1 /*- 2 * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Berkeley Software Design Inc's name may not be used to endorse or 13 * promote products derived from this software without specific prior 14 * written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN INC ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN INC BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * from BSDI kern.c,v 1.2 1998/11/25 22:38:27 don Exp 29 * $FreeBSD$ 30 */ 31 32 #include <sys/param.h> 33 #include <sys/mount.h> 34 #include <sys/queue.h> 35 #include <sys/socket.h> 36 #include <sys/stat.h> 37 38 #include <netinet/in.h> 39 #include <arpa/inet.h> 40 41 #include <err.h> 42 #include <errno.h> 43 #include <fcntl.h> 44 #include <pwd.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <syslog.h> 49 #include <unistd.h> 50 #include <netdb.h> 51 52 #include "nlm_prot.h" 53 #include <nfs/rpcv2.h> 54 #include <nfs/nfsproto.h> 55 #include <nfsclient/nfs_lock.h> 56 57 #include "lockd.h" 58 #include "lockd_lock.h" 59 #include <nfsclient/nfs.h> 60 61 #define DAEMON_USERNAME "daemon" 62 63 #define nfslockdans(_v, _ansp) \ 64 ((_ansp)->la_vers = _v, \ 65 nfsclnt(NFSCLNT_LOCKDANS, _ansp)) 66 67 /* Lock request owner. */ 68 typedef struct __owner { 69 pid_t pid; /* Process ID. */ 70 time_t tod; /* Time-of-day. */ 71 } OWNER; 72 static OWNER owner; 73 74 static char hostname[MAXHOSTNAMELEN + 1]; /* Hostname. */ 75 76 static void client_cleanup(void); 77 static void set_auth(CLIENT *cl, struct xucred *ucred); 78 int lock_request(LOCKD_MSG *); 79 int test_request(LOCKD_MSG *); 80 void show(LOCKD_MSG *); 81 int unlock_request(LOCKD_MSG *); 82 83 /* 84 * will break because fifo needs to be repopened when EOF'd 85 */ 86 #define lockd_seteuid(uid) seteuid(uid) 87 88 #define d_calls (debug_level > 1) 89 #define d_args (debug_level > 2) 90 91 static const char * 92 from_addr(saddr) 93 struct sockaddr *saddr; 94 { 95 static char inet_buf[INET6_ADDRSTRLEN]; 96 97 if (getnameinfo(saddr, saddr->sa_len, inet_buf, sizeof(inet_buf), 98 NULL, 0, NI_NUMERICHOST) == 0) 99 return inet_buf; 100 return "???"; 101 } 102 103 void 104 client_cleanup(void) 105 { 106 (void)lockd_seteuid(0); 107 (void)unlink(_PATH_LCKFIFO); 108 exit(-1); 109 } 110 111 /* 112 * client_request -- 113 * Loop around messages from the kernel, forwarding them off to 114 * NLM servers. 115 */ 116 pid_t 117 client_request(void) 118 { 119 LOCKD_MSG msg; 120 fd_set rdset; 121 int fd, nr, ret; 122 pid_t child; 123 uid_t daemon_uid; 124 mode_t old_umask; 125 struct passwd *pw; 126 127 /* Recreate the NLM fifo. */ 128 (void)unlink(_PATH_LCKFIFO); 129 old_umask = umask(S_IXGRP|S_IXOTH); 130 if (mkfifo(_PATH_LCKFIFO, S_IWUSR | S_IRUSR)) { 131 syslog(LOG_ERR, "mkfifo: %s: %m", _PATH_LCKFIFO); 132 exit (1); 133 } 134 umask(old_umask); 135 136 /* 137 * Create a separate process, the client code is really a separate 138 * daemon that shares a lot of code. 139 */ 140 switch (child = fork()) { 141 case -1: 142 err(1, "fork"); 143 case 0: 144 break; 145 default: 146 return (child); 147 } 148 149 signal(SIGHUP, (sig_t)client_cleanup); 150 signal(SIGTERM, (sig_t)client_cleanup); 