1 #define MSNFS /* HACK HACK */
3 * linux/fs/nfsd/export.c
5 * NFS exporting and validation.
7 * We maintain a list of clients, each of which has a list of
8 * exports. To export an fs to a given client, you first have
9 * to create the client entry with NFSCTL_ADDCLIENT, which
10 * creates a client control block and adds it to the hash
11 * table. Then, you call NFSCTL_EXPORT for each fs.
14 * Copyright (C) 1995, 1996 Olaf Kirch, <okir@monad.swb.de>
17 #include <linux/unistd.h>
18 #include <linux/slab.h>
19 #include <linux/stat.h>
21 #include <linux/seq_file.h>
22 #include <linux/syscalls.h>
23 #include <linux/rwsem.h>
24 #include <linux/dcache.h>
25 #include <linux/namei.h>
26 #include <linux/mount.h>
27 #include <linux/hash.h>
28 #include <linux/module.h>
29 #include <linux/exportfs.h>
31 #include <linux/sunrpc/svc.h>
32 #include <linux/nfsd/nfsd.h>
33 #include <linux/nfsd/nfsfh.h>
34 #include <linux/nfsd/syscall.h>
35 #include <linux/lockd/bind.h>
36 #include <linux/sunrpc/msg_prot.h>
37 #include <linux/sunrpc/gss_api.h>
39 #define NFSDDBG_FACILITY NFSDDBG_EXPORT
41 typedef struct auth_domain svc_client;
42 typedef struct svc_export svc_export;
44 static void exp_do_unexport(svc_export *unexp);
45 static int exp_verify_string(char *cp, int max);
49 * One maps client+vfsmnt+dentry to export options - the export map
50 * The other maps client+filehandle-fragment to export options. - the expkey map
52 * The export options are actually stored in the first map, and the
53 * second map contains a reference to the entry in the first map.
56 #define EXPKEY_HASHBITS 8
57 #define EXPKEY_HASHMAX (1 << EXPKEY_HASHBITS)
58 #define EXPKEY_HASHMASK (EXPKEY_HASHMAX -1)
59 static struct cache_head *expkey_table[EXPKEY_HASHMAX];
61 static void expkey_put(struct kref *ref)
63 struct svc_expkey *key = container_of(ref, struct svc_expkey, h.ref);
65 if (test_bit(CACHE_VALID, &key->h.flags) &&
66 !test_bit(CACHE_NEGATIVE, &key->h.flags)) {
70 auth_domain_put(key->ek_client);
74 static void expkey_request(struct cache_detail *cd,
76 char **bpp, int *blen)
78 /* client fsidtype \xfsid */
79 struct svc_expkey *ek = container_of(h, struct svc_expkey, h);
82 qword_add(bpp, blen, ek->ek_client->name);
83 snprintf(type, 5, "%d", ek->ek_fsidtype);
84 qword_add(bpp, blen, type);
85 qword_addhex(bpp, blen, (char*)ek->ek_fsid, key_len(ek->ek_fsidtype));
89 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old);
90 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *);
91 static struct cache_detail svc_expkey_cache;
93 static int expkey_parse(struct cache_detail *cd, char *mesg, int mlen)
95 /* client fsidtype fsid [path] */
98 struct auth_domain *dom = NULL;
102 struct svc_expkey key;
103 struct svc_expkey *ek;
105 if (mesg[mlen-1] != '\n')
109 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
114 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
118 dom = auth_domain_find(buf);
121 dprintk("found domain %s\n", buf);
124 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
126 fsidtype = simple_strtoul(buf, &ep, 10);
129 dprintk("found fsidtype %d\n", fsidtype);
130 if (key_len(fsidtype)==0) /* invalid type */
132 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
134 dprintk("found fsid length %d\n", len);
135 if (len != key_len(fsidtype))
138 /* OK, we seem to have a valid key */
140 key.h.expiry_time = get_expiry(&mesg);
141 if (key.h.expiry_time == 0)
145 key.ek_fsidtype = fsidtype;
146 memcpy(key.ek_fsid, buf, len);
148 ek = svc_expkey_lookup(&key);
153 /* now we want a pathname, or empty meaning NEGATIVE */
155 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) < 0)
157 dprintk("Path seems to be <%s>\n", buf);
160 set_bit(CACHE_NEGATIVE, &key.h.flags);
161 ek = svc_expkey_update(&key, ek);
163 cache_put(&ek->h, &svc_expkey_cache);
167 err = path_lookup(buf, 0, &nd);
171 dprintk("Found the path %s\n", buf);
173 key.ek_dentry = nd.dentry;
175 ek = svc_expkey_update(&key, ek);
177 cache_put(&ek->h, &svc_expkey_cache);
185 auth_domain_put(dom);
190 static int expkey_show(struct seq_file *m,
191 struct cache_detail *cd,
192 struct cache_head *h)
194 struct svc_expkey *ek ;
198 seq_puts(m, "#domain fsidtype fsid [path]\n");
201 ek = container_of(h, struct svc_expkey, h);
202 seq_printf(m, "%s %d 0x", ek->ek_client->name,
