1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Rick Macklem at The University of Guelph. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 4. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95 33 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $ 34 */ 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/sysproto.h> 39 #include <sys/kernel.h> 40 #include <sys/sysctl.h> 41 #include <sys/file.h> 42 #include <sys/filedesc.h> 43 #include <sys/vnode.h> 44 #include <sys/malloc.h> 45 #include <sys/mount.h> 46 #include <sys/proc.h> 47 #include <sys/priv.h> 48 #include <sys/buf.h> 49 #include <sys/mbuf.h> 50 #include <sys/resourcevar.h> 51 #include <sys/socket.h> 52 #include <sys/socketvar.h> 53 #include <sys/domain.h> 54 #include <sys/protosw.h> 55 #include <sys/nlookup.h> 56 57 #include <sys/mutex2.h> 58 #include <sys/thread2.h> 59 60 #include <netinet/in.h> 61 #include <netinet/tcp.h> 62 #include "xdr_subs.h" 63 #include "rpcv2.h" 64 #include "nfsproto.h" 65 #include "nfs.h" 66 #include "nfsm_subs.h" 67 #include "nfsrvcache.h" 68 #include "nfsmount.h" 69 #include "nfsnode.h" 70 #include "nfsrtt.h" 71 72 #include <sys/thread2.h> 73 74 static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure"); 75 76 static int nuidhash_max = NFS_MAXUIDHASH; 77 78 #ifndef NFS_NOSERVER 79 static void nfsrv_zapsock (struct nfssvc_sock *slp); 80 #endif 81 82 #define TRUE 1 83 #define FALSE 0 84 85 SYSCTL_DECL(_vfs_nfs); 86 87 #ifndef NFS_NOSERVER 88 int nfsd_waiting = 0; 89 static struct nfsdrt nfsdrt; 90 static int nfs_numnfsd = 0; 91 static void nfsd_rt (int sotype, struct nfsrv_descript *nd, 92 int cacherep); 93 static int nfssvc_addsock (struct file *, struct sockaddr *, 94 struct thread *); 95 static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *); 96 97 static int nfs_privport = 0; 98 SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport, 99 0, "Enable privileged source port checks"); 100 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0, 101 "Enable NFS request procrastination"); 102 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0, 103 "Enable NFSv3 request procrastination"); 104 int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO; 105 SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0, 106 "Minimum NFS socket buffer size reservation"); 107 108 /* 109 * NFS server system calls 110 */ 111 112 #endif /* NFS_NOSERVER */ 113 /* 114 * nfssvc_args(int flag, caddr_t argp) 115 * 116 * Nfs server psuedo system call for the nfsd's 117 * Based on the flag value it either: 118 * - adds a socket to the selection list 119 * - remains in the kernel as an nfsd 120 * - remains in the kernel as an nfsiod 121 * 122 * MPALMOSTSAFE 123 */ 124 int 125 sys_nfssvc(struct nfssvc_args *uap) 126 { 127 #ifndef NFS_NOSERVER 128 struct nlookupdata nd; 129 struct file *fp; 130 struct sockaddr *nam; 131 struct nfsd_args nfsdarg; 132 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs; 133 struct nfsd_cargs ncd; 134 struct nfsd *nfsd; 135 struct nfssvc_sock *slp; 136 struct nfsuid *nuidp; 137 struct nfsmount *nmp; 138 struct vnode *vp; 139 #endif /* NFS_NOSERVER */ 140 int error; 141 struct thread *td = curthread; 142 143 /* 144 * Must be super user 145 */ 146 error = priv_check(td, PRIV_ROOT); 147 if (error) 148 return (error); 149 150 lwkt_gettoken(&nfs_token); 151 152 while (nfssvc_sockhead_flag & SLP_INIT) { 153 nfssvc_sockhead_flag |= SLP_WANTINIT; 154 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0); 155 } 156 if (uap->flag & NFSSVC_BIOD) 157 error = ENXIO; /* no longer need nfsiod's */ 158 #ifdef NFS_NOSERVER 159 else 160 error = ENXIO; 161 #else /* !NFS_NOSERVER */ 162 else if (uap->flag & NFSSVC_MNTD) { 163 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd)); 164 if (error) 165 goto done; 166 vp = NULL; 167 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE, 168 NLC_FOLLOW); 169 if (error == 0) 170 error = nlookup(&nd); 171 if (error == 0) 172 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp); 