18c2ecf20Sopenharmony_ci/* 28c2ecf20Sopenharmony_ci * fs/nfs/idmap.c 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * UID and GID to name mapping for clients. 58c2ecf20Sopenharmony_ci * 68c2ecf20Sopenharmony_ci * Copyright (c) 2002 The Regents of the University of Michigan. 78c2ecf20Sopenharmony_ci * All rights reserved. 88c2ecf20Sopenharmony_ci * 98c2ecf20Sopenharmony_ci * Marius Aamodt Eriksen <marius@umich.edu> 108c2ecf20Sopenharmony_ci * 118c2ecf20Sopenharmony_ci * Redistribution and use in source and binary forms, with or without 128c2ecf20Sopenharmony_ci * modification, are permitted provided that the following conditions 138c2ecf20Sopenharmony_ci * are met: 148c2ecf20Sopenharmony_ci * 158c2ecf20Sopenharmony_ci * 1. Redistributions of source code must retain the above copyright 168c2ecf20Sopenharmony_ci * notice, this list of conditions and the following disclaimer. 178c2ecf20Sopenharmony_ci * 2. Redistributions in binary form must reproduce the above copyright 188c2ecf20Sopenharmony_ci * notice, this list of conditions and the following disclaimer in the 198c2ecf20Sopenharmony_ci * documentation and/or other materials provided with the distribution. 208c2ecf20Sopenharmony_ci * 3. Neither the name of the University nor the names of its 218c2ecf20Sopenharmony_ci * contributors may be used to endorse or promote products derived 228c2ecf20Sopenharmony_ci * from this software without specific prior written permission. 238c2ecf20Sopenharmony_ci * 248c2ecf20Sopenharmony_ci * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 258c2ecf20Sopenharmony_ci * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 268c2ecf20Sopenharmony_ci * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 278c2ecf20Sopenharmony_ci * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 288c2ecf20Sopenharmony_ci * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 298c2ecf20Sopenharmony_ci * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 308c2ecf20Sopenharmony_ci * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 318c2ecf20Sopenharmony_ci * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 328c2ecf20Sopenharmony_ci * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 338c2ecf20Sopenharmony_ci * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 348c2ecf20Sopenharmony_ci * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 358c2ecf20Sopenharmony_ci */ 368c2ecf20Sopenharmony_ci#include <linux/types.h> 378c2ecf20Sopenharmony_ci#include <linux/parser.h> 388c2ecf20Sopenharmony_ci#include <linux/fs.h> 398c2ecf20Sopenharmony_ci#include <net/net_namespace.h> 408c2ecf20Sopenharmony_ci#include <linux/sunrpc/rpc_pipe_fs.h> 418c2ecf20Sopenharmony_ci#include <linux/nfs_fs.h> 428c2ecf20Sopenharmony_ci#include <linux/nfs_fs_sb.h> 438c2ecf20Sopenharmony_ci#include <linux/key.h> 448c2ecf20Sopenharmony_ci#include <linux/keyctl.h> 458c2ecf20Sopenharmony_ci#include <linux/key-type.h> 468c2ecf20Sopenharmony_ci#include <keys/user-type.h> 478c2ecf20Sopenharmony_ci#include <keys/request_key_auth-type.h> 488c2ecf20Sopenharmony_ci#include <linux/module.h> 498c2ecf20Sopenharmony_ci#include <linux/user_namespace.h> 508c2ecf20Sopenharmony_ci 518c2ecf20Sopenharmony_ci#include "internal.h" 528c2ecf20Sopenharmony_ci#include "netns.h" 538c2ecf20Sopenharmony_ci#include "nfs4idmap.h" 548c2ecf20Sopenharmony_ci#include "nfs4trace.h" 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_ci#define NFS_UINT_MAXLEN 11 578c2ecf20Sopenharmony_ci 588c2ecf20Sopenharmony_cistatic const struct cred *id_resolver_cache; 598c2ecf20Sopenharmony_cistatic struct key_type key_type_id_resolver_legacy; 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_cistruct idmap_legacy_upcalldata { 628c2ecf20Sopenharmony_ci struct rpc_pipe_msg pipe_msg; 638c2ecf20Sopenharmony_ci struct idmap_msg idmap_msg; 648c2ecf20Sopenharmony_ci struct key *authkey; 658c2ecf20Sopenharmony_ci struct idmap *idmap; 668c2ecf20Sopenharmony_ci}; 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_cistruct idmap { 698c2ecf20Sopenharmony_ci struct rpc_pipe_dir_object idmap_pdo; 708c2ecf20Sopenharmony_ci struct rpc_pipe *idmap_pipe; 718c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *idmap_upcall_data; 728c2ecf20Sopenharmony_ci struct mutex idmap_mutex; 738c2ecf20Sopenharmony_ci struct user_namespace *user_ns; 748c2ecf20Sopenharmony_ci}; 758c2ecf20Sopenharmony_ci 768c2ecf20Sopenharmony_cistatic struct user_namespace *idmap_userns(const struct idmap *idmap) 778c2ecf20Sopenharmony_ci{ 788c2ecf20Sopenharmony_ci if (idmap && idmap->user_ns) 798c2ecf20Sopenharmony_ci return idmap->user_ns; 808c2ecf20Sopenharmony_ci return &init_user_ns; 818c2ecf20Sopenharmony_ci} 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci/** 848c2ecf20Sopenharmony_ci * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields 858c2ecf20Sopenharmony_ci * @fattr: fully initialised struct nfs_fattr 868c2ecf20Sopenharmony_ci * @owner_name: owner name string cache 878c2ecf20Sopenharmony_ci * @group_name: group name string cache 888c2ecf20Sopenharmony_ci */ 898c2ecf20Sopenharmony_civoid nfs_fattr_init_names(struct nfs_fattr *fattr, 908c2ecf20Sopenharmony_ci struct nfs4_string *owner_name, 918c2ecf20Sopenharmony_ci struct nfs4_string *group_name) 928c2ecf20Sopenharmony_ci{ 938c2ecf20Sopenharmony_ci fattr->owner_name = owner_name; 948c2ecf20Sopenharmony_ci fattr->group_name = group_name; 958c2ecf20Sopenharmony_ci} 968c2ecf20Sopenharmony_ci 978c2ecf20Sopenharmony_cistatic void nfs_fattr_free_owner_name(struct nfs_fattr *fattr) 988c2ecf20Sopenharmony_ci{ 998c2ecf20Sopenharmony_ci fattr->valid &= ~NFS_ATTR_FATTR_OWNER_NAME; 1008c2ecf20Sopenharmony_ci kfree(fattr->owner_name->data); 1018c2ecf20Sopenharmony_ci} 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_cistatic void nfs_fattr_free_group_name(struct nfs_fattr *fattr) 1048c2ecf20Sopenharmony_ci{ 1058c2ecf20Sopenharmony_ci fattr->valid &= ~NFS_ATTR_FATTR_GROUP_NAME; 1068c2ecf20Sopenharmony_ci kfree(fattr->group_name->data); 1078c2ecf20Sopenharmony_ci} 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_cistatic bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr) 1108c2ecf20Sopenharmony_ci{ 1118c2ecf20Sopenharmony_ci struct nfs4_string *owner = fattr->owner_name; 1128c2ecf20Sopenharmony_ci kuid_t uid; 1138c2ecf20Sopenharmony_ci 1148c2ecf20Sopenharmony_ci if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)) 1158c2ecf20Sopenharmony_ci return false; 1168c2ecf20Sopenharmony_ci if (nfs_map_name_to_uid(server, owner->data, owner->len, &uid) == 0) { 1178c2ecf20Sopenharmony_ci fattr->uid = uid; 1188c2ecf20Sopenharmony_ci fattr->valid |= NFS_ATTR_FATTR_OWNER; 1198c2ecf20Sopenharmony_ci } 1208c2ecf20Sopenharmony_ci return true; 1218c2ecf20Sopenharmony_ci} 1228c2ecf20Sopenharmony_ci 1238c2ecf20Sopenharmony_cistatic bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr) 1248c2ecf20Sopenharmony_ci{ 1258c2ecf20Sopenharmony_ci struct nfs4_string *group = fattr->group_name; 1268c2ecf20Sopenharmony_ci kgid_t gid; 1278c2ecf20Sopenharmony_ci 1288c2ecf20Sopenharmony_ci if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)) 1298c2ecf20Sopenharmony_ci return false; 1308c2ecf20Sopenharmony_ci if (nfs_map_group_to_gid(server, group->data, group->len, &gid) == 0) { 1318c2ecf20Sopenharmony_ci fattr->gid = gid; 1328c2ecf20Sopenharmony_ci fattr->valid |= NFS_ATTR_FATTR_GROUP; 1338c2ecf20Sopenharmony_ci } 1348c2ecf20Sopenharmony_ci return true; 1358c2ecf20Sopenharmony_ci} 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ci/** 1388c2ecf20Sopenharmony_ci * nfs_fattr_free_names - free up the NFSv4 owner and group strings 1398c2ecf20Sopenharmony_ci * @fattr: a fully initialised nfs_fattr structure 1408c2ecf20Sopenharmony_ci */ 1418c2ecf20Sopenharmony_civoid nfs_fattr_free_names(struct nfs_fattr *fattr) 1428c2ecf20Sopenharmony_ci{ 1438c2ecf20Sopenharmony_ci if (fattr->valid & NFS_ATTR_FATTR_OWNER_NAME) 1448c2ecf20Sopenharmony_ci nfs_fattr_free_owner_name(fattr); 1458c2ecf20Sopenharmony_ci if (fattr->valid & NFS_ATTR_FATTR_GROUP_NAME) 1468c2ecf20Sopenharmony_ci nfs_fattr_free_group_name(fattr); 1478c2ecf20Sopenharmony_ci} 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_ci/** 1508c2ecf20Sopenharmony_ci * nfs_fattr_map_and_free_names - map owner/group strings into uid/gid and free 1518c2ecf20Sopenharmony_ci * @server: pointer to the filesystem nfs_server structure 1528c2ecf20Sopenharmony_ci * @fattr: a fully initialised nfs_fattr structure 1538c2ecf20Sopenharmony_ci * 1548c2ecf20Sopenharmony_ci * This helper maps the cached NFSv4 owner/group strings in fattr into 1558c2ecf20Sopenharmony_ci * their numeric uid/gid equivalents, and then frees the cached strings. 1568c2ecf20Sopenharmony_ci */ 1578c2ecf20Sopenharmony_civoid nfs_fattr_map_and_free_names(struct nfs_server *server, struct nfs_fattr *fattr) 1588c2ecf20Sopenharmony_ci{ 1598c2ecf20Sopenharmony_ci if (nfs_fattr_map_owner_name(server, fattr)) 1608c2ecf20Sopenharmony_ci nfs_fattr_free_owner_name(fattr); 1618c2ecf20Sopenharmony_ci if (nfs_fattr_map_group_name(server, fattr)) 1628c2ecf20Sopenharmony_ci nfs_fattr_free_group_name(fattr); 1638c2ecf20Sopenharmony_ci} 1648c2ecf20Sopenharmony_ci 1658c2ecf20Sopenharmony_ciint nfs_map_string_to_numeric(const char *name, size_t namelen, __u32 *res) 1668c2ecf20Sopenharmony_ci{ 1678c2ecf20Sopenharmony_ci unsigned long val; 1688c2ecf20Sopenharmony_ci char buf[16]; 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ci if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf)) 1718c2ecf20Sopenharmony_ci return 0; 1728c2ecf20Sopenharmony_ci memcpy(buf, name, namelen); 1738c2ecf20Sopenharmony_ci buf[namelen] = '\0'; 1748c2ecf20Sopenharmony_ci if (kstrtoul(buf, 0, &val) != 0) 1758c2ecf20Sopenharmony_ci return 0; 1768c2ecf20Sopenharmony_ci *res = val; 1778c2ecf20Sopenharmony_ci return 1; 1788c2ecf20Sopenharmony_ci} 1798c2ecf20Sopenharmony_ciEXPORT_SYMBOL_GPL(nfs_map_string_to_numeric); 1808c2ecf20Sopenharmony_ci 1818c2ecf20Sopenharmony_cistatic int nfs_map_numeric_to_string(__u32 id, char *buf, size_t buflen) 1828c2ecf20Sopenharmony_ci{ 1838c2ecf20Sopenharmony_ci return snprintf(buf, buflen, "%u", id); 1848c2ecf20Sopenharmony_ci} 1858c2ecf20Sopenharmony_ci 1868c2ecf20Sopenharmony_cistatic struct key_type