2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by the University of
19 * California, Berkeley and its contributors.
20 * 4. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95
37 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $
38 * $DragonFly: src/sys/vfs/nfs/nfs_syscalls.c,v 1.31 2008/01/05 14:02:41 swildner Exp $
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/sysproto.h>
44 #include <sys/kernel.h>
45 #include <sys/sysctl.h>
47 #include <sys/filedesc.h>
48 #include <sys/vnode.h>
49 #include <sys/malloc.h>
50 #include <sys/mount.h>
55 #include <sys/resourcevar.h>
56 #include <sys/socket.h>
57 #include <sys/socketvar.h>
58 #include <sys/domain.h>
59 #include <sys/protosw.h>
60 #include <sys/nlookup.h>
61 #include <vm/vm_zone.h>
63 #include <sys/mutex2.h>
64 #include <sys/thread2.h>
66 #include <netinet/in.h>
67 #include <netinet/tcp.h>
72 #include "nfsm_subs.h"
73 #include "nfsrvcache.h"
78 #include <sys/thread2.h>
80 static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure");
82 static int nuidhash_max = NFS_MAXUIDHASH;
85 static void nfsrv_zapsock (struct nfssvc_sock *slp);
91 SYSCTL_DECL(_vfs_nfs);
95 static struct nfsdrt nfsdrt;
96 static int nfs_numnfsd = 0;
97 static void nfsd_rt (int sotype, struct nfsrv_descript *nd,
99 static int nfssvc_addsock (struct file *, struct sockaddr *,
101 static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *);
103 static int nfs_privport = 0;
104 SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport, 0, "");
105 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0, "");
106 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0, "");
107 int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO;
108 SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0, "");
111 * NFS server system calls
114 #endif /* NFS_NOSERVER */
116 * nfssvc_args(int flag, caddr_t argp)
118 * Nfs server psuedo system call for the nfsd's
119 * Based on the flag value it either:
120 * - adds a socket to the selection list
121 * - remains in the kernel as an nfsd
122 * - remains in the kernel as an nfsiod
127 sys_nfssvc(struct nfssvc_args *uap)
130 struct nlookupdata nd;
132 struct sockaddr *nam;
133 struct nfsd_args nfsdarg;
134 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs;
135 struct nfsd_cargs ncd;
137 struct nfssvc_sock *slp;
138 struct nfsuid *nuidp;
139 struct nfsmount *nmp;
141 #endif /* NFS_NOSERVER */
143 struct thread *td = curthread;
148 error = priv_check(td, PRIV_ROOT);
152 lwkt_gettoken(&nfs_token);
154 while (nfssvc_sockhead_flag & SLP_INIT) {
155 nfssvc_sockhead_flag |= SLP_WANTINIT;
156 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0);
158 if (uap->flag & NFSSVC_BIOD)
159 error = ENXIO; /* no longer need nfsiod's */
163 #else /* !NFS_NOSERVER */
164 else if (uap->flag & NFSSVC_MNTD) {
165 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd));
169 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE,
172 error = nlookup(&nd);
174 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
179 if ((vp->v_flag & VROOT) == 0)
181 nmp = VFSTONFS(vp->v_mount);
185 if ((nmp->nm_state & NFSSTA_MNTD) &&
186 (uap->flag & NFSSVC_GOTAUTH) == 0) {
190 nmp->nm_state |= NFSSTA_MNTD;
191 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag,
193 } else if (uap->flag & NFSSVC_ADDSOCK) {
194 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg));
197 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp);
201 * Get the client address for connected sockets.
203 if (nfsdarg.name == NULL || nfsdarg.namelen == 0)
206 error = getsockaddr(&nam, nfsdarg.name,
213 error = nfssvc_addsock(fp, nam, td);
216 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd));
219 if ((uap->flag & NFSSVC_AUTHIN) &&
220 ((nfsd = nsd->nsd_nfsd)) != NULL &&
221 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) {
222 slp = nfsd->nfsd_slp;
225 * First check to see if another nfsd has already
226 * added this credential.
