| blob | 66dff710dd00ae07469bbd49cc9d48ede34ea8c0 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 */
26 /*
27 * Copyright 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T.
28 * All rights reserved.
29 */
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/time.h>
35 #include <sys/vfs.h>
36 #include <sys/vnode.h>
37 #include <sys/socket.h>
38 #include <sys/errno.h>
39 #include <sys/uio.h>
40 #include <sys/proc.h>
41 #include <sys/user.h>
42 #include <sys/file.h>
43 #include <sys/tiuser.h>
44 #include <sys/kmem.h>
45 #include <sys/pathname.h>
46 #include <sys/debug.h>
47 #include <sys/vtrace.h>
48 #include <sys/cmn_err.h>
49 #include <sys/acl.h>
50 #include <sys/utsname.h>
51 #include <sys/sdt.h>
52 #include <netinet/in.h>
54 #include <rpc/types.h>
55 #include <rpc/auth.h>
56 #include <rpc/svc.h>
58 #include <nfs/nfs.h>
59 #include <nfs/export.h>
60 #include <nfs/nfssys.h>
61 #include <nfs/nfs_clnt.h>
62 #include <nfs/nfs_acl.h>
63 #include <nfs/nfs_log.h>
64 #include <nfs/lm.h>
65 #include <sys/sunddi.h>
66 #include <sys/pkp_hash.h>
86 #ifdef VOLATILE_FH_TEST
92 /*
93 * exported_lock Read/Write lock that protects the exportinfo list.
94 * This lock must be held when searching or modifiying
95 * the exportinfo list.
96 */
97 krwlock_t exported_lock;
99 /*
100 * "public" and default (root) location for public filehandle
101 */
108 /*
109 * macro for static dtrace probes to trace server namespace ref count mods.
110 */
111 #define SECREF_TRACE(seclist, tag, flav, aftcnt) \
112 DTRACE_PROBE4(nfss__i__nmspc__secref, struct secinfo *, (seclist), \
113 char *, (tag), int, (int)(flav), int, (int)(aftcnt))
116 #define exptablehash(fsid, fid) (nfs_fhhash((fsid), (fid)) & (EXPTABLESIZE - 1))
118 static uint8_t
120 {
127 }
129 /*
130 * File handle hash function, XOR over all bytes in fsid and fid.
131 */
132 static unsigned
134 {
140 /*
141 * Sanity check the length before using it
142 * blindly in case the client trashed it.
143 */
148 }
150 /*
151 * Free the memory allocated within a secinfo entry.
152 */
153 void
155 {
160 }
169 }
170 }
172 /*
173 * Free a list of secinfo allocated in the exportdata structure.
174 */
175 void
177 {
187 }
189 /*
190 * Allocate and copy a secinfo data from "from" to "to".
191 *
192 * This routine is used by srv_secinfo_add() to add a new flavor to an
193 * ancestor's export node. The rootnames are not copied because the
194 * allowable rootname access only applies to the explicit exported node,
195 * not its ancestor's.
196 *
197 * "to" should have already been allocated and zeroed before calling
198 * this routine.
199 *
200 * This routine is used under the protection of exported_lock (RW_WRITER).
201 */
202 void
204 {
215 /* copy mechanism oid */
222 KM_SLEEP);
226 }
230 /* no need to copy the mode bits - s_flags */
231 }
233 /*
234 * Create a secinfo array without duplicates. The condensed
235 * flavor list is used to propagate flavor ref counts to an
236 * export's ancestor pseudonodes.
237 */
238 static int
240 {
258 }
260 /*
261 * The structure copy below also copys ptrs embedded
262 * within struct secinfo. The ptrs are copied but
263 * they are never freed from the nodups array. If
264 * an ancestor's secinfo array doesn't contain one
265 * of the nodups flavors, then the entry is properly
266 * copied into the ancestor's secinfo array.
267 * (see srv_secinfo_copy)
268 */
271 ncnt++;
272 }
273 }
275 }
277 /*
278 * Add the new security flavors from newdata to the current list, pcursec.
279 * Upon return, *pcursec has the newly merged secinfo list.
280 *
281 * There should be at least 1 secinfo entry in newsec.
282 *
283 * This routine is used under the protection of exported_lock (RW_WRITER).
