2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95
33 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/sysproto.h>
39 #include <sys/kernel.h>
40 #include <sys/sysctl.h>
42 #include <sys/filedesc.h>
43 #include <sys/vnode.h>
44 #include <sys/malloc.h>
45 #include <sys/mount.h>
50 #include <sys/resourcevar.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/domain.h>
54 #include <sys/protosw.h>
55 #include <sys/nlookup.h>
57 #include <sys/mutex2.h>
58 #include <sys/thread2.h>
60 #include <netinet/in.h>
61 #include <netinet/tcp.h>
66 #include "nfsm_subs.h"
67 #include "nfsrvcache.h"
72 static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure");
74 static int nuidhash_max = NFS_MAXUIDHASH;
77 static void nfsrv_zapsock (struct nfssvc_sock *slp);
83 SYSCTL_DECL(_vfs_nfs);
87 static struct nfsdrt nfsdrt;
88 static int nfs_numnfsd = 0;
89 static void nfsd_rt (int sotype, struct nfsrv_descript *nd,
91 static int nfssvc_addsock (struct file *, struct sockaddr *,
93 static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *);
95 static int nfs_privport = 0;
96 SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport,
97 0, "Enable privileged source port checks");
98 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0,
99 "Enable NFS request procrastination");
100 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0,
101 "Enable NFSv3 request procrastination");
102 int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO;
103 SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0,
104 "Minimum NFS socket buffer size reservation");
107 * NFS server system calls
110 #endif /* NFS_NOSERVER */
112 * nfssvc_args(int flag, caddr_t argp)
114 * Nfs server psuedo system call for the nfsd's
115 * Based on the flag value it either:
116 * - adds a socket to the selection list
117 * - remains in the kernel as an nfsd
118 * - remains in the kernel as an nfsiod
123 sys_nfssvc(struct nfssvc_args *uap)
126 struct nlookupdata nd;
128 struct sockaddr *nam;
129 struct nfsd_args nfsdarg;
130 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs;
131 struct nfsd_cargs ncd;
133 struct nfssvc_sock *slp;
134 struct nfsuid *nuidp;
135 struct nfsmount *nmp;
137 #endif /* NFS_NOSERVER */
139 struct thread *td = curthread;
144 error = priv_check(td, PRIV_ROOT);
148 lwkt_gettoken(&nfs_token);
150 while (nfssvc_sockhead_flag & SLP_INIT) {
151 nfssvc_sockhead_flag |= SLP_WANTINIT;
152 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0);
154 if (uap->flag & NFSSVC_BIOD)
155 error = ENXIO; /* no longer need nfsiod's */
159 #else /* !NFS_NOSERVER */
160 else if (uap->flag & NFSSVC_MNTD) {
161 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd));
165 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE,
168 error = nlookup(&nd);
170 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp);
175 if ((vp->v_flag & VROOT) == 0)
177 nmp = VFSTONFS(vp->v_mount);
181 if ((nmp->nm_state & NFSSTA_MNTD) &&
182 (uap->flag & NFSSVC_GOTAUTH) == 0) {
186 nmp->nm_state |= NFSSTA_MNTD;
187 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag,
189 } else if (uap->flag & NFSSVC_ADDSOCK) {
190 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg));
193 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp);
197 * Get the client address for connected sockets.
199 if (nfsdarg.name == NULL || nfsdarg.namelen == 0)
202 error = getsockaddr(&nam, nfsdarg.name,
209 error = nfssvc_addsock(fp, nam, td);
212 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd));
215 if ((uap->flag & NFSSVC_AUTHIN) &&
216 ((nfsd = nsd->nsd_nfsd)) != NULL &&
217 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) {
218 slp = nfsd->nfsd_slp;
221 * First check to see if another nfsd has already
222 * added this credential.
