2005-01-06 23:35:40 +00:00
|
|
|
/*-
|
1994-05-24 10:09:53 +00:00
|
|
|
* Copyright (c) 1989, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
* (c) UNIX System Laboratories, Inc.
|
|
|
|
|
* All or some portions of this file are derived from material licensed
|
|
|
|
|
* to the University of California by American Telephone and Telegraph
|
|
|
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
|
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
1997-02-10 02:22:35 +00:00
|
|
|
* @(#)vfs_subr.c 8.31 (Berkeley) 5/26/95
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
|
2003-06-11 00:56:59 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
|
2014-11-05 00:58:01 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
|
#include "opt_inet6.h"
|
|
|
|
|
|
2001-04-26 20:47:14 +00:00
|
|
|
#include <sys/param.h>
|
2004-04-21 12:10:30 +00:00
|
|
|
#include <sys/dirent.h>
|
2009-09-28 18:07:16 +00:00
|
|
|
#include <sys/jail.h>
|
2001-04-26 20:47:14 +00:00
|
|
|
#include <sys/kernel.h>
|
2004-04-21 12:10:30 +00:00
|
|
|
#include <sys/lock.h>
|
2001-04-26 20:47:14 +00:00
|
|
|
#include <sys/malloc.h>
|
2001-09-10 11:28:07 +00:00
|
|
|
#include <sys/mbuf.h>
|
2001-04-26 20:47:14 +00:00
|
|
|
#include <sys/mount.h>
|
2004-04-21 12:10:30 +00:00
|
|
|
#include <sys/mutex.h>
|
2008-12-07 21:15:43 +00:00
|
|
|
#include <sys/rwlock.h>
|
2005-09-27 18:09:42 +00:00
|
|
|
#include <sys/refcount.h>
|
2013-02-21 19:02:50 +00:00
|
|
|
#include <sys/signalvar.h>
|
2004-04-21 12:10:30 +00:00
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/systm.h>
|
2001-04-26 20:47:14 +00:00
|
|
|
#include <sys/vnode.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-11-05 00:58:01 +00:00
|
|
|
#include <netinet/in.h>
|
2004-04-21 12:10:30 +00:00
|
|
|
#include <net/radix.h>
|
|
|
|
|
|
2005-10-31 15:41:29 +00:00
|
|
|
static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-11-05 00:58:01 +00:00
|
|
|
static struct radix_node_head *vfs_create_addrlist_af(
|
|
|
|
|
struct radix_node_head **prnh, int off);
|
2002-03-19 21:25:46 +00:00
|
|
|
static void vfs_free_addrlist(struct netexport *nep);
|
|
|
|
|
static int vfs_free_netcred(struct radix_node *rn, void *w);
|
2014-11-05 00:58:01 +00:00
|
|
|
static void vfs_free_addrlist_af(struct radix_node_head **prnh);
|
2002-03-19 21:25:46 +00:00
|
|
|
static int vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
|
2002-03-24 05:09:11 +00:00
|
|
|
struct export_args *argp);
|
2005-02-10 12:25:38 +00:00
|
|
|
static struct netcred *vfs_export_lookup(struct mount *, struct sockaddr *);
|
1995-11-20 12:42:39 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
2001-04-26 20:47:14 +00:00
|
|
|
* Network address lookup element
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
2001-04-26 20:47:14 +00:00
|
|
|
struct netcred {
|
|
|
|
|
struct radix_node netc_rnodes[2];
|
|
|
|
|
int netc_exflags;
|
2009-05-09 18:09:17 +00:00
|
|
|
struct ucred *netc_anon;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int netc_numsecflavors;
|
|
|
|
|
int netc_secflavors[MAXSECFLAVORS];
|
2001-04-26 20:47:14 +00:00
|
|
|
};
|
1997-02-10 02:22:35 +00:00
|
|
|
|
|
|
|
|
/*
|
2001-04-26 20:47:14 +00:00
|
|
|
* Network export information
|
1997-02-10 02:22:35 +00:00
|
|
|
*/
|
2001-04-26 20:47:14 +00:00
|
|
|
struct netexport {
|
|
|
|
|
struct netcred ne_defexported; /* Default export */
|
2014-11-05 00:58:01 +00:00
|
|
|
struct radix_node_head *ne4;
|
|
|
|
|
struct radix_node_head *ne6;
|
2001-04-26 20:47:14 +00:00
|
|
|
};
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Build hash lists of net addresses and hang them off the mount point.
