LXR linux/fs/nfs/nfs4namespace.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/nfs/nfs4namespace.c
   4 *
   5 * Copyright (C) 2005 Trond Myklebust <Trond.Myklebust@netapp.com>
   6 * - Modified by David Howells <dhowells@redhat.com>
   7 *
   8 * NFSv4 namespace
   9 */
  10
  11#include <linux/dcache.h>
  12#include <linux/mount.h>
  13#include <linux/namei.h>
  14#include <linux/nfs_fs.h>
  15#include <linux/nfs_mount.h>
  16#include <linux/slab.h>
  17#include <linux/string.h>
  18#include <linux/sunrpc/clnt.h>
  19#include <linux/sunrpc/addr.h>
  20#include <linux/vfs.h>
  21#include <linux/inet.h>
  22#include "internal.h"
  23#include "nfs4_fs.h"
  24#include "dns_resolve.h"
  25
  26#define NFSDBG_FACILITY         NFSDBG_VFS
  27
  28/*
  29 * Convert the NFSv4 pathname components into a standard posix path.
  30 *
  31 * Note that the resulting string will be placed at the end of the buffer
  32 */
  33static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname,
  34                                         char *buffer, ssize_t buflen)
  35{
  36        char *end = buffer + buflen;
  37        int n;
  38
  39        *--end = '\0';
  40        buflen--;
  41
  42        n = pathname->ncomponents;
  43        while (--n >= 0) {
  44                const struct nfs4_string *component = &pathname->components[n];
  45                buflen -= component->len + 1;
  46                if (buflen < 0)
  47                        goto Elong;
  48                end -= component->len;
  49                memcpy(end, component->data, component->len);
  50                *--end = '/';
  51        }
  52        return end;
  53Elong:
  54        return ERR_PTR(-ENAMETOOLONG);
  55}
  56
  57/*
  58 * return the path component of "<server>:<path>"
  59 *  nfspath - the "<server>:<path>" string
  60 *  end - one past the last char that could contain "<server>:"
  61 * returns NULL on failure
  62 */
  63static char *nfs_path_component(const char *nfspath, const char *end)
  64{
  65        char *p;
  66
  67        if (*nfspath == '[') {
  68                /* parse [] escaped IPv6 addrs */
  69                p = strchr(nfspath, ']');
  70                if (p != NULL && ++p < end && *p == ':')
  71                        return p + 1;
  72        } else {
  73                /* otherwise split on first colon */
  74                p = strchr(nfspath, ':');
  75                if (p != NULL && p < end)
  76                        return p + 1;
  77        }
  78        return NULL;
  79}
  80
  81/*
  82 * Determine the mount path as a string
  83 */
  84static char *nfs4_path(struct dentry *dentry, char *buffer, ssize_t buflen)
  85{
  86        char *limit;
  87        char *path = nfs_path(&limit, dentry, buffer, buflen,
  88                              NFS_PATH_CANONICAL);
  89        if (!IS_ERR(path)) {
  90                char *path_component = nfs_path_component(path, limit);
  91                if (path_component)
  92                        return path_component;
  93        }
  94        return path;
  95}
  96
  97/*
  98 * Check that fs_locations::fs_root [RFC3530 6.3] is a prefix for what we
  99 * believe to be the server path to this dentry
 100 */
 101static int nfs4_validate_fspath(struct dentry *dentry,
 102                                const struct nfs4_fs_locations *locations,
 103                                char *page, char *page2)
 104{
 105        const char *path, *fs_path;
 106
 107        path = nfs4_path(dentry, page, PAGE_SIZE);
 108        if (IS_ERR(path))
 109                return PTR_ERR(path);
 110
 111        fs_path = nfs4_pathname_string(&locations->fs_path, page2, PAGE_SIZE);
 112        if (IS_ERR(fs_path))
 113                return PTR_ERR(fs_path);
 114
 115        if (strncmp(path, fs_path, strlen(fs_path)) != 0) {
 116                dprintk("%s: path %s does not begin with fsroot %s\n",
 117                        __func__, path, fs_path);
 118                return -ENOENT;
 119        }
 120
 121        return 0;
 122}
 123
 124static size_t nfs_parse_server_name(char *string, size_t len,
 125                struct sockaddr *sa, size_t salen, struct net *net)
 126{
 127        ssize_t ret;
 128
 129        ret = rpc_pton(net, string, len, sa, salen);
 130        if (ret == 0) {
 131                ret = nfs_dns_resolve_name(net, string, len, sa, salen);
 132                if (ret < 0)
 133                        ret = 0;
 134        }
 135        return ret;
 136}
 137
 138/**
 139 * nfs_find_best_sec - Find a security mechanism supported locally
 140 * @server: NFS server struct
 141 * @flavors: List of security tuples returned by SECINFO procedure
 142 *
 143 * Return an rpc client that uses the first security mechanism in
 144 * "flavors" that is locally supported.  The "flavors" array
 145 * is searched in the order returned from the server, per RFC 3530
 146 * recommendation and each flavor is checked for membership in the
 147 * sec= mount option list if it exists.
