1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Copyright (c) 1983,1984,1985,1986,1987,1988,1989 AT&T. 28 * All Rights Reserved 29 */ 30 31 #pragma ident "%Z%%M% %I% %E% SMI" 32 33 #include <sys/param.h> 34 #include <sys/types.h> 35 #include <sys/systm.h> 36 #include <sys/cred.h> 37 #include <sys/buf.h> 38 #include <sys/vfs.h> 39 #include <sys/vfs_opreg.h> 40 #include <sys/vnode.h> 41 #include <sys/uio.h> 42 #include <sys/errno.h> 43 #include <sys/sysmacros.h> 44 #include <sys/statvfs.h> 45 #include <sys/kmem.h> 46 #include <sys/dirent.h> 47 #include <sys/cmn_err.h> 48 #include <sys/debug.h> 49 #include <sys/systeminfo.h> 50 #include <sys/flock.h> 51 #include <sys/pathname.h> 52 #include <sys/nbmlock.h> 53 #include <sys/share.h> 54 #include <sys/atomic.h> 55 #include <sys/policy.h> 56 #include <sys/fem.h> 57 #include <sys/sdt.h> 58 #include <sys/ddi.h> 59 60 #include <rpc/types.h> 61 #include <rpc/auth.h> 62 #include <rpc/rpcsec_gss.h> 63 #include <rpc/svc.h> 64 65 #include <nfs/nfs.h> 66 #include <nfs/export.h> 67 #include <nfs/lm.h> 68 #include <nfs/nfs4.h> 69 70 #include <sys/strsubr.h> 71 #include <sys/strsun.h> 72 73 #include <inet/common.h> 74 #include <inet/ip.h> 75 #include <inet/ip6.h> 76 77 #include <sys/tsol/label.h> 78 #include <sys/tsol/tndb.h> 79 80 #define RFS4_MAXLOCK_TRIES 4 /* Try to get the lock this many times */ 81 static int rfs4_maxlock_tries = RFS4_MAXLOCK_TRIES; 82 #define RFS4_LOCK_DELAY 10 /* Milliseconds */ 83 static clock_t rfs4_lock_delay = RFS4_LOCK_DELAY; 84 85 /* End of Tunables */ 86 87 /* 88 * Used to bump the stateid4.seqid value and show changes in the stateid 89 */ 90 #define next_stateid(sp) (++(sp)->bits.chgseq) 91 92 /* 93 * RFS4_MINLEN_ENTRY4: XDR-encoded size of smallest possible dirent. 94 * This is used to return NFS4ERR_TOOSMALL when clients specify 95 * maxcount that isn't large enough to hold the smallest possible 96 * XDR encoded dirent. 97 * 98 * sizeof cookie (8 bytes) + 99 * sizeof name_len (4 bytes) + 100 * sizeof smallest (padded) name (4 bytes) + 101 * sizeof bitmap4_len (12 bytes) + NOTE: we always encode len=2 bm4 102 * sizeof attrlist4_len (4 bytes) + 103 * sizeof next boolean (4 bytes) 104 * 105 * RFS4_MINLEN_RDDIR4: XDR-encoded size of READDIR op reply containing 106 * the smallest possible entry4 (assumes no attrs requested). 107 * sizeof nfsstat4 (4 bytes) + 108 * sizeof verifier4 (8 bytes) + 109 * sizeof entry4list bool (4 bytes) + 110 * sizeof entry4 (36 bytes) + 111 * sizeof eof bool (4 bytes) 112 * 113 * RFS4_MINLEN_RDDIR_BUF: minimum length of buffer server will provide to 114 * VOP_READDIR. Its value is the size of the maximum possible dirent 115 * for solaris. The DIRENT64_RECLEN macro returns the size of dirent 116 * required for a given name length. MAXNAMELEN is the maximum 117 * filename length allowed in Solaris. The first two DIRENT64_RECLEN() 118 * macros are to allow for . and .. entries -- just a minor tweak to try 119 * and guarantee that buffer we give to VOP_READDIR will be large enough 120 * to hold ., .., and the largest possible solaris dirent64. 121 */ 122 #define RFS4_MINLEN_ENTRY4 36 123 #define RFS4_MINLEN_RDDIR4 (4 + NFS4_VERIFIER_SIZE + 4 + RFS4_MINLEN_ENTRY4 + 4) 124 #define RFS4_MINLEN_RDDIR_BUF \ 125 (DIRENT64_RECLEN(1) + DIRENT64_RECLEN(2) + DIRENT64_RECLEN(MAXNAMELEN)) 126 127 /* 128 * It would be better to pad to 4 bytes since that's what XDR would do, 129 * but the dirents UFS gives us are already padded to 8, so just take 130 * what we're given. Dircount is only a hint anyway. Currently the 131 * solaris kernel is ASCII only, so there's no point in calling the 132 * UTF8 functions. 133 * 134 * dirent64: named padded to provide 8 byte struct alignment 135 * d_ino(8) + d_off(8) + d_reclen(2) + d_name(namelen + null(1) + pad) 136 * 137 * cookie: uint64_t + utf8namelen: uint_t + utf8name padded to 8 bytes 138 * 139 */ 140 #define DIRENT64_TO_DIRCOUNT(dp) \ 141 (3 * BYTES_PER_XDR_UNIT + DIRENT64_NAMELEN((dp)->d_reclen)) 142 143 time_t rfs4_start_time; /* Initialized in rfs4_srvrinit */ 144 145 static sysid_t lockt_sysid; /* dummy sysid for all LOCKT calls */ 146 147 u_longlong_t nfs4_srv_caller_id; 148 uint_t nfs4_srv_vkey = 0; 149 150 verifier4 Write4verf; 151 verifier4 Readdir4verf; 152 153 void rfs4_init_compound_state(struct compound_state *); 154 155 static void nullfree(caddr_t); 156 static void rfs4_op_inval(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 157 struct compound_state *); 158 static void rfs4_op_access(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 159 struct compound_state *); 160 static void rfs4_op_close(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 161 struct compound_state *); 162 static void rfs4_op_commit(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 163 struct compound_state *); 164 static void rfs4_op_create(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 165 struct compound_state *); 166 static void rfs4_op_create_free(nfs_resop4 *resop); 167 static void rfs4_op_delegreturn(nfs_argop4 *, nfs_resop4 *, 168 struct svc_req *, struct compound_state *); 169 static void rfs4_op_getattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 170 struct compound_state *); 171 static void rfs4_op_getattr_free(nfs_resop4 *); 172 static void rfs4_op_getfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 173 struct compound_state *); 174 static void rfs4_op_getfh_free(nfs_resop4 *); 175 static void rfs4_op_illegal(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 176 struct compound_state *); 177 static void rfs4_op_link(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 178 struct compound_state *); 179 static void rfs4_op_lock(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 180 struct compound_state *); 181 static void lock_denied_free(nfs_resop4 *); 182 static void rfs4_op_locku(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 183 struct compound_state *); 184 static void rfs4_op_lockt(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 185 struct compound_state *); 186 static void rfs4_op_lookup(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 187 struct compound_state *); 188 static void rfs4_op_lookupp(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 189 struct compound_state *); 190 static void rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop, 191 struct svc_req *req, struct compound_state *cs); 192 static void rfs4_op_nverify(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 193 struct compound_state *); 194 static void rfs4_op_open(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 195 struct compound_state *); 196 static void rfs4_op_open_confirm(nfs_argop4 *, nfs_resop4 *, 197 struct svc_req *, struct compound_state *); 198 static void rfs4_op_open_downgrade(nfs_argop4 *, nfs_resop4 *, 199 struct svc_req *, struct compound_state *); 200 static void rfs4_op_putfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 201 struct compound_state *); 202 static void rfs4_op_putpubfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 203 struct compound_state *); 204 static void rfs4_op_putrootfh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 205 struct compound_state *); 206 static void rfs4_op_read(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 207 struct compound_state *); 208 static void rfs4_op_read_free(nfs_resop4 *); 209 static void rfs4_op_readdir_free(nfs_resop4 *resop); 210 static void rfs4_op_readlink(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 211 struct compound_state *); 212 static void rfs4_op_readlink_free(nfs_resop4 *); 213 static void rfs4_op_release_lockowner(nfs_argop4 *, nfs_resop4 *, 214 struct svc_req *, struct compound_state *); 215 static void rfs4_op_remove(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 216 struct compound_state *); 217 static void rfs4_op_rename(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 218 struct compound_state *); 219 static void rfs4_op_renew(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 220 struct compound_state *); 221 static void rfs4_op_restorefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 222 struct compound_state *); 223 static void rfs4_op_savefh(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 224 struct compound_state *); 225 static void rfs4_op_setattr(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 226 struct compound_state *); 227 static void rfs4_op_verify(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 228 struct compound_state *); 229 static void rfs4_op_write(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 230 struct compound_state *); 231 static void rfs4_op_setclientid(nfs_argop4 *, nfs_resop4 *, 232 struct svc_req *, struct compound_state *); 233 static void rfs4_op_setclientid_confirm(nfs_argop4 *, nfs_resop4 *, 234 struct svc_req *req, struct compound_state *); 235 static void rfs4_op_secinfo(nfs_argop4 *, nfs_resop4 *, struct svc_req *, 236 struct compound_state *); 237 static void rfs4_op_secinfo_free(nfs_resop4 *); 238 239 static nfsstat4 check_open_access(uint32_t, 240 struct compound_state *, struct svc_req *); 241 nfsstat4 rfs4_client_sysid(rfs4_client_t *, sysid_t *); 242 static int vop_shrlock(vnode_t *, int, struct shrlock *, int); 243 static int rfs4_shrlock(rfs4_state_t *, int); 244 static int rfs4_share(rfs4_state_t *); 245 void rfs4_ss_clid(rfs4_client_t *, struct svc_req *); 246 247 /* 248 * translation table for attrs 249 */ 250 struct nfs4_ntov_table { 251 union nfs4_attr_u *na; 252 uint8_t amap[NFS4_MAXNUM_ATTRS]; 253 int attrcnt; 254 bool_t vfsstat; 255 }; 256 257 static void nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp); 258 static void nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp, 259 struct nfs4_svgetit_arg *sargp); 260 261 static nfsstat4 do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp, 262 struct compound_state *cs, struct nfs4_svgetit_arg *sargp, 263 struct nfs4_ntov_table *ntovp, nfs4_attr_cmd_t cmd); 264 265 fem_t *deleg_rdops; 266 fem_t *deleg_wrops; 267 268 rfs4_servinst_t *rfs4_cur_servinst = NULL; /* current server instance */ 269 kmutex_t rfs4_servinst_lock; /* protects linked list */ 270 int rfs4_seen_first_compound; /* set first time we see one */ 271 272 /* 273 * NFS4 op dispatch table 274 */ 275 276 struct rfsv4disp { 277 void (*dis_proc)(); /* proc to call */ 278 void (*dis_resfree)(); /* frees space allocated by proc */ 279 int dis_flags; /* RPC_IDEMPOTENT, etc... */ 280 }; 281 282 static struct rfsv4disp rfsv4disptab[] = { 283 /* 284 * NFS VERSION 4 285 */ 286 287 /* RFS_NULL = 0 */ 288 {rfs4_op_illegal, nullfree, 0}, 289 290 /* UNUSED = 1 */ 291 {rfs4_op_illegal, nullfree, 0}, 292 293 /* UNUSED = 2 */ 294 {rfs4_op_illegal, nullfree, 0}, 295 296 /* OP_ACCESS = 3 */ 297 {rfs4_op_access, nullfree, RPC_IDEMPOTENT}, 298 299 /* OP_CLOSE = 4 */ 300 {rfs4_op_close, nullfree, 0}, 301 302 /* OP_COMMIT = 5 */ 303 {rfs4_op_commit, nullfree, RPC_IDEMPOTENT}, 304 305 /* OP_CREATE = 6 */ 306 {rfs4_op_create, nullfree, 0}, 307 308 /* OP_DELEGPURGE = 7 */ 309 {rfs4_op_inval, nullfree, 0}, 310 311 /* OP_DELEGRETURN = 8 */ 312 {rfs4_op_delegreturn, nullfree, 0}, 313 314 /* OP_GETATTR = 9 */ 315 {rfs4_op_getattr, rfs4_op_getattr_free, RPC_IDEMPOTENT}, 316 317 /* OP_GETFH = 10 */ 318 {rfs4_op_getfh, rfs4_op_getfh_free, RPC_ALL}, 319 320 /* OP_LINK = 11 */ 321 {rfs4_op_link, nullfree, 0}, 322 323 /* OP_LOCK = 12 */ 324 {rfs4_op_lock, lock_denied_free, 0}, 325 326 /* OP_LOCKT = 13 */ 327 {rfs4_op_lockt, lock_denied_free, 0}, 328 329 /* OP_LOCKU = 14 */ 330 {rfs4_op_locku, nullfree, 0}, 331 332 /* OP_LOOKUP = 15 */ 333 {rfs4_op_lookup, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)}, 334 335 /* OP_LOOKUPP = 16 */ 336 {rfs4_op_lookupp, nullfree, (RPC_IDEMPOTENT|RPC_PUBLICFH_OK)}, 337 338 /* OP_NVERIFY = 17 */ 339 {rfs4_op_nverify, nullfree, RPC_IDEMPOTENT}, 340 341 /* OP_OPEN = 18 */ 342 {rfs4_op_open, rfs4_free_reply, 0}, 343 344 /* OP_OPENATTR = 19 */ 345 {rfs4_op_openattr, nullfree, 0}, 346 347 /* OP_OPEN_CONFIRM = 20 */ 348 {rfs4_op_open_confirm, nullfree, 0}, 349 350 /* OP_OPEN_DOWNGRADE = 21 */ 351 {rfs4_op_open_downgrade, nullfree, 0}, 352 353 /* OP_OPEN_PUTFH = 22 */ 354 {rfs4_op_putfh, nullfree, RPC_ALL}, 355 356 /* OP_PUTPUBFH = 23 */ 357 {rfs4_op_putpubfh, nullfree, RPC_ALL}, 358 359 /* OP_PUTROOTFH = 24 */ 360 {rfs4_op_putrootfh, nullfree, RPC_ALL}, 361 362 /* OP_READ = 25 */ 363 {rfs4_op_read, rfs4_op_read_free, RPC_IDEMPOTENT}, 364 365 /* OP_READDIR = 26 */ 366 {rfs4_op_readdir, rfs4_op_readdir_free, RPC_IDEMPOTENT}, 367 368 /* OP_READLINK = 27 */ 369 {rfs4_op_readlink, rfs4_op_readlink_free, RPC_IDEMPOTENT}, 370 371 /* OP_REMOVE = 28 */ 372 {rfs4_op_remove, nullfree, 0}, 373 374 /* OP_RENAME = 29 */ 375 {rfs4_op_rename, nullfree, 0}, 376 377 /* OP_RENEW = 30 */ 378 {rfs4_op_renew, nullfree, 0}, 379 380 /* OP_RESTOREFH = 31 */ 381 {rfs4_op_restorefh, nullfree, RPC_ALL}, 382 383 /* OP_SAVEFH = 32 */ 384 {rfs4_op_savefh, nullfree, RPC_ALL}, 385 386 /* OP_SECINFO = 33 */ 387 {rfs4_op_secinfo, rfs4_op_secinfo_free, 0}, 388 389 /* OP_SETATTR = 34 */ 390 {rfs4_op_setattr, nullfree, 0}, 391 392 /* OP_SETCLIENTID = 35 */ 393 {rfs4_op_setclientid, nullfree, 0}, 394 395 /* OP_SETCLIENTID_CONFIRM = 36 */ 396 {rfs4_op_setclientid_confirm, nullfree, 0}, 397 398 /* OP_VERIFY = 37 */ 399 {rfs4_op_verify, nullfree, RPC_IDEMPOTENT}, 400 401 /* OP_WRITE = 38 */ 402 {rfs4_op_write, nullfree, 0}, 403 404 /* OP_RELEASE_LOCKOWNER = 39 */ 405 {rfs4_op_release_lockowner, nullfree, 0}, 406 }; 407 408 static uint_t rfsv4disp_cnt = sizeof (rfsv4disptab) / sizeof (rfsv4disptab[0]); 409 410 #define OP_ILLEGAL_IDX (rfsv4disp_cnt) 411 412 #ifdef DEBUG 413 414 int rfs4_fillone_debug = 0; 415 int rfs4_shrlock_debug = 0; 416 int rfs4_no_stub_access = 1; 417 int rfs4_rddir_debug = 0; 418 419 static char *rfs4_op_string[] = { 420 "rfs4_op_null", 421 "rfs4_op_1 unused", 422 "rfs4_op_2 unused", 423 "rfs4_op_access", 424 "rfs4_op_close", 425 "rfs4_op_commit", 426 "rfs4_op_create", 427 "rfs4_op_delegpurge", 428 "rfs4_op_delegreturn", 429 "rfs4_op_getattr", 430 "rfs4_op_getfh", 431 "rfs4_op_link", 432 "rfs4_op_lock", 433 "rfs4_op_lockt", 434 "rfs4_op_locku", 435 "rfs4_op_lookup", 436 "rfs4_op_lookupp", 437 "rfs4_op_nverify", 438 "rfs4_op_open", 439 "rfs4_op_openattr", 440 "rfs4_op_open_confirm", 441 "rfs4_op_open_downgrade", 442 "rfs4_op_putfh", 443 "rfs4_op_putpubfh", 444 "rfs4_op_putrootfh", 445 "rfs4_op_read", 446 "rfs4_op_readdir", 447 "rfs4_op_readlink", 448 "rfs4_op_remove", 449 "rfs4_op_rename", 450 "rfs4_op_renew", 451 "rfs4_op_restorefh", 452 "rfs4_op_savefh", 453 "rfs4_op_secinfo", 454 "rfs4_op_setattr", 455 "rfs4_op_setclientid", 456 "rfs4_op_setclient_confirm", 457 "rfs4_op_verify", 458 "rfs4_op_write", 459 "rfs4_op_release_lockowner", 460 "rfs4_op_illegal" 461 }; 462 #endif 463 464 void rfs4_ss_chkclid(rfs4_client_t *); 465 466 extern size_t strlcpy(char *dst, const char *src, size_t dstsize); 467 468 #ifdef nextdp 469 #undef nextdp 470 #endif 471 #define nextdp(dp) ((struct dirent64 *)((char *)(dp) + (dp)->d_reclen)) 472 473 static const fs_operation_def_t nfs4_rd_deleg_tmpl[] = { 474 VOPNAME_OPEN, { .femop_open = deleg_rd_open }, 475 VOPNAME_WRITE, { .femop_write = deleg_rd_write }, 476 VOPNAME_SETATTR, { .femop_setattr = deleg_rd_setattr }, 477 VOPNAME_RWLOCK, { .femop_rwlock = deleg_rd_rwlock }, 478 VOPNAME_SPACE, { .femop_space = deleg_rd_space }, 479 VOPNAME_SETSECATTR, { .femop_setsecattr = deleg_rd_setsecattr }, 480 VOPNAME_VNEVENT, { .femop_vnevent = deleg_rd_vnevent }, 481 NULL, NULL 482 }; 483 static const fs_operation_def_t nfs4_wr_deleg_tmpl[] = { 484 VOPNAME_OPEN, { .femop_open = deleg_wr_open }, 485 VOPNAME_READ, { .femop_read = deleg_wr_read }, 486 VOPNAME_WRITE, { .femop_write = deleg_wr_write }, 487 VOPNAME_SETATTR, { .femop_setattr = deleg_wr_setattr }, 488 VOPNAME_RWLOCK, { .femop_rwlock = deleg_wr_rwlock }, 489 VOPNAME_SPACE, { .femop_space = deleg_wr_space }, 490 VOPNAME_SETSECATTR, { .femop_setsecattr = deleg_wr_setsecattr }, 491 VOPNAME_VNEVENT, { .femop_vnevent = deleg_wr_vnevent }, 492 NULL, NULL 493 }; 494 495 int 496 rfs4_srvrinit(void) 497 { 498 timespec32_t verf; 499 int error; 500 extern void rfs4_attr_init(); 501 extern krwlock_t rfs4_deleg_policy_lock; 502 503 /* 504 * The following algorithm attempts to find a unique verifier 505 * to be used as the write verifier returned from the server 506 * to the client. It is important that this verifier change 507 * whenever the server reboots. Of secondary importance, it 508 * is important for the verifier to be unique between two 509 * different servers. 510 * 511 * Thus, an attempt is made to use the system hostid and the 512 * current time in seconds when the nfssrv kernel module is 513 * loaded. It is assumed that an NFS server will not be able 514 * to boot and then to reboot in less than a second. If the 515 * hostid has not been set, then the current high resolution 516 * time is used. This will ensure different verifiers each 517 * time the server reboots and minimize the chances that two 518 * different servers will have the same verifier. 519 * XXX - this is broken on LP64 kernels. 520 */ 521 verf.tv_sec = (time_t)nfs_atoi(hw_serial); 522 if (verf.tv_sec != 0) { 523 verf.tv_nsec = gethrestime_sec(); 524 } else { 525 timespec_t tverf; 526 527 gethrestime(&tverf); 528 verf.tv_sec = (time_t)tverf.tv_sec; 529 verf.tv_nsec = tverf.tv_nsec; 530 } 531 532 Write4verf = *(uint64_t *)&verf; 533 534 rfs4_attr_init(); 535 mutex_init(&rfs4_deleg_lock, NULL, MUTEX_DEFAULT, NULL); 536 537 /* Used to manage create/destroy of server state */ 538 mutex_init(&rfs4_state_lock, NULL, MUTEX_DEFAULT, NULL); 539 540 /* Used to manage access to server instance linked list */ 541 mutex_init(&rfs4_servinst_lock, NULL, MUTEX_DEFAULT, NULL); 542 543 /* Used to manage access to rfs4_deleg_policy */ 544 rw_init(&rfs4_deleg_policy_lock, NULL, RW_DEFAULT, NULL); 545 546 error = fem_create("deleg_rdops", nfs4_rd_deleg_tmpl, &deleg_rdops); 547 if (error != 0) { 548 rfs4_disable_delegation(); 549 } else { 550 error = fem_create("deleg_wrops", nfs4_wr_deleg_tmpl, 551 &deleg_wrops); 552 if (error != 0) { 553 rfs4_disable_delegation(); 554 fem_free(deleg_rdops); 555 } 556 } 557 558 nfs4_srv_caller_id = fs_new_caller_id(); 559 560 lockt_sysid = lm_alloc_sysidt(); 561 562 vsd_create(&nfs4_srv_vkey, NULL); 563 564 return (0); 565 } 566 567 void 568 rfs4_srvrfini(void) 569 { 570 extern krwlock_t rfs4_deleg_policy_lock; 571 572 if (lockt_sysid != LM_NOSYSID) { 573 lm_free_sysidt(lockt_sysid); 574 lockt_sysid = LM_NOSYSID; 575 } 576 577 mutex_destroy(&rfs4_deleg_lock); 578 mutex_destroy(&rfs4_state_lock); 579 rw_destroy(&rfs4_deleg_policy_lock); 580 581 fem_free(deleg_rdops); 582 fem_free(deleg_wrops); 583 } 584 585 void 586 rfs4_init_compound_state(struct compound_state *cs) 587 { 588 bzero(cs, sizeof (*cs)); 589 cs->cont = TRUE; 590 cs->access = CS_ACCESS_DENIED; 591 cs->deleg = FALSE; 592 cs->mandlock = FALSE; 593 cs->fh.nfs_fh4_val = cs->fhbuf; 594 } 595 596 void 597 rfs4_grace_start(rfs4_servinst_t *sip) 598 { 599 time_t now = gethrestime_sec(); 600 601 rw_enter(&sip->rwlock, RW_WRITER); 602 sip->start_time = now; 603 sip->grace_period = rfs4_grace_period; 604 rw_exit(&sip->rwlock); 605 } 606 607 /* 608 * returns true if the instance's grace period has never been started 609 */ 610 int 611 rfs4_servinst_grace_new(rfs4_servinst_t *sip) 612 { 613 time_t start_time; 614 615 rw_enter(&sip->rwlock, RW_READER); 616 start_time = sip->start_time; 617 rw_exit(&sip->rwlock); 618 619 return (start_time == 0); 620 } 621 622 /* 623 * Indicates if server instance is within the 624 * grace period. 625 */ 626 int 627 rfs4_servinst_in_grace(rfs4_servinst_t *sip) 628 { 629 time_t grace_expiry; 630 631 rw_enter(&sip->rwlock, RW_READER); 632 grace_expiry = sip->start_time + sip->grace_period; 633 rw_exit(&sip->rwlock); 634 635 return (gethrestime_sec() < grace_expiry); 636 } 637 638 int 639 rfs4_clnt_in_grace(rfs4_client_t *cp) 640 { 641 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 642 643 return (rfs4_servinst_in_grace(cp->server_instance)); 644 } 645 646 /* 647 * reset all currently active grace periods 648 */ 649 void 650 rfs4_grace_reset_all(void) 651 { 652 rfs4_servinst_t *sip; 653 654 mutex_enter(&rfs4_servinst_lock); 655 for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) 656 if (rfs4_servinst_in_grace(sip)) 657 rfs4_grace_start(sip); 658 mutex_exit(&rfs4_servinst_lock); 659 } 660 661 /* 662 * start any new instances' grace periods 663 */ 664 void 665 rfs4_grace_start_new(void) 666 { 667 rfs4_servinst_t *sip; 668 669 mutex_enter(&rfs4_servinst_lock); 670 for (sip = rfs4_cur_servinst; sip != NULL; sip = sip->prev) 671 if (rfs4_servinst_grace_new(sip)) 672 rfs4_grace_start(sip); 673 mutex_exit(&rfs4_servinst_lock); 674 } 675 676 static rfs4_dss_path_t * 677 rfs4_dss_newpath(rfs4_servinst_t *sip, char *path, unsigned index) 678 { 679 size_t len; 680 rfs4_dss_path_t *dss_path; 681 682 dss_path = kmem_alloc(sizeof (rfs4_dss_path_t), KM_SLEEP); 683 684 /* 685 * Take a copy of the string, since the original may be overwritten. 686 * Sadly, no strdup() in the kernel. 687 */ 688 /* allow for NUL */ 689 len = strlen(path) + 1; 690 dss_path->path = kmem_alloc(len, KM_SLEEP); 691 (void) strlcpy(dss_path->path, path, len); 692 693 /* associate with servinst */ 694 dss_path->sip = sip; 695 dss_path->index = index; 696 697 /* 698 * Add to list of served paths. 699 * No locking required, as we're only ever called at startup. 700 */ 701 if (rfs4_dss_pathlist == NULL) { 702 /* this is the first dss_path_t */ 703 704 /* needed for insque/remque */ 705 dss_path->next = dss_path->prev = dss_path; 706 707 rfs4_dss_pathlist = dss_path; 708 } else { 709 insque(dss_path, rfs4_dss_pathlist); 710 } 711 712 return (dss_path); 713 } 714 715 /* 716 * Create a new server instance, and make it the currently active instance. 717 * Note that starting the grace period too early will reduce the clients' 718 * recovery window. 719 */ 720 void 721 rfs4_servinst_create(int start_grace, int dss_npaths, char **dss_paths) 722 { 723 unsigned i; 724 rfs4_servinst_t *sip; 725 rfs4_oldstate_t *oldstate; 726 727 sip = kmem_alloc(sizeof (rfs4_servinst_t), KM_SLEEP); 728 rw_init(&sip->rwlock, NULL, RW_DEFAULT, NULL); 729 730 sip->start_time = (time_t)0; 731 sip->grace_period = (time_t)0; 732 sip->next = NULL; 733 sip->prev = NULL; 734 735 rw_init(&sip->oldstate_lock, NULL, RW_DEFAULT, NULL); 736 /* 737 * This initial dummy entry is required to setup for insque/remque. 738 * It must be skipped over whenever the list is traversed. 739 */ 740 oldstate = kmem_alloc(sizeof (rfs4_oldstate_t), KM_SLEEP); 741 /* insque/remque require initial list entry to be self-terminated */ 742 oldstate->next = oldstate; 743 oldstate->prev = oldstate; 744 sip->oldstate = oldstate; 745 746 747 sip->dss_npaths = dss_npaths; 748 sip->dss_paths = kmem_alloc(dss_npaths * 749 sizeof (rfs4_dss_path_t *), KM_SLEEP); 750 751 for (i = 0; i < dss_npaths; i++) { 752 sip->dss_paths[i] = rfs4_dss_newpath(sip, dss_paths[i], i); 753 } 754 755 mutex_enter(&rfs4_servinst_lock); 756 if (rfs4_cur_servinst != NULL) { 757 /* add to linked list */ 758 sip->prev = rfs4_cur_servinst; 759 rfs4_cur_servinst->next = sip; 760 } 761 if (start_grace) 762 rfs4_grace_start(sip); 763 /* make the new instance "current" */ 764 rfs4_cur_servinst = sip; 765 766 mutex_exit(&rfs4_servinst_lock); 767 } 768 769 /* 770 * In future, we might add a rfs4_servinst_destroy(sip) but, for now, destroy 771 * all instances directly. 772 */ 773 void 774 rfs4_servinst_destroy_all(void) 775 { 776 rfs4_servinst_t *sip, *prev, *current; 777 #ifdef DEBUG 778 int n = 0; 779 #endif 780 781 mutex_enter(&rfs4_servinst_lock); 782 ASSERT(rfs4_cur_servinst != NULL); 783 current = rfs4_cur_servinst; 784 rfs4_cur_servinst = NULL; 785 for (sip = current; sip != NULL; sip = prev) { 786 prev = sip->prev; 787 rw_destroy(&sip->rwlock); 788 if (sip->oldstate) 789 kmem_free(sip->oldstate, sizeof (rfs4_oldstate_t)); 790 if (sip->dss_paths) 791 kmem_free(sip->dss_paths, 792 sip->dss_npaths * sizeof (rfs4_dss_path_t *)); 793 kmem_free(sip, sizeof (rfs4_servinst_t)); 794 #ifdef DEBUG 795 n++; 796 #endif 797 } 798 mutex_exit(&rfs4_servinst_lock); 799 } 800 801 /* 802 * Assign the current server instance to a client_t. 803 * Should be called with cp->dbe held. 804 */ 805 void 806 rfs4_servinst_assign(rfs4_client_t *cp, rfs4_servinst_t *sip) 807 { 808 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 809 810 /* 811 * The lock ensures that if the current instance is in the process 812 * of changing, we will see the new one. 813 */ 814 mutex_enter(&rfs4_servinst_lock); 815 cp->server_instance = sip; 816 mutex_exit(&rfs4_servinst_lock); 817 } 818 819 rfs4_servinst_t * 820 rfs4_servinst(rfs4_client_t *cp) 821 { 822 ASSERT(rfs4_dbe_refcnt(cp->dbe) > 0); 823 824 return (cp->server_instance); 825 } 826 827 /* ARGSUSED */ 828 static void 829 nullfree(caddr_t resop) 830 { 831 } 832 833 /* 834 * This is a fall-through for invalid or not implemented (yet) ops 835 */ 836 /* ARGSUSED */ 837 static void 838 rfs4_op_inval(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 839 struct compound_state *cs) 840 { 841 *cs->statusp = *((nfsstat4 *)&(resop)->nfs_resop4_u) = NFS4ERR_INVAL; 842 } 843 844 /* 845 * Check if the security flavor, nfsnum, is in the flavor_list. 846 */ 847 bool_t 848 in_flavor_list(int nfsnum, int *flavor_list, int count) 849 { 850 int i; 851 852 for (i = 0; i < count; i++) { 853 if (nfsnum == flavor_list[i]) 854 return (TRUE); 855 } 856 return (FALSE); 857 } 858 859 /* 860 * Used by rfs4_op_secinfo to get the security information from the 861 * export structure associated with the component. 862 */ 863 /* ARGSUSED */ 864 static nfsstat4 865 do_rfs4_op_secinfo(struct compound_state *cs, char *nm, SECINFO4res *resp) 866 { 867 int error, different_export = 0; 868 vnode_t *dvp, *vp, *tvp; 869 struct exportinfo *exi = NULL; 870 fid_t fid; 871 uint_t count, i; 872 secinfo4 *resok_val; 873 struct secinfo *secp; 874 seconfig_t *si; 875 bool_t did_traverse; 876 int dotdot, walk; 877 878 dvp = cs->vp; 879 dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0'); 880 881 /* 882 * If dotdotting, then need to check whether it's above the 883 * root of a filesystem, or above an export point. 884 */ 885 if (dotdot) { 886 887 /* 888 * If dotdotting at the root of a filesystem, then 889 * need to traverse back to the mounted-on filesystem 890 * and do the dotdot lookup there. 891 */ 892 if (cs->vp->v_flag & VROOT) { 893 894 /* 895 * If at the system root, then can 896 * go up no further. 897 */ 898 if (VN_CMP(dvp, rootdir)) 899 return (puterrno4(ENOENT)); 900 901 /* 902 * Traverse back to the mounted-on filesystem 903 */ 904 dvp = untraverse(cs->vp); 905 906 /* 907 * Set the different_export flag so we remember 908 * to pick up a new exportinfo entry for 909 * this new filesystem. 910 */ 911 different_export = 1; 912 } else { 913 914 /* 915 * If dotdotting above an export point then set 916 * the different_export to get new export info. 917 */ 918 different_export = nfs_exported(cs->exi, cs->vp); 919 } 920 } 921 922 /* 923 * Get the vnode for the component "nm". 924 */ 925 error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cs->cr, 926 NULL, NULL, NULL); 927 if (error) 928 return (puterrno4(error)); 929 930 /* 931 * If the vnode is in a pseudo filesystem, or if the security flavor 932 * used in the request is valid but not an explicitly shared flavor, 933 * or the access bit indicates that this is a limited access, 934 * check whether this vnode is visible. 935 */ 936 if (!different_export && 937 (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) || 938 cs->access & CS_ACCESS_LIMITED)) { 939 if (! nfs_visible(cs->exi, vp, &different_export)) { 940 VN_RELE(vp); 941 return (puterrno4(ENOENT)); 942 } 943 } 944 945 /* 946 * If it's a mountpoint, then traverse it. 947 */ 948 if (vn_ismntpt(vp)) { 949 tvp = vp; 950 if ((error = traverse(&tvp)) != 0) { 951 VN_RELE(vp); 952 return (puterrno4(error)); 953 } 954 /* remember that we had to traverse mountpoint */ 955 did_traverse = TRUE; 956 vp = tvp; 957 different_export = 1; 958 } else if (vp->v_vfsp != dvp->v_vfsp) { 959 /* 960 * If vp isn't a mountpoint and the vfs ptrs aren't the same, 961 * then vp is probably an LOFS object. We don't need the 962 * realvp, we just need to know that we might have crossed 963 * a server fs boundary and need to call checkexport4. 964 * (LOFS lookup hides server fs mountpoints, and actually calls 965 * traverse) 966 */ 967 different_export = 1; 968 did_traverse = FALSE; 969 } 970 971 /* 972 * Get the export information for it. 973 */ 974 if (different_export) { 975 976 bzero(&fid, sizeof (fid)); 977 fid.fid_len = MAXFIDSZ; 978 error = vop_fid_pseudo(vp, &fid); 979 if (error) { 980 VN_RELE(vp); 981 return (puterrno4(error)); 982 } 983 984 if (dotdot) 985 exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE); 986 else 987 exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp); 988 989 if (exi == NULL) { 990 if (did_traverse == TRUE) { 991 /* 992 * If this vnode is a mounted-on vnode, 993 * but the mounted-on file system is not 994 * exported, send back the secinfo for 995 * the exported node that the mounted-on 996 * vnode lives in. 997 */ 998 exi = cs->exi; 999 } else { 1000 VN_RELE(vp); 1001 return (puterrno4(EACCES)); 1002 } 1003 } 1004 } else { 1005 exi = cs->exi; 1006 } 1007 ASSERT(exi != NULL); 1008 1009 1010 /* 1011 * Create the secinfo result based on the security information 1012 * from the exportinfo structure (exi). 