3 * Handle communication with knfsd internal cache
5 * We open /proc/net/rpc/{auth.unix.ip,nfsd.export,nfsd.fh}/channel
6 * and listen for requests (using my_svc_run)
14 #include <sys/types.h>
15 #include <sys/select.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
34 #include "pseudoflavors.h"
37 #include "blkid/blkid.h"
41 * Invoked by RPC service loop
43 void cache_set_fds(fd_set *fdset);
44 int cache_process_req(fd_set *readfds);
58 * Support routines for text-based upcalls.
59 * Fields are separated by spaces.
60 * Fields are either mangled to quote space tab newline slosh with slosh
61 * or a hexified with a leading \x
62 * Record is terminated with newline.
65 static int cache_export_ent(char *domain, struct exportent *exp, char *p);
67 #define INITIAL_MANAGED_GROUPS 100
71 extern int use_ipaddr;
73 static void auth_unix_ip(FILE *f)
77 * Ignore if class != "nfsd"
78 * Otherwise find domainname and write back:
80 * "nfsd" IP-ADDR expiry domainname
84 char ipaddr[INET6_ADDRSTRLEN];
86 struct addrinfo *tmp = NULL;
87 struct addrinfo *ai = NULL;
88 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
91 xlog(D_CALL, "auth_unix_ip: inbuf '%s'", lbuf);
95 if (qword_get(&cp, class, 20) <= 0 ||
96 strcmp(class, "nfsd") != 0)
99 if (qword_get(&cp, ipaddr, sizeof(ipaddr)) <= 0)
102 tmp = host_pton(ipaddr);
108 /* addr is a valid, interesting address, find the domain name... */
110 ai = client_resolve(tmp->ai_addr);
111 client = client_compose(ai);
116 qword_print(f, "nfsd");
117 qword_print(f, ipaddr);
118 qword_printuint(f, time(0) + DEFAULT_TTL);
120 qword_print(f, ipaddr);
122 qword_print(f, *client?client:"DEFAULT");
124 xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT");
129 static void auth_unix_gid(FILE *f)
134 * uid expiry count list of group ids
138 static gid_t *groups = NULL;
139 static int groups_len = 0;
145 if (groups_len == 0) {
146 groups = malloc(sizeof(gid_t) * INITIAL_MANAGED_GROUPS);
150 groups_len = INITIAL_MANAGED_GROUPS;
153 ngroups = groups_len;
155 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
159 if (qword_get_uint(&cp, &uid) != 0)
166 rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
167 if (rv == -1 && ngroups >= groups_len) {
168 more_groups = realloc(groups, sizeof(gid_t)*ngroups);
172 groups = more_groups;
173 groups_len = ngroups;
174 rv = getgrouplist(pw->pw_name, pw->pw_gid,
179 qword_printuint(f, uid);
180 qword_printuint(f, time(0) + DEFAULT_TTL);
182 qword_printuint(f, ngroups);
183 for (i=0; i<ngroups; i++)
184 qword_printuint(f, groups[i]);
186 qword_printuint(f, 0);
191 static const char *get_uuid_blkdev(char *path)
193 /* We set *safe if we know that we need the
194 * fsid from statfs too.
196 static blkid_cache cache = NULL;
199 blkid_tag_iterate iter;
202 const char *val, *uuid = NULL;
205 blkid_get_cache(&cache, NULL);
207 if (stat(path, &stb) != 0)
209 devname = blkid_devno_to_devname(stb.st_dev);
212 dev = blkid_get_dev(cache, devname, BLKID_DEV_NORMAL);
216 iter = blkid_tag_iterate_begin(dev);
219 while (blkid_tag_next(iter, &type, &val) == 0) {
220 if (strcmp(type, "UUID") == 0)
222 if (strcmp(type, "TYPE") == 0 &&
223 strcmp(val, "btrfs") == 0) {
228 blkid_tag_iterate_end(iter);
232 #define get_uuid_blkdev(path) (NULL)
235 static int get_uuid(const char *val, int uuidlen, char *u)
237 /* extract hex digits from uuidstr and compose a uuid
238 * of the given length (max 16), xoring bytes to make
243 memset(u, 0, uuidlen);
244 for ( ; *val ; val++) {
265 static int uuid_by_path(char *path, int type, int uuidlen, char *uuid)
267 /* get a uuid for the filesystem found at 'path'.
