projects / dragonfly.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
kernel - Add many sysctl definitions, sysv, vfs, nfs, etc.
[dragonfly.git] / sys / vfs / nfs / nfs_syscalls.c
... / ...
CommitLineData
1/*
2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by the University of
19 * California, Berkeley and its contributors.
20 * 4. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95
37 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $
38 * $DragonFly: src/sys/vfs/nfs/nfs_syscalls.c,v 1.31 2008/01/05 14:02:41 swildner Exp $
39 */
40
41#include <sys/param.h>
42#include <sys/systm.h>
43#include <sys/sysproto.h>
44#include <sys/kernel.h>
45#include <sys/sysctl.h>
46#include <sys/file.h>
47#include <sys/filedesc.h>
48#include <sys/vnode.h>
49#include <sys/malloc.h>
50#include <sys/mount.h>
51#include <sys/proc.h>
52#include <sys/priv.h>
53#include <sys/buf.h>
54#include <sys/mbuf.h>
55#include <sys/resourcevar.h>
56#include <sys/socket.h>
57#include <sys/socketvar.h>
58#include <sys/domain.h>
59#include <sys/protosw.h>
60#include <sys/nlookup.h>
61#include <vm/vm_zone.h>
62
63#include <sys/mutex2.h>
64#include <sys/thread2.h>
65
66#include <netinet/in.h>
67#include <netinet/tcp.h>
68#include "xdr_subs.h"
69#include "rpcv2.h"
70#include "nfsproto.h"
71#include "nfs.h"
72#include "nfsm_subs.h"
73#include "nfsrvcache.h"
74#include "nfsmount.h"
75#include "nfsnode.h"
76#include "nfsrtt.h"
77
78#include <sys/thread2.h>
79
80static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure");
81
82static int nuidhash_max = NFS_MAXUIDHASH;
83
84#ifndef NFS_NOSERVER
85static void nfsrv_zapsock (struct nfssvc_sock *slp);
86#endif
87
88#define TRUE 1
89#define FALSE 0
90
91SYSCTL_DECL(_vfs_nfs);
92
93#ifndef NFS_NOSERVER
94int nfsd_waiting = 0;
95static struct nfsdrt nfsdrt;
96static int nfs_numnfsd = 0;
97static void nfsd_rt (int sotype, struct nfsrv_descript *nd,
98 int cacherep);
99static int nfssvc_addsock (struct file *, struct sockaddr *,
100 struct thread *);
101static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *);
102
103static int nfs_privport = 0;
104SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport,
105 0, "Enable privileged source port checks");
106SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0,
107 "Enable NFS request procrastination");
108SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0,
109 "Enable NFSv3 request procrastination");
110int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO;
111SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0,
112 "Minimum NFS socket buffer size reservation");
113
114/*
115 * NFS server system calls
116 */
117
118#endif /* NFS_NOSERVER */
119/*
120 * nfssvc_args(int flag, caddr_t argp)
121 *
122 * Nfs server psuedo system call for the nfsd's
123 * Based on the flag value it either:
124 * - adds a socket to the selection list
125 * - remains in the kernel as an nfsd
126 * - remains in the kernel as an nfsiod
127 *
128 * MPALMOSTSAFE
129 */
130int
131sys_nfssvc(struct nfssvc_args *uap)
132{
133#ifndef NFS_NOSERVER
134 struct nlookupdata nd;
135 struct file *fp;
136 struct sockaddr *nam;
137 struct nfsd_args nfsdarg;
138 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs;
139 struct nfsd_cargs ncd;
140 struct nfsd *nfsd;
141 struct nfssvc_sock *slp;
142 struct nfsuid *nuidp;
143 struct nfsmount *nmp;
144 struct vnode *vp;
145#endif /* NFS_NOSERVER */
146 int error;
147 struct thread *td = curthread;
148
149 /*
150 * Must be super user
151 */
152 error = priv_check(td, PRIV_ROOT);
153 if (error)
154 return (error);
155
156 lwkt_gettoken(&nfs_token);
157
158 while (nfssvc_sockhead_flag & SLP_INIT) {
159 nfssvc_sockhead_flag |= SLP_WANTINIT;
160 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0);
161 }
162 if (uap->flag & NFSSVC_BIOD)
163 error = ENXIO; /* no longer need nfsiod's */
164#ifdef NFS_NOSERVER
165 else
166 error = ENXIO;
167#else /* !NFS_NOSERVER */
168 else if (uap->flag & NFSSVC_MNTD) {
169 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd));
170 if (error)
171 goto done;
172 vp = NULL;
173 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE,
174 NLC_FOLLOW);
175 if (error == 0)
176 error = nlookup(&nd);
177 if (error == 0)
178 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
179 nlookup_done(&nd);
180 if (error)
181 goto done;
182
183 if ((vp->v_flag & VROOT) == 0)
184 error = EINVAL;
185 nmp = VFSTONFS(vp->v_mount);
186 vput(vp);
187 if (error)
188 goto done;
189 if ((nmp->nm_state & NFSSTA_MNTD) &&
190 (uap->flag & NFSSVC_GOTAUTH) == 0) {
191 error = 0;
192 goto done;
193 }
194 nmp->nm_state |= NFSSTA_MNTD;
195 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag,
196 uap->argp, td);
197 } else if (uap->flag & NFSSVC_ADDSOCK) {
198 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg));
199 if (error)
200 goto done;
201 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp);
202 if (error)
203 goto done;
204 /*
205 * Get the client address for connected sockets.
