmap->idmap_upcall_data != NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) static int nfs_idmap_legacy_upcall(struct key *authkey, void *aux)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) struct idmap_legacy_upcalldata *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) struct request_key_auth *rka = get_request_key_auth(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) struct rpc_pipe_msg *msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) struct idmap_msg *im;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) struct idmap *idmap = (struct idmap *)aux;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) struct key *key = rka->target_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) int ret = -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) if (!aux)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) goto out1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) /* msg and im are freed in idmap_pipe_destroy_msg */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) data = kzalloc(sizeof(*data), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) if (!data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) goto out1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) msg = &data->pipe_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) im = &data->idmap_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) data->idmap = idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) data->authkey = key_get(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) ret = nfs_idmap_prepare_message(key->description, idmap, im, msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) goto out2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) ret = -EAGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) if (!nfs_idmap_prepare_pipe_upcall(idmap, data))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) goto out2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) ret = rpc_queue_upcall(idmap->idmap_pipe, msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) nfs_idmap_abort_pipe_upcall(idmap, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) out2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) kfree(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) out1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) complete_request_key(authkey, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) return key_instantiate_and_link(key, data, datalen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) id_resolver_cache->thread_keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) static int nfs_idmap_read_and_verify_message(struct idmap_msg *im,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) struct idmap_msg *upcall,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) struct key *key, struct key *authkey)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) char id_str[NFS_UINT_MAXLEN];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) size_t len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) int ret = -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) /* ret = -ENOKEY */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) if (upcall->im_type != im->im_type || upcall->im_conv != im->im_conv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) switch (im->im_conv) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) case IDMAP_CONV_NAMETOID:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) if (strcmp(upcall->im_name, im->im_name) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) /* Note: here we store the NUL terminator too */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) len = 1 + nfs_map_numeric_to_string(im->im_id, id_str,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) sizeof(id_str));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) ret = nfs_idmap_instantiate(key, authkey, id_str, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) case IDMAP_CONV_IDTONAME:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) if (upcall->im_id != im->im_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) len = strlen(im->im_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) ret = nfs_idmap_instantiate(key, authkey, im->im_name, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) static ssize_t
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) idmap_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) struct request_key_auth *rka;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) struct rpc_inode *rpci = RPC_I(file_inode(filp));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) struct idmap *idmap = (struct idmap *)rpci->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) struct key *authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) struct idmap_msg im;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) size_t namelen_in;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) int ret = -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) /* If instantiation is successful, anyone waiting for key construction
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) * will have been woken up and someone else may now have used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) * idmap_key_cons - so after this point we may no longer touch it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) if (idmap->idmap_upcall_data == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) goto out_noupcall;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) authkey = idmap->idmap_upcall_data->authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) rka = get_request_key_auth(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) if (mlen != sizeof(im)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) ret = -ENOSPC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) if (copy_from_user(&im, src, mlen) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) ret = -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) if (!(im.im_status & IDMAP_STATUS_SUCCESS)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) ret = -ENOKEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) namelen_in = strnlen(im.im_name, IDMAP_NAMESZ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) if (namelen_in == 0 || namelen_in == IDMAP_NAMESZ) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) ret = nfs_idmap_read_and_verify_message(&im,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) &idmap->idmap_upcall_data->idmap_msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) rka->target_key, authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) if (ret >= 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) key_set_timeout(rka->target_key, nfs_idmap_cache_timeout);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) ret = mlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) out_noupcall:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) idmap_pipe_destroy_msg(struct rpc_pipe_msg *msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) struct idmap_legacy_upcalldata *data = container_of(msg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) struct idmap_legacy_upcalldata,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) pipe_msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) struct idmap *idmap = data->idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) if (msg->errno)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) nfs_idmap_abort_pipe_upcall(idmap, msg->errno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) idmap_release_pipe(struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) struct rpc_inode *rpci = RPC_I(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) struct idmap *idmap = (struct idmap *)rpci->private;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) nfs_idmap_abort_pipe_upcall(idmap, -EPIPE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) struct idmap *idmap = server->nfs_client->cl_idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) __u32 id = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) if (!nfs_map_string_to_numeric(name, namelen, &id))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) if (ret == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) *uid = make_kuid(idmap_userns(idmap), id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) if (!uid_valid(*uid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) ret = -ERANGE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) trace_nfs4_map_name_to_uid(name, namelen, id, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, kgid_t *gid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) struct idmap *idmap = server->nfs_client->cl_idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) __u32 id = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) if (!nfs_map_string_to_numeric(name, namelen, &id))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) ret = nfs_idmap_lookup_id(name, namelen, "gid", &id, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) if (ret == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) *gid = make_kgid(idmap_userns(idmap), id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) if (!gid_valid(*gid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771) ret = -ERANGE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) trace_nfs4_map_group_to_gid(name, namelen, id, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) int nfs_map_uid_to_name(const struct nfs_server *server, kuid_t uid, char *buf, size_t buflen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) struct idmap *idmap = server->nfs_client->cl_idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) int ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) __u32 id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) id = from_kuid_munged(idmap_userns(idmap), uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) ret = nfs_idmap_lookup_name(id, "user", buf, buflen, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) ret = nfs_map_numeric_to_string(id, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) trace_nfs4_map_uid_to_name(buf, ret, id, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) int nfs_map_gid_to_group(const struct nfs_server *server, kgid_t gid, char *buf, size_t buflen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) struct idmap *idmap = server->nfs_client->cl_idmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) int ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) __u32 id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) id = from_kgid_munged(idmap_userns(idmap), gid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) ret = nfs_idmap_lookup_name(id, "group", buf, buflen, idmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) ret = nfs_map_numeric_to_string(id, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) trace_nfs4_map_gid_to_group(buf, ret, id, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags