1 // SPDX-License-Identifier: GPL-2.0
3 * linux/fs/nfs/nfs4namespace.c
5 * Copyright (C) 2005 Trond Myklebust <Trond.Myklebust@netapp.com>
6 * - Modified by David Howells <dhowells@redhat.com>
11 #include <linux/dcache.h>
12 #include <linux/mount.h>
13 #include <linux/namei.h>
14 #include <linux/nfs_fs.h>
15 #include <linux/nfs_mount.h>
16 #include <linux/slab.h>
17 #include <linux/string.h>
18 #include <linux/sunrpc/clnt.h>
19 #include <linux/sunrpc/addr.h>
20 #include <linux/vfs.h>
21 #include <linux/inet.h>
24 #include "dns_resolve.h"
26 #define NFSDBG_FACILITY NFSDBG_VFS
29 * Convert the NFSv4 pathname components into a standard posix path.
31 * Note that the resulting string will be placed at the end of the buffer
33 static inline char *nfs4_pathname_string(const struct nfs4_pathname
*pathname
,
34 char *buffer
, ssize_t buflen
)
36 char *end
= buffer
+ buflen
;
42 n
= pathname
->ncomponents
;
44 const struct nfs4_string
*component
= &pathname
->components
[n
];
45 buflen
-= component
->len
+ 1;
48 end
-= component
->len
;
49 memcpy(end
, component
->data
, component
->len
);
54 return ERR_PTR(-ENAMETOOLONG
);
58 * return the path component of "<server>:<path>"
59 * nfspath - the "<server>:<path>" string
60 * end - one past the last char that could contain "<server>:"
61 * returns NULL on failure
63 static char *nfs_path_component(const char *nfspath
, const char *end
)
67 if (*nfspath
== '[') {
68 /* parse [] escaped IPv6 addrs */
69 p
= strchr(nfspath
, ']');
70 if (p
!= NULL
&& ++p
< end
&& *p
== ':')
73 /* otherwise split on first colon */
74 p
= strchr(nfspath
, ':');
75 if (p
!= NULL
&& p
< end
)
82 * Determine the mount path as a string
84 static char *nfs4_path(struct dentry
*dentry
, char *buffer
, ssize_t buflen
)
87 char *path
= nfs_path(&limit
, dentry
, buffer
, buflen
,
90 char *path_component
= nfs_path_component(path
, limit
);
92 return path_component
;
98 * Check that fs_locations::fs_root [RFC3530 6.3] is a prefix for what we
99 * believe to be the server path to this dentry
101 static int nfs4_validate_fspath(struct dentry
*dentry
,
102 const struct nfs4_fs_locations
*locations
,
103 char *page
, char *page2
)
105 const char *path
, *fs_path
;
107 path
= nfs4_path(dentry
, page
, PAGE_SIZE
);
109 return PTR_ERR(path
);
111 fs_path
= nfs4_pathname_string(&locations
->fs_path
, page2
, PAGE_SIZE
);
113 return PTR_ERR(fs_path
);
115 if (strncmp(path
, fs_path
, strlen(fs_path
)) != 0) {
116 dprintk("%s: path %s does not begin with fsroot %s\n",
117 __func__
, path
, fs_path
);
124 static size_t nfs_parse_server_name(char *string
, size_t len
,
125 struct sockaddr
*sa
, size_t salen
, struct net
*net
)
129 ret
= rpc_pton(net
, string
, len
, sa
, salen
);
131 ret
= nfs_dns_resolve_name(net
, string
, len
, sa
, salen
);
139 * nfs_find_best_sec - Find a security mechanism supported locally
140 * @server: NFS server struct
141 * @flavors: List of security tuples returned by SECINFO procedure
143 * Return an rpc client that uses the first security mechanism in
144 * "flavors" that is locally supported. The "flavors" array
145 * is searched in the order returned from the server, per RFC 3530
146 * recommendation and each flavor is checked for membership in the
147 * sec= mount option list if it exists.
149 * Return -EPERM if no matching flavor is found in the array.
151 * Please call rpc_shutdown_client() when you are done with this rpc client.
154 static struct rpc_clnt
*nfs_find_best_sec(struct rpc_clnt
*clnt
,
155 struct nfs_server
*server
,
156 struct nfs4_secinfo_flavors
*flavors
)
158 rpc_authflavor_t pflavor
;
159 struct nfs4_secinfo4
*secinfo
;
162 for (i
= 0; i
< flavors
->num_flavors
; i
++) {
163 secinfo
= &flavors
->flavors
[i
];
165 switch (secinfo
->flavor
) {
169 pflavor
= rpcauth_get_pseudoflavor(secinfo
->flavor
,
170 &secinfo
->flavor_info
);
171 /* does the pseudoflavor match a sec= mount opt? */
172 if (pflavor
!= RPC_AUTH_MAXFLAVOR
&&
173 nfs_auth_info_match(&server
->auth_info
, pflavor
)) {
174 struct rpc_clnt
*new;
175 struct rpc_cred
*cred
;
177 /* Cloning creates an rpc_auth for the flavor */
178 new = rpc_clone_client_set_auth(clnt
, pflavor
);
182 * Check that the user actually can use the
183 * flavor. This is mostly for RPC_AUTH_GSS
184 * where cr_init obtains a gss context
186 cred
= rpcauth_lookupcred(new->cl_auth
, 0);
188 rpc_shutdown_client(new);
196 return ERR_PTR(-EPERM
);
200 * nfs4_negotiate_security - in response to an NFS4ERR_WRONGSEC on lookup,
201 * return an rpc_clnt that uses the best available security flavor with
202 * respect to the secinfo flavor list and the sec= mount options.
