| blob | 7b562da83582573a7f197683842f627131c93e47 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 /*
27 * NFS Version 4 client side SECINFO code.
28 */
30 #include <nfs/nfs4_clnt.h>
31 #include <nfs/nfs4.h>
32 #include <nfs/nfs_clnt.h>
33 #include <nfs/rnode4.h>
34 #include <sys/cmn_err.h>
35 #include <sys/cred.h>
36 #include <sys/systm.h>
38 /*
39 * Set up the security flavors supported in this release.
40 * In the order of potential usage.
41 */
48 /* XXX should come from auth.h, do the cleanup someday */
51 /*
52 * "nfsstat -m" needs to print out what flavor is used for a mount
53 * point. V3 kernel gets the nfs pseudo flavor from the userland and provides
54 * nfsstat with such information. However, in V4, we do not have nfs pseudo
55 * flavors mapping in the kernel for the rpcsec_gss data negotiated from
56 * the nfs server.
57 *
58 * XXX
59 * Hard coded the mapping in V4 for now. We should look into a possibility
60 * to return the rpcsec_gss mechanism and service information to nfsstat and
61 * perhaps have nfsstat print out the mech and service seperately...
62 *
63 * We should avoid referring to nfssec.conf file in V4. The original reason
64 * for having /etc/nfssec.conf file is because V3 MOUNT protocol can only
65 * return an integer for a flavor, thus the term "nfs pseudo flavor" is
66 * defined and the nfssec.conf file is used to map the nfs pseudo flavor
67 * to rpcsec_gss data (mech, service, default-qop). Now, V4 can return the
68 * rpcsec_gss data instead of an integer, so in theory, V4 should not need
69 * to depend on the nfssec.conf file anymore.
70 */
71 #define NFS_FLAVOR_KRB5 390003
72 #define NFS_FLAVOR_KRB5I 390004
73 #define NFS_FLAVOR_KRB5P 390005
75 /*
76 * Currently, 6 flavors are supported: sys, krb5, krb5i, krb5p, dh, none.
77 * Without proper keys, krb5* or dh will fail.
78 *
79 * XXX kgss_indicate_mechs() should be able to tell us what gss mechanisms
80 * are supported on this host (/etc/gss/mech), thus nfs should be able to
81 * use them. However, the dh640 and dh1024 implementation are not nfs tested.
82 * Should look into using kgss_indicate_mechs when new gss mechanism is added.
83 */
84 void
86 {
94 KM_SLEEP);
102 /* add krb5, krb5i, krb5p */
108 }
125 }
127 /*
128 * clean up secinfo_support
129 */
130 void
132 {
137 }
139 /*
140 * Map RPCSEC_GSS data to a nfs pseudo flavor number defined
141 * in the nfssec.conf file.
142 *
143 * mechanism service qop nfs-pseudo-flavor
144 * ----------------------------------------------------
145 * kerberos_v5 none default 390003/krb5
146 * kerberos_v5 integrity default 390004/krb5i
147 * kerberos_v5 privacy default 390005/krb5p
148 *
149 * XXX need to re-visit the mapping semantics when a new
150 * security mechanism is to be added.
151 */
152 int
154 {
155 /* Is this kerberos_v5? */
159 }
161 /* for krb5, krb5i, krb5p mapping */
171 }
173 /* no mapping */
175 }
177 /*
178 * secinfo_create() maps the secinfo4 data coming over the wire
179 * to sv_secinfo data structure in servinfo4_t
180 */
183 {
195 /*
196 * If there is no valid sv_dhsec data available but an AUTH_DH
197 * is in the list, skip AUTH_DH flavor.
198 */
202 seccnt--;
203 }
204 }
238 scnt++;
243 scnt++;
245 }
246 /* no auth_dh data on the client, skip auth_dh */
251 scnt++;
253 }
254 }
262 }
264 /*
265 * secinfo_free() frees the malloc'd portion of a sv_secinfo_t in servinfo4_t.
266 *
267 * This is similar to sec_clnt_freeinfo() offered from rpcsec module,
268 * except that sec_clnt_freeinfo() frees up an individual secdata.
269 */
270 void
272 {
283 /*
284 * An auth handle may already cached in rpcsec_gss
285 * module per this secdata. Purge the cache entry
286 * before freeing up this secdata. Can't use
287 * sec_clnt_freeinfo since the allocation of secinfo
288 * is different from sec_data.
