1 /*- 2 * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Berkeley Software Design Inc's name may not be used to endorse or 13 * promote products derived from this software without specific prior 14 * written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN INC ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN INC BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * from BSDI kern.c,v 1.2 1998/11/25 22:38:27 don Exp 29 * $FreeBSD$ 30 */ 31 32 #include <sys/param.h> 33 #include <sys/mount.h> 34 #include <sys/queue.h> 35 #include <sys/socket.h> 36 #include <sys/stat.h> 37 38 #include <netinet/in.h> 39 #include <arpa/inet.h> 40 41 #include <err.h> 42 #include <errno.h> 43 #include <fcntl.h> 44 #include <pwd.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <syslog.h> 49 #include <unistd.h> 50 #include <netdb.h> 51 52 #include "nlm_prot.h" 53 #include <nfs/rpcv2.h> 54 #include <nfs/nfsproto.h> 55 #include <nfsclient/nfs_lock.h> 56 57 #include "lockd.h" 58 #include "lockd_lock.h" 59 #include <nfsclient/nfs.h> 60 61 #define DAEMON_USERNAME "daemon" 62 63 #define nfslockdans(_v, _ansp) \ 64 ((_ansp)->la_vers = _v, \ 65 nfsclnt(NFSCLNT_LOCKDANS, _ansp)) 66 67 /* Lock request owner. */ 68 typedef struct __owner { 69 pid_t pid; /* Process ID. */ 70 time_t tod; /* Time-of-day. */ 71 } OWNER; 72 static OWNER owner; 73 74 static char hostname[MAXHOSTNAMELEN + 1]; /* Hostname. */ 75 76 static void client_cleanup(void); 77 static void set_auth(CLIENT *cl, struct xucred *ucred); 78 int lock_request(LOCKD_MSG *); 79 int test_request(LOCKD_MSG *); 80 void show(LOCKD_MSG *); 81 int unlock_request(LOCKD_MSG *); 82 83 /* 84 * will break because fifo needs to be repopened when EOF'd 85 */ 86 #define lockd_seteuid(uid) seteuid(uid) 87 88 #define d_calls (debug_level > 1) 89 #define d_args (debug_level > 2) 90 91 static const char * 92 from_addr(saddr) 93 struct sockaddr *saddr; 94 { 95 static char inet_buf[INET6_ADDRSTRLEN]; 96 97 if (getnameinfo(saddr, saddr->sa_len, inet_buf, sizeof(inet_buf), 98 NULL, 0, NI_NUMERICHOST) == 0) 99 return inet_buf; 100 return "???"; 101 } 102 103 void 104 client_cleanup(void) 105 { 106 (void)lockd_seteuid(0); 107 (void)unlink(_PATH_LCKFIFO); 108 exit(-1); 109 } 110 111 /* 112 * client_request -- 113 * Loop around messages from the kernel, forwarding them off to 114 * NLM servers. 115 */ 116 pid_t 117 client_request(void) 118 { 119 LOCKD_MSG msg; 120 fd_set rdset; 121 int fd, nr, ret; 122 pid_t child; 123 uid_t daemon_uid; 124 mode_t old_umask; 125 struct passwd *pw; 126 127 /* Recreate the NLM fifo. */ 128 (void)unlink(_PATH_LCKFIFO); 129 old_umask = umask(S_IXGRP|S_IXOTH); 130 if (mkfifo(_PATH_LCKFIFO, S_IWUSR | S_IRUSR)) { 131 syslog(LOG_ERR, "mkfifo: %s: %m", _PATH_LCKFIFO); 132 exit (1); 133 } 134 umask(old_umask); 135 136 /* 137 * Create a separate process, the client code is really a separate 138 * daemon that shares a lot of code. 139 */ 140 switch (child = fork()) { 141 case -1: 142 err(1, "fork"); 143 case 0: 144 break; 145 default: 146 return (child); 147 } 148 149 signal(SIGHUP, (sig_t)client_cleanup); 