1 1.17 riastrad /* $NetBSD: nfs_srvsubs.c,v 1.17 2023/03/23 19:52:42 riastradh Exp $ */ 2 1.1 ad 3 1.1 ad /* 4 1.1 ad * Copyright (c) 1989, 1993 5 1.1 ad * The Regents of the University of California. All rights reserved. 6 1.1 ad * 7 1.1 ad * This code is derived from software contributed to Berkeley by 8 1.1 ad * Rick Macklem at The University of Guelph. 9 1.1 ad * 10 1.1 ad * Redistribution and use in source and binary forms, with or without 11 1.1 ad * modification, are permitted provided that the following conditions 12 1.1 ad * are met: 13 1.1 ad * 1. Redistributions of source code must retain the above copyright 14 1.1 ad * notice, this list of conditions and the following disclaimer. 15 1.1 ad * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 ad * notice, this list of conditions and the following disclaimer in the 17 1.1 ad * documentation and/or other materials provided with the distribution. 18 1.1 ad * 3. Neither the name of the University nor the names of its contributors 19 1.1 ad * may be used to endorse or promote products derived from this software 20 1.1 ad * without specific prior written permission. 21 1.1 ad * 22 1.1 ad * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 1.1 ad * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 1.1 ad * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 1.1 ad * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 1.1 ad * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 1.1 ad * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 1.1 ad * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 1.1 ad * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 1.1 ad * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 1.1 ad * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 1.1 ad * SUCH DAMAGE. 33 1.1 ad * 34 1.1 ad * @(#)nfs_subs.c 8.8 (Berkeley) 5/22/95 35 1.1 ad */ 36 1.1 ad 37 1.1 ad /* 38 1.1 ad * Copyright 2000 Wasabi Systems, Inc. 39 1.1 ad * All rights reserved. 40 1.1 ad * 41 1.1 ad * Written by Frank van der Linden for Wasabi Systems, Inc. 42 1.1 ad * 43 1.1 ad * Redistribution and use in source and binary forms, with or without 44 1.1 ad * modification, are permitted provided that the following conditions 45 1.1 ad * are met: 46 1.1 ad * 1. Redistributions of source code must retain the above copyright 47 1.1 ad * notice, this list of conditions and the following disclaimer. 48 1.1 ad * 2. Redistributions in binary form must reproduce the above copyright 49 1.1 ad * notice, this list of conditions and the following disclaimer in the 50 1.1 ad * documentation and/or other materials provided with the distribution. 51 1.1 ad * 3. All advertising materials mentioning features or use of this software 52 1.1 ad * must display the following acknowledgement: 53 1.1 ad * This product includes software developed for the NetBSD Project by 54 1.1 ad * Wasabi Systems, Inc. 55 1.1 ad * 4. The name of Wasabi Systems, Inc. may not be used to endorse 56 1.1 ad * or promote products derived from this software without specific prior 57 1.1 ad * written permission. 