4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved.
27 #include <sys/param.h>
28 #include <sys/errno.h>
30 #include <sys/vnode.h>
32 #include <sys/cmn_err.h>
33 #include <sys/systm.h>
35 #include <sys/pathname.h>
36 #include <sys/utsname.h>
37 #include <sys/debug.h>
40 #include <sys/thread.h>
42 #include <rpc/types.h>
47 #include <nfs/export.h>
48 #include <nfs/nfs_clnt.h>
51 #define EQADDR(a1, a2) \
52 (bcmp((char *)(a1)->buf, (char *)(a2)->buf, (a1)->len) == 0 && \
53 (a1)->len == (a2)->len)
55 static struct knetconfig auth_knconf
;
56 static servinfo_t svp
;
59 static struct kmem_cache
*exi_cache_handle
;
60 static void exi_cache_reclaim(void *);
61 static void exi_cache_trim(struct exportinfo
*exi
);
63 extern pri_t minclsyspri
;
65 int nfsauth_cache_hit
;
66 int nfsauth_cache_miss
;
67 int nfsauth_cache_refresh
;
68 int nfsauth_cache_reclaim
;
71 * The lifetime of an auth cache entry:
72 * ------------------------------------
74 * An auth cache entry is created with both the auth_time
75 * and auth_freshness times set to the current time.
77 * Upon every client access which results in a hit, the
78 * auth_time will be updated.
80 * If a client access determines that the auth_freshness
81 * indicates that the entry is STALE, then it will be
82 * refreshed. Note that this will explicitly reset
85 * When the REFRESH successfully occurs, then the
86 * auth_freshness is updated.
88 * There are two ways for an entry to leave the cache:
90 * 1) Purged by an action on the export (remove or changed)
91 * 2) Memory backpressure from the kernel (check against NFSAUTH_CACHE_TRIM)
93 * For 2) we check the timeout value against auth_time.
97 * Number of seconds until we mark for refresh an auth cache entry.
99 #define NFSAUTH_CACHE_REFRESH 600
102 * Number of idle seconds until we yield to backpressure
103 * to trim a cache entry.
105 #define NFSAUTH_CACHE_TRIM 3600
108 * While we could encapuslate the exi_list inside the
109 * exi structure, we can't do that for the auth_list.
110 * So, to keep things looking clean, we keep them both
111 * in these external lists.
113 typedef struct refreshq_exi_node
{
114 struct exportinfo
*ren_exi
;
116 list_node_t ren_node
;
117 } refreshq_exi_node_t
;
119 typedef struct refreshq_auth_node
{
120 struct auth_cache
*ran_auth
;
121 list_node_t ran_node
;
122 } refreshq_auth_node_t
;
125 * Used to manipulate things on the refreshq_queue.
126 * Note that the refresh thread will effectively
127 * pop a node off of the queue, at which point it
128 * will no longer need to hold the mutex.
130 static kmutex_t refreshq_lock
;
131 static list_t refreshq_queue
;
132 static kcondvar_t refreshq_cv
;
135 * A list_t would be overkill. These are auth_cache
136 * entries which are no longer linked to an exi.
137 * It should be the case that all of their states
138 * are NFS_AUTH_INVALID.
140 * I.e., the only way to be put on this list is
141 * iff their state indicated that they had been placed
142 * on the refreshq_queue.
144 * Note that while there is no link from the exi or
145 * back to the exi, the exi can not go away until
146 * these entries are harvested.
148 static struct auth_cache
*refreshq_dead_entries
;
151 * If there is ever a problem with loading the
152 * module, then nfsauth_fini() needs to be called
153 * to remove state. In that event, since the
154 * refreshq thread has been started, they need to
155 * work together to get rid of state.
157 typedef enum nfsauth_refreshq_thread_state
{
158 REFRESHQ_THREAD_RUNNING
,
159 REFRESHQ_THREAD_FINI_REQ
,
160 REFRESHQ_THREAD_HALTED
161 } nfsauth_refreshq_thread_state_t
;
163 nfsauth_refreshq_thread_state_t
164 refreshq_thread_state
= REFRESHQ_THREAD_HALTED
;
166 static void nfsauth_free_node(struct auth_cache
*);
167 static void nfsauth_remove_dead_entry(struct auth_cache
*);
168 static void nfsauth_refresh_thread(void);
171 * mountd is a server-side only daemon. This will need to be
172 * revisited if the NFS server is ever made zones-aware.
