1
/*-
2
 * SPDX-License-Identifier: BSD-3-Clause
3
 *
4
 * Copyright (c) 1989, 1993
5
 *	The Regents of the University of California.  All rights reserved.
6
 *
7
 * This code is derived from software contributed to Berkeley by
8
 * Rick Macklem at The University of Guelph.
9
 *
10
 * Redistribution and use in source and binary forms, with or without
11
 * modification, are permitted provided that the following conditions
12
 * are met:
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in the
17
 *    documentation and/or other materials provided with the distribution.
18
 * 3. Neither the name of the University nor the names of its contributors
19
 *    may be used to endorse or promote products derived from this software
20
 *    without specific prior written permission.
21
 *
22
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32
 * SUCH DAMAGE.
33
 *
34
 */
35

36
#include <sys/cdefs.h>
37
#include "opt_inet6.h"
38
#include "opt_kgssapi.h"
39
#include "opt_kern_tls.h"
40

41
#include <fs/nfs/nfsport.h>
42

43
#include <rpc/rpc.h>
44
#include <rpc/rpcsec_gss.h>
45
#include <rpc/rpcsec_tls.h>
46

47
#include <fs/nfsserver/nfs_fha_new.h>
48

49
#include <security/mac/mac_framework.h>
50

51
NFSDLOCKMUTEX;
52
NFSV4ROOTLOCKMUTEX;
53
char *nfsrv_zeropnfsdat = NULL;
54

55
/*
56
 * Mapping of old NFS Version 2 RPC numbers to generic numbers.
57
 */
58
int newnfs_nfsv3_procid[NFS_V3NPROCS] = {
59
	NFSPROC_NULL,
60
	NFSPROC_GETATTR,
61
	NFSPROC_SETATTR,
62
	NFSPROC_NOOP,
63
	NFSPROC_LOOKUP,
64
	NFSPROC_READLINK,
65
	NFSPROC_READ,
66
	NFSPROC_NOOP,
67
	NFSPROC_WRITE,
68
	NFSPROC_CREATE,
69
	NFSPROC_REMOVE,
70
	NFSPROC_RENAME,
71
	NFSPROC_LINK,
72
	NFSPROC_SYMLINK,
73
	NFSPROC_MKDIR,
74
	NFSPROC_RMDIR,
75
	NFSPROC_READDIR,
76
	NFSPROC_FSSTAT,
77
	NFSPROC_NOOP,
78
	NFSPROC_NOOP,
79
	NFSPROC_NOOP,
80
	NFSPROC_NOOP,
81
};
82

83
SYSCTL_DECL(_vfs_nfsd);
84

85
NFSD_VNET_DEFINE_STATIC(int, nfs_privport) = 1;
86
SYSCTL_INT(_vfs_nfsd, OID_AUTO, nfs_privport, CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN,
87
    &NFSD_VNET_NAME(nfs_privport), 0,
88
    "Only allow clients using a privileged port for NFSv2, 3 and 4");
89

90
NFSD_VNET_DEFINE_STATIC(int, nfs_minvers) = NFS_VER2;
91
SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_min_nfsvers,
92
    CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN, &NFSD_VNET_NAME(nfs_minvers), 0,
93
    "The lowest version of NFS handled by the server");
94

95
NFSD_VNET_DEFINE_STATIC(int, nfs_maxvers) = NFS_VER4;
96
SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_max_nfsvers,
97
    CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN, &NFSD_VNET_NAME(nfs_maxvers), 0,
98
    "The highest version of NFS handled by the server");
99

100
static int nfs_proc(struct nfsrv_descript *, u_int32_t, SVCXPRT *xprt,
101
    struct nfsrvcache **);
102

103
extern u_long sb_max_adj;
104
extern int newnfs_numnfsd;
105
extern time_t nfsdev_time;
106
extern int nfsrv_writerpc[NFS_NPROCS];
107
extern volatile int nfsrv_devidcnt;
108
extern struct nfsv4_opflag nfsv4_opflag[NFSV42_NOPS];
109
extern int nfsd_debuglevel;
110