58 1.1 ad * 59 1.1 ad * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 60 1.1 ad * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 61 1.1 ad * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 62 1.1 ad * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 63 1.1 ad * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 64 1.1 ad * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 65 1.1 ad * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 66 1.1 ad * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 67 1.1 ad * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 68 1.1 ad * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 69 1.1 ad * POSSIBILITY OF SUCH DAMAGE. 70 1.1 ad */ 71 1.1 ad 72 1.1 ad #include <sys/cdefs.h> 73 1.17 riastrad __KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.17 2023/03/23 19:52:42 riastradh Exp $"); 74 1.1 ad 75 1.1 ad #include <sys/param.h> 76 1.1 ad #include <sys/proc.h> 77 1.1 ad #include <sys/systm.h> 78 1.1 ad #include <sys/kernel.h> 79 1.1 ad #include <sys/kmem.h> 80 1.1 ad #include <sys/mount.h> 81 1.1 ad #include <sys/vnode.h> 82 1.1 ad #include <sys/namei.h> 83 1.1 ad #include <sys/mbuf.h> 84 1.1 ad #include <sys/socket.h> 85 1.1 ad #include <sys/stat.h> 86 1.1 ad #include <sys/filedesc.h> 87 1.1 ad #include <sys/time.h> 88 1.1 ad #include <sys/dirent.h> 89 1.1 ad #include <sys/once.h> 90 1.1 ad #include <sys/kauth.h> 91 1.1 ad #include <sys/atomic.h> 92 1.1 ad 93 1.1 ad #include <uvm/uvm_extern.h> 94 1.1 ad 95 1.1 ad #include <nfs/rpcv2.h> 96 1.1 ad #include <nfs/nfsproto.h> 97 1.1 ad #include <nfs/nfsnode.h> 98 1.1 ad #include <nfs/nfs.h> 99 1.1 ad #include <nfs/xdr_subs.h> 100 1.1 ad #include <nfs/nfsm_subs.h> 101 1.1 ad #include <nfs/nfsmount.h> 102 1.1 ad #include <nfs/nfsrtt.h> 103 1.1 ad #include <nfs/nfs_var.h> 104 1.1 ad 105 1.1 ad #include <miscfs/specfs/specdev.h> 106 1.1 ad 107 1.1 ad #include <netinet/in.h> 108 1.1 ad 109 1.1 ad /* 110 1.1 ad * Set up nameidata for a lookup() call and do it. 111 1.1 ad * 112 1.1 ad * If pubflag is set, this call is done for a lookup operation on the 113 1.1 ad * public filehandle. In that case we allow crossing mountpoints and 114 1.1 ad * absolute pathnames. However, the caller is expected to check that 115 1.1 ad * the lookup result is within the public fs, and deny access if 116 1.1 ad * it is not. 117 1.1 ad */ 118 1.1 ad int 119 1.16 hannken nfs_namei(struct nameidata *ndp, nfsrvfh_t *nsfh, uint32_t len, struct nfssvc_sock *slp, struct mbuf *nam, struct mbuf **mdp, char **dposp, struct vnode **retdirp, int *dirattr_retp, struct vattr *dirattrp, struct lwp *l, int kerbflag, int pubflag) 120 1.1 ad { 121 1.1 ad int i, rem; 122 1.1 ad struct mbuf *md; 123 1.8 dholland char *fromcp, *tocp, *cp, *path; 124 1.1 ad struct vnode *dp; 125 1.5 dholland int error, rdonly; 126 1.5 dholland int neverfollow; 127 1.1 ad struct componentname *cnp = &ndp->ni_cnd; 128 1.1 ad 129 1.1 ad *retdirp = NULL; 130 1.8 dholland ndp->ni_pathbuf = NULL; 131 1.1 ad 132 1.17 riastrad if (len > NFS_MAXPATHLEN - 1) 133 1.1 ad return (ENAMETOOLONG); 134 1.1 ad if (len == 0) 135 1.1 ad return (EACCES); 136 1.1 ad 137 1.1 ad /* 138 1.8 dholland * Copy the name from the mbuf list to ndp->ni_pathbuf 139 1.1 ad * and set the various ndp fields appropriately. 