173 nlookup_done(&nd); 174 if (error) 175 goto done; 176 177 if ((vp->v_flag & VROOT) == 0) 178 error = EINVAL; 179 nmp = VFSTONFS(vp->v_mount); 180 vput(vp); 181 if (error) 182 goto done; 183 if ((nmp->nm_state & NFSSTA_MNTD) && 184 (uap->flag & NFSSVC_GOTAUTH) == 0) { 185 error = 0; 186 goto done; 187 } 188 nmp->nm_state |= NFSSTA_MNTD; 189 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag, 190 uap->argp, td); 191 } else if (uap->flag & NFSSVC_ADDSOCK) { 192 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg)); 193 if (error) 194 goto done; 195 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp); 196 if (error) 197 goto done; 198 /* 199 * Get the client address for connected sockets. 200 */ 201 if (nfsdarg.name == NULL || nfsdarg.namelen == 0) 202 nam = NULL; 203 else { 204 error = getsockaddr(&nam, nfsdarg.name, 205 nfsdarg.namelen); 206 if (error) { 207 fdrop(fp); 208 goto done; 209 } 210 } 211 error = nfssvc_addsock(fp, nam, td); 212 fdrop(fp); 213 } else { 214 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd)); 215 if (error) 216 goto done; 217 if ((uap->flag & NFSSVC_AUTHIN) && 218 ((nfsd = nsd->nsd_nfsd)) != NULL && 219 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) { 220 slp = nfsd->nfsd_slp; 221 222 /* 223 * First check to see if another nfsd has already 224 * added this credential. 225 */ 226 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first; 227 nuidp != 0; nuidp = nuidp->nu_hash.le_next) { 228 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid && 229 (!nfsd->nfsd_nd->nd_nam2 || 230 netaddr_match(NU_NETFAM(nuidp), 231 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2))) 232 break; 233 } 234 if (nuidp) { 235 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr); 236 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 237 } else { 238 /* 239 * Nope, so we will. 240 */ 241 if (slp->ns_numuids < nuidhash_max) { 242 slp->ns_numuids++; 243 nuidp = (struct nfsuid *) 244 kmalloc(sizeof (struct nfsuid), M_NFSUID, 245 M_WAITOK); 246 } else 247 nuidp = NULL; 248 if ((slp->ns_flag & SLP_VALID) == 0) { 249 if (nuidp) 250 kfree((caddr_t)nuidp, M_NFSUID); 251 } else { 252 if (nuidp == NULL) { 253 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead); 254 LIST_REMOVE(nuidp, nu_hash); 255 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, 256 nu_lru); 257 if (nuidp->nu_flag & NU_NAM) 258 kfree(nuidp->nu_nam, M_SONAME); 259 } 260 nuidp->nu_flag = 0; 261 nuidp->nu_cr = nsd->nsd_cr; 262 if (nuidp->nu_cr.cr_ngroups > NGROUPS) 263 nuidp->nu_cr.cr_ngroups = NGROUPS; 264 nuidp->nu_cr.cr_ref = 1; 265 nuidp->nu_timestamp = nsd->nsd_timestamp; 266 nuidp->nu_expire = time_second + nsd->nsd_ttl; 267 /* 268 * and save the session key in nu_key. 269 */ 270 bcopy(nsd->nsd_key, nuidp->nu_key, 271 sizeof (nsd->nsd_key)); 272 if (nfsd->nfsd_nd->nd_nam2) { 273 struct sockaddr_in *saddr; 274 275 saddr = (struct sockaddr_in *) 276 nfsd->nfsd_nd->nd_nam2; 277 switch (saddr->sin_family) { 278 case AF_INET: 279 nuidp->nu_flag |= NU_INETADDR; 280 nuidp->nu_inetaddr = 281 saddr->sin_addr.s_addr; 282 break; 283 case AF_ISO: 284 default: 285 nuidp->nu_flag |= NU_NAM; 286 nuidp->nu_nam = 287 dup_sockaddr(nfsd->nfsd_nd->nd_nam2); 288 break; 289 }; 290 } 291 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp, 292 nu_lru); 293 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid), 294 nuidp, nu_hash); 295 nfsrv_setcred(&nuidp->nu_cr, 296 &nfsd->nfsd_nd->nd_cr); 297 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 298 } 299 } 300 } 301 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd)) 302 nfsd->nfsd_flag |= NFSD_AUTHFAIL; 303 error = nfssvc_nfsd(nsd, uap->argp, td); 304 } 305 #endif /* NFS_NOSERVER */ 306 if (error == EINTR || error == ERESTART) 307 error = 0; 308 done: 309 lwkt_reltoken(&nfs_token); 310 return (error); 311 } 312 313 #ifndef NFS_NOSERVER 314 /* 315 * Adds a socket to the list for servicing by nfsds. 