111
NFSD_VNET_DECLARE(struct proc *, nfsd_master_proc);
112

113
NFSD_VNET_DEFINE(SVCPOOL *, nfsrvd_pool);
114
NFSD_VNET_DEFINE(int, nfsrv_numnfsd) = 0;
115
NFSD_VNET_DEFINE(struct nfsv4lock, nfsd_suspend_lock);
116

117
NFSD_VNET_DEFINE_STATIC(bool, nfsrvd_inited) = false;
118

119
/*
120
 * NFS server system calls
121
 */
122

123
static void
124
nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
125
{
126
	struct nfsrv_descript nd;
127
	struct nfsrvcache *rp = NULL;
128
	rpc_gss_rawcred_t *rcredp;
129
	int cacherep, credflavor, i, j;
130
	u_char *p;
131
#ifdef KERN_TLS
132
	u_int maxlen;
133
#endif
134

135
	NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
136
	memset(&nd, 0, sizeof(nd));
137
	if (rqst->rq_vers == NFS_VER2) {
138
		if (rqst->rq_proc > NFSV2PROC_STATFS ||
139
		    newnfs_nfsv3_procid[rqst->rq_proc] == NFSPROC_NOOP) {
140
			svcerr_noproc(rqst);
141
			svc_freereq(rqst);
142
			goto out;
143
		}
144
		nd.nd_procnum = newnfs_nfsv3_procid[rqst->rq_proc];
145
		nd.nd_flag = ND_NFSV2;
146
	} else if (rqst->rq_vers == NFS_VER3) {
147
		if (rqst->rq_proc >= NFS_V3NPROCS) {
148
			svcerr_noproc(rqst);
149
			svc_freereq(rqst);
150
			goto out;
151
		}
152
		nd.nd_procnum = rqst->rq_proc;
153
		nd.nd_flag = ND_NFSV3;
154
	} else {
155
		if (rqst->rq_proc != NFSPROC_NULL &&
156
		    rqst->rq_proc != NFSV4PROC_COMPOUND) {
157
			svcerr_noproc(rqst);
158
			svc_freereq(rqst);
159
			goto out;
160
		}
161
		nd.nd_procnum = rqst->rq_proc;
162
		nd.nd_flag = ND_NFSV4;
163
	}
164

165
	/*
166
	 * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 -
167
	 * NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP
168
	 * mounts.
169
	 */
170
	nd.nd_mrep = rqst->rq_args;
171
	rqst->rq_args = NULL;
172
	newnfs_realign(&nd.nd_mrep, M_WAITOK);
173
	nd.nd_md = nd.nd_mrep;
174
	nd.nd_dpos = mtod(nd.nd_md, caddr_t);
175
	nd.nd_nam = svc_getrpccaller(rqst);
176
	nd.nd_nam2 = rqst->rq_addr;
177
	nd.nd_mreq = NULL;
178
	nd.nd_cred = NULL;
179

180
	if (NFSD_VNET(nfs_privport) != 0) {
181
		/* Check if source port is privileged */
182
		u_short port;
183
		struct sockaddr *nam = nd.nd_nam;
184
		struct sockaddr_in *sin;
185

186
		sin = (struct sockaddr_in *)nam;
187
		/*
188
		 * INET/INET6 - same code:
189
		 *    sin_port and sin6_port are at same offset
190
		 */
191
		port = ntohs(sin->sin_port);
192
		if (port >= IPPORT_RESERVED &&
193
		    nd.nd_procnum != NFSPROC_NULL) {
194
			static struct timeval privport_ratecheck = {
195
				.tv_sec = 0, .tv_usec = 0
196
			};
197
			static const struct timeval privport_ratecheck_int = {
198
				.tv_sec = 1, .tv_usec = 0
199
			};
200
#ifdef INET6
201
			char buf[INET6_ADDRSTRLEN];
202
#else
203
			char buf[INET_ADDRSTRLEN];
204
#endif
205
#ifdef INET6
206
#if defined(KLD_MODULE)
207
			/* Do not use ip6_sprintf: the nfs module should work without INET6. */
208
#define	ip6_sprintf(buf, a)						\
209
			(sprintf((buf), "%x:%x:%x:%x:%x:%x:%x:%x",	\
210
			    (a)->s6_addr16[0], (a)->s6_addr16[1],	\
211
			    (a)->s6_addr16[2], (a)->s6_addr16[3],	\
212
			    (a)->s6_addr16[4], (a)->s6_addr16[5],	\
213
			    (a)->s6_addr16[6], (a)->s6_addr16[7]),	\
214
			    (buf))
215
#endif
216
#endif
217
			if (ratecheck(&privport_ratecheck,
218
			    &privport_ratecheck_int)) {
219
				printf(
220
			    "NFS request from unprivileged port (%s:%d)\n",
221
#ifdef INET6
222
				    sin->sin_family == AF_INET6 ?
223
				    ip6_sprintf(buf, &satosin6(sin)->sin6_addr) :
224
#if defined(KLD_MODULE)
225
#undef ip6_sprintf
226
#endif
227
#endif
228
				    inet_ntoa_r(sin->sin_addr, buf), port);
229
			}
230
			svcerr_weakauth(rqst);
231
			svc_freereq(rqst);
232
			m_freem(nd.nd_mrep);
233
			goto out;
234
		}
235
	}
236

