2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
8 * Rick Macklem at The University of Guelph.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/cdefs.h>
37 #include "opt_inet6.h"
38 #include "opt_kgssapi.h"
39 #include "opt_kern_tls.h"
41 #include <fs/nfs/nfsport.h>
44 #include <rpc/rpcsec_gss.h>
45 #include <rpc/rpcsec_tls.h>
47 #include <fs/nfsserver/nfs_fha_new.h>
49 #include <security/mac/mac_framework.h>
53 char *nfsrv_zeropnfsdat = NULL;
56 * Mapping of old NFS Version 2 RPC numbers to generic numbers.
58 int newnfs_nfsv3_procid[NFS_V3NPROCS] = {
83 SYSCTL_DECL(_vfs_nfsd);
85 NFSD_VNET_DEFINE_STATIC(int, nfs_privport) = 0;
86 SYSCTL_INT(_vfs_nfsd, OID_AUTO, nfs_privport, CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN,
87 &NFSD_VNET_NAME(nfs_privport), 0,
88 "Only allow clients using a privileged port for NFSv2, 3 and 4");
90 NFSD_VNET_DEFINE_STATIC(int, nfs_minvers) = NFS_VER2;
91 SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_min_nfsvers,
92 CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN, &NFSD_VNET_NAME(nfs_minvers), 0,
93 "The lowest version of NFS handled by the server");
95 NFSD_VNET_DEFINE_STATIC(int, nfs_maxvers) = NFS_VER4;
96 SYSCTL_INT(_vfs_nfsd, OID_AUTO, server_max_nfsvers,
97 CTLFLAG_NFSD_VNET | CTLFLAG_RWTUN, &NFSD_VNET_NAME(nfs_maxvers), 0,
98 "The highest version of NFS handled by the server");
100 static int nfs_proc(struct nfsrv_descript *, u_int32_t, SVCXPRT *xprt,
101 struct nfsrvcache **);
103 extern u_long sb_max_adj;
104 extern int newnfs_numnfsd;
105 extern time_t nfsdev_time;
106 extern int nfsrv_writerpc[NFS_NPROCS];
107 extern volatile int nfsrv_devidcnt;
108 extern struct nfsv4_opflag nfsv4_opflag[NFSV42_NOPS];
109 extern int nfsd_debuglevel;
111 NFSD_VNET_DECLARE(struct proc *, nfsd_master_proc);
113 NFSD_VNET_DEFINE(SVCPOOL *, nfsrvd_pool);
114 NFSD_VNET_DEFINE(int, nfsrv_numnfsd) = 0;
115 NFSD_VNET_DEFINE(struct nfsv4lock, nfsd_suspend_lock);
117 NFSD_VNET_DEFINE_STATIC(bool, nfsrvd_inited) = false;
120 * NFS server system calls
124 nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
126 struct nfsrv_descript nd;
127 struct nfsrvcache *rp = NULL;
128 rpc_gss_rawcred_t *rcredp;
129 int cacherep, credflavor, i, j;
135 NFSD_CURVNET_SET_QUIET(NFSD_TD_TO_VNET(curthread));
136 memset(&nd, 0, sizeof(nd));
137 if (rqst->rq_vers == NFS_VER2) {
138 if (rqst->rq_proc > NFSV2PROC_STATFS ||
139 newnfs_nfsv3_procid[rqst->rq_proc] == NFSPROC_NOOP) {
144 nd.nd_procnum = newnfs_nfsv3_procid[rqst->rq_proc];
145 nd.nd_flag = ND_NFSV2;
146 } else if (rqst->rq_vers == NFS_VER3) {
147 if (rqst->rq_proc >= NFS_V3NPROCS) {
152 nd.nd_procnum = rqst->rq_proc;
153 nd.nd_flag = ND_NFSV3;
155 if (rqst->rq_proc != NFSPROC_NULL &&
156 rqst->rq_proc != NFSV4PROC_COMPOUND) {
161 nd.nd_procnum = rqst->rq_proc;