284 */
285 static void
288 {
310 tcnt--;
312 }
313 }
314 }
321 /* move current secinfo list data to the new list */
325 /* Add the flavor that's not in the current data */
332 }
334 /* This is the one. Add it. */
344 mcnt++;
345 }
346 }
350 /*
351 * Done. Update curdata. Free the old secinfo list in
352 * curdata and return the new sec array info
353 */
358 }
360 /*
361 * For NFS V4.
362 * Remove the security data of the unexported node from its ancestors.
363 * Assume there is at least one flavor entry in the current sec list
364 * (pcursec).
365 *
366 * This routine is used under the protection of exported_lock (RW_WRITER).
367 *
368 * Every element of remsec is an explicitly exported flavor. If
369 * srv_secinfo_remove() is called fom an exportfs error path, then
370 * the flavor list was derived from the user's share cmdline,
371 * and all flavors are explicit. If it was called from the unshare path,
372 * build_seclist_nodups() was called with the exponly flag.
373 */
374 static void
377 {
389 /*
390 * At unshare/reshare time, only explicitly shared flavor ref
391 * counts are decremented and propagated to ancestors.
392 * Implicit flavor refs came from shared descendants, and
393 * they must be kept.
394 */
402 /*
403 * Decrement secinfo reference count by 1.
404 * If this entry is invalid after decrementing
405 * the count (i.e. count < 1), this entry will
406 * be removed.
407 */
417 tcnt--;
419 }
420 }
421 }
432 }
436 /* walk thru the given secinfo list to remove the flavors */
443 mcnt++;
444 }
445 }
448 /*
449 * Done. Update curdata.
450 * Free the existing secinfo list in curdata. All pointers
451 * within the list have either been moved to msec or freed
452 * if it's invalid.
453 */
457 }
460 /*
461 * For the reshare case, sec flavor accounting happens in 3 steps:
462 * 1) propagate addition of new flavor refs up the ancestor tree
463 * 2) transfer flavor refs of descendants to new/reshared exportdata
464 * 3) propagate removal of old flavor refs up the ancestor tree
465 *
466 * srv_secinfo_exp2exp() implements step 2 of a reshare. At this point,
467 * the new flavor list has already been propagated up through the
468 * ancestor tree via srv_secinfo_treeclimb().
469 *
470 * If there is more than 1 export reference to an old flavor (i.e. some
471 * of its children shared with this flavor), this flavor information
472 * needs to be transferred to the new exportdata struct. A flavor in
473 * the old exportdata has descendant refs when its s_refcnt > 1 or it
474 * is implicitly shared (M_SEC4_EXPORTED not set in s_flags).
475 *
476 * SEC_REF_EXPORTED() is only true when M_SEC4_EXPORTED is set
477 * SEC_REF_SELF() is only true when both M_SEC4_EXPORTED is set and s_refcnt==1
478 *
479 * Transferring descendant flavor refcnts happens in 2 passes:
480 * a) flavors used before (oldsecinfo) and after (curdata->ex_secinfo) reshare
481 * b) flavors used before but not after reshare
482 *
483 * This routine is used under the protection of exported_lock (RW_WRITER).
484 */
485 void
487 {
498 /*
499 * If the oldsecinfo has flavors with more than 1 reference count
500 * and the flavor is specified in the reshare, transfer the flavor
501 * refs to the new seclist (curdata.ex_secinfo).
502 */
508 tcnt--;
510 }
516 /*
517 * add old reference to the current
518 * secinfo count
519 */
523 /*
524 * Delete the old export flavor
525 * reference. The initial reference
526 * was created during srv_secinfo_add,
527 * and the count is decremented below
528 * to account for the initial reference.
529 */
540 tcnt--;
542 }
543 }
544 }
549 /*
550 * oldsecinfo has flavors referenced by its children that are not
551 * in the current (new) export flavor list. Add these flavors.
552 */
555 /* move current secinfo list data to the new list */
559 /*
560 * Add the flavor that's not in the new export, but still
561 * referenced by its children.
562 */
570 }
572 /*
573 * This is the one. Add it. Decrement the ref count
574 * by 1 if the flavor is an explicitly shared flavor
575 * for the oldsecinfo export node.
576 */
588 mcnt++;
589 }
590 }
591 }
594 /*
595 * Done. Update curdata, free the existing secinfo list in
596 * curdata and set the new value.