|
2009-05-09 18:09:17 +00:00
|
|
|
* Called by vfs_export() to set up the lists of export addresses.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
static int
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
|
|
|
|
|
struct export_args *argp)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
|
|
|
|
register struct netcred *np;
|
|
|
|
|
register struct radix_node_head *rnh;
|
|
|
|
|
register int i;
|
|
|
|
|
struct radix_node *rn;
|
|
|
|
|
struct sockaddr *saddr, *smask = 0;
|
2014-11-06 12:19:39 +00:00
|
|
|
#if defined(INET6) || defined(INET)
|
2014-11-05 00:58:01 +00:00
|
|
|
int off;
|
2014-11-06 12:19:39 +00:00
|
|
|
#endif
|
1994-05-24 10:09:53 +00:00
|
|
|
int error;
|
|
|
|
|
|
2002-03-03 06:07:57 +00:00
|
|
|
/*
|
|
|
|
|
* XXX: This routine converts from a `struct xucred'
|
|
|
|
|
* (argp->ex_anon) to a `struct ucred' (np->netc_anon). This
|
|
|
|
|
* operation is questionable; for example, what should be done
|
|
|
|
|
* with fields like cr_uidinfo and cr_prison? Currently, this
|
|
|
|
|
* routine does not touch them (leaves them as NULL).
|
|
|
|
|
*/
|
2007-01-23 06:19:16 +00:00
|
|
|
if (argp->ex_anon.cr_version != XUCRED_VERSION) {
|
|
|
|
|
vfs_mount_error(mp, "ex_anon.cr_version: %d != %d",
|
|
|
|
|
argp->ex_anon.cr_version, XUCRED_VERSION);
|
2002-03-03 06:07:57 +00:00
|
|
|
return (EINVAL);
|
2007-01-23 06:19:16 +00:00
|
|
|
}
|
2002-03-03 06:07:57 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
if (argp->ex_addrlen == 0) {
|
2007-01-23 06:19:16 +00:00
|
|
|
if (mp->mnt_flag & MNT_DEFEXPORTED) {
|
|
|
|
|
vfs_mount_error(mp,
|
|
|
|
|
"MNT_DEFEXPORTED already set for mount %p", mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (EPERM);
|
2007-01-23 06:19:16 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
np = &nep->ne_defexported;
|
|
|
|
|
np->netc_exflags = argp->ex_flags;
|
2009-05-09 18:09:17 +00:00
|
|
|
np->netc_anon = crget();
|
|
|
|
|
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
|
2009-06-19 17:10:35 +00:00
|
|
|
crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
|
|
|
|
|
argp->ex_anon.cr_groups);
|
2009-09-28 18:07:16 +00:00
|
|
|
np->netc_anon->cr_prison = &prison0;
|
|
|
|
|
prison_hold(np->netc_anon->cr_prison);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
np->netc_numsecflavors = argp->ex_numsecflavors;
|
|
|
|
|
bcopy(argp->ex_secflavors, np->netc_secflavors,
|
|
|
|
|
sizeof(np->netc_secflavors));
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_ILOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
mp->mnt_flag |= MNT_DEFEXPORTED;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_IUNLOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
2001-09-10 11:28:07 +00:00
|
|
|
|
2003-07-26 07:23:24 +00:00
|
|
|
#if MSIZE <= 256
|
2006-12-07 02:57:00 +00:00
|
|
|
if (argp->ex_addrlen > MLEN) {
|
|
|
|
|
vfs_mount_error(mp, "ex_addrlen %d is greater than %d",
|
|
|
|
|
argp->ex_addrlen, MLEN);
|
2001-09-10 11:28:07 +00:00
|
|
|
return (EINVAL);
|
2006-12-07 02:57:00 +00:00
|
|
|
}
|
2003-07-26 07:23:24 +00:00
|
|
|
#endif
|
2001-09-10 11:28:07 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
|
2003-02-19 05:47:46 +00:00
|
|
|
np = (struct netcred *) malloc(i, M_NETADDR, M_WAITOK | M_ZERO);
|
These changes embody the support of the fully coherent merged VM buffer cache,
much higher filesystem I/O performance, and much better paging performance. It
represents the culmination of over 6 months of R&D.
The majority of the merged VM/cache work is by John Dyson.