228 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first;
229 nuidp != 0; nuidp = nuidp->nu_hash.le_next) {
230 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid &&
231 (!nfsd->nfsd_nd->nd_nam2 ||
232 netaddr_match(NU_NETFAM(nuidp),
233 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2)))
237 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr);
238 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
243 if (slp->ns_numuids < nuidhash_max) {
245 nuidp = (struct nfsuid *)
246 kmalloc(sizeof (struct nfsuid), M_NFSUID,
250 if ((slp->ns_flag & SLP_VALID) == 0) {
252 kfree((caddr_t)nuidp, M_NFSUID);
255 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead);
256 LIST_REMOVE(nuidp, nu_hash);
257 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp,
259 if (nuidp->nu_flag & NU_NAM)
260 FREE(nuidp->nu_nam, M_SONAME);
263 nuidp->nu_cr = nsd->nsd_cr;
264 if (nuidp->nu_cr.cr_ngroups > NGROUPS)
265 nuidp->nu_cr.cr_ngroups = NGROUPS;
266 nuidp->nu_cr.cr_ref = 1;
267 nuidp->nu_timestamp = nsd->nsd_timestamp;
268 nuidp->nu_expire = time_second + nsd->nsd_ttl;
270 * and save the session key in nu_key.
272 bcopy(nsd->nsd_key, nuidp->nu_key,
273 sizeof (nsd->nsd_key));
274 if (nfsd->nfsd_nd->nd_nam2) {
275 struct sockaddr_in *saddr;
277 saddr = (struct sockaddr_in *)
278 nfsd->nfsd_nd->nd_nam2;
279 switch (saddr->sin_family) {
281 nuidp->nu_flag |= NU_INETADDR;
283 saddr->sin_addr.s_addr;
287 nuidp->nu_flag |= NU_NAM;
289 dup_sockaddr(nfsd->nfsd_nd->nd_nam2);
293 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp,
295 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid),
297 nfsrv_setcred(&nuidp->nu_cr,
298 &nfsd->nfsd_nd->nd_cr);
299 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
303 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd))
304 nfsd->nfsd_flag |= NFSD_AUTHFAIL;
305 error = nfssvc_nfsd(nsd, uap->argp, td);
307 #endif /* NFS_NOSERVER */
308 if (error == EINTR || error == ERESTART)
311 lwkt_reltoken(&nfs_token);
317 * Adds a socket to the list for servicing by nfsds.
320 nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td)
323 struct nfssvc_sock *slp;
327 so = (struct socket *)fp->f_data;
331 * Add it to the list, as required.
333 if (so->so_proto->pr_protocol == IPPROTO_UDP) {
335 if (tslp->ns_flag & SLP_VALID) {
337 FREE(mynam, M_SONAME);
343 * Reserve buffer space in the socket. Note that due to bugs in
344 * Linux's delayed-ack code, serious performance degredation may
345 * occur with linux hosts if the minimum is used.
347 * NFS sockets are not limited to the standard sb_max or by
350 if (so->so_type == SOCK_STREAM)
351 siz = NFS_MAXPACKET + sizeof (u_long);
354 if (siz < nfs_soreserve)
357 error = soreserve(so, siz, siz, NULL);
360 FREE(mynam, M_SONAME);
365 * Set protocol specific options { for now TCP only } and
366 * reserve some space. For datagram sockets, this can get called
367 * repeatedly for the same socket, but that isn't harmful.
369 if (so->so_type == SOCK_STREAM) {
373 bzero(&sopt, sizeof sopt);
374 sopt.sopt_level = SOL_SOCKET;
375 sopt.sopt_name = SO_KEEPALIVE;
376 sopt.sopt_val = &val;
377 sopt.sopt_valsize = sizeof val;
381 if (so->so_proto->pr_domain->dom_family == AF_INET &&
382 so->so_proto->pr_protocol == IPPROTO_TCP) {
386 bzero(&sopt, sizeof sopt);
387 sopt.sopt_level = IPPROTO_TCP;
388 sopt.sopt_name = TCP_NODELAY;
389 sopt.sopt_val = &val;
390 sopt.sopt_valsize = sizeof val;
394 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR);
395 so->so_rcv.ssb_timeo = 0;
396 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR);
397 so->so_snd.ssb_timeo = 0;
399 slp = (struct nfssvc_sock *)kmalloc(sizeof (struct nfssvc_sock),
400 M_NFSSVC, M_WAITOK | M_ZERO);
401 mtx_init(&slp->ns_solock);
402 STAILQ_INIT(&slp->ns_rec);
403 TAILQ_INIT(&slp->ns_uidlruhead);
404 lwkt_token_init(&slp->ns_token, 1, "nfssrv_token");
406 lwkt_gettoken(&nfs_token);
407 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain);
409 lwkt_gettoken(&slp->ns_token);
416 so->so_upcallarg = (caddr_t)slp;
417 so->so_upcall = nfsrv_rcv_upcall;
418 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
419 slp->ns_flag = (SLP_VALID | SLP_NEEDQ);
420 nfsrv_wakenfsd(slp, 1);
422 lwkt_reltoken(&slp->ns_token);
423 lwkt_reltoken(&nfs_token);
429 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
430 * until it is killed by a signal.
