3 * Handle communication with knfsd internal cache
5 * We open /proc/net/rpc/{auth.unix.ip,nfsd.export,nfsd.fh}/channel
6 * and listen for requests (using my_svc_run)
14 #include <sys/types.h>
15 #include <sys/select.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
33 #include "pseudoflavors.h"
36 #include "blkid/blkid.h"
52 * Support routines for text-based upcalls.
53 * Fields are separated by spaces.
54 * Fields are either mangled to quote space tab newline slosh with slosh
55 * or a hexified with a leading \x
56 * Record is terminated with newline.
59 int cache_export_ent(char *domain, struct exportent *exp, char *p);
64 extern int use_ipaddr;
66 void auth_unix_ip(FILE *f)
70 * Ignore if class != "nfsd"
71 * Otherwise find domainname and write back:
73 * "nfsd" IP-ADDR expiry domainname
80 struct hostent *he = NULL;
81 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
86 if (qword_get(&cp, class, 20) <= 0 ||
87 strcmp(class, "nfsd") != 0)
90 if (qword_get(&cp, ipaddr, 20) <= 0)
93 if (inet_aton(ipaddr, &addr)==0)
98 /* addr is a valid, interesting address, find the domain name... */
100 he = client_resolve(addr);
101 client = client_compose(he);
104 qword_print(f, "nfsd");
105 qword_print(f, ipaddr);
106 qword_printint(f, time(0)+30*60);
108 qword_print(f, ipaddr);
110 qword_print(f, *client?client:"DEFAULT");
113 if (client) free(client);
117 void auth_unix_gid(FILE *f)
122 * uid expiry count list of group ids
126 gid_t glist[100], *groups = glist;
131 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
135 if (qword_get_int(&cp, &uid) != 0)
142 rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
143 if (rv == -1 && ngroups >= 100) {
144 groups = malloc(sizeof(gid_t)*ngroups);
148 rv = getgrouplist(pw->pw_name, pw->pw_gid,
152 qword_printint(f, uid);
153 qword_printint(f, time(0)+30*60);
155 qword_printint(f, ngroups);
156 for (i=0; i<ngroups; i++)
157 qword_printint(f, groups[i]);
165 int get_uuid(char *path, char *uuid, int uuidlen, char *u)
167 /* extract hex digits from uuidstr and compose a uuid
168 * of the given length (max 16), xoring bytes to make
169 * a smaller uuid. Then compare with uuid
175 static blkid_cache cache = NULL;
178 blkid_tag_iterate iter;
182 blkid_get_cache(&cache, NULL);
184 blkid_probe_all_new(cache);
186 if (stat(path, &stb) != 0)
188 devname = blkid_devno_to_devname(stb.st_dev);
191 dev = blkid_get_dev(cache, devname, BLKID_DEV_NORMAL);
195 iter = blkid_tag_iterate_begin(dev);
198 while (blkid_tag_next(iter, &type, &val) == 0)
199 if (strcmp(type, "UUID") == 0)
201 blkid_tag_iterate_end(iter);
208 memset(u, 0, uuidlen);
209 for ( ; *val ; val++) {
231 /* Iterate through /etc/mtab, finding mountpoints
232 * at or below a given path
234 static char *next_mnt(void **v, char *p)
240 f = setmntent("/etc/mtab", "r");
244 while ((me = getmntent(f)) != NULL &&
245 (strncmp(me->mnt_dir, p, l) != 0 ||
246 me->mnt_dir[l] != '/'))
256 void nfsd_fh(FILE *f)
259 * domain fsidtype fsid
260 * interpret fsid, find export point and options, and write:
261 * domain fsidtype fsid expiry path
267 unsigned int dev, major=0, minor=0;
268 unsigned int inode=0;
269 unsigned long long inode64;
270 unsigned int fsidnum=0;
272 struct exportent *found = NULL;
