1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Rick Macklem at The University of Guelph. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)nfs_syscalls.c 8.5 (Berkeley) 3/30/95 37 * $FreeBSD: src/sys/nfs/nfs_syscalls.c,v 1.58.2.1 2000/11/26 02:30:06 dillon Exp $ 38 */ 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/sysproto.h> 43 #include <sys/kernel.h> 44 #include <sys/sysctl.h> 45 #include <sys/file.h> 46 #include <sys/filedesc.h> 47 #include <sys/vnode.h> 48 #include <sys/malloc.h> 49 #include <sys/mount.h> 50 #include <sys/proc.h> 51 #include <sys/priv.h> 52 #include <sys/buf.h> 53 #include <sys/mbuf.h> 54 #include <sys/resourcevar.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/domain.h> 58 #include <sys/protosw.h> 59 #include <sys/nlookup.h> 60 61 #include <sys/mutex2.h> 62 #include <sys/thread2.h> 63 64 #include <netinet/in.h> 65 #include <netinet/tcp.h> 66 #include "xdr_subs.h" 67 #include "rpcv2.h" 68 #include "nfsproto.h" 69 #include "nfs.h" 70 #include "nfsm_subs.h" 71 #include "nfsrvcache.h" 72 #include "nfsmount.h" 73 #include "nfsnode.h" 74 #include "nfsrtt.h" 75 76 #include <sys/thread2.h> 77 78 static MALLOC_DEFINE(M_NFSSVC, "NFS srvsock", "Nfs server structure"); 79 80 static int nuidhash_max = NFS_MAXUIDHASH; 81 82 #ifndef NFS_NOSERVER 83 static void nfsrv_zapsock (struct nfssvc_sock *slp); 84 #endif 85 86 #define TRUE 1 87 #define FALSE 0 88 89 SYSCTL_DECL(_vfs_nfs); 90 91 #ifndef NFS_NOSERVER 92 int nfsd_waiting = 0; 93 static struct nfsdrt nfsdrt; 94 static int nfs_numnfsd = 0; 95 static void nfsd_rt (int sotype, struct nfsrv_descript *nd, 96 int cacherep); 97 static int nfssvc_addsock (struct file *, struct sockaddr *, 98 struct thread *); 99 static int nfssvc_nfsd (struct nfsd_srvargs *,caddr_t,struct thread *); 100 101 static int nfs_privport = 0; 102 SYSCTL_INT(_vfs_nfs, NFS_NFSPRIVPORT, nfs_privport, CTLFLAG_RW, &nfs_privport, 103 0, "Enable privileged source port checks"); 104 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay, CTLFLAG_RW, &nfsrvw_procrastinate, 0, 105 "Enable NFS request procrastination"); 106 SYSCTL_INT(_vfs_nfs, OID_AUTO, gatherdelay_v3, CTLFLAG_RW, &nfsrvw_procrastinate_v3, 0, 107 "Enable NFSv3 request procrastination"); 108 int nfs_soreserve = NFS_MAXPACKET * NFS_MAXASYNCBIO; 109 SYSCTL_INT(_vfs_nfs, OID_AUTO, soreserve, CTLFLAG_RW, &nfs_soreserve, 0, 110 "Minimum NFS socket buffer size reservation"); 111 112 /* 113 * NFS server system calls 114 */ 115 116 #endif /* NFS_NOSERVER */ 117 /* 118 * nfssvc_args(int flag, caddr_t argp) 119 * 120 * Nfs server psuedo system call for the nfsd's 121 * Based on the flag value it either: 122 * - adds a socket to the selection list 123 * - remains in the kernel as an nfsd 124 * - remains in the kernel as an nfsiod 125 * 126 * MPALMOSTSAFE 127 */ 128 int 129 sys_nfssvc(struct nfssvc_args *uap) 130 { 131 #ifndef NFS_NOSERVER 132 struct nlookupdata nd; 133 struct file *fp; 134 struct sockaddr *nam; 135 struct nfsd_args nfsdarg; 136 struct nfsd_srvargs nfsd_srvargs, *nsd = &nfsd_srvargs; 137 struct nfsd_cargs ncd; 138 struct nfsd *nfsd; 139 struct nfssvc_sock *slp; 140 struct nfsuid *nuidp; 141 struct nfsmount *nmp; 142 struct vnode *vp; 143 #endif /* NFS_NOSERVER */ 144 int error; 145 struct thread *td = curthread; 146 147 /* 148 * Must be super user 149 */ 150 error = priv_check(td, PRIV_ROOT); 151 if (error) 152 return (error); 153 154 lwkt_gettoken(&nfs_token); 155 156 while (nfssvc_sockhead_flag & SLP_INIT) { 157 nfssvc_sockhead_flag |= SLP_WANTINIT; 158 tsleep((caddr_t)&nfssvc_sockhead, 0, "nfsd init", 0); 159 } 160 if (uap->flag & NFSSVC_BIOD) 161 error = ENXIO; /* no longer need nfsiod's */ 162 #ifdef NFS_NOSERVER 163 else 164 error = ENXIO; 165 #else /* !NFS_NOSERVER */ 166 else if (uap->flag & NFSSVC_MNTD) { 167 error = copyin(uap->argp, (caddr_t)&ncd, sizeof (ncd)); 168 if (error) 169 goto done; 170 vp = NULL; 171 error = nlookup_init(&nd, ncd.ncd_dirp, UIO_USERSPACE, 