Date: Mon, 4 May 2009 15:23:59 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r191783 - in head/sys/fs: nfs nfsclient nfsserver Message-ID: <200905041523.n44FNxdS048794@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Mon May 4 15:23:58 2009 New Revision: 191783 URL: http://svn.freebsd.org/changeset/base/191783 Log: Add the experimental nfs subtree to the kernel, that includes support for NFSv4 as well as NFSv2 and 3. It lives in 3 subdirs under sys/fs: nfs - functions that are common to the client and server nfsclient - a mutation of sys/nfsclient that call generic functions to do RPCs and handle state. As such, it retains the buffer cache handling characteristics and vnode semantics that are found in sys/nfsclient, for the most part. nfsserver - the server. It includes a DRC designed specifically for NFSv4, that is used instead of the generic DRC in sys/rpc. The build glue will be checked in later, so at this point, it consists of 3 new subdirs that should not affect kernel building. Approved by: kib (mentor) Added: head/sys/fs/nfs/ head/sys/fs/nfs/nfs.h (contents, props changed) head/sys/fs/nfs/nfs_commonacl.c (contents, props changed) head/sys/fs/nfs/nfs_commonkrpc.c (contents, props changed) head/sys/fs/nfs/nfs_commonport.c (contents, props changed) head/sys/fs/nfs/nfs_commonsubs.c (contents, props changed) head/sys/fs/nfs/nfs_var.h (contents, props changed) head/sys/fs/nfs/nfscl.h (contents, props changed) head/sys/fs/nfs/nfsclstate.h (contents, props changed) head/sys/fs/nfs/nfsdport.h (contents, props changed) head/sys/fs/nfs/nfskpiport.h (contents, props changed) head/sys/fs/nfs/nfsm_subs.h (contents, props changed) head/sys/fs/nfs/nfsport.h (contents, props changed) head/sys/fs/nfs/nfsproto.h (contents, props changed) head/sys/fs/nfs/nfsrvcache.h (contents, props changed) head/sys/fs/nfs/nfsrvstate.h (contents, props changed) head/sys/fs/nfs/nfsv4_errstr.h (contents, props changed) head/sys/fs/nfs/rpcv2.h (contents, props changed) head/sys/fs/nfs/xdr_subs.h (contents, props changed) head/sys/fs/nfsclient/ head/sys/fs/nfsclient/nfs.h (contents, props changed) head/sys/fs/nfsclient/nfs_clbio.c (contents, props changed) head/sys/fs/nfsclient/nfs_clcomsubs.c (contents, props changed) head/sys/fs/nfsclient/nfs_clkrpc.c (contents, props changed) head/sys/fs/nfsclient/nfs_cllock.c (contents, props changed) head/sys/fs/nfsclient/nfs_clnfsiod.c (contents, props changed) head/sys/fs/nfsclient/nfs_clnode.c (contents, props changed) head/sys/fs/nfsclient/nfs_clport.c (contents, props changed) head/sys/fs/nfsclient/nfs_clrpcops.c (contents, props changed) head/sys/fs/nfsclient/nfs_clstate.c (contents, props changed) head/sys/fs/nfsclient/nfs_clsubs.c (contents, props changed) head/sys/fs/nfsclient/nfs_clvfsops.c (contents, props changed) head/sys/fs/nfsclient/nfs_clvnops.c (contents, props changed) head/sys/fs/nfsclient/nfs_lock.h (contents, props changed) head/sys/fs/nfsclient/nfsargs.h (contents, props changed) head/sys/fs/nfsclient/nfsdiskless.h (contents, props changed) head/sys/fs/nfsclient/nfsmount.h (contents, props changed) head/sys/fs/nfsclient/nfsnode.h (contents, props changed) head/sys/fs/nfsclient/nlminfo.h (contents, props changed) head/sys/fs/nfsserver/ head/sys/fs/nfsserver/nfs_nfsdcache.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdkrpc.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdport.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdserv.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdsocket.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdstate.c (contents, props changed) head/sys/fs/nfsserver/nfs_nfsdsubs.c (contents, props changed) Added: head/sys/fs/nfs/nfs.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/fs/nfs/nfs.h Mon May 4 15:23:58 2009 (r191783) @@ -0,0 +1,704 @@ +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Rick Macklem at The University of Guelph. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NFS_NFS_H_ +#define _NFS_NFS_H_ +/* + * Tunable constants for nfs + */ + +#define NFS_MAXIOVEC 34 +#define NFS_TICKINTVL 10 /* Desired time for a tick (msec) */ +#define NFS_HZ (hz / nfscl_ticks) /* Ticks/sec */ +#define NFS_TIMEO (1 * NFS_HZ) /* Default timeout = 1 second */ +#define NFS_MINTIMEO (1 * NFS_HZ) /* Min timeout to use */ +#define NFS_MAXTIMEO (60 * NFS_HZ) /* Max timeout to backoff to */ +#define NFS_TCPTIMEO 300 /* TCP timeout */ +#define NFS_MAXRCVTIMEO 60 /* 1 minute in seconds */ +#define NFS_MINIDEMTIMEO (5 * NFS_HZ) /* Min timeout for non-idempotent ops*/ +#define NFS_MAXREXMIT 100 /* Stop counting after this many */ +#define NFSV4_CALLBACKTIMEO (2 * NFS_HZ) /* Timeout in ticks */ +#define NFSV4_CALLBACKRETRY 5 /* Number of retries before failure */ +#define NFSV4_CBRETRYCNT 4 /* # of CBRecall retries upon err */ +#define NFSV4_UPCALLTIMEO (15 * NFS_HZ) /* Timeout in ticks for upcalls */ + /* to gssd or nfsuserd */ +#define NFSV4_UPCALLRETRY 4 /* Number of retries before failure */ +#define NFS_MAXWINDOW 1024 /* Max number of outstanding requests */ +#define NFS_RETRANS 10 /* Num of retrans for soft mounts */ +#define NFS_MAXGRPS 16 /* Max. size of groups list */ +#define NFS_TRYLATERDEL 15 /* Maximum delay timeout (sec) */ +#ifndef NFS_REMOVETIMEO +#define NFS_REMOVETIMEO 15 /* # sec to wait for delegret in local syscall */ +#endif +#ifndef NFS_MINATTRTIMO +#define NFS_MINATTRTIMO 5 /* Attribute cache timeout in sec */ +#endif +#ifndef NFS_MAXATTRTIMO +#define NFS_MAXATTRTIMO 60 +#endif +#define NFS_WSIZE 8192 /* Def. write data size <= 8192 */ +#define NFS_RSIZE 8192 /* Def. read data size <= 8192 */ +#define NFS_READDIRSIZE 8192 /* Def. readdir size */ +#define NFS_DEFRAHEAD 0 /* Def. read ahead # blocks */ +#define NFS_MAXRAHEAD 32 /* Max. read ahead # blocks */ +#define NFS_MAXUIDHASH 64 /* Max. # of hashed uid entries/mp */ +#ifndef NFSRV_LEASE +#define NFSRV_LEASE 120 /* Lease time in seconds for V4 */ +#endif /* assigned to nfsrv_lease */ +#ifndef NFSRV_STALELEASE +#define NFSRV_STALELEASE (5 * nfsrv_lease) +#endif +#ifndef NFSRV_MOULDYLEASE +#define NFSRV_MOULDYLEASE 604800 /* One week (in sec) */ +#endif +#ifndef NFSCLIENTHASHSIZE +#define NFSCLIENTHASHSIZE 20 /* Size of server client hash table */ +#endif +#ifndef NFSLOCKHASHSIZE +#define NFSLOCKHASHSIZE 20 /* Size of server nfslock hash table */ +#endif +#define NFSSTATEHASHSIZE 10 /* Size of server stateid hash table */ +#ifndef NFSUSERHASHSIZE +#define NFSUSERHASHSIZE 30 /* Size of user id hash table */ +#endif +#ifndef NFSGROUPHASHSIZE +#define NFSGROUPHASHSIZE 5 /* Size of group id hash table */ +#endif +#ifndef NFSCLDELEGHIGHWATER +#define NFSCLDELEGHIGHWATER 10000 /* limit for client delegations */ +#endif +#ifndef NFSNOOPEN /* Inactive open owner (sec) */ +#define NFSNOOPEN 120 +#endif +#define NFSRV_LEASEDELTA 15 /* # of seconds to delay beyond lease */ +#define NFS_IDMAXSIZE 4 /* max sizeof (in_addr_t) */ +#ifndef NFSRVCACHE_UDPTIMEOUT +#define NFSRVCACHE_UDPTIMEOUT 30 /* # of sec to hold cached rpcs(udp) */ +#endif +#ifndef NFSRVCACHE_UDPHIGHWATER +#define NFSRVCACHE_UDPHIGHWATER 500 /* Max # of udp cache entries */ +#endif +#ifndef NFSRVCACHE_TCPTIMEOUT +#define NFSRVCACHE_TCPTIMEOUT (3600*12) /*#of sec to hold cached rpcs(tcp) */ +#endif +#ifndef NFSRVCACHE_FLOODLEVEL +#define NFSRVCACHE_FLOODLEVEL 16384 /* Very high water mark for cache */ +#endif +#ifndef NFSRV_CLIENTHIGHWATER +#define NFSRV_CLIENTHIGHWATER 1000 +#endif +#ifndef NFSRV_MAXDUMPLIST +#define NFSRV_MAXDUMPLIST 10000 +#endif +#ifndef NFS_ACCESSCACHESIZE +#define NFS_ACCESSCACHESIZE 8 +#endif +#define NFSV4_CBPORT 7745 /* Callback port for testing */ + +/* + * This macro defines the high water mark for issuing V4 delegations. + * (It is currently set at a conservative 20% of NFSRV_V4STATELIMIT. This + * may want to increase when clients can make more effective use of + * delegations.) + */ +#define NFSRV_V4DELEGLIMIT(c) (((c) * 5) > NFSRV_V4STATELIMIT) + +#define NFS_READDIRBLKSIZ DIRBLKSIZ /* Minimal