 148 *
 149 * Return -EPERM if no matching flavor is found in the array.
 150 *
 151 * Please call rpc_shutdown_client() when you are done with this rpc client.
 152 *
 153 */
 154static struct rpc_clnt *nfs_find_best_sec(struct rpc_clnt *clnt,
 155                                          struct nfs_server *server,
 156                                          struct nfs4_secinfo_flavors *flavors)
 157{
 158        rpc_authflavor_t pflavor;
 159        struct nfs4_secinfo4 *secinfo;
 160        unsigned int i;
 161
 162        for (i = 0; i < flavors->num_flavors; i++) {
 163                secinfo = &flavors->flavors[i];
 164
 165                switch (secinfo->flavor) {
 166                case RPC_AUTH_NULL:
 167                case RPC_AUTH_UNIX:
 168                case RPC_AUTH_GSS:
 169                        pflavor = rpcauth_get_pseudoflavor(secinfo->flavor,
 170                                                        &secinfo->flavor_info);
 171                        /* does the pseudoflavor match a sec= mount opt? */
 172                        if (pflavor != RPC_AUTH_MAXFLAVOR &&
 173                            nfs_auth_info_match(&server->auth_info, pflavor)) {
 174                                struct rpc_clnt *new;
 175                                struct rpc_cred *cred;
 176
 177                                /* Cloning creates an rpc_auth for the flavor */
 178                                new = rpc_clone_client_set_auth(clnt, pflavor);
 179                                if (IS_ERR(new))
 180                                        continue;
 181                                /**
 182                                * Check that the user actually can use the
 183                                * flavor. This is mostly for RPC_AUTH_GSS
 184                                * where cr_init obtains a gss context
 185                                */
 186                                cred = rpcauth_lookupcred(new->cl_auth, 0);
 187                                if (IS_ERR(cred)) {
 188                                        rpc_shutdown_client(new);
 189                                        continue;
 190                                }
 191                                put_rpccred(cred);
 192                                return new;
 193                        }
 194                }
 195        }
 196        return ERR_PTR(-EPERM);
 197}
 198
 199/**
 200 * nfs4_negotiate_security - in response to an NFS4ERR_WRONGSEC on lookup,
 201 * return an rpc_clnt that uses the best available security flavor with
 202 * respect to the secinfo flavor list and the sec= mount options.
 203 *
 204 * @clnt: RPC client to clone
 205 * @inode: directory inode
 206 * @name: lookup name
 207 *
 208 * Please call rpc_shutdown_client() when you are done with this rpc client.
 209 */
 210struct rpc_clnt *
 211nfs4_negotiate_security(struct rpc_clnt *clnt, struct inode *inode,
 212                                        const struct qstr *name)
 213{
 214        struct page *page;
 215        struct nfs4_secinfo_flavors *flavors;
 216        struct rpc_clnt *new;
 217        int err;
 218
 219        page = alloc_page(GFP_KERNEL);
 220        if (!page)
 221                return ERR_PTR(-ENOMEM);
 222
 223        flavors = page_address(page);
 224
 225        err = nfs4_proc_secinfo(inode, name, flavors);
 226        if (err < 0) {
 227                new = ERR_PTR(err);
 228                goto out;
 229        }
 230
 231        new = nfs_find_best_sec(clnt, NFS_SERVER(inode), flavors);
 232
 233out:
 234        put_page(page);
 235        return new;
 236}
 237
 238static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
 239                                     char *page, char *page2,
 240                                     const struct nfs4_fs_location *location)
 241{
 242        const size_t addr_bufsize = sizeof(struct sockaddr_storage);
 243        struct net *net = rpc_net_ns(NFS_SB(mountdata->sb)->client);
 244        struct vfsmount *mnt = ERR_PTR(-ENOENT);
 245        char *mnt_path;
 246        unsigned int maxbuflen;
 247        unsigned int s;
 248
 249        mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE);
 250        if (IS_ERR(mnt_path))
 251                return ERR_CAST(mnt_path);
 252        mountdata->mnt_path = mnt_path;
 253        maxbuflen = mnt_path - 1 - page2;
 254
 255        mountdata->addr = kmalloc(addr_bufsize, GFP_KERNEL);
 256        if (mountdata->addr == NULL)
 257                return ERR_PTR(-ENOMEM);
 258
 259        for (s = 0; s < location->nservers; s++) {
 260                const struct nfs4_string *buf = &location->servers[s];
 261