172 NLC_FOLLOW); 173 if (error == 0) 174 error = nlookup(&nd); 175 if (error == 0) 176 error = cache_vget(&nd.nl_nch, nd.nl_cred, LK_EXCLUSIVE, &vp); 177 nlookup_done(&nd); 178 if (error) 179 goto done; 180 181 if ((vp->v_flag & VROOT) == 0) 182 error = EINVAL; 183 nmp = VFSTONFS(vp->v_mount); 184 vput(vp); 185 if (error) 186 goto done; 187 if ((nmp->nm_state & NFSSTA_MNTD) && 188 (uap->flag & NFSSVC_GOTAUTH) == 0) { 189 error = 0; 190 goto done; 191 } 192 nmp->nm_state |= NFSSTA_MNTD; 193 error = nfs_clientd(nmp, td->td_ucred, &ncd, uap->flag, 194 uap->argp, td); 195 } else if (uap->flag & NFSSVC_ADDSOCK) { 196 error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg)); 197 if (error) 198 goto done; 199 error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp); 200 if (error) 201 goto done; 202 /* 203 * Get the client address for connected sockets. 204 */ 205 if (nfsdarg.name == NULL || nfsdarg.namelen == 0) 206 nam = NULL; 207 else { 208 error = getsockaddr(&nam, nfsdarg.name, 209 nfsdarg.namelen); 210 if (error) { 211 fdrop(fp); 212 goto done; 213 } 214 } 215 error = nfssvc_addsock(fp, nam, td); 216 fdrop(fp); 217 } else { 218 error = copyin(uap->argp, (caddr_t)nsd, sizeof (*nsd)); 219 if (error) 220 goto done; 221 if ((uap->flag & NFSSVC_AUTHIN) && 222 ((nfsd = nsd->nsd_nfsd)) != NULL && 223 (nfsd->nfsd_slp->ns_flag & SLP_VALID)) { 224 slp = nfsd->nfsd_slp; 225 226 /* 227 * First check to see if another nfsd has already 228 * added this credential. 229 */ 230 for (nuidp = NUIDHASH(slp,nsd->nsd_cr.cr_uid)->lh_first; 231 nuidp != 0; nuidp = nuidp->nu_hash.le_next) { 232 if (nuidp->nu_cr.cr_uid == nsd->nsd_cr.cr_uid && 233 (!nfsd->nfsd_nd->nd_nam2 || 234 netaddr_match(NU_NETFAM(nuidp), 235 &nuidp->nu_haddr, nfsd->nfsd_nd->nd_nam2))) 236 break; 237 } 238 if (nuidp) { 239 nfsrv_setcred(&nuidp->nu_cr,&nfsd->nfsd_nd->nd_cr); 240 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 241 } else { 242 /* 243 * Nope, so we will. 244 */ 245 if (slp->ns_numuids < nuidhash_max) { 246 slp->ns_numuids++; 247 nuidp = (struct nfsuid *) 248 kmalloc(sizeof (struct nfsuid), M_NFSUID, 249 M_WAITOK); 250 } else 251 nuidp = NULL; 252 if ((slp->ns_flag & SLP_VALID) == 0) { 253 if (nuidp) 254 kfree((caddr_t)nuidp, M_NFSUID); 255 } else { 256 if (nuidp == NULL) { 257 nuidp = TAILQ_FIRST(&slp->ns_uidlruhead); 258 LIST_REMOVE(nuidp, nu_hash); 259 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, 260 nu_lru); 261 if (nuidp->nu_flag & NU_NAM) 262 kfree(nuidp->nu_nam, M_SONAME); 263 } 264 nuidp->nu_flag = 0; 265 nuidp->nu_cr = nsd->nsd_cr; 266 if (nuidp->nu_cr.cr_ngroups > NGROUPS) 267 nuidp->nu_cr.cr_ngroups = NGROUPS; 268 nuidp->nu_cr.cr_ref = 1; 269 nuidp->nu_timestamp = nsd->nsd_timestamp; 270 nuidp->nu_expire = time_second + nsd->nsd_ttl; 271 /* 272 * and save the session key in nu_key. 273 */ 274 bcopy(nsd->nsd_key, nuidp->nu_key, 275 sizeof (nsd->nsd_key)); 276 if (nfsd->nfsd_nd->nd_nam2) { 277 struct sockaddr_in *saddr; 278 279 saddr = (struct sockaddr_in *) 280 nfsd->nfsd_nd->nd_nam2; 281 switch (saddr->sin_family) { 282 case AF_INET: 283 nuidp->nu_flag |= NU_INETADDR; 284 nuidp->nu_inetaddr = 285 saddr->sin_addr.s_addr; 286 break; 287 case AF_ISO: 288 default: 289 nuidp->nu_flag |= NU_NAM; 290 nuidp->nu_nam = 291 dup_sockaddr(nfsd->nfsd_nd->nd_nam2); 292 break; 293 }; 294 } 295 TAILQ_INSERT_TAIL(&slp->ns_uidlruhead, nuidp, 296 nu_lru); 297 LIST_INSERT_HEAD(NUIDHASH(slp, nsd->nsd_uid), 298 nuidp, nu_hash); 299 nfsrv_setcred(&nuidp->nu_cr, 300 &nfsd->nfsd_nd->nd_cr); 301 nfsd->nfsd_nd->nd_flag |= ND_KERBFULL; 302 } 303 } 304 } 305 if ((uap->flag & NFSSVC_AUTHINFAIL) && (nfsd = nsd->nsd_nfsd)) 306 nfsd->nfsd_flag |= NFSD_AUTHFAIL; 307 error = nfssvc_nfsd(nsd, uap->argp, td); 308 } 309 #endif /* NFS_NOSERVER */ 310 if (error == EINTR || error == ERESTART) 311 error = 0; 312 done: 313 lwkt_reltoken(&nfs_token); 314 return (error); 315 } 316 317 #ifndef NFS_NOSERVER 318 /* 319 * Adds a socket to the list for servicing by nfsds. 