316 */ 317 static int 318 nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td) 319 { 320 int siz; 321 struct nfssvc_sock *slp; 322 struct socket *so; 323 int error; 324 325 so = (struct socket *)fp->f_data; 326 #if 0 327 tslp = NULL; 328 /* 329 * Add it to the list, as required. 330 */ 331 if (so->so_proto->pr_protocol == IPPROTO_UDP) { 332 tslp = nfs_udpsock; 333 if (tslp->ns_flag & SLP_VALID) { 334 if (mynam != NULL) 335 kfree(mynam, M_SONAME); 336 return (EPERM); 337 } 338 } 339 #endif 340 /* 341 * Reserve buffer space in the socket. Note that due to bugs in 342 * Linux's delayed-ack code, serious performance degredation may 343 * occur with linux hosts if the minimum is used. 344 * 345 * NFS sockets are not limited to the standard sb_max or by 346 * resource limits. 347 */ 348 if (so->so_type == SOCK_STREAM) 349 siz = NFS_MAXPACKET + sizeof (u_long); 350 else 351 siz = NFS_MAXPACKET; 352 if (siz < nfs_soreserve) 353 siz = nfs_soreserve; 354 355 error = soreserve(so, siz, siz, NULL); 356 if (error) { 357 if (mynam != NULL) 358 kfree(mynam, M_SONAME); 359 return (error); 360 } 361 362 /* 363 * Set protocol specific options { for now TCP only } and 364 * reserve some space. For datagram sockets, this can get called 365 * repeatedly for the same socket, but that isn't harmful. 366 */ 367 if (so->so_type == SOCK_STREAM) { 368 struct sockopt sopt; 369 int val; 370 371 bzero(&sopt, sizeof sopt); 372 sopt.sopt_level = SOL_SOCKET; 373 sopt.sopt_name = SO_KEEPALIVE; 374 sopt.sopt_val = &val; 375 sopt.sopt_valsize = sizeof val; 376 val = 1; 377 sosetopt(so, &sopt); 378 } 379 if (so->so_proto->pr_domain->dom_family == AF_INET && 380 so->so_proto->pr_protocol == IPPROTO_TCP) { 381 struct sockopt sopt; 382 int val; 383 384 bzero(&sopt, sizeof sopt); 385 sopt.sopt_level = IPPROTO_TCP; 386 sopt.sopt_name = TCP_NODELAY; 387 sopt.sopt_val = &val; 388 sopt.sopt_valsize = sizeof val; 389 val = 1; 390 sosetopt(so, &sopt); 391 392 bzero(&sopt, sizeof sopt); 393 sopt.sopt_level = IPPROTO_TCP; 394 sopt.sopt_name = TCP_FASTKEEP; 395 sopt.sopt_val = &val; 396 sopt.sopt_valsize = sizeof val; 397 val = 1; 398 sosetopt(so, &sopt); 399 } 400 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR); 401 so->so_rcv.ssb_timeo = 0; 402 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR); 403 so->so_snd.ssb_timeo = 0; 404 405 slp = kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 406 mtx_init(&slp->ns_solock); 407 STAILQ_INIT(&slp->ns_rec); 408 TAILQ_INIT(&slp->ns_uidlruhead); 409 lwkt_token_init(&slp->ns_token, "nfssrv_token"); 410 411 lwkt_gettoken(&nfs_token); 412 nfsrv_slpref(slp); 413 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain); 414 lwkt_gettoken(&slp->ns_token); 415 416 slp->ns_so = so; 417 slp->ns_nam = mynam; 418 fp->f_count++; 419 slp->ns_fp = fp; 420 421 so->so_upcallarg = (caddr_t)slp; 422 so->so_upcall = nfsrv_rcv_upcall; 423 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 424 slp->ns_flag = (SLP_VALID | SLP_NEEDQ); 425 nfsrv_wakenfsd(slp, 1); 426 427 lwkt_reltoken(&slp->ns_token); 428 lwkt_reltoken(&nfs_token); 429 430 return (0); 431 } 432 433 /* 434 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests 435 * until it is killed by a signal. 436 */ 437 static int 438 nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td) 439 { 440 int siz; 441 struct nfssvc_sock *slp; 442 struct nfsd *nfsd = nsd->nsd_nfsd; 443 struct nfsrv_descript *nd = NULL; 444 struct mbuf *m, *mreq; 445 int error, cacherep, sotype, writes_todo; 446 int procrastinate; 447 u_quad_t cur_usec; 448 449 #ifndef nolint 450 cacherep = RC_DOIT; 451 writes_todo = 0; 452 #endif 453 lwkt_gettoken(&nfs_token); 454 455 if (nfsd == NULL) { 456 nsd->nsd_nfsd = nfsd = (struct nfsd *) 457 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO); 458 nfsd->nfsd_td = td; 459 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain); 460 nfs_numnfsd++; 461 } 462 463 /* 464 * Loop getting rpc requests until SIGKILL. 