206 */
207 if (nfsdarg.name == NULL || nfsdarg.namelen == 0)
208 nam = NULL;
209 else {
210 error = getsockaddr(&nam, nfsdarg.name,
211 nfsdarg.namelen);
212 if (error) {
213 fdrop(fp);
214 goto done;
215 }
216 }
217 error = nfssvc_addsock(fp, nam, td);
218 fdrop(fp);
219 } else {
220 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd));
221 if (error)
222 goto done;
223 if ((uap->flag & NFSSVC_AUTHIN) &&
224 ((nfsd = nsd->nsd_nfsd)) != NULL &&
225 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) {
226 slp = nfsd->nfsd_slp;
227
228 /*
229 * First check to see if another nfsd has already
230 * added this credential.
231 */
232 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first;
233 nuidp != 0; nuidp = nuidp->nu_hash.le_next) {
234 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid &&
235 (!nfsd->nfsd_nd->nd_nam2 ||
236 netaddr_match(NU_NETFAM(nuidp),
237 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2)))
238 break;
239 }
240 if (nuidp) {
241 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr);
242 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
243 } else {
244 /*
245 * Nope, so we will.
246 */
247 if (slp->ns_numuids < nuidhash_max) {
248 slp->ns_numuids++;
249 nuidp = (struct nfsuid *)
250 kmalloc(sizeof (struct nfsuid), M_NFSUID,
251 M_WAITOK);
252 } else
253 nuidp = NULL;
254 if ((slp->ns_flag & SLP_VALID) == 0) {
255 if (nuidp)
256 kfree((caddr_t)nuidp, M_NFSUID);
257 } else {
258 if (nuidp == NULL) {
259 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead);
260 LIST_REMOVE(nuidp, nu_hash);
261 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp,
262 nu_lru);
263 if (nuidp->nu_flag & NU_NAM)
264 FREE(nuidp->nu_nam, M_SONAME);
265 }
266 nuidp->nu_flag = 0;
267 nuidp->nu_cr = nsd->nsd_cr;
268 if (nuidp->nu_cr.cr_ngroups > NGROUPS)
269 nuidp->nu_cr.cr_ngroups = NGROUPS;
270 nuidp->nu_cr.cr_ref = 1;
271 nuidp->nu_timestamp = nsd->nsd_timestamp;
272 nuidp->nu_expire = time_second + nsd->nsd_ttl;
273 /*
274 * and save the session key in nu_key.
275 */
276 bcopy(nsd->nsd_key, nuidp->nu_key,
277 sizeof (nsd->nsd_key));
278 if (nfsd->nfsd_nd->nd_nam2) {
279 struct sockaddr_in *saddr;
280
281 saddr = (struct sockaddr_in *)
282 nfsd->nfsd_nd->nd_nam2;
283 switch (saddr->sin_family) {
284 case AF_INET:
285 nuidp->nu_flag |= NU_INETADDR;
286 nuidp->nu_inetaddr =
287 saddr->sin_addr.s_addr;
288 break;
289 case AF_ISO:
290 default:
291 nuidp->nu_flag |= NU_NAM;
292 nuidp->nu_nam =
293 dup_sockaddr(nfsd->nfsd_nd->nd_nam2);
294 break;
295 };
296 }
297 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp,
298 nu_lru);
299 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid),
300 nuidp, nu_hash);
301 nfsrv_setcred(&nuidp->nu_cr,
302 &nfsd->nfsd_nd->nd_cr);
303 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
304 }
305 }
306 }
307 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd))
308 nfsd->nfsd_flag |= NFSD_AUTHFAIL;
309 error = nfssvc_nfsd(nsd, uap->argp, td);
310 }
311#endif /* NFS_NOSERVER */
312 if (error == EINTR || error == ERESTART)
313 error = 0;
314done:
315 lwkt_reltoken(&nfs_token);
316 return (error);
317}
318
319#ifndef NFS_NOSERVER
320/*
321 * Adds a socket to the list for servicing by nfsds.
322 */
323static int
324nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td)
325{
326 int siz;
327 struct nfssvc_sock *slp;
328 struct socket *so;
329 int error;
330
331 so = (struct socket *)fp->f_data;
332#if 0
333 tslp = NULL;
334 /*
335 * Add it to the list, as required.