204 * @clnt: RPC client to clone
205 * @inode: directory inode
208 * Please call rpc_shutdown_client() when you are done with this rpc client.
211 nfs4_negotiate_security(struct rpc_clnt
*clnt
, struct inode
*inode
,
212 const struct qstr
*name
)
215 struct nfs4_secinfo_flavors
*flavors
;
216 struct rpc_clnt
*new;
219 page
= alloc_page(GFP_KERNEL
);
221 return ERR_PTR(-ENOMEM
);
223 flavors
= page_address(page
);
225 err
= nfs4_proc_secinfo(inode
, name
, flavors
);
231 new = nfs_find_best_sec(clnt
, NFS_SERVER(inode
), flavors
);
238 static struct vfsmount
*try_location(struct nfs_clone_mount
*mountdata
,
239 char *page
, char *page2
,
240 const struct nfs4_fs_location
*location
)
242 const size_t addr_bufsize
= sizeof(struct sockaddr_storage
);
243 struct net
*net
= rpc_net_ns(NFS_SB(mountdata
->sb
)->client
);
244 struct vfsmount
*mnt
= ERR_PTR(-ENOENT
);
246 unsigned int maxbuflen
;
249 mnt_path
= nfs4_pathname_string(&location
->rootpath
, page2
, PAGE_SIZE
);
250 if (IS_ERR(mnt_path
))
251 return ERR_CAST(mnt_path
);
252 mountdata
->mnt_path
= mnt_path
;
253 maxbuflen
= mnt_path
- 1 - page2
;
255 mountdata
->addr
= kmalloc(addr_bufsize
, GFP_KERNEL
);
256 if (mountdata
->addr
== NULL
)
257 return ERR_PTR(-ENOMEM
);
259 for (s
= 0; s
< location
->nservers
; s
++) {
260 const struct nfs4_string
*buf
= &location
->servers
[s
];
262 if (buf
->len
<= 0 || buf
->len
>= maxbuflen
)
265 if (memchr(buf
->data
, IPV6_SCOPE_DELIMITER
, buf
->len
))
268 mountdata
->addrlen
= nfs_parse_server_name(buf
->data
, buf
->len
,
269 mountdata
->addr
, addr_bufsize
, net
);
270 if (mountdata
->addrlen
== 0)
273 rpc_set_port(mountdata
->addr
, NFS_PORT
);
275 memcpy(page2
, buf
->data
, buf
->len
);
276 page2
[buf
->len
] = '\0';
277 mountdata
->hostname
= page2
;
279 snprintf(page
, PAGE_SIZE
, "%s:%s",
281 mountdata
->mnt_path
);
283 mnt
= vfs_submount(mountdata
->dentry
, &nfs4_referral_fs_type
, page
, mountdata
);
287 kfree(mountdata
->addr
);
292 * nfs_follow_referral - set up mountpoint when hitting a referral on moved error
293 * @dentry - parent directory
294 * @locations - array of NFSv4 server location information
297 static struct vfsmount
*nfs_follow_referral(struct dentry
*dentry
,
298 const struct nfs4_fs_locations
*locations
)
300 struct vfsmount
*mnt
= ERR_PTR(-ENOENT
);
301 struct nfs_clone_mount mountdata
= {
304 .authflavor
= NFS_SB(dentry
->d_sb
)->client
->cl_auth
->au_flavor
,
306 char *page
= NULL
, *page2
= NULL
;
309 if (locations
== NULL
|| locations
->nlocations
<= 0)
312 dprintk("%s: referral at %pd2\n", __func__
, dentry
);
314 page
= (char *) __get_free_page(GFP_USER
);
318 page2
= (char *) __get_free_page(GFP_USER
);
322 /* Ensure fs path is a prefix of current dentry path */
323 error
= nfs4_validate_fspath(dentry
, locations
, page
, page2
);
325 mnt
= ERR_PTR(error
);
329 for (loc
= 0; loc
< locations
->nlocations
; loc
++) {
330 const struct nfs4_fs_location
*location
= &locations
->locations
[loc
];
332 if (location
== NULL
|| location
->nservers
<= 0 ||
333 location
->rootpath
.ncomponents
== 0)
336 mnt
= try_location(&mountdata
, page
, page2
, location
);
342 free_page((unsigned long) page
);
343 free_page((unsigned long) page2
);
348 * nfs_do_refmount - handle crossing a referral on server
349 * @dentry - dentry of referral
352 static struct vfsmount
*nfs_do_refmount(struct rpc_clnt
*client
, struct dentry
*dentry
)
354 struct vfsmount
*mnt
= ERR_PTR(-ENOMEM
);