465 */ 466 for (;;) { 467 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) { 468 while (nfsd->nfsd_slp == NULL && 469 (nfsd_head_flag & NFSD_CHECKSLP) == 0) { 470 nfsd->nfsd_flag |= NFSD_WAITING; 471 nfsd_waiting++; 472 error = tsleep(nfsd, PCATCH, "nfsd", 0); 473 nfsd_waiting--; 474 if (error && nfsd->nfsd_slp == NULL) 475 goto done; 476 } 477 if (nfsd->nfsd_slp == NULL && 478 (nfsd_head_flag & NFSD_CHECKSLP)) { 479 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) { 480 if ((slp->ns_flag & SLP_ACTION_MASK) || 481 slp->ns_needq_upcall) { 482 nfsrv_slpref(slp); 483 nfsd->nfsd_slp = slp; 484 break; 485 } 486 } 487 if (slp == NULL) 488 nfsd_head_flag &= ~NFSD_CHECKSLP; 489 } 490 if ((slp = nfsd->nfsd_slp) == NULL) 491 continue; 492 493 lwkt_reltoken(&nfs_token); 494 lwkt_gettoken(&slp->ns_token); 495 496 if (slp->ns_needq_upcall) { 497 slp->ns_needq_upcall = 0; 498 slp->ns_flag |= SLP_NEEDQ; 499 } 500 501 if (slp->ns_flag & SLP_VALID) { 502 /* 503 * We can both process additional received 504 * data into new records and process existing 505 * records. This keeps the pipeline hot by 506 * allowing the tcp socket to continue to 507 * drain while we are processing records. 508 */ 509 if (slp->ns_flag & SLP_DISCONN) { 510 nfsrv_zapsock(slp); 511 } else if (slp->ns_flag & SLP_NEEDQ) { 512 (void)nfs_slplock(slp, 1); 513 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 514 MB_WAIT); 515 nfs_slpunlock(slp); 516 } 517 error = nfsrv_dorec(slp, nfsd, &nd); 518 cur_usec = nfs_curusec(); 519 if (error && slp->ns_tq.lh_first && 520 slp->ns_tq.lh_first->nd_time <= cur_usec) { 521 error = 0; 522 cacherep = RC_DOIT; 523 writes_todo = 1; 524 } else { 525 writes_todo = 0; 526 } 527 nfsd->nfsd_flag |= NFSD_REQINPROG; 528 } else { 529 slp->ns_flag &= ~SLP_ACTION_MASK; 530 error = 0; 531 } 532 } else { 533 error = 0; 534 slp = nfsd->nfsd_slp; 535 536 lwkt_reltoken(&nfs_token); 537 lwkt_gettoken(&slp->ns_token); 538 539 if (slp->ns_needq_upcall) { 540 slp->ns_needq_upcall = 0; 541 slp->ns_flag |= SLP_NEEDQ; 542 } 543 if (NFSRV_RECLIMIT(slp) == 0 && 544 (slp->ns_flag & SLP_NEEDQ)) { 545 (void)nfs_slplock(slp, 1); 546 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 547 MB_WAIT); 548 nfs_slpunlock(slp); 549 } 550 } 551 552 /* 553 * nfs_token not held here. slp token is held. 554 */ 555 if (error || (slp->ns_flag & SLP_VALID) == 0) { 556 if (nd) { 557 kfree((caddr_t)nd, M_NFSRVDESC); 558 nd = NULL; 559 } 560 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 561 if (slp->ns_flag & SLP_ACTION_MASK) { 562 lwkt_reltoken(&slp->ns_token); 563 lwkt_gettoken(&nfs_token); 564 } else { 565 nfsd->nfsd_slp = NULL; 566 lwkt_reltoken(&slp->ns_token); 567 lwkt_gettoken(&nfs_token); 568 nfsrv_slpderef(slp); 569 } 570 continue; 571 } 572 573 /* 574 * Execute the NFS request - handle the server side cache 575 * 576 * nfs_token not held here. slp token is held. 577 */ 578 sotype = slp->ns_so->so_type; 579 if (nd) { 580 getmicrotime(&nd->nd_starttime); 581 if (nd->nd_nam2) 582 nd->nd_nam = nd->nd_nam2; 583 else 584 nd->nd_nam = slp->ns_nam; 585 586 /* 587 * Check to see if authorization is needed. 588 */ 589 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) { 590 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH; 591 nsd->nsd_haddr = 592 ((struct sockaddr_in *) 593 nd->nd_nam)->sin_addr.s_addr; 594 nsd->nsd_authlen = nfsd->nfsd_authlen; 595 nsd->nsd_verflen = nfsd->nfsd_verflen; 596 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr, 597 nfsd->nfsd_authlen) && 598 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr, 599 nfsd->nfsd_verflen) && 600 !copyout((caddr_t)nsd, argp, sizeof (*nsd))) 601 { 602 lwkt_reltoken(&slp->ns_token); 603 return (ENEEDAUTH); 604 } 605 cacherep = RC_DROPIT; 606 } else { 607 cacherep = nfsrv_getcache(nd, slp, &mreq); 608 } 609 610 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) { 611 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL; 612 nd->nd_procnum = NFSPROC_NOOP; 613 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 