150 signal(SIGTERM, (sig_t)client_cleanup); 151 152 /* Setup. */ 153 (void)time(&owner.tod); 154 owner.pid = getpid(); 155 (void)gethostname(hostname, sizeof(hostname) - 1); 156 157 /* Open the fifo for reading. */ 158 if ((fd = open(_PATH_LCKFIFO, O_RDONLY | O_NONBLOCK)) == -1) { 159 syslog(LOG_ERR, "open: %s: %m", _PATH_LCKFIFO); 160 goto err; 161 } 162 pw = getpwnam(DAEMON_USERNAME); 163 if (pw == NULL) { 164 syslog(LOG_ERR, "getpwnam: %s: %m", DAEMON_USERNAME); 165 goto err; 166 } 167 daemon_uid = pw->pw_uid; 168 /* drop our root priviledges */ 169 (void)lockd_seteuid(daemon_uid); 170 171 for (;;) { 172 /* Wait for contact... fifo's return EAGAIN when read with 173 * no data 174 */ 175 /* Set up the select. */ 176 FD_ZERO(&rdset); 177 FD_SET(fd, &rdset); 178 (void)select(fd + 1, &rdset, NULL, NULL, NULL); 179 180 /* Read the fixed length message. */ 181 if ((nr = read(fd, &msg, sizeof(msg))) == sizeof(msg)) { 182 if (d_args) 183 show(&msg); 184 185 if (msg.lm_version != LOCKD_MSG_VERSION) { 186 syslog(LOG_ERR, 187 "unknown msg type: %d", msg.lm_version); 188 } 189 /* 190 * Send it to the NLM server and don't grant the lock 191 * if we fail for any reason. 192 */ 193 switch (msg.lm_fl.l_type) { 194 case F_RDLCK: 195 case F_WRLCK: 196 if (msg.lm_getlk) 197 ret = test_request(&msg); 198 else 199 ret = lock_request(&msg); 200 break; 201 case F_UNLCK: 202 ret = unlock_request(&msg); 203 break; 204 default: 205 ret = 1; 206 syslog(LOG_ERR, 207 "unknown lock type: %d", msg.lm_fl.l_type); 208 break; 209 } 210 if (ret) { 211 struct lockd_ans ans; 212 213 ans.la_msg_ident = msg.lm_msg_ident; 214 ans.la_errno = EHOSTUNREACH; 215 216 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 217 syslog((errno == EPIPE ? LOG_INFO : 218 LOG_ERR), "process %lu: %m", 219 (u_long)msg.lm_msg_ident.pid); 220 } 221 } 222 } else if (nr == -1) { 223 if (errno != EAGAIN) { 224 syslog(LOG_ERR, "read: %s: %m", _PATH_LCKFIFO); 225 goto err; 226 } 227 } else if (nr != 0) { 228 syslog(LOG_ERR, 229 "%s: discard %d bytes", _PATH_LCKFIFO, nr); 230 } 231 } 232 233 /* Reached only on error. */ 234 err: 235 (void)lockd_seteuid(0); 236 (void)unlink(_PATH_LCKFIFO); 237 _exit (1); 238 } 239 240 void 241 set_auth(cl, xucred) 242 CLIENT *cl; 243 struct xucred *xucred; 244 { 245 if (cl->cl_auth != NULL) 246 cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); 247 cl->cl_auth = authunix_create(hostname, 248 xucred->cr_uid, 249 xucred->cr_groups[0], 250 xucred->cr_ngroups - 1, 251 &xucred->cr_groups[1]); 252 } 253 254 255 /* 256 * test_request -- 257 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 258 */ 259 int 260 test_request(LOCKD_MSG *msg) 261 { 262 CLIENT *cli; 263 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 264 char dummy; 265 266 if (d_calls) 267 syslog(LOG_DEBUG, "test request: %s: %s to %s", 268 msg->lm_nfsv3 ? "V4" : "V1/3", 269 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 270 from_addr((struct sockaddr *)&msg->lm_addr)); 271 272 if (msg->lm_nfsv3) { 273 struct nlm4_testargs arg4; 274 275 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 