224 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first;
225 nuidp != 0; nuidp = nuidp->nu_hash.le_next) {
226 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid &&
227 (!nfsd->nfsd_nd->nd_nam2 ||
228 netaddr_match(NU_NETFAM(nuidp),
229 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2)))
233 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr);
234 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
239 if (slp->ns_numuids < nuidhash_max) {
241 nuidp = (struct nfsuid *)
242 kmalloc(sizeof (struct nfsuid), M_NFSUID,
246 if ((slp->ns_flag & SLP_VALID) == 0) {
248 kfree((caddr_t)nuidp, M_NFSUID);
251 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead);
252 LIST_REMOVE(nuidp, nu_hash);
253 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp,
255 if (nuidp->nu_flag & NU_NAM)
256 kfree(nuidp->nu_nam, M_SONAME);
259 nuidp->nu_cr = nsd->nsd_cr;
260 if (nuidp->nu_cr.cr_ngroups > NGROUPS)
261 nuidp->nu_cr.cr_ngroups = NGROUPS;
262 nuidp->nu_cr.cr_ref = 1;
263 nuidp->nu_timestamp = nsd->nsd_timestamp;
264 nuidp->nu_expire = time_uptime + nsd->nsd_ttl;
266 * and save the session key in nu_key.
268 bcopy(nsd->nsd_key, nuidp->nu_key,
269 sizeof (nsd->nsd_key));
270 if (nfsd->nfsd_nd->nd_nam2) {
271 struct sockaddr_in *saddr;
273 saddr = (struct sockaddr_in *)
274 nfsd->nfsd_nd->nd_nam2;
275 switch (saddr->sin_family) {
277 nuidp->nu_flag |= NU_INETADDR;
279 saddr->sin_addr.s_addr;
283 nuidp->nu_flag |= NU_NAM;
285 dup_sockaddr(nfsd->nfsd_nd->nd_nam2);
289 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp,
291 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid),
293 nfsrv_setcred(&nuidp->nu_cr,
294 &nfsd->nfsd_nd->nd_cr);
295 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL;
299 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd))
300 nfsd->nfsd_flag |= NFSD_AUTHFAIL;
301 error = nfssvc_nfsd(nsd, uap->argp, td);
303 #endif /* NFS_NOSERVER */
304 if (error == EINTR || error == ERESTART)
307 lwkt_reltoken(&nfs_token);
313 * Adds a socket to the list for servicing by nfsds.
316 nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td)
319 struct nfssvc_sock *slp;
323 so = (struct socket *)fp->f_data;
327 * Add it to the list, as required.
329 if (so->so_proto->pr_protocol == IPPROTO_UDP) {
331 if (tslp->ns_flag & SLP_VALID) {
333 kfree(mynam, M_SONAME);
339 * Reserve buffer space in the socket. Note that due to bugs in
340 * Linux's delayed-ack code, serious performance degredation may
341 * occur with linux hosts if the minimum is used.
343 * NFS sockets are not limited to the standard sb_max or by
346 if (so->so_type == SOCK_STREAM)
347 siz = NFS_MAXPACKET + sizeof (u_long);
350 if (siz < nfs_soreserve)
353 error = soreserve(so, siz, siz, NULL);
356 kfree(mynam, M_SONAME);
361 * Set protocol specific options { for now TCP only } and
362 * reserve some space. For datagram sockets, this can get called
363 * repeatedly for the same socket, but that isn't harmful.
