Root/
1 | #define MSNFS /* HACK HACK */ |
2 | /* |
3 | * NFS exporting and validation. |
4 | * |
5 | * We maintain a list of clients, each of which has a list of |
6 | * exports. To export an fs to a given client, you first have |
7 | * to create the client entry with NFSCTL_ADDCLIENT, which |
8 | * creates a client control block and adds it to the hash |
9 | * table. Then, you call NFSCTL_EXPORT for each fs. |
10 | * |
11 | * |
12 | * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de> |
13 | */ |
14 | |
15 | #include <linux/slab.h> |
16 | #include <linux/namei.h> |
17 | #include <linux/module.h> |
18 | #include <linux/exportfs.h> |
19 | |
20 | #include <linux/nfsd/syscall.h> |
21 | #include <net/ipv6.h> |
22 | |
23 | #include "nfsd.h" |
24 | #include "nfsfh.h" |
25 | |
26 | #define NFSDDBG_FACILITY NFSDDBG_EXPORT |
27 | |
28 | typedef struct auth_domain svc_client; |
29 | typedef struct svc_export svc_export; |
30 | |
31 | static void exp_do_unexport(svc_export *unexp); |
32 | static int exp_verify_string(char *cp, int max); |
33 | |
34 | /* |
35 | * We have two caches. |
36 | * One maps client+vfsmnt+dentry to export options - the export map |
37 | * The other maps client+filehandle-fragment to export options. - the expkey map |
38 | * |
39 | * The export options are actually stored in the first map, and the |
40 | * second map contains a reference to the entry in the first map. |
41 | */ |
42 | |
43 | #define EXPKEY_HASHBITS 8 |
44 | #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) |
45 | #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) |
46 | static struct cache_head *expkey_table[EXPKEY_HASHMAX]; |
47 | |
48 | static void expkey_put(struct kref *ref) |
49 | { |
50 | struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); |
51 | |
52 | if (test_bit(CACHE_VALID, &key->h.flags) && |
53 | !test_bit(CACHE_NEGATIVE, &key->h.flags)) |
54 | path_put(&key->ek_path); |
55 | auth_domain_put(key->ek_client); |
56 | kfree(key); |
57 | } |
58 | |
59 | static void expkey_request(struct cache_detail *cd, |
60 | struct cache_head *h, |
61 | char **bpp, int *blen) |
62 | { |
63 | /* client fsidtype \xfsid */ |
64 | struct svc_expkey *ek = container_of(h, struct svc_expkey, h); |
65 | char type[5]; |
66 | |
67 | qword_add(bpp, blen, ek->ek_client->name); |
68 | snprintf(type, 5, "%d", ek->ek_fsidtype); |
69 | qword_add(bpp, blen, type); |
70 | qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype)); |
71 | (*bpp)[-1] = '\n'; |
72 | } |
73 | |
74 | static int expkey_upcall(struct cache_detail *cd, struct cache_head *h) |
75 | { |
76 | return sunrpc_cache_pipe_upcall(cd, h, expkey_request); |
77 | } |
78 | |
79 | static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old); |
80 | static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *); |
81 | static struct cache_detail svc_expkey_cache; |
82 | |
83 | static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen) |
84 | { |
85 | /* client fsidtype fsid [path] */ |
86 | char *buf; |
87 | int len; |
88 | struct auth_domain *dom = NULL; |
89 | int err; |
90 | int fsidtype; |
91 | char *ep; |
92 | struct svc_expkey key; |
93 | struct svc_expkey *ek = NULL; |
94 | |
95 | if (mesg[mlen-1] != '\n') |
96 | return -EINVAL; |
97 | mesg[mlen-1] = 0; |
98 | |
99 | buf = kmalloc(PAGE_SIZE, GFP_KERNEL); |
100 | err = -ENOMEM; |
101 | if (!buf) |
102 | goto out; |
103 | |
104 | err = -EINVAL; |
105 | if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) |
106 | goto out; |
107 | |
108 | err = -ENOENT; |
109 | dom = auth_domain_find(buf); |
110 | if (!dom) |
111 | goto out; |
112 | dprintk("found domain %s\n", buf); |
113 | |
114 | err = -EINVAL; |
115 | if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) |
116 | goto out; |
117 | fsidtype = simple_strtoul(buf, &ep, 10); |
118 | if (*ep) |
119 | goto out; |
120 | dprintk("found fsidtype %d\n", fsidtype); |
121 | if (key_len(fsidtype)==0) /* invalid type */ |
122 | goto out; |
123 | if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) |
124 | goto out; |
125 | dprintk("found fsid length %d\n", len); |
126 | if (len != key_len(fsidtype)) |
127 | goto out; |
128 | |
129 | /* OK, we seem to have a valid key */ |
130 | key.h.flags = 0; |
131 | key.h.expiry_time = get_expiry(&mesg); |
132 | if (key.h.expiry_time == 0) |
133 | goto out; |
134 | |
135 | key.ek_client = dom; |
136 | key.ek_fsidtype = fsidtype; |
137 | memcpy(key.ek_fsid, buf, len); |
138 | |
139 | ek = svc_expkey_lookup(&key); |
140 | err = -ENOMEM; |
141 | if (!ek) |
142 | goto out; |
143 | |
144 | /* now we want a pathname, or empty meaning NEGATIVE */ |
145 | err = -EINVAL; |
146 | len = qword_get(&mesg, buf, PAGE_SIZE); |
147 | if (len < 0) |
148 | goto out; |
149 | dprintk("Path seems to be <%s>\n", buf); |
150 | err = 0; |
151 | if (len == 0) { |
152 | set_bit(CACHE_NEGATIVE, &key.h.flags); |
153 | ek = svc_expkey_update(&key, ek); |
154 | if (!ek) |
155 | err = -ENOMEM; |
156 | } else { |
157 | err = kern_path(buf, 0, &key.ek_path); |
158 | if (err) |
159 | goto out; |
160 | |
161 | dprintk("Found the path %s\n", buf); |
162 | |
163 | ek = svc_expkey_update(&key, ek); |
164 | if (!ek) |
165 | err = -ENOMEM; |
166 | path_put(&key.ek_path); |
167 | } |
168 | cache_flush(); |
169 | out: |
170 | if (ek) |
171 | cache_put(&ek->h, &svc_expkey_cache); |
172 | if (dom) |
173 | auth_domain_put(dom); |
174 | kfree(buf); |
175 | return err; |
176 | } |
177 | |
178 | static int expkey_show(struct seq_file *m, |
179 | struct cache_detail *cd, |
180 | struct cache_head *h) |
181 | { |
182 | struct svc_expkey *ek ; |
183 | int i; |
184 | |
185 | if (h ==NULL) { |
186 | seq_puts(m, "#domain fsidtype fsid [path]\n"); |
187 | return 0; |
188 | } |
189 | ek = container_of(h, struct svc_expkey, h); |
190 | seq_printf(m, "%s %d 0x", ek->ek_client->name, |
191 | ek->ek_fsidtype); |
192 | for (i=0; i < key_len(ek->ek_fsidtype)/4; i++) |
193 | seq_printf(m, "%08x", ek->ek_fsid[i]); |
194 | if (test_bit(CACHE_VALID, &h->flags) && |
195 | !test_bit(CACHE_NEGATIVE, &h->flags)) { |
196 | seq_printf(m, " "); |
197 | seq_path(m, &ek->ek_path, "\\ \t\n"); |
198 | } |
199 | seq_printf(m, "\n"); |
200 | return 0; |
201 | } |
202 | |
203 | static inline int expkey_match (struct cache_head *a, struct cache_head *b) |
204 | { |
205 | struct svc_expkey *orig = container_of(a, struct svc_expkey, h); |
