source: rtems-libbsd/freebsd/sys/kern/vfs_export.c @ 6e4709b

6-freebsd-12
Last change on this file since 6e4709b was 6e4709b, checked in by Sebastian Huber <sebastian.huber@…>, on 01/05/23 at 16:42:48

vfs/nfs: Revert white space changes

  • Property mode set to 100644
File size: 14.4 KB
Line 
1#include <machine/rtems-bsd-kernel-space.h>
2
3/*-
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 * Copyright (c) 1989, 1993
7 *      The Regents of the University of California.  All rights reserved.
8 * (c) UNIX System Laboratories, Inc.
9 * All or some portions of this file are derived from material licensed
10 * to the University of California by American Telephone and Telegraph
11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
12 * the permission of UNIX System Laboratories, Inc.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 *    notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 *    notice, this list of conditions and the following disclaimer in the
21 *    documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the University nor the names of its contributors
23 *    may be used to endorse or promote products derived from this software
24 *    without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 *      @(#)vfs_subr.c  8.31 (Berkeley) 5/26/95
39 */
40
41#include <sys/cdefs.h>
42__FBSDID("$FreeBSD$");
43
44#include <rtems/bsd/local/opt_inet.h>
45#include <rtems/bsd/local/opt_inet6.h>
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/dirent.h>
50#include <sys/jail.h>
51#include <sys/kernel.h>
52#include <sys/lock.h>
53#include <sys/malloc.h>
54#include <sys/mbuf.h>
55#include <sys/mount.h>
56#include <sys/mutex.h>
57#include <sys/rmlock.h>
58#include <sys/refcount.h>
59#include <sys/signalvar.h>
60#include <sys/socket.h>
61#include <sys/vnode.h>
62
63#include <netinet/in.h>
64#include <net/radix.h>
65
66#ifndef __rtems__
67static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
68#else /* __rtems__ */
69static MALLOC_DEFINE(M_NETADDR_e, "export_host", "Export host address structure");
70#define M_NETADDR M_NETADDR_e
71#endif /* __rtems__ */
72
73#if defined(INET) || defined(INET6)
74static struct radix_node_head *vfs_create_addrlist_af(
75                    struct radix_node_head **prnh, int off);
76#endif
77static void     vfs_free_addrlist(struct netexport *nep);
78static int      vfs_free_netcred(struct radix_node *rn, void *w);
79static void     vfs_free_addrlist_af(struct radix_node_head **prnh);
80static int      vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
81                    struct export_args *argp);
82static struct netcred *vfs_export_lookup(struct mount *, struct sockaddr *);
83
84/*
85 * Network address lookup element
86 */
87struct netcred {
88        struct  radix_node netc_rnodes[2];
89        int     netc_exflags;
90        struct  ucred *netc_anon;
91        int     netc_numsecflavors;
92        int     netc_secflavors[MAXSECFLAVORS];
93};
94
95/*
96 * Network export information
97 */
98struct netexport {
99        struct  netcred ne_defexported;               /* Default export */
100        struct  radix_node_head *ne4;
101        struct  radix_node_head *ne6;
102};
103
104/*
105 * Build hash lists of net addresses and hang them off the mount point.
106 * Called by vfs_export() to set up the lists of export addresses.
107 */
108static int
109vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
110    struct export_args *argp)
111{
112        struct netcred *np;
113        struct radix_node_head *rnh;
114        int i;
115        struct radix_node *rn;
116        struct sockaddr *saddr, *smask = NULL;
117#if defined(INET6) || defined(INET)
118        int off;
119#endif
120        int error;
121
122        /*
123         * XXX: This routine converts from a `struct xucred'
124         * (argp->ex_anon) to a `struct ucred' (np->netc_anon).  This
125         * operation is questionable; for example, what should be done
126         * with fields like cr_uidinfo and cr_prison?  Currently, this
127         * routine does not touch them (leaves them as NULL).
