1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Copyright (c) 1983,1984,1985,1986,1987,1988,1989 AT&T. 28 * All Rights Reserved 29 */ 30 31 #pragma ident "%Z%%M% %I% %E% SMI" 32 33 #include <sys/param.h> 34 #include <sys/types.h> 35 #include <sys/systm.h> 36 #include <sys/cred.h> 37 #include <sys/buf.h> 38 #include <sys/vfs.h> 39 #include <sys/vfs_opreg.h> 40 #include <sys/vnode.h> 41 #include <sys/uio.h> 42 #include <sys/errno.h> 43 #include <sys/sysmacros.h> 44 #include <sys/statvfs.h> 45 #include <sys/kmem.h> 46 #include <sys/dirent.h> 47 #include <sys/cmn_err.h> 48 #include <sys/debug.h> 49 #include <sys/systeminfo.h> 50 #include <sys/flock.h> 51 #include <sys/pathname.h> 52 #include <sys/nbmlock.h> 53 #include <sys/share.h> 54 #include <sys/atomic.h> 55 #include <sys/policy.h> 56 #include <sys/fem.h> 57 #include <sys/sdt.h> 58 #include <sys/ddi.h> 59 60 #include <rpc/types.h> 61 #include <rpc/auth.h> 62 #include <rpc/rpcsec_gss.h> 63 #include <rpc/svc.h> 64 65 #include <nfs/nfs.h> 66 #include <nfs/export.h> 67 #include <nfs/lm.h> 68 #include <nfs/nfs4.h> 69 70 #include <sys/strsubr.h> 71 #include <sys/strsun.h> 72 73 #include <inet/common.h> 74 #include <inet/ip.h> 75 #include <inet/ip6.h> 76 77 #include <sys/tsol/label.h> 78 #include <sys/tsol/tndb.h> 79 80 #define RFS4_MAXLOCK_TRIES 4 /* Try to get the lock this many times */ 81 static int rfs4_maxlock_tries = RFS4_MAXLOCK_TRIES; 82 #define RFS4_LOCK_DELAY 10 /* Milliseconds */ 83 static clock_t rfs4_lock_delay = RFS4_LOCK_DELAY; 84 85 /* End of Tunables */ 86 87 /* 88 * Used to bump the stateid4.seqid value and show changes in the stateid 89 */ 90 #define next_stateid(sp) (++(sp)->bits.chgseq) 91 92 /* 93 * RFS4_MINLEN_ENTRY4: XDR-encoded size of smallest possible dirent. 94 * This is used to return NFS4ERR_TOOSMALL when clients specify 95 * maxcount that isn't large enough to hold the smallest possible 96 * XDR encoded dirent. 97 * 98 * sizeof cookie (8 bytes) + 99 * sizeof name_len (4 bytes) + 100 * sizeof smallest (padded) name (4 bytes) + 101 * sizeof bitmap4_len (12 bytes) + NOTE: we always encode len=2 bm4 102 * sizeof attrlist4_len (4 bytes) + 103 * sizeof next boolean (4 bytes) 104 * 105 * RFS4_MINLEN_RDDIR4: XDR-encoded size of READDIR op reply containing 106 * the smallest possible entry4 (assumes no attrs requested). 107 * sizeof nfsstat4 (4 bytes) + 108 * sizeof verifier4 (8 bytes) + 109 * sizeof entry4list bool (4 bytes) + 110 * sizeof entry4 (36 bytes) + 111 * sizeof eof bool (4 bytes) 112 * 113 * RFS4_MINLEN_RDDIR_BUF: minimum length of buffer server will provide to 114 * VOP_READDIR. Its value is the size of the maximum possible dirent 115 * for solaris. The DIRENT64_RECLEN macro returns the size of dirent 116 * required for a given name length. MAXNAMELEN is the maximum 117 * filename length allowed in Solaris. The first two DIRENT64_RECLEN() 118 * macros are to allow for . and .. entries -- just a minor tweak to try 119 * and guarantee that buffer we give to VOP_READDIR will be large enough 120 * to hold ., .., and the largest possible solaris dirent64. 121 */ 122 #define RFS4_MINLEN_ENTRY4 36 123 #define RFS4_MINLEN_RDDIR4 (4 + NFS4_VERIFIER_SIZE + 4 + RFS4_MINLEN_ENTRY4 + 4) 124 #define RFS4_MINLEN_RDDIR_BUF \ 125 (DIRENT64_RECLEN(1) + DIRENT64_RECLEN(2) + DIRENT64_RECLEN(MAXNAMELEN)) 126 127 /* 128 * It would be better to pad to 4 bytes since that's what XDR would do, 129 * but the dirents UFS gives us are already padded to 8, so just take 130 * what we're given. Dircount is only a hint anyway. Currently the 131 * solaris kernel is ASCII only, so there's no point in calling the 132 * UTF8 functions. 133 * 134 * dirent64: named padded to provide 8 byte struct alignment 135 * d_ino(8) + d_off(8) + d_reclen(2) + d_name(namelen + null(1) + pad) 136 * 137 * cookie: uint64_t + utf8namelen: uint_t + utf8name padded to 8 bytes 138 * 139 */ 140 #define DIRENT64_TO_DIRCOUNT(dp) \ 141 (3 * BYTES_PER_XDR_UNIT + DIRENT64_NAMELEN((dp)->d_reclen)) 142 143 time_t rfs4_start_time; /* Initialized in rfs4_srvrinit */ 144 145 static sysid_t lockt_sysid; /* dummy sysid for all LOCKT calls */ 146 147 u_longlong_t nfs4_srv_caller_id; 148 149 verifier4 Write4verf; 150 verifier4 Readdir4verf; 151 152 void rfs4_init_compound_state(struct compound_state *); 153 154 static void nullfree(caddr_t); 155 static void rfs4_op_inval(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 156 struct compound_state *); 157 static void rfs4_op_access(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 158 struct compound_state *); 159 static void rfs4_op_close(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 160 struct compound_state *); 161 static void rfs4_op_commit(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 162 struct compound_state *); 163 static void rfs4_op_create(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 164 struct compound_state *); 165 static void rfs4_op_create_free(nfs_resop4 *resop); 166 static void rfs4_op_delegreturn(nfs_argop4 *, nfs_resop4 *, 167 struct svc_req *, struct compound_state *); 168 static void rfs4_op_getattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 169 struct compound_state *); 170 static void rfs4_op_getattr_free(nfs_resop4 *); 171 static void rfs4_op_getfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 172 struct compound_state *); 173 static void rfs4_op_getfh_free(nfs_resop4 *); 174 static void rfs4_op_illegal(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 175 struct compound_state *); 176 static void rfs4_op_link(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 177 struct compound_state *); 178 static void rfs4_op_lock(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 179 struct compound_state *); 180 static void lock_denied_free(nfs_resop4 *); 181 static void rfs4_op_locku(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 182 struct compound_state *); 183 static void rfs4_op_lockt(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 184 struct compound_state *); 185 static void rfs4_op_lookup(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 186 struct compound_state *); 187 static void rfs4_op_lookupp(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 188 struct compound_state *); 189 static void rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop, 190 struct svc_req *req, struct compound_state *cs); 191 static void rfs4_op_nverify(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 192 struct compound_state *); 193 static void rfs4_op_open(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 194 struct compound_state *); 195 static void rfs4_op_open_confirm(nfs_argop4 *, nfs_resop4 *, 196 struct svc_req *, struct compound_state *); 197 static void rfs4_op_open_downgrade(nfs_argop4 *, nfs_resop4 *, 198 struct svc_req *, struct compound_state *); 199 static void rfs4_op_putfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 200 struct compound_state *); 201 static void rfs4_op_putpubfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 202 struct compound_state *); 203 static void rfs4_op_putrootfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 204 struct compound_state *); 205 static void rfs4_op_read(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 206 struct compound_state *); 207 static void rfs4_op_read_free(nfs_resop4 *); 208 static void rfs4_op_readdir_free(nfs_resop4 *resop); 209 static void rfs4_op_readlink(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 210 struct compound_state *); 211 static void rfs4_op_readlink_free(nfs_resop4 *); 212 static void rfs4_op_release_lockowner(nfs_argop4 *, nfs_resop4 *, 213 struct svc_req *, struct compound_state *); 214 static void rfs4_op_remove(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 215 struct compound_state *); 216 static void rfs4_op_rename(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 217 struct compound_state *); 218 static void rfs4_op_renew(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 219 struct compound_state *); 220 static void rfs4_op_restorefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 221 struct compound_state *); 222 static void rfs4_op_savefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 223 struct compound_state *); 224 static void rfs4_op_setattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 225 struct compound_state *); 226 static void rfs4_op_verify(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 227 struct compound_state *); 228 static void rfs4_op_write(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 229 struct compound_state *); 230 static void rfs4_op_setclientid(nfs_argop4 *, nfs_resop4 *, 231 struct svc_req *, struct compound_state *); 232 static void rfs4_op_setclientid_confirm(nfs_argop4 *, nfs_resop4 *, 233 struct svc_req *req, struct compound_state *); 234 static void rfs4_op_secinfo(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 235 struct compound_state *); 236 static void rfs4_op_secinfo_free(nfs_resop4 *); 237 238 static nfsstat4 check_open_access(uint32_t, 239 struct compound_state *, struct svc_req *); 240 nfsstat4 rfs4_client_sysid(rfs4_client_t *, sysid_t *); 241 static int vop_shrlock(vnode_t *, int, struct shrlock *, int); 242 static int rfs4_shrlock(rfs4_state_t *, int); 243 static int rfs4_share(rfs4_state_t *); 244 void rfs4_ss_clid(rfs4_client_t *, struct svc_req *); 245 246 /* 247 * translation table for attrs 248 */ 249 struct nfs4_ntov_table { 250 union nfs4_attr_u *na; 251 uint8_t amap[NFS4_MAXNUM_ATTRS]; 252 int attrcnt; 253 bool_t vfsstat; 254 }; 255 256 static void nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp); 257 static void nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp, 258 struct nfs4_svgetit_arg *sargp); 259 260 static nfsstat4 do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp, 261 struct compound_state *cs, struct nfs4_svgetit_arg *sargp, 262 struct nfs4_ntov_table *ntovp, nfs4_attr_cmd_t cmd); 263 264 fem_t *deleg_rdops; 265 fem_t *deleg_wrops; 266 267 rfs4_servinst_t *rfs4_cur_servinst = NULL; /* current server instance */ 268 kmutex_t rfs4_servinst_lock; /* protects linked list */ 269 int rfs4_seen_first_compound; /* set first time we see one */ 270 271 /* 272 * NFS4 op dispatch table 273 */ 274 275 struct rfsv4disp { 276 void (*dis_proc)(); /* proc to call */ 277 void (*dis_resfree)(); /* frees space allocated by proc */ 278 int dis_flags; /* RPC_IDEMPOTENT, etc... */ 279 }; 280 281 static struct rfsv4disp rfsv4disptab[] = { 282 /* 283 * NFS VERSION 4 284 */ 285 286 /* RFS_NULL = 0 */ 287 {rfs4_op_illegal, nullfree, 0}, 288 289 /* UNUSED = 1 */ 290 {rfs4_op_illegal, nullfree, 0}, 291 292 /* UNUSED = 2 */ 293 {rfs4_op_illegal, nullfree, 0}, 294 295 /* OP_ACCESS = 3 */ 296 {rfs4_op_access, nullfree, RPC_IDEMPOTENT}, 297 298 /* OP_CLOSE = 4 */ 299 {rfs4_op_close, nullfree, 0}, 300 301 /* OP_COMMIT = 5 */ 302 {rfs4_op_commit, nullfree, RPC_IDEMPOTENT}, 303 304 /* OP_CREATE = 6 */ 305 {rfs4_op_create, nullfree, 0}, 306 307 /* OP_DELEGPURGE = 7 */ 308 {rfs4_op_inval, nullfree, 0}, 309 310 /* OP_DELEGRETURN = 8 */ 311 {rfs4_op_delegreturn, nullfree, 0}, 312 313 /* OP_GETATTR = 9 */ 314 {rfs4_op_getattr, rfs4_op_getattr_free, RPC_IDEMPOTENT}, 315 316 /* OP_GETFH = 10 */ 317 {rfs4_op_getfh, rfs4_op_getfh_free, RPC_ALL}, 318 319 /* OP_LINK = 11 */ 320 {rfs4_op_link, nullfree, 0}, 321 322 /* OP_LOCK = 12 */ 323 {rfs4_op_lock, lock_denied_free, 0}, 324 325 /* OP_LOCKT = 13 */ 326 {rfs4_op_lockt, lock_denied_free, 0}, 327 328 /* OP_LOCKU = 14 */ 329 {rfs4_op_locku, nullfree, 0}, 330 331 /* OP_LOOKUP = 15 */ 332 {rfs4_op_lookup, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)}, 333 334 /* OP_LOOKUPP = 16 */ 335 {rfs4_op_lookupp, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)}, 336 337 /* OP_NVERIFY = 17 */ 338 {rfs4_op_nverify, nullfree, RPC_IDEMPOTENT}, 339 340 /* OP_OPEN = 18 */ 341 {rfs4_op_open, rfs4_free_reply, 0}, 342 343 /* OP_OPENATTR = 19 */ 344 {rfs4_op_openattr, nullfree, 0}, 345 346 /* OP_OPEN_CONFIRM = 20 */ 347 {rfs4_op_open_confirm, nullfree, 0}, 348 349 /* OP_OPEN_DOWNGRADE = 21 */ 350 {rfs4_op_open_downgrade, nullfree, 0}, 351 352 /* OP_OPEN_PUTFH = 22 */ 353 {rfs4_op_putfh, nullfree, RPC_ALL}, 354 355 /* OP_PUTPUBFH = 23 */ 356 {rfs4_op_putpubfh, nullfree, RPC_ALL}, 357 358 /* OP_PUTROOTFH = 24 */ 359 {rfs4_op_putrootfh, nullfree, RPC_ALL}, 360 361 /* OP_READ = 25 */ 362 {rfs4_op_read, rfs4_op_read_free, RPC_IDEMPOTENT}, 363 364 /* OP_READDIR = 26 */ 365 {rfs4_op_readdir, rfs4_op_readdir_free, RPC_IDEMPOTENT}, 366 367 /* OP_READLINK = 27 */ 368 {rfs4_op_readlink, rfs4_op_readlink_free, RPC_IDEMPOTENT}, 369 370 /* OP_REMOVE = 28 */ 371 {rfs4_op_remove, nullfree, 0}, 372 373 /* OP_RENAME = 29 */ 374 {rfs4_op_rename, nullfree, 0}, 375 376 /* OP_RENEW = 30 */ 377 {rfs4_op_renew, nullfree, 0}, 378 379 /* OP_RESTOREFH = 31 */ 380 {rfs4_op_restorefh, nullfree, RPC_ALL}, 381 382 /* OP_SAVEFH = 32 */ 383 {rfs4_op_savefh, nullfree, RPC_ALL}, 384 385 /* OP_SECINFO = 33 */ 386 {rfs4_op_secinfo, rfs4_op_secinfo_free, 0}, 387 388 /* OP_SETATTR = 34 */ 389 {rfs4_op_setattr, nullfree, 0}, 390 391 /* OP_SETCLIENTID = 35 */ 392 {rfs4_op_setclientid, nullfree, 0}, 393 394 /* OP_SETCLIENTID_CONFIRM = 36 */ 395 {rfs4_op_setclientid_confirm, nullfree, 0}, 396 397 /* OP_VERIFY = 37 */ 398 {rfs4_op_verify, nullfree, RPC_IDEMPOTENT}, 399 400 /* OP_WRITE = 38 */ 401 {rfs4_op_write, nullfree, 0}, 402 403 /* OP_RELEASE_LOCKOWNER = 39 */ 404 {rfs4_op_release_lockowner, nullfree, 0}, 405 }; 406 407 static uint_t rfsv4disp_cnt = sizeof (rfsv4disptab) / sizeof (rfsv4disptab[0]); 408 409 #define OP_ILLEGAL_IDX (rfsv4disp_cnt) 410 411 #ifdef DEBUG 412 413 int rfs4_fillone_debug = 0; 414 int rfs4_shrlock_debug = 0; 415 int rfs4_no_stub_access = 1; 416 int rfs4_rddir_debug = 0; 417 418 static char *rfs4_op_string[] = { 419 "rfs4_op_null", 420 "rfs4_op_1 unused", 421 "rfs4_op_2 unused", 422 "rfs4_op_access", 423 "rfs4_op_close", 424 "rfs4_op_commit", 425 "rfs4_op_create", 426 "rfs4_op_delegpurge", 427 "rfs4_op_delegreturn", 428 "rfs4_op_getattr", 429 "rfs4_op_getfh", 430 "rfs4_op_link", 431 "rfs4_op_lock", 432 "rfs4_op_lockt", 433 "rfs4_op_locku", 434 "rfs4_op_lookup", 435 "rfs4_op_lookupp", 436 "rfs4_op_nverify", 437 "rfs4_op_open", 438 "rfs4_op_openattr", 439 "rfs4_op_open_confirm", 440 "rfs4_op_open_downgrade", 441 "rfs4_op_putfh", 442 "rfs4_op_putpubfh", 443 "rfs4_op_putrootfh", 444 "rfs4_op_read", 445 "rfs4_op_readdir", 446 "rfs4_op_readlink", 447 "rfs4_op_remove", 448 "rfs4_op_rename", 449 "rfs4_op_renew", 450 "rfs4_op_restorefh", 451 "rfs4_op_savefh", 452 "rfs4_op_secinfo", 453 "rfs4_op_setattr", 454 "rfs4_op_setclientid", 455 "rfs4_op_setclient_confirm", 456 "rfs4_op_verify", 457 "rfs4_op_write", 458 "rfs4_op_release_lockowner", 459 "rfs4_op_illegal" 460 }; 461 #endif 462 463 void rfs4_ss_chkclid(rfs4_client_t *); 464 465 extern size_t strlcpy(char *dst, const char *src, size_t dstsize); 466 467 #ifdef nextdp 468 #undef nextdp 469 #endif 470 #define nextdp(dp) ((struct dirent64 *)((char *)(dp) + (dp)->d_reclen)) 471 472 static const fs_operation_def_t nfs4_rd_deleg_tmpl[] = { 473 VOPNAME_OPEN, { .femop_open = deleg_rdopen }, 474 VOPNAME_WRITE, { .femop_write = deleg_write }, 475 VOPNAME_SETATTR, { .femop_setattr = deleg_setattr }, 476 VOPNAME_RWLOCK, { .femop_rwlock = deleg_rd_rwlock }, 477 VOPNAME_SPACE, { .femop_space = deleg_space }, 478 VOPNAME_SETSECATTR, { .femop_setsecattr = deleg_setsecattr }, 479 VOPNAME_VNEVENT, { .femop_vnevent = deleg_vnevent }, 480 NULL, NULL 481 }; 482 static const fs_operation_def_t nfs4_wr_deleg_tmpl[] = { 483 VOPNAME_OPEN, { .femop_open = deleg_wropen }, 484 VOPNAME_READ, { .femop_read = deleg_read }, 485 VOPNAME_WRITE, { .femop_write = deleg_write }, 486 VOPNAME_SETATTR, { .femop_setattr = deleg_setattr }, 487 VOPNAME_RWLOCK, { .femop_rwlock = deleg_wr_rwlock }, 488 VOPNAME_SPACE, { .femop_space = deleg_space }, 489 VOPNAME_SETSECATTR, { .femop_setsecattr = deleg_setsecattr }, 490 VOPNAME_VNEVENT, { .femop_vnevent = deleg_vnevent }, 491 NULL, NULL 492 }; 493 494 int 495 rfs4_srvrinit(void) 496 { 497 timespec32_t verf; 498 int error; 499 extern void rfs4_attr_init(); 500 extern krwlock_t rfs4_deleg_policy_lock; 501 502 /* 503 * The following algorithm attempts to find a unique verifier 504 * to be used as the write verifier returned from the server 505 * to the client. It is important that this verifier change 506 * whenever the server reboots. Of secondary importance, it 507 * is important for the verifier to be unique between two 508 * different servers. 509 * 510 * Thus, an attempt is made to use the system hostid and the 511 * current time in seconds when the nfssrv kernel module is 512 * loaded. It is assumed that an NFS server will not be able 513 * to boot and then to reboot in less than a second. If the 514 * hostid has not been set, then the current high resolution 515 * time is used. This will ensure different verifiers each 516 * time the server reboots and minimize the chances that two 517 * different servers will have the same verifier. 518 * XXX - this is broken on LP64 kernels. 519 */ 520 verf.tv_sec = (time_t)nfs_atoi(hw_serial); 521 if (verf.tv_sec != 0) { 522 verf.tv_nsec = gethrestime_sec(); 523 } else { 524 timespec_t tverf; 525 526 gethrestime(&tverf); 527 verf.tv_sec = (time_t)tverf.tv_sec; 528 verf.tv_nsec = tverf.tv_nsec; 529 } 530 531 Write4verf = *(uint64_t *)&verf; 532 533 rfs4_attr_init(); 534 mutex_init(&rfs4_deleg_lock, NULL, MUTEX_DEFAULT, NULL); 535 536 /* Used to manage create/destroy of server state */ 537 mutex_init(&rfs4_state_lock, NULL, MUTEX_DEFAULT, NULL); 538 539 /* Used to manage access to server instance linked list */ 540 mutex_init(&rfs4_servinst_lock, NULL, MUTEX_DEFAULT, NULL); 541 542 /* Used to manage access to rfs4_deleg_policy */ 543 rw_init(&rfs4_deleg_policy_lock, NULL, RW_DEFAULT, NULL); 544 545 error = fem_create("deleg_rdops", nfs4_rd_deleg_tmpl, &deleg_rdops); 546 if (error != 0) { 547 rfs4_disable_delegation(); 548 } else { 549 error = fem_create("deleg_wrops", nfs4_wr_deleg_tmpl, 550 &deleg_wrops); 551 if (error != 0) { 552 rfs4_disable_delegation(); 553 fem_free(deleg_rdops); 554 } 555 } 556 557 nfs4_srv_caller_id = fs_new_caller_id(); 558 559 lockt_sysid = lm_alloc_sysidt(); 560 561 return (0); 562 } 563 564 void 565 rfs4_srvrfini(void) 566 { 567 extern krwlock_t rfs4_deleg_policy_lock; 568 569 if (lockt_sysid != LM_NOSYSID) { 570 lm_free_sysidt(lockt_sysid); 571 lockt_sysid = LM_NOSYSID; 572 } 573 574 mutex_destroy(&rfs4_deleg_lock); 575 mutex_destroy(&rfs4_state_lock); 576 rw_destroy(&rfs4_deleg_policy_lock); 577 578 fem_free(deleg_rdops); 579 fem_free(deleg_wrops); 580 } 581 582 void 583 rfs4_init_compound_state(struct compound_state *cs) 584 { 585 bzero(cs, sizeof (*cs)); 586 cs->cont = TRUE; 587 cs->access = CS_ACCESS_DENIED; 588 cs->deleg = FALSE; 589 cs->mandlock = FALSE; 590 cs->fh.nfs_fh4_val = cs->fhbuf; 591 } 592 593 void 594 rfs4_grace_start(rfs4_servinst_t *sip) 595 { 596 time_t now = gethrestime_sec(); 597 598 rw_enter(&sip->rwlock, RW_WRITER); 599 sip->start_time = now; 600 sip->grace_period = rfs4_grace_period; 601 rw_exit(&sip->rwlock); 602 } 603 604 /* 605 * returns true if the instance's grace period has never been started 606 */ 607 int 608 rfs4_servinst_grace_new(rfs4_servinst_t *sip) 609 { 610 time_t start_time; 611 612 rw_enter(&sip->rwlock, RW_READER); 613 start_time = sip->start_time; 614 rw_exit(&sip->rwlock); 615 616 return (start_time == 0); 617 } 618 619 /* 620 * Indicates if server instance is within the 621 * grace period. 622 */ 623 int 624 rfs4_servinst_in_grace(rfs4_servinst_t *sip) 625 { 626 time_t grace_expiry; 627 628 rw_enter(&sip->rwlock, RW_READER); 629 grace_expiry = sip->start_time + sip->grace_period; 630 rw_exit(&sip->rwlock); 631 632 return (gethrestime_sec() < grace_expiry); 633 } 634 635 int 636 rfs4_clnt_in_grace(rfs4_client_t *cp) 637 { 638 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 639 640 return (rfs4_servinst_in_grace(cp->server_instance)); 641 } 642 643 /* 644 * reset all currently active grace periods 645 */ 646 void 647 rfs4_grace_reset_all(void) 648 { 649 rfs4_servinst_t *sip; 650 651 mutex_enter(&rfs4_servinst_lock); 652 for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) 653 if (rfs4_servinst_in_grace(sip)) 654 rfs4_grace_start(sip); 655 mutex_exit(&rfs4_servinst_lock); 656 } 657 658 /* 659 * start any new instances' grace periods 660 */ 661 void 662 rfs4_grace_start_new(void) 663 { 664 rfs4_servinst_t *sip; 665 666 mutex_enter(&rfs4_servinst_lock); 667 for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) 668 if (rfs4_servinst_grace_new(sip)) 669 rfs4_grace_start(sip); 670 mutex_exit(&rfs4_servinst_lock); 671 } 672 673 static rfs4_dss_path_t * 674 rfs4_dss_newpath(rfs4_servinst_t *sip, char *path, unsigned index) 675 { 676 size_t len; 677 rfs4_dss_path_t *dss_path; 678 679 dss_path = kmem_alloc(sizeof (rfs4_dss_path_t), KM_SLEEP); 680 681 /* 682 * Take a copy of the string, since the original may be overwritten. 683 * Sadly, no strdup() in the kernel. 684 */ 685 /* allow for NUL */ 686 len = strlen(path) + 1; 687 dss_path->path = kmem_alloc(len, KM_SLEEP); 688 (void) strlcpy(dss_path->path, path, len); 689 690 /* associate with servinst */ 691 dss_path->sip = sip; 692 dss_path->index = index; 693 694 /* 695 * Add to list of served paths. 696 * No locking required, as we're only ever called at startup. 697 */ 698 if (rfs4_dss_pathlist == NULL) { 699 /* this is the first dss_path_t */ 700 701 /* needed for insque/remque */ 702 dss_path->next = dss_path->prev = dss_path; 703 704 rfs4_dss_pathlist = dss_path; 705 } else { 706 insque(dss_path, rfs4_dss_pathlist); 707 } 708 709 return (dss_path); 710 } 711 712 /* 713 * Create a new server instance, and make it the currently active instance. 714 * Note that starting the grace period too early will reduce the clients' 715 * recovery window. 716 */ 717 void 718 rfs4_servinst_create(int start_grace, int dss_npaths, char **dss_paths) 719 { 720 unsigned i; 721 rfs4_servinst_t *sip; 722 rfs4_oldstate_t *oldstate; 723 724 sip = kmem_alloc(sizeof (rfs4_servinst_t), KM_SLEEP); 725 rw_init(&sip->rwlock, NULL, RW_DEFAULT, NULL); 726 727 sip->start_time = (time_t)0; 728 sip->grace_period = (time_t)0; 729 sip->next = NULL; 730 sip->prev = NULL; 731 732 rw_init(&sip->oldstate_lock, NULL, RW_DEFAULT, NULL); 733 /* 734 * This initial dummy entry is required to setup for insque/remque. 735 * It must be skipped over whenever the list is traversed. 736 */ 737 oldstate = kmem_alloc(sizeof (rfs4_oldstate_t), KM_SLEEP); 738 /* insque/remque require initial list entry to be self-terminated */ 739 oldstate->next = oldstate; 740 oldstate->prev = oldstate; 741 sip->oldstate = oldstate; 742 743 744 sip->dss_npaths = dss_npaths; 745 sip->dss_paths = kmem_alloc(dss_npaths * 746 sizeof (rfs4_dss_path_t *), KM_SLEEP); 747 748 for (i = 0; i < dss_npaths; i++) { 749 sip->dss_paths[i] = rfs4_dss_newpath(sip, dss_paths[i], i); 750 } 751 752 mutex_enter(&rfs4_servinst_lock); 753 if (rfs4_cur_servinst != NULL) { 754 /* add to linked list */ 755 sip->prev = rfs4_cur_servinst; 756 rfs4_cur_servinst->next = sip; 757 } 758 if (start_grace) 759 rfs4_grace_start(sip); 760 /* make the new instance "current" */ 761 rfs4_cur_servinst = sip; 762 763 mutex_exit(&rfs4_servinst_lock); 764 } 765 766 /* 767 * In future, we might add a rfs4_servinst_destroy(sip) but, for now, destroy 768 * all instances directly. 769 */ 770 void 771 rfs4_servinst_destroy_all(void) 772 { 773 rfs4_servinst_t *sip, *prev, *current; 774 #ifdef DEBUG 775 int n = 0; 776 #endif 777 778 mutex_enter(&rfs4_servinst_lock); 779 ASSERT(rfs4_cur_servinst != NULL); 780 current = rfs4_cur_servinst; 781 rfs4_cur_servinst = NULL; 782 for (sip = current; sip != NULL; sip = prev) { 783 prev = sip->prev; 784 rw_destroy(&sip->rwlock); 785 if (sip->oldstate) 786 kmem_free(sip->oldstate, sizeof (rfs4_oldstate_t)); 787 if (sip->dss_paths) 788 kmem_free(sip->dss_paths, 789 sip->dss_npaths * sizeof (rfs4_dss_path_t *)); 790 kmem_free(sip, sizeof (rfs4_servinst_t)); 791 #ifdef DEBUG 792 n++; 793 #endif 794 } 795 mutex_exit(&rfs4_servinst_lock); 796 } 797 798 /* 799 * Assign the current server instance to a client_t. 800 * Should be called with cp->dbe held. 801 */ 802 void 803 rfs4_servinst_assign(rfs4_client_t *cp, rfs4_servinst_t *sip) 804 { 805 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 806 807 /* 808 * The lock ensures that if the current instance is in the process 809 * of changing, we will see the new one. 810 */ 811 mutex_enter(&rfs4_servinst_lock); 812 cp->server_instance = sip; 813 mutex_exit(&rfs4_servinst_lock); 814 } 815 816 rfs4_servinst_t * 817 rfs4_servinst(rfs4_client_t *cp) 818 { 819 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 820 821 return (cp->server_instance); 822 } 823 824 /* ARGSUSED */ 825 static void 826 nullfree(caddr_t resop) 827 { 828 } 829 830 /* 831 * This is a fall-through for invalid or not implemented (yet) ops 832 */ 833 /* ARGSUSED */ 834 static void 835 rfs4_op_inval(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 836 struct compound_state *cs) 837 { 838 *cs->statusp = *((nfsstat4 *)&(resop)->nfs_resop4_u) = NFS4ERR_INVAL; 839 } 840 841 /* 842 * Check if the security flavor, nfsnum, is in the flavor_list. 843 */ 844 bool_t 845 in_flavor_list(int nfsnum, int *flavor_list, int count) 846 { 847 int i; 848 849 for (i = 0; i < count; i++) { 850 if (nfsnum == flavor_list[i]) 851 return (TRUE); 852 } 853 return (FALSE); 854 } 855 856 /* 857 * Used by rfs4_op_secinfo to get the security information from the 858 * export structure associated with the component. 859 */ 860 /* ARGSUSED */ 861 static nfsstat4 862 do_rfs4_op_secinfo(struct compound_state *cs, char *nm, SECINFO4res *resp) 863 { 864 int error, different_export = 0; 865 vnode_t *dvp, *vp, *tvp; 866 struct exportinfo *exi = NULL; 867 fid_t fid; 868 uint_t count, i; 869 secinfo4 *resok_val; 870 struct secinfo *secp; 871 bool_t did_traverse; 872 int dotdot, walk; 873 874 dvp = cs->vp; 875 dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0'); 876 877 /* 878 * If dotdotting, then need to check whether it's above the 879 * root of a filesystem, or above an export point. 880 */ 881 if (dotdot) { 882 883 /* 884 * If dotdotting at the root of a filesystem, then 885 * need to traverse back to the mounted-on filesystem 886 * and do the dotdot lookup there. 887 */ 888 if (cs->vp->v_flag & VROOT) { 889 890 /* 891 * If at the system root, then can 892 * go up no further. 893 */ 894 if (VN_CMP(dvp, rootdir)) 895 return (puterrno4(ENOENT)); 896 897 /* 898 * Traverse back to the mounted-on filesystem 899 */ 900 dvp = untraverse(cs->vp); 901 902 /* 903 * Set the different_export flag so we remember 904 * to pick up a new exportinfo entry for 905 * this new filesystem. 906 */ 907 different_export = 1; 908 } else { 909 910 /* 911 * If dotdotting above an export point then set 912 * the different_export to get new export info. 913 */ 914 different_export = nfs_exported(cs->exi, cs->vp); 915 } 916 } 917 918 /* 919 * Get the vnode for the component "nm". 920 */ 921 error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cs->cr); 922 if (error) 923 return (puterrno4(error)); 924 925 /* 926 * If the vnode is in a pseudo filesystem, or if the security flavor 927 * used in the request is valid but not an explicitly shared flavor, 928 * or the access bit indicates that this is a limited access, 929 * check whether this vnode is visible. 930 */ 931 if (!different_export && 932 (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) || 933 cs->access & CS_ACCESS_LIMITED)) { 934 if (! nfs_visible(cs->exi, vp, &different_export)) { 935 VN_RELE(vp); 936 return (puterrno4(ENOENT)); 937 } 938 } 939 940 /* 941 * If it's a mountpoint, then traverse it. 942 */ 943 if (vn_ismntpt(vp)) { 944 tvp = vp; 945 if ((error = traverse(&tvp)) != 0) { 946 VN_RELE(vp); 947 return (puterrno4(error)); 948 } 949 /* remember that we had to traverse mountpoint */ 950 did_traverse = TRUE; 951 vp = tvp; 952 different_export = 1; 953 } else if (vp->v_vfsp != dvp->v_vfsp) { 954 /* 955 * If vp isn't a mountpoint and the vfs ptrs aren't the same, 956 * then vp is probably an LOFS object. We don't need the 957 * realvp, we just need to know that we might have crossed 958 * a server fs boundary and need to call checkexport4. 959 * (LOFS lookup hides server fs mountpoints, and actually calls 960 * traverse) 961 */ 962 different_export = 1; 963 did_traverse = FALSE; 964 } 965 966 /* 967 * Get the export information for it. 968 */ 969 if (different_export) { 970 971 bzero(&fid, sizeof (fid)); 972 fid.fid_len = MAXFIDSZ; 973 error = vop_fid_pseudo(vp, &fid); 974 if (error) { 975 VN_RELE(vp); 976 return (puterrno4(error)); 977 } 978 979 if (dotdot) 980 exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE); 981 else 982 exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp); 983 984 if (exi == NULL) { 985 if (did_traverse == TRUE) { 986 /* 987 * If this vnode is a mounted-on vnode, 988 * but the mounted-on file system is not 989 * exported, send back the secinfo for 990 * the exported node that the mounted-on 991 * vnode lives in. 992 */ 993 exi = cs->exi; 994 } else { 995 VN_RELE(vp); 996 return (puterrno4(EACCES)); 997 } 998 } 999 } else { 1000 exi = cs->exi; 1001 } 1002 ASSERT(exi != NULL); 1003 1004 1005 /* 1006 * Create the secinfo result based on the security information 1007 * from the exportinfo structure (exi). 