206 | struct svc_expkey *new = container_of(b, struct svc_expkey, h); |
207 | |
208 | if (orig->ek_fsidtype != new->ek_fsidtype || |
209 | orig->ek_client != new->ek_client || |
210 | memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0) |
211 | return 0; |
212 | return 1; |
213 | } |
214 | |
215 | static inline void expkey_init(struct cache_head *cnew, |
216 | struct cache_head *citem) |
217 | { |
218 | struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); |
219 | struct svc_expkey *item = container_of(citem, struct svc_expkey, h); |
220 | |
221 | kref_get(&item->ek_client->ref); |
222 | new->ek_client = item->ek_client; |
223 | new->ek_fsidtype = item->ek_fsidtype; |
224 | |
225 | memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid)); |
226 | } |
227 | |
228 | static inline void expkey_update(struct cache_head *cnew, |
229 | struct cache_head *citem) |
230 | { |
231 | struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); |
232 | struct svc_expkey *item = container_of(citem, struct svc_expkey, h); |
233 | |
234 | new->ek_path = item->ek_path; |
235 | path_get(&item->ek_path); |
236 | } |
237 | |
238 | static struct cache_head *expkey_alloc(void) |
239 | { |
240 | struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL); |
241 | if (i) |
242 | return &i->h; |
243 | else |
244 | return NULL; |
245 | } |
246 | |
247 | static struct cache_detail svc_expkey_cache = { |
248 | .owner = THIS_MODULE, |
249 | .hash_size = EXPKEY_HASHMAX, |
250 | .hash_table = expkey_table, |
251 | .name = "nfsd.fh", |
252 | .cache_put = expkey_put, |
253 | .cache_upcall = expkey_upcall, |
254 | .cache_parse = expkey_parse, |
255 | .cache_show = expkey_show, |
256 | .match = expkey_match, |
257 | .init = expkey_init, |
258 | .update = expkey_update, |
259 | .alloc = expkey_alloc, |
260 | }; |
261 | |
262 | static struct svc_expkey * |
263 | svc_expkey_lookup(struct svc_expkey *item) |
264 | { |
265 | struct cache_head *ch; |
266 | int hash = item->ek_fsidtype; |
267 | char * cp = (char*)item->ek_fsid; |
268 | int len = key_len(item->ek_fsidtype); |
269 | |
270 | hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); |
271 | hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS); |
272 | hash &= EXPKEY_HASHMASK; |
273 | |
274 | ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h, |
275 | hash); |
276 | if (ch) |
277 | return container_of(ch, struct svc_expkey, h); |
278 | else |
279 | return NULL; |
280 | } |
281 | |
282 | static struct svc_expkey * |
283 | svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old) |
284 | { |
285 | struct cache_head *ch; |
286 | int hash = new->ek_fsidtype; |
287 | char * cp = (char*)new->ek_fsid; |
288 | int len = key_len(new->ek_fsidtype); |
289 | |
290 | hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); |
291 | hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS); |
292 | hash &= EXPKEY_HASHMASK; |
293 | |
294 | ch = sunrpc_cache_update(&svc_expkey_cache, &new->h, |
295 | &old->h, hash); |
296 | if (ch) |
297 | return container_of(ch, struct svc_expkey, h); |
298 | else |
299 | return NULL; |
300 | } |
301 | |
302 | |
303 | #define EXPORT_HASHBITS 8 |
304 | #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS) |
305 | #define EXPORT_HASHMASK (EXPORT_HASHMAX -1) |
306 | |
307 | static struct cache_head *export_table[EXPORT_HASHMAX]; |
308 | |
309 | static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc) |
310 | { |
311 | int i; |
312 | |
313 | for (i = 0; i < fsloc->locations_count; i++) { |
314 | kfree(fsloc->locations[i].path); |
315 | kfree(fsloc->locations[i].hosts); |
316 | } |
317 | kfree(fsloc->locations); |
318 | } |
319 | |
320 | static void svc_export_put(struct kref *ref) |
321 | { |
322 | struct svc_export *exp = container_of(ref, struct svc_export, h.ref); |
323 | path_put(&exp->ex_path); |
324 | auth_domain_put(exp->ex_client); |
325 | kfree(exp->ex_pathname); |
326 | nfsd4_fslocs_free(&exp->ex_fslocs); |
327 | kfree(exp); |
328 | } |
329 | |
330 | static void svc_export_request(struct cache_detail *cd, |
331 | struct cache_head *h, |
332 | char **bpp, int *blen) |
333 | { |
334 | /* client path */ |
335 | struct svc_export *exp = container_of(h, struct svc_export, h); |
336 | char *pth; |
337 | |
338 | qword_add(bpp, blen, exp->ex_client->name); |
339 | pth = d_path(&exp->ex_path, *bpp, *blen); |
340 | if (IS_ERR(pth)) { |
341 | /* is this correct? */ |
342 | (*bpp)[0] = '\n'; |
343 | return; |
344 | } |
345 | qword_add(bpp, blen, pth); |
346 | (*bpp)[-1] = '\n'; |
347 | } |
348 | |
349 | static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h) |
350 | { |
351 | return sunrpc_cache_pipe_upcall(cd, h, svc_export_request); |
352 | } |
353 | |
354 | static struct svc_export *svc_export_update(struct svc_export *new, |
355 | struct svc_export *old); |
356 | static struct svc_export *svc_export_lookup(struct svc_export *); |
357 | |
358 | static int check_export(struct inode *inode, int *flags, unsigned char *uuid) |
359 | { |
360 | |
361 | /* |
362 | * We currently export only dirs, regular files, and (for v4 |
363 | * pseudoroot) symlinks. |
364 | */ |
365 | if (!S_ISDIR(inode->i_mode) && |
366 | !S_ISLNK(inode->i_mode) && |
367 | !S_ISREG(inode->i_mode)) |
368 | return -ENOTDIR; |
369 | |
370 | /* |
371 | * Mountd should never pass down a writeable V4ROOT export, but, |
372 | * just to make sure: |
373 | */ |
374 | if (*flags & NFSEXP_V4ROOT) |
375 | *flags |= NFSEXP_READONLY; |
376 | |
377 | /* There are two requirements on a filesystem to be exportable. |
378 | * 1: We must be able to identify the filesystem from a number. |
379 | * either a device number (so FS_REQUIRES_DEV needed) |
380 | * or an FSID number (so NFSEXP_FSID or ->uuid is needed). |
381 | * 2: We must be able to find an inode from a filehandle. |
382 | * This means that s_export_op must be set. |
383 | */ |
384 | if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) && |
385 | !(*flags & NFSEXP_FSID) && |
386 | uuid == NULL) { |
387 | dprintk("exp_export: export of non-dev fs without fsid\n"); |
388 | return -EINVAL; |
389 | } |
390 | |
391 | if (!inode->i_sb->s_export_op || |
392 | !inode->i_sb->s_export_op->fh_to_dentry) { |
393 | dprintk("exp_export: export of invalid fs type.\n"); |
394 | return -EINVAL; |
395 | } |
396 | |
397 | return 0; |
398 | |
399 | } |
400 | |
401 | #ifdef CONFIG_NFSD_V4 |
402 | |
403 | static int |