128         */
129#ifndef __rtems__
130        if (argp->ex_anon.cr_version != XUCRED_VERSION) {
131                vfs_mount_error(mp, "ex_anon.cr_version: %d != %d",
132                    argp->ex_anon.cr_version, XUCRED_VERSION);
133                return (EINVAL);
134        }
135#endif /* __rtems__ */
136
137        if (argp->ex_addrlen == 0) {
138                if (mp->mnt_flag & MNT_DEFEXPORTED) {
139                        vfs_mount_error(mp,
140                            "MNT_DEFEXPORTED already set for mount %p", mp);
141                        return (EPERM);
142                }
143                np = &nep->ne_defexported;
144                np->netc_exflags = argp->ex_flags;
145                np->netc_anon = crget();
146#ifndef __rtems__
147                np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
148                crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
149                    argp->ex_anon.cr_groups);
150                np->netc_anon->cr_prison = &prison0;
151                prison_hold(np->netc_anon->cr_prison);
152#endif /* __rtems__ */
153                np->netc_numsecflavors = argp->ex_numsecflavors;
154                bcopy(argp->ex_secflavors, np->netc_secflavors,
155                    sizeof(np->netc_secflavors));
156                MNT_ILOCK(mp);
157                mp->mnt_flag |= MNT_DEFEXPORTED;
158                MNT_IUNLOCK(mp);
159                return (0);
160        }
161
162#if MSIZE <= 256
163        if (argp->ex_addrlen > MLEN) {
164                vfs_mount_error(mp, "ex_addrlen %d is greater than %d",
165                    argp->ex_addrlen, MLEN);
166                return (EINVAL);
167        }
168#endif
169
170        i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
171        np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO);
172        saddr = (struct sockaddr *) (np + 1);
173        if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen)))
174                goto out;
175        if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) {
176                error = EINVAL;
177                vfs_mount_error(mp, "Invalid saddr->sa_family: %d");
178                goto out;
179        }
180        if (saddr->sa_len > argp->ex_addrlen)
181                saddr->sa_len = argp->ex_addrlen;
182        if (argp->ex_masklen) {
183                smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen);
184                error = copyin(argp->ex_mask, smask, argp->ex_masklen);
185                if (error)
186                        goto out;
187                if (smask->sa_len > argp->ex_masklen)
188                        smask->sa_len = argp->ex_masklen;
189        }
190        rnh = NULL;
191        switch (saddr->sa_family) {
192#ifdef INET
193        case AF_INET:
194                if ((rnh = nep->ne4) == NULL) {
195                        off = offsetof(struct sockaddr_in, sin_addr) << 3;
196                        rnh = vfs_create_addrlist_af(&nep->ne4, off);
197                }
198                break;
199#endif
200#ifdef INET6
201        case AF_INET6:
202                if ((rnh = nep->ne6) == NULL) {
203                        off = offsetof(struct sockaddr_in6, sin6_addr) << 3;
204                        rnh = vfs_create_addrlist_af(&nep->ne6, off);
205                }
206                break;
207#endif
208        }
209        if (rnh == NULL) {
210                error = ENOBUFS;
211                vfs_mount_error(mp, "%s %s %d",
212                    "Unable to initialize radix node head ",
213                    "for address family", saddr->sa_family);
214                goto out;
215        }
216        RADIX_NODE_HEAD_LOCK(rnh);
217        rn = (*rnh->rnh_addaddr)(saddr, smask, &rnh->rh, np->netc_rnodes);
218        RADIX_NODE_HEAD_UNLOCK(rnh);
219        if (rn == NULL || np != (struct netcred *)rn) { /* already exists */
220                error = EPERM;
221                vfs_mount_error(mp,
222                    "netcred already exists for given addr/mask");
223                goto out;
224        }
225        np->netc_exflags = argp->ex_flags;
226        np->netc_anon = crget();
227#ifndef __rtems__
228        np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
229        crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
230            argp->ex_anon.cr_groups);
231        np->netc_anon->cr_prison = &prison0;
232        prison_hold(np->netc_anon->cr_prison);
233#endif /* __rtems__ */
234        np->netc_numsecflavors = argp->ex_numsecflavors;
235        bcopy(argp->ex_secflavors, np->netc_secflavors,
236            sizeof(np->netc_secflavors));
237        return (0);
238out:
239        free(np, M_NETADDR);
240        return (error);
241}
242
243/* Helper for vfs_free_addrlist. */
244/* ARGSUSED */
245static int
246vfs_free_netcred(struct radix_node *rn, void *w)
247{
248        struct radix_node_head *rnh = (struct radix_node_head *) w;
249        struct ucred *cred;
250
251        (*rnh->rnh_deladdr) (rn->rn_key, rn->rn_mask, &rnh->rh);
252        cred = ((struct netcred *)rn)->netc_anon;
253        if (cred != NULL)
254                crfree(cred);
255        free(rn, M_NETADDR);
256        return (0);
257}
258
259#if defined(INET) || defined(INET6)
260static struct radix_node_head *
261vfs_create_addrlist_af(struct radix_node_head **prnh, int off)
262{
263
264        if (rn_inithead((void **)prnh, off) == 0)
265                return (NULL);
266        RADIX_NODE_HEAD_LOCK_INIT(*prnh);
267        return (*prnh);
268}
269#endif
270
271static void
272vfs_free_addrlist_af(struct radix_node_head **prnh)
273{
274        struct radix_node_head *rnh;
275
276        rnh = *prnh;
277        RADIX_NODE_HEAD_LOCK(rnh);
278        (*rnh->rnh_walktree)(&rnh->rh, vfs_free_netcred, rnh);
279        RADIX_NODE_HEAD_UNLOCK(rnh);
280        RADIX_NODE_HEAD_DESTROY(rnh);
281        rn_detachhead((void **)prnh);
282        prnh = NULL;
283}
284
285/*
286 * Free the net address hash lists that are hanging off the mount points.
