1 | #include <machine/rtems-bsd-kernel-space.h> |
---|
2 | |
---|
3 | /*- |
---|
4 | * SPDX-License-Identifier: BSD-3-Clause |
---|
5 | * |
---|
6 | * Copyright (c) 1989, 1993 |
---|
7 | * The Regents of the University of California. All rights reserved. |
---|
8 | * |
---|
9 | * This code is derived from software contributed to Berkeley by |
---|
10 | * Rick Macklem at The University of Guelph. |
---|
11 | * |
---|
12 | * Redistribution and use in source and binary forms, with or without |
---|
13 | * modification, are permitted provided that the following conditions |
---|
14 | * are met: |
---|
15 | * 1. Redistributions of source code must retain the above copyright |
---|
16 | * notice, this list of conditions and the following disclaimer. |
---|
17 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
18 | * notice, this list of conditions and the following disclaimer in the |
---|
19 | * documentation and/or other materials provided with the distribution. |
---|
20 | * 3. Neither the name of the University nor the names of its contributors |
---|
21 | * may be used to endorse or promote products derived from this software |
---|
22 | * without specific prior written permission. |
---|
23 | * |
---|
24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
---|
25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
---|
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
34 | * SUCH DAMAGE. |
---|
35 | * |
---|
36 | */ |
---|
37 | |
---|
38 | #include <sys/cdefs.h> |
---|
39 | __FBSDID("$FreeBSD$"); |
---|
40 | |
---|
41 | #include <rtems/bsd/local/opt_kgssapi.h> |
---|
42 | |
---|
43 | #include <fs/nfs/nfsport.h> |
---|
44 | |
---|
45 | #include <rpc/rpc.h> |
---|
46 | #include <rpc/rpcsec_gss.h> |
---|
47 | #include <rpc/replay.h> |
---|
48 | |
---|
49 | |
---|
50 | NFSDLOCKMUTEX; |
---|
51 | |
---|
52 | extern SVCPOOL *nfscbd_pool; |
---|
53 | |
---|
54 | static int nfs_cbproc(struct nfsrv_descript *, u_int32_t); |
---|
55 | |
---|
56 | extern u_long sb_max_adj; |
---|
57 | extern int nfs_numnfscbd; |
---|
58 | extern int nfscl_debuglevel; |
---|
59 | |
---|
60 | /* |
---|
61 | * NFS client system calls for handling callbacks. |
---|
62 | */ |
---|
63 | |
---|
64 | /* |
---|
65 | * Handles server to client callbacks. |
---|
66 | */ |
---|
67 | static void |
---|
68 | nfscb_program(struct svc_req *rqst, SVCXPRT *xprt) |
---|
69 | { |
---|
70 | struct nfsrv_descript nd; |
---|
71 | int cacherep, credflavor; |
---|
72 | |
---|
73 | memset(&nd, 0, sizeof(nd)); |
---|
74 | if (rqst->rq_proc != NFSPROC_NULL && |
---|
75 | rqst->rq_proc != NFSV4PROC_CBCOMPOUND) { |
---|
76 | svcerr_noproc(rqst); |
---|
77 | svc_freereq(rqst); |
---|
78 | return; |
---|
79 | } |
---|
80 | nd.nd_procnum = rqst->rq_proc; |
---|
81 | nd.nd_flag = (ND_NFSCB | ND_NFSV4); |
---|
82 | |
---|
83 | /* |
---|
84 | * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 - |
---|
85 | * NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP |
---|
86 | * mounts. |
---|
87 | */ |
---|
88 | nd.nd_mrep = rqst->rq_args; |
---|
89 | rqst->rq_args = NULL; |
---|
90 | newnfs_realign(&nd.nd_mrep, M_WAITOK); |
---|
91 | nd.nd_md = nd.nd_mrep; |
---|
92 | nd.nd_dpos = mtod(nd.nd_md, caddr_t); |
---|
93 | nd.nd_nam = svc_getrpccaller(rqst); |
---|
94 | nd.nd_nam2 = rqst->rq_addr; |
---|
95 | nd.nd_mreq = NULL; |
---|
96 | nd.nd_cred = NULL; |
---|
97 | |
---|
98 | NFSCL_DEBUG(1, "cbproc=%d\n",nd.nd_procnum); |