237
	if (nd.nd_procnum != NFSPROC_NULL) {
238
		if (!svc_getcred(rqst, &nd.nd_cred, &credflavor)) {
239
			svcerr_weakauth(rqst);
240
			svc_freereq(rqst);
241
			m_freem(nd.nd_mrep);
242
			goto out;
243
		}
244

245
		/* Set the flag based on credflavor */
246
		if (credflavor == RPCSEC_GSS_KRB5) {
247
			nd.nd_flag |= ND_GSS;
248
		} else if (credflavor == RPCSEC_GSS_KRB5I) {
249
			nd.nd_flag |= (ND_GSS | ND_GSSINTEGRITY);
250
		} else if (credflavor == RPCSEC_GSS_KRB5P) {
251
			nd.nd_flag |= (ND_GSS | ND_GSSPRIVACY);
252
		} else if (credflavor != AUTH_SYS) {
253
			svcerr_weakauth(rqst);
254
			svc_freereq(rqst);
255
			m_freem(nd.nd_mrep);
256
			goto out;
257
		}
258

259
		/* Acquire the principal name for the RPCSEC_GSS cases. */
260
		if ((nd.nd_flag & (ND_NFSV4 | ND_GSS)) == (ND_NFSV4 | ND_GSS)) {
261
			rcredp = NULL;
262
			rpc_gss_getcred_call(rqst, &rcredp, NULL, NULL);
263
			/*
264
			 * The exported principal name consists of:
265
			 * - TOK_ID bytes with value of 4 and 1.
266
			 * - 2 byte mech length
267
			 * - mech
268
			 * - 4 byte principal name length
269
			 * - principal name
270
			 * A call to gss_import_name() would be an
271
			 * upcall to the gssd, so parse it here.
272
			 * See lib/libgssapi/gss_import_name.c for the
273
			 * above format.
274
			 */
275
			if (rcredp != NULL &&
276
			    rcredp->client_principal->len > 4 &&
277
			    rcredp->client_principal->name[0] == 4 &&
278
			    rcredp->client_principal->name[1] == 1) {
279
				/* Skip over the mech. */
280
				p = &rcredp->client_principal->name[2];
281
				i = (p[0] << 8) | p[1];
282
				p += i + 2;
283
				i += 4;
284
				/*
285
				 * Set "j" to a bogus length so that the
286
				 * "i + j" check will fail unless the below
287
				 * code sets "j" correctly.
288
				 */
289
				j = rcredp->client_principal->len;
290
				if (rcredp->client_principal->len > i + 4) {
291
					j = (p[0] << 24) | (p[1] << 16) |
292
					    (p[2] << 8) | p[3];
293
					i += 4;
294
					p += 4;
295
				}
296
				if (i + j == rcredp->client_principal->len) {
297
					nd.nd_principal = malloc(j + 1, M_TEMP,
298
					    M_WAITOK);
299
					nd.nd_princlen = j;
300
					memcpy(nd.nd_principal, p, j);
301
					nd.nd_principal[j] = '\0';
302
					NFSD_DEBUG(1, "nfssvc_program: "
303
					    "principal=%s\n", nd.nd_principal);
304
				}
305
			}
306
			if (nd.nd_princlen == 0)
307
				printf("nfssvc_program: cannot get RPCSEC_GSS "
308
				    "principal name\n");
309
		}
310

