nfs4namespace.c (14136B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * linux/fs/nfs/nfs4namespace.c 4 * 5 * Copyright (C) 2005 Trond Myklebust <Trond.Myklebust@netapp.com> 6 * - Modified by David Howells <dhowells@redhat.com> 7 * 8 * NFSv4 namespace 9 */ 10 11#include <linux/module.h> 12#include <linux/dcache.h> 13#include <linux/mount.h> 14#include <linux/namei.h> 15#include <linux/nfs_fs.h> 16#include <linux/nfs_mount.h> 17#include <linux/slab.h> 18#include <linux/string.h> 19#include <linux/sunrpc/clnt.h> 20#include <linux/sunrpc/addr.h> 21#include <linux/vfs.h> 22#include <linux/inet.h> 23#include "internal.h" 24#include "nfs4_fs.h" 25#include "nfs.h" 26#include "dns_resolve.h" 27 28#define NFSDBG_FACILITY NFSDBG_VFS 29 30/* 31 * Work out the length that an NFSv4 path would render to as a standard posix 32 * path, with a leading slash but no terminating slash. 33 */ 34static ssize_t nfs4_pathname_len(const struct nfs4_pathname *pathname) 35{ 36 ssize_t len = 0; 37 int i; 38 39 for (i = 0; i < pathname->ncomponents; i++) { 40 const struct nfs4_string *component = &pathname->components[i]; 41 42 if (component->len > NAME_MAX) 43 goto too_long; 44 len += 1 + component->len; /* Adding "/foo" */ 45 if (len > PATH_MAX) 46 goto too_long; 47 } 48 return len; 49 50too_long: 51 return -ENAMETOOLONG; 52} 53 54/* 55 * Convert the NFSv4 pathname components into a standard posix path. 56 */ 57static char *nfs4_pathname_string(const struct nfs4_pathname *pathname, 58 unsigned short *_len) 59{ 60 ssize_t len; 61 char *buf, *p; 62 int i; 63 64 len = nfs4_pathname_len(pathname); 65 if (len < 0) 66 return ERR_PTR(len); 67 *_len = len; 68 69 p = buf = kmalloc(len + 1, GFP_KERNEL); 70 if (!buf) 71 return ERR_PTR(-ENOMEM); 72 73 for (i = 0; i < pathname->ncomponents; i++) { 74 const struct nfs4_string *component = &pathname->components[i]; 75 76 *p++ = '/'; 77 memcpy(p, component->data, component->len); 78 p += component->len; 79 } 80 81 *p = 0; 82 return buf; 83} 84 85/* 86 * return the path component of "<server>:<path>" 87 * nfspath - the "<server>:<path>" string 88 * end - one past the last char that could contain "<server>:" 89 * returns NULL on failure 90 */ 91static char *nfs_path_component(const char *nfspath, const char *end) 92{ 93 char *p; 94 95 if (*nfspath == '[') { 96 /* parse [] escaped IPv6 addrs */ 97 p = strchr(nfspath, ']'); 98 if (p != NULL && ++p < end && *p == ':') 99 return p + 1; 100 } else { 101 /* otherwise split on first colon */ 102 p = strchr(nfspath, ':'); 103 if (p != NULL && p < end) 104 return p + 1; 105 } 106 return NULL; 107} 108 109/* 110 * Determine the mount path as a string 111 */ 112static char *nfs4_path(struct dentry *dentry, char *buffer, ssize_t buflen) 113{ 114 char *limit; 115 char *path = nfs_path(&limit, dentry, buffer, buflen, 116 NFS_PATH_CANONICAL); 117 if (!IS_ERR(path)) { 118 char *path_component = nfs_path_component(path, limit); 119 if (path_component) 120 return path_component; 121 } 122 return path; 123} 124 125/* 126 * Check that fs_locations::fs_root [RFC3530 6.3] is a prefix for what we 127 * believe to be the server path to this dentry 128 */ 129static int nfs4_validate_fspath(struct dentry *dentry, 130 const struct nfs4_fs_locations *locations, 131 struct nfs_fs_context *ctx) 132{ 133 const char *path; 134 char *fs_path; 135 unsigned short len; 136 char *buf; 137 int n; 138 139 buf = kmalloc(4096, GFP_KERNEL); 140 if (!buf) 141 return -ENOMEM; 142 143 path = nfs4_path(dentry, buf, 4096); 144 if (IS_ERR(path)) { 145 kfree(buf); 146 return PTR_ERR(path); 147 } 148 149 fs_path = nfs4_pathname_string(&locations->fs_path, &len); 150 if (IS_ERR(fs_path)) { 151 kfree(buf); 152 return PTR_ERR(fs_path); 153 } 154 155 n = strncmp(path, fs_path, len); 156 kfree(buf); 157 kfree(fs_path); 158 if (n != 0) { 159 dprintk("%s: path %s does not begin with