key_type_id_resolver = { 1878c2ecf20Sopenharmony_ci .name = "id_resolver", 1888c2ecf20Sopenharmony_ci .preparse = user_preparse, 1898c2ecf20Sopenharmony_ci .free_preparse = user_free_preparse, 1908c2ecf20Sopenharmony_ci .instantiate = generic_key_instantiate, 1918c2ecf20Sopenharmony_ci .revoke = user_revoke, 1928c2ecf20Sopenharmony_ci .destroy = user_destroy, 1938c2ecf20Sopenharmony_ci .describe = user_describe, 1948c2ecf20Sopenharmony_ci .read = user_read, 1958c2ecf20Sopenharmony_ci}; 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ciint nfs_idmap_init(void) 1988c2ecf20Sopenharmony_ci{ 1998c2ecf20Sopenharmony_ci struct cred *cred; 2008c2ecf20Sopenharmony_ci struct key *keyring; 2018c2ecf20Sopenharmony_ci int ret = 0; 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_ci printk(KERN_NOTICE "NFS: Registering the %s key type\n", 2048c2ecf20Sopenharmony_ci key_type_id_resolver.name); 2058c2ecf20Sopenharmony_ci 2068c2ecf20Sopenharmony_ci cred = prepare_kernel_cred(NULL); 2078c2ecf20Sopenharmony_ci if (!cred) 2088c2ecf20Sopenharmony_ci return -ENOMEM; 2098c2ecf20Sopenharmony_ci 2108c2ecf20Sopenharmony_ci keyring = keyring_alloc(".id_resolver", 2118c2ecf20Sopenharmony_ci GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 2128c2ecf20Sopenharmony_ci (KEY_POS_ALL & ~KEY_POS_SETATTR) | 2138c2ecf20Sopenharmony_ci KEY_USR_VIEW | KEY_USR_READ, 2148c2ecf20Sopenharmony_ci KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 2158c2ecf20Sopenharmony_ci if (IS_ERR(keyring)) { 2168c2ecf20Sopenharmony_ci ret = PTR_ERR(keyring); 2178c2ecf20Sopenharmony_ci goto failed_put_cred; 2188c2ecf20Sopenharmony_ci } 2198c2ecf20Sopenharmony_ci 2208c2ecf20Sopenharmony_ci ret = register_key_type(&key_type_id_resolver); 2218c2ecf20Sopenharmony_ci if (ret < 0) 2228c2ecf20Sopenharmony_ci goto failed_put_key; 2238c2ecf20Sopenharmony_ci 2248c2ecf20Sopenharmony_ci ret = register_key_type(&key_type_id_resolver_legacy); 2258c2ecf20Sopenharmony_ci if (ret < 0) 2268c2ecf20Sopenharmony_ci goto failed_reg_legacy; 2278c2ecf20Sopenharmony_ci 2288c2ecf20Sopenharmony_ci set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags); 2298c2ecf20Sopenharmony_ci cred->thread_keyring = keyring; 2308c2ecf20Sopenharmony_ci cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; 2318c2ecf20Sopenharmony_ci id_resolver_cache = cred; 2328c2ecf20Sopenharmony_ci return 0; 2338c2ecf20Sopenharmony_ci 2348c2ecf20Sopenharmony_cifailed_reg_legacy: 2358c2ecf20Sopenharmony_ci unregister_key_type(&key_type_id_resolver); 2368c2ecf20Sopenharmony_cifailed_put_key: 2378c2ecf20Sopenharmony_ci key_put(keyring); 2388c2ecf20Sopenharmony_cifailed_put_cred: 2398c2ecf20Sopenharmony_ci put_cred(cred); 2408c2ecf20Sopenharmony_ci return ret; 2418c2ecf20Sopenharmony_ci} 2428c2ecf20Sopenharmony_ci 2438c2ecf20Sopenharmony_civoid nfs_idmap_quit(void) 2448c2ecf20Sopenharmony_ci{ 2458c2ecf20Sopenharmony_ci key_revoke(id_resolver_cache->thread_keyring); 2468c2ecf20Sopenharmony_ci unregister_key_type(&key_type_id_resolver); 2478c2ecf20Sopenharmony_ci unregister_key_type(&key_type_id_resolver_legacy); 2488c2ecf20Sopenharmony_ci put_cred(id_resolver_cache); 2498c2ecf20Sopenharmony_ci} 2508c2ecf20Sopenharmony_ci 2518c2ecf20Sopenharmony_ci/* 2528c2ecf20Sopenharmony_ci * Assemble the description to pass to request_key() 2538c2ecf20Sopenharmony_ci * This function will allocate a new string and update dest to point 2548c2ecf20Sopenharmony_ci * at it. The caller is responsible for freeing dest. 2558c2ecf20Sopenharmony_ci * 2568c2ecf20Sopenharmony_ci * On error 0 is returned. Otherwise, the length of dest is returned. 2578c2ecf20Sopenharmony_ci */ 2588c2ecf20Sopenharmony_cistatic ssize_t nfs_idmap_get_desc(const char *name, size_t namelen, 2598c2ecf20Sopenharmony_ci const char *type, size_t typelen, char **desc) 2608c2ecf20Sopenharmony_ci{ 2618c2ecf20Sopenharmony_ci char *cp; 2628c2ecf20Sopenharmony_ci size_t desclen = typelen + namelen + 2; 2638c2ecf20Sopenharmony_ci 2648c2ecf20Sopenharmony_ci *desc = kmalloc(desclen, GFP_KERNEL); 2658c2ecf20Sopenharmony_ci if (!*desc) 2668c2ecf20Sopenharmony_ci return -ENOMEM; 2678c2ecf20Sopenharmony_ci 2688c2ecf20Sopenharmony_ci cp = *desc; 2698c2ecf20Sopenharmony_ci memcpy(cp, type, typelen); 2708c2ecf20Sopenharmony_ci cp += typelen; 2718c2ecf20Sopenharmony_ci *cp++ = ':'; 2728c2ecf20Sopenharmony_ci 2738c2ecf20Sopenharmony_ci memcpy(cp, name, namelen); 2748c2ecf20Sopenharmony_ci cp += namelen; 2758c2ecf20Sopenharmony_ci *cp = '\0'; 2768c2ecf20Sopenharmony_ci return desclen; 2778c2ecf20Sopenharmony_ci} 2788c2ecf20Sopenharmony_ci 2798c2ecf20Sopenharmony_cistatic struct key *nfs_idmap_request_key(const char *name, size_t namelen, 2808c2ecf20Sopenharmony_ci const char *type, struct idmap *idmap) 2818c2ecf20Sopenharmony_ci{ 2828c2ecf20Sopenharmony_ci char *desc; 2838c2ecf20Sopenharmony_ci struct key *rkey = ERR_PTR(-EAGAIN); 2848c2ecf20Sopenharmony_ci ssize_t ret; 2858c2ecf20Sopenharmony_ci 2868c2ecf20Sopenharmony_ci ret = nfs_idmap_get_desc(name, namelen, type, strlen(type), &desc); 2878c2ecf20Sopenharmony_ci if (ret < 0) 2888c2ecf20Sopenharmony_ci return ERR_PTR(ret); 