1013 * 1014 * Return all flavors for a pseudo node. 1015 * For a real export node, return the flavor that the client 1016 * has access with. 1017 */ 1018 ASSERT(RW_LOCK_HELD(&exported_lock)); 1019 if (PSEUDO(exi)) { 1020 count = exi->exi_export.ex_seccnt; /* total sec count */ 1021 resok_val = kmem_alloc(count * sizeof (secinfo4), KM_SLEEP); 1022 secp = exi->exi_export.ex_secinfo; 1023 1024 for (i = 0; i < count; i++) { 1025 si = &secp[i].s_secinfo; 1026 resok_val[i].flavor = si->sc_rpcnum; 1027 if (resok_val[i].flavor == RPCSEC_GSS) { 1028 rpcsec_gss_info *info; 1029 1030 info = &resok_val[i].flavor_info; 1031 info->qop = si->sc_qop; 1032 info->service = (rpc_gss_svc_t)si->sc_service; 1033 1034 /* get oid opaque data */ 1035 info->oid.sec_oid4_len = 1036 si->sc_gss_mech_type->length; 1037 info->oid.sec_oid4_val = kmem_alloc( 1038 si->sc_gss_mech_type->length, KM_SLEEP); 1039 bcopy( 1040 si->sc_gss_mech_type->elements, 1041 info->oid.sec_oid4_val, 1042 info->oid.sec_oid4_len); 1043 } 1044 } 1045 resp->SECINFO4resok_len = count; 1046 resp->SECINFO4resok_val = resok_val; 1047 } else { 1048 int ret_cnt = 0, k = 0; 1049 int *flavor_list; 1050 1051 count = exi->exi_export.ex_seccnt; /* total sec count */ 1052 secp = exi->exi_export.ex_secinfo; 1053 1054 flavor_list = kmem_alloc(count * sizeof (int), KM_SLEEP); 1055 /* find out which flavors to return */ 1056 for (i = 0; i < count; i ++) { 1057 int access, flavor, perm; 1058 1059 flavor = secp[i].s_secinfo.sc_nfsnum; 1060 perm = secp[i].s_flags; 1061 1062 access = nfsauth4_secinfo_access(exi, cs->req, 1063 flavor, perm); 1064 1065 if (! (access & NFSAUTH_DENIED) && 1066 ! (access & NFSAUTH_WRONGSEC)) { 1067 flavor_list[ret_cnt] = flavor; 1068 ret_cnt++; 1069 } 1070 } 1071 1072 /* Create the returning SECINFO value */ 1073 resok_val = kmem_alloc(ret_cnt * sizeof (secinfo4), KM_SLEEP); 1074 1075 for (i = 0; i < count; i++) { 1076 /* If the flavor is in the flavor list, fill in resok_val. */ 1077 si = &secp[i].s_secinfo; 1078 if (in_flavor_list(si->sc_nfsnum, 1079 flavor_list, ret_cnt)) { 1080 resok_val[k].flavor = si->sc_rpcnum; 1081 if (resok_val[k].flavor == RPCSEC_GSS) { 1082 rpcsec_gss_info *info; 1083 1084 info = &resok_val[k].flavor_info; 1085 info->qop = si->sc_qop; 1086 info->service = (rpc_gss_svc_t) 1087 si->sc_service; 1088 1089 /* get oid opaque data */ 1090 info->oid.sec_oid4_len = 1091 si->sc_gss_mech_type->length; 1092 info->oid.sec_oid4_val = kmem_alloc( 1093 si->sc_gss_mech_type->length, 1094 KM_SLEEP); 1095 bcopy(si->sc_gss_mech_type->elements, 1096 info->oid.sec_oid4_val, 1097 info->oid.sec_oid4_len); 1098 } 1099 k++; 1100 } 1101 if (k >= ret_cnt) 1102 break; 1103 } 1104 resp->SECINFO4resok_len = ret_cnt; 1105 resp->SECINFO4resok_val = resok_val; 1106 kmem_free(flavor_list, count * sizeof (int)); 1107 } 1108 1109 VN_RELE(vp); 1110 return (NFS4_OK); 1111 } 1112 1113 /* 1114 * SECINFO (Operation 33): Obtain required security information on 1115 * the component name in the format of (security-mechanism-oid, qop, service) 1116 * triplets. 1117 */ 1118 /* ARGSUSED */ 1119 static void 1120 rfs4_op_secinfo(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1121 struct compound_state *cs) 1122 { 1123 SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo; 1124 utf8string *utfnm = &argop->nfs_argop4_u.opsecinfo.name; 1125 uint_t len; 1126 char *nm; 1127 1128 /* 1129 * Current file handle (cfh) should have been set before getting 1130 * into this function. If not, return error. 1131 */ 1132 if (cs->vp == NULL) { 1133 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1134 return; 1135 } 1136 1137 if (cs->vp->v_type != VDIR) { 1138 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 1139 return; 1140 } 1141 1142 /* 1143 * Verify the component name. If failed, error out, but 1144 * do not error out if the component name is a "..". 1145 * SECINFO will return its parents secinfo data for SECINFO "..". 1146 */ 1147 if (!utf8_dir_verify(utfnm)) { 1148 if (utfnm->utf8string_len != 2 || 1149 utfnm->utf8string_val[0] != '.' || 1150 utfnm->utf8string_val[1] != '.') { 1151 *cs->statusp = resp->status = NFS4ERR_INVAL; 1152 return; 1153 } 1154 } 1155 1156 nm = utf8_to_str(utfnm, &len, NULL); 1157 if (nm == NULL) { 1158 *cs->statusp = resp->status = NFS4ERR_INVAL; 1159 return; 1160 } 1161 1162 if (len > MAXNAMELEN) { 1163 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1164 kmem_free(nm, len); 1165 return; 1166 } 1167 1168 *cs->statusp = resp->status = do_rfs4_op_secinfo(cs, nm, resp); 1169 1170 kmem_free(nm, len); 1171 } 1172 1173 /* 1174 * Free SECINFO result. 1175 */ 1176 /* ARGSUSED */ 1177 static void 1178 rfs4_op_secinfo_free(nfs_resop4 *resop) 1179 { 1180 SECINFO4res *resp = &resop->nfs_resop4_u.opsecinfo; 1181 int count, i; 1182 secinfo4 *resok_val; 1183 1184 /* If this is not an Ok result, nothing to free. */ 1185 if (resp->status != NFS4_OK) { 1186 return; 1187 } 1188 1189 count = resp->SECINFO4resok_len; 1190 resok_val = resp->SECINFO4resok_val; 1191 1192 for (i = 0; i < count; i++) { 1193 if (resok_val[i].flavor == RPCSEC_GSS) { 1194 rpcsec_gss_info *info; 1195 1196 info = &resok_val[i].flavor_info; 1197 kmem_free(info->oid.sec_oid4_val, 1198 info->oid.sec_oid4_len); 1199 } 1200 } 1201 kmem_free(resok_val, count * sizeof (secinfo4)); 1202 resp->SECINFO4resok_len = 0; 1203 resp->SECINFO4resok_val = NULL; 1204 } 1205 1206 /* ARGSUSED */ 1207 static void 1208 rfs4_op_access(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1209 struct compound_state *cs) 1210 { 1211 ACCESS4args *args = &argop->nfs_argop4_u.opaccess; 1212 ACCESS4res *resp = &resop->nfs_resop4_u.opaccess; 1213 int error; 1214 vnode_t *vp; 1215 struct vattr va; 1216 int checkwriteperm; 1217 cred_t *cr = cs->cr; 1218 bslabel_t *clabel, *slabel; 1219 ts_label_t *tslabel; 1220 boolean_t admin_low_client; 1221 1222 #if 0 /* XXX allow access even if !cs->access. Eventually only pseudo fs */ 1223 if (cs->access == CS_ACCESS_DENIED) { 1224 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1225 return; 1226 } 1227 #endif 1228 if (cs->vp == NULL) { 1229 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1230 return; 1231 } 1232 1233 ASSERT(cr != NULL); 1234 1235 vp = cs->vp; 1236 1237 /* 1238 * If the file system is exported read only, it is not appropriate 1239 * to check write permissions for regular files and directories. 1240 * Special files are interpreted by the client, so the underlying 1241 * permissions are sent back to the client for interpretation. 1242 */ 1243 if (rdonly4(cs->exi, cs->vp, req) && 1244 (vp->v_type == VREG || vp->v_type == VDIR)) 1245 checkwriteperm = 0; 1246 else 1247 checkwriteperm = 1; 1248 1249 /* 1250 * XXX 1251 * We need the mode so that we can correctly determine access 1252 * permissions relative to a mandatory lock file. Access to 1253 * mandatory lock files is denied on the server, so it might 1254 * as well be reflected to the server during the open. 1255 */ 1256 va.va_mask = AT_MODE; 1257 error = VOP_GETATTR(vp, &va, 0, cr, NULL); 1258 if (error) { 1259 *cs->statusp = resp->status = puterrno4(error); 1260 return; 1261 } 1262 resp->access = 0; 1263 resp->supported = 0; 1264 1265 if (is_system_labeled()) { 1266 ASSERT(req->rq_label != NULL); 1267 clabel = req->rq_label; 1268 DTRACE_PROBE2(tx__rfs4__log__info__opaccess__clabel, char *, 1269 "got client label from request(1)", 1270 struct svc_req *, req); 1271 if (!blequal(&l_admin_low->tsl_label, clabel)) { 1272 if ((tslabel = nfs_getflabel(vp)) == NULL) { 1273 *cs->statusp = resp->status = puterrno4(EACCES); 1274 return; 1275 } 1276 slabel = label2bslabel(tslabel); 1277 DTRACE_PROBE3(tx__rfs4__log__info__opaccess__slabel, 1278 char *, "got server label(1) for vp(2)", 1279 bslabel_t *, slabel, vnode_t *, vp); 1280 1281 admin_low_client = B_FALSE; 1282 } else 1283 admin_low_client = B_TRUE; 1284 } 1285 1286 if (args->access & ACCESS4_READ) { 1287 error = VOP_ACCESS(vp, VREAD, 0, cr, NULL); 1288 if (!error && !MANDLOCK(vp, va.va_mode) && 1289 (!is_system_labeled() || admin_low_client || 1290 bldominates(clabel, slabel))) 1291 resp->access |= ACCESS4_READ; 1292 resp->supported |= ACCESS4_READ; 1293 } 1294 if ((args->access & ACCESS4_LOOKUP) && vp->v_type == VDIR) { 1295 error = VOP_ACCESS(vp, VEXEC, 0, cr, NULL); 1296 if (!error && (!is_system_labeled() || admin_low_client || 1297 bldominates(clabel, slabel))) 1298 resp->access |= ACCESS4_LOOKUP; 1299 resp->supported |= ACCESS4_LOOKUP; 1300 } 1301 if (checkwriteperm && 1302 (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND))) { 1303 error = VOP_ACCESS(vp, VWRITE, 0, cr, NULL); 1304 if (!error && !MANDLOCK(vp, va.va_mode) && 1305 (!is_system_labeled() || admin_low_client || 1306 blequal(clabel, slabel))) 1307 resp->access |= 1308 (args->access & (ACCESS4_MODIFY|ACCESS4_EXTEND)); 1309 resp->supported |= (ACCESS4_MODIFY|ACCESS4_EXTEND); 1310 } 1311 1312 if (checkwriteperm && 1313 (args->access & ACCESS4_DELETE) && vp->v_type == VDIR) { 1314 error = VOP_ACCESS(vp, VWRITE, 0, cr, NULL); 1315 if (!error && (!is_system_labeled() || admin_low_client || 1316 blequal(clabel, slabel))) 1317 resp->access |= ACCESS4_DELETE; 1318 resp->supported |= ACCESS4_DELETE; 1319 } 1320 if (args->access & ACCESS4_EXECUTE && vp->v_type != VDIR) { 1321 error = VOP_ACCESS(vp, VEXEC, 0, cr, NULL); 1322 if (!error && !MANDLOCK(vp, va.va_mode) && 1323 (!is_system_labeled() || admin_low_client || 1324 bldominates(clabel, slabel))) 1325 resp->access |= ACCESS4_EXECUTE; 1326 resp->supported |= ACCESS4_EXECUTE; 1327 } 1328 1329 if (is_system_labeled() && !admin_low_client) 1330 label_rele(tslabel); 1331 1332 *cs->statusp = resp->status = NFS4_OK; 1333 } 1334 1335 /* ARGSUSED */ 1336 static void 1337 rfs4_op_commit(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1338 struct compound_state *cs) 1339 { 1340 COMMIT4args *args = &argop->nfs_argop4_u.opcommit; 1341 COMMIT4res *resp = &resop->nfs_resop4_u.opcommit; 1342 int error; 1343 vnode_t *vp = cs->vp; 1344 cred_t *cr = cs->cr; 1345 vattr_t va; 1346 1347 if (vp == NULL) { 1348 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1349 return; 1350 } 1351 if (cs->access == CS_ACCESS_DENIED) { 1352 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1353 return; 1354 } 1355 1356 if (args->offset + args->count < args->offset) { 1357 *cs->statusp = resp->status = NFS4ERR_INVAL; 1358 return; 1359 } 1360 1361 va.va_mask = AT_UID; 1362 error = VOP_GETATTR(vp, &va, 0, cr, NULL); 1363 1364 /* 1365 * If we can't get the attributes, then we can't do the 1366 * right access checking. So, we'll fail the request. 1367 */ 1368 if (error) { 1369 *cs->statusp = resp->status = puterrno4(error); 1370 return; 1371 } 1372 if (rdonly4(cs->exi, cs->vp, req)) { 1373 *cs->statusp = resp->status = NFS4ERR_ROFS; 1374 return; 1375 } 1376 1377 if (vp->v_type != VREG) { 1378 if (vp->v_type == VDIR) 1379 resp->status = NFS4ERR_ISDIR; 1380 else 1381 resp->status = NFS4ERR_INVAL; 1382 *cs->statusp = resp->status; 1383 return; 1384 } 1385 1386 if (crgetuid(cr) != va.va_uid && 1387 (error = VOP_ACCESS(vp, VWRITE, 0, cs->cr, NULL))) { 1388 *cs->statusp = resp->status = puterrno4(error); 1389 return; 1390 } 1391 1392 error = VOP_PUTPAGE(vp, args->offset, args->count, 0, cr, NULL); 1393 if (!error) 1394 error = VOP_FSYNC(vp, FNODSYNC, cr, NULL); 1395 1396 if (error) { 1397 *cs->statusp = resp->status = puterrno4(error); 1398 return; 1399 } 1400 1401 *cs->statusp = resp->status = NFS4_OK; 1402 resp->writeverf = Write4verf; 1403 } 1404 1405 /* 1406 * rfs4_op_mknod is called from rfs4_op_create after all initial verification 1407 * was completed. It does the nfsv4 create for special files. 1408 */ 1409 /* ARGSUSED */ 1410 static vnode_t * 1411 do_rfs4_op_mknod(CREATE4args *args, CREATE4res *resp, struct svc_req *req, 1412 struct compound_state *cs, vattr_t *vap, char *nm) 1413 { 1414 int error; 1415 cred_t *cr = cs->cr; 1416 vnode_t *dvp = cs->vp; 1417 vnode_t *vp = NULL; 1418 int mode; 1419 enum vcexcl excl; 1420 1421 switch (args->type) { 1422 case NF4CHR: 1423 case NF4BLK: 1424 if (secpolicy_sys_devices(cr) != 0) { 1425 *cs->statusp = resp->status = NFS4ERR_PERM; 1426 return (NULL); 1427 } 1428 if (args->type == NF4CHR) 1429 vap->va_type = VCHR; 1430 else 1431 vap->va_type = VBLK; 1432 vap->va_rdev = makedevice(args->ftype4_u.devdata.specdata1, 1433 args->ftype4_u.devdata.specdata2); 1434 vap->va_mask |= AT_RDEV; 1435 break; 1436 case NF4SOCK: 1437 vap->va_type = VSOCK; 1438 break; 1439 case NF4FIFO: 1440 vap->va_type = VFIFO; 1441 break; 1442 default: 1443 *cs->statusp = resp->status = NFS4ERR_BADTYPE; 1444 return (NULL); 1445 } 1446 1447 /* 1448 * Must specify the mode. 1449 */ 1450 if (!(vap->va_mask & AT_MODE)) { 1451 *cs->statusp = resp->status = NFS4ERR_INVAL; 1452 return (NULL); 1453 } 1454 1455 excl = EXCL; 1456 1457 mode = 0; 1458 1459 error = VOP_CREATE(dvp, nm, vap, excl, mode, &vp, cr, 0, NULL, NULL); 1460 if (error) { 1461 *cs->statusp = resp->status = puterrno4(error); 1462 return (NULL); 1463 } 1464 return (vp); 1465 } 1466 1467 /* 1468 * nfsv4 create is used to create non-regular files. For regular files, 1469 * use nfsv4 open. 1470 */ 1471 /* ARGSUSED */ 1472 static void 1473 rfs4_op_create(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1474 struct compound_state *cs) 1475 { 1476 CREATE4args *args = &argop->nfs_argop4_u.opcreate; 1477 CREATE4res *resp = &resop->nfs_resop4_u.opcreate; 1478 int error; 1479 struct vattr bva, iva, iva2, ava, *vap; 1480 cred_t *cr = cs->cr; 1481 vnode_t *dvp = cs->vp; 1482 vnode_t *vp = NULL; 1483 char *nm, *lnm; 1484 uint_t len, llen; 1485 int syncval = 0; 1486 struct nfs4_svgetit_arg sarg; 1487 struct nfs4_ntov_table ntov; 1488 struct statvfs64 sb; 1489 nfsstat4 status; 1490 1491 resp->attrset = 0; 1492 1493 if (dvp == NULL) { 1494 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 1495 return; 1496 } 1497 1498 /* 1499 * If there is an unshared filesystem mounted on this vnode, 1500 * do not allow to create an object in this directory. 1501 */ 1502 if (vn_ismntpt(dvp)) { 1503 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1504 return; 1505 } 1506 1507 /* Verify that type is correct */ 1508 switch (args->type) { 1509 case NF4LNK: 1510 case NF4BLK: 1511 case NF4CHR: 1512 case NF4SOCK: 1513 case NF4FIFO: 1514 case NF4DIR: 1515 break; 1516 default: 1517 *cs->statusp = resp->status = NFS4ERR_BADTYPE; 1518 return; 1519 }; 1520 1521 if (cs->access == CS_ACCESS_DENIED) { 1522 *cs->statusp = resp->status = NFS4ERR_ACCESS; 1523 return; 1524 } 1525 if (dvp->v_type != VDIR) { 1526 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 1527 return; 1528 } 1529 if (!utf8_dir_verify(&args->objname)) { 1530 *cs->statusp = resp->status = NFS4ERR_INVAL; 1531 return; 1532 } 1533 1534 if (rdonly4(cs->exi, cs->vp, req)) { 1535 *cs->statusp = resp->status = NFS4ERR_ROFS; 1536 return; 1537 } 1538 1539 /* 1540 * Name of newly created object 1541 */ 1542 nm = utf8_to_fn(&args->objname, &len, NULL); 1543 if (nm == NULL) { 1544 *cs->statusp = resp->status = NFS4ERR_INVAL; 1545 return; 1546 } 1547 1548 if (len > MAXNAMELEN) { 1549 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1550 kmem_free(nm, len); 1551 return; 1552 } 1553 1554 resp->attrset = 0; 1555 1556 sarg.sbp = &sb; 1557 nfs4_ntov_table_init(&ntov); 1558 1559 status = do_rfs4_set_attrs(&resp->attrset, 1560 &args->createattrs, cs, &sarg, &ntov, NFS4ATTR_SETIT); 1561 1562 if (sarg.vap->va_mask == 0 && status == NFS4_OK) 1563 status = NFS4ERR_INVAL; 1564 1565 if (status != NFS4_OK) { 1566 *cs->statusp = resp->status = status; 1567 kmem_free(nm, len); 1568 nfs4_ntov_table_free(&ntov, &sarg); 1569 resp->attrset = 0; 1570 return; 1571 } 1572 1573 /* Get "before" change value */ 1574 bva.va_mask = AT_CTIME|AT_SEQ; 1575 error = VOP_GETATTR(dvp, &bva, 0, cr, NULL); 1576 if (error) { 1577 *cs->statusp = resp->status = puterrno4(error); 1578 kmem_free(nm, len); 1579 nfs4_ntov_table_free(&ntov, &sarg); 1580 resp->attrset = 0; 1581 return; 1582 } 1583 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bva.va_ctime) 1584 1585 vap = sarg.vap; 1586 1587 /* 1588 * Set default initial values for attributes when not specified 1589 * in createattrs. 1590 */ 1591 if ((vap->va_mask & AT_UID) == 0) { 1592 vap->va_uid = crgetuid(cr); 1593 vap->va_mask |= AT_UID; 1594 } 1595 if ((vap->va_mask & AT_GID) == 0) { 1596 vap->va_gid = crgetgid(cr); 1597 vap->va_mask |= AT_GID; 1598 } 1599 1600 vap->va_mask |= AT_TYPE; 1601 switch (args->type) { 1602 case NF4DIR: 1603 vap->va_type = VDIR; 1604 if ((vap->va_mask & AT_MODE) == 0) { 1605 vap->va_mode = 0700; /* default: owner rwx only */ 1606 vap->va_mask |= AT_MODE; 1607 } 1608 error = VOP_MKDIR(dvp, nm, vap, &vp, cr, NULL, 0, NULL); 1609 if (error) 1610 break; 1611 1612 /* 1613 * Get the initial "after" sequence number, if it fails, 1614 * set to zero 1615 */ 1616 iva.va_mask = AT_SEQ; 1617 if (VOP_GETATTR(dvp, &iva, 0, cs->cr, NULL)) 1618 iva.va_seq = 0; 1619 break; 1620 case NF4LNK: 1621 vap->va_type = VLNK; 1622 if ((vap->va_mask & AT_MODE) == 0) { 1623 vap->va_mode = 0700; /* default: owner rwx only */ 1624 vap->va_mask |= AT_MODE; 1625 } 1626 1627 /* 1628 * symlink names must be treated as data 1629 */ 1630 lnm = utf8_to_str(&args->ftype4_u.linkdata, &llen, NULL); 1631 1632 if (lnm == NULL) { 1633 *cs->statusp = resp->status = NFS4ERR_INVAL; 1634 kmem_free(nm, len); 1635 nfs4_ntov_table_free(&ntov, &sarg); 1636 resp->attrset = 0; 1637 return; 1638 } 1639 1640 if (llen > MAXPATHLEN) { 1641 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 1642 kmem_free(nm, len); 1643 kmem_free(lnm, llen); 1644 nfs4_ntov_table_free(&ntov, &sarg); 1645 resp->attrset = 0; 1646 return; 1647 } 1648 1649 error = VOP_SYMLINK(dvp, nm, vap, lnm, cr, NULL, 0); 1650 if (lnm != NULL) 1651 kmem_free(lnm, llen); 1652 if (error) 1653 break; 1654 1655 /* 1656 * Get the initial "after" sequence number, if it fails, 1657 * set to zero 1658 */ 1659 iva.va_mask = AT_SEQ; 1660 if (VOP_GETATTR(dvp, &iva, 0, cs->cr, NULL)) 1661 iva.va_seq = 0; 1662 1663 error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr, 1664 NULL, NULL, NULL); 1665 if (error) 1666 break; 1667 1668 /* 1669 * va_seq is not safe over VOP calls, check it again 1670 * if it has changed zero out iva to force atomic = FALSE. 1671 */ 1672 iva2.va_mask = AT_SEQ; 1673 if (VOP_GETATTR(dvp, &iva2, 0, cs->cr, NULL) || 1674 iva2.va_seq != iva.va_seq) 1675 iva.va_seq = 0; 1676 break; 1677 default: 1678 /* 1679 * probably a special file. 1680 */ 1681 if ((vap->va_mask & AT_MODE) == 0) { 1682 vap->va_mode = 0600; /* default: owner rw only */ 1683 vap->va_mask |= AT_MODE; 1684 } 1685 syncval = FNODSYNC; 1686 /* 1687 * We know this will only generate one VOP call 1688 */ 1689 vp = do_rfs4_op_mknod(args, resp, req, cs, vap, nm); 1690 1691 if (vp == NULL) { 1692 kmem_free(nm, len); 1693 nfs4_ntov_table_free(&ntov, &sarg); 1694 resp->attrset = 0; 1695 return; 1696 } 1697 1698 /* 1699 * Get the initial "after" sequence number, if it fails, 1700 * set to zero 1701 */ 1702 iva.va_mask = AT_SEQ; 1703 if (VOP_GETATTR(dvp, &iva, 0, cs->cr, NULL)) 1704 iva.va_seq = 0; 1705 1706 break; 1707 } 1708 kmem_free(nm, len); 1709 1710 if (error) { 1711 *cs->statusp = resp->status = puterrno4(error); 1712 } 1713 1714 /* 1715 * Force modified data and metadata out to stable storage. 1716 */ 1717 (void) VOP_FSYNC(dvp, 0, cr, NULL); 1718 1719 if (resp->status != NFS4_OK) { 1720 if (vp != NULL) 1721 VN_RELE(vp); 1722 nfs4_ntov_table_free(&ntov, &sarg); 1723 resp->attrset = 0; 1724 return; 1725 } 1726 1727 /* 1728 * Finish setup of cinfo response, "before" value already set. 1729 * Get "after" change value, if it fails, simply return the 1730 * before value. 1731 */ 1732 ava.va_mask = AT_CTIME|AT_SEQ; 1733 if (VOP_GETATTR(dvp, &ava, 0, cr, NULL)) { 1734 ava.va_ctime = bva.va_ctime; 1735 ava.va_seq = 0; 1736 } 1737 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, ava.va_ctime); 1738 1739 /* 1740 * True verification that object was created with correct 1741 * attrs is impossible. The attrs could have been changed 1742 * immediately after object creation. If attributes did 1743 * not verify, the only recourse for the server is to 1744 * destroy the object. Maybe if some attrs (like gid) 1745 * are set incorrectly, the object should be destroyed; 1746 * however, seems bad as a default policy. Do we really 1747 * want to destroy an object over one of the times not 1748 * verifying correctly? For these reasons, the server 1749 * currently sets bits in attrset for createattrs 1750 * that were set; however, no verification is done. 1751 * 1752 * vmask_to_nmask accounts for vattr bits set on create 1753 * [do_rfs4_set_attrs() only sets resp bits for 1754 * non-vattr/vfs bits.] 1755 * Mask off any bits set by default so as not to return 1756 * more attrset bits than were requested in createattrs 1757 */ 1758 nfs4_vmask_to_nmask(sarg.vap->va_mask, &resp->attrset); 1759 resp->attrset &= args->createattrs.attrmask; 1760 nfs4_ntov_table_free(&ntov, &sarg); 1761 1762 error = makefh4(&cs->fh, vp, cs->exi); 1763 if (error) { 1764 *cs->statusp = resp->status = puterrno4(error); 1765 } 1766 1767 /* 1768 * The cinfo.atomic = TRUE only if we got no errors, we have 1769 * non-zero va_seq's, and it has incremented by exactly one 1770 * during the creation and it didn't change during the VOP_LOOKUP 1771 * or VOP_FSYNC. 1772 */ 1773 if (!error && bva.va_seq && iva.va_seq && ava.va_seq && 1774 iva.va_seq == (bva.va_seq + 1) && iva.va_seq == ava.va_seq) 1775 resp->cinfo.atomic = TRUE; 1776 else 1777 resp->cinfo.atomic = FALSE; 1778 1779 (void) VOP_FSYNC(vp, syncval, cr, NULL); 1780 1781 if (resp->status != NFS4_OK) { 1782 VN_RELE(vp); 1783 return; 1784 } 1785 if (cs->vp) 1786 VN_RELE(cs->vp); 1787 1788 cs->vp = vp; 1789 *cs->statusp = resp->status = NFS4_OK; 1790 } 1791 1792 1793 /*ARGSUSED*/ 1794 static void 1795 rfs4_op_delegreturn(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 1796 struct compound_state *cs) 1797 { 1798 DELEGRETURN4args *args = &argop->nfs_argop4_u.opdelegreturn; 1799 DELEGRETURN4res *resp = &resop->nfs_resop4_u.opdelegreturn; 1800 rfs4_deleg_state_t *dsp; 1801 nfsstat4 status; 1802 1803 status = rfs4_get_deleg_state(&args->deleg_stateid, &dsp); 1804 resp->status = *cs->statusp = status; 1805 if (status != NFS4_OK) 1806 return; 1807 1808 /* Ensure specified filehandle matches */ 1809 if (cs->vp != dsp->finfo->vp) { 1810 resp->status = *cs->statusp = NFS4ERR_BAD_STATEID; 1811 } else 1812 rfs4_return_deleg(dsp, FALSE); 1813 1814 rfs4_update_lease(dsp->client); 1815 1816 rfs4_deleg_state_rele(dsp); 1817 } 1818 1819 /* 1820 * Check to see if a given "flavor" is an explicitly shared flavor. 1821 * The assumption of this routine is the "flavor" is already a valid 1822 * flavor in the secinfo list of "exi". 1823 * 1824 * e.g. 1825 * # share -o sec=flavor1 /export 1826 * # share -o sec=flavor2 /export/home 1827 * 1828 * flavor2 is not an explicitly shared flavor for /export, 1829 * however it is in the secinfo list for /export thru the 1830 * server namespace setup. 1831 */ 1832 int 1833 is_exported_sec(int flavor, struct exportinfo *exi) 1834 { 1835 int i; 1836 struct secinfo *sp; 1837 1838 sp = exi->exi_export.ex_secinfo; 1839 for (i = 0; i < exi->exi_export.ex_seccnt; i++) { 1840 if (flavor == sp[i].s_secinfo.sc_nfsnum || 1841 sp[i].s_secinfo.sc_nfsnum == AUTH_NONE) { 1842 return (SEC_REF_EXPORTED(&sp[i])); 1843 } 1844 } 1845 1846 /* Should not reach this point based on the assumption */ 1847 return (0); 1848 } 1849 1850 /* 1851 * Check if the security flavor used in the request matches what is 1852 * required at the export point or at the root pseudo node (exi_root). 1853 * 1854 * returns 1 if there's a match or if exported with AUTH_NONE; 0 otherwise. 1855 * 1856 */ 1857 static int 1858 secinfo_match_or_authnone(struct compound_state *cs) 1859 { 1860 int i; 1861 struct secinfo *sp; 1862 1863 /* 1864 * Check cs->nfsflavor (from the request) against 1865 * the current export data in cs->exi. 1866 */ 1867 sp = cs->exi->exi_export.ex_secinfo; 1868 for (i = 0; i < cs->exi->exi_export.ex_seccnt; i++) { 1869 if (cs->nfsflavor == sp[i].s_secinfo.sc_nfsnum || 1870 sp[i].s_secinfo.sc_nfsnum == AUTH_NONE) 1871 return (1); 1872 } 1873 1874 return (0); 1875 } 1876 1877 /* 1878 * Check the access authority for the client and return the correct error. 1879 */ 1880 nfsstat4 1881 call_checkauth4(struct compound_state *cs, struct svc_req *req) 1882 { 1883 int authres; 1884 1885 /* 1886 * First, check if the security flavor used in the request 1887 * are among the flavors set in the server namespace. 1888 */ 1889 if (!secinfo_match_or_authnone(cs)) { 1890 *cs->statusp = NFS4ERR_WRONGSEC; 1891 return (*cs->statusp); 1892 } 1893 1894 authres = checkauth4(cs, req); 1895 1896 if (authres > 0) { 1897 *cs->statusp = NFS4_OK; 1898 if (! (cs->access & CS_ACCESS_LIMITED)) 1899 cs->access = CS_ACCESS_OK; 1900 } else if (authres == 0) { 1901 *cs->statusp = NFS4ERR_ACCESS; 1902 } else if (authres == -2) { 1903 *cs->statusp = NFS4ERR_WRONGSEC; 1904 } else { 1905 *cs->statusp = NFS4ERR_DELAY; 1906 } 1907 return (*cs->statusp); 1908 } 1909 1910 /* 1911 * bitmap4_to_attrmask is called by getattr and readdir. 1912 * It sets up the vattr mask and determines whether vfsstat call is needed 1913 * based on the input bitmap. 1914 * Returns nfsv4 status. 1915 */ 1916 static nfsstat4 1917 bitmap4_to_attrmask(bitmap4 breq, struct nfs4_svgetit_arg *sargp) 1918 { 1919 int i; 1920 uint_t va_mask; 1921 struct statvfs64 *sbp = sargp->sbp; 1922 1923 sargp->sbp = NULL; 1924 sargp->flag = 0; 1925 sargp->rdattr_error = NFS4_OK; 1926 sargp->mntdfid_set = FALSE; 1927 if (sargp->cs->vp) 1928 sargp->xattr = get_fh4_flag(&sargp->cs->fh, 1929 FH4_ATTRDIR | FH4_NAMEDATTR); 1930 else 1931 sargp->xattr = 0; 1932 1933 /* 1934 * Set rdattr_error_req to true if return error per 1935 * failed entry rather than fail the readdir. 1936 */ 1937 if (breq & FATTR4_RDATTR_ERROR_MASK) 1938 sargp->rdattr_error_req = 1; 1939 else 1940 sargp->rdattr_error_req = 0; 1941 1942 /* 1943 * generate the va_mask 1944 * Handle the easy cases first 1945 */ 1946 switch (breq) { 1947 case NFS4_NTOV_ATTR_MASK: 1948 sargp->vap->va_mask = NFS4_NTOV_ATTR_AT_MASK; 1949 return (NFS4_OK); 1950 1951 case NFS4_FS_ATTR_MASK: 1952 sargp->vap->va_mask = NFS4_FS_ATTR_AT_MASK; 1953 sargp->sbp = sbp; 1954 return (NFS4_OK); 1955 1956 case NFS4_NTOV_ATTR_CACHE_MASK: 1957 sargp->vap->va_mask = NFS4_NTOV_ATTR_CACHE_AT_MASK; 1958 return (NFS4_OK); 1959 1960 case FATTR4_LEASE_TIME_MASK: 1961 sargp->vap->va_mask = 0; 1962 return (NFS4_OK); 1963 1964 default: 1965 va_mask = 0; 1966 for (i = 0; i < nfs4_ntov_map_size; i++) { 1967 if ((breq & nfs4_ntov_map[i].fbit) && 1968 nfs4_ntov_map[i].vbit) 1969 va_mask |= nfs4_ntov_map[i].vbit; 1970 } 1971 1972 /* 1973 * Check is vfsstat is needed 1974 */ 1975 if (breq & NFS4_FS_ATTR_MASK) 1976 sargp->sbp = sbp; 1977 1978 sargp->vap->va_mask = va_mask; 1979 return (NFS4_OK); 1980 } 1981 /* NOTREACHED */ 1982 } 1983 1984 /* 1985 * bitmap4_get_sysattrs is called by getattr and readdir. 1986 * It calls both VOP_GETATTR and VFS_STATVFS calls to get the attrs. 1987 * Returns nfsv4 status. 1988 */ 1989 static nfsstat4 1990 bitmap4_get_sysattrs(struct nfs4_svgetit_arg *sargp) 1991 { 1992 int error; 1993 struct compound_state *cs = sargp->cs; 1994 vnode_t *vp = cs->vp; 1995 1996 if (sargp->sbp != NULL) { 1997 if (error = VFS_STATVFS(vp->v_vfsp, sargp->sbp)) { 1998 sargp->sbp = NULL; /* to identify error */ 1999 return (puterrno4(error)); 2000 } 2001 } 2002 2003 return (rfs4_vop_getattr(vp, sargp->vap, 0, cs->cr)); 2004 } 2005 2006 static void 2007 nfs4_ntov_table_init(struct nfs4_ntov_table *ntovp) 2008 { 2009 ntovp->na = kmem_zalloc(sizeof (union nfs4_attr_u) * nfs4_ntov_map_size, 2010 KM_SLEEP); 2011 ntovp->attrcnt = 0; 2012 ntovp->vfsstat = FALSE; 2013 } 2014 2015 static void 2016 nfs4_ntov_table_free(struct nfs4_ntov_table *ntovp, 2017 struct nfs4_svgetit_arg *sargp) 2018 { 2019 int i; 2020 union nfs4_attr_u *na; 2021 uint8_t *amap; 2022 2023 /* 2024 * XXX Should do the same checks for whether the bit is set 2025 */ 2026 for (i = 0, na = ntovp->na, amap = ntovp->amap; 2027 i < ntovp->attrcnt; i++, na++, amap++) { 2028 (void) (*nfs4_ntov_map[*amap].sv_getit)( 2029 NFS4ATTR_FREEIT, sargp, na); 2030 } 2031 if ((sargp->op == NFS4ATTR_SETIT) || (sargp->op == NFS4ATTR_VERIT)) { 2032 /* 2033 * xdr_free for getattr will be done later 2034 */ 2035 for (i = 0, na = ntovp->na, amap = ntovp->amap; 2036 i < ntovp->attrcnt; i++, na++, amap++) { 2037 xdr_free(nfs4_ntov_map[*amap].xfunc, (caddr_t)na); 2038 } 2039 } 2040 kmem_free(ntovp->na, sizeof (union nfs4_attr_u) * nfs4_ntov_map_size); 2041 } 2042 2043 /* 2044 * do_rfs4_op_getattr gets the system attrs and converts into fattr4. 2045 */ 2046 static nfsstat4 2047 do_rfs4_op_getattr(bitmap4 breq, fattr4 *fattrp, 2048 struct nfs4_svgetit_arg *sargp) 2049 { 2050 int error = 0; 2051 int i, k; 2052 struct nfs4_ntov_table ntov; 2053 XDR xdr; 2054 ulong_t xdr_size; 2055 char *xdr_attrs; 2056 nfsstat4 status = NFS4_OK; 2057 nfsstat4 prev_rdattr_error = sargp->rdattr_error; 2058 union nfs4_attr_u *na; 2059 uint8_t *amap; 2060 2061 sargp->op = NFS4ATTR_GETIT; 2062 sargp->flag = 0; 2063 2064 fattrp->attrmask = 0; 2065 /* if no bits requested, then return empty fattr4 */ 2066 if (breq == 0) { 2067 fattrp->attrlist4_len = 0; 2068 fattrp->attrlist4 = NULL; 2069 return (NFS4_OK); 2070 } 2071 2072 /* 2073 * return NFS4ERR_INVAL when client requests write-only attrs 2074 */ 2075 if (breq & (FATTR4_TIME_ACCESS_SET_MASK | FATTR4_TIME_MODIFY_SET_MASK)) 2076 return (NFS4ERR_INVAL); 2077 2078 nfs4_ntov_table_init(&ntov); 2079 na = ntov.na; 2080 amap = ntov.amap; 2081 2082 /* 2083 * Now loop to get or verify the attrs 2084 */ 2085 for (i = 0; i < nfs4_ntov_map_size; i++) { 2086 if (breq & nfs4_ntov_map[i].fbit) { 2087 if ((*nfs4_ntov_map[i].sv_getit)( 2088 NFS4ATTR_SUPPORTED, sargp, NULL) == 0) { 2089 2090 error = (*nfs4_ntov_map[i].sv_getit)( 2091 NFS4ATTR_GETIT, sargp, na); 2092 2093 /* 2094 * Possible error values: 2095 * >0 if sv_getit failed to 2096 * get the attr; 0 if succeeded; 2097 * <0 if rdattr_error and the 2098 * attribute cannot be returned. 2099 */ 2100 if (error && !(sargp->rdattr_error_req)) 2101 goto done; 2102 /* 2103 * If error then just for entry 2104 */ 2105 if (error == 0) { 2106 fattrp->attrmask |= 2107 nfs4_ntov_map[i].fbit; 2108 *amap++ = 2109 (uint8_t)nfs4_ntov_map[i].nval; 2110 na++; 2111 (ntov.attrcnt)++; 2112 } else if ((error > 0) && 2113 (sargp->rdattr_error == NFS4_OK)) { 2114 sargp->rdattr_error = puterrno4(error); 2115 } 2116 error = 0; 2117 } 2118 } 2119 } 2120 2121 /* 2122 * If rdattr_error was set after the return value for it was assigned, 2123 * update it. 2124 */ 2125 if (prev_rdattr_error != sargp->rdattr_error) { 2126 na = ntov.na; 2127 amap = ntov.amap; 2128 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2129 k = *amap; 2130 if (k < FATTR4_RDATTR_ERROR) { 2131 continue; 2132 } 2133 if ((k == FATTR4_RDATTR_ERROR) && 2134 ((*nfs4_ntov_map[k].sv_getit)( 2135 NFS4ATTR_SUPPORTED, sargp, NULL) == 0)) { 2136 2137 (void) (*nfs4_ntov_map[k].sv_getit)( 2138 NFS4ATTR_GETIT, sargp, na); 2139 } 2140 break; 2141 } 2142 } 2143 2144 xdr_size = 0; 2145 na = ntov.na; 2146 amap = ntov.amap; 2147 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2148 xdr_size += xdr_sizeof(nfs4_ntov_map[*amap].xfunc, na); 2149 } 2150 2151 fattrp->attrlist4_len = xdr_size; 2152 if (xdr_size) { 2153 /* freed by rfs4_op_getattr_free() */ 2154 fattrp->attrlist4 = xdr_attrs = kmem_zalloc(xdr_size, KM_SLEEP); 2155 2156 xdrmem_create(&xdr, xdr_attrs, xdr_size, XDR_ENCODE); 2157 2158 na = ntov.na; 2159 amap = ntov.amap; 2160 for (i = 0; i < ntov.attrcnt; i++, na++, amap++) { 2161 if (!