fs/nfs/nfs4idmap.c

0001 /*
0002  * fs/nfs/idmap.c
0003  *
0004  *  UID and GID to name mapping for clients.
0005  *
0006  *  Copyright (c) 2002 The Regents of the University of Michigan.
0007  *  All rights reserved.
0008  *
0009  *  Marius Aamodt Eriksen <marius@umich.edu>
0010  *
0011  *  Redistribution and use in source and binary forms, with or without
0012  *  modification, are permitted provided that the following conditions
0013  *  are met:
0014  *
0015  *  1. Redistributions of source code must retain the above copyright
0016  *     notice, this list of conditions and the following disclaimer.
0017  *  2. Redistributions in binary form must reproduce the above copyright
0018  *     notice, this list of conditions and the following disclaimer in the
0019  *     documentation and/or other materials provided with the distribution.
0020  *  3. Neither the name of the University nor the names of its
0021  *     contributors may be used to endorse or promote products derived
0022  *     from this software without specific prior written permission.
0023  *
0024  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
0025  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
0026  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
0027  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
0028  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
0029  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
0030  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
0031  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
0032  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
0033  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
0034  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0035  */
0036 #include <linux/types.h>
0037 #include <linux/parser.h>
0038 #include <linux/fs.h>
0039 #include <net/net_namespace.h>
0040 #include <linux/sunrpc/rpc_pipe_fs.h>
0041 #include <linux/nfs_fs.h>
0042 #include <linux/nfs_fs_sb.h>
0043 #include <linux/key.h>
0044 #include <linux/keyctl.h>
0045 #include <linux/key-type.h>
0046 #include <keys/user-type.h>
0047 #include <keys/request_key_auth-type.h>
0048 #include <linux/module.h>
0049 #include <linux/user_namespace.h>
0050
0051 #include "internal.h"
0052 #include "netns.h"
0053 #include "nfs4idmap.h"
0054 #include "nfs4trace.h"
0055
0056 #define NFS_UINT_MAXLEN 11
0057
0058 static const struct cred *id_resolver_cache;
0059 static struct key_type key_type_id_resolver_legacy;
0060
0061 struct idmap_legacy_upcalldata {
0062     struct rpc_pipe_msg pipe_msg;
0063     struct idmap_msg idmap_msg;
0064     struct key  *authkey;
0065     struct idmap *idmap;
0066 };
0067
0068 struct idmap {
0069     struct rpc_pipe_dir_object idmap_pdo;
0070     struct rpc_pipe     *idmap_pipe;
0071     struct idmap_legacy_upcalldata *idmap_upcall_data;
0072     struct mutex        idmap_mutex;
0073     struct user_namespace   *user_ns;
0074 };
0075
0076 static struct user_namespace *idmap_userns(const struct idmap *idmap)
0077 {
0078     if (idmap && idmap->user_ns)
0079         return idmap->user_ns;
0080     return &init_user_ns;
0081 }
0082
0083 /**
0084  * nfs_fattr_init_names - initialise the nfs_fattr owner_name/group_name fields
0085  * @fattr: fully initialised struct nfs_fattr
0086  * @owner_name: owner name string cache
0087  * @group_name: group name string cache
0088  */
0089 void nfs_fattr_init_names(struct nfs_fattr *fattr,
0090         struct nfs4_string *owner_name,
0091         struct nfs4_string *group_name)
0092 {
0093     fattr->owner_name = owner_name;
0094     fattr->group_name = group_name;
0095 }
0096
0097 static void nfs_fattr_free_owner_name(struct nfs_fattr *fattr)
0098 {
0099     fattr->valid &= ~NFS_ATTR_FATTR_OWNER_NAME;
0100     kfree(fattr->owner_name->data);
0101 }
0102
0103 static void nfs_fattr_free_group_name(struct nfs_fattr *fattr)
0104 {
0105     fattr->valid &= ~NFS_ATTR_FATTR_GROUP_NAME;
0106     kfree(fattr->group_name->data);
0107 }
0108
0109 static bool nfs_fattr_map_owner_name(struct nfs_server *server, struct nfs_fattr *fattr)
0110 {
0111     struct nfs4_string *owner = fattr->owner_name;
0112     kuid_t uid;
0113
0114     if (!(fattr->valid & NFS_ATTR_FATTR_OWNER_NAME))
0115         return false;
0116     if (nfs_map_name_to_uid(server, owner->data, owner->len, &uid) == 0) {
0117         fattr->uid = uid;
0118         fattr->valid |= NFS_ATTR_FATTR_OWNER;
0119     }
0120     return true;
0121 }
0122