140 1.1 ad */ 141 1.8 dholland path = PNBUF_GET(); 142 1.1 ad fromcp = *dposp; 143 1.8 dholland tocp = path; 144 1.1 ad md = *mdp; 145 1.1 ad rem = mtod(md, char *) + md->m_len - fromcp; 146 1.1 ad for (i = 0; i < len; i++) { 147 1.1 ad while (rem == 0) { 148 1.1 ad md = md->m_next; 149 1.1 ad if (md == NULL) { 150 1.1 ad error = EBADRPC; 151 1.1 ad goto out; 152 1.1 ad } 153 1.1 ad fromcp = mtod(md, void *); 154 1.1 ad rem = md->m_len; 155 1.1 ad } 156 1.1 ad if (*fromcp == '\0' || (!pubflag && *fromcp == '/')) { 157 1.1 ad error = EACCES; 158 1.1 ad goto out; 159 1.1 ad } 160 1.1 ad *tocp++ = *fromcp++; 161 1.1 ad rem--; 162 1.1 ad } 163 1.1 ad *tocp = '\0'; 164 1.1 ad *mdp = md; 165 1.1 ad *dposp = fromcp; 166 1.1 ad len = nfsm_rndup(len)-len; 167 1.1 ad if (len > 0) { 168 1.1 ad if (rem >= len) 169 1.1 ad *dposp += len; 170 1.1 ad else if ((error = nfs_adv(mdp, dposp, len, rem)) != 0) 171 1.1 ad goto out; 172 1.1 ad } 173 1.1 ad 174 1.1 ad /* 175 1.1 ad * Extract and set starting directory. 176 1.1 ad */ 177 1.1 ad error = nfsrv_fhtovp(nsfh, false, &dp, ndp->ni_cnd.cn_cred, slp, 178 1.1 ad nam, &rdonly, kerbflag, pubflag); 179 1.1 ad if (error) 180 1.1 ad goto out; 181 1.1 ad if (dp->v_type != VDIR) { 182 1.1 ad vrele(dp); 183 1.1 ad error = ENOTDIR; 184 1.1 ad goto out; 185 1.1 ad } 186 1.1 ad 187 1.1 ad if (rdonly) 188 1.1 ad cnp->cn_flags |= RDONLY; 189 1.1 ad 190 1.1 ad *retdirp = dp; 191 1.16 hannken if (dirattr_retp != NULL) { 192 1.16 hannken vn_lock(dp, LK_SHARED | LK_RETRY); 193 1.16 hannken *dirattr_retp = VOP_GETATTR(dp, dirattrp, ndp->ni_cnd.cn_cred); 194 1.16 hannken VOP_UNLOCK(dp); 195 1.16 hannken } 196 1.1 ad 197 1.1 ad if (pubflag) { 198 1.1 ad /* 199 1.1 ad * Oh joy. For WebNFS, handle those pesky '%' escapes, 200 1.1 ad * and the 'native path' indicator. 201 1.1 ad */ 202 1.1 ad cp = PNBUF_GET(); 203 1.8 dholland fromcp = path; 204 1.1 ad tocp = cp; 205 1.1 ad if ((unsigned char)*fromcp >= WEBNFS_SPECCHAR_START) { 206 1.1 ad switch ((unsigned char)*fromcp) { 207 1.1 ad case WEBNFS_NATIVE_CHAR: 208 1.1 ad /* 209 1.1 ad * 'Native' path for us is the same 210 1.1 ad * as a path according to the NFS spec, 211 1.1 ad * just skip the escape char. 212 1.1 ad */ 213 1.1 ad fromcp++; 214 1.1 ad break; 215 1.1 ad /* 216 1.1 ad * More may be added in the future, range 0x80-0xff 217 1.1 ad */ 218 1.1 ad default: 219 1.1 ad error = EIO; 220 1.1 ad vrele(dp); 221 1.1 ad PNBUF_PUT(cp); 222 1.1 ad goto out; 223 1.1 ad } 224 1.1 ad } 225 1.1 ad /* 226 1.1 ad * Translate the '%' escapes, URL-style. 227 1.1 ad */ 228 1.1 ad while (*fromcp != '\0') { 229 1.1 ad if (*fromcp == WEBNFS_ESC_CHAR) { 230 1.1 ad if (fromcp[1] != '\0' && fromcp[2] != '\0') { 231 1.1 ad fromcp++; 232 1.1 ad *tocp++ = HEXSTRTOI(fromcp); 233 1.1 ad fromcp += 2; 234 1.1 ad continue; 235 1.1 ad } else { 236 1.1 ad error = ENOENT; 237 1.1 ad vrele(dp); 238 1.1 ad PNBUF_PUT(cp); 239 1.1 ad goto out; 240 1.1 ad } 241 1.1 ad } else 242 1.1 ad *tocp++ = *fromcp++; 243 1.1 ad } 244 1.1 ad *tocp = '\0'; 245 