(*nfs4_ntov_map[*amap].xfunc)(&xdr, na)) { 2162 cmn_err(CE_WARN, "do_rfs4_op_getattr: xdr " 2163 "encode of attribute %d failed\n", *amap); 2164 status = NFS4ERR_SERVERFAULT; 2165 break; 2166 } 2167 } 2168 /* xdrmem_destroy(&xdrs); */ /* NO-OP */ 2169 } else { 2170 fattrp->attrlist4 = NULL; 2171 } 2172 done: 2173 2174 nfs4_ntov_table_free(&ntov, sargp); 2175 2176 if (error != 0) 2177 status = puterrno4(error); 2178 2179 return (status); 2180 } 2181 2182 /* ARGSUSED */ 2183 static void 2184 rfs4_op_getattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2185 struct compound_state *cs) 2186 { 2187 GETATTR4args *args = &argop->nfs_argop4_u.opgetattr; 2188 GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr; 2189 struct nfs4_svgetit_arg sarg; 2190 struct statvfs64 sb; 2191 nfsstat4 status; 2192 2193 if (cs->vp == NULL) { 2194 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2195 return; 2196 } 2197 2198 if (cs->access == CS_ACCESS_DENIED) { 2199 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2200 return; 2201 } 2202 2203 sarg.sbp = &sb; 2204 sarg.cs = cs; 2205 2206 status = bitmap4_to_attrmask(args->attr_request, &sarg); 2207 if (status == NFS4_OK) { 2208 status = bitmap4_get_sysattrs(&sarg); 2209 if (status == NFS4_OK) 2210 status = do_rfs4_op_getattr(args->attr_request, 2211 &resp->obj_attributes, &sarg); 2212 } 2213 *cs->statusp = resp->status = status; 2214 } 2215 2216 static void 2217 rfs4_op_getattr_free(nfs_resop4 *resop) 2218 { 2219 GETATTR4res *resp = &resop->nfs_resop4_u.opgetattr; 2220 2221 nfs4_fattr4_free(&resp->obj_attributes); 2222 } 2223 2224 /* ARGSUSED */ 2225 static void 2226 rfs4_op_getfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2227 struct compound_state *cs) 2228 { 2229 GETFH4res *resp = &resop->nfs_resop4_u.opgetfh; 2230 2231 if (cs->vp == NULL) { 2232 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2233 return; 2234 } 2235 if (cs->access == CS_ACCESS_DENIED) { 2236 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2237 return; 2238 } 2239 2240 resp->object.nfs_fh4_val = 2241 kmem_alloc(cs->fh.nfs_fh4_len, KM_SLEEP); 2242 nfs_fh4_copy(&cs->fh, &resp->object); 2243 *cs->statusp = resp->status = NFS4_OK; 2244 } 2245 2246 static void 2247 rfs4_op_getfh_free(nfs_resop4 *resop) 2248 { 2249 GETFH4res *resp = &resop->nfs_resop4_u.opgetfh; 2250 2251 if (resp->status == NFS4_OK && 2252 resp->object.nfs_fh4_val != NULL) { 2253 kmem_free(resp->object.nfs_fh4_val, resp->object.nfs_fh4_len); 2254 resp->object.nfs_fh4_val = NULL; 2255 resp->object.nfs_fh4_len = 0; 2256 } 2257 } 2258 2259 /* 2260 * illegal: args: void 2261 * res : status (NFS4ERR_OP_ILLEGAL) 2262 */ 2263 /* ARGSUSED */ 2264 static void 2265 rfs4_op_illegal(nfs_argop4 *argop, nfs_resop4 *resop, 2266 struct svc_req *req, struct compound_state *cs) 2267 { 2268 ILLEGAL4res *resp = &resop->nfs_resop4_u.opillegal; 2269 2270 resop->resop = OP_ILLEGAL; 2271 *cs->statusp = resp->status = NFS4ERR_OP_ILLEGAL; 2272 } 2273 2274 /* 2275 * link: args: SAVED_FH: file, CURRENT_FH: target directory 2276 * res: status. If success - CURRENT_FH unchanged, return change_info 2277 */ 2278 /* ARGSUSED */ 2279 static void 2280 rfs4_op_link(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2281 struct compound_state *cs) 2282 { 2283 LINK4args *args = &argop->nfs_argop4_u.oplink; 2284 LINK4res *resp = &resop->nfs_resop4_u.oplink; 2285 int error; 2286 vnode_t *vp; 2287 vnode_t *dvp; 2288 struct vattr bdva, idva, adva; 2289 char *nm; 2290 uint_t len; 2291 2292 /* SAVED_FH: source object */ 2293 vp = cs->saved_vp; 2294 if (vp == NULL) { 2295 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2296 return; 2297 } 2298 2299 /* CURRENT_FH: target directory */ 2300 dvp = cs->vp; 2301 if (dvp == NULL) { 2302 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2303 return; 2304 } 2305 2306 /* 2307 * If there is a non-shared filesystem mounted on this vnode, 2308 * do not allow to link any file in this directory. 2309 */ 2310 if (vn_ismntpt(dvp)) { 2311 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2312 return; 2313 } 2314 2315 if (cs->access == CS_ACCESS_DENIED) { 2316 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2317 return; 2318 } 2319 2320 /* Check source object's type validity */ 2321 if (vp->v_type == VDIR) { 2322 *cs->statusp = resp->status = NFS4ERR_ISDIR; 2323 return; 2324 } 2325 2326 /* Check target directory's type */ 2327 if (dvp->v_type != VDIR) { 2328 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2329 return; 2330 } 2331 2332 if (cs->saved_exi != cs->exi) { 2333 *cs->statusp = resp->status = NFS4ERR_XDEV; 2334 return; 2335 } 2336 2337 if (!utf8_dir_verify(&args->newname)) { 2338 *cs->statusp = resp->status = NFS4ERR_INVAL; 2339 return; 2340 } 2341 2342 nm = utf8_to_fn(&args->newname, &len, NULL); 2343 if (nm == NULL) { 2344 *cs->statusp = resp->status = NFS4ERR_INVAL; 2345 return; 2346 } 2347 2348 if (len > MAXNAMELEN) { 2349 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 2350 kmem_free(nm, len); 2351 return; 2352 } 2353 2354 if (rdonly4(cs->exi, cs->vp, req)) { 2355 *cs->statusp = resp->status = NFS4ERR_ROFS; 2356 kmem_free(nm, len); 2357 return; 2358 } 2359 2360 /* Get "before" change value */ 2361 bdva.va_mask = AT_CTIME|AT_SEQ; 2362 error = VOP_GETATTR(dvp, &bdva, 0, cs->cr, NULL); 2363 if (error) { 2364 *cs->statusp = resp->status = puterrno4(error); 2365 kmem_free(nm, len); 2366 return; 2367 } 2368 2369 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime) 2370 2371 error = VOP_LINK(dvp, vp, nm, cs->cr, NULL, 0); 2372 2373 kmem_free(nm, len); 2374 2375 /* 2376 * Get the initial "after" sequence number, if it fails, set to zero 2377 */ 2378 idva.va_mask = AT_SEQ; 2379 if (VOP_GETATTR(dvp, &idva, 0, cs->cr, NULL)) 2380 idva.va_seq = 0; 2381 2382 /* 2383 * Force modified data and metadata out to stable storage. 2384 */ 2385 (void) VOP_FSYNC(vp, FNODSYNC, cs->cr, NULL); 2386 (void) VOP_FSYNC(dvp, 0, cs->cr, NULL); 2387 2388 if (error) { 2389 *cs->statusp = resp->status = puterrno4(error); 2390 return; 2391 } 2392 2393 /* 2394 * Get "after" change value, if it fails, simply return the 2395 * before value. 2396 */ 2397 adva.va_mask = AT_CTIME|AT_SEQ; 2398 if (VOP_GETATTR(dvp, &adva, 0, cs->cr, NULL)) { 2399 adva.va_ctime = bdva.va_ctime; 2400 adva.va_seq = 0; 2401 } 2402 2403 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime) 2404 2405 /* 2406 * The cinfo.atomic = TRUE only if we have 2407 * non-zero va_seq's, and it has incremented by exactly one 2408 * during the VOP_LINK and it didn't change during the VOP_FSYNC. 2409 */ 2410 if (bdva.va_seq && idva.va_seq && adva.va_seq && 2411 idva.va_seq == (bdva.va_seq + 1) && idva.va_seq == adva.va_seq) 2412 resp->cinfo.atomic = TRUE; 2413 else 2414 resp->cinfo.atomic = FALSE; 2415 2416 *cs->statusp = resp->status = NFS4_OK; 2417 } 2418 2419 /* 2420 * Used by rfs4_op_lookup and rfs4_op_lookupp to do the actual work. 2421 */ 2422 2423 /* ARGSUSED */ 2424 static nfsstat4 2425 do_rfs4_op_lookup(char *nm, uint_t buflen, struct svc_req *req, 2426 struct compound_state *cs) 2427 { 2428 int error; 2429 int different_export = 0; 2430 vnode_t *vp, *tvp, *pre_tvp = NULL, *oldvp = NULL; 2431 struct exportinfo *exi = NULL, *pre_exi = NULL; 2432 nfsstat4 stat; 2433 fid_t fid; 2434 int attrdir, dotdot, walk; 2435 bool_t is_newvp = FALSE; 2436 2437 if (cs->vp->v_flag & V_XATTRDIR) { 2438 attrdir = 1; 2439 ASSERT(get_fh4_flag(&cs->fh, FH4_ATTRDIR)); 2440 } else { 2441 attrdir = 0; 2442 ASSERT(! get_fh4_flag(&cs->fh, FH4_ATTRDIR)); 2443 } 2444 2445 dotdot = (nm[0] == '.' && nm[1] == '.' && nm[2] == '\0'); 2446 2447 /* 2448 * If dotdotting, then need to check whether it's 2449 * above the root of a filesystem, or above an 2450 * export point. 2451 */ 2452 if (dotdot) { 2453 2454 /* 2455 * If dotdotting at the root of a filesystem, then 2456 * need to traverse back to the mounted-on filesystem 2457 * and do the dotdot lookup there. 2458 */ 2459 if (cs->vp->v_flag & VROOT) { 2460 2461 /* 2462 * If at the system root, then can 2463 * go up no further. 2464 */ 2465 if (VN_CMP(cs->vp, rootdir)) 2466 return (puterrno4(ENOENT)); 2467 2468 /* 2469 * Traverse back to the mounted-on filesystem 2470 */ 2471 cs->vp = untraverse(cs->vp); 2472 2473 /* 2474 * Set the different_export flag so we remember 2475 * to pick up a new exportinfo entry for 2476 * this new filesystem. 2477 */ 2478 different_export = 1; 2479 } else { 2480 2481 /* 2482 * If dotdotting above an export point then set 2483 * the different_export to get new export info. 2484 */ 2485 different_export = nfs_exported(cs->exi, cs->vp); 2486 } 2487 } 2488 2489 error = VOP_LOOKUP(cs->vp, nm, &vp, NULL, 0, NULL, cs->cr, 2490 NULL, NULL, NULL); 2491 if (error) 2492 return (puterrno4(error)); 2493 2494 /* 2495 * If the vnode is in a pseudo filesystem, check whether it is visible. 2496 * 2497 * XXX if the vnode is a symlink and it is not visible in 2498 * a pseudo filesystem, return ENOENT (not following symlink). 2499 * V4 client can not mount such symlink. This is a regression 2500 * from V2/V3. 2501 * 2502 * In the same exported filesystem, if the security flavor used 2503 * is not an explicitly shared flavor, limit the view to the visible 2504 * list entries only. This is not a WRONGSEC case because it's already 2505 * checked via PUTROOTFH/PUTPUBFH or PUTFH. 2506 */ 2507 if (!different_export && 2508 (PSEUDO(cs->exi) || ! is_exported_sec(cs->nfsflavor, cs->exi) || 2509 cs->access & CS_ACCESS_LIMITED)) { 2510 if (! nfs_visible(cs->exi, vp, &different_export)) { 2511 VN_RELE(vp); 2512 return (puterrno4(ENOENT)); 2513 } 2514 } 2515 2516 /* 2517 * If it's a mountpoint, then traverse it. 2518 */ 2519 if (vn_ismntpt(vp)) { 2520 pre_exi = cs->exi; /* save pre-traversed exportinfo */ 2521 pre_tvp = vp; /* save pre-traversed vnode */ 2522 2523 /* 2524 * hold pre_tvp to counteract rele by traverse. We will 2525 * need pre_tvp below if checkexport4 fails 2526 */ 2527 VN_HOLD(pre_tvp); 2528 tvp = vp; 2529 if ((error = traverse(&tvp)) != 0) { 2530 VN_RELE(vp); 2531 VN_RELE(pre_tvp); 2532 return (puterrno4(error)); 2533 } 2534 vp = tvp; 2535 different_export = 1; 2536 } else if (vp->v_vfsp != cs->vp->v_vfsp) { 2537 /* 2538 * The vfsp comparison is to handle the case where 2539 * a LOFS mount is shared. lo_lookup traverses mount points, 2540 * and NFS is unaware of local fs transistions because 2541 * v_vfsmountedhere isn't set. For this special LOFS case, 2542 * the dir and the obj returned by lookup will have different 2543 * vfs ptrs. 2544 */ 2545 different_export = 1; 2546 } 2547 2548 if (different_export) { 2549 2550 bzero(&fid, sizeof (fid)); 2551 fid.fid_len = MAXFIDSZ; 2552 error = vop_fid_pseudo(vp, &fid); 2553 if (error) { 2554 VN_RELE(vp); 2555 if (pre_tvp) 2556 VN_RELE(pre_tvp); 2557 return (puterrno4(error)); 2558 } 2559 2560 if (dotdot) 2561 exi = nfs_vptoexi(NULL, vp, cs->cr, &walk, NULL, TRUE); 2562 else 2563 exi = checkexport4(&vp->v_vfsp->vfs_fsid, &fid, vp); 2564 2565 if (exi == NULL) { 2566 if (pre_tvp) { 2567 /* 2568 * If this vnode is a mounted-on vnode, 2569 * but the mounted-on file system is not 2570 * exported, send back the filehandle for 2571 * the mounted-on vnode, not the root of 2572 * the mounted-on file system. 2573 */ 2574 VN_RELE(vp); 2575 vp = pre_tvp; 2576 exi = pre_exi; 2577 } else { 2578 VN_RELE(vp); 2579 return (puterrno4(EACCES)); 2580 } 2581 } else if (pre_tvp) { 2582 /* we're done with pre_tvp now. release extra hold */ 2583 VN_RELE(pre_tvp); 2584 } 2585 2586 cs->exi = exi; 2587 2588 /* 2589 * Now we do a checkauth4. The reason is that 2590 * this client/user may not have access to the new 2591 * exported file system, and if he does, 2592 * the client/user may be mapped to a different uid. 2593 * 2594 * We start with a new cr, because the checkauth4 done 2595 * in the PUT*FH operation over wrote the cred's uid, 2596 * gid, etc, and we want the real thing before calling 2597 * checkauth4() 2598 */ 2599 crfree(cs->cr); 2600 cs->cr = crdup(cs->basecr); 2601 2602 if (cs->vp) 2603 oldvp = cs->vp; 2604 cs->vp = vp; 2605 is_newvp = TRUE; 2606 2607 stat = call_checkauth4(cs, req); 2608 if (stat != NFS4_OK) { 2609 VN_RELE(cs->vp); 2610 cs->vp = oldvp; 2611 return (stat); 2612 } 2613 } 2614 2615 /* 2616 * After various NFS checks, do a label check on the path 2617 * component. The label on this path should either be the 2618 * global zone's label or a zone's label. We are only 2619 * interested in the zone's label because exported files 2620 * in global zone is accessible (though read-only) to 2621 * clients. The exportability/visibility check is already 2622 * done before reaching this code. 2623 */ 2624 if (is_system_labeled()) { 2625 bslabel_t *clabel; 2626 2627 ASSERT(req->rq_label != NULL); 2628 clabel = req->rq_label; 2629 DTRACE_PROBE2(tx__rfs4__log__info__oplookup__clabel, char *, 2630 "got client label from request(1)", struct svc_req *, req); 2631 2632 if (!blequal(&l_admin_low->tsl_label, clabel)) { 2633 if (!do_rfs_label_check(clabel, vp, DOMINANCE_CHECK)) { 2634 error = EACCES; 2635 goto err_out; 2636 } 2637 } else { 2638 /* 2639 * We grant access to admin_low label clients 2640 * only if the client is trusted, i.e. also 2641 * running Solaris Trusted Extension. 2642 */ 2643 struct sockaddr *ca; 2644 int addr_type; 2645 void *ipaddr; 2646 tsol_tpc_t *tp; 2647 2648 ca = (struct sockaddr *)svc_getrpccaller( 2649 req->rq_xprt)->buf; 2650 if (ca->sa_family == AF_INET) { 2651 addr_type = IPV4_VERSION; 2652 ipaddr = &((struct sockaddr_in *)ca)->sin_addr; 2653 } else if (ca->sa_family == AF_INET6) { 2654 addr_type = IPV6_VERSION; 2655 ipaddr = &((struct sockaddr_in6 *) 2656 ca)->sin6_addr; 2657 } 2658 tp = find_tpc(ipaddr, addr_type, B_FALSE); 2659 if (tp == NULL || tp->tpc_tp.tp_doi != 2660 l_admin_low->tsl_doi || tp->tpc_tp.host_type != 2661 SUN_CIPSO) { 2662 if (tp != NULL) 2663 TPC_RELE(tp); 2664 error = EACCES; 2665 goto err_out; 2666 } 2667 TPC_RELE(tp); 2668 } 2669 } 2670 2671 error = makefh4(&cs->fh, vp, cs->exi); 2672 2673 err_out: 2674 if (error) { 2675 if (is_newvp) { 2676 VN_RELE(cs->vp); 2677 cs->vp = oldvp; 2678 } else 2679 VN_RELE(vp); 2680 return (puterrno4(error)); 2681 } 2682 2683 if (!is_newvp) { 2684 if (cs->vp) 2685 VN_RELE(cs->vp); 2686 cs->vp = vp; 2687 } else if (oldvp) 2688 VN_RELE(oldvp); 2689 2690 /* 2691 * if did lookup on attrdir and didn't lookup .., set named 2692 * attr fh flag 2693 */ 2694 if (attrdir && ! dotdot) 2695 set_fh4_flag(&cs->fh, FH4_NAMEDATTR); 2696 2697 /* Assume false for now, open proc will set this */ 2698 cs->mandlock = FALSE; 2699 2700 return (NFS4_OK); 2701 } 2702 2703 /* ARGSUSED */ 2704 static void 2705 rfs4_op_lookup(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2706 struct compound_state *cs) 2707 { 2708 LOOKUP4args *args = &argop->nfs_argop4_u.oplookup; 2709 LOOKUP4res *resp = &resop->nfs_resop4_u.oplookup; 2710 char *nm; 2711 uint_t len; 2712 2713 if (cs->vp == NULL) { 2714 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2715 return; 2716 } 2717 2718 if (cs->vp->v_type == VLNK) { 2719 *cs->statusp = resp->status = NFS4ERR_SYMLINK; 2720 return; 2721 } 2722 2723 if (cs->vp->v_type != VDIR) { 2724 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2725 return; 2726 } 2727 2728 if (!utf8_dir_verify(&args->objname)) { 2729 *cs->statusp = resp->status = NFS4ERR_INVAL; 2730 return; 2731 } 2732 2733 nm = utf8_to_str(&args->objname, &len, NULL); 2734 if (nm == NULL) { 2735 *cs->statusp = resp->status = NFS4ERR_INVAL; 2736 return; 2737 } 2738 2739 if (len > MAXNAMELEN) { 2740 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 2741 kmem_free(nm, len); 2742 return; 2743 } 2744 2745 *cs->statusp = resp->status = do_rfs4_op_lookup(nm, len, req, cs); 2746 2747 kmem_free(nm, len); 2748 } 2749 2750 /* ARGSUSED */ 2751 static void 2752 rfs4_op_lookupp(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 2753 struct compound_state *cs) 2754 { 2755 LOOKUPP4res *resp = &resop->nfs_resop4_u.oplookupp; 2756 2757 if (cs->vp == NULL) { 2758 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2759 return; 2760 } 2761 2762 if (cs->vp->v_type != VDIR) { 2763 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 2764 return; 2765 } 2766 2767 *cs->statusp = resp->status = do_rfs4_op_lookup("..", 3, req, cs); 2768 2769 /* 2770 * From NFSV4 Specification, LOOKUPP should not check for 2771 * NFS4ERR_WRONGSEC. Retrun NFS4_OK instead. 2772 */ 2773 if (resp->status == NFS4ERR_WRONGSEC) { 2774 *cs->statusp = resp->status = NFS4_OK; 2775 } 2776 } 2777 2778 2779 /*ARGSUSED2*/ 2780 static void 2781 rfs4_op_openattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2782 struct compound_state *cs) 2783 { 2784 OPENATTR4args *args = &argop->nfs_argop4_u.opopenattr; 2785 OPENATTR4res *resp = &resop->nfs_resop4_u.opopenattr; 2786 vnode_t *avp = NULL; 2787 int lookup_flags = LOOKUP_XATTR, error; 2788 int exp_ro = 0; 2789 2790 if (cs->vp == NULL) { 2791 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2792 return; 2793 } 2794 2795 /* 2796 * Make a couple of checks made by copen() 2797 * 2798 * Check to make sure underlying fs supports xattrs. This 2799 * is required because solaris filesystem implementations 2800 * (UFS/TMPFS) don't enforce the noxattr mount option 2801 * in VOP_LOOKUP(LOOKUP_XATTR). If fs doesn't support this 2802 * pathconf cmd or if fs supports cmd but doesn't claim 2803 * support for xattr, return NOTSUPP. It would be better 2804 * to use VOP_PATHCONF( _PC_XATTR_ENABLED) for this; however, 2805 * that cmd is not available to VOP_PATHCONF interface 2806 * (it's only implemented inside pathconf syscall)... 2807 * 2808 * Verify permission to put attributes on files (access 2809 * checks from copen). 2810 */ 2811 2812 if ((cs->vp->v_vfsp->vfs_flag & VFS_XATTR) == 0 && 2813 !vfs_has_feature(cs->vp->v_vfsp, VFSFT_XVATTR)) { 2814 error = ENOTSUP; 2815 goto error_out; 2816 } 2817 2818 if ((VOP_ACCESS(cs->vp, VREAD, 0, cs->cr, NULL) != 0) && 2819 (VOP_ACCESS(cs->vp, VWRITE, 0, cs->cr, NULL) != 0) && 2820 (VOP_ACCESS(cs->vp, VEXEC, 0, cs->cr, NULL) != 0)) { 2821 error = EACCES; 2822 goto error_out; 2823 } 2824 2825 /* 2826 * The CREATE_XATTR_DIR VOP flag cannot be specified if 2827 * the file system is exported read-only -- regardless of 2828 * createdir flag. Otherwise the attrdir would be created 2829 * (assuming server fs isn't mounted readonly locally). If 2830 * VOP_LOOKUP returns ENOENT in this case, the error will 2831 * be translated into EROFS. ENOSYS is mapped to ENOTSUP 2832 * because specfs has no VOP_LOOKUP op, so the macro would 2833 * return ENOSYS. EINVAL is returned by all (current) 2834 * Solaris file system implementations when any of their 2835 * restrictions are violated (xattr(dir) can't have xattrdir). 2836 * Returning NOTSUPP is more appropriate in this case 2837 * because the object will never be able to have an attrdir. 2838 */ 2839 if (args->createdir && ! (exp_ro = rdonly4(cs->exi, cs->vp, req))) 2840 lookup_flags |= CREATE_XATTR_DIR; 2841 2842 error = VOP_LOOKUP(cs->vp, "", &avp, NULL, lookup_flags, NULL, cs->cr, 2843 NULL, NULL, NULL); 2844 2845 if (error) { 2846 if (error == ENOENT && args->createdir && exp_ro) 2847 error = EROFS; 2848 else if (error == EINVAL || error == ENOSYS) 2849 error = ENOTSUP; 2850 goto error_out; 2851 } 2852 2853 ASSERT(avp->v_flag & V_XATTRDIR); 2854 2855 error = makefh4(&cs->fh, avp, cs->exi); 2856 2857 if (error) { 2858 VN_RELE(avp); 2859 goto error_out; 2860 } 2861 2862 VN_RELE(cs->vp); 2863 cs->vp = avp; 2864 2865 /* 2866 * There is no requirement for an attrdir fh flag 2867 * because the attrdir has a vnode flag to distinguish 2868 * it from regular (non-xattr) directories. The 2869 * FH4_ATTRDIR flag is set for future sanity checks. 2870 */ 2871 set_fh4_flag(&cs->fh, FH4_ATTRDIR); 2872 *cs->statusp = resp->status = NFS4_OK; 2873 return; 2874 2875 error_out: 2876 2877 *cs->statusp = resp->status = puterrno4(error); 2878 } 2879 2880 static int 2881 do_io(int direction, vnode_t *vp, struct uio *uio, int ioflag, cred_t *cred, 2882 caller_context_t *ct) 2883 { 2884 int error; 2885 int i; 2886 clock_t delaytime; 2887 2888 delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay); 2889 2890 /* 2891 * Don't block on mandatory locks. If this routine returns 2892 * EAGAIN, the caller should return NFS4ERR_LOCKED. 2893 */ 2894 uio->uio_fmode = FNONBLOCK; 2895 2896 for (i = 0; i < rfs4_maxlock_tries; i++) { 2897 2898 2899 if (direction == FREAD) { 2900 (void) VOP_RWLOCK(vp, V_WRITELOCK_FALSE, ct); 2901 error = VOP_READ(vp, uio, ioflag, cred, ct); 2902 VOP_RWUNLOCK(vp, V_WRITELOCK_FALSE, ct); 2903 } else { 2904 (void) VOP_RWLOCK(vp, V_WRITELOCK_TRUE, ct); 2905 error = VOP_WRITE(vp, uio, ioflag, cred, ct); 2906 VOP_RWUNLOCK(vp, V_WRITELOCK_TRUE, ct); 2907 } 2908 2909 if (error != EAGAIN) 2910 break; 2911 2912 if (i < rfs4_maxlock_tries - 1) { 2913 delay(delaytime); 2914 delaytime *= 2; 2915 } 2916 } 2917 2918 return (error); 2919 } 2920 2921 /* ARGSUSED */ 2922 static void 2923 rfs4_op_read(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 2924 struct compound_state *cs) 2925 { 2926 READ4args *args = &argop->nfs_argop4_u.opread; 2927 READ4res *resp = &resop->nfs_resop4_u.opread; 2928 int error; 2929 int verror; 2930 vnode_t *vp; 2931 struct vattr va; 2932 struct iovec iov; 2933 struct uio uio; 2934 u_offset_t offset; 2935 bool_t *deleg = &cs->deleg; 2936 nfsstat4 stat; 2937 int in_crit = 0; 2938 mblk_t *mp; 2939 int alloc_err = 0; 2940 caller_context_t ct; 2941 2942 vp = cs->vp; 2943 if (vp == NULL) { 2944 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 2945 return; 2946 } 2947 if (cs->access == CS_ACCESS_DENIED) { 2948 *cs->statusp = resp->status = NFS4ERR_ACCESS; 2949 return; 2950 } 2951 2952 if ((stat = rfs4_check_stateid(FREAD, vp, &args->stateid, FALSE, 2953 deleg, TRUE, &ct)) != NFS4_OK) { 2954 *cs->statusp = resp->status = stat; 2955 goto out; 2956 } 2957 2958 /* 2959 * Enter the critical region before calling VOP_RWLOCK 2960 * to avoid a deadlock with write requests. 2961 */ 2962 if (nbl_need_check(vp)) { 2963 nbl_start_crit(vp, RW_READER); 2964 in_crit = 1; 2965 if (nbl_conflict(vp, NBL_READ, args->offset, args->count, 0, 2966 &ct)) { 2967 *cs->statusp = resp->status = NFS4ERR_LOCKED; 2968 goto out; 2969 } 2970 } 2971 2972 if ((stat = rfs4_check_stateid(FREAD, vp, &args->stateid, FALSE, 2973 deleg, TRUE, &ct)) != NFS4_OK) { 2974 *cs->statusp = resp->status = stat; 2975 goto out; 2976 } 2977 2978 va.va_mask = AT_MODE|AT_SIZE|AT_UID; 2979 verror = VOP_GETATTR(vp, &va, 0, cs->cr, &ct); 2980 2981 /* 2982 * If we can't get the attributes, then we can't do the 2983 * right access checking. So, we'll fail the request. 2984 */ 2985 if (verror) { 2986 *cs->statusp = resp->status = puterrno4(verror); 2987 goto out; 2988 } 2989 2990 if (vp->v_type != VREG) { 2991 *cs->statusp = resp->status = 2992 ((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL); 2993 goto out; 2994 } 2995 2996 if (crgetuid(cs->cr) != va.va_uid && 2997 (error = VOP_ACCESS(vp, VREAD, 0, cs->cr, &ct)) && 2998 (error = VOP_ACCESS(vp, VEXEC, 0, cs->cr, &ct))) { 2999 *cs->statusp = resp->status = puterrno4(error); 3000 goto out; 3001 } 3002 3003 if (MANDLOCK(vp, va.va_mode)) { /* XXX - V4 supports mand locking */ 3004 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3005 goto out; 3006 } 3007 3008 offset = args->offset; 3009 if (offset >= va.va_size) { 3010 *cs->statusp = resp->status = NFS4_OK; 3011 resp->eof = TRUE; 3012 resp->data_len = 0; 3013 resp->data_val = NULL; 3014 resp->mblk = NULL; 3015 *cs->statusp = resp->status = NFS4_OK; 3016 goto out; 3017 } 3018 3019 if (args->count == 0) { 3020 *cs->statusp = resp->status = NFS4_OK; 3021 resp->eof = FALSE; 3022 resp->data_len = 0; 3023 resp->data_val = NULL; 3024 resp->mblk = NULL; 3025 goto out; 3026 } 3027 3028 /* 3029 * Do not allocate memory more than maximum allowed 3030 * transfer size 3031 */ 3032 if (args->count > rfs4_tsize(req)) 3033 args->count = rfs4_tsize(req); 3034 3035 /* 3036 * mp will contain the data to be sent out in the read reply. 3037 * It will be freed after the reply has been sent. 3038 * Let's roundup the data to a BYTES_PER_XDR_UNIT multiple, 3039 * so that the call to xdrmblk_putmblk() never fails. 3040 * If the first alloc of the requested size fails, then 3041 * decrease the size to something more reasonable and wait 3042 * for the allocation to occur. 3043 */ 3044 mp = allocb(RNDUP(args->count), BPRI_MED); 3045 if (mp == NULL) { 3046 if (args->count > MAXBSIZE) 3047 args->count = MAXBSIZE; 3048 mp = allocb_wait(RNDUP(args->count), BPRI_MED, 3049 STR_NOSIG, &alloc_err); 3050 } 3051 ASSERT(mp != NULL); 3052 ASSERT(alloc_err == 0); 3053 3054 iov.iov_base = (caddr_t)mp->b_datap->db_base; 3055 iov.iov_len = args->count; 3056 uio.uio_iov = &iov; 3057 uio.uio_iovcnt = 1; 3058 uio.uio_segflg = UIO_SYSSPACE; 3059 uio.uio_extflg = UIO_COPY_CACHED; 3060 uio.uio_loffset = args->offset; 3061 uio.uio_resid = args->count; 3062 3063 error = do_io(FREAD, vp, &uio, 0, cs->cr, &ct); 3064 3065 va.va_mask = AT_SIZE; 3066 verror = VOP_GETATTR(vp, &va, 0, cs->cr, &ct); 3067 3068 if (error) { 3069 freeb(mp); 3070 *cs->statusp = resp->status = puterrno4(error); 3071 goto out; 3072 } 3073 3074 *cs->statusp = resp->status = NFS4_OK; 3075 3076 ASSERT(uio.uio_resid >= 0); 3077 resp->data_len = args->count - uio.uio_resid; 3078 resp->data_val = (char *)mp->b_datap->db_base; 3079 resp->mblk = mp; 3080 3081 if (!verror && offset + resp->data_len == va.va_size) 3082 resp->eof = TRUE; 3083 else 3084 resp->eof = FALSE; 3085 3086 out: 3087 if (in_crit) 3088 nbl_end_crit(vp); 3089 } 3090 3091 static void 3092 rfs4_op_read_free(nfs_resop4 *resop) 3093 { 3094 READ4res *resp = &resop->nfs_resop4_u.opread; 3095 3096 if (resp->status == NFS4_OK && resp->mblk != NULL) { 3097 freeb(resp->mblk); 3098 resp->mblk = NULL; 3099 resp->data_val = NULL; 3100 resp->data_len = 0; 3101 } 3102 } 3103 3104 static void 3105 rfs4_op_readdir_free(nfs_resop4 *resop) 3106 { 3107 READDIR4res *resp = &resop->nfs_resop4_u.opreaddir; 3108 3109 if (resp->status == NFS4_OK && resp->mblk != NULL) { 3110 freeb(resp->mblk); 3111 resp->mblk = NULL; 3112 resp->data_len = 0; 3113 } 3114 } 3115 3116 3117 /* ARGSUSED */ 3118 static void 3119 rfs4_op_putpubfh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 3120 struct compound_state *cs) 3121 { 3122 PUTPUBFH4res *resp = &resop->nfs_resop4_u.opputpubfh; 3123 int error; 3124 vnode_t *vp; 3125 struct exportinfo *exi, *sav_exi; 3126 nfs_fh4_fmt_t *fh_fmtp; 3127 3128 if (cs->vp) { 3129 VN_RELE(cs->vp); 3130 cs->vp = NULL; 3131 } 3132 3133 if (cs->cr) 3134 crfree(cs->cr); 3135 3136 cs->cr = crdup(cs->basecr); 3137 3138 vp = exi_public->exi_vp; 3139 if (vp == NULL) { 3140 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 3141 return; 3142 } 3143 3144 if (is_system_labeled()) { 3145 bslabel_t *clabel; 3146 3147 ASSERT(req->rq_label != NULL); 3148 clabel = req->rq_label; 3149 DTRACE_PROBE2(tx__rfs4__log__info__opputpubfh__clabel, char *, 3150 "got client label from request(1)", 3151 struct svc_req *, req); 3152 if (!blequal(&l_admin_low->tsl_label, clabel)) { 3153 if (!do_rfs_label_check(clabel, vp, DOMINANCE_CHECK)) { 3154 *cs->statusp = resp->status = 3155 NFS4ERR_SERVERFAULT; 3156 return; 3157 } 3158 } 3159 } 3160 3161 error = makefh4(&cs->fh, vp, exi_public); 3162 if (error != 0) { 3163 *cs->statusp = resp->status = puterrno4(error); 3164 return; 3165 } 3166 sav_exi = cs->exi; 3167 if (exi_public == exi_root) { 3168 /* 3169 * No filesystem is actually shared public, so we default 3170 * to exi_root. In this case, we must check whether root 3171 * is exported. 3172 */ 3173 fh_fmtp = (nfs_fh4_fmt_t *)cs->fh.nfs_fh4_val; 3174 3175 /* 3176 * if root filesystem is exported, the exportinfo struct that we 3177 * should use is what checkexport4 returns, because root_exi is 3178 * actually a mostly empty struct. 3179 */ 3180 exi = checkexport4(&fh_fmtp->fh4_fsid, 3181 (fid_t *)&fh_fmtp->fh4_xlen, NULL); 3182 cs->exi = ((exi != NULL) ? exi : exi_public); 3183 } else { 3184 /* 3185 * it's a properly shared filesystem 3186 */ 3187 cs->exi = exi_public; 3188 } 3189 3190 VN_HOLD(vp); 3191 cs->vp = vp; 3192 3193 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3194 VN_RELE(cs->vp); 3195 cs->vp = NULL; 3196 cs->exi = sav_exi; 3197 return; 3198 } 3199 3200 *cs->statusp = resp->status = NFS4_OK; 3201 } 3202 3203 /* 3204 * XXX - issue with put*fh operations. Suppose /export/home is exported. 3205 * Suppose an NFS client goes to mount /export/home/joe. If /export, home, 3206 * or joe have restrictive search permissions, then we shouldn't let 3207 * the client get a file handle. This is easy to enforce. However, we 3208 * don't know what security flavor should be used until we resolve the 3209 * path name. Another complication is uid mapping. If root is 3210 * the user, then it will be mapped to the anonymous user by default, 3211 * but we won't know that till we've resolved the path name. And we won't 3212 * know what the anonymous user is. 3213 * Luckily, SECINFO is specified to take a full filename. 3214 * So what we will have to in rfs4_op_lookup is check that flavor of 3215 * the target object matches that of the request, and if root was the 3216 * caller, check for the root= and anon= options, and if necessary, 3217 * repeat the lookup using the right cred_t. But that's not done yet. 3218 */ 3219 /* ARGSUSED */ 3220 static void 3221 rfs4_op_putfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3222 struct compound_state *cs) 3223 { 3224 PUTFH4args *args = &argop->nfs_argop4_u.opputfh; 3225 PUTFH4res *resp = &resop->nfs_resop4_u.opputfh; 3226 nfs_fh4_fmt_t *fh_fmtp; 3227 3228 if (cs->vp) { 3229 VN_RELE(cs->vp); 3230 cs->vp = NULL; 3231 } 3232 3233 if (cs->cr) { 3234 crfree(cs->cr); 3235 cs->cr = NULL; 3236 } 3237 3238 3239 if (args->object.nfs_fh4_len < NFS_FH4_LEN) { 3240 *cs->statusp = resp->status = NFS4ERR_BADHANDLE; 3241 return; 3242 } 3243 3244 fh_fmtp = (nfs_fh4_fmt_t *)args->object.nfs_fh4_val; 3245 cs->exi = checkexport4(&fh_fmtp->fh4_fsid, (fid_t *)&fh_fmtp->fh4_xlen, 3246 NULL); 3247 3248 if (cs->exi == NULL) { 3249 *cs->statusp = resp->status = NFS4ERR_STALE; 3250 return; 3251 } 3252 3253 cs->cr = crdup(cs->basecr); 3254 3255 ASSERT(cs->cr != NULL); 3256 3257 if (! (cs->vp = nfs4_fhtovp(&args->object, cs->exi, &resp->status))) { 3258 *cs->statusp = resp->status; 3259 return; 3260 } 3261 3262 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3263 VN_RELE(cs->vp); 3264 cs->vp = NULL; 3265 return; 3266 } 3267 3268 nfs_fh4_copy(&args->object, &cs->fh); 3269 *cs->statusp = resp->status = NFS4_OK; 3270 cs->deleg = FALSE; 3271 } 3272 3273 /* ARGSUSED */ 3274 static void 3275 rfs4_op_putrootfh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3276 struct compound_state *cs) 3277 3278 { 3279 PUTROOTFH4res *resp = &resop->nfs_resop4_u.opputrootfh; 3280 int error; 3281 fid_t fid; 3282 struct exportinfo *exi, *sav_exi; 3283 3284 if (cs->vp) { 3285 VN_RELE(cs->vp); 3286 cs->vp = NULL; 3287 } 3288 3289 if (cs->cr) 3290 crfree(cs->cr); 3291 3292 cs->cr = crdup(cs->basecr); 3293 3294 /* 3295 * Using rootdir, the system root vnode, 3296 * get its fid. 3297 */ 3298 bzero(&fid, sizeof (fid)); 3299 fid.fid_len = MAXFIDSZ; 3300 error = vop_fid_pseudo(rootdir, &fid); 3301 if (error != 0) { 3302 *cs->statusp = resp->status = puterrno4(error); 3303 return; 3304 } 3305 3306 /* 3307 * Then use the root fsid & fid it to find out if it's exported 3308 * 3309 * If the server root isn't exported directly, then 3310 * it should at least be a pseudo export based on 3311 * one or more exports further down in the server's 3312 * file tree. 3313 */ 3314 exi = checkexport4(&rootdir->v_vfsp->vfs_fsid, &fid, NULL); 3315 if (exi == NULL || exi->exi_export.ex_flags & EX_PUBLIC) { 3316 NFS4_DEBUG(rfs4_debug, 3317 (CE_WARN, "rfs4_op_putrootfh: export check failure")); 3318 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 3319 return; 3320 } 3321 3322 /* 3323 * Now make a filehandle based on the root 3324 * export and root vnode. 