614 cacherep = RC_DOIT; 615 } else if (nfs_privport) { 616 /* Check if source port is privileged */ 617 u_short port; 618 struct sockaddr *nam = nd->nd_nam; 619 struct sockaddr_in *sin; 620 621 sin = (struct sockaddr_in *)nam; 622 port = ntohs(sin->sin_port); 623 if (port >= IPPORT_RESERVED && 624 nd->nd_procnum != NFSPROC_NULL) { 625 nd->nd_procnum = NFSPROC_NOOP; 626 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 627 cacherep = RC_DOIT; 628 kprintf("NFS request from unprivileged port (%s:%d)\n", 629 inet_ntoa(sin->sin_addr), port); 630 } 631 } 632 633 } 634 635 /* 636 * Execute the NFS request - direct execution 637 * 638 * Loop to get all the write rpc replies that have been 639 * gathered together. 640 * 641 * nfs_token not held here. slp token is held. 642 */ 643 do { 644 switch (cacherep) { 645 case RC_DOIT: 646 if (nd && (nd->nd_flag & ND_NFSV3)) 647 procrastinate = nfsrvw_procrastinate_v3; 648 else 649 procrastinate = nfsrvw_procrastinate; 650 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE && 651 procrastinate > 0) 652 ) { 653 error = nfsrv_writegather(&nd, slp, 654 nfsd->nfsd_td, &mreq); 655 } else { 656 /* NOT YET lwkt_reltoken(&slp->ns_token); */ 657 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd, 658 slp, nfsd->nfsd_td, &mreq); 659 /* NOT YET lwkt_gettoken(&slp->ns_token); */ 660 lwpkthreaddeferred(); /* vnlru issues */ 661 } 662 if (mreq == NULL) 663 break; 664 if (error != 0 && error != NFSERR_RETVOID) { 665 if (nd->nd_procnum != NQNFSPROC_VACATED) 666 nfsstats.srv_errs++; 667 nfsrv_updatecache(nd, FALSE, mreq); 668 if (nd->nd_nam2) 669 kfree(nd->nd_nam2, M_SONAME); 670 break; 671 } 672 nfsstats.srvrpccnt[nd->nd_procnum]++; 673 nfsrv_updatecache(nd, TRUE, mreq); 674 nd->nd_mrep = NULL; 675 /* FALL THROUGH */ 676 case RC_REPLY: 677 m = mreq; 678 siz = 0; 679 while (m) { 680 siz += m->m_len; 681 m = m->m_next; 682 } 683 if (siz <= 0 || siz > NFS_MAXPACKET) { 684 kprintf("mbuf siz=%d\n",siz); 685 panic("Bad nfs svc reply"); 686 } 687 m = mreq; 688 m->m_pkthdr.len = siz; 689 m->m_pkthdr.rcvif = NULL; 690 /* 691 * For stream protocols, prepend a Sun RPC 692 * Record Mark. 693 */ 694 if (sotype == SOCK_STREAM) { 695 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT); 696 if (m == NULL) { 697 error = ENOBUFS; 698 goto skip; 699 } 700 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz); 701 } 702 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 703 (void) nfs_slplock(slp, 1); 704 if (slp->ns_flag & SLP_VALID) 705 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL); 706 else { 707 error = EPIPE; 708 m_freem(m); 709 } 710 skip: 711 if (nfsrtton) 712 nfsd_rt(sotype, nd, cacherep); 713 if (nd->nd_nam2) 714 kfree(nd->nd_nam2, M_SONAME); 715 if (nd->nd_mrep) 716 m_freem(nd->nd_mrep); 717 if (error == EPIPE || error == ENOBUFS) 718 nfsrv_zapsock(slp); 719 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 720 nfs_slpunlock(slp); 721 if (error == EINTR || error == ERESTART) { 722 kfree((caddr_t)nd, M_NFSRVDESC); 723 lwkt_reltoken(&slp->ns_token); 724 lwkt_gettoken(&nfs_token); 725 nfsd->nfsd_slp = NULL; 726 nfsrv_slpderef(slp); 727 goto done; 728 } 729 break; 730 case RC_DROPIT: 731 if (nfsrtton) 732 nfsd_rt(sotype, nd, cacherep); 733 m_freem(nd->nd_mrep); 734 if (nd->nd_nam2) 735 kfree(nd->nd_nam2, M_SONAME); 736 break; 737 }; 738 if (nd) { 739 kfree((caddr_t)nd, M_NFSRVDESC); 740 nd = NULL; 741 } 742 743 /* 744 * Check to see if there are outstanding writes that 745 * need to be serviced. 