The following highlights the most significant changes. Additionally, there are
(mostly minor) changes to the various filesystem modules (nfs, msdosfs, etc) to
support the new VM/buffer scheme.
vfs_bio.c:
Significant rewrite of most of vfs_bio to support the merged VM buffer cache
scheme. The scheme is almost fully compatible with the old filesystem
interface. Significant improvement in the number of opportunities for write
clustering.
vfs_cluster.c, vfs_subr.c
Upgrade and performance enhancements in vfs layer code to support merged
VM/buffer cache. Fixup of vfs_cluster to eliminate the bogus pagemove stuff.
vm_object.c:
Yet more improvements in the collapse code. Elimination of some windows that
can cause list corruption.
vm_pageout.c:
Fixed it, it really works better now. Somehow in 2.0, some "enhancements"
broke the code. This code has been reworked from the ground-up.
vm_fault.c, vm_page.c, pmap.c, vm_object.c
Support for small-block filesystems with merged VM/buffer cache scheme.
pmap.c vm_map.c
Dynamic kernel VM size, now we dont have to pre-allocate excessive numbers of
kernel PTs.
vm_glue.c
Much simpler and more effective swapping code. No more gratuitous swapping.
proc.h
Fixed the problem that the p_lock flag was not being cleared on a fork.
swap_pager.c, vnode_pager.c
Removal of old vfs_bio cruft to support the past pseudo-coherency. Now the
code doesn't need it anymore.
machdep.c
Changes to better support the parameter values for the merged VM/buffer cache
scheme.
machdep.c, kern_exec.c, vm_glue.c
Implemented a seperate submap for temporary exec string space and another one
to contain process upages. This eliminates all map fragmentation problems
that previously existed.
ffs_inode.c, ufs_inode.c, ufs_readwrite.c
Changes for merged VM/buffer cache. Add "bypass" support for sneaking in on
busy buffers.
Submitted by: John Dyson and David Greenman
1995-01-09 16:06:02 +00:00
|
|
|
saddr = (struct sockaddr *) (np + 1);
|
2002-06-28 23:17:36 +00:00
|
|
|
if ((error = copyin(argp->ex_addr, saddr, argp->ex_addrlen)))
|
1994-05-24 10:09:53 +00:00
|
|
|
goto out;
|
2007-01-23 06:19:16 +00:00
|
|
|
if (saddr->sa_family == AF_UNSPEC || saddr->sa_family > AF_MAX) {
|
2004-11-28 19:16:00 +00:00
|
|
|
error = EINVAL;
|
2007-01-23 06:19:16 +00:00
|
|
|
vfs_mount_error(mp, "Invalid saddr->sa_family: %d");
|
2004-11-28 19:16:00 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
if (saddr->sa_len > argp->ex_addrlen)
|
|
|
|
|
saddr->sa_len = argp->ex_addrlen;
|
|
|
|
|
if (argp->ex_masklen) {
|
2002-06-29 17:56:34 +00:00
|
|
|
smask = (struct sockaddr *)((caddr_t)saddr + argp->ex_addrlen);
|
2002-06-28 23:17:36 +00:00
|
|
|
error = copyin(argp->ex_mask, smask, argp->ex_masklen);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (error)
|
|
|
|
|
goto out;
|
|
|
|
|
if (smask->sa_len > argp->ex_masklen)
|
|
|
|
|
smask->sa_len = argp->ex_masklen;
|
|
|
|
|
}
|
2014-11-05 00:58:01 +00:00
|
|
|
rnh = NULL;
|
|
|
|
|
switch (saddr->sa_family) {
|
|
|
|
|
#ifdef INET
|
|
|
|
|
case AF_INET:
|
|
|
|
|
if ((rnh = nep->ne4) == NULL) {
|
|
|
|
|
off = offsetof(struct sockaddr_in, sin_addr) << 3;
|
|
|
|
|
rnh = vfs_create_addrlist_af(&nep->ne4, off);
|
Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.
Constraints:
------------
I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".
One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.
One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).
You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.
This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.
2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.
6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.
Early testing experience:
-------------------------
Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.
For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any
count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.
Where to next:
--------------------
After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.
When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.
Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco
2008-05-09 23:03:00 +00:00
|
|
|
}
|
2014-11-05 00:58:01 +00:00
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef INET6
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
if ((rnh = nep->ne6) == NULL) {
|
|
|
|
|
off = offsetof(struct sockaddr_in6, sin6_addr) << 3;
|
|
|
|
|
rnh = vfs_create_addrlist_af(&nep->ne6, off);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2014-11-05 00:58:01 +00:00
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
if (rnh == NULL) {
|
|
|
|
|
error = ENOBUFS;
|
|
|
|
|
vfs_mount_error(mp, "%s %s %d",
|
|
|
|
|
"Unable to initialize radix node head ",
|
|
|
|
|
"for address family", saddr->sa_family);
|
|
|
|
|
goto out;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2002-12-24 03:03:39 +00:00
|
|
|
RADIX_NODE_HEAD_LOCK(rnh);
|
2002-06-29 17:58:44 +00:00
|
|
|
rn = (*rnh->rnh_addaddr)(saddr, smask, rnh, np->netc_rnodes);
|
2002-12-24 03:03:39 +00:00
|
|
|
RADIX_NODE_HEAD_UNLOCK(rnh);
|
|
|
|
|
if (rn == NULL || np != (struct netcred *)rn) { /* already exists */
|
2002-06-30 05:23:58 +00:00
|
|
|
error = EPERM;
|
2014-11-05 00:58:01 +00:00
|
|
|
vfs_mount_error(mp,
|
|
|
|
|
"netcred already exists for given addr/mask");
|
2002-06-30 05:23:58 +00:00
|
|
|
goto out;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
np->netc_exflags = argp->ex_flags;
|
2009-05-09 18:09:17 +00:00
|
|
|
np->netc_anon = crget();
|
|
|
|
|
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
|
2009-06-19 17:10:35 +00:00
|
|
|
crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
|
2012-12-14 21:49:06 +00:00
|
|
|
argp->ex_anon.cr_groups);
|
2009-09-28 18:07:16 +00:00
|
|
|
np->netc_anon->cr_prison = &prison0;
|
|
|
|
|
prison_hold(np->netc_anon->cr_prison);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
np->netc_numsecflavors = argp->ex_numsecflavors;
|
|
|
|
|
bcopy(argp->ex_secflavors, np->netc_secflavors,
|
|
|
|
|
sizeof(np->netc_secflavors));
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
|
out:
|
|
|
|
|
free(np, M_NETADDR);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2000-10-05 18:22:46 +00:00
|
|
|
/* Helper for vfs_free_addrlist. */
|
1994-05-24 10:09:53 +00:00
|
|
|
/* ARGSUSED */
|
|
|
|
|
static int
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_free_netcred(struct radix_node *rn, void *w)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2009-06-29 18:09:07 +00:00
|
|
|
struct radix_node_head *rnh = (struct radix_node_head *) w;
|
|
|
|
|
struct ucred *cred;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
These changes embody the support of the fully coherent merged VM buffer cache,
much higher filesystem I/O performance, and much better paging performance. It
represents the culmination of over 6 months of R&D.
The majority of the merged VM/cache work is by John Dyson.
The following highlights the most significant changes. Additionally, there are
(mostly minor) changes to the various filesystem modules (nfs, msdosfs, etc) to
support the new VM/buffer scheme.
vfs_bio.c:
Significant rewrite of most of vfs_bio to support the merged VM buffer cache
scheme. The scheme is almost fully compatible with the old filesystem
interface. Significant improvement in the number of opportunities for write
clustering.
vfs_cluster.c, vfs_subr.c
Upgrade and performance enhancements in vfs layer code to support merged
VM/buffer cache. Fixup of vfs_cluster to eliminate the bogus pagemove stuff.
vm_object.c:
Yet more improvements in the collapse code. Elimination of some windows that
can cause list corruption.
vm_pageout.c:
Fixed it, it really works better now. Somehow in 2.0, some "enhancements"
broke the code. This code has been reworked from the ground-up.
vm_fault.c, vm_page.c, pmap.c, vm_object.c
Support for small-block filesystems with merged VM/buffer cache scheme.
pmap.c vm_map.c
Dynamic kernel VM size, now we dont have to pre-allocate excessive numbers of
kernel PTs.
vm_glue.c
Much simpler and more effective swapping code. No more gratuitous swapping.
proc.h
Fixed the problem that the p_lock flag was not being cleared on a fork.
swap_pager.c, vnode_pager.c
Removal of old vfs_bio cruft to support the past pseudo-coherency. Now the
code doesn't need it anymore.
machdep.c
Changes to better support the parameter values for the merged VM/buffer cache
scheme.
machdep.c, kern_exec.c, vm_glue.c
Implemented a seperate submap for temporary exec string space and another one
to contain process upages. This eliminates all map fragmentation problems
that previously existed.
ffs_inode.c, ufs_inode.c, ufs_readwrite.c
Changes for merged VM/buffer cache. Add "bypass" support for sneaking in on
busy buffers.