1008 * 1009 * Return all flavors for a pseudo node. 1010 * For a real export node, return the flavor that the client 1011 * has access with. 1012 */ 1013 ASSERT(RW_LOCK_HELD(&exported_lock)); 1014 if (PSEUDO(exi)) { 1015 count = exi->exi_export.ex_seccnt; /* total sec count */ 1016 resok_val = kmem_alloc(count * sizeof (secinfo4), KM_SLEEP); 1017 secp = exi->exi_export.ex_secinfo; 1018 1019 for (i = 0; i < count; i++) { 1020 resok_val[i].flavor = secp[i].s_secinfo.sc_rpcnum; 1021 if (resok_val[i].flavor == RPCSEC_GSS) { 1022 rpcsec_gss_info *info; 1023 1024 info = &resok_val[i].flavor_info; 1025 info->qop = secp[i].s_secinfo.sc_qop; 1026 info->service = 1027 (rpc_gss_svc_t)secp[i].s_secinfo.sc_service; 1028 1029 /* get oid opaque data */ 1030 info->oid.sec_oid4_len = 1031 secp[i].s_secinfo.sc_gss_mech_type->length; 1032 info->oid.sec_oid4_val = 1033 kmem_alloc( 1034 secp[i].s_secinfo.sc_gss_mech_type->length, 1035 KM_SLEEP); 1036 bcopy(secp[i].s_secinfo.sc_gss_mech_type->elements, 1037 info->oid.sec_oid4_val, info->oid.sec_oid4_len); 1038 } 1039 } 1040 resp->SECINFO4resok_len = count; 1041 resp->SECINFO4resok_val = resok_val; 1042 } else { 1043 int ret_cnt = 0, k = 0; 1044 int *flavor_list; 1045 1046 count = exi->exi_export.ex_seccnt; /* total sec count */ 1047 secp = exi->exi_export.ex_secinfo; 1048 1049 flavor_list = kmem_alloc(count * sizeof (int), KM_SLEEP); 1050 /* find out which flavors to return */ 1051 for (i = 0; i < count; i ++) { 1052 int access, flavor, perm; 1053 1054 flavor = secp[i].s_secinfo.sc_nfsnum; 1055 perm = secp[i].s_flags; 1056 1057 access = nfsauth4_secinfo_access(exi, cs->req, 1058 flavor, perm); 1059 1060 if (! (access & NFSAUTH_DENIED) && 1061 ! (access & NFSAUTH_WRONGSEC)) { 1062 flavor_list[ret_cnt] = flavor; 1063 ret_cnt++; 1064 } 1065 } 1066 1067 /* Create the returning SECINFO value */ 1068 resok_val = kmem_alloc(ret_cnt * sizeof (secinfo4), KM_SLEEP); 1069 1070 for (i = 0; i < count; i++) { 1071 /* If the flavor is in the flavor list, fill in resok_val. */ 1072 if (in_flavor_list(secp[i].s_secinfo.sc_nfsnum, 1073 flavor_list, ret_cnt)) { 1074 resok_val[k].flavor = secp[i].s_secinfo.sc_rpcnum; 1075 if (resok_val[k].flavor == RPCSEC_GSS) { 1076 rpcsec_gss_info *info; 1077 1078 info = &resok_val[k].flavor_info; 1079 info->qop = secp[i].s_secinfo.sc_qop; 1080 info->service = 1081 (rpc_gss_svc_t)secp[i].s_secinfo.sc_service; 1082 1083 /* get oid opaque data */ 1084 info->oid.sec_oid4_len = 1085 secp[i].s_secinfo.sc_gss_mech_type->length; 1086 info->oid.sec_oid4_val = 1087 kmem_alloc( 1088 secp[i].s_secinfo.sc_gss_mech_type->length, 1089 KM_SLEEP); 1090 bcopy(secp[i].s_secinfo.sc_gss_mech_type->elements, 1091 info->oid.sec_oid4_val, info->oid.sec_oid4_len); 1092 } 1093 k++; 1094 } 1095 if (k >= ret_cnt) 1096 break; 1097 } 1098 resp->SECINFO4resok_len = ret_cnt; 1099 resp->SECINFO4resok_val = resok_val; 1100 kmem_free(flavor_list, count * sizeof (int)); 1101 } 1102 1103 VN_RELE(vp); 1104 return (NFS4_OK); 1105 } 1106 1107 /* 1108 * SECINFO (Operation 33): Obtain required security information on 1109 * the component name in the format of (security-mechanism-oid, qop, service) 1110 * triplets. 1111 */ 1112 /* ARGSUSED */ 1113 static void 1114 rfs4_op_secinfo(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1115 struct compound_state *cs) 1116 { 1117 SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo; 1118 utf8string *utfnm = &argop->nfs_argop4_u.opsecinfo.name; 1119 uint_t len; 1120 char *nm; 1121 1122 /* 1123 * Current file handle (cfh) should have been set before getting 1124 * into this function. If not, return error. 1125 */ 1126 if (cs->vp == NULL) { 1127 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1128 return; 1129 } 1130 1131 if (cs->vp->v_type != VDIR) { 1132 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 1133 return; 1134 } 1135 1136 /* 1137 * Verify the component name. If failed, error out, but 1138 * do not error out if the component name is a "..". 1139 * SECINFO will return its parents secinfo data for SECINFO "..". 1140 */ 1141 if (!utf8_dir_verify(utfnm)) { 1142 if (utfnm->utf8string_len != 2 || 1143 utfnm->utf8string_val[0] != '.' || 1144 utfnm->utf8string_val[1] != '.') { 1145 *cs->statusp = resp->status = NFS4ERR_INVAL; 1146 return; 1147 } 1148 } 1149 1150 nm = utf8_to_str(utfnm, &len, NULL); 1151 if (nm == NULL) { 1152 *cs->statusp = resp->status = NFS4ERR_INVAL; 1153 return; 1154 } 1155 1156 if (len > MAXNAMELEN) { 1157 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1158 kmem_free(nm, len); 1159 return; 1160 } 1161 1162 *cs->statusp = resp->status = do_rfs4_op_secinfo(cs, nm, resp); 1163 1164 kmem_free(nm, len); 1165 } 1166 1167 /* 1168 * Free SECINFO result. 1169 */ 1170 /* ARGSUSED */ 1171 static void 1172 rfs4_op_secinfo_free(nfs_resop4 *resop) 1173 { 1174 SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo; 1175 int count, i; 1176 secinfo4 *resok_val; 1177 1178 /* If this is not an Ok result, nothing to free. */ 1179 if (resp->status != NFS4_OK) { 1180 return; 1181 } 1182 1183 count = resp->SECINFO4resok_len; 1184 resok_val = resp->SECINFO4resok_val; 1185 1186 for (i = 0; i < count; i++) { 1187 if (resok_val[i].flavor == RPCSEC_GSS) { 1188 rpcsec_gss_info *info; 1189 1190 info = &resok_val[i].flavor_info; 1191 kmem_free(info->oid.sec_oid4_val, info->oid.sec_oid4_len); 1192 } 1193 } 1194 kmem_free(resok_val, count * sizeof (secinfo4)); 1195 resp->SECINFO4resok_len = 0; 1196 resp->SECINFO4resok_val = NULL; 1197 } 1198 1199 /* ARGSUSED */ 1200 static void 1201 rfs4_op_access(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1202 struct compound_state *cs) 1203 { 1204 ACCESS4args *args = &argop->nfs_argop4_u.opaccess; 1205 ACCESS4res *resp = &resop->nfs_resop4_u.opaccess; 1206 int error; 1207 vnode_t *vp; 1208 struct vattr va; 1209 int checkwriteperm; 1210 cred_t *cr = cs->cr; 1211 bslabel_t *clabel, *slabel; 1212 ts_label_t *tslabel; 1213 boolean_t admin_low_client; 1214 1215 #if 0 /* XXX allow access even if !cs->access. Eventually only pseudo fs */ 1216 if (cs->access == CS_ACCESS_DENIED) { 1217 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1218 return; 1219 } 1220 #endif 1221 if (cs->vp == NULL) { 1222 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1223 return; 1224 } 1225 1226 ASSERT(cr != NULL); 1227 1228 vp = cs->vp; 1229 1230 /* 1231 * If the file system is exported read only, it is not appropriate 1232 * to check write permissions for regular files and directories. 1233 * Special files are interpreted by the client, so the underlying 1234 * permissions are sent back to the client for interpretation. 1235 */ 1236 if (rdonly4(cs->exi, cs->vp, req) && 1237 (vp->v_type == VREG || vp->v_type == VDIR)) 1238 checkwriteperm = 0; 1239 else 1240 checkwriteperm = 1; 1241 1242 /* 1243 * XXX 1244 * We need the mode so that we can correctly determine access 1245 * permissions relative to a mandatory lock file. Access to 1246 * mandatory lock files is denied on the server, so it might 1247 * as well be reflected to the server during the open. 1248 */ 1249 va.va_mask = AT_MODE; 1250 error = VOP_GETATTR(vp, &va, 0, cr); 1251 if (error) { 1252 *cs->statusp = resp->status = puterrno4(error); 1253 return; 1254 } 1255 resp->access = 0; 1256 resp->supported = 0; 1257 1258 if (is_system_labeled()) { 1259 ASSERT(req->rq_label != NULL); 1260 clabel = req->rq_label; 1261 DTRACE_PROBE2(tx__rfs4__log__info__opaccess__clabel, char *, 1262 "got client label from request(1)", 1263 struct svc_req *, req); 1264 if (!blequal(&l_admin_low->tsl_label, clabel)) { 1265 if ((tslabel = nfs_getflabel(vp)) == NULL) { 1266 *cs->statusp = resp->status = puterrno4(EACCES); 1267 return; 1268 } 1269 slabel = label2bslabel(tslabel); 1270 DTRACE_PROBE3(tx__rfs4__log__info__opaccess__slabel, 1271 char *, "got server label(1) for vp(2)", 1272 bslabel_t *, slabel, vnode_t *, vp); 1273 1274 admin_low_client = B_FALSE; 1275 } else 1276 admin_low_client = B_TRUE; 1277 } 1278 1279 if (args->access & ACCESS4_READ) { 1280 error = VOP_ACCESS(vp, VREAD, 0, cr); 1281 if (!error && !MANDLOCK(vp, va.va_mode) && 1282 (!is_system_labeled() || admin_low_client || 1283 bldominates(clabel, slabel))) 1284 resp->access |= ACCESS4_READ; 1285 resp->supported |= ACCESS4_READ; 1286 } 1287 if ((args->access & ACCESS4_LOOKUP) && vp->v_type == VDIR) { 1288 error = VOP_ACCESS(vp, VEXEC, 0, cr); 1289 if (!error && (!is_system_labeled() || admin_low_client || 1290 bldominates(clabel, slabel))) 1291 resp->access |= ACCESS4_LOOKUP; 1292 resp->supported |= ACCESS4_LOOKUP; 1293 } 1294 if (checkwriteperm && 1295 (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND))) { 1296 error = VOP_ACCESS(vp, VWRITE, 0, cr); 1297 if (!error && !MANDLOCK(vp, va.va_mode) && 1298 (!is_system_labeled() || admin_low_client || 1299 blequal(clabel, slabel))) 1300 resp->access |= 1301 (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND)); 1302 resp->supported |= (ACCESS4_MODIFY|ACCESS4_EXTEND); 1303 } 1304 1305 if (checkwriteperm && 1306 (args->access & ACCESS4_DELETE) && vp->v_type == VDIR) { 1307 error = VOP_ACCESS(vp, VWRITE, 0, cr); 1308 if (!error && (!is_system_labeled() || admin_low_client || 1309 blequal(clabel, slabel))) 1310 resp->access |= ACCESS4_DELETE; 1311 resp->supported |= ACCESS4_DELETE; 1312 } 1313 if (args->access & ACCESS4_EXECUTE && vp->v_type != VDIR) { 1314 error = VOP_ACCESS(vp, VEXEC, 0, cr); 1315 if (!error && !MANDLOCK(vp, va.va_mode) && 1316 (!is_system_labeled() || admin_low_client || 1317 bldominates(clabel, slabel))) 1318 resp->access |= ACCESS4_EXECUTE; 1319 resp->supported |= ACCESS4_EXECUTE; 1320 } 1321 1322 if (is_system_labeled() && !admin_low_client) 1323 label_rele(tslabel); 1324 1325 *cs->statusp = resp->status = NFS4_OK; 1326 } 1327 1328 /* ARGSUSED */ 1329 static void 1330 rfs4_op_commit(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1331 struct compound_state *cs) 1332 { 1333 COMMIT4args *args = &argop->nfs_argop4_u.opcommit; 1334 COMMIT4res *resp = &resop->nfs_resop4_u.opcommit; 1335 int error; 1336 vnode_t *vp = cs->vp; 1337 cred_t *cr = cs->cr; 1338 vattr_t va; 1339 1340 if (vp == NULL) { 1341 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1342 return; 1343 } 1344 if (cs->access == CS_ACCESS_DENIED) { 1345 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1346 return; 1347 } 1348 1349 if (args->offset + args->count < args->offset) { 1350 *cs->statusp = resp->status = NFS4ERR_INVAL; 1351 return; 1352 } 1353 1354 va.va_mask = AT_UID; 1355 error = VOP_GETATTR(vp, &va, 0, cr); 1356 1357 /* 1358 * If we can't get the attributes, then we can't do the 1359 * right access checking. So, we'll fail the request. 1360 */ 1361 if (error) { 1362 *cs->statusp = resp->status = puterrno4(error); 1363 return; 1364 } 1365 if (rdonly4(cs->exi, cs->vp, req)) { 1366 *cs->statusp = resp->status = NFS4ERR_ROFS; 1367 return; 1368 } 1369 1370 if (vp->v_type != VREG) { 1371 if (vp->v_type == VDIR) 1372 resp->status = NFS4ERR_ISDIR; 1373 else 1374 resp->status = NFS4ERR_INVAL; 1375 *cs->statusp = resp->status; 1376 return; 1377 } 1378 1379 if (crgetuid(cr) != va.va_uid && 1380 (error = VOP_ACCESS(vp, VWRITE, 0, cs->cr))) { 1381 *cs->statusp = resp->status = puterrno4(error); 1382 return; 1383 } 1384 1385 error = VOP_PUTPAGE(vp, args->offset, args->count, 0, cr); 1386 if (!error) 1387 error = VOP_FSYNC(vp, FNODSYNC, cr); 1388 1389 if (error) { 1390 *cs->statusp = resp->status = puterrno4(error); 1391 return; 1392 } 1393 1394 *cs->statusp = resp->status = NFS4_OK; 1395 resp->writeverf = Write4verf; 1396 } 1397 1398 /* 1399 * rfs4_op_mknod is called from rfs4_op_create after all initial verification 1400 * was completed. It does the nfsv4 create for special files. 1401 */ 1402 /* ARGSUSED */ 1403 static vnode_t * 1404 do_rfs4_op_mknod(CREATE4args *args, CREATE4res *resp, struct svc_req *req, 1405 struct compound_state *cs, vattr_t *vap, char *nm) 1406 { 1407 int error; 1408 cred_t *cr = cs->cr; 1409 vnode_t *dvp = cs->vp; 1410 vnode_t *vp = NULL; 1411 int mode; 1412 enum vcexcl excl; 1413 1414 switch (args->type) { 1415 case NF4CHR: 1416 case NF4BLK: 1417 if (secpolicy_sys_devices(cr) != 0) { 1418 *cs->statusp = resp->status = NFS4ERR_PERM; 1419 return (NULL); 1420 } 1421 if (args->type == NF4CHR) 1422 vap->va_type = VCHR; 1423 else 1424 vap->va_type = VBLK; 1425 vap->va_rdev = makedevice(args->ftype4_u.devdata.specdata1, 1426 args->ftype4_u.devdata.specdata2); 1427 vap->va_mask |= AT_RDEV; 1428 break; 1429 case NF4SOCK: 1430 vap->va_type = VSOCK; 1431 break; 1432 case NF4FIFO: 1433 vap->va_type = VFIFO; 1434 break; 1435 default: 1436 *cs->statusp = resp->status = NFS4ERR_BADTYPE; 1437 return (NULL); 1438 } 1439 1440 /* 1441 * Must specify the mode. 1442 */ 1443 if (!(vap->va_mask & AT_MODE)) { 1444 *cs->statusp = resp->status = NFS4ERR_INVAL; 1445 return (NULL); 1446 } 1447 1448 excl = EXCL; 1449 1450 mode = 0; 1451 1452 error = VOP_CREATE(dvp, nm, vap, excl, mode, &vp, cr, 0); 1453 if (error) { 1454 *cs->statusp = resp->status = puterrno4(error); 1455 return (NULL); 1456 } 1457 return (vp); 1458 } 1459 1460 /* 1461 * nfsv4 create is used to create non-regular files. For regular files, 1462 * use nfsv4 open. 1463 */ 1464 /* ARGSUSED */ 1465 static void 1466 rfs4_op_create(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1467 struct compound_state *cs) 1468 { 1469 CREATE4args *args = &argop->nfs_argop4_u.opcreate; 1470 CREATE4res *resp = &resop->nfs_resop4_u.opcreate; 1471 int error; 1472 struct vattr bva, iva, iva2, ava, *vap; 1473 cred_t *cr = cs->cr; 1474 vnode_t *dvp = cs->vp; 1475 vnode_t *vp = NULL; 1476 char *nm, *lnm; 1477 uint_t len, llen; 1478 int syncval = 0; 1479 struct nfs4_svgetit_arg sarg; 1480 struct nfs4_ntov_table ntov; 1481 struct statvfs64 sb; 1482 nfsstat4 status; 1483 1484 resp->attrset = 0; 1485 1486 if (dvp == NULL) { 1487 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1488 return; 1489 } 1490 1491 /* 1492 * If there is an unshared filesystem mounted on this vnode, 1493 * do not allow to create an object in this directory. 1494 */ 1495 if (vn_ismntpt(dvp)) { 1496 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1497 return; 1498 } 1499 1500 /* Verify that type is correct */ 1501 switch (args->type) { 1502 case NF4LNK: 1503 case NF4BLK: 1504 case NF4CHR: 1505 case NF4SOCK: 1506 case NF4FIFO: 1507 case NF4DIR: 1508 break; 1509 default: 1510 *cs->statusp = resp->status = NFS4ERR_BADTYPE; 1511 return; 1512 }; 1513 1514 if (cs->access == CS_ACCESS_DENIED) { 1515 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1516 return; 1517 } 1518 if (dvp->v_type != VDIR) { 1519 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 1520 return; 1521 } 1522 if (!utf8_dir_verify(&args->objname)) { 1523 *cs->statusp = resp->status = NFS4ERR_INVAL; 1524 return; 1525 } 1526 1527 if (rdonly4(cs->exi, cs->vp, req)) { 1528 *cs->statusp = resp->status = NFS4ERR_ROFS; 1529 return; 1530 } 1531 1532 /* 1533 * Name of newly created object 1534 */ 1535 nm = utf8_to_fn(&args->objname, &len, NULL); 1536 if (nm == NULL) { 1537 *cs->statusp = resp->status = NFS4ERR_INVAL; 1538 return; 1539 } 1540 1541 if (len > MAXNAMELEN) { 1542 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1543 kmem_free(nm, len); 1544 return; 1545 } 1546 1547 resp->attrset = 0; 1548 1549 sarg.sbp = &sb; 1550 nfs4_ntov_table_init(&ntov); 1551 1552 status = do_rfs4_set_attrs(&resp->attrset, 1553 &args->createattrs, cs, &sarg, 1554 &ntov, NFS4ATTR_SETIT); 1555 1556 if (sarg.vap->va_mask == 0 && status == NFS4_OK) 1557 status = NFS4ERR_INVAL; 1558 1559 if (status != NFS4_OK) { 1560 *cs->statusp = resp->status = status; 1561 kmem_free(nm, len); 1562 nfs4_ntov_table_free(&ntov, &sarg); 1563 resp->attrset = 0; 1564 return; 1565 } 1566 1567 /* Get "before" change value */ 1568 bva.va_mask = AT_CTIME|AT_SEQ; 1569 error = VOP_GETATTR(dvp, &bva, 0, cr); 1570 if (error) { 1571 *cs->statusp = resp->status = puterrno4(error); 1572 kmem_free(nm, len); 1573 nfs4_ntov_table_free(&ntov, &sarg); 1574 resp->attrset = 0; 1575 return; 1576 } 1577 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bva.va_ctime) 1578 1579 vap = sarg.vap; 1580 1581 /* 1582 * Set default initial values for attributes when not specified 1583 * in createattrs. 1584 */ 1585 if ((vap->va_mask & AT_UID) == 0) { 1586 vap->va_uid = crgetuid(cr); 1587 vap->va_mask |= AT_UID; 1588 } 1589 if ((vap->va_mask & AT_GID) == 0) { 1590 vap->va_gid = crgetgid(cr); 1591 vap->va_mask |= AT_GID; 1592 } 1593 1594 vap->va_mask |= AT_TYPE; 1595 switch (args->type) { 1596 case NF4DIR: 1597 vap->va_type = VDIR; 1598 if ((vap->va_mask & AT_MODE) == 0) { 1599 vap->va_mode = 0700; /* default: owner rwx only */ 1600 vap->va_mask |= AT_MODE; 1601 } 1602 error = VOP_MKDIR(dvp, nm, vap, &vp, cr); 1603 if (error) 1604 break; 1605 1606 /* 1607 * Get the initial "after" sequence number, if it fails, 1608 * set to zero 1609 */ 1610 iva.va_mask = AT_SEQ; 1611 if (VOP_GETATTR(dvp, &iva, 0, cs->cr)) 1612 iva.va_seq = 0; 1613 break; 1614 case NF4LNK: 1615 vap->va_type = VLNK; 1616 if ((vap->va_mask & AT_MODE) == 0) { 1617 vap->va_mode = 0700; /* default: owner rwx only */ 1618 vap->va_mask |= AT_MODE; 1619 } 1620 1621 /* 1622 * symlink names must be treated as data 1623 */ 1624 lnm = utf8_to_str(&args->ftype4_u.linkdata, &llen, NULL); 1625 1626 if (lnm == NULL) { 1627 *cs->statusp = resp->status = NFS4ERR_INVAL; 1628 kmem_free(nm, len); 1629 nfs4_ntov_table_free(&ntov, &sarg); 1630 resp->attrset = 0; 1631 return; 1632 } 1633 1634 if (llen > MAXPATHLEN) { 1635 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1636 kmem_free(nm, len); 1637 kmem_free(lnm, llen); 1638 nfs4_ntov_table_free(&ntov, &sarg); 1639 resp->attrset = 0; 1640 return; 1641 } 1642 1643 error = VOP_SYMLINK(dvp, nm, vap, lnm, cr); 1644 if (lnm != NULL) 1645 kmem_free(lnm, llen); 1646 if (error) 1647 break; 1648 1649 /* 1650 * Get the initial "after" sequence number, if it fails, 1651 * set to zero 1652 */ 1653 iva.va_mask = AT_SEQ; 1654 if (VOP_GETATTR(dvp, &iva, 0, cs->cr)) 1655 iva.va_seq = 0; 1656 1657 error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr); 1658 if (error) 1659 break; 1660 1661 /* 1662 * va_seq is not safe over VOP calls, check it again 1663 * if it has changed zero out iva to force atomic = FALSE. 1664 */ 1665 iva2.va_mask = AT_SEQ; 1666 if (VOP_GETATTR(dvp, &iva2, 0, cs->cr) || 1667 iva2.va_seq != iva.va_seq) 1668 iva.va_seq = 0; 1669 break; 1670 default: 1671 /* 1672 * probably a special file. 1673 */ 1674 if ((vap->va_mask & AT_MODE) == 0) { 1675 vap->va_mode = 0600; /* default: owner rw only */ 1676 vap->va_mask |= AT_MODE; 1677 } 1678 syncval = FNODSYNC; 1679 /* 1680 * We know this will only generate one VOP call 1681 */ 1682 vp = do_rfs4_op_mknod(args, resp, req, cs, vap, nm); 1683 1684 if (vp == NULL) { 1685 kmem_free(nm, len); 1686 nfs4_ntov_table_free(&ntov, &sarg); 1687 resp->attrset = 0; 1688 return; 1689 } 1690 1691 /* 1692 * Get the initial "after" sequence number, if it fails, 1693 * set to zero 1694 */ 1695 iva.va_mask = AT_SEQ; 1696 if (VOP_GETATTR(dvp, &iva, 0, cs->cr)) 1697 iva.va_seq = 0; 1698 1699 break; 1700 } 1701 kmem_free(nm, len); 1702 1703 if (error) { 1704 *cs->statusp = resp->status = puterrno4(error); 1705 } 1706 1707 /* 1708 * Force modified data and metadata out to stable storage. 1709 */ 1710 (void) VOP_FSYNC(dvp, 0, cr); 1711 1712 if (resp->status != NFS4_OK) { 1713 if (vp != NULL) 1714 VN_RELE(vp); 1715 nfs4_ntov_table_free(&ntov, &sarg); 1716 resp->attrset = 0; 1717 return; 1718 } 1719 1720 /* 1721 * Finish setup of cinfo response, "before" value already set. 1722 * Get "after" change value, if it fails, simply return the 1723 * before value. 1724 */ 1725 ava.va_mask = AT_CTIME|AT_SEQ; 1726 if (VOP_GETATTR(dvp, &ava, 0, cr)) { 1727 ava.va_ctime = bva.va_ctime; 1728 ava.va_seq = 0; 1729 } 1730 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, ava.va_ctime); 1731 1732 /* 1733 * True verification that object was created with correct 1734 * attrs is impossible. The attrs could have been changed 1735 * immediately after object creation. If attributes did 1736 * not verify, the only recourse for the server is to 1737 * destroy the object. Maybe if some attrs (like gid) 1738 * are set incorrectly, the object should be destroyed; 1739 * however, seems bad as a default policy. Do we really 1740 * want to destroy an object over one of the times not 1741 * verifying correctly? For these reasons, the server 1742 * currently sets bits in attrset for createattrs 1743 * that were set; however, no verification is done. 1744 * 1745 * vmask_to_nmask accounts for vattr bits set on create 1746 * [do_rfs4_set_attrs() only sets resp bits for 1747 * non-vattr/vfs bits.] 1748 * Mask off any bits set by default so as not to return 1749 * more attrset bits than were requested in createattrs 1750 */ 1751 nfs4_vmask_to_nmask(sarg.vap->va_mask, &resp->attrset); 1752 resp->attrset &= args->createattrs.attrmask; 1753 nfs4_ntov_table_free(&ntov, &sarg); 1754 1755 error = makefh4(&cs->fh, vp, cs->exi); 1756 if (error) { 1757 *cs->statusp = resp->status = puterrno4(error); 1758 } 1759 1760 /* 1761 * The cinfo.atomic = TRUE only if we got no errors, we have 1762 * non-zero va_seq's, and it has incremented by exactly one 1763 * during the creation and it didn't change during the VOP_LOOKUP 1764 * or VOP_FSYNC. 1765 */ 1766 if (!error && bva.va_seq && iva.va_seq && ava.va_seq && 1767 iva.va_seq == (bva.va_seq + 1) && 1768 iva.va_seq == ava.va_seq) 1769 resp->cinfo.atomic = TRUE; 1770 else 1771 resp->cinfo.atomic = FALSE; 1772 1773 (void) VOP_FSYNC(vp, syncval, cr); 1774 1775 if (resp->status != NFS4_OK) { 1776 VN_RELE(vp); 1777 return; 1778 } 1779 if (cs->vp) 1780 VN_RELE(cs->vp); 1781 1782 cs->vp = vp; 1783 *cs->statusp = resp->status = NFS4_OK; 1784 } 1785 1786 1787 /*ARGSUSED*/ 1788 static void 1789 rfs4_op_delegreturn(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1790 struct compound_state *cs) 1791 { 1792 DELEGRETURN4args *args = &argop->nfs_argop4_u.opdelegreturn; 1793 DELEGRETURN4res *resp = &resop->nfs_resop4_u.opdelegreturn; 1794 rfs4_deleg_state_t *dsp; 1795 nfsstat4 status; 1796 1797 status = rfs4_get_deleg_state(&args->deleg_stateid, &dsp); 1798 resp->status = *cs->statusp = status; 1799 if (status != NFS4_OK) 1800 return; 1801 1802 /* Ensure specified filehandle matches */ 1803 if (cs->vp != dsp->finfo->vp) { 1804 resp->status = *cs->statusp = NFS4ERR_BAD_STATEID; 1805 } else 1806 rfs4_return_deleg(dsp, FALSE); 1807 1808 rfs4_update_lease(dsp->client); 1809 1810 rfs4_deleg_state_rele(dsp); 1811 } 1812 1813 /* 1814 * Check to see if a given "flavor" is an explicitly shared flavor. 1815 * The assumption of this routine is the "flavor" is already a valid 1816 * flavor in the secinfo list of "exi". 1817 * 1818 * e.g. 1819 * # share -o sec=flavor1 /export 1820 * # share -o sec=flavor2 /export/home 1821 * 1822 * flavor2 is not an explicitly shared flavor for /export, 1823 * however it is in the secinfo list for /export thru the 1824 * server namespace setup. 1825 */ 1826 int 1827 is_exported_sec(int flavor, struct exportinfo *exi) 1828 { 1829 int i; 1830 struct secinfo *sp; 1831 1832 sp = exi->exi_export.ex_secinfo; 1833 for (i = 0; i < exi->exi_export.ex_seccnt; i++) { 1834 if (flavor == sp[i].s_secinfo.sc_nfsnum || 1835 sp[i].s_secinfo.sc_nfsnum == AUTH_NONE) { 1836 return (SEC_REF_EXPORTED(&sp[i])); 1837 } 1838 } 1839 1840 /* Should not reach this point based on the assumption */ 1841 return (0); 1842 } 1843 1844 /* 1845 * Check if the security flavor used in the request matches what is 1846 * required at the export point or at the root pseudo node (exi_root). 1847 * 1848 * returns 1 if there's a match or if exported with AUTH_NONE; 0 otherwise. 1849 * 1850 */ 1851 static int 1852 secinfo_match_or_authnone(struct compound_state *cs) 1853 { 1854 int i; 1855 struct secinfo *sp; 1856 1857 /* 1858 * Check cs->nfsflavor (from the request) against 1859 * the current export data in cs->exi. 1860 */ 1861 sp = cs->exi->exi_export.ex_secinfo; 1862 for (i = 0; i < cs->exi->exi_export.ex_seccnt; i++) { 1863 if (cs->nfsflavor == sp[i].s_secinfo.sc_nfsnum || 1864 sp[i].s_secinfo.sc_nfsnum == AUTH_NONE) 1865 return (1); 1866 } 1867 1868 return (0); 1869 } 1870 1871 /* 1872 * Check the access authority for the client and return the correct error. 1873 */ 1874 nfsstat4 1875 call_checkauth4(struct compound_state *cs, struct svc_req *req) 1876 { 1877 int authres; 1878 1879 /* 1880 * First, check if the security flavor used in the request 1881 * are among the flavors set in the server namespace. 1882 */ 1883 if (!secinfo_match_or_authnone(cs)) { 1884 *cs->statusp = NFS4ERR_WRONGSEC; 1885 return (*cs->statusp); 1886 } 1887 1888 authres = checkauth4(cs, req); 1889 1890 if (authres > 0) { 1891 *cs->statusp = NFS4_OK; 1892 if (! (cs->access & CS_ACCESS_LIMITED)) 1893 cs->access = CS_ACCESS_OK; 1894 } else if (authres == 0) { 1895 *cs->statusp = NFS4ERR_ACCESS; 1896 } else if (authres == -2) { 1897 *cs->statusp = NFS4ERR_WRONGSEC; 1898 } else { 1899 *cs->statusp = NFS4ERR_DELAY; 1900 } 1901 return (*cs->statusp); 1902 } 1903 1904 /* 1905 * bitmap4_to_attrmask is called by getattr and readdir. 1906 * It sets up the vattr mask and determines whether vfsstat call is needed 1907 * based on the input bitmap. 1908 * Returns nfsv4 status. 1909 */ 1910 static nfsstat4 1911 bitmap4_to_attrmask(bitmap4 breq, struct nfs4_svgetit_arg *sargp) 1912 { 1913 int i; 1914 uint_t va_mask; 1915 struct statvfs64 *sbp = sargp->sbp; 1916 1917 sargp->sbp = NULL; 1918 sargp->flag = 0; 1919 sargp->rdattr_error = NFS4_OK; 1920 sargp->mntdfid_set = FALSE; 1921 if (sargp->cs->vp) 1922 sargp->xattr = get_fh4_flag(&sargp->cs->fh, 1923 FH4_ATTRDIR | FH4_NAMEDATTR); 1924 else 1925 sargp->xattr = 0; 1926 1927 /* 1928 * Set rdattr_error_req to true if return error per 1929 * failed entry rather than fail the readdir. 1930 */ 1931 if (breq & FATTR4_RDATTR_ERROR_MASK) 1932 sargp->rdattr_error_req = 1; 1933 else 1934 sargp->rdattr_error_req = 0; 1935 1936 /* 1937 * generate the va_mask 1938 * Handle the easy cases first 1939 */ 1940 switch (breq) { 1941 case NFS4_NTOV_ATTR_MASK: 1942 sargp->vap->va_mask = NFS4_NTOV_ATTR_AT_MASK; 1943 return (NFS4_OK); 1944 1945 case NFS4_FS_ATTR_MASK: 1946 sargp->vap->va_mask = NFS4_FS_ATTR_AT_MASK; 1947 sargp->sbp = sbp; 1948 return (NFS4_OK); 1949 1950 case NFS4_NTOV_ATTR_CACHE_MASK: 1951 sargp->vap->va_mask = NFS4_NTOV_ATTR_CACHE_AT_MASK; 1952 return (NFS4_OK); 1953 1954 case FATTR4_LEASE_TIME_MASK: 1955 sargp->vap->va_mask = 0; 1956 return (NFS4_OK); 1957 1958 default: 1959 va_mask = 0; 1960 for (i = 0; i < nfs4_ntov_map_size; i++) { 1961 if ((breq & nfs4_ntov_map[i].fbit) && 1962 nfs4_ntov_map[i].vbit) 1963 va_mask |= nfs4_ntov_map[i].vbit; 1964 } 1965 1966 /* 1967 * Check is vfsstat is needed 1968 */ 1969 if (breq & NFS4_FS_ATTR_MASK) 1970 sargp->sbp = sbp; 1971 1972 sargp->vap->va_mask = va_mask; 1973 return (NFS4_OK); 1974 } 1975 /* NOTREACHED */ 1976 } 1977 1978 /* 1979 * bitmap4_get_sysattrs is called by getattr and readdir. 1980 * It calls both VOP_GETATTR and VFS_STATVFS calls to get the attrs. 1981 * Returns nfsv4 status. 1982 */ 1983 static nfsstat4 1984 bitmap4_get_sysattrs(struct nfs4_svgetit_arg *sargp) 1985 { 1986 int error; 1987 struct compound_state *cs = sargp->cs; 1988 vnode_t *vp = cs->vp; 1989 1990 if (sargp->sbp != NULL) { 1991 if (error = VFS_STATVFS(vp->v_vfsp, sargp->sbp)) { 1992 sargp->sbp = NULL; /* to identify error */ 1993 return (puterrno4(error)); 1994 } 1995 } 1996 1997 return (rfs4_vop_getattr(vp, sargp->vap, 0, cs->cr)); 1998 } 1999 2000 static void 2001 nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp) 2002 { 2003 ntovp->na = kmem_zalloc(sizeof (union nfs4_attr_u) * nfs4_ntov_map_size, 2004 KM_SLEEP); 2005 ntovp->attrcnt = 0; 2006 ntovp->vfsstat = FALSE; 2007 } 2008 2009 static void 2010 nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp, 2011 struct nfs4_svgetit_arg *sargp) 2012 { 2013 int i; 2014 union nfs4_attr_u *na; 2015 uint8_t *amap; 2016 2017 /* 2018 * XXX Should do the same checks for whether the bit is set 2019 */ 2020 for (i = 0, na = ntovp->na, amap = ntovp->amap; 2021 i < ntovp->attrcnt; i++, na++, amap++) { 2022 (void) (*nfs4_ntov_map[*amap].sv_getit)( 2023 NFS4ATTR_FREEIT, sargp, na); 2024 } 2025 if ((sargp->op == NFS4ATTR_SETIT) || (sargp->op == NFS4ATTR_VERIT)) { 2026 /* 2027 * xdr_free for getattr will be done later 2028 */ 2029 for (i = 0, na = ntovp->na, amap = ntovp->amap; 2030 i < ntovp->attrcnt; i++, na++, amap++) { 2031 xdr_free(nfs4_ntov_map[*amap].xfunc, (caddr_t)na); 2032 } 2033 } 2034 kmem_free(ntovp->na, sizeof (union nfs4_attr_u) * nfs4_ntov_map_size); 2035 } 2036 2037 /* 2038 * do_rfs4_op_getattr gets the system attrs and converts into fattr4. 2039 */ 2040 static nfsstat4 2041 do_rfs4_op_getattr(bitmap4 breq, fattr4 *fattrp, 2042 struct nfs4_svgetit_arg *sargp) 2043 { 2044 int error = 0; 2045 int i, k; 2046 struct nfs4_ntov_table ntov; 2047 XDR xdr; 2048 ulong_t xdr_size; 2049 char *xdr_attrs; 2050 nfsstat4 status = NFS4_OK; 2051 nfsstat4 prev_rdattr_error = sargp->rdattr_error; 2052 union nfs4_attr_u *na; 2053 uint8_t *amap; 2054 2055 sargp->op = NFS4ATTR_GETIT; 2056 sargp->flag = 0; 2057 2058 fattrp->attrmask = 0; 2059 /* if no bits requested, then return empty fattr4 */ 2060 if (breq == 0) { 2061 fattrp->attrlist4_len = 0; 2062 fattrp->attrlist4 = NULL; 2063 return (NFS4_OK); 2064 } 2065 2066 /* 2067 * return NFS4ERR_INVAL when client requests write-only attrs 2068 */ 2069 if (breq & (FATTR4_TIME_ACCESS_SET_MASK | FATTR4_TIME_MODIFY_SET_MASK)) 2070 return (NFS4ERR_INVAL); 2071 2072 nfs4_ntov_table_init(&ntov); 2073 na = ntov.na; 2074 amap = ntov.amap; 2075 2076 /* 2077 * Now loop to get or verify the attrs 2078 */ 2079 for (i = 0; i < nfs4_ntov_map_size; i++) { 2080 if (breq & nfs4_ntov_map[i].fbit) { 2081 if ((*nfs4_ntov_map[i].sv_getit)( 2082 NFS4ATTR_SUPPORTED, sargp, NULL) == 0) { 2083 2084 error = (*nfs4_ntov_map[i].sv_getit)( 2085 NFS4ATTR_GETIT, sargp, na); 2086 2087 /* 2088 * Possible error values: 2089 * >0 if sv_getit failed to 2090 * get the attr; 0 if succeeded; 2091 * <0 if rdattr_error and the 2092 * attribute cannot be returned. 2093 */ 2094 if (error && !(sargp->rdattr_error_req)) 2095 goto done; 2096 /* 2097 * If error then just for entry 2098 */ 2099 if (error == 0) { 2100 fattrp->attrmask |= 2101 nfs4_ntov_map[i].fbit; 2102 *amap++ = 2103 (uint8_t)nfs4_ntov_map[i].nval; 2104 na++; 2105 (ntov.attrcnt)++; 2106 } else if ((error > 0) && 2107 (sargp->rdattr_error == NFS4_OK)) { 2108 sargp->rdattr_error = puterrno4(error); 2109 } 2110 error = 0; 2111 } 2112 } 2113 } 2114 2115 /* 2116 * If rdattr_error was set after the return value for it was assigned, 2117 * update it. 2118 */ 2119 if (prev_rdattr_error != sargp->rdattr_error) { 2120 na = ntov.na; 2121 amap = ntov.amap; 2122 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2123 k = *amap; 2124 if (k < FATTR4_RDATTR_ERROR) { 2125 continue; 2126 } 2127 if ((k == FATTR4_RDATTR_ERROR) && 2128 ((*nfs4_ntov_map[k].sv_getit)( 2129 NFS4ATTR_SUPPORTED, sargp, NULL) == 0)) { 2130 2131 (void) (*nfs4_ntov_map[k].sv_getit)( 2132 NFS4ATTR_GETIT, sargp, na); 2133 } 2134 break; 2135 } 2136 } 2137 2138 xdr_size = 0; 2139 na = ntov.na; 2140 amap = ntov.amap; 2141 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2142 xdr_size += xdr_sizeof(nfs4_ntov_map[*amap].xfunc, na); 2143 } 2144 2145 fattrp->attrlist4_len = xdr_size; 2146 if (xdr_size) { 2147 /* freed by rfs4_op_getattr_free() */ 2148 fattrp->attrlist4 = xdr_attrs = kmem_zalloc(xdr_size, KM_SLEEP); 2149 2150 xdrmem_create(&xdr, xdr_attrs, xdr_size, XDR_ENCODE); 2151 2152 na = ntov.na; 2153 amap = ntov.amap; 2154 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2155 if (!