320 */ 321 static int 322 nfssvc_addsock(struct file *fp, struct sockaddr *mynam, struct thread *td) 323 { 324 int siz; 325 struct nfssvc_sock *slp; 326 struct socket *so; 327 int error; 328 329 so = (struct socket *)fp->f_data; 330 #if 0 331 tslp = NULL; 332 /* 333 * Add it to the list, as required. 334 */ 335 if (so->so_proto->pr_protocol == IPPROTO_UDP) { 336 tslp = nfs_udpsock; 337 if (tslp->ns_flag & SLP_VALID) { 338 if (mynam != NULL) 339 kfree(mynam, M_SONAME); 340 return (EPERM); 341 } 342 } 343 #endif 344 /* 345 * Reserve buffer space in the socket. Note that due to bugs in 346 * Linux's delayed-ack code, serious performance degredation may 347 * occur with linux hosts if the minimum is used. 348 * 349 * NFS sockets are not limited to the standard sb_max or by 350 * resource limits. 351 */ 352 if (so->so_type == SOCK_STREAM) 353 siz = NFS_MAXPACKET + sizeof (u_long); 354 else 355 siz = NFS_MAXPACKET; 356 if (siz < nfs_soreserve) 357 siz = nfs_soreserve; 358 359 error = soreserve(so, siz, siz, NULL); 360 if (error) { 361 if (mynam != NULL) 362 kfree(mynam, M_SONAME); 363 return (error); 364 } 365 366 /* 367 * Set protocol specific options { for now TCP only } and 368 * reserve some space. For datagram sockets, this can get called 369 * repeatedly for the same socket, but that isn't harmful. 370 */ 371 if (so->so_type == SOCK_STREAM) { 372 struct sockopt sopt; 373 int val; 374 375 bzero(&sopt, sizeof sopt); 376 sopt.sopt_level = SOL_SOCKET; 377 sopt.sopt_name = SO_KEEPALIVE; 378 sopt.sopt_val = &val; 379 sopt.sopt_valsize = sizeof val; 380 val = 1; 381 sosetopt(so, &sopt); 382 } 383 if (so->so_proto->pr_domain->dom_family == AF_INET && 384 so->so_proto->pr_protocol == IPPROTO_TCP) { 385 struct sockopt sopt; 386 int val; 387 388 bzero(&sopt, sizeof sopt); 389 sopt.sopt_level = IPPROTO_TCP; 390 sopt.sopt_name = TCP_NODELAY; 391 sopt.sopt_val = &val; 392 sopt.sopt_valsize = sizeof val; 393 val = 1; 394 sosetopt(so, &sopt); 395 396 bzero(&sopt, sizeof sopt); 397 sopt.sopt_level = IPPROTO_TCP; 398 sopt.sopt_name = TCP_FASTKEEP; 399 sopt.sopt_val = &val; 400 sopt.sopt_valsize = sizeof val; 401 val = 1; 402 sosetopt(so, &sopt); 403 } 404 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_NOINTR); 405 so->so_rcv.ssb_timeo = 0; 406 atomic_clear_int(&so->so_snd.ssb_flags, SSB_NOINTR); 407 so->so_snd.ssb_timeo = 0; 408 409 slp = kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 410 mtx_init(&slp->ns_solock); 411 STAILQ_INIT(&slp->ns_rec); 412 TAILQ_INIT(&slp->ns_uidlruhead); 413 lwkt_token_init(&slp->ns_token, "nfssrv_token"); 414 415 lwkt_gettoken(&nfs_token); 416 nfsrv_slpref(slp); 417 TAILQ_INSERT_TAIL(&nfssvc_sockhead, slp, ns_chain); 418 lwkt_gettoken(&slp->ns_token); 419 420 slp->ns_so = so; 421 slp->ns_nam = mynam; 422 fp->f_count++; 423 slp->ns_fp = fp; 424 425 so->so_upcallarg = (caddr_t)slp; 426 so->so_upcall = nfsrv_rcv_upcall; 427 atomic_set_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 428 slp->ns_flag = (SLP_VALID | SLP_NEEDQ); 429 nfsrv_wakenfsd(slp, 1); 430 431 lwkt_reltoken(&slp->ns_token); 432 lwkt_reltoken(&nfs_token); 433 434 return (0); 435 } 436 437 /* 438 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests 439 * until it is killed by a signal. 440 */ 441 static int 442 nfssvc_nfsd(struct nfsd_srvargs *nsd, caddr_t argp, struct thread *td) 443 { 444 int siz; 445 struct nfssvc_sock *slp; 446 struct nfsd *nfsd = nsd->nsd_nfsd; 447 struct nfsrv_descript *nd = NULL; 448 struct mbuf *m, *mreq; 449 int error, cacherep, sotype, writes_todo; 450 int procrastinate; 451 u_quad_t cur_usec; 452 453 #ifndef nolint 454 cacherep = RC_DOIT; 455 writes_todo = 0; 456 #endif 457 lwkt_gettoken(&nfs_token); 458 459 if (nfsd == NULL) { 460 nsd->nsd_nfsd = nfsd = (struct nfsd *) 461 kmalloc(sizeof (struct nfsd), M_NFSD, M_WAITOK|M_ZERO); 462 nfsd->nfsd_td = td; 463 TAILQ_INSERT_TAIL(&nfsd_head, nfsd, nfsd_chain); 464 nfs_numnfsd++; 465 } 466 467 /* 468 * Loop getting rpc requests until SIGKILL. 