174 kmutex_t mountd_lock
;
175 door_handle_t mountd_dh
;
178 mountd_args(uint_t did
)
180 mutex_enter(&mountd_lock
);
181 if (mountd_dh
!= NULL
)
182 door_ki_rele(mountd_dh
);
183 mountd_dh
= door_ki_lookup(did
);
184 mutex_exit(&mountd_lock
);
191 * mountd can be restarted by smf(5). We need to make sure
192 * the updated door handle will safely make it to mountd_dh
194 mutex_init(&mountd_lock
, NULL
, MUTEX_DEFAULT
, NULL
);
196 mutex_init(&refreshq_lock
, NULL
, MUTEX_DEFAULT
, NULL
);
197 list_create(&refreshq_queue
, sizeof (refreshq_exi_node_t
),
198 offsetof(refreshq_exi_node_t
, ren_node
));
199 refreshq_dead_entries
= NULL
;
201 cv_init(&refreshq_cv
, NULL
, CV_DEFAULT
, NULL
);
204 * Allocate nfsauth cache handle
206 exi_cache_handle
= kmem_cache_create("exi_cache_handle",
207 sizeof (struct auth_cache
), 0, NULL
, NULL
,
208 exi_cache_reclaim
, NULL
, NULL
, 0);
210 refreshq_thread_state
= REFRESHQ_THREAD_RUNNING
;
211 (void) zthread_create(NULL
, 0, nfsauth_refresh_thread
,
212 NULL
, 0, minclsyspri
);
216 * Finalization routine for nfsauth. It is important to call this routine
217 * before destroying the exported_lock.
222 refreshq_exi_node_t
*ren
;
223 refreshq_auth_node_t
*ran
;
224 struct auth_cache
*p
;
225 struct auth_cache
*auth_next
;
228 * Prevent the refreshq_thread from getting new
231 mutex_enter(&refreshq_lock
);
232 if (refreshq_thread_state
!= REFRESHQ_THREAD_HALTED
) {
233 refreshq_thread_state
= REFRESHQ_THREAD_FINI_REQ
;
234 cv_broadcast(&refreshq_cv
);
237 * Also, wait for nfsauth_refresh_thread() to exit.
239 while (refreshq_thread_state
!= REFRESHQ_THREAD_HALTED
) {
240 cv_wait(&refreshq_cv
, &refreshq_lock
);
245 * Walk the exi_list and in turn, walk the
248 while ((ren
= list_remove_head(&refreshq_queue
))) {
249 while ((ran
= list_remove_head(&ren
->ren_authlist
))) {
250 kmem_free(ran
, sizeof (refreshq_auth_node_t
));
253 list_destroy(&ren
->ren_authlist
);
254 exi_rele(ren
->ren_exi
);
255 kmem_free(ren
, sizeof (refreshq_exi_node_t
));
259 * Okay, now that the lists are deleted, we
260 * need to see if there are any dead entries
263 for (p
= refreshq_dead_entries
; p
!= NULL
; p
= auth_next
) {
264 auth_next
= p
->auth_next
;
265 nfsauth_free_node(p
);
268 mutex_exit(&refreshq_lock
);
270 list_destroy(&refreshq_queue
);
272 cv_destroy(&refreshq_cv
);
273 mutex_destroy(&refreshq_lock
);
275 mutex_destroy(&mountd_lock
);
278 * Deallocate nfsauth cache handle
280 kmem_cache_destroy(exi_cache_handle
);
284 * Convert the address in a netbuf to
285 * a hash index for the auth_cache table.
288 hash(struct netbuf
*a
)
292 for (i
= 0; i
< a
->len
; i
++)
295 return (h
& (AUTH_TABLESIZE
- 1));
299 * Mask out the components of an
300 * address that do not identify
301 * a host. For socket addresses the
302 * masking gets rid of the port number.
305 addrmask(struct netbuf
*addr
, struct netbuf
*mask
)
309 for (i
= 0; i
< addr
->len
; i
++)
310 addr
->buf
[i
] &= mask
->buf
[i
];
314 * nfsauth4_access is used for NFS V4 auth checking. Besides doing
315 * the common nfsauth_access(), it will check if the client can
316 * have a limited access to this vnode even if the security flavor
317 * used does not meet the policy.
320 nfsauth4_access(struct exportinfo
*exi
, vnode_t
*vp
, struct svc_req
*req
,
321 cred_t
*cr
, uid_t
*uid
, gid_t
*gid
, uint_t
*ngids
, gid_t
**gids
)
325 access
= nfsauth_access(exi
, req
, cr
, uid
, gid
, ngids
, gids
);
328 * There are cases that the server needs to allow the client
329 * to have a limited view.
332 * /export is shared as "sec=sys,rw=dfs-test-4,sec=krb5,rw"
333 * /export/home is shared as "sec=sys,rw"
335 * When the client mounts /export with sec=sys, the client
336 * would get a limited view with RO access on /export to see
337 * "home" only because the client is allowed to access
338 * /export/home with auth_sys.
340 if (access
& NFSAUTH_DENIED
|| access
& NFSAUTH_WRONGSEC
) {
342 * Allow ro permission with LIMITED view if there is a
343 * sub-dir exported under vp.
345 if (has_visible(exi
, vp
))
346 return (NFSAUTH_LIMITED
);
353 sys_log(const char *msg
)
355 static time_t tstamp
= 0;
359 * msg is shown (at most) once per minute
361 now
= gethrestime_sec();
362 if ((tstamp
+ 60) < now
) {
364 cmn_err(CE_WARN
, msg
);
369 * Callup to the mountd to get access information in the kernel.
