1 #define MSNFS /* HACK HACK */ 2 /* 3 * linux/fs/nfsd/export.c 4 * 5 * NFS exporting and validation. 6 * 7 * We maintain a list of clients, each of which has a list of 8 * exports. To export an fs to a given client, you first have 9 * to create the client entry with NFSCTL_ADDCLIENT, which 10 * creates a client control block and adds it to the hash 11 * table. Then, you call NFSCTL_EXPORT for each fs. 12 * 13 * 14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de> 15 */ 16 17 #include <linux/unistd.h> 18 #include <linux/slab.h> 19 #include <linux/stat.h> 20 #include <linux/in.h> 21 #include <linux/seq_file.h> 22 #include <linux/syscalls.h> 23 #include <linux/rwsem.h> 24 #include <linux/dcache.h> 25 #include <linux/namei.h> 26 #include <linux/mount.h> 27 #include <linux/hash.h> 28 #include <linux/module.h> 29 #include <linux/exportfs.h> 30 31 #include <linux/sunrpc/svc.h> 32 #include <linux/nfsd/nfsd.h> 33 #include <linux/nfsd/nfsfh.h> 34 #include <linux/nfsd/syscall.h> 35 #include <linux/lockd/bind.h> 36 #include <linux/sunrpc/msg_prot.h> 37 #include <linux/sunrpc/gss_api.h> 38 #include <net/ipv6.h> 39 40 #define NFSDDBG_FACILITY NFSDDBG_EXPORT 41 42 typedef struct auth_domain svc_client; 43 typedef struct svc_export svc_export; 44 45 static void exp_do_unexport(svc_export *unexp); 46 static int exp_verify_string(char *cp, int max); 47 48 /* 49 * We have two caches. 50 * One maps client+vfsmnt+dentry to export options - the export map 51 * The other maps client+filehandle-fragment to export options. - the expkey map 52 * 53 * The export options are actually stored in the first map, and the 54 * second map contains a reference to the entry in the first map. 55 */ 56 57 #define EXPKEY_HASHBITS 8 58 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS) 59 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1) 60 static struct cache_head *expkey_table[EXPKEY_HASHMAX]; 61 62 static void expkey_put(struct kref *ref) 63 { 64 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref); 65 66 if (test_bit(CACHE_VALID, &key->h.flags) && 67 !test_bit(CACHE_NEGATIVE, &key->h.flags)) 68 path_put(&key->ek_path); 69 auth_domain_put(key->ek_client); 70 kfree(key); 71 } 72 73 static void expkey_request(struct cache_detail *cd, 74 struct cache_head *h, 75 char **bpp, int *blen) 76 { 77 /* client fsidtype \xfsid */ 78 struct svc_expkey *ek = container_of(h, struct svc_expkey, h); 79 char type[5]; 80 81 qword_add(bpp, blen, ek->ek_client->name); 82 snprintf(type, 5, "%d", ek->ek_fsidtype); 83 qword_add(bpp, blen, type); 84 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype)); 85 (*bpp)[-1] = '\n'; 86 } 87 88 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old); 89 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *); 90 static struct cache_detail svc_expkey_cache; 91 92 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen) 93 { 94 /* client fsidtype fsid [path] */ 95 char *buf; 96 int len; 97 struct auth_domain *dom = NULL; 98 int err; 99 int fsidtype; 100 char *ep; 101 struct svc_expkey key; 102 struct svc_expkey *ek = NULL; 103 104 if (mesg[mlen-1] != '\n') 105 return -EINVAL; 106 mesg[mlen-1] = 0; 107 108 buf = kmalloc(PAGE_SIZE, GFP_KERNEL); 109 err = -ENOMEM; 110 if (!buf) 111 goto out; 112 113 err = -EINVAL; 114 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 115 goto out; 116 117 err = -ENOENT; 118 dom = auth_domain_find(buf); 119 if (!dom) 120 goto out; 121 dprintk("found domain %s\n", buf); 122 123 err = -EINVAL; 124 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 125 goto out; 126 fsidtype = simple_strtoul(buf, &ep, 10); 127 if (*ep) 128 goto out; 129 dprintk("found fsidtype %d\n", fsidtype); 130 if (key_len(fsidtype)==0) /* invalid type */ 131 goto out; 132 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 133 goto out; 134 dprintk("found fsid length %d\n", len); 135 if (len != key_len(fsidtype)) 136 goto out; 137 138 /* OK, we seem to have a valid key */ 139 key.h.flags = 0; 140 key.h.expiry_time = get_expiry(&mesg); 141 if (key.h.expiry_time == 0) 142 goto out; 143 144 key.ek_client = dom; 145 key.ek_fsidtype = fsidtype; 146 memcpy(key.ek_fsid, buf, len); 147 148 ek = svc_expkey_lookup(&key); 149 err = -ENOMEM; 150 if (!ek) 151 goto out; 152 153 /* now we want a pathname, or empty meaning NEGATIVE */ 154 err = -EINVAL; 155 len = qword_get(&mesg, buf, PAGE_SIZE); 156 if (len < 0) 157 goto out; 158 dprintk("Path seems to be <%s>\n", buf); 159 err = 0; 160 if (len == 0) { 161 set_bit(CACHE_NEGATIVE, &key.h.flags); 162 ek = svc_expkey_update(&key, ek); 163 if (!ek) 164 err = -ENOMEM; 165 } else { 166 err = kern_path(buf, 0, &key.ek_path); 167 if (err) 168 goto out; 169 170 dprintk("Found the path %s\n", buf); 171 172 ek = svc_expkey_update(&key, ek); 173 if (!ek) 174 err = -ENOMEM; 175 path_put(&key.ek_path); 176 } 177 cache_flush(); 178 out: 179 if (ek) 180 cache_put(&ek->h, &svc_expkey_cache); 181 if (dom) 182 auth_domain_put(dom); 183 kfree(buf); 184 return err; 185 } 186 187 static int expkey_show(struct seq_file *m, 188 struct cache_detail *cd, 189 struct cache_head *h) 190 { 191 struct svc_expkey *ek ; 192 int i; 193 194 if (h ==NULL) { 195 seq_puts(m, "#domain fsidtype fsid [path]\n"); 196 return 0; 197 } 198 ek = container_of(h, struct svc_expkey, h); 199 seq_printf(m, "%s %d 0x", ek->ek_client->name, 200 ek->ek_fsidtype); 201 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++) 202 seq_printf(m, "%08x", ek->ek_fsid[i]); 203 if (test_bit(CACHE_VALID, &h->flags) && 204 !test_bit(CACHE_NEGATIVE, &h->flags)) { 205 seq_printf(m, " "); 206 seq_path(m, &ek->ek_path, "\\ \t\n"); 207 } 208 seq_printf(m, "\n"); 209 return 0; 210 } 211 212 static inline int expkey_match (struct cache_head *a, struct cache_head *b) 213 { 214 struct svc_expkey *orig = container_of(a, struct svc_expkey, h); 215 struct svc_expkey *new = container_of(b, struct svc_expkey, h); 216 217 if (orig->ek_fsidtype != new->ek_fsidtype || 218 orig->ek_client != new->ek_client || 219 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0) 220 return 0; 221 return 1; 222 } 223 224 static inline void expkey_init(struct cache_head *cnew, 225 struct cache_head *citem) 226 { 227 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); 228 struct svc_expkey *item = container_of(citem, struct svc_expkey, h); 229 230 kref_get(&item->ek_client->ref); 231 new->ek_client = item->ek_client; 232 new->ek_fsidtype = item->ek_fsidtype; 233 234 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid)); 235 } 236 237 static inline void expkey_update(struct cache_head *cnew, 238 struct cache_head *citem) 239 { 240 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h); 241 struct svc_expkey *item = container_of(citem, struct svc_expkey, h); 242 243 new->ek_path = item->ek_path; 244 path_get(&item->ek_path); 245 } 246 247 static struct cache_head *expkey_alloc(void) 248 { 249 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL); 250 if (i) 251 return &i->h; 252 else 253 return NULL; 254 } 255 256 static struct cache_detail svc_expkey_cache = { 257 .owner = THIS_MODULE, 258 .hash_size = EXPKEY_HASHMAX, 259 .hash_table = expkey_table, 260 .name = "nfsd.fh", 261 .cache_put = expkey_put, 262 .cache_request = expkey_request, 263 .cache_parse = expkey_parse, 264 .cache_show = expkey_show, 265 .match = expkey_match, 266 .init = expkey_init, 267 .update = expkey_update, 268 .alloc = expkey_alloc, 269 }; 270 271 static struct svc_expkey * 272 svc_expkey_lookup(struct svc_expkey *item) 273 { 274 struct cache_head *ch; 275 int hash = item->ek_fsidtype; 276 char * cp = (char*)item->ek_fsid; 277 int len = key_len(item->ek_fsidtype); 278 279 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); 280 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS); 281 hash &= EXPKEY_HASHMASK; 282 283 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h, 284 hash); 285 if (ch) 286 return container_of(ch, struct svc_expkey, h); 287 else 288 return NULL; 289 } 290 291 static struct svc_expkey * 292 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old) 293 { 294 struct cache_head *ch; 295 int hash = new->ek_fsidtype; 296 char * cp = (char*)new->ek_fsid; 297 int len = key_len(new->ek_fsidtype); 298 299 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS); 300 hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS); 301 hash &= EXPKEY_HASHMASK; 302 303 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h, 304 &old->h, hash); 305 if (ch) 306 return container_of(ch, struct svc_expkey, h); 307 else 308 return NULL; 309 } 310 311 312 #define EXPORT_HASHBITS 8 313 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS) 314 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1) 315 316 static struct cache_head *export_table[EXPORT_HASHMAX]; 317 318 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc) 319 { 320 int i; 321 322 for (i = 0; i < fsloc->locations_count; i++) { 323 kfree(fsloc->locations[i].path); 324 kfree(fsloc->locations[i].hosts); 325 } 326 kfree(fsloc->locations); 327 } 328 329 static void svc_export_put(struct kref *ref) 330 { 331 struct svc_export *exp = container_of(ref, struct svc_export, h.ref); 332 path_put(&exp->ex_path); 333 auth_domain_put(exp->ex_client); 334 kfree(exp->ex_pathname); 335 nfsd4_fslocs_free(&exp->ex_fslocs); 336 kfree(exp); 337 } 338 339 static void svc_export_request(struct cache_detail *cd, 340 struct cache_head *h, 341 char **bpp, int *blen) 342 { 343 /* client path */ 344 struct svc_export *exp = container_of(h, struct svc_export, h); 345 char *pth; 346 347 qword_add(bpp, blen, exp->ex_client->name); 348 pth = d_path(&exp->ex_path, *bpp, *blen); 349 if (IS_ERR(pth)) { 350 /* is this correct? */ 351 (*bpp)[0] = '\n'; 352 return; 353 } 354 qword_add(bpp, blen, pth); 355 (*bpp)[-1] = '\n'; 356 } 357 358 static struct svc_export *svc_export_update(struct svc_export *new, 359 struct svc_export *old); 360 static struct svc_export *svc_export_lookup(struct svc_export *); 361 362 static int check_export(struct inode *inode, int flags, unsigned char *uuid) 363 { 364 365 /* We currently export only dirs and regular files. 366 * This is what umountd does. 367 */ 368 if (!S_ISDIR(inode->i_mode) && 369 !S_ISREG(inode->i_mode)) 370 return -ENOTDIR; 371 372 /* There are two requirements on a filesystem to be exportable. 373 * 1: We must be able to identify the filesystem from a number. 374 * either a device number (so FS_REQUIRES_DEV needed) 375 * or an FSID number (so NFSEXP_FSID or ->uuid is needed). 376 * 2: We must be able to find an inode from a filehandle. 377 * This means that s_export_op must be set. 378 */ 379 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) && 380 !(flags & NFSEXP_FSID) && 381 uuid == NULL) { 382 dprintk("exp_export: export of non-dev fs without fsid\n"); 383 return -EINVAL; 384 } 385 386 if (!inode->i_sb->s_export_op || 387 !inode->i_sb->s_export_op->fh_to_dentry) { 388 dprintk("exp_export: export of invalid fs type.