162 nd.nd_flag = ND_NFSV4;
166 * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 -
167 * NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP
170 nd.nd_mrep = rqst->rq_args;
171 rqst->rq_args = NULL;
172 newnfs_realign(&nd.nd_mrep, M_WAITOK);
173 nd.nd_md = nd.nd_mrep;
174 nd.nd_dpos = mtod(nd.nd_md, caddr_t);
175 nd.nd_nam = svc_getrpccaller(rqst);
176 nd.nd_nam2 = rqst->rq_addr;
180 if (NFSD_VNET(nfs_privport) != 0) {
181 /* Check if source port is privileged */
183 struct sockaddr *nam = nd.nd_nam;
184 struct sockaddr_in *sin;
186 sin = (struct sockaddr_in *)nam;
188 * INET/INET6 - same code:
189 * sin_port and sin6_port are at same offset
191 port = ntohs(sin->sin_port);
192 if (port >= IPPORT_RESERVED &&
193 nd.nd_procnum != NFSPROC_NULL) {
195 char buf[INET6_ADDRSTRLEN];
197 char buf[INET_ADDRSTRLEN];
200 #if defined(KLD_MODULE)
201 /* Do not use ip6_sprintf: the nfs module should work without INET6. */
202 #define ip6_sprintf(buf, a) \
203 (sprintf((buf), "%x:%x:%x:%x:%x:%x:%x:%x", \
204 (a)->s6_addr16[0], (a)->s6_addr16[1], \
205 (a)->s6_addr16[2], (a)->s6_addr16[3], \
206 (a)->s6_addr16[4], (a)->s6_addr16[5], \
207 (a)->s6_addr16[6], (a)->s6_addr16[7]), \
211 printf("NFS request from unprivileged port (%s:%d)\n",
213 sin->sin_family == AF_INET6 ?
214 ip6_sprintf(buf, &satosin6(sin)->sin6_addr) :
215 #if defined(KLD_MODULE)
219 inet_ntoa_r(sin->sin_addr, buf), port);
220 svcerr_weakauth(rqst);
227 if (nd.nd_procnum != NFSPROC_NULL) {
228 if (!svc_getcred(rqst, &nd.nd_cred, &credflavor)) {
229 svcerr_weakauth(rqst);
235 /* Set the flag based on credflavor */
236 if (credflavor == RPCSEC_GSS_KRB5) {
237 nd.nd_flag |= ND_GSS;
238 } else if (credflavor == RPCSEC_GSS_KRB5I) {
239 nd.nd_flag |= (ND_GSS | ND_GSSINTEGRITY);
240 } else if (credflavor == RPCSEC_GSS_KRB5P) {
241 nd.nd_flag |= (ND_GSS | ND_GSSPRIVACY);
242 } else if (credflavor != AUTH_SYS) {
243 svcerr_weakauth(rqst);
249 /* Acquire the principal name for the RPCSEC_GSS cases. */
250 if ((nd.nd_flag & (ND_NFSV4 | ND_GSS)) == (ND_NFSV4 | ND_GSS)) {
252 rpc_gss_getcred_call(rqst, &rcredp, NULL, NULL);
254 * The exported principal name consists of:
255 * - TOK_ID bytes with value of 4 and 1.
256 * - 2 byte mech length
258 * - 4 byte principal name length
260 * A call to gss_import_name() would be an
261 * upcall to the gssd, so parse it here.
262 * See lib/libgssapi/gss_import_name.c for the
265 if (rcredp != NULL &&
266 rcredp->client_principal->len > 4 &&
267 rcredp->client_principal->name[0] == 4 &&
268 rcredp->client_principal->name[1] == 1) {
269 /* Skip over the mech. */
270 p = &rcredp->client_principal->name[2];
271 i = (p[0] << 8) | p[1];
275 * Set "j" to a bogus length so that the
276 * "i + j" check will fail unless the below
277 * code sets "j" correctly.