469 */ 470 for (;;) { 471 if ((nfsd->nfsd_flag & NFSD_REQINPROG) == 0) { 472 while (nfsd->nfsd_slp == NULL && 473 (nfsd_head_flag & NFSD_CHECKSLP) == 0) { 474 nfsd->nfsd_flag |= NFSD_WAITING; 475 nfsd_waiting++; 476 error = tsleep(nfsd, PCATCH, "nfsd", 0); 477 nfsd_waiting--; 478 if (error && nfsd->nfsd_slp == NULL) 479 goto done; 480 } 481 if (nfsd->nfsd_slp == NULL && 482 (nfsd_head_flag & NFSD_CHECKSLP)) { 483 TAILQ_FOREACH(slp, &nfssvc_sockhead, ns_chain) { 484 if ((slp->ns_flag & SLP_ACTION_MASK) || 485 slp->ns_needq_upcall) { 486 nfsrv_slpref(slp); 487 nfsd->nfsd_slp = slp; 488 break; 489 } 490 } 491 if (slp == NULL) 492 nfsd_head_flag &= ~NFSD_CHECKSLP; 493 } 494 if ((slp = nfsd->nfsd_slp) == NULL) 495 continue; 496 497 lwkt_reltoken(&nfs_token); 498 lwkt_gettoken(&slp->ns_token); 499 500 if (slp->ns_needq_upcall) { 501 slp->ns_needq_upcall = 0; 502 slp->ns_flag |= SLP_NEEDQ; 503 } 504 505 if (slp->ns_flag & SLP_VALID) { 506 /* 507 * We can both process additional received 508 * data into new records and process existing 509 * records. This keeps the pipeline hot by 510 * allowing the tcp socket to continue to 511 * drain while we are processing records. 512 */ 513 if (slp->ns_flag & SLP_DISCONN) { 514 nfsrv_zapsock(slp); 515 } else if (slp->ns_flag & SLP_NEEDQ) { 516 (void)nfs_slplock(slp, 1); 517 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 518 MB_WAIT); 519 nfs_slpunlock(slp); 520 } 521 error = nfsrv_dorec(slp, nfsd, &nd); 522 cur_usec = nfs_curusec(); 523 if (error && slp->ns_tq.lh_first && 524 slp->ns_tq.lh_first->nd_time <= cur_usec) { 525 error = 0; 526 cacherep = RC_DOIT; 527 writes_todo = 1; 528 } else { 529 writes_todo = 0; 530 } 531 nfsd->nfsd_flag |= NFSD_REQINPROG; 532 } else { 533 slp->ns_flag &= ~SLP_ACTION_MASK; 534 error = 0; 535 } 536 } else { 537 error = 0; 538 slp = nfsd->nfsd_slp; 539 540 lwkt_reltoken(&nfs_token); 541 lwkt_gettoken(&slp->ns_token); 542 543 if (slp->ns_needq_upcall) { 544 slp->ns_needq_upcall = 0; 545 slp->ns_flag |= SLP_NEEDQ; 546 } 547 if (NFSRV_RECLIMIT(slp) == 0 && 548 (slp->ns_flag & SLP_NEEDQ)) { 549 (void)nfs_slplock(slp, 1); 550 nfsrv_rcv(slp->ns_so, (caddr_t)slp, 551 MB_WAIT); 552 nfs_slpunlock(slp); 553 } 554 } 555 556 /* 557 * nfs_token not held here. slp token is held. 558 */ 559 if (error || (slp->ns_flag & SLP_VALID) == 0) { 560 if (nd) { 561 kfree((caddr_t)nd, M_NFSRVDESC); 562 nd = NULL; 563 } 564 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 565 if (slp->ns_flag & SLP_ACTION_MASK) { 566 lwkt_reltoken(&slp->ns_token); 567 lwkt_gettoken(&nfs_token); 568 } else { 569 nfsd->nfsd_slp = NULL; 570 lwkt_reltoken(&slp->ns_token); 571 lwkt_gettoken(&nfs_token); 572 nfsrv_slpderef(slp); 573 } 574 continue; 575 } 576 577 /* 578 * Execute the NFS request - handle the server side cache 579 * 580 * nfs_token not held here. slp token is held. 581 */ 582 sotype = slp->ns_so->so_type; 583 if (nd) { 584 getmicrotime(&nd->nd_starttime); 585 if (nd->nd_nam2) 586 nd->nd_nam = nd->nd_nam2; 587 else 588 nd->nd_nam = slp->ns_nam; 589 590 /* 591 * Check to see if authorization is needed. 592 */ 593 if (nfsd->nfsd_flag & NFSD_NEEDAUTH) { 594 nfsd->nfsd_flag &= ~NFSD_NEEDAUTH; 595 nsd->nsd_haddr = 596 ((struct sockaddr_in *) 597 nd->nd_nam)->sin_addr.s_addr; 598 nsd->nsd_authlen = nfsd->nfsd_authlen; 599 nsd->nsd_verflen = nfsd->nfsd_verflen; 600 if (!copyout(nfsd->nfsd_authstr,nsd->nsd_authstr, 601 nfsd->nfsd_authlen) && 602 !copyout(nfsd->nfsd_verfstr, nsd->nsd_verfstr, 603 nfsd->nfsd_verflen) && 604 !copyout((caddr_t)nsd, argp, sizeof (*nsd))) 605 lwkt_reltoken(&slp->ns_token); 606 return (ENEEDAUTH); 607 cacherep = RC_DROPIT; 608 } else { 609 cacherep = nfsrv_getcache(nd, slp, &mreq); 610 } 611 612 if (nfsd->nfsd_flag & NFSD_AUTHFAIL) { 613 nfsd->nfsd_flag &= ~NFSD_AUTHFAIL; 614 nd->nd_procnum = NFSPROC_NOOP; 615 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 