(*nfs4_ntov_map[*amap].xfunc)(&xdr, na)) { 2156 cmn_err(CE_WARN, "do_rfs4_op_getattr: xdr " 2157 "encode of attribute %d failed\n", 2158 *amap); 2159 status = NFS4ERR_SERVERFAULT; 2160 break; 2161 } 2162 } 2163 /* xdrmem_destroy(&xdrs); */ /* NO-OP */ 2164 } else { 2165 fattrp->attrlist4 = NULL; 2166 } 2167 done: 2168 2169 nfs4_ntov_table_free(&ntov, sargp); 2170 2171 if (error != 0) 2172 status = puterrno4(error); 2173 2174 return (status); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 rfs4_op_getattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2180 struct compound_state *cs) 2181 { 2182 GETATTR4args *args = &argop->nfs_argop4_u.opgetattr; 2183 GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr; 2184 struct nfs4_svgetit_arg sarg; 2185 struct statvfs64 sb; 2186 nfsstat4 status; 2187 2188 if (cs->vp == NULL) { 2189 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2190 return; 2191 } 2192 2193 if (cs->access == CS_ACCESS_DENIED) { 2194 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2195 return; 2196 } 2197 2198 sarg.sbp = &sb; 2199 sarg.cs = cs; 2200 2201 status = bitmap4_to_attrmask(args->attr_request, &sarg); 2202 if (status == NFS4_OK) { 2203 status = bitmap4_get_sysattrs(&sarg); 2204 if (status == NFS4_OK) 2205 status = do_rfs4_op_getattr(args->attr_request, 2206 &resp->obj_attributes, &sarg); 2207 } 2208 *cs->statusp = resp->status = status; 2209 } 2210 2211 static void 2212 rfs4_op_getattr_free(nfs_resop4 *resop) 2213 { 2214 GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr; 2215 2216 nfs4_fattr4_free(&resp->obj_attributes); 2217 } 2218 2219 /* ARGSUSED */ 2220 static void 2221 rfs4_op_getfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2222 struct compound_state *cs) 2223 { 2224 GETFH4res *resp = &resop->nfs_resop4_u.opgetfh; 2225 2226 if (cs->vp == NULL) { 2227 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2228 return; 2229 } 2230 if (cs->access == CS_ACCESS_DENIED) { 2231 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2232 return; 2233 } 2234 2235 resp->object.nfs_fh4_val = 2236 kmem_alloc(cs->fh.nfs_fh4_len, KM_SLEEP); 2237 nfs_fh4_copy(&cs->fh, &resp->object); 2238 *cs->statusp = resp->status = NFS4_OK; 2239 } 2240 2241 static void 2242 rfs4_op_getfh_free(nfs_resop4 *resop) 2243 { 2244 GETFH4res *resp = &resop->nfs_resop4_u.opgetfh; 2245 2246 if (resp->status == NFS4_OK && 2247 resp->object.nfs_fh4_val != NULL) { 2248 kmem_free(resp->object.nfs_fh4_val, resp->object.nfs_fh4_len); 2249 resp->object.nfs_fh4_val = NULL; 2250 resp->object.nfs_fh4_len = 0; 2251 } 2252 } 2253 2254 /* 2255 * illegal: args: void 2256 * res : status (NFS4ERR_OP_ILLEGAL) 2257 */ 2258 /* ARGSUSED */ 2259 static void 2260 rfs4_op_illegal(nfs_argop4 *argop, nfs_resop4 *resop, 2261 struct svc_req *req, struct compound_state *cs) 2262 { 2263 ILLEGAL4res *resp = &resop->nfs_resop4_u.opillegal; 2264 2265 resop->resop = OP_ILLEGAL; 2266 *cs->statusp = resp->status = NFS4ERR_OP_ILLEGAL; 2267 } 2268 2269 /* 2270 * link: args: SAVED_FH: file, CURRENT_FH: target directory 2271 * res: status. If success - CURRENT_FH unchanged, return change_info 2272 */ 2273 /* ARGSUSED */ 2274 static void 2275 rfs4_op_link(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2276 struct compound_state *cs) 2277 { 2278 LINK4args *args = &argop->nfs_argop4_u.oplink; 2279 LINK4res *resp = &resop->nfs_resop4_u.oplink; 2280 int error; 2281 vnode_t *vp; 2282 vnode_t *dvp; 2283 struct vattr bdva, idva, adva; 2284 char *nm; 2285 uint_t len; 2286 2287 /* SAVED_FH: source object */ 2288 vp = cs->saved_vp; 2289 if (vp == NULL) { 2290 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2291 return; 2292 } 2293 2294 /* CURRENT_FH: target directory */ 2295 dvp = cs->vp; 2296 if (dvp == NULL) { 2297 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2298 return; 2299 } 2300 2301 /* 2302 * If there is a non-shared filesystem mounted on this vnode, 2303 * do not allow to link any file in this directory. 2304 */ 2305 if (vn_ismntpt(dvp)) { 2306 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2307 return; 2308 } 2309 2310 if (cs->access == CS_ACCESS_DENIED) { 2311 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2312 return; 2313 } 2314 2315 /* Check source object's type validity */ 2316 if (vp->v_type == VDIR) { 2317 *cs->statusp = resp->status = NFS4ERR_ISDIR; 2318 return; 2319 } 2320 2321 /* Check target directory's type */ 2322 if (dvp->v_type != VDIR) { 2323 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2324 return; 2325 } 2326 2327 if (cs->saved_exi != cs->exi) { 2328 *cs->statusp = resp->status = NFS4ERR_XDEV; 2329 return; 2330 } 2331 2332 if (!utf8_dir_verify(&args->newname)) { 2333 *cs->statusp = resp->status = NFS4ERR_INVAL; 2334 return; 2335 } 2336 2337 nm = utf8_to_fn(&args->newname, &len, NULL); 2338 if (nm == NULL) { 2339 *cs->statusp = resp->status = NFS4ERR_INVAL; 2340 return; 2341 } 2342 2343 if (len > MAXNAMELEN) { 2344 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 2345 kmem_free(nm, len); 2346 return; 2347 } 2348 2349 if (rdonly4(cs->exi, cs->vp, req)) { 2350 *cs->statusp = resp->status = NFS4ERR_ROFS; 2351 kmem_free(nm, len); 2352 return; 2353 } 2354 2355 /* Get "before" change value */ 2356 bdva.va_mask = AT_CTIME|AT_SEQ; 2357 error = VOP_GETATTR(dvp, &bdva, 0, cs->cr); 2358 if (error) { 2359 *cs->statusp = resp->status = puterrno4(error); 2360 kmem_free(nm, len); 2361 return; 2362 } 2363 2364 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime) 2365 2366 error = VOP_LINK(dvp, vp, nm, cs->cr); 2367 2368 kmem_free(nm, len); 2369 2370 /* 2371 * Get the initial "after" sequence number, if it fails, set to zero 2372 */ 2373 idva.va_mask = AT_SEQ; 2374 if (VOP_GETATTR(dvp, &idva, 0, cs->cr)) 2375 idva.va_seq = 0; 2376 2377 /* 2378 * Force modified data and metadata out to stable storage. 2379 */ 2380 (void) VOP_FSYNC(vp, FNODSYNC, cs->cr); 2381 (void) VOP_FSYNC(dvp, 0, cs->cr); 2382 2383 if (error) { 2384 *cs->statusp = resp->status = puterrno4(error); 2385 return; 2386 } 2387 2388 /* 2389 * Get "after" change value, if it fails, simply return the 2390 * before value. 2391 */ 2392 adva.va_mask = AT_CTIME|AT_SEQ; 2393 if (VOP_GETATTR(dvp, &adva, 0, cs->cr)) { 2394 adva.va_ctime = bdva.va_ctime; 2395 adva.va_seq = 0; 2396 } 2397 2398 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime) 2399 2400 /* 2401 * The cinfo.atomic = TRUE only if we have 2402 * non-zero va_seq's, and it has incremented by exactly one 2403 * during the VOP_LINK and it didn't change during the VOP_FSYNC. 2404 */ 2405 if (bdva.va_seq && idva.va_seq && adva.va_seq && 2406 idva.va_seq == (bdva.va_seq + 1) && 2407 idva.va_seq == adva.va_seq) 2408 resp->cinfo.atomic = TRUE; 2409 else 2410 resp->cinfo.atomic = FALSE; 2411 2412 *cs->statusp = resp->status = NFS4_OK; 2413 } 2414 2415 /* 2416 * Used by rfs4_op_lookup and rfs4_op_lookupp to do the actual work. 2417 */ 2418 2419 /* ARGSUSED */ 2420 static nfsstat4 2421 do_rfs4_op_lookup(char *nm, uint_t buflen, struct svc_req *req, 2422 struct compound_state *cs) 2423 { 2424 int error; 2425 int different_export = 0; 2426 vnode_t *vp, *tvp, *pre_tvp = NULL, *oldvp = NULL; 2427 struct exportinfo *exi = NULL, *pre_exi = NULL; 2428 nfsstat4 stat; 2429 fid_t fid; 2430 int attrdir, dotdot, walk; 2431 bool_t is_newvp = FALSE; 2432 2433 if (cs->vp->v_flag & V_XATTRDIR) { 2434 attrdir = 1; 2435 ASSERT(get_fh4_flag(&cs->fh, FH4_ATTRDIR)); 2436 } else { 2437 attrdir = 0; 2438 ASSERT(! get_fh4_flag(&cs->fh, FH4_ATTRDIR)); 2439 } 2440 2441 dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0'); 2442 2443 /* 2444 * If dotdotting, then need to check whether it's 2445 * above the root of a filesystem, or above an 2446 * export point. 2447 */ 2448 if (dotdot) { 2449 2450 /* 2451 * If dotdotting at the root of a filesystem, then 2452 * need to traverse back to the mounted-on filesystem 2453 * and do the dotdot lookup there. 2454 */ 2455 if (cs->vp->v_flag & VROOT) { 2456 2457 /* 2458 * If at the system root, then can 2459 * go up no further. 2460 */ 2461 if (VN_CMP(cs->vp, rootdir)) 2462 return (puterrno4(ENOENT)); 2463 2464 /* 2465 * Traverse back to the mounted-on filesystem 2466 */ 2467 cs->vp = untraverse(cs->vp); 2468 2469 /* 2470 * Set the different_export flag so we remember 2471 * to pick up a new exportinfo entry for 2472 * this new filesystem. 2473 */ 2474 different_export = 1; 2475 } else { 2476 2477 /* 2478 * If dotdotting above an export point then set 2479 * the different_export to get new export info. 2480 */ 2481 different_export = nfs_exported(cs->exi, cs->vp); 2482 } 2483 } 2484 2485 error = VOP_LOOKUP(cs->vp, nm, &vp, NULL, 0, NULL, cs->cr); 2486 if (error) 2487 return (puterrno4(error)); 2488 2489 /* 2490 * If the vnode is in a pseudo filesystem, check whether it is visible. 2491 * 2492 * XXX if the vnode is a symlink and it is not visible in 2493 * a pseudo filesystem, return ENOENT (not following symlink). 2494 * V4 client can not mount such symlink. This is a regression 2495 * from V2/V3. 2496 * 2497 * In the same exported filesystem, if the security flavor used 2498 * is not an explicitly shared flavor, limit the view to the visible 2499 * list entries only. This is not a WRONGSEC case because it's already 2500 * checked via PUTROOTFH/PUTPUBFH or PUTFH. 2501 */ 2502 if (!different_export && 2503 (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) || 2504 cs->access & CS_ACCESS_LIMITED)) { 2505 if (! nfs_visible(cs->exi, vp, &different_export)) { 2506 VN_RELE(vp); 2507 return (puterrno4(ENOENT)); 2508 } 2509 } 2510 2511 /* 2512 * If it's a mountpoint, then traverse it. 2513 */ 2514 if (vn_ismntpt(vp)) { 2515 pre_exi = cs->exi; /* save pre-traversed exportinfo */ 2516 pre_tvp = vp; /* save pre-traversed vnode */ 2517 2518 /* 2519 * hold pre_tvp to counteract rele by traverse. We will 2520 * need pre_tvp below if checkexport4 fails 2521 */ 2522 VN_HOLD(pre_tvp); 2523 tvp = vp; 2524 if ((error = traverse(&tvp)) != 0) { 2525 VN_RELE(vp); 2526 VN_RELE(pre_tvp); 2527 return (puterrno4(error)); 2528 } 2529 vp = tvp; 2530 different_export = 1; 2531 } else if (vp->v_vfsp != cs->vp->v_vfsp) { 2532 /* 2533 * The vfsp comparison is to handle the case where 2534 * a LOFS mount is shared. lo_lookup traverses mount points, 2535 * and NFS is unaware of local fs transistions because 2536 * v_vfsmountedhere isn't set. For this special LOFS case, 2537 * the dir and the obj returned by lookup will have different 2538 * vfs ptrs. 2539 */ 2540 different_export = 1; 2541 } 2542 2543 if (different_export) { 2544 2545 bzero(&fid, sizeof (fid)); 2546 fid.fid_len = MAXFIDSZ; 2547 error = vop_fid_pseudo(vp, &fid); 2548 if (error) { 2549 VN_RELE(vp); 2550 if (pre_tvp) 2551 VN_RELE(pre_tvp); 2552 return (puterrno4(error)); 2553 } 2554 2555 if (dotdot) 2556 exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE); 2557 else 2558 exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp); 2559 2560 if (exi == NULL) { 2561 if (pre_tvp) { 2562 /* 2563 * If this vnode is a mounted-on vnode, 2564 * but the mounted-on file system is not 2565 * exported, send back the filehandle for 2566 * the mounted-on vnode, not the root of 2567 * the mounted-on file system. 2568 */ 2569 VN_RELE(vp); 2570 vp = pre_tvp; 2571 exi = pre_exi; 2572 } else { 2573 VN_RELE(vp); 2574 return (puterrno4(EACCES)); 2575 } 2576 } else if (pre_tvp) { 2577 /* we're done with pre_tvp now. release extra hold */ 2578 VN_RELE(pre_tvp); 2579 } 2580 2581 cs->exi = exi; 2582 2583 /* 2584 * Now we do a checkauth4. The reason is that 2585 * this client/user may not have access to the new 2586 * exported file system, and if he does, 2587 * the client/user may be mapped to a different uid. 2588 * 2589 * We start with a new cr, because the checkauth4 done 2590 * in the PUT*FH operation over wrote the cred's uid, 2591 * gid, etc, and we want the real thing before calling 2592 * checkauth4() 2593 */ 2594 crfree(cs->cr); 2595 cs->cr = crdup(cs->basecr); 2596 2597 if (cs->vp) 2598 oldvp = cs->vp; 2599 cs->vp = vp; 2600 is_newvp = TRUE; 2601 2602 stat = call_checkauth4(cs, req); 2603 if (stat != NFS4_OK) { 2604 VN_RELE(cs->vp); 2605 cs->vp = oldvp; 2606 return (stat); 2607 } 2608 } 2609 2610 /* 2611 * After various NFS checks, do a label check on the path 2612 * component. The label on this path should either be the 2613 * global zone's label or a zone's label. We are only 2614 * interested in the zone's label because exported files 2615 * in global zone is accessible (though read-only) to 2616 * clients. The exportability/visibility check is already 2617 * done before reaching this code. 2618 */ 2619 if (is_system_labeled()) { 2620 bslabel_t *clabel; 2621 2622 ASSERT(req->rq_label != NULL); 2623 clabel = req->rq_label; 2624 DTRACE_PROBE2(tx__rfs4__log__info__oplookup__clabel, char *, 2625 "got client label from request(1)", struct svc_req *, req); 2626 2627 if (!blequal(&l_admin_low->tsl_label, clabel)) { 2628 if (!do_rfs_label_check(clabel, vp, DOMINANCE_CHECK)) { 2629 error = EACCES; 2630 goto err_out; 2631 } 2632 } else { 2633 /* 2634 * We grant access to admin_low label clients 2635 * only if the client is trusted, i.e. also 2636 * running Solaris Trusted Extension. 2637 */ 2638 struct sockaddr *ca; 2639 int addr_type; 2640 void *ipaddr; 2641 tsol_tpc_t *tp; 2642 2643 ca = (struct sockaddr *)svc_getrpccaller( 2644 req->rq_xprt)->buf; 2645 if (ca->sa_family == AF_INET) { 2646 addr_type = IPV4_VERSION; 2647 ipaddr = &((struct sockaddr_in *)ca)->sin_addr; 2648 } else if (ca->sa_family == AF_INET6) { 2649 addr_type = IPV6_VERSION; 2650 ipaddr = &((struct sockaddr_in6 *) 2651 ca)->sin6_addr; 2652 } 2653 tp = find_tpc(ipaddr, addr_type, B_FALSE); 2654 if (tp == NULL || tp->tpc_tp.tp_doi != 2655 l_admin_low->tsl_doi || tp->tpc_tp.host_type != 2656 SUN_CIPSO) { 2657 if (tp != NULL) 2658 TPC_RELE(tp); 2659 error = EACCES; 2660 goto err_out; 2661 } 2662 TPC_RELE(tp); 2663 } 2664 } 2665 2666 error = makefh4(&cs->fh, vp, cs->exi); 2667 2668 err_out: 2669 if (error) { 2670 if (is_newvp) { 2671 VN_RELE(cs->vp); 2672 cs->vp = oldvp; 2673 } else 2674 VN_RELE(vp); 2675 return (puterrno4(error)); 2676 } 2677 2678 if (!is_newvp) { 2679 if (cs->vp) 2680 VN_RELE(cs->vp); 2681 cs->vp = vp; 2682 } else if (oldvp) 2683 VN_RELE(oldvp); 2684 2685 /* 2686 * if did lookup on attrdir and didn't lookup .., set named 2687 * attr fh flag 2688 */ 2689 if (attrdir && ! dotdot) 2690 set_fh4_flag(&cs->fh, FH4_NAMEDATTR); 2691 2692 /* Assume false for now, open proc will set this */ 2693 cs->mandlock = FALSE; 2694 2695 return (NFS4_OK); 2696 } 2697 2698 /* ARGSUSED */ 2699 static void 2700 rfs4_op_lookup(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2701 struct compound_state *cs) 2702 { 2703 LOOKUP4args *args = &argop->nfs_argop4_u.oplookup; 2704 LOOKUP4res *resp = &resop->nfs_resop4_u.oplookup; 2705 char *nm; 2706 uint_t len; 2707 2708 if (cs->vp == NULL) { 2709 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2710 return; 2711 } 2712 2713 if (cs->vp->v_type == VLNK) { 2714 *cs->statusp = resp->status = NFS4ERR_SYMLINK; 2715 return; 2716 } 2717 2718 if (cs->vp->v_type != VDIR) { 2719 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2720 return; 2721 } 2722 2723 if (!utf8_dir_verify(&args->objname)) { 2724 *cs->statusp = resp->status = NFS4ERR_INVAL; 2725 return; 2726 } 2727 2728 nm = utf8_to_str(&args->objname, &len, NULL); 2729 if (nm == NULL) { 2730 *cs->statusp = resp->status = NFS4ERR_INVAL; 2731 return; 2732 } 2733 2734 if (len > MAXNAMELEN) { 2735 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 2736 kmem_free(nm, len); 2737 return; 2738 } 2739 2740 *cs->statusp = resp->status = do_rfs4_op_lookup(nm, len, req, cs); 2741 2742 kmem_free(nm, len); 2743 } 2744 2745 /* ARGSUSED */ 2746 static void 2747 rfs4_op_lookupp(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 2748 struct compound_state *cs) 2749 { 2750 LOOKUPP4res *resp = &resop->nfs_resop4_u.oplookupp; 2751 2752 if (cs->vp == NULL) { 2753 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2754 return; 2755 } 2756 2757 if (cs->vp->v_type != VDIR) { 2758 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2759 return; 2760 } 2761 2762 *cs->statusp = resp->status = do_rfs4_op_lookup("..", 3, req, cs); 2763 2764 /* 2765 * From NFSV4 Specification, LOOKUPP should not check for 2766 * NFS4ERR_WRONGSEC. Retrun NFS4_OK instead. 2767 */ 2768 if (resp->status == NFS4ERR_WRONGSEC) { 2769 *cs->statusp = resp->status = NFS4_OK; 2770 } 2771 } 2772 2773 2774 /*ARGSUSED2*/ 2775 static void 2776 rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2777 struct compound_state *cs) 2778 { 2779 OPENATTR4args *args = &argop->nfs_argop4_u.opopenattr; 2780 OPENATTR4res *resp = &resop->nfs_resop4_u.opopenattr; 2781 vnode_t *avp = NULL; 2782 int lookup_flags = LOOKUP_XATTR, error; 2783 int exp_ro = 0; 2784 2785 if (cs->vp == NULL) { 2786 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2787 return; 2788 } 2789 2790 /* 2791 * Make a couple of checks made by copen() 2792 * 2793 * Check to make sure underlying fs supports xattrs. This 2794 * is required because solaris filesystem implementations 2795 * (UFS/TMPFS) don't enforce the noxattr mount option 2796 * in VOP_LOOKUP(LOOKUP_XATTR). If fs doesn't support this 2797 * pathconf cmd or if fs supports cmd but doesn't claim 2798 * support for xattr, return NOTSUPP. It would be better 2799 * to use VOP_PATHCONF( _PC_XATTR_ENABLED) for this; however, 2800 * that cmd is not available to VOP_PATHCONF interface 2801 * (it's only implemented inside pathconf syscall)... 2802 * 2803 * Verify permission to put attributes on files (access 2804 * checks from copen). 2805 */ 2806 2807 if ((cs->vp->v_vfsp->vfs_flag & VFS_XATTR) == 0) { 2808 error = ENOTSUP; 2809 goto error_out; 2810 } 2811 2812 if ((VOP_ACCESS(cs->vp, VREAD, 0, cs->cr) != 0) && 2813 (VOP_ACCESS(cs->vp, VWRITE, 0, cs->cr) != 0) && 2814 (VOP_ACCESS(cs->vp, VEXEC, 0, cs->cr) != 0)) { 2815 error = EACCES; 2816 goto error_out; 2817 } 2818 2819 /* 2820 * The CREATE_XATTR_DIR VOP flag cannot be specified if 2821 * the file system is exported read-only -- regardless of 2822 * createdir flag. Otherwise the attrdir would be created 2823 * (assuming server fs isn't mounted readonly locally). If 2824 * VOP_LOOKUP returns ENOENT in this case, the error will 2825 * be translated into EROFS. ENOSYS is mapped to ENOTSUP 2826 * because specfs has no VOP_LOOKUP op, so the macro would 2827 * return ENOSYS. EINVAL is returned by all (current) 2828 * Solaris file system implementations when any of their 2829 * restrictions are violated (xattr(dir) can't have xattrdir). 2830 * Returning NOTSUPP is more appropriate in this case 2831 * because the object will never be able to have an attrdir. 2832 */ 2833 if (args->createdir && ! (exp_ro = rdonly4(cs->exi, cs->vp, req))) 2834 lookup_flags |= CREATE_XATTR_DIR; 2835 2836 error = VOP_LOOKUP(cs->vp, "", &avp, NULL, lookup_flags, NULL, cs->cr); 2837 2838 if (error) { 2839 if (error == ENOENT && args->createdir && exp_ro) 2840 error = EROFS; 2841 else if (error == EINVAL || error == ENOSYS) 2842 error = ENOTSUP; 2843 goto error_out; 2844 } 2845 2846 ASSERT(avp->v_flag & V_XATTRDIR); 2847 2848 error = makefh4(&cs->fh, avp, cs->exi); 2849 2850 if (error) { 2851 VN_RELE(avp); 2852 goto error_out; 2853 } 2854 2855 VN_RELE(cs->vp); 2856 cs->vp = avp; 2857 2858 /* 2859 * There is no requirement for an attrdir fh flag 2860 * because the attrdir has a vnode flag to distinguish 2861 * it from regular (non-xattr) directories. The 2862 * FH4_ATTRDIR flag is set for future sanity checks. 2863 */ 2864 set_fh4_flag(&cs->fh, FH4_ATTRDIR); 2865 *cs->statusp = resp->status = NFS4_OK; 2866 return; 2867 2868 error_out: 2869 2870 *cs->statusp = resp->status = puterrno4(error); 2871 } 2872 2873 static int 2874 do_io(int direction, vnode_t *vp, struct uio *uio, int ioflag, cred_t *cred) 2875 { 2876 int error; 2877 int i; 2878 clock_t delaytime; 2879 caller_context_t ct; 2880 2881 delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay); 2882 2883 /* 2884 * Don't block on mandatory locks. If this routine returns 2885 * EAGAIN, the caller should return NFS4ERR_LOCKED. 2886 */ 2887 uio->uio_fmode = FNONBLOCK; 2888 2889 ct.cc_sysid = 0; 2890 ct.cc_pid = 0; 2891 ct.cc_caller_id = nfs4_srv_caller_id; 2892 2893 for (i = 0; i < rfs4_maxlock_tries; i++) { 2894 2895 2896 if (direction == FREAD) { 2897 (void) VOP_RWLOCK(vp, V_WRITELOCK_FALSE, &ct); 2898 error = VOP_READ(vp, uio, ioflag, cred, &ct); 2899 VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, &ct); 2900 } else { 2901 (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, &ct); 2902 error = VOP_WRITE(vp, uio, ioflag, cred, &ct); 2903 VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, &ct); 2904 } 2905 2906 if (error != EAGAIN) 2907 break; 2908 2909 if (i < rfs4_maxlock_tries - 1) { 2910 delay(delaytime); 2911 delaytime *= 2; 2912 } 2913 } 2914 2915 return (error); 2916 } 2917 2918 /* ARGSUSED */ 2919 static void 2920 rfs4_op_read(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2921 struct compound_state *cs) 2922 { 2923 READ4args *args = &argop->nfs_argop4_u.opread; 2924 READ4res *resp = &resop->nfs_resop4_u.opread; 2925 int error; 2926 int verror; 2927 vnode_t *vp; 2928 struct vattr va; 2929 struct iovec iov; 2930 struct uio uio; 2931 u_offset_t offset; 2932 bool_t *deleg = &cs->deleg; 2933 nfsstat4 stat; 2934 int in_crit = 0; 2935 mblk_t *mp; 2936 int alloc_err = 0; 2937 2938 vp = cs->vp; 2939 if (vp == NULL) { 2940 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2941 return; 2942 } 2943 if (cs->access == CS_ACCESS_DENIED) { 2944 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2945 return; 2946 } 2947 2948 /* 2949 * Enter the critical region before calling VOP_RWLOCK 2950 * to avoid a deadlock with write requests. 2951 */ 2952 if (nbl_need_check(vp)) { 2953 nbl_start_crit(vp, RW_READER); 2954 in_crit = 1; 2955 if (nbl_conflict(vp, NBL_READ, args->offset, args->count, 0)) { 2956 *cs->statusp = resp->status = NFS4ERR_LOCKED; 2957 goto out; 2958 } 2959 } 2960 2961 if ((stat = rfs4_check_stateid(FREAD, vp, &args->stateid, FALSE, 2962 deleg, TRUE)) != NFS4_OK) { 2963 *cs->statusp = resp->status = stat; 2964 goto out; 2965 } 2966 2967 va.va_mask = AT_MODE|AT_SIZE|AT_UID; 2968 verror = VOP_GETATTR(vp, &va, 0, cs->cr); 2969 2970 /* 2971 * If we can't get the attributes, then we can't do the 2972 * right access checking. So, we'll fail the request. 2973 */ 2974 if (verror) { 2975 *cs->statusp = resp->status = puterrno4(verror); 2976 goto out; 2977 } 2978 2979 if (vp->v_type != VREG) { 2980 *cs->statusp = resp->status = 2981 ((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL); 2982 goto out; 2983 } 2984 2985 if (crgetuid(cs->cr) != va.va_uid && 2986 (error = VOP_ACCESS(vp, VREAD, 0, cs->cr)) && 2987 (error = VOP_ACCESS(vp, VEXEC, 0, cs->cr))) { 2988 *cs->statusp = resp->status = puterrno4(error); 2989 goto out; 2990 } 2991 2992 if (MANDLOCK(vp, va.va_mode)) { /* XXX - V4 supports mand locking */ 2993 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2994 goto out; 2995 } 2996 2997 offset = args->offset; 2998 if (offset >= va.va_size) { 2999 *cs->statusp = resp->status = NFS4_OK; 3000 resp->eof = TRUE; 3001 resp->data_len = 0; 3002 resp->data_val = NULL; 3003 resp->mblk = NULL; 3004 *cs->statusp = resp->status = NFS4_OK; 3005 goto out; 3006 } 3007 3008 if (args->count == 0) { 3009 *cs->statusp = resp->status = NFS4_OK; 3010 resp->eof = FALSE; 3011 resp->data_len = 0; 3012 resp->data_val = NULL; 3013 resp->mblk = NULL; 3014 goto out; 3015 } 3016 3017 /* 3018 * Do not allocate memory more than maximum allowed 3019 * transfer size 3020 */ 3021 if (args->count > rfs4_tsize(req)) 3022 args->count = rfs4_tsize(req); 3023 3024 /* 3025 * mp will contain the data to be sent out in the read reply. 3026 * It will be freed after the reply has been sent. 3027 * Let's roundup the data to a BYTES_PER_XDR_UNIT multiple, 3028 * so that the call to xdrmblk_putmblk() never fails. 3029 * If the first alloc of the requested size fails, then 3030 * decrease the size to something more reasonable and wait 3031 * for the allocation to occur. 3032 */ 3033 mp = allocb(RNDUP(args->count), BPRI_MED); 3034 if (mp == NULL) { 3035 if (args->count > MAXBSIZE) 3036 args->count = MAXBSIZE; 3037 mp = allocb_wait(RNDUP(args->count), BPRI_MED, 3038 STR_NOSIG, &alloc_err); 3039 } 3040 ASSERT(mp != NULL); 3041 ASSERT(alloc_err == 0); 3042 3043 iov.iov_base = (caddr_t)mp->b_datap->db_base; 3044 iov.iov_len = args->count; 3045 uio.uio_iov = &iov; 3046 uio.uio_iovcnt = 1; 3047 uio.uio_segflg = UIO_SYSSPACE; 3048 uio.uio_extflg = UIO_COPY_CACHED; 3049 uio.uio_loffset = args->offset; 3050 uio.uio_resid = args->count; 3051 3052 error = do_io(FREAD, vp, &uio, 0, cs->cr); 3053 3054 va.va_mask = AT_SIZE; 3055 verror = VOP_GETATTR(vp, &va, 0, cs->cr); 3056 3057 if (error) { 3058 freeb(mp); 3059 *cs->statusp = resp->status = puterrno4(error); 3060 goto out; 3061 } 3062 3063 *cs->statusp = resp->status = NFS4_OK; 3064 3065 ASSERT(uio.uio_resid >= 0); 3066 resp->data_len = args->count - uio.uio_resid; 3067 resp->data_val = (char *)mp->b_datap->db_base; 3068 resp->mblk = mp; 3069 3070 if (!verror && offset + resp->data_len == va.va_size) 3071 resp->eof = TRUE; 3072 else 3073 resp->eof = FALSE; 3074 3075 out: 3076 if (in_crit) 3077 nbl_end_crit(vp); 3078 } 3079 3080 static void 3081 rfs4_op_read_free(nfs_resop4 *resop) 3082 { 3083 READ4res *resp = &resop->nfs_resop4_u.opread; 3084 3085 if (resp->status == NFS4_OK && resp->mblk != NULL) { 3086 freeb(resp->mblk); 3087 resp->mblk = NULL; 3088 resp->data_val = NULL; 3089 resp->data_len = 0; 3090 } 3091 } 3092 3093 static void 3094 rfs4_op_readdir_free(nfs_resop4 *resop) 3095 { 3096 READDIR4res *resp = &resop->nfs_resop4_u.opreaddir; 3097 3098 if (resp->status == NFS4_OK && resp->mblk != NULL) { 3099 freeb(resp->mblk); 3100 resp->mblk = NULL; 3101 resp->data_len = 0; 3102 } 3103 } 3104 3105 3106 /* ARGSUSED */ 3107 static void 3108 rfs4_op_putpubfh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 3109 struct compound_state *cs) 3110 { 3111 PUTPUBFH4res *resp = &resop->nfs_resop4_u.opputpubfh; 3112 int error; 3113 vnode_t *vp; 3114 struct exportinfo *exi, *sav_exi; 3115 nfs_fh4_fmt_t *fh_fmtp; 3116 3117 if (cs->vp) { 3118 VN_RELE(cs->vp); 3119 cs->vp = NULL; 3120 } 3121 3122 if (cs->cr) 3123 crfree(cs->cr); 3124 3125 cs->cr = crdup(cs->basecr); 3126 3127 vp = exi_public->exi_vp; 3128 if (vp == NULL) { 3129 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 3130 return; 3131 } 3132 3133 if (is_system_labeled()) { 3134 bslabel_t *clabel; 3135 3136 ASSERT(req->rq_label != NULL); 3137 clabel = req->rq_label; 3138 DTRACE_PROBE2(tx__rfs4__log__info__opputpubfh__clabel, char *, 3139 "got client label from request(1)", 3140 struct svc_req *, req); 3141 if (!blequal(&l_admin_low->tsl_label, clabel)) { 3142 if (!do_rfs_label_check(clabel, vp, DOMINANCE_CHECK)) { 3143 *cs->statusp = resp->status = 3144 NFS4ERR_SERVERFAULT; 3145 return; 3146 } 3147 } 3148 } 3149 3150 error = makefh4(&cs->fh, vp, exi_public); 3151 if (error != 0) { 3152 *cs->statusp = resp->status = puterrno4(error); 3153 return; 3154 } 3155 sav_exi = cs->exi; 3156 if (exi_public == exi_root) { 3157 /* 3158 * No filesystem is actually shared public, so we default 3159 * to exi_root. In this case, we must check whether root 3160 * is exported. 3161 */ 3162 fh_fmtp = (nfs_fh4_fmt_t *)cs->fh.nfs_fh4_val; 3163 3164 /* 3165 * if root filesystem is exported, the exportinfo struct that we 3166 * should use is what checkexport4 returns, because root_exi is 3167 * actually a mostly empty struct. 3168 */ 3169 exi = checkexport4(&fh_fmtp->fh4_fsid, 3170 (fid_t *)&fh_fmtp->fh4_xlen, NULL); 3171 cs->exi = ((exi != NULL) ? exi : exi_public); 3172 } else { 3173 /* 3174 * it's a properly shared filesystem 3175 */ 3176 cs->exi = exi_public; 3177 } 3178 3179 VN_HOLD(vp); 3180 cs->vp = vp; 3181 3182 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3183 VN_RELE(cs->vp); 3184 cs->vp = NULL; 3185 cs->exi = sav_exi; 3186 return; 3187 } 3188 3189 *cs->statusp = resp->status = NFS4_OK; 3190 } 3191 3192 /* 3193 * XXX - issue with put*fh operations. Suppose /export/home is exported. 3194 * Suppose an NFS client goes to mount /export/home/joe. If /export, home, 3195 * or joe have restrictive search permissions, then we shouldn't let 3196 * the client get a file handle. This is easy to enforce. However, we 3197 * don't know what security flavor should be used until we resolve the 3198 * path name. Another complication is uid mapping. If root is 3199 * the user, then it will be mapped to the anonymous user by default, 3200 * but we won't know that till we've resolved the path name. And we won't 3201 * know what the anonymous user is. 3202 * Luckily, SECINFO is specified to take a full filename. 3203 * So what we will have to in rfs4_op_lookup is check that flavor of 3204 * the target object matches that of the request, and if root was the 3205 * caller, check for the root= and anon= options, and if necessary, 3206 * repeat the lookup using the right cred_t. But that's not done yet. 3207 */ 3208 /* ARGSUSED */ 3209 static void 3210 rfs4_op_putfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3211 struct compound_state *cs) 3212 { 3213 PUTFH4args *args = &argop->nfs_argop4_u.opputfh; 3214 PUTFH4res *resp = &resop->nfs_resop4_u.opputfh; 3215 nfs_fh4_fmt_t *fh_fmtp; 3216 3217 if (cs->vp) { 3218 VN_RELE(cs->vp); 3219 cs->vp = NULL; 3220 } 3221 3222 if (cs->cr) { 3223 crfree(cs->cr); 3224 cs->cr = NULL; 3225 } 3226 3227 3228 if (args->object.nfs_fh4_len < NFS_FH4_LEN) { 3229 *cs->statusp = resp->status = NFS4ERR_BADHANDLE; 3230 return; 3231 } 3232 3233 fh_fmtp = (nfs_fh4_fmt_t *)args->object.nfs_fh4_val; 3234 cs->exi = checkexport4(&fh_fmtp->fh4_fsid, (fid_t *)&fh_fmtp->fh4_xlen, 3235 NULL); 3236 3237 if (cs->exi == NULL) { 3238 *cs->statusp = resp->status = NFS4ERR_STALE; 3239 return; 3240 } 3241 3242 cs->cr = crdup(cs->basecr); 3243 3244 ASSERT(cs->cr != NULL); 3245 3246 if (! (cs->vp = nfs4_fhtovp(&args->object, cs->exi, &resp->status))) { 3247 *cs->statusp = resp->status; 3248 return; 3249 } 3250 3251 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3252 VN_RELE(cs->vp); 3253 cs->vp = NULL; 3254 return; 3255 } 3256 3257 nfs_fh4_copy(&args->object, &cs->fh); 3258 *cs->statusp = resp->status = NFS4_OK; 3259 cs->deleg = FALSE; 3260 } 3261 3262 /* ARGSUSED */ 3263 static void 3264 rfs4_op_putrootfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3265 struct compound_state *cs) 3266 3267 { 3268 PUTROOTFH4res *resp = &resop->nfs_resop4_u.opputrootfh; 3269 int error; 3270 fid_t fid; 3271 struct exportinfo *exi, *sav_exi; 3272 3273 if (cs->vp) { 3274 VN_RELE(cs->vp); 3275 cs->vp = NULL; 3276 } 3277 3278 if (cs->cr) 3279 crfree(cs->cr); 3280 3281 cs->cr = crdup(cs->basecr); 3282 3283 /* 3284 * Using rootdir, the system root vnode, 3285 * get its fid. 3286 */ 3287 bzero(&fid, sizeof (fid)); 3288 fid.fid_len = MAXFIDSZ; 3289 error = vop_fid_pseudo(rootdir, &fid); 3290 if (error != 0) { 3291 *cs->statusp = resp->status = puterrno4(error); 3292 return; 3293 } 3294 3295 /* 3296 * Then use the root fsid & fid it to find out if it's exported 3297 * 3298 * If the server root isn't exported directly, then 3299 * it should at least be a pseudo export based on 3300 * one or more exports further down in the server's 3301 * file tree. 3302 */ 3303 exi = checkexport4(&rootdir->v_vfsp->vfs_fsid, &fid, NULL); 3304 if (exi == NULL || exi->exi_export.ex_flags & EX_PUBLIC) { 3305 NFS4_DEBUG(rfs4_debug, 3306 (CE_WARN, "rfs4_op_putrootfh: export check failure")); 3307 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 3308 return; 3309 } 3310 3311 /* 3312 * Now make a filehandle based on the root 3313 * export and root vnode. 