372 nfsauth_retrieve(struct exportinfo
*exi
, char *req_netid
, int flavor
,
373 struct netbuf
*addr
, int *access
, uid_t clnt_uid
, gid_t clnt_gid
,
374 uint_t clnt_gids_cnt
, const gid_t
*clnt_gids
, uid_t
*srv_uid
,
375 gid_t
*srv_gid
, uint_t
*srv_gids_cnt
, gid_t
**srv_gids
)
378 nfsauth_res_t res
= {0};
389 * No entry in the cache for this client/flavor
390 * so we need to call the nfsauth service in the
395 varg
.arg_u
.arg
.cmd
= NFSAUTH_ACCESS
;
396 varg
.arg_u
.arg
.areq
.req_client
.n_len
= addr
->len
;
397 varg
.arg_u
.arg
.areq
.req_client
.n_bytes
= addr
->buf
;
398 varg
.arg_u
.arg
.areq
.req_netid
= req_netid
;
399 varg
.arg_u
.arg
.areq
.req_path
= exi
->exi_export
.ex_path
;
400 varg
.arg_u
.arg
.areq
.req_flavor
= flavor
;
401 varg
.arg_u
.arg
.areq
.req_clnt_uid
= clnt_uid
;
402 varg
.arg_u
.arg
.areq
.req_clnt_gid
= clnt_gid
;
403 varg
.arg_u
.arg
.areq
.req_clnt_gids
.len
= clnt_gids_cnt
;
404 varg
.arg_u
.arg
.areq
.req_clnt_gids
.val
= (gid_t
*)clnt_gids
;
406 DTRACE_PROBE1(nfsserv__func__nfsauth__varg
, varg_t
*, &varg
);
409 * Setup the XDR stream for encoding the arguments. Notice that
410 * in addition to the args having variable fields (req_netid and
411 * req_path), the argument data structure is itself versioned,
412 * so we need to make sure we can size the arguments buffer
413 * appropriately to encode all the args. If we can't get sizing
414 * info _or_ properly encode the arguments, there's really no
415 * point in continuting, so we fail the request.
417 if ((absz
= xdr_sizeof(xdr_varg
, &varg
)) == 0) {
418 *access
= NFSAUTH_DENIED
;
422 abuf
= (caddr_t
)kmem_alloc(absz
, KM_SLEEP
);
423 xdrmem_create(&xdrs
, abuf
, absz
, XDR_ENCODE
);
424 if (!xdr_varg(&xdrs
, &varg
)) {
431 * Prepare the door arguments
433 * We don't know the size of the message the daemon
434 * will pass back to us. By setting rbuf to NULL,
435 * we force the door code to allocate a buf of the
436 * appropriate size. We must set rsize > 0, however,
437 * else the door code acts as if no response was
438 * expected and doesn't pass the data to us.
440 da
.data_ptr
= (char *)abuf
;
448 mutex_enter(&mountd_lock
);
452 mutex_exit(&mountd_lock
);
456 * The rendezvous point has not been established yet!
457 * This could mean that either mountd(1m) has not yet
458 * been started or that _this_ routine nuked the door
459 * handle after receiving an EINTR for a REVOKED door.
461 * Returning NFSAUTH_DROP will cause the NFS client
462 * to retransmit the request, so let's try to be more
463 * rescillient and attempt for ntries before we bail.
465 if (++ntries
% NFSAUTH_DR_TRYCNT
) {
470 kmem_free(abuf
, absz
);
472 sys_log("nfsauth: mountd has not established door");
473 *access
= NFSAUTH_DROP
;
480 * Now that we've got what we need, place the call.
482 switch (door_ki_upcall_limited(dh
, &da
, NULL
, SIZE_MAX
, 0)) {
483 case 0: /* Success */
486 if (da
.data_ptr
== NULL
&& da
.data_size
== 0) {
488 * The door_return that contained the data
489 * failed! We're here because of the 2nd
490 * door_return (w/o data) such that we can
491 * get control of the thread (and exit
494 DTRACE_PROBE1(nfsserv__func__nfsauth__door__nil
,
503 * Server out of resources; back off for a bit
511 if (!door_ki_info(dh
, &di
)) {
514 if (di
.di_attributes
& DOOR_REVOKED
) {
516 * The server barfed and revoked
517 * the (existing) door on us; we
518 * want to wait to give smf(5) a
519 * chance to restart mountd(1m)
520 * and establish a new door handle.
522 mutex_enter(&mountd_lock
);
523 if (dh
== mountd_dh
) {
524 door_ki_rele(mountd_dh
);
527 mutex_exit(&mountd_lock
);
532 * If the door was _not_ revoked on us,
533 * then more than likely we took an INTR,
534 * so we need to fail the operation.
539 * The only failure that can occur from getting
540 * the door info is EINVAL, so we let the code
549 * If we have a stale door handle, give smf a last
550 * chance to start it by sleeping for a little bit.
551 * If we're still hosed, we'll fail the call.
553 * Since we're going to reacquire the door handle
554 * upon the retry, we opt to sleep for a bit and
555 * _not_ to clear mountd_dh. If mountd restarted
556 * and was able to set mountd_dh, we should see
557 * the new instance; if not, we won't get caught
558 * up in the retry/DELAY loop.