0123 static bool nfs_fattr_map_group_name(struct nfs_server *server, struct nfs_fattr *fattr)
0124 {
0125     struct nfs4_string *group = fattr->group_name;
0126     kgid_t gid;
0127
0128     if (!(fattr->valid & NFS_ATTR_FATTR_GROUP_NAME))
0129         return false;
0130     if (nfs_map_group_to_gid(server, group->data, group->len, &gid) == 0) {
0131         fattr->gid = gid;
0132         fattr->valid |= NFS_ATTR_FATTR_GROUP;
0133     }
0134     return true;
0135 }
0136
0137 /**
0138  * nfs_fattr_free_names - free up the NFSv4 owner and group strings
0139  * @fattr: a fully initialised nfs_fattr structure
0140  */
0141 void nfs_fattr_free_names(struct nfs_fattr *fattr)
0142 {
0143     if (fattr->valid & NFS_ATTR_FATTR_OWNER_NAME)
0144         nfs_fattr_free_owner_name(fattr);
0145     if (fattr->valid & NFS_ATTR_FATTR_GROUP_NAME)
0146         nfs_fattr_free_group_name(fattr);
0147 }
0148
0149 /**
0150  * nfs_fattr_map_and_free_names - map owner/group strings into uid/gid and free
0151  * @server: pointer to the filesystem nfs_server structure
0152  * @fattr: a fully initialised nfs_fattr structure
0153  *
0154  * This helper maps the cached NFSv4 owner/group strings in fattr into
0155  * their numeric uid/gid equivalents, and then frees the cached strings.
0156  */
0157 void nfs_fattr_map_and_free_names(struct nfs_server *server, struct nfs_fattr *fattr)
0158 {
0159     if (nfs_fattr_map_owner_name(server, fattr))
0160         nfs_fattr_free_owner_name(fattr);
0161     if (nfs_fattr_map_group_name(server, fattr))
0162         nfs_fattr_free_group_name(fattr);
0163 }
0164
0165 int nfs_map_string_to_numeric(const char *name, size_t namelen, __u32 *res)
0166 {
0167     unsigned long val;
0168     char buf[16];
0169
0170     if (memchr(name, '@', namelen) != NULL || namelen >= sizeof(buf))
0171         return 0;
0172     memcpy(buf, name, namelen);
0173     buf[namelen] = '\0';
0174     if (kstrtoul(buf, 0, &val) != 0)
0175         return 0;
0176     *res = val;
0177     return 1;
0178 }
0179 EXPORT_SYMBOL_GPL(nfs_map_string_to_numeric);
0180
0181 static int nfs_map_numeric_to_string(__u32 id, char *buf, size_t buflen)
0182 {
0183     return snprintf(buf, buflen, "%u", id);
0184 }
0185
0186 static struct key_type key_type_id_resolver = {
0187     .name       = "id_resolver",
0188     .preparse   = user_preparse,
0189     .free_preparse  = user_free_preparse,
0190     .instantiate    = generic_key_instantiate,
0191     .revoke     = user_revoke,
0192     .destroy    = user_destroy,
0193     .describe   = user_describe,
0194     .read       = user_read,
0195 };
0196
0197 int nfs_idmap_init(void)
0198 {
0199     struct cred *cred;
0200     struct key *keyring;
0201     int ret = 0;
0202
0203     printk(KERN_NOTICE "NFS: Registering the %s key type\n",
0204         key_type_id_resolver.name);
0205
0206     cred = prepare_kernel_cred(NULL);
0207     if (!cred)
0208         return -ENOMEM;
0209
0210     keyring = keyring_alloc(".id_resolver",
0211                 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
0212                 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
0213                 KEY_USR_VIEW | KEY_USR_READ,
0214                 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
0215     if (IS_ERR(keyring)) {
0216         ret = PTR_ERR(keyring);
0217         goto failed_put_cred;
0218     }
0219
0220     ret = register_key_type(&key_type_id_resolver);
0221     if (ret < 0)
0222         goto failed_put_key;
0223
0224     ret = register_key_type(&key_type_id_resolver_legacy);
0225     if (ret < 0)
0226         goto failed_reg_legacy;
0227
0228     set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
0229     cred->thread_keyring = keyring;
0230     cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
0231     id_resolver_cache = cred;
0232     return 0;
0233
0234 failed_reg_legacy:
0235     unregister_key_type(&key_type_id_resolver);
0236 failed_put_key:
0237     key_put(keyring);
0238 failed_put_cred:
0239     put_cred(cred);
0240     return ret;
0241 }
0242
0243 void nfs_idmap_quit(void)
0244 {
0245     key_revoke(id_resolver_cache->thread_keyring);
0246     unregister_key_type(&key_type_id_resolver);
0247     unregister_key_type(&key_type_id_resolver_legacy);
0248     put_cred(id_resolver_cache);
0249 }
0250
0251 /*
0252  * Assemble the description to pass to request_key()
0253  * This function will allocate a new string and update dest to point
0254  * at it.  The caller is responsible for freeing dest.