276 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 277 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 278 arg4.alock.caller_name = hostname; 279 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 280 arg4.alock.fh.n_len = msg->lm_fh_len; 281 arg4.alock.oh.n_bytes = (char *)&owner; 282 arg4.alock.oh.n_len = sizeof(owner); 283 arg4.alock.svid = msg->lm_msg_ident.pid; 284 arg4.alock.l_offset = msg->lm_fl.l_start; 285 arg4.alock.l_len = msg->lm_fl.l_len; 286 287 if ((cli = get_client( 288 (struct sockaddr *)&msg->lm_addr, 289 NLM_VERS4)) == NULL) 290 return (1); 291 292 set_auth(cli, &msg->lm_cred); 293 (void)clnt_call(cli, NLM_TEST_MSG, 294 xdr_nlm4_testargs, &arg4, xdr_void, &dummy, timeout); 295 } else { 296 struct nlm_testargs arg; 297 298 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 299 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 300 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 301 arg.alock.caller_name = hostname; 302 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 303 arg.alock.fh.n_len = msg->lm_fh_len; 304 arg.alock.oh.n_bytes = (char *)&owner; 305 arg.alock.oh.n_len = sizeof(owner); 306 arg.alock.svid = msg->lm_msg_ident.pid; 307 arg.alock.l_offset = msg->lm_fl.l_start; 308 arg.alock.l_len = msg->lm_fl.l_len; 309 310 if ((cli = get_client( 311 (struct sockaddr *)&msg->lm_addr, 312 NLM_VERS)) == NULL) 313 return (1); 314 315 set_auth(cli, &msg->lm_cred); 316 (void)clnt_call(cli, NLM_TEST_MSG, 317 xdr_nlm_testargs, &arg, xdr_void, &dummy, timeout); 318 } 319 return (0); 320 } 321 322 /* 323 * lock_request -- 324 * Convert a lock LOCKD_MSG into an NLM request, and send it off. 325 */ 326 int 327 lock_request(LOCKD_MSG *msg) 328 { 329 CLIENT *cli; 330 struct nlm4_lockargs arg4; 331 struct nlm_lockargs arg; 332 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 333 char dummy; 334 335 if (d_calls) 336 syslog(LOG_DEBUG, "lock request: %s: %s to %s", 337 msg->lm_nfsv3 ? "V4" : "V1/3", 338 msg->lm_fl.l_type == F_WRLCK ? "write" : "read", 339 from_addr((struct sockaddr *)&msg->lm_addr)); 340 341 if (msg->lm_nfsv3) { 342 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 343 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 344 arg4.block = msg->lm_wait ? 1 : 0; 345 arg4.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 346 arg4.alock.caller_name = hostname; 347 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 348 arg4.alock.fh.n_len = msg->lm_fh_len; 349 arg4.alock.oh.n_bytes = (char *)&owner; 350 arg4.alock.oh.n_len = sizeof(owner); 351 arg4.alock.svid = msg->lm_msg_ident.pid; 352 arg4.alock.l_offset = msg->lm_fl.l_start; 353 arg4.alock.l_len = msg->lm_fl.l_len; 354 arg4.reclaim = 0; 355 arg4.state = nsm_state; 356 357 if ((cli = get_client( 358 (struct sockaddr *)&msg->lm_addr, 359 NLM_VERS4)) == NULL) 360 return (1); 361 362 set_auth(cli, &msg->lm_cred); 363 (void)clnt_call(cli, NLM_LOCK_MSG, 364 xdr_nlm4_lockargs, &arg4, xdr_void, &dummy, timeout); 365 } else { 366 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 367 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 368 arg.block = msg->lm_wait ? 