fsroot %s\n", 160 __func__, path, ctx->nfs_server.export_path); 161 return -ENOENT; 162 } 163 164 return 0; 165} 166 167size_t nfs_parse_server_name(char *string, size_t len, struct sockaddr *sa, 168 size_t salen, struct net *net, int port) 169{ 170 ssize_t ret; 171 172 ret = rpc_pton(net, string, len, sa, salen); 173 if (ret == 0) { 174 ret = rpc_uaddr2sockaddr(net, string, len, sa, salen); 175 if (ret == 0) { 176 ret = nfs_dns_resolve_name(net, string, len, sa, salen); 177 if (ret < 0) 178 ret = 0; 179 } 180 } else if (port) { 181 rpc_set_port(sa, port); 182 } 183 return ret; 184} 185 186/** 187 * nfs_find_best_sec - Find a security mechanism supported locally 188 * @clnt: pointer to rpc_clnt 189 * @server: NFS server struct 190 * @flavors: List of security tuples returned by SECINFO procedure 191 * 192 * Return an rpc client that uses the first security mechanism in 193 * "flavors" that is locally supported. The "flavors" array 194 * is searched in the order returned from the server, per RFC 3530 195 * recommendation and each flavor is checked for membership in the 196 * sec= mount option list if it exists. 197 * 198 * Return -EPERM if no matching flavor is found in the array. 199 * 200 * Please call rpc_shutdown_client() when you are done with this rpc client. 201 * 202 */ 203static struct rpc_clnt *nfs_find_best_sec(struct rpc_clnt *clnt, 204 struct nfs_server *server, 205 struct nfs4_secinfo_flavors *flavors) 206{ 207 rpc_authflavor_t pflavor; 208 struct nfs4_secinfo4 *secinfo; 209 unsigned int i; 210 211 for (i = 0; i < flavors->num_flavors; i++) { 212 secinfo = &flavors->flavors[i]; 213 214 switch (secinfo->flavor) { 215 case RPC_AUTH_NULL: 216 case RPC_AUTH_UNIX: 217 case RPC_AUTH_GSS: 218 pflavor = rpcauth_get_pseudoflavor(secinfo->flavor, 219 &secinfo->flavor_info); 220 /* does the pseudoflavor match a sec= mount opt? */ 221 if (pflavor != RPC_AUTH_MAXFLAVOR && 222 nfs_auth_info_match(&server->auth_info, pflavor)) { 223 struct rpc_clnt *new; 224 struct rpc_cred *cred; 225 226 /* Cloning creates an rpc_auth for the flavor */ 227 new = rpc_clone_client_set_auth(clnt, pflavor); 228 if (IS_ERR(new)) 229 continue; 230 /** 231 * Check that the user actually can use the 232 * flavor. This is mostly for RPC_AUTH_GSS 233 * where cr_init obtains a gss context 234 */ 235 cred = rpcauth_lookupcred(new->cl_auth, 0); 236 if (IS_ERR(cred)) { 237 rpc_shutdown_client(new); 238 continue; 239 } 240 put_rpccred(cred); 241 return new; 242 } 243 } 244 } 245 return ERR_PTR(-EPERM); 246} 247 248/** 249 * nfs4_negotiate_security - in response to an NFS4ERR_WRONGSEC on lookup, 250 * return an rpc_clnt that uses the best available security flavor with 251 * respect to the secinfo flavor list and the sec= mount options. 252 * 253 * @clnt: RPC client to clone 254 * @inode: directory inode 255 * @name: lookup name 256 * 257 * Please call rpc_shutdown_client() when you are done with this rpc client. 258 */ 259struct rpc_clnt * 260nfs4_negotiate_security(struct rpc_clnt *clnt, struct inode *inode, 261 const struct qstr *name) 262{ 263 struct page *page; 264 struct nfs4_secinfo_flavors *flavors; 265 struct rpc_clnt *new; 266 int err; 267 268 page = alloc_page(GFP_KERNEL); 269 if (!page) 270 return ERR_PTR(-ENOMEM); 271 272 flavors = page_address(page); 273 274 err = nfs4_proc_secinfo(inode, name, flavors); 275 if (err < 0) { 276 new = ERR_PTR(err); 277 goto out; 278 } 279 280 new = nfs_find_best_sec(clnt, NFS_SERVER(inode), flavors); 281 282out: 283 put_page(page); 284 return new; 285} 286 287static int try_location(struct fs_context *fc, 288 const struct nfs4_fs_location *location) 289{ 290 struct nfs_fs_context *ctx = nfs_fc2context(fc); 291 unsigned int len, s; 292 char *export_path, *source, *p; 293 int ret = -ENOENT; 294 295 /* Allocate a buffer big enough to hold any of the hostnames plus a 296 * terminating