404 | fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc) |
405 | { |
406 | int len; |
407 | int migrated, i, err; |
408 | |
409 | /* listsize */ |
410 | err = get_int(mesg, &fsloc->locations_count); |
411 | if (err) |
412 | return err; |
413 | if (fsloc->locations_count > MAX_FS_LOCATIONS) |
414 | return -EINVAL; |
415 | if (fsloc->locations_count == 0) |
416 | return 0; |
417 | |
418 | fsloc->locations = kzalloc(fsloc->locations_count |
419 | * sizeof(struct nfsd4_fs_location), GFP_KERNEL); |
420 | if (!fsloc->locations) |
421 | return -ENOMEM; |
422 | for (i=0; i < fsloc->locations_count; i++) { |
423 | /* colon separated host list */ |
424 | err = -EINVAL; |
425 | len = qword_get(mesg, buf, PAGE_SIZE); |
426 | if (len <= 0) |
427 | goto out_free_all; |
428 | err = -ENOMEM; |
429 | fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL); |
430 | if (!fsloc->locations[i].hosts) |
431 | goto out_free_all; |
432 | err = -EINVAL; |
433 | /* slash separated path component list */ |
434 | len = qword_get(mesg, buf, PAGE_SIZE); |
435 | if (len <= 0) |
436 | goto out_free_all; |
437 | err = -ENOMEM; |
438 | fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL); |
439 | if (!fsloc->locations[i].path) |
440 | goto out_free_all; |
441 | } |
442 | /* migrated */ |
443 | err = get_int(mesg, &migrated); |
444 | if (err) |
445 | goto out_free_all; |
446 | err = -EINVAL; |
447 | if (migrated < 0 || migrated > 1) |
448 | goto out_free_all; |
449 | fsloc->migrated = migrated; |
450 | return 0; |
451 | out_free_all: |
452 | nfsd4_fslocs_free(fsloc); |
453 | return err; |
454 | } |
455 | |
456 | static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp) |
457 | { |
458 | int listsize, err; |
459 | struct exp_flavor_info *f; |
460 | |
461 | err = get_int(mesg, &listsize); |
462 | if (err) |
463 | return err; |
464 | if (listsize < 0 || listsize > MAX_SECINFO_LIST) |
465 | return -EINVAL; |
466 | |
467 | for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) { |
468 | err = get_int(mesg, &f->pseudoflavor); |
469 | if (err) |
470 | return err; |
471 | /* |
472 | * XXX: It would be nice to also check whether this |
473 | * pseudoflavor is supported, so we can discover the |
474 | * problem at export time instead of when a client fails |
475 | * to authenticate. |
476 | */ |
477 | err = get_int(mesg, &f->flags); |
478 | if (err) |
479 | return err; |
480 | /* Only some flags are allowed to differ between flavors: */ |
481 | if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags)) |
482 | return -EINVAL; |
483 | } |
484 | exp->ex_nflavors = listsize; |
485 | return 0; |
486 | } |
487 | |
488 | #else /* CONFIG_NFSD_V4 */ |
489 | static inline int |
490 | fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;} |
491 | static inline int |
492 | secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; } |
493 | #endif |
494 | |
495 | static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) |
496 | { |
497 | /* client path expiry [flags anonuid anongid fsid] */ |
498 | char *buf; |
499 | int len; |
500 | int err; |
501 | struct auth_domain *dom = NULL; |
502 | struct svc_export exp = {}, *expp; |
503 | int an_int; |
504 | |
505 | if (mesg[mlen-1] != '\n') |
506 | return -EINVAL; |
507 | mesg[mlen-1] = 0; |
508 | |
509 | buf = kmalloc(PAGE_SIZE, GFP_KERNEL); |
510 | if (!buf) |
511 | return -ENOMEM; |
512 | |
513 | /* client */ |
514 | err = -EINVAL; |
515 | len = qword_get(&mesg, buf, PAGE_SIZE); |
516 | if (len <= 0) |
517 | goto out; |
518 | |
519 | err = -ENOENT; |
520 | dom = auth_domain_find(buf); |
521 | if (!dom) |
522 | goto out; |
523 | |
524 | /* path */ |
525 | err = -EINVAL; |
526 | if ((len = qword_get(&mesg, buf, PAGE_SIZE)) <= 0) |
527 | goto out1; |
528 | |
529 | err = kern_path(buf, 0, &exp.ex_path); |
530 | if (err) |
531 | goto out1; |
532 | |
533 | exp.ex_client = dom; |
534 | |
535 | err = -ENOMEM; |
536 | exp.ex_pathname = kstrdup(buf, GFP_KERNEL); |
537 | if (!exp.ex_pathname) |
538 | goto out2; |
539 | |
540 | /* expiry */ |
541 | err = -EINVAL; |
542 | exp.h.expiry_time = get_expiry(&mesg); |
543 | if (exp.h.expiry_time == 0) |
544 | goto out3; |
545 | |
546 | /* flags */ |
547 | err = get_int(&mesg, &an_int); |
548 | if (err == -ENOENT) { |
549 | err = 0; |
550 | set_bit(CACHE_NEGATIVE, &exp.h.flags); |
551 | } else { |
552 | if (err || an_int < 0) |
553 | goto out3; |
554 | exp.ex_flags= an_int; |
555 | |
556 | /* anon uid */ |
557 | err = get_int(&mesg, &an_int); |
558 | if (err) |
559 | goto out3; |
560 | exp.ex_anon_uid= an_int; |
561 | |
562 | /* anon gid */ |
563 | err = get_int(&mesg, &an_int); |
564 | if (err) |
565 | goto out3; |
566 | exp.ex_anon_gid= an_int; |
567 | |
568 | /* fsid */ |
569 | err = get_int(&mesg, &an_int); |
570 | if (err) |
571 | goto out3; |
572 | exp.ex_fsid = an_int; |
573 | |
574 | while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) { |
575 | if (strcmp(buf, "fsloc") == 0) |
576 | err = fsloc_parse(&mesg, buf, &exp.ex_fslocs); |
577 | else if (strcmp(buf, "uuid") == 0) { |
578 | /* expect a 16 byte uuid encoded as \xXXXX... */ |
579 | len = qword_get(&mesg, buf, PAGE_SIZE); |
580 | if (len != 16) |
581 | err = -EINVAL; |
582 | else { |
583 | exp.ex_uuid = |
584 | kmemdup(buf, 16, GFP_KERNEL); |
585 | if (exp.ex_uuid == NULL) |
586 | err = -ENOMEM; |
587 | } |
588 | } else if (strcmp(buf, "secinfo") == 0) |
589 | err = secinfo_parse(&mesg, buf, &exp); |
590 | else |
591 | /* quietly ignore unknown words and anything |
592 | * following. Newer user-space can try to set |
593 | * new values, then see what the result was. |
594 | */ |
595 | break; |
596 | if (err) |
597 | goto out4; |
598 | } |
599 | |
600 | err = check_export(exp.ex_path.dentry->d_inode, &exp.ex_flags, |
601 | exp.ex_uuid); |
602 | if (err) |
603 | goto out4; |
604 | } |
605 | |
606 | expp = svc_export_lookup(&exp); |
607 | if (expp) |
608 | expp = svc_export_update(&exp, expp); |
609 | else |
610 | err = -ENOMEM; |
611 | cache_flush(); |
612 | if (expp == NULL) |
613 | err = -ENOMEM; |
614 | else |
615 | exp_put(expp); |
616 | out4: |
617 | nfsd4_fslocs_free(&exp.ex_fslocs); |
618 | kfree(exp.ex_uuid); |
619 | out3: |
620 | kfree(exp.ex_pathname); |
621 | out2: |
622 | path_put(&exp.ex_path); |
623 | out1: |
624 | auth_domain_put(dom); |
625 | out: |
626 | kfree(buf); |
627 | return err; |
628 | } |
629 | |
630 | static void exp_flags(struct seq_file *m, int flag, int fsid, |