365 if (so->so_type == SOCK_STREAM) {
369 bzero(&sopt, sizeof sopt);
370 sopt.sopt_level = SOL_SOCKET;
371 sopt.sopt_name = SO_KEEPALIVE;
372 sopt.sopt_val = &val;
373 sopt.sopt_valsize = sizeof val;
377 if (so->so_proto->pr_domain->dom_family == AF_INET &&
378 so->so_proto->pr_protocol == IPPROTO_TCP) {
382 bzero(&sopt, sizeof sopt);
383 sopt.sopt_level = IPPROTO_TCP;
384 sopt.sopt_name = TCP_NODELAY;
385 sopt.sopt_val = &val;
386 sopt.sopt_valsize = sizeof val;
390 bzero(&sopt, sizeof sopt);
391 sopt.sopt_level = IPPROTO_TCP;
392 sopt.sopt_name = TCP_FASTKEEP;
393 sopt.sopt_val = &val;
394 sopt.sopt_valsize = sizeof val;
398 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR);
399 so->so_rcv.ssb_timeo = 0;
400 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR);
401 so->so_snd.ssb_timeo = 0;
403 slp = kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
404 mtx_init(&slp->ns_solock);
405 STAILQ_INIT(&slp->ns_rec);
406 TAILQ_INIT(&slp->ns_uidlruhead);
407 lwkt_token_init(&slp->ns_token, "nfssrv_token");
409 lwkt_gettoken(&nfs_token);
411 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain);
412 lwkt_gettoken(&slp->ns_token);
419 so->so_upcallarg = (caddr_t)slp;
420 so->so_upcall = nfsrv_rcv_upcall;
421 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
422 slp->ns_flag = (SLP_VALID | SLP_NEEDQ);
423 nfsrv_wakenfsd(slp, 1);
425 lwkt_reltoken(&slp->ns_token);
426 lwkt_reltoken(&nfs_token);
432 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
433 * until it is killed by a signal.
436 nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td)
439 struct nfssvc_sock *slp;
440 struct nfsd *nfsd = nsd->nsd_nfsd;
441 struct nfsrv_descript *nd = NULL;
442 struct mbuf *m, *mreq;
443 int error, cacherep, sotype, writes_todo;
451 lwkt_gettoken(&nfs_token);
454 nsd->nsd_nfsd = nfsd = (struct nfsd *)
455 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO);
457 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain);
462 * Loop getting rpc requests until SIGKILL.
465 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) {
466 while (nfsd->nfsd_slp == NULL &&
467 (nfsd_head_flag & NFSD_CHECKSLP) == 0) {
468 nfsd->nfsd_flag |= NFSD_WAITING;
470 error = tsleep(nfsd, PCATCH, "nfsd", 0);
472 if (error && nfsd->nfsd_slp == NULL)
475 if (nfsd->nfsd_slp == NULL &&
476 (nfsd_head_flag & NFSD_CHECKSLP)) {
477 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) {
478 if ((slp->ns_flag & SLP_ACTION_MASK) ||
479 slp->ns_needq_upcall) {
481 nfsd->nfsd_slp = slp;
486 nfsd_head_flag &= ~NFSD_CHECKSLP;
488 if ((slp = nfsd->nfsd_slp) == NULL)
491 lwkt_reltoken(&nfs_token);
492 lwkt_gettoken(&slp->ns_token);
494 if (slp->ns_needq_upcall) {
495 slp->ns_needq_upcall = 0;
496 slp->ns_flag |= SLP_NEEDQ;
499 if (slp->ns_flag & SLP_VALID) {
501 * We can both process additional received
502 * data into new records and process existing
503 * records. This keeps the pipeline hot by
504 * allowing the tcp socket to continue to
505 * drain while we are processing records.
507 if (slp->ns_flag & SLP_DISCONN) {
509 } else if (slp->ns_flag & SLP_NEEDQ) {
510 (void)nfs_slplock(slp, 1);
511 nfsrv_rcv(slp->ns_so, (caddr_t)slp,
515 error = nfsrv_dorec(slp, nfsd, &nd);
516 cur_usec = nfs_curusec();
517 if (error && slp->ns_tq.lh_first &&
518 slp->ns_tq.lh_first->nd_time <= cur_usec) {
525 nfsd->nfsd_flag |= NFSD_REQINPROG;
527 slp->ns_flag &= ~SLP_ACTION_MASK;
532 slp = nfsd->nfsd_slp;
534 lwkt_reltoken(&nfs_token);
535 lwkt_gettoken(&slp->ns_token);
537 if (slp->ns_needq_upcall) {
538 slp->ns_needq_upcall = 0;
539 slp->ns_flag |= SLP_NEEDQ;
541 if (NFSRV_RECLIMIT(slp) == 0 &&
542 (slp->ns_flag & SLP_NEEDQ)) {
543 (void)nfs_slplock(slp, 1);
544 nfsrv_rcv(slp->ns_so, (caddr_t)slp,
551 * nfs_token not held here. slp token is held.