433 nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td)
436 struct nfssvc_sock *slp;
437 struct nfsd *nfsd = nsd->nsd_nfsd;
438 struct nfsrv_descript *nd = NULL;
439 struct mbuf *m, *mreq;
440 int error = 0, cacherep, sotype, writes_todo;
448 lwkt_gettoken(&nfs_token);
451 nsd->nsd_nfsd = nfsd = (struct nfsd *)
452 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO);
454 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain);
459 * Loop getting rpc requests until SIGKILL.
462 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) {
463 while (nfsd->nfsd_slp == NULL &&
464 (nfsd_head_flag & NFSD_CHECKSLP) == 0) {
465 nfsd->nfsd_flag |= NFSD_WAITING;
467 error = tsleep((caddr_t)nfsd, PCATCH, "nfsd", 0);
472 if (nfsd->nfsd_slp == NULL &&
473 (nfsd_head_flag & NFSD_CHECKSLP) != 0) {
474 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) {
475 if ((slp->ns_flag & (SLP_VALID | SLP_DOREC))
476 == (SLP_VALID | SLP_DOREC)) {
477 slp->ns_flag &= ~SLP_DOREC;
479 nfsd->nfsd_slp = slp;
484 nfsd_head_flag &= ~NFSD_CHECKSLP;
486 if ((slp = nfsd->nfsd_slp) == NULL)
489 lwkt_reltoken(&nfs_token);
490 lwkt_gettoken(&slp->ns_token);
492 if (slp->ns_flag & SLP_VALID) {
493 if (slp->ns_flag & SLP_DISCONN)
495 else if (slp->ns_flag & SLP_NEEDQ) {
496 slp->ns_flag &= ~SLP_NEEDQ;
497 (void) nfs_slplock(slp, 1);
498 nfsrv_rcv(slp->ns_so, (caddr_t)slp,
502 error = nfsrv_dorec(slp, nfsd, &nd);
503 cur_usec = nfs_curusec();
504 if (error && slp->ns_tq.lh_first &&
505 slp->ns_tq.lh_first->nd_time <= cur_usec) {
511 nfsd->nfsd_flag |= NFSD_REQINPROG;
515 slp = nfsd->nfsd_slp;
516 lwkt_reltoken(&nfs_token);
517 lwkt_gettoken(&slp->ns_token);
521 * nfs_token not held here. slp token is held.
523 if (error || (slp->ns_flag & SLP_VALID) == 0) {
525 kfree((caddr_t)nd, M_NFSRVDESC);
528 nfsd->nfsd_slp = NULL;
529 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
530 lwkt_reltoken(&slp->ns_token);
531 lwkt_gettoken(&nfs_token);
537 * nfs_token not held here. slp token is held.
539 sotype = slp->ns_so->so_type;
541 getmicrotime(&nd->nd_starttime);
543 nd->nd_nam = nd->nd_nam2;
545 nd->nd_nam = slp->ns_nam;
548 * Check to see if authorization is needed.
550 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) {
551 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH;
553 ((struct sockaddr_in *)
554 nd->nd_nam)->sin_addr.s_addr;
555 nsd->nsd_authlen = nfsd->nfsd_authlen;
556 nsd->nsd_verflen = nfsd->nfsd_verflen;
557 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr,
558 nfsd->nfsd_authlen) &&
559 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr,
560 nfsd->nfsd_verflen) &&
561 !copyout((caddr_t)nsd, argp, sizeof (*nsd)))
562 lwkt_reltoken(&slp->ns_token);
564 cacherep = RC_DROPIT;
566 cacherep = nfsrv_getcache(nd, slp, &mreq);
569 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) {
570 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL;
571 nd->nd_procnum = NFSPROC_NOOP;
572 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
574 } else if (nfs_privport) {
575 /* Check if source port is privileged */
577 struct sockaddr *nam = nd->nd_nam;
578 struct sockaddr_in *sin;
580 sin = (struct sockaddr_in *)nam;
581 port = ntohs(sin->sin_port);
582 if (port >= IPPORT_RESERVED &&
583 nd->nd_procnum != NFSPROC_NULL) {
584 nd->nd_procnum = NFSPROC_NOOP;
585 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
587 kprintf("NFS request from unprivileged port (%s:%d)\n",
588 inet_ntoa(sin->sin_addr), port);
595 * Loop to get all the write rpc replies that have been
598 * nfs_token not held here. slp token is held.