Submitted by: John Dyson and David Greenman
1995-01-09 16:06:02 +00:00
|
|
|
(*rnh->rnh_deladdr) (rn->rn_key, rn->rn_mask, rnh);
|
2009-06-29 18:09:07 +00:00
|
|
|
cred = ((struct netcred *)rn)->netc_anon;
|
|
|
|
|
if (cred != NULL)
|
|
|
|
|
crfree(cred);
|
2002-06-28 23:17:36 +00:00
|
|
|
free(rn, M_NETADDR);
|
1994-05-24 10:09:53 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
These changes embody the support of the fully coherent merged VM buffer cache,
much higher filesystem I/O performance, and much better paging performance. It
represents the culmination of over 6 months of R&D.
The majority of the merged VM/cache work is by John Dyson.
The following highlights the most significant changes. Additionally, there are
(mostly minor) changes to the various filesystem modules (nfs, msdosfs, etc) to
support the new VM/buffer scheme.
vfs_bio.c:
Significant rewrite of most of vfs_bio to support the merged VM buffer cache
scheme. The scheme is almost fully compatible with the old filesystem
interface. Significant improvement in the number of opportunities for write
clustering.
vfs_cluster.c, vfs_subr.c
Upgrade and performance enhancements in vfs layer code to support merged
VM/buffer cache. Fixup of vfs_cluster to eliminate the bogus pagemove stuff.
vm_object.c:
Yet more improvements in the collapse code. Elimination of some windows that
can cause list corruption.
vm_pageout.c:
Fixed it, it really works better now. Somehow in 2.0, some "enhancements"
broke the code. This code has been reworked from the ground-up.
vm_fault.c, vm_page.c, pmap.c, vm_object.c
Support for small-block filesystems with merged VM/buffer cache scheme.
pmap.c vm_map.c
Dynamic kernel VM size, now we dont have to pre-allocate excessive numbers of
kernel PTs.
vm_glue.c
Much simpler and more effective swapping code. No more gratuitous swapping.
proc.h
Fixed the problem that the p_lock flag was not being cleared on a fork.
swap_pager.c, vnode_pager.c
Removal of old vfs_bio cruft to support the past pseudo-coherency. Now the
code doesn't need it anymore.
machdep.c
Changes to better support the parameter values for the merged VM/buffer cache
scheme.
machdep.c, kern_exec.c, vm_glue.c
Implemented a seperate submap for temporary exec string space and another one
to contain process upages. This eliminates all map fragmentation problems
that previously existed.
ffs_inode.c, ufs_inode.c, ufs_readwrite.c
Changes for merged VM/buffer cache. Add "bypass" support for sneaking in on
busy buffers.
Submitted by: John Dyson and David Greenman
1995-01-09 16:06:02 +00:00
|
|
|
|
2014-11-05 00:58:01 +00:00
|
|
|
static struct radix_node_head *
|
|
|
|
|
vfs_create_addrlist_af(struct radix_node_head **prnh, int off)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (rn_inithead((void **)prnh, off) == 0)
|
|
|
|
|
return (NULL);
|
|
|
|
|
RADIX_NODE_HEAD_LOCK_INIT(*prnh);
|
|
|
|
|
return (*prnh);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
vfs_free_addrlist_af(struct radix_node_head **prnh)
|
|
|
|
|
{
|
|
|
|
|
struct radix_node_head *rnh;
|
|
|
|
|
|
|
|
|
|
rnh = *prnh;
|
|
|
|
|
RADIX_NODE_HEAD_LOCK(rnh);
|
|
|
|
|
(*rnh->rnh_walktree) (rnh, vfs_free_netcred, rnh);
|
|
|
|
|
RADIX_NODE_HEAD_UNLOCK(rnh);
|
|
|
|
|
RADIX_NODE_HEAD_DESTROY(rnh);
|
|
|
|
|
free(rnh, M_RTABLE);
|
|
|
|
|
prnh = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
|
* Free the net address hash lists that are hanging off the mount points.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_free_addrlist(struct netexport *nep)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2009-06-29 18:09:07 +00:00
|
|
|
struct ucred *cred;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2014-11-05 00:58:01 +00:00
|
|
|
if (nep->ne4 != NULL)
|
|
|
|
|
vfs_free_addrlist_af(&nep->ne4);
|
|
|
|
|
if (nep->ne6 != NULL)
|
|
|
|
|
vfs_free_addrlist_af(&nep->ne6);
|
|
|
|
|
|
2009-06-29 18:09:07 +00:00
|
|
|
cred = nep->ne_defexported.netc_anon;
|
|
|
|
|
if (cred != NULL)
|
|
|
|
|
crfree(cred);
|
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
2000-09-21 15:55:55 +00:00
|
|
|
/*
|
|
|
|
|
* High level function to manipulate export options on a mount point
|
|
|
|
|
* and the passed in netexport.