336 */
337 if (so->so_proto->pr_protocol == IPPROTO_UDP) {
338 tslp = nfs_udpsock;
339 if (tslp->ns_flag & SLP_VALID) {
340 if (mynam != NULL)
341 FREE(mynam, M_SONAME);
342 return (EPERM);
343 }
344 }
345#endif
346 /*
347 * Reserve buffer space in the socket. Note that due to bugs in
348 * Linux's delayed-ack code, serious performance degredation may
349 * occur with linux hosts if the minimum is used.
350 *
351 * NFS sockets are not limited to the standard sb_max or by
352 * resource limits.
353 */
354 if (so->so_type == SOCK_STREAM)
355 siz = NFS_MAXPACKET + sizeof (u_long);
356 else
357 siz = NFS_MAXPACKET;
358 if (siz < nfs_soreserve)
359 siz = nfs_soreserve;
360
361 error = soreserve(so, siz, siz, NULL);
362 if (error) {
363 if (mynam != NULL)
364 FREE(mynam, M_SONAME);
365 return (error);
366 }
367
368 /*
369 * Set protocol specific options { for now TCP only } and
370 * reserve some space. For datagram sockets, this can get called
371 * repeatedly for the same socket, but that isn't harmful.
372 */
373 if (so->so_type == SOCK_STREAM) {
374 struct sockopt sopt;
375 int val;
376
377 bzero(&sopt, sizeof sopt);
378 sopt.sopt_level = SOL_SOCKET;
379 sopt.sopt_name = SO_KEEPALIVE;
380 sopt.sopt_val = &val;
381 sopt.sopt_valsize = sizeof val;
382 val = 1;
383 sosetopt(so, &sopt);
384 }
385 if (so->so_proto->pr_domain->dom_family == AF_INET &&
386 so->so_proto->pr_protocol == IPPROTO_TCP) {
387 struct sockopt sopt;
388 int val;
389
390 bzero(&sopt, sizeof sopt);
391 sopt.sopt_level = IPPROTO_TCP;
392 sopt.sopt_name = TCP_NODELAY;
393 sopt.sopt_val = &val;
394 sopt.sopt_valsize = sizeof val;
395 val = 1;
396 sosetopt(so, &sopt);
397
398 bzero(&sopt, sizeof sopt);
399 sopt.sopt_level = IPPROTO_TCP;
400 sopt.sopt_name = TCP_FASTKEEP;
401 sopt.sopt_val = &val;
402 sopt.sopt_valsize = sizeof val;
403 val = 1;
404 sosetopt(so, &sopt);
405 }
406 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR);
407 so->so_rcv.ssb_timeo = 0;
408 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR);
409 so->so_snd.ssb_timeo = 0;
410
411 slp = kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
412 mtx_init(&slp->ns_solock);
413 STAILQ_INIT(&slp->ns_rec);
414 TAILQ_INIT(&slp->ns_uidlruhead);
415 lwkt_token_init(&slp->ns_token, 1, "nfssrv_token");
416
417 lwkt_gettoken(&nfs_token);
418 nfsrv_slpref(slp);
419 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain);
420 lwkt_gettoken(&slp->ns_token);
421
422 slp->ns_so = so;
423 slp->ns_nam = mynam;
424 fp->f_count++;
425 slp->ns_fp = fp;
426
427 so->so_upcallarg = (caddr_t)slp;
428 so->so_upcall = nfsrv_rcv_upcall;
429 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
430 slp->ns_flag = (SLP_VALID | SLP_NEEDQ);
431 nfsrv_wakenfsd(slp, 1);
432
433 lwkt_reltoken(&slp->ns_token);
434 lwkt_reltoken(&nfs_token);
435
436 return (0);
437}
438
439/*
440 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
441 * until it is killed by a signal.
442 */
443static int
444nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td)
445{
446 int siz;
447 struct nfssvc_sock *slp;
448 struct nfsd *nfsd = nsd->nsd_nfsd;
449 struct nfsrv_descript *nd = NULL;
450 struct mbuf *m, *mreq;
451 int error, cacherep, sotype, writes_todo;
452 int procrastinate;
453 u_quad_t cur_usec;
454
455#ifndef nolint
456 cacherep = RC_DOIT;
457 writes_todo = 0;
458#endif
459 lwkt_gettoken(&nfs_token);
460
461 if (nfsd == NULL) {
462 nsd->nsd_nfsd = nfsd = (struct nfsd *)
463 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO);
464 nfsd->nfsd_td = td;
465 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain);
466 nfs_numnfsd++;
467 }
468
469 /*
470 * Loop getting rpc requests until SIGKILL.