3325 */ 3326 error = makefh4(&cs->fh, rootdir, exi); 3327 if (error != 0) { 3328 *cs->statusp = resp->status = puterrno4(error); 3329 return; 3330 } 3331 3332 sav_exi = cs->exi; 3333 cs->exi = exi; 3334 3335 VN_HOLD(rootdir); 3336 cs->vp = rootdir; 3337 3338 if ((resp->status = call_checkauth4(cs, req)) != NFS4_OK) { 3339 VN_RELE(rootdir); 3340 cs->vp = NULL; 3341 cs->exi = sav_exi; 3342 return; 3343 } 3344 3345 *cs->statusp = resp->status = NFS4_OK; 3346 cs->deleg = FALSE; 3347 } 3348 3349 /* 3350 * A directory entry is a valid nfsv4 entry if 3351 * - it has a non-zero ino 3352 * - it is not a dot or dotdot name 3353 * - it is visible in a pseudo export or in a real export that can 3354 * only have a limited view. 3355 */ 3356 static bool_t 3357 valid_nfs4_entry(struct exportinfo *exi, struct dirent64 *dp, 3358 int *expseudo, int check_visible) 3359 { 3360 if (dp->d_ino == 0 || NFS_IS_DOTNAME(dp->d_name)) { 3361 *expseudo = 0; 3362 return (FALSE); 3363 } 3364 3365 if (! check_visible) { 3366 *expseudo = 0; 3367 return (TRUE); 3368 } 3369 3370 return (nfs_visible_inode(exi, dp->d_ino, expseudo)); 3371 } 3372 3373 /* 3374 * set_rdattr_params sets up the variables used to manage what information 3375 * to get for each directory entry. 3376 */ 3377 static nfsstat4 3378 set_rdattr_params(struct nfs4_svgetit_arg *sargp, 3379 bitmap4 attrs, bool_t *need_to_lookup) 3380 { 3381 uint_t va_mask; 3382 nfsstat4 status; 3383 bitmap4 objbits; 3384 3385 status = bitmap4_to_attrmask(attrs, sargp); 3386 if (status != NFS4_OK) { 3387 /* 3388 * could not even figure attr mask 3389 */ 3390 return (status); 3391 } 3392 va_mask = sargp->vap->va_mask; 3393 3394 /* 3395 * dirent's d_ino is always correct value for mounted_on_fileid. 3396 * mntdfid_set is set once here, but mounted_on_fileid is 3397 * set in main dirent processing loop for each dirent. 3398 * The mntdfid_set is a simple optimization that lets the 3399 * server attr code avoid work when caller is readdir. 3400 */ 3401 sargp->mntdfid_set = TRUE; 3402 3403 /* 3404 * Lookup entry only if client asked for any of the following: 3405 * a) vattr attrs 3406 * b) vfs attrs 3407 * c) attrs w/per-object scope requested (change, filehandle, etc) 3408 * other than mounted_on_fileid (which we can take from dirent) 3409 */ 3410 objbits = attrs ? attrs & NFS4_VP_ATTR_MASK : 0; 3411 3412 if (va_mask || sargp->sbp || (objbits & ~FATTR4_MOUNTED_ON_FILEID_MASK)) 3413 *need_to_lookup = TRUE; 3414 else 3415 *need_to_lookup = FALSE; 3416 3417 if (sargp->sbp == NULL) 3418 return (NFS4_OK); 3419 3420 /* 3421 * If filesystem attrs are requested, get them now from the 3422 * directory vp, as most entries will have same filesystem. The only 3423 * exception are mounted over entries but we handle 3424 * those as we go (XXX mounted over detection not yet implemented). 3425 */ 3426 sargp->vap->va_mask = 0; /* to avoid VOP_GETATTR */ 3427 status = bitmap4_get_sysattrs(sargp); 3428 sargp->vap->va_mask = va_mask; 3429 3430 if ((status != NFS4_OK) && sargp->rdattr_error_req) { 3431 /* 3432 * Failed to get filesystem attributes. 3433 * Return a rdattr_error for each entry, but don't fail. 3434 * However, don't get any obj-dependent attrs. 3435 */ 3436 sargp->rdattr_error = status; /* for rdattr_error */ 3437 *need_to_lookup = FALSE; 3438 /* 3439 * At least get fileid for regular readdir output 3440 */ 3441 sargp->vap->va_mask &= AT_NODEID; 3442 status = NFS4_OK; 3443 } 3444 3445 return (status); 3446 } 3447 3448 /* 3449 * readlink: args: CURRENT_FH. 3450 * res: status. If success - CURRENT_FH unchanged, return linktext. 3451 */ 3452 3453 /* ARGSUSED */ 3454 static void 3455 rfs4_op_readlink(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3456 struct compound_state *cs) 3457 { 3458 READLINK4res *resp = &resop->nfs_resop4_u.opreadlink; 3459 int error; 3460 vnode_t *vp; 3461 struct iovec iov; 3462 struct vattr va; 3463 struct uio uio; 3464 char *data; 3465 3466 /* CURRENT_FH: directory */ 3467 vp = cs->vp; 3468 if (vp == NULL) { 3469 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3470 return; 3471 } 3472 3473 if (cs->access == CS_ACCESS_DENIED) { 3474 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3475 return; 3476 } 3477 3478 if (vp->v_type == VDIR) { 3479 *cs->statusp = resp->status = NFS4ERR_ISDIR; 3480 return; 3481 } 3482 3483 if (vp->v_type != VLNK) { 3484 *cs->statusp = resp->status = NFS4ERR_INVAL; 3485 return; 3486 } 3487 3488 va.va_mask = AT_MODE; 3489 error = VOP_GETATTR(vp, &va, 0, cs->cr, NULL); 3490 if (error) { 3491 *cs->statusp = resp->status = puterrno4(error); 3492 return; 3493 } 3494 3495 if (MANDLOCK(vp, va.va_mode)) { 3496 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3497 return; 3498 } 3499 3500 data = kmem_alloc(MAXPATHLEN + 1, KM_SLEEP); 3501 3502 iov.iov_base = data; 3503 iov.iov_len = MAXPATHLEN; 3504 uio.uio_iov = &iov; 3505 uio.uio_iovcnt = 1; 3506 uio.uio_segflg = UIO_SYSSPACE; 3507 uio.uio_extflg = UIO_COPY_CACHED; 3508 uio.uio_loffset = 0; 3509 uio.uio_resid = MAXPATHLEN; 3510 3511 error = VOP_READLINK(vp, &uio, cs->cr, NULL); 3512 3513 if (error) { 3514 kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1); 3515 *cs->statusp = resp->status = puterrno4(error); 3516 return; 3517 } 3518 3519 *(data + MAXPATHLEN - uio.uio_resid) = '\0'; 3520 3521 /* 3522 * treat link name as data 3523 */ 3524 (void) str_to_utf8(data, &resp->link); 3525 3526 kmem_free((caddr_t)data, (uint_t)MAXPATHLEN + 1); 3527 *cs->statusp = resp->status = NFS4_OK; 3528 } 3529 3530 static void 3531 rfs4_op_readlink_free(nfs_resop4 *resop) 3532 { 3533 READLINK4res *resp = &resop->nfs_resop4_u.opreadlink; 3534 utf8string *symlink = &resp->link; 3535 3536 if (symlink->utf8string_val) { 3537 UTF8STRING_FREE(*symlink) 3538 } 3539 } 3540 3541 /* 3542 * release_lockowner: 3543 * Release any state associated with the supplied 3544 * lockowner. Note if any lo_state is holding locks we will not 3545 * rele that lo_state and thus the lockowner will not be destroyed. 3546 * A client using lock after the lock owner stateid has been released 3547 * will suffer the consequence of NFS4ERR_BAD_STATEID and would have 3548 * to reissue the lock with new_lock_owner set to TRUE. 3549 * args: lock_owner 3550 * res: status 3551 */ 3552 /* ARGSUSED */ 3553 static void 3554 rfs4_op_release_lockowner(nfs_argop4 *argop, nfs_resop4 *resop, 3555 struct svc_req *req, struct compound_state *cs) 3556 { 3557 RELEASE_LOCKOWNER4args *ap = &argop->nfs_argop4_u.oprelease_lockowner; 3558 RELEASE_LOCKOWNER4res *resp = &resop->nfs_resop4_u.oprelease_lockowner; 3559 rfs4_lockowner_t *lo; 3560 rfs4_openowner_t *oop; 3561 rfs4_state_t *sp; 3562 rfs4_lo_state_t *lsp; 3563 rfs4_client_t *cp; 3564 bool_t create = FALSE; 3565 locklist_t *llist; 3566 sysid_t sysid; 3567 3568 /* Make sure there is a clientid around for this request */ 3569 cp = rfs4_findclient_by_id(ap->lock_owner.clientid, FALSE); 3570 3571 if (cp == NULL) { 3572 *cs->statusp = resp->status = 3573 rfs4_check_clientid(&ap->lock_owner.clientid, 0); 3574 return; 3575 } 3576 rfs4_client_rele(cp); 3577 3578 lo = rfs4_findlockowner(&ap->lock_owner, &create); 3579 if (lo == NULL) { 3580 *cs->statusp = resp->status = NFS4_OK; 3581 return; 3582 } 3583 ASSERT(lo->client != NULL); 3584 3585 /* 3586 * Check for EXPIRED client. If so will reap state with in a lease 3587 * period or on next set_clientid_confirm step 3588 */ 3589 if (rfs4_lease_expired(lo->client)) { 3590 rfs4_lockowner_rele(lo); 3591 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 3592 return; 3593 } 3594 3595 /* 3596 * If no sysid has been assigned, then no locks exist; just return. 3597 */ 3598 rfs4_dbe_lock(lo->client->dbe); 3599 if (lo->client->sysidt == LM_NOSYSID) { 3600 rfs4_lockowner_rele(lo); 3601 rfs4_dbe_unlock(lo->client->dbe); 3602 return; 3603 } 3604 3605 sysid = lo->client->sysidt; 3606 rfs4_dbe_unlock(lo->client->dbe); 3607 3608 /* 3609 * Mark the lockowner invalid. 3610 */ 3611 rfs4_dbe_hide(lo->dbe); 3612 3613 /* 3614 * sysid-pid pair should now not be used since the lockowner is 3615 * invalid. If the client were to instantiate the lockowner again 3616 * it would be assigned a new pid. Thus we can get the list of 3617 * current locks. 3618 */ 3619 3620 llist = flk_get_active_locks(sysid, lo->pid); 3621 /* If we are still holding locks fail */ 3622 if (llist != NULL) { 3623 3624 *cs->statusp = resp->status = NFS4ERR_LOCKS_HELD; 3625 3626 flk_free_locklist(llist); 3627 /* 3628 * We need to unhide the lockowner so the client can 3629 * try it again. The bad thing here is if the client 3630 * has a logic error that took it here in the first place 3631 * he probably has lost accounting of the locks that it 3632 * is holding. So we may have dangling state until the 3633 * open owner state is reaped via close. One scenario 3634 * that could possibly occur is that the client has 3635 * sent the unlock request(s) in separate threads 3636 * and has not waited for the replies before sending the 3637 * RELEASE_LOCKOWNER request. Presumably, it would expect 3638 * and deal appropriately with NFS4ERR_LOCKS_HELD, by 3639 * reissuing the request. 3640 */ 3641 rfs4_dbe_unhide(lo->dbe); 3642 rfs4_lockowner_rele(lo); 3643 return; 3644 } 3645 3646 /* 3647 * For the corresponding client we need to check each open 3648 * owner for any opens that have lockowner state associated 3649 * with this lockowner. 3650 */ 3651 3652 rfs4_dbe_lock(lo->client->dbe); 3653 for (oop = lo->client->openownerlist.next->oop; oop != NULL; 3654 oop = oop->openownerlist.next->oop) { 3655 3656 rfs4_dbe_lock(oop->dbe); 3657 for (sp = oop->ownerstateids.next->sp; sp != NULL; 3658 sp = sp->ownerstateids.next->sp) { 3659 3660 rfs4_dbe_lock(sp->dbe); 3661 for (lsp = sp->lockownerlist.next->lsp; 3662 lsp != NULL; lsp = lsp->lockownerlist.next->lsp) { 3663 if (lsp->locker == lo) { 3664 rfs4_dbe_lock(lsp->dbe); 3665 rfs4_dbe_invalidate(lsp->dbe); 3666 rfs4_dbe_unlock(lsp->dbe); 3667 } 3668 } 3669 rfs4_dbe_unlock(sp->dbe); 3670 } 3671 rfs4_dbe_unlock(oop->dbe); 3672 } 3673 rfs4_dbe_unlock(lo->client->dbe); 3674 3675 rfs4_lockowner_rele(lo); 3676 3677 *cs->statusp = resp->status = NFS4_OK; 3678 } 3679 3680 /* 3681 * short utility function to lookup a file and recall the delegation 3682 */ 3683 static rfs4_file_t * 3684 rfs4_lookup_and_findfile(vnode_t *dvp, char *nm, vnode_t **vpp, 3685 int *lkup_error, cred_t *cr) 3686 { 3687 vnode_t *vp; 3688 rfs4_file_t *fp = NULL; 3689 bool_t fcreate = FALSE; 3690 int error; 3691 3692 if (vpp) 3693 *vpp = NULL; 3694 3695 if ((error = VOP_LOOKUP(dvp, nm, &vp, NULL, 0, NULL, cr, NULL, NULL, 3696 NULL)) == 0) { 3697 if (vp->v_type == VREG) 3698 fp = rfs4_findfile(vp, NULL, &fcreate); 3699 if (vpp) 3700 *vpp = vp; 3701 else 3702 VN_RELE(vp); 3703 } 3704 3705 if (lkup_error) 3706 *lkup_error = error; 3707 3708 return (fp); 3709 } 3710 3711 /* 3712 * remove: args: CURRENT_FH: directory; name. 3713 * res: status. If success - CURRENT_FH unchanged, return change_info 3714 * for directory. 3715 */ 3716 /* ARGSUSED */ 3717 static void 3718 rfs4_op_remove(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3719 struct compound_state *cs) 3720 { 3721 REMOVE4args *args = &argop->nfs_argop4_u.opremove; 3722 REMOVE4res *resp = &resop->nfs_resop4_u.opremove; 3723 int error; 3724 vnode_t *dvp, *vp; 3725 struct vattr bdva, idva, adva; 3726 char *nm; 3727 uint_t len; 3728 rfs4_file_t *fp; 3729 int in_crit = 0; 3730 bslabel_t *clabel; 3731 3732 /* CURRENT_FH: directory */ 3733 dvp = cs->vp; 3734 if (dvp == NULL) { 3735 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3736 return; 3737 } 3738 3739 if (cs->access == CS_ACCESS_DENIED) { 3740 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3741 return; 3742 } 3743 3744 /* 3745 * If there is an unshared filesystem mounted on this vnode, 3746 * Do not allow to remove anything in this directory. 3747 */ 3748 if (vn_ismntpt(dvp)) { 3749 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3750 return; 3751 } 3752 3753 if (dvp->v_type != VDIR) { 3754 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 3755 return; 3756 } 3757 3758 if (!utf8_dir_verify(&args->target)) { 3759 *cs->statusp = resp->status = NFS4ERR_INVAL; 3760 return; 3761 } 3762 3763 /* 3764 * Lookup the file so that we can check if it's a directory 3765 */ 3766 nm = utf8_to_fn(&args->target, &len, NULL); 3767 if (nm == NULL) { 3768 *cs->statusp = resp->status = NFS4ERR_INVAL; 3769 return; 3770 } 3771 3772 if (len > MAXNAMELEN) { 3773 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 3774 kmem_free(nm, len); 3775 return; 3776 } 3777 3778 if (rdonly4(cs->exi, cs->vp, req)) { 3779 *cs->statusp = resp->status = NFS4ERR_ROFS; 3780 kmem_free(nm, len); 3781 return; 3782 } 3783 3784 /* 3785 * Lookup the file to determine type and while we are see if 3786 * there is a file struct around and check for delegation. 3787 * We don't need to acquire va_seq before this lookup, if 3788 * it causes an update, cinfo.before will not match, which will 3789 * trigger a cache flush even if atomic is TRUE. 3790 */ 3791 if (fp = rfs4_lookup_and_findfile(dvp, nm, &vp, &error, cs->cr)) { 3792 if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE, 3793 NULL)) { 3794 VN_RELE(vp); 3795 rfs4_file_rele(fp); 3796 *cs->statusp = resp->status = NFS4ERR_DELAY; 3797 kmem_free(nm, len); 3798 return; 3799 } 3800 } 3801 3802 /* Didn't find anything to remove */ 3803 if (vp == NULL) { 3804 *cs->statusp = resp->status = error; 3805 kmem_free(nm, len); 3806 return; 3807 } 3808 3809 if (nbl_need_check(vp)) { 3810 nbl_start_crit(vp, RW_READER); 3811 in_crit = 1; 3812 if (nbl_conflict(vp, NBL_REMOVE, 0, 0, 0, NULL)) { 3813 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 3814 kmem_free(nm, len); 3815 nbl_end_crit(vp); 3816 VN_RELE(vp); 3817 if (fp) { 3818 rfs4_clear_dont_grant(fp); 3819 rfs4_file_rele(fp); 3820 } 3821 return; 3822 } 3823 } 3824 3825 /* check label before allowing removal */ 3826 if (is_system_labeled()) { 3827 ASSERT(req->rq_label != NULL); 3828 clabel = req->rq_label; 3829 DTRACE_PROBE2(tx__rfs4__log__info__opremove__clabel, char *, 3830 "got client label from request(1)", 3831 struct svc_req *, req); 3832 if (!blequal(&l_admin_low->tsl_label, clabel)) { 3833 if (!do_rfs_label_check(clabel, vp, EQUALITY_CHECK)) { 3834 *cs->statusp = resp->status = NFS4ERR_ACCESS; 3835 kmem_free(nm, len); 3836 if (in_crit) 3837 nbl_end_crit(vp); 3838 VN_RELE(vp); 3839 if (fp) { 3840 rfs4_clear_dont_grant(fp); 3841 rfs4_file_rele(fp); 3842 } 3843 return; 3844 } 3845 } 3846 } 3847 3848 /* Get dir "before" change value */ 3849 bdva.va_mask = AT_CTIME|AT_SEQ; 3850 error = VOP_GETATTR(dvp, &bdva, 0, cs->cr, NULL); 3851 if (error) { 3852 *cs->statusp = resp->status = puterrno4(error); 3853 kmem_free(nm, len); 3854 return; 3855 } 3856 NFS4_SET_FATTR4_CHANGE(resp->cinfo.before, bdva.va_ctime) 3857 3858 /* Actually do the REMOVE operation */ 3859 if (vp->v_type == VDIR) { 3860 /* 3861 * Can't remove a directory that has a mounted-on filesystem. 3862 */ 3863 if (vn_ismntpt(vp)) { 3864 error = EACCES; 3865 } else { 3866 /* 3867 * System V defines rmdir to return EEXIST, 3868 * not * ENOTEMPTY, if the directory is not 3869 * empty. A System V NFS server needs to map 3870 * NFS4ERR_EXIST to NFS4ERR_NOTEMPTY to 3871 * transmit over the wire. 3872 */ 3873 if ((error = VOP_RMDIR(dvp, nm, rootdir, cs->cr, 3874 NULL, 0)) == EEXIST) 3875 error = ENOTEMPTY; 3876 } 3877 } else { 3878 if ((error = VOP_REMOVE(dvp, nm, cs->cr, NULL, 0)) == 0 && 3879 fp != NULL) { 3880 struct vattr va; 3881 vnode_t *tvp; 3882 3883 rfs4_dbe_lock(fp->dbe); 3884 tvp = fp->vp; 3885 if (tvp) 3886 VN_HOLD(tvp); 3887 rfs4_dbe_unlock(fp->dbe); 3888 3889 if (tvp) { 3890 /* 3891 * This is va_seq safe because we are not 3892 * manipulating dvp. 3893 */ 3894 va.va_mask = AT_NLINK; 3895 if (!VOP_GETATTR(tvp, &va, 0, cs->cr, NULL) && 3896 va.va_nlink == 0) { 3897 /* Remove state on file remove */ 3898 if (in_crit) { 3899 nbl_end_crit(vp); 3900 in_crit = 0; 3901 } 3902 rfs4_close_all_state(fp); 3903 } 3904 VN_RELE(tvp); 3905 } 3906 } 3907 } 3908 3909 if (in_crit) 3910 nbl_end_crit(vp); 3911 VN_RELE(vp); 3912 3913 if (fp) { 3914 rfs4_clear_dont_grant(fp); 3915 rfs4_file_rele(fp); 3916 } 3917 kmem_free(nm, len); 3918 3919 if (error) { 3920 *cs->statusp = resp->status = puterrno4(error); 3921 return; 3922 } 3923 3924 /* 3925 * Get the initial "after" sequence number, if it fails, set to zero 3926 */ 3927 idva.va_mask = AT_SEQ; 3928 if (VOP_GETATTR(dvp, &idva, 0, cs->cr, NULL)) 3929 idva.va_seq = 0; 3930 3931 /* 3932 * Force modified data and metadata out to stable storage. 3933 */ 3934 (void) VOP_FSYNC(dvp, 0, cs->cr, NULL); 3935 3936 /* 3937 * Get "after" change value, if it fails, simply return the 3938 * before value. 3939 */ 3940 adva.va_mask = AT_CTIME|AT_SEQ; 3941 if (VOP_GETATTR(dvp, &adva, 0, cs->cr, NULL)) { 3942 adva.va_ctime = bdva.va_ctime; 3943 adva.va_seq = 0; 3944 } 3945 3946 NFS4_SET_FATTR4_CHANGE(resp->cinfo.after, adva.va_ctime) 3947 3948 /* 3949 * The cinfo.atomic = TRUE only if we have 3950 * non-zero va_seq's, and it has incremented by exactly one 3951 * during the VOP_REMOVE/RMDIR and it didn't change during 3952 * the VOP_FSYNC. 3953 */ 3954 if (bdva.va_seq && idva.va_seq && adva.va_seq && 3955 idva.va_seq == (bdva.va_seq + 1) && idva.va_seq == adva.va_seq) 3956 resp->cinfo.atomic = TRUE; 3957 else 3958 resp->cinfo.atomic = FALSE; 3959 3960 *cs->statusp = resp->status = NFS4_OK; 3961 } 3962 3963 /* 3964 * rename: args: SAVED_FH: from directory, CURRENT_FH: target directory, 3965 * oldname and newname. 3966 * res: status. If success - CURRENT_FH unchanged, return change_info 3967 * for both from and target directories. 3968 */ 3969 /* ARGSUSED */ 3970 static void 3971 rfs4_op_rename(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 3972 struct compound_state *cs) 3973 { 3974 RENAME4args *args = &argop->nfs_argop4_u.oprename; 3975 RENAME4res *resp = &resop->nfs_resop4_u.oprename; 3976 int error; 3977 vnode_t *odvp; 3978 vnode_t *ndvp; 3979 vnode_t *srcvp, *targvp; 3980 struct vattr obdva, oidva, oadva; 3981 struct vattr nbdva, nidva, nadva; 3982 char *onm, *nnm; 3983 uint_t olen, nlen; 3984 rfs4_file_t *fp, *sfp; 3985 int in_crit_src, in_crit_targ; 3986 int fp_rele_grant_hold, sfp_rele_grant_hold; 3987 bslabel_t *clabel; 3988 3989 fp = sfp = NULL; 3990 srcvp = targvp = NULL; 3991 in_crit_src = in_crit_targ = 0; 3992 fp_rele_grant_hold = sfp_rele_grant_hold = 0; 3993 3994 /* CURRENT_FH: target directory */ 3995 ndvp = cs->vp; 3996 if (ndvp == NULL) { 3997 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 3998 return; 3999 } 4000 4001 /* SAVED_FH: from directory */ 4002 odvp = cs->saved_vp; 4003 if (odvp == NULL) { 4004 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4005 return; 4006 } 4007 4008 if (cs->access == CS_ACCESS_DENIED) { 4009 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4010 return; 4011 } 4012 4013 /* 4014 * If there is an unshared filesystem mounted on this vnode, 4015 * do not allow to rename objects in this directory. 4016 */ 4017 if (vn_ismntpt(odvp)) { 4018 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4019 return; 4020 } 4021 4022 /* 4023 * If there is an unshared filesystem mounted on this vnode, 4024 * do not allow to rename to this directory. 4025 */ 4026 if (vn_ismntpt(ndvp)) { 4027 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4028 return; 4029 } 4030 4031 if (odvp->v_type != VDIR || ndvp->v_type != VDIR) { 4032 *cs->statusp = resp->status = NFS4ERR_NOTDIR; 4033 return; 4034 } 4035 4036 if (cs->saved_exi != cs->exi) { 4037 *cs->statusp = resp->status = NFS4ERR_XDEV; 4038 return; 4039 } 4040 4041 if (!utf8_dir_verify(&args->oldname)) { 4042 *cs->statusp = resp->status = NFS4ERR_INVAL; 4043 return; 4044 } 4045 4046 if (!utf8_dir_verify(&args->newname)) { 4047 *cs->statusp = resp->status = NFS4ERR_INVAL; 4048 return; 4049 } 4050 4051 onm = utf8_to_fn(&args->oldname, &olen, NULL); 4052 if (onm == NULL) { 4053 *cs->statusp = resp->status = NFS4ERR_INVAL; 4054 return; 4055 } 4056 4057 nnm = utf8_to_fn(&args->newname, &nlen, NULL); 4058 if (nnm == NULL) { 4059 *cs->statusp = resp->status = NFS4ERR_INVAL; 4060 kmem_free(onm, olen); 4061 return; 4062 } 4063 4064 if (olen > MAXNAMELEN || nlen > MAXNAMELEN) { 4065 *cs->statusp = resp->status = NFS4ERR_NAMETOOLONG; 4066 kmem_free(onm, olen); 4067 kmem_free(nnm, nlen); 4068 return; 4069 } 4070 4071 4072 if (rdonly4(cs->exi, cs->vp, req)) { 4073 *cs->statusp = resp->status = NFS4ERR_ROFS; 4074 kmem_free(onm, olen); 4075 kmem_free(nnm, nlen); 4076 return; 4077 } 4078 4079 /* check label of the target dir */ 4080 if (is_system_labeled()) { 4081 ASSERT(req->rq_label != NULL); 4082 clabel = req->rq_label; 4083 DTRACE_PROBE2(tx__rfs4__log__info__oprename__clabel, char *, 4084 "got client label from request(1)", 4085 struct svc_req *, req); 4086 if (!blequal(&l_admin_low->tsl_label, clabel)) { 4087 if (!do_rfs_label_check(clabel, ndvp, 4088 EQUALITY_CHECK)) { 4089 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4090 return; 4091 } 4092 } 4093 } 4094 4095 /* 4096 * Is the source a file and have a delegation? 4097 * We don't need to acquire va_seq before these lookups, if 4098 * it causes an update, cinfo.before will not match, which will 4099 * trigger a cache flush even if atomic is TRUE. 4100 */ 4101 if (sfp = rfs4_lookup_and_findfile(odvp, onm, &srcvp, &error, cs->cr)) { 4102 if (rfs4_check_delegated_byfp(FWRITE, sfp, TRUE, TRUE, TRUE, 4103 NULL)) { 4104 *cs->statusp = resp->status = NFS4ERR_DELAY; 4105 goto err_out; 4106 } 4107 } 4108 4109 if (srcvp == NULL) { 4110 *cs->statusp = resp->status = puterrno4(error); 4111 kmem_free(onm, olen); 4112 kmem_free(nnm, nlen); 4113 return; 4114 } 4115 4116 sfp_rele_grant_hold = 1; 4117 4118 /* Does the destination exist and a file and have a delegation? */ 4119 if (fp = rfs4_lookup_and_findfile(ndvp, nnm, &targvp, NULL, cs->cr)) { 4120 if (rfs4_check_delegated_byfp(FWRITE, fp, TRUE, TRUE, TRUE, 4121 NULL)) { 4122 *cs->statusp = resp->status = NFS4ERR_DELAY; 4123 goto err_out; 4124 } 4125 } 4126 fp_rele_grant_hold = 1; 4127 4128 4129 /* Check for NBMAND lock on both source and target */ 4130 if (nbl_need_check(srcvp)) { 4131 nbl_start_crit(srcvp, RW_READER); 4132 in_crit_src = 1; 4133 if (nbl_conflict(srcvp, NBL_RENAME, 0, 0, 0, NULL)) { 4134 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 4135 goto err_out; 4136 } 4137 } 4138 4139 if (targvp && nbl_need_check(targvp)) { 4140 nbl_start_crit(targvp, RW_READER); 4141 in_crit_targ = 1; 4142 if (nbl_conflict(targvp, NBL_REMOVE, 0, 0, 0, NULL)) { 4143 *cs->statusp = resp->status = NFS4ERR_FILE_OPEN; 4144 goto err_out; 4145 } 4146 } 4147 4148 /* Get source "before" change value */ 4149 obdva.va_mask = AT_CTIME|AT_SEQ; 4150 error = VOP_GETATTR(odvp, &obdva, 0, cs->cr, NULL); 4151 if (!error) { 4152 nbdva.va_mask = AT_CTIME|AT_SEQ; 4153 error = VOP_GETATTR(ndvp, &nbdva, 0, cs->cr, NULL); 4154 } 4155 if (error) { 4156 *cs->statusp = resp->status = puterrno4(error); 4157 goto err_out; 4158 } 4159 4160 NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.before, obdva.va_ctime) 4161 NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.before, nbdva.va_ctime) 4162 4163 if ((error = VOP_RENAME(odvp, onm, ndvp, nnm, cs->cr, NULL, 0)) == 0 && 4164 fp != NULL) { 4165 struct vattr va; 4166 vnode_t *tvp; 4167 4168 rfs4_dbe_lock(fp->dbe); 4169 tvp = fp->vp; 4170 if (tvp) 4171 VN_HOLD(tvp); 4172 rfs4_dbe_unlock(fp->dbe); 4173 4174 if (tvp) { 4175 va.va_mask = AT_NLINK; 4176 if (!VOP_GETATTR(tvp, &va, 0, cs->cr, NULL) && 4177 va.va_nlink == 0) { 4178 /* The file is gone and so should the state */ 4179 if (in_crit_targ) { 4180 nbl_end_crit(targvp); 4181 in_crit_targ = 0; 4182 } 4183 rfs4_close_all_state(fp); 4184 } 4185 VN_RELE(tvp); 4186 } 4187 } 4188 if (error == 0) { 4189 char *tmp; 4190 4191 /* fix the path name for the renamed file */ 4192 mutex_enter(&srcvp->v_lock); 4193 tmp = srcvp->v_path; 4194 srcvp->v_path = NULL; 4195 mutex_exit(&srcvp->v_lock); 4196 vn_setpath(rootdir, ndvp, srcvp, nnm, nlen - 1); 4197 if (tmp != NULL) 4198 kmem_free(tmp, strlen(tmp) + 1); 4199 } 4200 4201 if (in_crit_src) 4202 nbl_end_crit(srcvp); 4203 if (srcvp) 4204 VN_RELE(srcvp); 4205 if (in_crit_targ) 4206 nbl_end_crit(targvp); 4207 if (targvp) 4208 VN_RELE(targvp); 4209 4210 if (sfp) { 4211 rfs4_clear_dont_grant(sfp); 4212 rfs4_file_rele(sfp); 4213 } 4214 if (fp) { 4215 rfs4_clear_dont_grant(fp); 4216 rfs4_file_rele(fp); 4217 } 4218 4219 kmem_free(onm, olen); 4220 kmem_free(nnm, nlen); 4221 4222 /* 4223 * Get the initial "after" sequence number, if it fails, set to zero 4224 */ 4225 oidva.va_mask = AT_SEQ; 4226 if (VOP_GETATTR(odvp, &oidva, 0, cs->cr, NULL)) 4227 oidva.va_seq = 0; 4228 4229 nidva.va_mask = AT_SEQ; 4230 if (VOP_GETATTR(ndvp, &nidva, 0, cs->cr, NULL)) 4231 nidva.va_seq = 0; 4232 4233 /* 4234 * Force modified data and metadata out to stable storage. 4235 */ 4236 (void) VOP_FSYNC(odvp, 0, cs->cr, NULL); 4237 (void) VOP_FSYNC(ndvp, 0, cs->cr, NULL); 4238 4239 if (error) { 4240 *cs->statusp = resp->status = puterrno4(error); 4241 return; 4242 } 4243 4244 /* 4245 * Get "after" change values, if it fails, simply return the 4246 * before value. 4247 */ 4248 oadva.va_mask = AT_CTIME|AT_SEQ; 4249 if (VOP_GETATTR(odvp, &oadva, 0, cs->cr, NULL)) { 4250 oadva.va_ctime = obdva.va_ctime; 4251 oadva.va_seq = 0; 4252 } 4253 4254 nadva.va_mask = AT_CTIME|AT_SEQ; 4255 if (VOP_GETATTR(odvp, &nadva, 0, cs->cr, NULL)) { 4256 nadva.va_ctime = nbdva.va_ctime; 4257 nadva.va_seq = 0; 4258 } 4259 4260 NFS4_SET_FATTR4_CHANGE(resp->source_cinfo.after, oadva.va_ctime) 4261 NFS4_SET_FATTR4_CHANGE(resp->target_cinfo.after, nadva.va_ctime) 4262 4263 /* 4264 * The cinfo.atomic = TRUE only if we have 4265 * non-zero va_seq's, and it has incremented by exactly one 4266 * during the VOP_RENAME and it didn't change during the VOP_FSYNC. 4267 */ 4268 if (obdva.va_seq && oidva.va_seq && oadva.va_seq && 4269 oidva.va_seq == (obdva.va_seq + 1) && oidva.va_seq == oadva.va_seq) 4270 resp->source_cinfo.atomic = TRUE; 4271 else 4272 resp->source_cinfo.atomic = FALSE; 4273 4274 if (nbdva.va_seq && nidva.va_seq && nadva.va_seq && 4275 nidva.va_seq == (nbdva.va_seq + 1) && nidva.va_seq == nadva.va_seq) 4276 resp->target_cinfo.atomic = TRUE; 4277 else 4278 resp->target_cinfo.atomic = FALSE; 4279 4280 #ifdef VOLATILE_FH_TEST 4281 { 4282 extern void add_volrnm_fh(struct exportinfo *, vnode_t *); 4283 4284 /* 4285 * Add the renamed file handle to the volatile rename list 4286 */ 4287 if (cs->exi->exi_export.ex_flags & EX_VOLRNM) { 4288 /* file handles may expire on rename */ 4289 vnode_t *vp; 4290 4291 nnm = utf8_to_fn(&args->newname, &nlen, NULL); 4292 /* 4293 * Already know that nnm will be a valid string 4294 */ 4295 error = VOP_LOOKUP(ndvp, nnm, &vp, NULL, 0, NULL, cs->cr, 4296 NULL, NULL, NULL); 4297 kmem_free(nnm, nlen); 4298 if (!error) { 4299 add_volrnm_fh(cs->exi, vp); 4300 VN_RELE(vp); 4301 } 4302 } 4303 } 4304 #endif /* VOLATILE_FH_TEST */ 4305 4306 *cs->statusp = resp->status = NFS4_OK; 4307 return; 4308 4309 err_out: 4310 kmem_free(onm, olen); 4311 kmem_free(nnm, nlen); 4312 4313 if (in_crit_src) nbl_end_crit(srcvp); 4314 if (in_crit_targ) nbl_end_crit(targvp); 4315 if (targvp) VN_RELE(targvp); 4316 if (srcvp) VN_RELE(srcvp); 4317 if (sfp) { 4318 if (sfp_rele_grant_hold) rfs4_clear_dont_grant(sfp); 4319 rfs4_file_rele(sfp); 4320 } 4321 if (fp) { 4322 if (fp_rele_grant_hold) rfs4_clear_dont_grant(fp); 4323 rfs4_file_rele(fp); 4324 } 4325 } 4326 4327 /* ARGSUSED */ 4328 static void 4329 rfs4_op_renew(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4330 struct compound_state *cs) 4331 { 4332 RENEW4args *args = &argop->nfs_argop4_u.oprenew; 4333 RENEW4res *resp = &resop->nfs_resop4_u.oprenew; 4334 rfs4_client_t *cp; 4335 4336 if ((cp = rfs4_findclient_by_id(args->clientid, FALSE)) == NULL) { 4337 *cs->statusp = resp->status = 4338 rfs4_check_clientid(&args->clientid, 0); 4339 return; 4340 } 4341 4342 if (rfs4_lease_expired(cp)) { 4343 rfs4_client_rele(cp); 4344 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 4345 return; 4346 } 4347 4348 rfs4_update_lease(cp); 4349 4350 mutex_enter(cp->cbinfo.cb_lock); 4351 if (cp->cbinfo.cb_notified_of_cb_path_down == FALSE) { 4352 cp->cbinfo.cb_notified_of_cb_path_down = TRUE; 4353 *cs->statusp = resp->status = NFS4ERR_CB_PATH_DOWN; 4354 } else { 4355 *cs->statusp = resp->status = NFS4_OK; 4356 } 4357 mutex_exit(cp->cbinfo.cb_lock); 4358 4359 rfs4_client_rele(cp); 4360 4361 } 4362 4363 /* ARGSUSED */ 4364 static void 4365 rfs4_op_restorefh(nfs_argop4 *args, nfs_resop4 *resop, struct svc_req *req, 4366 struct compound_state *cs) 4367 { 4368 RESTOREFH4res *resp = &resop->nfs_resop4_u.oprestorefh; 4369 4370 /* No need to check cs->access - we are not accessing any object */ 4371 if ((cs->saved_vp == NULL) || (cs->saved_fh.nfs_fh4_val == NULL)) { 4372 *cs->statusp = resp->status = NFS4ERR_RESTOREFH; 4373 return; 4374 } 4375 if (cs->vp != NULL) { 4376 VN_RELE(cs->vp); 4377 } 4378 cs->vp = cs->saved_vp; 4379 cs->saved_vp = NULL; 4380 cs->exi = cs->saved_exi; 4381 nfs_fh4_copy(&cs->saved_fh, &cs->fh); 4382 *cs->statusp = resp->status = NFS4_OK; 4383 cs->deleg = FALSE; 4384 } 4385 4386 /* ARGSUSED */ 4387 static void 4388 rfs4_op_savefh(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4389 struct compound_state *cs) 4390 { 4391 SAVEFH4res *resp = &resop->nfs_resop4_u.opsavefh; 4392 4393 /* No need to check cs->access - we are not accessing any object */ 4394 if (cs->vp == NULL) { 4395 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4396 return; 4397 } 4398 if (cs->saved_vp != NULL) { 4399 VN_RELE(cs->saved_vp); 4400 } 4401 cs->saved_vp = cs->vp; 4402 VN_HOLD(cs->saved_vp); 4403 cs->saved_exi = cs->exi; 4404 /* 4405 * since SAVEFH is fairly rare, don't alloc space for its fh 4406 * unless necessary. 4407 */ 4408 if (cs->saved_fh.nfs_fh4_val == NULL) { 4409 cs->saved_fh.nfs_fh4_val = kmem_alloc(NFS4_FHSIZE, KM_SLEEP); 4410 } 4411 nfs_fh4_copy(&cs->fh, &cs->saved_fh); 4412 *cs->statusp = resp->status = NFS4_OK; 4413 } 4414 4415 /* 4416 * rfs4_verify_attr is called when nfsv4 Setattr failed, but we wish to 4417 * return the bitmap of attrs that were set successfully. It is also 4418 * called by Verify/Nverify to test the vattr/vfsstat attrs. It should 4419 * always be called only after rfs4_do_set_attrs(). 4420 * 4421 * Verify that the attributes are same as the expected ones. sargp->vap 4422 * and sargp->sbp contain the input attributes as translated from fattr4. 4423 * 4424 * This function verifies only the attrs that correspond to a vattr or 4425 * vfsstat struct. That is because of the extra step needed to get the 4426 * corresponding system structs. Other attributes have already been set or 4427 * verified by do_rfs4_set_attrs. 