279 j = rcredp->client_principal->len;
280 if (rcredp->client_principal->len > i + 4) {
281 j = (p[0] << 24) | (p[1] << 16) |
286 if (i + j == rcredp->client_principal->len) {
287 nd.nd_principal = malloc(j + 1, M_TEMP,
290 memcpy(nd.nd_principal, p, j);
291 nd.nd_principal[j] = '\0';
292 NFSD_DEBUG(1, "nfssvc_program: "
293 "principal=%s\n", nd.nd_principal);
296 if (nd.nd_princlen == 0)
297 printf("nfssvc_program: cannot get RPCSEC_GSS "
301 if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) {
302 nd.nd_flag |= ND_TLS;
303 if ((xprt->xp_tls & RPCTLS_FLAGS_VERIFIED) != 0)
304 nd.nd_flag |= ND_TLSCERT;
305 if ((xprt->xp_tls & RPCTLS_FLAGS_CERTUSER) != 0)
306 nd.nd_flag |= ND_TLSCERTUSER;
308 nd.nd_maxextsiz = 16384;
310 mac_cred_associate_nfsd(nd.nd_cred);
313 * Get a refcnt (shared lock) on nfsd_suspend_lock.
314 * NFSSVC_SUSPENDNFSD will take an exclusive lock on
315 * nfsd_suspend_lock to suspend these threads.
316 * The call to nfsv4_lock() that precedes nfsv4_getref()
317 * ensures that the acquisition of the exclusive lock
318 * takes priority over acquisition of the shared lock by
319 * waiting for any exclusive lock request to complete.
320 * This must be done here, before the check of
321 * nfsv4root exports by nfsvno_v4rootexport().
323 NFSLOCKV4ROOTMUTEX();
324 nfsv4_lock(&NFSD_VNET(nfsd_suspend_lock), 0, NULL,
325 NFSV4ROOTLOCKMUTEXPTR, NULL);
326 nfsv4_getref(&NFSD_VNET(nfsd_suspend_lock), NULL,
327 NFSV4ROOTLOCKMUTEXPTR, NULL);
328 NFSUNLOCKV4ROOTMUTEX();
330 if ((nd.nd_flag & ND_NFSV4) != 0) {
331 nd.nd_repstat = nfsvno_v4rootexport(&nd);
332 if (nd.nd_repstat != 0) {
333 NFSLOCKV4ROOTMUTEX();
334 nfsv4_relref(&NFSD_VNET(nfsd_suspend_lock));
335 NFSUNLOCKV4ROOTMUTEX();
336 svcerr_weakauth(rqst);
344 if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0 &&
345 rpctls_getinfo(&maxlen, false, false))
346 nd.nd_maxextsiz = maxlen;
348 cacherep = nfs_proc(&nd, rqst->rq_xid, xprt, &rp);
349 NFSLOCKV4ROOTMUTEX();
350 nfsv4_relref(&NFSD_VNET(nfsd_suspend_lock));
351 NFSUNLOCKV4ROOTMUTEX();
354 nd.nd_mreq->m_len = 0;
357 if (nd.nd_mrep != NULL)
360 if (nd.nd_cred != NULL)
363 if (cacherep == RC_DROPIT) {
364 if (nd.nd_mreq != NULL)
370 if (nd.nd_mreq == NULL) {
376 if (nd.nd_repstat & NFSERR_AUTHERR) {
377 svcerr_auth(rqst, nd.nd_repstat & ~NFSERR_AUTHERR);
378 if (nd.nd_mreq != NULL)
380 } else if (!svc_sendreply_mbuf(rqst, nd.nd_mreq)) {
381 svcerr_systemerr(rqst);
384 nfsrvd_sentcache(rp, (rqst->rq_reply_seq != 0 ||
385 SVC_ACK(xprt, NULL)), rqst->rq_reply_seq);
390 free(nd.nd_principal, M_TEMP);
391 NFSD_CURVNET_RESTORE();
392 ast_kclear(curthread);
397 * Check the cache and, optionally, do the RPC.
398 * Return the appropriate cache response.