3314 */ 3315 error = makefh4(&cs->fh, rootdir, exi); 3316 if (error != 0) { 3317 *cs->statusp = resp->status = puterrno4(error); 3318 return; 3319 } 3320 3321 sav_exi = cs->exi; 3322 cs->exi = exi; 3323 3324 VN_HOLD(rootdir); 3325 cs->vp = rootdir; 3326 3327 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3328 VN_RELE(rootdir); 3329 cs->vp = NULL; 3330 cs->exi = sav_exi; 3331 return; 3332 } 3333 3334 *cs->statusp = resp->status = NFS4_OK; 3335 cs->deleg = FALSE; 3336 } 3337 3338 /* 3339 * A directory entry is a valid nfsv4 entry if 3340 * - it has a non-zero ino 3341 * - it is not a dot or dotdot name 3342 * - it is visible in a pseudo export or in a real export that can 3343 * only have a limited view. 3344 */ 3345 static bool_t 3346 valid_nfs4_entry(struct exportinfo *exi, struct dirent64 *dp, 3347 int *expseudo, int check_visible) 3348 { 3349 if (dp->d_ino == 0 || NFS_IS_DOTNAME(dp->d_name)) { 3350 *expseudo = 0; 3351 return (FALSE); 3352 } 3353 3354 if (! check_visible) { 3355 *expseudo = 0; 3356 return (TRUE); 3357 } 3358 3359 return (nfs_visible_inode(exi, dp->d_ino, expseudo)); 3360 } 3361 3362 /* 3363 * set_rdattr_params sets up the variables used to manage what information 3364 * to get for each directory entry. 3365 */ 3366 static nfsstat4 3367 set_rdattr_params(struct nfs4_svgetit_arg *sargp, 3368 bitmap4 attrs, bool_t *need_to_lookup) 3369 { 3370 uint_t va_mask; 3371 nfsstat4 status; 3372 bitmap4 objbits; 3373 3374 status = bitmap4_to_attrmask(attrs, sargp); 3375 if (status != NFS4_OK) { 3376 /* 3377 * could not even figure attr mask 3378 */ 3379 return (status); 3380 } 3381 va_mask = sargp->vap->va_mask; 3382 3383 /* 3384 * dirent's d_ino is always correct value for mounted_on_fileid. 3385 * mntdfid_set is set once here, but mounted_on_fileid is 3386 * set in main dirent processing loop for each dirent. 3387 * The mntdfid_set is a simple optimization that lets the 3388 * server attr code avoid work when caller is readdir. 3389 */ 3390 sargp->mntdfid_set = TRUE; 3391 3392 /* 3393 * Lookup entry only if client asked for any of the following: 3394 * a) vattr attrs 3395 * b) vfs attrs 3396 * c) attrs w/per-object scope requested (change, filehandle, etc) 3397 * other than mounted_on_fileid (which we can take from dirent) 3398 */ 3399 objbits = attrs ? attrs & NFS4_VP_ATTR_MASK : 0; 3400 3401 if (va_mask || sargp->sbp || (objbits & ~FATTR4_MOUNTED_ON_FILEID_MASK)) 3402 *need_to_lookup = TRUE; 3403 else 3404 *need_to_lookup = FALSE; 3405 3406 if (sargp->sbp == NULL) 3407 return (NFS4_OK); 3408 3409 /* 3410 * If filesystem attrs are requested, get them now from the 3411 * directory vp, as most entries will have same filesystem. The only 3412 * exception are mounted over entries but we handle 3413 * those as we go (XXX mounted over detection not yet implemented). 3414 */ 3415 sargp->vap->va_mask = 0; /* to avoid VOP_GETATTR */ 3416 status = bitmap4_get_sysattrs(sargp); 3417 sargp->vap->va_mask = va_mask; 3418 3419 if ((status != NFS4_OK) && sargp->rdattr_error_req) { 3420 /* 3421 * Failed to get filesystem attributes. 3422 * Return a rdattr_error for each entry, but don't fail. 3423 * However, don't get any obj-dependent attrs. 3424 */ 3425 sargp->rdattr_error = status; /* for rdattr_error */ 3426 *need_to_lookup = FALSE; 3427 /* 3428 * At least get fileid for regular readdir output 3429 */ 3430 sargp->vap->va_mask &= AT_NODEID; 3431 status = NFS4_OK; 3432 } 3433 3434 return (status); 3435 } 3436 3437 /* 3438 * readlink: args: CURRENT_FH. 3439 * res: status. If success - CURRENT_FH unchanged, return linktext. 3440 */ 3441 3442 /* ARGSUSED */ 3443 static void 3444 rfs4_op_readlink(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3445 struct compound_state *cs) 3446 { 3447 READLINK4res *resp = &resop->nfs_resop4_u.opreadlink; 3448 int error; 3449 vnode_t *vp; 3450 struct iovec iov; 3451 struct vattr va; 3452 struct uio uio; 3453 char *data; 3454 3455 /* CURRENT_FH: directory */ 3456 vp = cs->vp; 3457 if (vp == NULL) { 3458 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3459 return; 3460 } 3461 3462 if (cs->access == CS_ACCESS_DENIED) { 3463 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3464 return; 3465 } 3466 3467 if (vp->v_type == VDIR) { 3468 *cs->statusp = resp->status = NFS4ERR_ISDIR; 3469 return; 3470 } 3471 3472 if (vp->v_type != VLNK) { 3473 *cs->statusp = resp->status = NFS4ERR_INVAL; 3474 return; 3475 } 3476 3477 va.va_mask = AT_MODE; 3478 error = VOP_GETATTR(vp, &va, 0, cs->cr); 3479 if (error) { 3480 *cs->statusp = resp->status = puterrno4(error); 3481 return; 3482 } 3483 3484 if (MANDLOCK(vp, va.va_mode)) { 3485 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3486 return; 3487 } 3488 3489 data = kmem_alloc(MAXPATHLEN + 1, KM_SLEEP); 3490 3491 iov.iov_base = data; 3492 iov.iov_len = MAXPATHLEN; 3493 uio.uio_iov = &iov; 3494 uio.uio_iovcnt = 1; 3495 uio.uio_segflg = UIO_SYSSPACE; 3496 uio.uio_extflg = UIO_COPY_CACHED; 3497 uio.uio_loffset = 0; 3498 uio.uio_resid = MAXPATHLEN; 3499 3500 error = VOP_READLINK(vp, &uio, cs->cr); 3501 3502 if (error) { 3503 kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1); 3504 *cs->statusp = resp->status = puterrno4(error); 3505 return; 3506 } 3507 3508 *(data + MAXPATHLEN - uio.uio_resid) = '\0'; 3509 3510 /* 3511 * treat link name as data 3512 */ 3513 (void) str_to_utf8(data, &resp->link); 3514 3515 kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1); 3516 *cs->statusp = resp->status = NFS4_OK; 3517 } 3518 3519 static void 3520 rfs4_op_readlink_free(nfs_resop4 *resop) 3521 { 3522 READLINK4res *resp = &resop->nfs_resop4_u.opreadlink; 3523 utf8string *symlink = &resp->link; 3524 3525 if (symlink->utf8string_val) { 3526 UTF8STRING_FREE(*symlink) 3527 } 3528 } 3529 3530 /* 3531 * release_lockowner: 3532 * Release any state associated with the supplied 3533 * lockowner. Note if any lo_state is holding locks we will not 3534 * rele that lo_state and thus the lockowner will not be destroyed. 3535 * A client using lock after the lock owner stateid has been released 3536 * will suffer the consequence of NFS4ERR_BAD_STATEID and would have 3537 * to reissue the lock with new_lock_owner set to TRUE. 3538 * args: lock_owner 3539 * res: status 3540 */ 3541 /* ARGSUSED */ 3542 static void 3543 rfs4_op_release_lockowner(nfs_argop4 *argop, nfs_resop4 *resop, 3544 struct svc_req *req, struct compound_state *cs) 3545 { 3546 RELEASE_LOCKOWNER4args *ap = &argop->nfs_argop4_u.oprelease_lockowner; 3547 RELEASE_LOCKOWNER4res *resp = &resop->nfs_resop4_u.oprelease_lockowner; 3548 rfs4_lockowner_t *lo; 3549 rfs4_openowner_t *oop; 3550 rfs4_state_t *sp; 3551 rfs4_lo_state_t *lsp; 3552 rfs4_client_t *cp; 3553 bool_t create = FALSE; 3554 locklist_t *llist; 3555 sysid_t sysid; 3556 3557 /* Make sure there is a clientid around for this request */ 3558 cp = rfs4_findclient_by_id(ap->lock_owner.clientid, FALSE); 3559 3560 if (cp == NULL) { 3561 *cs->statusp = resp->status = 3562 rfs4_check_clientid(&ap->lock_owner.clientid, 0); 3563 return; 3564 } 3565 rfs4_client_rele(cp); 3566 3567 lo = rfs4_findlockowner(&ap->lock_owner, &create); 3568 if (lo == NULL) { 3569 *cs->statusp = resp->status = NFS4_OK; 3570 return; 3571 } 3572 ASSERT(lo->client != NULL); 3573 3574 /* 3575 * Check for EXPIRED client. If so will reap state with in a lease 3576 * period or on next set_clientid_confirm step 3577 */ 3578 if (rfs4_lease_expired(lo->client)) { 3579 rfs4_lockowner_rele(lo); 3580 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 3581 return; 3582 } 3583 3584 /* 3585 * If no sysid has been assigned, then no locks exist; just return. 3586 */ 3587 rfs4_dbe_lock(lo->client->dbe); 3588 if (lo->client->sysidt == LM_NOSYSID) { 3589 rfs4_lockowner_rele(lo); 3590 rfs4_dbe_unlock(lo->client->dbe); 3591 return; 3592 } 3593 3594 sysid = lo->client->sysidt; 3595 rfs4_dbe_unlock(lo->client->dbe); 3596 3597 /* 3598 * Mark the lockowner invalid. 3599 */ 3600 rfs4_dbe_hide(lo->dbe); 3601 3602 /* 3603 * sysid-pid pair should now not be used since the lockowner is 3604 * invalid. If the client were to instantiate the lockowner again 3605 * it would be assigned a new pid. Thus we can get the list of 3606 * current locks. 3607 */ 3608 3609 llist = flk_get_active_locks(sysid, lo->pid); 3610 /* If we are still holding locks fail */ 3611 if (llist != NULL) { 3612 3613 *cs->statusp = resp->status = NFS4ERR_LOCKS_HELD; 3614 3615 flk_free_locklist(llist); 3616 /* 3617 * We need to unhide the lockowner so the client can 3618 * try it again. The bad thing here is if the client 3619 * has a logic error that took it here in the first place 3620 * he probably has lost accounting of the locks that it 3621 * is holding. So we may have dangling state until the 3622 * open owner state is reaped via close. One scenario 3623 * that could possibly occur is that the client has 3624 * sent the unlock request(s) in separate threads 3625 * and has not waited for the replies before sending the 3626 * RELEASE_LOCKOWNER request. Presumably, it would expect 3627 * and deal appropriately with NFS4ERR_LOCKS_HELD, by 3628 * reissuing the request. 3629 */ 3630 rfs4_dbe_unhide(lo->dbe); 3631 rfs4_lockowner_rele(lo); 3632 return; 3633 } 3634 3635 /* 3636 * For the corresponding client we need to check each open 3637 * owner for any opens that have lockowner state associated 3638 * with this lockowner. 3639 */ 3640 3641 rfs4_dbe_lock(lo->client->dbe); 3642 for (oop = lo->client->openownerlist.next->oop; oop != NULL; 3643 oop = oop->openownerlist.next->oop) { 3644 3645 rfs4_dbe_lock(oop->dbe); 3646 for (sp = oop->ownerstateids.next->sp; sp != NULL; 3647 sp = sp->ownerstateids.next->sp) { 3648 3649 rfs4_dbe_lock(sp->dbe); 3650 for (lsp = sp->lockownerlist.next->lsp; 3651 lsp != NULL; lsp = lsp->lockownerlist.next->lsp) { 3652 if (lsp->locker == lo) { 3653 rfs4_dbe_lock(lsp->dbe); 3654 rfs4_dbe_invalidate(lsp->dbe); 3655 rfs4_dbe_unlock(lsp->dbe); 3656 } 3657 } 3658 rfs4_dbe_unlock(sp->dbe); 3659 } 3660 rfs4_dbe_unlock(oop->dbe); 3661 } 3662 rfs4_dbe_unlock(lo->client->dbe); 3663 3664 rfs4_lockowner_rele(lo); 3665 3666 *cs->statusp = resp->status = NFS4_OK; 3667 } 3668 3669 /* 3670 * short utility function to lookup a file and recall the delegation 3671 */ 3672 static rfs4_file_t * 3673 rfs4_lookup_and_findfile(vnode_t *dvp, char *nm, vnode_t **vpp, 3674 int *lkup_error, cred_t *cr) 3675 { 3676 vnode_t *vp; 3677 rfs4_file_t *fp = NULL; 3678 bool_t fcreate = FALSE; 3679 int error; 3680 3681 if (vpp) 3682 *vpp = NULL; 3683 3684 if ((error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr)) == 0) { 3685 if (vp->v_type == VREG) 3686 fp = rfs4_findfile(vp, NULL, &fcreate); 3687 if (vpp) 3688 *vpp = vp; 3689 else 3690 VN_RELE(vp); 3691 } 3692 3693 if (lkup_error) 3694 *lkup_error = error; 3695 3696 return (fp); 3697 } 3698 3699 /* 3700 * remove: args: CURRENT_FH: directory; name. 3701 * res: status. If success - CURRENT_FH unchanged, return change_info 3702 * for directory. 3703 */ 3704 /* ARGSUSED */ 3705 static void 3706 rfs4_op_remove(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3707 struct compound_state *cs) 3708 { 3709 REMOVE4args *args = &argop->nfs_argop4_u.opremove; 3710 REMOVE4res *resp = &resop->nfs_resop4_u.opremove; 3711 int error; 3712 vnode_t *dvp, *vp; 3713 struct vattr bdva, idva, adva; 3714 char *nm; 3715 uint_t len; 3716 rfs4_file_t *fp; 3717 int in_crit = 0; 3718 bslabel_t *clabel; 3719 3720 /* CURRENT_FH: directory */ 3721 dvp = cs->vp; 3722 if (dvp == NULL) { 3723 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3724 return; 3725 } 3726 3727 if (cs->access == CS_ACCESS_DENIED) { 3728 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3729 return; 3730 } 3731 3732 /* 3733 * If there is an unshared filesystem mounted on this vnode, 3734 * Do not allow to remove anything in this directory. 3735 */ 3736 if (vn_ismntpt(dvp)) { 3737 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3738 return; 3739 } 3740 3741 if (dvp->v_type != VDIR) { 3742 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 3743 return; 3744 } 3745 3746 if (!utf8_dir_verify(&args->target)) { 3747 *cs->statusp = resp->status = NFS4ERR_INVAL; 3748 return; 3749 } 3750 3751 /* 3752 * Lookup the file so that we can check if it's a directory 3753 */ 3754 nm = utf8_to_fn(&args->target, &len, NULL); 3755 if (nm == NULL) { 3756 *cs->statusp = resp->status = NFS4ERR_INVAL; 3757 return; 3758 } 3759 3760 if (len > MAXNAMELEN) { 3761 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 3762 kmem_free(nm, len); 3763 return; 3764 } 3765 3766 if (rdonly4(cs->exi, cs->vp, req)) { 3767 *cs->statusp = resp->status = NFS4ERR_ROFS; 3768 kmem_free(nm, len); 3769 return; 3770 } 3771 3772 /* 3773 * Lookup the file to determine type and while we are see if 3774 * there is a file struct around and check for delegation. 3775 * We don't need to acquire va_seq before this lookup, if 3776 * it causes an update, cinfo.before will not match, which will 3777 * trigger a cache flush even if atomic is TRUE. 3778 */ 3779 if (fp = rfs4_lookup_and_findfile(dvp, nm, &vp, &error, cs->cr)) { 3780 if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE, 3781 NULL)) { 3782 VN_RELE(vp); 3783 rfs4_file_rele(fp); 3784 *cs->statusp = resp->status = NFS4ERR_DELAY; 3785 kmem_free(nm, len); 3786 return; 3787 } 3788 } 3789 3790 /* Didn't find anything to remove */ 3791 if (vp == NULL) { 3792 *cs->statusp = resp->status = error; 3793 kmem_free(nm, len); 3794 return; 3795 } 3796 3797 if (nbl_need_check(vp)) { 3798 nbl_start_crit(vp, RW_READER); 3799 in_crit = 1; 3800 if (nbl_conflict(vp, NBL_REMOVE, 0, 0, 0)) { 3801 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 3802 kmem_free(nm, len); 3803 nbl_end_crit(vp); 3804 VN_RELE(vp); 3805 if (fp) { 3806 rfs4_clear_dont_grant(fp); 3807 rfs4_file_rele(fp); 3808 } 3809 return; 3810 } 3811 } 3812 3813 /* check label before allowing removal */ 3814 if (is_system_labeled()) { 3815 ASSERT(req->rq_label != NULL); 3816 clabel = req->rq_label; 3817 DTRACE_PROBE2(tx__rfs4__log__info__opremove__clabel, char *, 3818 "got client label from request(1)", 3819 struct svc_req *, req); 3820 if (!blequal(&l_admin_low->tsl_label, clabel)) { 3821 if (!do_rfs_label_check(clabel, vp, EQUALITY_CHECK)) { 3822 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3823 kmem_free(nm, len); 3824 if (in_crit) 3825 nbl_end_crit(vp); 3826 VN_RELE(vp); 3827 if (fp) { 3828 rfs4_clear_dont_grant(fp); 3829 rfs4_file_rele(fp); 3830 } 3831 return; 3832 } 3833 } 3834 } 3835 3836 /* Get dir "before" change value */ 3837 bdva.va_mask = AT_CTIME|AT_SEQ; 3838 error = VOP_GETATTR(dvp, &bdva, 0, cs->cr); 3839 if (error) { 3840 *cs->statusp = resp->status = puterrno4(error); 3841 kmem_free(nm, len); 3842 return; 3843 } 3844 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime) 3845 3846 /* Actually do the REMOVE operation */ 3847 if (vp->v_type == VDIR) { 3848 /* 3849 * Can't remove a directory that has a mounted-on filesystem. 3850 */ 3851 if (vn_ismntpt(vp)) { 3852 error = EACCES; 3853 } else { 3854 /* 3855 * System V defines rmdir to return EEXIST, 3856 * not * ENOTEMPTY, if the directory is not 3857 * empty. A System V NFS server needs to map 3858 * NFS4ERR_EXIST to NFS4ERR_NOTEMPTY to 3859 * transmit over the wire. 3860 */ 3861 if ((error = VOP_RMDIR(dvp, nm, rootdir, cs->cr)) 3862 == EEXIST) 3863 error = ENOTEMPTY; 3864 } 3865 } else { 3866 if ((error = VOP_REMOVE(dvp, nm, cs->cr)) == 0 && 3867 fp != NULL) { 3868 struct vattr va; 3869 vnode_t *tvp; 3870 3871 rfs4_dbe_lock(fp->dbe); 3872 tvp = fp->vp; 3873 if (tvp) 3874 VN_HOLD(tvp); 3875 rfs4_dbe_unlock(fp->dbe); 3876 3877 if (tvp) { 3878 /* 3879 * This is va_seq safe because we are not 3880 * manipulating dvp. 3881 */ 3882 va.va_mask = AT_NLINK; 3883 if (!VOP_GETATTR(tvp, &va, 0, cs->cr) && 3884 va.va_nlink == 0) { 3885 /* Remove state on file remove */ 3886 if (in_crit) { 3887 nbl_end_crit(vp); 3888 in_crit = 0; 3889 } 3890 rfs4_close_all_state(fp); 3891 } 3892 VN_RELE(tvp); 3893 } 3894 } 3895 } 3896 3897 if (in_crit) 3898 nbl_end_crit(vp); 3899 VN_RELE(vp); 3900 3901 if (fp) { 3902 rfs4_clear_dont_grant(fp); 3903 rfs4_file_rele(fp); 3904 } 3905 kmem_free(nm, len); 3906 3907 if (error) { 3908 *cs->statusp = resp->status = puterrno4(error); 3909 return; 3910 } 3911 3912 /* 3913 * Get the initial "after" sequence number, if it fails, set to zero 3914 */ 3915 idva.va_mask = AT_SEQ; 3916 if (VOP_GETATTR(dvp, &idva, 0, cs->cr)) 3917 idva.va_seq = 0; 3918 3919 /* 3920 * Force modified data and metadata out to stable storage. 3921 */ 3922 (void) VOP_FSYNC(dvp, 0, cs->cr); 3923 3924 /* 3925 * Get "after" change value, if it fails, simply return the 3926 * before value. 3927 */ 3928 adva.va_mask = AT_CTIME|AT_SEQ; 3929 if (VOP_GETATTR(dvp, &adva, 0, cs->cr)) { 3930 adva.va_ctime = bdva.va_ctime; 3931 adva.va_seq = 0; 3932 } 3933 3934 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime) 3935 3936 /* 3937 * The cinfo.atomic = TRUE only if we have 3938 * non-zero va_seq's, and it has incremented by exactly one 3939 * during the VOP_REMOVE/RMDIR and it didn't change during 3940 * the VOP_FSYNC. 3941 */ 3942 if (bdva.va_seq && idva.va_seq && adva.va_seq && 3943 idva.va_seq == (bdva.va_seq + 1) && 3944 idva.va_seq == adva.va_seq) 3945 resp->cinfo.atomic = TRUE; 3946 else 3947 resp->cinfo.atomic = FALSE; 3948 3949 *cs->statusp = resp->status = NFS4_OK; 3950 } 3951 3952 /* 3953 * rename: args: SAVED_FH: from directory, CURRENT_FH: target directory, 3954 * oldname and newname. 3955 * res: status. If success - CURRENT_FH unchanged, return change_info 3956 * for both from and target directories. 3957 */ 3958 /* ARGSUSED */ 3959 static void 3960 rfs4_op_rename(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3961 struct compound_state *cs) 3962 { 3963 RENAME4args *args = &argop->nfs_argop4_u.oprename; 3964 RENAME4res *resp = &resop->nfs_resop4_u.oprename; 3965 int error; 3966 vnode_t *odvp; 3967 vnode_t *ndvp; 3968 vnode_t *srcvp, *targvp; 3969 struct vattr obdva, oidva, oadva; 3970 struct vattr nbdva, nidva, nadva; 3971 char *onm, *nnm; 3972 uint_t olen, nlen; 3973 rfs4_file_t *fp, *sfp; 3974 int in_crit_src, in_crit_targ; 3975 int fp_rele_grant_hold, sfp_rele_grant_hold; 3976 bslabel_t *clabel; 3977 3978 fp = sfp = NULL; 3979 srcvp = targvp = NULL; 3980 in_crit_src = in_crit_targ = 0; 3981 fp_rele_grant_hold = sfp_rele_grant_hold = 0; 3982 3983 /* CURRENT_FH: target directory */ 3984 ndvp = cs->vp; 3985 if (ndvp == NULL) { 3986 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3987 return; 3988 } 3989 3990 /* SAVED_FH: from directory */ 3991 odvp = cs->saved_vp; 3992 if (odvp == NULL) { 3993 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3994 return; 3995 } 3996 3997 if (cs->access == CS_ACCESS_DENIED) { 3998 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3999 return; 4000 } 4001 4002 /* 4003 * If there is an unshared filesystem mounted on this vnode, 4004 * do not allow to rename objects in this directory. 4005 */ 4006 if (vn_ismntpt(odvp)) { 4007 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4008 return; 4009 } 4010 4011 /* 4012 * If there is an unshared filesystem mounted on this vnode, 4013 * do not allow to rename to this directory. 4014 */ 4015 if (vn_ismntpt(ndvp)) { 4016 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4017 return; 4018 } 4019 4020 if (odvp->v_type != VDIR || ndvp->v_type != VDIR) { 4021 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 4022 return; 4023 } 4024 4025 if (cs->saved_exi != cs->exi) { 4026 *cs->statusp = resp->status = NFS4ERR_XDEV; 4027 return; 4028 } 4029 4030 if (!utf8_dir_verify(&args->oldname)) { 4031 *cs->statusp = resp->status = NFS4ERR_INVAL; 4032 return; 4033 } 4034 4035 if (!utf8_dir_verify(&args->newname)) { 4036 *cs->statusp = resp->status = NFS4ERR_INVAL; 4037 return; 4038 } 4039 4040 onm = utf8_to_fn(&args->oldname, &olen, NULL); 4041 if (onm == NULL) { 4042 *cs->statusp = resp->status = NFS4ERR_INVAL; 4043 return; 4044 } 4045 4046 nnm = utf8_to_fn(&args->newname, &nlen, NULL); 4047 if (nnm == NULL) { 4048 *cs->statusp = resp->status = NFS4ERR_INVAL; 4049 kmem_free(onm, olen); 4050 return; 4051 } 4052 4053 if (olen > MAXNAMELEN || nlen > MAXNAMELEN) { 4054 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 4055 kmem_free(onm, olen); 4056 kmem_free(nnm, nlen); 4057 return; 4058 } 4059 4060 4061 if (rdonly4(cs->exi, cs->vp, req)) { 4062 *cs->statusp = resp->status = NFS4ERR_ROFS; 4063 kmem_free(onm, olen); 4064 kmem_free(nnm, nlen); 4065 return; 4066 } 4067 4068 /* check label of the target dir */ 4069 if (is_system_labeled()) { 4070 ASSERT(req->rq_label != NULL); 4071 clabel = req->rq_label; 4072 DTRACE_PROBE2(tx__rfs4__log__info__oprename__clabel, char *, 4073 "got client label from request(1)", 4074 struct svc_req *, req); 4075 if (!blequal(&l_admin_low->tsl_label, clabel)) { 4076 if (!do_rfs_label_check(clabel, ndvp, 4077 EQUALITY_CHECK)) { 4078 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4079 return; 4080 } 4081 } 4082 } 4083 4084 /* 4085 * Is the source a file and have a delegation? 4086 * We don't need to acquire va_seq before these lookups, if 4087 * it causes an update, cinfo.before will not match, which will 4088 * trigger a cache flush even if atomic is TRUE. 4089 */ 4090 if (sfp = rfs4_lookup_and_findfile(odvp, onm, &srcvp, &error, cs->cr)) { 4091 if (rfs4_check_delegated_byfp(FWRITE, sfp, TRUE, TRUE, TRUE, 4092 NULL)) { 4093 *cs->statusp = resp->status = NFS4ERR_DELAY; 4094 goto err_out; 4095 } 4096 } 4097 4098 if (srcvp == NULL) { 4099 *cs->statusp = resp->status = puterrno4(error); 4100 kmem_free(onm, olen); 4101 kmem_free(nnm, nlen); 4102 return; 4103 } 4104 4105 sfp_rele_grant_hold = 1; 4106 4107 /* Does the destination exist and a file and have a delegation? */ 4108 if (fp = rfs4_lookup_and_findfile(ndvp, nnm, &targvp, NULL, cs->cr)) { 4109 if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE, 4110 NULL)) { 4111 *cs->statusp = resp->status = NFS4ERR_DELAY; 4112 goto err_out; 4113 } 4114 } 4115 fp_rele_grant_hold = 1; 4116 4117 4118 /* Check for NBMAND lock on both source and target */ 4119 if (nbl_need_check(srcvp)) { 4120 nbl_start_crit(srcvp, RW_READER); 4121 in_crit_src = 1; 4122 if (nbl_conflict(srcvp, NBL_RENAME, 0, 0, 0)) { 4123 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 4124 goto err_out; 4125 } 4126 } 4127 4128 if (targvp && nbl_need_check(targvp)) { 4129 nbl_start_crit(targvp, RW_READER); 4130 in_crit_targ = 1; 4131 if (nbl_conflict(targvp, NBL_REMOVE, 0, 0, 0)) { 4132 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 4133 goto err_out; 4134 } 4135 } 4136 4137 /* Get source "before" change value */ 4138 obdva.va_mask = AT_CTIME|AT_SEQ; 4139 error = VOP_GETATTR(odvp, &obdva, 0, cs->cr); 4140 if (!error) { 4141 nbdva.va_mask = AT_CTIME|AT_SEQ; 4142 error = VOP_GETATTR(ndvp, &nbdva, 0, cs->cr); 4143 } 4144 if (error) { 4145 *cs->statusp = resp->status = puterrno4(error); 4146 goto err_out; 4147 } 4148 4149 NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.before, obdva.va_ctime) 4150 NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.before, nbdva.va_ctime) 4151 4152 if ((error = VOP_RENAME(odvp, onm, ndvp, nnm, cs->cr)) == 0 && 4153 fp != NULL) { 4154 struct vattr va; 4155 vnode_t *tvp; 4156 4157 rfs4_dbe_lock(fp->dbe); 4158 tvp = fp->vp; 4159 if (tvp) 4160 VN_HOLD(tvp); 4161 rfs4_dbe_unlock(fp->dbe); 4162 4163 if (tvp) { 4164 va.va_mask = AT_NLINK; 4165 if (!VOP_GETATTR(tvp, &va, 0, cs->cr) && 4166 va.va_nlink == 0) { 4167 /* The file is gone and so should the state */ 4168 if (in_crit_targ) { 4169 nbl_end_crit(targvp); 4170 in_crit_targ = 0; 4171 } 4172 rfs4_close_all_state(fp); 4173 } 4174 VN_RELE(tvp); 4175 } 4176 } 4177 if (error == 0) { 4178 char *tmp; 4179 4180 /* fix the path name for the renamed file */ 4181 mutex_enter(&srcvp->v_lock); 4182 tmp = srcvp->v_path; 4183 srcvp->v_path = NULL; 4184 mutex_exit(&srcvp->v_lock); 4185 vn_setpath(rootdir, ndvp, srcvp, nnm, nlen - 1); 4186 if (tmp != NULL) 4187 kmem_free(tmp, strlen(tmp) + 1); 4188 } 4189 4190 if (in_crit_src) 4191 nbl_end_crit(srcvp); 4192 if (srcvp) 4193 VN_RELE(srcvp); 4194 if (in_crit_targ) 4195 nbl_end_crit(targvp); 4196 if (targvp) 4197 VN_RELE(targvp); 4198 4199 if (sfp) { 4200 rfs4_clear_dont_grant(sfp); 4201 rfs4_file_rele(sfp); 4202 } 4203 if (fp) { 4204 rfs4_clear_dont_grant(fp); 4205 rfs4_file_rele(fp); 4206 } 4207 4208 kmem_free(onm, olen); 4209 kmem_free(nnm, nlen); 4210 4211 /* 4212 * Get the initial "after" sequence number, if it fails, set to zero 4213 */ 4214 oidva.va_mask = AT_SEQ; 4215 if (VOP_GETATTR(odvp, &oidva, 0, cs->cr)) 4216 oidva.va_seq = 0; 4217 4218 nidva.va_mask = AT_SEQ; 4219 if (VOP_GETATTR(ndvp, &nidva, 0, cs->cr)) 4220 nidva.va_seq = 0; 4221 4222 /* 4223 * Force modified data and metadata out to stable storage. 4224 */ 4225 (void) VOP_FSYNC(odvp, 0, cs->cr); 4226 (void) VOP_FSYNC(ndvp, 0, cs->cr); 4227 4228 if (error) { 4229 *cs->statusp = resp->status = puterrno4(error); 4230 return; 4231 } 4232 4233 /* 4234 * Get "after" change values, if it fails, simply return the 4235 * before value. 4236 */ 4237 oadva.va_mask = AT_CTIME|AT_SEQ; 4238 if (VOP_GETATTR(odvp, &oadva, 0, cs->cr)) { 4239 oadva.va_ctime = obdva.va_ctime; 4240 oadva.va_seq = 0; 4241 } 4242 4243 nadva.va_mask = AT_CTIME|AT_SEQ; 4244 if (VOP_GETATTR(odvp, &nadva, 0, cs->cr)) { 4245 nadva.va_ctime = nbdva.va_ctime; 4246 nadva.va_seq = 0; 4247 } 4248 4249 NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.after, oadva.va_ctime) 4250 NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.after, nadva.va_ctime) 4251 4252 /* 4253 * The cinfo.atomic = TRUE only if we have 4254 * non-zero va_seq's, and it has incremented by exactly one 4255 * during the VOP_RENAME and it didn't change during the VOP_FSYNC. 4256 */ 4257 if (obdva.va_seq && oidva.va_seq && oadva.va_seq && 4258 oidva.va_seq == (obdva.va_seq + 1) && 4259 oidva.va_seq == oadva.va_seq) 4260 resp->source_cinfo.atomic = TRUE; 4261 else 4262 resp->source_cinfo.atomic = FALSE; 4263 4264 if (nbdva.va_seq && nidva.va_seq && nadva.va_seq && 4265 nidva.va_seq == (nbdva.va_seq + 1) && 4266 nidva.va_seq == nadva.va_seq) 4267 resp->target_cinfo.atomic = TRUE; 4268 else 4269 resp->target_cinfo.atomic = FALSE; 4270 4271 #ifdef VOLATILE_FH_TEST 4272 { 4273 extern void add_volrnm_fh(struct exportinfo *, vnode_t *); 4274 4275 /* 4276 * Add the renamed file handle to the volatile rename list 4277 */ 4278 if (cs->exi->exi_export.ex_flags & EX_VOLRNM) { 4279 /* file handles may expire on rename */ 4280 vnode_t *vp; 4281 4282 nnm = utf8_to_fn(&args->newname, &nlen, NULL); 4283 /* 4284 * Already know that nnm will be a valid string 4285 */ 4286 error = VOP_LOOKUP(ndvp, nnm, &vp, NULL, 0, NULL, cs->cr); 4287 kmem_free(nnm, nlen); 4288 if (!error) { 4289 add_volrnm_fh(cs->exi, vp); 4290 VN_RELE(vp); 4291 } 4292 } 4293 } 4294 #endif /* VOLATILE_FH_TEST */ 4295 4296 *cs->statusp = resp->status = NFS4_OK; 4297 return; 4298 4299 err_out: 4300 kmem_free(onm, olen); 4301 kmem_free(nnm, nlen); 4302 4303 if (in_crit_src) nbl_end_crit(srcvp); 4304 if (in_crit_targ) nbl_end_crit(targvp); 4305 if (targvp) VN_RELE(targvp); 4306 if (srcvp) VN_RELE(srcvp); 4307 if (sfp) { 4308 if (sfp_rele_grant_hold) rfs4_clear_dont_grant(sfp); 4309 rfs4_file_rele(sfp); 4310 } 4311 if (fp) { 4312 if (fp_rele_grant_hold) rfs4_clear_dont_grant(fp); 4313 rfs4_file_rele(fp); 4314 } 4315 } 4316 4317 /* ARGSUSED */ 4318 static void 4319 rfs4_op_renew(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4320 struct compound_state *cs) 4321 { 4322 RENEW4args *args = &argop->nfs_argop4_u.oprenew; 4323 RENEW4res *resp = &resop->nfs_resop4_u.oprenew; 4324 rfs4_client_t *cp; 4325 4326 if ((cp = rfs4_findclient_by_id(args->clientid, FALSE)) == NULL) { 4327 *cs->statusp = resp->status = 4328 rfs4_check_clientid(&args->clientid, 0); 4329 return; 4330 } 4331 4332 if (rfs4_lease_expired(cp)) { 4333 rfs4_client_rele(cp); 4334 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 4335 return; 4336 } 4337 4338 rfs4_update_lease(cp); 4339 4340 mutex_enter(cp->cbinfo.cb_lock); 4341 if (cp->cbinfo.cb_notified_of_cb_path_down == FALSE) { 4342 cp->cbinfo.cb_notified_of_cb_path_down = TRUE; 4343 *cs->statusp = resp->status = NFS4ERR_CB_PATH_DOWN; 4344 } else { 4345 *cs->statusp = resp->status = NFS4_OK; 4346 } 4347 mutex_exit(cp->cbinfo.cb_lock); 4348 4349 rfs4_client_rele(cp); 4350 4351 } 4352 4353 /* ARGSUSED */ 4354 static void 4355 rfs4_op_restorefh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 4356 struct compound_state *cs) 4357 { 4358 RESTOREFH4res *resp = &resop->nfs_resop4_u.oprestorefh; 4359 4360 /* No need to check cs->access - we are not accessing any object */ 4361 if ((cs->saved_vp == NULL) || (cs->saved_fh.nfs_fh4_val == NULL)) { 4362 *cs->statusp = resp->status = NFS4ERR_RESTOREFH; 4363 return; 4364 } 4365 if (cs->vp != NULL) { 4366 VN_RELE(cs->vp); 4367 } 4368 cs->vp = cs->saved_vp; 4369 cs->saved_vp = NULL; 4370 cs->exi = cs->saved_exi; 4371 nfs_fh4_copy(&cs->saved_fh, &cs->fh); 4372 *cs->statusp = resp->status = NFS4_OK; 4373 cs->deleg = FALSE; 4374 } 4375 4376 /* ARGSUSED */ 4377 static void 4378 rfs4_op_savefh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4379 struct compound_state *cs) 4380 { 4381 SAVEFH4res *resp = &resop->nfs_resop4_u.opsavefh; 4382 4383 /* No need to check cs->access - we are not accessing any object */ 4384 if (cs->vp == NULL) { 4385 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4386 return; 4387 } 4388 if (cs->saved_vp != NULL) { 4389 VN_RELE(cs->saved_vp); 4390 } 4391 cs->saved_vp = cs->vp; 4392 VN_HOLD(cs->saved_vp); 4393 cs->saved_exi = cs->exi; 4394 /* 4395 * since SAVEFH is fairly rare, don't alloc space for its fh 4396 * unless necessary. 