566 sys_log("nfsauth: stale mountd door handle");
570 ASSERT(da
.rbuf
!= NULL
);
573 * No door errors encountered; setup the XDR stream for decoding
574 * the results. If we fail to decode the results, we've got no
575 * other recourse than to fail the request.
577 xdrmem_create(&xdrs
, da
.rbuf
, da
.rsize
, XDR_DECODE
);
578 if (!xdr_nfsauth_res(&xdrs
, &res
)) {
579 xdr_free(xdr_nfsauth_res
, (char *)&res
);
581 kmem_free(da
.rbuf
, da
.rsize
);
585 kmem_free(da
.rbuf
, da
.rsize
);
587 DTRACE_PROBE1(nfsserv__func__nfsauth__results
, nfsauth_res_t
*, &res
);
589 case NFSAUTH_DR_OKAY
:
590 *access
= res
.ares
.auth_perm
;
591 *srv_uid
= res
.ares
.auth_srv_uid
;
592 *srv_gid
= res
.ares
.auth_srv_gid
;
593 *srv_gids_cnt
= res
.ares
.auth_srv_gids
.len
;
594 *srv_gids
= kmem_alloc(*srv_gids_cnt
* sizeof (gid_t
),
596 bcopy(res
.ares
.auth_srv_gids
.val
, *srv_gids
,
597 *srv_gids_cnt
* sizeof (gid_t
));
600 case NFSAUTH_DR_EFAIL
:
601 case NFSAUTH_DR_DECERR
:
602 case NFSAUTH_DR_BADCMD
:
604 xdr_free(xdr_nfsauth_res
, (char *)&res
);
606 *access
= NFSAUTH_DENIED
;
607 kmem_free(abuf
, absz
);
612 xdr_free(xdr_nfsauth_res
, (char *)&res
);
613 kmem_free(abuf
, absz
);
619 nfsauth_refresh_thread(void)
621 refreshq_exi_node_t
*ren
;
622 refreshq_auth_node_t
*ran
;
624 struct exportinfo
*exi
;
631 CALLB_CPR_INIT(&cprinfo
, &refreshq_lock
, callb_generic_cpr
,
635 mutex_enter(&refreshq_lock
);
636 if (refreshq_thread_state
!= REFRESHQ_THREAD_RUNNING
) {
637 /* Keep the hold on the lock! */
641 ren
= list_remove_head(&refreshq_queue
);
643 CALLB_CPR_SAFE_BEGIN(&cprinfo
);
644 cv_wait(&refreshq_cv
, &refreshq_lock
);
645 CALLB_CPR_SAFE_END(&cprinfo
, &refreshq_lock
);
646 mutex_exit(&refreshq_lock
);
649 mutex_exit(&refreshq_lock
);
655 * Since the ren was removed from the refreshq_queue above,
656 * this is the only thread aware about the ren existence, so we
657 * have the exclusive ownership of it and we do not need to
658 * protect it by any lock.
660 while ((ran
= list_remove_head(&ren
->ren_authlist
))) {
664 struct auth_cache
*p
= ran
->ran_auth
;
667 kmem_free(ran
, sizeof (refreshq_auth_node_t
));
670 * We are shutting down. No need to refresh
671 * entries which are about to be nuked.
673 * So just throw them away until we are done
674 * with this exi node...
676 if (refreshq_thread_state
!= REFRESHQ_THREAD_RUNNING
)
679 mutex_enter(&p
->auth_lock
);
682 * Make sure the state is valid now that
683 * we have the lock. Note that once we
684 * change the state to NFS_AUTH_REFRESHING,
685 * no other thread will be able to work on
688 if (p
->auth_state
!= NFS_AUTH_STALE
) {
690 * Once it goes INVALID, it can not
693 if (p
->auth_state
== NFS_AUTH_INVALID
) {
694 mutex_exit(&p
->auth_lock
);
695 nfsauth_remove_dead_entry(p
);
697 mutex_exit(&p
->auth_lock
);
702 p
->auth_state
= NFS_AUTH_REFRESHING
;
703 mutex_exit(&p
->auth_lock
);
705 DTRACE_PROBE2(nfsauth__debug__cache__refresh
,
706 struct exportinfo
*, exi
,
707 struct auth_cache
*, p
);
710 * The first caching of the access rights
711 * is done with the netid pulled out of the
712 * request from the client. All subsequent
713 * users of the cache may or may not have
714 * the same netid. It doesn't matter. So
715 * when we refresh, we simply use the netid
716 * of the request which triggered the
719 ASSERT(p
->auth_netid
!= NULL
);
721 retrieval
= nfsauth_retrieve(exi
, p
->auth_netid
,
722 p
->auth_flavor
, &p
->auth_addr
, &access
,
723 p
->auth_clnt_uid
, p
->auth_clnt_gid
,
724 p
->auth_clnt_ngids
, p
->auth_clnt_gids
,
725 &p
->auth_srv_uid
, &p
->auth_srv_gid
, &ngids
, &gids
);
728 * This can only be set in one other place
729 * and the state has to be NFS_AUTH_FRESH.