 262                if (buf->len <= 0 || buf->len >= maxbuflen)
 263                        continue;
 264
 265                if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len))
 266                        continue;
 267
 268                mountdata->addrlen = nfs_parse_server_name(buf->data, buf->len,
 269                                mountdata->addr, addr_bufsize, net);
 270                if (mountdata->addrlen == 0)
 271                        continue;
 272
 273                rpc_set_port(mountdata->addr, NFS_PORT);
 274
 275                memcpy(page2, buf->data, buf->len);
 276                page2[buf->len] = '\0';
 277                mountdata->hostname = page2;
 278
 279                snprintf(page, PAGE_SIZE, "%s:%s",
 280                                mountdata->hostname,
 281                                mountdata->mnt_path);
 282
 283                mnt = vfs_submount(mountdata->dentry, &nfs4_referral_fs_type, page, mountdata);
 284                if (!IS_ERR(mnt))
 285                        break;
 286        }
 287        kfree(mountdata->addr);
 288        return mnt;
 289}
 290
 291/**
 292 * nfs_follow_referral - set up mountpoint when hitting a referral on moved error
 293 * @dentry - parent directory
 294 * @locations - array of NFSv4 server location information
 295 *
 296 */
 297static struct vfsmount *nfs_follow_referral(struct dentry *dentry,
 298                                            const struct nfs4_fs_locations *locations)
 299{
 300        struct vfsmount *mnt = ERR_PTR(-ENOENT);
 301        struct nfs_clone_mount mountdata = {
 302                .sb = dentry->d_sb,
 303                .dentry = dentry,
 304                .authflavor = NFS_SB(dentry->d_sb)->client->cl_auth->au_flavor,
 305        };
 306        char *page = NULL, *page2 = NULL;
 307        int loc, error;
 308
 309        if (locations == NULL || locations->nlocations <= 0)
 310                goto out;
 311
 312        dprintk("%s: referral at %pd2\n", __func__, dentry);
 313
 314        page = (char *) __get_free_page(GFP_USER);
 315        if (!page)
 316                goto out;
 317
 318        page2 = (char *) __get_free_page(GFP_USER);
 319        if (!page2)
 320                goto out;
 321
 322        /* Ensure fs path is a prefix of current dentry path */
 323        error = nfs4_validate_fspath(dentry, locations, page, page2);
 324        if (error < 0) {
 325                mnt = ERR_PTR(error);
 326                goto out;
 327        }
 328
 329        for (loc = 0; loc < locations->nlocations; loc++) {
 330                const struct nfs4_fs_location *location = &locations->locations[loc];
 331
 332                if (location == NULL || location->nservers <= 0 ||
 333                    location->rootpath.ncomponents == 0)
 334                        continue;
 335
 336                mnt = try_location(&mountdata, page, page2, location);
 337                if (!IS_ERR(mnt))
 338                        break;
 339        }
 340
 341out:
 342        free_page((unsigned long) page);
 343        free_page((unsigned long) page2);
 344        return mnt;
 345}
 346
 347/*
 348 * nfs_do_refmount - handle crossing a referral on server
 349 * @dentry - dentry of referral
 350 *
 351 */
 352static struct vfsmount *nfs_do_refmount(struct rpc_clnt *client, struct dentry *dentry)
 353{
 354        struct vfsmount *mnt = ERR_PTR(-ENOMEM);
 355        struct dentry *parent;
 356        struct nfs4_fs_locations *fs_locations = NULL;
 357        struct page *page;
 358        int err;
 359
 360        /* BUG_ON(IS_ROOT(dentry)); */
 361        page = alloc_page(GFP_KERNEL);
 362        if (page == NULL)
 363                return mnt;
 364
 365        fs_locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL);
 366        if (fs_locations == NULL)
 367                goto out_free;
 368
 369        /* Get locations */
 370        mnt = ERR_PTR(-ENOENT);
 371
 372        parent = dget_parent(dentry);
 373        dprintk("%s: getting locations for %pd2\n",
 374                __func__, dentry);
 375
 376        err = nfs4_proc_fs_locations(client, d_inode(parent), &dentry->d_name, fs_locations, page);
 377        dput(parent);
 378        if (err != 0 ||
 379            fs_locations->nlocations <= 0 ||
 380            fs_locations->fs_path.ncomponents <= 0)
 381                goto out_free;
 382
 383        mnt = nfs_follow_referral(dentry, fs_locations);
 384out_free:
 385        __free_page(page);
 386        kfree(fs_locations);
 387        return mnt;
 388}
 389
 390struct vfsmount *nfs4_submount(struct nfs_server *server, struct dentry *dentry,