746 */ 747 cur_usec = nfs_curusec(); 748 if (slp->ns_tq.lh_first && 749 slp->ns_tq.lh_first->nd_time <= cur_usec) { 750 cacherep = RC_DOIT; 751 writes_todo = 1; 752 } else { 753 writes_todo = 0; 754 } 755 } while (writes_todo); 756 757 /* 758 * nfs_token not held here. slp token is held. 759 */ 760 if (nfsrv_dorec(slp, nfsd, &nd)) { 761 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 762 if (slp->ns_flag & SLP_ACTION_MASK) { 763 lwkt_reltoken(&slp->ns_token); 764 lwkt_gettoken(&nfs_token); 765 } else { 766 nfsd->nfsd_slp = NULL; 767 lwkt_reltoken(&slp->ns_token); 768 lwkt_gettoken(&nfs_token); 769 nfsrv_slpderef(slp); 770 } 771 } else { 772 lwkt_reltoken(&slp->ns_token); 773 lwkt_gettoken(&nfs_token); 774 } 775 } 776 done: 777 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain); 778 kfree((caddr_t)nfsd, M_NFSD); 779 nsd->nsd_nfsd = NULL; 780 if (--nfs_numnfsd == 0) 781 nfsrv_init(TRUE); /* Reinitialize everything */ 782 783 lwkt_reltoken(&nfs_token); 784 return (error); 785 } 786 787 /* 788 * Shut down a socket associated with an nfssvc_sock structure. 789 * Should be called with the send lock set, if required. 790 * The trick here is to increment the sref at the start, so that the nfsds 791 * will stop using it and clear ns_flag at the end so that it will not be 792 * reassigned during cleanup. 793 */ 794 static void 795 nfsrv_zapsock(struct nfssvc_sock *slp) 796 { 797 struct nfsuid *nuidp, *nnuidp; 798 struct nfsrv_descript *nwp, *nnwp; 799 struct socket *so; 800 struct file *fp; 801 struct nfsrv_rec *rec; 802 803 slp->ns_flag &= ~SLP_ALLFLAGS; 804 fp = slp->ns_fp; 805 if (fp) { 806 slp->ns_fp = NULL; 807 so = slp->ns_so; 808 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 809 so->so_upcall = NULL; 810 so->so_upcallarg = NULL; 811 soshutdown(so, SHUT_RDWR); 812 closef(fp, NULL); 813 if (slp->ns_nam) 814 kfree(slp->ns_nam, M_SONAME); 815 m_freem(slp->ns_raw); 816 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) { 817 --slp->ns_numrec; 818 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link); 819 if (rec->nr_address) 820 kfree(rec->nr_address, M_SONAME); 821 m_freem(rec->nr_packet); 822 kfree(rec, M_NFSRVDESC); 823 } 824 KKASSERT(slp->ns_numrec == 0); 825 826 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru, 827 nnuidp) { 828 LIST_REMOVE(nuidp, nu_hash); 829 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru); 830 if (nuidp->nu_flag & NU_NAM) 831 kfree(nuidp->nu_nam, M_SONAME); 832 kfree((caddr_t)nuidp, M_NFSUID); 833 } 834 crit_enter(); 835 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) { 836 nnwp = nwp->nd_tq.le_next; 837 LIST_REMOVE(nwp, nd_tq); 838 kfree((caddr_t)nwp, M_NFSRVDESC); 839 } 840 LIST_INIT(&slp->ns_tq); 841 crit_exit(); 842 nfsrv_slpderef(slp); 843 } 844 } 845 846 /* 847 * Derefence a server socket structure. If it has no more references and 848 * is no longer valid, you can throw it away. 849 * 850 * Must be holding nfs_token! 851 */ 852 void 853 nfsrv_slpderef(struct nfssvc_sock *slp) 854 { 855 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 856 if (slp->ns_sref == 1) { 857 KKASSERT((slp->ns_flag & SLP_VALID) == 0); 858 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 859 slp->ns_sref = 0; 860 kfree((caddr_t)slp, M_NFSSVC); 861 } else { 862 --slp->ns_sref; 863 } 864 } 865 866 void 867 nfsrv_slpref(struct nfssvc_sock *slp) 868 { 869 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 870 ++slp->ns_sref; 871 } 872 873 /* 874 * Lock a socket against others. 875 * 876 * Returns 0 on failure, 1 on success. 877 */ 878 int 879 nfs_slplock(struct nfssvc_sock *slp, int wait) 880 { 881 mtx_t mtx = &slp->ns_solock; 882 883 if (wait) { 884 mtx_lock_ex(mtx, "nfsslplck", 0, 0); 885 return(1); 886 } else if (mtx_lock_ex_try(mtx) == 0) { 887 return(1); 888 } else { 889 return(0); 890 } 891 } 892 893 /* 894 * Unlock the stream socket for others. 895 */ 896 void 897 nfs_slpunlock(struct nfssvc_sock *slp) 898 { 899 mtx_t mtx = &slp->ns_solock; 900 901 mtx_unlock(mtx); 902 } 903 904 /* 905 * Initialize the data structures for the server. 906 * Handshake with any new nfsds starting up to avoid any chance of 907 * corruption. 