151 152 /* Setup. */ 153 (void)time(&owner.tod); 154 owner.pid = getpid(); 155 (void)gethostname(hostname, sizeof(hostname) - 1); 156 157 /* Open the fifo for reading. */ 158 if ((fd = open(_PATH_LCKFIFO, O_RDONLY | O_NONBLOCK)) == -1) { 159 syslog(LOG_ERR, "open: %s: %m", _PATH_LCKFIFO); 160 goto err; 161 } 162 pw = getpwnam(DAEMON_USERNAME); 163 if (pw == NULL) { 164 syslog(LOG_ERR, "getpwnam: %s: %m", DAEMON_USERNAME); 165 goto err; 166 } 167 daemon_uid = pw->pw_uid; 168 /* drop our root priviledges */ 169 (void)lockd_seteuid(daemon_uid); 170 171 for (;;) { 172 /* Wait for contact... fifo's return EAGAIN when read with 173 * no data 174 */ 175 /* Set up the select. */ 176 FD_ZERO(&rdset); 177 FD_SET(fd, &rdset); 178 (void)select(fd + 1, &rdset, NULL, NULL, NULL); 179 180 /* Read the fixed length message. */ 181 if ((nr = read(fd, &msg, sizeof(msg))) == sizeof(msg)) { 182 if (d_args) 183 show(&msg); 184 185 if (msg.lm_version != LOCKD_MSG_VERSION) { 186 syslog(LOG_ERR, 187 "unknown msg type: %d", msg.lm_version); 188 } 189 /* 190 * Send it to the NLM server and don't grant the lock 191 * if we fail for any reason. 192 */ 193 switch (msg.lm_fl.l_type) { 194 case F_RDLCK: 195 case F_WRLCK: 196 if (msg.lm_getlk) 197 ret = test_request(&msg); 198 else 199 ret = lock_request(&msg); 200 break; 201 case F_UNLCK: 202 ret = unlock_request(&msg); 203 break; 204 default: 205 ret = 1; 206 syslog(LOG_ERR, 207 "unknown lock type: %d", msg.lm_fl.l_type); 208 break; 209 } 210 if (ret) { 211 struct lockd_ans ans; 212 213 ans.la_msg_ident = msg.lm_msg_ident; 214 ans.la_errno = EHOSTUNREACH; 215 216 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 217 syslog((errno == EPIPE ? LOG_INFO : 218 LOG_ERR), "process %lu: %m", 219 (u_long)msg.lm_msg_ident.pid); 220 } 221 } 222 } else if (nr == -1) { 223 if (errno != EAGAIN) { 224 syslog(LOG_ERR, "read: %s: %m", _PATH_LCKFIFO); 225 goto err; 226 } 227 } else if (nr != 0) { 228 syslog(LOG_ERR, 229 "%s: discard %d bytes", _PATH_LCKFIFO, nr); 230 } 231 } 232 233 /* Reached only on error. */ 234 err: 235 (void)lockd_seteuid(0); 236 (void)unlink(_PATH_LCKFIFO); 237 _exit (1); 238 } 239 240 void 241 set_auth(cl, xucred) 242 CLIENT *cl; 243 struct xucred *xucred; 244 { 245 if (cl->cl_auth != NULL) 246 cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); 247 cl->cl_auth = authunix_create(hostname, 248 xucred->cr_uid, 249 xucred->cr_groups[0], 250 xucred->cr_ngroups - 1, 251 &xucred->cr_groups[1]); 252 } 253 254 255 /* 256 * test_request -- 257 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 258 */ 259 int 260 test_request(LOCKD_MSG *msg) 261 { 262 CLIENT *cli; 263 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 264 char dummy; 265 266 if (d_calls) 267 syslog(LOG_DEBUG, "test request: %s: %s to %s", 268 msg->lm_nfsv3 ? "V4" : "V1/3", 269 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 270 from_addr((struct sockaddr *)&msg->lm_addr)); 271 272 if (msg->lm_nfsv3) { 273 struct nlm4_testargs arg4; 274 275 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 276 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 277 