2898c2ecf20Sopenharmony_ci 2908c2ecf20Sopenharmony_ci if (!idmap->user_ns || idmap->user_ns == &init_user_ns) 2918c2ecf20Sopenharmony_ci rkey = request_key(&key_type_id_resolver, desc, ""); 2928c2ecf20Sopenharmony_ci if (IS_ERR(rkey)) { 2938c2ecf20Sopenharmony_ci mutex_lock(&idmap->idmap_mutex); 2948c2ecf20Sopenharmony_ci rkey = request_key_with_auxdata(&key_type_id_resolver_legacy, 2958c2ecf20Sopenharmony_ci desc, NULL, "", 0, idmap); 2968c2ecf20Sopenharmony_ci mutex_unlock(&idmap->idmap_mutex); 2978c2ecf20Sopenharmony_ci } 2988c2ecf20Sopenharmony_ci if (!IS_ERR(rkey)) 2998c2ecf20Sopenharmony_ci set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags); 3008c2ecf20Sopenharmony_ci 3018c2ecf20Sopenharmony_ci kfree(desc); 3028c2ecf20Sopenharmony_ci return rkey; 3038c2ecf20Sopenharmony_ci} 3048c2ecf20Sopenharmony_ci 3058c2ecf20Sopenharmony_cistatic ssize_t nfs_idmap_get_key(const char *name, size_t namelen, 3068c2ecf20Sopenharmony_ci const char *type, void *data, 3078c2ecf20Sopenharmony_ci size_t data_size, struct idmap *idmap) 3088c2ecf20Sopenharmony_ci{ 3098c2ecf20Sopenharmony_ci const struct cred *saved_cred; 3108c2ecf20Sopenharmony_ci struct key *rkey; 3118c2ecf20Sopenharmony_ci const struct user_key_payload *payload; 3128c2ecf20Sopenharmony_ci ssize_t ret; 3138c2ecf20Sopenharmony_ci 3148c2ecf20Sopenharmony_ci saved_cred = override_creds(id_resolver_cache); 3158c2ecf20Sopenharmony_ci rkey = nfs_idmap_request_key(name, namelen, type, idmap); 3168c2ecf20Sopenharmony_ci revert_creds(saved_cred); 3178c2ecf20Sopenharmony_ci 3188c2ecf20Sopenharmony_ci if (IS_ERR(rkey)) { 3198c2ecf20Sopenharmony_ci ret = PTR_ERR(rkey); 3208c2ecf20Sopenharmony_ci goto out; 3218c2ecf20Sopenharmony_ci } 3228c2ecf20Sopenharmony_ci 3238c2ecf20Sopenharmony_ci rcu_read_lock(); 3248c2ecf20Sopenharmony_ci rkey->perm |= KEY_USR_VIEW; 3258c2ecf20Sopenharmony_ci 3268c2ecf20Sopenharmony_ci ret = key_validate(rkey); 3278c2ecf20Sopenharmony_ci if (ret < 0) 3288c2ecf20Sopenharmony_ci goto out_up; 3298c2ecf20Sopenharmony_ci 3308c2ecf20Sopenharmony_ci payload = user_key_payload_rcu(rkey); 3318c2ecf20Sopenharmony_ci if (IS_ERR_OR_NULL(payload)) { 3328c2ecf20Sopenharmony_ci ret = PTR_ERR(payload); 3338c2ecf20Sopenharmony_ci goto out_up; 3348c2ecf20Sopenharmony_ci } 3358c2ecf20Sopenharmony_ci 3368c2ecf20Sopenharmony_ci ret = payload->datalen; 3378c2ecf20Sopenharmony_ci if (ret > 0 && ret <= data_size) 3388c2ecf20Sopenharmony_ci memcpy(data, payload->data, ret); 3398c2ecf20Sopenharmony_ci else 3408c2ecf20Sopenharmony_ci ret = -EINVAL; 3418c2ecf20Sopenharmony_ci 3428c2ecf20Sopenharmony_ciout_up: 3438c2ecf20Sopenharmony_ci rcu_read_unlock(); 3448c2ecf20Sopenharmony_ci key_put(rkey); 3458c2ecf20Sopenharmony_ciout: 3468c2ecf20Sopenharmony_ci return ret; 3478c2ecf20Sopenharmony_ci} 3488c2ecf20Sopenharmony_ci 3498c2ecf20Sopenharmony_ci/* ID -> Name */ 3508c2ecf20Sopenharmony_cistatic ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf, 3518c2ecf20Sopenharmony_ci size_t buflen, struct idmap *idmap) 3528c2ecf20Sopenharmony_ci{ 3538c2ecf20Sopenharmony_ci char id_str[NFS_UINT_MAXLEN]; 3548c2ecf20Sopenharmony_ci int id_len; 3558c2ecf20Sopenharmony_ci ssize_t ret; 3568c2ecf20Sopenharmony_ci 3578c2ecf20Sopenharmony_ci id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str)); 3588c2ecf20Sopenharmony_ci ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap); 3598c2ecf20Sopenharmony_ci if (ret < 0) 3608c2ecf20Sopenharmony_ci return -EINVAL; 3618c2ecf20Sopenharmony_ci return ret; 3628c2ecf20Sopenharmony_ci} 3638c2ecf20Sopenharmony_ci 3648c2ecf20Sopenharmony_ci/* Name -> ID */ 3658c2ecf20Sopenharmony_cistatic int nfs_idmap_lookup_id(const char *name, size_t namelen, const char *type, 3668c2ecf20Sopenharmony_ci __u32 *id, struct idmap *idmap) 3678c2ecf20Sopenharmony_ci{ 3688c2ecf20Sopenharmony_ci char id_str[NFS_UINT_MAXLEN]; 3698c2ecf20Sopenharmony_ci long id_long; 3708c2ecf20Sopenharmony_ci ssize_t data_size; 3718c2ecf20Sopenharmony_ci int ret = 0; 3728c2ecf20Sopenharmony_ci 3738c2ecf20Sopenharmony_ci data_size = nfs_idmap_get_key(name, namelen, type, id_str, NFS_UINT_MAXLEN, idmap); 3748c2ecf20Sopenharmony_ci if (data_size <= 0) { 3758c2ecf20Sopenharmony_ci ret = -EINVAL; 3768c2ecf20Sopenharmony_ci } else { 3778c2ecf20Sopenharmony_ci ret = kstrtol(id_str, 10, &id_long); 3788c2ecf20Sopenharmony_ci if (!ret) 3798c2ecf20Sopenharmony_ci *id = (__u32)id_long; 3808c2ecf20Sopenharmony_ci } 3818c2ecf20Sopenharmony_ci return ret; 3828c2ecf20Sopenharmony_ci} 3838c2ecf20Sopenharmony_ci 3848c2ecf20Sopenharmony_ci/* idmap classic begins here */ 3858c2ecf20Sopenharmony_ci 3868c2ecf20Sopenharmony_cienum { 3878c2ecf20Sopenharmony_ci Opt_find_uid, Opt_find_gid, Opt_find_user, Opt_find_group, Opt_find_err 3888c2ecf20Sopenharmony_ci}; 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_cistatic const match_table_t nfs_idmap_tokens = { 3918c2ecf20Sopenharmony_ci { Opt_find_uid, "uid:%s" }, 3928c2ecf20Sopenharmony_ci { Opt_find_gid, "gid:%s" }, 3938c2ecf20Sopenharmony_ci { Opt_find_user, "user:%s" }, 3948c2ecf20Sopenharmony_ci { Opt_find_group, "group:%s" }, 3958c2ecf20Sopenharmony_ci { Opt_find_err, NULL } 3968c2ecf20Sopenharmony_ci}; 3978c2ecf20Sopenharmony_ci 3988c2ecf20Sopenharmony_cistatic int nfs_idmap_legacy_upcall(struct key *, void *); 3998c2ecf20Sopenharmony_cistatic ssize_t idmap_pipe_downcall(struct file *, const char __user *, 4008c2ecf20Sopenharmony_ci size_t); 4018c2ecf20Sopenharmony_cistatic void idmap_release_pipe(struct inode *); 4028c2ecf20Sopenharmony_cistatic void idmap_pipe_destroy_msg(struct rpc_pipe_msg *); 4038c2ecf20Sopenharmony_ci 4048c2ecf20Sopenharmony_cistatic const struct rpc_pipe_ops idmap_upcall_ops = { 4058c2ecf20Sopenharmony_ci .upcall = rpc_pipe_generic_upcall, 4068c2ecf20Sopenharmony_ci .downcall = idmap_pipe_downcall, 4078c2ecf20Sopenharmony_ci .release_pipe = idmap_release_pipe, 4088c2ecf20Sopenharmony_ci .destroy_msg = idmap_pipe_destroy_msg, 4098c2ecf20Sopenharmony_ci}; 4108c2ecf20Sopenharmony_ci 4118c2ecf20Sopenharmony_cistatic struct key_type key_type_id_resolver_legacy = { 4128c2ecf20Sopenharmony_ci .name = "id_legacy", 4138c2ecf20Sopenharmony_ci .preparse = user_preparse, 4148c2ecf20Sopenharmony_ci .free_preparse = user_free_preparse, 4158c2ecf20Sopenharmony_ci .instantiate = generic_key_instantiate, 4168c2ecf20Sopenharmony_ci .revoke = user_revoke, 4178c2ecf20Sopenharmony_ci .destroy = user_destroy, 4188c2ecf20Sopenharmony_ci .describe = user_describe, 4198c2ecf20Sopenharmony_ci .read = user_read, 4208c2ecf20Sopenharmony_ci .request_key = nfs_idmap_legacy_upcall, 4218c2ecf20Sopenharmony_ci}; 4228c2ecf20Sopenharmony_ci 4238c2ecf20Sopenharmony_cistatic void nfs_idmap_pipe_destroy(struct dentry *dir, 4248c2ecf20Sopenharmony_ci struct rpc_pipe_dir_object *pdo) 4258c2ecf20Sopenharmony_ci{ 4268c2ecf20Sopenharmony_ci struct idmap *idmap = pdo->pdo_data; 4278c2ecf20Sopenharmony_ci struct rpc_pipe *pipe = idmap->idmap_pipe; 4288c2ecf20Sopenharmony_ci 4298c2ecf20Sopenharmony_ci if (pipe->dentry) { 4308c2ecf20Sopenharmony_ci rpc_unlink(pipe->dentry); 4318c2ecf20Sopenharmony_ci pipe->dentry = NULL; 4328c2ecf20Sopenharmony_ci } 4338c2ecf20Sopenharmony_ci} 4348c2ecf20Sopenharmony_ci 4358c2ecf20Sopenharmony_cistatic int nfs_idmap_pipe_create(struct dentry *dir, 4368c2ecf20Sopenharmony_ci struct rpc_pipe_dir_object *pdo) 4378c2ecf20Sopenharmony_ci{ 4388c2ecf20Sopenharmony_ci struct idmap *idmap = pdo->pdo_data; 4398c2ecf20Sopenharmony_ci struct rpc_pipe *pipe = idmap->idmap_pipe; 4408c2ecf20Sopenharmony_ci struct dentry *dentry; 4418c2ecf20Sopenharmony_ci 4428c2ecf20Sopenharmony_ci dentry = rpc_mkpipe_dentry(dir, "idmap", idmap, pipe); 4438c2ecf20Sopenharmony_ci if (IS_ERR(dentry)) 4448c2ecf20Sopenharmony_ci return PTR_ERR(dentry); 4458c2ecf20Sopenharmony_ci pipe->dentry = dentry; 4468c2ecf20Sopenharmony_ci return 0; 4478c2ecf20Sopenharmony_ci} 4488c2ecf20Sopenharmony_ci 4498c2ecf20Sopenharmony_cistatic const struct rpc_pipe_dir_object_ops nfs_idmap_pipe_dir_object_ops = { 4508c2ecf20Sopenharmony_ci .create = nfs_idmap_pipe_create, 4518c2ecf20Sopenharmony_ci .destroy = nfs_idmap_pipe_destroy, 4528c2ecf20Sopenharmony_ci}; 4538c2ecf20Sopenharmony_ci 4548c2ecf20Sopenharmony_ciint 4558c2ecf20Sopenharmony_cinfs_idmap_new(struct nfs_client *clp) 4568c2ecf20Sopenharmony_ci{ 4578c2ecf20Sopenharmony_ci struct idmap *idmap; 4588c2ecf20Sopenharmony_ci struct rpc_pipe *pipe; 4598c2ecf20Sopenharmony_ci int error; 4608c2ecf20Sopenharmony_ci 4618c2ecf20Sopenharmony_ci idmap = kzalloc(sizeof(*idmap), GFP_KERNEL); 4628c2ecf20Sopenharmony_ci if (idmap == NULL) 4638c2ecf20Sopenharmony_ci return -ENOMEM; 4648c2ecf20Sopenharmony_ci 4658c2ecf20Sopenharmony_ci mutex_init(&idmap->idmap_mutex); 4668c2ecf20Sopenharmony_ci idmap->user_ns = get_user_ns(clp->cl_rpcclient->cl_cred->user_ns); 4678c2ecf20Sopenharmony_ci 4688c2ecf20Sopenharmony_ci rpc_init_pipe_dir_object(&idmap->idmap_pdo, 4698c2ecf20Sopenharmony_ci &nfs_idmap_pipe_dir_object_ops, 4708c2ecf20Sopenharmony_ci idmap); 4718c2ecf20Sopenharmony_ci 4728c2ecf20Sopenharmony_ci pipe = rpc_mkpipe_data(&idmap_upcall_ops, 0); 4738c2ecf20Sopenharmony_ci if (IS_ERR(pipe)) { 4748c2ecf20Sopenharmony_ci error = PTR_ERR(pipe); 4758c2ecf20Sopenharmony_ci goto err; 4768c2ecf20Sopenharmony_ci } 4778c2ecf20Sopenharmony_ci idmap->idmap_pipe = pipe; 4788c2ecf20Sopenharmony_ci 4798c2ecf20Sopenharmony_ci error = rpc_add_pipe_dir_object(clp->cl_net, 4808c2ecf20Sopenharmony_ci &clp->cl_rpcclient->cl_pipedir_objects, 4818c2ecf20Sopenharmony_ci &idmap->idmap_pdo); 4828c2ecf20Sopenharmony_ci if (error) 4838c2ecf20Sopenharmony_ci goto err_destroy_pipe; 4848c2ecf20Sopenharmony_ci 4858c2ecf20Sopenharmony_ci clp->cl_idmap = idmap; 4868c2ecf20Sopenharmony_ci return 0; 4878c2ecf20Sopenharmony_cierr_destroy_pipe: 4888c2ecf20Sopenharmony_ci rpc_destroy_pipe_data(idmap->idmap_pipe); 4898c2ecf20Sopenharmony_cierr: 4908c2ecf20Sopenharmony_ci put_user_ns(idmap->user_ns); 4918c2ecf20Sopenharmony_ci kfree(idmap); 4928c2ecf20Sopenharmony_ci return error; 4938c2ecf20Sopenharmony_ci} 4948c2ecf20Sopenharmony_ci 4958c2ecf20Sopenharmony_civoid 4968c2ecf20Sopenharmony_cinfs_idmap_delete(struct nfs_client *clp) 4978c2ecf20Sopenharmony_ci{ 4988c2ecf20Sopenharmony_ci struct idmap *idmap = clp->cl_idmap; 4998c2ecf20Sopenharmony_ci 5008c2ecf20Sopenharmony_ci if (!idmap) 5018c2ecf20Sopenharmony_ci return; 5028c2ecf20Sopenharmony_ci clp->cl_idmap = NULL; 5038c2ecf20Sopenharmony_ci rpc_remove_pipe_dir_object(clp->cl_net, 5048c2ecf20Sopenharmony_ci &clp->cl_rpcclient->cl_pipedir_objects, 5058c2ecf20Sopenharmony_ci &idmap->idmap_pdo); 5068c2ecf20Sopenharmony_ci rpc_destroy_pipe_data(idmap->idmap_pipe); 5078c2ecf20Sopenharmony_ci put_user_ns(idmap->user_ns); 5088c2ecf20Sopenharmony_ci kfree(idmap); 5098c2ecf20Sopenharmony_ci} 5108c2ecf20Sopenharmony_ci 5118c2ecf20Sopenharmony_cistatic int nfs_idmap_prepare_message(char *desc, struct idmap *idmap, 5128c2ecf20Sopenharmony_ci struct idmap_msg *im, 5138c2ecf20Sopenharmony_ci struct rpc_pipe_msg *msg) 5148c2ecf20Sopenharmony_ci{ 5158c2ecf20Sopenharmony_ci substring_t substr; 5168c2ecf20Sopenharmony_ci int token, ret; 5178c2ecf20Sopenharmony_ci 5188c2ecf20Sopenharmony_ci im->im_type = IDMAP_TYPE_GROUP; 5198c2ecf20Sopenharmony_ci token = match_token(desc, nfs_idmap_tokens, &substr); 5208c2ecf20Sopenharmony_ci 5218c2ecf20Sopenharmony_ci switch (token) { 5228c2ecf20Sopenharmony_ci case Opt_find_uid: 5238c2ecf20Sopenharmony_ci im->im_type = IDMAP_TYPE_USER; 5248c2ecf20Sopenharmony_ci fallthrough; 5258c2ecf20Sopenharmony_ci case Opt_find_gid: 5268c2ecf20Sopenharmony_ci im->im_conv = IDMAP_CONV_NAMETOID; 5278c2ecf20Sopenharmony_ci ret = match_strlcpy(im->im_name, &substr, IDMAP_NAMESZ); 5288c2ecf20Sopenharmony_ci break; 5298c2ecf20Sopenharmony_ci 5308c2ecf20Sopenharmony_ci case Opt_find_user: 5318c2ecf20Sopenharmony_ci im->im_type = IDMAP_TYPE_USER; 5328c2ecf20Sopenharmony_ci fallthrough; 5338c2ecf20Sopenharmony_ci case Opt_find_group: 5348c2ecf20Sopenharmony_ci im->im_conv = IDMAP_CONV_IDTONAME; 5358c2ecf20Sopenharmony_ci ret = match_int(&substr, &im->im_id); 5368c2ecf20Sopenharmony_ci if (ret) 5378c2ecf20Sopenharmony_ci goto out; 5388c2ecf20Sopenharmony_ci break; 5398c2ecf20Sopenharmony_ci 5408c2ecf20Sopenharmony_ci default: 5418c2ecf20Sopenharmony_ci ret = -EINVAL; 5428c2ecf20Sopenharmony_ci goto out; 5438c2ecf20Sopenharmony_ci } 5448c2ecf20Sopenharmony_ci 5458c2ecf20Sopenharmony_ci msg->data = im; 5468c2ecf20Sopenharmony_ci msg->len = sizeof(struct idmap_msg); 5478c2ecf20Sopenharmony_ci 5488c2ecf20Sopenharmony_ciout: 5498c2ecf20Sopenharmony_ci return ret; 5508c2ecf20Sopenharmony_ci} 5518c2ecf20Sopenharmony_ci 5528c2ecf20Sopenharmony_cistatic bool 5538c2ecf20Sopenharmony_cinfs_idmap_prepare_pipe_upcall(struct idmap *idmap, 5548c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data) 5558c2ecf20Sopenharmony_ci{ 5568c2ecf20Sopenharmony_ci if (idmap->idmap_upcall_data != NULL) { 5578c2ecf20Sopenharmony_ci WARN_ON_ONCE(1); 5588c2ecf20Sopenharmony_ci return false; 5598c2ecf20Sopenharmony_ci } 5608c2ecf20Sopenharmony_ci idmap->idmap_upcall_data = data; 5618c2ecf20Sopenharmony_ci return true; 5628c2ecf20Sopenharmony_ci} 5638c2ecf20Sopenharmony_ci 5648c2ecf20Sopenharmony_cistatic void nfs_idmap_complete_pipe_upcall(struct idmap_legacy_upcalldata *data, 5658c2ecf20Sopenharmony_ci int ret) 5668c2ecf20Sopenharmony_ci{ 5678c2ecf20Sopenharmony_ci complete_request_key(data->authkey, ret); 5688c2ecf20Sopenharmony_ci key_put(data->authkey); 5698c2ecf20Sopenharmony_ci kfree(data); 5708c2ecf20Sopenharmony_ci} 5718c2ecf20Sopenharmony_ci 5728c2ecf20Sopenharmony_cistatic void nfs_idmap_abort_pipe_upcall(struct idmap *idmap, 5738c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data, 5748c2ecf20Sopenharmony_ci int ret) 5758c2ecf20Sopenharmony_ci{ 5768c2ecf20Sopenharmony_ci if (cmpxchg(&idmap->idmap_upcall_data, data, NULL) == data) 5778c2ecf20Sopenharmony_ci nfs_idmap_complete_pipe_upcall(data, ret); 5788c2ecf20Sopenharmony_ci} 5798c2ecf20Sopenharmony_ci 5808c2ecf20Sopenharmony_cistatic int nfs_idmap_legacy_upcall(struct key *authkey, void *aux) 5818c2ecf20Sopenharmony_ci{ 5828c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data; 5838c2ecf20Sopenharmony_ci struct request_key_auth *rka = get_request_key_auth(authkey); 5848c2ecf20Sopenharmony_ci struct rpc_pipe_msg *msg; 5858c2ecf20Sopenharmony_ci struct idmap_msg *im; 5868c2ecf20Sopenharmony_ci struct idmap *idmap = (struct idmap *)aux; 5878c2ecf20Sopenharmony_ci struct key *key = rka->target_key; 5888c2ecf20Sopenharmony_ci int ret = -ENOKEY; 5898c2ecf20Sopenharmony_ci 5908c2ecf20Sopenharmony_ci if (!aux) 5918c2ecf20Sopenharmony_ci goto out1; 5928c2ecf20Sopenharmony_ci 5938c2ecf20Sopenharmony_ci /* msg and im are freed in idmap_pipe_destroy_msg */ 5948c2ecf20Sopenharmony_ci ret = -ENOMEM; 5958c2ecf20Sopenharmony_ci data = kzalloc(sizeof(*data), GFP_KERNEL); 5968c2ecf20Sopenharmony_ci if (!data) 5978c2ecf20Sopenharmony_ci goto out1; 5988c2ecf20Sopenharmony_ci 5998c2ecf20Sopenharmony_ci msg = &data->pipe_msg; 6008c2ecf20Sopenharmony_ci im = &data->idmap_msg; 6018c2ecf20Sopenharmony_ci data->idmap = idmap; 6028c2ecf20Sopenharmony_ci data->authkey = key_get(authkey); 6038c2ecf20Sopenharmony_ci 6048c2ecf20Sopenharmony_ci ret = nfs_idmap_prepare_message(key->description, idmap, im, msg); 6058c2ecf20Sopenharmony_ci if (ret < 0) 