553 if (error || (slp->ns_flag & SLP_VALID) == 0) {
555 kfree((caddr_t)nd, M_NFSRVDESC);
558 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
559 if (slp->ns_flag & SLP_ACTION_MASK) {
560 lwkt_reltoken(&slp->ns_token);
561 lwkt_gettoken(&nfs_token);
563 nfsd->nfsd_slp = NULL;
564 lwkt_reltoken(&slp->ns_token);
565 lwkt_gettoken(&nfs_token);
572 * Execute the NFS request - handle the server side cache
574 * nfs_token not held here. slp token is held.
576 sotype = slp->ns_so->so_type;
578 getmicrotime(&nd->nd_starttime);
580 nd->nd_nam = nd->nd_nam2;
582 nd->nd_nam = slp->ns_nam;
585 * Check to see if authorization is needed.
587 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) {
588 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH;
590 ((struct sockaddr_in *)
591 nd->nd_nam)->sin_addr.s_addr;
592 nsd->nsd_authlen = nfsd->nfsd_authlen;
593 nsd->nsd_verflen = nfsd->nfsd_verflen;
594 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr,
595 nfsd->nfsd_authlen) &&
596 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr,
597 nfsd->nfsd_verflen) &&
598 !copyout((caddr_t)nsd, argp, sizeof (*nsd)))
600 lwkt_reltoken(&slp->ns_token);
603 cacherep = RC_DROPIT;
605 cacherep = nfsrv_getcache(nd, slp, &mreq);
608 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) {
609 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL;
610 nd->nd_procnum = NFSPROC_NOOP;
611 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
613 } else if (nfs_privport) {
614 /* Check if source port is privileged */
616 struct sockaddr *nam = nd->nd_nam;
617 struct sockaddr_in *sin;
619 sin = (struct sockaddr_in *)nam;
620 port = ntohs(sin->sin_port);
621 if (port >= IPPORT_RESERVED &&
622 nd->nd_procnum != NFSPROC_NULL) {
623 nd->nd_procnum = NFSPROC_NOOP;
624 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK);
626 kprintf("NFS request from unprivileged port (%s:%d)\n",
627 inet_ntoa(sin->sin_addr), port);
634 * Execute the NFS request - direct execution
636 * Loop to get all the write rpc replies that have been
639 * nfs_token not held here. slp token is held.
644 if (nd && (nd->nd_flag & ND_NFSV3))
645 procrastinate = nfsrvw_procrastinate_v3;
647 procrastinate = nfsrvw_procrastinate;
648 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE &&
651 error = nfsrv_writegather(&nd, slp,
652 nfsd->nfsd_td, &mreq);
654 /* NOT YET lwkt_reltoken(&slp->ns_token); */
655 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd,
656 slp, nfsd->nfsd_td, &mreq);
657 /* NOT YET lwkt_gettoken(&slp->ns_token); */
658 lwpkthreaddeferred(); /* vnlru issues */
662 if (error != 0 && error != NFSERR_RETVOID) {
663 if (nd->nd_procnum != NQNFSPROC_VACATED)
665 nfsrv_updatecache(nd, FALSE, mreq);
667 kfree(nd->nd_nam2, M_SONAME);
670 nfsstats.srvrpccnt[nd->nd_procnum]++;
671 nfsrv_updatecache(nd, TRUE, mreq);
681 if (siz <= 0 || siz > NFS_MAXPACKET) {
682 kprintf("mbuf siz=%d\n",siz);
683 panic("Bad nfs svc reply");
686 m->m_pkthdr.len = siz;
687 m->m_pkthdr.rcvif = NULL;
689 * For stream protocols, prepend a Sun RPC
692 if (sotype == SOCK_STREAM) {
693 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT);
698 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz);
700 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
701 (void) nfs_slplock(slp, 1);
702 if (slp->ns_flag & SLP_VALID)
703 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL);
710 nfsd_rt(sotype, nd, cacherep);
712 kfree(nd->nd_nam2, M_SONAME);
714 m_freem(nd->nd_mrep);
715 if (error == EPIPE || error == ENOBUFS)
717 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
719 if (error == EINTR || error == ERESTART) {
720 kfree((caddr_t)nd, M_NFSRVDESC);
721 lwkt_reltoken(&slp->ns_token);
722 lwkt_gettoken(&nfs_token);
723 nfsd->nfsd_slp = NULL;
730 nfsd_rt(sotype, nd, cacherep);
731 m_freem(nd->nd_mrep);
733 kfree(nd->nd_nam2, M_SONAME);
737 kfree((caddr_t)nd, M_NFSRVDESC);
742 * Check to see if there are outstanding writes that
743 * need to be serviced.
