1 /*- 2 * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Berkeley Software Design Inc's name may not be used to endorse or 13 * promote products derived from this software without specific prior 14 * written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN INC ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN INC BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * from BSDI kern.c,v 1.2 1998/11/25 22:38:27 don Exp 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 #include <sys/param.h> 35 #include <sys/mount.h> 36 #include <sys/queue.h> 37 #include <sys/socket.h> 38 #include <sys/stat.h> 39 40 #include <netinet/in.h> 41 #include <arpa/inet.h> 42 43 #include <err.h> 44 #include <errno.h> 45 #include <fcntl.h> 46 #include <paths.h> 47 #include <pwd.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <syslog.h> 52 #include <unistd.h> 53 #include <netdb.h> 54 55 #include "nlm_prot.h" 56 #include <nfs/rpcv2.h> 57 #include <nfs/nfsproto.h> 58 #include <nfsclient/nfs_lock.h> 59 60 #include "lockd.h" 61 #include "lockd_lock.h" 62 #include <nfsclient/nfs.h> 63 64 #define DAEMON_USERNAME "daemon" 65 66 /* Lock request owner. */ 67 typedef struct __owner { 68 pid_t pid; /* Process ID. */ 69 time_t tod; /* Time-of-day. */ 70 } OWNER; 71 static OWNER owner; 72 73 static char hostname[MAXHOSTNAMELEN + 1]; /* Hostname. */ 74 static int devfd; 75 76 static void client_cleanup(void); 77 static const char *from_addr(struct sockaddr *); 78 int lock_request(LOCKD_MSG *); 79 static void set_auth(CLIENT *cl, struct xucred *ucred); 80 void show(LOCKD_MSG *); 81 int test_request(LOCKD_MSG *); 82 int unlock_request(LOCKD_MSG *); 83 84 static int 85 nfslockdans(int vers, struct lockd_ans *ansp) 86 { 87 88 ansp->la_vers = vers; 89 return (write(devfd, ansp, sizeof *ansp) <= 0); 90 } 91 92 /* 93 * will break because fifo needs to be repopened when EOF'd 94 */ 95 #define lockd_seteuid(uid) seteuid(uid) 96 97 #define d_calls (debug_level > 1) 98 #define d_args (debug_level > 2) 99 100 static const char * 101 from_addr(saddr) 102 struct sockaddr *saddr; 103 { 104 static char inet_buf[INET6_ADDRSTRLEN]; 105 106 if (getnameinfo(saddr, saddr->sa_len, inet_buf, sizeof(inet_buf), 107 NULL, 0, NI_NUMERICHOST) == 0) 108 return inet_buf; 109 return "???"; 110 } 111 112 void 113 client_cleanup(void) 114 { 115 (void)lockd_seteuid(0); 116 exit(-1); 117 } 118 119 /* 120 * client_request -- 121 * Loop around messages from the kernel, forwarding them off to 122 * NLM servers. 123 */ 124 pid_t 125 client_request(void) 126 { 127 LOCKD_MSG msg; 128 int nr, ret; 129 pid_t child; 130 uid_t daemon_uid; 131 struct passwd *pw; 132 133 /* Open the dev . */ 134 devfd = open(_PATH_DEV _PATH_NFSLCKDEV, O_RDWR | O_NONBLOCK); 135 if (devfd < 0) { 136 syslog(LOG_ERR, "open: %s: %m", _PATH_NFSLCKDEV); 137 goto err; 138 } 139 /* 140 * Create a separate process, the client code is really a separate 141 * daemon that shares a lot of code. 142 */ 143 switch (child = fork()) { 144 case -1: 145 err(1, "fork"); 146 case 0: 147 break; 148 default: 149 