731 kmem_free(p
->auth_netid
, strlen(p
->auth_netid
) + 1);
732 p
->auth_netid
= NULL
;
734 mutex_enter(&p
->auth_lock
);
735 if (p
->auth_state
== NFS_AUTH_INVALID
) {
736 mutex_exit(&p
->auth_lock
);
737 nfsauth_remove_dead_entry(p
);
738 if (retrieval
== TRUE
)
739 kmem_free(gids
, ngids
* sizeof (gid_t
));
742 * If we got an error, do not reset the
743 * time. This will cause the next access
744 * check for the client to reschedule this
747 if (retrieval
== TRUE
) {
748 p
->auth_access
= access
;
750 kmem_free(p
->auth_srv_gids
,
751 p
->auth_srv_ngids
* sizeof (gid_t
));
752 p
->auth_srv_ngids
= ngids
;
753 p
->auth_srv_gids
= gids
;
755 p
->auth_freshness
= gethrestime_sec();
757 p
->auth_state
= NFS_AUTH_FRESH
;
758 mutex_exit(&p
->auth_lock
);
762 list_destroy(&ren
->ren_authlist
);
763 exi_rele(ren
->ren_exi
);
764 kmem_free(ren
, sizeof (refreshq_exi_node_t
));
767 refreshq_thread_state
= REFRESHQ_THREAD_HALTED
;
768 cv_broadcast(&refreshq_cv
);
769 CALLB_CPR_EXIT(&cprinfo
);
774 * Get the access information from the cache or callup to the mountd
775 * to get and cache the access information in the kernel.
778 nfsauth_cache_get(struct exportinfo
*exi
, struct svc_req
*req
, int flavor
,
779 cred_t
*cr
, uid_t
*uid
, gid_t
*gid
, uint_t
*ngids
, gid_t
**gids
)
781 struct netbuf
*taddrmask
;
783 struct netbuf
*claddr
;
784 struct auth_cache
**head
;
785 struct auth_cache
*p
;
786 struct auth_cache
*prev
= NULL
;
790 refreshq_exi_node_t
*ren
;
791 refreshq_auth_node_t
*ran
;
801 * Now check whether this client already
802 * has an entry for this flavor in the cache
804 * Get the caller's address, mask off the
805 * parts of the address that do not identify
806 * the host (port number, etc), and then hash
807 * it to find the chain of cache entries.
810 claddr
= svc_getrpccaller(req
->rq_xprt
);
812 addr
.buf
= kmem_alloc(addr
.len
, KM_SLEEP
);
813 bcopy(claddr
->buf
, addr
.buf
, claddr
->len
);
814 SVC_GETADDRMASK(req
->rq_xprt
, SVC_TATTR_ADDRMASK
, (void **)&taddrmask
);
815 ASSERT(taddrmask
!= NULL
);
817 addrmask(&addr
, taddrmask
);
819 rw_enter(&exi
->exi_cache_lock
, RW_READER
);
820 head
= &exi
->exi_cache
[hash(&addr
)];
821 for (p
= *head
; p
; p
= p
->auth_next
) {
822 if (EQADDR(&addr
, &p
->auth_addr
) && flavor
== p
->auth_flavor
&&
823 crgetuid(cr
) == p
->auth_clnt_uid
&&
824 crgetgid(cr
) == p
->auth_clnt_gid
)
831 * In a case the client's supplemental groups changed we need
832 * to discard the auth_cache entry and re-retrieve it.
834 mutex_enter(&p
->auth_lock
);
835 if (p
->auth_clnt_ngids
!= crgetngroups(cr
) ||
836 bcmp(p
->auth_clnt_gids
, crgetgroups(cr
),
837 p
->auth_clnt_ngids
* sizeof (gid_t
))) {
838 auth_state_t prev_state
= p
->auth_state
;
840 p
->auth_state
= NFS_AUTH_INVALID
;
841 mutex_exit(&p
->auth_lock
);
843 if (prev_state
== NFS_AUTH_FRESH
) {
844 if (rw_tryupgrade(&exi
->exi_cache_lock
) == 0) {
845 struct auth_cache
*tmp
;
847 rw_exit(&exi
->exi_cache_lock
);
848 rw_enter(&exi
->exi_cache_lock
,
852 for (tmp
= *head
; tmp
!= NULL
;
853 tmp
= tmp
->auth_next
) {
861 exi
->exi_cache
[hash(&addr
)] =
864 prev
->auth_next
= p
->auth_next
;
866 nfsauth_free_node(p
);
871 mutex_exit(&p
->auth_lock
);
875 refresh
= gethrestime_sec() - p
->auth_freshness
;
876 DTRACE_PROBE2(nfsauth__debug__cache__hit
,
877 int, nfsauth_cache_hit
,
880 mutex_enter(&p
->auth_lock
);
881 if ((refresh
> NFSAUTH_CACHE_REFRESH
) &&
882 p
->auth_state
== NFS_AUTH_FRESH
) {
883 p
->auth_state
= NFS_AUTH_STALE
;
884 mutex_exit(&p
->auth_lock
);
886 ASSERT(p
->auth_netid
== NULL
);
888 strdup(svc_getnetid(req
->rq_xprt
));
890 nfsauth_cache_refresh
++;
892 DTRACE_PROBE3(nfsauth__debug__cache__stale
,
893 struct exportinfo
*, exi
,
894 struct auth_cache
*, p
,
895 int, nfsauth_cache_refresh
);
897 ran
= kmem_alloc(sizeof (refreshq_auth_node_t
),
901 mutex_enter(&refreshq_lock
);
903 * We should not add a work queue
904 * item if the thread is not
907 if (refreshq_thread_state
== REFRESHQ_THREAD_RUNNING
) {
909 * Is there an existing exi_list?