597 */
602 }
604 /*
605 * When unsharing an old export node and the old node becomes a pseudo node,
606 * if there is more than 1 export reference to an old flavor (i.e. some of
607 * its children shared with this flavor), this flavor information needs to
608 * be transferred to the new shared node.
609 *
610 * This routine is used under the protection of exported_lock (RW_WRITER).
611 */
612 void
614 {
624 /*
625 * If the olddata has flavors with more than 1 reference count,
626 * transfer the information to the curdata.
627 */
632 tcnt--;
633 }
644 /*
645 * Decrement the reference count by 1 if the flavor is
646 * an explicitly shared flavor for the olddata export
647 * node.
648 */
659 mcnt++;
660 }
661 }
664 /*
665 * Done. Update curdata.
666 * Free up the existing secinfo list in curdata and
667 * set the new value.
668 */
671 }
673 /*
674 * Find for given treenode the exportinfo which has its
675 * exp_visible linked on its exi_visible list.
676 *
677 * Note: We could add new pointer either to treenode or
678 * to exp_visible, which will point there directly.
679 * This would buy some speed for some memory.
680 */
681 exportinfo_t *
683 {
691 }
692 }
696 }
698 /*
699 * For NFS V4.
700 * Add or remove the newly exported or unexported security flavors of the
701 * given exportinfo from its ancestors upto the system root.
702 */
703 void
705 {
714 /*
715 * If flavors are being added and the new export root isn't
716 * also VROOT, its implicitly allowed flavors are inherited from
717 * from its pseudonode.
718 * Note - for VROOT exports the implicitly allowed flavors were
719 * transferred from the PSEUDO export in exportfs()
720 */
726 }
728 /*
729 * Move to parent node and propagate sec flavor
730 * to exportinfo and to visible structures.
731 */
736 /* If there is exportinfo, update it */
744 is_pseudo);
745 else
747 }
749 /* Update every visible - only root node has no visible */
755 FALSE);
756 else
758 }
760 }
761 }
763 /* hash_name is a text substitution for either fid_hash or path_hash */
764 #define exp_hash_unlink(exi, hash_name) \
765 if (*(exi)->hash_name.bckt == (exi)) \
766 *(exi)->hash_name.bckt = (exi)->hash_name.next; \
767 if ((exi)->hash_name.prev) \
768 (exi)->hash_name.prev->hash_name.next = (exi)->hash_name.next; \
769 if ((exi)->hash_name.next) \
770 (exi)->hash_name.next->hash_name.prev = (exi)->hash_name.prev; \
771 (exi)->hash_name.bckt = NULL;
773 #define exp_hash_link(exi, hash_name, bucket) \
774 (exi)->hash_name.bckt = (bucket); \
775 (exi)->hash_name.prev = NULL; \
776 (exi)->hash_name.next = *(bucket); \
777 if ((exi)->hash_name.next) \
778 (exi)->hash_name.next->hash_name.prev = (exi); \
779 *(bucket) = (exi);
781 void
783 {
792 }
794 /*
795 * Initialization routine for export routines. Should only be called once.
796 */
797 int
799 {
804 /*
805 * Allocate the place holder for the public file handle, which
806 * is all zeroes. It is initially set to the root filesystem.
807 */
828 }
830 /* setup the fhandle template */
837 /*
838 * Publish the exportinfo in the hash table
839 */
846 }
848 /*
849 * Finalization routine for export routines. Called to cleanup previously
850 * initialization work when the NFS server module could not be loaded correctly.
851 */
852 void
854 {
855 /*
856 * Deallocate the place holder for the public file handle.
857 */
864 }
866 /*
867 * Check if 2 gss mechanism identifiers are the same.
868 *
869 * return FALSE if not the same.
870 * return TRUE if the same.
871 */
872 static bool_t
874 {
882 }
884 /*
885 * This routine is used by rpc to map rpc security number
886 * to nfs specific security flavor number.
887 *
888 * The gss callback prototype is
889 * callback(struct svc_req *, gss_cred_id_t *, gss_ctx_id_t *,
890 * rpc_gss_lock_t *, void **),
891 * since nfs does not use the gss_cred_id_t/gss_ctx_id_t arguments
892 * we cast them to void.
893 */
894 /*ARGSUSED*/
895 bool_t
898 {
903 /*
904 * We don't deal with delegated credentials.
905 */
924 /*
925 * If there is a map of the triplet
926 * (mechanism, service, qop) between
927 * raw_cred and the exported flavor,
928 * get the psudo flavor number.
