LXR linux/fs/nfs/nfs4namespace.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/nfs/nfs4namespace.c
   4 *
   5 * Copyright (C) 2005 Trond Myklebust <Trond.Myklebust@netapp.com>
   6 * - Modified by David Howells <dhowells@redhat.com>
   7 *
   8 * NFSv4 namespace
   9 */
  10
  11#include <linux/dcache.h>
  12#include <linux/mount.h>
  13#include <linux/namei.h>
  14#include <linux/nfs_fs.h>
  15#include <linux/nfs_mount.h>
  16#include <linux/slab.h>
  17#include <linux/string.h>
  18#include <linux/sunrpc/clnt.h>
  19#include <linux/sunrpc/addr.h>
  20#include <linux/vfs.h>
  21#include <linux/inet.h>
  22#include "internal.h"
  23#include "nfs4_fs.h"
  24#include "dns_resolve.h"
  25
  26#define NFSDBG_FACILITY         NFSDBG_VFS
  27
  28/*
  29 * Convert the NFSv4 pathname components into a standard posix path.
  30 *
  31 * Note that the resulting string will be placed at the end of the buffer
  32 */
  33static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname,
  34                                         char *buffer, ssize_t buflen)
  35{
  36        char *end = buffer + buflen;
  37        int n;
  38
  39        *--end = '\0';
  40        buflen--;
  41
  42        n = pathname->ncomponents;
  43        while (--n >= 0) {
  44                const struct nfs4_string *component = &pathname->components[n];
  45                buflen -= component->len + 1;
  46                if (buflen < 0)
  47                        goto Elong;
  48                end -= component->len;
  49                memcpy(end, component->data, component->len);
  50                *--end = '/';
  51        }
  52        return end;
  53Elong:
  54        return ERR_PTR(-ENAMETOOLONG);
  55}
  56
  57/*
  58 * return the path component of "<server>:<path>"
  59 *  nfspath - the "<server>:<path>" string
  60 *  end - one past the last char that could contain "<server>:"
  61 * returns NULL on failure
  62 */
  63static char *nfs_path_component(const char *nfspath, const char *end)
  64{
  65        char *p;
  66
  67        if (*nfspath == '[') {
  68                /* parse [] escaped IPv6 addrs */
  69                p = strchr(nfspath, ']');
  70                if (p != NULL && ++p < end && *p == ':')
  71                        return p + 1;
  72        } else {
  73                /* otherwise split on first colon */
  74                p = strchr(nfspath, ':');
  75                if (p != NULL && p < end)
  76                        return p + 1;
  77        }
  78        return NULL;
  79}
  80
  81/*
  82 * Determine the mount path as a string
  83 */
  84static char *nfs4_path(struct dentry *dentry, char *buffer, ssize_t buflen)
  85{
  86        char *limit;
  87        char *path = nfs_path(&limit, dentry, buffer, buflen,
  88                              NFS_PATH_CANONICAL);
  89        if (!IS_ERR(path)) {
  90                char *path_component = nfs_path_component(path, limit);
  91                if (path_component)
  92                        return path_component;
  93        }
  94        return path;
  95}
  96
  97/*
  98 * Check that fs_locations::fs_root [RFC3530 6.3] is a prefix for what we
  99 * believe to be the server path to this dentry
 100 */
 101static int nfs4_validate_fspath(struct dentry *dentry,
 102                                const struct nfs4_fs_locations *locations,
 103                                char *page, char *page2)
 104{
 105        const char *path, *fs_path;
 106
 107        path = nfs4_path(dentry, page, PAGE_SIZE);
 108        if (IS_ERR(path))
 109                return PTR_ERR(path);
 110
 111        fs_path = nfs4_pathname_string(&locations->fs_path, page2, PAGE_SIZE);
 112        if (IS_ERR(fs_path))
 113                return PTR_ERR(fs_path);
 114
 115        if (strncmp(path, fs_path, strlen(fs_path)) != 0) {
 116                dprintk("%s: path %s does not begin with fsroot %s\n",
 117                        __func__, path, fs_path);
 118                return -ENOENT;
 119        }
 120
 121        return 0;
 122}
 123
 124static size_t nfs_parse_server_name(char *string, size_t len,
 125                struct sockaddr *sa, size_t salen, struct net *net)
 126{
 127        ssize_t ret;
 128
 129        ret = rpc_pton(net, string, len, sa, salen);
 130        if (ret == 0) {
 131                ret = nfs_dns_resolve_name(net, string, len, sa, salen);
 132                if (ret < 0)
 133                        ret = 0;
 134        }
 135        return ret;
 136}
 137
 138/**
 139 * nfs_find_best_sec - Find a security mechanism supported locally
 140 * @server: NFS server struct
 141 * @flavors: List of security tuples returned by SECINFO procedure
 142 *
 143 * Return an rpc client that uses the first security mechanism in
 144 * "flavors" that is locally supported.  The "flavors" array
 145 * is searched in the order returned from the server, per RFC 3530
 146 * recommendation and each flavor is checked for membership in the
 147 * sec= mount option list if it exists.