204 for (i=0; i < key_len(ek->ek_fsidtype)/4; i++)
205 seq_printf(m, "%08x", ek->ek_fsid[i]);
206 if (test_bit(CACHE_VALID, &h->flags) &&
207 !test_bit(CACHE_NEGATIVE, &h->flags)) {
209 seq_path(m, ek->ek_mnt, ek->ek_dentry, "\\ \t\n");
215 static inline int expkey_match (struct cache_head *a, struct cache_head *b)
217 struct svc_expkey *orig = container_of(a, struct svc_expkey, h);
218 struct svc_expkey *new = container_of(b, struct svc_expkey, h);
220 if (orig->ek_fsidtype != new->ek_fsidtype ||
221 orig->ek_client != new->ek_client ||
222 memcmp(orig->ek_fsid, new->ek_fsid, key_len(orig->ek_fsidtype)) != 0)
227 static inline void expkey_init(struct cache_head *cnew,
228 struct cache_head *citem)
230 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
231 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
233 kref_get(&item->ek_client->ref);
234 new->ek_client = item->ek_client;
235 new->ek_fsidtype = item->ek_fsidtype;
237 memcpy(new->ek_fsid, item->ek_fsid, sizeof(new->ek_fsid));
240 static inline void expkey_update(struct cache_head *cnew,
241 struct cache_head *citem)
243 struct svc_expkey *new = container_of(cnew, struct svc_expkey, h);
244 struct svc_expkey *item = container_of(citem, struct svc_expkey, h);
246 new->ek_mnt = mntget(item->ek_mnt);
247 new->ek_dentry = dget(item->ek_dentry);
250 static struct cache_head *expkey_alloc(void)
252 struct svc_expkey *i = kmalloc(sizeof(*i), GFP_KERNEL);
259 static struct cache_detail svc_expkey_cache = {
260 .owner = THIS_MODULE,
261 .hash_size = EXPKEY_HASHMAX,
262 .hash_table = expkey_table,
264 .cache_put = expkey_put,
265 .cache_request = expkey_request,
266 .cache_parse = expkey_parse,
267 .cache_show = expkey_show,
268 .match = expkey_match,
270 .update = expkey_update,
271 .alloc = expkey_alloc,
274 static struct svc_expkey *
275 svc_expkey_lookup(struct svc_expkey *item)
277 struct cache_head *ch;
278 int hash = item->ek_fsidtype;
279 char * cp = (char*)item->ek_fsid;
280 int len = key_len(item->ek_fsidtype);
282 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
283 hash ^= hash_ptr(item->ek_client, EXPKEY_HASHBITS);
284 hash &= EXPKEY_HASHMASK;
286 ch = sunrpc_cache_lookup(&svc_expkey_cache, &item->h,
289 return container_of(ch, struct svc_expkey, h);
294 static struct svc_expkey *
295 svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old)
297 struct cache_head *ch;
298 int hash = new->ek_fsidtype;
299 char * cp = (char*)new->ek_fsid;
300 int len = key_len(new->ek_fsidtype);
302 hash ^= hash_mem(cp, len, EXPKEY_HASHBITS);
303 hash ^= hash_ptr(new->ek_client, EXPKEY_HASHBITS);
304 hash &= EXPKEY_HASHMASK;
306 ch = sunrpc_cache_update(&svc_expkey_cache, &new->h,
309 return container_of(ch, struct svc_expkey, h);
315 #define EXPORT_HASHBITS 8
316 #define EXPORT_HASHMAX (1<< EXPORT_HASHBITS)
317 #define EXPORT_HASHMASK (EXPORT_HASHMAX -1)
319 static struct cache_head *export_table[EXPORT_HASHMAX];
321 static void nfsd4_fslocs_free(struct nfsd4_fs_locations *fsloc)
325 for (i = 0; i < fsloc->locations_count; i++) {
326 kfree(fsloc->locations[i].path);
327 kfree(fsloc->locations[i].hosts);
329 kfree(fsloc->locations);
332 static void svc_export_put(struct kref *ref)
334 struct svc_export *exp = container_of(ref, struct svc_export, h.ref);
335 dput(exp->ex_dentry);
337 auth_domain_put(exp->ex_client);
339 nfsd4_fslocs_free(&exp->ex_fslocs);
343 static void svc_export_request(struct cache_detail *cd,
344 struct cache_head *h,
345 char **bpp, int *blen)
348 struct svc_export *exp = container_of(h, struct svc_export, h);
351 qword_add(bpp, blen, exp->ex_client->name);
352 pth = d_path(exp->ex_dentry, exp->ex_mnt, *bpp, *blen);
354 /* is this correct? */
358 qword_add(bpp, blen, pth);
362 static struct svc_export *svc_export_update(struct svc_export *new,
363 struct svc_export *old);
364 static struct svc_export *svc_export_lookup(struct svc_export *);
366 static int check_export(struct inode *inode, int flags, unsigned char *uuid)
369 /* We currently export only dirs and regular files.
370 * This is what umountd does.
372 if (!S_ISDIR(inode->i_mode) &&
373 !S_ISREG(inode->i_mode))
376 /* There are two requirements on a filesystem to be exportable.
377 * 1: We must be able to identify the filesystem from a number.