1 : 0; 369 arg.exclusive = msg->lm_fl.l_type == F_WRLCK ? 1 : 0; 370 arg.alock.caller_name = hostname; 371 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 372 arg.alock.fh.n_len = msg->lm_fh_len; 373 arg.alock.oh.n_bytes = (char *)&owner; 374 arg.alock.oh.n_len = sizeof(owner); 375 arg.alock.svid = msg->lm_msg_ident.pid; 376 arg.alock.l_offset = msg->lm_fl.l_start; 377 arg.alock.l_len = msg->lm_fl.l_len; 378 arg.reclaim = 0; 379 arg.state = nsm_state; 380 381 if ((cli = get_client( 382 (struct sockaddr *)&msg->lm_addr, 383 NLM_VERS)) == NULL) 384 return (1); 385 386 set_auth(cli, &msg->lm_cred); 387 (void)clnt_call(cli, NLM_LOCK_MSG, 388 xdr_nlm_lockargs, &arg, xdr_void, &dummy, timeout); 389 } 390 return (0); 391 } 392 393 /* 394 * unlock_request -- 395 * Convert an unlock LOCKD_MSG into an NLM request, and send it off. 396 */ 397 int 398 unlock_request(LOCKD_MSG *msg) 399 { 400 CLIENT *cli; 401 struct nlm4_unlockargs arg4; 402 struct nlm_unlockargs arg; 403 struct timeval timeout = {0, 0}; /* No timeout, no response. */ 404 char dummy; 405 406 if (d_calls) 407 syslog(LOG_DEBUG, "unlock request: %s: to %s", 408 msg->lm_nfsv3 ? "V4" : "V1/3", 409 from_addr((struct sockaddr *)&msg->lm_addr)); 410 411 if (msg->lm_nfsv3) { 412 arg4.cookie.n_bytes = (char *)&msg->lm_msg_ident; 413 arg4.cookie.n_len = sizeof(msg->lm_msg_ident); 414 arg4.alock.caller_name = hostname; 415 arg4.alock.fh.n_bytes = (char *)&msg->lm_fh; 416 arg4.alock.fh.n_len = msg->lm_fh_len; 417 arg4.alock.oh.n_bytes = (char *)&owner; 418 arg4.alock.oh.n_len = sizeof(owner); 419 arg4.alock.svid = msg->lm_msg_ident.pid; 420 arg4.alock.l_offset = msg->lm_fl.l_start; 421 arg4.alock.l_len = msg->lm_fl.l_len; 422 423 if ((cli = get_client( 424 (struct sockaddr *)&msg->lm_addr, 425 NLM_VERS4)) == NULL) 426 return (1); 427 428 set_auth(cli, &msg->lm_cred); 429 (void)clnt_call(cli, NLM_UNLOCK_MSG, 430 xdr_nlm4_unlockargs, &arg4, xdr_void, &dummy, timeout); 431 } else { 432 arg.cookie.n_bytes = (char *)&msg->lm_msg_ident; 433 arg.cookie.n_len = sizeof(msg->lm_msg_ident); 434 arg.alock.caller_name = hostname; 435 arg.alock.fh.n_bytes = (char *)&msg->lm_fh; 436 arg.alock.fh.n_len = msg->lm_fh_len; 437 arg.alock.oh.n_bytes = (char *)&owner; 438 arg.alock.oh.n_len = sizeof(owner); 439 arg.alock.svid = msg->lm_msg_ident.pid; 440 arg.alock.l_offset = msg->lm_fl.l_start; 441 arg.alock.l_len = msg->lm_fl.l_len; 442 443 if ((cli = get_client( 444 (struct sockaddr *)&msg->lm_addr, 445 NLM_VERS)) == NULL) 446 return (1); 447 448 set_auth(cli, &msg->lm_cred); 449 (void)clnt_call(cli, NLM_UNLOCK_MSG, 450 xdr_nlm_unlockargs, &arg, xdr_void, &dummy, timeout); 451 } 452 453 return (0); 454 } 455 456 int 457 lock_answer(int pid, netobj *netcookie, int result, int *pid_p, int version) 458 { 459 struct lockd_ans ans; 460 461 if (netcookie->n_len != sizeof(ans.la_msg_ident)) { 462 if (pid == -1) { /* we're screwed */ 463 syslog(LOG_ERR, "inedible nlm cookie"); 464 return -1; 465 } 466 ans.la_msg_ident.pid = pid; 467 ans.la_msg_ident.msg_seq = -1; 468 } else { 