nm_readdirsize */ + +/* + * Oddballs + */ +#define NFS_CMPFH(n, f, s) \ + ((n)->n_fhp->nfh_len == (s) && !NFSBCMP((n)->n_fhp->nfh_fh, (caddr_t)(f), (s))) +#define NFSRV_CMPFH(nf, ns, f, s) \ + ((ns) == (s) && !NFSBCMP((caddr_t)(nf), (caddr_t)(f), (s))) +#define NFS_CMPTIME(t1, t2) \ + ((t1).tv_sec == (t2).tv_sec && (t1).tv_nsec == (t2).tv_nsec) +#define NFS_SETTIME(t) do { \ + (t).tv_sec = time.tv_sec; (t).tv_nsec = 1000 * time.tv_usec; } while (0) +#define NFS_SRVMAXDATA(n) \ + (((n)->nd_flag & (ND_NFSV3 | ND_NFSV4)) ? \ + NFS_MAXDATA : NFS_V2MAXDATA) +#define NFS64BITSSET 0xffffffffffffffffull +#define NFS64BITSMINUS1 0xfffffffffffffffeull + +/* + * Structures for the nfssvc(2) syscall. Not that anyone but nfsd, mount_nfs + * and nfsloaduser should ever try and use it. + */ +struct nfsd_args { + int sock; /* Socket to serve */ + caddr_t name; /* Client addr for connection based sockets */ + int namelen; /* Length of name */ +}; + +/* + * nfsd argument for new krpc. + */ +struct nfsd_nfsd_args { + const char *principal; /* GSS-API service principal name */ + int minthreads; /* minimum service thread count */ + int maxthreads; /* maximum service thread count */ +}; + +/* + * Arguments for use by the callback daemon. + */ +struct nfsd_nfscbd_args { + const char *principal; /* GSS-API service principal name */ +}; + +struct nfscbd_args { + int sock; /* Socket to serve */ + caddr_t name; /* Client addr for connection based sockets */ + int namelen; /* Length of name */ + u_short port; /* Port# for callbacks */ +}; + +struct nfsd_idargs { + int nid_flag; /* Flags (see below) */ + uid_t nid_uid; /* user/group id */ + gid_t nid_gid; + int nid_usermax; /* Upper bound on user name cache */ + int nid_usertimeout;/* User name timeout (minutes) */ + u_char *nid_name; /* Name */ + int nid_namelen; /* and its length */ +}; + +struct nfsd_clid { + int nclid_idlen; /* Length of client id */ + u_char nclid_id[NFSV4_OPAQUELIMIT]; /* and name */ +}; + +struct nfsd_dumplist { + int ndl_size; /* Number of elements */ + void *ndl_list; /* and the list of elements */ +}; + +struct nfsd_dumpclients { + u_int32_t ndcl_flags; /* LCL_xxx flags */ + u_int32_t ndcl_nopenowners; /* Number of openowners */ + u_int32_t ndcl_nopens; /* and opens */ + u_int32_t ndcl_nlockowners; /* and of lockowners */ + u_int32_t ndcl_nlocks; /* and of locks */ + u_int32_t ndcl_ndelegs; /* and of delegations */ + u_int32_t ndcl_nolddelegs; /* and old delegations */ + sa_family_t ndcl_addrfam; /* Callback address */ + union { + struct in_addr sin_addr; + struct in6_addr sin6_addr; + } ndcl_cbaddr; + struct nfsd_clid ndcl_clid; /* and client id */ +}; + +struct nfsd_dumplocklist { + char *ndllck_fname; /* File Name */ + int ndllck_size; /* Number of elements */ + void *ndllck_list; /* and the list of elements */ +}; + +struct nfsd_dumplocks { + u_int32_t ndlck_flags; /* state flags NFSLCK_xxx */ + nfsv4stateid_t ndlck_stateid; /* stateid */ + u_int64_t ndlck_first; /* lock byte range */ + u_int64_t ndlck_end; + struct nfsd_clid ndlck_owner; /* Owner of open/lock */ + sa_family_t ndlck_addrfam; /* Callback address */ + union { + struct in_addr sin_addr; + struct in6_addr sin6_addr; + } ndlck_cbaddr; + struct nfsd_clid ndlck_clid; /* and client id */ +}; + +/* + * Structure for referral information. + */ +struct nfsreferral { + u_char *nfr_srvlist; /* List of servers */ + int nfr_srvcnt; /* number of servers */ + vnode_t nfr_vp; /* vnode for referral */ + u_int32_t nfr_dfileno; /* assigned dir inode# */ +}; + +/* + * Flags for lc_flags and opsflags for nfsrv_getclient(). + */ +#define LCL_NEEDSCONFIRM 0x00000001 +#define LCL_DONTCLEAN 0x00000002 +#define LCL_WAKEUPWANTED 0x00000004 +#define LCL_TCPCALLBACK 0x00000008 +#define LCL_CALLBACKSON 0x00000010 +#define LCL_INDEXNOTOK 0x00000020 +#define LCL_STAMPEDSTABLE 0x00000040 +#define LCL_EXPIREIT 0x00000080 +#define LCL_CBDOWN 0x00000100 +#define LCL_KERBV 0x00000400 +#define LCL_NAME 0x00000800 +#define LCL_NEEDSCBNULL 