378 * either a device number (so FS_REQUIRES_DEV needed)
379 * or an FSID number (so NFSEXP_FSID or ->uuid is needed).
380 * 2: We must be able to find an inode from a filehandle.
381 * This means that s_export_op must be set.
383 if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
384 !(flags & NFSEXP_FSID) &&
386 dprintk("exp_export: export of non-dev fs without fsid\n");
389 if (!inode->i_sb->s_export_op) {
390 dprintk("exp_export: export of invalid fs type.\n");
394 /* Ok, we can export it */;
395 if (!inode->i_sb->s_export_op->find_exported_dentry)
396 inode->i_sb->s_export_op->find_exported_dentry =
397 find_exported_dentry;
402 #ifdef CONFIG_NFSD_V4
405 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc)
408 int migrated, i, err;
411 err = get_int(mesg, &fsloc->locations_count);
414 if (fsloc->locations_count > MAX_FS_LOCATIONS)
416 if (fsloc->locations_count == 0)
419 fsloc->locations = kzalloc(fsloc->locations_count
420 * sizeof(struct nfsd4_fs_location), GFP_KERNEL);
421 if (!fsloc->locations)
423 for (i=0; i < fsloc->locations_count; i++) {
424 /* colon separated host list */
426 len = qword_get(mesg, buf, PAGE_SIZE);
430 fsloc->locations[i].hosts = kstrdup(buf, GFP_KERNEL);
431 if (!fsloc->locations[i].hosts)
434 /* slash separated path component list */
435 len = qword_get(mesg, buf, PAGE_SIZE);
439 fsloc->locations[i].path = kstrdup(buf, GFP_KERNEL);
440 if (!fsloc->locations[i].path)
444 err = get_int(mesg, &migrated);
448 if (migrated < 0 || migrated > 1)
450 fsloc->migrated = migrated;
453 nfsd4_fslocs_free(fsloc);
457 static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
460 struct exp_flavor_info *f;
462 err = get_int(mesg, &listsize);
465 if (listsize < 0 || listsize > MAX_SECINFO_LIST)
468 for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
469 err = get_int(mesg, &f->pseudoflavor);
473 * Just a quick sanity check; we could also try to check
474 * whether this pseudoflavor is supported, but at worst
475 * an unsupported pseudoflavor on the export would just
476 * be a pseudoflavor that won't match the flavor of any
477 * authenticated request. The administrator will
478 * probably discover the problem when someone fails to
481 if (f->pseudoflavor < 0)
483 err = get_int(mesg, &f->flags);
486 /* Only some flags are allowed to differ between flavors: */
487 if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
490 exp->ex_nflavors = listsize;
494 #else /* CONFIG_NFSD_V4 */
496 fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
498 secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
501 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
503 /* client path expiry [flags anonuid anongid fsid] */
507 struct auth_domain *dom = NULL;
509 struct svc_export exp, *expp;
516 exp.ex_fslocs.locations = NULL;
517 exp.ex_fslocs.locations_count = 0;
518 exp.ex_fslocs.migrated = 0;
525 if (mesg[mlen-1] != '\n')
529 buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
534 len = qword_get(&mesg, buf, PAGE_SIZE);
536 if (len <= 0) goto out;
539 dom = auth_domain_find(buf);
545 if ((len=qword_get(&mesg, buf, PAGE_SIZE)) <= 0)
547 err = path_lookup(buf, 0, &nd);
548 if (err) goto out_no_path;
553 exp.ex_dentry = nd.dentry;
554 exp.ex_path = kstrdup(buf, GFP_KERNEL);
561 exp.h.expiry_time = get_expiry(&mesg);
562 if (exp.h.expiry_time == 0)
566 err = get_int(&mesg, &an_int);
568 set_bit(CACHE_NEGATIVE, &exp.h.flags);
570 if (err || an_int < 0) goto out;
571 exp.ex_flags= an_int;
574 err = get_int(&mesg, &an_int);
576 exp.ex_anon_uid= an_int;
579 err = get_int(&mesg, &an_int);
581 exp.ex_anon_gid= an_int;
584 err = get_int(&mesg, &an_int);
586 exp.ex_fsid = an_int;
588 while ((len = qword_get(&mesg, buf, PAGE_SIZE)) > 0) {
589 if (strcmp(buf, "fsloc") == 0)
590 err = fsloc_parse(&mesg, buf, &exp.ex_fslocs);
591 else if (strcmp(buf, "uuid") == 0) {
592 /* expect a 16 byte uuid encoded as \xXXXX... */
593 len = qword_get(&mesg, buf, PAGE_SIZE);
598 kmemdup(buf, 16, GFP_KERNEL);
599 if (exp.ex_uuid == NULL)
602 } else if (strcmp(buf, "secinfo") == 0)
603 err = secinfo_parse(&mesg, buf, &exp);
605 /* quietly ignore unknown words and anything
606 * following. Newer user-space can try to set
607 * new values, then see what the result was.