\n"); 389 return -EINVAL; 390 } 391 392 return 0; 393 394 } 395 396 #ifdef CONFIG_NFSD_V4 397 398 static int 399 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc) 400 { 401 int len; 402 int migrated, i, err; 403 404 /* listsize */ 405 err = get_int(mesg, &fsloc->locations_count); 406 if (err) 407 return err; 408 if (fsloc->locations_count > MAX_FS_LOCATIONS) 409 return -EINVAL; 410 if (fsloc->locations_count == 0) 411 return 0; 412 413 fsloc->locations = kzalloc(fsloc->locations_count 414 * sizeof(struct nfsd4_fs_location), GFP_KERNEL); 415 if (!fsloc->locations) 416 return -ENOMEM; 417 for (i=0; i < fsloc->locations_count; i++) { 418 /* colon separated host list */ 419 err = -EINVAL; 420 len = qword_get(mesg, buf, PAGE_SIZE); 421 if (len <= 0) 422 goto out_free_all; 423 err = -ENOMEM; 424 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL); 425 if (!fsloc->locations[i].hosts) 426 goto out_free_all; 427 err = -EINVAL; 428 /* slash separated path component list */ 429 len = qword_get(mesg, buf, PAGE_SIZE); 430 if (len <= 0) 431 goto out_free_all; 432 err = -ENOMEM; 433 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL); 434 if (!fsloc->locations[i].path) 435 goto out_free_all; 436 } 437 /* migrated */ 438 err = get_int(mesg, &migrated); 439 if (err) 440 goto out_free_all; 441 err = -EINVAL; 442 if (migrated < 0 || migrated > 1) 443 goto out_free_all; 444 fsloc->migrated = migrated; 445 return 0; 446 out_free_all: 447 nfsd4_fslocs_free(fsloc); 448 return err; 449 } 450 451 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp) 452 { 453 int listsize, err; 454 struct exp_flavor_info *f; 455 456 err = get_int(mesg, &listsize); 457 if (err) 458 return err; 459 if (listsize < 0 || listsize > MAX_SECINFO_LIST) 460 return -EINVAL; 461 462 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) { 463 err = get_int(mesg, &f->pseudoflavor); 464 if (err) 465 return err; 466 /* 467 * Just a quick sanity check; we could also try to check 468 * whether this pseudoflavor is supported, but at worst 469 * an unsupported pseudoflavor on the export would just 470 * be a pseudoflavor that won't match the flavor of any 471 * authenticated request. The administrator will 472 * probably discover the problem when someone fails to 473 * authenticate. 474 */ 475 if (f->pseudoflavor < 0) 476 return -EINVAL; 477 err = get_int(mesg, &f->flags); 478 if (err) 479 return err; 480 /* Only some flags are allowed to differ between flavors: */ 481 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags)) 482 return -EINVAL; 483 } 484 exp->ex_nflavors = listsize; 485 return 0; 486 } 487 488 #else /* CONFIG_NFSD_V4 */ 489 static inline int 490 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;} 491 static inline int 492 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; } 493 #endif 494 495 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) 496 { 497 /* client path expiry [flags anonuid anongid fsid] */ 498 char *buf; 499 int len; 500 int err; 501 struct auth_domain *dom = NULL; 502 struct svc_export exp = {}, *expp; 503 int an_int; 504 505 if (mesg[mlen-1] != '\n') 506 return -EINVAL; 507 mesg[mlen-1] = 0; 508 509 buf = kmalloc(PAGE_SIZE, GFP_KERNEL); 510 if (!buf) 511 return -ENOMEM; 512 513 /* client */ 514 err = -EINVAL; 515 len = qword_get(&mesg, buf, PAGE_SIZE); 516 if (len <= 0) 517 goto out; 518 519 err = -ENOENT; 520 dom = auth_domain_find(buf); 521 if (!dom) 522 goto out; 523 524 /* path */ 525 err = -EINVAL; 526 if ((len = qword_get(&mesg, buf, PAGE_SIZE)) <= 0) 527 goto out1; 528 529 err = kern_path(buf, 0, &exp.ex_path); 530 if (err) 531 goto out1; 532 533 exp.ex_client = dom; 534 535 err = -ENOMEM; 536 exp.ex_pathname = kstrdup(buf, GFP_KERNEL); 537 if (!exp.ex_pathname) 538 goto out2; 539 540 /* expiry */ 541 err = -EINVAL; 542 exp.h.expiry_time = get_expiry(&mesg); 543 if (exp.h.expiry_time == 0) 544 goto out3; 545 546 /* flags */ 547 err = get_int(&mesg, &an_int); 548 if (err == -ENOENT) { 549 err = 0; 550 set_bit(CACHE_NEGATIVE, &exp.h.flags); 551 } else { 552 if (err || an_int < 0) 553 goto out3; 554 exp.ex_flags= an_int; 555 556 /* anon uid */ 557 err = get_int(&mesg, &an_int); 558 if (err) 559 goto out3; 560 exp.ex_anon_uid= an_int; 561 562 /* anon gid */ 563 err = get_int(&mesg, &an_int); 564 if (err) 565 goto out3; 566 exp.ex_anon_gid= an_int; 567 568 /* fsid */ 569 err = get_int(&mesg, &an_int); 570 if (err) 571 goto out3; 572 exp.ex_fsid = an_int; 573 574 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) { 575 if (strcmp(buf, "fsloc") == 0) 576 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs); 577 else if (strcmp(buf, "uuid") == 0) { 578 /* expect a 16 byte uuid encoded as \xXXXX... */ 579 len = qword_get(&mesg, buf, PAGE_SIZE); 580 if (len != 16) 581 err = -EINVAL; 582 else { 583 exp.ex_uuid = 584 kmemdup(buf, 16, GFP_KERNEL); 585 if (exp.ex_uuid == NULL) 586 err = -ENOMEM; 587 } 588 } else if (strcmp(buf, "secinfo") == 0) 589 err = secinfo_parse(&mesg, buf, &exp); 590 else 591 /* quietly ignore unknown words and anything 592 * following. Newer user-space can try to set 593 * new values, then see what the result was. 594 */ 595 break; 596 if (err) 597 goto out4; 598 } 599 600 err = check_export(exp.ex_path.dentry->d_inode, exp.ex_flags, 601 exp.ex_uuid); 602 if (err) 603 goto out4; 604 } 605 606 expp = svc_export_lookup(&exp); 607 if (expp) 608 expp = svc_export_update(&exp, expp); 609 else 610 err = -ENOMEM; 611 cache_flush(); 612 if (expp == NULL) 613 err = -ENOMEM; 614 else 615 exp_put(expp); 616 out4: 617 nfsd4_fslocs_free(&exp.ex_fslocs); 618 kfree(exp.ex_uuid); 619 out3: 620 kfree(exp.ex_pathname); 