603 if (nd && (nd->nd_flag & ND_NFSV3))
604 procrastinate = nfsrvw_procrastinate_v3;
606 procrastinate = nfsrvw_procrastinate;
607 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE &&
610 error = nfsrv_writegather(&nd, slp,
611 nfsd->nfsd_td, &mreq);
613 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd,
614 slp, nfsd->nfsd_td, &mreq);
618 if (error != 0 && error != NFSERR_RETVOID) {
619 if (nd->nd_procnum != NQNFSPROC_VACATED)
621 nfsrv_updatecache(nd, FALSE, mreq);
623 FREE(nd->nd_nam2, M_SONAME);
626 nfsstats.srvrpccnt[nd->nd_procnum]++;
627 nfsrv_updatecache(nd, TRUE, mreq);
636 if (siz <= 0 || siz > NFS_MAXPACKET) {
637 kprintf("mbuf siz=%d\n",siz);
638 panic("Bad nfs svc reply");
641 m->m_pkthdr.len = siz;
642 m->m_pkthdr.rcvif = NULL;
644 * For stream protocols, prepend a Sun RPC
647 if (sotype == SOCK_STREAM) {
648 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT);
651 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz);
653 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
654 (void) nfs_slplock(slp, 1);
655 if (slp->ns_flag & SLP_VALID)
656 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL);
662 nfsd_rt(sotype, nd, cacherep);
664 FREE(nd->nd_nam2, M_SONAME);
666 m_freem(nd->nd_mrep);
669 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
671 if (error == EINTR || error == ERESTART) {
672 kfree((caddr_t)nd, M_NFSRVDESC);
673 lwkt_reltoken(&slp->ns_token);
674 lwkt_gettoken(&nfs_token);
681 nfsd_rt(sotype, nd, cacherep);
682 m_freem(nd->nd_mrep);
684 FREE(nd->nd_nam2, M_SONAME);
688 FREE((caddr_t)nd, M_NFSRVDESC);
693 * Check to see if there are outstanding writes that
694 * need to be serviced.
696 cur_usec = nfs_curusec();
697 if (slp->ns_tq.lh_first &&
698 slp->ns_tq.lh_first->nd_time <= cur_usec) {
704 } while (writes_todo);
707 * nfs_token not held here. slp token is held.
709 if (nfsrv_dorec(slp, nfsd, &nd)) {
710 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
711 nfsd->nfsd_slp = NULL;
712 lwkt_reltoken(&slp->ns_token);
713 lwkt_gettoken(&nfs_token);
716 lwkt_reltoken(&slp->ns_token);
717 lwkt_gettoken(&nfs_token);
721 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain);
722 kfree((caddr_t)nfsd, M_NFSD);
723 nsd->nsd_nfsd = NULL;
724 if (--nfs_numnfsd == 0)
725 nfsrv_init(TRUE); /* Reinitialize everything */
727 lwkt_reltoken(&nfs_token);
732 * Shut down a socket associated with an nfssvc_sock structure.
733 * Should be called with the send lock set, if required.
734 * The trick here is to increment the sref at the start, so that the nfsds
735 * will stop using it and clear ns_flag at the end so that it will not be
736 * reassigned during cleanup.
739 nfsrv_zapsock(struct nfssvc_sock *slp)
741 struct nfsuid *nuidp, *nnuidp;
742 struct nfsrv_descript *nwp, *nnwp;
745 struct nfsrv_rec *rec;
747 slp->ns_flag &= ~SLP_ALLFLAGS;
752 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
753 so->so_upcall = NULL;
754 so->so_upcallarg = NULL;
755 soshutdown(so, SHUT_RDWR);
758 FREE(slp->ns_nam, M_SONAME);
759 m_freem(slp->ns_raw);
760 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) {
762 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link);
764 FREE(rec->nr_address, M_SONAME);
765 m_freem(rec->nr_packet);
766 kfree(rec, M_NFSRVDESC);
768 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru,
770 LIST_REMOVE(nuidp, nu_hash);
771 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru);
772 if (nuidp->nu_flag & NU_NAM)
773 FREE(nuidp->nu_nam, M_SONAME);
774 kfree((caddr_t)nuidp, M_NFSUID);
777 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) {
778 nnwp = nwp->nd_tq.le_next;
779 LIST_REMOVE(nwp, nd_tq);
780 kfree((caddr_t)nwp, M_NFSRVDESC);
782 LIST_INIT(&slp->ns_tq);
788 * Derefence a server socket structure. If it has no more references and
789 * is no longer valid, you can throw it away.