745 cur_usec = nfs_curusec();
746 if (slp->ns_tq.lh_first &&
747 slp->ns_tq.lh_first->nd_time <= cur_usec) {
753 } while (writes_todo);
756 * nfs_token not held here. slp token is held.
758 if (nfsrv_dorec(slp, nfsd, &nd)) {
759 nfsd->nfsd_flag &= ~NFSD_REQINPROG;
760 if (slp->ns_flag & SLP_ACTION_MASK) {
761 lwkt_reltoken(&slp->ns_token);
762 lwkt_gettoken(&nfs_token);
764 nfsd->nfsd_slp = NULL;
765 lwkt_reltoken(&slp->ns_token);
766 lwkt_gettoken(&nfs_token);
770 lwkt_reltoken(&slp->ns_token);
771 lwkt_gettoken(&nfs_token);
775 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain);
776 kfree((caddr_t)nfsd, M_NFSD);
777 nsd->nsd_nfsd = NULL;
778 if (--nfs_numnfsd == 0)
779 nfsrv_init(TRUE); /* Reinitialize everything */
781 lwkt_reltoken(&nfs_token);
786 * Shut down a socket associated with an nfssvc_sock structure.
787 * Should be called with the send lock set, if required.
788 * The trick here is to increment the sref at the start, so that the nfsds
789 * will stop using it and clear ns_flag at the end so that it will not be
790 * reassigned during cleanup.
793 nfsrv_zapsock(struct nfssvc_sock *slp)
795 struct nfsuid *nuidp, *nnuidp;
796 struct nfsrv_descript *nwp, *nnwp;
799 struct nfsrv_rec *rec;
801 slp->ns_flag &= ~SLP_ALLFLAGS;
806 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL);
807 so->so_upcall = NULL;
808 so->so_upcallarg = NULL;
809 soshutdown(so, SHUT_RDWR);
812 kfree(slp->ns_nam, M_SONAME);
813 m_freem(slp->ns_raw);
814 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) {
816 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link);
818 kfree(rec->nr_address, M_SONAME);
819 m_freem(rec->nr_packet);
820 kfree(rec, M_NFSRVDESC);
822 KKASSERT(slp->ns_numrec == 0);
824 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru,
826 LIST_REMOVE(nuidp, nu_hash);
827 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru);
828 if (nuidp->nu_flag & NU_NAM)
829 kfree(nuidp->nu_nam, M_SONAME);
830 kfree((caddr_t)nuidp, M_NFSUID);
833 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) {
834 nnwp = nwp->nd_tq.le_next;
835 LIST_REMOVE(nwp, nd_tq);
836 kfree((caddr_t)nwp, M_NFSRVDESC);
838 LIST_INIT(&slp->ns_tq);
845 * Derefence a server socket structure. If it has no more references and
846 * is no longer valid, you can throw it away.
848 * Must be holding nfs_token!
851 nfsrv_slpderef(struct nfssvc_sock *slp)
853 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
854 if (slp->ns_sref == 1) {
855 KKASSERT((slp->ns_flag & SLP_VALID) == 0);
856 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
858 kfree((caddr_t)slp, M_NFSSVC);
865 nfsrv_slpref(struct nfssvc_sock *slp)
867 ASSERT_LWKT_TOKEN_HELD(&nfs_token);
872 * Lock a socket against others.
874 * Returns 0 on failure, 1 on success.