 148 *
 149 * Return -EPERM if no matching flavor is found in the array.
 150 *
 151 * Please call rpc_shutdown_client() when you are done with this rpc client.
 152 *
 153 */
 154static struct rpc_clnt *nfs_find_best_sec(struct rpc_clnt *clnt,
 155                                          struct nfs_server *server,
 156                                          struct nfs4_secinfo_flavors *flavors)
 157{
 158        rpc_authflavor_t pflavor;
 159        struct nfs4_secinfo4 *secinfo;
 160        unsigned int i;
 161
 162        for (i = 0; i < flavors->num_flavors; i++) {
 163                secinfo = &flavors->flavors[i];
 164
 165                switch (secinfo->flavor) {
 166                case RPC_AUTH_NULL:
 167                case RPC_AUTH_UNIX:
 168                case RPC_AUTH_GSS:
 169                        pflavor = rpcauth_get_pseudoflavor(secinfo->flavor,
 170                                                        &secinfo->flavor_info);
 171                        /* does the pseudoflavor match a sec= mount opt? */
 172                        if (pflavor != RPC_AUTH_MAXFLAVOR &&
 173                            nfs_auth_info_match(&server->auth_info, pflavor)) {
 174                                struct rpc_clnt *new;
 175                                struct rpc_cred *cred;
 176
 177                                /* Cloning creates an rpc_auth for the flavor */
 178                                new = rpc_clone_client_set_auth(clnt, pflavor);
 179                                if (IS_ERR(new))
 180                                        continue;
 181                                /**
 182                                * Check that the user actually can use the
 183                                * flavor. This is mostly for RPC_AUTH_GSS
 184                                * where cr_init obtains a gss context
 185                                */
 186                                cred = rpcauth_lookupcred(new->cl_auth, 0);
 187                                if (IS_ERR(cred)) {
 188                                        rpc_shutdown_client(new);
 189                                        continue;
 190                                }
 191                                put_rpccred(cred);
 192                                return new;
 193                        }
 194                }
 195        }
 196        return ERR_PTR(-EPERM);
 197}
 198
 199/**
 200 * nfs4_negotiate_security - in response to an NFS4ERR_WRONGSEC on lookup,
 201 * return an rpc_clnt that uses the best available security flavor with
 202 * respect to the secinfo flavor list and the sec= mount options.
 203 *
 204 * @clnt: RPC client to clone
 205 * @inode: directory inode
 206 * @name: lookup name
 207 *
 208 * Please call rpc_shutdown_client() when you are done with this rpc client.
 209 */
 210struct rpc_clnt *
 211nfs4_negotiate_security(struct rpc_clnt *clnt, struct inode *inode,
 212                                        const struct qstr *name)
 213{
 214        struct page *page;
 215        struct nfs4_secinfo_flavors *flavors;
 216        struct rpc_clnt *new;
 217        int err;
 218
 219        page = alloc_page(GFP_KERNEL);
 220        if (!page)
 221                return ERR_PTR(-ENOMEM);
 222
 223        flavors = page_address(page);
 224
 225        err = nfs4_proc_secinfo(inode, name, flavors);
 226        if (err < 0) {
 227                new = ERR_PTR(err);
 228                goto out;
 229        }
 230
 231        new = nfs_find_best_sec(clnt, NFS_SERVER(inode), flavors);
 232
 233out:
 234        put_page(page);
 235        return new;
 236}
 237
 238static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
 239                                     char *page, char *page2,
 240                                     const struct nfs4_fs_location *location)
 241{
 242        const size_t addr_bufsize = sizeof(struct sockaddr_storage);
 243        struct net *net = rpc_net_ns(NFS_SB(mountdata->sb)->client);
 244        struct vfsmount *mnt = ERR_PTR(-ENOENT);
 245        char *mnt_path;
 246        unsigned int maxbuflen;
 247        unsigned int s;
 248
 249        mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE);
 250        if (IS_ERR(mnt_path))
 251                return ERR_CAST(mnt_path);
 252        mountdata->mnt_path = mnt_path;
 253        maxbuflen = mnt_path - 1 - page2;
 254
 255        mountdata->addr = kmalloc(addr_bufsize, GFP_KERNEL);
 256        if (mountdata->addr == NULL)
 257                return ERR_PTR(-ENOMEM);
 258
 259        for (s = 0; s < location->nservers; s++) {
 260                const struct nfs4_string *buf = &location->servers[s];