614 err = check_export(nd.dentry->d_inode, exp.ex_flags,
619 expp = svc_export_lookup(&exp);
621 expp = svc_export_update(&exp, expp);
630 nfsd4_fslocs_free(&exp.ex_fslocs);
637 auth_domain_put(dom);
642 static void exp_flags(struct seq_file *m, int flag, int fsid,
643 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs);
644 static void show_secinfo(struct seq_file *m, struct svc_export *exp);
646 static int svc_export_show(struct seq_file *m,
647 struct cache_detail *cd,
648 struct cache_head *h)
650 struct svc_export *exp ;
653 seq_puts(m, "#path domain(flags)\n");
656 exp = container_of(h, struct svc_export, h);
657 seq_path(m, exp->ex_mnt, exp->ex_dentry, " \t\n\\");
659 seq_escape(m, exp->ex_client->name, " \t\n\\");
661 if (test_bit(CACHE_VALID, &h->flags) &&
662 !test_bit(CACHE_NEGATIVE, &h->flags)) {
663 exp_flags(m, exp->ex_flags, exp->ex_fsid,
664 exp->ex_anon_uid, exp->ex_anon_gid, &exp->ex_fslocs);
667 seq_puts(m, ",uuid=");
668 for (i=0; i<16; i++) {
671 seq_printf(m, "%02x", exp->ex_uuid[i]);
674 show_secinfo(m, exp);
679 static int svc_export_match(struct cache_head *a, struct cache_head *b)
681 struct svc_export *orig = container_of(a, struct svc_export, h);
682 struct svc_export *new = container_of(b, struct svc_export, h);
683 return orig->ex_client == new->ex_client &&
684 orig->ex_dentry == new->ex_dentry &&
685 orig->ex_mnt == new->ex_mnt;
688 static void svc_export_init(struct cache_head *cnew, struct cache_head *citem)
690 struct svc_export *new = container_of(cnew, struct svc_export, h);
691 struct svc_export *item = container_of(citem, struct svc_export, h);
693 kref_get(&item->ex_client->ref);
694 new->ex_client = item->ex_client;
695 new->ex_dentry = dget(item->ex_dentry);
696 new->ex_mnt = mntget(item->ex_mnt);
698 new->ex_fslocs.locations = NULL;
699 new->ex_fslocs.locations_count = 0;
700 new->ex_fslocs.migrated = 0;
703 static void export_update(struct cache_head *cnew, struct cache_head *citem)
705 struct svc_export *new = container_of(cnew, struct svc_export, h);
706 struct svc_export *item = container_of(citem, struct svc_export, h);
709 new->ex_flags = item->ex_flags;
710 new->ex_anon_uid = item->ex_anon_uid;
711 new->ex_anon_gid = item->ex_anon_gid;
712 new->ex_fsid = item->ex_fsid;
713 new->ex_uuid = item->ex_uuid;
714 item->ex_uuid = NULL;
715 new->ex_path = item->ex_path;
716 item->ex_path = NULL;
717 new->ex_fslocs.locations = item->ex_fslocs.locations;
718 item->ex_fslocs.locations = NULL;
719 new->ex_fslocs.locations_count = item->ex_fslocs.locations_count;
720 item->ex_fslocs.locations_count = 0;
721 new->ex_fslocs.migrated = item->ex_fslocs.migrated;
722 item->ex_fslocs.migrated = 0;
723 new->ex_nflavors = item->ex_nflavors;
724 for (i = 0; i < MAX_SECINFO_LIST; i++) {
725 new->ex_flavors[i] = item->ex_flavors[i];
729 static struct cache_head *svc_export_alloc(void)
731 struct svc_export *i = kmalloc(sizeof(*i), GFP_KERNEL);
738 struct cache_detail svc_export_cache = {
739 .owner = THIS_MODULE,
740 .hash_size = EXPORT_HASHMAX,
741 .hash_table = export_table,
742 .name = "nfsd.export",
743 .cache_put = svc_export_put,
744 .cache_request = svc_export_request,
745 .cache_parse = svc_export_parse,
746 .cache_show = svc_export_show,
747 .match = svc_export_match,
748 .init = svc_export_init,
749 .update = export_update,
750 .alloc = svc_export_alloc,
753 static struct svc_export *
754 svc_export_lookup(struct svc_export *exp)
756 struct cache_head *ch;
758 hash = hash_ptr(exp->ex_client, EXPORT_HASHBITS);
759 hash ^= hash_ptr(exp->ex_dentry, EXPORT_HASHBITS);
760 hash ^= hash_ptr(exp->ex_mnt, EXPORT_HASHBITS);
762 ch = sunrpc_cache_lookup(&svc_export_cache, &exp->h,
765 return container_of(ch, struct svc_export, h);
770 static struct svc_export *
771 svc_export_update(struct svc_export *new, struct svc_export *old)
773 struct cache_head *ch;
775 hash = hash_ptr(old->ex_client, EXPORT_HASHBITS);
776 hash ^= hash_ptr(old->ex_dentry, EXPORT_HASHBITS);
777 hash ^= hash_ptr(old->ex_mnt, EXPORT_HASHBITS);
779 ch = sunrpc_cache_update(&svc_export_cache, &new->h,
783 return container_of(ch, struct svc_export, h);
789 static struct svc_expkey *
790 exp_find_key(svc_client *clp, int fsid_type, u32 *fsidv, struct cache_req *reqp)
792 struct svc_expkey key, *ek;
796 return ERR_PTR(-ENOENT);
799 key.ek_fsidtype = fsid_type;
800 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
802 ek = svc_expkey_lookup(&key);
804 return ERR_PTR(-ENOMEM);
805 err = cache_check(&svc_expkey_cache, &ek->h, reqp);
811 static int exp_set_key(svc_client *clp, int fsid_type, u32 *fsidv,
812 struct svc_export *exp)
814 struct svc_expkey key, *ek;
817 key.ek_fsidtype = fsid_type;
818 memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
819 key.ek_mnt = exp->ex_mnt;
820 key.ek_dentry = exp->ex_dentry;
821 key.h.expiry_time = NEVER;
824 ek = svc_expkey_lookup(&key);
826 ek = svc_expkey_update(&key,ek);
828 cache_put(&ek->h, &svc_expkey_cache);
835 * Find the client's export entry matching xdev/xino.