401 nfs_proc(struct nfsrv_descript *nd, u_int32_t xid, SVCXPRT *xprt,
402 struct nfsrvcache **rpp)
404 int cacherep = RC_DOIT, isdgram, taglen = -1;
406 u_char tag[NFSV4_SMALLSTR + 1], *tagstr = NULL;
407 u_int32_t minorvers = 0;
411 if (nd->nd_nam2 == NULL) {
412 nd->nd_flag |= ND_STREAMSOCK;
420 * 1 - For NFSv2 over UDP, if we are near our malloc/mget
421 * limit, just drop the request. There is no
422 * NFSERR_RESOURCE or NFSERR_DELAY for NFSv2 and the
423 * client will timeout/retry over UDP in a little while.
424 * 2 - nd_repstat == 0 && nd_mreq == NULL, which
425 * means a normal nfs rpc, so check the cache
427 if ((nd->nd_flag & ND_NFSV2) && nd->nd_nam2 != NULL &&
428 nfsrv_mallocmget_limit()) {
429 cacherep = RC_DROPIT;
432 * For NFSv3, play it safe and assume that the client is
433 * doing retries on the same TCP connection.
435 if ((nd->nd_flag & (ND_NFSV4 | ND_STREAMSOCK)) ==
437 nd->nd_flag |= ND_SAMETCPCONN;
439 nd->nd_tcpconntime = NFSD_MONOSEC;
440 nd->nd_sockref = xprt->xp_sockref;
441 if ((nd->nd_flag & ND_NFSV4) != 0)
442 nfsd_getminorvers(nd, tag, &tagstr, &taglen,
444 if ((nd->nd_flag & ND_NFSV41) != 0)
445 /* NFSv4.1 caches replies in the session slots. */
448 cacherep = nfsrvd_getcache(nd);
451 nfsrc_trimcache(xprt->xp_sockref, ack, 0);
456 * Handle the request. There are three cases.
457 * RC_DOIT - do the RPC
458 * RC_REPLY - return the reply already created
459 * RC_DROPIT - just throw the request away
461 if (cacherep == RC_DOIT) {
462 if ((nd->nd_flag & ND_NFSV41) != 0)
464 nfsrvd_dorpc(nd, isdgram, tagstr, taglen, minorvers);
465 if ((nd->nd_flag & ND_NFSV41) != 0) {
466 if (nd->nd_repstat != NFSERR_REPLYFROMCACHE &&
467 (nd->nd_flag & ND_SAVEREPLY) != 0) {
468 /* Cache a copy of the reply. */
469 m = m_copym(nd->nd_mreq, 0, M_COPYALL,
473 if ((nd->nd_flag & ND_HASSEQUENCE) != 0)
474 nfsrv_cache_session(nd, &m);
475 if (nd->nd_repstat == NFSERR_REPLYFROMCACHE) {
478 m_freem(nd->nd_mreq);
484 if (nd->nd_repstat == NFSERR_DONTREPLY)
485 cacherep = RC_DROPIT;
488 *rpp = nfsrvd_updatecache(nd);
491 if (tagstr != NULL && taglen > NFSV4_SMALLSTR)
492 free(tagstr, M_TEMP);
499 nfssvc_loss(SVCXPRT *xprt)
505 NFSD_CURVNET_SET(NFSD_TD_TO_VNET(curthread));
506 nfsrc_trimcache(xprt->xp_sockref, ack, 1);
507 NFSD_CURVNET_RESTORE();
511 * Adds a socket to the list for servicing by nfsds.
514 nfsrvd_addsock(struct file *fp)
520 static u_int64_t sockref = 0;
525 error = soreserve(so, siz, siz);
530 * Steal the socket from userland so that it doesn't close
533 if (so->so_type == SOCK_DGRAM)
534 xprt = svc_dg_create(NFSD_VNET(nfsrvd_pool), so, 0, 0);
536 xprt = svc_vc_create(NFSD_VNET(nfsrvd_pool), so, 0, 0);
538 fp->f_ops = &badfileops;
540 xprt->xp_sockref = ++sockref;
541 if (NFSD_VNET(nfs_minvers) == NFS_VER2)
542 svc_reg(xprt, NFS_PROG, NFS_VER2, nfssvc_program,
544 if (NFSD_VNET(nfs_minvers) <= NFS_VER3 &&
545 NFSD_VNET(nfs_maxvers) >= NFS_VER3)
546 svc_reg(xprt, NFS_PROG, NFS_VER3, nfssvc_program,
548 if (NFSD_VNET(nfs_maxvers) >= NFS_VER4)
549 svc_reg(xprt, NFS_PROG, NFS_VER4, nfssvc_program,
551 if (so->so_type == SOCK_STREAM)
552 svc_loss_reg(xprt, nfssvc_loss);
563 * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
564 * until it is killed by a signal.
