Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/fs/nfsclient/nfs_clkrpc.c
39564 views
1
/*-

2
 * SPDX-License-Identifier: BSD-3-Clause

3
 *

4
 * Copyright (c) 1989, 1993

5
 *	The Regents of the University of California.  All rights reserved.

6
 *

7
 * This code is derived from software contributed to Berkeley by

8
 * Rick Macklem at The University of Guelph.

9
 *

10
 * Redistribution and use in source and binary forms, with or without

11
 * modification, are permitted provided that the following conditions

12
 * are met:

13
 * 1. Redistributions of source code must retain the above copyright

14
 *    notice, this list of conditions and the following disclaimer.

15
 * 2. Redistributions in binary form must reproduce the above copyright

16
 *    notice, this list of conditions and the following disclaimer in the

17
 *    documentation and/or other materials provided with the distribution.

18
 * 3. Neither the name of the University nor the names of its contributors

19
 *    may be used to endorse or promote products derived from this software

20
 *    without specific prior written permission.

21
 *

22
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

23
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

24
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

25
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

26
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

27
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

28
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

29
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

30
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

31
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

32
 * SUCH DAMAGE.

33
 *

34
 */

35


36
#include <sys/cdefs.h>

37
#include "opt_kgssapi.h"

38
#include "opt_kern_tls.h"

39


40
#include <fs/nfs/nfsport.h>

41


42
#include <rpc/rpc.h>

43
#include <rpc/replay.h>

44
#include <rpc/rpcsec_gss.h>

45
#include <rpc/rpcsec_tls.h>

46


47
NFSDLOCKMUTEX;

48


49
extern SVCPOOL	*nfscbd_pool;

50


51
static int nfs_cbproc(struct nfsrv_descript *, u_int32_t);

52


53
extern u_long sb_max_adj;

54
extern int nfs_numnfscbd;

55
extern int nfscl_debuglevel;

56


57
/*

58
 * NFS client system calls for handling callbacks.

59
 */

60


61
/*

62
 * Handles server to client callbacks.

63
 */

64
static void

65
nfscb_program(struct svc_req *rqst, SVCXPRT *xprt)

66
{

67
	struct nfsrv_descript nd;

68
	int cacherep, credflavor;

69
#ifdef KERN_TLS

70
	u_int maxlen;

71
#endif

72


73
	memset(&nd, 0, sizeof(nd));

74
	if (rqst->rq_proc != NFSPROC_NULL &&

75
	    rqst->rq_proc != NFSV4PROC_CBCOMPOUND) {

76
		svcerr_noproc(rqst);

77
		svc_freereq(rqst);

78
		return;

79
	}

80
	nd.nd_procnum = rqst->rq_proc;

81
	nd.nd_flag = (ND_NFSCB | ND_NFSV4);

82


83
	/*

84
	 * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 -

85
	 * NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP

86
	 * mounts.

87
	 */

88
	nd.nd_mrep = rqst->rq_args;

89
	rqst->rq_args = NULL;

90
	newnfs_realign(&nd.nd_mrep, M_WAITOK);

91
	nd.nd_md = nd.nd_mrep;

92
	nd.nd_dpos = mtod(nd.nd_md, caddr_t);

93
	nd.nd_nam = svc_getrpccaller(rqst);

94
	nd.nd_nam2 = rqst->rq_addr;

95
	nd.nd_mreq = NULL;

96
	nd.nd_cred = NULL;

97


98
	NFSCL_DEBUG(1, "cbproc=%d\n",nd.nd_procnum);

99
	if (nd.nd_procnum != NFSPROC_NULL) {

100
		if (!svc_getcred(rqst, &nd.nd_cred, &credflavor)) {

101
			svcerr_weakauth(rqst);

102
			svc_freereq(rqst);

103
			m_freem(nd.nd_mrep);

104
			return;

105
		}

106


107
		/* For now, I don't care what credential flavor was used. */

108
#ifdef notyet

109
#ifdef MAC

110
		mac_cred_associate_nfsd(nd.nd_cred);

111
#endif

112
#endif

113
#ifdef KERN_TLS

114
		if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 &&

115
		    rpctls_getinfo(&maxlen, false, false)) {

116
			nd.nd_flag |= ND_EXTPG;

117
			nd.nd_maxextsiz = maxlen;

118
		}

119
#endif

120
		cacherep = nfs_cbproc(&nd, rqst->rq_xid);

121
	} else {

122
		NFSMGET(nd.nd_mreq);

123
		nd.nd_mreq->m_len = 0;

124
		cacherep = RC_REPLY;

125
	}

126
	if (nd.nd_mrep != NULL)

127
		m_freem(nd.nd_mrep);

128


129
	if (nd.nd_cred != NULL)

130
		crfree(nd.nd_cred);

131


132
	if (cacherep == RC_DROPIT) {

133
		if (nd.nd_mreq != NULL)

134
			m_freem(nd.nd_mreq);

135
		svc_freereq(rqst);

136
		return;

137
	}

138


139
	if (nd.nd_mreq == NULL) {

140
		svcerr_decode(rqst);

141
		svc_freereq(rqst);

142
		return;

143
	}

144


145
	if (nd.nd_repstat & NFSERR_AUTHERR) {

146
		svcerr_auth(rqst, nd.nd_repstat & ~NFSERR_AUTHERR);

147
		if (nd.nd_mreq != NULL)

148
			m_freem(nd.nd_mreq);

149
	} else if (!svc_sendreply_mbuf(rqst, nd.nd_mreq))

150
		svcerr_systemerr(rqst);

151
	else

152
		NFSCL_DEBUG(1, "cbrep sent\n");

153
	svc_freereq(rqst);

154
}

155


156
/*

157
 * Check the cache and, optionally, do the RPC.