929 * Also qop should not be NULL, it
930 * should be "default" or something
931 * else.
932 */
947 }
948 }
949 }
951 }
952 }
953 done:
956 /*
957 * If no nfs pseudo number mapping can be found in the export
958 * table, assign the nfsflavor to NFS_FLAVOR_NOMAP. In V4, we may
959 * recover the flavor mismatch from NFS layer (NFS4ERR_WRONGSEC).
960 *
961 * For example:
962 * server first shares with krb5i;
963 * client mounts with krb5i;
964 * server re-shares with krb5p;
965 * client tries with krb5i, but no mapping can be found;
966 * rpcsec_gss module calls this routine to do the mapping,
967 * if this routine fails, request is rejected from
968 * the rpc layer.
969 * What we need is to let the nfs layer rejects the request.
970 * For V4, we can reject with NFS4ERR_WRONGSEC and the client
971 * may recover from it by getting the new flavor via SECINFO.
972 *
973 * nfs pseudo number for RPCSEC_GSS mapping (see nfssec.conf)
974 * is owned by IANA (see RFC 2623).
975 *
976 * XXX NFS_FLAVOR_NOMAP is defined in Solaris to work around
977 * the implementation issue. This number should not overlap with
978 * any new IANA defined pseudo flavor numbers.
979 */
986 }
989 /*
990 * Exportfs system call; credentials should be checked before
991 * calling this function.
992 */
993 int
995 {
1001 fid_t fid;
1002 fsid_t fsid;
1007 rpc_gss_callback_t cb;
1024 /* Read in pathname from userspace */
1028 /* Walk the export list looking for that pathname */
1037 }
1038 }
1042 /* Is this an unshare? */
1050 }
1052 /* It is a share or a re-share */
1056 /*
1057 * if fname resolves to / we get EINVAL error
1058 * since we wanted the parent vnode. Try again
1059 * with NULL dvp.
1060 */
1064 }
1066 /* Last component of fname not found */
1070 }
1076 }
1078 /*
1079 * 'vp' may be an AUTOFS node, so we perform a
1080 * VOP_ACCESS() to trigger the mount of the
1081 * intended filesystem, so we can share the intended
1082 * filesystem instead of the AUTOFS filesystem.
1083 */
1086 /*
1087 * We're interested in the top most filesystem.
1088 * This is specially important when uap->dname is a trigger
1089 * AUTOFS node, since we're really interested in sharing the
1090 * filesystem AUTOFS mounted as result of the VOP_ACCESS()
1091 * call not the AUTOFS node itself.
1092 */
1102 }
1103 }
1105 /* Do not allow sharing another vnode for already shared path */
1113 }
1117 /*
1118 * Get the vfs id
1119 */
1129 /*
1130 * If VOP_FID returns ENOSPC then the fid supplied
1131 * is too small. For now we simply return EREMOTE.
1132 */
1137 }
1139 /*
1140 * Do not allow re-sharing a shared vnode under a different path
1141 * PSEUDO export has ex_path fabricated, e.g. "/tmp (pseudo)", skip it.
1142 */
1157 }
1158 }
1173 /*
1174 * Initialize auth cache lock
1175 */
1178 /*
1179 * Build up the template fhandle
1180 */
1185 }
1194 /*
1195 * Load in everything, and do sanity checking
1196 */
1202 }
1211 }
1213 /*
1214 * Must have at least one security entry
1215 */
1220 }
1233 /*
1234 * Copy the exported pathname into
1235 * an appropriately sized buffer.
1236 */
1242 }
1248 /*
1249 * Get the path to the logging buffer and the tag
1250 */
1258 }
1271 }
1276 }
1278 /*
1279 * Load the security information for each flavor
1280 */
1287 }
1289 /*
1290 * All of these nested structures need to be converted to
1291 * the kernel native format.
1292 */
1326 }
1330 }
1334 /*
1335 * And now copy rootnames for each individual secinfo.
1336 */
1347 }
1348 }
1351 rpc_gss_OID mech_tmp;
1353 caddr_t elements_tmp;
1355 /* Copyin mechanism type */
1363 }
1374 }
1377 allocd_seccnt++;
1381 allocd_seccnt++;
1382 }
1384 /*
1385 * Init the secinfo reference count and mark these flavors
1386 * explicitly exported flavors.