621 out2: 622 path_put(&exp.ex_path); 623 out1: 624 auth_domain_put(dom); 625 out: 626 kfree(buf); 627 return err; 628 } 629 630 static void exp_flags(struct seq_file *m, int flag, int fsid, 631 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs); 632 static void show_secinfo(struct seq_file *m, struct svc_export *exp); 633 634 static int svc_export_show(struct seq_file *m, 635 struct cache_detail *cd, 636 struct cache_head *h) 637 { 638 struct svc_export *exp ; 639 640 if (h ==NULL) { 641 seq_puts(m, "#path domain(flags)\n"); 642 return 0; 643 } 644 exp = container_of(h, struct svc_export, h); 645 seq_path(m, &exp->ex_path, " \t\n\\"); 646 seq_putc(m, '\t'); 647 seq_escape(m, exp->ex_client->name, " \t\n\\"); 648 seq_putc(m, '('); 649 if (test_bit(CACHE_VALID, &h->flags) && 650 !test_bit(CACHE_NEGATIVE, &h->flags)) { 651 exp_flags(m, exp->ex_flags, exp->ex_fsid, 652 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs); 653 if (exp->ex_uuid) { 654 int i; 655 seq_puts(m, ",uuid="); 656 for (i=0; i<16; i++) { 657 if ((i&3) == 0 && i) 658 seq_putc(m, ':'); 659 seq_printf(m, "%02x", exp->ex_uuid[i]); 660 } 661 } 662 show_secinfo(m, exp); 663 } 664 seq_puts(m, ")\n"); 665 return 0; 666 } 667 static int svc_export_match(struct cache_head *a, struct cache_head *b) 668 { 669 struct svc_export *orig = container_of(a, struct svc_export, h); 670 struct svc_export *new = container_of(b, struct svc_export, h); 671 return orig->ex_client == new->ex_client && 672 orig->ex_path.dentry == new->ex_path.dentry && 673 orig->ex_path.mnt == new->ex_path.mnt; 674 } 675 676 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem) 677 { 678 struct svc_export *new = container_of(cnew, struct svc_export, h); 679 struct svc_export *item = container_of(citem, struct svc_export, h); 680 681 kref_get(&item->ex_client->ref); 682 new->ex_client = item->ex_client; 683 new->ex_path.dentry = dget(item->ex_path.dentry); 684 new->ex_path.mnt = mntget(item->ex_path.mnt); 685 new->ex_pathname = NULL; 686 new->ex_fslocs.locations = NULL; 687 new->ex_fslocs.locations_count = 0; 688 new->ex_fslocs.migrated = 0; 689 } 690 691 static void export_update(struct cache_head *cnew, struct cache_head *citem) 692 { 693 struct svc_export *new = container_of(cnew, struct svc_export, h); 694 struct svc_export *item = container_of(citem, struct svc_export, h); 695 int i; 696 697 new->ex_flags = item->ex_flags; 698 new->ex_anon_uid = item->ex_anon_uid; 699 new->ex_anon_gid = item->ex_anon_gid; 700 new->ex_fsid = item->ex_fsid; 701 new->ex_uuid = item->ex_uuid; 702 item->ex_uuid = NULL; 703 new->ex_pathname = item->ex_pathname; 704 item->ex_pathname = NULL; 705 new->ex_fslocs.locations = item->ex_fslocs.locations; 706 item->ex_fslocs.locations = NULL; 707 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count; 708 item->ex_fslocs.locations_count = 0; 709 new->ex_fslocs.migrated = item->ex_fslocs.migrated; 710 item->ex_fslocs.migrated = 0; 711 new->ex_nflavors = item->ex_nflavors; 712 for (i = 0; i < MAX_SECINFO_LIST; i++) { 713 new->ex_flavors[i] = item->ex_flavors[i]; 714 } 715 } 716 717 static struct cache_head *svc_export_alloc(void) 718 { 719 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL); 720 if (i) 721 return &i->h; 722 else 723 return NULL; 724 } 725 726 struct cache_detail svc_export_cache = { 727 .owner = THIS_MODULE, 728 .hash_size = EXPORT_HASHMAX, 729 .hash_table = export_table, 730 .name = "nfsd.export", 731 .cache_put = svc_export_put, 732 .cache_request = svc_export_request, 733 .cache_parse = svc_export_parse, 734 .cache_show = svc_export_show, 735 .match = svc_export_match, 736 .init = svc_export_init, 737 .update = export_update, 738 .alloc = svc_export_alloc, 739 }; 740 741 static struct svc_export * 742 svc_export_lookup(struct svc_export *exp) 743 { 744 struct cache_head *ch; 745 int hash; 746 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS); 747 hash ^= hash_ptr(exp->ex_path.dentry, EXPORT_HASHBITS); 748 hash ^= hash_ptr(exp->ex_path.mnt, EXPORT_HASHBITS); 749 750 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h, 751 hash); 752 if (ch) 753 return container_of(ch, struct svc_export, h); 754 else 755 return NULL; 756 } 757 758 static struct svc_export * 759 svc_export_update(struct svc_export *new, struct svc_export *old) 760 { 761 struct cache_head *ch; 762 int hash; 763 hash = hash_ptr(old->ex_client, EXPORT_HASHBITS); 764 hash ^= hash_ptr(old->ex_path.dentry, EXPORT_HASHBITS); 765 hash ^= hash_ptr(old->ex_path.mnt, EXPORT_HASHBITS); 766 767 ch = sunrpc_cache_update(&svc_export_cache, &new->h, 768 &old->h, 769 hash); 770 if (ch) 771 return container_of(ch, struct svc_export, h); 772 else 773 return NULL; 774 } 775 776 777 static struct svc_expkey * 778 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp) 779 { 780 struct svc_expkey key, *ek; 781 int err; 782 783 if (!clp) 784 return ERR_PTR(-ENOENT); 785 786 key.ek_client = clp; 787 key.ek_fsidtype = fsid_type; 788 memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); 789 790 ek = svc_expkey_lookup(&key); 791 if (ek == NULL) 792 return ERR_PTR(-ENOMEM); 793 err = cache_check(&svc_expkey_cache, &ek->h, reqp); 794 if (err) 795 return ERR_PTR(err); 796 return ek; 797 } 798 799 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv, 800 struct svc_export *exp) 801 { 802 struct svc_expkey key, *ek; 803 804 key.ek_client = clp; 805 key.ek_fsidtype = fsid_type; 806 memcpy(key.ek_fsid, fsidv, key_len(fsid_type)); 807 key.ek_path = exp->ex_path; 808 key.h.expiry_time = NEVER; 809 key.h.flags = 0; 810 811 ek = svc_expkey_lookup(&key); 812 if (ek) 813 ek = svc_expkey_update(&key,ek); 814 if (ek) { 815 cache_put(&ek->h, &svc_expkey_cache); 816 return 0; 817 } 818 return -ENOMEM; 819 } 820 821 /* 822 * Find the client's export entry matching xdev/xino. 823 */ 824 static inline struct svc_expkey * 825 exp_get_key(svc_client *clp, dev_t dev, ino_t ino) 826 { 827 u32 fsidv[3]; 828 829 if (old_valid_dev(dev)) { 830 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL); 831 return exp_find_key(clp, FSID_DEV, fsidv, NULL); 832 } 833 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL); 834 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL); 835 } 836 837 /* 838 * Find the client's export entry matching fsid 839 */ 840 static inline struct svc_expkey * 841 exp_get_fsid_key(svc_client *clp, int fsid) 842 { 843 u32 fsidv[2]; 844 845 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL); 846 847 return exp_find_key(clp, FSID_NUM, fsidv, NULL); 848 } 849 850 static svc_export *exp_get_by_name(svc_client *clp, const struct path *path, 851 struct cache_req *reqp) 852 { 853 struct svc_export *exp, key; 854 int err; 855 856 if (!clp) 857 return ERR_PTR(-ENOENT); 858 859 key.ex_client = clp; 860 key.ex_path = *path; 861 862 exp = svc_export_lookup(&key); 863 if (exp == NULL) 864 return ERR_PTR(-ENOMEM); 865 err = cache_check(&svc_export_cache, &exp->h, reqp); 866 if (err) 867 return ERR_PTR(err); 868 return exp; 869 } 870 871 /* 872 * Find the export entry for a given dentry. 873 */ 874 static struct svc_export *exp_parent(svc_client *clp, struct path *path) 875 { 876 struct dentry *saved = dget(path->dentry); 877 svc_export *exp = exp_get_by_name(clp, path, NULL); 878 879 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) { 880 struct dentry *parent = dget_parent(path->dentry); 881 dput(path->dentry); 882 path->dentry = parent; 883 exp = exp_get_by_name(clp, path, NULL); 884 } 885 dput(path->dentry); 886 path->dentry = saved; 887 return exp; 888 } 889 890 /* 891 * Hashtable locking. Write locks are placed only by user processes 892 * wanting to modify export information. 893 * Write locking only done in this file. Read locking 894 * needed externally. 895 */ 896 897 static DECLARE_RWSEM(hash_sem); 898 899 void 900 exp_readlock(void) 901 { 902 down_read(&hash_sem); 903 } 904 905 static inline void 906 exp_writelock(void) 907 { 908 down_write(&hash_sem); 909 } 910 911 void 912 exp_readunlock(void) 913 { 914 up_read(&hash_sem); 915 } 916 917 static inline void 918 exp_writeunlock(void) 919 { 920 up_write(&hash_sem); 921 } 922 923 static void exp_fsid_unhash(struct svc_export *exp) 924 { 925 struct svc_expkey *ek; 926 927 if ((exp->ex_flags & NFSEXP_FSID) == 0) 928 return; 929 930 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid); 931 if (!IS_ERR(ek)) { 932 ek->h.expiry_time = get_seconds()-1; 933 cache_put(&ek->h, &svc_expkey_cache); 934 } 935 svc_expkey_cache.nextcheck = get_seconds(); 936 } 937 938 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp) 939 { 940 u32 fsid[2]; 941 942 if ((exp->ex_flags & NFSEXP_FSID) == 0) 943 return 0; 944 945 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL); 946 return exp_set_key(clp, FSID_NUM, fsid, exp); 947 } 948 949 static int exp_hash(struct auth_domain *clp, struct svc_export *exp) 950 { 951 u32 fsid[2]; 952 struct inode *inode = exp->ex_path.dentry->d_inode; 953 dev_t dev = inode->i_sb->s_dev; 954 955 if (old_valid_dev(dev)) { 956 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL); 957 return exp_set_key(clp, FSID_DEV, fsid, exp); 958 } 959 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL); 960 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp); 961 } 962 963 static void exp_unhash(struct svc_export *exp) 964 { 965 struct svc_expkey *ek; 966 struct inode *inode = exp->ex_path.dentry->d_inode; 967 968 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino); 969 if (!IS_ERR(ek)) { 970 ek->h.expiry_time = get_seconds()-1; 971 cache_put(&ek->h, &svc_expkey_cache); 972 } 973 svc_expkey_cache.nextcheck = get_seconds(); 974 } 975 976 /* 977 * Export a file system. 978 */ 979 int 980 exp_export(struct nfsctl_export *nxp) 981 { 982 svc_client *clp; 983 struct svc_export *exp = NULL; 984 struct svc_export new; 985 struct svc_expkey *fsid_key = NULL; 986 struct path path; 987 int err; 988 989 /* Consistency check */ 990 err = -EINVAL; 991 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || 992 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) 993 goto out; 994 995 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n", 996 nxp->ex_client, nxp->ex_path, 997 (unsigned)nxp->ex_dev, (long)nxp->ex_ino, 998 nxp->ex_flags); 999 1000 /* Try to lock the export table for update */ 1001 exp_writelock(); 1002 1003 /* Look up client info */ 1004 if (!