471 */
472 for (;;) {
473 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) {
474 while (nfsd->nfsd_slp == NULL &&
475 (nfsd_head_flag & NFSD_CHECKSLP) == 0) {
476 nfsd->nfsd_flag |= NFSD_WAITING;
477 nfsd_waiting++;
478 error = tsleep(nfsd, PCATCH, "nfsd", 0);
479 nfsd_waiting--;
480 if (error && nfsd->nfsd_slp == NULL)
481 goto done;
482 }
483 if (nfsd->nfsd_slp == NULL &&
484 (nfsd_head_flag & NFSD_CHECKSLP)) {
485 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) {
486 if ((slp->ns_flag & SLP_ACTION_MASK) ||
487 slp->ns_needq_upcall) {
488 nfsrv_slpref(slp);
489 nfsd->nfsd_slp = slp;
490 break;
491 }
492 }
493 if (slp == NULL)
494 nfsd_head_flag &= ~NFSD_CHECKSLP;
495 }
496 if ((slp = nfsd->nfsd_slp) == NULL)
497 continue;
498
499 lwkt_reltoken(&nfs_token);
500 lwkt_gettoken(&slp->ns_token);
501
502 if (slp->ns_needq_upcall) {
503 slp->ns_needq_upcall = 0;
504 slp->ns_flag |= SLP_NEEDQ;
505 }
506
507 if (slp->ns_flag & SLP_VALID) {
508 /*
509 * We can both process additional received
510 * data into new records and process existing
511 * records. This keeps the pipeline hot by
512 * allowing the tcp socket to continue to
513 * drain while we are processing records.
514 */
515 if (slp->ns_flag & SLP_DISCONN) {
516 nfsrv_zapsock(slp);
517 } else if (slp->ns_flag & SLP_NEEDQ) {
518 (void)nfs_slplock(slp, 1);
519 nfsrv_rcv(slp->ns_so, (caddr_t)slp,
520 MB_WAIT);
521 nfs_slpunlock(slp);
522 }
523 error = nfsrv_dorec(slp, nfsd, &nd);
524 cur_usec = nfs_curusec();
525 if (error && slp->ns_tq.lh_first &&
526 slp->ns_tq.lh_first->nd_time <= cur_usec) {
527 error = 0;
528 cacherep = RC_DOIT;
529 writes_todo = 1;
530 } else {
531 writes_todo = 0;
532 }
533 nfsd->nfsd_flag |= NFSD_REQINPROG;
534 } else {
535 slp->ns_flag &= ~SLP_ACTION_MASK;
536 error = 0;
537 }
538 } else {
539 error = 0;
540 slp = nfsd->nfsd_slp;
541
542 lwkt_reltoken(&nfs_token);
543 lwkt_gettoken(&slp->ns_token);
544
545 if (slp->ns_needq_upcall) {
546 slp->ns_needq_upcall = 0;
547 slp->ns_flag |= SLP_NEEDQ;
548 }
549 if (NFSRV_RECLIMIT(slp) == 0 &&
550 (slp->ns_flag & SLP_NEEDQ)) {
551 (void)nfs_slplock(slp, 1);
552 nfsrv_rcv(slp->ns_so, (caddr_t)slp,
553 MB_WAIT);
554 nfs_slpunlock(slp);
555 }
556 }
557
558 /*
559 * nfs_token not held here. slp token is held.
560 */
561 if (error || (slp->ns_flag & SLP_VALID) == 0) {
562 if (nd) {
563 kfree((caddr_t)nd, M_NFSRVDESC);
564 nd = NULL;
565 }
566 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
567 if (slp->ns_flag & SLP_ACTION_MASK) {
568 lwkt_reltoken(&slp->ns_token);
569 lwkt_gettoken(&nfs_token);
570 } else {
571 nfsd->nfsd_slp = NULL;
572 lwkt_reltoken(&slp->ns_token);
573 lwkt_gettoken(&nfs_token);
574 nfsrv_slpderef(slp);
575 }
576 continue;
577 }
578
579 /*
580 * Execute the NFS request - handle the server side cache
581 *
582 * nfs_token not held here. slp token is held.
583 */
584 sotype = slp->ns_so->so_type;
585 if (nd) {
586 getmicrotime(&nd->nd_starttime);
587 if (nd->nd_nam2)
588 nd->nd_nam = nd->nd_nam2;
589 else
590 nd->nd_nam = slp->ns_nam;
591
592 /*
593 * Check to see if authorization is needed.