616 cacherep = RC_DOIT; 617 } else if (nfs_privport) { 618 /* Check if source port is privileged */ 619 u_short port; 620 struct sockaddr *nam = nd->nd_nam; 621 struct sockaddr_in *sin; 622 623 sin = (struct sockaddr_in *)nam; 624 port = ntohs(sin->sin_port); 625 if (port >= IPPORT_RESERVED && 626 nd->nd_procnum != NFSPROC_NULL) { 627 nd->nd_procnum = NFSPROC_NOOP; 628 nd->nd_repstat = (NFSERR_AUTHERR | AUTH_TOOWEAK); 629 cacherep = RC_DOIT; 630 kprintf("NFS request from unprivileged port (%s:%d)\n", 631 inet_ntoa(sin->sin_addr), port); 632 } 633 } 634 635 } 636 637 /* 638 * Execute the NFS request - direct execution 639 * 640 * Loop to get all the write rpc replies that have been 641 * gathered together. 642 * 643 * nfs_token not held here. slp token is held. 644 */ 645 do { 646 switch (cacherep) { 647 case RC_DOIT: 648 if (nd && (nd->nd_flag & ND_NFSV3)) 649 procrastinate = nfsrvw_procrastinate_v3; 650 else 651 procrastinate = nfsrvw_procrastinate; 652 if (writes_todo || (nd->nd_procnum == NFSPROC_WRITE && 653 procrastinate > 0) 654 ) { 655 error = nfsrv_writegather(&nd, slp, 656 nfsd->nfsd_td, &mreq); 657 } else { 658 /* NOT YET lwkt_reltoken(&slp->ns_token); */ 659 error = (*(nfsrv3_procs[nd->nd_procnum]))(nd, 660 slp, nfsd->nfsd_td, &mreq); 661 /* NOT YET lwkt_gettoken(&slp->ns_token); */ 662 } 663 if (mreq == NULL) 664 break; 665 if (error != 0 && error != NFSERR_RETVOID) { 666 if (nd->nd_procnum != NQNFSPROC_VACATED) 667 nfsstats.srv_errs++; 668 nfsrv_updatecache(nd, FALSE, mreq); 669 if (nd->nd_nam2) 670 kfree(nd->nd_nam2, M_SONAME); 671 break; 672 } 673 nfsstats.srvrpccnt[nd->nd_procnum]++; 674 nfsrv_updatecache(nd, TRUE, mreq); 675 nd->nd_mrep = NULL; 676 /* FALL THROUGH */ 677 case RC_REPLY: 678 m = mreq; 679 siz = 0; 680 while (m) { 681 siz += m->m_len; 682 m = m->m_next; 683 } 684 if (siz <= 0 || siz > NFS_MAXPACKET) { 685 kprintf("mbuf siz=%d\n",siz); 686 panic("Bad nfs svc reply"); 687 } 688 m = mreq; 689 m->m_pkthdr.len = siz; 690 m->m_pkthdr.rcvif = NULL; 691 /* 692 * For stream protocols, prepend a Sun RPC 693 * Record Mark. 694 */ 695 if (sotype == SOCK_STREAM) { 696 M_PREPEND(m, NFSX_UNSIGNED, MB_WAIT); 697 if (m == NULL) { 698 error = ENOBUFS; 699 goto skip; 700 } 701 *mtod(m, u_int32_t *) = htonl(0x80000000 | siz); 702 } 703 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 704 (void) nfs_slplock(slp, 1); 705 if (slp->ns_flag & SLP_VALID) 706 error = nfs_send(slp->ns_so, nd->nd_nam2, m, NULL); 707 else { 708 error = EPIPE; 709 m_freem(m); 710 } 711 skip: 712 if (nfsrtton) 713 nfsd_rt(sotype, nd, cacherep); 714 if (nd->nd_nam2) 715 kfree(nd->nd_nam2, M_SONAME); 716 if (nd->nd_mrep) 717 m_freem(nd->nd_mrep); 718 if (error == EPIPE || error == ENOBUFS) 719 nfsrv_zapsock(slp); 720 if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED) 721 nfs_slpunlock(slp); 722 if (error == EINTR || error == ERESTART) { 723 kfree((caddr_t)nd, M_NFSRVDESC); 724 lwkt_reltoken(&slp->ns_token); 725 lwkt_gettoken(&nfs_token); 726 nfsd->nfsd_slp = NULL; 727 nfsrv_slpderef(slp); 728 goto done; 729 } 730 break; 731 case RC_DROPIT: 732 if (nfsrtton) 733 nfsd_rt(sotype, nd, cacherep); 734 m_freem(nd->nd_mrep); 735 if (nd->nd_nam2) 736 kfree(nd->nd_nam2, M_SONAME); 737 break; 738 }; 739 if (nd) { 740 kfree((caddr_t)nd, M_NFSRVDESC); 741 nd = NULL; 742 } 743 744 /* 745 * Check to see if there are outstanding writes that 746 * need to be serviced. 747 */ 748 cur_usec = nfs_curusec(); 749 if (slp->ns_tq.lh_first && 750 slp->ns_tq.lh_first->nd_time <= cur_usec) { 751 cacherep = RC_DOIT; 752 writes_todo = 1; 753 } else { 754 writes_todo = 0; 755 } 756 } while (writes_todo); 757 758 /* 759 * nfs_token not held here. slp token is held. 760 */ 761 if (nfsrv_dorec(slp, nfsd, &nd)) { 762 nfsd->nfsd_flag &= ~NFSD_REQINPROG; 763 if (slp->ns_flag & SLP_ACTION_MASK) { 764 lwkt_reltoken(&slp->ns_token); 765 lwkt_gettoken(&nfs_token); 766 } else { 767 nfsd->nfsd_slp = NULL; 768 lwkt_reltoken(&slp->ns_token); 769 lwkt_gettoken(&nfs_token); 770 nfsrv_slpderef(slp); 771 } 772 } else { 773 lwkt_reltoken(&slp->ns_token); 774 lwkt_gettoken(&nfs_token); 775 } 776 } 777 done: 778 TAILQ_REMOVE(&nfsd_head, nfsd, nfsd_chain); 779 kfree((caddr_t)nfsd, M_NFSD); 780 nsd->nsd_nfsd = NULL; 781 if (--nfs_numnfsd == 0) 782 nfsrv_init(TRUE); /* Reinitialize everything */ 783 784 lwkt_reltoken(&nfs_token); 785 return (error); 786 } 787 788 /* 789 * Shut down a socket associated with an nfssvc_sock structure. 