xref: /freebsd/sys/fs/nfsserver/nfs_nfsdkrpc.c (revision b2db760808f74bb53c232900091c9da801ebbfcc)
1 /*-
2  * Copyright (c) 1989, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * This code is derived from software contributed to Berkeley by
6  * Rick Macklem at The University of Guelph.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 4. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  */
33 
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36 
37 #include "opt_inet6.h"
38 #include "opt_kgssapi.h"
39 
40 #include <fs/nfs/nfsport.h>
41 
42 #include <rpc/rpc.h>
43 #include <rpc/rpcsec_gss.h>
44 
45 #include <security/mac/mac_framework.h>
46 
47 NFSDLOCKMUTEX;
48 
49 /*
50  * Mapping of old NFS Version 2 RPC numbers to generic numbers.
51  */
52 static int newnfs_nfsv3_procid[NFS_V3NPROCS] = {
53 	NFSPROC_NULL,
54 	NFSPROC_GETATTR,
55 	NFSPROC_SETATTR,
56 	NFSPROC_NOOP,
57 	NFSPROC_LOOKUP,
58 	NFSPROC_READLINK,
59 	NFSPROC_READ,
60 	NFSPROC_NOOP,
61 	NFSPROC_WRITE,
62 	NFSPROC_CREATE,
63 	NFSPROC_REMOVE,
64 	NFSPROC_RENAME,
65 	NFSPROC_LINK,
66 	NFSPROC_SYMLINK,
67 	NFSPROC_MKDIR,
68 	NFSPROC_RMDIR,
69 	NFSPROC_READDIR,
70 	NFSPROC_FSSTAT,
71 	NFSPROC_NOOP,
72 	NFSPROC_NOOP,
73 	NFSPROC_NOOP,
74 	NFSPROC_NOOP,
75 };
76 
77 
78 SYSCTL_DECL(_vfs_newnfs);
79 
80 SVCPOOL		*nfsrvd_pool;
81 
82 static int	nfs_privport = 0;
83 SYSCTL_INT(_vfs_newnfs, OID_AUTO, nfs_privport, CTLFLAG_RW,
84     &nfs_privport, 0,
85     "Only allow clients using a privileged port for NFSv2 and 3");
86 
87 static int	nfs_minvers = NFS_VER2;
88 SYSCTL_INT(_vfs_newnfs, OID_AUTO, server_min_nfsvers, CTLFLAG_RW,
89     &nfs_minvers, 0, "The lowest version of NFS handled by the server");
90 
91 static int	nfs_maxvers = NFS_VER4;
92 SYSCTL_INT(_vfs_newnfs, OID_AUTO, server_max_nfsvers, CTLFLAG_RW,
93     &nfs_maxvers, 0, "The highest version of NFS handled by the server");
94 
95 static int nfs_proc(struct nfsrv_descript *, u_int32_t, struct socket *,
96     u_int64_t, struct nfsrvcache **);
97 
98 extern u_long sb_max_adj;
99 extern int newnfs_numnfsd;
100 
101 /*
102  * NFS server system calls
103  */
104 
105 static void
106 nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
107 {
108 	struct nfsrv_descript nd;
109 	struct nfsrvcache *rp = NULL;
110 	int cacherep, credflavor;
111 
112 	memset(&nd, 0, sizeof(nd));
113 	if (rqst->rq_vers == NFS_VER2) {
114 		if (rqst->rq_proc > NFSV2PROC_STATFS) {
115 			svcerr_noproc(rqst);
116 			svc_freereq(rqst);
117 			return;
118 		}
119 		nd.nd_procnum = newnfs_nfsv3_procid[rqst->rq_proc];
120 		nd.nd_flag = ND_NFSV2;
121 	} else if (rqst->rq_vers == NFS_VER3) {
122 		if (rqst->rq_proc >= NFS_V3NPROCS) {
123 			svcerr_noproc(rqst);
124 			svc_freereq(rqst);
125 			return;
126 		}
127 		nd.nd_procnum = rqst->rq_proc;
128 		nd.nd_flag = ND_NFSV3;
129 	} else {
130 		if (rqst->rq_proc != NFSPROC_NULL &&
131 		    rqst->rq_proc != NFSV4PROC_COMPOUND) {
132 			svcerr_noproc(rqst);
133 			svc_freereq(rqst);
134 			return;
135 		}
136 		nd.nd_procnum = rqst->rq_proc;
137 		nd.nd_flag = ND_NFSV4;
138 	}
139 
140 	/*
141 	 * Note: we want rq_addr, not svc_getrpccaller for nd_nam2 -
142 	 * NFS_SRVMAXDATA uses a NULL value for nd_nam2 to detect TCP
143 	 * mounts.