273 struct hostent *he = NULL;
275 char *found_path = NULL;
282 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
287 dom = malloc(strlen(cp));
290 if (qword_get(&cp, dom, strlen(cp)) <= 0)
292 if (qword_get_int(&cp, &fsidtype) != 0)
294 if (fsidtype < 0 || fsidtype > 7)
295 goto out; /* unknown type */
296 if ((fsidlen = qword_get(&cp, fsid, 32)) <= 0)
299 case FSID_DEV: /* 4 bytes: 2 major, 2 minor, 4 inode */
302 memcpy(&dev, fsid, 4);
303 memcpy(&inode, fsid+4, 4);
304 major = ntohl(dev)>>16;
305 minor = ntohl(dev) & 0xFFFF;
308 case FSID_NUM: /* 4 bytes - fsid */
311 memcpy(&fsidnum, fsid, 4);
314 case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode
315 * This format is never actually used but was
316 * an historical accident
320 memcpy(&dev, fsid, 4); major = ntohl(dev);
321 memcpy(&dev, fsid+4, 4); minor = ntohl(dev);
322 memcpy(&inode, fsid+8, 4);
325 case FSID_ENCODE_DEV: /* 8 bytes: 4 byte packed device number, 4 inode */
326 /* This is *host* endian, not net-byte-order, because
327 * no-one outside this host has any business interpreting it
331 memcpy(&dev, fsid, 4);
332 memcpy(&inode, fsid+4, 4);
333 major = (dev & 0xfff00) >> 8;
334 minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
337 case FSID_UUID4_INUM: /* 4 byte inode number and 4 byte uuid */
340 memcpy(&inode, fsid, 4);
344 case FSID_UUID8: /* 8 byte uuid */
350 case FSID_UUID16: /* 16 byte uuid */
356 case FSID_UUID16_INUM: /* 8 byte inode number and 16 byte uuid */
359 memcpy(&inode64, fsid, 8);
368 /* Now determine export point for this fsid/domain */
369 for (i=0 ; i < MCL_MAXTYPES; i++) {
370 nfs_export *next_exp;
371 for (exp = exportlist[i]; exp; exp = next_exp) {
376 if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) {
377 static nfs_export *prev = NULL;
378 static void *mnt = NULL;
382 path = next_mnt(&mnt, exp->m_export.e_path);
384 next_exp = exp->m_next;
392 path = exp->m_export.e_path;
396 path = exp->m_export.e_path;
397 next_exp = exp->m_next;
400 if (!use_ipaddr && !client_member(dom, exp->m_client->m_hostname))
402 if (exp->m_export.e_mountpoint &&
403 !is_mountpoint(exp->m_export.e_mountpoint[0]?
404 exp->m_export.e_mountpoint:
405 exp->m_export.e_path))
407 if (stat(path, &stb) != 0)
409 if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
414 case FSID_MAJOR_MINOR:
415 case FSID_ENCODE_DEV:
416 if (stb.st_ino != inode)
418 if (major != major(stb.st_dev) ||
419 minor != minor(stb.st_dev))
423 if (((exp->m_export.e_flags & NFSEXP_FSID) == 0 ||
424 exp->m_export.e_fsid != fsidnum))
427 case FSID_UUID4_INUM:
428 case FSID_UUID16_INUM:
429 if (stb.st_ino != inode)
434 if (!is_mountpoint(path))
438 if (exp->m_export.e_uuid)
439 get_uuid(NULL, exp->m_export.e_uuid,
441 else if (get_uuid(path, NULL,
445 if (memcmp(u, fhuuid, uuidlen) != 0)
454 if (!inet_aton(dom, &addr))
456 he = client_resolve(addr);
458 if (!client_check(exp->m_client, he))
461 /* It's a match !! */
463 found = &exp->m_export;
464 found_path = strdup(path);
465 if (found_path == NULL)
467 } else if (strcmp(found->e_path, exp->m_export.e_path)!= 0)
469 xlog(L_WARNING, "%s and %s have same filehandle for %s, using first",
470 found_path, path, dom);
475 found->e_mountpoint &&
476 !is_mountpoint(found->e_mountpoint[0]?
