1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Rick Macklem at The University of Guelph. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95 37 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $ 38 * $DragonFly: src/sys/vfs/nfs/nfs_syscalls.c,v 1.31 2008/01/05 14:02:41 swildner Exp $ 39 */ 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/sysproto.h> 44 #include <sys/kernel.h> 45 #include <sys/sysctl.h> 46 #include <sys/file.h> 47 #include <sys/filedesc.h> 48 #include <sys/vnode.h> 49 #include <sys/malloc.h> 50 #include <sys/mount.h> 51 #include <sys/proc.h> 52 #include <sys/priv.h> 53 #include <sys/buf.h> 54 #include <sys/mbuf.h> 55 #include <sys/resourcevar.h> 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 #include <sys/domain.h> 59 #include <sys/protosw.h> 60 #include <sys/nlookup.h> 61 #include <vm/vm_zone.h> 62 63 #include <sys/mutex2.h> 64 #include <sys/thread2.h> 65 66 #include <netinet/in.h> 67 #include <netinet/tcp.h> 68 #include "xdr_subs.h" 69 #include "rpcv2.h" 70 #include "nfsproto.h" 71 #include "nfs.h" 72 #include "nfsm_subs.h" 73 #include "nfsrvcache.h" 74 #include "nfsmount.h" 75 #include "nfsnode.h" 76 #include "nfsrtt.h" 77 78 #include <sys/thread2.h> 79 80 static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure"); 81 82 static int nuidhash_max = NFS_MAXUIDHASH; 83 84 #ifndef NFS_NOSERVER 85 static void nfsrv_zapsock (struct nfssvc_sock *slp); 86 #endif 87 88 #define TRUE 1 89 #define FALSE 0 90 91 SYSCTL_DECL(_vfs_nfs); 92 93 #ifndef NFS_NOSERVER 94 int nfsd_waiting = 0; 95 static struct nfsdrt nfsdrt; 96 static int nfs_numnfsd = 0; 97 static void nfsd_rt (int sotype, struct nfsrv_descript *nd, 98 int cacherep); 99 static int nfssvc_addsock (struct file *, struct sockaddr *, 100 struct thread *); 101 static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *); 102 103 static int nfs_privport = 0; 104 SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport, 105 0, "Enable privileged source port checks"); 106 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0, 107 "Enable NFS request procrastination"); 108 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0, 109 "Enable NFSv3 request procrastination"); 110 int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO; 111 SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0, 112 "Minimum NFS socket buffer size reservation"); 113 114 /* 115 * NFS server system calls 116 */ 117 118 #endif /* NFS_NOSERVER */ 119 /* 120 * nfssvc_args(int flag, caddr_t argp) 121 * 122 * Nfs server psuedo system call for the nfsd's 123 * Based on the flag value it either: 124 * - adds a socket to the selection list 125 * - remains in the kernel as an nfsd 126 * - remains in the kernel as an nfsiod 127 * 128 * MPALMOSTSAFE 129 */ 130 int 131 sys_nfssvc(struct nfssvc_args *uap) 132 { 133 #ifndef NFS_NOSERVER 134 struct nlookupdata nd; 135 struct file *fp; 136 struct sockaddr *nam; 137 struct nfsd_args nfsdarg; 138 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs; 139 struct nfsd_cargs ncd; 140 struct nfsd *nfsd; 141 struct nfssvc_sock *slp; 142 struct nfsuid *nuidp; 143 struct nfsmount *nmp; 144 struct vnode *vp; 145 #endif /* NFS_NOSERVER */ 146 int error; 147 struct thread *td = curthread; 148 149 /* 150 * Must be super user 151 */ 152 error = priv_check(td, PRIV_ROOT); 153 if (error) 154 return (error); 155 156 lwkt_gettoken(&nfs_token); 157 158 while (nfssvc_sockhead_flag & SLP_INIT) { 159 nfssvc_sockhead_flag |= SLP_WANTINIT; 160 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0); 161 } 162 if (uap->flag & NFSSVC_BIOD) 163 error = ENXIO; /* no longer need nfsiod's */ 164 #ifdef NFS_NOSERVER 165 else 166 error = ENXIO; 167 #else /* !NFS_NOSERVER */ 168 else if (uap->flag & NFSSVC_MNTD) { 169 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd)); 170 if (error) 171 goto done; 172 vp = NULL; 173 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE, 174 NLC_FOLLOW); 175 if (error == 0) 176 error = nlookup(&nd); 177 if (error == 0) 178 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp); 179 nlookup_done(&nd); 180 if (error) 181 goto done; 182 183 if ((vp->v_flag & VROOT) == 0) 184 error = EINVAL; 185 nmp = VFSTONFS(vp->v_mount); 186 vput(vp); 187 if (error) 188 goto done; 189 if ((nmp->nm_state & NFSSTA_MNTD) && 190 (uap->flag & NFSSVC_GOTAUTH) == 0) { 191 error = 0; 192 goto done; 193 } 194 nmp->nm_state |= NFSSTA_MNTD; 195 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag, 196 uap->argp, td); 197 } else if (uap->flag & NFSSVC_ADDSOCK) { 198 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg)); 199 if (error) 200 goto done; 201 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp); 202 if (error) 203 goto done; 204 /* 205 * Get the client address for connected sockets. 206 */ 207 if (nfsdarg.name == NULL || nfsdarg.namelen == 0) 208 nam = NULL; 209 else { 210 error = getsockaddr(&nam, nfsdarg.name, 211 nfsdarg.namelen); 212 if (error) { 213 fdrop(fp); 214 goto done; 215 } 216 } 217 error = nfssvc_addsock(fp, nam, td); 218 fdrop(fp); 219 } else { 220 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd)); 221 if (error) 222 goto done; 223 if ((uap->flag & NFSSVC_AUTHIN) && 224 ((nfsd = nsd->nsd_nfsd)) != NULL && 225 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) { 226 slp = nfsd->nfsd_slp; 227 228 /* 229 * First check to see if another nfsd has already 230 * added this credential. 231 */ 232 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first; 233 nuidp != 0; nuidp = nuidp->nu_hash.le_next) { 234 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid && 235 (!nfsd->nfsd_nd->nd_nam2 || 236 netaddr_match(NU_NETFAM(nuidp), 237 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2))) 238 break; 239 } 240 if (nuidp) { 241 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr); 242 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 243 } else { 244 /* 245 * Nope, so we will. 246 */ 247 if (slp->ns_numuids < nuidhash_max) { 248 slp->ns_numuids++; 249 nuidp = (struct nfsuid *) 250 kmalloc(sizeof (struct nfsuid), M_NFSUID, 251 M_WAITOK); 252 } else 253 nuidp = NULL; 254 if ((slp->ns_flag & SLP_VALID) == 0) { 255 if (nuidp) 256 kfree((caddr_t)nuidp, M_NFSUID); 257 } else { 258 if (nuidp == NULL) { 259 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead); 260 LIST_REMOVE(nuidp, nu_hash); 261 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, 262 nu_lru); 263 if (nuidp->nu_flag & NU_NAM) 264 FREE(nuidp->nu_nam, M_SONAME); 265 } 266 nuidp->nu_flag = 0; 267 nuidp->nu_cr = nsd->nsd_cr; 268 if (nuidp->nu_cr.cr_ngroups > NGROUPS) 269 nuidp->nu_cr.cr_ngroups = NGROUPS; 270 nuidp->nu_cr.cr_ref = 1; 271 nuidp->nu_timestamp = nsd->nsd_timestamp; 272 nuidp->nu_expire = time_second + nsd->nsd_ttl; 273 /* 274 * and save the session key in nu_key. 275 */ 276 bcopy(nsd->nsd_key, nuidp->nu_key, 277 sizeof (nsd->nsd_key)); 278 if (nfsd->nfsd_nd->nd_nam2) { 279 struct sockaddr_in *saddr; 280 281 saddr = (struct sockaddr_in *) 282 nfsd->nfsd_nd->nd_nam2; 283 switch (saddr->sin_family) { 284 case AF_INET: 285 nuidp->nu_flag |= NU_INETADDR; 286 nuidp->nu_inetaddr = 287 saddr->sin_addr.s_addr; 288 break; 289 case AF_ISO: 290 default: 291 nuidp->nu_flag |= NU_NAM; 292 nuidp->nu_nam = 293 dup_sockaddr(nfsd->nfsd_nd->nd_nam2); 294 break; 295 }; 296 } 297 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp, 298 nu_lru); 299 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid), 300 nuidp, nu_hash); 301 nfsrv_setcred(&nuidp->nu_cr, 302 &nfsd->nfsd_nd->nd_cr); 303 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 304 } 305 } 306 } 307 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd)) 308 nfsd->nfsd_flag |= NFSD_AUTHFAIL; 309 error = nfssvc_nfsd(nsd, uap->argp, td); 310 } 311 #endif /* NFS_NOSERVER */ 312 if (error == EINTR || error == ERESTART) 313 error = 0; 314 done: 315 lwkt_reltoken(&nfs_token); 316 return (error); 317 } 318 319 #ifndef NFS_NOSERVER 320 /* 321 * Adds a socket to the list for servicing by nfsds. 