4428 * 4429 * Return 0 if all attrs match, -1 if some don't, error if error processing. 4430 */ 4431 static int 4432 rfs4_verify_attr(struct nfs4_svgetit_arg *sargp, 4433 bitmap4 *resp, struct nfs4_ntov_table *ntovp) 4434 { 4435 int error, ret_error = 0; 4436 int i, k; 4437 uint_t sva_mask = sargp->vap->va_mask; 4438 uint_t vbit; 4439 union nfs4_attr_u *na; 4440 uint8_t *amap; 4441 bool_t getsb = ntovp->vfsstat; 4442 4443 if (sva_mask != 0) { 4444 /* 4445 * Okay to overwrite sargp->vap because we verify based 4446 * on the incoming values. 4447 */ 4448 ret_error = VOP_GETATTR(sargp->cs->vp, sargp->vap, 0, 4449 sargp->cs->cr, NULL); 4450 if (ret_error) { 4451 if (resp == NULL) 4452 return (ret_error); 4453 /* 4454 * Must return bitmap of successful attrs 4455 */ 4456 sva_mask = 0; /* to prevent checking vap later */ 4457 } else { 4458 /* 4459 * Some file systems clobber va_mask. it is probably 4460 * wrong of them to do so, nonethless we practice 4461 * defensive coding. 4462 * See bug id 4276830. 4463 */ 4464 sargp->vap->va_mask = sva_mask; 4465 } 4466 } 4467 4468 if (getsb) { 4469 /* 4470 * Now get the superblock and loop on the bitmap, as there is 4471 * no simple way of translating from superblock to bitmap4. 4472 */ 4473 ret_error = VFS_STATVFS(sargp->cs->vp->v_vfsp, sargp->sbp); 4474 if (ret_error) { 4475 if (resp == NULL) 4476 goto errout; 4477 getsb = FALSE; 4478 } 4479 } 4480 4481 /* 4482 * Now loop and verify each attribute which getattr returned 4483 * whether it's the same as the input. 4484 */ 4485 if (resp == NULL && !getsb && (sva_mask == 0)) 4486 goto errout; 4487 4488 na = ntovp->na; 4489 amap = ntovp->amap; 4490 k = 0; 4491 for (i = 0; i < ntovp->attrcnt; i++, na++, amap++) { 4492 k = *amap; 4493 ASSERT(nfs4_ntov_map[k].nval == k); 4494 vbit = nfs4_ntov_map[k].vbit; 4495 4496 /* 4497 * If vattr attribute but VOP_GETATTR failed, or it's 4498 * superblock attribute but VFS_STATVFS failed, skip 4499 */ 4500 if (vbit) { 4501 if ((vbit & sva_mask) == 0) 4502 continue; 4503 } else if (!(getsb && nfs4_ntov_map[k].vfsstat)) { 4504 continue; 4505 } 4506 error = (*nfs4_ntov_map[k].sv_getit)(NFS4ATTR_VERIT, sargp, na); 4507 if (resp != NULL) { 4508 if (error) 4509 ret_error = -1; /* not all match */ 4510 else /* update response bitmap */ 4511 *resp |= nfs4_ntov_map[k].fbit; 4512 continue; 4513 } 4514 if (error) { 4515 ret_error = -1; /* not all match */ 4516 break; 4517 } 4518 } 4519 errout: 4520 return (ret_error); 4521 } 4522 4523 /* 4524 * Decode the attribute to be set/verified. If the attr requires a sys op 4525 * (VOP_GETATTR, VFS_VFSSTAT), and the request is to verify, then don't 4526 * call the sv_getit function for it, because the sys op hasn't yet been done. 4527 * Return 0 for success, error code if failed. 4528 * 4529 * Note: the decoded arg is not freed here but in nfs4_ntov_table_free. 4530 */ 4531 static int 4532 decode_fattr4_attr(nfs4_attr_cmd_t cmd, struct nfs4_svgetit_arg *sargp, 4533 int k, XDR *xdrp, bitmap4 *resp_bval, union nfs4_attr_u *nap) 4534 { 4535 int error = 0; 4536 bool_t set_later; 4537 4538 sargp->vap->va_mask |= nfs4_ntov_map[k].vbit; 4539 4540 if ((*nfs4_ntov_map[k].xfunc)(xdrp, nap)) { 4541 set_later = nfs4_ntov_map[k].vbit || nfs4_ntov_map[k].vfsstat; 4542 /* 4543 * don't verify yet if a vattr or sb dependent attr, 4544 * because we don't have their sys values yet. 4545 * Will be done later. 4546 */ 4547 if (! (set_later && (cmd == NFS4ATTR_VERIT))) { 4548 /* 4549 * ACLs are a special case, since setting the MODE 4550 * conflicts with setting the ACL. We delay setting 4551 * the ACL until all other attributes have been set. 4552 * The ACL gets set in do_rfs4_op_setattr(). 4553 */ 4554 if (nfs4_ntov_map[k].fbit != FATTR4_ACL_MASK) { 4555 error = (*nfs4_ntov_map[k].sv_getit)(cmd, 4556 sargp, nap); 4557 if (error) { 4558 xdr_free(nfs4_ntov_map[k].xfunc, 4559 (caddr_t)nap); 4560 } 4561 } 4562 } 4563 } else { 4564 #ifdef DEBUG 4565 cmn_err(CE_NOTE, "decode_fattr4_attr: error " 4566 "decoding attribute %d\n", k); 4567 #endif 4568 error = EINVAL; 4569 } 4570 if (!error && resp_bval && !set_later) { 4571 *resp_bval |= nfs4_ntov_map[k].fbit; 4572 } 4573 4574 return (error); 4575 } 4576 4577 /* 4578 * Set vattr based on incoming fattr4 attrs - used by setattr. 4579 * Set response mask. Ignore any values that are not writable vattr attrs. 4580 */ 4581 static nfsstat4 4582 do_rfs4_set_attrs(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs, 4583 struct nfs4_svgetit_arg *sargp, struct nfs4_ntov_table *ntovp, 4584 nfs4_attr_cmd_t cmd) 4585 { 4586 int error = 0; 4587 int i; 4588 char *attrs = fattrp->attrlist4; 4589 uint32_t attrslen = fattrp->attrlist4_len; 4590 XDR xdr; 4591 nfsstat4 status = NFS4_OK; 4592 vnode_t *vp = cs->vp; 4593 union nfs4_attr_u *na; 4594 uint8_t *amap; 4595 4596 #ifndef lint 4597 /* 4598 * Make sure that maximum attribute number can be expressed as an 4599 * 8 bit quantity. 4600 */ 4601 ASSERT(NFS4_MAXNUM_ATTRS <= (UINT8_MAX + 1)); 4602 #endif 4603 4604 if (vp == NULL) { 4605 if (resp) 4606 *resp = 0; 4607 return (NFS4ERR_NOFILEHANDLE); 4608 } 4609 if (cs->access == CS_ACCESS_DENIED) { 4610 if (resp) 4611 *resp = 0; 4612 return (NFS4ERR_ACCESS); 4613 } 4614 4615 sargp->op = cmd; 4616 sargp->cs = cs; 4617 sargp->flag = 0; /* may be set later */ 4618 sargp->vap->va_mask = 0; 4619 sargp->rdattr_error = NFS4_OK; 4620 sargp->rdattr_error_req = FALSE; 4621 /* sargp->sbp is set by the caller */ 4622 4623 xdrmem_create(&xdr, attrs, attrslen, XDR_DECODE); 4624 4625 na = ntovp->na; 4626 amap = ntovp->amap; 4627 4628 /* 4629 * The following loop iterates on the nfs4_ntov_map checking 4630 * if the fbit is set in the requested bitmap. 4631 * If set then we process the arguments using the 4632 * rfs4_fattr4 conversion functions to populate the setattr 4633 * vattr and va_mask. Any settable attrs that are not using vattr 4634 * will be set in this loop. 4635 */ 4636 for (i = 0; i < nfs4_ntov_map_size; i++) { 4637 if (!(fattrp->attrmask & nfs4_ntov_map[i].fbit)) { 4638 continue; 4639 } 4640 /* 4641 * If setattr, must be a writable attr. 4642 * If verify/nverify, must be a readable attr. 4643 */ 4644 if ((error = (*nfs4_ntov_map[i].sv_getit)( 4645 NFS4ATTR_SUPPORTED, sargp, NULL)) != 0) { 4646 /* 4647 * Client tries to set/verify an 4648 * unsupported attribute, tries to set 4649 * a read only attr or verify a write 4650 * only one - error! 4651 */ 4652 break; 4653 } 4654 /* 4655 * Decode the attribute to set/verify 4656 */ 4657 error = decode_fattr4_attr(cmd, sargp, nfs4_ntov_map[i].nval, 4658 &xdr, resp ? resp : NULL, na); 4659 if (error) 4660 break; 4661 *amap++ = (uint8_t)nfs4_ntov_map[i].nval; 4662 na++; 4663 (ntovp->attrcnt)++; 4664 if (nfs4_ntov_map[i].vfsstat) 4665 ntovp->vfsstat = TRUE; 4666 } 4667 4668 if (error != 0) 4669 status = (error == ENOTSUP ? NFS4ERR_ATTRNOTSUPP : 4670 puterrno4(error)); 4671 /* xdrmem_destroy(&xdrs); */ /* NO-OP */ 4672 return (status); 4673 } 4674 4675 static nfsstat4 4676 do_rfs4_op_setattr(bitmap4 *resp, fattr4 *fattrp, struct compound_state *cs, 4677 stateid4 *stateid) 4678 { 4679 int error = 0; 4680 struct nfs4_svgetit_arg sarg; 4681 bool_t trunc; 4682 4683 nfsstat4 status = NFS4_OK; 4684 cred_t *cr = cs->cr; 4685 vnode_t *vp = cs->vp; 4686 struct nfs4_ntov_table ntov; 4687 struct statvfs64 sb; 4688 struct vattr bva; 4689 struct flock64 bf; 4690 int in_crit = 0; 4691 uint_t saved_mask = 0; 4692 caller_context_t ct; 4693 4694 *resp = 0; 4695 sarg.sbp = &sb; 4696 nfs4_ntov_table_init(&ntov); 4697 status = do_rfs4_set_attrs(resp, fattrp, cs, &sarg, &ntov, 4698 NFS4ATTR_SETIT); 4699 if (status != NFS4_OK) { 4700 /* 4701 * failed set attrs 4702 */ 4703 goto done; 4704 } 4705 if ((sarg.vap->va_mask == 0) && 4706 (! (fattrp->attrmask & FATTR4_ACL_MASK))) { 4707 /* 4708 * no further work to be done 4709 */ 4710 goto done; 4711 } 4712 4713 /* 4714 * If we got a request to set the ACL and the MODE, only 4715 * allow changing VSUID, VSGID, and VSVTX. Attempting 4716 * to change any other bits, along with setting an ACL, 4717 * gives NFS4ERR_INVAL. 4718 */ 4719 if ((fattrp->attrmask & FATTR4_ACL_MASK) && 4720 (fattrp->attrmask & FATTR4_MODE_MASK)) { 4721 vattr_t va; 4722 4723 va.va_mask = AT_MODE; 4724 error = VOP_GETATTR(vp, &va, 0, cs->cr, NULL); 4725 if (error) { 4726 status = puterrno4(error); 4727 goto done; 4728 } 4729 if ((sarg.vap->va_mode ^ va.va_mode) & 4730 ~(VSUID | VSGID | VSVTX)) { 4731 status = NFS4ERR_INVAL; 4732 goto done; 4733 } 4734 } 4735 4736 /* Check stateid only if size has been set */ 4737 if (sarg.vap->va_mask & AT_SIZE) { 4738 trunc = (sarg.vap->va_size == 0); 4739 status = rfs4_check_stateid(FWRITE, cs->vp, stateid, 4740 trunc, &cs->deleg, sarg.vap->va_mask & AT_SIZE, &ct); 4741 if (status != NFS4_OK) 4742 goto done; 4743 } else { 4744 ct.cc_sysid = 0; 4745 ct.cc_pid = 0; 4746 ct.cc_caller_id = nfs4_srv_caller_id; 4747 } 4748 4749 /* XXX start of possible race with delegations */ 4750 4751 /* 4752 * We need to specially handle size changes because it is 4753 * possible for the client to create a file with read-only 4754 * modes, but with the file opened for writing. If the client 4755 * then tries to set the file size, e.g. ftruncate(3C), 4756 * fcntl(F_FREESP), the normal access checking done in 4757 * VOP_SETATTR would prevent the client from doing it even though 4758 * it should be allowed to do so. To get around this, we do the 4759 * access checking for ourselves and use VOP_SPACE which doesn't 4760 * do the access checking. 4761 * Also the client should not be allowed to change the file 4762 * size if there is a conflicting non-blocking mandatory lock in 4763 * the region of the change. 4764 */ 4765 if (vp->v_type == VREG && (sarg.vap->va_mask & AT_SIZE)) { 4766 u_offset_t offset; 4767 ssize_t length; 4768 4769 /* 4770 * ufs_setattr clears AT_SIZE from vap->va_mask, but 4771 * before returning, sarg.vap->va_mask is used to 4772 * generate the setattr reply bitmap. We also clear 4773 * AT_SIZE below before calling VOP_SPACE. For both 4774 * of these cases, the va_mask needs to be saved here 4775 * and restored after calling VOP_SETATTR. 4776 */ 4777 saved_mask = sarg.vap->va_mask; 4778 4779 /* 4780 * Check any possible conflict due to NBMAND locks. 4781 * Get into critical region before VOP_GETATTR, so the 4782 * size attribute is valid when checking conflicts. 4783 */ 4784 if (nbl_need_check(vp)) { 4785 nbl_start_crit(vp, RW_READER); 4786 in_crit = 1; 4787 } 4788 4789 bva.va_mask = AT_UID|AT_SIZE; 4790 if (error = VOP_GETATTR(vp, &bva, 0, cr, &ct)) { 4791 status = puterrno4(error); 4792 goto done; 4793 } 4794 4795 if (in_crit) { 4796 if (sarg.vap->va_size < bva.va_size) { 4797 offset = sarg.vap->va_size; 4798 length = bva.va_size - sarg.vap->va_size; 4799 } else { 4800 offset = bva.va_size; 4801 length = sarg.vap->va_size - bva.va_size; 4802 } 4803 if (nbl_conflict(vp, NBL_WRITE, offset, length, 0, 4804 &ct)) { 4805 status = NFS4ERR_LOCKED; 4806 goto done; 4807 } 4808 } 4809 4810 if (crgetuid(cr) == bva.va_uid) { 4811 sarg.vap->va_mask &= ~AT_SIZE; 4812 bf.l_type = F_WRLCK; 4813 bf.l_whence = 0; 4814 bf.l_start = (off64_t)sarg.vap->va_size; 4815 bf.l_len = 0; 4816 bf.l_sysid = 0; 4817 bf.l_pid = 0; 4818 error = VOP_SPACE(vp, F_FREESP, &bf, FWRITE, 4819 (offset_t)sarg.vap->va_size, cr, &ct); 4820 } 4821 } 4822 4823 if (!error && sarg.vap->va_mask != 0) 4824 error = VOP_SETATTR(vp, sarg.vap, sarg.flag, cr, &ct); 4825 4826 /* restore va_mask -- ufs_setattr clears AT_SIZE */ 4827 if (saved_mask & AT_SIZE) 4828 sarg.vap->va_mask |= AT_SIZE; 4829 4830 /* 4831 * If an ACL was being set, it has been delayed until now, 4832 * in order to set the mode (via the VOP_SETATTR() above) first. 4833 */ 4834 if ((! error) && (fattrp->attrmask & FATTR4_ACL_MASK)) { 4835 int i; 4836 4837 for (i = 0; i < NFS4_MAXNUM_ATTRS; i++) 4838 if (ntov.amap[i] == FATTR4_ACL) 4839 break; 4840 if (i < NFS4_MAXNUM_ATTRS) { 4841 error = (*nfs4_ntov_map[FATTR4_ACL].sv_getit)( 4842 NFS4ATTR_SETIT, &sarg, &ntov.na[i]); 4843 if (error == 0) { 4844 *resp |= FATTR4_ACL_MASK; 4845 } else if (error == ENOTSUP) { 4846 (void) rfs4_verify_attr(&sarg, resp, &ntov); 4847 status = NFS4ERR_ATTRNOTSUPP; 4848 goto done; 4849 } 4850 } else { 4851 NFS4_DEBUG(rfs4_debug, 4852 (CE_NOTE, "do_rfs4_op_setattr: " 4853 "unable to find ACL in fattr4")); 4854 error = EINVAL; 4855 } 4856 } 4857 4858 if (error) { 4859 status = puterrno4(error); 4860 4861 /* 4862 * Set the response bitmap when setattr failed. 4863 * If VOP_SETATTR partially succeeded, test by doing a 4864 * VOP_GETATTR on the object and comparing the data 4865 * to the setattr arguments. 4866 */ 4867 (void) rfs4_verify_attr(&sarg, resp, &ntov); 4868 } else { 4869 /* 4870 * Force modified metadata out to stable storage. 4871 */ 4872 (void) VOP_FSYNC(vp, FNODSYNC, cr, &ct); 4873 /* 4874 * Set response bitmap 4875 */ 4876 nfs4_vmask_to_nmask_set(sarg.vap->va_mask, resp); 4877 } 4878 4879 /* Return early and already have a NFSv4 error */ 4880 done: 4881 /* 4882 * Except for nfs4_vmask_to_nmask_set(), vattr --> fattr 4883 * conversion sets both readable and writeable NFS4 attrs 4884 * for AT_MTIME and AT_ATIME. The line below masks out 4885 * unrequested attrs from the setattr result bitmap. This 4886 * is placed after the done: label to catch the ATTRNOTSUP 4887 * case. 4888 */ 4889 *resp &= fattrp->attrmask; 4890 4891 if (in_crit) 4892 nbl_end_crit(vp); 4893 4894 nfs4_ntov_table_free(&ntov, &sarg); 4895 4896 return (status); 4897 } 4898 4899 /* ARGSUSED */ 4900 static void 4901 rfs4_op_setattr(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4902 struct compound_state *cs) 4903 { 4904 SETATTR4args *args = &argop->nfs_argop4_u.opsetattr; 4905 SETATTR4res *resp = &resop->nfs_resop4_u.opsetattr; 4906 bslabel_t *clabel; 4907 4908 if (cs->vp == NULL) { 4909 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4910 return; 4911 } 4912 4913 /* 4914 * If there is an unshared filesystem mounted on this vnode, 4915 * do not allow to setattr on this vnode. 4916 */ 4917 if (vn_ismntpt(cs->vp)) { 4918 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4919 return; 4920 } 4921 4922 resp->attrsset = 0; 4923 4924 if (rdonly4(cs->exi, cs->vp, req)) { 4925 *cs->statusp = resp->status = NFS4ERR_ROFS; 4926 return; 4927 } 4928 4929 /* check label before setting attributes */ 4930 if (is_system_labeled()) { 4931 ASSERT(req->rq_label != NULL); 4932 clabel = req->rq_label; 4933 DTRACE_PROBE2(tx__rfs4__log__info__opsetattr__clabel, char *, 4934 "got client label from request(1)", 4935 struct svc_req *, req); 4936 if (!blequal(&l_admin_low->tsl_label, clabel)) { 4937 if (!do_rfs_label_check(clabel, cs->vp, 4938 EQUALITY_CHECK)) { 4939 *cs->statusp = resp->status = NFS4ERR_ACCESS; 4940 return; 4941 } 4942 } 4943 } 4944 4945 *cs->statusp = resp->status = 4946 do_rfs4_op_setattr(&resp->attrsset, &args->obj_attributes, cs, 4947 &args->stateid); 4948 } 4949 4950 /* ARGSUSED */ 4951 static void 4952 rfs4_op_verify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 4953 struct compound_state *cs) 4954 { 4955 /* 4956 * verify and nverify are exactly the same, except that nverify 4957 * succeeds when some argument changed, and verify succeeds when 4958 * when none changed. 4959 */ 4960 4961 VERIFY4args *args = &argop->nfs_argop4_u.opverify; 4962 VERIFY4res *resp = &resop->nfs_resop4_u.opverify; 4963 4964 int error; 4965 struct nfs4_svgetit_arg sarg; 4966 struct statvfs64 sb; 4967 struct nfs4_ntov_table ntov; 4968 4969 if (cs->vp == NULL) { 4970 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 4971 return; 4972 } 4973 4974 sarg.sbp = &sb; 4975 nfs4_ntov_table_init(&ntov); 4976 resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs, 4977 &sarg, &ntov, NFS4ATTR_VERIT); 4978 if (resp->status != NFS4_OK) { 4979 /* 4980 * do_rfs4_set_attrs will try to verify systemwide attrs, 4981 * so could return -1 for "no match". 4982 */ 4983 if (resp->status == -1) 4984 resp->status = NFS4ERR_NOT_SAME; 4985 goto done; 4986 } 4987 error = rfs4_verify_attr(&sarg, NULL, &ntov); 4988 switch (error) { 4989 case 0: 4990 resp->status = NFS4_OK; 4991 break; 4992 case -1: 4993 resp->status = NFS4ERR_NOT_SAME; 4994 break; 4995 default: 4996 resp->status = puterrno4(error); 4997 break; 4998 } 4999 done: 5000 *cs->statusp = resp->status; 5001 nfs4_ntov_table_free(&ntov, &sarg); 5002 } 5003 5004 /* ARGSUSED */ 5005 static void 5006 rfs4_op_nverify(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 5007 struct compound_state *cs) 5008 { 5009 /* 5010 * verify and nverify are exactly the same, except that nverify 5011 * succeeds when some argument changed, and verify succeeds when 5012 * when none changed. 5013 */ 5014 5015 NVERIFY4args *args = &argop->nfs_argop4_u.opnverify; 5016 NVERIFY4res *resp = &resop->nfs_resop4_u.opnverify; 5017 5018 int error; 5019 struct nfs4_svgetit_arg sarg; 5020 struct statvfs64 sb; 5021 struct nfs4_ntov_table ntov; 5022 5023 if (cs->vp == NULL) { 5024 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 5025 return; 5026 } 5027 sarg.sbp = &sb; 5028 nfs4_ntov_table_init(&ntov); 5029 resp->status = do_rfs4_set_attrs(NULL, &args->obj_attributes, cs, 5030 &sarg, &ntov, NFS4ATTR_VERIT); 5031 if (resp->status != NFS4_OK) { 5032 /* 5033 * do_rfs4_set_attrs will try to verify systemwide attrs, 5034 * so could return -1 for "no match". 5035 */ 5036 if (resp->status == -1) 5037 resp->status = NFS4_OK; 5038 goto done; 5039 } 5040 error = rfs4_verify_attr(&sarg, NULL, &ntov); 5041 switch (error) { 5042 case 0: 5043 resp->status = NFS4ERR_SAME; 5044 break; 5045 case -1: 5046 resp->status = NFS4_OK; 5047 break; 5048 default: 5049 resp->status = puterrno4(error); 5050 break; 5051 } 5052 done: 5053 *cs->statusp = resp->status; 5054 nfs4_ntov_table_free(&ntov, &sarg); 5055 } 5056 5057 /* 5058 * XXX - This should live in an NFS header file. 5059 */ 5060 #define MAX_IOVECS 12 5061 5062 /* ARGSUSED */ 5063 static void 5064 rfs4_op_write(nfs_argop4 *argop, nfs_resop4 *resop, struct svc_req *req, 5065 struct compound_state *cs) 5066 { 5067 WRITE4args *args = &argop->nfs_argop4_u.opwrite; 5068 WRITE4res *resp = &resop->nfs_resop4_u.opwrite; 5069 int error; 5070 vnode_t *vp; 5071 struct vattr bva; 5072 u_offset_t rlimit; 5073 struct uio uio; 5074 struct iovec iov[MAX_IOVECS]; 5075 struct iovec *iovp; 5076 int iovcnt; 5077 int ioflag; 5078 cred_t *savecred, *cr; 5079 bool_t *deleg = &cs->deleg; 5080 nfsstat4 stat; 5081 int in_crit = 0; 5082 caller_context_t ct; 5083 5084 vp = cs->vp; 5085 if (vp == NULL) { 5086 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 5087 return; 5088 } 5089 if (cs->access == CS_ACCESS_DENIED) { 5090 *cs->statusp = resp->status = NFS4ERR_ACCESS; 5091 return; 5092 } 5093 5094 cr = cs->cr; 5095 5096 if ((stat = rfs4_check_stateid(FWRITE, vp, &args->stateid, FALSE, 5097 deleg, TRUE, &ct)) != NFS4_OK) { 5098 *cs->statusp = resp->status = stat; 5099 goto out; 5100 } 5101 5102 /* 5103 * We have to enter the critical region before calling VOP_RWLOCK 5104 * to avoid a deadlock with ufs. 5105 */ 5106 if (nbl_need_check(vp)) { 5107 nbl_start_crit(vp, RW_READER); 5108 in_crit = 1; 5109 if (nbl_conflict(vp, NBL_WRITE, 5110 args->offset, args->data_len, 0, &ct)) { 5111 *cs->statusp = resp->status = NFS4ERR_LOCKED; 5112 goto out; 5113 } 5114 } 5115 5116 bva.va_mask = AT_MODE | AT_UID; 5117 error = VOP_GETATTR(vp, &bva, 0, cr, &ct); 5118 5119 /* 5120 * If we can't get the attributes, then we can't do the 5121 * right access checking. So, we'll fail the request. 5122 */ 5123 if (error) { 5124 *cs->statusp = resp->status = puterrno4(error); 5125 goto out; 5126 } 5127 5128 if (rdonly4(cs->exi, cs->vp, req)) { 5129 *cs->statusp = resp->status = NFS4ERR_ROFS; 5130 goto out; 5131 } 5132 5133 if (vp->v_type != VREG) { 5134 *cs->statusp = resp->status = 5135 ((vp->v_type == VDIR) ? NFS4ERR_ISDIR : NFS4ERR_INVAL); 5136 goto out; 5137 } 5138 5139 if (crgetuid(cr) != bva.va_uid && 5140 (error = VOP_ACCESS(vp, VWRITE, 0, cr, &ct))) { 5141 *cs->statusp = resp->status = puterrno4(error); 5142 goto out; 5143 } 5144 5145 if (MANDLOCK(vp, bva.va_mode)) { 5146 *cs->statusp = resp->status = NFS4ERR_ACCESS; 5147 goto out; 5148 } 5149 5150 if (args->data_len == 0) { 5151 *cs->statusp = resp->status = NFS4_OK; 5152 resp->count = 0; 5153 resp->committed = args->stable; 5154 resp->writeverf = Write4verf; 5155 goto out; 5156 } 5157 5158 if (args->mblk != NULL) { 5159 mblk_t *m; 5160 uint_t bytes, round_len; 5161 5162 iovcnt = 0; 5163 bytes = 0; 5164 round_len = roundup(args->data_len, BYTES_PER_XDR_UNIT); 5165 for (m = args->mblk; 5166 m != NULL && bytes < round_len; 5167 m = m->b_cont) { 5168 iovcnt++; 5169 bytes += MBLKL(m); 5170 } 5171 #ifdef DEBUG 5172 /* should have ended on an mblk boundary */ 5173 if (bytes != round_len) { 5174 printf("bytes=0x%x, round_len=0x%x, req len=0x%x\n", 5175 bytes, round_len, args->data_len); 5176 printf("args=%p, args->mblk=%p, m=%p", (void *)args, 5177 (void *)args->mblk, (void *)m); 5178 ASSERT(bytes == round_len); 5179 } 5180 #endif 5181 if (iovcnt <= MAX_IOVECS) { 5182 iovp = iov; 5183 } else { 5184 iovp = kmem_alloc(sizeof (*iovp) * iovcnt, KM_SLEEP); 5185 } 5186 mblk_to_iov(args->mblk, iovcnt, iovp); 5187 } else { 5188 iovcnt = 1; 5189 iovp = iov; 5190 iovp->iov_base = args->data_val; 5191 iovp->iov_len = args->data_len; 5192 } 5193 5194 uio.uio_iov = iovp; 5195 uio.uio_iovcnt = iovcnt; 5196 5197 uio.uio_segflg = UIO_SYSSPACE; 5198 uio.uio_extflg = UIO_COPY_DEFAULT; 5199 uio.uio_loffset = args->offset; 5200 uio.uio_resid = args->data_len; 5201 uio.uio_llimit = curproc->p_fsz_ctl; 5202 rlimit = uio.uio_llimit - args->offset; 5203 if (rlimit < (u_offset_t)uio.uio_resid) 5204 uio.uio_resid = (int)rlimit; 5205 5206 if (args->stable == UNSTABLE4) 5207 ioflag = 0; 5208 else if (args->stable == FILE_SYNC4) 5209 ioflag = FSYNC; 5210 else if (args->stable == DATA_SYNC4) 5211 ioflag = FDSYNC; 5212 else { 5213 if (iovp != iov) 5214 kmem_free(iovp, sizeof (*iovp) * iovcnt); 5215 *cs->statusp = resp->status = NFS4ERR_INVAL; 5216 goto out; 5217 } 5218 5219 /* 5220 * We're changing creds because VM may fault and we need 5221 * the cred of the current thread to be used if quota 5222 * checking is enabled. 5223 */ 5224 savecred = curthread->t_cred; 5225 curthread->t_cred = cr; 5226 error = do_io(FWRITE, vp, &uio, ioflag, cr, &ct); 5227 curthread->t_cred = savecred; 5228 5229 if (iovp != iov) 5230 kmem_free(iovp, sizeof (*iovp) * iovcnt); 5231 5232 if (error) { 5233 *cs->statusp = resp->status = puterrno4(error); 5234 goto out; 5235 } 5236 5237 *cs->statusp = resp->status = NFS4_OK; 5238 resp->count = args->data_len - uio.uio_resid; 5239 5240 if (ioflag == 0) 5241 resp->committed = UNSTABLE4; 5242 else 5243 resp->committed = FILE_SYNC4; 5244 5245 resp->writeverf = Write4verf; 5246 5247 out: 5248 if (in_crit) 5249 nbl_end_crit(vp); 5250 } 5251 5252 5253 /* XXX put in a header file */ 5254 extern int sec_svc_getcred(struct svc_req *, cred_t *, caddr_t *, int *); 5255 5256 void 5257 rfs4_compound(COMPOUND4args *args, COMPOUND4res *resp, struct exportinfo *exi, 5258 struct svc_req *req, cred_t *cr) 5259 { 5260 uint_t i; 5261 struct compound_state cs; 5262 5263 rfs4_init_compound_state(&cs); 5264 /* 5265 * Form a reply tag by copying over the reqeuest tag. 5266 */ 5267 resp->tag.utf8string_val = 5268 kmem_alloc(args->tag.utf8string_len, KM_SLEEP); 5269 resp->tag.utf8string_len = args->tag.utf8string_len; 5270 bcopy(args->tag.utf8string_val, resp->tag.utf8string_val, 5271 resp->tag.utf8string_len); 5272 5273 cs.statusp = &resp->status; 5274 5275 /* 5276 * XXX for now, minorversion should be zero 5277 */ 5278 if (args->minorversion != NFS4_MINORVERSION) { 5279 resp->array_len = 0; 5280 resp->array = NULL; 5281 resp->status = NFS4ERR_MINOR_VERS_MISMATCH; 5282 return; 5283 } 5284 5285 resp->array_len = args->array_len; 5286 resp->array = kmem_zalloc(args->array_len * sizeof (nfs_resop4), 5287 KM_SLEEP); 5288 5289 ASSERT(exi == NULL); 5290 ASSERT(cr == NULL); 5291 5292 cr = crget(); 5293 ASSERT(cr != NULL); 5294 5295 if (sec_svc_getcred(req, cr, &cs.principal, &cs.nfsflavor) == 0) { 5296 crfree(cr); 5297 return; 5298 } 5299 5300 cs.basecr = cr; 5301 5302 cs.req = req; 5303 5304 /* 5305 * For now, NFS4 compound processing must be protected by 5306 * exported_lock because it can access more than one exportinfo 5307 * per compound and share/unshare can now change multiple 5308 * exinfo structs. The NFS2/3 code only refs 1 exportinfo 5309 * per proc (excluding public exinfo), and exi_count design 5310 * is sufficient to protect concurrent execution of NFS2/3 5311 * ops along with unexport. This lock will be removed as 5312 * part of the NFSv4 phase 2 namespace redesign work. 5313 */ 5314 rw_enter(&exported_lock, RW_READER); 5315 5316 /* 5317 * If this is the first compound we've seen, we need to start all 5318 * new instances' grace periods. 5319 */ 5320 if (rfs4_seen_first_compound == 0) { 5321 rfs4_grace_start_new(); 5322 /* 5323 * This must be set after rfs4_grace_start_new(), otherwise 5324 * another thread could proceed past here before the former 5325 * is finished. 5326 */ 5327 rfs4_seen_first_compound = 1; 5328 } 5329 5330 for (i = 0; i < args->array_len && cs.cont; i++) { 5331 nfs_argop4 *argop; 5332 nfs_resop4 *resop; 5333 uint_t op; 5334 5335 argop = &args->array[i]; 5336 resop = &resp->array[i]; 5337 resop->resop = argop->argop; 5338 op = (uint_t)resop->resop; 5339 5340 if (op < rfsv4disp_cnt) { 5341 /* 5342 * Count the individual ops here; NULL and COMPOUND 5343 * are counted in common_dispatch() 5344 */ 5345 rfsproccnt_v4_ptr[op].value.ui64++; 5346 5347 NFS4_DEBUG(rfs4_debug > 1, 5348 (CE_NOTE, "Executing %s", rfs4_op_string[op])); 5349 (*rfsv4disptab[op].dis_proc)(argop, resop, req, &cs); 5350 NFS4_DEBUG(rfs4_debug > 1, (CE_NOTE, "%s returned %d", 5351 rfs4_op_string[op], *cs.statusp)); 5352 if (*cs.statusp != NFS4_OK) 5353 cs.cont = FALSE; 5354 } else { 5355 /* 5356 * This is effectively dead code since XDR code 5357 * will have already returned BADXDR if op doesn't 5358 * decode to legal value. This only done for a 5359 * day when XDR code doesn't verify v4 opcodes. 5360 */ 5361 op = OP_ILLEGAL; 5362 rfsproccnt_v4_ptr[OP_ILLEGAL_IDX].value.ui64++; 5363 5364 rfs4_op_illegal(argop, resop, req, &cs); 5365 cs.cont = FALSE; 5366 } 5367 5368 /* 5369 * If not at last op, and if we are to stop, then 5370 * compact the results array. 5371 */ 5372 if ((i + 1) < args->array_len && !cs.cont) { 5373 nfs_resop4 *new_res = kmem_alloc( 5374 (i+1) * sizeof (nfs_resop4), KM_SLEEP); 5375 bcopy(resp->array, 5376 new_res, (i+1) * sizeof (nfs_resop4)); 5377 kmem_free(resp->array, 5378 args->array_len * sizeof (nfs_resop4)); 5379 5380 resp->array_len = i + 1; 5381 resp->array = new_res; 5382 } 5383 } 5384 5385 rw_exit(&exported_lock); 5386 5387 if (cs.vp) 5388 VN_RELE(cs.vp); 5389 if (cs.saved_vp) 5390 VN_RELE(cs.saved_vp); 5391 if (cs.saved_fh.nfs_fh4_val) 5392 kmem_free(cs.saved_fh.nfs_fh4_val, NFS4_FHSIZE); 5393 5394 if (cs.basecr) 5395 crfree(cs.basecr); 5396 if (cs.cr) 5397 crfree(cs.cr); 5398 /* 5399 * done with this compound request, free the label 5400 */ 5401 5402 if (req->rq_label != NULL) { 5403 kmem_free(req->rq_label, sizeof (bslabel_t)); 5404 req->rq_label = NULL; 5405 } 5406 } 5407 5408 /* 5409 * XXX because of what appears to be duplicate calls to rfs4_compound_free 5410 * XXX zero out the tag and array values. Need to investigate why the 5411 * XXX calls occur, but at least prevent the panic for now. 5412 */ 5413 void 5414 rfs4_compound_free(COMPOUND4res *resp) 5415 { 5416 uint_t i; 5417 5418 if (resp->tag.utf8string_val) { 5419 UTF8STRING_FREE(resp->tag) 5420 } 5421 5422 for (i = 0; i < resp->array_len; i++) { 5423 nfs_resop4 *resop; 5424 uint_t op; 5425 5426 resop = &resp->array[i]; 5427 op = (uint_t)resop->resop; 5428 if (op < rfsv4disp_cnt) { 5429 (*rfsv4disptab[op].dis_resfree)(resop); 5430 } 5431 } 5432 if (resp->array != NULL) { 5433 kmem_free(resp->array, resp->array_len * sizeof (nfs_resop4)); 5434 } 5435 } 5436 5437 /* 5438 * Process the value of the compound request rpc flags, as a bit-AND 5439 * of the individual per-op flags (idempotent, allowork, publicfh_ok) 5440 */ 5441 void 5442 rfs4_compound_flagproc(COMPOUND4args *args, int *flagp) 5443 { 5444 int i; 5445 int flag = RPC_ALL; 5446 5447 for (i = 0; flag && i < args->array_len; i++) { 5448 uint_t op; 5449 5450 op = (uint_t)args->array[i].argop; 5451 5452 if (op < rfsv4disp_cnt) 5453 flag &= rfsv4disptab[op].dis_flags; 5454 else 5455 flag = 0; 5456 } 5457 *flagp = flag; 5458 } 5459 5460 nfsstat4 5461 rfs4_client_sysid(rfs4_client_t *cp, sysid_t *sp) 5462 { 5463 nfsstat4 e; 5464 5465 rfs4_dbe_lock(cp->dbe); 5466 5467 if (cp->sysidt != LM_NOSYSID) { 5468 *sp = cp->sysidt; 5469 e = NFS4_OK; 5470 5471 } else if ((cp->sysidt = lm_alloc_sysidt()) != LM_NOSYSID) { 5472 *sp = cp->sysidt; 5473 e = NFS4_OK; 5474 5475 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 5476 "rfs4_client_sysid: allocated 0x%x\n", *sp)); 5477 } else 5478 e = NFS4ERR_DELAY; 5479 5480 rfs4_dbe_unlock(cp->dbe); 5481 return (e); 5482 } 5483 5484 #if defined(DEBUG) && ! defined(lint) 5485 static void lock_print(char *str, int operation, struct flock64 *flk) 5486 { 5487 char *op, *type; 5488 5489 switch (operation) { 5490 case F_GETLK: op = "F_GETLK"; 5491 break; 5492 case F_SETLK: op = "F_SETLK"; 5493 break; 5494 case F_SETLK_NBMAND: op = "F_SETLK_NBMAND"; 5495 break; 5496 default: op = "F_UNKNOWN"; 5497 break; 5498 } 5499 switch (flk->l_type) { 5500 case F_UNLCK: type = "F_UNLCK"; 5501 break; 5502 case F_RDLCK: type = "F_RDLCK"; 5503 break; 5504 case F_WRLCK: type = "F_WRLCK"; 5505 break; 5506 default: type = "F_UNKNOWN"; 5507 break; 5508 } 5509 5510 ASSERT(flk->l_whence == 0); 5511 cmn_err(CE_NOTE, "%s: %s, type = %s, off = %llx len = %llx pid = %d", 5512 str, op, type, (longlong_t)flk->l_start, 5513 flk->l_len ? (longlong_t)flk->l_len : ~0LL, flk->l_pid); 5514 } 5515 5516 #define LOCK_PRINT(d, s, t, f) if (d) lock_print(s, t, f) 5517 #else 5518 #define LOCK_PRINT(d, s, t, f) 5519 #endif 5520 5521 /*ARGSUSED*/ 5522 static bool_t 5523 creds_ok(cred_set_t cr_set, struct svc_req *req, struct compound_state *cs) 5524 { 5525 return (TRUE); 5526 } 5527 5528 /* 5529 * Look up the pathname using the vp in cs as the directory vnode. 