908 */ 909 void 910 nfsrv_init(int terminating) 911 { 912 struct nfssvc_sock *slp, *nslp; 913 914 lwkt_gettoken(&nfs_token); 915 if (nfssvc_sockhead_flag & SLP_INIT) 916 panic("nfsd init"); 917 nfssvc_sockhead_flag |= SLP_INIT; 918 919 if (terminating) { 920 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) { 921 if (slp->ns_flag & SLP_VALID) 922 nfsrv_zapsock(slp); 923 /* 924 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 925 kfree((caddr_t)slp, M_NFSSVC); 926 */ 927 } 928 nfsrv_cleancache(); /* And clear out server cache */ 929 } else { 930 nfs_pub.np_valid = 0; 931 } 932 933 TAILQ_INIT(&nfssvc_sockhead); 934 nfssvc_sockhead_flag &= ~SLP_INIT; 935 if (nfssvc_sockhead_flag & SLP_WANTINIT) { 936 nfssvc_sockhead_flag &= ~SLP_WANTINIT; 937 wakeup((caddr_t)&nfssvc_sockhead); 938 } 939 940 TAILQ_INIT(&nfsd_head); 941 nfsd_head_flag &= ~NFSD_CHECKSLP; 942 943 lwkt_reltoken(&nfs_token); 944 945 #if 0 946 nfs_udpsock = (struct nfssvc_sock *) 947 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 948 mtx_init(&nfs_udpsock->ns_solock); 949 STAILQ_INIT(&nfs_udpsock->ns_rec); 950 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead); 951 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain); 952 953 nfs_cltpsock = (struct nfssvc_sock *) 954 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 955 mtx_init(&nfs_cltpsock->ns_solock); 956 STAILQ_INIT(&nfs_cltpsock->ns_rec); 957 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead); 958 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain); 959 #endif 960 } 961 962 /* 963 * Add entries to the server monitor log. 964 */ 965 static void 966 nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep) 967 { 968 struct drt *rt; 969 970 rt = &nfsdrt.drt[nfsdrt.pos]; 971 if (cacherep == RC_DOIT) 972 rt->flag = 0; 973 else if (cacherep == RC_REPLY) 974 rt->flag = DRT_CACHEREPLY; 975 else 976 rt->flag = DRT_CACHEDROP; 977 if (sotype == SOCK_STREAM) 978 rt->flag |= DRT_TCP; 979 if (nd->nd_flag & ND_NFSV3) 980 rt->flag |= DRT_NFSV3; 981 rt->proc = nd->nd_procnum; 982 if (nd->nd_nam->sa_family == AF_INET) 983 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr; 984 else 985 rt->ipadr = INADDR_ANY; 986 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec); 987 getmicrotime(&rt->tstamp); 988 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ; 989 } 990 #endif /* NFS_NOSERVER */ 991 992 /* 993 * Get an authorization string for the uid by having the mount_nfs sitting 994 * on this mount point porpous out of the kernel and do it. 995 */ 996 int 997 nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep, 998 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str, 999 int *verf_len, NFSKERBKEY_T key /* return session key */) 1000 { 1001 int error = 0; 1002 1003 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) { 1004 nmp->nm_state |= NFSSTA_WANTAUTH; 1005 (void) tsleep((caddr_t)&nmp->nm_authtype, 0, 1006 "nfsauth1", 2 * hz); 1007 error = nfs_sigintr(nmp, rep, rep->r_td); 1008 if (error) { 1009 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1010 return (error); 1011 } 1012 } 1013 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH); 1014 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK); 1015 nmp->nm_authlen = RPCAUTH_MAXSIZ; 1016 nmp->nm_verfstr = verf_str; 1017 nmp->nm_verflen = *verf_len; 1018 nmp->nm_authuid = cred->cr_uid; 1019 wakeup((caddr_t)&nmp->nm_authstr); 1020 1021 /* 1022 * And wait for mount_nfs to do its stuff. 1023 */ 1024 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) { 1025 (void) tsleep((caddr_t)&nmp->nm_authlen, 0, 1026 "nfsauth2", 2 * hz); 1027 error = nfs_sigintr(nmp, rep, rep->r_td); 1028 } 1029 if (nmp->nm_state & NFSSTA_AUTHERR) { 1030 nmp->nm_state &= ~NFSSTA_AUTHERR; 1031 error = EAUTH; 1032 } 1033 if (error) 1034 kfree((caddr_t)*auth_str, M_TEMP); 1035 else { 1036 *auth_len = nmp->nm_authlen; 1037 *verf_len = nmp->nm_verflen; 1038 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (NFSKERBKEY_T)); 1039 } 1040 nmp->nm_state &= ~NFSSTA_HASAUTH; 1041 nmp->nm_state |= NFSSTA_WAITAUTH; 1042 if (nmp->nm_state & NFSSTA_WANTAUTH) { 1043 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1044 wakeup((caddr_t)&nmp->nm_authtype); 1045 } 1046 return (error); 1047 } 1048 1049 /* 1050 * Get a nickname authenticator and verifier. 