594 */
595 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) {
596 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH;
597 nsd->nsd_haddr =
598 ((struct sockaddr_in *)
599 nd->nd_nam)->sin_addr.s_addr;
600 nsd->nsd_authlen = nfsd->nfsd_authlen;
601 nsd->nsd_verflen = nfsd->nfsd_verflen;
602 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr,
603 nfsd->nfsd_authlen) &&
604 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr,
605 nfsd->nfsd_verflen) &&
606 !copyout((caddr_t)nsd, argp, sizeof (*nsd)))
607 lwkt_reltoken(&slp->ns_token);
608 return (ENEEDAUTH);
609 cacherep = RC_DROPIT;
610 } else {
611 cacherep = nfsrv_getcache(nd, slp, &mreq);
612 }
613
614 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) {
615 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL;
616 nd->nd_procnum = NFSPROC_NOOP;
617 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
618 cacherep = RC_DOIT;
619 } else if (nfs_privport) {
620 /* Check if source port is privileged */
621 u_short port;
622 struct sockaddr *nam = nd->nd_nam;
623 struct sockaddr_in *sin;
624
625 sin = (struct sockaddr_in *)nam;
626 port = ntohs(sin->sin_port);
627 if (port >= IPPORT_RESERVED &&
628 nd->nd_procnum != NFSPROC_NULL) {
629 nd->nd_procnum = NFSPROC_NOOP;
630 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
631 cacherep = RC_DOIT;
632 kprintf("NFS request from unprivileged port (%s:%d)\n",
633 inet_ntoa(sin->sin_addr), port);
634 }
635 }
636
637 }
638
639 /*
640 * Execute the NFS request - direct execution
641 *
642 * Loop to get all the write rpc replies that have been
643 * gathered together.
644 *
645 * nfs_token not held here. slp token is held.
646 */
647 do {
648 switch (cacherep) {
649 case RC_DOIT:
650 if (nd && (nd->nd_flag & ND_NFSV3))
651 procrastinate = nfsrvw_procrastinate_v3;
652 else
653 procrastinate = nfsrvw_procrastinate;
654 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE &&
655 procrastinate > 0)
656 ) {
657 error = nfsrv_writegather(&nd, slp,
658 nfsd->nfsd_td, &mreq);
659 } else {
660 /* NOT YET lwkt_reltoken(&slp->ns_token); */
661 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd,
662 slp, nfsd->nfsd_td, &mreq);
663 /* NOT YET lwkt_gettoken(&slp->ns_token); */
664 }
665 if (mreq == NULL)
666 break;
667 if (error != 0 && error != NFSERR_RETVOID) {
668 if (nd->nd_procnum != NQNFSPROC_VACATED)
669 nfsstats.srv_errs++;
670 nfsrv_updatecache(nd, FALSE, mreq);
671 if (nd->nd_nam2)
672 FREE(nd->nd_nam2, M_SONAME);
673 break;
674 }
675 nfsstats.srvrpccnt[nd->nd_procnum]++;
676 nfsrv_updatecache(nd, TRUE, mreq);
677 nd->nd_mrep = NULL;
678 /* FALL THROUGH */
679 case RC_REPLY:
680 m = mreq;
681 siz = 0;
682 while (m) {
683 siz += m->m_len;
684 m = m->m_next;
685 }
686 if (siz <= 0 || siz > NFS_MAXPACKET) {
687 kprintf("mbuf siz=%d\n",siz);
688 panic("Bad nfs svc reply");
689 }
690 m = mreq;
691 m->m_pkthdr.len = siz;
692 m->m_pkthdr.rcvif = NULL;
693 /*
694 * For stream protocols, prepend a Sun RPC
695 * Record Mark.
696 */
697 if (sotype == SOCK_STREAM) {
698 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT);
699 if (m == NULL) {
700 error = ENOBUFS;
701 goto skip;
702 }
703 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz);
704 }
705 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
706 (void) nfs_slplock(slp, 1);
707 if (slp->ns_flag & SLP_VALID)
708 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL);
709 else {
710 error = EPIPE;
711 m_freem(m);
712 }
713skip:
714 if (nfsrtton)
715 nfsd_rt(sotype, nd, cacherep);
716 if (nd->nd_nam2)
717 FREE(nd->nd_nam2, M_SONAME);
718 if (nd->nd_mrep)
719 m_freem(nd->nd_mrep);
720 if (error == EPIPE || error == ENOBUFS)
721 nfsrv_zapsock(slp);
722 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
723 nfs_slpunlock(slp);
724 if (error == EINTR || error == ERESTART) {
725 kfree((caddr_t)nd, M_NFSRVDESC);
726 lwkt_reltoken(&slp->ns_token);
727 lwkt_gettoken(&nfs_token);
728 nfsd->nfsd_slp = NULL;
729 nfsrv_slpderef(slp);
730 goto done;
731 }
732 break;
733 case RC_DROPIT:
734 if (nfsrtton)
735 nfsd_rt(sotype, nd, cacherep);
736 m_freem(nd->nd_mrep);
737 if (nd->nd_nam2)
738 FREE(nd->nd_nam2, M_SONAME);
739 break;
740 };
741 if (nd) {
742 FREE((caddr_t)nd, M_NFSRVDESC);
743 nd = NULL;
744 }
745
746 /*
747 * Check to see if there are outstanding writes that
748 * need to be serviced.
749 */
750 cur_usec = nfs_curusec();
751 if (slp->ns_tq.lh_first &&
752 slp->ns_tq.lh_first->nd_time <= cur_usec) {
753 cacherep = RC_DOIT;
754 writes_todo = 1;
755 } else {
756 writes_todo = 0;
757 }
758 } while (writes_todo);
759
760 /*
761 * nfs_token not held here. slp token is held.