---|
99 | if (nd.nd_procnum != NFSPROC_NULL) { |
---|
100 | if (!svc_getcred(rqst, &nd.nd_cred, &credflavor)) { |
---|
101 | svcerr_weakauth(rqst); |
---|
102 | svc_freereq(rqst); |
---|
103 | m_freem(nd.nd_mrep); |
---|
104 | return; |
---|
105 | } |
---|
106 | |
---|
107 | /* For now, I don't care what credential flavor was used. */ |
---|
108 | #ifdef notyet |
---|
109 | #ifdef MAC |
---|
110 | mac_cred_associate_nfsd(nd.nd_cred); |
---|
111 | #endif |
---|
112 | #endif |
---|
113 | cacherep = nfs_cbproc(&nd, rqst->rq_xid); |
---|
114 | } else { |
---|
115 | NFSMGET(nd.nd_mreq); |
---|
116 | nd.nd_mreq->m_len = 0; |
---|
117 | cacherep = RC_REPLY; |
---|
118 | } |
---|
119 | if (nd.nd_mrep != NULL) |
---|
120 | m_freem(nd.nd_mrep); |
---|
121 | |
---|
122 | if (nd.nd_cred != NULL) |
---|
123 | crfree(nd.nd_cred); |
---|
124 | |
---|
125 | if (cacherep == RC_DROPIT) { |
---|
126 | if (nd.nd_mreq != NULL) |
---|
127 | m_freem(nd.nd_mreq); |
---|
128 | svc_freereq(rqst); |
---|
129 | return; |
---|
130 | } |
---|
131 | |
---|
132 | if (nd.nd_mreq == NULL) { |
---|
133 | svcerr_decode(rqst); |
---|
134 | svc_freereq(rqst); |
---|
135 | return; |
---|
136 | } |
---|
137 | |
---|
138 | if (nd.nd_repstat & NFSERR_AUTHERR) { |
---|
139 | svcerr_auth(rqst, nd.nd_repstat & ~NFSERR_AUTHERR); |
---|
140 | if (nd.nd_mreq != NULL) |
---|
141 | m_freem(nd.nd_mreq); |
---|
142 | } else if (!svc_sendreply_mbuf(rqst, nd.nd_mreq)) |
---|
143 | svcerr_systemerr(rqst); |
---|
144 | else |
---|
145 | NFSCL_DEBUG(1, "cbrep sent\n"); |
---|
146 | svc_freereq(rqst); |
---|
147 | } |
---|
148 | |
---|
149 | /* |
---|
150 | * Check the cache and, optionally, do the RPC. |
---|
151 | * Return the appropriate cache response. |
---|
152 | */ |
---|
153 | static int |
---|
154 | nfs_cbproc(struct nfsrv_descript *nd, u_int32_t xid) |
---|
155 | { |
---|
156 | struct thread *td = curthread; |
---|
157 | int cacherep; |
---|
158 | |
---|
159 | if (nd->nd_nam2 == NULL) |
---|
160 | nd->nd_flag |= ND_STREAMSOCK; |
---|
161 | |
---|
162 | nfscl_docb(nd, td); |
---|
163 | if (nd->nd_repstat == NFSERR_DONTREPLY) |
---|
164 | cacherep = RC_DROPIT; |
---|
165 | else |
---|
166 | cacherep = RC_REPLY; |
---|
167 | return (cacherep); |
---|
168 | } |
---|
169 | |
---|
170 | /* |
---|
171 | * Adds a socket to the list for servicing by nfscbds. |
---|
172 | */ |
---|
173 | int |
---|
174 | nfscbd_addsock(struct file *fp) |
---|
175 | { |
---|
176 | int siz; |
---|
177 | struct socket *so; |
---|
178 | int error; |
---|
179 | SVCXPRT *xprt; |
---|
180 | |
---|
181 | so = fp->f_data; |
---|
182 | |
---|
183 | siz = sb_max_adj; |
---|
184 | error = soreserve(so, siz, siz); |
---|
185 | if (error) |
---|
186 | return (error); |
---|
187 | |
---|
188 | /* |
---|
189 | * Steal the socket from userland so that it doesn't close |
---|
190 | * unexpectedly. |
---|
191 | */ |
---|
192 | if (so->so_type == SOCK_DGRAM) |
---|
193 | xprt = svc_dg_create(nfscbd_pool, so, 0, 0); |
---|
194 | else |
---|
195 | xprt = svc_vc_create(nfscbd_pool, so, 0, 0); |
---|
196 | if (xprt) { |
---|
197 | fp->f_ops = &badfileops; |
---|
198 | fp->f_data = NULL; |
---|
199 | svc_reg(xprt, NFS_CALLBCKPROG, NFSV4_CBVERS, nfscb_program, |
---|
200 | NULL); |
---|
201 | SVC_RELEASE(xprt); |
---|
202 | } |
---|
203 | |
---|
204 | return (0); |
---|
205 | } |
---|
206 | |
---|
207 | /* |
---|
208 | * Called by nfssvc() for nfscbds. Just loops around servicing rpc requests |