4397 */ 4398 if (cs->saved_fh.nfs_fh4_val == NULL) { 4399 cs->saved_fh.nfs_fh4_val = kmem_alloc(NFS4_FHSIZE, KM_SLEEP); 4400 } 4401 nfs_fh4_copy(&cs->fh, &cs->saved_fh); 4402 *cs->statusp = resp->status = NFS4_OK; 4403 } 4404 4405 /* 4406 * rfs4_verify_attr is called when nfsv4 Setattr failed, but we wish to 4407 * return the bitmap of attrs that were set successfully. It is also 4408 * called by Verify/Nverify to test the vattr/vfsstat attrs. It should 4409 * always be called only after rfs4_do_set_attrs(). 4410 * 4411 * Verify that the attributes are same as the expected ones. sargp->vap 4412 * and sargp->sbp contain the input attributes as translated from fattr4. 4413 * 4414 * This function verifies only the attrs that correspond to a vattr or 4415 * vfsstat struct. That is because of the extra step needed to get the 4416 * corresponding system structs. Other attributes have already been set or 4417 * verified by do_rfs4_set_attrs. 4418 * 4419 * Return 0 if all attrs match, -1 if some don't, error if error processing. 4420 */ 4421 static int 4422 rfs4_verify_attr(struct nfs4_svgetit_arg *sargp, 4423 bitmap4 *resp, struct nfs4_ntov_table *ntovp) 4424 { 4425 int error, ret_error = 0; 4426 int i, k; 4427 uint_t sva_mask = sargp->vap->va_mask; 4428 uint_t vbit; 4429 union nfs4_attr_u *na; 4430 uint8_t *amap; 4431 bool_t getsb = ntovp->vfsstat; 4432 4433 if (sva_mask != 0) { 4434 /* 4435 * Okay to overwrite sargp->vap because we verify based 4436 * on the incoming values. 4437 */ 4438 ret_error = VOP_GETATTR(sargp->cs->vp, sargp->vap, 0, 4439 sargp->cs->cr); 4440 if (ret_error) { 4441 if (resp == NULL) 4442 return (ret_error); 4443 /* 4444 * Must return bitmap of successful attrs 4445 */ 4446 sva_mask = 0; /* to prevent checking vap later */ 4447 } else { 4448 /* 4449 * Some file systems clobber va_mask. it is probably 4450 * wrong of them to do so, nonethless we practice 4451 * defensive coding. 4452 * See bug id 4276830. 4453 */ 4454 sargp->vap->va_mask = sva_mask; 4455 } 4456 } 4457 4458 if (getsb) { 4459 /* 4460 * Now get the superblock and loop on the bitmap, as there is 4461 * no simple way of translating from superblock to bitmap4. 4462 */ 4463 ret_error = VFS_STATVFS(sargp->cs->vp->v_vfsp, sargp->sbp); 4464 if (ret_error) { 4465 if (resp == NULL) 4466 goto errout; 4467 getsb = FALSE; 4468 } 4469 } 4470 4471 /* 4472 * Now loop and verify each attribute which getattr returned 4473 * whether it's the same as the input. 4474 */ 4475 if (resp == NULL && !getsb && (sva_mask == 0)) 4476 goto errout; 4477 4478 na = ntovp->na; 4479 amap = ntovp->amap; 4480 k = 0; 4481 for (i = 0; i < ntovp->attrcnt; i++, na++, amap++) { 4482 k = *amap; 4483 ASSERT(nfs4_ntov_map[k].nval == k); 4484 vbit = nfs4_ntov_map[k].vbit; 4485 4486 /* 4487 * If vattr attribute but VOP_GETATTR failed, or it's 4488 * superblock attribute but VFS_STATVFS failed, skip 4489 */ 4490 if (vbit) { 4491 if ((vbit & sva_mask) == 0) 4492 continue; 4493 } else if (!(getsb && nfs4_ntov_map[k].vfsstat)) { 4494 continue; 4495 } 4496 error = (*nfs4_ntov_map[k].sv_getit)( 4497 NFS4ATTR_VERIT, sargp, na); 4498 if (resp != NULL) { 4499 if (error) 4500 ret_error = -1; /* not all match */ 4501 else /* update response bitmap */ 4502 *resp |= nfs4_ntov_map[k].fbit; 4503 continue; 4504 } 4505 if (error) { 4506 ret_error = -1; /* not all match */ 4507 break; 4508 } 4509 } 4510 errout: 4511 return (ret_error); 4512 } 4513 4514 /* 4515 * Decode the attribute to be set/verified. If the attr requires a sys op 4516 * (VOP_GETATTR, VFS_VFSSTAT), and the request is to verify, then don't 4517 * call the sv_getit function for it, because the sys op hasn't yet been done. 4518 * Return 0 for success, error code if failed. 4519 * 4520 * Note: the decoded arg is not freed here but in nfs4_ntov_table_free. 4521 */ 4522 static int 4523 decode_fattr4_attr(nfs4_attr_cmd_t cmd, struct nfs4_svgetit_arg *sargp, 4524 int k, XDR *xdrp, bitmap4 *resp_bval, union nfs4_attr_u *nap) 4525 { 4526 int error = 0; 4527 bool_t set_later; 4528 4529 sargp->vap->va_mask |= nfs4_ntov_map[k].vbit; 4530 4531 if ((*nfs4_ntov_map[k].xfunc)(xdrp, nap)) { 4532 set_later = nfs4_ntov_map[k].vbit || nfs4_ntov_map[k].vfsstat; 4533 /* 4534 * don't verify yet if a vattr or sb dependent attr, 4535 * because we don't have their sys values yet. 4536 * Will be done later. 4537 */ 4538 if (! (set_later && (cmd == NFS4ATTR_VERIT))) { 4539 /* 4540 * ACLs are a special case, since setting the MODE 4541 * conflicts with setting the ACL. We delay setting 4542 * the ACL until all other attributes have been set. 4543 * The ACL gets set in do_rfs4_op_setattr(). 4544 */ 4545 if (nfs4_ntov_map[k].fbit != FATTR4_ACL_MASK) { 4546 error = (*nfs4_ntov_map[k].sv_getit)(cmd, 4547 sargp, nap); 4548 if (error) { 4549 xdr_free(nfs4_ntov_map[k].xfunc, 4550 (caddr_t)nap); 4551 } 4552 } 4553 } 4554 } else { 4555 #ifdef DEBUG 4556 cmn_err(CE_NOTE, "decode_fattr4_attr: error " 4557 "decoding attribute %d\n", k); 4558 #endif 4559 error = EINVAL; 4560 } 4561 if (!error && resp_bval && !set_later) { 4562 *resp_bval |= nfs4_ntov_map[k].fbit; 4563 } 4564 4565 return (error); 4566 } 4567 4568 /* 4569 * Set vattr based on incoming fattr4 attrs - used by setattr. 4570 * Set response mask. Ignore any values that are not writable vattr attrs. 4571 */ 4572 static nfsstat4 4573 do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs, 4574 struct nfs4_svgetit_arg *sargp, struct nfs4_ntov_table *ntovp, 4575 nfs4_attr_cmd_t cmd) 4576 { 4577 int error = 0; 4578 int i; 4579 char *attrs = fattrp->attrlist4; 4580 uint32_t attrslen = fattrp->attrlist4_len; 4581 XDR xdr; 4582 nfsstat4 status = NFS4_OK; 4583 vnode_t *vp = cs->vp; 4584 union nfs4_attr_u *na; 4585 uint8_t *amap; 4586 4587 #ifndef lint 4588 /* 4589 * Make sure that maximum attribute number can be expressed as an 4590 * 8 bit quantity. 4591 */ 4592 ASSERT(NFS4_MAXNUM_ATTRS <= (UINT8_MAX + 1)); 4593 #endif 4594 4595 if (vp == NULL) { 4596 if (resp) 4597 *resp = 0; 4598 return (NFS4ERR_NOFILEHANDLE); 4599 } 4600 if (cs->access == CS_ACCESS_DENIED) { 4601 if (resp) 4602 *resp = 0; 4603 return (NFS4ERR_ACCESS); 4604 } 4605 4606 sargp->op = cmd; 4607 sargp->cs = cs; 4608 sargp->flag = 0; /* may be set later */ 4609 sargp->vap->va_mask = 0; 4610 sargp->rdattr_error = NFS4_OK; 4611 sargp->rdattr_error_req = FALSE; 4612 /* sargp->sbp is set by the caller */ 4613 4614 xdrmem_create(&xdr, attrs, attrslen, XDR_DECODE); 4615 4616 na = ntovp->na; 4617 amap = ntovp->amap; 4618 4619 /* 4620 * The following loop iterates on the nfs4_ntov_map checking 4621 * if the fbit is set in the requested bitmap. 4622 * If set then we process the arguments using the 4623 * rfs4_fattr4 conversion functions to populate the setattr 4624 * vattr and va_mask. Any settable attrs that are not using vattr 4625 * will be set in this loop. 4626 */ 4627 for (i = 0; i < nfs4_ntov_map_size; i++) { 4628 if (!(fattrp->attrmask & nfs4_ntov_map[i].fbit)) { 4629 continue; 4630 } 4631 /* 4632 * If setattr, must be a writable attr. 4633 * If verify/nverify, must be a readable attr. 4634 */ 4635 if ((error = (*nfs4_ntov_map[i].sv_getit)( 4636 NFS4ATTR_SUPPORTED, sargp, NULL)) != 0) { 4637 /* 4638 * Client tries to set/verify an 4639 * unsupported attribute, tries to set 4640 * a read only attr or verify a write 4641 * only one - error! 4642 */ 4643 break; 4644 } 4645 /* 4646 * Decode the attribute to set/verify 4647 */ 4648 error = decode_fattr4_attr(cmd, sargp, nfs4_ntov_map[i].nval, 4649 &xdr, resp ? resp : NULL, na); 4650 if (error) 4651 break; 4652 *amap++ = (uint8_t)nfs4_ntov_map[i].nval; 4653 na++; 4654 (ntovp->attrcnt)++; 4655 if (nfs4_ntov_map[i].vfsstat) 4656 ntovp->vfsstat = TRUE; 4657 } 4658 4659 if (error != 0) 4660 status = (error == ENOTSUP ? NFS4ERR_ATTRNOTSUPP : 4661 puterrno4(error)); 4662 /* xdrmem_destroy(&xdrs); */ /* NO-OP */ 4663 return (status); 4664 } 4665 4666 static nfsstat4 4667 do_rfs4_op_setattr(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs, 4668 stateid4 *stateid) 4669 { 4670 int error = 0; 4671 struct nfs4_svgetit_arg sarg; 4672 bool_t trunc; 4673 4674 nfsstat4 status = NFS4_OK; 4675 cred_t *cr = cs->cr; 4676 vnode_t *vp = cs->vp; 4677 struct nfs4_ntov_table ntov; 4678 struct statvfs64 sb; 4679 struct vattr bva; 4680 struct flock64 bf; 4681 int in_crit = 0; 4682 uint_t saved_mask = 0; 4683 caller_context_t ct; 4684 4685 *resp = 0; 4686 sarg.sbp = &sb; 4687 nfs4_ntov_table_init(&ntov); 4688 status = do_rfs4_set_attrs(resp, fattrp, cs, &sarg, &ntov, 4689 NFS4ATTR_SETIT); 4690 if (status != NFS4_OK) { 4691 /* 4692 * failed set attrs 4693 */ 4694 goto done; 4695 } 4696 if ((sarg.vap->va_mask == 0) && 4697 (! (fattrp->attrmask & FATTR4_ACL_MASK))) { 4698 /* 4699 * no further work to be done 4700 */ 4701 goto done; 4702 } 4703 4704 /* 4705 * If we got a request to set the ACL and the MODE, only 4706 * allow changing VSUID, VSGID, and VSVTX. Attempting 4707 * to change any other bits, along with setting an ACL, 4708 * gives NFS4ERR_INVAL. 4709 */ 4710 if ((fattrp->attrmask & FATTR4_ACL_MASK) && 4711 (fattrp->attrmask & FATTR4_MODE_MASK)) { 4712 vattr_t va; 4713 4714 va.va_mask = AT_MODE; 4715 error = VOP_GETATTR(vp, &va, 0, cs->cr); 4716 if (error) { 4717 status = puterrno4(error); 4718 goto done; 4719 } 4720 if ((sarg.vap->va_mode ^ va.va_mode) & 4721 ~(VSUID | VSGID | VSVTX)) { 4722 status = NFS4ERR_INVAL; 4723 goto done; 4724 } 4725 } 4726 4727 /* Check stateid only if size has been set */ 4728 if (sarg.vap->va_mask & AT_SIZE) { 4729 trunc = (sarg.vap->va_size == 0); 4730 status = rfs4_check_stateid(FWRITE, cs->vp, stateid, 4731 trunc, &cs->deleg, sarg.vap->va_mask & AT_SIZE); 4732 if (status != NFS4_OK) 4733 goto done; 4734 } 4735 4736 ct.cc_sysid = 0; 4737 ct.cc_pid = 0; 4738 ct.cc_caller_id = nfs4_srv_caller_id; 4739 4740 /* XXX start of possible race with delegations */ 4741 4742 /* 4743 * We need to specially handle size changes because it is 4744 * possible for the client to create a file with read-only 4745 * modes, but with the file opened for writing. If the client 4746 * then tries to set the file size, e.g. ftruncate(3C), 4747 * fcntl(F_FREESP), the normal access checking done in 4748 * VOP_SETATTR would prevent the client from doing it even though 4749 * it should be allowed to do so. To get around this, we do the 4750 * access checking for ourselves and use VOP_SPACE which doesn't 4751 * do the access checking. 4752 * Also the client should not be allowed to change the file 4753 * size if there is a conflicting non-blocking mandatory lock in 4754 * the region of the change. 4755 */ 4756 if (vp->v_type == VREG && (sarg.vap->va_mask & AT_SIZE)) { 4757 u_offset_t offset; 4758 ssize_t length; 4759 4760 /* 4761 * ufs_setattr clears AT_SIZE from vap->va_mask, but 4762 * before returning, sarg.vap->va_mask is used to 4763 * generate the setattr reply bitmap. We also clear 4764 * AT_SIZE below before calling VOP_SPACE. For both 4765 * of these cases, the va_mask needs to be saved here 4766 * and restored after calling VOP_SETATTR. 4767 */ 4768 saved_mask = sarg.vap->va_mask; 4769 4770 /* 4771 * Check any possible conflict due to NBMAND locks. 4772 * Get into critical region before VOP_GETATTR, so the 4773 * size attribute is valid when checking conflicts. 4774 */ 4775 if (nbl_need_check(vp)) { 4776 nbl_start_crit(vp, RW_READER); 4777 in_crit = 1; 4778 } 4779 4780 bva.va_mask = AT_UID|AT_SIZE; 4781 if (error = VOP_GETATTR(vp, &bva, 0, cr)) { 4782 status = puterrno4(error); 4783 goto done; 4784 } 4785 4786 if (in_crit) { 4787 if (sarg.vap->va_size < bva.va_size) { 4788 offset = sarg.vap->va_size; 4789 length = bva.va_size - sarg.vap->va_size; 4790 } else { 4791 offset = bva.va_size; 4792 length = sarg.vap->va_size - bva.va_size; 4793 } 4794 if (nbl_conflict(vp, NBL_WRITE, offset, length, 0)) { 4795 status = NFS4ERR_LOCKED; 4796 goto done; 4797 } 4798 } 4799 4800 if (crgetuid(cr) == bva.va_uid) { 4801 sarg.vap->va_mask &= ~AT_SIZE; 4802 bf.l_type = F_WRLCK; 4803 bf.l_whence = 0; 4804 bf.l_start = (off64_t)sarg.vap->va_size; 4805 bf.l_len = 0; 4806 bf.l_sysid = 0; 4807 bf.l_pid = 0; 4808 error = VOP_SPACE(vp, F_FREESP, &bf, FWRITE, 4809 (offset_t)sarg.vap->va_size, cr, &ct); 4810 } 4811 } 4812 4813 if (!error && sarg.vap->va_mask != 0) 4814 error = VOP_SETATTR(vp, sarg.vap, sarg.flag, cr, &ct); 4815 4816 /* restore va_mask -- ufs_setattr clears AT_SIZE */ 4817 if (saved_mask & AT_SIZE) 4818 sarg.vap->va_mask |= AT_SIZE; 4819 4820 /* 4821 * If an ACL was being set, it has been delayed until now, 4822 * in order to set the mode (via the VOP_SETATTR() above) first. 4823 */ 4824 if ((! error) && (fattrp->attrmask & FATTR4_ACL_MASK)) { 4825 int i; 4826 4827 for (i = 0; i < NFS4_MAXNUM_ATTRS; i++) 4828 if (ntov.amap[i] == FATTR4_ACL) 4829 break; 4830 if (i < NFS4_MAXNUM_ATTRS) { 4831 error = (*nfs4_ntov_map[FATTR4_ACL].sv_getit)( 4832 NFS4ATTR_SETIT, &sarg, &ntov.na[i]); 4833 if (error == 0) { 4834 *resp |= FATTR4_ACL_MASK; 4835 } else if (error == ENOTSUP) { 4836 (void) rfs4_verify_attr(&sarg, resp, &ntov); 4837 status = NFS4ERR_ATTRNOTSUPP; 4838 goto done; 4839 } 4840 } else { 4841 NFS4_DEBUG(rfs4_debug, 4842 (CE_NOTE, "do_rfs4_op_setattr: " 4843 "unable to find ACL in fattr4")); 4844 error = EINVAL; 4845 } 4846 } 4847 4848 if (error) { 4849 status = puterrno4(error); 4850 4851 /* 4852 * Set the response bitmap when setattr failed. 4853 * If VOP_SETATTR partially succeeded, test by doing a 4854 * VOP_GETATTR on the object and comparing the data 4855 * to the setattr arguments. 4856 */ 4857 (void) rfs4_verify_attr(&sarg, resp, &ntov); 4858 } else { 4859 /* 4860 * Force modified metadata out to stable storage. 4861 */ 4862 (void) VOP_FSYNC(vp, FNODSYNC, cr); 4863 /* 4864 * Set response bitmap 4865 */ 4866 nfs4_vmask_to_nmask_set(sarg.vap->va_mask, resp); 4867 } 4868 4869 /* Return early and already have a NFSv4 error */ 4870 done: 4871 /* 4872 * Except for nfs4_vmask_to_nmask_set(), vattr --> fattr 4873 * conversion sets both readable and writeable NFS4 attrs 4874 * for AT_MTIME and AT_ATIME. The line below masks out 4875 * unrequested attrs from the setattr result bitmap. This 4876 * is placed after the done: label to catch the ATTRNOTSUP 4877 * case. 4878 */ 4879 *resp &= fattrp->attrmask; 4880 4881 if (in_crit) 4882 nbl_end_crit(vp); 4883 4884 nfs4_ntov_table_free(&ntov, &sarg); 4885 4886 return (status); 4887 } 4888 4889 /* ARGSUSED */ 4890 static void 4891 rfs4_op_setattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4892 struct compound_state *cs) 4893 { 4894 SETATTR4args *args = &argop->nfs_argop4_u.opsetattr; 4895 SETATTR4res *resp = &resop->nfs_resop4_u.opsetattr; 4896 bslabel_t *clabel; 4897 4898 if (cs->vp == NULL) { 4899 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4900 return; 4901 } 4902 4903 /* 4904 * If there is an unshared filesystem mounted on this vnode, 4905 * do not allow to setattr on this vnode. 4906 */ 4907 if (vn_ismntpt(cs->vp)) { 4908 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4909 return; 4910 } 4911 4912 resp->attrsset = 0; 4913 4914 if (rdonly4(cs->exi, cs->vp, req)) { 4915 *cs->statusp = resp->status = NFS4ERR_ROFS; 4916 return; 4917 } 4918 4919 /* check label before setting attributes */ 4920 if (is_system_labeled()) { 4921 ASSERT(req->rq_label != NULL); 4922 clabel = req->rq_label; 4923 DTRACE_PROBE2(tx__rfs4__log__info__opsetattr__clabel, char *, 4924 "got client label from request(1)", 4925 struct svc_req *, req); 4926 if (!blequal(&l_admin_low->tsl_label, clabel)) { 4927 if (!do_rfs_label_check(clabel, cs->vp, 4928 EQUALITY_CHECK)) { 4929 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4930 return; 4931 } 4932 } 4933 } 4934 4935 *cs->statusp = resp->status = 4936 do_rfs4_op_setattr(&resp->attrsset, &args->obj_attributes, cs, 4937 &args->stateid); 4938 } 4939 4940 /* ARGSUSED */ 4941 static void 4942 rfs4_op_verify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4943 struct compound_state *cs) 4944 { 4945 /* 4946 * verify and nverify are exactly the same, except that nverify 4947 * succeeds when some argument changed, and verify succeeds when 4948 * when none changed. 4949 */ 4950 4951 VERIFY4args *args = &argop->nfs_argop4_u.opverify; 4952 VERIFY4res *resp = &resop->nfs_resop4_u.opverify; 4953 4954 int error; 4955 struct nfs4_svgetit_arg sarg; 4956 struct statvfs64 sb; 4957 struct nfs4_ntov_table ntov; 4958 4959 if (cs->vp == NULL) { 4960 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4961 return; 4962 } 4963 4964 sarg.sbp = &sb; 4965 nfs4_ntov_table_init(&ntov); 4966 resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs, 4967 &sarg, &ntov, NFS4ATTR_VERIT); 4968 if (resp->status != NFS4_OK) { 4969 /* 4970 * do_rfs4_set_attrs will try to verify systemwide attrs, 4971 * so could return -1 for "no match". 4972 */ 4973 if (resp->status == -1) 4974 resp->status = NFS4ERR_NOT_SAME; 4975 goto done; 4976 } 4977 error = rfs4_verify_attr(&sarg, NULL, &ntov); 4978 switch (error) { 4979 case 0: 4980 resp->status = NFS4_OK; 4981 break; 4982 case -1: 4983 resp->status = NFS4ERR_NOT_SAME; 4984 break; 4985 default: 4986 resp->status = puterrno4(error); 4987 break; 4988 } 4989 done: 4990 *cs->statusp = resp->status; 4991 nfs4_ntov_table_free(&ntov, &sarg); 4992 } 4993 4994 /* ARGSUSED */ 4995 static void 4996 rfs4_op_nverify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4997 struct compound_state *cs) 4998 { 4999 /* 5000 * verify and nverify are exactly the same, except that nverify 5001 * succeeds when some argument changed, and verify succeeds when 5002 * when none changed. 5003 */ 5004 5005 NVERIFY4args *args = &argop->nfs_argop4_u.opnverify; 5006 NVERIFY4res *resp = &resop->nfs_resop4_u.opnverify; 5007 5008 int error; 5009 struct nfs4_svgetit_arg sarg; 5010 struct statvfs64 sb; 5011 struct nfs4_ntov_table ntov; 5012 5013 if (cs->vp == NULL) { 5014 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 5015 return; 5016 } 5017 sarg.sbp = &sb; 5018 nfs4_ntov_table_init(&ntov); 5019 resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs, 5020 &sarg, &ntov, NFS4ATTR_VERIT); 5021 if (resp->status != NFS4_OK) { 5022 /* 5023 * do_rfs4_set_attrs will try to verify systemwide attrs, 5024 * so could return -1 for "no match". 5025 */ 5026 if (resp->status == -1) 5027 resp->status = NFS4_OK; 5028 goto done; 5029 } 5030 error = rfs4_verify_attr(&sarg, NULL, &ntov); 5031 switch (error) { 5032 case 0: 5033 resp->status = NFS4ERR_SAME; 5034 break; 5035 case -1: 5036 resp->status = NFS4_OK; 5037 break; 5038 default: 5039 resp->status = puterrno4(error); 5040 break; 5041 } 5042 done: 5043 *cs->statusp = resp->status; 5044 nfs4_ntov_table_free(&ntov, &sarg); 5045 } 5046 5047 /* 5048 * XXX - This should live in an NFS header file. 5049 */ 5050 #define MAX_IOVECS 12 5051 5052 /* ARGSUSED */ 5053 static void 5054 rfs4_op_write(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 5055 struct compound_state *cs) 5056 { 5057 WRITE4args *args = &argop->nfs_argop4_u.opwrite; 5058 WRITE4res *resp = &resop->nfs_resop4_u.opwrite; 5059 int error; 5060 vnode_t *vp; 5061 struct vattr bva; 5062 u_offset_t rlimit; 5063 struct uio uio; 5064 struct iovec iov[MAX_IOVECS]; 5065 struct iovec *iovp; 5066 int iovcnt; 5067 int ioflag; 5068 cred_t *savecred, *cr; 5069 bool_t *deleg = &cs->deleg; 5070 nfsstat4 stat; 5071 int in_crit = 0; 5072 5073 vp = cs->vp; 5074 if (vp == NULL) { 5075 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 5076 return; 5077 } 5078 if (cs->access == CS_ACCESS_DENIED) { 5079 *cs->statusp = resp->status = NFS4ERR_ACCESS; 5080 return; 5081 } 5082 5083 cr = cs->cr; 5084 5085 /* 5086 * We have to enter the critical region before calling VOP_RWLOCK 5087 * to avoid a deadlock with ufs. 5088 */ 5089 if (nbl_need_check(vp)) { 5090 nbl_start_crit(vp, RW_READER); 5091 in_crit = 1; 5092 if (nbl_conflict(vp, NBL_WRITE, 5093 args->offset, args->data_len, 0)) { 5094 *cs->statusp = resp->status = NFS4ERR_LOCKED; 5095 goto out; 5096 } 5097 } 5098 5099 if ((stat = rfs4_check_stateid(FWRITE, vp, &args->stateid, FALSE, 5100 deleg, TRUE)) != NFS4_OK) { 5101 *cs->statusp = resp->status = stat; 5102 goto out; 5103 } 5104 5105 bva.va_mask = AT_MODE | AT_UID; 5106 error = VOP_GETATTR(vp, &bva, 0, cr); 5107 5108 /* 5109 * If we can't get the attributes, then we can't do the 5110 * right access checking. So, we'll fail the request. 5111 */ 5112 if (error) { 5113 *cs->statusp = resp->status = puterrno4(error); 5114 goto out; 5115 } 5116 5117 if (rdonly4(cs->exi, cs->vp, req)) { 5118 *cs->statusp = resp->status = NFS4ERR_ROFS; 5119 goto out; 5120 } 5121 5122 if (vp->v_type != VREG) { 5123 *cs->statusp = resp->status = 5124 ((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL); 5125 goto out; 5126 } 5127 5128 if (crgetuid(cr) != bva.va_uid && 5129 (error = VOP_ACCESS(vp, VWRITE, 0, cr))) { 5130 *cs->statusp = resp->status = puterrno4(error); 5131 goto out; 5132 } 5133 5134 if (MANDLOCK(vp, bva.va_mode)) { 5135 *cs->statusp = resp->status = NFS4ERR_ACCESS; 5136 goto out; 5137 } 5138 5139 if (args->data_len == 0) { 5140 *cs->statusp = resp->status = NFS4_OK; 5141 resp->count = 0; 5142 resp->committed = args->stable; 5143 resp->writeverf = Write4verf; 5144 goto out; 5145 } 5146 5147 if (args->mblk != NULL) { 5148 mblk_t *m; 5149 uint_t bytes, round_len; 5150 5151 iovcnt = 0; 5152 bytes = 0; 5153 round_len = roundup(args->data_len, BYTES_PER_XDR_UNIT); 5154 for (m = args->mblk; 5155 m != NULL && bytes < round_len; 5156 m = m->b_cont) { 5157 iovcnt++; 5158 bytes += MBLKL(m); 5159 } 5160 #ifdef DEBUG 5161 /* should have ended on an mblk boundary */ 5162 if (bytes != round_len) { 5163 printf("bytes=0x%x, round_len=0x%x, req len=0x%x\n", 5164 bytes, round_len, args->data_len); 5165 printf("args=%p, args->mblk=%p, m=%p", (void *)args, 5166 (void *)args->mblk, (void *)m); 5167 ASSERT(bytes == round_len); 5168 } 5169 #endif 5170 if (iovcnt <= MAX_IOVECS) { 5171 iovp = iov; 5172 } else { 5173 iovp = kmem_alloc(sizeof (*iovp) * iovcnt, KM_SLEEP); 5174 } 5175 mblk_to_iov(args->mblk, iovcnt, iovp); 5176 } else { 5177 iovcnt = 1; 5178 iovp = iov; 5179 iovp->iov_base = args->data_val; 5180 iovp->iov_len = args->data_len; 5181 } 5182 5183 uio.uio_iov = iovp; 5184 uio.uio_iovcnt = iovcnt; 5185 5186 uio.uio_segflg = UIO_SYSSPACE; 5187 uio.uio_extflg = UIO_COPY_DEFAULT; 5188 uio.uio_loffset = args->offset; 5189 uio.uio_resid = args->data_len; 5190 uio.uio_llimit = curproc->p_fsz_ctl; 5191 rlimit = uio.uio_llimit - args->offset; 5192 if (rlimit < (u_offset_t)uio.uio_resid) 5193 uio.uio_resid = (int)rlimit; 5194 5195 if (args->stable == UNSTABLE4) 5196 ioflag = 0; 5197 else if (args->stable == FILE_SYNC4) 5198 ioflag = FSYNC; 5199 else if (args->stable == DATA_SYNC4) 5200 ioflag = FDSYNC; 5201 else { 5202 if (iovp != iov) 5203 kmem_free(iovp, sizeof (*iovp) * iovcnt); 5204 *cs->statusp = resp->status = NFS4ERR_INVAL; 5205 goto out; 5206 } 5207 5208 /* 5209 * We're changing creds because VM may fault and we need 5210 * the cred of the current thread to be used if quota 5211 * checking is enabled. 5212 */ 5213 savecred = curthread->t_cred; 5214 curthread->t_cred = cr; 5215 error = do_io(FWRITE, vp, &uio, ioflag, cr); 5216 curthread->t_cred = savecred; 5217 5218 if (iovp != iov) 5219 kmem_free(iovp, sizeof (*iovp) * iovcnt); 5220 5221 if (error) { 5222 *cs->statusp = resp->status = puterrno4(error); 5223 goto out; 5224 } 5225 5226 *cs->statusp = resp->status = NFS4_OK; 5227 resp->count = args->data_len - uio.uio_resid; 5228 5229 if (ioflag == 0) 5230 resp->committed = UNSTABLE4; 5231 else 5232 resp->committed = FILE_SYNC4; 5233 5234 resp->writeverf = Write4verf; 5235 5236 out: 5237 if (in_crit) 5238 nbl_end_crit(vp); 5239 } 5240 5241 5242 /* XXX put in a header file */ 5243 extern int sec_svc_getcred(struct svc_req *, cred_t *, caddr_t *, int *); 5244 5245 void 5246 rfs4_compound(COMPOUND4args *args, COMPOUND4res *resp, struct exportinfo *exi, 5247 struct svc_req *req, cred_t *cr) 5248 { 5249 uint_t i; 5250 struct compound_state cs; 5251 5252 rfs4_init_compound_state(&cs); 5253 /* 5254 * Form a reply tag by copying over the reqeuest tag. 5255 */ 5256 resp->tag.utf8string_val = 5257 kmem_alloc(args->tag.utf8string_len, KM_SLEEP); 5258 resp->tag.utf8string_len = args->tag.utf8string_len; 5259 bcopy(args->tag.utf8string_val, resp->tag.utf8string_val, 5260 resp->tag.utf8string_len); 5261 5262 cs.statusp = &resp->status; 5263 5264 /* 5265 * XXX for now, minorversion should be zero 5266 */ 5267 if (args->minorversion != NFS4_MINORVERSION) { 5268 resp->array_len = 0; 5269 resp->array = NULL; 5270 resp->status = NFS4ERR_MINOR_VERS_MISMATCH; 5271 return; 5272 } 5273 5274 resp->array_len = args->array_len; 5275 resp->array = kmem_zalloc(args->array_len * sizeof (nfs_resop4), 5276 KM_SLEEP); 5277 5278 ASSERT(exi == NULL); 5279 ASSERT(cr == NULL); 5280 5281 cr = crget(); 5282 ASSERT(cr != NULL); 5283 5284 if (sec_svc_getcred(req, cr, &cs.principal, &cs.nfsflavor) == 0) { 5285 crfree(cr); 5286 return; 5287 } 5288 5289 cs.basecr = cr; 5290 5291 cs.req = req; 5292 5293 /* 5294 * For now, NFS4 compound processing must be protected by 5295 * exported_lock because it can access more than one exportinfo 5296 * per compound and share/unshare can now change multiple 5297 * exinfo structs. The NFS2/3 code only refs 1 exportinfo 5298 * per proc (excluding public exinfo), and exi_count design 5299 * is sufficient to protect concurrent execution of NFS2/3 5300 * ops along with unexport. This lock will be removed as 5301 * part of the NFSv4 phase 2 namespace redesign work. 5302 */ 5303 rw_enter(&exported_lock, RW_READER); 5304 5305 /* 5306 * If this is the first compound we've seen, we need to start all 5307 * new instances' grace periods. 5308 */ 5309 if (rfs4_seen_first_compound == 0) { 5310 rfs4_grace_start_new(); 5311 /* 5312 * This must be set after rfs4_grace_start_new(), otherwise 5313 * another thread could proceed past here before the former 5314 * is finished. 5315 */ 5316 rfs4_seen_first_compound = 1; 5317 } 5318 5319 for (i = 0; i < args->array_len && cs.cont; i++) { 5320 nfs_argop4 *argop; 5321 nfs_resop4 *resop; 5322 uint_t op; 5323 5324 argop = &args->array[i]; 5325 resop = &resp->array[i]; 5326 resop->resop = argop->argop; 5327 op = (uint_t)resop->resop; 5328 5329 if (op < rfsv4disp_cnt) { 5330 /* 5331 * Count the individual ops here; NULL and COMPOUND 5332 * are counted in common_dispatch() 5333 */ 5334 rfsproccnt_v4_ptr[op].value.ui64++; 5335 5336 NFS4_DEBUG(rfs4_debug > 1, 5337 (CE_NOTE, "Executing %s", rfs4_op_string[op])); 5338 (*rfsv4disptab[op].dis_proc)(argop, resop, req, &cs); 5339 NFS4_DEBUG(rfs4_debug > 1, 5340 (CE_NOTE, "%s returned %d", 5341 rfs4_op_string[op], *cs.statusp)); 5342 if (*cs.statusp != NFS4_OK) 5343 cs.cont = FALSE; 5344 } else { 5345 /* 5346 * This is effectively dead code since XDR code 5347 * will have already returned BADXDR if op doesn't 5348 * decode to legal value. This only done for a 5349 * day when XDR code doesn't verify v4 opcodes. 5350 */ 5351 op = OP_ILLEGAL; 5352 rfsproccnt_v4_ptr[OP_ILLEGAL_IDX].value.ui64++; 5353 5354 rfs4_op_illegal(argop, resop, req, &cs); 5355 cs.cont = FALSE; 5356 } 5357 5358 /* 5359 * If not at last op, and if we are to stop, then 5360 * compact the results array. 5361 */ 5362 if ((i + 1) < args->array_len && !cs.cont) { 5363 nfs_resop4 *new_res = kmem_alloc( 5364 (i+1) * sizeof (nfs_resop4), KM_SLEEP); 5365 bcopy(resp->array, 5366 new_res, (i+1) * sizeof (nfs_resop4)); 5367 kmem_free(resp->array, 5368 args->array_len * sizeof (nfs_resop4)); 5369 5370 resp->array_len = i + 1; 5371 resp->array = new_res; 5372 } 5373 } 5374 5375 rw_exit(&exported_lock); 5376 5377 if (cs.vp) 5378 VN_RELE(cs.vp); 5379 if (cs.saved_vp) 5380 VN_RELE(cs.saved_vp); 5381 if (cs.saved_fh.nfs_fh4_val) 5382 kmem_free(cs.saved_fh.nfs_fh4_val, NFS4_FHSIZE); 5383 5384 if (cs.basecr) 5385 crfree(cs.basecr); 5386 if (cs.cr) 5387 crfree(cs.cr); 5388 /* 5389 * done with this compound request, free the label 5390 */ 5391 5392 if (req->rq_label != NULL) { 5393 kmem_free(req->rq_label, sizeof (bslabel_t)); 5394 req->rq_label = NULL; 5395 } 5396 } 5397 5398 /* 5399 * XXX because of what appears to be duplicate calls to rfs4_compound_free 5400 * XXX zero out the tag and array values. Need to investigate why the 5401 * XXX calls occur, but at least prevent the panic for now. 5402 */ 5403 void 5404 rfs4_compound_free(COMPOUND4res *resp) 5405 { 5406 uint_t i; 5407 5408 if (resp->tag.utf8string_val) { 5409 UTF8STRING_FREE(resp->tag) 5410 } 5411 5412 for (i = 0; i < resp->array_len; i++) { 5413 nfs_resop4 *resop; 5414 uint_t op; 5415 5416 resop = &resp->array[i]; 5417 op = (uint_t)resop->resop; 5418 if (op < rfsv4disp_cnt) { 5419 (*rfsv4disptab[op].dis_resfree)(resop); 5420 } 5421 } 5422 if (resp->array != NULL) { 5423 kmem_free(resp->array, resp->array_len * sizeof (nfs_resop4)); 5424 } 5425 } 5426 5427 /* 5428 * Process the value of the compound request rpc flags, as a bit-AND 5429 * of the individual per-op flags (idempotent, allowork, publicfh_ok) 5430 */ 5431 void 5432 rfs4_compound_flagproc(COMPOUND4args *args, int *flagp) 5433 { 5434 int i; 5435 int flag = RPC_ALL; 5436 5437 for (i = 0; flag && i < args->array_len; i++) { 5438 uint_t op; 5439 5440 op = (uint_t)args->array[i].argop; 5441 5442 if (op < rfsv4disp_cnt) 5443 flag &= rfsv4disptab[op].dis_flags; 5444 else 5445 flag = 0; 5446 } 5447 *flagp = flag; 5448 } 5449 5450 nfsstat4 5451 rfs4_client_sysid(rfs4_client_t *cp, sysid_t *sp) 5452 { 5453 nfsstat4 e; 5454 5455 rfs4_dbe_lock(cp->dbe); 5456 5457 if (cp->sysidt != LM_NOSYSID) { 5458 *sp = cp->sysidt; 5459 e = NFS4_OK; 5460 5461 } else if ((cp->sysidt = lm_alloc_sysidt()) != LM_NOSYSID) { 5462 *sp = cp->sysidt; 5463 e = NFS4_OK; 5464 5465 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 5466 "rfs4_client_sysid: allocated 0x%x\n", *sp)); 5467 } else 5468 e = NFS4ERR_DELAY; 5469 5470 rfs4_dbe_unlock(cp->dbe); 5471 return (e); 5472 } 5473 5474 #if defined(DEBUG) && ! defined(lint) 5475 static void lock_print(char *str, int operation, struct flock64 *flk) 5476 { 5477 char *op, *type; 5478 5479 switch (operation) { 5480 case F_GETLK: op = "F_GETLK"; 5481 break; 5482 case F_SETLK: op = "F_SETLK"; 5483 break; 5484 default: op = "F_UNKNOWN"; 5485 break; 5486 } 5487 switch (flk->l_type) { 5488 case F_UNLCK: type = "F_UNLCK"; 5489 break; 5490 case F_RDLCK: type = "F_RDLCK"; 5491 break; 5492 case F_WRLCK: type = "F_WRLCK"; 5493 break; 5494 default: type = "F_UNKNOWN"; 5495 break; 5496 } 5497 5498 ASSERT(flk->l_whence == 0); 5499 cmn_err(CE_NOTE, "%s: %s, type = %s, off = %llx len = %llx pid = %d", 5500 str, op, type, 5501 (longlong_t)flk->l_start, 5502 flk->l_len ? (longlong_t)flk->l_len : ~0LL, 5503 flk->l_pid); 5504 } 5505 5506 #define LOCK_PRINT(d, s, t, f) if (d) lock_print(s, t, f) 5507 #else 5508 #define LOCK_PRINT(d, s, t, f) 5509 #endif 5510 5511 /*ARGSUSED*/ 5512 static bool_t 5513 creds_ok(cred_set_t cr_set, struct svc_req *req, struct compound_state *cs) 5514 { 5515 return (TRUE); 5516 } 5517 5518 /* 5519 * Look up the pathname using the vp in cs as the directory vnode. 