911 for (ren
= list_head(&refreshq_queue
);
913 ren
= list_next(&refreshq_queue
, ren
)) {
914 if (ren
->ren_exi
== exi
) {
916 &ren
->ren_authlist
, ran
);
923 sizeof (refreshq_exi_node_t
),
929 list_create(&ren
->ren_authlist
,
930 sizeof (refreshq_auth_node_t
),
931 offsetof(refreshq_auth_node_t
,
934 list_insert_tail(&ren
->ren_authlist
,
936 list_insert_tail(&refreshq_queue
, ren
);
939 cv_broadcast(&refreshq_cv
);
941 kmem_free(ran
, sizeof (refreshq_auth_node_t
));
944 mutex_exit(&refreshq_lock
);
946 mutex_exit(&p
->auth_lock
);
949 access
= p
->auth_access
;
951 *uid
= p
->auth_srv_uid
;
953 *gid
= p
->auth_srv_gid
;
954 if (ngids
!= NULL
&& gids
!= NULL
) {
955 *ngids
= p
->auth_srv_ngids
;
956 *gids
= kmem_alloc(*ngids
* sizeof (gid_t
), KM_SLEEP
);
957 bcopy(p
->auth_srv_gids
, *gids
, *ngids
* sizeof (gid_t
));
960 p
->auth_time
= gethrestime_sec();
962 rw_exit(&exi
->exi_cache_lock
);
963 kmem_free(addr
.buf
, addr
.len
);
969 rw_exit(&exi
->exi_cache_lock
);
971 nfsauth_cache_miss
++;
973 if (!nfsauth_retrieve(exi
, svc_getnetid(req
->rq_xprt
), flavor
,
974 &addr
, &access
, crgetuid(cr
), crgetgid(cr
), crgetngroups(cr
),
975 crgetgroups(cr
), &tmpuid
, &tmpgid
, &tmpngids
, &tmpgids
)) {
976 kmem_free(addr
.buf
, addr
.len
);
977 if (ngids
!= NULL
&& gids
!= NULL
) {
988 if (ngids
!= NULL
&& gids
!= NULL
) {
993 * We need a copy of gids for the auth_cache entry
995 tmpgids
= kmem_alloc(tmpngids
* sizeof (gid_t
), KM_NOSLEEP
);
997 bcopy(*gids
, tmpgids
, tmpngids
* sizeof (gid_t
));
1001 * Now cache the result on the cache chain
1002 * for this export (if there's enough memory)
1004 p
= kmem_cache_alloc(exi_cache_handle
, KM_NOSLEEP
);
1006 p
->auth_clnt_gids
= kmem_alloc(
1007 crgetngroups(cr
) * sizeof (gid_t
), KM_NOSLEEP
);
1008 if (p
!= NULL
&& (tmpngids
== 0 || tmpgids
!= NULL
) &&
1009 (crgetngroups(cr
) == 0 || p
->auth_clnt_gids
!= NULL
)) {
1010 p
->auth_addr
= addr
;
1011 p
->auth_flavor
= flavor
;
1012 p
->auth_clnt_uid
= crgetuid(cr
);
1013 p
->auth_clnt_gid
= crgetgid(cr
);
1014 p
->auth_clnt_ngids
= crgetngroups(cr
);
1015 bcopy(crgetgroups(cr
), p
->auth_clnt_gids
,
1016 p
->auth_clnt_ngids
* sizeof (gid_t
));
1017 p
->auth_srv_uid
= tmpuid
;
1018 p
->auth_srv_gid
= tmpgid
;
1019 p
->auth_srv_ngids
= tmpngids
;
1020 p
->auth_srv_gids
= tmpgids
;
1021 p
->auth_access
= access
;
1022 p
->auth_time
= p
->auth_freshness
= gethrestime_sec();
1023 p
->auth_state
= NFS_AUTH_FRESH
;
1024 p
->auth_netid
= NULL
;
1025 mutex_init(&p
->auth_lock
, NULL
, MUTEX_DEFAULT
, NULL
);
1027 rw_enter(&exi
->exi_cache_lock
, RW_WRITER
);
1028 p
->auth_next
= *head
;
1030 rw_exit(&exi
->exi_cache_lock
);
1032 kmem_free(addr
.buf
, addr
.len
);
1033 if (tmpgids
!= NULL
)
1034 kmem_free(tmpgids
, tmpngids
* sizeof (gid_t
));
1036 if (p
->auth_clnt_gids
!= NULL
)
1037 kmem_free(p
->auth_clnt_gids
,
1038 crgetngroups(cr
) * sizeof (gid_t
));
1039 kmem_cache_free(exi_cache_handle
, p
);
1047 * Check if the requesting client has access to the filesystem with
1048 * a given nfs flavor number which is an explicitly shared flavor.