322 */ 323 static int 324 nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td) 325 { 326 int siz; 327 struct nfssvc_sock *slp; 328 struct socket *so; 329 int error; 330 331 so = (struct socket *)fp->f_data; 332 #if 0 333 tslp = NULL; 334 /* 335 * Add it to the list, as required. 336 */ 337 if (so->so_proto->pr_protocol == IPPROTO_UDP) { 338 tslp = nfs_udpsock; 339 if (tslp->ns_flag & SLP_VALID) { 340 if (mynam != NULL) 341 FREE(mynam, M_SONAME); 342 return (EPERM); 343 } 344 } 345 #endif 346 /* 347 * Reserve buffer space in the socket. Note that due to bugs in 348 * Linux's delayed-ack code, serious performance degredation may 349 * occur with linux hosts if the minimum is used. 350 * 351 * NFS sockets are not limited to the standard sb_max or by 352 * resource limits. 353 */ 354 if (so->so_type == SOCK_STREAM) 355 siz = NFS_MAXPACKET + sizeof (u_long); 356 else 357 siz = NFS_MAXPACKET; 358 if (siz < nfs_soreserve) 359 siz = nfs_soreserve; 360 361 error = soreserve(so, siz, siz, NULL); 362 if (error) { 363 if (mynam != NULL) 364 FREE(mynam, M_SONAME); 365 return (error); 366 } 367 368 /* 369 * Set protocol specific options { for now TCP only } and 370 * reserve some space. For datagram sockets, this can get called 371 * repeatedly for the same socket, but that isn't harmful. 372 */ 373 if (so->so_type == SOCK_STREAM) { 374 struct sockopt sopt; 375 int val; 376 377 bzero(&sopt, sizeof sopt); 378 sopt.sopt_level = SOL_SOCKET; 379 sopt.sopt_name = SO_KEEPALIVE; 380 sopt.sopt_val = &val; 381 sopt.sopt_valsize = sizeof val; 382 val = 1; 383 sosetopt(so, &sopt); 384 } 385 if (so->so_proto->pr_domain->dom_family == AF_INET && 386 so->so_proto->pr_protocol == IPPROTO_TCP) { 387 struct sockopt sopt; 388 int val; 389 390 bzero(&sopt, sizeof sopt); 391 sopt.sopt_level = IPPROTO_TCP; 392 sopt.sopt_name = TCP_NODELAY; 393 sopt.sopt_val = &val; 394 sopt.sopt_valsize = sizeof val; 395 val = 1; 396 sosetopt(so, &sopt); 397 398 bzero(&sopt, sizeof sopt); 399 sopt.sopt_level = IPPROTO_TCP; 400 sopt.sopt_name = TCP_FASTKEEP; 401 sopt.sopt_val = &val; 402 sopt.sopt_valsize = sizeof val; 403 val = 1; 404 sosetopt(so, &sopt); 405 } 406 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR); 407 so->so_rcv.ssb_timeo = 0; 408 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR); 409 so->so_snd.ssb_timeo = 0; 410 411 slp = kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 412 mtx_init(&slp->ns_solock); 413 STAILQ_INIT(&slp->ns_rec); 414 TAILQ_INIT(&slp->ns_uidlruhead); 415 lwkt_token_init(&slp->ns_token, 1, "nfssrv_token"); 416 417 lwkt_gettoken(&nfs_token); 418 nfsrv_slpref(slp); 419 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain); 420 lwkt_gettoken(&slp->ns_token); 421 422 slp->ns_so = so; 423 slp->ns_nam = mynam; 424 fp->f_count++; 425 slp->ns_fp = fp; 426 427 so->so_upcallarg = (caddr_t)slp; 428 so->so_upcall = nfsrv_rcv_upcall; 429 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 430 slp->ns_flag = (SLP_VALID | SLP_NEEDQ); 431 nfsrv_wakenfsd(slp, 1); 432 433 lwkt_reltoken(&slp->ns_token); 434 lwkt_reltoken(&nfs_token); 435 436 return (0); 437 } 438 439 /* 440 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests 441 * until it is killed by a signal. 442 */ 443 static int 444 nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td) 445 { 446 int siz; 447 struct nfssvc_sock *slp; 448 struct nfsd *nfsd = nsd->nsd_nfsd; 449 struct nfsrv_descript *nd = NULL; 450 struct mbuf *m, *mreq; 451 int error, cacherep, sotype, writes_todo; 452 int procrastinate; 453 u_quad_t cur_usec; 454 455 #ifndef nolint 456 cacherep = RC_DOIT; 457 writes_todo = 0; 458 #endif 459 lwkt_gettoken(&nfs_token); 460 461 if (nfsd == NULL) { 462 nsd->nsd_nfsd = nfsd = (struct nfsd *) 463 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO); 464 nfsd->nfsd_td = td; 465 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain); 466 nfs_numnfsd++; 467 } 468 469 /* 470 * Loop getting rpc requests until SIGKILL. 