791 * Must be holding nfs_token!
794 nfsrv_slpderef(struct nfssvc_sock *slp)
796 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
797 if (--slp->ns_sref == 0 && (slp->ns_flag & SLP_VALID) == 0) {
798 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
799 kfree((caddr_t)slp, M_NFSSVC);
804 nfsrv_slpref(struct nfssvc_sock *slp)
806 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
811 * Lock a socket against others.
813 * Returns 0 on failure, 1 on success.
816 nfs_slplock(struct nfssvc_sock *slp, int wait)
818 mtx_t mtx = &slp->ns_solock;
821 mtx_lock_ex(mtx, "nfsslplck", 0, 0);
823 } else if (mtx_lock_ex_try(mtx) == 0) {
831 * Unlock the stream socket for others.
834 nfs_slpunlock(struct nfssvc_sock *slp)
836 mtx_t mtx = &slp->ns_solock;
842 * Initialize the data structures for the server.
843 * Handshake with any new nfsds starting up to avoid any chance of
847 nfsrv_init(int terminating)
849 struct nfssvc_sock *slp, *nslp;
851 lwkt_gettoken(&nfs_token);
852 if (nfssvc_sockhead_flag & SLP_INIT)
854 nfssvc_sockhead_flag |= SLP_INIT;
857 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) {
858 if (slp->ns_flag & SLP_VALID)
860 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
861 kfree((caddr_t)slp, M_NFSSVC);
863 nfsrv_cleancache(); /* And clear out server cache */
865 nfs_pub.np_valid = 0;
868 TAILQ_INIT(&nfssvc_sockhead);
869 nfssvc_sockhead_flag &= ~SLP_INIT;
870 if (nfssvc_sockhead_flag & SLP_WANTINIT) {
871 nfssvc_sockhead_flag &= ~SLP_WANTINIT;
872 wakeup((caddr_t)&nfssvc_sockhead);
875 TAILQ_INIT(&nfsd_head);
876 nfsd_head_flag &= ~NFSD_CHECKSLP;
878 lwkt_reltoken(&nfs_token);
881 nfs_udpsock = (struct nfssvc_sock *)
882 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
883 mtx_init(&nfs_udpsock->ns_solock);
884 STAILQ_INIT(&nfs_udpsock->ns_rec);
885 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead);
886 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain);
888 nfs_cltpsock = (struct nfssvc_sock *)
889 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
890 mtx_init(&nfs_cltpsock->ns_solock);
891 STAILQ_INIT(&nfs_cltpsock->ns_rec);
892 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead);
893 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain);
898 * Add entries to the server monitor log.
901 nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep)
905 rt = &nfsdrt.drt[nfsdrt.pos];
906 if (cacherep == RC_DOIT)
908 else if (cacherep == RC_REPLY)
909 rt->flag = DRT_CACHEREPLY;
911 rt->flag = DRT_CACHEDROP;
912 if (sotype == SOCK_STREAM)
914 if (nd->nd_flag & ND_NFSV3)
915 rt->flag |= DRT_NFSV3;
916 rt->proc = nd->nd_procnum;
917 if (nd->nd_nam->sa_family == AF_INET)
918 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr;
920 rt->ipadr = INADDR_ANY;
921 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec);
922 getmicrotime(&rt->tstamp);
923 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ;
925 #endif /* NFS_NOSERVER */
927 static int nfs_defect = 0;
928 SYSCTL_INT(_vfs_nfs, OID_AUTO, defect, CTLFLAG_RW, &nfs_defect, 0, "");
931 * Get an authorization string for the uid by having the mount_nfs sitting
932 * on this mount point porpous out of the kernel and do it.
935 nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep,
936 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str,
937 int *verf_len, NFSKERBKEY_T key /* return session key */)
941 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) {
942 nmp->nm_state |= NFSSTA_WANTAUTH;
943 (void) tsleep((caddr_t)&nmp->nm_authtype, 0,
945 error = nfs_sigintr(nmp, rep, rep->r_td);
947 nmp->nm_state &= ~NFSSTA_WANTAUTH;
951 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH);
952 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK);
953 nmp->nm_authlen = RPCAUTH_MAXSIZ;
954 nmp->nm_verfstr = verf_str;
955 nmp->nm_verflen = *verf_len;
956 nmp->nm_authuid = cred->cr_uid;
957 wakeup((caddr_t)&nmp->nm_authstr);
960 * And wait for mount_nfs to do its stuff.