 261
 262                if (buf->len <= 0 || buf->len >= maxbuflen)
 263                        continue;
 264
 265                if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len))
 266                        continue;
 267
 268                mountdata->addrlen = nfs_parse_server_name(buf->data, buf->len,
 269                                mountdata->addr, addr_bufsize, net);
 270                if (mountdata->addrlen == 0)
 271                        continue;
 272
 273                memcpy(page2, buf->data, buf->len);
 274                page2[buf->len] = '\0';
 275                mountdata->hostname = page2;
 276
 277                snprintf(page, PAGE_SIZE, "%s:%s",
 278                                mountdata->hostname,
 279                                mountdata->mnt_path);
 280
 281                mnt = vfs_submount(mountdata->dentry, &nfs4_referral_fs_type, page, mountdata);
 282                if (!IS_ERR(mnt))
 283                        break;
 284        }
 285        kfree(mountdata->addr);
 286        return mnt;
 287}
 288
 289/**
 290 * nfs_follow_referral - set up mountpoint when hitting a referral on moved error
 291 * @dentry - parent directory
 292 * @locations - array of NFSv4 server location information
 293 *
 294 */
 295static struct vfsmount *nfs_follow_referral(struct dentry *dentry,
 296                                            const struct nfs4_fs_locations *locations)
 297{
 298        struct vfsmount *mnt = ERR_PTR(-ENOENT);
 299        struct nfs_clone_mount mountdata = {
 300                .sb = dentry->d_sb,
 301                .dentry = dentry,
 302                .authflavor = NFS_SB(dentry->d_sb)->client->cl_auth->au_flavor,
 303        };
 304        char *page = NULL, *page2 = NULL;
 305        int loc, error;
 306
 307        if (locations == NULL || locations->nlocations <= 0)
 308                goto out;
 309
 310        dprintk("%s: referral at %pd2\n", __func__, dentry);
 311
 312        page = (char *) __get_free_page(GFP_USER);
 313        if (!page)
 314                goto out;
 315
 316        page2 = (char *) __get_free_page(GFP_USER);
 317        if (!page2)
 318                goto out;
 319
 320        /* Ensure fs path is a prefix of current dentry path */
 321        error = nfs4_validate_fspath(dentry, locations, page, page2);
 322        if (error < 0) {
 323                mnt = ERR_PTR(error);
 324                goto out;
 325        }
 326
 327        for (loc = 0; loc < locations->nlocations; loc++) {
 328                const struct nfs4_fs_location *location = &locations->locations[loc];
 329
 330                if (location == NULL || location->nservers <= 0 ||
 331                    location->rootpath.ncomponents == 0)
 332                        continue;
 333
 334                mnt = try_location(&mountdata, page, page2, location);
 335                if (!IS_ERR(mnt))
 336                        break;
 337        }
 338
 339out:
 340        free_page((unsigned long) page);
 341        free_page((unsigned long) page2);
 342        return mnt;
 343}
 344
 345/*
 346 * nfs_do_refmount - handle crossing a referral on server
 347 * @dentry - dentry of referral
 348 *
 349 */
 350static struct vfsmount *nfs_do_refmount(struct rpc_clnt *client, struct dentry *dentry)
 351{
 352        struct vfsmount *mnt = ERR_PTR(-ENOMEM);
 353        struct dentry *parent;
 354        struct nfs4_fs_locations *fs_locations = NULL;
 355        struct page *page;
 356        int err;
 357
 358        /* BUG_ON(IS_ROOT(dentry)); */
 359        page = alloc_page(GFP_KERNEL);
 360        if (page == NULL)
 361                return mnt;
 362
 363        fs_locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL);
 364        if (fs_locations == NULL)
 365                goto out_free;
 366
 367        /* Get locations */
 368        mnt = ERR_PTR(-ENOENT);
 369
 370        parent = dget_parent(dentry);
 371        dprintk("%s: getting locations for %pd2\n",
 372                __func__, dentry);
 373
 374        err = nfs4_proc_fs_locations(client, d_inode(parent), &dentry->d_name, fs_locations, page);
 375        dput(parent);
 376        if (err != 0 ||
 377            fs_locations->nlocations <= 0 ||
 378            fs_locations->fs_path.ncomponents <= 0)
 379                goto out_free;
 380
 381        mnt = nfs_follow_referral(dentry, fs_locations);
 382out_free:
 383        __free_page(page);
 384        kfree(fs_locations);
 385        return mnt;
 386}
 387
 388struct vfsmount *nfs4_submount(struct nfs_server *server, struct dentry *dentry,
 389                               struct nfs_fh *fh, struct nfs_fattr *fattr)