762 */
763 if (nfsrv_dorec(slp, nfsd, &nd)) {
764 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
765 if (slp->ns_flag & SLP_ACTION_MASK) {
766 lwkt_reltoken(&slp->ns_token);
767 lwkt_gettoken(&nfs_token);
768 } else {
769 nfsd->nfsd_slp = NULL;
770 lwkt_reltoken(&slp->ns_token);
771 lwkt_gettoken(&nfs_token);
772 nfsrv_slpderef(slp);
773 }
774 } else {
775 lwkt_reltoken(&slp->ns_token);
776 lwkt_gettoken(&nfs_token);
777 }
778 }
779done:
780 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain);
781 kfree((caddr_t)nfsd, M_NFSD);
782 nsd->nsd_nfsd = NULL;
783 if (--nfs_numnfsd == 0)
784 nfsrv_init(TRUE); /* Reinitialize everything */
785
786 lwkt_reltoken(&nfs_token);
787 return (error);
788}
789
790/*
791 * Shut down a socket associated with an nfssvc_sock structure.
792 * Should be called with the send lock set, if required.
793 * The trick here is to increment the sref at the start, so that the nfsds
794 * will stop using it and clear ns_flag at the end so that it will not be
795 * reassigned during cleanup.
796 */
797static void
798nfsrv_zapsock(struct nfssvc_sock *slp)
799{
800 struct nfsuid *nuidp, *nnuidp;
801 struct nfsrv_descript *nwp, *nnwp;
802 struct socket *so;
803 struct file *fp;
804 struct nfsrv_rec *rec;
805
806 slp->ns_flag &= ~SLP_ALLFLAGS;
807 fp = slp->ns_fp;
808 if (fp) {
809 slp->ns_fp = NULL;
810 so = slp->ns_so;
811 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
812 so->so_upcall = NULL;
813 so->so_upcallarg = NULL;
814 soshutdown(so, SHUT_RDWR);
815 closef(fp, NULL);
816 if (slp->ns_nam)
817 FREE(slp->ns_nam, M_SONAME);
818 m_freem(slp->ns_raw);
819 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) {
820 --slp->ns_numrec;
821 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link);
822 if (rec->nr_address)
823 FREE(rec->nr_address, M_SONAME);
824 m_freem(rec->nr_packet);
825 kfree(rec, M_NFSRVDESC);
826 }
827 KKASSERT(slp->ns_numrec == 0);
828
829 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru,
830 nnuidp) {
831 LIST_REMOVE(nuidp, nu_hash);
832 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru);
833 if (nuidp->nu_flag & NU_NAM)
834 FREE(nuidp->nu_nam, M_SONAME);
835 kfree((caddr_t)nuidp, M_NFSUID);
836 }
837 crit_enter();
838 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) {
839 nnwp = nwp->nd_tq.le_next;
840 LIST_REMOVE(nwp, nd_tq);
841 kfree((caddr_t)nwp, M_NFSRVDESC);
842 }
843 LIST_INIT(&slp->ns_tq);
844 crit_exit();
845 nfsrv_slpderef(slp);
846 }
847}
848
849/*
850 * Derefence a server socket structure. If it has no more references and
851 * is no longer valid, you can throw it away.
852 *
853 * Must be holding nfs_token!
854 */
855void
856nfsrv_slpderef(struct nfssvc_sock *slp)
857{
858 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
859 if (slp->ns_sref == 1) {
860 KKASSERT((slp->ns_flag & SLP_VALID) == 0);
861 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
862 slp->ns_sref = 0;
863 kfree((caddr_t)slp, M_NFSSVC);
864 } else {
865 --slp->ns_sref;
866 }
867}
868
869void
870nfsrv_slpref(struct nfssvc_sock *slp)
871{
872 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
873 ++slp->ns_sref;
874}
875
876/*
877 * Lock a socket against others.
878 *
879 * Returns 0 on failure, 1 on success.
880 */
881int
882nfs_slplock(struct nfssvc_sock *slp, int wait)
883{
884 mtx_t mtx = &slp->ns_solock;
885
886 if (wait) {
887 mtx_lock_ex(mtx, "nfsslplck", 0, 0);
888 return(1);
889 } else if (mtx_lock_ex_try(mtx) == 0) {
890 return(1);
891 } else {
892 return(0);
893 }
894}
895
896/*
897 * Unlock the stream socket for others.
898 */
899void
900nfs_slpunlock(struct nfssvc_sock *slp)
901{
902 mtx_t mtx = &slp->ns_solock;
903
904 mtx_unlock(mtx);
905}
906
907/*
908 * Initialize the data structures for the server.
909 * Handshake with any new nfsds starting up to avoid any chance of
910 * corruption.