1387 */
1391 }
1393 /*
1394 * Set up rpcsec_gss callback routine entry if any.
1395 */
1403 }
1410 }
1411 }
1413 /*
1414 * Check the index flag. Do this here to avoid holding the
1415 * lock while dealing with the index option (as we do with
1416 * the public option).
1417 */
1422 }
1425 }
1430 }
1432 /*
1433 * Insert the new entry at the front of the export list
1434 */
1440 /*
1441 * Check the rest of the list for an old entry for the fs.
1442 * If one is found then unlink it, wait until this is the
1443 * only reference and then free it.
1444 */
1449 }
1450 }
1452 /*
1453 * If the public filehandle is pointing at the
1454 * old entry, then point it back at the root.
1455 */
1459 /*
1460 * If the public flag is on, make the global exi_public
1461 * point to this entry and turn off the public bit so that
1462 * we can distinguish it from the place holder export.
1463 */
1467 }
1469 #ifdef VOLATILE_FH_TEST
1470 /*
1471 * Set up the volatile_id value if volatile on share.
1472 * The list of volatile renamed filehandles is always destroyed,
1473 * if the fs was reshared.
1474 */
1481 /*
1482 * If this is a new export, then climb up
1483 * the tree and check if any pseudo exports
1484 * need to be created to provide a path for
1485 * NFS v4 clients.
1486 */
1492 /* If it's a re-export update namespace tree */
1495 }
1497 /*
1498 * build a unique flavor list from the flavors specified
1499 * in the share cmd. unique means that each flavor only
1500 * appears once in the secinfo list -- no duplicates allowed.
1501 */
1506 /*
1507 * If re-sharing an old export entry, update the secinfo data
1508 * depending on if the old entry is a pseudo node or not.
1509 */
1513 /*
1514 * The dir being shared is a pseudo export root (which
1515 * will be transformed into a real export root). The
1516 * flavor(s) of the new share were propagated to the
1517 * ancestors by srv_secinfo_treeclimb() above. Now
1518 * transfer the implicit flavor refs from the old
1519 * pseudo exprot root to the new (real) export root.
1520 */
1524 /*
1525 * First transfer implicit flavor refs to new export.
1526 * Remove old flavor refs last.
1527 */
1530 }
1531 }
1533 /*
1534 * If it's a re-export and the old entry has a pseudonode list,
1535 * transfer it to the new export.
1536 */
1540 }
1546 /*
1547 * Log share operation to this buffer only.
1548 */
1550 }
1557 out7:
1558 /* Unlink the new export in exptable. */
1562 out6:
1565 out5:
1566 /* free partially completed allocation */
1570 }
1575 }
1577 out4:
1580 out3:
1583 out2:
1585 out1:
1593 }
1595 /*
1596 * Remove the exportinfo from the export list
1597 */
1598 void
1600 {
1605 }
1607 /*
1608 * Unexport an exported filesystem
1609 */
1610 static int
1612 {
1618 /* Check if exi is still linked in the export table */
1622 }
1626 /*
1627 * Remove security flavors before treeclimb_unexport() is called
1628 * because srv_secinfo_treeclimb needs the namespace tree
1629 */
1634 /*
1635 * If there's a visible list, then need to leave
1636 * a pseudo export here to retain the visible list
1637 * for paths to exports below.
1638 */
1646 /* interconnect the existing treenode with the new exportinfo */
1651 }
1655 /*
1656 * Need to call into the NFSv4 server and release all data
1657 * held on this particular export. This is important since
1658 * the v4 server may be holding file locks or vnodes under
1659 * this export.
1660 */
1663 /*
1664 * Notify the lock manager that the filesystem is being
1665 * unexported.
1666 */
1669 /*
1670 * If this was a public export, restore
1671 * the public filehandle to the root.
1672 */
1677 }
1681 }
1685 }
1687 /*
1688 * Get file handle system call.
1689 * Takes file name and returns a file handle for it.
1690 * Credentials must be verified before calling.
1691 */
1692 int
1694 {
1695 nfs_fh3 fh;
1706 #ifdef lint
1708 #endif
1715 /*
1716 * if fname resolves to / we get EINVAL error
1717 * since we wanted the parent vnode. Try again
1718 * with NULL dvp.