479 /* Cannot export this yet
480 * should log a warning, but need to rate limit
481 xlog(L_WARNING, "%s not exported as %d not a mountpoint",
482 found->e_path, found->e_mountpoint);
484 /* FIXME we need to make sure we re-visit this later */
487 if (!found && dev_missing) {
488 /* The missing dev could be what we want, so just be
489 * quite rather than returning stale yet
495 if (cache_export_ent(dom, found, found_path) < 0)
499 qword_printint(f, fsidtype);
500 qword_printhex(f, fsid, fsidlen);
501 /* The fsid -> path lookup can be quite expensive as it
502 * potentially stats and reads lots of devices, and some of those
503 * might have spun-down. The Answer is not likely to
504 * change underneath us, and an 'exportfs -f' can always
505 * remove this from the kernel, so use a really log
506 * timeout. Maybe this should be configurable on the command
509 qword_printint(f, 0x7fffffff);
511 qword_print(f, found->e_path);
520 static void write_fsloc(FILE *f, struct exportent *ep, char *path)
522 struct servers *servers;
524 if (ep->e_fslocmethod == FSLOC_NONE)
527 servers = replicas_lookup(ep->e_fslocmethod, ep->e_fslocdata, path);
530 qword_print(f, "fsloc");
531 qword_printint(f, servers->h_num);
532 if (servers->h_num >= 0) {
534 for (i=0; i<servers->h_num; i++) {
535 qword_print(f, servers->h_mp[i]->h_host);
536 qword_print(f, servers->h_mp[i]->h_path);
539 qword_printint(f, servers->h_referral);
540 release_replicas(servers);
543 static void write_secinfo(FILE *f, struct exportent *ep)
547 for (p = ep->e_secinfo; p->flav; p++)
549 if (p == ep->e_secinfo) {
550 /* There was no sec= option */
553 qword_print(f, "secinfo");
554 qword_printint(f, p - ep->e_secinfo);
555 for (p = ep->e_secinfo; p->flav; p++) {
556 qword_printint(f, p->flav->fnum);
557 qword_printint(f, p->flags);
562 static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *exp)
564 qword_print(f, domain);
565 qword_print(f, path);
566 qword_printint(f, time(0)+30*60);
568 qword_printint(f, exp->e_flags);
569 qword_printint(f, exp->e_anonuid);
570 qword_printint(f, exp->e_anongid);
571 qword_printint(f, exp->e_fsid);
572 write_fsloc(f, exp, path);
573 write_secinfo(f, exp);
575 if (exp->e_uuid == NULL) {
577 if (get_uuid(path, NULL, 16, u)) {
578 qword_print(f, "uuid");
579 qword_printhex(f, u, 16);
581 } else if (exp->e_uuid) {
582 qword_print(f, "uuid");
583 qword_printhex(f, exp->e_uuid, 16);
590 void nfsd_export(FILE *f)
594 * determine export options and return:
595 * domain path expiry flags anonuid anongid fsid
601 nfs_export *exp, *found = NULL;
604 struct hostent *he = NULL;
607 if (readline(fileno(f), &lbuf, &lbuflen) != 1)
611 dom = malloc(strlen(cp));
612 path = malloc(strlen(cp));
617 if (qword_get(&cp, dom, strlen(lbuf)) <= 0)
619 if (qword_get(&cp, path, strlen(lbuf)) <= 0)
624 /* now find flags for this export point in this domain */
625 for (i=0 ; i < MCL_MAXTYPES; i++) {
626 for (exp = exportlist[i]; exp; exp = exp->m_next) {
627 if (!use_ipaddr && !client_member(dom, exp->m_client->m_hostname))
629 if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) {
630 /* if path is a mountpoint below e_path, then OK */
631 int l = strlen(exp->m_export.e_path);
632 if (strcmp(path, exp->m_export.e_path) == 0 ||
633 (strncmp(path, exp->m_export.e_path, l) == 0 &&
635 is_mountpoint(path)))
639 } else if (strcmp(path, exp->m_export.e_path) != 0)
643 if (!inet_aton(dom, &addr))
645 he = client_resolve(addr);
647 if (!client_check(exp->m_client, he))
655 /* If one is a CROSSMOUNT, then prefer the longest path */
656 if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) ||