0255  *
0256  * On error 0 is returned.  Otherwise, the length of dest is returned.
0257  */
0258 static ssize_t nfs_idmap_get_desc(const char *name, size_t namelen,
0259                 const char *type, size_t typelen, char **desc)
0260 {
0261     char *cp;
0262     size_t desclen = typelen + namelen + 2;
0263
0264     *desc = kmalloc(desclen, GFP_KERNEL);
0265     if (!*desc)
0266         return -ENOMEM;
0267
0268     cp = *desc;
0269     memcpy(cp, type, typelen);
0270     cp += typelen;
0271     *cp++ = ':';
0272
0273     memcpy(cp, name, namelen);
0274     cp += namelen;
0275     *cp = '\0';
0276     return desclen;
0277 }
0278
0279 static struct key *nfs_idmap_request_key(const char *name, size_t namelen,
0280                      const char *type, struct idmap *idmap)
0281 {
0282     char *desc;
0283     struct key *rkey = ERR_PTR(-EAGAIN);
0284     ssize_t ret;
0285
0286     ret = nfs_idmap_get_desc(name, namelen, type, strlen(type), &desc);
0287     if (ret < 0)
0288         return ERR_PTR(ret);
0289
0290     if (!idmap->user_ns || idmap->user_ns == &init_user_ns)
0291         rkey = request_key(&key_type_id_resolver, desc, "");
0292     if (IS_ERR(rkey)) {
0293         mutex_lock(&idmap->idmap_mutex);
0294         rkey = request_key_with_auxdata(&key_type_id_resolver_legacy,
0295                         desc, NULL, "", 0, idmap);
0296         mutex_unlock(&idmap->idmap_mutex);
0297     }
0298     if (!IS_ERR(rkey))
0299         set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
0300
0301     kfree(desc);
0302     return rkey;
0303 }
0304
0305 static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
0306                  const char *type, void *data,
0307                  size_t data_size, struct idmap *idmap)
0308 {
0309     const struct cred *saved_cred;
0310     struct key *rkey;
0311     const struct user_key_payload *payload;
0312     ssize_t ret;
0313
0314     saved_cred = override_creds(id_resolver_cache);
0315     rkey = nfs_idmap_request_key(name, namelen, type, idmap);
0316     revert_creds(saved_cred);
0317
0318     if (IS_ERR(rkey)) {
0319         ret = PTR_ERR(rkey);
0320         goto out;
0321     }
0322
0323     rcu_read_lock();
0324     rkey->perm |= KEY_USR_VIEW;
0325
0326     ret = key_validate(rkey);
0327     if (ret < 0)
0328         goto out_up;
0329
0330     payload = user_key_payload_rcu(rkey);
0331     if (IS_ERR_OR_NULL(payload)) {
0332         ret = PTR_ERR(payload);
0333         goto out_up;
0334     }
0335
0336     ret = payload->datalen;
0337     if (ret > 0 && ret <= data_size)
0338         memcpy(data, payload->data, ret);
0339     else
0340         ret = -EINVAL;
0341
0342 out_up:
0343     rcu_read_unlock();
0344     key_put(rkey);
0345 out:
0346     return ret;
0347 }
0348
0349 /* ID -> Name */
0350 static ssize_t nfs_idmap_lookup_name(__u32 id, const char *type, char *buf,
0351                      size_t buflen, struct idmap *idmap)
0352 {
0353     char id_str[NFS_UINT_MAXLEN];
0354     int id_len;
0355     ssize_t ret;
0356
0357     id_len = nfs_map_numeric_to_string(id, id_str, sizeof(id_str));
0358     ret = nfs_idmap_get_key(id_str, id_len, type, buf, buflen, idmap);
0359     if (ret < 0)
0360         return -EINVAL;
0361     return ret;
0362 }
0363
0364 /* Name -> ID */