471 */ 472 for (;;) { 473 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) { 474 while (nfsd->nfsd_slp == NULL && 475 (nfsd_head_flag & NFSD_CHECKSLP) == 0) { 476 nfsd->nfsd_flag |= NFSD_WAITING; 477 nfsd_waiting++; 478 error = tsleep(nfsd, PCATCH, "nfsd", 0); 479 nfsd_waiting--; 480 if (error && nfsd->nfsd_slp == NULL) 481 goto done; 482 } 483 if (nfsd->nfsd_slp == NULL && 484 (nfsd_head_flag & NFSD_CHECKSLP)) { 485 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) { 486 if ((slp->ns_flag & SLP_ACTION_MASK) || 487 slp->ns_needq_upcall) { 488 nfsrv_slpref(slp); 489 nfsd->nfsd_slp = slp; 490 break; 491 } 492 } 493 if (slp == NULL) 494 nfsd_head_flag &= ~NFSD_CHECKSLP; 495 } 496 if ((slp = nfsd->nfsd_slp) == NULL) 497 continue; 498 499 lwkt_reltoken(&nfs_token); 500 lwkt_gettoken(&slp->ns_token); 501 502 if (slp->ns_needq_upcall) { 503 slp->ns_needq_upcall = 0; 504 slp->ns_flag |= SLP_NEEDQ; 505 } 506 507 if (slp->ns_flag & SLP_VALID) { 508 /* 509 * We can both process additional received 510 * data into new records and process existing 511 * records. This keeps the pipeline hot by 512 * allowing the tcp socket to continue to 513 * drain while we are processing records. 514 */ 515 if (slp->ns_flag & SLP_DISCONN) { 516 nfsrv_zapsock(slp); 517 } else if (slp->ns_flag & SLP_NEEDQ) { 518 (void)nfs_slplock(slp, 1); 519 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 520 MB_WAIT); 521 nfs_slpunlock(slp); 522 } 523 error = nfsrv_dorec(slp, nfsd, &nd); 524 cur_usec = nfs_curusec(); 525 if (error && slp->ns_tq.lh_first && 526 slp->ns_tq.lh_first->nd_time <= cur_usec) { 527 error = 0; 528 cacherep = RC_DOIT; 529 writes_todo = 1; 530 } else { 531 writes_todo = 0; 532 } 533 nfsd->nfsd_flag |= NFSD_REQINPROG; 534 } else { 535 slp->ns_flag &= ~SLP_ACTION_MASK; 536 error = 0; 537 } 538 } else { 539 error = 0; 540 slp = nfsd->nfsd_slp; 541 542 lwkt_reltoken(&nfs_token); 543 lwkt_gettoken(&slp->ns_token); 544 545 if (slp->ns_needq_upcall) { 546 slp->ns_needq_upcall = 0; 547 slp->ns_flag |= SLP_NEEDQ; 548 } 549 if (NFSRV_RECLIMIT(slp) == 0 && 550 (slp->ns_flag & SLP_NEEDQ)) { 551 (void)nfs_slplock(slp, 1); 552 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 553 MB_WAIT); 554 nfs_slpunlock(slp); 555 } 556 } 557 558 /* 559 * nfs_token not held here. slp token is held. 560 */ 561 if (error || (slp->ns_flag & SLP_VALID) == 0) { 562 if (nd) { 563 kfree((caddr_t)nd, M_NFSRVDESC); 564 nd = NULL; 565 } 566 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 567 if (slp->ns_flag & SLP_ACTION_MASK) { 568 lwkt_reltoken(&slp->ns_token); 569 lwkt_gettoken(&nfs_token); 570 } else { 571 nfsd->nfsd_slp = NULL; 572 lwkt_reltoken(&slp->ns_token); 573 lwkt_gettoken(&nfs_token); 574 nfsrv_slpderef(slp); 575 } 576 continue; 577 } 578 579 /* 580 * Execute the NFS request - handle the server side cache 581 * 582 * nfs_token not held here. slp token is held. 583 */ 584 sotype = slp->ns_so->so_type; 585 if (nd) { 586 getmicrotime(&nd->nd_starttime); 587 if (nd->nd_nam2) 588 nd->nd_nam = nd->nd_nam2; 589 else 590 nd->nd_nam = slp->ns_nam; 591 592 /* 593 * Check to see if authorization is needed. 594 */ 595 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) { 596 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH; 597 nsd->nsd_haddr = 598 ((struct sockaddr_in *) 599 nd->nd_nam)->sin_addr.s_addr; 600 nsd->nsd_authlen = nfsd->nfsd_authlen; 601 nsd->nsd_verflen = nfsd->nfsd_verflen; 602 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr, 603 nfsd->nfsd_authlen) && 604 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr, 605 nfsd->nfsd_verflen) && 606 !copyout((caddr_t)nsd, argp, sizeof (*nsd))) 607 lwkt_reltoken(&slp->ns_token); 608 return (ENEEDAUTH); 609 cacherep = RC_DROPIT; 610 } else { 611 cacherep = nfsrv_getcache(nd, slp, &mreq); 612 } 613 614 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) { 615 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL; 616 nd->nd_procnum = NFSPROC_NOOP; 617 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 