268 * There are several possible ways of generating the
270 * Type 0 is used for new filehandles, while other types
271 * may be used to interpret old filehandle - to ensure smooth
273 * We return 1 if a uuid was found (and it might be worth
274 * trying the next type) or 0 if no more uuid types can be
278 /* Possible sources of uuid are
282 * On some filesystems (e.g. vfat) the statfs64 uuid is simply an
283 * encoding of the device that the filesystem is mounted from, so
284 * it we be very bad to use that (as device numbers change). blkid
286 * On other filesystems (e.g. btrfs) the statfs64 uuid contains
287 * important info that the blkid uuid cannot contain: This happens
288 * when multiple subvolumes are exported (they have the same
289 * blkid uuid but different statfs64 uuids).
290 * We rely on get_uuid_blkdev *knowing* which is which and not returning
291 * a uuid for filesystems where the statfs64 uuid is better.
296 const char *blkid_val;
299 blkid_val = get_uuid_blkdev(path);
301 if (statfs64(path, &st) == 0 &&
302 (st.f_fsid.__val[0] || st.f_fsid.__val[1]))
303 snprintf(fsid_val, 17, "%08x%08x",
304 st.f_fsid.__val[0], st.f_fsid.__val[1]);
308 if (blkid_val && (type--) == 0)
310 else if (fsid_val[0] && (type--) == 0)
315 get_uuid(val, uuidlen, uuid);
319 /* Iterate through /etc/mtab, finding mountpoints
320 * at or below a given path
322 static char *next_mnt(void **v, char *p)
328 f = setmntent("/etc/mtab", "r");
332 while ((me = getmntent(f)) != NULL &&
333 (strncmp(me->mnt_dir, p, l) != 0 ||
334 me->mnt_dir[l] != '/'))
344 static void nfsd_fh(FILE *f)
347 * domain fsidtype fsid
348 * interpret fsid, find export point and options, and write:
349 * domain fsidtype fsid expiry path
355 unsigned int dev, major=0, minor=0;
356 unsigned int inode=0;
357 unsigned long long inode64;
358 unsigned int fsidnum=0;
360 struct exportent *found = NULL;
361 struct addrinfo *ai = NULL;
362 char *found_path = NULL;
369 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
372 xlog(D_CALL, "nfsd_fh: inbuf '%s'", lbuf);
376 dom = malloc(strlen(cp));
379 if (qword_get(&cp, dom, strlen(cp)) <= 0)
381 if (qword_get_int(&cp, &fsidtype) != 0)
383 if (fsidtype < 0 || fsidtype > 7)
384 goto out; /* unknown type */
385 if ((fsidlen = qword_get(&cp, fsid, 32)) <= 0)
388 case FSID_DEV: /* 4 bytes: 2 major, 2 minor, 4 inode */
391 memcpy(&dev, fsid, 4);
392 memcpy(&inode, fsid+4, 4);
393 major = ntohl(dev)>>16;
394 minor = ntohl(dev) & 0xFFFF;
397 case FSID_NUM: /* 4 bytes - fsid */
400 memcpy(&fsidnum, fsid, 4);
403 case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode
404 * This format is never actually used but was
405 * an historical accident
409 memcpy(&dev, fsid, 4); major = ntohl(dev);
410 memcpy(&dev, fsid+4, 4); minor = ntohl(dev);
411 memcpy(&inode, fsid+8, 4);
414 case FSID_ENCODE_DEV: /* 8 bytes: 4 byte packed device number, 4 inode */
415 /* This is *host* endian, not net-byte-order, because
416 * no-one outside this host has any business interpreting it
420 memcpy(&dev, fsid, 4);
421 memcpy(&inode, fsid+4, 4);
422 major = (dev & 0xfff00) >> 8;
423 minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
426 case FSID_UUID4_INUM: /* 4 byte inode number and 4 byte uuid */
429 memcpy(&inode, fsid, 4);
433 case FSID_UUID8: /* 8 byte uuid */
439 case FSID_UUID16: /* 16 byte uuid */
445 case FSID_UUID16_INUM: /* 8 byte inode number and 16 byte uuid */
448 memcpy(&inode64, fsid, 8);
457 /* Now determine export point for this fsid/domain */
458 for (i=0 ; i < MCL_MAXTYPES; i++) {
459 nfs_export *next_exp;
460 for (exp = exportlist[i].p_head; exp; exp = next_exp) {
466 if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) {
467 static nfs_export *prev = NULL;
468 static void *mnt = NULL;
472 path = next_mnt(&mnt, exp->m_export.e_path);
474 next_exp = exp->m_next;
482 path = exp->m_export.e_path;
486 path = exp->m_export.e_path;
487 next_exp = exp->m_next;
490 if (!use_ipaddr && !client_member(dom, exp->m_client->m_hostname))
492 if (exp->m_export.e_mountpoint &&
493 !is_mountpoint(exp->m_export.e_mountpoint[0]?