1719 */
1723 }
1725 /*
1726 * Last component of fname not found
1727 */
1730 }
1732 }
1736 /*
1737 * 'vp' may be an AUTOFS node, so we perform a
1738 * VOP_ACCESS() to trigger the mount of the
1739 * intended filesystem, so we can share the intended
1740 * filesystem instead of the AUTOFS filesystem.
1741 */
1744 /*
1745 * We're interested in the top most filesystem.
1746 * This is specially important when uap->dname is a trigger
1747 * AUTOFS node, since we're really interested in sharing the
1748 * filesystem AUTOFS mounted as result of the VOP_ACCESS()
1749 * call not the AUTOFS node itself.
1750 */
1757 }
1758 }
1781 /*
1782 * For backwards compatibility, the
1783 * fid length may be less than
1784 * NFS_FHMAXDATA, but it was always
1785 * encoded as NFS_FHMAXDATA bytes.
1786 */
1798 }
1810 }
1811 }
1812 /*
1813 * If we need to do NFS logging, the filehandle
1814 * must be downsized to 32 bytes.
1815 */
1833 }
1834 }
1838 }
1845 }
1846 }
1850 }
1852 }
1854 /*
1855 * Strategy: if vp is in the export list, then
1856 * return the associated file handle. Otherwise, ".."
1857 * once up the vp and try again, until the root of the
1858 * filesystem is reached.
1859 */
1863 {
1864 fid_t fid;
1872 }
1881 /*
1882 * If vop_fid_pseudo returns ENOSPC then the fid
1883 * supplied is too small. For now we simply
1884 * return EREMOTE.
1885 */
1889 }
1893 else
1897 /*
1898 * Found the export info
1899 */
1901 }
1903 /*
1904 * We have just failed finding a matching export.
1905 * If we're at the root of this filesystem, then
1906 * it's time to stop (with failure).
1907 */
1911 }
1916 /*
1917 * Now, do a ".." up vp. If dvp is supplied, use it,
1918 * otherwise, look it up.
1919 */
1925 }
1929 }
1933 }
1938 }
1940 }
1942 int
1944 {
1948 /*
1949 * Get the nfs flavor number from xprt.
1950 */
1958 }
1960 }
1962 /*
1963 * Make an fhandle from a vnode
1964 */
1965 int
1967 {
1974 /*
1975 * Should be something other than EREMOTE
1976 */
1978 }
1980 }
1982 /*
1983 * This routine makes an overloaded V2 fhandle which contains
1984 * sec modes.
1985 *
1986 * Note that the first four octets contain the length octet,
1987 * the status octet, and two padded octets to make them XDR
1988 * four-octet aligned.
1989 *
1990 * 1 2 3 4 32
1991 * +---+---+---+---+---+---+---+---+ +---+---+---+---+ +---+
1992 * | l | s | | | sec_1 |...| sec_n |...| |
1993 * +---+---+---+---+---+---+---+---+ +---+---+---+---+ +---+
1994 *
1995 * where
1996 *
1997 * the status octet s indicates whether there are more security
1998 * flavors (1 means yes, 0 means no) that require the client to
1999 * perform another 0x81 LOOKUP to get them,
2000 *
2001 * the length octet l is the length describing the number of
2002 * valid octets that follow. (l = 4 * n, where n is the number
2003 * of security flavors sent in the current overloaded filehandle.)
2004 *
2005 * sec_index should always be in the inclusive range: [1 - ex_seccnt],
2006 * and it tells server where to start within the secinfo array.
2007 * Usually it will always be 1; however, if more flavors are used
2008 * for the public export than can be encoded in the overloaded FH
2009 * (7 for NFS2), subsequent SNEGO MCLs will have a larger index
2010 * so the server will pick up where it left off from the previous
2011 * MCL reply.
2012 *
2013 * With NFS4 support, implicitly allowed flavors are also in
2014 * the secinfo array; however, they should not be returned in
2015 * SNEGO MCL replies.
2016 */
2017 int
2019 {
2027 /*
2028 * WebNFS clients need to know the unique set of explicitly
2029 * shared flavors in used for the public export. When
2030 * "TRUE" is passed to build_seclist_nodups(), only explicitly
2031 * shared flavors are included in the list.
2032 */
2042 /*
2043 * Encode the length octet representing the number of
2044 * security flavors (in bytes) in this overloaded fh.
2045 */
2048 /*
2049 * Encode the status octet that indicates whether there
2050 * are more security flavors the client needs to get.