911 */
912void
913nfsrv_init(int terminating)
914{
915 struct nfssvc_sock *slp, *nslp;
916
917 lwkt_gettoken(&nfs_token);
918 if (nfssvc_sockhead_flag & SLP_INIT)
919 panic("nfsd init");
920 nfssvc_sockhead_flag |= SLP_INIT;
921
922 if (terminating) {
923 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) {
924 if (slp->ns_flag & SLP_VALID)
925 nfsrv_zapsock(slp);
926 /*
927 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
928 kfree((caddr_t)slp, M_NFSSVC);
929 */
930 }
931 nfsrv_cleancache(); /* And clear out server cache */
932 } else {
933 nfs_pub.np_valid = 0;
934 }
935
936 TAILQ_INIT(&nfssvc_sockhead);
937 nfssvc_sockhead_flag &= ~SLP_INIT;
938 if (nfssvc_sockhead_flag & SLP_WANTINIT) {
939 nfssvc_sockhead_flag &= ~SLP_WANTINIT;
940 wakeup((caddr_t)&nfssvc_sockhead);
941 }
942
943 TAILQ_INIT(&nfsd_head);
944 nfsd_head_flag &= ~NFSD_CHECKSLP;
945
946 lwkt_reltoken(&nfs_token);
947
948#if 0
949 nfs_udpsock = (struct nfssvc_sock *)
950 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
951 mtx_init(&nfs_udpsock->ns_solock);
952 STAILQ_INIT(&nfs_udpsock->ns_rec);
953 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead);
954 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain);
955
956 nfs_cltpsock = (struct nfssvc_sock *)
957 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
958 mtx_init(&nfs_cltpsock->ns_solock);
959 STAILQ_INIT(&nfs_cltpsock->ns_rec);
960 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead);
961 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain);
962#endif
963}
964
965/*
966 * Add entries to the server monitor log.
967 */
968static void
969nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep)
970{
971 struct drt *rt;
972
973 rt = &nfsdrt.drt[nfsdrt.pos];
974 if (cacherep == RC_DOIT)
975 rt->flag = 0;
976 else if (cacherep == RC_REPLY)
977 rt->flag = DRT_CACHEREPLY;
978 else
979 rt->flag = DRT_CACHEDROP;
980 if (sotype == SOCK_STREAM)
981 rt->flag |= DRT_TCP;
982 if (nd->nd_flag & ND_NFSV3)
983 rt->flag |= DRT_NFSV3;
984 rt->proc = nd->nd_procnum;
985 if (nd->nd_nam->sa_family == AF_INET)
986 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr;
987 else
988 rt->ipadr = INADDR_ANY;
989 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec);
990 getmicrotime(&rt->tstamp);
991 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ;
992}
993#endif /* NFS_NOSERVER */
994
995/*
996 * Get an authorization string for the uid by having the mount_nfs sitting
997 * on this mount point porpous out of the kernel and do it.
998 */
999int
1000nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep,
1001 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str,
1002 int *verf_len, NFSKERBKEY_T key /* return session key */)
1003{
1004 int error = 0;
1005
1006 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) {
1007 nmp->nm_state |= NFSSTA_WANTAUTH;
1008 (void) tsleep((caddr_t)&nmp->nm_authtype, 0,
1009 "nfsauth1", 2 * hz);
1010 error = nfs_sigintr(nmp, rep, rep->r_td);
1011 if (error) {
1012 nmp->nm_state &= ~NFSSTA_WANTAUTH;
1013 return (error);
1014 }
1015 }
1016 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH);
1017 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK);
1018 nmp->nm_authlen = RPCAUTH_MAXSIZ;
1019 nmp->nm_verfstr = verf_str;
1020 nmp->nm_verflen = *verf_len;
1021 nmp->nm_authuid = cred->cr_uid;
1022 wakeup((caddr_t)&nmp->nm_authstr);
1023
1024 /*
1025 * And wait for mount_nfs to do its stuff.
1026 */
1027 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) {
1028 (void) tsleep((caddr_t)&nmp->nm_authlen, 0,
1029 "nfsauth2", 2 * hz);
1030 error = nfs_sigintr(nmp, rep, rep->r_td);
1031 }
1032 if (nmp->nm_state & NFSSTA_AUTHERR) {
1033 nmp->nm_state &= ~NFSSTA_AUTHERR;
1034 error = EAUTH;
1035 }
1036 if (error)
1037 kfree((caddr_t)*auth_str, M_TEMP);
1038 else {
1039 *auth_len = nmp->nm_authlen;
1040 *verf_len = nmp->nm_verflen;
1041 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (key));
1042 }
1043 nmp->nm_state &= ~NFSSTA_HASAUTH;
1044 nmp->nm_state |= NFSSTA_WAITAUTH;
1045 if (nmp->nm_state & NFSSTA_WANTAUTH) {
1046 nmp->nm_state &= ~NFSSTA_WANTAUTH;
1047 wakeup((caddr_t)&nmp->nm_authtype);
1048 }
1049 return (error);
1050}
1051
1052/*
1053 * Get a nickname authenticator and verifier.