631 | uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs); |
632 | static void show_secinfo(struct seq_file *m, struct svc_export *exp); |
633 | |
634 | static int svc_export_show(struct seq_file *m, |
635 | struct cache_detail *cd, |
636 | struct cache_head *h) |
637 | { |
638 | struct svc_export *exp ; |
639 | |
640 | if (h ==NULL) { |
641 | seq_puts(m, "#path domain(flags)\n"); |
642 | return 0; |
643 | } |
644 | exp = container_of(h, struct svc_export, h); |
645 | seq_path(m, &exp->ex_path, " \t\n\\"); |
646 | seq_putc(m, '\t'); |
647 | seq_escape(m, exp->ex_client->name, " \t\n\\"); |
648 | seq_putc(m, '('); |
649 | if (test_bit(CACHE_VALID, &h->flags) && |
650 | !test_bit(CACHE_NEGATIVE, &h->flags)) { |
651 | exp_flags(m, exp->ex_flags, exp->ex_fsid, |
652 | exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs); |
653 | if (exp->ex_uuid) { |
654 | int i; |
655 | seq_puts(m, ",uuid="); |
656 | for (i=0; i<16; i++) { |
657 | if ((i&3) == 0 && i) |
658 | seq_putc(m, ':'); |
659 | seq_printf(m, "%02x", exp->ex_uuid[i]); |
660 | } |
661 | } |
662 | show_secinfo(m, exp); |
663 | } |
664 | seq_puts(m, ")\n"); |
665 | return 0; |
666 | } |
667 | static int svc_export_match(struct cache_head *a, struct cache_head *b) |
668 | { |
669 | struct svc_export *orig = container_of(a, struct svc_export, h); |
670 | struct svc_export *new = container_of(b, struct svc_export, h); |
671 | return orig->ex_client == new->ex_client && |
672 | orig->ex_path.dentry == new->ex_path.dentry && |
673 | orig->ex_path.mnt == new->ex_path.mnt; |
674 | } |
675 | |
676 | static void svc_export_init(struct cache_head *cnew, struct cache_head *citem) |
677 | { |
678 | struct svc_export *new = container_of(cnew, struct svc_export, h); |
679 | struct svc_export *item = container_of(citem, struct svc_export, h); |
680 | |
681 | kref_get(&item->ex_client->ref); |
682 | new->ex_client = item->ex_client; |
683 | new->ex_path.dentry = dget(item->ex_path.dentry); |
684 | new->ex_path.mnt = mntget(item->ex_path.mnt); |
685 | new->ex_pathname = NULL; |
686 | new->ex_fslocs.locations = NULL; |
687 | new->ex_fslocs.locations_count = 0; |
688 | new->ex_fslocs.migrated = 0; |
689 | } |
690 | |
691 | static void export_update(struct cache_head *cnew, struct cache_head *citem) |
692 | { |
693 | struct svc_export *new = container_of(cnew, struct svc_export, h); |
694 | struct svc_export *item = container_of(citem, struct svc_export, h); |
695 | int i; |
696 | |
697 | new->ex_flags = item->ex_flags; |
698 | new->ex_anon_uid = item->ex_anon_uid; |
699 | new->ex_anon_gid = item->ex_anon_gid; |
700 | new->ex_fsid = item->ex_fsid; |
701 | new->ex_uuid = item->ex_uuid; |
702 | item->ex_uuid = NULL; |
703 | new->ex_pathname = item->ex_pathname; |
704 | item->ex_pathname = NULL; |
705 | new->ex_fslocs.locations = item->ex_fslocs.locations; |
706 | item->ex_fslocs.locations = NULL; |
707 | new->ex_fslocs.locations_count = item->ex_fslocs.locations_count; |
708 | item->ex_fslocs.locations_count = 0; |
709 | new->ex_fslocs.migrated = item->ex_fslocs.migrated; |
710 | item->ex_fslocs.migrated = 0; |
711 | new->ex_nflavors = item->ex_nflavors; |
712 | for (i = 0; i < MAX_SECINFO_LIST; i++) { |
713 | new->ex_flavors[i] = item->ex_flavors[i]; |
714 | } |
715 | } |
716 | |
717 | static struct cache_head *svc_export_alloc(void) |
718 | { |
719 | struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL); |
720 | if (i) |
721 | return &i->h; |
722 | else |
723 | return NULL; |
724 | } |
725 | |
726 | struct cache_detail svc_export_cache = { |
727 | .owner = THIS_MODULE, |
728 | .hash_size = EXPORT_HASHMAX, |
729 | .hash_table = export_table, |
730 | .name = "nfsd.export", |
731 | .cache_put = svc_export_put, |
732 | .cache_upcall = svc_export_upcall, |
733 | .cache_parse = svc_export_parse, |
734 | .cache_show = svc_export_show, |
735 | .match = svc_export_match, |
736 | .init = svc_export_init, |
737 | .update = export_update, |
738 | .alloc = svc_export_alloc, |
739 | }; |
740 | |
741 | static struct svc_export * |
742 | svc_export_lookup(struct svc_export *exp) |
743 | { |
744 | struct cache_head *ch; |
745 | int hash; |
746 | hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS); |
747 | hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS); |
748 | hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS); |
749 | |
750 | ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h, |
751 | hash); |
752 | if (ch) |
753 | return container_of(ch, struct svc_export, h); |
754 | else |
755 | return NULL; |
756 | } |
757 | |
758 | static struct svc_export * |
759 | svc_export_update(struct svc_export *new, struct svc_export *old) |
760 | { |
761 | struct cache_head *ch; |
762 | int hash; |
763 | hash = hash_ptr(old->ex_client, EXPORT_HASHBITS); |
764 | hash ^= hash_ptr(old->ex_path.dentry, EXPORT_HASHBITS); |
765 | hash ^= hash_ptr(old->ex_path.mnt, EXPORT_HASHBITS); |
766 | |
767 | ch = sunrpc_cache_update(&svc_export_cache, &new->h, |
768 | &old->h, |
769 | hash); |
770 | if (ch) |
771 | return container_of(ch, struct svc_export, h); |
772 | else |
773 | return NULL; |
774 | } |
775 | |
776 | |
777 | static struct svc_expkey * |
778 | exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp) |
779 | { |
780 | struct svc_expkey key, *ek; |
781 | int err; |
782 | |
783 | if (!clp) |
784 | return ERR_PTR(-ENOENT); |
785 | |
786 | key.ek_client = clp; |
787 | key.ek_fsidtype = fsid_type; |
788 | memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); |
789 | |
790 | ek = svc_expkey_lookup(&key); |
791 | if (ek == NULL) |
792 | return ERR_PTR(-ENOMEM); |
793 | err = cache_check(&svc_expkey_cache, &ek->h, reqp); |
794 | if (err) |
795 | return ERR_PTR(err); |
796 | return ek; |
797 | } |
798 | |
799 | static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv, |
800 | struct svc_export *exp) |
801 | { |
802 | struct svc_expkey key, *ek; |
803 | |
804 | key.ek_client = clp; |
805 | key.ek_fsidtype = fsid_type; |
806 | memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); |
807 | key.ek_path = exp->ex_path; |
808 | key.h.expiry_time = NEVER; |
809 | key.h.flags = 0; |
810 | |
811 | ek = svc_expkey_lookup(&key); |
812 | if (ek) |
813 | ek = svc_expkey_update(&key,ek); |
814 | if (ek) { |
815 | cache_put(&ek->h, &svc_expkey_cache); |
816 | return 0; |
817 | } |
818 | return -ENOMEM; |
819 | } |
820 | |
821 | /* |