6068c2ecf20Sopenharmony_ci goto out2; 6078c2ecf20Sopenharmony_ci 6088c2ecf20Sopenharmony_ci ret = -EAGAIN; 6098c2ecf20Sopenharmony_ci if (!nfs_idmap_prepare_pipe_upcall(idmap, data)) 6108c2ecf20Sopenharmony_ci goto out2; 6118c2ecf20Sopenharmony_ci 6128c2ecf20Sopenharmony_ci ret = rpc_queue_upcall(idmap->idmap_pipe, msg); 6138c2ecf20Sopenharmony_ci if (ret < 0) 6148c2ecf20Sopenharmony_ci nfs_idmap_abort_pipe_upcall(idmap, data, ret); 6158c2ecf20Sopenharmony_ci 6168c2ecf20Sopenharmony_ci return ret; 6178c2ecf20Sopenharmony_ciout2: 6188c2ecf20Sopenharmony_ci kfree(data); 6198c2ecf20Sopenharmony_ciout1: 6208c2ecf20Sopenharmony_ci complete_request_key(authkey, ret); 6218c2ecf20Sopenharmony_ci return ret; 6228c2ecf20Sopenharmony_ci} 6238c2ecf20Sopenharmony_ci 6248c2ecf20Sopenharmony_cistatic int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen) 6258c2ecf20Sopenharmony_ci{ 6268c2ecf20Sopenharmony_ci return key_instantiate_and_link(key, data, datalen, 6278c2ecf20Sopenharmony_ci id_resolver_cache->thread_keyring, 6288c2ecf20Sopenharmony_ci authkey); 6298c2ecf20Sopenharmony_ci} 6308c2ecf20Sopenharmony_ci 6318c2ecf20Sopenharmony_cistatic int nfs_idmap_read_and_verify_message(struct idmap_msg *im, 6328c2ecf20Sopenharmony_ci struct idmap_msg *upcall, 6338c2ecf20Sopenharmony_ci struct key *key, struct key *authkey) 6348c2ecf20Sopenharmony_ci{ 6358c2ecf20Sopenharmony_ci char id_str[NFS_UINT_MAXLEN]; 6368c2ecf20Sopenharmony_ci size_t len; 6378c2ecf20Sopenharmony_ci int ret = -ENOKEY; 6388c2ecf20Sopenharmony_ci 6398c2ecf20Sopenharmony_ci /* ret = -ENOKEY */ 6408c2ecf20Sopenharmony_ci if (upcall->im_type != im->im_type || upcall->im_conv != im->im_conv) 6418c2ecf20Sopenharmony_ci goto out; 6428c2ecf20Sopenharmony_ci switch (im->im_conv) { 6438c2ecf20Sopenharmony_ci case IDMAP_CONV_NAMETOID: 6448c2ecf20Sopenharmony_ci if (strcmp(upcall->im_name, im->im_name) != 0) 6458c2ecf20Sopenharmony_ci break; 6468c2ecf20Sopenharmony_ci /* Note: here we store the NUL terminator too */ 6478c2ecf20Sopenharmony_ci len = 1 + nfs_map_numeric_to_string(im->im_id, id_str, 6488c2ecf20Sopenharmony_ci sizeof(id_str)); 6498c2ecf20Sopenharmony_ci ret = nfs_idmap_instantiate(key, authkey, id_str, len); 6508c2ecf20Sopenharmony_ci break; 6518c2ecf20Sopenharmony_ci case IDMAP_CONV_IDTONAME: 6528c2ecf20Sopenharmony_ci if (upcall->im_id != im->im_id) 6538c2ecf20Sopenharmony_ci break; 6548c2ecf20Sopenharmony_ci len = strlen(im->im_name); 6558c2ecf20Sopenharmony_ci ret = nfs_idmap_instantiate(key, authkey, im->im_name, len); 6568c2ecf20Sopenharmony_ci break; 6578c2ecf20Sopenharmony_ci default: 6588c2ecf20Sopenharmony_ci ret = -EINVAL; 6598c2ecf20Sopenharmony_ci } 6608c2ecf20Sopenharmony_ciout: 6618c2ecf20Sopenharmony_ci return ret; 6628c2ecf20Sopenharmony_ci} 6638c2ecf20Sopenharmony_ci 6648c2ecf20Sopenharmony_cistatic ssize_t 6658c2ecf20Sopenharmony_ciidmap_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) 6668c2ecf20Sopenharmony_ci{ 6678c2ecf20Sopenharmony_ci struct request_key_auth *rka; 6688c2ecf20Sopenharmony_ci struct rpc_inode *rpci = RPC_I(file_inode(filp)); 6698c2ecf20Sopenharmony_ci struct idmap *idmap = (struct idmap *)rpci->private; 6708c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data; 6718c2ecf20Sopenharmony_ci struct key *authkey; 6728c2ecf20Sopenharmony_ci struct idmap_msg im; 6738c2ecf20Sopenharmony_ci size_t namelen_in; 6748c2ecf20Sopenharmony_ci int ret = -ENOKEY; 6758c2ecf20Sopenharmony_ci 6768c2ecf20Sopenharmony_ci /* If instantiation is successful, anyone waiting for key construction 6778c2ecf20Sopenharmony_ci * will have been woken up and someone else may now have used 6788c2ecf20Sopenharmony_ci * idmap_key_cons - so after this point we may no longer touch it. 6798c2ecf20Sopenharmony_ci */ 6808c2ecf20Sopenharmony_ci data = xchg(&idmap->idmap_upcall_data, NULL); 6818c2ecf20Sopenharmony_ci if (data == NULL) 6828c2ecf20Sopenharmony_ci goto out_noupcall; 6838c2ecf20Sopenharmony_ci 6848c2ecf20Sopenharmony_ci authkey = data->authkey; 6858c2ecf20Sopenharmony_ci rka = get_request_key_auth(authkey); 6868c2ecf20Sopenharmony_ci 6878c2ecf20Sopenharmony_ci if (mlen != sizeof(im)) { 6888c2ecf20Sopenharmony_ci ret = -ENOSPC; 6898c2ecf20Sopenharmony_ci goto out; 6908c2ecf20Sopenharmony_ci } 6918c2ecf20Sopenharmony_ci 6928c2ecf20Sopenharmony_ci if (copy_from_user(&im, src, mlen) != 0) { 6938c2ecf20Sopenharmony_ci ret = -EFAULT; 6948c2ecf20Sopenharmony_ci goto out; 6958c2ecf20Sopenharmony_ci } 6968c2ecf20Sopenharmony_ci 6978c2ecf20Sopenharmony_ci if (!