1051 */ 1052 int 1053 nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str, 1054 int *auth_len, char *verf_str, int verf_len) 1055 { 1056 struct nfsuid *nuidp; 1057 u_int32_t *nickp, *verfp; 1058 struct timeval ktvout; 1059 1060 #ifdef DIAGNOSTIC 1061 if (verf_len < (4 * NFSX_UNSIGNED)) 1062 panic("nfs_getnickauth verf too small"); 1063 #endif 1064 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first; 1065 nuidp != NULL; nuidp = nuidp->nu_hash.le_next) { 1066 if (nuidp->nu_cr.cr_uid == cred->cr_uid) 1067 break; 1068 } 1069 if (!nuidp || nuidp->nu_expire < time_second) 1070 return (EACCES); 1071 1072 /* 1073 * Move to the end of the lru list (end of lru == most recently used). 1074 */ 1075 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru); 1076 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru); 1077 1078 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK); 1079 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME); 1080 *nickp = txdr_unsigned(nuidp->nu_nickname); 1081 *auth_str = (char *)nickp; 1082 *auth_len = 2 * NFSX_UNSIGNED; 1083 1084 /* 1085 * Now we must encrypt the verifier and package it up. 1086 */ 1087 verfp = (u_int32_t *)verf_str; 1088 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME); 1089 if (time_second > nuidp->nu_timestamp.tv_sec || 1090 (time_second == nuidp->nu_timestamp.tv_sec && 1091 time_second > nuidp->nu_timestamp.tv_usec)) 1092 getmicrotime(&nuidp->nu_timestamp); 1093 else 1094 nuidp->nu_timestamp.tv_usec++; 1095 1096 /* 1097 * Now encrypt the timestamp verifier in ecb mode using the session 1098 * key. 1099 */ 1100 #ifdef NFSKERB 1101 XXX 1102 #else 1103 ktvout.tv_sec = 0; 1104 ktvout.tv_usec = 0; 1105 #endif 1106 1107 *verfp++ = ktvout.tv_sec; 1108 *verfp++ = ktvout.tv_usec; 1109 *verfp = 0; 1110 return (0); 1111 } 1112 1113 /* 1114 * Save the current nickname in a hash list entry on the mount point. 1115 */ 1116 int 1117 nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len, 1118 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp, 1119 struct mbuf *mrep) 1120 { 1121 struct nfsuid *nuidp; 1122 u_int32_t *tl; 1123 struct timeval ktvin, ktvout; 1124 u_int32_t nick; 1125 int deltasec, error = 0; 1126 struct nfsm_info info; 1127 1128 info.md = *mdp; 1129 info.dpos = *dposp; 1130 info.mrep = mrep; 1131 1132 if (len == (3 * NFSX_UNSIGNED)) { 1133 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED)); 1134 ktvin.tv_sec = *tl++; 1135 ktvin.tv_usec = *tl++; 1136 nick = fxdr_unsigned(u_int32_t, *tl); 1137 1138 /* 1139 * Decrypt the timestamp in ecb mode. 1140 */ 1141 #ifdef NFSKERB 1142 XXX 1143 #else 1144 ktvout.tv_sec = 0; 1145 ktvout.tv_usec = 0; 1146 #endif 1147 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec); 1148 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec); 1149 deltasec = time_second - ktvout.tv_sec; 1150 if (deltasec < 0) 1151 deltasec = -deltasec; 1152 /* 1153 * If ok, add it to the hash list for the mount point. 1154 */ 1155 if (deltasec <= NFS_KERBCLOCKSKEW) { 1156 if (nmp->nm_numuids < nuidhash_max) { 1157 nmp->nm_numuids++; 1158 nuidp = (struct nfsuid *) 1159 kmalloc(sizeof (struct nfsuid), M_NFSUID, 1160 M_WAITOK); 1161 } else { 1162 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead); 1163 LIST_REMOVE(nuidp, nu_hash); 1164 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, 1165 nu_lru); 1166 } 1167 nuidp->nu_flag = 0; 1168 nuidp->nu_cr.cr_uid = cred->cr_uid; 1169 nuidp->nu_expire = time_second + NFS_KERBTTL; 1170 nuidp->nu_timestamp = ktvout; 1171 nuidp->nu_nickname = nick; 1172 bcopy(key, nuidp->nu_key, sizeof (NFSKERBKEY_T)); 1173 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, 1174 nu_lru); 1175 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid), 1176 nuidp, nu_hash); 1177 } 1178 } else { 1179 ERROROUT(nfsm_adv(&info, nfsm_rndup(len))); 1180 } 1181 nfsmout: 1182 *mdp = info.md; 1183 *dposp = info.dpos; 1184 return (error); 1185 } 1186