822 | * Find the client's export entry matching xdev/xino. |
823 | */ |
824 | static inline struct svc_expkey * |
825 | exp_get_key(svc_client *clp, dev_t dev, ino_t ino) |
826 | { |
827 | u32 fsidv[3]; |
828 | |
829 | if (old_valid_dev(dev)) { |
830 | mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL); |
831 | return exp_find_key(clp, FSID_DEV, fsidv, NULL); |
832 | } |
833 | mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL); |
834 | return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL); |
835 | } |
836 | |
837 | /* |
838 | * Find the client's export entry matching fsid |
839 | */ |
840 | static inline struct svc_expkey * |
841 | exp_get_fsid_key(svc_client *clp, int fsid) |
842 | { |
843 | u32 fsidv[2]; |
844 | |
845 | mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL); |
846 | |
847 | return exp_find_key(clp, FSID_NUM, fsidv, NULL); |
848 | } |
849 | |
850 | static svc_export *exp_get_by_name(svc_client *clp, const struct path *path, |
851 | struct cache_req *reqp) |
852 | { |
853 | struct svc_export *exp, key; |
854 | int err; |
855 | |
856 | if (!clp) |
857 | return ERR_PTR(-ENOENT); |
858 | |
859 | key.ex_client = clp; |
860 | key.ex_path = *path; |
861 | |
862 | exp = svc_export_lookup(&key); |
863 | if (exp == NULL) |
864 | return ERR_PTR(-ENOMEM); |
865 | err = cache_check(&svc_export_cache, &exp->h, reqp); |
866 | if (err) |
867 | return ERR_PTR(err); |
868 | return exp; |
869 | } |
870 | |
871 | /* |
872 | * Find the export entry for a given dentry. |
873 | */ |
874 | static struct svc_export *exp_parent(svc_client *clp, struct path *path) |
875 | { |
876 | struct dentry *saved = dget(path->dentry); |
877 | svc_export *exp = exp_get_by_name(clp, path, NULL); |
878 | |
879 | while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) { |
880 | struct dentry *parent = dget_parent(path->dentry); |
881 | dput(path->dentry); |
882 | path->dentry = parent; |
883 | exp = exp_get_by_name(clp, path, NULL); |
884 | } |
885 | dput(path->dentry); |
886 | path->dentry = saved; |
887 | return exp; |
888 | } |
889 | |
890 | /* |
891 | * Hashtable locking. Write locks are placed only by user processes |
892 | * wanting to modify export information. |
893 | * Write locking only done in this file. Read locking |
894 | * needed externally. |
895 | */ |
896 | |
897 | static DECLARE_RWSEM(hash_sem); |
898 | |
899 | void |
900 | exp_readlock(void) |
901 | { |
902 | down_read(&hash_sem); |
903 | } |
904 | |
905 | static inline void |
906 | exp_writelock(void) |
907 | { |
908 | down_write(&hash_sem); |
909 | } |
910 | |
911 | void |
912 | exp_readunlock(void) |
913 | { |
914 | up_read(&hash_sem); |
915 | } |
916 | |
917 | static inline void |
918 | exp_writeunlock(void) |
919 | { |
920 | up_write(&hash_sem); |
921 | } |
922 | |
923 | static void exp_fsid_unhash(struct svc_export *exp) |
924 | { |
925 | struct svc_expkey *ek; |
926 | |
927 | if ((exp->ex_flags & NFSEXP_FSID) == 0) |
928 | return; |
929 | |
930 | ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid); |
931 | if (!IS_ERR(ek)) { |
932 | ek->h.expiry_time = get_seconds()-1; |
933 | cache_put(&ek->h, &svc_expkey_cache); |
934 | } |
935 | svc_expkey_cache.nextcheck = get_seconds(); |
936 | } |
937 | |
938 | static int exp_fsid_hash(svc_client *clp, struct svc_export *exp) |
939 | { |
940 | u32 fsid[2]; |
941 | |
942 | if ((exp->ex_flags & NFSEXP_FSID) == 0) |
943 | return 0; |
944 | |
945 | mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL); |
946 | return exp_set_key(clp, FSID_NUM, fsid, exp); |
947 | } |
948 | |
949 | static int exp_hash(struct auth_domain *clp, struct svc_export *exp) |
950 | { |
951 | u32 fsid[2]; |
952 | struct inode *inode = exp->ex_path.dentry->d_inode; |
953 | dev_t dev = inode->i_sb->s_dev; |
954 | |
955 | if (old_valid_dev(dev)) { |
956 | mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL); |
957 | return exp_set_key(clp, FSID_DEV, fsid, exp); |
958 | } |
959 | mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL); |
960 | return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp); |
961 | } |
962 | |
963 | static void exp_unhash(struct svc_export *exp) |
964 | { |
965 | struct svc_expkey *ek; |
966 | struct inode *inode = exp->ex_path.dentry->d_inode; |
967 | |
968 | ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino); |
969 | if (!IS_ERR(ek)) { |
970 | ek->h.expiry_time = get_seconds()-1; |
971 | cache_put(&ek->h, &svc_expkey_cache); |
972 | } |
973 | svc_expkey_cache.nextcheck = get_seconds(); |
974 | } |
975 | |
976 | /* |
977 | * Export a file system. |
978 | */ |
979 | int |
980 | exp_export(struct nfsctl_export *nxp) |
981 | { |
982 | svc_client *clp; |
983 | struct svc_export *exp = NULL; |
984 | struct svc_export new; |
985 | struct svc_expkey *fsid_key = NULL; |
986 | struct path path; |
987 | int err; |
988 | |
989 | /* Consistency check */ |
990 | err = -EINVAL; |
991 | if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || |
992 | !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) |
993 | goto out; |
994 | |
995 | dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n", |
996 | nxp->ex_client, nxp->ex_path, |
997 | (unsigned)nxp->ex_dev, (long)nxp->ex_ino, |
998 | nxp->ex_flags); |
999 | |
1000 | /* Try to lock the export table for update */ |
1001 | exp_writelock(); |
1002 | |
1003 | /* Look up client info */ |
1004 | if (!(clp = auth_domain_find(nxp->ex_client))) |
1005 | goto out_unlock; |
1006 | |
1007 | |
1008 | /* Look up the dentry */ |
1009 | err = kern_path(nxp->ex_path, 0, &path); |
1010 | if (err) |
1011 | goto out_put_clp; |
1012 | err = -EINVAL; |
1013 | |
1014 | exp = exp_get_by_name(clp, &path, NULL); |
1015 | |
1016 | memset(&new, 0, sizeof(new)); |
1017 | |
1018 | /* must make sure there won't be an ex_fsid clash */ |
1019 | if ((nxp->ex_flags & NFSEXP_FSID) && |
1020 | (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) && |
1021 | fsid_key->ek_path.mnt && |
1022 | (fsid_key->ek_path.mnt != path.mnt || |
1023 | fsid_key->ek_path.dentry != path.dentry)) |
1024 | goto finish; |
1025 | |
1026 | if (!IS_ERR(exp)) { |
1027 | /* just a flags/id/fsid update */ |
1028 | |
1029 | exp_fsid_unhash(exp); |
1030 | exp->ex_flags = nxp->ex_flags; |
1031 | exp->ex_anon_uid = nxp->ex_anon_uid; |
1032 | exp->ex_anon_gid = nxp->ex_anon_gid; |
1033 | exp->ex_fsid = nxp->ex_dev; |
1034 | |
1035 | err = exp_fsid_hash(clp, exp); |
1036 | goto finish; |