144 	 */
145 	nd.nd_mrep = rqst->rq_args;
146 	rqst->rq_args = NULL;
147 	newnfs_realign(&nd.nd_mrep);
148 	nd.nd_md = nd.nd_mrep;
149 	nd.nd_dpos = mtod(nd.nd_md, caddr_t);
150 	nd.nd_nam = svc_getrpccaller(rqst);
151 	nd.nd_nam2 = rqst->rq_addr;
152 	nd.nd_mreq = NULL;
153 	nd.nd_cred = NULL;
154 
155 	if (nfs_privport && (nd.nd_flag & ND_NFSV4) == 0) {
156 		/* Check if source port is privileged */
157 		u_short port;
158 		struct sockaddr *nam = nd.nd_nam;
159 		struct sockaddr_in *sin;
160 
161 		sin = (struct sockaddr_in *)nam;
162 		/*
163 		 * INET/INET6 - same code:
164 		 *    sin_port and sin6_port are at same offset
165 		 */
166 		port = ntohs(sin->sin_port);
167 		if (port >= IPPORT_RESERVED &&
168 		    nd.nd_procnum != NFSPROC_NULL) {
169 #ifdef INET6
170 			char b6[INET6_ADDRSTRLEN];
171 #if defined(KLD_MODULE)
172 			/* Do not use ip6_sprintf: the nfs module should work without INET6. */
173 #define	ip6_sprintf(buf, a)						\
174 			(sprintf((buf), "%x:%x:%x:%x:%x:%x:%x:%x",	\
175 			    (a)->s6_addr16[0], (a)->s6_addr16[1],	\
176 			    (a)->s6_addr16[2], (a)->s6_addr16[3],	\
177 			    (a)->s6_addr16[4], (a)->s6_addr16[5],	\
178 			    (a)->s6_addr16[6], (a)->s6_addr16[7]),	\
179 			    (buf))
180 #endif
181 #endif
182 			printf("NFS request from unprivileged port (%s:%d)\n",
183 #ifdef INET6
184 			    sin->sin_family == AF_INET6 ?
185 			    ip6_sprintf(b6, &satosin6(sin)->sin6_addr) :
186 #if defined(KLD_MODULE)
187 #undef ip6_sprintf
188 #endif
189 #endif
190 			    inet_ntoa(sin->sin_addr), port);
191 			svcerr_weakauth(rqst);
192 			svc_freereq(rqst);
193 			m_freem(nd.nd_mrep);
194 			return;
195 		}
196 	}
197 
198 	if (nd.nd_procnum != NFSPROC_NULL) {
199 		if (!svc_getcred(rqst, &nd.nd_cred, &credflavor)) {
200 			svcerr_weakauth(rqst);
201 			svc_freereq(rqst);
202 			m_freem(nd.nd_mrep);
203 			return;
204 		}
205 
206 		/* Set the flag based on credflavor */
207 		if (credflavor == RPCSEC_GSS_KRB5) {
208 			nd.nd_flag |= ND_GSS;
209 		} else if (credflavor == RPCSEC_GSS_KRB5I) {
210 			nd.nd_flag |= (ND_GSS | ND_GSSINTEGRITY);
211 		} else if (credflavor == RPCSEC_GSS_KRB5P) {
212 			nd.nd_flag |= (ND_GSS | ND_GSSPRIVACY);
213 		} else if (credflavor != AUTH_SYS) {
214 			svcerr_weakauth(rqst);
215 			svc_freereq(rqst);
216 			m_freem(nd.nd_mrep);
217 			return;
218 		}
219 
220 #ifdef MAC
221 		mac_cred_associate_nfsd(nd.nd_cred);
222 #endif
223 		if ((nd.nd_flag & ND_NFSV4) != 0) {
224 			nd.nd_repstat = nfsvno_v4rootexport(&nd);
225 			if (nd.nd_repstat != 0) {
226 				svcerr_weakauth(rqst);
227 				svc_freereq(rqst);
228 				m_freem(nd.nd_mrep);
229 				return;
230 			}
231 		}
232 
233 		cacherep = nfs_proc(&nd, rqst->rq_xid, xprt->xp_socket,
234 		    xprt->xp_sockref, &rp);
235 	} else {
236 		NFSMGET(nd.nd_mreq);
237 		nd.nd_mreq->m_len = 0;
238 		cacherep = RC_REPLY;
239 	}
240 	if (nd.nd_mrep != NULL)
241 		m_freem(nd.nd_mrep);
242 
243 	if (nd.nd_cred != NULL)
244 		crfree(nd.nd_cred);
245 
246 	if (cacherep == RC_DROPIT) {
247 		if (nd.nd_mreq != NULL)
248 			m_freem(nd.nd_mreq);
249 		svc_freereq(rqst);
250 		return;
251 	}
252 
253 	if (nd.nd_mreq == NULL) {
254 		svcerr_decode(rqst);
255 		svc_freereq(rqst);
256 		return;
257 	}
258 
259 	if (nd.nd_repstat & NFSERR_AUTHERR) {
260 		svcerr_auth(rqst, nd.nd_repstat & ~NFSERR_AUTHERR);
261 		if (nd.nd_mreq != NULL)
262 			m_freem(nd.nd_mreq);
263 	} else if (!svc_sendreply_mbuf(rqst, nd.nd_mreq)) {
264 		svcerr_systemerr(rqst);
265 	}
266 	if (rp != NULL)
267 		nfsrvd_sentcache(rp, xprt->xp_socket, 0);
268 	svc_freereq(rqst);
269 }
270 
271 /*
272  * Check the cache and, optionally, do the RPC.