790 * Should be called with the send lock set, if required. 791 * The trick here is to increment the sref at the start, so that the nfsds 792 * will stop using it and clear ns_flag at the end so that it will not be 793 * reassigned during cleanup. 794 */ 795 static void 796 nfsrv_zapsock(struct nfssvc_sock *slp) 797 { 798 struct nfsuid *nuidp, *nnuidp; 799 struct nfsrv_descript *nwp, *nnwp; 800 struct socket *so; 801 struct file *fp; 802 struct nfsrv_rec *rec; 803 804 slp->ns_flag &= ~SLP_ALLFLAGS; 805 fp = slp->ns_fp; 806 if (fp) { 807 slp->ns_fp = NULL; 808 so = slp->ns_so; 809 atomic_clear_int(&so->so_rcv.ssb_flags, SSB_UPCALL); 810 so->so_upcall = NULL; 811 so->so_upcallarg = NULL; 812 soshutdown(so, SHUT_RDWR); 813 closef(fp, NULL); 814 if (slp->ns_nam) 815 kfree(slp->ns_nam, M_SONAME); 816 m_freem(slp->ns_raw); 817 while ((rec = STAILQ_FIRST(&slp->ns_rec)) != NULL) { 818 --slp->ns_numrec; 819 STAILQ_REMOVE_HEAD(&slp->ns_rec, nr_link); 820 if (rec->nr_address) 821 kfree(rec->nr_address, M_SONAME); 822 m_freem(rec->nr_packet); 823 kfree(rec, M_NFSRVDESC); 824 } 825 KKASSERT(slp->ns_numrec == 0); 826 827 TAILQ_FOREACH_MUTABLE(nuidp, &slp->ns_uidlruhead, nu_lru, 828 nnuidp) { 829 LIST_REMOVE(nuidp, nu_hash); 830 TAILQ_REMOVE(&slp->ns_uidlruhead, nuidp, nu_lru); 831 if (nuidp->nu_flag & NU_NAM) 832 kfree(nuidp->nu_nam, M_SONAME); 833 kfree((caddr_t)nuidp, M_NFSUID); 834 } 835 crit_enter(); 836 for (nwp = slp->ns_tq.lh_first; nwp; nwp = nnwp) { 837 nnwp = nwp->nd_tq.le_next; 838 LIST_REMOVE(nwp, nd_tq); 839 kfree((caddr_t)nwp, M_NFSRVDESC); 840 } 841 LIST_INIT(&slp->ns_tq); 842 crit_exit(); 843 nfsrv_slpderef(slp); 844 } 845 } 846 847 /* 848 * Derefence a server socket structure. If it has no more references and 849 * is no longer valid, you can throw it away. 850 * 851 * Must be holding nfs_token! 852 */ 853 void 854 nfsrv_slpderef(struct nfssvc_sock *slp) 855 { 856 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 857 if (slp->ns_sref == 1) { 858 KKASSERT((slp->ns_flag & SLP_VALID) == 0); 859 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 860 slp->ns_sref = 0; 861 kfree((caddr_t)slp, M_NFSSVC); 862 } else { 863 --slp->ns_sref; 864 } 865 } 866 867 void 868 nfsrv_slpref(struct nfssvc_sock *slp) 869 { 870 ASSERT_LWKT_TOKEN_HELD(&nfs_token); 871 ++slp->ns_sref; 872 } 873 874 /* 875 * Lock a socket against others. 876 * 877 * Returns 0 on failure, 1 on success. 878 */ 879 int 880 nfs_slplock(struct nfssvc_sock *slp, int wait) 881 { 882 mtx_t mtx = &slp->ns_solock; 883 884 if (wait) { 885 mtx_lock_ex(mtx, "nfsslplck", 0, 0); 886 return(1); 887 } else if (mtx_lock_ex_try(mtx) == 0) { 888 return(1); 889 } else { 890 return(0); 891 } 892 } 893 894 /* 895 * Unlock the stream socket for others. 896 */ 897 void 898 nfs_slpunlock(struct nfssvc_sock *slp) 899 { 900 mtx_t mtx = &slp->ns_solock; 901 902 mtx_unlock(mtx); 903 } 904 905 /* 906 * Initialize the data structures for the server. 907 * Handshake with any new nfsds starting up to avoid any chance of 908 * corruption. 