|
|
|
|
|
* Struct export_args *argp is the variable used to twiddle options,
|
|
|
|
|
* the structure is described in sys/mount.h
|
|
|
|
|
*/
|
1994-05-24 10:09:53 +00:00
|
|
|
int
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_export(struct mount *mp, struct export_args *argp)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-04-25 07:07:52 +00:00
|
|
|
struct netexport *nep;
|
1994-05-24 10:09:53 +00:00
|
|
|
int error;
|
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (argp->ex_numsecflavors < 0
|
|
|
|
|
|| argp->ex_numsecflavors >= MAXSECFLAVORS)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
2007-01-23 06:19:16 +00:00
|
|
|
error = 0;
|
2008-06-09 10:31:38 +00:00
|
|
|
lockmgr(&mp->mnt_explock, LK_EXCLUSIVE, NULL);
|
2009-05-09 18:09:17 +00:00
|
|
|
nep = mp->mnt_export;
|
1994-05-24 10:09:53 +00:00
|
|
|
if (argp->ex_flags & MNT_DELEXPORT) {
|
2006-12-16 15:50:36 +00:00
|
|
|
if (nep == NULL) {
|
2007-01-23 06:19:16 +00:00
|
|
|
error = ENOENT;
|
|
|
|
|
goto out;
|
2006-12-16 15:50:36 +00:00
|
|
|
}
|
1997-07-17 07:17:33 +00:00
|
|
|
if (mp->mnt_flag & MNT_EXPUBLIC) {
|
|
|
|
|
vfs_setpublicfs(NULL, NULL, NULL);
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_ILOCK(mp);
|
1997-07-17 07:17:33 +00:00
|
|
|
mp->mnt_flag &= ~MNT_EXPUBLIC;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_IUNLOCK(mp);
|
1997-07-17 07:17:33 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
vfs_free_addrlist(nep);
|
2001-04-25 07:07:52 +00:00
|
|
|
mp->mnt_export = NULL;
|
|
|
|
|
free(nep, M_MOUNT);
|
2005-05-11 18:25:42 +00:00
|
|
|
nep = NULL;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_ILOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
mp->mnt_flag &= ~(MNT_EXPORTED | MNT_DEFEXPORTED);
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_IUNLOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
if (argp->ex_flags & MNT_EXPORTED) {
|
2001-04-25 07:07:52 +00:00
|
|
|
if (nep == NULL) {
|
2003-02-19 05:47:46 +00:00
|
|
|
nep = malloc(sizeof(struct netexport), M_MOUNT, M_WAITOK | M_ZERO);
|
2001-04-25 07:07:52 +00:00
|
|
|
mp->mnt_export = nep;
|
|
|
|
|
}
|
1997-07-17 07:17:33 +00:00
|
|
|
if (argp->ex_flags & MNT_EXPUBLIC) {
|
|
|
|
|
if ((error = vfs_setpublicfs(mp, nep, argp)) != 0)
|
2007-01-23 06:19:16 +00:00
|
|
|
goto out;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_ILOCK(mp);
|
1997-07-17 07:17:33 +00:00
|
|
|
mp->mnt_flag |= MNT_EXPUBLIC;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_IUNLOCK(mp);
|
1997-07-17 07:17:33 +00:00
|
|
|
}
|
1994-09-25 19:34:02 +00:00
|
|
|
if ((error = vfs_hang_addrlist(mp, nep, argp)))
|
2007-01-23 06:19:16 +00:00
|
|
|
goto out;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_ILOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
mp->mnt_flag |= MNT_EXPORTED;
|
2006-09-26 04:12:49 +00:00
|
|
|
MNT_IUNLOCK(mp);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2007-01-23 06:19:16 +00:00
|
|
|
|
|
|
|
|
out:
|
2008-06-09 10:31:38 +00:00
|
|
|
lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
|
2007-01-23 06:19:16 +00:00
|
|
|
/*
|
|
|
|
|
* Once we have executed the vfs_export() command, we do
|
|
|
|
|
* not want to keep the "export" option around in the
|
|
|
|
|
* options list, since that will cause subsequent MNT_UPDATE
|
|
|
|
|
* calls to fail. The export information is saved in
|
|
|
|
|
* mp->mnt_export, so we can safely delete the "export" mount option
|
|
|
|
|
* here.