1037 | } |
1038 | |
1039 | err = check_export(path.dentry->d_inode, &nxp->ex_flags, NULL); |
1040 | if (err) goto finish; |
1041 | |
1042 | err = -ENOMEM; |
1043 | |
1044 | dprintk("nfsd: creating export entry %p for client %p\n", exp, clp); |
1045 | |
1046 | new.h.expiry_time = NEVER; |
1047 | new.h.flags = 0; |
1048 | new.ex_pathname = kstrdup(nxp->ex_path, GFP_KERNEL); |
1049 | if (!new.ex_pathname) |
1050 | goto finish; |
1051 | new.ex_client = clp; |
1052 | new.ex_path = path; |
1053 | new.ex_flags = nxp->ex_flags; |
1054 | new.ex_anon_uid = nxp->ex_anon_uid; |
1055 | new.ex_anon_gid = nxp->ex_anon_gid; |
1056 | new.ex_fsid = nxp->ex_dev; |
1057 | |
1058 | exp = svc_export_lookup(&new); |
1059 | if (exp) |
1060 | exp = svc_export_update(&new, exp); |
1061 | |
1062 | if (!exp) |
1063 | goto finish; |
1064 | |
1065 | if (exp_hash(clp, exp) || |
1066 | exp_fsid_hash(clp, exp)) { |
1067 | /* failed to create at least one index */ |
1068 | exp_do_unexport(exp); |
1069 | cache_flush(); |
1070 | } else |
1071 | err = 0; |
1072 | finish: |
1073 | kfree(new.ex_pathname); |
1074 | if (exp) |
1075 | exp_put(exp); |
1076 | if (fsid_key && !IS_ERR(fsid_key)) |
1077 | cache_put(&fsid_key->h, &svc_expkey_cache); |
1078 | path_put(&path); |
1079 | out_put_clp: |
1080 | auth_domain_put(clp); |
1081 | out_unlock: |
1082 | exp_writeunlock(); |
1083 | out: |
1084 | return err; |
1085 | } |
1086 | |
1087 | /* |
1088 | * Unexport a file system. The export entry has already |
1089 | * been removed from the client's list of exported fs's. |
1090 | */ |
1091 | static void |
1092 | exp_do_unexport(svc_export *unexp) |
1093 | { |
1094 | unexp->h.expiry_time = get_seconds()-1; |
1095 | svc_export_cache.nextcheck = get_seconds(); |
1096 | exp_unhash(unexp); |
1097 | exp_fsid_unhash(unexp); |
1098 | } |
1099 | |
1100 | |
1101 | /* |
1102 | * unexport syscall. |
1103 | */ |
1104 | int |
1105 | exp_unexport(struct nfsctl_export *nxp) |
1106 | { |
1107 | struct auth_domain *dom; |
1108 | svc_export *exp; |
1109 | struct path path; |
1110 | int err; |
1111 | |
1112 | /* Consistency check */ |
1113 | if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || |
1114 | !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) |
1115 | return -EINVAL; |
1116 | |
1117 | exp_writelock(); |
1118 | |
1119 | err = -EINVAL; |
1120 | dom = auth_domain_find(nxp->ex_client); |
1121 | if (!dom) { |
1122 | dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client); |
1123 | goto out_unlock; |
1124 | } |
1125 | |
1126 | err = kern_path(nxp->ex_path, 0, &path); |
1127 | if (err) |
1128 | goto out_domain; |
1129 | |
1130 | err = -EINVAL; |
1131 | exp = exp_get_by_name(dom, &path, NULL); |
1132 | path_put(&path); |
1133 | if (IS_ERR(exp)) |
1134 | goto out_domain; |
1135 | |
1136 | exp_do_unexport(exp); |
1137 | exp_put(exp); |
1138 | err = 0; |
1139 | |
1140 | out_domain: |
1141 | auth_domain_put(dom); |
1142 | cache_flush(); |
1143 | out_unlock: |
1144 | exp_writeunlock(); |
1145 | return err; |
1146 | } |
1147 | |
1148 | /* |
1149 | * Obtain the root fh on behalf of a client. |
1150 | * This could be done in user space, but I feel that it adds some safety |
1151 | * since its harder to fool a kernel module than a user space program. |
1152 | */ |
1153 | int |
1154 | exp_rootfh(svc_client *clp, char *name, struct knfsd_fh *f, int maxsize) |
1155 | { |
1156 | struct svc_export *exp; |
1157 | struct path path; |
1158 | struct inode *inode; |
1159 | struct svc_fh fh; |
1160 | int err; |
1161 | |
1162 | err = -EPERM; |
1163 | /* NB: we probably ought to check that it's NUL-terminated */ |
1164 | if (kern_path(name, 0, &path)) { |
1165 | printk("nfsd: exp_rootfh path not found %s", name); |
1166 | return err; |
1167 | } |
1168 | inode = path.dentry->d_inode; |
1169 | |
1170 | dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n", |
1171 | name, path.dentry, clp->name, |
1172 | inode->i_sb->s_id, inode->i_ino); |
1173 | exp = exp_parent(clp, &path); |
1174 | if (IS_ERR(exp)) { |
1175 | err = PTR_ERR(exp); |
1176 | goto out; |
1177 | } |
1178 | |
1179 | /* |
1180 | * fh must be initialized before calling fh_compose |
1181 | */ |
1182 | fh_init(&fh, maxsize); |
1183 | if (fh_compose(&fh, exp, path.dentry, NULL)) |
1184 | err = -EINVAL; |
1185 | else |
1186 | err = 0; |
1187 | memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh)); |
1188 | fh_put(&fh); |
1189 | exp_put(exp); |
1190 | out: |
1191 | path_put(&path); |
1192 | return err; |
1193 | } |
1194 | |
1195 | static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type, |
1196 | u32 *fsidv, struct cache_req *reqp) |
1197 | { |
1198 | struct svc_export *exp; |
1199 | struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp); |
1200 | if (IS_ERR(ek)) |
1201 | return ERR_CAST(ek); |
1202 | |
1203 | exp = exp_get_by_name(clp, &ek->ek_path, reqp); |
1204 | cache_put(&ek->h, &svc_expkey_cache); |
1205 | |
1206 | if (IS_ERR(exp)) |
1207 | return ERR_CAST(exp); |
1208 | return exp; |
1209 | } |
1210 | |
1211 | __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp) |
1212 | { |
1213 | struct exp_flavor_info *f; |
1214 | struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; |
1215 | |
1216 | /* legacy gss-only clients are always OK: */ |
1217 | if (exp->ex_client == rqstp->rq_gssclient) |
1218 | return 0; |
1219 | /* ip-address based client; check sec= export option: */ |
1220 | for (f = exp->ex_flavors; f < end; f++) { |
1221 | if (f->pseudoflavor == rqstp->rq_flavor) |
1222 | return 0; |
1223 | } |
1224 | /* defaults in absence of sec= options: */ |
1225 | if (exp->ex_nflavors == 0) { |
1226 | if (rqstp->rq_flavor == RPC_AUTH_NULL || |
1227 | rqstp->rq_flavor == RPC_AUTH_UNIX) |
1228 | return 0; |
1229 | } |
1230 | return nfserr_wrongsec; |
1231 | } |
1232 | |
1233 | /* |
1234 | * Uses rq_client and rq_gssclient to find an export; uses rq_client (an |
1235 | * auth_unix client) if it's available and has secinfo information; |
1236 | * otherwise, will try to use rq_gssclient. |
1237 | * |
1238 | * Called from functions that handle requests; functions that do work on |
1239 | * behalf of mountd are passed a single client name to use, and should |
1240 | * use exp_get_by_name() or exp_find(). |
1241 | */ |
1242 | struct svc_export * |
1243 | rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path) |
1244 | { |
1245 | struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); |