618 cacherep = RC_DOIT; 619 } else if (nfs_privport) { 620 /* Check if source port is privileged */ 621 u_short port; 622 struct sockaddr *nam = nd->nd_nam; 623 struct sockaddr_in *sin; 624 625 sin = (struct sockaddr_in *)nam; 626 port = ntohs(sin->sin_port); 627 if (port >= IPPORT_RESERVED && 628 nd->nd_procnum != NFSPROC_NULL) { 629 nd->nd_procnum = NFSPROC_NOOP; 630 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 631 cacherep = RC_DOIT; 632 kprintf("NFS request from unprivileged port (%s:%d)\n", 633 inet_ntoa(sin->sin_addr), port); 634 } 635 } 636 637 } 638 639 /* 640 * Execute the NFS request - direct execution 641 * 642 * Loop to get all the write rpc replies that have been 643 * gathered together. 644 * 645 * nfs_token not held here. slp token is held. 646 */ 647 do { 648 switch (cacherep) { 649 case RC_DOIT: 650 if (nd && (nd->nd_flag & ND_NFSV3)) 651 procrastinate = nfsrvw_procrastinate_v3; 652 else 653 procrastinate = nfsrvw_procrastinate; 654 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE && 655 procrastinate > 0) 656 ) { 657 error = nfsrv_writegather(&nd, slp, 658 nfsd->nfsd_td, &mreq); 659 } else { 660 /* NOT YET lwkt_reltoken(&slp->ns_token); */ 661 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd, 662 slp, nfsd->nfsd_td, &mreq); 663 /* NOT YET lwkt_gettoken(&slp->ns_token); */ 664 } 665 if (mreq == NULL) 666 break; 667 if (error != 0 && error != NFSERR_RETVOID) { 668 if (nd->nd_procnum != NQNFSPROC_VACATED) 669 nfsstats.srv_errs++; 670 nfsrv_updatecache(nd, FALSE, mreq); 671 if (nd->nd_nam2) 672 FREE(nd->nd_nam2, M_SONAME); 673 break; 674 } 675 nfsstats.srvrpccnt[nd->nd_procnum]++; 676 nfsrv_updatecache(nd, TRUE, mreq); 677 nd->nd_mrep = NULL; 678 /* FALL THROUGH */ 679 case RC_REPLY: 680 m = mreq; 681 siz = 0; 682 while (m) { 683 siz += m->m_len; 684 m = m->m_next; 685 } 686 if (siz <= 0 || siz > NFS_MAXPACKET) { 687 kprintf("mbuf siz=%d\n",siz); 688 panic("Bad nfs svc reply"); 689 } 690 m = mreq; 691 m->m_pkthdr.len = siz; 692 m->m_pkthdr.rcvif = NULL; 693 /* 694 * For stream protocols, prepend a Sun RPC 695 * Record Mark. 696 */ 697 if (sotype == SOCK_STREAM) { 698 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT); 699 if (m == NULL) { 700 error = ENOBUFS; 701 goto skip; 702 } 703 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz); 704 } 705 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 706 (void) nfs_slplock(slp, 1); 707 if (slp->ns_flag & SLP_VALID) 708 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL); 709 else { 710 error = EPIPE; 711 m_freem(m); 712 } 713 skip: 714 if (nfsrtton) 715 nfsd_rt(sotype, nd, cacherep); 716 if (nd->nd_nam2) 717 FREE(nd->nd_nam2, M_SONAME); 718 if (nd->nd_mrep) 719 m_freem(nd->nd_mrep); 720 if (error == EPIPE || error == ENOBUFS) 721 nfsrv_zapsock(slp); 722 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 723 nfs_slpunlock(slp); 724 if (error == EINTR || error == ERESTART) { 725 kfree((caddr_t)nd, M_NFSRVDESC); 726 lwkt_reltoken(&slp->ns_token); 727 lwkt_gettoken(&nfs_token); 728 nfsd->nfsd_slp = NULL; 729 nfsrv_slpderef(slp); 730 goto done; 731 } 732 break; 733 case RC_DROPIT: 734 if (nfsrtton) 735 nfsd_rt(sotype, nd, cacherep); 736 m_freem(nd->nd_mrep); 737 if (nd->nd_nam2) 738 FREE(nd->nd_nam2, M_SONAME); 739 break; 740 }; 741 if (nd) { 742 FREE((caddr_t)nd, M_NFSRVDESC); 743 nd = NULL; 744 } 745 746 /* 747 * Check to see if there are outstanding writes that 748 * need to be serviced. 749 */ 750 cur_usec = nfs_curusec(); 751 if (slp->ns_tq.lh_first && 752 slp->ns_tq.lh_first->nd_time <= cur_usec) { 753 cacherep = RC_DOIT; 754 writes_todo = 1; 755 } else { 756 writes_todo = 0; 757 } 758 } while (writes_todo); 759 760 /* 761 * nfs_token not held here. slp token is held. 762 */ 763 if (nfsrv_dorec(slp, nfsd, &nd)) { 764 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 765 if (slp->ns_flag & SLP_ACTION_MASK) { 766 lwkt_reltoken(&slp->ns_token); 767 lwkt_gettoken(&nfs_token); 768 } else { 769 nfsd->nfsd_slp = NULL; 770 lwkt_reltoken(&slp->ns_token); 771 lwkt_gettoken(&nfs_token); 772 nfsrv_slpderef(slp); 773 } 774 } else { 775 lwkt_reltoken(&slp->ns_token); 776 lwkt_gettoken(&nfs_token); 777 } 778 } 779 done: 780 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain); 781 kfree((caddr_t)nfsd, M_NFSD); 782 nsd->nsd_nfsd = NULL; 783 if (--nfs_numnfsd == 0) 784 nfsrv_init(TRUE); /* Reinitialize everything */ 785 786 lwkt_reltoken(&nfs_token); 787 return (error); 788 } 789 790 /* 791 * Shut down a socket associated with an nfssvc_sock structure. 