287 */
288static void
289vfs_free_addrlist(struct netexport *nep)
290{
291        struct ucred *cred;
292
293        if (nep->ne4 != NULL)
294                vfs_free_addrlist_af(&nep->ne4);
295        if (nep->ne6 != NULL)
296                vfs_free_addrlist_af(&nep->ne6);
297
298        cred = nep->ne_defexported.netc_anon;
299        if (cred != NULL)
300                crfree(cred);
301
302}
303
304/*
305 * High level function to manipulate export options on a mount point
306 * and the passed in netexport.
307 * Struct export_args *argp is the variable used to twiddle options,
308 * the structure is described in sys/mount.h
309 */
310int
311vfs_export(struct mount *mp, struct export_args *argp)
312{
313        struct netexport *nep;
314        int error;
315
316        if (argp->ex_numsecflavors < 0
317            || argp->ex_numsecflavors >= MAXSECFLAVORS)
318                return (EINVAL);
319
320        error = 0;
321        lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL);
322        nep = mp->mnt_export;
323        if (argp->ex_flags & MNT_DELEXPORT) {
324                if (nep == NULL) {
325                        error = ENOENT;
326                        goto out;
327                }
328                if (mp->mnt_flag & MNT_EXPUBLIC) {
329                        vfs_setpublicfs(NULL, NULL, NULL);
330                        MNT_ILOCK(mp);
331                        mp->mnt_flag &= ~MNT_EXPUBLIC;
332                        MNT_IUNLOCK(mp);
333                }
334                vfs_free_addrlist(nep);
335                mp->mnt_export = NULL;
336                free(nep, M_MOUNT);
337                nep = NULL;
338                MNT_ILOCK(mp);
339                mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED);
340                MNT_IUNLOCK(mp);
341        }
342        if (argp->ex_flags & MNT_EXPORTED) {
343                if (nep == NULL) {
344                        nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO);
345                        mp->mnt_export = nep;
346                }
347                if (argp->ex_flags & MNT_EXPUBLIC) {
348                        if ((error = vfs_setpublicfs(mp, nep, argp)) != 0)
349                                goto out;
350                        MNT_ILOCK(mp);
351                        mp->mnt_flag |= MNT_EXPUBLIC;
352                        MNT_IUNLOCK(mp);
353                }
354                if ((error = vfs_hang_addrlist(mp, nep, argp)))
355                        goto out;
356                MNT_ILOCK(mp);
357                mp->mnt_flag |= MNT_EXPORTED;
358                MNT_IUNLOCK(mp);
359        }
360
361out:
362        lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
363        /*
364         * Once we have executed the vfs_export() command, we do
365         * not want to keep the "export" option around in the
366         * options list, since that will cause subsequent MNT_UPDATE
367         * calls to fail.  The export information is saved in
368         * mp->mnt_export, so we can safely delete the "export" mount option
369         * here.
370         */
371        vfs_deleteopt(mp->mnt_optnew, "export");
372        vfs_deleteopt(mp->mnt_opt, "export");
373        return (error);
374}
375
376/*
377 * Set the publicly exported filesystem (WebNFS). Currently, only
378 * one public filesystem is possible in the spec (RFC 2054 and 2055)
379 */
380int
381vfs_setpublicfs(struct mount *mp, struct netexport *nep,
382    struct export_args *argp)
383{
384        int error;
385        struct vnode *rvp;
386        char *cp;
387
388        /*
389         * mp == NULL -> invalidate the current info, the FS is
390         * no longer exported. May be called from either vfs_export
391         * or unmount, so check if it hasn't already been done.
392         */
393        if (mp == NULL) {
394                if (nfs_pub.np_valid) {
395                        nfs_pub.np_valid = 0;
396                        if (nfs_pub.np_index != NULL) {
397                                free(nfs_pub.np_index, M_TEMP);
398                                nfs_pub.np_index = NULL;
399                        }
400                }
401                return (0);
402        }
403
404        /*
405         * Only one allowed at a time.