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 278 arg4.alock.caller_name = hostname; 279 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 280 arg4.alock.fh.n_len = msg->lm_fh_len; 281 arg4.alock.oh.n_bytes = (char *)&owner; 282 arg4.alock.oh.n_len = sizeof(owner); 283 arg4.alock.svid = msg->lm_msg_ident.pid; 284 arg4.alock.l_offset = msg->lm_fl.l_start; 285 arg4.alock.l_len = msg->lm_fl.l_len; 286 287 if ((cli = get_client( 288 (struct sockaddr *)&msg->lm_addr, 289 NLM_VERS4)) == NULL) 290 return (1); 291 292 set_auth(cli, &msg->lm_cred); 293 (void)clnt_call(cli, NLM_TEST_MSG, 294 (xdrproc_t)xdr_nlm4_testargs, &arg4, 295 (xdrproc_t)xdr_void, &dummy, timeout); 296 } else { 297 struct nlm_testargs arg; 298 299 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 300 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 301 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 302 arg.alock.caller_name = hostname; 303 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 304 arg.alock.fh.n_len = msg->lm_fh_len; 305 arg.alock.oh.n_bytes = (char *)&owner; 306 arg.alock.oh.n_len = sizeof(owner); 307 arg.alock.svid = msg->lm_msg_ident.pid; 308 arg.alock.l_offset = msg->lm_fl.l_start; 309 arg.alock.l_len = msg->lm_fl.l_len; 310 311 if ((cli = get_client( 312 (struct sockaddr *)&msg->lm_addr, 313 NLM_VERS)) == NULL) 314 return (1); 315 316 set_auth(cli, &msg->lm_cred); 317 (void)clnt_call(cli, NLM_TEST_MSG, 318 (xdrproc_t)xdr_nlm_testargs, &arg, 319 (xdrproc_t)xdr_void, &dummy, timeout); 320 } 321 return (0); 322 } 323 324 /* 325 * lock_request -- 326 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 327 */ 328 int 329 lock_request(LOCKD_MSG *msg) 330 { 331 CLIENT *cli; 332 struct nlm4_lockargs arg4; 333 struct nlm_lockargs arg; 334 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 335 char dummy; 336 337 if (d_calls) 338 syslog(LOG_DEBUG, "lock request: %s: %s to %s", 339 msg->lm_nfsv3 ? "V4" : "V1/3", 340 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 341 from_addr((struct sockaddr *)&msg->lm_addr)); 342 343 if (msg->lm_nfsv3) { 344 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 345 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 346 arg4.block = msg->lm_wait ? 1 : 0; 347 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 348 arg4.alock.caller_name = hostname; 349 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 350 arg4.alock.fh.n_len = msg->lm_fh_len; 351 arg4.alock.oh.n_bytes = (char *)&owner; 352 arg4.alock.oh.n_len = sizeof(owner); 353 arg4.alock.svid = msg->lm_msg_ident.pid; 354 arg4.alock.l_offset = msg->lm_fl.l_start; 355 arg4.alock.l_len = msg->lm_fl.l_len; 356 arg4.reclaim = 0; 357 arg4.state = nsm_state; 358 359 if ((cli = get_client( 360 (struct sockaddr *)&msg->lm_addr, 361 NLM_VERS4)) == NULL) 362 return (1); 363 364 set_auth(cli, &msg->lm_cred); 365 (void)clnt_call(cli, NLM_LOCK_MSG, 366 (xdrproc_t)xdr_nlm4_lockargs, &arg4, 367 (xdrproc_t)xdr_void, &dummy, timeout); 368 } else { 369 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 370 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 371 arg.block = msg->lm_wait ? 