877 nfs_slplock(struct nfssvc_sock *slp, int wait)
879 mtx_t mtx = &slp->ns_solock;
882 mtx_lock_ex(mtx, "nfsslplck", 0, 0);
884 } else if (mtx_lock_ex_try(mtx) == 0) {
892 * Unlock the stream socket for others.
895 nfs_slpunlock(struct nfssvc_sock *slp)
897 mtx_t mtx = &slp->ns_solock;
903 * Initialize the data structures for the server.
904 * Handshake with any new nfsds starting up to avoid any chance of
908 nfsrv_init(int terminating)
910 struct nfssvc_sock *slp, *nslp;
912 lwkt_gettoken(&nfs_token);
913 if (nfssvc_sockhead_flag & SLP_INIT)
915 nfssvc_sockhead_flag |= SLP_INIT;
918 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) {
919 if (slp->ns_flag & SLP_VALID)
922 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain);
923 kfree((caddr_t)slp, M_NFSSVC);
926 nfsrv_cleancache(); /* And clear out server cache */
928 nfs_pub.np_valid = 0;
931 TAILQ_INIT(&nfssvc_sockhead);
932 nfssvc_sockhead_flag &= ~SLP_INIT;
933 if (nfssvc_sockhead_flag & SLP_WANTINIT) {
934 nfssvc_sockhead_flag &= ~SLP_WANTINIT;
935 wakeup((caddr_t)&nfssvc_sockhead);
938 TAILQ_INIT(&nfsd_head);
939 nfsd_head_flag &= ~NFSD_CHECKSLP;
941 lwkt_reltoken(&nfs_token);
944 nfs_udpsock = (struct nfssvc_sock *)
945 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
946 mtx_init(&nfs_udpsock->ns_solock);
947 STAILQ_INIT(&nfs_udpsock->ns_rec);
948 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead);
949 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain);
951 nfs_cltpsock = (struct nfssvc_sock *)
952 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO);
953 mtx_init(&nfs_cltpsock->ns_solock);
954 STAILQ_INIT(&nfs_cltpsock->ns_rec);
955 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead);
956 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain);
961 * Add entries to the server monitor log.
964 nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep)
968 rt = &nfsdrt.drt[nfsdrt.pos];
969 if (cacherep == RC_DOIT)
971 else if (cacherep == RC_REPLY)
972 rt->flag = DRT_CACHEREPLY;
974 rt->flag = DRT_CACHEDROP;
975 if (sotype == SOCK_STREAM)
977 if (nd->nd_flag & ND_NFSV3)
978 rt->flag |= DRT_NFSV3;
979 rt->proc = nd->nd_procnum;
980 if (nd->nd_nam->sa_family == AF_INET)
981 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr;
983 rt->ipadr = INADDR_ANY;
984 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec);
985 getmicrotime(&rt->tstamp);
986 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ;
988 #endif /* NFS_NOSERVER */
991 * Get an authorization string for the uid by having the mount_nfs sitting
992 * on this mount point porpous out of the kernel and do it.
995 nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep,
996 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str,
997 int *verf_len, NFSKERBKEY_T key /* return session key */)
1001 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) {
1002 nmp->nm_state |= NFSSTA_WANTAUTH;
1003 (void) tsleep((caddr_t)&nmp->nm_authtype, 0,
1004 "nfsauth1", 2 * hz);
1005 error = nfs_sigintr(nmp, rep, rep->r_td);
1007 nmp->nm_state &= ~NFSSTA_WANTAUTH;
1011 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH);
1012 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK);
1013 nmp->nm_authlen = RPCAUTH_MAXSIZ;
1014 nmp->nm_verfstr = verf_str;
1015 nmp->nm_verflen = *verf_len;
1016 nmp->nm_authuid = cred->cr_uid;
1017 wakeup((caddr_t)&nmp->nm_authstr);
1020 * And wait for mount_nfs to do its stuff.