 390{
 391        rpc_authflavor_t flavor = server->client->cl_auth->au_flavor;
 392        struct dentry *parent = dget_parent(dentry);
 393        struct inode *dir = d_inode(parent);
 394        const struct qstr *name = &dentry->d_name;
 395        struct rpc_clnt *client;
 396        struct vfsmount *mnt;
 397
 398        /* Look it up again to get its attributes and sec flavor */
 399        client = nfs4_proc_lookup_mountpoint(dir, name, fh, fattr);
 400        dput(parent);
 401        if (IS_ERR(client))
 402                return ERR_CAST(client);
 403
 404        if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) {
 405                mnt = nfs_do_refmount(client, dentry);
 406                goto out;
 407        }
 408
 409        if (client->cl_auth->au_flavor != flavor)
 410                flavor = client->cl_auth->au_flavor;
 411        mnt = nfs_do_submount(dentry, fh, fattr, flavor);
 412out:
 413        rpc_shutdown_client(client);
 414        return mnt;
 415}
 416
 417/*
 418 * Try one location from the fs_locations array.
 419 *
 420 * Returns zero on success, or a negative errno value.
 421 */
 422static int nfs4_try_replacing_one_location(struct nfs_server *server,
 423                char *page, char *page2,
 424                const struct nfs4_fs_location *location)
 425{
 426        const size_t addr_bufsize = sizeof(struct sockaddr_storage);
 427        struct net *net = rpc_net_ns(server->client);
 428        struct sockaddr *sap;
 429        unsigned int s;
 430        size_t salen;
 431        int error;
 432
 433        sap = kmalloc(addr_bufsize, GFP_KERNEL);
 434        if (sap == NULL)
 435                return -ENOMEM;
 436
 437        error = -ENOENT;
 438        for (s = 0; s < location->nservers; s++) {
 439                const struct nfs4_string *buf = &location->servers[s];
 440                char *hostname;
 441
 442                if (buf->len <= 0 || buf->len > PAGE_SIZE)
 443                        continue;
 444
 445                if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len) != NULL)
 446                        continue;
 447
 448                salen = nfs_parse_server_name(buf->data, buf->len,
 449                                                sap, addr_bufsize, net);
 450                if (salen == 0)
 451                        continue;
 452                rpc_set_port(sap, NFS_PORT);
 453
 454                error = -ENOMEM;
 455                hostname = kstrndup(buf->data, buf->len, GFP_KERNEL);
 456                if (hostname == NULL)
 457                        break;
 458
 459                error = nfs4_update_server(server, hostname, sap, salen, net);
 460                kfree(hostname);
 461                if (error == 0)
 462                        break;
 463        }
 464
 465        kfree(sap);
 466        return error;
 467}
 468
 469/**
 470 * nfs4_replace_transport - set up transport to destination server
 471 *
 472 * @server: export being migrated
 473 * @locations: fs_locations array
 474 *
 475 * Returns zero on success, or a negative errno value.
 476 *
 477 * The client tries all the entries in the "locations" array, in the
 478 * order returned by the server, until one works or the end of the
 479 * array is reached.
 480 */
 481int nfs4_replace_transport(struct nfs_server *server,
 482                           const struct nfs4_fs_locations *locations)
 483{
 484        char *page = NULL, *page2 = NULL;
 485        int loc, error;
 486
 487        error = -ENOENT;
 488        if (locations == NULL || locations->nlocations <= 0)
 489                goto out;
 490
 491        error = -ENOMEM;
 492        page = (char *) __get_free_page(GFP_USER);
 493        if (!page)
 494                goto out;
 495        page2 = (char *) __get_free_page(GFP_USER);
 496        if (!page2)
 497                goto out;
 498
 499        for (loc = 0; loc < locations->nlocations; loc++) {
 500                const struct nfs4_fs_location *location =
 501                                                &locations->locations[loc];
 502
 503                if (location == NULL || location->nservers <= 0 ||
 504                    location->rootpath.ncomponents == 0)
 505                        continue;
 506
 507                error = nfs4_try_replacing_one_location(server, page,
 508                                                        page2, location);
 509                if (error == 0)
 510                        break;
 511        }
 512
 513out:
 514        free_page((unsigned long)page);
 515        free_page((unsigned long)page2);
 516        return error;
 517}
 518