1 : 0; 372 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 373 arg.alock.caller_name = hostname; 374 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 375 arg.alock.fh.n_len = msg->lm_fh_len; 376 arg.alock.oh.n_bytes = (char *)&owner; 377 arg.alock.oh.n_len = sizeof(owner); 378 arg.alock.svid = msg->lm_msg_ident.pid; 379 arg.alock.l_offset = msg->lm_fl.l_start; 380 arg.alock.l_len = msg->lm_fl.l_len; 381 arg.reclaim = 0; 382 arg.state = nsm_state; 383 384 if ((cli = get_client( 385 (struct sockaddr *)&msg->lm_addr, 386 NLM_VERS)) == NULL) 387 return (1); 388 389 set_auth(cli, &msg->lm_cred); 390 (void)clnt_call(cli, NLM_LOCK_MSG, 391 (xdrproc_t)xdr_nlm_lockargs, &arg, 392 (xdrproc_t)xdr_void, &dummy, timeout); 393 } 394 return (0); 395 } 396 397 /* 398 * unlock_request -- 399 * Convert an unlock LOCKD_MSG into an NLM request, and send it off. 400 */ 401 int 402 unlock_request(LOCKD_MSG *msg) 403 { 404 CLIENT *cli; 405 struct nlm4_unlockargs arg4; 406 struct nlm_unlockargs arg; 407 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 408 char dummy; 409 410 if (d_calls) 411 syslog(LOG_DEBUG, "unlock request: %s: to %s", 412 msg->lm_nfsv3 ? "V4" : "V1/3", 413 from_addr((struct sockaddr *)&msg->lm_addr)); 414 415 if (msg->lm_nfsv3) { 416 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 417 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 418 arg4.alock.caller_name = hostname; 419 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 420 arg4.alock.fh.n_len = msg->lm_fh_len; 421 arg4.alock.oh.n_bytes = (char *)&owner; 422 arg4.alock.oh.n_len = sizeof(owner); 423 arg4.alock.svid = msg->lm_msg_ident.pid; 424 arg4.alock.l_offset = msg->lm_fl.l_start; 425 arg4.alock.l_len = msg->lm_fl.l_len; 426 427 if ((cli = get_client( 428 (struct sockaddr *)&msg->lm_addr, 429 NLM_VERS4)) == NULL) 430 return (1); 431 432 set_auth(cli, &msg->lm_cred); 433 (void)clnt_call(cli, NLM_UNLOCK_MSG, 434 (xdrproc_t)xdr_nlm4_unlockargs, &arg4, 435 (xdrproc_t)xdr_void, &dummy, timeout); 436 } else { 437 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 438 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 439 arg.alock.caller_name = hostname; 440 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 441 arg.alock.fh.n_len = msg->lm_fh_len; 442 arg.alock.oh.n_bytes = (char *)&owner; 443 arg.alock.oh.n_len = sizeof(owner); 444 arg.alock.svid = msg->lm_msg_ident.pid; 445 arg.alock.l_offset = msg->lm_fl.l_start; 446 arg.alock.l_len = msg->lm_fl.l_len; 447 448 if ((cli = get_client( 449 (struct sockaddr *)&msg->lm_addr, 450 NLM_VERS)) == NULL) 451 return (1); 452 453 set_auth(cli, &msg->lm_cred); 454 (void)clnt_call(cli, NLM_UNLOCK_MSG, 455 (xdrproc_t)xdr_nlm_unlockargs, &arg, 456 (xdrproc_t)xdr_void, &dummy, timeout); 457 } 458 459 return (0); 460 } 461 462 int 463 lock_answer(int pid, netobj *netcookie, int result, int *pid_p, int version) 464 { 465 struct lockd_ans ans; 466 467 if (netcookie->n_len != sizeof(ans.la_msg_ident)) { 468 if (pid == -1) { /* we're screwed */ 469 syslog(LOG_ERR, "inedible nlm cookie"); 470 return -1; 471 } 472 ans.la_msg_ident.pid = pid; 473 ans.la_msg_ident.msg_seq = -1; 474 } else { 475 