406         */
407        if (nfs_pub.np_valid != 0 && mp != nfs_pub.np_mount)
408                return (EBUSY);
409
410        /*
411         * Get real filehandle for root of exported FS.
412         */
413        bzero(&nfs_pub.np_handle, sizeof(nfs_pub.np_handle));
414        nfs_pub.np_handle.fh_fsid = mp->mnt_stat.f_fsid;
415
416        if ((error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp)))
417                return (error);
418
419        if ((error = VOP_VPTOFH(rvp, &nfs_pub.np_handle.fh_fid)))
420                return (error);
421
422        vput(rvp);
423
424        /*
425         * If an indexfile was specified, pull it in.
426         */
427        if (argp->ex_indexfile != NULL) {
428                if (nfs_pub.np_index == NULL)
429                        nfs_pub.np_index = malloc(MAXNAMLEN + 1, M_TEMP,
430                            M_WAITOK);
431                error = copyinstr(argp->ex_indexfile, nfs_pub.np_index,
432                    MAXNAMLEN, (size_t *)0);
433                if (!error) {
434                        /*
435                         * Check for illegal filenames.
436                         */
437                        for (cp = nfs_pub.np_index; *cp; cp++) {
438                                if (*cp == '/') {
439                                        error = EINVAL;
440                                        break;
441                                }
442                        }
443                }
444                if (error) {
445                        free(nfs_pub.np_index, M_TEMP);
446                        nfs_pub.np_index = NULL;
447                        return (error);
448                }
449        }
450
451        nfs_pub.np_mount = mp;
452        nfs_pub.np_valid = 1;
453        return (0);
454}
455
456/*
457 * Used by the filesystems to determine if a given network address
458 * (passed in 'nam') is present in their exports list, returns a pointer
459 * to struct netcred so that the filesystem can examine it for
460 * access rights (read/write/etc).
461 */
462static struct netcred *
463vfs_export_lookup(struct mount *mp, struct sockaddr *nam)
464{
465        RADIX_NODE_HEAD_RLOCK_TRACKER;
466        struct netexport *nep;
467        struct netcred *np = NULL;
468        struct radix_node_head *rnh;
469        struct sockaddr *saddr;
470
471        nep = mp->mnt_export;
472        if (nep == NULL)
473                return (NULL);
474        if ((mp->mnt_flag & MNT_EXPORTED) == 0)
475                return (NULL);
476
477        /*
478         * Lookup in the export list
479         */
480        if (nam != NULL) {
481                saddr = nam;
482                rnh = NULL;
483                switch (saddr->sa_family) {
484                case AF_INET:
485                        rnh = nep->ne4;
486                        break;
487                case AF_INET6:
488                        rnh = nep->ne6;
489                        break;
490                }
491                if (rnh != NULL) {
492                        RADIX_NODE_HEAD_RLOCK(rnh);
493                        np = (struct netcred *) (*rnh->rnh_matchaddr)(saddr, &rnh->rh);
494                        RADIX_NODE_HEAD_RUNLOCK(rnh);
495                        if (np != NULL && (np->netc_rnodes->rn_flags & RNF_ROOT) != 0)
496                                return (NULL);
497                }
498        }
499
500        /*
501         * If no address match, use the default if it exists.
502         */
503        if (np == NULL && (mp->mnt_flag & MNT_DEFEXPORTED) != 0)
504                return (&nep->ne_defexported);
505
506        return (np);
507}
508
509/*
510 * XXX: This comment comes from the deprecated ufs_check_export()
511 * XXX: and may not entirely apply, but lacking something better:
512 * This is the generic part of fhtovp called after the underlying
513 * filesystem has validated the file handle.
514 *
515 * Verify that a host should have access to a filesystem.
516 */
517
518int
519vfs_stdcheckexp(struct mount *mp, struct sockaddr *nam, int *extflagsp,
520    struct ucred **credanonp, int *numsecflavors, int **secflavors)
521{
522        struct netcred *np;
523
524        lockmgr(&mp->mnt_explock, LK_SHARED, NULL);
525        np = vfs_export_lookup(mp, nam);
526        if (np == NULL) {
527                lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
528                *credanonp = NULL;
529                return (EACCES);
530        }
531        *extflagsp = np->netc_exflags;
532        if ((*credanonp = np->netc_anon) != NULL)
533                crhold(*credanonp);
534        if (numsecflavors)
535                *numsecflavors = np->netc_numsecflavors;
536        if (secflavors)
537                *secflavors = np->netc_secflavors;
538        lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
539        return (0);
540}
541
Note: See TracBrowser for help on using the repository browser.