273  * Return the appropriate cache response.
274  */
275 static int
276 nfs_proc(struct nfsrv_descript *nd, u_int32_t xid, struct socket *so,
277     u_int64_t sockref, struct nfsrvcache **rpp)
278 {
279 	struct thread *td = curthread;
280 	int cacherep = RC_DOIT, isdgram;
281 
282 	*rpp = NULL;
283 	if (nd->nd_nam2 == NULL) {
284 		nd->nd_flag |= ND_STREAMSOCK;
285 		isdgram = 0;
286 	} else {
287 		isdgram = 1;
288 	}
289 	NFSGETTIME(&nd->nd_starttime);
290 
291 	/*
292 	 * Two cases:
293 	 * 1 - For NFSv2 over UDP, if we are near our malloc/mget
294 	 *     limit, just drop the request. There is no
295 	 *     NFSERR_RESOURCE or NFSERR_DELAY for NFSv2 and the
296 	 *     client will timeout/retry over UDP in a little while.
297 	 * 2 - nd_repstat == 0 && nd_mreq == NULL, which
298 	 *     means a normal nfs rpc, so check the cache
299 	 */
300 	if ((nd->nd_flag & ND_NFSV2) && nd->nd_nam2 != NULL &&
301 	    nfsrv_mallocmget_limit()) {
302 		cacherep = RC_DROPIT;
303 	} else {
304 		/*
305 		 * For NFSv3, play it safe and assume that the client is
306 		 * doing retries on the same TCP connection.
307 		 */
308 		if ((nd->nd_flag & (ND_NFSV4 | ND_STREAMSOCK)) ==
309 		    ND_STREAMSOCK)
310 			nd->nd_flag |= ND_SAMETCPCONN;
311 		nd->nd_retxid = xid;
312 		nd->nd_tcpconntime = NFSD_MONOSEC;
313 		nd->nd_sockref = sockref;
314 		cacherep = nfsrvd_getcache(nd, so);
315 	}
316 
317 	/*
318 	 * Handle the request. There are three cases.
319 	 * RC_DOIT - do the RPC
320 	 * RC_REPLY - return the reply already created
321 	 * RC_DROPIT - just throw the request away
322 	 */
323 	if (cacherep == RC_DOIT) {
324 		nfsrvd_dorpc(nd, isdgram, td);
325 		if (nd->nd_repstat == NFSERR_DONTREPLY)
326 			cacherep = RC_DROPIT;
327 		else
328 			cacherep = RC_REPLY;
329 		*rpp = nfsrvd_updatecache(nd, so);
330 	}
331 	return (cacherep);
332 }
333 
334 /*
335  * Adds a socket to the list for servicing by nfsds.
336  */
337 int
338 nfsrvd_addsock(struct file *fp)
339 {
340 	int siz;
341 	struct socket *so;
342 	int error;
343 	SVCXPRT *xprt;
344 	static u_int64_t sockref = 0;
345 
346 	so = fp->f_data;
347 
348 	siz = sb_max_adj;
349 	error = soreserve(so, siz, siz);
350 	if (error) {
351 		return (error);
352 	}
353 
354 	/*
355 	 * Steal the socket from userland so that it doesn't close
356 	 * unexpectedly.