657 (found->m_export.e_flags & NFSEXP_CROSSMOUNT)) &&
658 strlen(found->m_export.e_path) !=
659 strlen(found->m_export.e_path)) {
661 if (strlen(exp->m_export.e_path) >
662 strlen(found->m_export.e_path)) {
668 } else if (found_type == i && found->m_warned == 0) {
669 xlog(L_WARNING, "%s exported to both %s and %s, "
670 "arbitrarily choosing options from first",
671 path, found->m_client->m_hostname, exp->m_client->m_hostname,
679 if (dump_to_cache(f, dom, path, &found->m_export) < 0) {
681 "Cannot export %s, possibly unsupported filesystem"
682 " or fsid= required", path);
683 dump_to_cache(f, dom, path, NULL);
686 dump_to_cache(f, dom, path, NULL);
690 if (path) free(path);
697 void (*cache_handle)(FILE *f);
700 { "auth.unix.ip", auth_unix_ip},
701 { "auth.unix.gid", auth_unix_gid},
702 { "nfsd.export", nfsd_export},
703 { "nfsd.fh", nfsd_fh},
707 extern int manage_gids;
708 void cache_open(void)
711 for (i=0; cachelist[i].cache_name; i++ ) {
713 if (!manage_gids && cachelist[i].cache_handle == auth_unix_gid)
715 sprintf(path, "/proc/net/rpc/%s/channel", cachelist[i].cache_name);
716 cachelist[i].f = fopen(path, "r+");
720 void cache_set_fds(fd_set *fdset)
723 for (i=0; cachelist[i].cache_name; i++) {
725 FD_SET(fileno(cachelist[i].f), fdset);
729 int cache_process_req(fd_set *readfds)
733 for (i=0; cachelist[i].cache_name; i++) {
734 if (cachelist[i].f != NULL &&
735 FD_ISSET(fileno(cachelist[i].f), readfds)) {
737 cachelist[i].cache_handle(cachelist[i].f);
738 FD_CLR(fileno(cachelist[i].f), readfds);
746 * Give IP->domain and domain+path->options to kernel
747 * % echo nfsd $IP $[now+30*60] $domain > /proc/net/rpc/auth.unix.ip/channel
748 * % echo $domain $path $[now+30*60] $options $anonuid $anongid $fsid > /proc/net/rpc/nfsd.export/channel
751 int cache_export_ent(char *domain, struct exportent *exp, char *path)
754 FILE *f = fopen("/proc/net/rpc/nfsd.export/channel", "w");
758 err = dump_to_cache(f, domain, exp->e_path, exp);
761 "Cannot export %s, possibly unsupported filesystem or"
762 " fsid= required", exp->e_path);
765 while (err == 0 && (exp->e_flags & NFSEXP_CROSSMOUNT) && path) {
766 /* really an 'if', but we can break out of
767 * a 'while' more easily */
768 /* Look along 'path' for other filesystems
769 * and export them with the same options
772 int l = strlen(exp->e_path);
775 if (strlen(path) <= l || path[l] != '/' ||
776 strncmp(exp->e_path, path, l) != 0)
778 if (stat(exp->e_path, &stb) != 0)
781 while(path[l] == '/') {
783 /* errors for submount should fail whole filesystem */
787 while (path[l] != '/' && path[l])
791 err2 = lstat(path, &stb);
795 if (stb.st_dev == dev)
799 dump_to_cache(f, domain, path, exp);
809 int cache_export(nfs_export *exp, char *path)
814 f = fopen("/proc/net/rpc/auth.unix.ip/channel", "w");
818 qword_print(f, "nfsd");
819 qword_print(f, inet_ntoa(exp->m_client->m_addrlist[0]));
820 qword_printint(f, time(0)+30*60);
821 qword_print(f, exp->m_client->m_hostname);
826 err = cache_export_ent(exp->m_client->m_hostname, &exp->m_export, path)
833 * echo $domain $path $length
834 * read filehandle <&0
835 * } <> /proc/fs/nfsd/filehandle
838 cache_get_filehandle(nfs_export *exp, int len, char *p)
840 FILE *f = fopen("/proc/fs/nfsd/filehandle", "r+");
844 static struct nfs_fh_len fh;
847 f = fopen("/proc/fs/nfs/filehandle", "r+");
851 qword_print(f, exp->m_client->m_hostname);
853 qword_printint(f, len);
854 failed = qword_eol(f);
857 failed = (fgets(buf, sizeof(buf), f) == NULL);
861 memset(fh.fh_handle, 0, sizeof(fh.fh_handle));
862 fh.fh_size = qword_get(&bp, (char *)fh.fh_handle, NFS3_FHSIZE);