494 exp->m_export.e_mountpoint:
495 exp->m_export.e_path))
497 if (stat(path, &stb) != 0)
499 if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
504 case FSID_MAJOR_MINOR:
505 case FSID_ENCODE_DEV:
506 if (stb.st_ino != inode)
508 if (major != major(stb.st_dev) ||
509 minor != minor(stb.st_dev))
513 if (((exp->m_export.e_flags & NFSEXP_FSID) == 0 ||
514 exp->m_export.e_fsid != fsidnum))
517 case FSID_UUID4_INUM:
518 case FSID_UUID16_INUM:
519 if (stb.st_ino != inode)
524 if (!is_mountpoint(path))
527 if (exp->m_export.e_uuid)
528 get_uuid(exp->m_export.e_uuid,
532 uuid_by_path(path, type, uuidlen, u);
534 if (memcmp(u, fhuuid, uuidlen) == 0)
537 if (memcmp(u, fhuuid, uuidlen) != 0)
543 struct addrinfo *tmp;
544 tmp = host_pton(dom);
547 ai = client_resolve(tmp->ai_addr);
550 if (!client_check(exp->m_client, ai))
553 /* It's a match !! */
555 found = &exp->m_export;
556 found_path = strdup(path);
557 if (found_path == NULL)
559 } else if (strcmp(found->e_path, exp->m_export.e_path)!= 0)
561 xlog(L_WARNING, "%s and %s have same filehandle for %s, using first",
562 found_path, path, dom);
567 found->e_mountpoint &&
568 !is_mountpoint(found->e_mountpoint[0]?
571 /* Cannot export this yet
572 * should log a warning, but need to rate limit
573 xlog(L_WARNING, "%s not exported as %d not a mountpoint",
574 found->e_path, found->e_mountpoint);
576 /* FIXME we need to make sure we re-visit this later */
579 if (!found && dev_missing) {
580 /* The missing dev could be what we want, so just be
581 * quite rather than returning stale yet
587 if (cache_export_ent(dom, found, found_path) < 0)
591 qword_printint(f, fsidtype);
592 qword_printhex(f, fsid, fsidlen);
593 /* The fsid -> path lookup can be quite expensive as it
594 * potentially stats and reads lots of devices, and some of those
595 * might have spun-down. The Answer is not likely to
596 * change underneath us, and an 'exportfs -f' can always
597 * remove this from the kernel, so use a really log
598 * timeout. Maybe this should be configurable on the command
601 qword_printint(f, 0x7fffffff);
603 qword_print(f, found_path);
610 xlog(D_CALL, "nfsd_fh: found %p path %s", found, found ? found->e_path : NULL);
614 static void write_fsloc(FILE *f, struct exportent *ep)
616 struct servers *servers;
618 if (ep->e_fslocmethod == FSLOC_NONE)
621 servers = replicas_lookup(ep->e_fslocmethod, ep->e_fslocdata);
624 qword_print(f, "fsloc");
625 qword_printint(f, servers->h_num);
626 if (servers->h_num >= 0) {
628 for (i=0; i<servers->h_num; i++) {
629 qword_print(f, servers->h_mp[i]->h_host);
630 qword_print(f, servers->h_mp[i]->h_path);
633 qword_printint(f, servers->h_referral);
634 release_replicas(servers);
637 static void write_secinfo(FILE *f, struct exportent *ep, int flag_mask)
641 for (p = ep->e_secinfo; p->flav; p++)
643 if (p == ep->e_secinfo) {
644 /* There was no sec= option */
647 qword_print(f, "secinfo");
648 qword_printint(f, p - ep->e_secinfo);
649 for (p = ep->e_secinfo; p->flav; p++) {
650 qword_printint(f, p->flav->fnum);
651 qword_printint(f, p->flags & flag_mask);
656 static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *exp)
658 qword_print(f, domain);
659 qword_print(f, path);
661 int different_fs = strcmp(path, exp->e_path) != 0;
662 int flag_mask = different_fs ? ~NFSEXP_FSID : ~0;
664 qword_printuint(f, time(0) + exp->e_ttl);
665 qword_printint(f, exp->e_flags & flag_mask);
666 qword_printint(f, exp->e_anonuid);