1.8 dholland PNBUF_PUT(path); 246 1.8 dholland path = cp; 247 1.1 ad } 248 1.1 ad 249 1.14 dholland ndp->ni_atdir = NULL; 250 1.8 dholland ndp->ni_pathbuf = pathbuf_assimilate(path); 251 1.8 dholland if (ndp->ni_pathbuf == NULL) { 252 1.8 dholland error = ENOMEM; 253 1.8 dholland goto out; 254 1.8 dholland } 255 1.1 ad 256 1.1 ad if (pubflag) { 257 1.8 dholland if (path[0] == '/') 258 1.1 ad dp = rootvnode; 259 1.1 ad } else { 260 1.1 ad cnp->cn_flags |= NOCROSSMOUNT; 261 1.1 ad } 262 1.1 ad 263 1.5 dholland neverfollow = !pubflag; 264 1.1 ad 265 1.1 ad /* 266 1.1 ad * And call lookup() to do the real work 267 1.8 dholland * 268 1.11 dholland * Note: ndp->ni_pathbuf is left undestroyed on success; 269 1.11 dholland * caller must clean it up. 270 1.1 ad */ 271 1.5 dholland error = lookup_for_nfsd(ndp, dp, neverfollow); 272 1.1 ad if (error) { 273 1.11 dholland goto out; 274 1.1 ad } 275 1.5 dholland return 0; 276 1.1 ad 277 1.1 ad out: 278 1.8 dholland if (ndp->ni_pathbuf != NULL) { 279 1.8 dholland pathbuf_destroy(ndp->ni_pathbuf); 280 1.9 dholland ndp->ni_pathbuf = NULL; 281 1.8 dholland } else { 282 1.8 dholland PNBUF_PUT(path); 283 1.8 dholland } 284 1.1 ad return (error); 285 1.1 ad } 286 1.1 ad 287 1.1 ad /* 288 1.1 ad * nfsrv_fhtovp() - convert a fh to a vnode ptr (optionally locked) 289 1.1 ad * - look up fsid in mount list (if not found ret error) 290 1.1 ad * - get vp and export rights by calling VFS_FHTOVP() 291 1.1 ad * - if cred->cr_uid == 0 or MNT_EXPORTANON set it to credanon 292 1.1 ad * - if not lockflag unlock it with VOP_UNLOCK() 293 1.1 ad */ 294 1.1 ad int 295 1.1 ad nfsrv_fhtovp(nfsrvfh_t *nsfh, int lockflag, struct vnode **vpp, 296 1.1 ad kauth_cred_t cred, struct nfssvc_sock *slp, struct mbuf *nam, int *rdonlyp, 297 1.1 ad int kerbflag, int pubflag) 298 1.1 ad { 299 1.1 ad struct mount *mp; 300 1.1 ad kauth_cred_t credanon; 301 1.1 ad int error, exflags; 302 1.1 ad struct sockaddr_in *saddr; 303 1.1 ad fhandle_t *fhp; 304 1.1 ad 305 1.1 ad fhp = NFSRVFH_FHANDLE(nsfh); 306 1.1 ad *vpp = (struct vnode *)0; 307 1.1 ad 308 1.1 ad if (nfs_ispublicfh(nsfh)) { 309 1.1 ad if (!pubflag || !nfs_pub.np_valid) 310 1.1 ad return (ESTALE); 311 1.1 ad fhp = nfs_pub.np_handle; 312 1.1 ad } 313 1.1 ad 314 1.1 ad error = netexport_check(&fhp->fh_fsid, nam, &mp, &exflags, &credanon); 315 1.1 ad if (error) { 316 1.1 ad return error; 317 1.1 ad } 318 1.1 ad 319 1.15 ad error = VFS_FHTOVP(mp, &fhp->fh_fid, LK_EXCLUSIVE, vpp); 320 1.1 ad if (error) 321 1.1 ad return (error); 322 1.1 ad 323 1.1 ad if (!(exflags & (MNT_EXNORESPORT|MNT_EXPUBLIC))) { 324 1.1 ad saddr = mtod(nam, struct sockaddr_in *); 325 1.1 ad if ((saddr->sin_family == AF_INET) && 326 1.1 ad ntohs(saddr->sin_port) >= IPPORT_RESERVED) { 327 1.1 ad vput(*vpp); 328 1.1 ad return (NFSERR_AUTHERR | AUTH_TOOWEAK); 329 1.1 ad } 330 1.1 ad if ((saddr->sin_family == AF_INET6) && 331 1.1 ad ntohs(saddr->sin_port) >= IPV6PORT_RESERVED) { 332 1.1 ad vput(*vpp); 333 1.1 ad return (NFSERR_AUTHERR | AUTH_TOOWEAK); 334 1.1 ad } 335 1.1 ad } 336 1.1 ad /* 337 1.1 ad * Check/setup credentials. 