(clp = auth_domain_find(nxp->ex_client))) 1005 goto out_unlock; 1006 1007 1008 /* Look up the dentry */ 1009 err = kern_path(nxp->ex_path, 0, &path); 1010 if (err) 1011 goto out_put_clp; 1012 err = -EINVAL; 1013 1014 exp = exp_get_by_name(clp, &path, NULL); 1015 1016 memset(&new, 0, sizeof(new)); 1017 1018 /* must make sure there won't be an ex_fsid clash */ 1019 if ((nxp->ex_flags & NFSEXP_FSID) && 1020 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) && 1021 fsid_key->ek_path.mnt && 1022 (fsid_key->ek_path.mnt != path.mnt || 1023 fsid_key->ek_path.dentry != path.dentry)) 1024 goto finish; 1025 1026 if (!IS_ERR(exp)) { 1027 /* just a flags/id/fsid update */ 1028 1029 exp_fsid_unhash(exp); 1030 exp->ex_flags = nxp->ex_flags; 1031 exp->ex_anon_uid = nxp->ex_anon_uid; 1032 exp->ex_anon_gid = nxp->ex_anon_gid; 1033 exp->ex_fsid = nxp->ex_dev; 1034 1035 err = exp_fsid_hash(clp, exp); 1036 goto finish; 1037 } 1038 1039 err = check_export(path.dentry->d_inode, nxp->ex_flags, NULL); 1040 if (err) goto finish; 1041 1042 err = -ENOMEM; 1043 1044 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp); 1045 1046 new.h.expiry_time = NEVER; 1047 new.h.flags = 0; 1048 new.ex_pathname = kstrdup(nxp->ex_path, GFP_KERNEL); 1049 if (!new.ex_pathname) 1050 goto finish; 1051 new.ex_client = clp; 1052 new.ex_path = path; 1053 new.ex_flags = nxp->ex_flags; 1054 new.ex_anon_uid = nxp->ex_anon_uid; 1055 new.ex_anon_gid = nxp->ex_anon_gid; 1056 new.ex_fsid = nxp->ex_dev; 1057 1058 exp = svc_export_lookup(&new); 1059 if (exp) 1060 exp = svc_export_update(&new, exp); 1061 1062 if (!exp) 1063 goto finish; 1064 1065 if (exp_hash(clp, exp) || 1066 exp_fsid_hash(clp, exp)) { 1067 /* failed to create at least one index */ 1068 exp_do_unexport(exp); 1069 cache_flush(); 1070 } else 1071 err = 0; 1072 finish: 1073 kfree(new.ex_pathname); 1074 if (exp) 1075 exp_put(exp); 1076 if (fsid_key && !IS_ERR(fsid_key)) 1077 cache_put(&fsid_key->h, &svc_expkey_cache); 1078 path_put(&path); 1079 out_put_clp: 1080 auth_domain_put(clp); 1081 out_unlock: 1082 exp_writeunlock(); 1083 out: 1084 return err; 1085 } 1086 1087 /* 1088 * Unexport a file system. The export entry has already 1089 * been removed from the client's list of exported fs's. 1090 */ 1091 static void 1092 exp_do_unexport(svc_export *unexp) 1093 { 1094 unexp->h.expiry_time = get_seconds()-1; 1095 svc_export_cache.nextcheck = get_seconds(); 1096 exp_unhash(unexp); 1097 exp_fsid_unhash(unexp); 1098 } 1099 1100 1101 /* 1102 * unexport syscall. 1103 */ 1104 int 1105 exp_unexport(struct nfsctl_export *nxp) 1106 { 1107 struct auth_domain *dom; 1108 svc_export *exp; 1109 struct path path; 1110 int err; 1111 1112 /* Consistency check */ 1113 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) || 1114 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX)) 1115 return -EINVAL; 1116 1117 exp_writelock(); 1118 1119 err = -EINVAL; 1120 dom = auth_domain_find(nxp->ex_client); 1121 if (!dom) { 1122 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client); 1123 goto out_unlock; 1124 } 1125 1126 err = kern_path(nxp->ex_path, 0, &path); 1127 if (err) 1128 goto out_domain; 1129 1130 err = -EINVAL; 1131 exp = exp_get_by_name(dom, &path, NULL); 1132 path_put(&path); 1133 if (IS_ERR(exp)) 1134 goto out_domain; 1135 1136 exp_do_unexport(exp); 1137 exp_put(exp); 1138 err = 0; 1139 1140 out_domain: 1141 auth_domain_put(dom); 1142 cache_flush(); 1143 out_unlock: 1144 exp_writeunlock(); 1145 return err; 1146 } 1147 1148 /* 1149 * Obtain the root fh on behalf of a client. 1150 * This could be done in user space, but I feel that it adds some safety 1151 * since its harder to fool a kernel module than a user space program. 1152 */ 1153 int 1154 exp_rootfh(svc_client *clp, char *name, struct knfsd_fh *f, int maxsize) 1155 { 1156 struct svc_export *exp; 1157 struct path path; 1158 struct inode *inode; 1159 struct svc_fh fh; 1160 int err; 1161 1162 err = -EPERM; 1163 /* NB: we probably ought to check that it's NUL-terminated */ 1164 if (kern_path(name, 0, &path)) { 1165 printk("nfsd: exp_rootfh path not found %s", name); 1166 return err; 1167 } 1168 inode = path.dentry->d_inode; 1169 1170 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n", 1171 name, path.dentry, clp->name, 1172 inode->i_sb->s_id, inode->i_ino); 1173 exp = exp_parent(clp, &path); 1174 if (IS_ERR(exp)) { 1175 err = PTR_ERR(exp); 1176 goto out; 1177 } 1178 1179 /* 1180 * fh must be initialized before calling fh_compose 1181 */ 1182 fh_init(&fh, maxsize); 1183 if (fh_compose(&fh, exp, path.dentry, NULL)) 1184 err = -EINVAL; 1185 else 1186 err = 0; 1187 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh)); 1188 fh_put(&fh); 1189 exp_put(exp); 1190 out: 1191 path_put(&path); 1192 return err; 1193 } 1194 1195 static struct svc_export *exp_find(struct auth_domain *clp, int fsid_type, 1196 u32 *fsidv, struct cache_req *reqp) 1197 { 1198 struct svc_export *exp; 1199 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp); 1200 if (IS_ERR(ek)) 1201 return ERR_CAST(ek); 1202 1203 exp = exp_get_by_name(clp, &ek->ek_path, reqp); 1204 cache_put(&ek->h, &svc_expkey_cache); 1205 1206 if (IS_ERR(exp)) 1207 return ERR_CAST(exp); 1208 return exp; 1209 } 1210 1211 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp) 1212 { 1213 struct exp_flavor_info *f; 1214 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; 1215 1216 /* legacy gss-only clients are always OK: */ 1217 if (exp->ex_client == rqstp->rq_gssclient) 1218 return 0; 1219 /* ip-address based client; check sec= export option: */ 1220 for (f = exp->ex_flavors; f < end; f++) { 1221 if (f->pseudoflavor == rqstp->rq_flavor) 1222 return 0; 1223 } 1224 /* defaults in absence of sec= options: */ 1225 if (exp->ex_nflavors == 0) { 1226 if (rqstp->rq_flavor == RPC_AUTH_NULL || 1227 rqstp->rq_flavor == RPC_AUTH_UNIX) 1228 return 0; 1229 } 1230 return nfserr_wrongsec; 1231 } 1232 1233 /* 1234 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an 1235 * auth_unix client) if it's available and has secinfo information; 1236 * otherwise, will try to use rq_gssclient. 1237 * 1238 * Called from functions that handle requests; functions that do work on 1239 * behalf of mountd are passed a single client name to use, and should 1240 * use exp_get_by_name() or exp_find(). 