837 static inline struct svc_expkey *
838 exp_get_key(svc_client *clp, dev_t dev, ino_t ino)
842 if (old_valid_dev(dev)) {
843 mk_fsid(FSID_DEV, fsidv, dev, ino, 0, NULL);
844 return exp_find_key(clp, FSID_DEV, fsidv, NULL);
846 mk_fsid(FSID_ENCODE_DEV, fsidv, dev, ino, 0, NULL);
847 return exp_find_key(clp, FSID_ENCODE_DEV, fsidv, NULL);
851 * Find the client's export entry matching fsid
853 static inline struct svc_expkey *
854 exp_get_fsid_key(svc_client *clp, int fsid)
858 mk_fsid(FSID_NUM, fsidv, 0, 0, fsid, NULL);
860 return exp_find_key(clp, FSID_NUM, fsidv, NULL);
864 exp_get_by_name(svc_client *clp, struct vfsmount *mnt, struct dentry *dentry,
865 struct cache_req *reqp)
867 struct svc_export *exp, key;
871 return ERR_PTR(-ENOENT);
875 key.ex_dentry = dentry;
877 exp = svc_export_lookup(&key);
879 return ERR_PTR(-ENOMEM);
880 err = cache_check(&svc_export_cache, &exp->h, reqp);
887 * Find the export entry for a given dentry.
890 exp_parent(svc_client *clp, struct vfsmount *mnt, struct dentry *dentry,
891 struct cache_req *reqp)
896 exp = exp_get_by_name(clp, mnt, dentry, reqp);
898 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
899 struct dentry *parent;
901 parent = dget_parent(dentry);
904 exp = exp_get_by_name(clp, mnt, dentry, reqp);
911 * Hashtable locking. Write locks are placed only by user processes
912 * wanting to modify export information.
913 * Write locking only done in this file. Read locking
917 static DECLARE_RWSEM(hash_sem);
922 down_read(&hash_sem);
928 down_write(&hash_sem);
938 exp_writeunlock(void)
943 static void exp_fsid_unhash(struct svc_export *exp)
945 struct svc_expkey *ek;
947 if ((exp->ex_flags & NFSEXP_FSID) == 0)
950 ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid);
952 ek->h.expiry_time = get_seconds()-1;
953 cache_put(&ek->h, &svc_expkey_cache);
955 svc_expkey_cache.nextcheck = get_seconds();
958 static int exp_fsid_hash(svc_client *clp, struct svc_export *exp)
962 if ((exp->ex_flags & NFSEXP_FSID) == 0)
965 mk_fsid(FSID_NUM, fsid, 0, 0, exp->ex_fsid, NULL);
966 return exp_set_key(clp, FSID_NUM, fsid, exp);
969 static int exp_hash(struct auth_domain *clp, struct svc_export *exp)
972 struct inode *inode = exp->ex_dentry->d_inode;
973 dev_t dev = inode->i_sb->s_dev;
975 if (old_valid_dev(dev)) {
976 mk_fsid(FSID_DEV, fsid, dev, inode->i_ino, 0, NULL);
977 return exp_set_key(clp, FSID_DEV, fsid, exp);
979 mk_fsid(FSID_ENCODE_DEV, fsid, dev, inode->i_ino, 0, NULL);
980 return exp_set_key(clp, FSID_ENCODE_DEV, fsid, exp);
983 static void exp_unhash(struct svc_export *exp)
985 struct svc_expkey *ek;
986 struct inode *inode = exp->ex_dentry->d_inode;
988 ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino);
990 ek->h.expiry_time = get_seconds()-1;
991 cache_put(&ek->h, &svc_expkey_cache);
993 svc_expkey_cache.nextcheck = get_seconds();
997 * Export a file system.