5530 * cs->vp will be the vnode for the file on success 5531 */ 5532 5533 static nfsstat4 5534 rfs4_lookup(component4 *component, struct svc_req *req, 5535 struct compound_state *cs) 5536 { 5537 char *nm; 5538 uint32_t len; 5539 nfsstat4 status; 5540 5541 if (cs->vp == NULL) { 5542 return (NFS4ERR_NOFILEHANDLE); 5543 } 5544 if (cs->vp->v_type != VDIR) { 5545 return (NFS4ERR_NOTDIR); 5546 } 5547 5548 if (!utf8_dir_verify(component)) 5549 return (NFS4ERR_INVAL); 5550 5551 nm = utf8_to_fn(component, &len, NULL); 5552 if (nm == NULL) { 5553 return (NFS4ERR_INVAL); 5554 } 5555 5556 if (len > MAXNAMELEN) { 5557 kmem_free(nm, len); 5558 return (NFS4ERR_NAMETOOLONG); 5559 } 5560 5561 status = do_rfs4_op_lookup(nm, len, req, cs); 5562 5563 kmem_free(nm, len); 5564 5565 return (status); 5566 } 5567 5568 static nfsstat4 5569 rfs4_lookupfile(component4 *component, struct svc_req *req, 5570 struct compound_state *cs, uint32_t access, 5571 change_info4 *cinfo) 5572 { 5573 nfsstat4 status; 5574 vnode_t *dvp = cs->vp; 5575 vattr_t bva, ava, fva; 5576 int error; 5577 5578 /* Get "before" change value */ 5579 bva.va_mask = AT_CTIME|AT_SEQ; 5580 error = VOP_GETATTR(dvp, &bva, 0, cs->cr, NULL); 5581 if (error) 5582 return (puterrno4(error)); 5583 5584 /* rfs4_lookup may VN_RELE directory */ 5585 VN_HOLD(dvp); 5586 5587 status = rfs4_lookup(component, req, cs); 5588 if (status != NFS4_OK) { 5589 VN_RELE(dvp); 5590 return (status); 5591 } 5592 5593 /* 5594 * Get "after" change value, if it fails, simply return the 5595 * before value. 5596 */ 5597 ava.va_mask = AT_CTIME|AT_SEQ; 5598 if (VOP_GETATTR(dvp, &ava, 0, cs->cr, NULL)) { 5599 ava.va_ctime = bva.va_ctime; 5600 ava.va_seq = 0; 5601 } 5602 VN_RELE(dvp); 5603 5604 /* 5605 * Validate the file is a file 5606 */ 5607 fva.va_mask = AT_TYPE|AT_MODE; 5608 error = VOP_GETATTR(cs->vp, &fva, 0, cs->cr, NULL); 5609 if (error) 5610 return (puterrno4(error)); 5611 5612 if (fva.va_type != VREG) { 5613 if (fva.va_type == VDIR) 5614 return (NFS4ERR_ISDIR); 5615 if (fva.va_type == VLNK) 5616 return (NFS4ERR_SYMLINK); 5617 return (NFS4ERR_INVAL); 5618 } 5619 5620 NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime); 5621 NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime); 5622 5623 /* 5624 * It is undefined if VOP_LOOKUP will change va_seq, so 5625 * cinfo.atomic = TRUE only if we have 5626 * non-zero va_seq's, and they have not changed. 5627 */ 5628 if (bva.va_seq && ava.va_seq && ava.va_seq == bva.va_seq) 5629 cinfo->atomic = TRUE; 5630 else 5631 cinfo->atomic = FALSE; 5632 5633 /* Check for mandatory locking */ 5634 cs->mandlock = MANDLOCK(cs->vp, fva.va_mode); 5635 return (check_open_access(access, cs, req)); 5636 } 5637 5638 static nfsstat4 5639 create_vnode(vnode_t *dvp, char *nm, vattr_t *vap, createmode4 mode, 5640 timespec32_t *mtime, cred_t *cr, vnode_t **vpp, bool_t *created) 5641 { 5642 int error; 5643 nfsstat4 status = NFS4_OK; 5644 vattr_t va; 5645 5646 tryagain: 5647 5648 /* 5649 * The file open mode used is VWRITE. If the client needs 5650 * some other semantic, then it should do the access checking 5651 * itself. It would have been nice to have the file open mode 5652 * passed as part of the arguments. 5653 */ 5654 5655 *created = TRUE; 5656 error = VOP_CREATE(dvp, nm, vap, EXCL, VWRITE, vpp, cr, 0, NULL, NULL); 5657 5658 if (error) { 5659 *created = FALSE; 5660 5661 /* 5662 * If we got something other than file already exists 5663 * then just return this error. Otherwise, we got 5664 * EEXIST. If we were doing a GUARDED create, then 5665 * just return this error. Otherwise, we need to 5666 * make sure that this wasn't a duplicate of an 5667 * exclusive create request. 5668 * 5669 * The assumption is made that a non-exclusive create 5670 * request will never return EEXIST. 5671 */ 5672 5673 if (error != EEXIST || mode == GUARDED4) { 5674 status = puterrno4(error); 5675 return (status); 5676 } 5677 error = VOP_LOOKUP(dvp, nm, vpp, NULL, 0, NULL, cr, 5678 NULL, NULL, NULL); 5679 5680 if (error) { 5681 /* 5682 * We couldn't find the file that we thought that 5683 * we just created. So, we'll just try creating 5684 * it again. 5685 */ 5686 if (error == ENOENT) 5687 goto tryagain; 5688 5689 status = puterrno4(error); 5690 return (status); 5691 } 5692 5693 if (mode == UNCHECKED4) { 5694 /* existing object must be regular file */ 5695 if ((*vpp)->v_type != VREG) { 5696 if ((*vpp)->v_type == VDIR) 5697 status = NFS4ERR_ISDIR; 5698 else if ((*vpp)->v_type == VLNK) 5699 status = NFS4ERR_SYMLINK; 5700 else 5701 status = NFS4ERR_INVAL; 5702 VN_RELE(*vpp); 5703 return (status); 5704 } 5705 5706 return (NFS4_OK); 5707 } 5708 5709 /* Check for duplicate request */ 5710 ASSERT(mtime != 0); 5711 va.va_mask = AT_MTIME; 5712 error = VOP_GETATTR(*vpp, &va, 0, cr, NULL); 5713 if (!error) { 5714 /* We found the file */ 5715 if (va.va_mtime.tv_sec != mtime->tv_sec || 5716 va.va_mtime.tv_nsec != mtime->tv_nsec) { 5717 /* but its not our creation */ 5718 VN_RELE(*vpp); 5719 return (NFS4ERR_EXIST); 5720 } 5721 *created = TRUE; /* retrans of create == created */ 5722 return (NFS4_OK); 5723 } 5724 VN_RELE(*vpp); 5725 return (NFS4ERR_EXIST); 5726 } 5727 5728 return (NFS4_OK); 5729 } 5730 5731 static nfsstat4 5732 check_open_access(uint32_t access, 5733 struct compound_state *cs, struct svc_req *req) 5734 { 5735 int error; 5736 vnode_t *vp; 5737 bool_t readonly; 5738 cred_t *cr = cs->cr; 5739 5740 /* For now we don't allow mandatory locking as per V2/V3 */ 5741 if (cs->access == CS_ACCESS_DENIED || cs->mandlock) { 5742 return (NFS4ERR_ACCESS); 5743 } 5744 5745 vp = cs->vp; 5746 ASSERT(cr != NULL && vp->v_type == VREG); 5747 5748 /* 5749 * If the file system is exported read only and we are trying 5750 * to open for write, then return NFS4ERR_ROFS 5751 */ 5752 5753 readonly = rdonly4(cs->exi, cs->vp, req); 5754 5755 if ((access & OPEN4_SHARE_ACCESS_WRITE) && readonly) 5756 return (NFS4ERR_ROFS); 5757 5758 if (access & OPEN4_SHARE_ACCESS_READ) { 5759 if ((VOP_ACCESS(vp, VREAD, 0, cr, NULL) != 0) && 5760 (VOP_ACCESS(vp, VEXEC, 0, cr, NULL) != 0)) { 5761 return (NFS4ERR_ACCESS); 5762 } 5763 } 5764 5765 if (access & OPEN4_SHARE_ACCESS_WRITE) { 5766 error = VOP_ACCESS(vp, VWRITE, 0, cr, NULL); 5767 if (error) 5768 return (NFS4ERR_ACCESS); 5769 } 5770 5771 return (NFS4_OK); 5772 } 5773 5774 static nfsstat4 5775 rfs4_createfile(OPEN4args *args, struct svc_req *req, struct compound_state *cs, 5776 change_info4 *cinfo, bitmap4 *attrset, clientid4 clientid) 5777 { 5778 struct nfs4_svgetit_arg sarg; 5779 struct nfs4_ntov_table ntov; 5780 5781 bool_t ntov_table_init = FALSE; 5782 struct statvfs64 sb; 5783 nfsstat4 status; 5784 vnode_t *vp; 5785 vattr_t bva, ava, iva, cva, *vap; 5786 vnode_t *dvp; 5787 timespec32_t *mtime; 5788 char *nm = NULL; 5789 uint_t buflen; 5790 bool_t created; 5791 bool_t setsize = FALSE; 5792 len_t reqsize; 5793 int error; 5794 bool_t trunc; 5795 caller_context_t ct; 5796 component4 *component; 5797 bslabel_t *clabel; 5798 5799 sarg.sbp = &sb; 5800 5801 dvp = cs->vp; 5802 5803 /* Check if the file system is read only */ 5804 if (rdonly4(cs->exi, dvp, req)) 5805 return (NFS4ERR_ROFS); 5806 5807 /* check the label of including directory */ 5808 if (is_system_labeled()) { 5809 ASSERT(req->rq_label != NULL); 5810 clabel = req->rq_label; 5811 DTRACE_PROBE2(tx__rfs4__log__info__opremove__clabel, char *, 5812 "got client label from request(1)", 5813 struct svc_req *, req); 5814 if (!blequal(&l_admin_low->tsl_label, clabel)) { 5815 if (!do_rfs_label_check(clabel, dvp, EQUALITY_CHECK)) { 5816 return (NFS4ERR_ACCESS); 5817 } 5818 } 5819 } 5820 5821 /* 5822 * Get the last component of path name in nm. cs will reference 5823 * the including directory on success. 5824 */ 5825 component = &args->open_claim4_u.file; 5826 if (!utf8_dir_verify(component)) 5827 return (NFS4ERR_INVAL); 5828 5829 nm = utf8_to_fn(component, &buflen, NULL); 5830 5831 if (nm == NULL) 5832 return (NFS4ERR_RESOURCE); 5833 5834 if (buflen > MAXNAMELEN) { 5835 kmem_free(nm, buflen); 5836 return (NFS4ERR_NAMETOOLONG); 5837 } 5838 5839 bva.va_mask = AT_TYPE|AT_CTIME|AT_SEQ; 5840 error = VOP_GETATTR(dvp, &bva, 0, cs->cr, NULL); 5841 if (error) { 5842 kmem_free(nm, buflen); 5843 return (puterrno4(error)); 5844 } 5845 5846 if (bva.va_type != VDIR) { 5847 kmem_free(nm, buflen); 5848 return (NFS4ERR_NOTDIR); 5849 } 5850 5851 NFS4_SET_FATTR4_CHANGE(cinfo->before, bva.va_ctime) 5852 5853 switch (args->mode) { 5854 case GUARDED4: 5855 /*FALLTHROUGH*/ 5856 case UNCHECKED4: 5857 nfs4_ntov_table_init(&ntov); 5858 ntov_table_init = TRUE; 5859 5860 *attrset = 0; 5861 status = do_rfs4_set_attrs(attrset, 5862 &args->createhow4_u.createattrs, 5863 cs, &sarg, &ntov, NFS4ATTR_SETIT); 5864 5865 if (status == NFS4_OK && (sarg.vap->va_mask & AT_TYPE) && 5866 sarg.vap->va_type != VREG) { 5867 if (sarg.vap->va_type == VDIR) 5868 status = NFS4ERR_ISDIR; 5869 else if (sarg.vap->va_type == VLNK) 5870 status = NFS4ERR_SYMLINK; 5871 else 5872 status = NFS4ERR_INVAL; 5873 } 5874 5875 if (status != NFS4_OK) { 5876 kmem_free(nm, buflen); 5877 nfs4_ntov_table_free(&ntov, &sarg); 5878 *attrset = 0; 5879 return (status); 5880 } 5881 5882 vap = sarg.vap; 5883 vap->va_type = VREG; 5884 vap->va_mask |= AT_TYPE; 5885 5886 if ((vap->va_mask & AT_MODE) == 0) { 5887 vap->va_mask |= AT_MODE; 5888 vap->va_mode = (mode_t)0600; 5889 } 5890 5891 if (vap->va_mask & AT_SIZE) { 5892 5893 /* Disallow create with a non-zero size */ 5894 5895 if ((reqsize = sarg.vap->va_size) != 0) { 5896 kmem_free(nm, buflen); 5897 nfs4_ntov_table_free(&ntov, &sarg); 5898 *attrset = 0; 5899 return (NFS4ERR_INVAL); 5900 } 5901 setsize = TRUE; 5902 } 5903 break; 5904 5905 case EXCLUSIVE4: 5906 /* prohibit EXCL create of named attributes */ 5907 if (dvp->v_flag & V_XATTRDIR) { 5908 kmem_free(nm, buflen); 5909 *attrset = 0; 5910 return (NFS4ERR_INVAL); 5911 } 5912 5913 cva.va_mask = AT_TYPE | AT_MTIME | AT_MODE; 5914 cva.va_type = VREG; 5915 /* 5916 * Ensure no time overflows. Assumes underlying 5917 * filesystem supports at least 32 bits. 5918 * Truncate nsec to usec resolution to allow valid 5919 * compares even if the underlying filesystem truncates. 5920 */ 5921 mtime = (timespec32_t *)&args->createhow4_u.createverf; 5922 cva.va_mtime.tv_sec = mtime->tv_sec % TIME32_MAX; 5923 cva.va_mtime.tv_nsec = (mtime->tv_nsec / 1000) * 1000; 5924 cva.va_mode = (mode_t)0; 5925 vap = &cva; 5926 break; 5927 } 5928 5929 status = create_vnode(dvp, nm, vap, args->mode, mtime, 5930 cs->cr, &vp, &created); 5931 kmem_free(nm, buflen); 5932 5933 if (status != NFS4_OK) { 5934 if (ntov_table_init) 5935 nfs4_ntov_table_free(&ntov, &sarg); 5936 *attrset = 0; 5937 return (status); 5938 } 5939 5940 trunc = (setsize && !created); 5941 5942 if (args->mode != EXCLUSIVE4) { 5943 bitmap4 createmask = args->createhow4_u.createattrs.attrmask; 5944 5945 /* 5946 * True verification that object was created with correct 5947 * attrs is impossible. The attrs could have been changed 5948 * immediately after object creation. If attributes did 5949 * not verify, the only recourse for the server is to 5950 * destroy the object. Maybe if some attrs (like gid) 5951 * are set incorrectly, the object should be destroyed; 5952 * however, seems bad as a default policy. Do we really 5953 * want to destroy an object over one of the times not 5954 * verifying correctly? For these reasons, the server 5955 * currently sets bits in attrset for createattrs 5956 * that were set; however, no verification is done. 5957 * 5958 * vmask_to_nmask accounts for vattr bits set on create 5959 * [do_rfs4_set_attrs() only sets resp bits for 5960 * non-vattr/vfs bits.] 5961 * Mask off any bits we set by default so as not to return 5962 * more attrset bits than were requested in createattrs 5963 */ 5964 if (created) { 5965 nfs4_vmask_to_nmask(sarg.vap->va_mask, attrset); 5966 *attrset &= createmask; 5967 } else { 5968 /* 5969 * We did not create the vnode (we tried but it 5970 * already existed). In this case, the only createattr 5971 * that the spec allows the server to set is size, 5972 * and even then, it can only be set if it is 0. 5973 */ 5974 *attrset = 0; 5975 if (trunc) 5976 *attrset = FATTR4_SIZE_MASK; 5977 } 5978 } 5979 if (ntov_table_init) 5980 nfs4_ntov_table_free(&ntov, &sarg); 5981 5982 /* 5983 * Get the initial "after" sequence number, if it fails, 5984 * set to zero, time to before. 5985 */ 5986 iva.va_mask = AT_CTIME|AT_SEQ; 5987 if (VOP_GETATTR(dvp, &iva, 0, cs->cr, NULL)) { 5988 iva.va_seq = 0; 5989 iva.va_ctime = bva.va_ctime; 5990 } 5991 5992 /* 5993 * create_vnode attempts to create the file exclusive, 5994 * if it already exists the VOP_CREATE will fail and 5995 * may not increase va_seq. It is atomic if 5996 * we haven't changed the directory, but if it has changed 5997 * we don't know what changed it. 5998 */ 5999 if (!created) { 6000 if (bva.va_seq && iva.va_seq && 6001 bva.va_seq == iva.va_seq) 6002 cinfo->atomic = TRUE; 6003 else 6004 cinfo->atomic = FALSE; 6005 NFS4_SET_FATTR4_CHANGE(cinfo->after, iva.va_ctime); 6006 } else { 6007 /* 6008 * The entry was created, we need to sync the 6009 * directory metadata. 6010 */ 6011 (void) VOP_FSYNC(dvp, 0, cs->cr, NULL); 6012 6013 /* 6014 * Get "after" change value, if it fails, simply return the 6015 * before value. 6016 */ 6017 ava.va_mask = AT_CTIME|AT_SEQ; 6018 if (VOP_GETATTR(dvp, &ava, 0, cs->cr, NULL)) { 6019 ava.va_ctime = bva.va_ctime; 6020 ava.va_seq = 0; 6021 } 6022 6023 NFS4_SET_FATTR4_CHANGE(cinfo->after, ava.va_ctime); 6024 6025 /* 6026 * The cinfo->atomic = TRUE only if we have 6027 * non-zero va_seq's, and it has incremented by exactly one 6028 * during the create_vnode and it didn't 6029 * change during the VOP_FSYNC. 6030 */ 6031 if (bva.va_seq && iva.va_seq && ava.va_seq && 6032 iva.va_seq == (bva.va_seq + 1) && iva.va_seq == ava.va_seq) 6033 cinfo->atomic = TRUE; 6034 else 6035 cinfo->atomic = FALSE; 6036 } 6037 6038 /* Check for mandatory locking and that the size gets set. */ 6039 cva.va_mask = AT_MODE; 6040 if (setsize) 6041 cva.va_mask |= AT_SIZE; 6042 6043 /* Assume the worst */ 6044 cs->mandlock = TRUE; 6045 6046 if (VOP_GETATTR(vp, &cva, 0, cs->cr, NULL) == 0) { 6047 cs->mandlock = MANDLOCK(cs->vp, cva.va_mode); 6048 6049 /* 6050 * Truncate the file if necessary; this would be 6051 * the case for create over an existing file. 6052 */ 6053 6054 if (trunc) { 6055 int in_crit = 0; 6056 rfs4_file_t *fp; 6057 bool_t create = FALSE; 6058 6059 /* 6060 * We are writing over an existing file. 6061 * Check to see if we need to recall a delegation. 6062 */ 6063 rfs4_hold_deleg_policy(); 6064 if ((fp = rfs4_findfile(vp, NULL, &create)) != NULL) { 6065 if (rfs4_check_delegated_byfp(FWRITE, fp, 6066 (reqsize == 0), FALSE, FALSE, &clientid)) { 6067 rfs4_file_rele(fp); 6068 rfs4_rele_deleg_policy(); 6069 VN_RELE(vp); 6070 *attrset = 0; 6071 return (NFS4ERR_DELAY); 6072 } 6073 rfs4_file_rele(fp); 6074 } 6075 rfs4_rele_deleg_policy(); 6076 6077 if (nbl_need_check(vp)) { 6078 in_crit = 1; 6079 6080 ASSERT(reqsize == 0); 6081 6082 nbl_start_crit(vp, RW_READER); 6083 if (nbl_conflict(vp, NBL_WRITE, 0, 6084 cva.va_size, 0, NULL)) { 6085 in_crit = 0; 6086 nbl_end_crit(vp); 6087 VN_RELE(vp); 6088 *attrset = 0; 6089 return (NFS4ERR_ACCESS); 6090 } 6091 } 6092 ct.cc_sysid = 0; 6093 ct.cc_pid = 0; 6094 ct.cc_caller_id = nfs4_srv_caller_id; 6095 6096 cva.va_mask = AT_SIZE; 6097 cva.va_size = reqsize; 6098 (void) VOP_SETATTR(vp, &cva, 0, cs->cr, &ct); 6099 if (in_crit) 6100 nbl_end_crit(vp); 6101 } 6102 } 6103 6104 error = makefh4(&cs->fh, vp, cs->exi); 6105 6106 /* 6107 * Force modified data and metadata out to stable storage. 6108 */ 6109 (void) VOP_FSYNC(vp, FNODSYNC, cs->cr, NULL); 6110 6111 if (error) { 6112 VN_RELE(vp); 6113 *attrset = 0; 6114 return (puterrno4(error)); 6115 } 6116 6117 /* if parent dir is attrdir, set namedattr fh flag */ 6118 if (dvp->v_flag & V_XATTRDIR) 6119 set_fh4_flag(&cs->fh, FH4_NAMEDATTR); 6120 6121 if (cs->vp) 6122 VN_RELE(cs->vp); 6123 6124 cs->vp = vp; 6125 6126 /* 6127 * if we did not create the file, we will need to check 6128 * the access bits on the file 6129 */ 6130 6131 if (!created) { 6132 if (setsize) 6133 args->share_access |= OPEN4_SHARE_ACCESS_WRITE; 6134 status = check_open_access(args->share_access, cs, req); 6135 if (status != NFS4_OK) 6136 *attrset = 0; 6137 } 6138 return (status); 6139 } 6140 6141 /*ARGSUSED*/ 6142 static void 6143 rfs4_do_open(struct compound_state *cs, struct svc_req *req, 6144 rfs4_openowner_t *oo, delegreq_t deleg, 6145 uint32_t access, uint32_t deny, 6146 OPEN4res *resp, int deleg_cur) 6147 { 6148 /* XXX Currently not using req */ 6149 rfs4_state_t *state; 6150 rfs4_file_t *file; 6151 bool_t screate = TRUE; 6152 bool_t fcreate = TRUE; 6153 uint32_t amodes; 6154 uint32_t dmodes; 6155 rfs4_deleg_state_t *dsp; 6156 struct shrlock shr; 6157 struct shr_locowner shr_loco; 6158 sysid_t sysid; 6159 nfsstat4 status; 6160 caller_context_t ct; 6161 int fflags = 0; 6162 int recall = 0; 6163 int err; 6164 int cmd; 6165 6166 /* get the file struct and hold a lock on it during initial open */ 6167 file = rfs4_findfile_withlock(cs->vp, &cs->fh, &fcreate); 6168 if (file == NULL) { 6169 NFS4_DEBUG(rfs4_debug, 6170 (CE_NOTE, "rfs4_do_open: can't find file")); 6171 resp->status = NFS4ERR_SERVERFAULT; 6172 return; 6173 } 6174 6175 state = rfs4_findstate_by_owner_file(oo, file, &screate); 6176 if (state == NULL) { 6177 NFS4_DEBUG(rfs4_debug, 6178 (CE_NOTE, "rfs4_do_open: can't find state")); 6179 resp->status = NFS4ERR_RESOURCE; 6180 /* No need to keep any reference */ 6181 rfs4_file_rele_withunlock(file); 6182 return; 6183 } 6184 6185 /* try to get the sysid before continuing */ 6186 if ((status = rfs4_client_sysid(oo->client, &sysid)) != NFS4_OK) { 6187 resp->status = status; 6188 rfs4_file_rele(file); 6189 /* Not a fully formed open; "close" it */ 6190 if (screate == TRUE) 6191 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6192 rfs4_state_rele(state); 6193 return; 6194 } 6195 6196 /* Calculate the fflags for this OPEN. */ 6197 if (access & OPEN4_SHARE_ACCESS_READ) 6198 fflags |= FREAD; 6199 if (access & OPEN4_SHARE_ACCESS_WRITE) 6200 fflags |= FWRITE; 6201 6202 /* 6203 * Calculate the new deny and access mode that this open is adding to 6204 * the file for this open owner; 6205 */ 6206 dmodes = (deny & ~state->share_deny); 6207 amodes = (access & ~state->share_access); 6208 6209 /* 6210 * Check to see the client has already sent an open for this 6211 * open owner on this file with the same share/deny modes. 6212 * If so, we don't need to check for a conflict and we don't 6213 * need to add another shrlock. If not, then we need to 6214 * check for conflicts in deny and access before checking for 6215 * conflicts in delegation. We don't want to recall a 6216 * delegation based on an open that will eventually fail based 6217 * on shares modes. 6218 */ 6219 6220 if (dmodes || amodes) { 6221 shr.s_access = (short)access; 6222 shr.s_deny = (short)deny; 6223 shr.s_pid = rfs4_dbe_getid(oo->dbe); 6224 shr.s_sysid = sysid; 6225 shr_loco.sl_pid = shr.s_pid; 6226 shr_loco.sl_id = shr.s_sysid; 6227 shr.s_owner = (caddr_t)&shr_loco; 6228 shr.s_own_len = sizeof (shr_loco); 6229 6230 cmd = nbl_need_check(cs->vp) ? F_SHARE_NBMAND : F_SHARE; 6231 if ((err = vop_shrlock(cs->vp, cmd, &shr, fflags)) != 0) { 6232 6233 resp->status = err == EAGAIN ? 6234 NFS4ERR_SHARE_DENIED : puterrno4(err); 6235 6236 rfs4_file_rele(file); 6237 /* Not a fully formed open; "close" it */ 6238 if (screate == TRUE) 6239 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6240 rfs4_state_rele(state); 6241 return; 6242 } 6243 } 6244 6245 rfs4_dbe_lock(state->dbe); 6246 rfs4_dbe_lock(file->dbe); 6247 6248 /* 6249 * Check to see if this file is delegated and if so, if a 6250 * recall needs to be done. 6251 */ 6252 if (rfs4_check_recall(state, access)) { 6253 rfs4_dbe_unlock(file->dbe); 6254 rfs4_dbe_unlock(state->dbe); 6255 rfs4_recall_deleg(file, FALSE, state->owner->client); 6256 delay(NFS4_DELEGATION_CONFLICT_DELAY); 6257 rfs4_dbe_lock(state->dbe); 6258 rfs4_dbe_lock(file->dbe); 6259 /* Let's see if the delegation was returned */ 6260 if (rfs4_check_recall(state, access)) { 6261 rfs4_dbe_unlock(file->dbe); 6262 rfs4_dbe_unlock(state->dbe); 6263 rfs4_file_rele(file); 6264 rfs4_update_lease(state->owner->client); 6265 (void) vop_shrlock(cs->vp, F_UNSHARE, &shr, fflags); 6266 /* Not a fully formed open; "close" it */ 6267 if (screate == TRUE) 6268 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6269 rfs4_state_rele(state); 6270 resp->status = NFS4ERR_DELAY; 6271 return; 6272 } 6273 } 6274 /* 6275 * the share check passed and any delegation conflict has been 6276 * taken care of, now call vop_open. 6277 * if this is the first open then call vop_open with fflags. 6278 * if not, call vn_open_upgrade with just the upgrade flags. 6279 * 6280 * if the file has been opened already, it will have the current 6281 * access mode in the state struct. if it has no share access, then 6282 * this is a new open. 6283 * 6284 * However, if this is open with CLAIM_DLEGATE_CUR, then don't 6285 * call VOP_OPEN(), just do the open upgrade. 6286 */ 6287 if (((state->share_access & OPEN4_SHARE_ACCESS_BOTH) == 0) && 6288 !deleg_cur) { 6289 ct.cc_sysid = sysid; 6290 ct.cc_pid = shr.s_pid; 6291 ct.cc_caller_id = nfs4_srv_caller_id; 6292 err = VOP_OPEN(&cs->vp, fflags, cs->cr, &ct); 6293 if (err) { 6294 rfs4_dbe_unlock(file->dbe); 6295 rfs4_dbe_unlock(state->dbe); 6296 rfs4_file_rele(file); 6297 (void) vop_shrlock(cs->vp, F_UNSHARE, &shr, fflags); 6298 /* Not a fully formed open; "close" it */ 6299 if (screate == TRUE) 6300 rfs4_state_close(state, FALSE, FALSE, cs->cr); 6301 rfs4_state_rele(state); 6302 resp->status = NFS4ERR_SERVERFAULT; 6303 return; 6304 } 6305 } else { /* open upgrade */ 6306 /* 6307 * calculate the fflags for the new mode that is being added 6308 * by this upgrade. 6309 */ 6310 fflags = 0; 6311 if (amodes & OPEN4_SHARE_ACCESS_READ) 6312 fflags |= FREAD; 6313 if (amodes & OPEN4_SHARE_ACCESS_WRITE) 6314 fflags |= FWRITE; 6315 vn_open_upgrade(cs->vp, fflags); 6316 } 6317 6318 if (dmodes & OPEN4_SHARE_DENY_READ) 6319 file->deny_read++; 6320 if (dmodes & OPEN4_SHARE_DENY_WRITE) 6321 file->deny_write++; 6322 file->share_deny |= deny; 6323 state->share_deny |= deny; 6324 6325 if (amodes & OPEN4_SHARE_ACCESS_READ) 6326 file->access_read++; 6327 if (amodes & OPEN4_SHARE_ACCESS_WRITE) 6328 file->access_write++; 6329 file->share_access |= access; 6330 state->share_access |= access; 6331 6332 /* 6333 * Check for delegation here. if the deleg argument is not 6334 * DELEG_ANY, then this is a reclaim from a client and 6335 * we must honor the delegation requested. If necessary we can 6336 * set the recall flag. 6337 */ 6338 6339 dsp = rfs4_grant_delegation(deleg, state, &recall); 6340 6341 cs->deleg = (file->dinfo->dtype == OPEN_DELEGATE_WRITE); 6342 6343 next_stateid(&state->stateid); 6344 6345 resp->stateid = state->stateid.stateid; 6346 6347 rfs4_dbe_unlock(file->dbe); 6348 rfs4_dbe_unlock(state->dbe); 6349 6350 if (dsp) { 6351 rfs4_set_deleg_response(dsp, &resp->delegation, NULL, recall); 6352 rfs4_deleg_state_rele(dsp); 6353 } 6354 6355 rfs4_file_rele(file); 6356 rfs4_state_rele(state); 6357 6358 resp->status = NFS4_OK; 6359 } 6360 6361 /*ARGSUSED*/ 6362 static void 6363 rfs4_do_opennull(struct compound_state *cs, struct svc_req *req, 6364 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6365 { 6366 change_info4 *cinfo = &resp->cinfo; 6367 bitmap4 *attrset = &resp->attrset; 6368 6369 if (args->opentype == OPEN4_NOCREATE) 6370 resp->status = rfs4_lookupfile(&args->open_claim4_u.file, 6371 req, cs, args->share_access, cinfo); 6372 else { 6373 /* inhibit delegation grants during exclusive create */ 6374 6375 if (args->mode == EXCLUSIVE4) 6376 rfs4_disable_delegation(); 6377 6378 resp->status = rfs4_createfile(args, req, cs, cinfo, attrset, 6379 oo->client->clientid); 6380 } 6381 6382 if (resp->status == NFS4_OK) { 6383 6384 /* cs->vp cs->fh now reference the desired file */ 6385 6386 rfs4_do_open(cs, req, oo, DELEG_ANY, args->share_access, 6387 args->share_deny, resp, 0); 6388 6389 /* 6390 * If rfs4_createfile set attrset, we must 6391 * clear this attrset before the response is copied. 6392 */ 6393 if (resp->status != NFS4_OK && resp->attrset) { 6394 resp->attrset = 0; 6395 } 6396 } 6397 else 6398 *cs->statusp = resp->status; 6399 6400 if (args->mode == EXCLUSIVE4) 6401 rfs4_enable_delegation(); 6402 } 6403 6404 /*ARGSUSED*/ 6405 static void 6406 rfs4_do_openprev(struct compound_state *cs, struct svc_req *req, 6407 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6408 { 6409 change_info4 *cinfo = &resp->cinfo; 6410 vattr_t va; 6411 vtype_t v_type = cs->vp->v_type; 6412 int error = 0; 6413 6414 /* Verify that we have a regular file */ 6415 if (v_type != VREG) { 6416 if (v_type == VDIR) 6417 resp->status = NFS4ERR_ISDIR; 6418 else if (v_type == VLNK) 6419 resp->status = NFS4ERR_SYMLINK; 6420 else 6421 resp->status = NFS4ERR_INVAL; 6422 return; 6423 } 6424 6425 va.va_mask = AT_MODE|AT_UID; 6426 error = VOP_GETATTR(cs->vp, &va, 0, cs->cr, NULL); 6427 if (error) { 6428 resp->status = puterrno4(error); 6429 return; 6430 } 6431 6432 cs->mandlock = MANDLOCK(cs->vp, va.va_mode); 6433 6434 /* 6435 * Check if we have access to the file, Note the the file 6436 * could have originally been open UNCHECKED or GUARDED 6437 * with mode bits that will now fail, but there is nothing 6438 * we can really do about that except in the case that the 6439 * owner of the file is the one requesting the open. 6440 */ 6441 if (crgetuid(cs->cr) != va.va_uid) { 6442 resp->status = check_open_access(args->share_access, cs, req); 6443 if (resp->status != NFS4_OK) { 6444 return; 6445 } 6446 } 6447 6448 /* 6449 * cinfo on a CLAIM_PREVIOUS is undefined, initialize to zero 6450 */ 6451 cinfo->before = 0; 6452 cinfo->after = 0; 6453 cinfo->atomic = FALSE; 6454 6455 rfs4_do_open(cs, req, oo, 6456 NFS4_DELEG4TYPE2REQTYPE(args->open_claim4_u.delegate_type), 6457 args->share_access, args->share_deny, resp, 0); 6458 } 6459 6460 static void 6461 rfs4_do_opendelcur(struct compound_state *cs, struct svc_req *req, 6462 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6463 { 6464 int error; 6465 nfsstat4 status; 6466 stateid4 stateid = 6467 args->open_claim4_u.delegate_cur_info.delegate_stateid; 6468 rfs4_deleg_state_t *dsp; 6469 6470 /* 6471 * Find the state info from the stateid and confirm that the 6472 * file is delegated. If the state openowner is the same as 6473 * the supplied openowner we're done. If not, get the file 6474 * info from the found state info. Use that file info to 6475 * create the state for this lock owner. Note solaris doen't 6476 * really need the pathname to find the file. We may want to 6477 * lookup the pathname and make sure that the vp exist and 6478 * matches the vp in the file structure. However it is 6479 * possible that the pathname nolonger exists (local process 6480 * unlinks the file), so this may not be that useful. 6481 */ 6482 6483 status = rfs4_get_deleg_state(&stateid, &dsp); 6484 if (status != NFS4_OK) { 6485 resp->status = status; 6486 return; 6487 } 6488 6489 ASSERT(dsp->finfo->dinfo->dtype != OPEN_DELEGATE_NONE); 6490 6491 /* 6492 * New lock owner, create state. Since this was probably called 6493 * in response to a CB_RECALL we set deleg to DELEG_NONE 6494 */ 6495 6496 ASSERT(cs->vp != NULL); 6497 VN_RELE(cs->vp); 6498 VN_HOLD(dsp->finfo->vp); 6499 cs->vp = dsp->finfo->vp; 6500 6501 if (error = makefh4(&cs->fh, cs->vp, cs->exi)) { 6502 rfs4_deleg_state_rele(dsp); 6503 *cs->statusp = resp->status = puterrno4(error); 6504 return; 6505 } 6506 6507 /* Mark progress for delegation returns */ 6508 dsp->finfo->dinfo->time_lastwrite = gethrestime_sec(); 6509 rfs4_deleg_state_rele(dsp); 6510 rfs4_do_open(cs, req, oo, DELEG_NONE, 6511 args->share_access, args->share_deny, resp, 1); 6512 } 6513 6514 /*ARGSUSED*/ 6515 static void 6516 rfs4_do_opendelprev(struct compound_state *cs, struct svc_req *req, 6517 OPEN4args *args, rfs4_openowner_t *oo, OPEN4res *resp) 6518 { 6519 /* 6520 * Lookup the pathname, it must already exist since this file 6521 * was delegated. 6522 * 6523 * Find the file and state info for this vp and open owner pair. 6524 * check that they are in fact delegated. 6525 * check that the state access and deny modes are the same. 6526 * 6527 * Return the delgation possibly seting the recall flag. 6528 */ 6529 rfs4_file_t *file; 6530 rfs4_state_t *state; 6531 bool_t create = FALSE; 6532 bool_t dcreate = FALSE; 6533 rfs4_deleg_state_t *dsp; 6534 nfsace4 *ace; 6535 6536 6537 /* Note we ignore oflags */ 6538 resp->status = rfs4_lookupfile(&args->open_claim4_u.file_delegate_prev, 6539 req, cs, args->share_access, &resp->cinfo); 6540 6541 if (resp->status != NFS4_OK) { 6542 return; 6543 } 6544 6545 /* get the file struct and hold a lock on it during initial open */ 6546 file = rfs4_findfile_withlock(cs->vp, NULL, &create); 6547 if (file == NULL) { 6548 NFS4_DEBUG(rfs4_debug, 6549 (CE_NOTE, "rfs4_do_opendelprev: can't find file")); 6550 resp->status = NFS4ERR_SERVERFAULT; 6551 return; 6552 } 6553 6554 state = rfs4_findstate_by_owner_file(oo, file, &create); 6555 if (state == NULL) { 6556 NFS4_DEBUG(rfs4_debug, 6557 (CE_NOTE, "rfs4_do_opendelprev: can't find state")); 6558 resp->status = NFS4ERR_SERVERFAULT; 6559 rfs4_file_rele_withunlock(file); 6560 return; 6561 } 6562 6563 rfs4_dbe_lock(state->dbe); 6564 rfs4_dbe_lock(file->dbe); 6565 if (args->share_access != state->share_access || 6566 args->share_deny != state->share_deny || 6567 state->finfo->dinfo->dtype == OPEN_DELEGATE_NONE) { 6568 NFS4_DEBUG(rfs4_debug, 6569 (CE_NOTE, "rfs4_do_opendelprev: state mixup")); 6570 rfs4_dbe_unlock(file->dbe); 6571 rfs4_dbe_unlock(state->dbe); 6572 rfs4_file_rele(file); 6573 rfs4_state_rele(state); 6574 resp->status = NFS4ERR_SERVERFAULT; 6575 return; 6576 } 6577 rfs4_dbe_unlock(file->dbe); 6578 rfs4_dbe_unlock(state->dbe); 6579 6580 dsp = rfs4_finddeleg(state, &dcreate); 6581 if (dsp == NULL) { 6582 rfs4_state_rele(state); 6583 rfs4_file_rele(file); 6584 resp->status = NFS4ERR_SERVERFAULT; 6585 return; 6586 } 6587 6588 next_stateid(&state->stateid); 6589 6590 resp->stateid = state->stateid.stateid; 6591 6592 resp->delegation.delegation_type = dsp->dtype; 6593 6594 if (dsp->dtype == OPEN_DELEGATE_READ) { 6595 open_read_delegation4 *rv = 6596 &resp->delegation.open_delegation4_u.read; 6597 6598 rv->stateid = dsp->delegid.stateid; 6599 rv->recall = FALSE; /* no policy in place to set to TRUE */ 6600 ace = &rv->permissions; 6601 } else { 6602 open_write_delegation4 *rv = 6603 &resp->delegation.open_delegation4_u.write; 6604 6605 rv->stateid = dsp->delegid.stateid; 6606 rv->recall = FALSE; /* no policy in place to set to TRUE */ 6607 ace = &rv->permissions; 6608 rv->space_limit.limitby = NFS_LIMIT_SIZE; 6609 rv->space_limit.nfs_space_limit4_u.filesize = UINT64_MAX; 6610 } 6611 6612 /* XXX For now */ 6613 ace->type = ACE4_ACCESS_ALLOWED_ACE_TYPE; 6614 ace->flag = 0; 6615 ace->access_mask = 0; 6616 ace->who.utf8string_len = 0; 6617 ace->who.utf8string_val = 0; 6618 6619 rfs4_deleg_state_rele(dsp); 6620 rfs4_state_rele(state); 6621 rfs4_file_rele(file); 6622 } 6623 6624 typedef enum { 6625 NFS4_CHKSEQ_OKAY = 0, 6626 NFS4_CHKSEQ_REPLAY = 1, 6627 NFS4_CHKSEQ_BAD = 2 6628 } rfs4_chkseq_t; 6629 6630 /* 6631 * Generic function for sequence number checks. 