792 * Should be called with the send lock set, if required. 793 * The trick here is to increment the sref at the start, so that the nfsds 794 * will stop using it and clear ns_flag at the end so that it will not be 795 * reassigned during cleanup. 796 */ 797 static void 798 nfsrv_zapsock(struct nfssvc_sock *slp) 799 { 800 struct nfsuid *nuidp, *nnuidp; 801 struct nfsrv_descript *nwp, *nnwp; 802 struct socket *so; 803 struct file *fp; 804 struct nfsrv_rec *rec; 805 806 slp->ns_flag &= ~SLP_ALLFLAGS; 807 fp = slp->ns_fp; 808 if (fp) { 809 slp->ns_fp = NULL; 810 so = slp->ns_so; 811 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 812 so->so_upcall = NULL; 813 so->so_upcallarg = NULL; 814 soshutdown(so, SHUT_RDWR); 815 closef(fp, NULL); 816 if (slp->ns_nam) 817 FREE(slp->ns_nam, M_SONAME); 818 m_freem(slp->ns_raw); 819 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) { 820 --slp->ns_numrec; 821 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link); 822 if (rec->nr_address) 823 FREE(rec->nr_address, M_SONAME); 824 m_freem(rec->nr_packet); 825 kfree(rec, M_NFSRVDESC); 826 } 827 KKASSERT(slp->ns_numrec == 0); 828 829 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru, 830 nnuidp) { 831 LIST_REMOVE(nuidp, nu_hash); 832 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru); 833 if (nuidp->nu_flag & NU_NAM) 834 FREE(nuidp->nu_nam, M_SONAME); 835 kfree((caddr_t)nuidp, M_NFSUID); 836 } 837 crit_enter(); 838 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) { 839 nnwp = nwp->nd_tq.le_next; 840 LIST_REMOVE(nwp, nd_tq); 841 kfree((caddr_t)nwp, M_NFSRVDESC); 842 } 843 LIST_INIT(&slp->ns_tq); 844 crit_exit(); 845 nfsrv_slpderef(slp); 846 } 847 } 848 849 /* 850 * Derefence a server socket structure. If it has no more references and 851 * is no longer valid, you can throw it away. 852 * 853 * Must be holding nfs_token! 854 */ 855 void 856 nfsrv_slpderef(struct nfssvc_sock *slp) 857 { 858 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 859 if (slp->ns_sref == 1) { 860 KKASSERT((slp->ns_flag & SLP_VALID) == 0); 861 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 862 slp->ns_sref = 0; 863 kfree((caddr_t)slp, M_NFSSVC); 864 } else { 865 --slp->ns_sref; 866 } 867 } 868 869 void 870 nfsrv_slpref(struct nfssvc_sock *slp) 871 { 872 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 873 ++slp->ns_sref; 874 } 875 876 /* 877 * Lock a socket against others. 878 * 879 * Returns 0 on failure, 1 on success. 880 */ 881 int 882 nfs_slplock(struct nfssvc_sock *slp, int wait) 883 { 884 mtx_t mtx = &slp->ns_solock; 885 886 if (wait) { 887 mtx_lock_ex(mtx, "nfsslplck", 0, 0); 888 return(1); 889 } else if (mtx_lock_ex_try(mtx) == 0) { 890 return(1); 891 } else { 892 return(0); 893 } 894 } 895 896 /* 897 * Unlock the stream socket for others. 898 */ 899 void 900 nfs_slpunlock(struct nfssvc_sock *slp) 901 { 902 mtx_t mtx = &slp->ns_solock; 903 904 mtx_unlock(mtx); 905 } 906 907 /* 908 * Initialize the data structures for the server. 909 * Handshake with any new nfsds starting up to avoid any chance of 910 * corruption. 