char and also a buffer big enough to hold the hostname 297 * plus a colon plus the path. 298 */ 299 len = 0; 300 for (s = 0; s < location->nservers; s++) { 301 const struct nfs4_string *buf = &location->servers[s]; 302 if (buf->len > len) 303 len = buf->len; 304 } 305 306 kfree(ctx->nfs_server.hostname); 307 ctx->nfs_server.hostname = kmalloc(len + 1, GFP_KERNEL); 308 if (!ctx->nfs_server.hostname) 309 return -ENOMEM; 310 311 export_path = nfs4_pathname_string(&location->rootpath, 312 &ctx->nfs_server.export_path_len); 313 if (IS_ERR(export_path)) 314 return PTR_ERR(export_path); 315 316 kfree(ctx->nfs_server.export_path); 317 ctx->nfs_server.export_path = export_path; 318 319 source = kmalloc(len + 1 + ctx->nfs_server.export_path_len + 1, 320 GFP_KERNEL); 321 if (!source) 322 return -ENOMEM; 323 324 kfree(fc->source); 325 fc->source = source; 326 for (s = 0; s < location->nservers; s++) { 327 const struct nfs4_string *buf = &location->servers[s]; 328 329 if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len)) 330 continue; 331 332 ctx->nfs_server.addrlen = 333 nfs_parse_server_name(buf->data, buf->len, 334 &ctx->nfs_server.address, 335 sizeof(ctx->nfs_server._address), 336 fc->net_ns, 0); 337 if (ctx->nfs_server.addrlen == 0) 338 continue; 339 340 rpc_set_port(&ctx->nfs_server.address, NFS_PORT); 341 342 memcpy(ctx->nfs_server.hostname, buf->data, buf->len); 343 ctx->nfs_server.hostname[buf->len] = '\0'; 344 345 p = source; 346 memcpy(p, buf->data, buf->len); 347 p += buf->len; 348 *p++ = ':'; 349 memcpy(p, ctx->nfs_server.export_path, ctx->nfs_server.export_path_len); 350 p += ctx->nfs_server.export_path_len; 351 *p = 0; 352 353 ret = nfs4_get_referral_tree(fc); 354 if (ret == 0) 355 return 0; 356 } 357 358 return ret; 359} 360 361/** 362 * nfs_follow_referral - set up mountpoint when hitting a referral on moved error 363 * @fc: pointer to struct nfs_fs_context 364 * @locations: array of NFSv4 server location information 365 * 366 */ 367static int nfs_follow_referral(struct fs_context *fc, 368 const struct nfs4_fs_locations *locations) 369{ 370 struct nfs_fs_context *ctx = nfs_fc2context(fc); 371 int loc, error; 372 373 if (locations == NULL || locations->nlocations <= 0) 374 return -ENOENT; 375 376 dprintk("%s: referral at %pd2\n", __func__, ctx->clone_data.dentry); 377 378 /* Ensure fs path is a prefix of current dentry path */ 379 error = nfs4_validate_fspath(ctx->clone_data.dentry, locations, ctx); 380 if (error < 0) 381 return error; 382 383 error = -ENOENT; 384 for (loc = 0; loc < locations->nlocations; loc++) { 385 const struct nfs4_fs_location *location = &locations->locations[loc]; 386 387 if (location == NULL || location->nservers <= 0 || 388 location->rootpath.ncomponents == 0) 389 continue; 390 391 error = try_location(fc, location); 392 if (error == 0) 393 return 0; 394 } 395 396 return error; 397} 398 399/* 400 * nfs_do_refmount - handle crossing a referral on server 401 * @dentry - dentry of referral 402 * 403 */ 404static int nfs_do_refmount(struct fs_context *fc, struct rpc_clnt *client) 405{ 406 struct nfs_fs_context *ctx = nfs_fc2context(fc); 407 struct dentry *dentry, *parent; 408 struct nfs4_fs_locations *fs_locations = NULL; 409 struct page *page; 410 int err = -ENOMEM; 411 412 /* BUG_ON(IS_ROOT(dentry)); */ 413 page = alloc_page(GFP_KERNEL); 414 if (!page) 415 return -ENOMEM; 416 417 fs_locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL); 418 if (!fs_locations) 419 goto out_free; 420 fs_locations->fattr = nfs_alloc_fattr(); 421 if (!fs_locations->fattr) 422 goto out_free_2; 423 424 /* Get locations */ 425 dentry = ctx->clone_data.dentry; 426 parent = dget_parent(dentry); 427 dprintk("%s: getting locations for %pd2\n", 428 __func__, dentry); 429 430 err = nfs4_proc_fs_locations(client, d_inode(parent), &dentry->d_name, fs_locations, page); 431 dput(parent); 