2051 */
2054 /*
2055 * put security flavors in the overloaded fh
2056 */
2061 }
2063 }
2065 /*
2066 * Make an nfs_fh3 from a vnode
2067 */
2068 int
2070 {
2072 fid_t fid;
2095 }
2097 /*
2098 * This routine makes an overloaded V3 fhandle which contains
2099 * sec modes.
2100 *
2101 * 1 4
2102 * +--+--+--+--+
2103 * | len |
2104 * +--+--+--+--+
2105 * up to 64
2106 * +--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+
2107 * |s | | | | sec_1 | sec_2 | ... | sec_n |
2108 * +--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+
2109 *
2110 * len = 4 * (n+1), where n is the number of security flavors
2111 * sent in the current overloaded filehandle.
2112 *
2113 * the status octet s indicates whether there are more security
2114 * mechanisms (1 means yes, 0 means no) that require the client
2115 * to perform another 0x81 LOOKUP to get them.
2116 *
2117 * Three octets are padded after the status octet.
2118 */
2119 int
2121 {
2129 /*
2130 * WebNFS clients need to know the unique set of explicitly
2131 * shared flavors in used for the public export. When
2132 * "TRUE" is passed to build_seclist_nodups(), only explicitly
2133 * shared flavors are included in the list.
2134 */
2144 /*
2145 * Place the length in fh3_length representing the number
2146 * of security flavors (in bytes) in this overloaded fh.
2147 */
2152 /*
2153 * Encode the status octet that indicates whether there
2154 * are more security flavors the client needs to get.
2155 */
2158 /*
2159 * put security flavors in the overloaded fh
2160 */
2165 }
2167 }
2169 /*
2170 * Make an nfs_fh4 from a vnode
2171 */
2172 int
2174 {
2177 fid_t fid;
2181 /*
2182 * vop_fid_pseudo() is used to set up NFSv4 namespace, so
2183 * use vop_fid_pseudo() here to get the fid instead of VOP_FID.
2184 */
2205 #ifdef VOLATILE_FH_TEST
2206 /*
2207 * XXX (temporary?)
2208 * Use the rnode volatile_id value to add volatility to the fh.
2209 *
2210 * For testing purposes there are currently two scenarios, based
2211 * on whether the filesystem was shared with "volatile_fh"
2212 * or "expire_on_rename". In the first case, use the value of
2213 * export struct share_time as the volatile_id. In the second
2214 * case use the vnode volatile_id value (which is set to the
2215 * time in which the file was renamed).
2216 *
2217 * Note that the above are temporary constructs for testing only
2218 * XXX
2219 */
2226 }
2230 }
2232 /*
2233 * Convert an fhandle into a vnode.
2234 * Uses the file id (fh_len + fh_data) in the fhandle to get the vnode.
2235 * WARNING: users of this routine must do a VN_RELE on the vnode when they
2236 * are done with it.
2237 */
2238 vnode_t *
2240 {
2253 }
2262 }
2266 }
2277 }
2281 }
2283 /*
2284 * Convert an fhandle into a vnode.
2285 * Uses the file id (fh_len + fh_data) in the fhandle to get the vnode.
2286 * WARNING: users of this routine must do a VN_RELE on the vnode when they
2287 * are done with it.
2288 * This is just like nfs_fhtovp() but without the exportinfo argument.
2289 */
2291 vnode_t *
2293 {
2308 }
2310 /*
2311 * Convert an nfs_fh3 into a vnode.
2312 * Uses the file id (fh_len + fh_data) in the file handle to get the vnode.
2313 * WARNING: users of this routine must do a VN_RELE on the vnode when they
2314 * are done with it.
2315 */
2316 vnode_t *
2318 {
2335 }
2350 }
2352 /*
2353 * Convert an nfs_fh3 into a vnode.
2354 * Uses the file id (fh_len + fh_data) in the file handle to get the vnode.
2355 * WARNING: users of this routine must do a VN_RELE on the vnode when they
2356 * are done with it.
2357 * BTW: This is just like nfs3_fhtovp() but without the exportinfo arg.
2358 * Also, vfsp is accessed through getvfs() rather using exportinfo !!
2359 */
2361 vnode_t *
2363 {
2384 }
2386 /*
2387 * Convert an nfs_fh4 into a vnode.
2388 * Uses the file id (fh_len + fh_data) in the file handle to get the vnode.