6632 */ 6633 static rfs4_chkseq_t 6634 rfs4_check_seqid(seqid4 seqid, nfs_resop4 *lastop, 6635 seqid4 rqst_seq, nfs_resop4 *resop, bool_t copyres) 6636 { 6637 /* Same sequence ids and matching operations? */ 6638 if (seqid == rqst_seq && resop->resop == lastop->resop) { 6639 if (copyres == TRUE) { 6640 rfs4_free_reply(resop); 6641 rfs4_copy_reply(resop, lastop); 6642 } 6643 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 6644 "Replayed SEQID %d\n", seqid)); 6645 return (NFS4_CHKSEQ_REPLAY); 6646 } 6647 6648 /* If the incoming sequence is not the next expected then it is bad */ 6649 if (rqst_seq != seqid + 1) { 6650 if (rqst_seq == seqid) { 6651 NFS4_DEBUG(rfs4_debug, 6652 (CE_NOTE, "BAD SEQID: Replayed sequence id " 6653 "but last op was %d current op is %d\n", 6654 lastop->resop, resop->resop)); 6655 return (NFS4_CHKSEQ_BAD); 6656 } 6657 NFS4_DEBUG(rfs4_debug, 6658 (CE_NOTE, "BAD SEQID: got %u expecting %u\n", 6659 rqst_seq, seqid)); 6660 return (NFS4_CHKSEQ_BAD); 6661 } 6662 6663 /* Everything okay -- next expected */ 6664 return (NFS4_CHKSEQ_OKAY); 6665 } 6666 6667 6668 static rfs4_chkseq_t 6669 rfs4_check_open_seqid(seqid4 seqid, rfs4_openowner_t *op, nfs_resop4 *resop) 6670 { 6671 rfs4_chkseq_t rc; 6672 6673 rfs4_dbe_lock(op->dbe); 6674 rc = rfs4_check_seqid(op->open_seqid, op->reply, seqid, resop, TRUE); 6675 rfs4_dbe_unlock(op->dbe); 6676 6677 if (rc == NFS4_CHKSEQ_OKAY) 6678 rfs4_update_lease(op->client); 6679 6680 return (rc); 6681 } 6682 6683 static rfs4_chkseq_t 6684 rfs4_check_olo_seqid(seqid4 olo_seqid, rfs4_openowner_t *op, 6685 nfs_resop4 *resop) 6686 { 6687 rfs4_chkseq_t rc; 6688 6689 rfs4_dbe_lock(op->dbe); 6690 rc = rfs4_check_seqid(op->open_seqid, op->reply, 6691 olo_seqid, resop, FALSE); 6692 rfs4_dbe_unlock(op->dbe); 6693 6694 return (rc); 6695 } 6696 6697 static rfs4_chkseq_t 6698 rfs4_check_lock_seqid(seqid4 seqid, rfs4_lo_state_t *lp, nfs_resop4 *resop) 6699 { 6700 rfs4_chkseq_t rc = NFS4_CHKSEQ_OKAY; 6701 6702 rfs4_dbe_lock(lp->dbe); 6703 if (!lp->skip_seqid_check) 6704 rc = rfs4_check_seqid(lp->seqid, lp->reply, seqid, resop, TRUE); 6705 rfs4_dbe_unlock(lp->dbe); 6706 6707 return (rc); 6708 } 6709 6710 static void 6711 rfs4_op_open(nfs_argop4 *argop, nfs_resop4 *resop, 6712 struct svc_req *req, struct compound_state *cs) 6713 { 6714 OPEN4args *args = &argop->nfs_argop4_u.opopen; 6715 OPEN4res *resp = &resop->nfs_resop4_u.opopen; 6716 open_owner4 *owner = &args->owner; 6717 open_claim_type4 claim = args->claim; 6718 rfs4_client_t *cp; 6719 rfs4_openowner_t *oo; 6720 bool_t create; 6721 bool_t replay = FALSE; 6722 int can_reclaim; 6723 6724 6725 if (cs->vp == NULL) { 6726 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 6727 return; 6728 } 6729 6730 /* 6731 * Need to check clientid and lease expiration first based on 6732 * error ordering and incrementing sequence id. 6733 */ 6734 cp = rfs4_findclient_by_id(owner->clientid, FALSE); 6735 if (cp == NULL) { 6736 *cs->statusp = resp->status = 6737 rfs4_check_clientid(&owner->clientid, 0); 6738 return; 6739 } 6740 6741 if (rfs4_lease_expired(cp)) { 6742 rfs4_client_close(cp); 6743 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 6744 return; 6745 } 6746 can_reclaim = cp->can_reclaim; 6747 6748 /* 6749 * Find the open_owner for use from this point forward. Take 6750 * care in updating the sequence id based on the type of error 6751 * being returned. 6752 */ 6753 retry: 6754 create = TRUE; 6755 oo = rfs4_findopenowner(owner, &create, args->seqid); 6756 if (oo == NULL) { 6757 *cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID; 6758 rfs4_client_rele(cp); 6759 return; 6760 } 6761 6762 /* Hold off access to the sequence space while the open is done */ 6763 rfs4_sw_enter(&oo->oo_sw); 6764 6765 /* 6766 * If the open_owner existed before at the server, then check 6767 * the sequence id. 6768 */ 6769 if (!create && !oo->postpone_confirm) { 6770 switch (rfs4_check_open_seqid(args->seqid, oo, resop)) { 6771 case NFS4_CHKSEQ_BAD: 6772 if ((args->seqid > oo->open_seqid) && 6773 oo->need_confirm) { 6774 rfs4_free_opens(oo, TRUE, FALSE); 6775 rfs4_sw_exit(&oo->oo_sw); 6776 rfs4_openowner_rele(oo); 6777 goto retry; 6778 } 6779 resp->status = NFS4ERR_BAD_SEQID; 6780 goto out; 6781 case NFS4_CHKSEQ_REPLAY: /* replay of previous request */ 6782 replay = TRUE; 6783 goto out; 6784 default: 6785 break; 6786 } 6787 6788 /* 6789 * Sequence was ok and open owner exists 6790 * check to see if we have yet to see an 6791 * open_confirm. 6792 */ 6793 if (oo->need_confirm) { 6794 rfs4_free_opens(oo, TRUE, FALSE); 6795 rfs4_sw_exit(&oo->oo_sw); 6796 rfs4_openowner_rele(oo); 6797 goto retry; 6798 } 6799 } 6800 /* Grace only applies to regular-type OPENs */ 6801 if (rfs4_clnt_in_grace(cp) && 6802 (claim == CLAIM_NULL || claim == CLAIM_DELEGATE_CUR)) { 6803 *cs->statusp = resp->status = NFS4ERR_GRACE; 6804 goto out; 6805 } 6806 6807 /* 6808 * If previous state at the server existed then can_reclaim 6809 * will be set. If not reply NFS4ERR_NO_GRACE to the 6810 * client. 6811 */ 6812 if (rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS && !can_reclaim) { 6813 *cs->statusp = resp->status = NFS4ERR_NO_GRACE; 6814 goto out; 6815 } 6816 6817 6818 /* 6819 * Reject the open if the client has missed the grace period 6820 */ 6821 if (!rfs4_clnt_in_grace(cp) && claim == CLAIM_PREVIOUS) { 6822 *cs->statusp = resp->status = NFS4ERR_NO_GRACE; 6823 goto out; 6824 } 6825 6826 /* Couple of up-front bookkeeping items */ 6827 if (oo->need_confirm) { 6828 /* 6829 * If this is a reclaim OPEN then we should not ask 6830 * for a confirmation of the open_owner per the 6831 * protocol specification. 6832 */ 6833 if (claim == CLAIM_PREVIOUS) 6834 oo->need_confirm = FALSE; 6835 else 6836 resp->rflags |= OPEN4_RESULT_CONFIRM; 6837 } 6838 resp->rflags |= OPEN4_RESULT_LOCKTYPE_POSIX; 6839 6840 /* 6841 * If there is an unshared filesystem mounted on this vnode, 6842 * do not allow to open/create in this directory. 6843 */ 6844 if (vn_ismntpt(cs->vp)) { 6845 *cs->statusp = resp->status = NFS4ERR_ACCESS; 6846 goto out; 6847 } 6848 6849 /* 6850 * access must READ, WRITE, or BOTH. No access is invalid. 6851 * deny can be READ, WRITE, BOTH, or NONE. 6852 * bits not defined for access/deny are invalid. 6853 */ 6854 if (! (args->share_access & OPEN4_SHARE_ACCESS_BOTH) || 6855 (args->share_access & ~OPEN4_SHARE_ACCESS_BOTH) || 6856 (args->share_deny & ~OPEN4_SHARE_DENY_BOTH)) { 6857 *cs->statusp = resp->status = NFS4ERR_INVAL; 6858 goto out; 6859 } 6860 6861 6862 /* 6863 * make sure attrset is zero before response is built. 6864 */ 6865 resp->attrset = 0; 6866 6867 switch (claim) { 6868 case CLAIM_NULL: 6869 rfs4_do_opennull(cs, req, args, oo, resp); 6870 break; 6871 case CLAIM_PREVIOUS: 6872 rfs4_do_openprev(cs, req, args, oo, resp); 6873 break; 6874 case CLAIM_DELEGATE_CUR: 6875 rfs4_do_opendelcur(cs, req, args, oo, resp); 6876 break; 6877 case CLAIM_DELEGATE_PREV: 6878 rfs4_do_opendelprev(cs, req, args, oo, resp); 6879 break; 6880 default: 6881 resp->status = NFS4ERR_INVAL; 6882 break; 6883 } 6884 6885 out: 6886 rfs4_client_rele(cp); 6887 6888 /* Catch sequence id handling here to make it a little easier */ 6889 switch (resp->status) { 6890 case NFS4ERR_BADXDR: 6891 case NFS4ERR_BAD_SEQID: 6892 case NFS4ERR_BAD_STATEID: 6893 case NFS4ERR_NOFILEHANDLE: 6894 case NFS4ERR_RESOURCE: 6895 case NFS4ERR_STALE_CLIENTID: 6896 case NFS4ERR_STALE_STATEID: 6897 /* 6898 * The protocol states that if any of these errors are 6899 * being returned, the sequence id should not be 6900 * incremented. Any other return requires an 6901 * increment. 6902 */ 6903 break; 6904 default: 6905 /* Always update the lease in this case */ 6906 rfs4_update_lease(oo->client); 6907 6908 /* Regular response - copy the result */ 6909 if (!replay) 6910 rfs4_update_open_resp(oo, resop, &cs->fh); 6911 6912 /* 6913 * REPLAY case: Only if the previous response was OK 6914 * do we copy the filehandle. If not OK, no 6915 * filehandle to copy. 6916 */ 6917 if (replay == TRUE && 6918 resp->status == NFS4_OK && 6919 oo->reply_fh.nfs_fh4_val) { 6920 /* 6921 * If this is a replay, we must restore the 6922 * current filehandle/vp to that of what was 6923 * returned originally. Try our best to do 6924 * it. 6925 */ 6926 nfs_fh4_fmt_t *fh_fmtp = 6927 (nfs_fh4_fmt_t *)oo->reply_fh.nfs_fh4_val; 6928 6929 cs->exi = checkexport4(&fh_fmtp->fh4_fsid, 6930 (fid_t *)&fh_fmtp->fh4_xlen, NULL); 6931 6932 if (cs->exi == NULL) { 6933 resp->status = NFS4ERR_STALE; 6934 goto finish; 6935 } 6936 6937 VN_RELE(cs->vp); 6938 6939 cs->vp = nfs4_fhtovp(&oo->reply_fh, cs->exi, 6940 &resp->status); 6941 6942 if (cs->vp == NULL) 6943 goto finish; 6944 6945 nfs_fh4_copy(&oo->reply_fh, &cs->fh); 6946 } 6947 6948 /* 6949 * If this was a replay, no need to update the 6950 * sequence id. If the open_owner was not created on 6951 * this pass, then update. The first use of an 6952 * open_owner will not bump the sequence id. 6953 */ 6954 if (replay == FALSE && !create) 6955 rfs4_update_open_sequence(oo); 6956 /* 6957 * If the client is receiving an error and the 6958 * open_owner needs to be confirmed, there is no way 6959 * to notify the client of this fact ignoring the fact 6960 * that the server has no method of returning a 6961 * stateid to confirm. Therefore, the server needs to 6962 * mark this open_owner in a way as to avoid the 6963 * sequence id checking the next time the client uses 6964 * this open_owner. 6965 */ 6966 if (resp->status != NFS4_OK && oo->need_confirm) 6967 oo->postpone_confirm = TRUE; 6968 /* 6969 * If OK response then clear the postpone flag and 6970 * reset the sequence id to keep in sync with the 6971 * client. 6972 */ 6973 if (resp->status == NFS4_OK && oo->postpone_confirm) { 6974 oo->postpone_confirm = FALSE; 6975 oo->open_seqid = args->seqid; 6976 } 6977 break; 6978 } 6979 6980 finish: 6981 *cs->statusp = resp->status; 6982 6983 rfs4_sw_exit(&oo->oo_sw); 6984 rfs4_openowner_rele(oo); 6985 } 6986 6987 /*ARGSUSED*/ 6988 void 6989 rfs4_op_open_confirm(nfs_argop4 *argop, nfs_resop4 *resop, 6990 struct svc_req *req, struct compound_state *cs) 6991 { 6992 OPEN_CONFIRM4args *args = &argop->nfs_argop4_u.opopen_confirm; 6993 OPEN_CONFIRM4res *resp = &resop->nfs_resop4_u.opopen_confirm; 6994 rfs4_state_t *sp; 6995 nfsstat4 status; 6996 6997 if (cs->vp == NULL) { 6998 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 6999 return; 7000 } 7001 7002 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID); 7003 if (status != NFS4_OK) { 7004 *cs->statusp = resp->status = status; 7005 return; 7006 } 7007 7008 /* Ensure specified filehandle matches */ 7009 if (cs->vp != sp->finfo->vp) { 7010 rfs4_state_rele(sp); 7011 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7012 return; 7013 } 7014 7015 /* hold off other access to open_owner while we tinker */ 7016 rfs4_sw_enter(&sp->owner->oo_sw); 7017 7018 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 7019 case NFS4_CHECK_STATEID_OKAY: 7020 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7021 resop) != 0) { 7022 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7023 break; 7024 } 7025 /* 7026 * If it is the appropriate stateid and determined to 7027 * be "OKAY" then this means that the stateid does not 7028 * need to be confirmed and the client is in error for 7029 * sending an OPEN_CONFIRM. 7030 */ 7031 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7032 break; 7033 case NFS4_CHECK_STATEID_OLD: 7034 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7035 break; 7036 case NFS4_CHECK_STATEID_BAD: 7037 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7038 break; 7039 case NFS4_CHECK_STATEID_EXPIRED: 7040 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 7041 break; 7042 case NFS4_CHECK_STATEID_CLOSED: 7043 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7044 break; 7045 case NFS4_CHECK_STATEID_REPLAY: 7046 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7047 case NFS4_CHKSEQ_OKAY: 7048 /* 7049 * This is replayed stateid; if seqid matches 7050 * next expected, then client is using wrong seqid. 7051 */ 7052 /* fall through */ 7053 case NFS4_CHKSEQ_BAD: 7054 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7055 break; 7056 case NFS4_CHKSEQ_REPLAY: 7057 /* 7058 * Note this case is the duplicate case so 7059 * resp->status is already set. 7060 */ 7061 *cs->statusp = resp->status; 7062 rfs4_update_lease(sp->owner->client); 7063 break; 7064 } 7065 break; 7066 case NFS4_CHECK_STATEID_UNCONFIRMED: 7067 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7068 resop) != NFS4_CHKSEQ_OKAY) { 7069 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7070 break; 7071 } 7072 *cs->statusp = resp->status = NFS4_OK; 7073 7074 next_stateid(&sp->stateid); 7075 resp->open_stateid = sp->stateid.stateid; 7076 sp->owner->need_confirm = FALSE; 7077 rfs4_update_lease(sp->owner->client); 7078 rfs4_update_open_sequence(sp->owner); 7079 rfs4_update_open_resp(sp->owner, resop, NULL); 7080 break; 7081 default: 7082 ASSERT(FALSE); 7083 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 7084 break; 7085 } 7086 rfs4_sw_exit(&sp->owner->oo_sw); 7087 rfs4_state_rele(sp); 7088 } 7089 7090 /*ARGSUSED*/ 7091 void 7092 rfs4_op_open_downgrade(nfs_argop4 *argop, nfs_resop4 *resop, 7093 struct svc_req *req, struct compound_state *cs) 7094 { 7095 OPEN_DOWNGRADE4args *args = &argop->nfs_argop4_u.opopen_downgrade; 7096 OPEN_DOWNGRADE4res *resp = &resop->nfs_resop4_u.opopen_downgrade; 7097 uint32_t access = args->share_access; 7098 uint32_t deny = args->share_deny; 7099 nfsstat4 status; 7100 rfs4_state_t *sp; 7101 rfs4_file_t *fp; 7102 int fflags = 0; 7103 7104 if (cs->vp == NULL) { 7105 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 7106 return; 7107 } 7108 7109 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_VALID); 7110 if (status != NFS4_OK) { 7111 *cs->statusp = resp->status = status; 7112 return; 7113 } 7114 7115 /* Ensure specified filehandle matches */ 7116 if (cs->vp != sp->finfo->vp) { 7117 rfs4_state_rele(sp); 7118 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7119 return; 7120 } 7121 7122 /* hold off other access to open_owner while we tinker */ 7123 rfs4_sw_enter(&sp->owner->oo_sw); 7124 7125 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 7126 case NFS4_CHECK_STATEID_OKAY: 7127 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7128 resop) != NFS4_CHKSEQ_OKAY) { 7129 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7130 goto end; 7131 } 7132 break; 7133 case NFS4_CHECK_STATEID_OLD: 7134 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7135 goto end; 7136 case NFS4_CHECK_STATEID_BAD: 7137 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7138 goto end; 7139 case NFS4_CHECK_STATEID_EXPIRED: 7140 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 7141 goto end; 7142 case NFS4_CHECK_STATEID_CLOSED: 7143 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7144 goto end; 7145 case NFS4_CHECK_STATEID_UNCONFIRMED: 7146 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7147 goto end; 7148 case NFS4_CHECK_STATEID_REPLAY: 7149 /* Check the sequence id for the open owner */ 7150 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7151 case NFS4_CHKSEQ_OKAY: 7152 /* 7153 * This is replayed stateid; if seqid matches 7154 * next expected, then client is using wrong seqid. 7155 */ 7156 /* fall through */ 7157 case NFS4_CHKSEQ_BAD: 7158 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7159 goto end; 7160 case NFS4_CHKSEQ_REPLAY: 7161 /* 7162 * Note this case is the duplicate case so 7163 * resp->status is already set. 7164 */ 7165 *cs->statusp = resp->status; 7166 rfs4_update_lease(sp->owner->client); 7167 goto end; 7168 } 7169 break; 7170 default: 7171 ASSERT(FALSE); 7172 break; 7173 } 7174 7175 rfs4_dbe_lock(sp->dbe); 7176 /* 7177 * Check that the new access modes and deny modes are valid. 7178 * Check that no invalid bits are set. 7179 */ 7180 if ((access & ~(OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) || 7181 (deny & ~(OPEN4_SHARE_DENY_READ | OPEN4_SHARE_DENY_WRITE))) { 7182 *cs->statusp = resp->status = NFS4ERR_INVAL; 7183 rfs4_update_open_sequence(sp->owner); 7184 rfs4_dbe_unlock(sp->dbe); 7185 goto end; 7186 } 7187 7188 /* 7189 * The new modes must be a subset of the current modes and 7190 * the access must specify at least one mode. To test that 7191 * the new mode is a subset of the current modes we bitwise 7192 * AND them together and check that the result equals the new 7193 * mode. For example: 7194 * New mode, access == R and current mode, sp->share_access == RW 7195 * access & sp->share_access == R == access, so the new access mode 7196 * is valid. Consider access == RW, sp->share_access = R 7197 * access & sp->share_access == R != access, so the new access mode 7198 * is invalid. 7199 */ 7200 if ((access & sp->share_access) != access || 7201 (deny & sp->share_deny) != deny || 7202 (access & 7203 (OPEN4_SHARE_ACCESS_READ | OPEN4_SHARE_ACCESS_WRITE)) == 0) { 7204 *cs->statusp = resp->status = NFS4ERR_INVAL; 7205 rfs4_update_open_sequence(sp->owner); 7206 rfs4_dbe_unlock(sp->dbe); 7207 goto end; 7208 } 7209 7210 /* 7211 * Release any share locks associated with this stateID. 7212 * Strictly speaking, this violates the spec because the 7213 * spec effectively requires that open downgrade be atomic. 7214 * At present, fs_shrlock does not have this capability. 7215 */ 7216 rfs4_dbe_unlock(sp->dbe); 7217 rfs4_unshare(sp); 7218 rfs4_dbe_lock(sp->dbe); 7219 7220 fp = sp->finfo; 7221 rfs4_dbe_lock(fp->dbe); 7222 7223 /* 7224 * If the current mode has deny read and the new mode 7225 * does not, decrement the number of deny read mode bits 7226 * and if it goes to zero turn off the deny read bit 7227 * on the file. 7228 */ 7229 if ((sp->share_deny & OPEN4_SHARE_DENY_READ) && 7230 (deny & OPEN4_SHARE_DENY_READ) == 0) { 7231 fp->deny_read--; 7232 if (fp->deny_read == 0) 7233 fp->share_deny &= ~OPEN4_SHARE_DENY_READ; 7234 } 7235 7236 /* 7237 * If the current mode has deny write and the new mode 7238 * does not, decrement the number of deny write mode bits 7239 * and if it goes to zero turn off the deny write bit 7240 * on the file. 7241 */ 7242 if ((sp->share_deny & OPEN4_SHARE_DENY_WRITE) && 7243 (deny & OPEN4_SHARE_DENY_WRITE) == 0) { 7244 fp->deny_write--; 7245 if (fp->deny_write == 0) 7246 fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE; 7247 } 7248 7249 /* 7250 * If the current mode has access read and the new mode 7251 * does not, decrement the number of access read mode bits 7252 * and if it goes to zero turn off the access read bit 7253 * on the file. set fflags to FREAD for the call to 7254 * vn_open_downgrade(). 7255 */ 7256 if ((sp->share_access & OPEN4_SHARE_ACCESS_READ) && 7257 (access & OPEN4_SHARE_ACCESS_READ) == 0) { 7258 fp->access_read--; 7259 if (fp->access_read == 0) 7260 fp->share_access &= ~OPEN4_SHARE_ACCESS_READ; 7261 fflags |= FREAD; 7262 } 7263 7264 /* 7265 * If the current mode has access write and the new mode 7266 * does not, decrement the number of access write mode bits 7267 * and if it goes to zero turn off the access write bit 7268 * on the file. set fflags to FWRITE for the call to 7269 * vn_open_downgrade(). 7270 */ 7271 if ((sp->share_access & OPEN4_SHARE_ACCESS_WRITE) && 7272 (access & OPEN4_SHARE_ACCESS_WRITE) == 0) { 7273 fp->access_write--; 7274 if (fp->access_write == 0) 7275 fp->share_deny &= ~OPEN4_SHARE_ACCESS_WRITE; 7276 fflags |= FWRITE; 7277 } 7278 7279 /* Set the new access and deny modes */ 7280 sp->share_access = access; 7281 sp->share_deny = deny; 7282 /* Check that the file is still accessible */ 7283 ASSERT(fp->share_access); 7284 7285 rfs4_dbe_unlock(fp->dbe); 7286 7287 rfs4_dbe_unlock(sp->dbe); 7288 7289 if ((status = rfs4_share(sp)) != NFS4_OK) { 7290 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 7291 rfs4_update_open_sequence(sp->owner); 7292 goto end; 7293 } 7294 7295 /* 7296 * we successfully downgraded the share lock, now we need to downgrade 7297 * the open. it is possible that the downgrade was only for a deny 7298 * mode and we have nothing else to do. 7299 */ 7300 if ((fflags & (FREAD|FWRITE)) != 0) 7301 vn_open_downgrade(cs->vp, fflags); 7302 7303 rfs4_dbe_lock(sp->dbe); 7304 7305 /* Update the stateid */ 7306 next_stateid(&sp->stateid); 7307 resp->open_stateid = sp->stateid.stateid; 7308 7309 rfs4_dbe_unlock(sp->dbe); 7310 7311 *cs->statusp = resp->status = NFS4_OK; 7312 /* Update the lease */ 7313 rfs4_update_lease(sp->owner->client); 7314 /* And the sequence */ 7315 rfs4_update_open_sequence(sp->owner); 7316 rfs4_update_open_resp(sp->owner, resop, NULL); 7317 7318 end: 7319 rfs4_sw_exit(&sp->owner->oo_sw); 7320 rfs4_state_rele(sp); 7321 } 7322 7323 /* 7324 * The logic behind this function is detailed in the NFSv4 RFC in the 7325 * SETCLIENTID operation description under IMPLEMENTATION. Refer to 7326 * that section for explicit guidance to server behavior for 7327 * SETCLIENTID. 7328 */ 7329 void 7330 rfs4_op_setclientid(nfs_argop4 *argop, nfs_resop4 *resop, 7331 struct svc_req *req, struct compound_state *cs) 7332 { 7333 SETCLIENTID4args *args = &argop->nfs_argop4_u.opsetclientid; 7334 SETCLIENTID4res *res = &resop->nfs_resop4_u.opsetclientid; 7335 rfs4_client_t *cp, *newcp, *cp_confirmed, *cp_unconfirmed; 7336 bool_t create = TRUE; 7337 char *addr, *netid; 7338 int len; 7339 7340 retry: 7341 newcp = cp_confirmed = cp_unconfirmed = NULL; 7342 7343 /* 7344 * In search of an EXISTING client matching the incoming 7345 * request to establish a new client identifier at the server 7346 */ 7347 create = TRUE; 7348 cp = rfs4_findclient(&args->client, &create, NULL); 7349 7350 /* Should never happen */ 7351 ASSERT(cp != NULL); 7352 7353 if (cp == NULL) { 7354 *cs->statusp = res->status = NFS4ERR_SERVERFAULT; 7355 return; 7356 } 7357 7358 /* 7359 * Easiest case. Client identifier is newly created and is 7360 * unconfirmed. Also note that for this case, no other 7361 * entries exist for the client identifier. Nothing else to 7362 * check. Just setup the response and respond. 7363 */ 7364 if (create) { 7365 *cs->statusp = res->status = NFS4_OK; 7366 res->SETCLIENTID4res_u.resok4.clientid = cp->clientid; 7367 res->SETCLIENTID4res_u.resok4.setclientid_confirm = 7368 cp->confirm_verf; 7369 /* Setup callback information; CB_NULL confirmation later */ 7370 rfs4_client_setcb(cp, &args->callback, args->callback_ident); 7371 7372 rfs4_client_rele(cp); 7373 return; 7374 } 7375 7376 /* 7377 * An existing, confirmed client may exist but it may not have 7378 * been active for at least one lease period. If so, then 7379 * "close" the client and create a new client identifier 7380 */ 7381 if (rfs4_lease_expired(cp)) { 7382 rfs4_client_close(cp); 7383 goto retry; 7384 } 7385 7386 if (cp->need_confirm == TRUE) 7387 cp_unconfirmed = cp; 7388 else 7389 cp_confirmed = cp; 7390 7391 cp = NULL; 7392 7393 /* 7394 * We have a confirmed client, now check for an 7395 * unconfimred entry 7396 */ 7397 if (cp_confirmed) { 7398 /* If creds don't match then client identifier is inuse */ 7399 if (!creds_ok(cp_confirmed->cr_set, req, cs)) { 7400 rfs4_cbinfo_t *cbp; 7401 /* 7402 * Some one else has established this client 7403 * id. Try and say * who they are. We will use 7404 * the call back address supplied by * the 7405 * first client. 7406 */ 7407 *cs->statusp = res->status = NFS4ERR_CLID_INUSE; 7408 7409 addr = netid = NULL; 7410 7411 cbp = &cp_confirmed->cbinfo; 7412 if (cbp->cb_callback.cb_location.r_addr && 7413 cbp->cb_callback.cb_location.r_netid) { 7414 cb_client4 *cbcp = &cbp->cb_callback; 7415 7416 len = strlen(cbcp->cb_location.r_addr)+1; 7417 addr = kmem_alloc(len, KM_SLEEP); 7418 bcopy(cbcp->cb_location.r_addr, addr, len); 7419 len = strlen(cbcp->cb_location.r_netid)+1; 7420 netid = kmem_alloc(len, KM_SLEEP); 7421 bcopy(cbcp->cb_location.r_netid, netid, len); 7422 } 7423 7424 res->SETCLIENTID4res_u.client_using.r_addr = addr; 7425 res->SETCLIENTID4res_u.client_using.r_netid = netid; 7426 7427 rfs4_client_rele(cp_confirmed); 7428 } 7429 7430 /* 7431 * Confirmed, creds match, and verifier matches; must 7432 * be an update of the callback info 7433 */ 7434 if (cp_confirmed->nfs_client.verifier == 7435 args->client.verifier) { 7436 /* Setup callback information */ 7437 rfs4_client_setcb(cp_confirmed, &args->callback, 7438 args->callback_ident); 7439 7440 /* everything okay -- move ahead */ 7441 *cs->statusp = res->status = NFS4_OK; 7442 res->SETCLIENTID4res_u.resok4.clientid = 7443 cp_confirmed->clientid; 7444 7445 /* update the confirm_verifier and return it */ 7446 rfs4_client_scv_next(cp_confirmed); 7447 res->SETCLIENTID4res_u.resok4.setclientid_confirm = 7448 cp_confirmed->confirm_verf; 7449 7450 rfs4_client_rele(cp_confirmed); 7451 return; 7452 } 7453 7454 /* 7455 * Creds match but the verifier doesn't. Must search 7456 * for an unconfirmed client that would be replaced by 7457 * this request. 7458 */ 7459 create = FALSE; 7460 cp_unconfirmed = rfs4_findclient(&args->client, &create, 7461 cp_confirmed); 7462 } 7463 7464 /* 7465 * At this point, we have taken care of the brand new client 7466 * struct, INUSE case, update of an existing, and confirmed 7467 * client struct. 7468 */ 7469 7470 /* 7471 * check to see if things have changed while we originally 7472 * picked up the client struct. If they have, then return and 7473 * retry the processing of this SETCLIENTID request. 7474 */ 7475 if (cp_unconfirmed) { 7476 rfs4_dbe_lock(cp_unconfirmed->dbe); 7477 if (!cp_unconfirmed->need_confirm) { 7478 rfs4_dbe_unlock(cp_unconfirmed->dbe); 7479 rfs4_client_rele(cp_unconfirmed); 7480 if (cp_confirmed) 7481 rfs4_client_rele(cp_confirmed); 7482 goto retry; 7483 } 7484 /* do away with the old unconfirmed one */ 7485 rfs4_dbe_invalidate(cp_unconfirmed->dbe); 7486 rfs4_dbe_unlock(cp_unconfirmed->dbe); 7487 rfs4_client_rele(cp_unconfirmed); 7488 cp_unconfirmed = NULL; 7489 } 7490 7491 /* 7492 * This search will temporarily hide the confirmed client 7493 * struct while a new client struct is created as the 7494 * unconfirmed one. 7495 */ 7496 create = TRUE; 7497 newcp = rfs4_findclient(&args->client, &create, cp_confirmed); 7498 7499 ASSERT(newcp != NULL); 7500 7501 if (newcp == NULL) { 7502 *cs->statusp = res->status = NFS4ERR_SERVERFAULT; 7503 rfs4_client_rele(cp_confirmed); 7504 return; 7505 } 7506 7507 /* 7508 * If one was not created, then a similar request must be in 7509 * process so release and start over with this one 7510 */ 7511 if (create != TRUE) { 7512 rfs4_client_rele(newcp); 7513 if (cp_confirmed) 7514 rfs4_client_rele(cp_confirmed); 7515 goto retry; 7516 } 7517 7518 *cs->statusp = res->status = NFS4_OK; 7519 res->SETCLIENTID4res_u.resok4.clientid = newcp->clientid; 7520 res->SETCLIENTID4res_u.resok4.setclientid_confirm = newcp->confirm_verf; 7521 /* Setup callback information; CB_NULL confirmation later */ 7522 rfs4_client_setcb(newcp, &args->callback, args->callback_ident); 7523 7524 newcp->cp_confirmed = cp_confirmed; 7525 7526 rfs4_client_rele(newcp); 7527 } 7528 7529 /*ARGSUSED*/ 7530 void 7531 rfs4_op_setclientid_confirm(nfs_argop4 *argop, nfs_resop4 *resop, 7532 struct svc_req *req, struct compound_state *cs) 7533 { 7534 SETCLIENTID_CONFIRM4args *args = 7535 &argop->nfs_argop4_u.opsetclientid_confirm; 7536 SETCLIENTID_CONFIRM4res *res = 7537 &resop->nfs_resop4_u.opsetclientid_confirm; 7538 rfs4_client_t *cp, *cptoclose = NULL; 7539 7540 *cs->statusp = res->status = NFS4_OK; 7541 7542 cp = rfs4_findclient_by_id(args->clientid, TRUE); 7543 7544 if (cp == NULL) { 7545 *cs->statusp = res->status = 7546 rfs4_check_clientid(&args->clientid, 1); 7547 return; 7548 } 7549 7550 if (!creds_ok(cp, req, cs)) { 7551 *cs->statusp = res->status = NFS4ERR_CLID_INUSE; 7552 rfs4_client_rele(cp); 7553 return; 7554 } 7555 7556 /* If the verifier doesn't match, the record doesn't match */ 7557 if (cp->confirm_verf != args->setclientid_confirm) { 7558 *cs->statusp = res->status = NFS4ERR_STALE_CLIENTID; 7559 rfs4_client_rele(cp); 7560 return; 7561 } 7562 7563 rfs4_dbe_lock(cp->dbe); 7564 cp->need_confirm = FALSE; 7565 if (cp->cp_confirmed) { 7566 cptoclose = cp->cp_confirmed; 7567 cptoclose->ss_remove = 1; 7568 cp->cp_confirmed = NULL; 7569 } 7570 7571 /* 7572 * Update the client's associated server instance, if it's changed 7573 * since the client was created. 7574 */ 7575 if (rfs4_servinst(cp) != rfs4_cur_servinst) 7576 rfs4_servinst_assign(cp, rfs4_cur_servinst); 7577 7578 /* 7579 * Record clientid in stable storage. 7580 * Must be done after server instance has been assigned. 7581 */ 7582 rfs4_ss_clid(cp, req); 7583 7584 rfs4_dbe_unlock(cp->dbe); 7585 7586 if (cptoclose) 7587 /* don't need to rele, client_close does it */ 7588 rfs4_client_close(cptoclose); 7589 7590 /* If needed, initiate CB_NULL call for callback path */ 7591 rfs4_deleg_cb_check(cp); 7592 rfs4_update_lease(cp); 7593 7594 /* 7595 * Check to see if client can perform reclaims 7596 */ 7597 rfs4_ss_chkclid(cp); 7598 7599 rfs4_client_rele(cp); 7600 } 7601 7602 7603 /*ARGSUSED*/ 7604 void 7605 rfs4_op_close(nfs_argop4 *argop, nfs_resop4 *resop, 7606 struct svc_req *req, struct compound_state *cs) 7607 { 7608 /* XXX Currently not using req arg */ 7609 CLOSE4args *args = &argop->nfs_argop4_u.opclose; 7610 CLOSE4res *resp = &resop->nfs_resop4_u.opclose; 7611 rfs4_state_t *sp; 7612 nfsstat4 status; 7613 7614 if (cs->vp == NULL) { 7615 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 7616 return; 7617 } 7618 7619 status = rfs4_get_state(&args->open_stateid, &sp, RFS4_DBS_INVALID); 7620 if (status != NFS4_OK) { 7621 *cs->statusp = resp->status = status; 7622 return; 7623 } 7624 7625 /* Ensure specified filehandle matches */ 7626 if (cs->vp != sp->finfo->vp) { 7627 rfs4_state_rele(sp); 7628 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7629 return; 7630 } 7631 7632 /* hold off other access to open_owner while we tinker */ 7633 rfs4_sw_enter(&sp->owner->oo_sw); 7634 7635 switch (rfs4_check_stateid_seqid(sp, &args->open_stateid)) { 7636 case NFS4_CHECK_STATEID_OKAY: 7637 if (rfs4_check_open_seqid(args->seqid, sp->owner, 7638 resop) != NFS4_CHKSEQ_OKAY) { 7639 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7640 goto end; 7641 } 7642 break; 7643 case NFS4_CHECK_STATEID_OLD: 7644 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7645 goto end; 7646 case NFS4_CHECK_STATEID_BAD: 7647 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7648 goto end; 7649 case NFS4_CHECK_STATEID_EXPIRED: 7650 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 7651 goto end; 7652 case NFS4_CHECK_STATEID_CLOSED: 7653 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 7654 goto end; 7655 case NFS4_CHECK_STATEID_UNCONFIRMED: 7656 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 7657 goto end; 7658 case NFS4_CHECK_STATEID_REPLAY: 7659 /* Check the sequence id for the open owner */ 7660 switch (rfs4_check_open_seqid(args->seqid, sp->owner, resop)) { 7661 case NFS4_CHKSEQ_OKAY: 7662 /* 7663 * This is replayed stateid; if seqid matches 7664 * next expected, then client is using wrong seqid. 