1000 exp_export(struct nfsctl_export *nxp)
1003 struct svc_export *exp = NULL;
1004 struct svc_export new;
1005 struct svc_expkey *fsid_key = NULL;
1006 struct nameidata nd;
1009 /* Consistency check */
1011 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1012 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1015 dprintk("exp_export called for %s:%s (%x/%ld fl %x).\n",
1016 nxp->ex_client, nxp->ex_path,
1017 (unsigned)nxp->ex_dev, (long)nxp->ex_ino,
1020 /* Try to lock the export table for update */
1023 /* Look up client info */
1024 if (!(clp = auth_domain_find(nxp->ex_client)))
1028 /* Look up the dentry */
1029 err = path_lookup(nxp->ex_path, 0, &nd);
1034 exp = exp_get_by_name(clp, nd.mnt, nd.dentry, NULL);
1036 memset(&new, 0, sizeof(new));
1038 /* must make sure there won't be an ex_fsid clash */
1039 if ((nxp->ex_flags & NFSEXP_FSID) &&
1040 (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) &&
1042 (fsid_key->ek_mnt != nd.mnt || fsid_key->ek_dentry != nd.dentry) )
1046 /* just a flags/id/fsid update */
1048 exp_fsid_unhash(exp);
1049 exp->ex_flags = nxp->ex_flags;
1050 exp->ex_anon_uid = nxp->ex_anon_uid;
1051 exp->ex_anon_gid = nxp->ex_anon_gid;
1052 exp->ex_fsid = nxp->ex_dev;
1054 err = exp_fsid_hash(clp, exp);
1058 err = check_export(nd.dentry->d_inode, nxp->ex_flags, NULL);
1059 if (err) goto finish;
1063 dprintk("nfsd: creating export entry %p for client %p\n", exp, clp);
1065 new.h.expiry_time = NEVER;
1067 new.ex_path = kstrdup(nxp->ex_path, GFP_KERNEL);
1070 new.ex_client = clp;
1071 new.ex_mnt = nd.mnt;
1072 new.ex_dentry = nd.dentry;
1073 new.ex_flags = nxp->ex_flags;
1074 new.ex_anon_uid = nxp->ex_anon_uid;
1075 new.ex_anon_gid = nxp->ex_anon_gid;
1076 new.ex_fsid = nxp->ex_dev;
1078 exp = svc_export_lookup(&new);
1080 exp = svc_export_update(&new, exp);
1085 if (exp_hash(clp, exp) ||
1086 exp_fsid_hash(clp, exp)) {
1087 /* failed to create at least one index */
1088 exp_do_unexport(exp);
1097 if (fsid_key && !IS_ERR(fsid_key))
1098 cache_put(&fsid_key->h, &svc_expkey_cache);
1100 auth_domain_put(clp);
1109 * Unexport a file system. The export entry has already
1110 * been removed from the client's list of exported fs's.
1113 exp_do_unexport(svc_export *unexp)
1115 unexp->h.expiry_time = get_seconds()-1;
1116 svc_export_cache.nextcheck = get_seconds();
1118 exp_fsid_unhash(unexp);
1126 exp_unexport(struct nfsctl_export *nxp)
1128 struct auth_domain *dom;
1130 struct nameidata nd;
1133 /* Consistency check */
1134 if (!exp_verify_string(nxp->ex_path, NFS_MAXPATHLEN) ||
1135 !exp_verify_string(nxp->ex_client, NFSCLNT_IDMAX))
1141 dom = auth_domain_find(nxp->ex_client);
1143 dprintk("nfsd: unexport couldn't find %s\n", nxp->ex_client);
1147 err = path_lookup(nxp->ex_path, 0, &nd);
1152 exp = exp_get_by_name(dom, nd.mnt, nd.dentry, NULL);
1157 exp_do_unexport(exp);
1162 auth_domain_put(dom);
1170 * Obtain the root fh on behalf of a client.
1171 * This could be done in user space, but I feel that it adds some safety
1172 * since its harder to fool a kernel module than a user space program.
1175 exp_rootfh(svc_client *clp, char *path, struct knfsd_fh *f, int maxsize)
1177 struct svc_export *exp;
1178 struct nameidata nd;
1179 struct inode *inode;
1184 /* NB: we probably ought to check that it's NUL-terminated */
1185 if (path_lookup(path, 0, &nd)) {
1186 printk("nfsd: exp_rootfh path not found %s", path);
1189 inode = nd.dentry->d_inode;
1191 dprintk("nfsd: exp_rootfh(%s [%p] %s:%s/%ld)\n",
1192 path, nd.dentry, clp->name,
1193 inode->i_sb->s_id, inode->i_ino);
1194 exp = exp_parent(clp, nd.mnt, nd.dentry, NULL);
1201 * fh must be initialized before calling fh_compose
1203 fh_init(&fh, maxsize);
1204 if (fh_compose(&fh, exp, nd.dentry, NULL))
1208 memcpy(f, &fh.fh_handle, sizeof(struct knfsd_fh));
1217 exp_find(struct auth_domain *clp, int fsid_type, u32 *fsidv,
1218 struct cache_req *reqp)
1220 struct svc_export *exp;
1221 struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp);
1223 return ERR_PTR(PTR_ERR(ek));
1225 exp = exp_get_by_name(clp, ek->ek_mnt, ek->ek_dentry, reqp);
1226 cache_put(&ek->h, &svc_expkey_cache);
1229 return ERR_PTR(PTR_ERR(exp));
1233 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
1235 struct exp_flavor_info *f;
1236 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1238 /* legacy gss-only clients are always OK: */
1239 if (exp->ex_client == rqstp->rq_gssclient)
1241 /* ip-address based client; check sec= export option: */
1242 for (f = exp->ex_flavors; f < end; f++) {
1243 if (f->pseudoflavor == rqstp->rq_flavor)
1246 /* defaults in absence of sec= options: */
1247 if (exp->ex_nflavors == 0) {
1248 if (rqstp->rq_flavor == RPC_AUTH_NULL ||
1249 rqstp->rq_flavor == RPC_AUTH_UNIX)
1252 return nfserr_wrongsec;
1256 * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
1257 * auth_unix client) if it's available and has secinfo information;
1258 * otherwise, will try to use rq_gssclient.