911 */ 912 void 913 nfsrv_init(int terminating) 914 { 915 struct nfssvc_sock *slp, *nslp; 916 917 lwkt_gettoken(&nfs_token); 918 if (nfssvc_sockhead_flag & SLP_INIT) 919 panic("nfsd init"); 920 nfssvc_sockhead_flag |= SLP_INIT; 921 922 if (terminating) { 923 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) { 924 if (slp->ns_flag & SLP_VALID) 925 nfsrv_zapsock(slp); 926 /* 927 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 928 kfree((caddr_t)slp, M_NFSSVC); 929 */ 930 } 931 nfsrv_cleancache(); /* And clear out server cache */ 932 } else { 933 nfs_pub.np_valid = 0; 934 } 935 936 TAILQ_INIT(&nfssvc_sockhead); 937 nfssvc_sockhead_flag &= ~SLP_INIT; 938 if (nfssvc_sockhead_flag & SLP_WANTINIT) { 939 nfssvc_sockhead_flag &= ~SLP_WANTINIT; 940 wakeup((caddr_t)&nfssvc_sockhead); 941 } 942 943 TAILQ_INIT(&nfsd_head); 944 nfsd_head_flag &= ~NFSD_CHECKSLP; 945 946 lwkt_reltoken(&nfs_token); 947 948 #if 0 949 nfs_udpsock = (struct nfssvc_sock *) 950 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 951 mtx_init(&nfs_udpsock->ns_solock); 952 STAILQ_INIT(&nfs_udpsock->ns_rec); 953 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead); 954 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain); 955 956 nfs_cltpsock = (struct nfssvc_sock *) 957 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 958 mtx_init(&nfs_cltpsock->ns_solock); 959 STAILQ_INIT(&nfs_cltpsock->ns_rec); 960 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead); 961 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain); 962 #endif 963 } 964 965 /* 966 * Add entries to the server monitor log. 967 */ 968 static void 969 nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep) 970 { 971 struct drt *rt; 972 973 rt = &nfsdrt.drt[nfsdrt.pos]; 974 if (cacherep == RC_DOIT) 975 rt->flag = 0; 976 else if (cacherep == RC_REPLY) 977 rt->flag = DRT_CACHEREPLY; 978 else 979 rt->flag = DRT_CACHEDROP; 980 if (sotype == SOCK_STREAM) 981 rt->flag |= DRT_TCP; 982 if (nd->nd_flag & ND_NFSV3) 983 rt->flag |= DRT_NFSV3; 984 rt->proc = nd->nd_procnum; 985 if (nd->nd_nam->sa_family == AF_INET) 986 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr; 987 else 988 rt->ipadr = INADDR_ANY; 989 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec); 990 getmicrotime(&rt->tstamp); 991 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ; 992 } 993 #endif /* NFS_NOSERVER */ 994 995 /* 996 * Get an authorization string for the uid by having the mount_nfs sitting 997 * on this mount point porpous out of the kernel and do it. 998 */ 999 int 1000 nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep, 1001 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str, 1002 int *verf_len, NFSKERBKEY_T key /* return session key */) 1003 { 1004 int error = 0; 1005 1006 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) { 1007 nmp->nm_state |= NFSSTA_WANTAUTH; 1008 (void) tsleep((caddr_t)&nmp->nm_authtype, 0, 1009 "nfsauth1", 2 * hz); 1010 error = nfs_sigintr(nmp, rep, rep->r_td); 1011 if (error) { 1012 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1013 return (error); 1014 } 1015 } 1016 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH); 1017 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK); 1018 nmp->nm_authlen = RPCAUTH_MAXSIZ; 1019 nmp->nm_verfstr = verf_str; 1020 nmp->nm_verflen = *verf_len; 1021 nmp->nm_authuid = cred->cr_uid; 1022 wakeup((caddr_t)&nmp->nm_authstr); 1023 1024 /* 1025 * And wait for mount_nfs to do its stuff. 1026 */ 1027 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) { 1028 (void) tsleep((caddr_t)&nmp->nm_authlen, 0, 1029 "nfsauth2", 2 * hz); 1030 error = nfs_sigintr(nmp, rep, rep->r_td); 1031 } 1032 if (nmp->nm_state & NFSSTA_AUTHERR) { 1033 nmp->nm_state &= ~NFSSTA_AUTHERR; 1034 error = EAUTH; 1035 } 1036 if (error) 1037 kfree((caddr_t)*auth_str, M_TEMP); 1038 else { 1039 *auth_len = nmp->nm_authlen; 1040 *verf_len = nmp->nm_verflen; 1041 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (key)); 1042 } 1043 nmp->nm_state &= ~NFSSTA_HASAUTH; 1044 nmp->nm_state |= NFSSTA_WAITAUTH; 1045 if (nmp->nm_state & NFSSTA_WANTAUTH) { 1046 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1047 wakeup((caddr_t)&nmp->nm_authtype); 1048 } 1049 return (error); 1050 } 1051 1052 /* 1053 * Get a nickname authenticator and verifier. 