311
		if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) {
312
			nd.nd_flag |= ND_TLS;
313
			if ((xprt->xp_tls & RPCTLS_FLAGS_VERIFIED) != 0)
314
				nd.nd_flag |= ND_TLSCERT;
315
			if ((xprt->xp_tls & RPCTLS_FLAGS_CERTUSER) != 0)
316
				nd.nd_flag |= ND_TLSCERTUSER;
317
		}
318
		nd.nd_maxextsiz = 16384;
319
#ifdef MAC
320
		mac_cred_associate_nfsd(nd.nd_cred);
321
#endif
322
		/*
323
		 * Get a refcnt (shared lock) on nfsd_suspend_lock.
324
		 * NFSSVC_SUSPENDNFSD will take an exclusive lock on
325
		 * nfsd_suspend_lock to suspend these threads.
326
		 * The call to nfsv4_lock() that precedes nfsv4_getref()
327
		 * ensures that the acquisition of the exclusive lock
328
		 * takes priority over acquisition of the shared lock by
329
		 * waiting for any exclusive lock request to complete.
330
		 * This must be done here, before the check of
331
		 * nfsv4root exports by nfsvno_v4rootexport().
332
		 */
333
		NFSLOCKV4ROOTMUTEX();
334
		nfsv4_lock(&NFSD_VNET(nfsd_suspend_lock), 0, NULL,
335
		    NFSV4ROOTLOCKMUTEXPTR, NULL);
336
		nfsv4_getref(&NFSD_VNET(nfsd_suspend_lock), NULL,
337
		    NFSV4ROOTLOCKMUTEXPTR, NULL);
338
		NFSUNLOCKV4ROOTMUTEX();
339

340
		if ((nd.nd_flag & ND_NFSV4) != 0) {
341
			nd.nd_repstat = nfsvno_v4rootexport(&nd);
342
			if (nd.nd_repstat != 0) {
343
				NFSLOCKV4ROOTMUTEX();
344
				nfsv4_relref(&NFSD_VNET(nfsd_suspend_lock));
345
				NFSUNLOCKV4ROOTMUTEX();
346
				svcerr_weakauth(rqst);
347
				svc_freereq(rqst);
348
				m_freem(nd.nd_mrep);
349
				goto out;
350
			}
351
		}
352

353
#ifdef KERN_TLS
354
		if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 &&
355
		    rpctls_getinfo(&maxlen, false, false))
356
			nd.nd_maxextsiz = maxlen;
357
#endif
358
		cacherep = nfs_proc(&nd, rqst->rq_xid, xprt, &rp);
359
		NFSLOCKV4ROOTMUTEX();
360
		nfsv4_relref(&NFSD_VNET(nfsd_suspend_lock));
361
		NFSUNLOCKV4ROOTMUTEX();
362
	} else {
363
		NFSMGET(nd.nd_mreq);
364
		nd.nd_mreq->m_len = 0;
365
		cacherep = RC_REPLY;
366
	}
367
	if (nd.nd_mrep != NULL)
368
		m_freem(nd.nd_mrep);
369

370
	if (nd.nd_cred != NULL)
371
		crfree(nd.nd_cred);
372

373
	if (cacherep == RC_DROPIT) {
374
		if (nd.nd_mreq != NULL)
375
			m_freem(nd.nd_mreq);
376
		svc_freereq(rqst);
377
		goto out;
378
	}
379

380
	if (nd.nd_mreq == NULL) {
381
		svcerr_decode(rqst);
382
		svc_freereq(rqst);
383
		goto out;
384
	}
385

386
	if (nd.nd_repstat & NFSERR_AUTHERR) {
387
		svcerr_auth(rqst, nd.nd_repstat & ~NFSERR_AUTHERR);
388
		if (nd.nd_mreq != NULL)
389
			m_freem(nd.nd_mreq);
390
	} else if (!svc_sendreply_mbuf(rqst, nd.nd_mreq)) {
391
		svcerr_systemerr(rqst);
392
	}
393
	if (rp != NULL) {
394
		nfsrvd_sentcache(rp, (rqst->rq_reply_seq != 0 ||
395
		    SVC_ACK(xprt, NULL)), rqst->rq_reply_seq);
396
	}
397
	svc_freereq(rqst);
398