return (child); 150 } 151 152 signal(SIGHUP, (sig_t)client_cleanup); 153 signal(SIGTERM, (sig_t)client_cleanup); 154 155 /* Setup. */ 156 (void)time(&owner.tod); 157 owner.pid = getpid(); 158 (void)gethostname(hostname, sizeof(hostname) - 1); 159 160 pw = getpwnam(DAEMON_USERNAME); 161 if (pw == NULL) { 162 syslog(LOG_ERR, "getpwnam: %s: %m", DAEMON_USERNAME); 163 goto err; 164 } 165 daemon_uid = pw->pw_uid; 166 /* drop our root priviledges */ 167 (void)lockd_seteuid(daemon_uid); 168 169 for (;;) { 170 /* Read the fixed length message. */ 171 if ((nr = read(devfd, &msg, sizeof(msg))) == sizeof(msg)) { 172 if (d_args) 173 show(&msg); 174 175 if (msg.lm_version != LOCKD_MSG_VERSION) { 176 syslog(LOG_ERR, 177 "unknown msg type: %d", msg.lm_version); 178 } 179 /* 180 * Send it to the NLM server and don't grant the lock 181 * if we fail for any reason. 182 */ 183 switch (msg.lm_fl.l_type) { 184 case F_RDLCK: 185 case F_WRLCK: 186 if (msg.lm_getlk) 187 ret = test_request(&msg); 188 else 189 ret = lock_request(&msg); 190 break; 191 case F_UNLCK: 192 ret = unlock_request(&msg); 193 break; 194 default: 195 ret = 1; 196 syslog(LOG_ERR, 197 "unknown lock type: %d", msg.lm_fl.l_type); 198 break; 199 } 200 if (ret) { 201 struct lockd_ans ans; 202 203 ans.la_msg_ident = msg.lm_msg_ident; 204 ans.la_errno = EHOSTUNREACH; 205 206 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 207 syslog((errno == EPIPE ? LOG_INFO : 208 LOG_ERR), "process %lu: %m", 209 (u_long)msg.lm_msg_ident.pid); 210 } 211 } 212 } else if (nr == -1) { 213 if (errno != EAGAIN) { 214 syslog(LOG_ERR, "read: %s: %m", _PATH_NFSLCKDEV); 215 goto err; 216 } 217 } else if (nr != 0) { 218 syslog(LOG_ERR, 219 "%s: discard %d bytes", _PATH_NFSLCKDEV, nr); 220 } 221 } 222 223 /* Reached only on error. */ 224 err: 225 (void)lockd_seteuid(0); 226 _exit (1); 227 } 228 229 void 230 set_auth(cl, xucred) 231 CLIENT *cl; 232 struct xucred *xucred; 233 { 234 if (cl->cl_auth != NULL) 235 cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); 236 cl->cl_auth = authunix_create(hostname, 237 xucred->cr_uid, 238 xucred->cr_groups[0], 239 xucred->cr_ngroups - 1, 240 &xucred->cr_groups[1]); 241 } 242 243 244 /* 245 * test_request -- 246 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 247 */ 248 int 249 test_request(LOCKD_MSG *msg) 250 { 251 CLIENT *cli; 252 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 253 char dummy; 254 255 if (d_calls) 256 syslog(LOG_DEBUG, "test request: %s: %s to %s", 257 msg->lm_nfsv3 ? "V4" : "V1/3", 258 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 259 from_addr((struct sockaddr *)&msg->lm_addr)); 260 261 if (msg->lm_nfsv3) { 262 struct nlm4_testargs arg4; 263 264 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 265 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 266 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 267 arg4.alock.caller_name = hostname; 268 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 269 arg4.alock.fh.n_len = msg->lm_fh_len; 270 arg4.alock.oh.n_bytes = (char *)&owner; 271 arg4.alock.oh.n_len = sizeof(owner); 272 arg4.alock.svid = msg->lm_msg_ident.pid; 273 arg4.alock.l_offset = msg->lm_fl.l_start; 274 arg4.alock.l_len = msg->lm_fl.l_len; 275 276 if ((cli = get_client( 277 (struct sockaddr *)&msg->lm_addr, 278 NLM_VERS4)) == NULL) 279 return (1); 280 281 set_auth(cli, &msg->lm_cred); 282 (void)clnt_call(cli, NLM_TEST_MSG, 283 (xdrproc_t)xdr_nlm4_testargs, &arg4, 284 (xdrproc_t)xdr_void, &dummy, timeout); 285 } else { 286 struct nlm_testargs arg; 287 288 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 289 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 290 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 291 arg.alock.caller_name = hostname; 292 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 293 arg.alock.fh.n_len = msg->lm_fh_len; 294 arg.alock.oh.n_bytes = (char *)&owner; 295 arg.alock.oh.n_len = sizeof(owner); 296 arg.alock.svid = msg->lm_msg_ident.pid; 297 arg.alock.l_offset = msg->lm_fl.l_start; 298 arg.alock.l_len = msg->lm_fl.l_len; 299 300 if ((cli = get_client( 301 (struct sockaddr *)&msg->lm_addr, 302 NLM_VERS)) == NULL) 303 return (1); 304 305 set_auth(cli, &msg->lm_cred); 306 (void)clnt_call(cli, NLM_TEST_MSG, 307 (xdrproc_t)xdr_nlm_testargs, &arg, 308 (xdrproc_t)xdr_void, &dummy, timeout); 309 } 310 return (0); 311 } 312 313 /* 314 * lock_request -- 315 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 316 */ 317 int 318 lock_request(LOCKD_MSG *msg) 319 { 320 CLIENT *cli; 321 struct nlm4_lockargs arg4; 322 struct nlm_lockargs arg; 323 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 324 char dummy; 325 326 if (d_calls) 327 syslog(LOG_DEBUG, "lock request: %s: %s to %s", 328 msg->lm_nfsv3 ? "V4" : "V1/3", 329 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 330 from_addr((struct sockaddr *)&msg->lm_addr)); 331 332 if (msg->lm_nfsv3) { 333 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 334 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 335 arg4.block = msg->lm_wait ? 1 : 0; 336 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 337 arg4.alock.caller_name = hostname; 338 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 339 arg4.alock.fh.n_len = msg->lm_fh_len; 340 arg4.alock.oh.n_bytes = (char *)&owner; 341 arg4.alock.oh.n_len = sizeof(owner); 342 arg4.alock.svid = msg->lm_msg_ident.pid; 343 arg4.alock.l_offset = msg->lm_fl.l_start; 344 arg4.alock.l_len = msg->lm_fl.l_len; 345 arg4.reclaim = 0; 346 arg4.state = nsm_state; 347 348 if ((cli = get_client( 349 (struct sockaddr *)&msg->lm_addr, 350 NLM_VERS4)) == NULL) 351 return (1); 352 353 set_auth(cli, &msg->lm_cred); 354 (void)clnt_call(cli, NLM_LOCK_MSG, 355 (xdrproc_t)xdr_nlm4_lockargs, &arg4, 356 (xdrproc_t)xdr_void, &dummy, timeout); 357 } else { 358 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 359 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 360 arg.block = msg->lm_wait ? 