962 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) {
963 (void) tsleep((caddr_t)&nmp->nm_authlen, 0,
965 error = nfs_sigintr(nmp, rep, rep->r_td);
967 if (nmp->nm_state & NFSSTA_AUTHERR) {
968 nmp->nm_state &= ~NFSSTA_AUTHERR;
972 kfree((caddr_t)*auth_str, M_TEMP);
974 *auth_len = nmp->nm_authlen;
975 *verf_len = nmp->nm_verflen;
976 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (key));
978 nmp->nm_state &= ~NFSSTA_HASAUTH;
979 nmp->nm_state |= NFSSTA_WAITAUTH;
980 if (nmp->nm_state & NFSSTA_WANTAUTH) {
981 nmp->nm_state &= ~NFSSTA_WANTAUTH;
982 wakeup((caddr_t)&nmp->nm_authtype);
988 * Get a nickname authenticator and verifier.
991 nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str,
992 int *auth_len, char *verf_str, int verf_len)
994 struct nfsuid *nuidp;
995 u_int32_t *nickp, *verfp;
996 struct timeval ktvin, ktvout;
999 if (verf_len < (4 * NFSX_UNSIGNED))
1000 panic("nfs_getnickauth verf too small");
1002 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first;
1003 nuidp != 0; nuidp = nuidp->nu_hash.le_next) {
1004 if (nuidp->nu_cr.cr_uid == cred->cr_uid)
1007 if (!nuidp || nuidp->nu_expire < time_second)
1011 * Move to the end of the lru list (end of lru == most recently used).
1013 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru);
1014 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru);
1016 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK);
1017 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME);
1018 *nickp = txdr_unsigned(nuidp->nu_nickname);
1019 *auth_str = (char *)nickp;
1020 *auth_len = 2 * NFSX_UNSIGNED;
1023 * Now we must encrypt the verifier and package it up.
1025 verfp = (u_int32_t *)verf_str;
1026 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME);
1027 if (time_second > nuidp->nu_timestamp.tv_sec ||
1028 (time_second == nuidp->nu_timestamp.tv_sec &&
1029 time_second > nuidp->nu_timestamp.tv_usec))
1030 getmicrotime(&nuidp->nu_timestamp);
1032 nuidp->nu_timestamp.tv_usec++;
1033 ktvin.tv_sec = txdr_unsigned(nuidp->nu_timestamp.tv_sec);
1034 ktvin.tv_usec = txdr_unsigned(nuidp->nu_timestamp.tv_usec);
1037 * Now encrypt the timestamp verifier in ecb mode using the session
1047 *verfp++ = ktvout.tv_sec;
1048 *verfp++ = ktvout.tv_usec;
1054 * Save the current nickname in a hash list entry on the mount point.
1057 nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len,
1058 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp,
1061 struct nfsuid *nuidp;
1063 struct timeval ktvin, ktvout;
1065 int deltasec, error = 0;
1066 struct nfsm_info info;
1072 if (len == (3 * NFSX_UNSIGNED)) {
1073 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED));
1074 ktvin.tv_sec = *tl++;
1075 ktvin.tv_usec = *tl++;
1076 nick = fxdr_unsigned(u_int32_t, *tl);
1079 * Decrypt the timestamp in ecb mode.
1087 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec);
1088 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec);
1089 deltasec = time_second - ktvout.tv_sec;
1091 deltasec = -deltasec;
1093 * If ok, add it to the hash list for the mount point.
1095 if (deltasec <= NFS_KERBCLOCKSKEW) {
1096 if (nmp->nm_numuids < nuidhash_max) {
1098 nuidp = (struct nfsuid *)
1099 kmalloc(sizeof (struct nfsuid), M_NFSUID,
1102 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead);
1103 LIST_REMOVE(nuidp, nu_hash);
1104 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp,
1108 nuidp->nu_cr.cr_uid = cred->cr_uid;
1109 nuidp->nu_expire = time_second + NFS_KERBTTL;
1110 nuidp->nu_timestamp = ktvout;
1111 nuidp->nu_nickname = nick;
1112 bcopy(key, nuidp->nu_key, sizeof (key));
1113 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp,
1115 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid),
1119 ERROROUT(nfsm_adv(&info, nfsm_rndup(len)));