2389 * WARNING: users of this routine must do a VN_RELE on the vnode when they
2390 * are done with it.
2391 */
2392 vnode_t *
2394 {
2400 #ifdef VOLATILE_FH_TEST
2407 }
2410 /* caller should have checked this */
2418 #ifdef VOLATILE_FH_TEST
2419 /* XXX check if volatile - should be changed later */
2421 /*
2422 * Filesystem is shared with volatile filehandles
2423 */
2426 else
2432 }
2433 }
2434 /*
2435 * XXX even if test_volatile_fh false, the fh may contain a
2436 * volatile id if obtained when the test was set.
2437 */
2442 /*
2443 * If we can not get vp from VFS_VGET, perhaps this is
2444 * an nfs v2/v3/v4 node in an nfsv4 pseudo filesystem.
2445 * Check it out.
2446 */
2453 }
2454 /* XXX - disgusting hack */
2459 }
2461 /*
2462 * Find the export structure associated with the given filesystem.
2463 * If found, then increment the ref count (exi_count).
2464 */
2467 {
2475 /*
2476 * If this is the place holder for the
2477 * public file handle, then return the
2478 * real export entry for the public file
2479 * handle.
2480 */
2483 }
2488 }
2489 }
2492 }
2495 /*
2496 * "old school" version of checkexport() for NFS4. NFS4
2497 * rfs4_compound holds exported_lock for duration of compound
2498 * processing. This version doesn't manipulate exi_count
2499 * since NFS4 breaks fundamental assumptions in the exi_count
2500 * design.
2501 */
2504 {
2513 /*
2514 * If this is the place holder for the
2515 * public file handle, then return the
2516 * real export entry for the public file
2517 * handle.
2518 */
2521 }
2523 /*
2524 * If vp is given, check if vp is the
2525 * same vnode as the exported node.
2526 *
2527 * Since VOP_FID of a lofs node returns the
2528 * fid of its real node (ufs), the exported
2529 * node for lofs and (pseudo) ufs may have
2530 * the same fsid and fid.
2531 */
2534 }
2535 }
2538 }
2540 /*
2541 * Free an entire export list node
2542 */
2543 void
2545 {
2562 /*
2563 * if there is a character set mapping cached, clean it up.
2564 */
2573 }
2581 }
2588 #ifdef VOLATILE_FH_TEST
2597 }
2599 /*
2600 * load the index file from user space into kernel space.
2601 */
2602 static int
2604 {
2609 /*
2610 * copyinstr copies the complete string including the NULL and
2611 * returns the len with the NULL byte included in the calculation
2612 * as long as the max length is not exceeded.
2613 */
2621 }
2623 void
2625 {
2629 }
2631 /*
2632 * When a thread completes using exi, it should call exi_rele().
2633 * exi_rele() decrements exi_count. It releases exi if exi_count == 0, i.e.
2634 * if this is the last user of exi and exi is not on exportinfo list anymore
2635 */
2636 void
2638 {
2646 }
2648 #ifdef VOLATILE_FH_TEST
2649 /*
2650 * Test for volatile fh's - add file handle to list and set its volatile id
2651 * to time it was renamed. If EX_VOLFH is also on and the fs is reshared,
2652 * the vol_rename queue is purged.
2653 *
2654 * XXX This code is for unit testing purposes only... To correctly use it, it
2655 * needs to tie a rename list to the export struct and (more
2656 * important), protect access to the exi rename list using a write lock.
2657 */
2659 /*
2660 * get the fh vol record if it's in the volatile on rename list. Don't check
2661 * volatile_id in the file handle - compare only the file handles.
2662 */
2665 {
2669 /* XXX shouldn't we assert &exported_lock held? */
2674 }
2680 }
2682 }
2684 /*
2685 * get the volatile id for the fh (if there is - else return 0). Ignore the
2686 * volatile_id in the file handle - compare only the file handles.
2687 */
2688 static uint32_t
2690 {
2700 }
2702 /*
2703 * Free the volatile on rename list - will be called if a filesystem is
2704 * unshared or reshared without EX_VOLRNM
2705 */
2706 static void
2708 {
2711 /* no need to hold mutex lock - this one is called from exportfree */
2715 }
2717 }
2719 /*
2720 * Add a file handle to the volatile on rename list.
2721 */
2722 void
2724 {
2727 nfs_fh4 fh4;
2734 }
2745 }
2749 }