432 if (err != 0) 433 goto out_free_3; 434 435 err = -ENOENT; 436 if (fs_locations->nlocations <= 0 || 437 fs_locations->fs_path.ncomponents <= 0) 438 goto out_free_3; 439 440 err = nfs_follow_referral(fc, fs_locations); 441out_free_3: 442 kfree(fs_locations->fattr); 443out_free_2: 444 kfree(fs_locations); 445out_free: 446 __free_page(page); 447 return err; 448} 449 450int nfs4_submount(struct fs_context *fc, struct nfs_server *server) 451{ 452 struct nfs_fs_context *ctx = nfs_fc2context(fc); 453 struct dentry *dentry = ctx->clone_data.dentry; 454 struct dentry *parent = dget_parent(dentry); 455 struct inode *dir = d_inode(parent); 456 struct rpc_clnt *client; 457 int ret; 458 459 /* Look it up again to get its attributes and sec flavor */ 460 client = nfs4_proc_lookup_mountpoint(dir, dentry, ctx->mntfh, 461 ctx->clone_data.fattr); 462 dput(parent); 463 if (IS_ERR(client)) 464 return PTR_ERR(client); 465 466 ctx->selected_flavor = client->cl_auth->au_flavor; 467 if (ctx->clone_data.fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) { 468 ret = nfs_do_refmount(fc, client); 469 } else { 470 ret = nfs_do_submount(fc); 471 } 472 473 rpc_shutdown_client(client); 474 return ret; 475} 476 477/* 478 * Try one location from the fs_locations array. 479 * 480 * Returns zero on success, or a negative errno value. 481 */ 482static int nfs4_try_replacing_one_location(struct nfs_server *server, 483 char *page, char *page2, 484 const struct nfs4_fs_location *location) 485{ 486 const size_t addr_bufsize = sizeof(struct sockaddr_storage); 487 struct net *net = rpc_net_ns(server->client); 488 struct sockaddr *sap; 489 unsigned int s; 490 size_t salen; 491 int error; 492 493 sap = kmalloc(addr_bufsize, GFP_KERNEL); 494 if (sap == NULL) 495 return -ENOMEM; 496 497 error = -ENOENT; 498 for (s = 0; s < location->nservers; s++) { 499 const struct nfs4_string *buf = &location->servers[s]; 500 char *hostname; 501 502 if (buf->len <= 0 || buf->len > PAGE_SIZE) 503 continue; 504 505 if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len) != NULL) 506 continue; 507 508 salen = nfs_parse_server_name(buf->data, buf->len, 509 sap, addr_bufsize, net, 0); 510 if (salen == 0) 511 continue; 512 rpc_set_port(sap, NFS_PORT); 513 514 error = -ENOMEM; 515 hostname = kmemdup_nul(buf->data, buf->len, GFP_KERNEL); 516 if (hostname == NULL) 517 break; 518 519 error = nfs4_update_server(server, hostname, sap, salen, net); 520 kfree(hostname); 521 if (error == 0) 522 break; 523 } 524 525 kfree(sap); 526 return error; 527} 528 529/** 530 * nfs4_replace_transport - set up transport to destination server 531 * 532 * @server: export being migrated 533 * @locations: fs_locations array 534 * 535 * Returns zero on success, or a negative errno value. 536 * 537 * The client tries all the entries in the "locations" array, in the 538 * order returned by the server, until one works or the end of the 539 * array is reached. 540 */ 541int nfs4_replace_transport(struct nfs_server *server, 542 const struct nfs4_fs_locations *locations) 543{ 544 char *page = NULL, *page2 = NULL; 545 int loc, error; 546 547 error = -ENOENT; 548 if (locations == NULL || locations->nlocations <= 0) 549 goto out; 550 551 error = -ENOMEM; 552 page = (char *) __get_free_page(GFP_USER); 553 if (!page) 554 goto out; 555 page2 = (char *) __get_free_page(GFP_USER); 556 if (!page2) 557 goto out; 558 559 for (loc = 0; loc < locations->nlocations; loc++) { 560 const struct nfs4_fs_location *location = 561 &locations->locations[loc]; 562 563 if (location == NULL || location->nservers <= 0 || 564 location->rootpath.ncomponents == 0) 565 continue; 566 567 error = nfs4_try_replacing_one_location(server, page, 568 page2, location); 569 if (error == 0) 570 break; 571 } 572 573out: 574 free_page((unsigned long)page); 575 free_page((unsigned long)page2); 576 return error; 577}