399
out:
400
	free(nd.nd_principal, M_TEMP);
401
	NFSD_CURVNET_RESTORE();
402
	ast_kclear(curthread);
403
	NFSEXITCODE(0);
404
}
405

406
/*
407
 * Check the cache and, optionally, do the RPC.
408
 * Return the appropriate cache response.
409
 */
410
static int
411
nfs_proc(struct nfsrv_descript *nd, u_int32_t xid, SVCXPRT *xprt,
412
    struct nfsrvcache **rpp)
413
{
414
	int cacherep = RC_DOIT, isdgram, taglen = -1;
415
	struct mbuf *m;
416
	u_char tag[NFSV4_SMALLSTR + 1], *tagstr = NULL;
417
	u_int32_t minorvers = 0;
418
	uint32_t ack;
419

420
	*rpp = NULL;
421
	if (nd->nd_nam2 == NULL) {
422
		nd->nd_flag |= ND_STREAMSOCK;
423
		isdgram = 0;
424
	} else {
425
		isdgram = 1;
426
	}
427

428
	/*
429
	 * Two cases:
430
	 * 1 - For NFSv2 over UDP, if we are near our malloc/mget
431
	 *     limit, just drop the request. There is no
432
	 *     NFSERR_RESOURCE or NFSERR_DELAY for NFSv2 and the
433
	 *     client will timeout/retry over UDP in a little while.
434
	 * 2 - nd_repstat == 0 && nd_mreq == NULL, which
435
	 *     means a normal nfs rpc, so check the cache
436
	 */
437
	if ((nd->nd_flag & ND_NFSV2) && nd->nd_nam2 != NULL &&
438
	    nfsrv_mallocmget_limit()) {
439
		cacherep = RC_DROPIT;
440
	} else {
441
		/*
442
		 * For NFSv3, play it safe and assume that the client is
443
		 * doing retries on the same TCP connection.
444
		 */
445
		if ((nd->nd_flag & (ND_NFSV4 | ND_STREAMSOCK)) ==
446
		    ND_STREAMSOCK)
447
			nd->nd_flag |= ND_SAMETCPCONN;
448
		nd->nd_retxid = xid;
449
		nd->nd_tcpconntime = NFSD_MONOSEC;
450
		nd->nd_sockref = xprt->xp_sockref;
451
		if ((nd->nd_flag & ND_NFSV4) != 0)
452
			nfsd_getminorvers(nd, tag, &tagstr, &taglen,
453
			    &minorvers);
454
		if ((nd->nd_flag & ND_NFSV41) != 0)
455
			/* NFSv4.1 caches replies in the session slots. */
456
			cacherep = RC_DOIT;
457
		else {
458
			cacherep = nfsrvd_getcache(nd);
459
			ack = 0;
460
			SVC_ACK(xprt, &ack);
461
			nfsrc_trimcache(xprt->xp_sockref, ack, 0);
462
		}
463
	}
464

465
	/*
466
	 * Handle the request. There are three cases.
467
	 * RC_DOIT - do the RPC
468
	 * RC_REPLY - return the reply already created
469
	 * RC_DROPIT - just throw the request away
470
	 */
471
	if (cacherep == RC_DOIT) {
472
		if ((nd->nd_flag & ND_NFSV41) != 0)
473
			nd->nd_xprt = xprt;
474
		nfsrvd_dorpc(nd, isdgram, tagstr, taglen, minorvers);
475
		if ((nd->nd_flag & ND_NFSV41) != 0) {
476
			if (nd->nd_repstat != NFSERR_REPLYFROMCACHE &&
477
			    (nd->nd_flag & ND_SAVEREPLY) != 0) {
478
				/* Cache a copy of the reply. */
479
				m = m_copym(nd->nd_mreq, 0, M_COPYALL,
480
				    M_WAITOK);
481
			} else
482
				m = NULL;
483
			if ((nd->nd_flag & ND_HASSEQUENCE) != 0)
484
				nfsrv_cache_session(nd, &m);
485
			if (nd->nd_repstat == NFSERR_REPLYFROMCACHE) {
486
				nd->nd_repstat = 0;
487
				if (m != NULL) {
488
					m_freem(nd->nd_mreq);
489
					nd->nd_mreq = m;
490
				}
491
			}
492
			cacherep = RC_REPLY;
493
		} else {
494
			if (nd->nd_repstat == NFSERR_DONTREPLY)
495
				cacherep = RC_DROPIT;
496
			else
497
				cacherep = RC_REPLY;
498
			*rpp = nfsrvd_updatecache(nd);
499
		}
500
	}
501
	if (tagstr != NULL && taglen > NFSV4_SMALLSTR)
502
		free(tagstr, M_TEMP);
503