158
 * Return the appropriate cache response.

159
 */

160
static int

161
nfs_cbproc(struct nfsrv_descript *nd, u_int32_t xid)

162
{

163
	struct thread *td = curthread;

164
	int cacherep;

165


166
	if (nd->nd_nam2 == NULL)

167
		nd->nd_flag |= ND_STREAMSOCK;

168


169
	nfscl_docb(nd, td);

170
	if (nd->nd_repstat == NFSERR_DONTREPLY)

171
		cacherep = RC_DROPIT;

172
	else

173
		cacherep = RC_REPLY;

174
	return (cacherep);

175
}

176


177
/*

178
 * Adds a socket to the list for servicing by nfscbds.

179
 */

180
int

181
nfscbd_addsock(struct file *fp)

182
{

183
	int siz;

184
	struct socket *so;

185
	int error;

186
	SVCXPRT *xprt;

187


188
	so = fp->f_data;

189


190
	siz = sb_max_adj;

191
	error = soreserve(so, siz, siz);

192
	if (error)

193
		return (error);

194


195
	/*

196
	 * Steal the socket from userland so that it doesn't close

197
	 * unexpectedly.

198
	 */

199
	if (so->so_type == SOCK_DGRAM)

200
		xprt = svc_dg_create(nfscbd_pool, so, 0, 0);

201
	else

202
		xprt = svc_vc_create(nfscbd_pool, so, 0, 0);

203
	if (xprt) {

204
		fp->f_ops = &badfileops;

205
		fp->f_data = NULL;

206
		svc_reg(xprt, NFS_CALLBCKPROG, NFSV4_CBVERS, nfscb_program,

207
		    NULL);

208
		SVC_RELEASE(xprt);

209
	}

210


211
	return (0);

212
}

213


214
/*

215
 * Called by nfssvc() for nfscbds. Just loops around servicing rpc requests

216
 * until it is killed by a signal.

217
 *

218
 * For now, only support callbacks via RPCSEC_GSS if there is a KerberosV

219
 * keytab entry with a host based entry in it on the client. (I'm not even

220
 * sure that getting Acceptor credentials for a user principal with a

221
 * credentials cache is possible, but even if it is, major changes to the

222
 * kgssapi would be required.)

223
 * I don't believe that this is a serious limitation since, as of 2009, most

224
 * NFSv4 servers supporting callbacks are using AUTH_SYS for callbacks even

225
 * when the client is using RPCSEC_GSS. (This BSD server uses AUTH_SYS

226
 * for callbacks unless nfsrv_gsscallbackson is set non-zero.)

227
 */

228
int

229
nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)

230
{

231
	char principal[128];

232
	int error;

233


234
	if (args != NULL) {

235
		error = copyinstr(args->principal, principal,

236
		    sizeof(principal), NULL);

237
		if (error)

238
			return (error);

239
	} else {

240
		principal[0] = '\0';

241
	}

242


243
	/*

244
	 * Only the first nfsd actually does any work. The RPC code

245
	 * adds threads to it as needed. Any extra processes offered

246
	 * by nfsd just exit. If nfsd is new enough, it will call us

247
	 * once with a structure that specifies how many threads to

248
	 * use.

249
	 */

250
	NFSD_LOCK();

251
	if (nfs_numnfscbd == 0) {

252
		nfs_numnfscbd++;

253


254
		NFSD_UNLOCK();

255


256
		if (principal[0] != '\0')

257
			rpc_gss_set_svc_name_call(principal, "kerberosv5",

258
			    GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS);

259


260
		nfscbd_pool->sp_minthreads = 4;

261
		nfscbd_pool->sp_maxthreads = 4;

262
			

263
		svc_run(nfscbd_pool);

264


265
		rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS);

266


267
		NFSD_LOCK();

268
		nfs_numnfscbd--;

269
		nfsrvd_cbinit(1);

270
	}

271
	NFSD_UNLOCK();

272


273
	return (0);

274
}

275


276
/*

277
 * Initialize the data structures for the server.

278
 * Handshake with any new nfsds starting up to avoid any chance of

279
 * corruption.

280
 */

281
void

282
nfsrvd_cbinit(int terminating)

283
{

284


285
	NFSD_LOCK_ASSERT();

286


287
	if (terminating) {

288
		/* Wait for any xprt registrations to complete. */

289
		while (nfs_numnfscbd > 0)

290
			msleep(&nfs_numnfscbd, NFSDLOCKMUTEXPTR, PZERO, 

291
			    "nfscbdt", 0);

292
		if (nfscbd_pool != NULL) {

293
			NFSD_UNLOCK();

294
			svcpool_close(nfscbd_pool);

295
			NFSD_LOCK();

296
		}

297
	}

298


299
	if (nfscbd_pool == NULL) {

300
		NFSD_UNLOCK();

301
		nfscbd_pool = svcpool_create("nfscbd", NULL);

302
		nfscbd_pool->sp_rcache = NULL;

303
		nfscbd_pool->sp_assign = NULL;

304
		nfscbd_pool->sp_done = NULL;

305
		NFSD_LOCK();

306
	}

307
}

308


309