355 struct dentry
*parent
;
356 struct nfs4_fs_locations
*fs_locations
= NULL
;
360 /* BUG_ON(IS_ROOT(dentry)); */
361 page
= alloc_page(GFP_KERNEL
);
365 fs_locations
= kmalloc(sizeof(struct nfs4_fs_locations
), GFP_KERNEL
);
366 if (fs_locations
== NULL
)
370 mnt
= ERR_PTR(-ENOENT
);
372 parent
= dget_parent(dentry
);
373 dprintk("%s: getting locations for %pd2\n",
376 err
= nfs4_proc_fs_locations(client
, d_inode(parent
), &dentry
->d_name
, fs_locations
, page
);
379 fs_locations
->nlocations
<= 0 ||
380 fs_locations
->fs_path
.ncomponents
<= 0)
383 mnt
= nfs_follow_referral(dentry
, fs_locations
);
390 struct vfsmount
*nfs4_submount(struct nfs_server
*server
, struct dentry
*dentry
,
391 struct nfs_fh
*fh
, struct nfs_fattr
*fattr
)
393 rpc_authflavor_t flavor
= server
->client
->cl_auth
->au_flavor
;
394 struct dentry
*parent
= dget_parent(dentry
);
395 struct inode
*dir
= d_inode(parent
);
396 const struct qstr
*name
= &dentry
->d_name
;
397 struct rpc_clnt
*client
;
398 struct vfsmount
*mnt
;
400 /* Look it up again to get its attributes and sec flavor */
401 client
= nfs4_proc_lookup_mountpoint(dir
, name
, fh
, fattr
);
404 return ERR_CAST(client
);
406 if (fattr
->valid
& NFS_ATTR_FATTR_V4_REFERRAL
) {
407 mnt
= nfs_do_refmount(client
, dentry
);
411 if (client
->cl_auth
->au_flavor
!= flavor
)
412 flavor
= client
->cl_auth
->au_flavor
;
413 mnt
= nfs_do_submount(dentry
, fh
, fattr
, flavor
);
415 rpc_shutdown_client(client
);
420 * Try one location from the fs_locations array.
422 * Returns zero on success, or a negative errno value.
424 static int nfs4_try_replacing_one_location(struct nfs_server
*server
,
425 char *page
, char *page2
,
426 const struct nfs4_fs_location
*location
)
428 const size_t addr_bufsize
= sizeof(struct sockaddr_storage
);
429 struct net
*net
= rpc_net_ns(server
->client
);
430 struct sockaddr
*sap
;
435 sap
= kmalloc(addr_bufsize
, GFP_KERNEL
);
440 for (s
= 0; s
< location
->nservers
; s
++) {
441 const struct nfs4_string
*buf
= &location
->servers
[s
];
444 if (buf
->len
<= 0 || buf
->len
> PAGE_SIZE
)
447 if (memchr(buf
->data
, IPV6_SCOPE_DELIMITER
, buf
->len
) != NULL
)
450 salen
= nfs_parse_server_name(buf
->data
, buf
->len
,
451 sap
, addr_bufsize
, net
);
454 rpc_set_port(sap
, NFS_PORT
);
457 hostname
= kstrndup(buf
->data
, buf
->len
, GFP_KERNEL
);
458 if (hostname
== NULL
)
461 error
= nfs4_update_server(server
, hostname
, sap
, salen
, net
);
472 * nfs4_replace_transport - set up transport to destination server
474 * @server: export being migrated
475 * @locations: fs_locations array
477 * Returns zero on success, or a negative errno value.
479 * The client tries all the entries in the "locations" array, in the
480 * order returned by the server, until one works or the end of the
483 int nfs4_replace_transport(struct nfs_server
*server
,
484 const struct nfs4_fs_locations
*locations
)
486 char *page
= NULL
, *page2
= NULL
;
490 if (locations
== NULL
|| locations
->nlocations
<= 0)
494 page
= (char *) __get_free_page(GFP_USER
);
497 page2
= (char *) __get_free_page(GFP_USER
);
501 for (loc
= 0; loc
< locations
->nlocations
; loc
++) {
502 const struct nfs4_fs_location
*location
=
503 &locations
->locations
[loc
];
505 if (location
== NULL
|| location
->nservers
<= 0 ||
506 location
->rootpath
.ncomponents
== 0)
509 error
= nfs4_try_replacing_one_location(server
, page
,
516 free_page((unsigned long)page
);
517 free_page((unsigned long)page2
);