 391                               struct nfs_fh *fh, struct nfs_fattr *fattr)
 392{
 393        rpc_authflavor_t flavor = server->client->cl_auth->au_flavor;
 394        struct dentry *parent = dget_parent(dentry);
 395        struct inode *dir = d_inode(parent);
 396        const struct qstr *name = &dentry->d_name;
 397        struct rpc_clnt *client;
 398        struct vfsmount *mnt;
 399
 400        /* Look it up again to get its attributes and sec flavor */
 401        client = nfs4_proc_lookup_mountpoint(dir, name, fh, fattr);
 402        dput(parent);
 403        if (IS_ERR(client))
 404                return ERR_CAST(client);
 405
 406        if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) {
 407                mnt = nfs_do_refmount(client, dentry);
 408                goto out;
 409        }
 410
 411        if (client->cl_auth->au_flavor != flavor)
 412                flavor = client->cl_auth->au_flavor;
 413        mnt = nfs_do_submount(dentry, fh, fattr, flavor);
 414out:
 415        rpc_shutdown_client(client);
 416        return mnt;
 417}
 418
 419/*
 420 * Try one location from the fs_locations array.
 421 *
 422 * Returns zero on success, or a negative errno value.
 423 */
 424static int nfs4_try_replacing_one_location(struct nfs_server *server,
 425                char *page, char *page2,
 426                const struct nfs4_fs_location *location)
 427{
 428        const size_t addr_bufsize = sizeof(struct sockaddr_storage);
 429        struct net *net = rpc_net_ns(server->client);
 430        struct sockaddr *sap;
 431        unsigned int s;
 432        size_t salen;
 433        int error;
 434
 435        sap = kmalloc(addr_bufsize, GFP_KERNEL);
 436        if (sap == NULL)
 437                return -ENOMEM;
 438
 439        error = -ENOENT;
 440        for (s = 0; s < location->nservers; s++) {
 441                const struct nfs4_string *buf = &location->servers[s];
 442                char *hostname;
 443
 444                if (buf->len <= 0 || buf->len > PAGE_SIZE)
 445                        continue;
 446
 447                if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len) != NULL)
 448                        continue;
 449
 450                salen = nfs_parse_server_name(buf->data, buf->len,
 451                                                sap, addr_bufsize, net);
 452                if (salen == 0)
 453                        continue;
 454                rpc_set_port(sap, NFS_PORT);
 455
 456                error = -ENOMEM;
 457                hostname = kstrndup(buf->data, buf->len, GFP_KERNEL);
 458                if (hostname == NULL)
 459                        break;
 460
 461                error = nfs4_update_server(server, hostname, sap, salen, net);
 462                kfree(hostname);
 463                if (error == 0)
 464                        break;
 465        }
 466
 467        kfree(sap);
 468        return error;
 469}
 470
 471/**
 472 * nfs4_replace_transport - set up transport to destination server
 473 *
 474 * @server: export being migrated
 475 * @locations: fs_locations array
 476 *
 477 * Returns zero on success, or a negative errno value.
 478 *
 479 * The client tries all the entries in the "locations" array, in the
 480 * order returned by the server, until one works or the end of the
 481 * array is reached.
 482 */
 483int nfs4_replace_transport(struct nfs_server *server,
 484                           const struct nfs4_fs_locations *locations)
 485{
 486        char *page = NULL, *page2 = NULL;
 487        int loc, error;
 488
 489        error = -ENOENT;
 490        if (locations == NULL || locations->nlocations <= 0)
 491                goto out;
 492
 493        error = -ENOMEM;
 494        page = (char *) __get_free_page(GFP_USER);
 495        if (!page)
 496                goto out;
 497        page2 = (char *) __get_free_page(GFP_USER);
 498        if (!page2)
 499                goto out;
 500
 501        for (loc = 0; loc < locations->nlocations; loc++) {
 502                const struct nfs4_fs_location *location =
 503                                                &locations->locations[loc];
 504
 505                if (location == NULL || location->nservers <= 0 ||
 506                    location->rootpath.ncomponents == 0)
 507                        continue;
 508
 509                error = nfs4_try_replacing_one_location(server, page,
 510                                                        page2, location);
 511                if (error == 0)
 512                        break;
 513        }
 514
 515out:
 516        free_page((unsigned long)page);
 517        free_page((unsigned long)page2);
 518        return error;
 519}
 520