1241 */ 1242 struct svc_export * 1243 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct path *path) 1244 { 1245 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); 1246 1247 if (rqstp->rq_client == NULL) 1248 goto gss; 1249 1250 /* First try the auth_unix client: */ 1251 exp = exp_get_by_name(rqstp->rq_client, path, &rqstp->rq_chandle); 1252 if (PTR_ERR(exp) == -ENOENT) 1253 goto gss; 1254 if (IS_ERR(exp)) 1255 return exp; 1256 /* If it has secinfo, assume there are no gss/... clients */ 1257 if (exp->ex_nflavors > 0) 1258 return exp; 1259 gss: 1260 /* Otherwise, try falling back on gss client */ 1261 if (rqstp->rq_gssclient == NULL) 1262 return exp; 1263 gssexp = exp_get_by_name(rqstp->rq_gssclient, path, &rqstp->rq_chandle); 1264 if (PTR_ERR(gssexp) == -ENOENT) 1265 return exp; 1266 if (!IS_ERR(exp)) 1267 exp_put(exp); 1268 return gssexp; 1269 } 1270 1271 struct svc_export * 1272 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv) 1273 { 1274 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT); 1275 1276 if (rqstp->rq_client == NULL) 1277 goto gss; 1278 1279 /* First try the auth_unix client: */ 1280 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle); 1281 if (PTR_ERR(exp) == -ENOENT) 1282 goto gss; 1283 if (IS_ERR(exp)) 1284 return exp; 1285 /* If it has secinfo, assume there are no gss/... clients */ 1286 if (exp->ex_nflavors > 0) 1287 return exp; 1288 gss: 1289 /* Otherwise, try falling back on gss client */ 1290 if (rqstp->rq_gssclient == NULL) 1291 return exp; 1292 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv, 1293 &rqstp->rq_chandle); 1294 if (PTR_ERR(gssexp) == -ENOENT) 1295 return exp; 1296 if (!IS_ERR(exp)) 1297 exp_put(exp); 1298 return gssexp; 1299 } 1300 1301 struct svc_export * 1302 rqst_exp_parent(struct svc_rqst *rqstp, struct path *path) 1303 { 1304 struct dentry *saved = dget(path->dentry); 1305 struct svc_export *exp = rqst_exp_get_by_name(rqstp, path); 1306 1307 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(path->dentry)) { 1308 struct dentry *parent = dget_parent(path->dentry); 1309 dput(path->dentry); 1310 path->dentry = parent; 1311 exp = rqst_exp_get_by_name(rqstp, path); 1312 } 1313 dput(path->dentry); 1314 path->dentry = saved; 1315 return exp; 1316 } 1317 1318 /* 1319 * Called when we need the filehandle for the root of the pseudofs, 1320 * for a given NFSv4 client. The root is defined to be the 1321 * export point with fsid==0 1322 */ 1323 __be32 1324 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp) 1325 { 1326 struct svc_export *exp; 1327 __be32 rv; 1328 u32 fsidv[2]; 1329 1330 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL); 1331 1332 exp = rqst_exp_find(rqstp, FSID_NUM, fsidv); 1333 if (IS_ERR(exp)) 1334 return nfserrno(PTR_ERR(exp)); 1335 rv = fh_compose(fhp, exp, exp->ex_path.dentry, NULL); 1336 if (rv) 1337 goto out; 1338 rv = check_nfsd_access(exp, rqstp); 1339 out: 1340 exp_put(exp); 1341 return rv; 1342 } 1343 1344 /* Iterator */ 1345 1346 static void *e_start(struct seq_file *m, loff_t *pos) 1347 __acquires(svc_export_cache.hash_lock) 1348 { 1349 loff_t n = *pos; 1350 unsigned hash, export; 1351 struct cache_head *ch; 1352 1353 exp_readlock(); 1354 read_lock(&svc_export_cache.hash_lock); 1355 if (!n--) 1356 return SEQ_START_TOKEN; 1357 hash = n >> 32; 1358 export = n & ((1LL<<32) - 1); 1359 1360 1361 for (ch=export_table[hash]; ch; ch=ch->next) 1362 if (!export--) 1363 return ch; 1364 n &= ~((1LL<<32) - 1); 1365 do { 1366 hash++; 1367 n += 1LL<<32; 1368 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL); 1369 if (hash >= EXPORT_HASHMAX) 1370 return NULL; 1371 *pos = n+1; 1372 return export_table[hash]; 1373 } 1374 1375 static void *e_next(struct seq_file *m, void *p, loff_t *pos) 1376 { 1377 struct cache_head *ch = p; 1378 int hash = (*pos >> 32); 1379 1380 if (p == SEQ_START_TOKEN) 1381 hash = 0; 1382 else if (ch->next == NULL) { 1383 hash++; 1384 *pos += 1LL<<32; 1385 } else { 1386 ++*pos; 1387 return ch->next; 1388 } 1389 *pos &= ~((1LL<<32) - 1); 1390 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) { 1391 hash++; 1392 *pos += 1LL<<32; 1393 } 1394 if (hash >= EXPORT_HASHMAX) 1395 return NULL; 1396 ++*pos; 1397 return export_table[hash]; 1398 } 1399 1400 static void e_stop(struct seq_file *m, void *p) 1401 __releases(svc_export_cache.hash_lock) 1402 { 1403 read_unlock(&svc_export_cache.hash_lock); 1404 exp_readunlock(); 1405 } 1406 1407 static struct flags { 1408 int flag; 1409 char *name[2]; 1410 } expflags[] = { 1411 { NFSEXP_READONLY, {"ro", "rw"}}, 1412 { NFSEXP_INSECURE_PORT, {"insecure", ""}}, 1413 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}}, 1414 { NFSEXP_ALLSQUASH, {"all_squash", ""}}, 1415 { NFSEXP_ASYNC, {"async", "sync"}}, 1416 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}}, 1417 { NFSEXP_NOHIDE, {"nohide", ""}}, 1418 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}}, 1419 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}}, 1420 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}}, 1421 #ifdef MSNFS 1422 { NFSEXP_MSNFS, {"msnfs", ""}}, 1423 #endif 1424 { 0, {"", ""}} 1425 }; 1426 1427 static void show_expflags(struct seq_file *m, int flags, int mask) 1428 { 1429 struct flags *flg; 1430 int state, first = 0; 1431 1432 for (flg = expflags; flg->flag; flg++) { 1433 if (flg->flag & ~mask) 1434 continue; 1435 state = (flg->flag & flags) ? 