1246 | |
1247 | if (rqstp->rq_client == NULL) |
1248 | goto gss; |
1249 | |
1250 | /* First try the auth_unix client: */ |
1251 | exp = exp_get_by_name(rqstp->rq_client, path, &rqstp->rq_chandle); |
1252 | if (PTR_ERR(exp) == -ENOENT) |
1253 | goto gss; |
1254 | if (IS_ERR(exp)) |
1255 | return exp; |
1256 | /* If it has secinfo, assume there are no gss/... clients */ |
1257 | if (exp->ex_nflavors > 0) |
1258 | return exp; |
1259 | gss: |
1260 | /* Otherwise, try falling back on gss client */ |
1261 | if (rqstp->rq_gssclient == NULL) |
1262 | return exp; |
1263 | gssexp = exp_get_by_name(rqstp->rq_gssclient, path, &rqstp->rq_chandle); |
1264 | if (PTR_ERR(gssexp) == -ENOENT) |
1265 | return exp; |
1266 | if (!IS_ERR(exp)) |
1267 | exp_put(exp); |
1268 | return gssexp; |
1269 | } |
1270 | |
1271 | struct svc_export * |
1272 | rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv) |
1273 | { |
1274 | struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); |
1275 | |
1276 | if (rqstp->rq_client == NULL) |
1277 | goto gss; |
1278 | |
1279 | /* First try the auth_unix client: */ |
1280 | exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle); |
1281 | if (PTR_ERR(exp) == -ENOENT) |
1282 | goto gss; |
1283 | if (IS_ERR(exp)) |
1284 | return exp; |
1285 | /* If it has secinfo, assume there are no gss/... clients */ |
1286 | if (exp->ex_nflavors > 0) |
1287 | return exp; |
1288 | gss: |
1289 | /* Otherwise, try falling back on gss client */ |
1290 | if (rqstp->rq_gssclient == NULL) |
1291 | return exp; |
1292 | gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv, |
1293 | &rqstp->rq_chandle); |
1294 | if (PTR_ERR(gssexp) == -ENOENT) |
1295 | return exp; |
1296 | if (!IS_ERR(exp)) |
1297 | exp_put(exp); |
1298 | return gssexp; |
1299 | } |
1300 | |
1301 | struct svc_export * |
1302 | rqst_exp_parent(struct svc_rqst *rqstp, struct path *path) |
1303 | { |
1304 | struct dentry *saved = dget(path->dentry); |
1305 | struct svc_export *exp = rqst_exp_get_by_name(rqstp, path); |
1306 | |
1307 | while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) { |
1308 | struct dentry *parent = dget_parent(path->dentry); |
1309 | dput(path->dentry); |
1310 | path->dentry = parent; |
1311 | exp = rqst_exp_get_by_name(rqstp, path); |
1312 | } |
1313 | dput(path->dentry); |
1314 | path->dentry = saved; |
1315 | return exp; |
1316 | } |
1317 | |
1318 | static struct svc_export *find_fsidzero_export(struct svc_rqst *rqstp) |
1319 | { |
1320 | u32 fsidv[2]; |
1321 | |
1322 | mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL); |
1323 | |
1324 | return rqst_exp_find(rqstp, FSID_NUM, fsidv); |
1325 | } |
1326 | |
1327 | /* |
1328 | * Called when we need the filehandle for the root of the pseudofs, |
1329 | * for a given NFSv4 client. The root is defined to be the |
1330 | * export point with fsid==0 |
1331 | */ |
1332 | __be32 |
1333 | exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp) |
1334 | { |
1335 | struct svc_export *exp; |
1336 | __be32 rv; |
1337 | |
1338 | exp = find_fsidzero_export(rqstp); |
1339 | if (IS_ERR(exp)) |
1340 | return nfserrno(PTR_ERR(exp)); |
1341 | rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL); |
1342 | if (rv) |
1343 | goto out; |
1344 | rv = check_nfsd_access(exp, rqstp); |
1345 | if (rv) |
1346 | fh_put(fhp); |
1347 | out: |
1348 | exp_put(exp); |
1349 | return rv; |
1350 | } |
1351 | |
1352 | /* Iterator */ |
1353 | |
1354 | static void *e_start(struct seq_file *m, loff_t *pos) |
1355 | __acquires(svc_export_cache.hash_lock) |
1356 | { |
1357 | loff_t n = *pos; |
1358 | unsigned hash, export; |
1359 | struct cache_head *ch; |
1360 | |
1361 | exp_readlock(); |
1362 | read_lock(&svc_export_cache.hash_lock); |
1363 | if (!n--) |
1364 | return SEQ_START_TOKEN; |
1365 | hash = n >> 32; |
1366 | export = n & ((1LL<<32) - 1); |
1367 | |
1368 | |
1369 | for (ch=export_table[hash]; ch; ch=ch->next) |
1370 | if (!export--) |
1371 | return ch; |
1372 | n &= ~((1LL<<32) - 1); |
1373 | do { |
1374 | hash++; |
1375 | n += 1LL<<32; |
1376 | } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL); |
1377 | if (hash >= EXPORT_HASHMAX) |
1378 | return NULL; |
1379 | *pos = n+1; |
1380 | return export_table[hash]; |
1381 | } |
1382 | |
1383 | static void *e_next(struct seq_file *m, void *p, loff_t *pos) |
1384 | { |
1385 | struct cache_head *ch = p; |
1386 | int hash = (*pos >> 32); |
1387 | |
1388 | if (p == SEQ_START_TOKEN) |
1389 | hash = 0; |
1390 | else if (ch->next == NULL) { |
1391 | hash++; |
1392 | *pos += 1LL<<32; |
1393 | } else { |
1394 | ++*pos; |
1395 | return ch->next; |
1396 | } |
1397 | *pos &= ~((1LL<<32) - 1); |
1398 | while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) { |
1399 | hash++; |
1400 | *pos += 1LL<<32; |
1401 | } |
1402 | if (hash >= EXPORT_HASHMAX) |
1403 | return NULL; |
1404 | ++*pos; |
1405 | return export_table[hash]; |
1406 | } |
1407 | |
1408 | static void e_stop(struct seq_file *m, void *p) |
1409 | __releases(svc_export_cache.hash_lock) |
1410 | { |
1411 | read_unlock(&svc_export_cache.hash_lock); |
1412 | exp_readunlock(); |
1413 | } |
1414 | |
1415 | static struct flags { |
1416 | int flag; |
1417 | char *name[2]; |
1418 | } expflags[] = { |
1419 | { NFSEXP_READONLY, {"ro", "rw"}}, |
1420 | { NFSEXP_INSECURE_PORT, {"insecure", ""}}, |
1421 | { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}}, |
1422 | { NFSEXP_ALLSQUASH, {"all_squash", ""}}, |
1423 | { NFSEXP_ASYNC, {"async", "sync"}}, |
1424 | { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}}, |
1425 | { NFSEXP_NOHIDE, {"nohide", ""}}, |
1426 | { NFSEXP_CROSSMOUNT, {"crossmnt", ""}}, |
1427 | { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}}, |
1428 | { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}}, |
1429 | { NFSEXP_V4ROOT, {"v4root", ""}}, |
1430 | #ifdef MSNFS |
1431 | { NFSEXP_MSNFS, {"msnfs", ""}}, |
1432 | #endif |
1433 | { 0, {"", ""}} |
1434 | }; |
1435 | |
1436 | static void show_expflags(struct seq_file *m, int flags, int mask) |
1437 | { |
1438 | struct flags *flg; |
1439 | int state, first = 0; |
1440 | |
1441 | for (flg = expflags; flg->flag; flg++) { |
1442 | if (flg->flag & ~mask) |
1443 | continue; |
1444 | state = (flg->flag & flags) ? 0 : 1; |
1445 | if (*flg->name[state]) |
1446 | seq_printf(m, "%s%s", first++?",":"", flg->name[state]); |
1447 | } |
1448 | } |
1449 | |