0x00001000 +#define LCL_GSSINTEGRITY 0x00002000 +#define LCL_GSSPRIVACY 0x00004000 +#define LCL_ADMINREVOKED 0x00008000 + +#define LCL_GSS LCL_KERBV /* Or of all mechs */ + +/* + * Bits for flags in nfslock and nfsstate. + * The access, deny, NFSLCK_READ and NFSLCK_WRITE bits must be defined as + * below, in the correct order, so the shifts work for tests. + */ +#define NFSLCK_READACCESS 0x00000001 +#define NFSLCK_WRITEACCESS 0x00000002 +#define NFSLCK_ACCESSBITS (NFSLCK_READACCESS | NFSLCK_WRITEACCESS) +#define NFSLCK_SHIFT 2 +#define NFSLCK_READDENY 0x00000004 +#define NFSLCK_WRITEDENY 0x00000008 +#define NFSLCK_DENYBITS (NFSLCK_READDENY | NFSLCK_WRITEDENY) +#define NFSLCK_SHAREBITS \ + (NFSLCK_READACCESS|NFSLCK_WRITEACCESS|NFSLCK_READDENY|NFSLCK_WRITEDENY) +#define NFSLCK_LOCKSHIFT 4 +#define NFSLCK_READ 0x00000010 +#define NFSLCK_WRITE 0x00000020 +#define NFSLCK_BLOCKING 0x00000040 +#define NFSLCK_RECLAIM 0x00000080 +#define NFSLCK_OPENTOLOCK 0x00000100 +#define NFSLCK_TEST 0x00000200 +#define NFSLCK_LOCK 0x00000400 +#define NFSLCK_UNLOCK 0x00000800 +#define NFSLCK_OPEN 0x00001000 +#define NFSLCK_CLOSE 0x00002000 +#define NFSLCK_CHECK 0x00004000 +#define NFSLCK_RELEASE 0x00008000 +#define NFSLCK_NEEDSCONFIRM 0x00010000 +#define NFSLCK_CONFIRM 0x00020000 +#define NFSLCK_DOWNGRADE 0x00040000 +#define NFSLCK_DELEGREAD 0x00080000 +#define NFSLCK_DELEGWRITE 0x00100000 +#define NFSLCK_DELEGCUR 0x00200000 +#define NFSLCK_DELEGPREV 0x00400000 +#define NFSLCK_OLDDELEG 0x00800000 +#define NFSLCK_DELEGRECALL 0x01000000 +#define NFSLCK_SETATTR 0x02000000 +#define NFSLCK_DELEGPURGE 0x04000000 +#define NFSLCK_DELEGRETURN 0x08000000 + +/* And bits for nid_flag */ +#define NFSID_INITIALIZE 0x0001 +#define NFSID_ADDUID 0x0002 +#define NFSID_DELUID 0x0004 +#define NFSID_ADDUSERNAME 0x0008 +#define NFSID_DELUSERNAME 0x0010 +#define NFSID_ADDGID 0x0020 +#define NFSID_DELGID 0x0040 +#define NFSID_ADDGROUPNAME 0x0080 +#define NFSID_DELGROUPNAME 0x0100 + +/* + * Stats structure + */ +struct nfsstats { + int attrcache_hits; + int attrcache_misses; + int lookupcache_hits; + int lookupcache_misses; + int direofcache_hits; + int direofcache_misses; + int accesscache_hits; + int accesscache_misses; + int biocache_reads; + int read_bios; + int read_physios; + int biocache_writes; + int write_bios; + int write_physios; + int biocache_readlinks; + int readlink_bios; + int biocache_readdirs; + int readdir_bios; + int rpccnt[NFS_NPROCS]; + int rpcretries; + int srvrpccnt[NFSV4OP_NOPS + NFSV4OP_FAKENOPS]; + int srvrpc_errs; + int srv_errs; + int rpcrequests; + int rpctimeouts; + int rpcunexpected; + int rpcinvalid; + int srvcache_inproghits; + int srvcache_idemdonehits; + int srvcache_nonidemdonehits; + int srvcache_misses; + int srvcache_tcppeak; + int srvcache_size; + int srvclients; + int srvopenowners; + int srvopens; + int srvlockowners; + int srvlocks; + int srvdelegates; + int cbrpccnt[NFSV4OP_CBNOPS]; + int clopenowners; + int clopens; + int cllockowners; + int cllocks; + int cldelegates; + int cllocalopenowners; + int cllocalopens; + int cllocallockowners; + int cllocallocks; +}; + +/* + * fs.nfs sysctl(3) identifiers + */ +#define NFS_NFSSTATS 1 /* struct: struct nfsstats */ + +#define FS_NFS_NAMES { \ + { 0, 0 }, \ + { "nfsstats", CTLTYPE_STRUCT }, \ +} + +/* + * Here is the definition of the attribute bits array and macros that + * manipulate it. + * THE MACROS MUST BE MANUALLY MODIFIED IF NFSATTRBIT_MAXWORDS CHANGES!! + * It is (NFSATTRBIT_MAX + 31) / 32. + */ +#define NFSATTRBIT_MAXWORDS 2 + +typedef struct { + u_int32_t bits[NFSATTRBIT_MAXWORDS]; +} nfsattrbit_t; + +#define NFSZERO_ATTRBIT(b) do { (b)->bits[0] = 0; (b)->bits[1] = 0; } while (0) +#define NFSSET_ATTRBIT(t, f) do { (t)->bits[0] = (f)->bits[0]; \ + (t)->bits[1] = (f)->bits[1]; } while (0) +#define NFSSETSUPP_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_SUPP0; \ + (b)->bits[1] = (NFSATTRBIT_SUPP1 | NFSATTRBIT_SUPPSETONLY); } while (0) +#define NFSISSET_ATTRBIT(b, p) ((b)->bits[(p) / 