1260 * Called from functions that handle requests; functions that do work on
1261 * behalf of mountd are passed a single client name to use, and should
1262 * use exp_get_by_name() or exp_find().
1265 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
1266 struct dentry *dentry)
1268 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1270 if (rqstp->rq_client == NULL)
1273 /* First try the auth_unix client: */
1274 exp = exp_get_by_name(rqstp->rq_client, mnt, dentry,
1275 &rqstp->rq_chandle);
1276 if (PTR_ERR(exp) == -ENOENT)
1280 /* If it has secinfo, assume there are no gss/... clients */
1281 if (exp->ex_nflavors > 0)
1284 /* Otherwise, try falling back on gss client */
1285 if (rqstp->rq_gssclient == NULL)
1287 gssexp = exp_get_by_name(rqstp->rq_gssclient, mnt, dentry,
1288 &rqstp->rq_chandle);
1289 if (PTR_ERR(gssexp) == -ENOENT)
1297 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
1299 struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
1301 if (rqstp->rq_client == NULL)
1304 /* First try the auth_unix client: */
1305 exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
1306 if (PTR_ERR(exp) == -ENOENT)
1310 /* If it has secinfo, assume there are no gss/... clients */
1311 if (exp->ex_nflavors > 0)
1314 /* Otherwise, try falling back on gss client */
1315 if (rqstp->rq_gssclient == NULL)
1317 gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
1318 &rqstp->rq_chandle);
1319 if (PTR_ERR(gssexp) == -ENOENT)
1327 rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
1328 struct dentry *dentry)
1330 struct svc_export *exp;
1333 exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
1335 while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
1336 struct dentry *parent;
1338 parent = dget_parent(dentry);
1341 exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
1348 * Called when we need the filehandle for the root of the pseudofs,
1349 * for a given NFSv4 client. The root is defined to be the
1350 * export point with fsid==0
1353 exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
1355 struct svc_export *exp;
1359 mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
1361 exp = rqst_exp_find(rqstp, FSID_NUM, fsidv);
1362 if (PTR_ERR(exp) == -ENOENT)
1365 return nfserrno(PTR_ERR(exp));
1366 rv = fh_compose(fhp, exp, exp->ex_dentry, NULL);
1369 rv = check_nfsd_access(exp, rqstp);
1377 static void *e_start(struct seq_file *m, loff_t *pos)
1378 __acquires(svc_export_cache.hash_lock)
1381 unsigned hash, export;
1382 struct cache_head *ch;
1385 read_lock(&svc_export_cache.hash_lock);
1387 return SEQ_START_TOKEN;
1389 export = n & ((1LL<<32) - 1);
1392 for (ch=export_table[hash]; ch; ch=ch->next)
1395 n &= ~((1LL<<32) - 1);
1399 } while(hash < EXPORT_HASHMAX && export_table[hash]==NULL);
1400 if (hash >= EXPORT_HASHMAX)
1403 return export_table[hash];
1406 static void *e_next(struct seq_file *m, void *p, loff_t *pos)
1408 struct cache_head *ch = p;
1409 int hash = (*pos >> 32);
1411 if (p == SEQ_START_TOKEN)
1413 else if (ch->next == NULL) {
1420 *pos &= ~((1LL<<32) - 1);
1421 while (hash < EXPORT_HASHMAX && export_table[hash] == NULL) {
1425 if (hash >= EXPORT_HASHMAX)
1428 return export_table[hash];
1431 static void e_stop(struct seq_file *m, void *p)
1432 __releases(svc_export_cache.hash_lock)
1434 read_unlock(&svc_export_cache.hash_lock);
1438 static struct flags {
1442 { NFSEXP_READONLY, {"ro", "rw"}},
1443 { NFSEXP_INSECURE_PORT, {"insecure", ""}},
1444 { NFSEXP_ROOTSQUASH, {"root_squash", "no_root_squash"}},
1445 { NFSEXP_ALLSQUASH, {"all_squash", ""}},
1446 { NFSEXP_ASYNC, {"async", "sync"}},
1447 { NFSEXP_GATHERED_WRITES, {"wdelay", "no_wdelay"}},
1448 { NFSEXP_NOHIDE, {"nohide", ""}},
1449 { NFSEXP_CROSSMOUNT, {"crossmnt", ""}},
1450 { NFSEXP_NOSUBTREECHECK, {"no_subtree_check", ""}},
1451 { NFSEXP_NOAUTHNLM, {"insecure_locks", ""}},
1453 { NFSEXP_MSNFS, {"msnfs", ""}},
1458 static void show_expflags(struct seq_file *m, int flags, int mask)
1461 int state, first = 0;
1463 for (flg = expflags; flg->flag; flg++) {
1464 if (flg->flag & ~mask)
1466 state = (flg->flag & flags) ? 0 : 1;
1467 if (*flg->name[state])