1 : 0; 361 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 362 arg.alock.caller_name = hostname; 363 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 364 arg.alock.fh.n_len = msg->lm_fh_len; 365 arg.alock.oh.n_bytes = (char *)&owner; 366 arg.alock.oh.n_len = sizeof(owner); 367 arg.alock.svid = msg->lm_msg_ident.pid; 368 arg.alock.l_offset = msg->lm_fl.l_start; 369 arg.alock.l_len = msg->lm_fl.l_len; 370 arg.reclaim = 0; 371 arg.state = nsm_state; 372 373 if ((cli = get_client( 374 (struct sockaddr *)&msg->lm_addr, 375 NLM_VERS)) == NULL) 376 return (1); 377 378 set_auth(cli, &msg->lm_cred); 379 (void)clnt_call(cli, NLM_LOCK_MSG, 380 (xdrproc_t)xdr_nlm_lockargs, &arg, 381 (xdrproc_t)xdr_void, &dummy, timeout); 382 } 383 return (0); 384 } 385 386 /* 387 * unlock_request -- 388 * Convert an unlock LOCKD_MSG into an NLM request, and send it off. 389 */ 390 int 391 unlock_request(LOCKD_MSG *msg) 392 { 393 CLIENT *cli; 394 struct nlm4_unlockargs arg4; 395 struct nlm_unlockargs arg; 396 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 397 char dummy; 398 399 if (d_calls) 400 syslog(LOG_DEBUG, "unlock request: %s: to %s", 401 msg->lm_nfsv3 ? "V4" : "V1/3", 402 from_addr((struct sockaddr *)&msg->lm_addr)); 403 404 if (msg->lm_nfsv3) { 405 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 406 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 407 arg4.alock.caller_name = hostname; 408 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 409 arg4.alock.fh.n_len = msg->lm_fh_len; 410 arg4.alock.oh.n_bytes = (char *)&owner; 411 arg4.alock.oh.n_len = sizeof(owner); 412 arg4.alock.svid = msg->lm_msg_ident.pid; 413 arg4.alock.l_offset = msg->lm_fl.l_start; 414 arg4.alock.l_len = msg->lm_fl.l_len; 415 416 if ((cli = get_client( 417 (struct sockaddr *)&msg->lm_addr, 418 NLM_VERS4)) == NULL) 419 return (1); 420 421 set_auth(cli, &msg->lm_cred); 422 (void)clnt_call(cli, NLM_UNLOCK_MSG, 423 (xdrproc_t)xdr_nlm4_unlockargs, &arg4, 424 (xdrproc_t)xdr_void, &dummy, timeout); 425 } else { 426 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 427 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 428 arg.alock.caller_name = hostname; 429 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 430 arg.alock.fh.n_len = msg->lm_fh_len; 431 arg.alock.oh.n_bytes = (char *)&owner; 432 arg.alock.oh.n_len = sizeof(owner); 433 arg.alock.svid = msg->lm_msg_ident.pid; 434 arg.alock.l_offset = msg->lm_fl.l_start; 435 arg.alock.l_len = msg->lm_fl.l_len; 436 437 if ((cli = get_client( 438 (struct sockaddr *)&msg->lm_addr, 439 NLM_VERS)) == NULL) 440 return (1); 441 442 set_auth(cli, &msg->lm_cred); 443 (void)clnt_call(cli, NLM_UNLOCK_MSG, 444 (xdrproc_t)xdr_nlm_unlockargs, &arg, 445 (xdrproc_t)xdr_void, &dummy, timeout); 446 } 447 448 return (0); 449 } 450 451 int 452 lock_answer(int pid, netobj *netcookie, int result, int *pid_p, int version) 453 { 454 struct lockd_ans ans; 455 456 if (netcookie->n_len != sizeof(ans.la_msg_ident)) { 457 if (pid == -1) { /* we're screwed */ 458 syslog(LOG_ERR, "inedible nlm cookie"); 459 return -1; 460 } 461 ans.la_msg_ident.pid = pid; 462 ans.la_msg_ident.msg_seq = -1; 463 } else { 464 memcpy(&ans.la_msg_ident, netcookie->n_bytes, 465 sizeof(ans.la_msg_ident)); 466 } 