1051 nfsauth4_secinfo_access(struct exportinfo
*exi
, struct svc_req
*req
,
1052 int flavor
, int perm
, cred_t
*cr
)
1056 if (! (perm
& M_4SEC_EXPORTED
)) {
1057 return (NFSAUTH_DENIED
);
1061 * Optimize if there are no lists
1063 if ((perm
& (M_ROOT
| M_NONE
| M_MAP
)) == 0) {
1064 perm
&= ~M_4SEC_EXPORTED
;
1066 return (NFSAUTH_RO
);
1068 return (NFSAUTH_RW
);
1071 access
= nfsauth_cache_get(exi
, req
, flavor
, cr
, NULL
, NULL
, NULL
,
1078 nfsauth_access(struct exportinfo
*exi
, struct svc_req
*req
, cred_t
*cr
,
1079 uid_t
*uid
, gid_t
*gid
, uint_t
*ngids
, gid_t
**gids
)
1081 int access
, mapaccess
;
1083 int i
, flavor
, perm
;
1084 int authnone_entry
= -1;
1087 * Get the nfs flavor number from xprt.
1089 flavor
= (int)(uintptr_t)req
->rq_xprt
->xp_cookie
;
1092 * First check the access restrictions on the filesystem. If
1093 * there are no lists associated with this flavor then there's no
1094 * need to make an expensive call to the nfsauth service or to
1098 sp
= exi
->exi_export
.ex_secinfo
;
1099 for (i
= 0; i
< exi
->exi_export
.ex_seccnt
; i
++) {
1100 if (flavor
!= sp
[i
].s_secinfo
.sc_nfsnum
) {
1101 if (sp
[i
].s_secinfo
.sc_nfsnum
== AUTH_NONE
)
1110 if (i
>= exi
->exi_export
.ex_seccnt
) {
1112 * Flavor not found, but use AUTH_NONE if it exists
1114 if (authnone_entry
== -1)
1115 return (NFSAUTH_DENIED
);
1117 mapaccess
= NFSAUTH_MAPNONE
;
1122 * By default root is mapped to anonymous user.
1123 * This might get overriden later in nfsauth_cache_get().
1125 if (crgetuid(cr
) == 0) {
1127 *uid
= exi
->exi_export
.ex_anon
;
1129 *gid
= exi
->exi_export
.ex_anon
;
1132 *uid
= crgetuid(cr
);
1134 *gid
= crgetgid(cr
);
1143 * If the flavor is in the ex_secinfo list, but not an explicitly
1144 * shared flavor by the user, it is a result of the nfsv4 server
1145 * namespace setup. We will grant an RO permission similar for
1146 * a pseudo node except that this node is a shared one.
1148 * e.g. flavor in (flavor) indicates that it is not explictly
1149 * shared by the user:
1153 * export #share -o sec=sys (krb5)
1155 * secure #share -o sec=krb5
1157 * In this case, when a krb5 request coming in to access
1158 * /export, RO permission is granted.
1160 if (!(sp
[i
].s_flags
& M_4SEC_EXPORTED
))
1161 return (mapaccess
| NFSAUTH_RO
);
1164 * Optimize if there are no lists.
1165 * We cannot optimize for AUTH_SYS with NGRPS (16) supplemental groups.
1167 perm
= sp
[i
].s_flags
;
1168 if ((perm
& (M_ROOT
| M_NONE
| M_MAP
)) == 0 && (ngroups_max
<= NGRPS
||
1169 flavor
!= AUTH_SYS
|| crgetngroups(cr
) < NGRPS
)) {
1170 perm
&= ~M_4SEC_EXPORTED
;
1172 return (mapaccess
| NFSAUTH_RO
);
1174 return (mapaccess
| NFSAUTH_RW
);
1177 access
= nfsauth_cache_get(exi
, req
, flavor
, cr
, uid
, gid
, ngids
, gids
);
1180 * For both NFSAUTH_DENIED and NFSAUTH_WRONGSEC we do not care about
1181 * the supplemental groups.
1183 if (access
& NFSAUTH_DENIED
|| access
& NFSAUTH_WRONGSEC
) {
1184 if (ngids
!= NULL
&& gids
!= NULL
) {
1185 kmem_free(*gids
, *ngids
* sizeof (gid_t
));
1192 * Client's security flavor doesn't match with "ro" or
1193 * "rw" list. Try again using AUTH_NONE if present.
1195 if ((access
& NFSAUTH_WRONGSEC
) && (flavor
!= AUTH_NONE
)) {
1197 * Have we already encountered AUTH_NONE ?