5520 * cs->vp will be the vnode for the file on success 5521 */ 5522 5523 static nfsstat4 5524 rfs4_lookup(component4 *component, struct svc_req *req, 5525 struct compound_state *cs) 5526 { 5527 char *nm; 5528 uint32_t len; 5529 nfsstat4 status; 5530 5531 if (cs->vp == NULL) { 5532 return (NFS4ERR_NOFILEHANDLE); 5533 } 5534 if (cs->vp->v_type != VDIR) { 5535 return (NFS4ERR_NOTDIR); 5536 } 5537 5538 if (!utf8_dir_verify(component)) 5539 return (NFS4ERR_INVAL); 5540 5541 nm = utf8_to_fn(component, &len, NULL); 5542 if (nm == NULL) { 5543 return (NFS4ERR_INVAL); 5544 } 5545 5546 if (len > MAXNAMELEN) { 5547 kmem_free(nm, len); 5548 return (NFS4ERR_NAMETOOLONG); 5549 } 5550 5551 status = do_rfs4_op_lookup(nm, len, req, cs); 5552 5553 kmem_free(nm, len); 5554 5555 return (status); 5556 } 5557 5558 static nfsstat4 5559 rfs4_lookupfile(component4 *component, struct svc_req *req, 5560 struct compound_state *cs, uint32_t access, 5561 change_info4 *cinfo) 5562 { 5563 nfsstat4 status; 5564 vnode_t *dvp = cs->vp; 5565 vattr_t bva, ava, fva; 5566 int error; 5567 5568 /* Get "before" change value */ 5569 bva.va_mask = AT_CTIME|AT_SEQ; 5570 error = VOP_GETATTR(dvp, &bva, 0, cs->cr); 5571 if (error) 5572 return (puterrno4(error)); 5573 5574 /* rfs4_lookup may VN_RELE directory */ 5575 VN_HOLD(dvp); 5576 5577 status = rfs4_lookup(component, req, cs); 5578 if (status != NFS4_OK) { 5579 VN_RELE(dvp); 5580 return (status); 5581 } 5582 5583 /* 5584 * Get "after" change value, if it fails, simply return the 5585 * before value. 5586 */ 5587 ava.va_mask = AT_CTIME|AT_SEQ; 5588 if (VOP_GETATTR(dvp, &ava, 0, cs->cr)) { 5589 ava.va_ctime = bva.va_ctime; 5590 ava.va_seq = 0; 5591 } 5592 VN_RELE(dvp); 5593 5594 /* 5595 * Validate the file is a file 5596 */ 5597 fva.va_mask = AT_TYPE|AT_MODE; 5598 error = VOP_GETATTR(cs->vp, &fva, 0, cs->cr); 5599 if (error) 5600 return (puterrno4(error)); 5601 5602 if (fva.va_type != VREG) { 5603 if (fva.va_type == VDIR) 5604 return (NFS4ERR_ISDIR); 5605 if (fva.va_type == VLNK) 5606 return (NFS4ERR_SYMLINK); 5607 return (NFS4ERR_INVAL); 5608 } 5609 5610 NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime); 5611 NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime); 5612 5613 /* 5614 * It is undefined if VOP_LOOKUP will change va_seq, so 5615 * cinfo.atomic = TRUE only if we have 5616 * non-zero va_seq's, and they have not changed. 5617 */ 5618 if (bva.va_seq && ava.va_seq && ava.va_seq == bva.va_seq) 5619 cinfo->atomic = TRUE; 5620 else 5621 cinfo->atomic = FALSE; 5622 5623 /* Check for mandatory locking */ 5624 cs->mandlock = MANDLOCK(cs->vp, fva.va_mode); 5625 return (check_open_access(access, cs, req)); 5626 } 5627 5628 static nfsstat4 5629 create_vnode(vnode_t *dvp, char *nm, vattr_t *vap, createmode4 mode, 5630 timespec32_t *mtime, cred_t *cr, vnode_t **vpp, bool_t *created) 5631 { 5632 int error; 5633 nfsstat4 status = NFS4_OK; 5634 vattr_t va; 5635 5636 tryagain: 5637 5638 /* 5639 * The file open mode used is VWRITE. If the client needs 5640 * some other semantic, then it should do the access checking 5641 * itself. It would have been nice to have the file open mode 5642 * passed as part of the arguments. 5643 */ 5644 5645 *created = TRUE; 5646 error = VOP_CREATE(dvp, nm, vap, EXCL, VWRITE, vpp, cr, 0); 5647 5648 if (error) { 5649 *created = FALSE; 5650 5651 /* 5652 * If we got something other than file already exists 5653 * then just return this error. Otherwise, we got 5654 * EEXIST. If we were doing a GUARDED create, then 5655 * just return this error. Otherwise, we need to 5656 * make sure that this wasn't a duplicate of an 5657 * exclusive create request. 5658 * 5659 * The assumption is made that a non-exclusive create 5660 * request will never return EEXIST. 5661 */ 5662 5663 if (error != EEXIST || mode == GUARDED4) { 5664 status = puterrno4(error); 5665 return (status); 5666 } 5667 error = VOP_LOOKUP(dvp, nm, vpp, NULL, 0, NULL, cr); 5668 5669 if (error) { 5670 /* 5671 * We couldn't find the file that we thought that 5672 * we just created. So, we'll just try creating 5673 * it again. 5674 */ 5675 if (error == ENOENT) 5676 goto tryagain; 5677 5678 status = puterrno4(error); 5679 return (status); 5680 } 5681 5682 if (mode == UNCHECKED4) { 5683 /* existing object must be regular file */ 5684 if ((*vpp)->v_type != VREG) { 5685 if ((*vpp)->v_type == VDIR) 5686 status = NFS4ERR_ISDIR; 5687 else if ((*vpp)->v_type == VLNK) 5688 status = NFS4ERR_SYMLINK; 5689 else 5690 status = NFS4ERR_INVAL; 5691 VN_RELE(*vpp); 5692 return (status); 5693 } 5694 5695 return (NFS4_OK); 5696 } 5697 5698 /* Check for duplicate request */ 5699 ASSERT(mtime != 0); 5700 va.va_mask = AT_MTIME; 5701 error = VOP_GETATTR(*vpp, &va, 0, cr); 5702 if (!error) { 5703 /* We found the file */ 5704 if (va.va_mtime.tv_sec != mtime->tv_sec || 5705 va.va_mtime.tv_nsec != mtime->tv_nsec) { 5706 /* but its not our creation */ 5707 VN_RELE(*vpp); 5708 return (NFS4ERR_EXIST); 5709 } 5710 *created = TRUE; /* retrans of create == created */ 5711 return (NFS4_OK); 5712 } 5713 VN_RELE(*vpp); 5714 return (NFS4ERR_EXIST); 5715 } 5716 5717 return (NFS4_OK); 5718 } 5719 5720 static nfsstat4 5721 check_open_access(uint32_t access, 5722 struct compound_state *cs, struct svc_req *req) 5723 { 5724 int error; 5725 vnode_t *vp; 5726 bool_t readonly; 5727 cred_t *cr = cs->cr; 5728 5729 /* For now we don't allow mandatory locking as per V2/V3 */ 5730 if (cs->access == CS_ACCESS_DENIED || cs->mandlock) { 5731 return (NFS4ERR_ACCESS); 5732 } 5733 5734 vp = cs->vp; 5735 ASSERT(cr != NULL && vp->v_type == VREG); 5736 5737 /* 5738 * If the file system is exported read only and we are trying 5739 * to open for write, then return NFS4ERR_ROFS 5740 */ 5741 5742 readonly = rdonly4(cs->exi, cs->vp, req); 5743 5744 if ((access & OPEN4_SHARE_ACCESS_WRITE) && readonly) 5745 return (NFS4ERR_ROFS); 5746 5747 if (access & OPEN4_SHARE_ACCESS_READ) { 5748 if ((VOP_ACCESS(vp, VREAD, 0, cr) != 0) && 5749 (VOP_ACCESS(vp, VEXEC, 0, cr) != 0)) { 5750 return (NFS4ERR_ACCESS); 5751 } 5752 } 5753 5754 if (access & OPEN4_SHARE_ACCESS_WRITE) { 5755 error = VOP_ACCESS(vp, VWRITE, 0, cr); 5756 if (error) 5757 return (NFS4ERR_ACCESS); 5758 } 5759 5760 return (NFS4_OK); 5761 } 5762 5763 static nfsstat4 5764 rfs4_createfile(OPEN4args *args, struct svc_req *req, struct compound_state *cs, 5765 change_info4 *cinfo, bitmap4 *attrset, clientid4 clientid) 5766 { 5767 struct nfs4_svgetit_arg sarg; 5768 struct nfs4_ntov_table ntov; 5769 5770 bool_t ntov_table_init = FALSE; 5771 struct statvfs64 sb; 5772 nfsstat4 status; 5773 vnode_t *vp; 5774 vattr_t bva, ava, iva, cva, *vap; 5775 vnode_t *dvp; 5776 timespec32_t *mtime; 5777 char *nm = NULL; 5778 uint_t buflen; 5779 bool_t created; 5780 bool_t setsize = FALSE; 5781 len_t reqsize; 5782 int error; 5783 bool_t trunc; 5784 caller_context_t ct; 5785 component4 *component; 5786 bslabel_t *clabel; 5787 5788 sarg.sbp = &sb; 5789 5790 dvp = cs->vp; 5791 5792 /* Check if the file system is read only */ 5793 if (rdonly4(cs->exi, dvp, req)) 5794 return (NFS4ERR_ROFS); 5795 5796 /* check the label of including directory */ 5797 if (is_system_labeled()) { 5798 ASSERT(req->rq_label != NULL); 5799 clabel = req->rq_label; 5800 DTRACE_PROBE2(tx__rfs4__log__info__opremove__clabel, char *, 5801 "got client label from request(1)", 5802 struct svc_req *, req); 5803 if (!blequal(&l_admin_low->tsl_label, clabel)) { 5804 if (!do_rfs_label_check(clabel, dvp, EQUALITY_CHECK)) { 5805 return (NFS4ERR_ACCESS); 5806 } 5807 } 5808 } 5809 5810 /* 5811 * Get the last component of path name in nm. cs will reference 5812 * the including directory on success. 5813 */ 5814 component = &args->open_claim4_u.file; 5815 if (!utf8_dir_verify(component)) 5816 return (NFS4ERR_INVAL); 5817 5818 nm = utf8_to_fn(component, &buflen, NULL); 5819 5820 if (nm == NULL) 5821 return (NFS4ERR_RESOURCE); 5822 5823 if (buflen > MAXNAMELEN) { 5824 kmem_free(nm, buflen); 5825 return (NFS4ERR_NAMETOOLONG); 5826 } 5827 5828 bva.va_mask = AT_TYPE|AT_CTIME|AT_SEQ; 5829 error = VOP_GETATTR(dvp, &bva, 0, cs->cr); 5830 if (error) { 5831 kmem_free(nm, buflen); 5832 return (puterrno4(error)); 5833 } 5834 5835 if (bva.va_type != VDIR) { 5836 kmem_free(nm, buflen); 5837 return (NFS4ERR_NOTDIR); 5838 } 5839 5840 NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime) 5841 5842 switch (args->mode) { 5843 case GUARDED4: 5844 /*FALLTHROUGH*/ 5845 case UNCHECKED4: 5846 nfs4_ntov_table_init(&ntov); 5847 ntov_table_init = TRUE; 5848 5849 *attrset = 0; 5850 status = do_rfs4_set_attrs(attrset, 5851 &args->createhow4_u.createattrs, 5852 cs, &sarg, &ntov, NFS4ATTR_SETIT); 5853 5854 if (status == NFS4_OK && (sarg.vap->va_mask & AT_TYPE) && 5855 sarg.vap->va_type != VREG) { 5856 if (sarg.vap->va_type == VDIR) 5857 status = NFS4ERR_ISDIR; 5858 else if (sarg.vap->va_type == VLNK) 5859 status = NFS4ERR_SYMLINK; 5860 else 5861 status = NFS4ERR_INVAL; 5862 } 5863 5864 if (status != NFS4_OK) { 5865 kmem_free(nm, buflen); 5866 nfs4_ntov_table_free(&ntov, &sarg); 5867 *attrset = 0; 5868 return (status); 5869 } 5870 5871 vap = sarg.vap; 5872 vap->va_type = VREG; 5873 vap->va_mask |= AT_TYPE; 5874 5875 if ((vap->va_mask & AT_MODE) == 0) { 5876 vap->va_mask |= AT_MODE; 5877 vap->va_mode = (mode_t)0600; 5878 } 5879 5880 if (vap->va_mask & AT_SIZE) { 5881 5882 /* Disallow create with a non-zero size */ 5883 5884 if ((reqsize = sarg.vap->va_size) != 0) { 5885 kmem_free(nm, buflen); 5886 nfs4_ntov_table_free(&ntov, &sarg); 5887 *attrset = 0; 5888 return (NFS4ERR_INVAL); 5889 } 5890 setsize = TRUE; 5891 } 5892 break; 5893 5894 case EXCLUSIVE4: 5895 /* prohibit EXCL create of named attributes */ 5896 if (dvp->v_flag & V_XATTRDIR) { 5897 kmem_free(nm, buflen); 5898 *attrset = 0; 5899 return (NFS4ERR_INVAL); 5900 } 5901 5902 cva.va_mask = AT_TYPE | AT_MTIME | AT_MODE; 5903 cva.va_type = VREG; 5904 /* 5905 * Ensure no time overflows. Assumes underlying 5906 * filesystem supports at least 32 bits. 5907 * Truncate nsec to usec resolution to allow valid 5908 * compares even if the underlying filesystem truncates. 5909 */ 5910 mtime = (timespec32_t *)&args->createhow4_u.createverf; 5911 cva.va_mtime.tv_sec = mtime->tv_sec % TIME32_MAX; 5912 cva.va_mtime.tv_nsec = (mtime->tv_nsec / 1000) * 1000; 5913 cva.va_mode = (mode_t)0; 5914 vap = &cva; 5915 break; 5916 } 5917 5918 status = create_vnode(dvp, nm, vap, args->mode, mtime, 5919 cs->cr, &vp, &created); 5920 kmem_free(nm, buflen); 5921 5922 if (status != NFS4_OK) { 5923 if (ntov_table_init) 5924 nfs4_ntov_table_free(&ntov, &sarg); 5925 *attrset = 0; 5926 return (status); 5927 } 5928 5929 trunc = (setsize && !created); 5930 5931 if (args->mode != EXCLUSIVE4) { 5932 bitmap4 createmask = args->createhow4_u.createattrs.attrmask; 5933 5934 /* 5935 * True verification that object was created with correct 5936 * attrs is impossible. The attrs could have been changed 5937 * immediately after object creation. If attributes did 5938 * not verify, the only recourse for the server is to 5939 * destroy the object. Maybe if some attrs (like gid) 5940 * are set incorrectly, the object should be destroyed; 5941 * however, seems bad as a default policy. Do we really 5942 * want to destroy an object over one of the times not 5943 * verifying correctly? For these reasons, the server 5944 * currently sets bits in attrset for createattrs 5945 * that were set; however, no verification is done. 5946 * 5947 * vmask_to_nmask accounts for vattr bits set on create 5948 * [do_rfs4_set_attrs() only sets resp bits for 5949 * non-vattr/vfs bits.] 5950 * Mask off any bits we set by default so as not to return 5951 * more attrset bits than were requested in createattrs 5952 */ 5953 if (created) { 5954 nfs4_vmask_to_nmask(sarg.vap->va_mask, attrset); 5955 *attrset &= createmask; 5956 } else { 5957 /* 5958 * We did not create the vnode (we tried but it 5959 * already existed). In this case, the only createattr 5960 * that the spec allows the server to set is size, 5961 * and even then, it can only be set if it is 0. 5962 */ 5963 *attrset = 0; 5964 if (trunc) 5965 *attrset = FATTR4_SIZE_MASK; 5966 } 5967 } 5968 if (ntov_table_init) 5969 nfs4_ntov_table_free(&ntov, &sarg); 5970 5971 /* 5972 * Get the initial "after" sequence number, if it fails, 5973 * set to zero, time to before. 5974 */ 5975 iva.va_mask = AT_CTIME|AT_SEQ; 5976 if (VOP_GETATTR(dvp, &iva, 0, cs->cr)) { 5977 iva.va_seq = 0; 5978 iva.va_ctime = bva.va_ctime; 5979 } 5980 5981 /* 5982 * create_vnode attempts to create the file exclusive, 5983 * if it already exists the VOP_CREATE will fail and 5984 * may not increase va_seq. It is atomic if 5985 * we haven't changed the directory, but if it has changed 5986 * we don't know what changed it. 5987 */ 5988 if (!created) { 5989 if (bva.va_seq && iva.va_seq && 5990 bva.va_seq == iva.va_seq) 5991 cinfo->atomic = TRUE; 5992 else 5993 cinfo->atomic = FALSE; 5994 NFS4_SET_FATTR4_CHANGE(cinfo->after, iva.va_ctime); 5995 } else { 5996 /* 5997 * The entry was created, we need to sync the 5998 * directory metadata. 5999 */ 6000 (void) VOP_FSYNC(dvp, 0, cs->cr); 6001 6002 /* 6003 * Get "after" change value, if it fails, simply return the 6004 * before value. 6005 */ 6006 ava.va_mask = AT_CTIME|AT_SEQ; 6007 if (VOP_GETATTR(dvp, &ava, 0, cs->cr)) { 6008 ava.va_ctime = bva.va_ctime; 6009 ava.va_seq = 0; 6010 } 6011 6012 NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime); 6013 6014 /* 6015 * The cinfo->atomic = TRUE only if we have 6016 * non-zero va_seq's, and it has incremented by exactly one 6017 * during the create_vnode and it didn't 6018 * change during the VOP_FSYNC. 6019 */ 6020 if (bva.va_seq && iva.va_seq && ava.va_seq && 6021 iva.va_seq == (bva.va_seq + 1) && 6022 iva.va_seq == ava.va_seq) 6023 cinfo->atomic = TRUE; 6024 else 6025 cinfo->atomic = FALSE; 6026 } 6027 6028 /* Check for mandatory locking and that the size gets set. */ 6029 cva.va_mask = AT_MODE; 6030 if (setsize) 6031 cva.va_mask |= AT_SIZE; 6032 6033 /* Assume the worst */ 6034 cs->mandlock = TRUE; 6035 6036 if (VOP_GETATTR(vp, &cva, 0, cs->cr) == 0) { 6037 cs->mandlock = MANDLOCK(cs->vp, cva.va_mode); 6038 6039 /* 6040 * Truncate the file if necessary; this would be 6041 * the case for create over an existing file. 6042 */ 6043 6044 if (trunc) { 6045 int in_crit = 0; 6046 rfs4_file_t *fp; 6047 bool_t create = FALSE; 6048 6049 /* 6050 * We are writing over an existing file. 6051 * Check to see if we need to recall a delegation. 6052 */ 6053 rfs4_hold_deleg_policy(); 6054 if ((fp = rfs4_findfile(vp, NULL, &create)) != NULL) { 6055 if (rfs4_check_delegated_byfp(FWRITE, fp, 6056 (reqsize == 0), FALSE, FALSE, 6057 &clientid)) { 6058 6059 rfs4_file_rele(fp); 6060 rfs4_rele_deleg_policy(); 6061 VN_RELE(vp); 6062 *attrset = 0; 6063 return (NFS4ERR_DELAY); 6064 } 6065 rfs4_file_rele(fp); 6066 } 6067 rfs4_rele_deleg_policy(); 6068 6069 if (nbl_need_check(vp)) { 6070 in_crit = 1; 6071 6072 ASSERT(reqsize == 0); 6073 6074 nbl_start_crit(vp, RW_READER); 6075 if (nbl_conflict(vp, NBL_WRITE, 0, 6076 cva.va_size, 0)) { 6077 in_crit = 0; 6078 nbl_end_crit(vp); 6079 VN_RELE(vp); 6080 *attrset = 0; 6081 return (NFS4ERR_ACCESS); 6082 } 6083 } 6084 ct.cc_sysid = 0; 6085 ct.cc_pid = 0; 6086 ct.cc_caller_id = nfs4_srv_caller_id; 6087 6088 cva.va_mask = AT_SIZE; 6089 cva.va_size = reqsize; 6090 (void) VOP_SETATTR(vp, &cva, 0, cs->cr, &ct); 6091 if (in_crit) 6092 nbl_end_crit(vp); 6093 } 6094 } 6095 6096 error = makefh4(&cs->fh, vp, cs->exi); 6097 6098 /* 6099 * Force modified data and metadata out to stable storage. 6100 */ 6101 (void) VOP_FSYNC(vp, FNODSYNC, cs->cr); 6102 6103 if (error) { 6104 VN_RELE(vp); 6105 *attrset = 0; 6106 return (puterrno4(error)); 6107 } 6108 6109 /* if parent dir is attrdir, set namedattr fh flag */ 6110 if (dvp->v_flag & V_XATTRDIR) 6111 set_fh4_flag(&cs->fh, FH4_NAMEDATTR); 6112 6113 if (cs->vp) 6114 VN_RELE(cs->vp); 6115 6116 cs->vp = vp; 6117 6118 /* 6119 * if we did not create the file, we will need to check 6120 * the access bits on the file 6121 */ 6122 6123 if (!created) { 6124 if (setsize) 6125 args->share_access |= OPEN4_SHARE_ACCESS_WRITE; 6126 status = check_open_access(args->share_access, cs, req); 6127 if (status != NFS4_OK) 6128 *attrset = 0; 6129 } 6130 return (status); 6131 } 6132 6133 /*ARGSUSED*/ 6134 static void 6135 rfs4_do_open(struct compound_state *cs, struct svc_req *req, 6136 rfs4_openowner_t *oo, delegreq_t deleg, 6137 uint32_t access, uint32_t deny, 6138 OPEN4res *resp) 6139 { 6140 /* XXX Currently not using req */ 6141 rfs4_state_t *state; 6142 rfs4_file_t *file; 6143 bool_t screate = TRUE; 6144 bool_t fcreate = TRUE; 6145 uint32_t amodes; 6146 uint32_t dmodes; 6147 rfs4_deleg_state_t *dsp; 6148 struct shrlock shr; 6149 struct shr_locowner shr_loco; 6150 sysid_t sysid; 6151 nfsstat4 status; 6152 int fflags = 0; 6153 int recall = 0; 6154 int err; 6155 6156 /* get the file struct and hold a lock on it during initial open */ 6157 file = rfs4_findfile_withlock(cs->vp, &cs->fh, &fcreate); 6158 if (file == NULL) { 6159 NFS4_DEBUG(rfs4_debug, 6160 (CE_NOTE, "rfs4_do_open: can't find file")); 6161 resp->status = NFS4ERR_SERVERFAULT; 6162 return; 6163 } 6164 6165 state = rfs4_findstate_by_owner_file(oo, file, &screate); 6166 if (state == NULL) { 6167 NFS4_DEBUG(rfs4_debug, 6168 (CE_NOTE, "rfs4_do_open: can't find state")); 6169 resp->status = NFS4ERR_RESOURCE; 6170 /* No need to keep any reference */ 6171 rfs4_file_rele_withunlock(file); 6172 return; 6173 } 6174 6175 /* try to get the sysid before continuing */ 6176 if ((status = rfs4_client_sysid(oo->client, &sysid)) != NFS4_OK) { 6177 resp->status = status; 6178 rfs4_file_rele(file); 6179 /* Not a fully formed open; "close" it */ 6180 if (screate == TRUE) 6181 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6182 rfs4_state_rele(state); 6183 return; 6184 } 6185 6186 /* 6187 * Calculate the new deny and access mode that this open is adding to 6188 * the file for this open owner; 6189 */ 6190 dmodes = (deny & ~state->share_deny); 6191 amodes = (access & ~state->share_access); 6192 6193 /* 6194 * Check to see the client has already sent an open for this 6195 * open owner on this file with the same share/deny modes. 6196 * If so, we don't need to check for a conflict and we don't 6197 * need to add another shrlock. If not, then we need to 6198 * check for conflicts in deny and access before checking for 6199 * conflicts in delegation. We don't want to recall a 6200 * delegation based on an open that will eventually fail based 6201 * on shares modes. 6202 */ 6203 6204 if (dmodes || amodes) { 6205 shr.s_access = (short)access; 6206 shr.s_deny = (short)deny; 6207 shr.s_pid = rfs4_dbe_getid(oo->dbe); 6208 shr.s_sysid = sysid; 6209 shr_loco.sl_pid = shr.s_pid; 6210 shr_loco.sl_id = shr.s_sysid; 6211 shr.s_owner = (caddr_t)&shr_loco; 6212 shr.s_own_len = sizeof (shr_loco); 6213 6214 fflags = 0; 6215 if (access & OPEN4_SHARE_ACCESS_READ) 6216 fflags |= FREAD; 6217 if (access & OPEN4_SHARE_ACCESS_WRITE) 6218 fflags |= FWRITE; 6219 6220 if ((err = vop_shrlock(cs->vp, F_SHARE, &shr, fflags)) != 0) { 6221 6222 resp->status = err == EAGAIN ? 6223 NFS4ERR_SHARE_DENIED : puterrno4(err); 6224 6225 rfs4_file_rele(file); 6226 /* Not a fully formed open; "close" it */ 6227 if (screate == TRUE) 6228 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6229 rfs4_state_rele(state); 6230 return; 6231 } 6232 } 6233 6234 rfs4_dbe_lock(state->dbe); 6235 rfs4_dbe_lock(file->dbe); 6236 6237 /* 6238 * Check to see if this file is delegated and if so, if a 6239 * recall needs to be done. 6240 */ 6241 if (rfs4_check_recall(state, access)) { 6242 rfs4_dbe_unlock(file->dbe); 6243 rfs4_dbe_unlock(state->dbe); 6244 rfs4_recall_deleg(file, FALSE, state->owner->client); 6245 delay(NFS4_DELEGATION_CONFLICT_DELAY); 6246 rfs4_dbe_lock(state->dbe); 6247 rfs4_dbe_lock(file->dbe); 6248 /* Let's see if the delegation was returned */ 6249 if (rfs4_check_recall(state, access)) { 6250 rfs4_dbe_unlock(file->dbe); 6251 rfs4_dbe_unlock(state->dbe); 6252 rfs4_file_rele(file); 6253 rfs4_update_lease(state->owner->client); 6254 /* recalculate flags to match what was added */ 6255 fflags = 0; 6256 if (amodes & OPEN4_SHARE_ACCESS_READ) 6257 fflags |= FREAD; 6258 if (amodes & OPEN4_SHARE_ACCESS_WRITE) 6259 fflags |= FWRITE; 6260 (void) vop_shrlock(cs->vp, F_UNSHARE, &shr, fflags); 6261 /* Not a fully formed open; "close" it */ 6262 if (screate == TRUE) 6263 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6264 rfs4_state_rele(state); 6265 resp->status = NFS4ERR_DELAY; 6266 return; 6267 } 6268 } 6269 6270 if (dmodes & OPEN4_SHARE_DENY_READ) 6271 file->deny_read++; 6272 if (dmodes & OPEN4_SHARE_DENY_WRITE) 6273 file->deny_write++; 6274 file->share_deny |= deny; 6275 state->share_deny |= deny; 6276 6277 if (amodes & OPEN4_SHARE_ACCESS_READ) 6278 file->access_read++; 6279 if (amodes & OPEN4_SHARE_ACCESS_WRITE) 6280 file->access_write++; 6281 file->share_access |= access; 6282 state->share_access |= access; 6283 6284 /* 6285 * Check for delegation here. if the deleg argument is not 6286 * DELEG_ANY, then this is a reclaim from a client and 6287 * we must honor the delegation requested. If necessary we can 6288 * set the recall flag. 6289 */ 6290 6291 dsp = rfs4_grant_delegation(deleg, state, &recall); 6292 6293 cs->deleg = (file->dinfo->dtype == OPEN_DELEGATE_WRITE); 6294 6295 next_stateid(&state->stateid); 6296 6297 resp->stateid = state->stateid.stateid; 6298 6299 rfs4_dbe_unlock(file->dbe); 6300 rfs4_dbe_unlock(state->dbe); 6301 6302 if (dsp) { 6303 rfs4_set_deleg_response(dsp, &resp->delegation, NULL, recall); 6304 rfs4_deleg_state_rele(dsp); 6305 } 6306 6307 rfs4_file_rele(file); 6308 rfs4_state_rele(state); 6309 6310 resp->status = NFS4_OK; 6311 } 6312 6313 /*ARGSUSED*/ 6314 static void 6315 rfs4_do_opennull(struct compound_state *cs, struct svc_req *req, 6316 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6317 { 6318 change_info4 *cinfo = &resp->cinfo; 6319 bitmap4 *attrset = &resp->attrset; 6320 6321 if (args->opentype == OPEN4_NOCREATE) 6322 resp->status = rfs4_lookupfile(&args->open_claim4_u.file, 6323 req, cs, args->share_access, cinfo); 6324 else { 6325 /* inhibit delegation grants during exclusive create */ 6326 6327 if (args->mode == EXCLUSIVE4) 6328 rfs4_disable_delegation(); 6329 6330 resp->status = rfs4_createfile(args, req, cs, cinfo, attrset, 6331 oo->client->clientid); 6332 } 6333 6334 if (resp->status == NFS4_OK) { 6335 6336 /* cs->vp cs->fh now reference the desired file */ 6337 6338 rfs4_do_open(cs, req, oo, DELEG_ANY, args->share_access, 6339 args->share_deny, resp); 6340 6341 /* 6342 * If rfs4_createfile set attrset, we must 6343 * clear this attrset before the response is copied. 6344 */ 6345 if (resp->status != NFS4_OK && resp->attrset) { 6346 resp->attrset = 0; 6347 } 6348 } 6349 else 6350 *cs->statusp = resp->status; 6351 6352 if (args->mode == EXCLUSIVE4) 6353 rfs4_enable_delegation(); 6354 } 6355 6356 /*ARGSUSED*/ 6357 static void 6358 rfs4_do_openprev(struct compound_state *cs, struct svc_req *req, 6359 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6360 { 6361 change_info4 *cinfo = &resp->cinfo; 6362 vattr_t va; 6363 vtype_t v_type = cs->vp->v_type; 6364 int error = 0; 6365 6366 /* Verify that we have a regular file */ 6367 if (v_type != VREG) { 6368 if (v_type == VDIR) 6369 resp->status = NFS4ERR_ISDIR; 6370 else if (v_type == VLNK) 6371 resp->status = NFS4ERR_SYMLINK; 6372 else 6373 resp->status = NFS4ERR_INVAL; 6374 return; 6375 } 6376 6377 va.va_mask = AT_MODE|AT_UID; 6378 error = VOP_GETATTR(cs->vp, &va, 0, cs->cr); 6379 if (error) { 6380 resp->status = puterrno4(error); 6381 return; 6382 } 6383 6384 cs->mandlock = MANDLOCK(cs->vp, va.va_mode); 6385 6386 /* 6387 * Check if we have access to the file, Note the the file 6388 * could have originally been open UNCHECKED or GUARDED 6389 * with mode bits that will now fail, but there is nothing 6390 * we can really do about that except in the case that the 6391 * owner of the file is the one requesting the open. 6392 */ 6393 if (crgetuid(cs->cr) != va.va_uid) { 6394 resp->status = check_open_access(args->share_access, cs, req); 6395 if (resp->status != NFS4_OK) { 6396 return; 6397 } 6398 } 6399 6400 /* 6401 * cinfo on a CLAIM_PREVIOUS is undefined, initialize to zero 6402 */ 6403 cinfo->before = 0; 6404 cinfo->after = 0; 6405 cinfo->atomic = FALSE; 6406 6407 rfs4_do_open(cs, req, oo, 6408 NFS4_DELEG4TYPE2REQTYPE(args->open_claim4_u.delegate_type), 6409 args->share_access, args->share_deny, resp); 6410 } 6411 6412 static void 6413 rfs4_do_opendelcur(struct compound_state *cs, struct svc_req *req, 6414 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6415 { 6416 int error; 6417 nfsstat4 status; 6418 stateid4 stateid = 6419 args->open_claim4_u.delegate_cur_info.delegate_stateid; 6420 rfs4_deleg_state_t *dsp; 6421 6422 /* 6423 * Find the state info from the stateid and confirm that the 6424 * file is delegated. If the state openowner is the same as 6425 * the supplied openowner we're done. If not, get the file 6426 * info from the found state info. Use that file info to 6427 * create the state for this lock owner. Note solaris doen't 6428 * really need the pathname to find the file. We may want to 6429 * lookup the pathname and make sure that the vp exist and 6430 * matches the vp in the file structure. However it is 6431 * possible that the pathname nolonger exists (local process 6432 * unlinks the file), so this may not be that useful. 6433 */ 6434 6435 status = rfs4_get_deleg_state(&stateid, &dsp); 6436 if (status != NFS4_OK) { 6437 resp->status = status; 6438 return; 6439 } 6440 6441 ASSERT(dsp->finfo->dinfo->dtype != OPEN_DELEGATE_NONE); 6442 6443 /* 6444 * New lock owner, create state. Since this was probably called 6445 * in response to a CB_RECALL we set deleg to DELEG_NONE 6446 */ 6447 6448 ASSERT(cs->vp != NULL); 6449 VN_RELE(cs->vp); 6450 VN_HOLD(dsp->finfo->vp); 6451 cs->vp = dsp->finfo->vp; 6452 6453 if (error = makefh4(&cs->fh, cs->vp, cs->exi)) { 6454 rfs4_deleg_state_rele(dsp); 6455 *cs->statusp = resp->status = puterrno4(error); 6456 return; 6457 } 6458 6459 /* Mark progress for delegation returns */ 6460 dsp->finfo->dinfo->time_lastwrite = gethrestime_sec(); 6461 rfs4_deleg_state_rele(dsp); 6462 rfs4_do_open(cs, req, oo, DELEG_NONE, 6463 args->share_access, args->share_deny, resp); 6464 } 6465 6466 /*ARGSUSED*/ 6467 static void 6468 rfs4_do_opendelprev(struct compound_state *cs, struct svc_req *req, 6469 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6470 { 6471 /* 6472 * Lookup the pathname, it must already exist since this file 6473 * was delegated. 6474 * 6475 * Find the file and state info for this vp and open owner pair. 6476 * check that they are in fact delegated. 6477 * check that the state access and deny modes are the same. 6478 * 6479 * Return the delgation possibly seting the recall flag. 6480 */ 6481 rfs4_file_t *file; 6482 rfs4_state_t *state; 6483 bool_t create = FALSE; 6484 bool_t dcreate = FALSE; 6485 rfs4_deleg_state_t *dsp; 6486 nfsace4 *ace; 6487 6488 6489 /* Note we ignore oflags */ 6490 resp->status = rfs4_lookupfile(&args->open_claim4_u.file_delegate_prev, 6491 req, cs, args->share_access, &resp->cinfo); 6492 6493 if (resp->status != NFS4_OK) { 6494 return; 6495 } 6496 6497 /* get the file struct and hold a lock on it during initial open */ 6498 file = rfs4_findfile_withlock(cs->vp, NULL, &create); 6499 if (file == NULL) { 6500 NFS4_DEBUG(rfs4_debug, 6501 (CE_NOTE, "rfs4_do_opendelprev: can't find file")); 6502 resp->status = NFS4ERR_SERVERFAULT; 6503 return; 6504 } 6505 6506 state = rfs4_findstate_by_owner_file(oo, file, &create); 6507 if (state == NULL) { 6508 NFS4_DEBUG(rfs4_debug, 6509 (CE_NOTE, "rfs4_do_opendelprev: can't find state")); 6510 resp->status = NFS4ERR_SERVERFAULT; 6511 rfs4_file_rele_withunlock(file); 6512 return; 6513 } 6514 6515 rfs4_dbe_lock(state->dbe); 6516 rfs4_dbe_lock(file->dbe); 6517 if (args->share_access != state->share_access || 6518 args->share_deny != state->share_deny || 6519 state->finfo->dinfo->dtype == OPEN_DELEGATE_NONE) { 6520 NFS4_DEBUG(rfs4_debug, 6521 (CE_NOTE, "rfs4_do_opendelprev: state mixup")); 6522 rfs4_dbe_unlock(file->dbe); 6523 rfs4_dbe_unlock(state->dbe); 6524 rfs4_file_rele(file); 6525 rfs4_state_rele(state); 6526 resp->status = NFS4ERR_SERVERFAULT; 6527 return; 6528 } 6529 rfs4_dbe_unlock(file->dbe); 6530 rfs4_dbe_unlock(state->dbe); 6531 6532 dsp = rfs4_finddeleg(state, &dcreate); 6533 if (dsp == NULL) { 6534 rfs4_state_rele(state); 6535 rfs4_file_rele(file); 6536 resp->status = NFS4ERR_SERVERFAULT; 6537 return; 6538 } 6539 6540 next_stateid(&state->stateid); 6541 6542 resp->stateid = state->stateid.stateid; 6543 6544 resp->delegation.delegation_type = dsp->dtype; 6545 6546 if (dsp->dtype == OPEN_DELEGATE_READ) { 6547 open_read_delegation4 *rv = 6548 &resp->delegation.open_delegation4_u.read; 6549 6550 rv->stateid = dsp->delegid.stateid; 6551 rv->recall = FALSE; /* no policy in place to set to TRUE */ 6552 ace = &rv->permissions; 6553 } else { 6554 open_write_delegation4 *rv = 6555 &resp->delegation.open_delegation4_u.write; 6556 6557 rv->stateid = dsp->delegid.stateid; 6558 rv->recall = FALSE; /* no policy in place to set to TRUE */ 6559 ace = &rv->permissions; 6560 rv->space_limit.limitby = NFS_LIMIT_SIZE; 6561 rv->space_limit.nfs_space_limit4_u.filesize = UINT64_MAX; 6562 } 6563 6564 /* XXX For now */ 6565 ace->type = ACE4_ACCESS_ALLOWED_ACE_TYPE; 6566 ace->flag = 0; 6567 ace->access_mask = 0; 6568 ace->who.utf8string_len = 0; 6569 ace->who.utf8string_val = 0; 6570 6571 rfs4_deleg_state_rele(dsp); 6572 rfs4_state_rele(state); 6573 rfs4_file_rele(file); 6574 } 6575 6576 typedef enum { 6577 NFS4_CHKSEQ_OKAY = 0, 6578 NFS4_CHKSEQ_REPLAY = 1, 6579 NFS4_CHKSEQ_BAD = 2 6580 } rfs4_chkseq_t; 6581 6582 /* 6583 * Generic function for sequence number checks. 