1450 | static void show_secinfo_flags(struct seq_file *m, int flags) |
1451 | { |
1452 | seq_printf(m, ","); |
1453 | show_expflags(m, flags, NFSEXP_SECINFO_FLAGS); |
1454 | } |
1455 | |
1456 | static void show_secinfo(struct seq_file *m, struct svc_export *exp) |
1457 | { |
1458 | struct exp_flavor_info *f; |
1459 | struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; |
1460 | int lastflags = 0, first = 0; |
1461 | |
1462 | if (exp->ex_nflavors == 0) |
1463 | return; |
1464 | for (f = exp->ex_flavors; f < end; f++) { |
1465 | if (first || f->flags != lastflags) { |
1466 | if (!first) |
1467 | show_secinfo_flags(m, lastflags); |
1468 | seq_printf(m, ",sec=%d", f->pseudoflavor); |
1469 | lastflags = f->flags; |
1470 | } else { |
1471 | seq_printf(m, ":%d", f->pseudoflavor); |
1472 | } |
1473 | } |
1474 | show_secinfo_flags(m, lastflags); |
1475 | } |
1476 | |
1477 | static void exp_flags(struct seq_file *m, int flag, int fsid, |
1478 | uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc) |
1479 | { |
1480 | show_expflags(m, flag, NFSEXP_ALLFLAGS); |
1481 | if (flag & NFSEXP_FSID) |
1482 | seq_printf(m, ",fsid=%d", fsid); |
1483 | if (anonu != (uid_t)-2 && anonu != (0x10000-2)) |
1484 | seq_printf(m, ",anonuid=%u", anonu); |
1485 | if (anong != (gid_t)-2 && anong != (0x10000-2)) |
1486 | seq_printf(m, ",anongid=%u", anong); |
1487 | if (fsloc && fsloc->locations_count > 0) { |
1488 | char *loctype = (fsloc->migrated) ? "refer" : "replicas"; |
1489 | int i; |
1490 | |
1491 | seq_printf(m, ",%s=", loctype); |
1492 | seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\"); |
1493 | seq_putc(m, '@'); |
1494 | seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\"); |
1495 | for (i = 1; i < fsloc->locations_count; i++) { |
1496 | seq_putc(m, ';'); |
1497 | seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\"); |
1498 | seq_putc(m, '@'); |
1499 | seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\"); |
1500 | } |
1501 | } |
1502 | } |
1503 | |
1504 | static int e_show(struct seq_file *m, void *p) |
1505 | { |
1506 | struct cache_head *cp = p; |
1507 | struct svc_export *exp = container_of(cp, struct svc_export, h); |
1508 | |
1509 | if (p == SEQ_START_TOKEN) { |
1510 | seq_puts(m, "# Version 1.1\n"); |
1511 | seq_puts(m, "# Path Client(Flags) # IPs\n"); |
1512 | return 0; |
1513 | } |
1514 | |
1515 | cache_get(&exp->h); |
1516 | if (cache_check(&svc_export_cache, &exp->h, NULL)) |
1517 | return 0; |
1518 | cache_put(&exp->h, &svc_export_cache); |
1519 | return svc_export_show(m, &svc_export_cache, cp); |
1520 | } |
1521 | |
1522 | const struct seq_operations nfs_exports_op = { |
1523 | .start = e_start, |
1524 | .next = e_next, |
1525 | .stop = e_stop, |
1526 | .show = e_show, |
1527 | }; |
1528 | |
1529 | /* |
1530 | * Add or modify a client. |
1531 | * Change requests may involve the list of host addresses. The list of |
1532 | * exports and possibly existing uid maps are left untouched. |
1533 | */ |
1534 | int |
1535 | exp_addclient(struct nfsctl_client *ncp) |
1536 | { |
1537 | struct auth_domain *dom; |
1538 | int i, err; |
1539 | struct in6_addr addr6; |
1540 | |
1541 | /* First, consistency check. */ |
1542 | err = -EINVAL; |
1543 | if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) |
1544 | goto out; |
1545 | if (ncp->cl_naddr > NFSCLNT_ADDRMAX) |
1546 | goto out; |
1547 | |
1548 | /* Lock the hashtable */ |
1549 | exp_writelock(); |
1550 | |
1551 | dom = unix_domain_find(ncp->cl_ident); |
1552 | |
1553 | err = -ENOMEM; |
1554 | if (!dom) |
1555 | goto out_unlock; |
1556 | |
1557 | /* Insert client into hashtable. */ |
1558 | for (i = 0; i < ncp->cl_naddr; i++) { |
1559 | ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &addr6); |
1560 | auth_unix_add_addr(&addr6, dom); |
1561 | } |
1562 | auth_unix_forget_old(dom); |
1563 | auth_domain_put(dom); |
1564 | |
1565 | err = 0; |
1566 | |
1567 | out_unlock: |
1568 | exp_writeunlock(); |
1569 | out: |
1570 | return err; |
1571 | } |
1572 | |
1573 | /* |
1574 | * Delete a client given an identifier. |
1575 | */ |
1576 | int |
1577 | exp_delclient(struct nfsctl_client *ncp) |
1578 | { |
1579 | int err; |
1580 | struct auth_domain *dom; |
1581 | |
1582 | err = -EINVAL; |
1583 | if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) |
1584 | goto out; |
1585 | |
1586 | /* Lock the hashtable */ |
1587 | exp_writelock(); |
1588 | |
1589 | dom = auth_domain_find(ncp->cl_ident); |
1590 | /* just make sure that no addresses work |
1591 | * and that it will expire soon |
1592 | */ |
1593 | if (dom) { |
1594 | err = auth_unix_forget_old(dom); |
1595 | auth_domain_put(dom); |
1596 | } |
1597 | |
1598 | exp_writeunlock(); |
1599 | out: |
1600 | return err; |
1601 | } |
1602 | |
1603 | /* |
1604 | * Verify that string is non-empty and does not exceed max length. |
1605 | */ |
1606 | static int |
1607 | exp_verify_string(char *cp, int max) |
1608 | { |
1609 | int i; |
1610 | |
1611 | for (i = 0; i < max; i++) |
1612 | if (!cp[i]) |
1613 | return i; |
1614 | cp[i] = 0; |
1615 | printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp); |
1616 | return 0; |
1617 | } |
1618 | |
1619 | /* |
1620 | * Initialize the exports module. |
1621 | */ |
1622 | int |
1623 | nfsd_export_init(void) |
1624 | { |
1625 | int rv; |
1626 | dprintk("nfsd: initializing export module.\n"); |
1627 | |
1628 | rv = cache_register(&svc_export_cache); |
1629 | if (rv) |
1630 | return rv; |
1631 | rv = cache_register(&svc_expkey_cache); |
1632 | if (rv) |
1633 | cache_unregister(&svc_export_cache); |
1634 | return rv; |
1635 | |
1636 | } |
1637 | |
1638 | /* |
1639 | * Flush exports table - called when last nfsd thread is killed |
1640 | */ |
1641 | void |
1642 | nfsd_export_flush(void) |
1643 | { |
1644 | exp_writelock(); |
1645 | cache_purge(&svc_expkey_cache); |
1646 | cache_purge(&svc_export_cache); |
1647 | exp_writeunlock(); |
1648 | } |
1649 | |
1650 | /* |
1651 | * Shutdown the exports module. |
1652 | */ |
1653 | void |
1654 | nfsd_export_shutdown(void) |
1655 | { |
1656 | |
1657 | dprintk("nfsd: shutting down export module.\n"); |
1658 | |
1659 | exp_writelock(); |
1660 | |
1661 | cache_unregister(&svc_expkey_cache); |
1662 | cache_unregister(&svc_export_cache); |
1663 | svcauth_unix_purge(); |
1664 | |
1665 | exp_writeunlock(); |
1666 | dprintk("nfsd: export shutdown complete.\n"); |
1667 | } |
1668 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9