0 : 1; 1436 if (*flg->name[state]) 1437 seq_printf(m, "%s%s", first++?",":"", flg->name[state]); 1438 } 1439 } 1440 1441 static void show_secinfo_flags(struct seq_file *m, int flags) 1442 { 1443 seq_printf(m, ","); 1444 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS); 1445 } 1446 1447 static void show_secinfo(struct seq_file *m, struct svc_export *exp) 1448 { 1449 struct exp_flavor_info *f; 1450 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors; 1451 int lastflags = 0, first = 0; 1452 1453 if (exp->ex_nflavors == 0) 1454 return; 1455 for (f = exp->ex_flavors; f < end; f++) { 1456 if (first || f->flags != lastflags) { 1457 if (!first) 1458 show_secinfo_flags(m, lastflags); 1459 seq_printf(m, ",sec=%d", f->pseudoflavor); 1460 lastflags = f->flags; 1461 } else { 1462 seq_printf(m, ":%d", f->pseudoflavor); 1463 } 1464 } 1465 show_secinfo_flags(m, lastflags); 1466 } 1467 1468 static void exp_flags(struct seq_file *m, int flag, int fsid, 1469 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc) 1470 { 1471 show_expflags(m, flag, NFSEXP_ALLFLAGS); 1472 if (flag & NFSEXP_FSID) 1473 seq_printf(m, ",fsid=%d", fsid); 1474 if (anonu != (uid_t)-2 && anonu != (0x10000-2)) 1475 seq_printf(m, ",anonuid=%u", anonu); 1476 if (anong != (gid_t)-2 && anong != (0x10000-2)) 1477 seq_printf(m, ",anongid=%u", anong); 1478 if (fsloc && fsloc->locations_count > 0) { 1479 char *loctype = (fsloc->migrated) ? "refer" : "replicas"; 1480 int i; 1481 1482 seq_printf(m, ",%s=", loctype); 1483 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\"); 1484 seq_putc(m, '@'); 1485 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\"); 1486 for (i = 1; i < fsloc->locations_count; i++) { 1487 seq_putc(m, ';'); 1488 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\"); 1489 seq_putc(m, '@'); 1490 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\"); 1491 } 1492 } 1493 } 1494 1495 static int e_show(struct seq_file *m, void *p) 1496 { 1497 struct cache_head *cp = p; 1498 struct svc_export *exp = container_of(cp, struct svc_export, h); 1499 1500 if (p == SEQ_START_TOKEN) { 1501 seq_puts(m, "# Version 1.1\n"); 1502 seq_puts(m, "# Path Client(Flags) # IPs\n"); 1503 return 0; 1504 } 1505 1506 cache_get(&exp->h); 1507 if (cache_check(&svc_export_cache, &exp->h, NULL)) 1508 return 0; 1509 cache_put(&exp->h, &svc_export_cache); 1510 return svc_export_show(m, &svc_export_cache, cp); 1511 } 1512 1513 struct seq_operations nfs_exports_op = { 1514 .start = e_start, 1515 .next = e_next, 1516 .stop = e_stop, 1517 .show = e_show, 1518 }; 1519 1520 /* 1521 * Add or modify a client. 1522 * Change requests may involve the list of host addresses. The list of 1523 * exports and possibly existing uid maps are left untouched. 1524 */ 1525 int 1526 exp_addclient(struct nfsctl_client *ncp) 1527 { 1528 struct auth_domain *dom; 1529 int i, err; 1530 struct in6_addr addr6; 1531 1532 /* First, consistency check. */ 1533 err = -EINVAL; 1534 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) 1535 goto out; 1536 if (ncp->cl_naddr > NFSCLNT_ADDRMAX) 1537 goto out; 1538 1539 /* Lock the hashtable */ 1540 exp_writelock(); 1541 1542 dom = unix_domain_find(ncp->cl_ident); 1543 1544 err = -ENOMEM; 1545 if (!dom) 1546 goto out_unlock; 1547 1548 /* Insert client into hashtable. */ 1549 for (i = 0; i < ncp->cl_naddr; i++) { 1550 ipv6_addr_set_v4mapped(ncp->cl_addrlist[i].s_addr, &addr6); 1551 auth_unix_add_addr(&addr6, dom); 1552 } 1553 auth_unix_forget_old(dom); 1554 auth_domain_put(dom); 1555 1556 err = 0; 1557 1558 out_unlock: 1559 exp_writeunlock(); 1560 out: 1561 return err; 1562 } 1563 1564 /* 1565 * Delete a client given an identifier. 1566 */ 1567 int 1568 exp_delclient(struct nfsctl_client *ncp) 1569 { 1570 int err; 1571 struct auth_domain *dom; 1572 1573 err = -EINVAL; 1574 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX)) 1575 goto out; 1576 1577 /* Lock the hashtable */ 1578 exp_writelock(); 1579 1580 dom = auth_domain_find(ncp->cl_ident); 1581 /* just make sure that no addresses work 1582 * and that it will expire soon 1583 */ 1584 if (dom) { 1585 err = auth_unix_forget_old(dom); 1586 auth_domain_put(dom); 1587 } 1588 1589 exp_writeunlock(); 1590 out: 1591 return err; 1592 } 1593 1594 /* 1595 * Verify that string is non-empty and does not exceed max length. 1596 */ 1597 static int 1598 exp_verify_string(char *cp, int max) 1599 { 1600 int i; 1601 1602 for (i = 0; i < max; i++) 1603 if (!cp[i]) 1604 return i; 1605 cp[i] = 0; 1606 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp); 1607 return 0; 1608 } 1609 1610 /* 1611 * Initialize the exports module. 1612 */ 1613 int 1614 nfsd_export_init(void) 1615 { 1616 int rv; 1617 dprintk("nfsd: initializing export module.\n"); 1618 1619 rv = cache_register(&svc_export_cache); 1620 if (rv) 1621 return rv; 1622 rv = cache_register(&svc_expkey_cache); 1623 if (rv) 1624 cache_unregister(&svc_export_cache); 1625 return rv; 1626 1627 } 1628 1629 /* 1630 * Flush exports table - called when last nfsd thread is killed 1631 */ 1632 void 1633 nfsd_export_flush(void) 1634 { 1635 exp_writelock(); 1636 cache_purge(&svc_expkey_cache); 1637 cache_purge(&svc_export_cache); 1638 exp_writeunlock(); 1639 } 1640 1641 /* 1642 * Shutdown the exports module. 1643 */ 1644 void 1645 nfsd_export_shutdown(void) 1646 { 1647 1648 dprintk("nfsd: shutting down export module.\n"); 1649 1650 exp_writelock(); 1651 1652 cache_unregister(&svc_expkey_cache); 1653 cache_unregister(&svc_export_cache); 1654 svcauth_unix_purge(); 1655 1656 exp_writeunlock(); 1657 dprintk("nfsd: export shutdown complete.\n"); 1658 } 1659