0365 static int nfs_idmap_lookup_id(const char *name, size_t namelen, const char *type,
0366                    __u32 *id, struct idmap *idmap)
0367 {
0368     char id_str[NFS_UINT_MAXLEN];
0369     long id_long;
0370     ssize_t data_size;
0371     int ret = 0;
0372
0373     data_size = nfs_idmap_get_key(name, namelen, type, id_str, NFS_UINT_MAXLEN, idmap);
0374     if (data_size <= 0) {
0375         ret = -EINVAL;
0376     } else {
0377         ret = kstrtol(id_str, 10, &id_long);
0378         if (!ret)
0379             *id = (__u32)id_long;
0380     }
0381     return ret;
0382 }
0383
0384 /* idmap classic begins here */
0385
0386 enum {
0387     Opt_find_uid, Opt_find_gid, Opt_find_user, Opt_find_group, Opt_find_err
0388 };
0389
0390 static const match_table_t nfs_idmap_tokens = {
0391     { Opt_find_uid, "uid:%s" },
0392     { Opt_find_gid, "gid:%s" },
0393     { Opt_find_user, "user:%s" },
0394     { Opt_find_group, "group:%s" },
0395     { Opt_find_err, NULL }
0396 };
0397
0398 static int nfs_idmap_legacy_upcall(struct key *, void *);
0399 static ssize_t idmap_pipe_downcall(struct file *, const char __user *,
0400                    size_t);
0401 static void idmap_release_pipe(struct inode *);
0402 static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
0403
0404 static const struct rpc_pipe_ops idmap_upcall_ops = {
0405     .upcall     = rpc_pipe_generic_upcall,
0406     .downcall   = idmap_pipe_downcall,
0407     .release_pipe   = idmap_release_pipe,
0408     .destroy_msg    = idmap_pipe_destroy_msg,
0409 };
0410
0411 static struct key_type key_type_id_resolver_legacy = {
0412     .name       = "id_legacy",
0413     .preparse   = user_preparse,
0414     .free_preparse  = user_free_preparse,
0415     .instantiate    = generic_key_instantiate,
0416     .revoke     = user_revoke,
0417     .destroy    = user_destroy,
0418     .describe   = user_describe,
0419     .read       = user_read,
0420     .request_key    = nfs_idmap_legacy_upcall,
0421 };
0422
0423 static void nfs_idmap_pipe_destroy(struct dentry *dir,
0424         struct rpc_pipe_dir_object *pdo)
0425 {
0426     struct idmap *idmap = pdo->pdo_data;
0427     struct rpc_pipe *pipe = idmap->idmap_pipe;
0428
0429     if (pipe->dentry) {
0430         rpc_unlink(pipe->dentry);
0431         pipe->dentry = NULL;
0432     }
0433 }
0434
0435 static int nfs_idmap_pipe_create(struct dentry *dir,
0436         struct rpc_pipe_dir_object *pdo)
0437 {
0438     struct idmap *idmap = pdo->pdo_data;
0439     struct rpc_pipe *pipe = idmap->idmap_pipe;
0440     struct dentry *dentry;
0441
0442     dentry = rpc_mkpipe_dentry(dir, "idmap", idmap, pipe);
0443     if (IS_ERR(dentry))
0444         return PTR_ERR(dentry);
0445     pipe->dentry = dentry;
0446     return 0;
0447 }
0448
0449 static const struct rpc_pipe_dir_object_ops nfs_idmap_pipe_dir_object_ops = {
0450     .create = nfs_idmap_pipe_create,
0451     .destroy = nfs_idmap_pipe_destroy,
0452 };
0453
0454 int
0455 nfs_idmap_new(struct nfs_client *clp)
0456 {
0457     struct idmap *idmap;
0458     struct rpc_pipe *pipe;
0459     int error;
0460
0461     idmap = kzalloc(sizeof(*idmap), GFP_KERNEL);
0462     if (idmap == NULL)
0463         return -ENOMEM;
0464
0465     mutex_init(&idmap->idmap_mutex);
0466     idmap->user_ns = get_user_ns(clp->cl_rpcclient->cl_cred->user_ns);