32] & (1 << ((p) % 32))) +#define NFSSETBIT_ATTRBIT(b, p) ((b)->bits[(p) / 32] |= (1 << ((p) % 32))) +#define NFSCLRBIT_ATTRBIT(b, p) ((b)->bits[(p) / 32] &= ~(1 << ((p) % 32))) +#define NFSCLRALL_ATTRBIT(b, a) do { \ + (b)->bits[0] &= ~((a)->bits[0]); \ + (b)->bits[1] &= ~((a)->bits[1]); \ + } while (0) +#define NFSCLRNOT_ATTRBIT(b, a) do { \ + (b)->bits[0] &= ((a)->bits[0]); \ + (b)->bits[1] &= ((a)->bits[1]); \ + } while (0) +#define NFSCLRNOTFILLABLE_ATTRBIT(b) do { \ + (b)->bits[0] &= NFSATTRBIT_SUPP0; \ + (b)->bits[1] &= NFSATTRBIT_SUPP1; } while (0) +#define NFSCLRNOTSETABLE_ATTRBIT(b) do { \ + (b)->bits[0] &= NFSATTRBIT_SETABLE0; \ + (b)->bits[1] &= NFSATTRBIT_SETABLE1; } while (0) +#define NFSNONZERO_ATTRBIT(b) ((b)->bits[0] || (b)->bits[1]) +#define NFSEQUAL_ATTRBIT(b, p) \ + ((b)->bits[0] == (p)->bits[0] && (b)->bits[1] == (p)->bits[1]) +#define NFSGETATTR_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_GETATTR0; \ + (b)->bits[1] = NFSATTRBIT_GETATTR1; } while (0) +#define NFSWCCATTR_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_WCCATTR0; \ + (b)->bits[1] = NFSATTRBIT_WCCATTR1; } while (0) +#define NFSWRITEGETATTR_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_WRITEGETATTR0; \ + (b)->bits[1] = NFSATTRBIT_WRITEGETATTR1; } while (0) +#define NFSCBGETATTR_ATTRBIT(b, c) do { \ + (c)->bits[0] = ((b)->bits[0] & NFSATTRBIT_CBGETATTR0); \ + (c)->bits[1] = ((b)->bits[1] & NFSATTRBIT_CBGETATTR1); } while (0) +#define NFSPATHCONF_GETATTRBIT(b) do { \ + (b)->bits[0] = NFSGETATTRBIT_PATHCONF0; \ + (b)->bits[1] = NFSGETATTRBIT_PATHCONF1; } while (0) +#define NFSSTATFS_GETATTRBIT(b) do { \ + (b)->bits[0] = NFSGETATTRBIT_STATFS0; \ + (b)->bits[1] = NFSGETATTRBIT_STATFS1; } while (0) +#define NFSISSETSTATFS_ATTRBIT(b) \ + (((b)->bits[0] & NFSATTRBIT_STATFS0) || \ + ((b)->bits[1] & NFSATTRBIT_STATFS1)) +#define NFSCLRSTATFS_ATTRBIT(b) do { \ + (b)->bits[0] &= ~NFSATTRBIT_STATFS0; \ + (b)->bits[1] &= ~NFSATTRBIT_STATFS1; } while (0) +#define NFSREADDIRPLUS_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_READDIRPLUS0; \ + (b)->bits[1] = NFSATTRBIT_READDIRPLUS1; } while (0) +#define NFSREFERRAL_ATTRBIT(b) do { \ + (b)->bits[0] = NFSATTRBIT_REFERRAL0; \ + (b)->bits[1] = NFSATTRBIT_REFERRAL1; } while (0) + +/* + * Store uid, gid creds that handle maps to. + * Since some BSDen define cr_gid as cr_groups[0], I'll just keep them + * all in nfsc_groups[NGROUPS + 1]. + */ +struct nfscred { + uid_t nfsc_uid; + gid_t nfsc_groups[NGROUPS + 1]; + int nfsc_ngroups; +}; + +/* + * Constants that define the file handle for the V4 root directory. + * (The FSID must never be used by other file systems that are exported.) + */ +#define NFSV4ROOT_FSID0 ((int32_t) -1) +#define NFSV4ROOT_FSID1 ((int32_t) -1) +#define NFSV4ROOT_REFERRAL ((int32_t) -2) +#define NFSV4ROOT_INO 2 /* It's traditional */ +#define NFSV4ROOT_GEN 1 + +/* + * The set of signals the interrupt an I/O in progress for NFSMNT_INT mounts. + * What should be in this set is open to debate, but I believe that since + * I/O system calls on ufs are never interrupted by signals the set should + * be minimal. My reasoning is that many current programs that use signals + * such as SIGALRM will not expect file I/O system calls to be interrupted + * by them and break. + */ +#if defined(_KERNEL) || defined(KERNEL) + +struct uio; struct buf; struct vattr; struct nameidata; /* XXX */ + +/* + * Socket errors ignored for connectionless sockets? + * For now, ignore them all + */ +#define NFSIGNORE_SOERROR(s, e) \ + ((e) != EINTR && (e) != ERESTART && (e) != EWOULDBLOCK && \ + ((s) & PR_CONNREQUIRED) == 0) + + +/* + * This structure holds socket information for a connection. Used by the + * client and the server for callbacks. + */ +struct nfssockreq { + NFSSOCKADDR_T nr_nam; + int nr_sotype; + int nr_soproto; + int nr_soflags; + struct ucred *nr_cred; + int nr_lock; + NFSMUTEX_T nr_mtx; + u_int32_t nr_prog; + u_int32_t nr_vers; + struct __rpc_client *nr_client; +}; + +/* + * And associated nr_lock bits. + */ +#define NFSR_SNDLOCK 0x01 +#define NFSR_WANTSND 0x02 +#define NFSR_RCVLOCK 0x04 +#define NFSR_WANTRCV 0x08 +#define NFSR_RESERVEDPORT 0x10 +#define NFSR_LOCALHOST 0x20 + +/* + * Queue head for nfsreq's + */ +TAILQ_HEAD(nfsreqhead, nfsreq); + +/* First 8 R_xxx flags defined in rpc/rpcclnt.h, the rest are here */ +#define R_DONTRECOVER 0x00000100 /* don't initiate recovery when this + rpc gets a stale state reply */ + +/* + * Network address hash list element + */ +union nethostaddr { + struct in_addr had_inet; + struct in6_addr had_inet6; +}; + +/* + * Structure of list of mechanisms. + */ +struct nfsgss_mechlist { + int len; + const u_char *str; + int totlen; +}; +#define KERBV_MECH 0 /* position in list */ + +/* + * This structure is used by the server for describing each request. + */ +struct nfsrv_descript { + mbuf_t nd_mrep; /* Request mbuf list */ + mbuf_t nd_md; /* Current dissect mbuf */ + mbuf_t nd_mreq; /* Reply mbuf list */ + mbuf_t nd_mb; /* Current build mbuf */ + NFSSOCKADDR_T nd_nam; /* and socket addr */ + NFSSOCKADDR_T nd_nam2; /* return socket addr */ + caddr_t nd_dpos; /* Current dissect pos */ + caddr_t nd_bpos; /* Current build pos */ + u_int16_t nd_procnum; /* RPC # */ + u_int32_t nd_flag; /* nd_flag */ + u_int32_t nd_repstat; /* Reply status */ + int *nd_errp; /* Pointer to ret status */ + u_int32_t nd_retxid; /* Reply xid */ + struct nfsrvcache *nd_rp; /* Assoc. cache entry */ + struct timeval nd_starttime; /* Time RPC initiated */ + fhandle_t nd_fh; /* File handle */ + struct ucred *nd_cred; /* Credentials */ + uid_t nd_saveduid; /* Saved uid */ + u_int64_t nd_sockref; /* Rcv socket ref# */ + u_int64_t nd_compref; /* Compound RPC ref# */ + time_t nd_tcpconntime; /* Time TCP connection est. */ + nfsquad_t nd_clientid; /* Implied clientid */ + int nd_credflavor; /* credential flavor */ + int nd_gssnamelen; /* principal name length */ + char *nd_gssname; /* principal name */ +}; + +#define nd_princlen nd_gssnamelen +#define nd_principal nd_gssname + +/* Bits for "nd_flag" */ +#define ND_DONTSAVEREPLY 0x00000001 +#define ND_SAVEREPLY 0x00000002 +#define ND_NFSV2 0x00000004 +#define ND_NFSV3 0x00000008 +#define ND_NFSV4 0x00000010 +#define ND_KERBV 0x00000020 +#define ND_GSSINTEGRITY 0x00000040 +#define ND_GSSPRIVACY 0x00000080 +#define ND_WINDOWVERF 0x00000100 +#define ND_GSSINITREPLY 0x00000200 +#define ND_STREAMSOCK 0x00000400 +#define ND_PUBLOOKUP 0x00000800 +#define ND_USEGSSNAME 0x00001000 +#define ND_SAMETCPCONN 0x00002000 +#define ND_IMPLIEDCLID 0x00004000 +#define ND_NOMOREDATA 0x00008000 +#define ND_V4WCCATTR 0x00010000 +#define ND_NFSCB 0x00020000 +#define ND_AUTHNONE 0x00040000 +#define ND_EXGSSONLY 0x00080000 +#define ND_INCRSEQID 0x00100000 + +/* + * ND_GSS should be the "or" of all GSS type authentications. + */ +#define ND_GSS (ND_KERBV) + +struct nfsv4_opflag { + int retfh; + int needscfh; + int savereply; + int modifyfs; +}; + +/* + * Flags used to indicate what to do w.r.t. seqid checking. + */ +#define NFSRVSEQID_FIRST 0x01 +#define NFSRVSEQID_LAST 0x02 +#define NFSRVSEQID_OPEN 0x04 + +/* + * MNT_EXGSSONLY is the Or of all the EXGSS bits. + */ +#define MNT_EXGSSONLY MNT_EXGSSKRB5 + +/* + * assign a doubly linked list to a new head + * and prepend one list into another. + */ +#define LIST_NEWHEAD(nhead, ohead, field) do { \ + if (((nhead)->lh_first = (ohead)->lh_first) != NULL) \ + (ohead)->lh_first->field.le_prev = &(nhead)->lh_first; \ + (ohead)->lh_first = NULL; \ + } while (0) + +#define LIST_PREPEND(head, phead, lelm, field) do { \ + if ((head)->lh_first != NULL) { \ + (lelm)->field.le_next = (head)->lh_first; \ + (lelm)->field.le_next->field.le_prev = \ + &(lelm)->field.le_next; \ + } \ + (head)->lh_first = (phead)->lh_first; \ + (head)->lh_first->field.le_prev = &(head)->lh_first; \ + } while (0) + +/* + * File handle structure for client. Malloc'd to the correct length with + * malloc type M_NFSFH. + */ +struct nfsfh { + u_int16_t nfh_len; /* Length of file handle */ + u_int8_t nfh_fh[1]; /* and the file handle */ +}; + +/* + * File handle structure for server. The NFSRV_MAXFH constant is + * set in nfsdport.h. I use a 32bit length, so that alignment is + * preserved. + */ +struct nfsrvfh { + u_int32_t nfsrvfh_len; + u_int8_t nfsrvfh_data[NFSRV_MAXFH]; +}; + +/* + * This structure is used for sleep locks on the NFSv4 nfsd threads and + * NFSv4 client data structures. + */ +struct nfsv4lock { + u_int32_t nfslock_usecnt; + u_int8_t nfslock_lock; +}; +#define NFSV4LOCK_LOCK 0x01 +#define NFSV4LOCK_LOCKWANTED 0x02 +#define NFSV4LOCK_WANTED 0x04 + +/* + * Values for the override argument for nfsvno_accchk(). + */ +#define NFSACCCHK_NOOVERRIDE 0 +#define NFSACCCHK_ALLOWROOT 1 +#define NFSACCCHK_ALLOWOWNER 2 + +/* + * and values for the vpislocked argument for nfsvno_accchk(). + */ +#define NFSACCCHK_VPNOTLOCKED 0 +#define NFSACCCHK_VPISLOCKED 1 + +#endif /* _KERNEL */ + +#endif /* _NFS_NFS_H */ Added: head/sys/fs/nfs/nfs_commonacl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/fs/nfs/nfs_commonacl.c Mon May 4 15:23:58 2009 (r191783) @@ -0,0 +1,750 @@ +/*- + * Copyright (c) 2009 Rick Macklem, University of Guelph + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#ifndef APPLEKEXT +#include <fs/nfs/nfsport.h> + +extern int nfsrv_useacl; +#endif + +static int nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner, + enum vtype type, acl_perm_t *permp); + +#if defined(NFS4_ACL_EXTATTR_NAME) +/* + * Handle xdr for an ace. + */ +APPLESTATIC int +nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep, + int *aceerrp, int *acesizep, NFSPROC_T *p) +{ + u_int32_t *tl; + int len, gotid = 0, owner = 0, error = 0, aceerr = 0; + u_char *name, namestr[NFSV4_SMALLSTR + 1]; + u_int32_t flag, mask, acetype; + gid_t gid; + uid_t uid; + + *aceerrp = 0; + acep->ae_flags = 0; + NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED); + acetype = fxdr_unsigned(u_int32_t, *tl++); + flag = fxdr_unsigned(u_int32_t, *tl++); + mask = fxdr_unsigned(u_int32_t, *tl++); + len = fxdr_unsigned(int, *tl); + if (len < 0) { + return (NFSERR_BADXDR); + } else if (len == 0) { + /* Netapp filers return a 0 length who for nil users */ + acep->ae_tag = ACL_UNDEFINED_TAG; + acep->ae_id = ACL_UNDEFINED_ID; + acep->ae_perm = (acl_perm_t)0; + acep->ae_extended = ACL_EXTENDED_DENY; + if (acesizep) + *acesizep = 4 * NFSX_UNSIGNED; + return (0); + } + if (len > NFSV4_SMALLSTR) + name = malloc(len + 1, M_NFSSTRING, M_WAITOK); + else + name = namestr; + error = nfsrv_mtostr(nd, name, len); + if (error) { + if (len > NFSV4_SMALLSTR) + free(name, M_NFSSTRING); + return (error); + } + if (len == 6) { + if (!NFSBCMP(name, "OWNER@", 6)) { + acep->ae_tag = ACL_USER_OBJ; + acep->ae_id = ACL_UNDEFINED_ID; + owner = 1; + gotid = 1; + } else if (!NFSBCMP(name, "GROUP@", 6)) { + acep->ae_tag = ACL_GROUP_OBJ; + acep->ae_id = ACL_UNDEFINED_ID; + gotid = 1; + } + } else if (len == 9 && !NFSBCMP(name, "EVERYONE@", 9)) { + acep->ae_tag = ACL_EVERYONE; + acep->ae_id = ACL_UNDEFINED_ID; + gotid = 1; + } + if (gotid == 0) { + if (flag & NFSV4ACE_IDENTIFIERGROUP) { + acep->ae_tag = ACL_GROUP; + aceerr = nfsv4_strtogid(name, len, &gid, p); + if (aceerr == 0) + acep->ae_id = (uid_t)gid; + } else { + acep->ae_tag = ACL_USER; + aceerr = nfsv4_strtouid(name, len, &uid, p); + if (aceerr == 0) + acep->ae_id = uid; + } + } + if (len > NFSV4_SMALLSTR) + free(name, M_NFSSTRING); + + if (aceerr == 0) { + /* + * Handle the flags. + */ + flag &= ~NFSV4ACE_IDENTIFIERGROUP; + if (flag & NFSV4ACE_FILEINHERIT) { + flag &= ~NFSV4ACE_FILEINHERIT; + acep->ae_flags |= ACL_ENTRY_FILE_INHERIT; + } + if (flag & NFSV4ACE_DIRECTORYINHERIT) { + flag &= ~NFSV4ACE_DIRECTORYINHERIT; + acep->ae_flags |= ACL_ENTRY_DIRECTORY_INHERIT; + } + if (flag & NFSV4ACE_NOPROPAGATEINHERIT) { + flag &= ~NFSV4ACE_NOPROPAGATEINHERIT; + acep->ae_flags |= ACL_ENTRY_LIMIT_INHERIT; + } + if (flag & NFSV4ACE_INHERITONLY) { + flag &= ~NFSV4ACE_INHERITONLY; + acep->ae_flags |= ACL_ENTRY_ONLY_INHERIT; + } + if (flag & NFSV4ACE_SUCCESSFULACCESS) { + flag &= ~NFSV4ACE_SUCCESSFULACCESS; + acep->ae_flags |= ACL_ENTRY_SUCCESSFUL_ACCESS; + } + if (flag & NFSV4ACE_FAILEDACCESS) { + flag &= ~NFSV4ACE_FAILEDACCESS; + acep->ae_flags |= ACL_ENTRY_FAILED_ACCESS; + } + /* + * Set ae_extended. + */ + if (acetype == NFSV4ACE_ALLOWEDTYPE) + acep->ae_extended = ACL_EXTENDED_ALLOW; + else if (acetype == NFSV4ACE_DENIEDTYPE) + acep->ae_extended = ACL_EXTENDED_DENY; + else if (acetype == NFSV4ACE_AUDITTYPE) + acep->ae_extended = ACL_EXTENDED_AUDIT; + else if (acetype == NFSV4ACE_ALARMTYPE) + acep->ae_extended = ACL_EXTENDED_ALARM; + else + aceerr = NFSERR_ATTRNOTSUPP; + } + + /* + * Now, check for unsupported flag bits. + */ + if (aceerr == 0 && flag != 0) + aceerr = NFSERR_ATTRNOTSUPP; + + /* + * And turn the mask into perm bits. + */ + if (aceerr == 0) + aceerr = nfsrv_acemasktoperm(acetype, mask, owner, VREG, + &acep->ae_perm); + *aceerrp = aceerr; + if (acesizep) + *acesizep = NFSM_RNDUP(len) + (4 * NFSX_UNSIGNED); + return (0); +nfsmout: + return (error); +} + +/* + * Turn an NFSv4 ace mask into R/W/X flag bits. + */ +static int +nfsrv_acemasktoperm(u_int32_t acetype, u_int32_t mask, int owner, + enum vtype type, acl_perm_t *permp) +{ + acl_perm_t perm = 0x0; + + if (mask & NFSV4ACE_READDATA) { + mask &= ~NFSV4ACE_READDATA; + perm |= ACL_READ_DATA; + } + if (mask & NFSV4ACE_LISTDIRECTORY) { + mask &= ~NFSV4ACE_LISTDIRECTORY; + perm |= ACL_LIST_DIRECTORY; + } + if (mask & NFSV4ACE_WRITEDATA) { + mask &= ~NFSV4ACE_WRITEDATA; + perm |= ACL_WRITE_DATA; + } + if (mask & NFSV4ACE_ADDFILE) { + mask &= ~NFSV4ACE_ADDFILE; + perm |= ACL_ADD_FILE; + } + if (mask & NFSV4ACE_APPENDDATA) { + mask &= ~NFSV4ACE_APPENDDATA; + perm |= ACL_APPEND_DATA; + } + if (mask & NFSV4ACE_ADDSUBDIRECTORY) { + mask &= ~NFSV4ACE_ADDSUBDIRECTORY; + perm |= ACL_ADD_SUBDIRECTORY; + } + if (mask & NFSV4ACE_READNAMEDATTR) { + mask &= ~NFSV4ACE_READNAMEDATTR; + perm |= ACL_READ_NAMED_ATTRS; + } + if (mask & NFSV4ACE_WRITENAMEDATTR) { + mask &= ~NFSV4ACE_WRITENAMEDATTR; + perm |= ACL_WRITE_NAMED_ATTRS; + } + if (mask & NFSV4ACE_EXECUTE) { + mask &= ~NFSV4ACE_EXECUTE; + perm |= ACL_EXECUTE; + } + if (mask & NFSV4ACE_SEARCH) { + mask &= ~NFSV4ACE_SEARCH; + perm |= ACL_SEARCH; + } + if (mask & NFSV4ACE_DELETECHILD) { + mask &= ~NFSV4ACE_DELETECHILD; + perm |= ACL_DELETE_CHILD; + } + if (mask & NFSV4ACE_READATTRIBUTES) { + mask &= ~NFSV4ACE_READATTRIBUTES; + perm |= ACL_READ_ATTRIBUTES; + } + if (mask & NFSV4ACE_WRITEATTRIBUTES) { + mask &= ~NFSV4ACE_WRITEATTRIBUTES; + perm |= ACL_WRITE_ATTRIBUTES; + } + if (mask & NFSV4ACE_DELETE) { + mask &= ~NFSV4ACE_DELETE; + perm |= ACL_DELETE; + } + if (mask & NFSV4ACE_READACL) { + mask &= ~NFSV4ACE_READACL; + perm |= ACL_READ_ACL; + } + if (mask & NFSV4ACE_WRITEACL) { + mask &= ~NFSV4ACE_WRITEACL; + perm |= ACL_WRITE_ACL; + } + if (mask & NFSV4ACE_WRITEOWNER) { + mask &= ~NFSV4ACE_WRITEOWNER; + perm |= ACL_WRITE_OWNER; + } + if (mask & NFSV4ACE_SYNCHRONIZE) { + mask &= ~NFSV4ACE_SYNCHRONIZE; + perm |= ACL_SYNCHRONIZE; + } + if (mask != 0) + return (NFSERR_ATTRNOTSUPP); + *permp = perm; + return (0); +} +#else +/* + * Handle xdr for an ace. + */ +APPLESTATIC int +nfsrv_dissectace(struct nfsrv_descript *nd, struct acl_entry *acep, + int *aceerrp, int *acesizep, NFSPROC_T *p) +{ + u_int32_t *tl; + int len, gotid = 0, owner = 0, error = 0, aceerr = 0; + u_char *name, namestr[NFSV4_SMALLSTR + 1]; + u_int32_t flag, mask, acetype; + gid_t gid; + uid_t uid; + + *aceerrp = 0; + NFSM_DISSECT(tl, u_int32_t *, 4 * NFSX_UNSIGNED); + acetype = fxdr_unsigned(u_int32_t, *tl++); + flag = fxdr_unsigned(u_int32_t, *tl++); + mask = fxdr_unsigned(u_int32_t, *tl++); + len = fxdr_unsigned(int, *tl); + if (len < 0) { + return (NFSERR_BADXDR); + } else if (len == 0) { + /* Netapp filers return a 0 length who for nil users */ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905041523.n44FNxdS048794>