|
|
|
|
|
*/
|
|
|
|
|
vfs_deleteopt(mp->mnt_optnew, "export");
|
|
|
|
|
vfs_deleteopt(mp->mnt_opt, "export");
|
|
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
1997-07-17 07:17:33 +00:00
|
|
|
/*
|
|
|
|
|
* Set the publicly exported filesystem (WebNFS). Currently, only
|
|
|
|
|
* one public filesystem is possible in the spec (RFC 2054 and 2055)
|
|
|
|
|
*/
|
|
|
|
|
int
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_setpublicfs(struct mount *mp, struct netexport *nep,
|
|
|
|
|
struct export_args *argp)
|
1997-07-17 07:17:33 +00:00
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
struct vnode *rvp;
|
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* mp == NULL -> invalidate the current info, the FS is
|
|
|
|
|
* no longer exported. May be called from either vfs_export
|
|
|
|
|
* or unmount, so check if it hasn't already been done.
|
|
|
|
|
*/
|
|
|
|
|
if (mp == NULL) {
|
|
|
|
|
if (nfs_pub.np_valid) {
|
|
|
|
|
nfs_pub.np_valid = 0;
|
|
|
|
|
if (nfs_pub.np_index != NULL) {
|
2008-10-23 15:53:51 +00:00
|
|
|
free(nfs_pub.np_index, M_TEMP);
|
1997-07-17 07:17:33 +00:00
|
|
|
nfs_pub.np_index = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Only one allowed at a time.
|
|
|
|
|
*/
|
|
|
|
|
if (nfs_pub.np_valid != 0 && mp != nfs_pub.np_mount)
|
|
|
|
|
return (EBUSY);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get real filehandle for root of exported FS.
|
|
|
|
|
*/
|
2002-06-28 23:17:36 +00:00
|
|
|
bzero(&nfs_pub.np_handle, sizeof(nfs_pub.np_handle));
|
1997-07-17 07:17:33 +00:00
|
|
|
nfs_pub.np_handle.fh_fsid = mp->mnt_stat.f_fsid;
|
|
|
|
|
|
2009-05-11 15:33:26 +00:00
|
|
|
if ((error = VFS_ROOT(mp, LK_EXCLUSIVE, &rvp)))
|
1997-07-17 07:17:33 +00:00
|
|
|
return (error);
|
|
|
|
|
|
2007-02-15 22:08:35 +00:00
|
|
|
if ((error = VOP_VPTOFH(rvp, &nfs_pub.np_handle.fh_fid)))
|
1997-07-17 07:17:33 +00:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
vput(rvp);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If an indexfile was specified, pull it in.
|
|
|
|
|
*/
|
|
|
|
|
if (argp->ex_indexfile != NULL) {
|
2009-05-09 18:09:17 +00:00
|
|
|
if (nfs_pub.np_index != NULL)
|
|
|
|
|
nfs_pub.np_index = malloc(MAXNAMLEN + 1, M_TEMP,
|
|
|
|
|
M_WAITOK);
|
1997-07-17 07:17:33 +00:00
|
|
|
error = copyinstr(argp->ex_indexfile, nfs_pub.np_index,
|
|
|
|
|
MAXNAMLEN, (size_t *)0);
|
|
|
|
|
if (!error) {
|
|
|
|
|
/*
|
|
|
|
|
* Check for illegal filenames.
|
|
|
|
|
*/
|
|
|
|
|
for (cp = nfs_pub.np_index; *cp; cp++) {
|
|
|
|
|
if (*cp == '/') {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (error) {
|
2008-10-23 15:53:51 +00:00
|
|
|
free(nfs_pub.np_index, M_TEMP);
|
2009-05-09 18:09:17 +00:00
|
|
|
nfs_pub.np_index = NULL;
|
1997-07-17 07:17:33 +00:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nfs_pub.np_mount = mp;
|
|
|
|
|
nfs_pub.np_valid = 1;
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2000-09-21 15:55:55 +00:00
|
|
|
/*
|
|
|
|
|
* Used by the filesystems to determine if a given network address
|
2008-11-24 19:28:52 +00:00
|
|
|
* (passed in 'nam') is present in their exports list, returns a pointer
|
2000-09-21 15:55:55 +00:00
|
|
|
* to struct netcred so that the filesystem can examine it for
|
|
|
|
|
* access rights (read/write/etc).