0467
0468     rpc_init_pipe_dir_object(&idmap->idmap_pdo,
0469             &nfs_idmap_pipe_dir_object_ops,
0470             idmap);
0471
0472     pipe = rpc_mkpipe_data(&idmap_upcall_ops, 0);
0473     if (IS_ERR(pipe)) {
0474         error = PTR_ERR(pipe);
0475         goto err;
0476     }
0477     idmap->idmap_pipe = pipe;
0478
0479     error = rpc_add_pipe_dir_object(clp->cl_net,
0480             &clp->cl_rpcclient->cl_pipedir_objects,
0481             &idmap->idmap_pdo);
0482     if (error)
0483         goto err_destroy_pipe;
0484
0485     clp->cl_idmap = idmap;
0486     return 0;
0487 err_destroy_pipe:
0488     rpc_destroy_pipe_data(idmap->idmap_pipe);
0489 err:
0490     put_user_ns(idmap->user_ns);
0491     kfree(idmap);
0492     return error;
0493 }
0494
0495 void
0496 nfs_idmap_delete(struct nfs_client *clp)
0497 {
0498     struct idmap *idmap = clp->cl_idmap;
0499
0500     if (!idmap)
0501         return;
0502     clp->cl_idmap = NULL;
0503     rpc_remove_pipe_dir_object(clp->cl_net,
0504             &clp->cl_rpcclient->cl_pipedir_objects,
0505             &idmap->idmap_pdo);
0506     rpc_destroy_pipe_data(idmap->idmap_pipe);
0507     put_user_ns(idmap->user_ns);
0508     kfree(idmap);
0509 }
0510
0511 static int nfs_idmap_prepare_message(char *desc, struct idmap *idmap,
0512                      struct idmap_msg *im,
0513                      struct rpc_pipe_msg *msg)
0514 {
0515     substring_t substr;
0516     int token, ret;
0517
0518     im->im_type = IDMAP_TYPE_GROUP;
0519     token = match_token(desc, nfs_idmap_tokens, &substr);
0520
0521     switch (token) {
0522     case Opt_find_uid:
0523         im->im_type = IDMAP_TYPE_USER;
0524         fallthrough;
0525     case Opt_find_gid:
0526         im->im_conv = IDMAP_CONV_NAMETOID;
0527         ret = match_strlcpy(im->im_name, &substr, IDMAP_NAMESZ);
0528         break;
0529
0530     case Opt_find_user:
0531         im->im_type = IDMAP_TYPE_USER;
0532         fallthrough;
0533     case Opt_find_group:
0534         im->im_conv = IDMAP_CONV_IDTONAME;
0535         ret = match_int(&substr, &im->im_id);
0536         if (ret)
0537             goto out;
0538         break;
0539
0540     default:
0541         ret = -EINVAL;
0542         goto out;
0543     }
0544
0545     msg->data = im;
0546     msg->len  = sizeof(struct idmap_msg);
0547
0548 out:
0549     return ret;
0550 }
0551
0552 static bool
0553 nfs_idmap_prepare_pipe_upcall(struct idmap *idmap,
0554         struct idmap_legacy_upcalldata *data)
0555 {
0556     if (idmap->idmap_upcall_data != NULL) {
0557         WARN_ON_ONCE(1);
0558         return false;
0559     }
0560     idmap->idmap_upcall_data = data;
0561     return true;
0562 }
0563
0564 static void nfs_idmap_complete_pipe_upcall(struct idmap_legacy_upcalldata *data,
0565                        int ret)
0566 {
0567     complete_request_key(data->authkey, ret);
0568     key_put(data->authkey);
0569     kfree(data);
0570 }
0571
0572 static void nfs_idmap_abort_pipe_upcall(struct idmap *idmap,
0573                     struct idmap_legacy_upcalldata *data,
0574                     int ret)
0575 {
0576     if (cmpxchg(&idmap->idmap_upcall_data, data, NULL) == data)
0577         nfs_idmap_complete_pipe_upcall(data, ret);
0578 }
0579