1022 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) {
1023 (void) tsleep((caddr_t)&nmp->nm_authlen, 0,
1024 "nfsauth2", 2 * hz);
1025 error = nfs_sigintr(nmp, rep, rep->r_td);
1027 if (nmp->nm_state & NFSSTA_AUTHERR) {
1028 nmp->nm_state &= ~NFSSTA_AUTHERR;
1032 kfree((caddr_t)*auth_str, M_TEMP);
1034 *auth_len = nmp->nm_authlen;
1035 *verf_len = nmp->nm_verflen;
1036 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (NFSKERBKEY_T));
1038 nmp->nm_state &= ~NFSSTA_HASAUTH;
1039 nmp->nm_state |= NFSSTA_WAITAUTH;
1040 if (nmp->nm_state & NFSSTA_WANTAUTH) {
1041 nmp->nm_state &= ~NFSSTA_WANTAUTH;
1042 wakeup((caddr_t)&nmp->nm_authtype);
1048 * Get a nickname authenticator and verifier.
1051 nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str,
1052 int *auth_len, char *verf_str, int verf_len)
1054 struct nfsuid *nuidp;
1055 u_int32_t *nickp, *verfp;
1056 struct timeval ktvout;
1059 if (verf_len < (4 * NFSX_UNSIGNED))
1060 panic("nfs_getnickauth verf too small");
1062 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first;
1063 nuidp != NULL; nuidp = nuidp->nu_hash.le_next) {
1064 if (nuidp->nu_cr.cr_uid == cred->cr_uid)
1067 if (!nuidp || nuidp->nu_expire < time_uptime)
1071 * Move to the end of the lru list (end of lru == most recently used).
1073 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru);
1074 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru);
1076 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK);
1077 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME);
1078 *nickp = txdr_unsigned(nuidp->nu_nickname);
1079 *auth_str = (char *)nickp;
1080 *auth_len = 2 * NFSX_UNSIGNED;
1083 * Now we must encrypt the verifier and package it up.
1085 verfp = (u_int32_t *)verf_str;
1086 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME);
1087 if (time_second != nuidp->nu_timestamp.tv_sec ||
1088 (time_second == nuidp->nu_timestamp.tv_sec &&
1089 time_second > nuidp->nu_timestamp.tv_usec)) /* XXX */
1090 getmicrotime(&nuidp->nu_timestamp);
1092 nuidp->nu_timestamp.tv_usec++;
1095 * Now encrypt the timestamp verifier in ecb mode using the session
1105 *verfp++ = ktvout.tv_sec;
1106 *verfp++ = ktvout.tv_usec;
1112 * Save the current nickname in a hash list entry on the mount point.
1115 nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len,
1116 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp,
1119 struct nfsuid *nuidp;
1121 struct timeval ktvin, ktvout;
1123 int deltasec, error = 0;
1124 struct nfsm_info info;
1130 if (len == (3 * NFSX_UNSIGNED)) {
1131 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED));
1132 ktvin.tv_sec = *tl++;
1133 ktvin.tv_usec = *tl++;
1134 nick = fxdr_unsigned(u_int32_t, *tl);
1137 * Decrypt the timestamp in ecb mode.
1145 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec);
1146 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec);
1147 deltasec = time_second - ktvout.tv_sec;
1149 deltasec = -deltasec;
1151 * If ok, add it to the hash list for the mount point.
1153 if (deltasec <= NFS_KERBCLOCKSKEW) {
1154 if (nmp->nm_numuids < nuidhash_max) {
1156 nuidp = (struct nfsuid *)
1157 kmalloc(sizeof (struct nfsuid), M_NFSUID,
1160 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead);
1161 LIST_REMOVE(nuidp, nu_hash);
1162 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp,
1166 nuidp->nu_cr.cr_uid = cred->cr_uid;
1167 nuidp->nu_expire = time_uptime + NFS_KERBTTL;
1168 nuidp->nu_timestamp = ktvout;
1169 nuidp->nu_nickname = nick;
1170 bcopy(key, nuidp->nu_key, sizeof (NFSKERBKEY_T));
1171 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp,
1173 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid),
1177 ERROROUT(nfsm_adv(&info, nfsm_rndup(len)));