504
	NFSEXITCODE2(0, nd);
505
	return (cacherep);
506
}
507

508
static void
509
nfssvc_loss(SVCXPRT *xprt)
510
{
511
	uint32_t ack;
512

513
	ack = 0;
514
	SVC_ACK(xprt, &ack);
515
	NFSD_CURVNET_SET(NFSD_TD_TO_VNET(curthread));
516
	nfsrc_trimcache(xprt->xp_sockref, ack, 1);
517
	NFSD_CURVNET_RESTORE();
518
}
519

520
/*
521
 * Adds a socket to the list for servicing by nfsds.
522
 */
523
int
524
nfsrvd_addsock(struct file *fp)
525
{
526
	int siz;
527
	struct socket *so;
528
	int error = 0;
529
	SVCXPRT *xprt;
530
	static u_int64_t sockref = 0;
531

532
	so = fp->f_data;
533

534
	siz = sb_max_adj;
535
	error = soreserve(so, siz, siz);
536
	if (error)
537
		goto out;
538

539
	/*
540
	 * Steal the socket from userland so that it doesn't close
541
	 * unexpectedly.
542
	 */
543
	if (so->so_type == SOCK_DGRAM)
544
		xprt = svc_dg_create(NFSD_VNET(nfsrvd_pool), so, 0, 0);
545
	else
546
		xprt = svc_vc_create(NFSD_VNET(nfsrvd_pool), so, 0, 0);
547
	if (xprt) {
548
		fp->f_ops = &badfileops;
549
		fp->f_data = NULL;
550
		xprt->xp_sockref = ++sockref;
551
		if (NFSD_VNET(nfs_minvers) == NFS_VER2)
552
			svc_reg(xprt, NFS_PROG, NFS_VER2, nfssvc_program,
553
			    NULL);
554
		if (NFSD_VNET(nfs_minvers) <= NFS_VER3 &&
555
		    NFSD_VNET(nfs_maxvers) >= NFS_VER3)
556
			svc_reg(xprt, NFS_PROG, NFS_VER3, nfssvc_program,
557
			    NULL);
558
		if (NFSD_VNET(nfs_maxvers) >= NFS_VER4)
559
			svc_reg(xprt, NFS_PROG, NFS_VER4, nfssvc_program,
560
			    NULL);
561
		if (so->so_type == SOCK_STREAM)
562
			svc_loss_reg(xprt, nfssvc_loss);
563
		SVC_RELEASE(xprt);
564
	} else
565
		error = EPERM;
566

567
out:
568
	NFSEXITCODE(error);
569
	return (error);
570
}
571

572
/*
573
 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
574
 * until it is killed by a signal.
575
 */
576
int
577
nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
578
{
579
	char principal[MAXHOSTNAMELEN + 5];
580
	struct proc *p;
581
	int error = 0;
582
	bool_t ret2, ret3, ret4;
583

584
	error = copyinstr(args->principal, principal, sizeof (principal),
585
	    NULL);
586
	if (error)
587
		goto out;
588

589
	/*
590
	 * Only the first nfsd actually does any work. The RPC code
591
	 * adds threads to it as needed. Any extra processes offered
592
	 * by nfsd just exit. If nfsd is new enough, it will call us
593
	 * once with a structure that specifies how many threads to
594
	 * use.
595
	 */
596
	NFSD_LOCK();
597
	if (NFSD_VNET(nfsrv_numnfsd) == 0) {
598
		nfsdev_time = time_second;
599
		p = td->td_proc;
600
		PROC_LOCK(p);
601
		p->p_flag2 |= P2_AST_SU;
602
		PROC_UNLOCK(p);
603
		newnfs_numnfsd++;	/* Total num for all vnets. */
604
		NFSD_VNET(nfsrv_numnfsd)++;	/* Num for this vnet. */
605