6584 */ 6585 static rfs4_chkseq_t 6586 rfs4_check_seqid(seqid4 seqid, nfs_resop4 *lastop, 6587 seqid4 rqst_seq, nfs_resop4 *resop, bool_t copyres) 6588 { 6589 /* Same sequence ids and matching operations? */ 6590 if (seqid == rqst_seq && resop->resop == lastop->resop) { 6591 if (copyres == TRUE) { 6592 rfs4_free_reply(resop); 6593 rfs4_copy_reply(resop, lastop); 6594 } 6595 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 6596 "Replayed SEQID %d\n", seqid)); 6597 return (NFS4_CHKSEQ_REPLAY); 6598 } 6599 6600 /* If the incoming sequence is not the next expected then it is bad */ 6601 if (rqst_seq != seqid + 1) { 6602 if (rqst_seq == seqid) { 6603 NFS4_DEBUG(rfs4_debug, 6604 (CE_NOTE, "BAD SEQID: Replayed sequence id " 6605 "but last op was %d current op is %d\n", 6606 lastop->resop, resop->resop)); 6607 return (NFS4_CHKSEQ_BAD); 6608 } 6609 NFS4_DEBUG(rfs4_debug, 6610 (CE_NOTE, "BAD SEQID: got %u expecting %u\n", 6611 rqst_seq, seqid)); 6612 return (NFS4_CHKSEQ_BAD); 6613 } 6614 6615 /* Everything okay -- next expected */ 6616 return (NFS4_CHKSEQ_OKAY); 6617 } 6618 6619 6620 static rfs4_chkseq_t 6621 rfs4_check_open_seqid(seqid4 seqid, rfs4_openowner_t *op, nfs_resop4 *resop) 6622 { 6623 rfs4_chkseq_t rc; 6624 6625 rfs4_dbe_lock(op->dbe); 6626 rc = rfs4_check_seqid(op->open_seqid, op->reply, seqid, resop, TRUE); 6627 rfs4_dbe_unlock(op->dbe); 6628 6629 if (rc == NFS4_CHKSEQ_OKAY) 6630 rfs4_update_lease(op->client); 6631 6632 return (rc); 6633 } 6634 6635 static rfs4_chkseq_t 6636 rfs4_check_olo_seqid(seqid4 olo_seqid, rfs4_openowner_t *op, 6637 nfs_resop4 *resop) 6638 { 6639 rfs4_chkseq_t rc; 6640 6641 rfs4_dbe_lock(op->dbe); 6642 rc = rfs4_check_seqid(op->open_seqid, op->reply, 6643 olo_seqid, resop, FALSE); 6644 rfs4_dbe_unlock(op->dbe); 6645 6646 return (rc); 6647 } 6648 6649 static rfs4_chkseq_t 6650 rfs4_check_lock_seqid(seqid4 seqid, rfs4_lo_state_t *lp, nfs_resop4 *resop) 6651 { 6652 rfs4_chkseq_t rc = NFS4_CHKSEQ_OKAY; 6653 6654 rfs4_dbe_lock(lp->dbe); 6655 if (!lp->skip_seqid_check) 6656 rc = rfs4_check_seqid(lp->seqid, lp->reply, 6657 seqid, resop, TRUE); 6658 rfs4_dbe_unlock(lp->dbe); 6659 6660 return (rc); 6661 } 6662 6663 static void 6664 rfs4_op_open(nfs_argop4 *argop, nfs_resop4 *resop, 6665 struct svc_req *req, struct compound_state *cs) 6666 { 6667 OPEN4args *args = &argop->nfs_argop4_u.opopen; 6668 OPEN4res *resp = &resop->nfs_resop4_u.opopen; 6669 open_owner4 *owner = &args->owner; 6670 open_claim_type4 claim = args->claim; 6671 rfs4_client_t *cp; 6672 rfs4_openowner_t *oo; 6673 bool_t create; 6674 bool_t replay = FALSE; 6675 int can_reclaim; 6676 6677 6678 if (cs->vp == NULL) { 6679 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 6680 return; 6681 } 6682 6683 /* 6684 * Need to check clientid and lease expiration first based on 6685 * error ordering and incrementing sequence id. 6686 */ 6687 cp = rfs4_findclient_by_id(owner->clientid, FALSE); 6688 if (cp == NULL) { 6689 *cs->statusp = resp->status = 6690 rfs4_check_clientid(&owner->clientid, 0); 6691 return; 6692 } 6693 6694 if (rfs4_lease_expired(cp)) { 6695 rfs4_client_close(cp); 6696 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 6697 return; 6698 } 6699 can_reclaim = cp->can_reclaim; 6700 6701 /* 6702 * Find the open_owner for use from this point forward. Take 6703 * care in updating the sequence id based on the type of error 6704 * being returned. 6705 */ 6706 retry: 6707 create = TRUE; 6708 oo = rfs4_findopenowner(owner, &create, args->seqid); 6709 if (oo == NULL) { 6710 *cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID; 6711 rfs4_client_rele(cp); 6712 return; 6713 } 6714 6715 /* Hold off access to the sequence space while the open is done */ 6716 rfs4_sw_enter(&oo->oo_sw); 6717 6718 /* 6719 * If the open_owner existed before at the server, then check 6720 * the sequence id. 6721 */ 6722 if (!create && !oo->postpone_confirm) { 6723 switch (rfs4_check_open_seqid(args->seqid, oo, resop)) { 6724 case NFS4_CHKSEQ_BAD: 6725 if ((args->seqid > oo->open_seqid) && 6726 oo->need_confirm) { 6727 rfs4_free_opens(oo, TRUE, FALSE); 6728 rfs4_sw_exit(&oo->oo_sw); 6729 rfs4_openowner_rele(oo); 6730 goto retry; 6731 } 6732 resp->status = NFS4ERR_BAD_SEQID; 6733 goto out; 6734 case NFS4_CHKSEQ_REPLAY: /* replay of previous request */ 6735 replay = TRUE; 6736 goto out; 6737 default: 6738 break; 6739 } 6740 6741 /* 6742 * Sequence was ok and open owner exists 6743 * check to see if we have yet to see an 6744 * open_confirm. 6745 */ 6746 if (oo->need_confirm) { 6747 rfs4_free_opens(oo, TRUE, FALSE); 6748 rfs4_sw_exit(&oo->oo_sw); 6749 rfs4_openowner_rele(oo); 6750 goto retry; 6751 } 6752 } 6753 /* Grace only applies to regular-type OPENs */ 6754 if (rfs4_clnt_in_grace(cp) && 6755 (claim == CLAIM_NULL || claim == CLAIM_DELEGATE_CUR)) { 6756 *cs->statusp = resp->status = NFS4ERR_GRACE; 6757 goto out; 6758 } 6759 6760 /* 6761 * If previous state at the server existed then can_reclaim 6762 * will be set. If not reply NFS4ERR_NO_GRACE to the 6763 * client. 6764 */ 6765 if (rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS && !can_reclaim) { 6766 *cs->statusp = resp->status = NFS4ERR_NO_GRACE; 6767 goto out; 6768 } 6769 6770 6771 /* 6772 * Reject the open if the client has missed the grace period 6773 */ 6774 if (!rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS) { 6775 *cs->statusp = resp->status = NFS4ERR_NO_GRACE; 6776 goto out; 6777 } 6778 6779 /* Couple of up-front bookkeeping items */ 6780 if (oo->need_confirm) { 6781 /* 6782 * If this is a reclaim OPEN then we should not ask 6783 * for a confirmation of the open_owner per the 6784 * protocol specification. 6785 */ 6786 if (claim == CLAIM_PREVIOUS) 6787 oo->need_confirm = FALSE; 6788 else 6789 resp->rflags |= OPEN4_RESULT_CONFIRM; 6790 } 6791 resp->rflags |= OPEN4_RESULT_LOCKTYPE_POSIX; 6792 6793 /* 6794 * If there is an unshared filesystem mounted on this vnode, 6795 * do not allow to open/create in this directory. 6796 */ 6797 if (vn_ismntpt(cs->vp)) { 6798 *cs->statusp = resp->status = NFS4ERR_ACCESS; 6799 goto out; 6800 } 6801 6802 /* 6803 * access must READ, WRITE, or BOTH. No access is invalid. 6804 * deny can be READ, WRITE, BOTH, or NONE. 6805 * bits not defined for access/deny are invalid. 6806 */ 6807 if (! (args->share_access & OPEN4_SHARE_ACCESS_BOTH) || 6808 (args->share_access & ~OPEN4_SHARE_ACCESS_BOTH) || 6809 (args->share_deny & ~OPEN4_SHARE_DENY_BOTH)) { 6810 *cs->statusp = resp->status = NFS4ERR_INVAL; 6811 goto out; 6812 } 6813 6814 6815 /* 6816 * make sure attrset is zero before response is built. 6817 */ 6818 resp->attrset = 0; 6819 6820 switch (claim) { 6821 case CLAIM_NULL: 6822 rfs4_do_opennull(cs, req, args, oo, resp); 6823 break; 6824 case CLAIM_PREVIOUS: 6825 rfs4_do_openprev(cs, req, args, oo, resp); 6826 break; 6827 case CLAIM_DELEGATE_CUR: 6828 rfs4_do_opendelcur(cs, req, args, oo, resp); 6829 break; 6830 case CLAIM_DELEGATE_PREV: 6831 rfs4_do_opendelprev(cs, req, args, oo, resp); 6832 break; 6833 default: 6834 resp->status = NFS4ERR_INVAL; 6835 break; 6836 } 6837 6838 out: 6839 rfs4_client_rele(cp); 6840 6841 /* Catch sequence id handling here to make it a little easier */ 6842 switch (resp->status) { 6843 case NFS4ERR_BADXDR: 6844 case NFS4ERR_BAD_SEQID: 6845 case NFS4ERR_BAD_STATEID: 6846 case NFS4ERR_NOFILEHANDLE: 6847 case NFS4ERR_RESOURCE: 6848 case NFS4ERR_STALE_CLIENTID: 6849 case NFS4ERR_STALE_STATEID: 6850 /* 6851 * The protocol states that if any of these errors are 6852 * being returned, the sequence id should not be 6853 * incremented. Any other return requires an 6854 * increment. 6855 */ 6856 break; 6857 default: 6858 /* Always update the lease in this case */ 6859 rfs4_update_lease(oo->client); 6860 6861 /* Regular response - copy the result */ 6862 if (!replay) 6863 rfs4_update_open_resp(oo, resop, &cs->fh); 6864 6865 /* 6866 * REPLAY case: Only if the previous response was OK 6867 * do we copy the filehandle. If not OK, no 6868 * filehandle to copy. 6869 */ 6870 if (replay == TRUE && 6871 resp->status == NFS4_OK && 6872 oo->reply_fh.nfs_fh4_val) { 6873 /* 6874 * If this is a replay, we must restore the 6875 * current filehandle/vp to that of what was 6876 * returned originally. Try our best to do 6877 * it. 6878 */ 6879 nfs_fh4_fmt_t *fh_fmtp = 6880 (nfs_fh4_fmt_t *)oo->reply_fh.nfs_fh4_val; 6881 6882 cs->exi = checkexport4(&fh_fmtp->fh4_fsid, 6883 (fid_t *)&fh_fmtp->fh4_xlen, NULL); 6884 6885 if (cs->exi == NULL) { 6886 resp->status = NFS4ERR_STALE; 6887 goto finish; 6888 } 6889 6890 VN_RELE(cs->vp); 6891 6892 cs->vp = nfs4_fhtovp(&oo->reply_fh, cs->exi, 6893 &resp->status); 6894 6895 if (cs->vp == NULL) 6896 goto finish; 6897 6898 nfs_fh4_copy(&oo->reply_fh, &cs->fh); 6899 } 6900 6901 /* 6902 * If this was a replay, no need to update the 6903 * sequence id. If the open_owner was not created on 6904 * this pass, then update. The first use of an 6905 * open_owner will not bump the sequence id. 6906 */ 6907 if (replay == FALSE && !create) 6908 rfs4_update_open_sequence(oo); 6909 /* 6910 * If the client is receiving an error and the 6911 * open_owner needs to be confirmed, there is no way 6912 * to notify the client of this fact ignoring the fact 6913 * that the server has no method of returning a 6914 * stateid to confirm. Therefore, the server needs to 6915 * mark this open_owner in a way as to avoid the 6916 * sequence id checking the next time the client uses 6917 * this open_owner. 6918 */ 6919 if (resp->status != NFS4_OK && oo->need_confirm) 6920 oo->postpone_confirm = TRUE; 6921 /* 6922 * If OK response then clear the postpone flag and 6923 * reset the sequence id to keep in sync with the 6924 * client. 6925 */ 6926 if (resp->status == NFS4_OK && oo->postpone_confirm) { 6927 oo->postpone_confirm = FALSE; 6928 oo->open_seqid = args->seqid; 6929 } 6930 break; 6931 } 6932 6933 finish: 6934 *cs->statusp = resp->status; 6935 6936 rfs4_sw_exit(&oo->oo_sw); 6937 rfs4_openowner_rele(oo); 6938 } 6939 6940 /*ARGSUSED*/ 6941 void 6942 rfs4_op_open_confirm(nfs_argop4 *argop, nfs_resop4 *resop, 6943 struct svc_req *req, struct compound_state *cs) 6944 { 6945 OPEN_CONFIRM4args *args = &argop->nfs_argop4_u.opopen_confirm; 6946 OPEN_CONFIRM4res *resp = &resop->nfs_resop4_u.opopen_confirm; 6947 rfs4_state_t *sp; 6948 nfsstat4 status; 6949 6950 if (cs->vp == NULL) { 6951 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 6952 return; 6953 } 6954 6955 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID); 6956 if (status != NFS4_OK) { 6957 *cs->statusp = resp->status = status; 6958 return; 6959 } 6960 6961 /* Ensure specified filehandle matches */ 6962 if (cs->vp != sp->finfo->vp) { 6963 rfs4_state_rele(sp); 6964 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 6965 return; 6966 } 6967 6968 /* hold off other access to open_owner while we tinker */ 6969 rfs4_sw_enter(&sp->owner->oo_sw); 6970 6971 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 6972 case NFS4_CHECK_STATEID_OKAY: 6973 if (rfs4_check_open_seqid(args->seqid, sp->owner, 6974 resop) != 0) { 6975 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 6976 break; 6977 } 6978 /* 6979 * If it is the appropriate stateid and determined to 6980 * be "OKAY" then this means that the stateid does not 6981 * need to be confirmed and the client is in error for 6982 * sending an OPEN_CONFIRM. 6983 */ 6984 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 6985 break; 6986 case NFS4_CHECK_STATEID_OLD: 6987 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 6988 break; 6989 case NFS4_CHECK_STATEID_BAD: 6990 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 6991 break; 6992 case NFS4_CHECK_STATEID_EXPIRED: 6993 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 6994 break; 6995 case NFS4_CHECK_STATEID_CLOSED: 6996 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 6997 break; 6998 case NFS4_CHECK_STATEID_REPLAY: 6999 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7000 case NFS4_CHKSEQ_OKAY: 7001 /* 7002 * This is replayed stateid; if seqid matches 7003 * next expected, then client is using wrong seqid. 7004 */ 7005 /* fall through */ 7006 case NFS4_CHKSEQ_BAD: 7007 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7008 break; 7009 case NFS4_CHKSEQ_REPLAY: 7010 /* 7011 * Note this case is the duplicate case so 7012 * resp->status is already set. 7013 */ 7014 *cs->statusp = resp->status; 7015 rfs4_update_lease(sp->owner->client); 7016 break; 7017 } 7018 break; 7019 case NFS4_CHECK_STATEID_UNCONFIRMED: 7020 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7021 resop) != NFS4_CHKSEQ_OKAY) { 7022 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7023 break; 7024 } 7025 *cs->statusp = resp->status = NFS4_OK; 7026 7027 next_stateid(&sp->stateid); 7028 resp->open_stateid = sp->stateid.stateid; 7029 sp->owner->need_confirm = FALSE; 7030 rfs4_update_lease(sp->owner->client); 7031 rfs4_update_open_sequence(sp->owner); 7032 rfs4_update_open_resp(sp->owner, resop, NULL); 7033 break; 7034 default: 7035 ASSERT(FALSE); 7036 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 7037 break; 7038 } 7039 rfs4_sw_exit(&sp->owner->oo_sw); 7040 rfs4_state_rele(sp); 7041 } 7042 7043 /*ARGSUSED*/ 7044 void 7045 rfs4_op_open_downgrade(nfs_argop4 *argop, nfs_resop4 *resop, 7046 struct svc_req *req, struct compound_state *cs) 7047 { 7048 OPEN_DOWNGRADE4args *args = &argop->nfs_argop4_u.opopen_downgrade; 7049 OPEN_DOWNGRADE4res *resp = &resop->nfs_resop4_u.opopen_downgrade; 7050 uint32_t access = args->share_access; 7051 uint32_t deny = args->share_deny; 7052 nfsstat4 status; 7053 rfs4_state_t *sp; 7054 rfs4_file_t *fp; 7055 7056 if (cs->vp == NULL) { 7057 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 7058 return; 7059 } 7060 7061 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID); 7062 if (status != NFS4_OK) { 7063 *cs->statusp = resp->status = status; 7064 return; 7065 } 7066 7067 /* Ensure specified filehandle matches */ 7068 if (cs->vp != sp->finfo->vp) { 7069 rfs4_state_rele(sp); 7070 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7071 return; 7072 } 7073 7074 /* hold off other access to open_owner while we tinker */ 7075 rfs4_sw_enter(&sp->owner->oo_sw); 7076 7077 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 7078 case NFS4_CHECK_STATEID_OKAY: 7079 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7080 resop) != NFS4_CHKSEQ_OKAY) { 7081 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7082 goto end; 7083 } 7084 break; 7085 case NFS4_CHECK_STATEID_OLD: 7086 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7087 goto end; 7088 case NFS4_CHECK_STATEID_BAD: 7089 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7090 goto end; 7091 case NFS4_CHECK_STATEID_EXPIRED: 7092 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 7093 goto end; 7094 case NFS4_CHECK_STATEID_CLOSED: 7095 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7096 goto end; 7097 case NFS4_CHECK_STATEID_UNCONFIRMED: 7098 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7099 goto end; 7100 case NFS4_CHECK_STATEID_REPLAY: 7101 /* Check the sequence id for the open owner */ 7102 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7103 case NFS4_CHKSEQ_OKAY: 7104 /* 7105 * This is replayed stateid; if seqid matches 7106 * next expected, then client is using wrong seqid. 7107 */ 7108 /* fall through */ 7109 case NFS4_CHKSEQ_BAD: 7110 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7111 goto end; 7112 case NFS4_CHKSEQ_REPLAY: 7113 /* 7114 * Note this case is the duplicate case so 7115 * resp->status is already set. 7116 */ 7117 *cs->statusp = resp->status; 7118 rfs4_update_lease(sp->owner->client); 7119 goto end; 7120 } 7121 break; 7122 default: 7123 ASSERT(FALSE); 7124 break; 7125 } 7126 7127 rfs4_dbe_lock(sp->dbe); 7128 /* 7129 * Check that the new access modes and deny modes are valid. 7130 * Check that no invalid bits are set. 7131 */ 7132 if ((access & ~(OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) || 7133 (deny & ~(OPEN4_SHARE_DENY_READ | OPEN4_SHARE_DENY_READ))) { 7134 *cs->statusp = resp->status = NFS4ERR_INVAL; 7135 rfs4_update_open_sequence(sp->owner); 7136 rfs4_dbe_unlock(sp->dbe); 7137 goto end; 7138 } 7139 7140 /* 7141 * The new modes must be a subset of the current modes and 7142 * the access must specify at least one mode. To test that 7143 * the new mode is a subset of the current modes we bitwise 7144 * AND them together and check that the result equals the new 7145 * mode. For example: 7146 * New mode, access == R and current mode, sp->share_access == RW 7147 * access & sp->share_access == R == access, so the new access mode 7148 * is valid. Consider access == RW, sp->share_access = R 7149 * access & sp->share_access == R != access, so the new access mode 7150 * is invalid. 7151 */ 7152 if ((access & sp->share_access) != access || 7153 (deny & sp->share_deny) != deny || 7154 (access & 7155 (OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) == 0) { 7156 *cs->statusp = resp->status = NFS4ERR_INVAL; 7157 rfs4_update_open_sequence(sp->owner); 7158 rfs4_dbe_unlock(sp->dbe); 7159 goto end; 7160 } 7161 7162 /* 7163 * Release any share locks associated with this stateID. 7164 * Strictly speaking, this violates the spec because the 7165 * spec effectively requires that open downgrade be atomic. 7166 * At present, fs_shrlock does not have this capability. 7167 */ 7168 rfs4_dbe_unlock(sp->dbe); 7169 rfs4_unshare(sp); 7170 rfs4_dbe_lock(sp->dbe); 7171 7172 fp = sp->finfo; 7173 rfs4_dbe_lock(fp->dbe); 7174 7175 /* 7176 * If the current mode has deny read and the new mode 7177 * does not, decrement the number of deny read mode bits 7178 * and if it goes to zero turn off the deny read bit 7179 * on the file. 7180 */ 7181 if ((sp->share_deny & OPEN4_SHARE_DENY_READ) && 7182 (deny & OPEN4_SHARE_DENY_READ) == 0) { 7183 fp->deny_read--; 7184 if (fp->deny_read == 0) 7185 fp->share_deny &= ~OPEN4_SHARE_DENY_READ; 7186 } 7187 7188 /* 7189 * If the current mode has deny write and the new mode 7190 * does not, decrement the number of deny write mode bits 7191 * and if it goes to zero turn off the deny write bit 7192 * on the file. 7193 */ 7194 if ((sp->share_deny & OPEN4_SHARE_DENY_WRITE) && 7195 (deny & OPEN4_SHARE_DENY_WRITE) == 0) { 7196 fp->deny_write--; 7197 if (fp->deny_write == 0) 7198 fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE; 7199 } 7200 7201 /* 7202 * If the current mode has access read and the new mode 7203 * does not, decrement the number of access read mode bits 7204 * and if it goes to zero turn off the access read bit 7205 * on the file. 7206 */ 7207 if ((sp->share_access & OPEN4_SHARE_ACCESS_READ) && 7208 (access & OPEN4_SHARE_ACCESS_READ) == 0) { 7209 fp->access_read--; 7210 if (fp->access_read == 0) 7211 fp->share_access &= ~OPEN4_SHARE_ACCESS_READ; 7212 } 7213 7214 /* 7215 * If the current mode has access write and the new mode 7216 * does not, decrement the number of access write mode bits 7217 * and if it goes to zero turn off the access write bit 7218 * on the file. 7219 */ 7220 if ((sp->share_access & OPEN4_SHARE_ACCESS_WRITE) && 7221 (access & OPEN4_SHARE_ACCESS_WRITE) == 0) { 7222 fp->access_write--; 7223 if (fp->access_write == 0) 7224 fp->share_deny &= ~OPEN4_SHARE_ACCESS_WRITE; 7225 } 7226 7227 /* Set the new access and deny modes */ 7228 sp->share_access = access; 7229 sp->share_deny = deny; 7230 /* Check that the file is still accessible */ 7231 ASSERT(fp->share_access); 7232 7233 rfs4_dbe_unlock(fp->dbe); 7234 7235 rfs4_dbe_unlock(sp->dbe); 7236 if ((status = rfs4_share(sp)) != NFS4_OK) { 7237 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 7238 rfs4_update_open_sequence(sp->owner); 7239 goto end; 7240 } 7241 7242 rfs4_dbe_lock(sp->dbe); 7243 7244 /* Update the stateid */ 7245 next_stateid(&sp->stateid); 7246 resp->open_stateid = sp->stateid.stateid; 7247 7248 rfs4_dbe_unlock(sp->dbe); 7249 7250 *cs->statusp = resp->status = NFS4_OK; 7251 /* Update the lease */ 7252 rfs4_update_lease(sp->owner->client); 7253 /* And the sequence */ 7254 rfs4_update_open_sequence(sp->owner); 7255 rfs4_update_open_resp(sp->owner, resop, NULL); 7256 7257 end: 7258 rfs4_sw_exit(&sp->owner->oo_sw); 7259 rfs4_state_rele(sp); 7260 } 7261 7262 /* 7263 * The logic behind this function is detailed in the NFSv4 RFC in the 7264 * SETCLIENTID operation description under IMPLEMENTATION. Refer to 7265 * that section for explicit guidance to server behavior for 7266 * SETCLIENTID. 7267 */ 7268 void 7269 rfs4_op_setclientid(nfs_argop4 *argop, nfs_resop4 *resop, 7270 struct svc_req *req, struct compound_state *cs) 7271 { 7272 SETCLIENTID4args *args = &argop->nfs_argop4_u.opsetclientid; 7273 SETCLIENTID4res *res = &resop->nfs_resop4_u.opsetclientid; 7274 rfs4_client_t *cp, *newcp, *cp_confirmed, *cp_unconfirmed; 7275 bool_t create = TRUE; 7276 char *addr, *netid; 7277 int len; 7278 7279 retry: 7280 newcp = cp_confirmed = cp_unconfirmed = NULL; 7281 7282 /* 7283 * In search of an EXISTING client matching the incoming 7284 * request to establish a new client identifier at the server 7285 */ 7286 create = TRUE; 7287 cp = rfs4_findclient(&args->client, &create, NULL); 7288 7289 /* Should never happen */ 7290 ASSERT(cp != NULL); 7291 7292 if (cp == NULL) { 7293 *cs->statusp = res->status = NFS4ERR_SERVERFAULT; 7294 return; 7295 } 7296 7297 /* 7298 * Easiest case. Client identifier is newly created and is 7299 * unconfirmed. Also note that for this case, no other 7300 * entries exist for the client identifier. Nothing else to 7301 * check. Just setup the response and respond. 7302 */ 7303 if (create) { 7304 *cs->statusp = res->status = NFS4_OK; 7305 res->SETCLIENTID4res_u.resok4.clientid = cp->clientid; 7306 res->SETCLIENTID4res_u.resok4.setclientid_confirm = 7307 cp->confirm_verf; 7308 /* Setup callback information; CB_NULL confirmation later */ 7309 rfs4_client_setcb(cp, &args->callback, args->callback_ident); 7310 7311 rfs4_client_rele(cp); 7312 return; 7313 } 7314 7315 /* 7316 * An existing, confirmed client may exist but it may not have 7317 * been active for at least one lease period. If so, then 7318 * "close" the client and create a new client identifier 7319 */ 7320 if (rfs4_lease_expired(cp)) { 7321 rfs4_client_close(cp); 7322 goto retry; 7323 } 7324 7325 if (cp->need_confirm == TRUE) 7326 cp_unconfirmed = cp; 7327 else 7328 cp_confirmed = cp; 7329 7330 cp = NULL; 7331 7332 /* 7333 * We have a confirmed client, now check for an 7334 * unconfimred entry 7335 */ 7336 if (cp_confirmed) { 7337 /* If creds don't match then client identifier is inuse */ 7338 if (!creds_ok(cp_confirmed->cr_set, req, cs)) { 7339 rfs4_cbinfo_t *cbp; 7340 /* 7341 * Some one else has established this client 7342 * id. Try and say * who they are. We will use 7343 * the call back address supplied by * the 7344 * first client. 7345 */ 7346 *cs->statusp = res->status = NFS4ERR_CLID_INUSE; 7347 7348 addr = netid = NULL; 7349 7350 cbp = &cp_confirmed->cbinfo; 7351 if (cbp->cb_callback.cb_location.r_addr && 7352 cbp->cb_callback.cb_location.r_netid) { 7353 cb_client4 *cbcp = &cbp->cb_callback; 7354 7355 len = strlen(cbcp->cb_location.r_addr)+1; 7356 addr = kmem_alloc(len, KM_SLEEP); 7357 bcopy(cbcp->cb_location.r_addr, addr, len); 7358 len = strlen(cbcp->cb_location.r_netid)+1; 7359 netid = kmem_alloc(len, KM_SLEEP); 7360 bcopy(cbcp->cb_location.r_netid, netid, len); 7361 } 7362 7363 res->SETCLIENTID4res_u.client_using.r_addr = addr; 7364 res->SETCLIENTID4res_u.client_using.r_netid = netid; 7365 7366 rfs4_client_rele(cp_confirmed); 7367 } 7368 7369 /* 7370 * Confirmed, creds match, and verifier matches; must 7371 * be an update of the callback info 7372 */ 7373 if (cp_confirmed->nfs_client.verifier == 7374 args->client.verifier) { 7375 /* Setup callback information */ 7376 rfs4_client_setcb(cp_confirmed, &args->callback, 7377 args->callback_ident); 7378 7379 /* everything okay -- move ahead */ 7380 *cs->statusp = res->status = NFS4_OK; 7381 res->SETCLIENTID4res_u.resok4.clientid = 7382 cp_confirmed->clientid; 7383 7384 /* update the confirm_verifier and return it */ 7385 rfs4_client_scv_next(cp_confirmed); 7386 res->SETCLIENTID4res_u.resok4.setclientid_confirm = 7387 cp_confirmed->confirm_verf; 7388 7389 rfs4_client_rele(cp_confirmed); 7390 return; 7391 } 7392 7393 /* 7394 * Creds match but the verifier doesn't. Must search 7395 * for an unconfirmed client that would be replaced by 7396 * this request. 7397 */ 7398 create = FALSE; 7399 cp_unconfirmed = rfs4_findclient(&args->client, &create, 7400 cp_confirmed); 7401 } 7402 7403 /* 7404 * At this point, we have taken care of the brand new client 7405 * struct, INUSE case, update of an existing, and confirmed 7406 * client struct. 7407 */ 7408 7409 /* 7410 * check to see if things have changed while we originally 7411 * picked up the client struct. If they have, then return and 7412 * retry the processing of this SETCLIENTID request. 7413 */ 7414 if (cp_unconfirmed) { 7415 rfs4_dbe_lock(cp_unconfirmed->dbe); 7416 if (!cp_unconfirmed->need_confirm) { 7417 rfs4_dbe_unlock(cp_unconfirmed->dbe); 7418 rfs4_client_rele(cp_unconfirmed); 7419 if (cp_confirmed) 7420 rfs4_client_rele(cp_confirmed); 7421 goto retry; 7422 } 7423 /* do away with the old unconfirmed one */ 7424 rfs4_dbe_invalidate(cp_unconfirmed->dbe); 7425 rfs4_dbe_unlock(cp_unconfirmed->dbe); 7426 rfs4_client_rele(cp_unconfirmed); 7427 cp_unconfirmed = NULL; 7428 } 7429 7430 /* 7431 * This search will temporarily hide the confirmed client 7432 * struct while a new client struct is created as the 7433 * unconfirmed one. 7434 */ 7435 create = TRUE; 7436 newcp = rfs4_findclient(&args->client, &create, cp_confirmed); 7437 7438 ASSERT(newcp != NULL); 7439 7440 if (newcp == NULL) { 7441 *cs->statusp = res->status = NFS4ERR_SERVERFAULT; 7442 rfs4_client_rele(cp_confirmed); 7443 return; 7444 } 7445 7446 /* 7447 * If one was not created, then a similar request must be in 7448 * process so release and start over with this one 7449 */ 7450 if (create != TRUE) { 7451 rfs4_client_rele(newcp); 7452 if (cp_confirmed) 7453 rfs4_client_rele(cp_confirmed); 7454 goto retry; 7455 } 7456 7457 *cs->statusp = res->status = NFS4_OK; 7458 res->SETCLIENTID4res_u.resok4.clientid = newcp->clientid; 7459 res->SETCLIENTID4res_u.resok4.setclientid_confirm = 7460 newcp->confirm_verf; 7461 /* Setup callback information; CB_NULL confirmation later */ 7462 rfs4_client_setcb(newcp, &args->callback, 7463 args->callback_ident); 7464 7465 newcp->cp_confirmed = cp_confirmed; 7466 7467 rfs4_client_rele(newcp); 7468 } 7469 7470 /*ARGSUSED*/ 7471 void 7472 rfs4_op_setclientid_confirm(nfs_argop4 *argop, nfs_resop4 *resop, 7473 struct svc_req *req, struct compound_state *cs) 7474 { 7475 SETCLIENTID_CONFIRM4args *args = 7476 &argop->nfs_argop4_u.opsetclientid_confirm; 7477 SETCLIENTID_CONFIRM4res *res = 7478 &resop->nfs_resop4_u.opsetclientid_confirm; 7479 rfs4_client_t *cp, *cptoclose = NULL; 7480 7481 *cs->statusp = res->status = NFS4_OK; 7482 7483 cp = rfs4_findclient_by_id(args->clientid, TRUE); 7484 7485 if (cp == NULL) { 7486 *cs->statusp = res->status = 7487 rfs4_check_clientid(&args->clientid, 1); 7488 return; 7489 } 7490 7491 if (!creds_ok(cp, req, cs)) { 7492 *cs->statusp = res->status = NFS4ERR_CLID_INUSE; 7493 rfs4_client_rele(cp); 7494 return; 7495 } 7496 7497 /* If the verifier doesn't match, the record doesn't match */ 7498 if (cp->confirm_verf != args->setclientid_confirm) { 7499 *cs->statusp = res->status = NFS4ERR_STALE_CLIENTID; 7500 rfs4_client_rele(cp); 7501 return; 7502 } 7503 7504 rfs4_dbe_lock(cp->dbe); 7505 cp->need_confirm = FALSE; 7506 if (cp->cp_confirmed) { 7507 cptoclose = cp->cp_confirmed; 7508 cptoclose->ss_remove = 1; 7509 cp->cp_confirmed = NULL; 7510 } 7511 7512 /* 7513 * Update the client's associated server instance, if it's changed 7514 * since the client was created. 7515 */ 7516 if (rfs4_servinst(cp) != rfs4_cur_servinst) 7517 rfs4_servinst_assign(cp, rfs4_cur_servinst); 7518 7519 /* 7520 * Record clientid in stable storage. 7521 * Must be done after server instance has been assigned. 7522 */ 7523 rfs4_ss_clid(cp, req); 7524 7525 rfs4_dbe_unlock(cp->dbe); 7526 7527 if (cptoclose) 7528 /* don't need to rele, client_close does it */ 7529 rfs4_client_close(cptoclose); 7530 7531 /* If needed, initiate CB_NULL call for callback path */ 7532 rfs4_deleg_cb_check(cp); 7533 rfs4_update_lease(cp); 7534 7535 /* 7536 * Check to see if client can perform reclaims 7537 */ 7538 rfs4_ss_chkclid(cp); 7539 7540 rfs4_client_rele(cp); 7541 } 7542 7543 7544 /*ARGSUSED*/ 7545 void 7546 rfs4_op_close(nfs_argop4 *argop, nfs_resop4 *resop, 7547 struct svc_req *req, struct compound_state *cs) 7548 { 7549 /* XXX Currently not using req arg */ 7550 CLOSE4args *args = &argop->nfs_argop4_u.opclose; 7551 CLOSE4res *resp = &resop->nfs_resop4_u.opclose; 7552 rfs4_state_t *sp; 7553 nfsstat4 status; 7554 7555 if (cs->vp == NULL) { 7556 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 7557 return; 7558 } 7559 7560 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_INVALID); 7561 if (status != NFS4_OK) { 7562 *cs->statusp = resp->status = status; 7563 return; 7564 } 7565 7566 /* Ensure specified filehandle matches */ 7567 if (cs->vp != sp->finfo->vp) { 7568 rfs4_state_rele(sp); 7569 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7570 return; 7571 } 7572 7573 /* hold off other access to open_owner while we tinker */ 7574 rfs4_sw_enter(&sp->owner->oo_sw); 7575 7576 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 7577 case NFS4_CHECK_STATEID_OKAY: 7578 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7579 resop) != NFS4_CHKSEQ_OKAY) { 7580 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7581 goto end; 7582 } 7583 break; 7584 case NFS4_CHECK_STATEID_OLD: 7585 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7586 goto end; 7587 case NFS4_CHECK_STATEID_BAD: 7588 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7589 goto end; 7590 case NFS4_CHECK_STATEID_EXPIRED: 7591 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 7592 goto end; 7593 case NFS4_CHECK_STATEID_CLOSED: 7594 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7595 goto end; 7596 case NFS4_CHECK_STATEID_UNCONFIRMED: 7597 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7598 goto end; 7599 case NFS4_CHECK_STATEID_REPLAY: 7600 /* Check the sequence id for the open owner */ 7601 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7602 case NFS4_CHKSEQ_OKAY: 7603 /* 7604 * This is replayed stateid; if seqid matches 7605 * next expected, then client is using wrong seqid. 