7665 */ 7666 /* FALL THROUGH */ 7667 case NFS4_CHKSEQ_BAD: 7668 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 7669 goto end; 7670 case NFS4_CHKSEQ_REPLAY: 7671 /* 7672 * Note this case is the duplicate case so 7673 * resp->status is already set. 7674 */ 7675 *cs->statusp = resp->status; 7676 rfs4_update_lease(sp->owner->client); 7677 goto end; 7678 } 7679 break; 7680 default: 7681 ASSERT(FALSE); 7682 break; 7683 } 7684 7685 rfs4_dbe_lock(sp->dbe); 7686 7687 /* Update the stateid. */ 7688 next_stateid(&sp->stateid); 7689 resp->open_stateid = sp->stateid.stateid; 7690 7691 rfs4_dbe_unlock(sp->dbe); 7692 7693 rfs4_update_lease(sp->owner->client); 7694 rfs4_update_open_sequence(sp->owner); 7695 rfs4_update_open_resp(sp->owner, resop, NULL); 7696 7697 rfs4_state_close(sp, FALSE, FALSE, cs->cr); 7698 7699 *cs->statusp = resp->status = status; 7700 7701 end: 7702 rfs4_sw_exit(&sp->owner->oo_sw); 7703 rfs4_state_rele(sp); 7704 } 7705 7706 /* 7707 * Manage the counts on the file struct and close all file locks 7708 */ 7709 /*ARGSUSED*/ 7710 void 7711 rfs4_release_share_lock_state(rfs4_state_t *sp, cred_t *cr, 7712 bool_t close_of_client) 7713 { 7714 rfs4_file_t *fp = sp->finfo; 7715 rfs4_lo_state_t *lsp; 7716 struct shrlock shr; 7717 struct shr_locowner shr_loco; 7718 int fflags, s_access, s_deny; 7719 7720 fflags = s_access = s_deny = 0; 7721 /* 7722 * Decrement the count for each access and deny bit that this 7723 * state has contributed to the file. If the file counts go to zero 7724 * clear the appropriate bit in the appropriate mask. 7725 */ 7726 7727 if (sp->share_access & OPEN4_SHARE_ACCESS_READ) { 7728 fp->access_read--; 7729 fflags |= FREAD; 7730 s_access |= F_RDACC; 7731 if (fp->access_read == 0) 7732 fp->share_access &= ~OPEN4_SHARE_ACCESS_READ; 7733 } 7734 if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) { 7735 fp->access_write--; 7736 fflags |= FWRITE; 7737 s_access |= F_WRACC; 7738 if (fp->access_write == 0) 7739 fp->share_access &= ~OPEN4_SHARE_ACCESS_WRITE; 7740 } 7741 if (sp->share_deny & OPEN4_SHARE_DENY_READ) { 7742 fp->deny_read--; 7743 s_deny |= F_RDDNY; 7744 if (fp->deny_read == 0) 7745 fp->share_deny &= ~OPEN4_SHARE_DENY_READ; 7746 } 7747 if (sp->share_deny & OPEN4_SHARE_DENY_WRITE) { 7748 fp->deny_write--; 7749 s_deny |= F_WRDNY; 7750 if (fp->deny_write == 0) 7751 fp->share_deny &= ~OPEN4_SHARE_DENY_WRITE; 7752 } 7753 7754 /* 7755 * If this call is part of the larger closing down of client 7756 * state then it is just easier to release all locks 7757 * associated with this client instead of going through each 7758 * individual file and cleaning locks there. 7759 */ 7760 if (close_of_client) { 7761 if (sp->owner->client->unlksys_completed == FALSE && 7762 sp->lockownerlist.next->lsp != NULL && 7763 sp->owner->client->sysidt != LM_NOSYSID) { 7764 /* Is the PxFS kernel module loaded? */ 7765 if (lm_remove_file_locks != NULL) { 7766 int new_sysid; 7767 7768 /* Encode the cluster nodeid in new sysid */ 7769 new_sysid = sp->owner->client->sysidt; 7770 lm_set_nlmid_flk(&new_sysid); 7771 7772 /* 7773 * This PxFS routine removes file locks for a 7774 * client over all nodes of a cluster. 7775 */ 7776 NFS4_DEBUG(rfs4_debug, (CE_NOTE, 7777 "lm_remove_file_locks(sysid=0x%x)\n", 7778 new_sysid)); 7779 (*lm_remove_file_locks)(new_sysid); 7780 } else { 7781 struct flock64 flk; 7782 7783 /* Release all locks for this client */ 7784 flk.l_type = F_UNLKSYS; 7785 flk.l_whence = 0; 7786 flk.l_start = 0; 7787 flk.l_len = 0; 7788 flk.l_sysid = sp->owner->client->sysidt; 7789 flk.l_pid = 0; 7790 (void) VOP_FRLOCK(sp->finfo->vp, F_SETLK, &flk, 7791 F_REMOTELOCK | FREAD | FWRITE, 7792 (u_offset_t)0, NULL, CRED(), NULL); 7793 } 7794 7795 sp->owner->client->unlksys_completed = TRUE; 7796 } 7797 } 7798 7799 /* 7800 * Release all locks on this file by this lock owner or at 7801 * least mark the locks as having been released 7802 */ 7803 for (lsp = sp->lockownerlist.next->lsp; lsp != NULL; 7804 lsp = lsp->lockownerlist.next->lsp) { 7805 7806 lsp->locks_cleaned = TRUE; 7807 7808 /* Was this already taken care of above? */ 7809 if (!close_of_client && 7810 sp->owner->client->sysidt != LM_NOSYSID) 7811 (void) cleanlocks(sp->finfo->vp, lsp->locker->pid, 7812 lsp->locker->client->sysidt); 7813 } 7814 7815 /* 7816 * Release any shrlocks associated with this open state ID. 7817 * This must be done before the rfs4_state gets marked closed. 7818 */ 7819 if (sp->owner->client->sysidt != LM_NOSYSID) { 7820 shr.s_access = s_access; 7821 shr.s_deny = s_deny; 7822 shr.s_pid = rfs4_dbe_getid(sp->owner->dbe); 7823 shr.s_sysid = sp->owner->client->sysidt; 7824 shr_loco.sl_pid = shr.s_pid; 7825 shr_loco.sl_id = shr.s_sysid; 7826 shr.s_owner = (caddr_t)&shr_loco; 7827 shr.s_own_len = sizeof (shr_loco); 7828 (void) vop_shrlock(sp->finfo->vp, F_UNSHARE, &shr, fflags); 7829 } 7830 7831 (void) VOP_CLOSE(fp->vp, fflags, 1, (offset_t)0, cr, NULL); 7832 } 7833 7834 /* 7835 * lock_denied: Fill in a LOCK4deneid structure given an flock64 structure. 7836 */ 7837 static nfsstat4 7838 lock_denied(LOCK4denied *dp, struct flock64 *flk) 7839 { 7840 rfs4_lockowner_t *lo; 7841 rfs4_client_t *cp; 7842 uint32_t len; 7843 7844 lo = rfs4_findlockowner_by_pid(flk->l_pid); 7845 if (lo != NULL) { 7846 cp = lo->client; 7847 if (rfs4_lease_expired(cp)) { 7848 rfs4_lockowner_rele(lo); 7849 rfs4_dbe_hold(cp->dbe); 7850 rfs4_client_close(cp); 7851 return (NFS4ERR_EXPIRED); 7852 } 7853 dp->owner.clientid = lo->owner.clientid; 7854 len = lo->owner.owner_len; 7855 dp->owner.owner_val = kmem_alloc(len, KM_SLEEP); 7856 bcopy(lo->owner.owner_val, dp->owner.owner_val, len); 7857 dp->owner.owner_len = len; 7858 rfs4_lockowner_rele(lo); 7859 goto finish; 7860 } 7861 7862 /* 7863 * Its not a NFS4 lock. We take advantage that the upper 32 bits 7864 * of the client id contain the boot time for a NFS4 lock. So we 7865 * fabricate and identity by setting clientid to the sysid, and 7866 * the lock owner to the pid. 7867 */ 7868 dp->owner.clientid = flk->l_sysid; 7869 len = sizeof (pid_t); 7870 dp->owner.owner_len = len; 7871 dp->owner.owner_val = kmem_alloc(len, KM_SLEEP); 7872 bcopy(&flk->l_pid, dp->owner.owner_val, len); 7873 finish: 7874 dp->offset = flk->l_start; 7875 dp->length = flk->l_len; 7876 7877 if (flk->l_type == F_RDLCK) 7878 dp->locktype = READ_LT; 7879 else if (flk->l_type == F_WRLCK) 7880 dp->locktype = WRITE_LT; 7881 else 7882 return (NFS4ERR_INVAL); /* no mapping from POSIX ltype to v4 */ 7883 7884 return (NFS4_OK); 7885 } 7886 7887 static int 7888 setlock(vnode_t *vp, struct flock64 *flock, int flag, cred_t *cred) 7889 { 7890 int error; 7891 struct flock64 flk; 7892 int i; 7893 clock_t delaytime; 7894 int cmd; 7895 7896 cmd = nbl_need_check(vp) ? F_SETLK_NBMAND : F_SETLK; 7897 retry: 7898 delaytime = MSEC_TO_TICK_ROUNDUP(rfs4_lock_delay); 7899 7900 for (i = 0; i < rfs4_maxlock_tries; i++) { 7901 LOCK_PRINT(rfs4_debug, "setlock", cmd, flock); 7902 error = VOP_FRLOCK(vp, cmd, 7903 flock, flag, (u_offset_t)0, NULL, cred, NULL); 7904 7905 if (error != EAGAIN && error != EACCES) 7906 break; 7907 7908 if (i < rfs4_maxlock_tries - 1) { 7909 delay(delaytime); 7910 delaytime *= 2; 7911 } 7912 } 7913 7914 if (error == EAGAIN || error == EACCES) { 7915 /* Get the owner of the lock */ 7916 flk = *flock; 7917 LOCK_PRINT(rfs4_debug, "setlock", F_GETLK, &flk); 7918 if (VOP_FRLOCK(vp, F_GETLK, &flk, flag, 7919 (u_offset_t)0, NULL, cred, NULL) == 0) { 7920 if (flk.l_type == F_UNLCK) { 7921 /* No longer locked, retry */ 7922 goto retry; 7923 } 7924 *flock = flk; 7925 LOCK_PRINT(rfs4_debug, "setlock(blocking lock)", 7926 F_GETLK, &flk); 7927 } 7928 } 7929 7930 return (error); 7931 } 7932 7933 /*ARGSUSED*/ 7934 static nfsstat4 7935 rfs4_do_lock(rfs4_lo_state_t *lp, nfs_lock_type4 locktype, 7936 seqid4 seqid, offset4 offset, 7937 length4 length, cred_t *cred, nfs_resop4 *resop) 7938 { 7939 nfsstat4 status; 7940 rfs4_lockowner_t *lo = lp->locker; 7941 rfs4_state_t *sp = lp->state; 7942 struct flock64 flock; 7943 int16_t ltype; 7944 int flag; 7945 int error; 7946 sysid_t sysid; 7947 LOCK4res *lres; 7948 7949 if (rfs4_lease_expired(lo->client)) { 7950 return (NFS4ERR_EXPIRED); 7951 } 7952 7953 if ((status = rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK) 7954 return (status); 7955 7956 /* Check for zero length. To lock to end of file use all ones for V4 */ 7957 if (length == 0) 7958 return (NFS4ERR_INVAL); 7959 else if (length == (length4)(~0)) 7960 length = 0; /* Posix to end of file */ 7961 7962 retry: 7963 rfs4_dbe_lock(sp->dbe); 7964 7965 7966 if (resop->resop != OP_LOCKU) { 7967 switch (locktype) { 7968 case READ_LT: 7969 case READW_LT: 7970 if ((sp->share_access 7971 & OPEN4_SHARE_ACCESS_READ) == 0) { 7972 rfs4_dbe_unlock(sp->dbe); 7973 7974 return (NFS4ERR_OPENMODE); 7975 } 7976 ltype = F_RDLCK; 7977 break; 7978 case WRITE_LT: 7979 case WRITEW_LT: 7980 if ((sp->share_access 7981 & OPEN4_SHARE_ACCESS_WRITE) == 0) { 7982 rfs4_dbe_unlock(sp->dbe); 7983 7984 return (NFS4ERR_OPENMODE); 7985 } 7986 ltype = F_WRLCK; 7987 break; 7988 } 7989 } else 7990 ltype = F_UNLCK; 7991 7992 flock.l_type = ltype; 7993 flock.l_whence = 0; /* SEEK_SET */ 7994 flock.l_start = offset; 7995 flock.l_len = length; 7996 flock.l_sysid = sysid; 7997 flock.l_pid = lp->locker->pid; 7998 7999 /* Note that length4 is uint64_t but l_len and l_start are off64_t */ 8000 if (flock.l_len < 0 || flock.l_start < 0) { 8001 rfs4_dbe_unlock(sp->dbe); 8002 return (NFS4ERR_INVAL); 8003 } 8004 8005 /* 8006 * N.B. FREAD has the same value as OPEN4_SHARE_ACCESS_READ and 8007 * FWRITE has the same value as OPEN4_SHARE_ACCESS_WRITE. 8008 */ 8009 flag = (int)sp->share_access | F_REMOTELOCK; 8010 8011 error = setlock(sp->finfo->vp, &flock, flag, cred); 8012 if (error == 0) { 8013 rfs4_dbe_lock(lp->dbe); 8014 next_stateid(&lp->lockid); 8015 rfs4_dbe_unlock(lp->dbe); 8016 } 8017 8018 rfs4_dbe_unlock(sp->dbe); 8019 8020 /* 8021 * N.B. We map error values to nfsv4 errors. This is differrent 8022 * than puterrno4 routine. 8023 */ 8024 switch (error) { 8025 case 0: 8026 status = NFS4_OK; 8027 break; 8028 case EAGAIN: 8029 case EACCES: /* Old value */ 8030 /* Can only get here if op is OP_LOCK */ 8031 ASSERT(resop->resop == OP_LOCK); 8032 lres = &resop->nfs_resop4_u.oplock; 8033 status = NFS4ERR_DENIED; 8034 if (lock_denied(&lres->LOCK4res_u.denied, &flock) 8035 == NFS4ERR_EXPIRED) 8036 goto retry; 8037 break; 8038 case ENOLCK: 8039 status = NFS4ERR_DELAY; 8040 break; 8041 case EOVERFLOW: 8042 status = NFS4ERR_INVAL; 8043 break; 8044 case EINVAL: 8045 status = NFS4ERR_NOTSUPP; 8046 break; 8047 default: 8048 cmn_err(CE_WARN, "rfs4_do_lock: unexpected errno (%d)", error); 8049 status = NFS4ERR_SERVERFAULT; 8050 break; 8051 } 8052 8053 return (status); 8054 } 8055 8056 /*ARGSUSED*/ 8057 void 8058 rfs4_op_lock(nfs_argop4 *argop, nfs_resop4 *resop, 8059 struct svc_req *req, struct compound_state *cs) 8060 { 8061 /* XXX Currently not using req arg */ 8062 LOCK4args *args = &argop->nfs_argop4_u.oplock; 8063 LOCK4res *resp = &resop->nfs_resop4_u.oplock; 8064 nfsstat4 status; 8065 stateid4 *stateid; 8066 rfs4_lockowner_t *lo; 8067 rfs4_client_t *cp; 8068 rfs4_state_t *sp = NULL; 8069 rfs4_lo_state_t *lsp = NULL; 8070 bool_t ls_sw_held = FALSE; 8071 bool_t create = TRUE; 8072 bool_t lcreate = TRUE; 8073 bool_t dup_lock = FALSE; 8074 int rc; 8075 8076 if (cs->vp == NULL) { 8077 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8078 return; 8079 } 8080 8081 if (args->locker.new_lock_owner) { 8082 /* Create a new lockowner for this instance */ 8083 open_to_lock_owner4 *olo = &args->locker.locker4_u.open_owner; 8084 8085 NFS4_DEBUG(rfs4_debug, (CE_NOTE, "Creating new lock owner")); 8086 8087 stateid = &olo->open_stateid; 8088 status = rfs4_get_state(stateid, &sp, RFS4_DBS_VALID); 8089 if (status != NFS4_OK) { 8090 NFS4_DEBUG(rfs4_debug, 8091 (CE_NOTE, "Get state failed in lock %d", status)); 8092 *cs->statusp = resp->status = status; 8093 return; 8094 } 8095 8096 /* Ensure specified filehandle matches */ 8097 if (cs->vp != sp->finfo->vp) { 8098 rfs4_state_rele(sp); 8099 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8100 return; 8101 } 8102 8103 /* hold off other access to open_owner while we tinker */ 8104 rfs4_sw_enter(&sp->owner->oo_sw); 8105 8106 switch (rc = rfs4_check_stateid_seqid(sp, stateid)) { 8107 case NFS4_CHECK_STATEID_OLD: 8108 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8109 goto end; 8110 case NFS4_CHECK_STATEID_BAD: 8111 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8112 goto end; 8113 case NFS4_CHECK_STATEID_EXPIRED: 8114 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8115 goto end; 8116 case NFS4_CHECK_STATEID_UNCONFIRMED: 8117 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8118 goto end; 8119 case NFS4_CHECK_STATEID_CLOSED: 8120 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8121 goto end; 8122 case NFS4_CHECK_STATEID_OKAY: 8123 case NFS4_CHECK_STATEID_REPLAY: 8124 switch (rfs4_check_olo_seqid(olo->open_seqid, 8125 sp->owner, resop)) { 8126 case NFS4_CHKSEQ_OKAY: 8127 if (rc == NFS4_CHECK_STATEID_OKAY) 8128 break; 8129 /* 8130 * This is replayed stateid; if seqid 8131 * matches next expected, then client 8132 * is using wrong seqid. 8133 */ 8134 /* FALLTHROUGH */ 8135 case NFS4_CHKSEQ_BAD: 8136 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8137 goto end; 8138 case NFS4_CHKSEQ_REPLAY: 8139 /* This is a duplicate LOCK request */ 8140 dup_lock = TRUE; 8141 8142 /* 8143 * For a duplicate we do not want to 8144 * create a new lockowner as it should 8145 * already exist. 8146 * Turn off the lockowner create flag. 8147 */ 8148 lcreate = FALSE; 8149 } 8150 break; 8151 } 8152 8153 lo = rfs4_findlockowner(&olo->lock_owner, &lcreate); 8154 if (lo == NULL) { 8155 NFS4_DEBUG(rfs4_debug, 8156 (CE_NOTE, "rfs4_op_lock: no lock owner")); 8157 *cs->statusp = resp->status = NFS4ERR_RESOURCE; 8158 goto end; 8159 } 8160 8161 lsp = rfs4_findlo_state_by_owner(lo, sp, &create); 8162 if (lsp == NULL) { 8163 rfs4_update_lease(sp->owner->client); 8164 /* 8165 * Only update theh open_seqid if this is not 8166 * a duplicate request 8167 */ 8168 if (dup_lock == FALSE) { 8169 rfs4_update_open_sequence(sp->owner); 8170 } 8171 8172 NFS4_DEBUG(rfs4_debug, 8173 (CE_NOTE, "rfs4_op_lock: no state")); 8174 *cs->statusp = resp->status = NFS4ERR_SERVERFAULT; 8175 rfs4_update_open_resp(sp->owner, resop, NULL); 8176 rfs4_lockowner_rele(lo); 8177 goto end; 8178 } 8179 8180 /* 8181 * This is the new_lock_owner branch and the client is 8182 * supposed to be associating a new lock_owner with 8183 * the open file at this point. If we find that a 8184 * lock_owner/state association already exists and a 8185 * successful LOCK request was returned to the client, 8186 * an error is returned to the client since this is 8187 * not appropriate. The client should be using the 8188 * existing lock_owner branch. 8189 */ 8190 if (dup_lock == FALSE && create == FALSE) { 8191 if (lsp->lock_completed == TRUE) { 8192 *cs->statusp = 8193 resp->status = NFS4ERR_BAD_SEQID; 8194 rfs4_lockowner_rele(lo); 8195 goto end; 8196 } 8197 } 8198 8199 rfs4_update_lease(sp->owner->client); 8200 8201 /* 8202 * Only update theh open_seqid if this is not 8203 * a duplicate request 8204 */ 8205 if (dup_lock == FALSE) { 8206 rfs4_update_open_sequence(sp->owner); 8207 } 8208 8209 /* 8210 * If this is a duplicate lock request, just copy the 8211 * previously saved reply and return. 8212 */ 8213 if (dup_lock == TRUE) { 8214 /* verify that lock_seqid's match */ 8215 if (lsp->seqid != olo->lock_seqid) { 8216 NFS4_DEBUG(rfs4_debug, 8217 (CE_NOTE, "rfs4_op_lock: Dup-Lock seqid bad" 8218 "lsp->seqid=%d old->seqid=%d", 8219 lsp->seqid, olo->lock_seqid)); 8220 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8221 } else { 8222 rfs4_copy_reply(resop, lsp->reply); 8223 /* 8224 * Make sure to copy the just 8225 * retrieved reply status into the 8226 * overall compound status 8227 */ 8228 *cs->statusp = resp->status; 8229 } 8230 rfs4_lockowner_rele(lo); 8231 goto end; 8232 } 8233 8234 rfs4_dbe_lock(lsp->dbe); 8235 8236 /* Make sure to update the lock sequence id */ 8237 lsp->seqid = olo->lock_seqid; 8238 8239 NFS4_DEBUG(rfs4_debug, 8240 (CE_NOTE, "Lock seqid established as %d", lsp->seqid)); 8241 8242 /* 8243 * This is used to signify the newly created lockowner 8244 * stateid and its sequence number. The checks for 8245 * sequence number and increment don't occur on the 8246 * very first lock request for a lockowner. 8247 */ 8248 lsp->skip_seqid_check = TRUE; 8249 8250 /* hold off other access to lsp while we tinker */ 8251 rfs4_sw_enter(&lsp->ls_sw); 8252 ls_sw_held = TRUE; 8253 8254 rfs4_dbe_unlock(lsp->dbe); 8255 8256 rfs4_lockowner_rele(lo); 8257 } else { 8258 stateid = &args->locker.locker4_u.lock_owner.lock_stateid; 8259 /* get lsp and hold the lock on the underlying file struct */ 8260 if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE)) 8261 != NFS4_OK) { 8262 *cs->statusp = resp->status = status; 8263 return; 8264 } 8265 create = FALSE; /* We didn't create lsp */ 8266 8267 /* Ensure specified filehandle matches */ 8268 if (cs->vp != lsp->state->finfo->vp) { 8269 rfs4_lo_state_rele(lsp, TRUE); 8270 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8271 return; 8272 } 8273 8274 /* hold off other access to lsp while we tinker */ 8275 rfs4_sw_enter(&lsp->ls_sw); 8276 ls_sw_held = TRUE; 8277 8278 switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) { 8279 /* 8280 * The stateid looks like it was okay (expected to be 8281 * the next one) 8282 */ 8283 case NFS4_CHECK_STATEID_OKAY: 8284 /* 8285 * The sequence id is now checked. Determine 8286 * if this is a replay or if it is in the 8287 * expected (next) sequence. In the case of a 8288 * replay, there are two replay conditions 8289 * that may occur. The first is the normal 8290 * condition where a LOCK is done with a 8291 * NFS4_OK response and the stateid is 8292 * updated. That case is handled below when 8293 * the stateid is identified as a REPLAY. The 8294 * second is the case where an error is 8295 * returned, like NFS4ERR_DENIED, and the 8296 * sequence number is updated but the stateid 8297 * is not updated. This second case is dealt 8298 * with here. So it may seem odd that the 8299 * stateid is okay but the sequence id is a 8300 * replay but it is okay. 8301 */ 8302 switch (rfs4_check_lock_seqid( 8303 args->locker.locker4_u.lock_owner.lock_seqid, 8304 lsp, resop)) { 8305 case NFS4_CHKSEQ_REPLAY: 8306 if (resp->status != NFS4_OK) { 8307 /* 8308 * Here is our replay and need 8309 * to verify that the last 8310 * response was an error. 8311 */ 8312 *cs->statusp = resp->status; 8313 goto end; 8314 } 8315 /* 8316 * This is done since the sequence id 8317 * looked like a replay but it didn't 8318 * pass our check so a BAD_SEQID is 8319 * returned as a result. 8320 */ 8321 /*FALLTHROUGH*/ 8322 case NFS4_CHKSEQ_BAD: 8323 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8324 goto end; 8325 case NFS4_CHKSEQ_OKAY: 8326 /* Everything looks okay move ahead */ 8327 break; 8328 } 8329 break; 8330 case NFS4_CHECK_STATEID_OLD: 8331 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8332 goto end; 8333 case NFS4_CHECK_STATEID_BAD: 8334 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8335 goto end; 8336 case NFS4_CHECK_STATEID_EXPIRED: 8337 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8338 goto end; 8339 case NFS4_CHECK_STATEID_CLOSED: 8340 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8341 goto end; 8342 case NFS4_CHECK_STATEID_REPLAY: 8343 switch (rfs4_check_lock_seqid( 8344 args->locker.locker4_u.lock_owner.lock_seqid, 8345 lsp, resop)) { 8346 case NFS4_CHKSEQ_OKAY: 8347 /* 8348 * This is a replayed stateid; if 8349 * seqid matches the next expected, 8350 * then client is using wrong seqid. 8351 */ 8352 case NFS4_CHKSEQ_BAD: 8353 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8354 goto end; 8355 case NFS4_CHKSEQ_REPLAY: 8356 rfs4_update_lease(lsp->locker->client); 8357 *cs->statusp = status = resp->status; 8358 goto end; 8359 } 8360 break; 8361 default: 8362 ASSERT(FALSE); 8363 break; 8364 } 8365 8366 rfs4_update_lock_sequence(lsp); 8367 rfs4_update_lease(lsp->locker->client); 8368 } 8369 8370 /* 8371 * NFS4 only allows locking on regular files, so 8372 * verify type of object. 8373 */ 8374 if (cs->vp->v_type != VREG) { 8375 if (cs->vp->v_type == VDIR) 8376 status = NFS4ERR_ISDIR; 8377 else 8378 status = NFS4ERR_INVAL; 8379 goto out; 8380 } 8381 8382 cp = lsp->state->owner->client; 8383 8384 if (rfs4_clnt_in_grace(cp) && !args->reclaim) { 8385 status = NFS4ERR_GRACE; 8386 goto out; 8387 } 8388 8389 if (rfs4_clnt_in_grace(cp) && args->reclaim && !cp->can_reclaim) { 8390 status = NFS4ERR_NO_GRACE; 8391 goto out; 8392 } 8393 8394 if (!rfs4_clnt_in_grace(cp) && args->reclaim) { 8395 status = NFS4ERR_NO_GRACE; 8396 goto out; 8397 } 8398 8399 if (lsp->state->finfo->dinfo->dtype == OPEN_DELEGATE_WRITE) 8400 cs->deleg = TRUE; 8401 8402 status = rfs4_do_lock(lsp, args->locktype, 8403 args->locker.locker4_u.lock_owner.lock_seqid, 8404 args->offset, args->length, cs->cr, resop); 8405 8406 out: 8407 lsp->skip_seqid_check = FALSE; 8408 8409 *cs->statusp = resp->status = status; 8410 8411 if (status == NFS4_OK) { 8412 resp->LOCK4res_u.lock_stateid = lsp->lockid.stateid; 8413 lsp->lock_completed = TRUE; 8414 } 8415 /* 8416 * Only update the "OPEN" response here if this was a new 8417 * lock_owner 8418 */ 8419 if (sp) 8420 rfs4_update_open_resp(sp->owner, resop, NULL); 8421 8422 rfs4_update_lock_resp(lsp, resop); 8423 8424 end: 8425 if (lsp) { 8426 if (ls_sw_held) 8427 rfs4_sw_exit(&lsp->ls_sw); 8428 /* 8429 * If an sp obtained, then the lsp does not represent 8430 * a lock on the file struct. 8431 */ 8432 if (sp != NULL) 8433 rfs4_lo_state_rele(lsp, FALSE); 8434 else 8435 rfs4_lo_state_rele(lsp, TRUE); 8436 } 8437 if (sp) { 8438 rfs4_sw_exit(&sp->owner->oo_sw); 8439 rfs4_state_rele(sp); 8440 } 8441 } 8442 8443 /* free function for LOCK/LOCKT */ 8444 static void 8445 lock_denied_free(nfs_resop4 *resop) 8446 { 8447 LOCK4denied *dp = NULL; 8448 8449 switch (resop->resop) { 8450 case OP_LOCK: 8451 if (resop->nfs_resop4_u.oplock.status == NFS4ERR_DENIED) 8452 dp = &resop->nfs_resop4_u.oplock.LOCK4res_u.denied; 8453 break; 8454 case OP_LOCKT: 8455 if (resop->nfs_resop4_u.oplockt.status == NFS4ERR_DENIED) 8456 dp = &resop->nfs_resop4_u.oplockt.denied; 8457 break; 8458 default: 8459 break; 8460 } 8461 8462 if (dp) 8463 kmem_free(dp->owner.owner_val, dp->owner.owner_len); 8464 } 8465 8466 /*ARGSUSED*/ 8467 void 8468 rfs4_op_locku(nfs_argop4 *argop, nfs_resop4 *resop, 8469 struct svc_req *req, struct compound_state *cs) 8470 { 8471 /* XXX Currently not using req arg */ 8472 LOCKU4args *args = &argop->nfs_argop4_u.oplocku; 8473 LOCKU4res *resp = &resop->nfs_resop4_u.oplocku; 8474 nfsstat4 status; 8475 stateid4 *stateid = &args->lock_stateid; 8476 rfs4_lo_state_t *lsp; 8477 8478 if (cs->vp == NULL) { 8479 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8480 return; 8481 } 8482 8483 if ((status = rfs4_get_lo_state(stateid, &lsp, TRUE)) != NFS4_OK) { 8484 *cs->statusp = resp->status = status; 8485 return; 8486 } 8487 8488 /* Ensure specified filehandle matches */ 8489 if (cs->vp != lsp->state->finfo->vp) { 8490 rfs4_lo_state_rele(lsp, TRUE); 8491 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8492 return; 8493 } 8494 8495 /* hold off other access to lsp while we tinker */ 8496 rfs4_sw_enter(&lsp->ls_sw); 8497 8498 switch (rfs4_check_lo_stateid_seqid(lsp, stateid)) { 8499 case NFS4_CHECK_STATEID_OKAY: 8500 if (rfs4_check_lock_seqid(args->seqid, lsp, resop) 8501 != NFS4_CHKSEQ_OKAY) { 8502 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8503 goto end; 8504 } 8505 break; 8506 case NFS4_CHECK_STATEID_OLD: 8507 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8508 goto end; 8509 case NFS4_CHECK_STATEID_BAD: 8510 *cs->statusp = resp->status = NFS4ERR_BAD_STATEID; 8511 goto end; 8512 case NFS4_CHECK_STATEID_EXPIRED: 8513 *cs->statusp = resp->status = NFS4ERR_EXPIRED; 8514 goto end; 8515 case NFS4_CHECK_STATEID_CLOSED: 8516 *cs->statusp = resp->status = NFS4ERR_OLD_STATEID; 8517 goto end; 8518 case NFS4_CHECK_STATEID_REPLAY: 8519 switch (rfs4_check_lock_seqid(args->seqid, lsp, resop)) { 8520 case NFS4_CHKSEQ_OKAY: 8521 /* 8522 * This is a replayed stateid; if 8523 * seqid matches the next expected, 8524 * then client is using wrong seqid. 8525 */ 8526 case NFS4_CHKSEQ_BAD: 8527 *cs->statusp = resp->status = NFS4ERR_BAD_SEQID; 8528 goto end; 8529 case NFS4_CHKSEQ_REPLAY: 8530 rfs4_update_lease(lsp->locker->client); 8531 *cs->statusp = status = resp->status; 8532 goto end; 8533 } 8534 break; 8535 default: 8536 ASSERT(FALSE); 8537 break; 8538 } 8539 8540 rfs4_update_lock_sequence(lsp); 8541 rfs4_update_lease(lsp->locker->client); 8542 8543 /* 8544 * NFS4 only allows locking on regular files, so 8545 * verify type of object. 8546 */ 8547 if (cs->vp->v_type != VREG) { 8548 if (cs->vp->v_type == VDIR) 8549 status = NFS4ERR_ISDIR; 8550 else 8551 status = NFS4ERR_INVAL; 8552 goto out; 8553 } 8554 8555 if (rfs4_clnt_in_grace(lsp->state->owner->client)) { 8556 status = NFS4ERR_GRACE; 8557 goto out; 8558 } 8559 8560 status = rfs4_do_lock(lsp, args->locktype, 8561 args->seqid, args->offset, args->length, cs->cr, resop); 8562 8563 out: 8564 *cs->statusp = resp->status = status; 8565 8566 if (status == NFS4_OK) 8567 resp->lock_stateid = lsp->lockid.stateid; 8568 8569 rfs4_update_lock_resp(lsp, resop); 8570 8571 end: 8572 rfs4_sw_exit(&lsp->ls_sw); 8573 rfs4_lo_state_rele(lsp, TRUE); 8574 } 8575 8576 /* 8577 * LOCKT is a best effort routine, the client can not be guaranteed that 8578 * the status return is still in effect by the time the reply is received. 8579 * They are numerous race conditions in this routine, but we are not required 8580 * and can not be accurate. 8581 */ 8582 /*ARGSUSED*/ 8583 void 8584 rfs4_op_lockt(nfs_argop4 *argop, nfs_resop4 *resop, 8585 struct svc_req *req, struct compound_state *cs) 8586 { 8587 LOCKT4args *args = &argop->nfs_argop4_u.oplockt; 8588 LOCKT4res *resp = &resop->nfs_resop4_u.oplockt; 8589 rfs4_lockowner_t *lo; 8590 rfs4_client_t *cp; 8591 bool_t create = FALSE; 8592 struct flock64 flk; 8593 int error; 8594 int flag = FREAD | FWRITE; 8595 int ltype; 8596 length4 posix_length; 8597 sysid_t sysid; 8598 pid_t pid; 8599 8600 if (cs->vp == NULL) { 8601 *cs->statusp = resp->status = NFS4ERR_NOFILEHANDLE; 8602 return; 8603 } 8604 8605 /* 8606 * NFS4 only allows locking on regular files, so 8607 * verify type of object. 8608 */ 8609 if (cs->vp->v_type != VREG) { 8610 if (cs->vp->v_type == VDIR) 8611 *cs->statusp = resp->status = NFS4ERR_ISDIR; 8612 else 8613 *cs->statusp = resp->status = NFS4ERR_INVAL; 8614 return; 8615 } 8616 8617 /* 8618 * Check out the clientid to ensure the server knows about it 8619 * so that we correctly inform the client of a server reboot. 8620 */ 8621 if ((cp = rfs4_findclient_by_id(args->owner.clientid, FALSE)) 8622 == NULL) { 8623 *cs->statusp = resp->status = 8624 rfs4_check_clientid(&args->owner.clientid, 0); 8625 return; 8626 } 8627 if (rfs4_lease_expired(cp)) { 8628 rfs4_client_close(cp); 8629 /* 8630 * Protocol doesn't allow returning NFS4ERR_STALE as 8631 * other operations do on this check so STALE_CLIENTID 8632 * is returned instead 8633 */ 8634 *cs->statusp = resp->status = NFS4ERR_STALE_CLIENTID; 8635 return; 8636 } 8637 8638 if (rfs4_clnt_in_grace(cp)) { 8639 *cs->statusp = resp->status = NFS4ERR_GRACE; 8640 return; 8641 } 8642 rfs4_client_rele(cp); 8643 8644 resp->status = NFS4_OK; 8645 8646 switch (args->locktype) { 8647 case READ_LT: 8648 case READW_LT: 8649 ltype = F_RDLCK; 8650 break; 8651 case WRITE_LT: 8652 case WRITEW_LT: 8653 ltype = F_WRLCK; 8654 break; 8655 } 8656 8657 posix_length = args->length; 8658 /* Check for zero length. To lock to end of file use all ones for V4 */ 8659 if (posix_length == 0) { 8660 *cs->statusp = resp->status = NFS4ERR_INVAL; 8661 return; 8662 } else if (posix_length == (length4)(~0)) { 8663 posix_length = 0; /* Posix to end of file */ 8664 } 8665 8666 /* Find or create a lockowner */ 8667 lo = rfs4_findlockowner(&args->owner, &create); 8668 8669 if (lo) { 8670 pid = lo->pid; 8671 if ((resp->status = 8672 rfs4_client_sysid(lo->client, &sysid)) != NFS4_OK) 8673 goto out; 8674 } else { 8675 pid = 0; 8676 sysid = lockt_sysid; 8677 } 8678 retry: 8679 flk.l_type = ltype; 8680 flk.l_whence = 0; /* SEEK_SET */ 8681 flk.l_start = args->offset; 8682 flk.l_len = posix_length; 8683 flk.l_sysid = sysid; 8684 flk.l_pid = pid; 8685 flag |= F_REMOTELOCK; 8686 8687 LOCK_PRINT(rfs4_debug, "rfs4_op_lockt", F_GETLK, &flk); 8688 8689 /* Note that length4 is uint64_t but l_len and l_start are off64_t */ 8690 if (flk.l_len < 0 || flk.l_start < 0) { 8691 resp->status = NFS4ERR_INVAL; 8692 goto out; 8693 } 8694 error = VOP_FRLOCK(cs->vp, F_GETLK, &flk, flag, (u_offset_t)0, 8695 NULL, cs->cr, NULL); 8696 8697 /* 8698 * N.B. We map error values to nfsv4 errors. This is differrent 8699 * than puterrno4 routine. 8700 */ 8701 switch (error) { 8702 case 0: 8703 if (flk.l_type == F_UNLCK) 8704 resp->status = NFS4_OK; 8705 else { 8706 if (lock_denied(&resp->denied, &flk) == NFS4ERR_EXPIRED) 8707 goto retry; 8708 resp->status = NFS4ERR_DENIED; 8709 } 8710 break; 8711 case EOVERFLOW: 8712 resp->status = NFS4ERR_INVAL; 8713 break; 8714 case EINVAL: 8715 resp->status = NFS4ERR_NOTSUPP; 8716 break; 8717 default: 8718 cmn_err(CE_WARN, "rfs4_op_lockt: unexpected errno (%d)", 8719 error); 8720 resp->status = NFS4ERR_SERVERFAULT; 8721 break; 8722 } 8723 8724 out: 8725 if (lo) 8726 rfs4_lockowner_rele(lo); 8727 *cs->statusp = resp->status; 8728 } 8729 8730 static int 8731 vop_shrlock(vnode_t *vp, int cmd, struct shrlock *sp, int fflags) 8732 { 8733 int err; 8734 8735 if (cmd == F_UNSHARE && sp->s_deny == 0 && sp->s_access == 0) 8736 return (0); 8737 8738 err = VOP_SHRLOCK(vp, cmd, sp, fflags, CRED(), NULL); 8739 8740 NFS4_DEBUG(rfs4_shrlock_debug, 8741 (CE_NOTE, "rfs4_shrlock %s vp=%p acc=%d dny=%d sysid=%d " 8742 "pid=%d err=%d\n", cmd == F_UNSHARE ? "UNSHR" : "SHARE", 8743 (void *) vp, sp->s_access, sp->s_deny, sp->s_sysid, sp->s_pid, 8744 err)); 8745 8746 return (err); 8747 } 8748 8749 static int 8750 rfs4_shrlock(rfs4_state_t *sp, int cmd) 8751 { 8752 struct shrlock shr; 8753 struct shr_locowner shr_loco; 8754 int fflags; 8755 8756 fflags = shr.s_access = shr.s_deny = 0; 8757 8758 if (sp->share_access & OPEN4_SHARE_ACCESS_READ) { 8759 fflags |= FREAD; 8760 shr.s_access |= F_RDACC; 8761 } 8762 if (sp->share_access & OPEN4_SHARE_ACCESS_WRITE) { 8763 fflags |= FWRITE; 8764 shr.s_access |= F_WRACC; 8765 } 8766 if (sp->share_deny & OPEN4_SHARE_DENY_READ) 8767 shr.s_deny |= F_RDDNY; 8768 if (sp->share_deny & OPEN4_SHARE_DENY_WRITE) 8769 shr.s_deny |= F_WRDNY; 8770 8771 shr.s_pid = rfs4_dbe_getid(sp->owner->dbe); 8772 shr.s_sysid = sp->owner->client->sysidt; 8773 shr_loco.sl_pid = shr.s_pid; 8774 shr_loco.sl_id = shr.s_sysid; 8775 shr.s_owner = (caddr_t)&shr_loco; 8776 shr.s_own_len = sizeof (shr_loco); 8777 return (vop_shrlock(sp->finfo->vp, cmd, &shr, fflags)); 8778 } 8779 8780 static int 8781 rfs4_share(rfs4_state_t *sp) 8782 { 8783 int cmd; 8784 cmd = nbl_need_check(sp->finfo->vp) ? F_SHARE_NBMAND : F_SHARE; 8785 return (rfs4_shrlock(sp, cmd)); 8786 } 8787 8788 void 8789 rfs4_unshare(rfs4_state_t *sp) 8790 { 8791 (void) rfs4_shrlock(sp, F_UNSHARE); 8792 } 8793