0580 static int nfs_idmap_legacy_upcall(struct key *authkey, void *aux)
0581 {
0582     struct idmap_legacy_upcalldata *data;
0583     struct request_key_auth *rka = get_request_key_auth(authkey);
0584     struct rpc_pipe_msg *msg;
0585     struct idmap_msg *im;
0586     struct idmap *idmap = (struct idmap *)aux;
0587     struct key *key = rka->target_key;
0588     int ret = -ENOKEY;
0589
0590     if (!aux)
0591         goto out1;
0592
0593     /* msg and im are freed in idmap_pipe_destroy_msg */
0594     ret = -ENOMEM;
0595     data = kzalloc(sizeof(*data), GFP_KERNEL);
0596     if (!data)
0597         goto out1;
0598
0599     msg = &data->pipe_msg;
0600     im = &data->idmap_msg;
0601     data->idmap = idmap;
0602     data->authkey = key_get(authkey);
0603
0604     ret = nfs_idmap_prepare_message(key->description, idmap, im, msg);
0605     if (ret < 0)
0606         goto out2;
0607
0608     ret = -EAGAIN;
0609     if (!nfs_idmap_prepare_pipe_upcall(idmap, data))
0610         goto out2;
0611
0612     ret = rpc_queue_upcall(idmap->idmap_pipe, msg);
0613     if (ret < 0)
0614         nfs_idmap_abort_pipe_upcall(idmap, data, ret);
0615
0616     return ret;
0617 out2:
0618     kfree(data);
0619 out1:
0620     complete_request_key(authkey, ret);
0621     return ret;
0622 }
0623
0624 static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen)
0625 {
0626     return key_instantiate_and_link(key, data, datalen,
0627                     id_resolver_cache->thread_keyring,
0628                     authkey);
0629 }
0630
0631 static int nfs_idmap_read_and_verify_message(struct idmap_msg *im,
0632         struct idmap_msg *upcall,
0633         struct key *key, struct key *authkey)
0634 {
0635     char id_str[NFS_UINT_MAXLEN];
0636     size_t len;
0637     int ret = -ENOKEY;
0638
0639     /* ret = -ENOKEY */
0640     if (upcall->im_type != im->im_type || upcall->im_conv != im->im_conv)
0641         goto out;
0642     switch (im->im_conv) {
0643     case IDMAP_CONV_NAMETOID:
0644         if (strcmp(upcall->im_name, im->im_name) != 0)
0645             break;
0646         /* Note: here we store the NUL terminator too */
0647         len = 1 + nfs_map_numeric_to_string(im->im_id, id_str,
0648                             sizeof(id_str));
0649         ret = nfs_idmap_instantiate(key, authkey, id_str, len);
0650         break;
0651     case IDMAP_CONV_IDTONAME:
0652         if (upcall->im_id != im->im_id)
0653             break;
0654         len = strlen(im->im_name);
0655         ret = nfs_idmap_instantiate(key, authkey, im->im_name, len);
0656         break;
0657     default:
0658         ret = -EINVAL;
0659     }
0660 out:
0661     return ret;
0662 }
0663
0664 static ssize_t
0665 idmap_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
0666 {
0667     struct request_key_auth *rka;
0668     struct rpc_inode *rpci = RPC_I(file_inode(filp));
0669     struct idmap *idmap = (struct idmap *)rpci->private;
0670     struct idmap_legacy_upcalldata *data;
0671     struct key *authkey;
0672     struct idmap_msg im;
0673     size_t namelen_in;
0674     int ret = -ENOKEY;
0675
0676     /* If instantiation is successful, anyone waiting for key construction
0677      * will have been woken up and someone else may now have used
0678      * idmap_key_cons - so after this point we may no longer touch it.