667 qword_printint(f, exp->e_anongid);
668 qword_printint(f, exp->e_fsid);
670 write_secinfo(f, exp, flag_mask);
671 if (exp->e_uuid == NULL || different_fs) {
673 if (uuid_by_path(path, 0, 16, u)) {
674 qword_print(f, "uuid");
675 qword_printhex(f, u, 16);
679 get_uuid(exp->e_uuid, 16, u);
680 qword_print(f, "uuid");
681 qword_printhex(f, u, 16);
684 qword_printuint(f, time(0) + DEFAULT_TTL);
688 static int is_subdirectory(char *child, char *parent)
690 int l = strlen(parent);
692 return strcmp(child, parent) == 0
693 || (strncmp(child, parent, l) == 0 && child[l] == '/');
696 static int path_matches(nfs_export *exp, char *path)
698 if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
699 return is_subdirectory(path, exp->m_export.e_path);
700 return strcmp(path, exp->m_export.e_path) == 0;
704 client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
707 return client_check(exp->m_client, ai);
708 return client_member(dom, exp->m_client->m_hostname);
712 export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
714 return path_matches(exp, path) && client_matches(exp, dom, ai);
718 lookup_export(char *dom, char *path, struct addrinfo *ai)
721 nfs_export *found = NULL;
725 for (i=0 ; i < MCL_MAXTYPES; i++) {
726 for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
727 if (!export_matches(exp, dom, path, ai))
735 /* Always prefer non-V4ROOT mounts */
736 if (found->m_export.e_flags & NFSEXP_V4ROOT)
739 /* If one is a CROSSMOUNT, then prefer the longest path */
740 if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) ||
741 (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) &&
742 strlen(found->m_export.e_path) !=
743 strlen(exp->m_export.e_path)) {
745 if (strlen(exp->m_export.e_path) >
746 strlen(found->m_export.e_path)) {
752 } else if (found_type == i && found->m_warned == 0) {
753 xlog(L_WARNING, "%s exported to both %s and %s, "
754 "arbitrarily choosing options from first",
755 path, found->m_client->m_hostname, exp->m_client->m_hostname,
764 static void nfsd_export(FILE *f)
768 * determine export options and return:
769 * domain path expiry flags anonuid anongid fsid
774 nfs_export *found = NULL;
775 struct addrinfo *ai = NULL;
777 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
780 xlog(D_CALL, "nfsd_export: inbuf '%s'", lbuf);
783 dom = malloc(strlen(cp));
784 path = malloc(strlen(cp));
789 if (qword_get(&cp, dom, strlen(lbuf)) <= 0)
791 if (qword_get(&cp, path, strlen(lbuf)) <= 0)
797 struct addrinfo *tmp;
798 tmp = host_pton(dom);
801 ai = client_resolve(tmp->ai_addr);
806 found = lookup_export(dom, path, ai);
809 if (dump_to_cache(f, dom, path, &found->m_export) < 0) {
811 "Cannot export %s, possibly unsupported filesystem"
812 " or fsid= required", path);
813 dump_to_cache(f, dom, path, NULL);
816 dump_to_cache(f, dom, path, NULL);
819 xlog(D_CALL, "nfsd_export: found %p path %s", found, path ? path : NULL);
821 if (path) free(path);
828 void (*cache_handle)(FILE *f);
830 char vbuf[RPC_CHAN_BUF_SIZE];
832 { "auth.unix.ip", auth_unix_ip, NULL, ""},
833 { "auth.unix.gid", auth_unix_gid, NULL, ""},
834 { "nfsd.export", nfsd_export, NULL, ""},
835 { "nfsd.fh", nfsd_fh, NULL, ""},
836 { NULL, NULL, NULL, ""}
839 extern int manage_gids;
842 * cache_open - prepare communications channels with kernel RPC caches
845 void cache_open(void)
848 for (i=0; cachelist[i].cache_name; i++ ) {
850 if (!manage_gids && cachelist[i].cache_handle == auth_unix_gid)