1199 if (authnone_entry
!= -1) {
1200 mapaccess
= NFSAUTH_MAPNONE
;
1201 access
= nfsauth_cache_get(exi
, req
, AUTH_NONE
, cr
,
1202 NULL
, NULL
, NULL
, NULL
);
1205 * Check for AUTH_NONE presence.
1207 for (; i
< exi
->exi_export
.ex_seccnt
; i
++) {
1208 if (sp
[i
].s_secinfo
.sc_nfsnum
== AUTH_NONE
) {
1209 mapaccess
= NFSAUTH_MAPNONE
;
1210 access
= nfsauth_cache_get(exi
, req
,
1211 AUTH_NONE
, cr
, NULL
, NULL
, NULL
,
1219 if (access
& NFSAUTH_DENIED
)
1220 access
= NFSAUTH_DENIED
;
1222 return (access
| mapaccess
);
1226 nfsauth_free_node(struct auth_cache
*p
)
1228 if (p
->auth_netid
!= NULL
)
1229 kmem_free(p
->auth_netid
, strlen(p
->auth_netid
) + 1);
1230 kmem_free(p
->auth_addr
.buf
, p
->auth_addr
.len
);
1231 kmem_free(p
->auth_clnt_gids
, p
->auth_clnt_ngids
* sizeof (gid_t
));
1232 kmem_free(p
->auth_srv_gids
, p
->auth_srv_ngids
* sizeof (gid_t
));
1233 mutex_destroy(&p
->auth_lock
);
1234 kmem_cache_free(exi_cache_handle
, p
);
1238 * Remove the dead entry from the refreshq_dead_entries
1242 nfsauth_remove_dead_entry(struct auth_cache
*dead
)
1244 struct auth_cache
*p
;
1245 struct auth_cache
*prev
;
1246 struct auth_cache
*next
;
1248 mutex_enter(&refreshq_lock
);
1250 for (p
= refreshq_dead_entries
; p
!= NULL
; p
= next
) {
1251 next
= p
->auth_next
;
1255 refreshq_dead_entries
= next
;
1257 prev
->auth_next
= next
;
1259 nfsauth_free_node(dead
);
1265 mutex_exit(&refreshq_lock
);
1269 * Free the nfsauth cache for a given export
1272 nfsauth_cache_free(struct exportinfo
*exi
)
1275 struct auth_cache
*p
, *next
;
1277 for (i
= 0; i
< AUTH_TABLESIZE
; i
++) {
1278 for (p
= exi
->exi_cache
[i
]; p
; p
= next
) {
1279 next
= p
->auth_next
;
1282 * The only way we got here
1283 * was with an exi_rele, which
1284 * means that no auth cache entry
1285 * is being refreshed.
1287 nfsauth_free_node(p
);
1293 * Called by the kernel memory allocator when
1294 * memory is low. Free unused cache entries.
1295 * If that's not enough, the VM system will
1296 * call again for some more.
1300 exi_cache_reclaim(void *cdrarg
)
1303 struct exportinfo
*exi
;
1305 rw_enter(&exported_lock
, RW_READER
);
1307 for (i
= 0; i
< EXPTABLESIZE
; i
++) {
1308 for (exi
= exptable
[i
]; exi
; exi
= exi
->fid_hash
.next
) {
1309 exi_cache_trim(exi
);
1312 nfsauth_cache_reclaim
++;
1314 rw_exit(&exported_lock
);
1318 exi_cache_trim(struct exportinfo
*exi
)
1320 struct auth_cache
*p
;
1321 struct auth_cache
*prev
, *next
;
1325 stale_time
= gethrestime_sec() - NFSAUTH_CACHE_TRIM
;
1327 rw_enter(&exi
->exi_cache_lock
, RW_WRITER
);
1329 for (i
= 0; i
< AUTH_TABLESIZE
; i
++) {
1332 * Free entries that have not been
1333 * used for NFSAUTH_CACHE_TRIM seconds.
1336 for (p
= exi
->exi_cache
[i
]; p
; p
= next
) {
1337 next
= p
->auth_next
;
1338 if (p
->auth_time
> stale_time
) {
1343 mutex_enter(&p
->auth_lock
);
1344 DTRACE_PROBE1(nfsauth__debug__trim__state
,
1345 auth_state_t
, p
->auth_state
);
1347 if (p
->auth_state
!= NFS_AUTH_FRESH
) {
1348 p
->auth_state
= NFS_AUTH_INVALID
;
1349 mutex_exit(&p
->auth_lock
);
1351 mutex_enter(&refreshq_lock
);
1352 p
->auth_next
= refreshq_dead_entries
;
1353 refreshq_dead_entries
= p
;
1354 mutex_exit(&refreshq_lock
);
1356 mutex_exit(&p
->auth_lock
);
1357 nfsauth_free_node(p
);
1361 exi
->exi_cache
[i
] = next
;
1363 prev
->auth_next
= next
;
1367 rw_exit(&exi
->exi_cache_lock
);