memcpy(&ans.la_msg_ident, netcookie->n_bytes, 476 sizeof(ans.la_msg_ident)); 477 } 478 479 if (d_calls) 480 syslog(LOG_DEBUG, "lock answer: pid %lu: %s %d", 481 (unsigned long)ans.la_msg_ident.pid, 482 version == NLM_VERS4 ? "nlmv4" : "nlmv3", 483 result); 484 485 ans.la_set_getlk_pid = 0; 486 if (version == NLM_VERS4) 487 switch (result) { 488 case nlm4_granted: 489 ans.la_errno = 0; 490 break; 491 default: 492 ans.la_errno = EACCES; 493 break; 494 case nlm4_denied: 495 if (pid_p == NULL) 496 ans.la_errno = EAGAIN; 497 else { 498 /* this is an answer to a nlm_test msg */ 499 ans.la_set_getlk_pid = 1; 500 ans.la_getlk_pid = *pid_p; 501 ans.la_errno = 0; 502 } 503 break; 504 case nlm4_denied_nolocks: 505 ans.la_errno = EAGAIN; 506 break; 507 case nlm4_blocked: 508 return -1; 509 /* NOTREACHED */ 510 case nlm4_denied_grace_period: 511 ans.la_errno = EAGAIN; 512 break; 513 case nlm4_deadlck: 514 ans.la_errno = EDEADLK; 515 break; 516 case nlm4_rofs: 517 ans.la_errno = EROFS; 518 break; 519 case nlm4_stale_fh: 520 ans.la_errno = ESTALE; 521 break; 522 case nlm4_fbig: 523 ans.la_errno = EFBIG; 524 break; 525 case nlm4_failed: 526 ans.la_errno = EACCES; 527 break; 528 } 529 else 530 switch (result) { 531 case nlm_granted: 532 ans.la_errno = 0; 533 break; 534 default: 535 ans.la_errno = EACCES; 536 break; 537 case nlm_denied: 538 if (pid_p == NULL) 539 ans.la_errno = EAGAIN; 540 else { 541 /* this is an answer to a nlm_test msg */ 542 ans.la_set_getlk_pid = 1; 543 ans.la_getlk_pid = *pid_p; 544 ans.la_errno = 0; 545 } 546 break; 547 case nlm_denied_nolocks: 548 ans.la_errno = EAGAIN; 549 break; 550 case nlm_blocked: 551 return -1; 552 /* NOTREACHED */ 553 case nlm_denied_grace_period: 554 ans.la_errno = EAGAIN; 555 break; 556 case nlm_deadlck: 557 ans.la_errno = EDEADLK; 558 break; 559 } 560 561 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 562 syslog(((errno == EPIPE || errno == ESRCH) ? 563 LOG_INFO : LOG_ERR), 564 "process %lu: %m", (u_long)ans.la_msg_ident.pid); 565 return -1; 566 } 567 return 0; 568 } 569 570 /* 571 * show -- 572 * Display the contents of a kernel LOCKD_MSG structure. 573 */ 574 void 575 show(LOCKD_MSG *mp) 576 { 577 static char hex[] = "0123456789abcdef"; 578 struct fid *fidp; 579 fsid_t *fsidp; 580 size_t len; 581 u_int8_t *p, *t, buf[NFS_SMALLFH*3+1]; 582 583 syslog(LOG_DEBUG, "process ID: %lu\n", (long)mp->lm_msg_ident.pid); 584 585 fsidp = (fsid_t *)&mp->lm_fh; 586 fidp = (struct fid *)((u_int8_t *)&mp->lm_fh + sizeof(fsid_t)); 587 588 for (t = buf, p = (u_int8_t *)mp->lm_fh, 589 len = mp->lm_fh_len; 590 len > 0; ++p, --len) { 591 *t++ = '\\'; 592 *t++ = hex[(*p & 0xf0) >> 4]; 593 *t++ = hex[*p & 0x0f]; 594 } 595 *t = '\0'; 596 597 syslog(LOG_DEBUG, "fh_len %d, fh %s\n", (int)mp->lm_fh_len, buf); 598 599 /* Show flock structure. */ 600 syslog(LOG_DEBUG, "start %qu; len %qu; pid %lu; type %d; whence %d\n", 601 (unsigned long long)mp->lm_fl.l_start, 602 (unsigned long long)mp->lm_fl.l_len, (u_long)mp->lm_fl.l_pid, 603 mp->lm_fl.l_type, mp->lm_fl.l_whence); 604 605 /* Show wait flag. */ 606 syslog(LOG_DEBUG, "wait was %s\n", mp->lm_wait ? "set" : "not set"); 607 } 608