606
		NFSD_UNLOCK();
607
		error = nfsrv_createdevids(args, td);
608
		if (error == 0) {
609
			/* An empty string implies AUTH_SYS only. */
610
			if (principal[0] != '\0') {
611
				ret2 = rpc_gss_set_svc_name_call(principal,
612
				    "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
613
				    NFS_VER2);
614
				ret3 = rpc_gss_set_svc_name_call(principal,
615
				    "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
616
				    NFS_VER3);
617
				ret4 = rpc_gss_set_svc_name_call(principal,
618
				    "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
619
				    NFS_VER4);
620

621
				if (!ret2 || !ret3 || !ret4)
622
					printf("nfsd: can't register svc "
623
					    "name %s jid:%d\n", principal,
624
					    td->td_ucred->cr_prison->pr_id);
625
			}
626

627
			NFSD_VNET(nfsrvd_pool)->sp_minthreads =
628
			    args->minthreads;
629
			NFSD_VNET(nfsrvd_pool)->sp_maxthreads =
630
			    args->maxthreads;
631
				
632
			/*
633
			 * If this is a pNFS service, make Getattr do a
634
			 * vn_start_write(), so it can do a vn_set_extattr().
635
			 */
636
			if (nfsrv_devidcnt > 0) {
637
				nfsrv_writerpc[NFSPROC_GETATTR] = 1;
638
				nfsv4_opflag[NFSV4OP_GETATTR].modifyfs = 1;
639
			}
640

641
			svc_run(NFSD_VNET(nfsrvd_pool));
642

643
			/* Reset Getattr to not do a vn_start_write(). */
644
			nfsrv_writerpc[NFSPROC_GETATTR] = 0;
645
			nfsv4_opflag[NFSV4OP_GETATTR].modifyfs = 0;
646

647
			if (principal[0] != '\0') {
648
				rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
649
				rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
650
				rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4);
651
			}
652
		}
653
		NFSD_LOCK();
654
		newnfs_numnfsd--;
655
		NFSD_VNET(nfsrv_numnfsd)--;
656
		nfsrvd_init(1);
657
		PROC_LOCK(p);
658
		p->p_flag2 &= ~P2_AST_SU;
659
		PROC_UNLOCK(p);
660
	}
661
	NFSD_UNLOCK();
662

663
out:
664
	NFSEXITCODE(error);
665
	return (error);
666
}
667

668
/*
669
 * Initialize the data structures for the server.
670
 * Handshake with any new nfsds starting up to avoid any chance of
671
 * corruption.
672
 */
673
void
674
nfsrvd_init(int terminating)
675
{
676

677
	NFSD_LOCK_ASSERT();
678

679
	if (terminating) {
680
		NFSD_VNET(nfsd_master_proc) = NULL;
681
		NFSD_UNLOCK();
682
		nfsrv_freealllayoutsanddevids();
683
		nfsrv_freeallbackchannel_xprts();
684
		svcpool_close(NFSD_VNET(nfsrvd_pool));
685
		free(nfsrv_zeropnfsdat, M_TEMP);
686
		nfsrv_zeropnfsdat = NULL;
687
		NFSD_LOCK();
688
	} else {
689
		/* Initialize per-vnet globals once per vnet. */
690
		if (NFSD_VNET(nfsrvd_inited))
691
			return;
692
		NFSD_VNET(nfsrvd_inited) = true;
693
		NFSD_UNLOCK();
694
		NFSD_VNET(nfsrvd_pool) = svcpool_create("nfsd",
695
		    SYSCTL_STATIC_CHILDREN(_vfs_nfsd));
696
		NFSD_VNET(nfsrvd_pool)->sp_rcache = NULL;
697
		NFSD_VNET(nfsrvd_pool)->sp_assign = fhanew_assign;
698
		NFSD_VNET(nfsrvd_pool)->sp_done = fhanew_nd_complete;
699
		NFSD_LOCK();
700
	}
701
}
702

703