1468 seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
1472 static void show_secinfo_flags(struct seq_file *m, int flags)
1475 show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
1478 static void show_secinfo(struct seq_file *m, struct svc_export *exp)
1480 struct exp_flavor_info *f;
1481 struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
1482 int lastflags = 0, first = 0;
1484 if (exp->ex_nflavors == 0)
1486 for (f = exp->ex_flavors; f < end; f++) {
1487 if (first || f->flags != lastflags) {
1489 show_secinfo_flags(m, lastflags);
1490 seq_printf(m, ",sec=%d", f->pseudoflavor);
1491 lastflags = f->flags;
1493 seq_printf(m, ":%d", f->pseudoflavor);
1496 show_secinfo_flags(m, lastflags);
1499 static void exp_flags(struct seq_file *m, int flag, int fsid,
1500 uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
1502 show_expflags(m, flag, NFSEXP_ALLFLAGS);
1503 if (flag & NFSEXP_FSID)
1504 seq_printf(m, ",fsid=%d", fsid);
1505 if (anonu != (uid_t)-2 && anonu != (0x10000-2))
1506 seq_printf(m, ",anonuid=%u", anonu);
1507 if (anong != (gid_t)-2 && anong != (0x10000-2))
1508 seq_printf(m, ",anongid=%u", anong);
1509 if (fsloc && fsloc->locations_count > 0) {
1510 char *loctype = (fsloc->migrated) ? "refer" : "replicas";
1513 seq_printf(m, ",%s=", loctype);
1514 seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
1516 seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");
1517 for (i = 1; i < fsloc->locations_count; i++) {
1519 seq_escape(m, fsloc->locations[i].path, ",;@ \t\n\\");
1521 seq_escape(m, fsloc->locations[i].hosts, ",;@ \t\n\\");
1526 static int e_show(struct seq_file *m, void *p)
1528 struct cache_head *cp = p;
1529 struct svc_export *exp = container_of(cp, struct svc_export, h);
1531 if (p == SEQ_START_TOKEN) {
1532 seq_puts(m, "# Version 1.1\n");
1533 seq_puts(m, "# Path Client(Flags) # IPs\n");
1538 if (cache_check(&svc_export_cache, &exp->h, NULL))
1540 cache_put(&exp->h, &svc_export_cache);
1541 return svc_export_show(m, &svc_export_cache, cp);
1544 struct seq_operations nfs_exports_op = {
1552 * Add or modify a client.
1553 * Change requests may involve the list of host addresses. The list of
1554 * exports and possibly existing uid maps are left untouched.
1557 exp_addclient(struct nfsctl_client *ncp)
1559 struct auth_domain *dom;
1562 /* First, consistency check. */
1564 if (! exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1566 if (ncp->cl_naddr > NFSCLNT_ADDRMAX)
1569 /* Lock the hashtable */
1572 dom = unix_domain_find(ncp->cl_ident);
1578 /* Insert client into hashtable. */
1579 for (i = 0; i < ncp->cl_naddr; i++)
1580 auth_unix_add_addr(ncp->cl_addrlist[i], dom);
1582 auth_unix_forget_old(dom);
1583 auth_domain_put(dom);
1594 * Delete a client given an identifier.
1597 exp_delclient(struct nfsctl_client *ncp)
1600 struct auth_domain *dom;
1603 if (!exp_verify_string(ncp->cl_ident, NFSCLNT_IDMAX))
1606 /* Lock the hashtable */
1609 dom = auth_domain_find(ncp->cl_ident);
1610 /* just make sure that no addresses work
1611 * and that it will expire soon
1614 err = auth_unix_forget_old(dom);
1615 auth_domain_put(dom);
1624 * Verify that string is non-empty and does not exceed max length.
1627 exp_verify_string(char *cp, int max)
1631 for (i = 0; i < max; i++)
1635 printk(KERN_NOTICE "nfsd: couldn't validate string %s\n", cp);
1640 * Initialize the exports module.
1643 nfsd_export_init(void)
1645 dprintk("nfsd: initializing export module.\n");
1647 cache_register(&svc_export_cache);
1648 cache_register(&svc_expkey_cache);
1653 * Flush exports table - called when last nfsd thread is killed
1656 nfsd_export_flush(void)
1659 cache_purge(&svc_expkey_cache);
1660 cache_purge(&svc_export_cache);
1665 * Shutdown the exports module.
1668 nfsd_export_shutdown(void)
1671 dprintk("nfsd: shutting down export module.\n");
1675 if (cache_unregister(&svc_expkey_cache))
1676 printk(KERN_ERR "nfsd: failed to unregister expkey cache\n");
1677 if (cache_unregister(&svc_export_cache))
1678 printk(KERN_ERR "nfsd: failed to unregister export cache\n");
1679 svcauth_unix_purge();
1682 dprintk("nfsd: export shutdown complete.\n");
projects / linux-2.6 / blob