---|
209 | * until it is killed by a signal. |
---|
210 | * |
---|
211 | * For now, only support callbacks via RPCSEC_GSS if there is a KerberosV |
---|
212 | * keytab entry with a host based entry in it on the client. (I'm not even |
---|
213 | * sure that getting Acceptor credentials for a user principal with a |
---|
214 | * credentials cache is possible, but even if it is, major changes to the |
---|
215 | * kgssapi would be required.) |
---|
216 | * I don't believe that this is a serious limitation since, as of 2009, most |
---|
217 | * NFSv4 servers supporting callbacks are using AUTH_SYS for callbacks even |
---|
218 | * when the client is using RPCSEC_GSS. (This BSD server uses AUTH_SYS |
---|
219 | * for callbacks unless nfsrv_gsscallbackson is set non-zero.) |
---|
220 | */ |
---|
221 | int |
---|
222 | nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args) |
---|
223 | { |
---|
224 | char principal[128]; |
---|
225 | int error; |
---|
226 | |
---|
227 | if (args != NULL) { |
---|
228 | error = copyinstr(args->principal, principal, |
---|
229 | sizeof(principal), NULL); |
---|
230 | if (error) |
---|
231 | return (error); |
---|
232 | } else { |
---|
233 | principal[0] = '\0'; |
---|
234 | } |
---|
235 | |
---|
236 | /* |
---|
237 | * Only the first nfsd actually does any work. The RPC code |
---|
238 | * adds threads to it as needed. Any extra processes offered |
---|
239 | * by nfsd just exit. If nfsd is new enough, it will call us |
---|
240 | * once with a structure that specifies how many threads to |
---|
241 | * use. |
---|
242 | */ |
---|
243 | NFSD_LOCK(); |
---|
244 | if (nfs_numnfscbd == 0) { |
---|
245 | nfs_numnfscbd++; |
---|
246 | |
---|
247 | NFSD_UNLOCK(); |
---|
248 | |
---|
249 | if (principal[0] != '\0') |
---|
250 | rpc_gss_set_svc_name_call(principal, "kerberosv5", |
---|
251 | GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS); |
---|
252 | |
---|
253 | nfscbd_pool->sp_minthreads = 4; |
---|
254 | nfscbd_pool->sp_maxthreads = 4; |
---|
255 | |
---|
256 | svc_run(nfscbd_pool); |
---|
257 | |
---|
258 | rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS); |
---|
259 | |
---|
260 | NFSD_LOCK(); |
---|
261 | nfs_numnfscbd--; |
---|
262 | nfsrvd_cbinit(1); |
---|
263 | } |
---|
264 | NFSD_UNLOCK(); |
---|
265 | |
---|
266 | return (0); |
---|
267 | } |
---|
268 | |
---|
269 | /* |
---|
270 | * Initialize the data structures for the server. |
---|
271 | * Handshake with any new nfsds starting up to avoid any chance of |
---|
272 | * corruption. |
---|
273 | */ |
---|
274 | void |
---|
275 | nfsrvd_cbinit(int terminating) |
---|
276 | { |
---|
277 | |
---|
278 | NFSD_LOCK_ASSERT(); |
---|
279 | |
---|
280 | if (terminating) { |
---|
281 | /* Wait for any xprt registrations to complete. */ |
---|
282 | while (nfs_numnfscbd > 0) |
---|
283 | msleep(&nfs_numnfscbd, NFSDLOCKMUTEXPTR, PZERO, |
---|
284 | "nfscbdt", 0); |
---|
285 | if (nfscbd_pool != NULL) { |
---|
286 | NFSD_UNLOCK(); |
---|
287 | svcpool_close(nfscbd_pool); |
---|
288 | NFSD_LOCK(); |
---|
289 | } |
---|
290 | } |
---|
291 | |
---|
292 | if (nfscbd_pool == NULL) { |
---|
293 | NFSD_UNLOCK(); |
---|
294 | nfscbd_pool = svcpool_create("nfscbd", NULL); |
---|
295 | nfscbd_pool->sp_rcache = NULL; |
---|
296 | nfscbd_pool->sp_assign = NULL; |
---|
297 | nfscbd_pool->sp_done = NULL; |
---|
298 | NFSD_LOCK(); |
---|
299 | } |
---|
300 | } |
---|
301 | |
---|