7606 */ 7607 /* FALL THROUGH */ 7608 case NFS4_CHKSEQ_BAD: 7609 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7610 goto end; 7611 case NFS4_CHKSEQ_REPLAY: 7612 /* 7613 * Note this case is the duplicate case so 7614 * resp->status is already set. 7615 */ 7616 *cs->statusp = resp->status; 7617 rfs4_update_lease(sp->owner->client); 7618 goto end; 7619 } 7620 break; 7621 default: 7622 ASSERT(FALSE); 7623 break; 7624 } 7625 7626 rfs4_dbe_lock(sp->dbe); 7627 7628 /* Update the stateid. */ 7629 next_stateid(&sp->stateid); 7630 resp->open_stateid = sp->stateid.stateid; 7631 7632 rfs4_dbe_unlock(sp->dbe); 7633 7634 rfs4_update_lease(sp->owner->client); 7635 rfs4_update_open_sequence(sp->owner); 7636 rfs4_update_open_resp(sp->owner, resop, NULL); 7637 7638 rfs4_state_close(sp, FALSE, FALSE, cs->cr); 7639 7640 *cs->statusp = resp->status = status; 7641 7642 end: 7643 rfs4_sw_exit(&sp->owner->oo_sw); 7644 rfs4_state_rele(sp); 7645 } 7646 7647 /* 7648 * Manage the counts on the file struct and close all file locks 7649 */ 7650 /*ARGSUSED*/ 7651 void 7652 rfs4_release_share_lock_state(rfs4_state_t *sp, cred_t *cr, 7653 bool_t close_of_client) 7654 { 7655 rfs4_file_t *fp = sp->finfo; 7656 rfs4_lo_state_t *lsp; 7657 struct shrlock shr; 7658 struct shr_locowner shr_loco; 7659 int fflags, s_access, s_deny; 7660 7661 fflags = s_access = s_deny = 0; 7662 /* 7663 * Decrement the count for each access and deny bit that this 7664 * state has contributed to the file. If the file counts go to zero 7665 * clear the appropriate bit in the appropriate mask. 7666 */ 7667 7668 if (sp->share_access & OPEN4_SHARE_ACCESS_READ) { 7669 fp->access_read--; 7670 fflags |= FREAD; 7671 s_access |= F_RDACC; 7672 if (fp->access_read == 0) 7673 fp->share_access &= ~OPEN4_SHARE_ACCESS_READ; 7674 } 7675 if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) { 7676 fp->access_write--; 7677 fflags |= FWRITE; 7678 s_access |= F_WRACC; 7679 if (fp->access_write == 0) 7680 fp->share_access &= ~OPEN4_SHARE_ACCESS_WRITE; 7681 } 7682 if (sp->share_deny & OPEN4_SHARE_DENY_READ) { 7683 fp->deny_read--; 7684 s_deny |= F_RDDNY; 7685 if (fp->deny_read == 0) 7686 fp->share_deny &= ~OPEN4_SHARE_DENY_READ; 7687 } 7688 if (sp->share_deny & OPEN4_SHARE_DENY_WRITE) { 7689 fp->deny_write--; 7690 s_deny |= F_WRDNY; 7691 if (fp->deny_write == 0) 7692 fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE; 7693 } 7694 7695 /* 7696 * If this call is part of the larger closing down of client 7697 * state then it is just easier to release all locks 7698 * associated with this client instead of going through each 7699 * individual file and cleaning locks there. 7700 */ 7701 if (close_of_client) { 7702 if (sp->owner->client->unlksys_completed == FALSE && 7703 sp->lockownerlist.next->lsp != NULL && 7704 sp->owner->client->sysidt != LM_NOSYSID) { 7705 /* Is the PxFS kernel module loaded? */ 7706 if (lm_remove_file_locks != NULL) { 7707 int new_sysid; 7708 7709 /* Encode the cluster nodeid in new sysid */ 7710 new_sysid = sp->owner->client->sysidt; 7711 lm_set_nlmid_flk(&new_sysid); 7712 7713 /* 7714 * This PxFS routine removes file locks for a 7715 * client over all nodes of a cluster. 7716 */ 7717 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 7718 "lm_remove_file_locks(sysid=0x%x)\n", 7719 new_sysid)); 7720 (*lm_remove_file_locks)(new_sysid); 7721 } else { 7722 struct flock64 flk; 7723 7724 /* Release all locks for this client */ 7725 flk.l_type = F_UNLKSYS; 7726 flk.l_whence = 0; 7727 flk.l_start = 0; 7728 flk.l_len = 0; 7729 flk.l_sysid = sp->owner->client->sysidt; 7730 flk.l_pid = 0; 7731 (void) VOP_FRLOCK(sp->finfo->vp, F_SETLK, &flk, 7732 F_REMOTELOCK | FREAD | FWRITE, 7733 (u_offset_t)0, NULL, CRED()); 7734 } 7735 7736 sp->owner->client->unlksys_completed = TRUE; 7737 } 7738 } 7739 7740 /* 7741 * Release all locks on this file by this lock owner or at 7742 * least mark the locks as having been released 7743 */ 7744 for (lsp = sp->lockownerlist.next->lsp; lsp != NULL; 7745 lsp = lsp->lockownerlist.next->lsp) { 7746 7747 lsp->locks_cleaned = TRUE; 7748 7749 /* Was this already taken care of above? */ 7750 if (!close_of_client && 7751 sp->owner->client->sysidt != LM_NOSYSID) 7752 (void) cleanlocks(sp->finfo->vp, lsp->locker->pid, 7753 lsp->locker->client->sysidt); 7754 } 7755 7756 /* 7757 * Release any shrlocks associated with this open state ID. 7758 * This must be done before the rfs4_state gets marked closed. 7759 */ 7760 if (sp->owner->client->sysidt != LM_NOSYSID) { 7761 shr.s_access = s_access; 7762 shr.s_deny = s_deny; 7763 shr.s_pid = rfs4_dbe_getid(sp->owner->dbe); 7764 shr.s_sysid = sp->owner->client->sysidt; 7765 shr_loco.sl_pid = shr.s_pid; 7766 shr_loco.sl_id = shr.s_sysid; 7767 shr.s_owner = (caddr_t)&shr_loco; 7768 shr.s_own_len = sizeof (shr_loco); 7769 (void) vop_shrlock(sp->finfo->vp, F_UNSHARE, &shr, fflags); 7770 } 7771 } 7772 7773 /* 7774 * lock_denied: Fill in a LOCK4deneid structure given an flock64 structure. 7775 */ 7776 static nfsstat4 7777 lock_denied(LOCK4denied *dp, struct flock64 *flk) 7778 { 7779 rfs4_lockowner_t *lo; 7780 rfs4_client_t *cp; 7781 uint32_t len; 7782 7783 lo = rfs4_findlockowner_by_pid(flk->l_pid); 7784 if (lo != NULL) { 7785 cp = lo->client; 7786 if (rfs4_lease_expired(cp)) { 7787 rfs4_lockowner_rele(lo); 7788 rfs4_dbe_hold(cp->dbe); 7789 rfs4_client_close(cp); 7790 return (NFS4ERR_EXPIRED); 7791 } 7792 dp->owner.clientid = lo->owner.clientid; 7793 len = lo->owner.owner_len; 7794 dp->owner.owner_val = kmem_alloc(len, KM_SLEEP); 7795 bcopy(lo->owner.owner_val, dp->owner.owner_val, len); 7796 dp->owner.owner_len = len; 7797 rfs4_lockowner_rele(lo); 7798 goto finish; 7799 } 7800 7801 /* 7802 * Its not a NFS4 lock. We take advantage that the upper 32 bits 7803 * of the client id contain the boot time for a NFS4 lock. So we 7804 * fabricate and identity by setting clientid to the sysid, and 7805 * the lock owner to the pid. 7806 */ 7807 dp->owner.clientid = flk->l_sysid; 7808 len = sizeof (pid_t); 7809 dp->owner.owner_len = len; 7810 dp->owner.owner_val = kmem_alloc(len, KM_SLEEP); 7811 bcopy(&flk->l_pid, dp->owner.owner_val, len); 7812 finish: 7813 dp->offset = flk->l_start; 7814 dp->length = flk->l_len; 7815 7816 if (flk->l_type == F_RDLCK) 7817 dp->locktype = READ_LT; 7818 else if (flk->l_type == F_WRLCK) 7819 dp->locktype = WRITE_LT; 7820 else 7821 return (NFS4ERR_INVAL); /* no mapping from POSIX ltype to v4 */ 7822 7823 return (NFS4_OK); 7824 } 7825 7826 static int 7827 setlock(vnode_t *vp, struct flock64 *flock, int flag, cred_t *cred) 7828 { 7829 int error; 7830 struct flock64 flk; 7831 int i; 7832 clock_t delaytime; 7833 7834 retry: 7835 delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay); 7836 7837 for (i = 0; i < rfs4_maxlock_tries; i++) { 7838 LOCK_PRINT(rfs4_debug, "setlock", F_SETLK, flock); 7839 error = VOP_FRLOCK(vp, F_SETLK, 7840 flock, flag, (u_offset_t)0, NULL, cred); 7841 7842 if (error != EAGAIN && error != EACCES) 7843 break; 7844 7845 if (i < rfs4_maxlock_tries - 1) { 7846 delay(delaytime); 7847 delaytime *= 2; 7848 } 7849 } 7850 7851 if (error == EAGAIN || error == EACCES) { 7852 /* Get the owner of the lock */ 7853 flk = *flock; 7854 LOCK_PRINT(rfs4_debug, "setlock", F_GETLK, &flk); 7855 if (VOP_FRLOCK(vp, F_GETLK, 7856 &flk, flag, (u_offset_t)0, NULL, cred) == 0) { 7857 if (flk.l_type == F_UNLCK) { 7858 /* No longer locked, retry */ 7859 goto retry; 7860 } 7861 *flock = flk; 7862 LOCK_PRINT(rfs4_debug, "setlock(blocking lock)", 7863 F_GETLK, &flk); 7864 } 7865 } 7866 7867 return (error); 7868 } 7869 7870 /*ARGSUSED*/ 7871 static nfsstat4 7872 rfs4_do_lock(rfs4_lo_state_t *lp, nfs_lock_type4 locktype, 7873 seqid4 seqid, offset4 offset, 7874 length4 length, cred_t *cred, nfs_resop4 *resop) 7875 { 7876 nfsstat4 status; 7877 rfs4_lockowner_t *lo = lp->locker; 7878 rfs4_state_t *sp = lp->state; 7879 struct flock64 flock; 7880 int16_t ltype; 7881 int flag; 7882 int error; 7883 sysid_t sysid; 7884 LOCK4res *lres; 7885 7886 if (rfs4_lease_expired(lo->client)) { 7887 return (NFS4ERR_EXPIRED); 7888 } 7889 7890 if ((status = rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK) 7891 return (status); 7892 7893 /* Check for zero length. To lock to end of file use all ones for V4 */ 7894 if (length == 0) 7895 return (NFS4ERR_INVAL); 7896 else if (length == (length4)(~0)) 7897 length = 0; /* Posix to end of file */ 7898 7899 retry: 7900 rfs4_dbe_lock(sp->dbe); 7901 7902 7903 if (resop->resop != OP_LOCKU) { 7904 switch (locktype) { 7905 case READ_LT: 7906 case READW_LT: 7907 if ((sp->share_access 7908 & OPEN4_SHARE_ACCESS_READ) == 0) { 7909 rfs4_dbe_unlock(sp->dbe); 7910 7911 return (NFS4ERR_OPENMODE); 7912 } 7913 ltype = F_RDLCK; 7914 break; 7915 case WRITE_LT: 7916 case WRITEW_LT: 7917 if ((sp->share_access 7918 & OPEN4_SHARE_ACCESS_WRITE) == 0) { 7919 rfs4_dbe_unlock(sp->dbe); 7920 7921 return (NFS4ERR_OPENMODE); 7922 } 7923 ltype = F_WRLCK; 7924 break; 7925 } 7926 } else 7927 ltype = F_UNLCK; 7928 7929 flock.l_type = ltype; 7930 flock.l_whence = 0; /* SEEK_SET */ 7931 flock.l_start = offset; 7932 flock.l_len = length; 7933 flock.l_sysid = sysid; 7934 flock.l_pid = lp->locker->pid; 7935 7936 /* Note that length4 is uint64_t but l_len and l_start are off64_t */ 7937 if (flock.l_len < 0 || flock.l_start < 0) { 7938 rfs4_dbe_unlock(sp->dbe); 7939 return (NFS4ERR_INVAL); 7940 } 7941 7942 /* 7943 * N.B. FREAD has the same value as OPEN4_SHARE_ACCESS_READ and 7944 * FWRITE has the same value as OPEN4_SHARE_ACCESS_WRITE. 7945 */ 7946 flag = (int)sp->share_access | F_REMOTELOCK; 7947 7948 error = setlock(sp->finfo->vp, &flock, flag, cred); 7949 if (error == 0) { 7950 rfs4_dbe_lock(lp->dbe); 7951 next_stateid(&lp->lockid); 7952 rfs4_dbe_unlock(lp->dbe); 7953 } 7954 7955 rfs4_dbe_unlock(sp->dbe); 7956 7957 /* 7958 * N.B. We map error values to nfsv4 errors. This is differrent 7959 * than puterrno4 routine. 7960 */ 7961 switch (error) { 7962 case 0: 7963 status = NFS4_OK; 7964 break; 7965 case EAGAIN: 7966 case EACCES: /* Old value */ 7967 /* Can only get here if op is OP_LOCK */ 7968 ASSERT(resop->resop == OP_LOCK); 7969 lres = &resop->nfs_resop4_u.oplock; 7970 status = NFS4ERR_DENIED; 7971 if (lock_denied(&lres->LOCK4res_u.denied, &flock) 7972 == NFS4ERR_EXPIRED) 7973 goto retry; 7974 break; 7975 case ENOLCK: 7976 status = NFS4ERR_DELAY; 7977 break; 7978 case EOVERFLOW: 7979 status = NFS4ERR_INVAL; 7980 break; 7981 case EINVAL: 7982 status = NFS4ERR_NOTSUPP; 7983 break; 7984 default: 7985 cmn_err(CE_WARN, "rfs4_do_lock: unexpected errno (%d)", 7986 error); 7987 status = NFS4ERR_SERVERFAULT; 7988 break; 7989 } 7990 7991 return (status); 7992 } 7993 7994 /*ARGSUSED*/ 7995 void 7996 rfs4_op_lock(nfs_argop4 *argop, nfs_resop4 *resop, 7997 struct svc_req *req, struct compound_state *cs) 7998 { 7999 /* XXX Currently not using req arg */ 8000 LOCK4args *args = &argop->nfs_argop4_u.oplock; 8001 LOCK4res *resp = &resop->nfs_resop4_u.oplock; 8002 nfsstat4 status; 8003 stateid4 *stateid; 8004 rfs4_lockowner_t *lo; 8005 rfs4_client_t *cp; 8006 rfs4_state_t *sp = NULL; 8007 rfs4_lo_state_t *lsp = NULL; 8008 bool_t ls_sw_held = FALSE; 8009 bool_t create = TRUE; 8010 bool_t lcreate = TRUE; 8011 bool_t dup_lock = FALSE; 8012 int rc; 8013 8014 if (cs->vp == NULL) { 8015 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8016 return; 8017 } 8018 8019 if (args->locker.new_lock_owner) { 8020 /* Create a new lockowner for this instance */ 8021 open_to_lock_owner4 *olo = &args->locker.locker4_u.open_owner; 8022 8023 NFS4_DEBUG(rfs4_debug, (CE_NOTE, "Creating new lock owner")); 8024 8025 stateid = &olo->open_stateid; 8026 status = rfs4_get_state(stateid, &sp, RFS4_DBS_VALID); 8027 if (status != NFS4_OK) { 8028 NFS4_DEBUG(rfs4_debug, 8029 (CE_NOTE, "Get state failed in lock %d", 8030 status)); 8031 *cs->statusp = resp->status = status; 8032 return; 8033 } 8034 8035 /* Ensure specified filehandle matches */ 8036 if (cs->vp != sp->finfo->vp) { 8037 rfs4_state_rele(sp); 8038 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8039 return; 8040 } 8041 8042 /* hold off other access to open_owner while we tinker */ 8043 rfs4_sw_enter(&sp->owner->oo_sw); 8044 8045 switch (rc = rfs4_check_stateid_seqid(sp, stateid)) { 8046 case NFS4_CHECK_STATEID_OLD: 8047 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8048 goto end; 8049 case NFS4_CHECK_STATEID_BAD: 8050 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8051 goto end; 8052 case NFS4_CHECK_STATEID_EXPIRED: 8053 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8054 goto end; 8055 case NFS4_CHECK_STATEID_UNCONFIRMED: 8056 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8057 goto end; 8058 case NFS4_CHECK_STATEID_CLOSED: 8059 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8060 goto end; 8061 case NFS4_CHECK_STATEID_OKAY: 8062 case NFS4_CHECK_STATEID_REPLAY: 8063 switch (rfs4_check_olo_seqid(olo->open_seqid, 8064 sp->owner, resop)) { 8065 case NFS4_CHKSEQ_OKAY: 8066 if (rc == NFS4_CHECK_STATEID_OKAY) 8067 break; 8068 /* 8069 * This is replayed stateid; if seqid 8070 * matches next expected, then client 8071 * is using wrong seqid. 8072 */ 8073 /* FALLTHROUGH */ 8074 case NFS4_CHKSEQ_BAD: 8075 *cs->statusp = resp->status = 8076 NFS4ERR_BAD_SEQID; 8077 goto end; 8078 case NFS4_CHKSEQ_REPLAY: 8079 /* This is a duplicate LOCK request */ 8080 dup_lock = TRUE; 8081 8082 /* 8083 * For a duplicate we do not want to 8084 * create a new lockowner as it should 8085 * already exist. 8086 * Turn off the lockowner create flag. 8087 */ 8088 lcreate = FALSE; 8089 } 8090 break; 8091 } 8092 8093 lo = rfs4_findlockowner(&olo->lock_owner, &lcreate); 8094 if (lo == NULL) { 8095 NFS4_DEBUG(rfs4_debug, 8096 (CE_NOTE, "rfs4_op_lock: no lock owner")); 8097 *cs->statusp = resp->status = NFS4ERR_RESOURCE; 8098 goto end; 8099 } 8100 8101 lsp = rfs4_findlo_state_by_owner(lo, sp, &create); 8102 if (lsp == NULL) { 8103 rfs4_update_lease(sp->owner->client); 8104 /* 8105 * Only update theh open_seqid if this is not 8106 * a duplicate request 8107 */ 8108 if (dup_lock == FALSE) { 8109 rfs4_update_open_sequence(sp->owner); 8110 } 8111 8112 NFS4_DEBUG(rfs4_debug, 8113 (CE_NOTE, "rfs4_op_lock: no state")); 8114 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 8115 rfs4_update_open_resp(sp->owner, resop, NULL); 8116 rfs4_lockowner_rele(lo); 8117 goto end; 8118 } 8119 8120 /* 8121 * This is the new_lock_owner branch and the client is 8122 * supposed to be associating a new lock_owner with 8123 * the open file at this point. If we find that a 8124 * lock_owner/state association already exists and a 8125 * successful LOCK request was returned to the client, 8126 * an error is returned to the client since this is 8127 * not appropriate. The client should be using the 8128 * existing lock_owner branch. 8129 */ 8130 if (dup_lock == FALSE && create == FALSE) { 8131 if (lsp->lock_completed == TRUE) { 8132 *cs->statusp = 8133 resp->status = NFS4ERR_BAD_SEQID; 8134 rfs4_lockowner_rele(lo); 8135 goto end; 8136 } 8137 } 8138 8139 rfs4_update_lease(sp->owner->client); 8140 8141 /* 8142 * Only update theh open_seqid if this is not 8143 * a duplicate request 8144 */ 8145 if (dup_lock == FALSE) { 8146 rfs4_update_open_sequence(sp->owner); 8147 } 8148 8149 /* 8150 * If this is a duplicate lock request, just copy the 8151 * previously saved reply and return. 8152 */ 8153 if (dup_lock == TRUE) { 8154 /* verify that lock_seqid's match */ 8155 if (lsp->seqid != olo->lock_seqid) { 8156 NFS4_DEBUG(rfs4_debug, 8157 (CE_NOTE, "rfs4_op_lock: Dup-Lock seqid bad" 8158 "lsp->seqid=%d old->seqid=%d", 8159 lsp->seqid, olo->lock_seqid)); 8160 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8161 } else { 8162 rfs4_copy_reply(resop, lsp->reply); 8163 /* 8164 * Make sure to copy the just 8165 * retrieved reply status into the 8166 * overall compound status 8167 */ 8168 *cs->statusp = resp->status; 8169 } 8170 rfs4_lockowner_rele(lo); 8171 goto end; 8172 } 8173 8174 rfs4_dbe_lock(lsp->dbe); 8175 8176 /* Make sure to update the lock sequence id */ 8177 lsp->seqid = olo->lock_seqid; 8178 8179 NFS4_DEBUG(rfs4_debug, 8180 (CE_NOTE, "Lock seqid established as %d", lsp->seqid)); 8181 8182 /* 8183 * This is used to signify the newly created lockowner 8184 * stateid and its sequence number. The checks for 8185 * sequence number and increment don't occur on the 8186 * very first lock request for a lockowner. 8187 */ 8188 lsp->skip_seqid_check = TRUE; 8189 8190 /* hold off other access to lsp while we tinker */ 8191 rfs4_sw_enter(&lsp->ls_sw); 8192 ls_sw_held = TRUE; 8193 8194 rfs4_dbe_unlock(lsp->dbe); 8195 8196 rfs4_lockowner_rele(lo); 8197 } else { 8198 stateid = &args->locker.locker4_u.lock_owner.lock_stateid; 8199 /* get lsp and hold the lock on the underlying file struct */ 8200 if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE)) 8201 != NFS4_OK) { 8202 *cs->statusp = resp->status = status; 8203 return; 8204 } 8205 create = FALSE; /* We didn't create lsp */ 8206 8207 /* Ensure specified filehandle matches */ 8208 if (cs->vp != lsp->state->finfo->vp) { 8209 rfs4_lo_state_rele(lsp, TRUE); 8210 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8211 return; 8212 } 8213 8214 /* hold off other access to lsp while we tinker */ 8215 rfs4_sw_enter(&lsp->ls_sw); 8216 ls_sw_held = TRUE; 8217 8218 switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) { 8219 /* 8220 * The stateid looks like it was okay (expected to be 8221 * the next one) 8222 */ 8223 case NFS4_CHECK_STATEID_OKAY: 8224 /* 8225 * The sequence id is now checked. Determine 8226 * if this is a replay or if it is in the 8227 * expected (next) sequence. In the case of a 8228 * replay, there are two replay conditions 8229 * that may occur. The first is the normal 8230 * condition where a LOCK is done with a 8231 * NFS4_OK response and the stateid is 8232 * updated. That case is handled below when 8233 * the stateid is identified as a REPLAY. The 8234 * second is the case where an error is 8235 * returned, like NFS4ERR_DENIED, and the 8236 * sequence number is updated but the stateid 8237 * is not updated. This second case is dealt 8238 * with here. So it may seem odd that the 8239 * stateid is okay but the sequence id is a 8240 * replay but it is okay. 8241 */ 8242 switch (rfs4_check_lock_seqid( 8243 args->locker.locker4_u.lock_owner.lock_seqid, 8244 lsp, resop)) { 8245 case NFS4_CHKSEQ_REPLAY: 8246 if (resp->status != NFS4_OK) { 8247 /* 8248 * Here is our replay and need 8249 * to verify that the last 8250 * response was an error. 8251 */ 8252 *cs->statusp = resp->status; 8253 goto end; 8254 } 8255 /* 8256 * This is done since the sequence id 8257 * looked like a replay but it didn't 8258 * pass our check so a BAD_SEQID is 8259 * returned as a result. 8260 */ 8261 /*FALLTHROUGH*/ 8262 case NFS4_CHKSEQ_BAD: 8263 *cs->statusp = resp->status = 8264 NFS4ERR_BAD_SEQID; 8265 goto end; 8266 case NFS4_CHKSEQ_OKAY: 8267 /* Everything looks okay move ahead */ 8268 break; 8269 } 8270 break; 8271 case NFS4_CHECK_STATEID_OLD: 8272 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8273 goto end; 8274 case NFS4_CHECK_STATEID_BAD: 8275 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8276 goto end; 8277 case NFS4_CHECK_STATEID_EXPIRED: 8278 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8279 goto end; 8280 case NFS4_CHECK_STATEID_CLOSED: 8281 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8282 goto end; 8283 case NFS4_CHECK_STATEID_REPLAY: 8284 switch (rfs4_check_lock_seqid( 8285 args->locker.locker4_u.lock_owner.lock_seqid, 8286 lsp, resop)) { 8287 case NFS4_CHKSEQ_OKAY: 8288 /* 8289 * This is a replayed stateid; if 8290 * seqid matches the next expected, 8291 * then client is using wrong seqid. 8292 */ 8293 case NFS4_CHKSEQ_BAD: 8294 *cs->statusp = resp->status = 8295 NFS4ERR_BAD_SEQID; 8296 goto end; 8297 case NFS4_CHKSEQ_REPLAY: 8298 rfs4_update_lease(lsp->locker->client); 8299 *cs->statusp = status = resp->status; 8300 goto end; 8301 } 8302 break; 8303 default: 8304 ASSERT(FALSE); 8305 break; 8306 } 8307 8308 rfs4_update_lock_sequence(lsp); 8309 rfs4_update_lease(lsp->locker->client); 8310 } 8311 8312 /* 8313 * NFS4 only allows locking on regular files, so 8314 * verify type of object. 8315 */ 8316 if (cs->vp->v_type != VREG) { 8317 if (cs->vp->v_type == VDIR) 8318 status = NFS4ERR_ISDIR; 8319 else 8320 status = NFS4ERR_INVAL; 8321 goto out; 8322 } 8323 8324 cp = lsp->state->owner->client; 8325 8326 if (rfs4_clnt_in_grace(cp) && !args->reclaim) { 8327 status = NFS4ERR_GRACE; 8328 goto out; 8329 } 8330 8331 if (rfs4_clnt_in_grace(cp) && args->reclaim && !cp->can_reclaim) { 8332 status = NFS4ERR_NO_GRACE; 8333 goto out; 8334 } 8335 8336 if (!rfs4_clnt_in_grace(cp) && args->reclaim) { 8337 status = NFS4ERR_NO_GRACE; 8338 goto out; 8339 } 8340 8341 if (lsp->state->finfo->dinfo->dtype == OPEN_DELEGATE_WRITE) 8342 cs->deleg = TRUE; 8343 8344 status = rfs4_do_lock(lsp, args->locktype, 8345 args->locker.locker4_u.lock_owner.lock_seqid, 8346 args->offset, 8347 args->length, cs->cr, resop); 8348 8349 out: 8350 lsp->skip_seqid_check = FALSE; 8351 8352 *cs->statusp = resp->status = status; 8353 8354 if (status == NFS4_OK) { 8355 resp->LOCK4res_u.lock_stateid = lsp->lockid.stateid; 8356 lsp->lock_completed = TRUE; 8357 } 8358 /* 8359 * Only update the "OPEN" response here if this was a new 8360 * lock_owner 8361 */ 8362 if (sp) 8363 rfs4_update_open_resp(sp->owner, resop, NULL); 8364 8365 rfs4_update_lock_resp(lsp, resop); 8366 8367 end: 8368 if (lsp) { 8369 if (ls_sw_held) 8370 rfs4_sw_exit(&lsp->ls_sw); 8371 /* 8372 * If an sp obtained, then the lsp does not represent 8373 * a lock on the file struct. 8374 */ 8375 if (sp != NULL) 8376 rfs4_lo_state_rele(lsp, FALSE); 8377 else 8378 rfs4_lo_state_rele(lsp, TRUE); 8379 } 8380 if (sp) { 8381 rfs4_sw_exit(&sp->owner->oo_sw); 8382 rfs4_state_rele(sp); 8383 } 8384 } 8385 8386 /* free function for LOCK/LOCKT */ 8387 static void 8388 lock_denied_free(nfs_resop4 *resop) 8389 { 8390 LOCK4denied *dp = NULL; 8391 8392 switch (resop->resop) { 8393 case OP_LOCK: 8394 if (resop->nfs_resop4_u.oplock.status == NFS4ERR_DENIED) 8395 dp = &resop->nfs_resop4_u.oplock.LOCK4res_u.denied; 8396 break; 8397 case OP_LOCKT: 8398 if (resop->nfs_resop4_u.oplockt.status == NFS4ERR_DENIED) 8399 dp = &resop->nfs_resop4_u.oplockt.denied; 8400 break; 8401 default: 8402 break; 8403 } 8404 8405 if (dp) 8406 kmem_free(dp->owner.owner_val, dp->owner.owner_len); 8407 } 8408 8409 /*ARGSUSED*/ 8410 void 8411 rfs4_op_locku(nfs_argop4 *argop, nfs_resop4 *resop, 8412 struct svc_req *req, struct compound_state *cs) 8413 { 8414 /* XXX Currently not using req arg */ 8415 LOCKU4args *args = &argop->nfs_argop4_u.oplocku; 8416 LOCKU4res *resp = &resop->nfs_resop4_u.oplocku; 8417 nfsstat4 status; 8418 stateid4 *stateid = &args->lock_stateid; 8419 rfs4_lo_state_t *lsp; 8420 8421 if (cs->vp == NULL) { 8422 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8423 return; 8424 } 8425 8426 if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE)) != NFS4_OK) { 8427 *cs->statusp = resp->status = status; 8428 return; 8429 } 8430 8431 /* Ensure specified filehandle matches */ 8432 if (cs->vp != lsp->state->finfo->vp) { 8433 rfs4_lo_state_rele(lsp, TRUE); 8434 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8435 return; 8436 } 8437 8438 /* hold off other access to lsp while we tinker */ 8439 rfs4_sw_enter(&lsp->ls_sw); 8440 8441 switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) { 8442 case NFS4_CHECK_STATEID_OKAY: 8443 if (rfs4_check_lock_seqid(args->seqid, lsp, resop) 8444 != NFS4_CHKSEQ_OKAY) { 8445 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8446 goto end; 8447 } 8448 break; 8449 case NFS4_CHECK_STATEID_OLD: 8450 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8451 goto end; 8452 case NFS4_CHECK_STATEID_BAD: 8453 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8454 goto end; 8455 case NFS4_CHECK_STATEID_EXPIRED: 8456 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8457 goto end; 8458 case NFS4_CHECK_STATEID_CLOSED: 8459 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8460 goto end; 8461 case NFS4_CHECK_STATEID_REPLAY: 8462 switch (rfs4_check_lock_seqid(args->seqid, lsp, resop)) { 8463 case NFS4_CHKSEQ_OKAY: 8464 /* 8465 * This is a replayed stateid; if 8466 * seqid matches the next expected, 8467 * then client is using wrong seqid. 8468 */ 8469 case NFS4_CHKSEQ_BAD: 8470 *cs->statusp = resp->status = 8471 NFS4ERR_BAD_SEQID; 8472 goto end; 8473 case NFS4_CHKSEQ_REPLAY: 8474 rfs4_update_lease(lsp->locker->client); 8475 *cs->statusp = status = resp->status; 8476 goto end; 8477 } 8478 break; 8479 default: 8480 ASSERT(FALSE); 8481 break; 8482 } 8483 8484 rfs4_update_lock_sequence(lsp); 8485 rfs4_update_lease(lsp->locker->client); 8486 8487 /* 8488 * NFS4 only allows locking on regular files, so 8489 * verify type of object. 8490 */ 8491 if (cs->vp->v_type != VREG) { 8492 if (cs->vp->v_type == VDIR) 8493 status = NFS4ERR_ISDIR; 8494 else 8495 status = NFS4ERR_INVAL; 8496 goto out; 8497 } 8498 8499 if (rfs4_clnt_in_grace(lsp->state->owner->client)) { 8500 status = NFS4ERR_GRACE; 8501 goto out; 8502 } 8503 8504 status = rfs4_do_lock(lsp, args->locktype, 8505 args->seqid, args->offset, 8506 args->length, cs->cr, resop); 8507 8508 out: 8509 *cs->statusp = resp->status = status; 8510 8511 if (status == NFS4_OK) 8512 resp->lock_stateid = lsp->lockid.stateid; 8513 8514 rfs4_update_lock_resp(lsp, resop); 8515 8516 end: 8517 rfs4_sw_exit(&lsp->ls_sw); 8518 rfs4_lo_state_rele(lsp, TRUE); 8519 } 8520 8521 /* 8522 * LOCKT is a best effort routine, the client can not be guaranteed that 8523 * the status return is still in effect by the time the reply is received. 8524 * They are numerous race conditions in this routine, but we are not required 8525 * and can not be accurate. 8526 */ 8527 /*ARGSUSED*/ 8528 void 8529 rfs4_op_lockt(nfs_argop4 *argop, nfs_resop4 *resop, 8530 struct svc_req *req, struct compound_state *cs) 8531 { 8532 LOCKT4args *args = &argop->nfs_argop4_u.oplockt; 8533 LOCKT4res *resp = &resop->nfs_resop4_u.oplockt; 8534 rfs4_lockowner_t *lo; 8535 rfs4_client_t *cp; 8536 bool_t create = FALSE; 8537 struct flock64 flk; 8538 int error; 8539 int flag = FREAD | FWRITE; 8540 int ltype; 8541 length4 posix_length; 8542 sysid_t sysid; 8543 pid_t pid; 8544 8545 if (cs->vp == NULL) { 8546 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8547 return; 8548 } 8549 8550 /* 8551 * NFS4 only allows locking on regular files, so 8552 * verify type of object. 8553 */ 8554 if (cs->vp->v_type != VREG) { 8555 if (cs->vp->v_type == VDIR) 8556 *cs->statusp = resp->status = NFS4ERR_ISDIR; 8557 else 8558 *cs->statusp = resp->status = NFS4ERR_INVAL; 8559 return; 8560 } 8561 8562 /* 8563 * Check out the clientid to ensure the server knows about it 8564 * so that we correctly inform the client of a server reboot. 8565 */ 8566 if ((cp = rfs4_findclient_by_id(args->owner.clientid, FALSE)) 8567 == NULL) { 8568 *cs->statusp = resp->status = 8569 rfs4_check_clientid(&args->owner.clientid, 0); 8570 return; 8571 } 8572 if (rfs4_lease_expired(cp)) { 8573 rfs4_client_close(cp); 8574 /* 8575 * Protocol doesn't allow returning NFS4ERR_STALE as 8576 * other operations do on this check so STALE_CLIENTID 8577 * is returned instead 8578 */ 8579 *cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID; 8580 return; 8581 } 8582 8583 if (rfs4_clnt_in_grace(cp)) { 8584 *cs->statusp = resp->status = NFS4ERR_GRACE; 8585 return; 8586 } 8587 rfs4_client_rele(cp); 8588 8589 resp->status = NFS4_OK; 8590 8591 switch (args->locktype) { 8592 case READ_LT: 8593 case READW_LT: 8594 ltype = F_RDLCK; 8595 break; 8596 case WRITE_LT: 8597 case WRITEW_LT: 8598 ltype = F_WRLCK; 8599 break; 8600 } 8601 8602 posix_length = args->length; 8603 /* Check for zero length. To lock to end of file use all ones for V4 */ 8604 if (posix_length == 0) { 8605 *cs->statusp = resp->status = NFS4ERR_INVAL; 8606 return; 8607 } else if (posix_length == (length4)(~0)) { 8608 posix_length = 0; /* Posix to end of file */ 8609 } 8610 8611 /* Find or create a lockowner */ 8612 lo = rfs4_findlockowner(&args->owner, &create); 8613 8614 if (lo) { 8615 pid = lo->pid; 8616 if ((resp->status = 8617 rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK) 8618 goto out; 8619 } else { 8620 pid = 0; 8621 sysid = lockt_sysid; 8622 } 8623 retry: 8624 flk.l_type = ltype; 8625 flk.l_whence = 0; /* SEEK_SET */ 8626 flk.l_start = args->offset; 8627 flk.l_len = posix_length; 8628 flk.l_sysid = sysid; 8629 flk.l_pid = pid; 8630 flag |= F_REMOTELOCK; 8631 8632 LOCK_PRINT(rfs4_debug, "rfs4_op_lockt", F_GETLK, &flk); 8633 8634 /* Note that length4 is uint64_t but l_len and l_start are off64_t */ 8635 if (flk.l_len < 0 || flk.l_start < 0) { 8636 resp->status = NFS4ERR_INVAL; 8637 goto out; 8638 } 8639 error = VOP_FRLOCK(cs->vp, F_GETLK, &flk, flag, (u_offset_t)0, 8640 NULL, cs->cr); 8641 8642 /* 8643 * N.B. We map error values to nfsv4 errors. This is differrent 8644 * than puterrno4 routine. 8645 */ 8646 switch (error) { 8647 case 0: 8648 if (flk.l_type == F_UNLCK) 8649 resp->status = NFS4_OK; 8650 else { 8651 if (lock_denied(&resp->denied, &flk) == NFS4ERR_EXPIRED) 8652 goto retry; 8653 resp->status = NFS4ERR_DENIED; 8654 } 8655 break; 8656 case EOVERFLOW: 8657 resp->status = NFS4ERR_INVAL; 8658 break; 8659 case EINVAL: 8660 resp->status = NFS4ERR_NOTSUPP; 8661 break; 8662 default: 8663 cmn_err(CE_WARN, "rfs4_op_lockt: unexpected errno (%d)", 8664 error); 8665 resp->status = NFS4ERR_SERVERFAULT; 8666 break; 8667 } 8668 8669 out: 8670 if (lo) 8671 rfs4_lockowner_rele(lo); 8672 *cs->statusp = resp->status; 8673 } 8674 8675 static int 8676 vop_shrlock(vnode_t *vp, int cmd, struct shrlock *sp, int fflags) 8677 { 8678 int err; 8679 8680 if (cmd == F_UNSHARE && sp->s_deny == 0 && sp->s_access == 0) 8681 return (0); 8682 8683 err = VOP_SHRLOCK(vp, cmd, sp, fflags, CRED()); 8684 8685 NFS4_DEBUG(rfs4_shrlock_debug, 8686 (CE_NOTE, "rfs4_shrlock %s vp=%p acc=%d dny=%d sysid=%d " 8687 "pid=%d err=%d\n", cmd == F_SHARE ? "SHARE" : "UNSHR", 8688 (void *) vp, sp->s_access, sp->s_deny, sp->s_sysid, sp->s_pid, 8689 err)); 8690 8691 return (err); 8692 } 8693 8694 static int 8695 rfs4_shrlock(rfs4_state_t *sp, int cmd) 8696 { 8697 struct shrlock shr; 8698 struct shr_locowner shr_loco; 8699 int fflags; 8700 8701 fflags = shr.s_access = shr.s_deny = 0; 8702 8703 if (sp->share_access & OPEN4_SHARE_ACCESS_READ) { 8704 fflags |= FREAD; 8705 shr.s_access |= F_RDACC; 8706 } 8707 if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) { 8708 fflags |= FWRITE; 8709 shr.s_access |= F_WRACC; 8710 } 8711 if (sp->share_deny & OPEN4_SHARE_DENY_READ) 8712 shr.s_deny |= F_RDDNY; 8713 if (sp->share_deny & OPEN4_SHARE_DENY_WRITE) 8714 shr.s_deny |= F_WRDNY; 8715 8716 shr.s_pid = rfs4_dbe_getid(sp->owner->dbe); 8717 shr.s_sysid = sp->owner->client->sysidt; 8718 shr_loco.sl_pid = shr.s_pid; 8719 shr_loco.sl_id = shr.s_sysid; 8720 shr.s_owner = (caddr_t)&shr_loco; 8721 shr.s_own_len = sizeof (shr_loco); 8722 return (vop_shrlock(sp->finfo->vp, cmd, &shr, fflags)); 8723 } 8724 8725 static int 8726 rfs4_share(rfs4_state_t *sp) 8727 { 8728 return (rfs4_shrlock(sp, F_SHARE)); 8729 } 8730 8731 void 8732 rfs4_unshare(rfs4_state_t *sp) 8733 { 8734 (void) rfs4_shrlock(sp, F_UNSHARE); 8735 } 8736