567 nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
569 char principal[MAXHOSTNAMELEN + 5];
572 bool_t ret2, ret3, ret4;
574 error = copyinstr(args->principal, principal, sizeof (principal),
580 * Only the first nfsd actually does any work. The RPC code
581 * adds threads to it as needed. Any extra processes offered
582 * by nfsd just exit. If nfsd is new enough, it will call us
583 * once with a structure that specifies how many threads to
587 if (NFSD_VNET(nfsrv_numnfsd) == 0) {
588 nfsdev_time = time_second;
591 p->p_flag2 |= P2_AST_SU;
593 newnfs_numnfsd++; /* Total num for all vnets. */
594 NFSD_VNET(nfsrv_numnfsd)++; /* Num for this vnet. */
597 error = nfsrv_createdevids(args, td);
599 /* An empty string implies AUTH_SYS only. */
600 if (principal[0] != '\0') {
601 ret2 = rpc_gss_set_svc_name_call(principal,
602 "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
604 ret3 = rpc_gss_set_svc_name_call(principal,
605 "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
607 ret4 = rpc_gss_set_svc_name_call(principal,
608 "kerberosv5", GSS_C_INDEFINITE, NFS_PROG,
611 if (!ret2 || !ret3 || !ret4)
612 printf("nfsd: can't register svc "
613 "name %s jid:%d\n", principal,
614 td->td_ucred->cr_prison->pr_id);
617 NFSD_VNET(nfsrvd_pool)->sp_minthreads =
619 NFSD_VNET(nfsrvd_pool)->sp_maxthreads =
623 * If this is a pNFS service, make Getattr do a
624 * vn_start_write(), so it can do a vn_set_extattr().
626 if (nfsrv_devidcnt > 0) {
627 nfsrv_writerpc[NFSPROC_GETATTR] = 1;
628 nfsv4_opflag[NFSV4OP_GETATTR].modifyfs = 1;
631 svc_run(NFSD_VNET(nfsrvd_pool));
633 /* Reset Getattr to not do a vn_start_write(). */
634 nfsrv_writerpc[NFSPROC_GETATTR] = 0;
635 nfsv4_opflag[NFSV4OP_GETATTR].modifyfs = 0;
637 if (principal[0] != '\0') {
638 rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
639 rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
640 rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4);
645 NFSD_VNET(nfsrv_numnfsd)--;
648 p->p_flag2 &= ~P2_AST_SU;
659 * Initialize the data structures for the server.
660 * Handshake with any new nfsds starting up to avoid any chance of
664 nfsrvd_init(int terminating)
670 NFSD_VNET(nfsd_master_proc) = NULL;
672 nfsrv_freealllayoutsanddevids();
673 nfsrv_freeallbackchannel_xprts();
674 svcpool_close(NFSD_VNET(nfsrvd_pool));
675 free(nfsrv_zeropnfsdat, M_TEMP);
676 nfsrv_zeropnfsdat = NULL;
679 /* Initialize per-vnet globals once per vnet. */
680 if (NFSD_VNET(nfsrvd_inited))
682 NFSD_VNET(nfsrvd_inited) = true;
684 NFSD_VNET(nfsrvd_pool) = svcpool_create("nfsd",
685 SYSCTL_STATIC_CHILDREN(_vfs_nfsd));
686 NFSD_VNET(nfsrvd_pool)->sp_rcache = NULL;
687 NFSD_VNET(nfsrvd_pool)->sp_assign = fhanew_assign;
688 NFSD_VNET(nfsrvd_pool)->sp_done = fhanew_nd_complete;