1054 */ 1055 int 1056 nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str, 1057 int *auth_len, char *verf_str, int verf_len) 1058 { 1059 struct nfsuid *nuidp; 1060 u_int32_t *nickp, *verfp; 1061 struct timeval ktvin, ktvout; 1062 1063 #ifdef DIAGNOSTIC 1064 if (verf_len < (4 * NFSX_UNSIGNED)) 1065 panic("nfs_getnickauth verf too small"); 1066 #endif 1067 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first; 1068 nuidp != 0; nuidp = nuidp->nu_hash.le_next) { 1069 if (nuidp->nu_cr.cr_uid == cred->cr_uid) 1070 break; 1071 } 1072 if (!nuidp || nuidp->nu_expire < time_second) 1073 return (EACCES); 1074 1075 /* 1076 * Move to the end of the lru list (end of lru == most recently used). 1077 */ 1078 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru); 1079 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru); 1080 1081 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK); 1082 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME); 1083 *nickp = txdr_unsigned(nuidp->nu_nickname); 1084 *auth_str = (char *)nickp; 1085 *auth_len = 2 * NFSX_UNSIGNED; 1086 1087 /* 1088 * Now we must encrypt the verifier and package it up. 1089 */ 1090 verfp = (u_int32_t *)verf_str; 1091 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME); 1092 if (time_second > nuidp->nu_timestamp.tv_sec || 1093 (time_second == nuidp->nu_timestamp.tv_sec && 1094 time_second > nuidp->nu_timestamp.tv_usec)) 1095 getmicrotime(&nuidp->nu_timestamp); 1096 else 1097 nuidp->nu_timestamp.tv_usec++; 1098 ktvin.tv_sec = txdr_unsigned(nuidp->nu_timestamp.tv_sec); 1099 ktvin.tv_usec = txdr_unsigned(nuidp->nu_timestamp.tv_usec); 1100 1101 /* 1102 * Now encrypt the timestamp verifier in ecb mode using the session 1103 * key. 1104 */ 1105 #ifdef NFSKERB 1106 XXX 1107 #else 1108 ktvout.tv_sec = 0; 1109 ktvout.tv_usec = 0; 1110 #endif 1111 1112 *verfp++ = ktvout.tv_sec; 1113 *verfp++ = ktvout.tv_usec; 1114 *verfp = 0; 1115 return (0); 1116 } 1117 1118 /* 1119 * Save the current nickname in a hash list entry on the mount point. 1120 */ 1121 int 1122 nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len, 1123 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp, 1124 struct mbuf *mrep) 1125 { 1126 struct nfsuid *nuidp; 1127 u_int32_t *tl; 1128 struct timeval ktvin, ktvout; 1129 u_int32_t nick; 1130 int deltasec, error = 0; 1131 struct nfsm_info info; 1132 1133 info.md = *mdp; 1134 info.dpos = *dposp; 1135 info.mrep = mrep; 1136 1137 if (len == (3 * NFSX_UNSIGNED)) { 1138 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED)); 1139 ktvin.tv_sec = *tl++; 1140 ktvin.tv_usec = *tl++; 1141 nick = fxdr_unsigned(u_int32_t, *tl); 1142 1143 /* 1144 * Decrypt the timestamp in ecb mode. 1145 */ 1146 #ifdef NFSKERB 1147 XXX 1148 #else 1149 ktvout.tv_sec = 0; 1150 ktvout.tv_usec = 0; 1151 #endif 1152 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec); 1153 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec); 1154 deltasec = time_second - ktvout.tv_sec; 1155 if (deltasec < 0) 1156 deltasec = -deltasec; 1157 /* 1158 * If ok, add it to the hash list for the mount point. 1159 */ 1160 if (deltasec <= NFS_KERBCLOCKSKEW) { 1161 if (nmp->nm_numuids < nuidhash_max) { 1162 nmp->nm_numuids++; 1163 nuidp = (struct nfsuid *) 1164 kmalloc(sizeof (struct nfsuid), M_NFSUID, 1165 M_WAITOK); 1166 } else { 1167 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead); 1168 LIST_REMOVE(nuidp, nu_hash); 1169 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, 1170 nu_lru); 1171 } 1172 nuidp->nu_flag = 0; 1173 nuidp->nu_cr.cr_uid = cred->cr_uid; 1174 nuidp->nu_expire = time_second + NFS_KERBTTL; 1175 nuidp->nu_timestamp = ktvout; 1176 nuidp->nu_nickname = nick; 1177 bcopy(key, nuidp->nu_key, sizeof (key)); 1178 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, 1179 nu_lru); 1180 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid), 1181 nuidp, nu_hash); 1182 } 1183 } else { 1184 ERROROUT(nfsm_adv(&info, nfsm_rndup(len))); 1185 } 1186 nfsmout: 1187 *mdp = info.md; 1188 *dposp = info.dpos; 1189 return (error); 1190 } 1191