909 */ 910 void 911 nfsrv_init(int terminating) 912 { 913 struct nfssvc_sock *slp, *nslp; 914 915 lwkt_gettoken(&nfs_token); 916 if (nfssvc_sockhead_flag & SLP_INIT) 917 panic("nfsd init"); 918 nfssvc_sockhead_flag |= SLP_INIT; 919 920 if (terminating) { 921 TAILQ_FOREACH_MUTABLE(slp, &nfssvc_sockhead, ns_chain, nslp) { 922 if (slp->ns_flag & SLP_VALID) 923 nfsrv_zapsock(slp); 924 /* 925 TAILQ_REMOVE(&nfssvc_sockhead, slp, ns_chain); 926 kfree((caddr_t)slp, M_NFSSVC); 927 */ 928 } 929 nfsrv_cleancache(); /* And clear out server cache */ 930 } else { 931 nfs_pub.np_valid = 0; 932 } 933 934 TAILQ_INIT(&nfssvc_sockhead); 935 nfssvc_sockhead_flag &= ~SLP_INIT; 936 if (nfssvc_sockhead_flag & SLP_WANTINIT) { 937 nfssvc_sockhead_flag &= ~SLP_WANTINIT; 938 wakeup((caddr_t)&nfssvc_sockhead); 939 } 940 941 TAILQ_INIT(&nfsd_head); 942 nfsd_head_flag &= ~NFSD_CHECKSLP; 943 944 lwkt_reltoken(&nfs_token); 945 946 #if 0 947 nfs_udpsock = (struct nfssvc_sock *) 948 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 949 mtx_init(&nfs_udpsock->ns_solock); 950 STAILQ_INIT(&nfs_udpsock->ns_rec); 951 TAILQ_INIT(&nfs_udpsock->ns_uidlruhead); 952 TAILQ_INSERT_HEAD(&nfssvc_sockhead, nfs_udpsock, ns_chain); 953 954 nfs_cltpsock = (struct nfssvc_sock *) 955 kmalloc(sizeof (struct nfssvc_sock), M_NFSSVC, M_WAITOK | M_ZERO); 956 mtx_init(&nfs_cltpsock->ns_solock); 957 STAILQ_INIT(&nfs_cltpsock->ns_rec); 958 TAILQ_INIT(&nfs_cltpsock->ns_uidlruhead); 959 TAILQ_INSERT_TAIL(&nfssvc_sockhead, nfs_cltpsock, ns_chain); 960 #endif 961 } 962 963 /* 964 * Add entries to the server monitor log. 965 */ 966 static void 967 nfsd_rt(int sotype, struct nfsrv_descript *nd, int cacherep) 968 { 969 struct drt *rt; 970 971 rt = &nfsdrt.drt[nfsdrt.pos]; 972 if (cacherep == RC_DOIT) 973 rt->flag = 0; 974 else if (cacherep == RC_REPLY) 975 rt->flag = DRT_CACHEREPLY; 976 else 977 rt->flag = DRT_CACHEDROP; 978 if (sotype == SOCK_STREAM) 979 rt->flag |= DRT_TCP; 980 if (nd->nd_flag & ND_NFSV3) 981 rt->flag |= DRT_NFSV3; 982 rt->proc = nd->nd_procnum; 983 if (nd->nd_nam->sa_family == AF_INET) 984 rt->ipadr = ((struct sockaddr_in *)nd->nd_nam)->sin_addr.s_addr; 985 else 986 rt->ipadr = INADDR_ANY; 987 rt->resptime = nfs_curusec() - (nd->nd_starttime.tv_sec * 1000000 + nd->nd_starttime.tv_usec); 988 getmicrotime(&rt->tstamp); 989 nfsdrt.pos = (nfsdrt.pos + 1) % NFSRTTLOGSIZ; 990 } 991 #endif /* NFS_NOSERVER */ 992 993 /* 994 * Get an authorization string for the uid by having the mount_nfs sitting 995 * on this mount point porpous out of the kernel and do it. 996 */ 997 int 998 nfs_getauth(struct nfsmount *nmp, struct nfsreq *rep, 999 struct ucred *cred, char **auth_str, int *auth_len, char *verf_str, 1000 int *verf_len, NFSKERBKEY_T key /* return session key */) 1001 { 1002 int error = 0; 1003 1004 while ((nmp->nm_state & NFSSTA_WAITAUTH) == 0) { 1005 nmp->nm_state |= NFSSTA_WANTAUTH; 1006 (void) tsleep((caddr_t)&nmp->nm_authtype, 0, 1007 "nfsauth1", 2 * hz); 1008 error = nfs_sigintr(nmp, rep, rep->r_td); 1009 if (error) { 1010 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1011 return (error); 1012 } 1013 } 1014 nmp->nm_state &= ~(NFSSTA_WAITAUTH | NFSSTA_WANTAUTH); 1015 nmp->nm_authstr = *auth_str = (char *)kmalloc(RPCAUTH_MAXSIZ, M_TEMP, M_WAITOK); 1016 nmp->nm_authlen = RPCAUTH_MAXSIZ; 1017 nmp->nm_verfstr = verf_str; 1018 nmp->nm_verflen = *verf_len; 1019 nmp->nm_authuid = cred->cr_uid; 1020 wakeup((caddr_t)&nmp->nm_authstr); 1021 1022 /* 1023 * And wait for mount_nfs to do its stuff. 1024 */ 1025 while ((nmp->nm_state & NFSSTA_HASAUTH) == 0 && error == 0) { 1026 (void) tsleep((caddr_t)&nmp->nm_authlen, 0, 1027 "nfsauth2", 2 * hz); 1028 error = nfs_sigintr(nmp, rep, rep->r_td); 1029 } 1030 if (nmp->nm_state & NFSSTA_AUTHERR) { 1031 nmp->nm_state &= ~NFSSTA_AUTHERR; 1032 error = EAUTH; 1033 } 1034 if (error) 1035 kfree((caddr_t)*auth_str, M_TEMP); 1036 else { 1037 *auth_len = nmp->nm_authlen; 1038 *verf_len = nmp->nm_verflen; 1039 bcopy((caddr_t)nmp->nm_key, (caddr_t)key, sizeof (NFSKERBKEY_T)); 1040 } 1041 nmp->nm_state &= ~NFSSTA_HASAUTH; 1042 nmp->nm_state |= NFSSTA_WAITAUTH; 1043 if (nmp->nm_state & NFSSTA_WANTAUTH) { 1044 nmp->nm_state &= ~NFSSTA_WANTAUTH; 1045 wakeup((caddr_t)&nmp->nm_authtype); 1046 } 1047 return (error); 1048 } 1049 1050 /* 1051 * Get a nickname authenticator and verifier. 