469 memcpy(&ans.la_msg_ident, netcookie->n_bytes, 470 sizeof(ans.la_msg_ident)); 471 } 472 473 if (d_calls) 474 syslog(LOG_DEBUG, "lock answer: pid %lu: %s %d", 475 (unsigned long)ans.la_msg_ident.pid, 476 version == NLM_VERS4 ? "nlmv4" : "nlmv3", 477 result); 478 479 ans.la_set_getlk_pid = 0; 480 if (version == NLM_VERS4) 481 switch (result) { 482 case nlm4_granted: 483 ans.la_errno = 0; 484 break; 485 default: 486 ans.la_errno = EACCES; 487 break; 488 case nlm4_denied: 489 if (pid_p == NULL) 490 ans.la_errno = EAGAIN; 491 else { 492 /* this is an answer to a nlm_test msg */ 493 ans.la_set_getlk_pid = 1; 494 ans.la_getlk_pid = *pid_p; 495 ans.la_errno = 0; 496 } 497 break; 498 case nlm4_denied_nolocks: 499 ans.la_errno = EAGAIN; 500 break; 501 case nlm4_blocked: 502 return -1; 503 /* NOTREACHED */ 504 case nlm4_denied_grace_period: 505 ans.la_errno = EAGAIN; 506 break; 507 case nlm4_deadlck: 508 ans.la_errno = EDEADLK; 509 break; 510 case nlm4_rofs: 511 ans.la_errno = EROFS; 512 break; 513 case nlm4_stale_fh: 514 ans.la_errno = ESTALE; 515 break; 516 case nlm4_fbig: 517 ans.la_errno = EFBIG; 518 break; 519 case nlm4_failed: 520 ans.la_errno = EACCES; 521 break; 522 } 523 else 524 switch (result) { 525 case nlm_granted: 526 ans.la_errno = 0; 527 break; 528 default: 529 ans.la_errno = EACCES; 530 break; 531 case nlm_denied: 532 if (pid_p == NULL) 533 ans.la_errno = EAGAIN; 534 else { 535 /* this is an answer to a nlm_test msg */ 536 ans.la_set_getlk_pid = 1; 537 ans.la_getlk_pid = *pid_p; 538 ans.la_errno = 0; 539 } 540 break; 541 case nlm_denied_nolocks: 542 ans.la_errno = EAGAIN; 543 break; 544 case nlm_blocked: 545 return -1; 546 /* NOTREACHED */ 547 case nlm_denied_grace_period: 548 ans.la_errno = EAGAIN; 549 break; 550 case nlm_deadlck: 551 ans.la_errno = EDEADLK; 552 break; 553 } 554 555 if (nfslockdans(LOCKD_ANS_VERSION, &ans)) { 556 syslog(((errno == EPIPE || errno == ESRCH) ? 557 LOG_INFO : LOG_ERR), 558 "process %lu: %m", (u_long)ans.la_msg_ident.pid); 559 return -1; 560 } 561 return 0; 562 } 563 564 /* 565 * show -- 566 * Display the contents of a kernel LOCKD_MSG structure. 567 */ 568 void 569 show(LOCKD_MSG *mp) 570 { 571 static char hex[] = "0123456789abcdef"; 572 struct fid *fidp; 573 fsid_t *fsidp; 574 size_t len; 575 u_int8_t *p, *t, buf[NFS_SMALLFH*3+1]; 576 577 syslog(LOG_DEBUG, "process ID: %lu\n", (long)mp->lm_msg_ident.pid); 578 579 fsidp = (fsid_t *)&mp->lm_fh; 580 fidp = (struct fid *)((u_int8_t *)&mp->lm_fh + sizeof(fsid_t)); 581 582 for (t = buf, p = (u_int8_t *)mp->lm_fh, 583 len = mp->lm_fh_len; 584 len > 0; ++p, --len) { 585 *t++ = '\\'; 586 *t++ = hex[(*p & 0xf0) >> 4]; 587 *t++ = hex[*p & 0x0f]; 588 } 589 *t = '\0'; 590 591 syslog(LOG_DEBUG, "fh_len %d, fh %s\n", mp->lm_fh_len, buf); 592 593 /* Show flock structure. */ 594 syslog(LOG_DEBUG, "start %qu; len %qu; pid %lu; type %d; whence %d\n", 595 mp->lm_fl.l_start, mp->lm_fl.l_len, (u_long)mp->lm_fl.l_pid, 596 mp->lm_fl.l_type, mp->lm_fl.l_whence); 597 598 /* Show wait flag. */ 599 syslog(LOG_DEBUG, "wait was %s\n", mp->lm_wait ? "set" : "not set"); 600 } 601