338 1.1 ad */ 339 1.1 ad if (exflags & MNT_EXKERB) { 340 1.1 ad if (!kerbflag) { 341 1.1 ad vput(*vpp); 342 1.1 ad return (NFSERR_AUTHERR | AUTH_TOOWEAK); 343 1.1 ad } 344 1.1 ad } else if (kerbflag) { 345 1.1 ad vput(*vpp); 346 1.1 ad return (NFSERR_AUTHERR | AUTH_TOOWEAK); 347 1.1 ad } else if (kauth_cred_geteuid(cred) == 0 || /* NFS maproot, see below */ 348 1.1 ad (exflags & MNT_EXPORTANON)) { 349 1.1 ad /* 350 1.1 ad * This is used by the NFS maproot option. While we can change 351 1.1 ad * the secmodel on our own host, we can't change it on the 352 1.1 ad * clients. As means of least surprise, we're doing the 353 1.1 ad * traditional thing here. 354 1.1 ad * Should look into adding a "mapprivileged" or similar where 355 1.1 ad * the users can be explicitly specified... 356 1.1 ad * [elad, yamt 2008-03-05] 357 1.1 ad */ 358 1.1 ad kauth_cred_clone(credanon, cred); 359 1.1 ad } 360 1.1 ad if (exflags & MNT_EXRDONLY) 361 1.1 ad *rdonlyp = 1; 362 1.1 ad else 363 1.1 ad *rdonlyp = 0; 364 1.1 ad if (!lockflag) 365 1.6 hannken VOP_UNLOCK(*vpp); 366 1.1 ad return (0); 367 1.1 ad } 368 1.1 ad 369 1.1 ad /* 370 1.1 ad * WebNFS: check if a filehandle is a public filehandle. For v3, this 371 1.1 ad * means a length of 0, for v2 it means all zeroes. 372 1.1 ad */ 373 1.1 ad int 374 1.1 ad nfs_ispublicfh(const nfsrvfh_t *nsfh) 375 1.1 ad { 376 1.1 ad const char *cp = (const void *)(NFSRVFH_DATA(nsfh)); 377 1.1 ad int i; 378 1.1 ad 379 1.1 ad if (NFSRVFH_SIZE(nsfh) == 0) { 380 1.1 ad return true; 381 1.1 ad } 382 1.1 ad if (NFSRVFH_SIZE(nsfh) != NFSX_V2FH) { 383 1.1 ad return false; 384 1.1 ad } 385 1.1 ad for (i = 0; i < NFSX_V2FH; i++) 386 1.1 ad if (*cp++ != 0) 387 1.1 ad return false; 388 1.1 ad return true; 389 1.1 ad } 390 1.1 ad 391 1.1 ad int 392 1.1 ad nfsrv_composefh(struct vnode *vp, nfsrvfh_t *nsfh, bool v3) 393 1.1 ad { 394 1.1 ad int error; 395 1.1 ad size_t fhsize; 396 1.1 ad 397 1.1 ad fhsize = NFSD_MAXFHSIZE; 398 1.1 ad error = vfs_composefh(vp, (void *)NFSRVFH_DATA(nsfh), &fhsize); 399 1.1 ad if (NFSX_FHTOOBIG_P(fhsize, v3)) { 400 1.1 ad error = EOPNOTSUPP; 401 1.1 ad } 402 1.1 ad if (error != 0) { 403 1.1 ad return error; 404 1.1 ad } 405 1.1 ad if (!v3 && fhsize < NFSX_V2FH) { 406 1.1 ad memset((char *)NFSRVFH_DATA(nsfh) + fhsize, 0, 407 1.1 ad NFSX_V2FH - fhsize); 408 1.1 ad fhsize = NFSX_V2FH; 409 1.1 ad } 410 1.1 ad if ((fhsize % NFSX_UNSIGNED) != 0) { 411 1.1 ad return EOPNOTSUPP; 412 1.1 ad } 413 1.1 ad nsfh->nsfh_size = fhsize; 414 1.1 ad return 0; 415 1.1 ad } 416 1.1 ad 417 1.1 ad int 418 1.1 ad nfsrv_comparefh(const nfsrvfh_t *fh1, const nfsrvfh_t *fh2) 419 1.1 ad { 420 1.1 ad 421 1.1 ad if (NFSRVFH_SIZE(fh1) != NFSRVFH_SIZE(fh2)) { 422 1.1 ad return NFSRVFH_SIZE(fh2) - NFSRVFH_SIZE(fh1); 423 1.1 ad } 424 1.1 ad return memcmp(NFSRVFH_DATA(fh1), NFSRVFH_DATA(fh2), NFSRVFH_SIZE(fh1)); 425 1.1 ad } 426 1.1 ad 427 1.1 ad void 428 1.1 ad nfsrv_copyfh(nfsrvfh_t *fh1, const nfsrvfh_t *fh2) 429 1.1 ad { 430 1.1 ad size_t size; 431 1.1 ad 432 1.1 ad fh1->nsfh_size = size = NFSRVFH_SIZE(fh2); 433 1.1 ad memcpy(NFSRVFH_DATA(fh1), NFSRVFH_DATA(fh2), size); 434 1.1 ad } 435
Indexes created Sat Sep 20 22:09:52 GMT 2025