1054 */
1055int
1056nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str,
1057 int *auth_len, char *verf_str, int verf_len)
1058{
1059 struct nfsuid *nuidp;
1060 u_int32_t *nickp, *verfp;
1061 struct timeval ktvin, ktvout;
1062
1063#ifdef DIAGNOSTIC
1064 if (verf_len < (4 * NFSX_UNSIGNED))
1065 panic("nfs_getnickauth verf too small");
1066#endif
1067 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first;
1068 nuidp != 0; nuidp = nuidp->nu_hash.le_next) {
1069 if (nuidp->nu_cr.cr_uid == cred->cr_uid)
1070 break;
1071 }
1072 if (!nuidp || nuidp->nu_expire < time_second)
1073 return (EACCES);
1074
1075 /*
1076 * Move to the end of the lru list (end of lru == most recently used).
1077 */
1078 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru);
1079 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru);
1080
1081 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK);
1082 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME);
1083 *nickp = txdr_unsigned(nuidp->nu_nickname);
1084 *auth_str = (char *)nickp;
1085 *auth_len = 2 * NFSX_UNSIGNED;
1086
1087 /*
1088 * Now we must encrypt the verifier and package it up.
1089 */
1090 verfp = (u_int32_t *)verf_str;
1091 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME);
1092 if (time_second > nuidp->nu_timestamp.tv_sec ||
1093 (time_second == nuidp->nu_timestamp.tv_sec &&
1094 time_second > nuidp->nu_timestamp.tv_usec))
1095 getmicrotime(&nuidp->nu_timestamp);
1096 else
1097 nuidp->nu_timestamp.tv_usec++;
1098 ktvin.tv_sec = txdr_unsigned(nuidp->nu_timestamp.tv_sec);
1099 ktvin.tv_usec = txdr_unsigned(nuidp->nu_timestamp.tv_usec);
1100
1101 /*
1102 * Now encrypt the timestamp verifier in ecb mode using the session
1103 * key.
1104 */
1105#ifdef NFSKERB
1106 XXX
1107#else
1108 ktvout.tv_sec = 0;
1109 ktvout.tv_usec = 0;
1110#endif
1111
1112 *verfp++ = ktvout.tv_sec;
1113 *verfp++ = ktvout.tv_usec;
1114 *verfp = 0;
1115 return (0);
1116}
1117
1118/*
1119 * Save the current nickname in a hash list entry on the mount point.
1120 */
1121int
1122nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len,
1123 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp,
1124 struct mbuf *mrep)
1125{
1126 struct nfsuid *nuidp;
1127 u_int32_t *tl;
1128 struct timeval ktvin, ktvout;
1129 u_int32_t nick;
1130 int deltasec, error = 0;
1131 struct nfsm_info info;
1132
1133 info.md = *mdp;
1134 info.dpos = *dposp;
1135 info.mrep = mrep;
1136
1137 if (len == (3 * NFSX_UNSIGNED)) {
1138 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED));
1139 ktvin.tv_sec = *tl++;
1140 ktvin.tv_usec = *tl++;
1141 nick = fxdr_unsigned(u_int32_t, *tl);
1142
1143 /*
1144 * Decrypt the timestamp in ecb mode.
1145 */
1146#ifdef NFSKERB
1147 XXX
1148#else
1149 ktvout.tv_sec = 0;
1150 ktvout.tv_usec = 0;
1151#endif
1152 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec);
1153 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec);
1154 deltasec = time_second - ktvout.tv_sec;
1155 if (deltasec < 0)
1156 deltasec = -deltasec;
1157 /*
1158 * If ok, add it to the hash list for the mount point.
1159 */
1160 if (deltasec <= NFS_KERBCLOCKSKEW) {
1161 if (nmp->nm_numuids < nuidhash_max) {
1162 nmp->nm_numuids++;
1163 nuidp = (struct nfsuid *)
1164 kmalloc(sizeof (struct nfsuid), M_NFSUID,
1165 M_WAITOK);
1166 } else {
1167 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead);
1168 LIST_REMOVE(nuidp, nu_hash);
1169 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp,
1170 nu_lru);
1171 }
1172 nuidp->nu_flag = 0;
1173 nuidp->nu_cr.cr_uid = cred->cr_uid;
1174 nuidp->nu_expire = time_second + NFS_KERBTTL;
1175 nuidp->nu_timestamp = ktvout;
1176 nuidp->nu_nickname = nick;
1177 bcopy(key, nuidp->nu_key, sizeof (key));
1178 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp,
1179 nu_lru);
1180 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid),
1181 nuidp, nu_hash);
1182 }
1183 } else {
1184 ERROROUT(nfsm_adv(&info, nfsm_rndup(len)));
1185 }
1186nfsmout:
1187 *mdp = info.md;
1188 *dposp = info.dpos;
1189 return (error);
1190}
DragonFly Project Source