(im.im_status & IDMAP_STATUS_SUCCESS)) { 6988c2ecf20Sopenharmony_ci ret = -ENOKEY; 6998c2ecf20Sopenharmony_ci goto out; 7008c2ecf20Sopenharmony_ci } 7018c2ecf20Sopenharmony_ci 7028c2ecf20Sopenharmony_ci namelen_in = strnlen(im.im_name, IDMAP_NAMESZ); 7038c2ecf20Sopenharmony_ci if (namelen_in == 0 || namelen_in == IDMAP_NAMESZ) { 7048c2ecf20Sopenharmony_ci ret = -EINVAL; 7058c2ecf20Sopenharmony_ci goto out; 7068c2ecf20Sopenharmony_ci } 7078c2ecf20Sopenharmony_ci 7088c2ecf20Sopenharmony_ci ret = nfs_idmap_read_and_verify_message(&im, &data->idmap_msg, 7098c2ecf20Sopenharmony_ci rka->target_key, authkey); 7108c2ecf20Sopenharmony_ci if (ret >= 0) { 7118c2ecf20Sopenharmony_ci key_set_timeout(rka->target_key, nfs_idmap_cache_timeout); 7128c2ecf20Sopenharmony_ci ret = mlen; 7138c2ecf20Sopenharmony_ci } 7148c2ecf20Sopenharmony_ci 7158c2ecf20Sopenharmony_ciout: 7168c2ecf20Sopenharmony_ci nfs_idmap_complete_pipe_upcall(data, ret); 7178c2ecf20Sopenharmony_ciout_noupcall: 7188c2ecf20Sopenharmony_ci return ret; 7198c2ecf20Sopenharmony_ci} 7208c2ecf20Sopenharmony_ci 7218c2ecf20Sopenharmony_cistatic void 7228c2ecf20Sopenharmony_ciidmap_pipe_destroy_msg(struct rpc_pipe_msg *msg) 7238c2ecf20Sopenharmony_ci{ 7248c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data = container_of(msg, 7258c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata, 7268c2ecf20Sopenharmony_ci pipe_msg); 7278c2ecf20Sopenharmony_ci struct idmap *idmap = data->idmap; 7288c2ecf20Sopenharmony_ci 7298c2ecf20Sopenharmony_ci if (msg->errno) 7308c2ecf20Sopenharmony_ci nfs_idmap_abort_pipe_upcall(idmap, data, msg->errno); 7318c2ecf20Sopenharmony_ci} 7328c2ecf20Sopenharmony_ci 7338c2ecf20Sopenharmony_cistatic void 7348c2ecf20Sopenharmony_ciidmap_release_pipe(struct inode *inode) 7358c2ecf20Sopenharmony_ci{ 7368c2ecf20Sopenharmony_ci struct rpc_inode *rpci = RPC_I(inode); 7378c2ecf20Sopenharmony_ci struct idmap *idmap = (struct idmap *)rpci->private; 7388c2ecf20Sopenharmony_ci struct idmap_legacy_upcalldata *data; 7398c2ecf20Sopenharmony_ci 7408c2ecf20Sopenharmony_ci data = xchg(&idmap->idmap_upcall_data, NULL); 7418c2ecf20Sopenharmony_ci if (data) 7428c2ecf20Sopenharmony_ci nfs_idmap_complete_pipe_upcall(data, -EPIPE); 7438c2ecf20Sopenharmony_ci} 7448c2ecf20Sopenharmony_ci 7458c2ecf20Sopenharmony_ciint nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid) 7468c2ecf20Sopenharmony_ci{ 7478c2ecf20Sopenharmony_ci struct idmap *idmap = server->nfs_client->cl_idmap; 7488c2ecf20Sopenharmony_ci __u32 id = -1; 7498c2ecf20Sopenharmony_ci int ret = 0; 7508c2ecf20Sopenharmony_ci 7518c2ecf20Sopenharmony_ci if (!nfs_map_string_to_numeric(name, namelen, &id)) 7528c2ecf20Sopenharmony_ci ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap); 7538c2ecf20Sopenharmony_ci if (ret == 0) { 7548c2ecf20Sopenharmony_ci *uid = make_kuid(idmap_userns(idmap), id); 7558c2ecf20Sopenharmony_ci if (!uid_valid(*uid)) 7568c2ecf20Sopenharmony_ci ret = -ERANGE; 7578c2ecf20Sopenharmony_ci } 7588c2ecf20Sopenharmony_ci trace_nfs4_map_name_to_uid(name, namelen, id, ret); 7598c2ecf20Sopenharmony_ci return ret; 7608c2ecf20Sopenharmony_ci} 7618c2ecf20Sopenharmony_ci 7628c2ecf20Sopenharmony_ciint nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, kgid_t *gid) 7638c2ecf20Sopenharmony_ci{ 7648c2ecf20Sopenharmony_ci struct idmap *idmap = server->nfs_client->cl_idmap; 7658c2ecf20Sopenharmony_ci __u32 id = -1; 7668c2ecf20Sopenharmony_ci int ret = 0; 7678c2ecf20Sopenharmony_ci 7688c2ecf20Sopenharmony_ci if (!nfs_map_string_to_numeric(name, namelen, &id)) 7698c2ecf20Sopenharmony_ci ret = nfs_idmap_lookup_id(name, namelen, "gid", &id, idmap); 7708c2ecf20Sopenharmony_ci if (ret == 0) { 7718c2ecf20Sopenharmony_ci *gid = make_kgid(idmap_userns(idmap), id); 7728c2ecf20Sopenharmony_ci if (!gid_valid(*gid)) 7738c2ecf20Sopenharmony_ci ret = -ERANGE; 7748c2ecf20Sopenharmony_ci } 7758c2ecf20Sopenharmony_ci trace_nfs4_map_group_to_gid(name, namelen, id, ret); 7768c2ecf20Sopenharmony_ci return ret; 7778c2ecf20Sopenharmony_ci} 7788c2ecf20Sopenharmony_ci 7798c2ecf20Sopenharmony_ciint nfs_map_uid_to_name(const struct nfs_server *server, kuid_t uid, char *buf, size_t buflen) 7808c2ecf20Sopenharmony_ci{ 7818c2ecf20Sopenharmony_ci struct idmap *idmap = server->nfs_client->cl_idmap; 7828c2ecf20Sopenharmony_ci int ret = -EINVAL; 7838c2ecf20Sopenharmony_ci __u32 id; 7848c2ecf20Sopenharmony_ci 7858c2ecf20Sopenharmony_ci id = from_kuid_munged(idmap_userns(idmap), uid); 7868c2ecf20Sopenharmony_ci if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) 7878c2ecf20Sopenharmony_ci ret = nfs_idmap_lookup_name(id, "user", buf, buflen, idmap); 7888c2ecf20Sopenharmony_ci if (ret < 0) 7898c2ecf20Sopenharmony_ci ret = nfs_map_numeric_to_string(id, buf, buflen); 7908c2ecf20Sopenharmony_ci trace_nfs4_map_uid_to_name(buf, ret, id, ret); 7918c2ecf20Sopenharmony_ci return ret; 7928c2ecf20Sopenharmony_ci} 7938c2ecf20Sopenharmony_ciint nfs_map_gid_to_group(const struct nfs_server *server, kgid_t gid, char *buf, size_t buflen) 7948c2ecf20Sopenharmony_ci{ 7958c2ecf20Sopenharmony_ci struct idmap *idmap = server->nfs_client->cl_idmap; 7968c2ecf20Sopenharmony_ci int ret = -EINVAL; 7978c2ecf20Sopenharmony_ci __u32 id; 7988c2ecf20Sopenharmony_ci 7998c2ecf20Sopenharmony_ci id = from_kgid_munged(idmap_userns(idmap), gid); 8008c2ecf20Sopenharmony_ci if (!(server->caps & NFS_CAP_UIDGID_NOMAP)) 8018c2ecf20Sopenharmony_ci ret = nfs_idmap_lookup_name(id, "group", buf, buflen, idmap); 8028c2ecf20Sopenharmony_ci if (ret < 0) 8038c2ecf20Sopenharmony_ci ret = nfs_map_numeric_to_string(id, buf, buflen); 8048c2ecf20Sopenharmony_ci trace_nfs4_map_gid_to_group(buf, ret, id, ret); 8058c2ecf20Sopenharmony_ci return ret; 8068c2ecf20Sopenharmony_ci} 807