357 	 */
358 	if (so->so_type == SOCK_DGRAM)
359 		xprt = svc_dg_create(nfsrvd_pool, so, 0, 0);
360 	else
361 		xprt = svc_vc_create(nfsrvd_pool, so, 0, 0);
362 	if (xprt) {
363 		fp->f_ops = &badfileops;
364 		fp->f_data = NULL;
365 		xprt->xp_sockref = ++sockref;
366 		if (nfs_minvers == NFS_VER2)
367 			svc_reg(xprt, NFS_PROG, NFS_VER2, nfssvc_program,
368 			    NULL);
369 		if (nfs_minvers <= NFS_VER3 && nfs_maxvers >= NFS_VER3)
370 			svc_reg(xprt, NFS_PROG, NFS_VER3, nfssvc_program,
371 			    NULL);
372 		if (nfs_maxvers >= NFS_VER4)
373 			svc_reg(xprt, NFS_PROG, NFS_VER4, nfssvc_program,
374 			    NULL);
375 		SVC_RELEASE(xprt);
376 	}
377 
378 	return (0);
379 }
380 
381 /*
382  * Called by nfssvc() for nfsds. Just loops around servicing rpc requests
383  * until it is killed by a signal.
384  */
385 int
386 nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
387 {
388 #ifdef KGSSAPI
389 	char principal[MAXHOSTNAMELEN + 5];
390 	int error;
391 	bool_t ret2, ret3, ret4;
392 #endif
393 
394 #ifdef KGSSAPI
395 	error = copyinstr(args->principal, principal, sizeof (principal),
396 	    NULL);
397 	if (error)
398 		return (error);
399 #endif
400 
401 	/*
402 	 * Only the first nfsd actually does any work. The RPC code
403 	 * adds threads to it as needed. Any extra processes offered
404 	 * by nfsd just exit. If nfsd is new enough, it will call us
405 	 * once with a structure that specifies how many threads to
406 	 * use.
407 	 */
408 	NFSD_LOCK();
409 	if (newnfs_numnfsd == 0) {
410 		newnfs_numnfsd++;
411 
412 		NFSD_UNLOCK();
413 
414 #ifdef KGSSAPI
415 		/* An empty string implies AUTH_SYS only. */
416 		if (principal[0] != '\0') {
417 			ret2 = rpc_gss_set_svc_name(principal, "kerberosv5",
418 			    GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
419 			ret3 = rpc_gss_set_svc_name(principal, "kerberosv5",
420 			    GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
421 			ret4 = rpc_gss_set_svc_name(principal, "kerberosv5",
422 			    GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
423 
424 			if (!ret2 || !ret3 || !ret4) {
425 				NFSD_LOCK();
426 				newnfs_numnfsd--;
427 				nfsrvd_init(1);
428 				NFSD_UNLOCK();
429 				return (EAUTH);
430 			}
431 		}
432 #endif
433 
434 		nfsrvd_pool->sp_minthreads = args->minthreads;
435 		nfsrvd_pool->sp_maxthreads = args->maxthreads;
436 
437 		svc_run(nfsrvd_pool);
438 
439 #ifdef KGSSAPI
440 		if (principal[0] != '\0') {
441 			rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2);
442 			rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3);
443 			rpc_gss_clear_svc_name(NFS_PROG, NFS_VER4);
444 		}
445 #endif
446 
447 		NFSD_LOCK();
448 		newnfs_numnfsd--;
449 		nfsrvd_init(1);
450 	}
451 	NFSD_UNLOCK();
452 
453 	return (0);
454 }
455 
456 /*
457  * Initialize the data structures for the server.
458  * Handshake with any new nfsds starting up to avoid any chance of
459  * corruption.
460  */
461 void
462 nfsrvd_init(int terminating)
463 {
464 
465 	NFSD_LOCK_ASSERT();
466 
467 	if (terminating) {
468 		NFSD_UNLOCK();
469 		svcpool_destroy(nfsrvd_pool);
470 		nfsrvd_pool = NULL;
471 		NFSD_LOCK();
472 	}
473 
474 	NFSD_UNLOCK();
475 
476 	nfsrvd_pool = svcpool_create("nfsd", SYSCTL_STATIC_CHILDREN(_vfs_newnfs));
477 	nfsrvd_pool->sp_rcache = NULL;
478 	nfsrvd_pool->sp_assign = NULL;
479 	nfsrvd_pool->sp_done = NULL;
480 
481 	NFSD_LOCK();
482 }
483 
484