|
|
|
|
|
*/
|
2005-02-10 12:25:38 +00:00
|
|
|
static struct netcred *
|
|
|
|
|
vfs_export_lookup(struct mount *mp, struct sockaddr *nam)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2001-04-25 07:07:52 +00:00
|
|
|
struct netexport *nep;
|
1994-05-24 10:09:53 +00:00
|
|
|
register struct netcred *np;
|
|
|
|
|
register struct radix_node_head *rnh;
|
|
|
|
|
struct sockaddr *saddr;
|
|
|
|
|
|
2001-04-25 07:07:52 +00:00
|
|
|
nep = mp->mnt_export;
|
|
|
|
|
if (nep == NULL)
|
|
|
|
|
return (NULL);
|
1994-05-24 10:09:53 +00:00
|
|
|
np = NULL;
|
|
|
|
|
if (mp->mnt_flag & MNT_EXPORTED) {
|
|
|
|
|
/*
|
|
|
|
|
* Lookup in the export list first.
|
|
|
|
|
*/
|
|
|
|
|
if (nam != NULL) {
|
1997-08-16 19:16:27 +00:00
|
|
|
saddr = nam;
|
2014-11-05 00:58:01 +00:00
|
|
|
rnh = NULL;
|
|
|
|
|
switch (saddr->sa_family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
rnh = nep->ne4;
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
rnh = nep->ne6;
|
|
|
|
|
break;
|
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
if (rnh != NULL) {
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RLOCK(rnh);
|
1994-05-24 10:09:53 +00:00
|
|
|
np = (struct netcred *)
|
2002-06-29 17:58:44 +00:00
|
|
|
(*rnh->rnh_matchaddr)(saddr, rnh);
|
2008-12-07 21:15:43 +00:00
|
|
|
RADIX_NODE_HEAD_RUNLOCK(rnh);
|
1994-05-24 10:09:53 +00:00
|
|
|
if (np && np->netc_rnodes->rn_flags & RNF_ROOT)
|
|
|
|
|
np = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* If no address match, use the default if it exists.
|
|
|
|
|
*/
|
|
|
|
|
if (np == NULL && mp->mnt_flag & MNT_DEFEXPORTED)
|
|
|
|
|
np = &nep->ne_defexported;
|
|
|
|
|
}
|
|
|
|
|
return (np);
|
|
|
|
|
}
|
1995-05-21 21:39:31 +00:00
|
|
|
|
2001-04-25 07:07:52 +00:00
|
|
|
/*
|
|
|
|
|
* XXX: This comment comes from the deprecated ufs_check_export()
|
|
|
|
|
* XXX: and may not entirely apply, but lacking something better:
|
|
|
|
|
* This is the generic part of fhtovp called after the underlying
|
|
|
|
|
* filesystem has validated the file handle.
|
|
|
|
|
*
|
|
|
|
|
* Verify that a host should have access to a filesystem.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int
|
2006-12-16 12:06:59 +00:00
|
|
|
vfs_stdcheckexp(struct mount *mp, struct sockaddr *nam, int *extflagsp,
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
struct ucred **credanonp, int *numsecflavors, int **secflavors)
|
2001-04-25 07:07:52 +00:00
|
|
|
{
|
|
|
|
|
struct netcred *np;
|
|
|
|
|
|
2008-06-09 10:31:38 +00:00
|
|
|
lockmgr(&mp->mnt_explock, LK_SHARED, NULL);
|
2001-04-25 07:07:52 +00:00
|
|
|
np = vfs_export_lookup(mp, nam);
|
2009-05-09 18:09:17 +00:00
|
|
|
if (np == NULL) {
|
|
|
|
|
lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
|
|
|
|
|
*credanonp = NULL;
|
2001-04-25 07:07:52 +00:00
|
|
|
return (EACCES);
|
2009-05-09 18:09:17 +00:00
|
|
|
}
|
2001-04-25 07:07:52 +00:00
|
|
|
*extflagsp = np->netc_exflags;
|
2009-05-09 18:09:17 +00:00
|
|
|
if ((*credanonp = np->netc_anon) != NULL)
|
|
|
|
|
crhold(*credanonp);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (numsecflavors)
|
|
|
|
|
*numsecflavors = np->netc_numsecflavors;
|
|
|
|
|
if (secflavors)
|
|
|
|
|
*secflavors = np->netc_secflavors;
|
2009-05-09 18:09:17 +00:00
|
|
|
lockmgr(&mp->mnt_explock, LK_RELEASE, NULL);
|
2001-04-25 07:07:52 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