467 468 if (d_calls) 469 syslog(LOG_DEBUG, "lock answer: pid %lu: %s %d", 470 (unsigned long)ans.la_msg_ident.pid, 471 version == NLM_VERS4 ? "nlmv4" : "nlmv3", 472 result); 473 474 ans.la_set_getlk_pid = 0; 475 if (version == NLM_VERS4) 476 switch (result) { 477 case nlm4_granted: 478 ans.la_errno = 0; 479 break; 480 default: 481 ans.la_errno = EACCES; 482 break; 483 case nlm4_denied: 484 if (pid_p == NULL) 485 ans.la_errno = EAGAIN; 486 else { 487 /* this is an answer to a nlm_test msg */ 488 ans.la_set_getlk_pid = 1; 489 ans.la_getlk_pid = *pid_p; 490 ans.la_errno = 0; 491 } 492 break; 493 case nlm4_denied_nolocks: 494 ans.la_errno = EAGAIN; 495 break; 496 case nlm4_blocked: 497 return -1; 498 /* NOTREACHED */ 499 case nlm4_denied_grace_period: 500 ans.la_errno = EAGAIN; 501 break; 502 case nlm4_deadlck: 503 ans.la_errno = EDEADLK; 504 break; 505 case nlm4_rofs: 506 ans.la_errno = EROFS; 507 break; 508 case nlm4_stale_fh: 509 ans.la_errno = ESTALE; 510 break; 511 case nlm4_fbig: 512 ans.la_errno = EFBIG; 513 break; 514 case nlm4_failed: 515 ans.la_errno = EACCES; 516 break; 517 } 518 else 519 switch (result) { 520 case nlm_granted: 521 ans.la_errno = 0; 522 break; 523 default: 524 ans.la_errno = EACCES; 525 break; 526 case nlm_denied: 527 if (pid_p == NULL) 528 ans.la_errno = EAGAIN; 529 else { 530 /* this is an answer to a nlm_test msg */ 531 ans.la_set_getlk_pid = 1; 532 ans.la_getlk_pid = *pid_p; 533 ans.la_errno = 0; 534 } 535 break; 536 case nlm_denied_nolocks: 537 ans.la_errno = EAGAIN; 538 break; 539 case nlm_blocked: 540 return -1; 541 /* NOTREACHED */ 542 case nlm_denied_grace_period: 543 ans.la_errno = EAGAIN; 544 break; 545 case nlm_deadlck: 546 ans.la_errno = EDEADLK; 547 break; 548 } 549 550 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 551 syslog(((errno == EPIPE || errno == ESRCH) ? 552 LOG_INFO : LOG_ERR), 553 "process %lu: %m", (u_long)ans.la_msg_ident.pid); 554 return -1; 555 } 556 return 0; 557 } 558 559 /* 560 * show -- 561 * Display the contents of a kernel LOCKD_MSG structure. 562 */ 563 void 564 show(LOCKD_MSG *mp) 565 { 566 static char hex[] = "0123456789abcdef"; 567 struct fid *fidp; 568 fsid_t *fsidp; 569 size_t len; 570 u_int8_t *p, *t, buf[NFS_SMALLFH*3+1]; 571 572 syslog(LOG_DEBUG, "process ID: %lu\n", (long)mp->lm_msg_ident.pid); 573 574 fsidp = (fsid_t *)&mp->lm_fh; 575 fidp = (struct fid *)((u_int8_t *)&mp->lm_fh + sizeof(fsid_t)); 576 577 for (t = buf, p = (u_int8_t *)mp->lm_fh, 578 len = mp->lm_fh_len; 579 len > 0; ++p, --len) { 580 *t++ = '\\'; 581 *t++ = hex[(*p & 0xf0) >> 4]; 582 *t++ = hex[*p & 0x0f]; 583 } 584 *t = '\0'; 585 586 syslog(LOG_DEBUG, "fh_len %d, fh %s\n", (int)mp->lm_fh_len, buf); 587 588 /* Show flock structure. */ 589 syslog(LOG_DEBUG, "start %qu; len %qu; pid %lu; type %d; whence %d\n", 590 (unsigned long long)mp->lm_fl.l_start, 591 (unsigned long long)mp->lm_fl.l_len, (u_long)mp->lm_fl.l_pid, 592 mp->lm_fl.l_type, mp->lm_fl.l_whence); 593 594 /* Show wait flag. */ 595 syslog(LOG_DEBUG, "wait was %s\n", mp->lm_wait ? "set" : "not set"); 596 } 597