852 sprintf(path, "/proc/net/rpc/%s/channel", cachelist[i].cache_name);
853 cachelist[i].f = fopen(path, "r+");
854 if (cachelist[i].f != NULL) {
855 setvbuf(cachelist[i].f, cachelist[i].vbuf, _IOLBF,
862 * cache_set_fds - prepare cache file descriptors for one iteration of the service loop
863 * @fdset: pointer to fd_set to prepare
865 void cache_set_fds(fd_set *fdset)
868 for (i=0; cachelist[i].cache_name; i++) {
870 FD_SET(fileno(cachelist[i].f), fdset);
875 * cache_process_req - process any active cache file descriptors during service loop iteration
876 * @fdset: pointer to fd_set to examine for activity
878 int cache_process_req(fd_set *readfds)
882 for (i=0; cachelist[i].cache_name; i++) {
883 if (cachelist[i].f != NULL &&
884 FD_ISSET(fileno(cachelist[i].f), readfds)) {
886 cachelist[i].cache_handle(cachelist[i].f);
887 FD_CLR(fileno(cachelist[i].f), readfds);
895 * Give IP->domain and domain+path->options to kernel
896 * % echo nfsd $IP $[now+DEFAULT_TTL] $domain > /proc/net/rpc/auth.unix.ip/channel
897 * % echo $domain $path $[now+DEFAULT_TTL] $options $anonuid $anongid $fsid > /proc/net/rpc/nfsd.export/channel
900 static int cache_export_ent(char *domain, struct exportent *exp, char *path)
903 FILE *f = fopen("/proc/net/rpc/nfsd.export/channel", "w");
907 err = dump_to_cache(f, domain, exp->e_path, exp);
910 "Cannot export %s, possibly unsupported filesystem or"
911 " fsid= required", exp->e_path);
914 while (err == 0 && (exp->e_flags & NFSEXP_CROSSMOUNT) && path) {
915 /* really an 'if', but we can break out of
916 * a 'while' more easily */
917 /* Look along 'path' for other filesystems
918 * and export them with the same options
921 size_t l = strlen(exp->e_path);
924 if (strlen(path) <= l || path[l] != '/' ||
925 strncmp(exp->e_path, path, l) != 0)
927 if (stat(exp->e_path, &stb) != 0)
930 while(path[l] == '/') {
932 /* errors for submount should fail whole filesystem */
936 while (path[l] != '/' && path[l])
940 err2 = lstat(path, &stb);
944 if (stb.st_dev == dev)
948 dump_to_cache(f, domain, path, exp);
959 * cache_export - Inform kernel of a new nfs_export
960 * @exp: target nfs_export
961 * @path: NUL-terminated C string containing export path
963 int cache_export(nfs_export *exp, char *path)
965 char buf[INET6_ADDRSTRLEN];
969 f = fopen("/proc/net/rpc/auth.unix.ip/channel", "w");
974 qword_print(f, "nfsd");
976 host_ntop(get_addrlist(exp->m_client, 0), buf, sizeof(buf)));
977 qword_printuint(f, time(0) + exp->m_export.e_ttl);
978 qword_print(f, exp->m_client->m_hostname);
983 err = cache_export_ent(exp->m_client->m_hostname, &exp->m_export, path)
989 * cache_get_filehandle - given an nfs_export, get its root filehandle
990 * @exp: target nfs_export
991 * @len: length of requested file handle
992 * @p: NUL-terminated C string containing export path
994 * Returns pointer to NFS file handle of root directory of export
997 * echo $domain $path $length
998 * read filehandle <&0
999 * } <> /proc/fs/nfsd/filehandle
1002 cache_get_filehandle(nfs_export *exp, int len, char *p)
1004 FILE *f = fopen("/proc/fs/nfsd/filehandle", "r+");
1008 static struct nfs_fh_len fh;
1011 f = fopen("/proc/fs/nfs/filehandle", "r+");
1015 qword_print(f, exp->m_client->m_hostname);
1017 qword_printint(f, len);
1018 failed = qword_eol(f);
1021 failed = (fgets(buf, sizeof(buf), f) == NULL);
1025 memset(fh.fh_handle, 0, sizeof(fh.fh_handle));
1026 fh.fh_size = qword_get(&bp, (char *)fh.fh_handle, NFS3_FHSIZE);
projects / nfs-utils.git / blob