0679      */
0680     data = xchg(&idmap->idmap_upcall_data, NULL);
0681     if (data == NULL)
0682         goto out_noupcall;
0683
0684     authkey = data->authkey;
0685     rka = get_request_key_auth(authkey);
0686
0687     if (mlen != sizeof(im)) {
0688         ret = -ENOSPC;
0689         goto out;
0690     }
0691
0692     if (copy_from_user(&im, src, mlen) != 0) {
0693         ret = -EFAULT;
0694         goto out;
0695     }
0696
0697     if (!(im.im_status & IDMAP_STATUS_SUCCESS)) {
0698         ret = -ENOKEY;
0699         goto out;
0700     }
0701
0702     namelen_in = strnlen(im.im_name, IDMAP_NAMESZ);
0703     if (namelen_in == 0 || namelen_in == IDMAP_NAMESZ) {
0704         ret = -EINVAL;
0705         goto out;
0706     }
0707
0708     ret = nfs_idmap_read_and_verify_message(&im, &data->idmap_msg,
0709                         rka->target_key, authkey);
0710     if (ret >= 0) {
0711         key_set_timeout(rka->target_key, nfs_idmap_cache_timeout);
0712         ret = mlen;
0713     }
0714
0715 out:
0716     nfs_idmap_complete_pipe_upcall(data, ret);
0717 out_noupcall:
0718     return ret;
0719 }
0720
0721 static void
0722 idmap_pipe_destroy_msg(struct rpc_pipe_msg *msg)
0723 {
0724     struct idmap_legacy_upcalldata *data = container_of(msg,
0725             struct idmap_legacy_upcalldata,
0726             pipe_msg);
0727     struct idmap *idmap = data->idmap;
0728
0729     if (msg->errno)
0730         nfs_idmap_abort_pipe_upcall(idmap, data, msg->errno);
0731 }
0732
0733 static void
0734 idmap_release_pipe(struct inode *inode)
0735 {
0736     struct rpc_inode *rpci = RPC_I(inode);
0737     struct idmap *idmap = (struct idmap *)rpci->private;
0738     struct idmap_legacy_upcalldata *data;
0739
0740     data = xchg(&idmap->idmap_upcall_data, NULL);
0741     if (data)
0742         nfs_idmap_complete_pipe_upcall(data, -EPIPE);
0743 }
0744
0745 int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid)
0746 {
0747     struct idmap *idmap = server->nfs_client->cl_idmap;
0748     __u32 id = -1;
0749     int ret = 0;
0750
0751     if (!nfs_map_string_to_numeric(name, namelen, &id))
0752         ret = nfs_idmap_lookup_id(name, namelen, "uid", &id, idmap);
0753     if (ret == 0) {
0754         *uid = make_kuid(idmap_userns(idmap), id);
0755         if (!uid_valid(*uid))
0756             ret = -ERANGE;
0757     }
0758     trace_nfs4_map_name_to_uid(name, namelen, id, ret);
0759     return ret;
0760 }
0761
0762 int nfs_map_group_to_gid(const struct nfs_server *server, const char *name, size_t namelen, kgid_t *gid)
0763 {
0764     struct idmap *idmap = server->nfs_client->cl_idmap;
0765     __u32 id = -1;
0766     int ret = 0;
0767
0768     if (!nfs_map_string_to_numeric(name, namelen, &id))
0769         ret = nfs_idmap_lookup_id(name, namelen, "gid", &id, idmap);
0770     if (ret == 0) {
0771         *gid = make_kgid(idmap_userns(idmap), id);
0772         if (!gid_valid(*gid))
0773             ret = -ERANGE;
0774     }
0775     trace_nfs4_map_group_to_gid(name, namelen, id, ret);
0776     return ret;
0777 }
0778
0779 int nfs_map_uid_to_name(const struct nfs_server *server, kuid_t uid, char *buf, size_t buflen)
0780 {
0781     struct idmap *idmap = server->nfs_client->cl_idmap;
0782     int ret = -EINVAL;
0783     __u32 id;
0784
0785     id = from_kuid_munged(idmap_userns(idmap), uid);
0786     if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
0787         ret = nfs_idmap_lookup_name(id, "user", buf, buflen, idmap);
0788     if (ret < 0)
0789         ret = nfs_map_numeric_to_string(id, buf, buflen);
0790     trace_nfs4_map_uid_to_name(buf, ret, id, ret);
0791     return ret;
0792 }
0793 int nfs_map_gid_to_group(const struct nfs_server *server, kgid_t gid, char *buf, size_t buflen)
0794 {
0795     struct idmap *idmap = server->nfs_client->cl_idmap;
0796     int ret = -EINVAL;
0797     __u32 id;
0798
0799     id = from_kgid_munged(idmap_userns(idmap), gid);
0800     if (!(server->caps & NFS_CAP_UIDGID_NOMAP))
0801         ret = nfs_idmap_lookup_name(id, "group", buf, buflen, idmap);
0802     if (ret < 0)
0803         ret = nfs_map_numeric_to_string(id, buf, buflen);
0804     trace_nfs4_map_gid_to_group(buf, ret, id, ret);
0805     return ret;
0806 }