1052 */ 1053 int 1054 nfs_getnickauth(struct nfsmount *nmp, struct ucred *cred, char **auth_str, 1055 int *auth_len, char *verf_str, int verf_len) 1056 { 1057 struct nfsuid *nuidp; 1058 u_int32_t *nickp, *verfp; 1059 struct timeval ktvin, ktvout; 1060 1061 #ifdef DIAGNOSTIC 1062 if (verf_len < (4 * NFSX_UNSIGNED)) 1063 panic("nfs_getnickauth verf too small"); 1064 #endif 1065 for (nuidp = NMUIDHASH(nmp, cred->cr_uid)->lh_first; 1066 nuidp != 0; nuidp = nuidp->nu_hash.le_next) { 1067 if (nuidp->nu_cr.cr_uid == cred->cr_uid) 1068 break; 1069 } 1070 if (!nuidp || nuidp->nu_expire < time_second) 1071 return (EACCES); 1072 1073 /* 1074 * Move to the end of the lru list (end of lru == most recently used). 1075 */ 1076 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, nu_lru); 1077 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, nu_lru); 1078 1079 nickp = (u_int32_t *)kmalloc(2 * NFSX_UNSIGNED, M_TEMP, M_WAITOK); 1080 *nickp++ = txdr_unsigned(RPCAKN_NICKNAME); 1081 *nickp = txdr_unsigned(nuidp->nu_nickname); 1082 *auth_str = (char *)nickp; 1083 *auth_len = 2 * NFSX_UNSIGNED; 1084 1085 /* 1086 * Now we must encrypt the verifier and package it up. 1087 */ 1088 verfp = (u_int32_t *)verf_str; 1089 *verfp++ = txdr_unsigned(RPCAKN_NICKNAME); 1090 if (time_second > nuidp->nu_timestamp.tv_sec || 1091 (time_second == nuidp->nu_timestamp.tv_sec && 1092 time_second > nuidp->nu_timestamp.tv_usec)) 1093 getmicrotime(&nuidp->nu_timestamp); 1094 else 1095 nuidp->nu_timestamp.tv_usec++; 1096 ktvin.tv_sec = txdr_unsigned(nuidp->nu_timestamp.tv_sec); 1097 ktvin.tv_usec = txdr_unsigned(nuidp->nu_timestamp.tv_usec); 1098 1099 /* 1100 * Now encrypt the timestamp verifier in ecb mode using the session 1101 * key. 1102 */ 1103 #ifdef NFSKERB 1104 XXX 1105 #else 1106 ktvout.tv_sec = 0; 1107 ktvout.tv_usec = 0; 1108 #endif 1109 1110 *verfp++ = ktvout.tv_sec; 1111 *verfp++ = ktvout.tv_usec; 1112 *verfp = 0; 1113 return (0); 1114 } 1115 1116 /* 1117 * Save the current nickname in a hash list entry on the mount point. 1118 */ 1119 int 1120 nfs_savenickauth(struct nfsmount *nmp, struct ucred *cred, int len, 1121 NFSKERBKEY_T key, struct mbuf **mdp, char **dposp, 1122 struct mbuf *mrep) 1123 { 1124 struct nfsuid *nuidp; 1125 u_int32_t *tl; 1126 struct timeval ktvin, ktvout; 1127 u_int32_t nick; 1128 int deltasec, error = 0; 1129 struct nfsm_info info; 1130 1131 info.md = *mdp; 1132 info.dpos = *dposp; 1133 info.mrep = mrep; 1134 1135 if (len == (3 * NFSX_UNSIGNED)) { 1136 NULLOUT(tl = nfsm_dissect(&info, 3 * NFSX_UNSIGNED)); 1137 ktvin.tv_sec = *tl++; 1138 ktvin.tv_usec = *tl++; 1139 nick = fxdr_unsigned(u_int32_t, *tl); 1140 1141 /* 1142 * Decrypt the timestamp in ecb mode. 1143 */ 1144 #ifdef NFSKERB 1145 XXX 1146 #else 1147 ktvout.tv_sec = 0; 1148 ktvout.tv_usec = 0; 1149 #endif 1150 ktvout.tv_sec = fxdr_unsigned(long, ktvout.tv_sec); 1151 ktvout.tv_usec = fxdr_unsigned(long, ktvout.tv_usec); 1152 deltasec = time_second - ktvout.tv_sec; 1153 if (deltasec < 0) 1154 deltasec = -deltasec; 1155 /* 1156 * If ok, add it to the hash list for the mount point. 1157 */ 1158 if (deltasec <= NFS_KERBCLOCKSKEW) { 1159 if (nmp->nm_numuids < nuidhash_max) { 1160 nmp->nm_numuids++; 1161 nuidp = (struct nfsuid *) 1162 kmalloc(sizeof (struct nfsuid), M_NFSUID, 1163 M_WAITOK); 1164 } else { 1165 nuidp = TAILQ_FIRST(&nmp->nm_uidlruhead); 1166 LIST_REMOVE(nuidp, nu_hash); 1167 TAILQ_REMOVE(&nmp->nm_uidlruhead, nuidp, 1168 nu_lru); 1169 } 1170 nuidp->nu_flag = 0; 1171 nuidp->nu_cr.cr_uid = cred->cr_uid; 1172 nuidp->nu_expire = time_second + NFS_KERBTTL; 1173 nuidp->nu_timestamp = ktvout; 1174 nuidp->nu_nickname = nick; 1175 bcopy(key, nuidp->nu_key, sizeof (NFSKERBKEY_T)); 1176 TAILQ_INSERT_TAIL(&nmp->nm_uidlruhead, nuidp, 1177 nu_lru); 1178 LIST_INSERT_HEAD(NMUIDHASH(nmp, cred->cr_uid), 1179 nuidp, nu_hash); 1180 } 1181 } else { 1182 ERROROUT(nfsm_adv(&info, nfsm_rndup(len))); 1183 } 1184 nfsmout: 1185 *mdp = info.md; 1186 *dposp = info.dpos; 1187 return (error); 1188 } 1189