289 */
295 }
299 /* release ref to sv_dhsec */
302 /*
303 * No need to purge the auth_dh cache entry (e.g. call
304 * purge_authtab()) since the AUTH_DH data used here
305 * are always the same.
306 */
307 }
308 }
311 }
313 /*
314 * Check if there is more secinfo to try.
315 * If TRUE, try again.
316 */
317 static bool_t
319 {
325 }
340 }
341 }
343 /*
344 * Update the secinfo related fields in svp.
345 *
346 * secinfo_update will free the previous sv_secinfo and update with
347 * the new secinfo. However, if the sv_secinfo is saved into sv_save_secinfo
348 * before the recovery starts via save_mnt_secinfo(), sv_secinfo will not
349 * be freed until the recovery is done.
350 */
351 static void
353 {
357 /*
358 * Create secinfo before freeing the old one to make sure
359 * they are not using the same address.
360 */
366 }
377 }
379 }
381 /*
382 * Save the original mount point security information.
383 *
384 * sv_savesec saves the pointer of sv_currsec which points to one of the
385 * secinfo data in the sv_secinfo list. i.e. sv_currsec == &sv_secinfo[index].
386 *
387 * sv_save_secinfo saves the pointer of sv_secinfo which is the list of
388 * secinfo data returned by the server.
389 */
390 void
392 {
400 }
402 }
404 /*
405 * Check if we need to restore what is saved in sv_savesec and sv_save_secinfo
406 * to be the current secinfo information - sv_currsec and sv_secinfo.
407 *
408 * If op a node that is a stub for a crossed mount point,
409 * keep the original secinfo flavor for the current file system,
410 * not the crossed one.
411 */
412 void
414 {
415 bool_t is_restore;
433 }
438 }
444 }
446 /*
447 * Use the security flavors supported on the client to try
448 * PUTROOTFH until a flavor is found.
449 *
450 * PUTROOTFH could return NFS4ERR_RESOURCE and NFS4ERR_WRONGSEC that
451 * may need a recovery action. This routine only handles NFS4ERR_WRONGSEC.
452 * For other recovery action, it returns ok to the caller for retry.
453 */
454 static int
456 {
457 COMPOUND4args_clnt args;
458 COMPOUND4res_clnt res;
459 nfs_argop4 argop;
464 /* use the flavors supported on the client */
467 /* Compound {Putroofh} */
474 retry:
484 }
490 /*
491 * Have tried all flavors supported on the client,
492 * but still get NFS4ERR_WRONGSEC. Nothing more can
493 * be done.
494 */
496 }
505 }
510 }
512 /*
513 * Done.
514 *
515 * Now, mi->sv_curr_server->sv_currsec points to the flavor found.
516 * SV4_TRYSECINFO has been cleared in rfs4call.
517 * sv_currsec will be used.
518 */
521 }
523 /*
524 * Caculate the total number of components within a given pathname.
525 * Assuming the given pathname is not null.
526 * e.g. returns 5 for "/a/b/c/d/e" or "a/b/c/d/e"
527 * returns 0 for "/"
528 */
529 static int
531 {
538 inpath++;
540 }
542 tnum++;
545 tnum++;
547 }
548 }
551 }
553 /*
554 * Get the pointer of the n-th component in the given path.
555 * Mark the preceeding '/' of the component to be '\0' when done.
556 * Assuming nth is > 0.
557 */
558 static void
560 {
568 /* ignore slashes prior to the component name */
570 path++;
574 count++;
575 }
579 else
581 }
590 comp_start--;
592 }
596 }
597 }
599 /*
600 * SECINFO over the wire compound operation
601 *
602 * compound {PUTROOTFH, {LOOKUP parent-path}, SECINFO component}
603 *
604 * This routine assumes there is a component to work on, thus the
605 * given pathname (svp->sv_path) has to have at least 1 component.
606 *
607 * isrecov - TRUE if this routine is called from a recovery thread.
608 *
609 * nfs4secinfo_otw() only deals with NFS4ERR_WRONGSEC recovery. If this
610 * is already in a recovery thread, then setup the non-wrongsec recovery
611 * action thru nfs4_start_recovery and return to the outer loop in
612 * nfs4_recov_thread() for recovery. If this is not called from a recovery
613 * thread, then error out and let the caller decide what to do.
614 */
615 static int
617 {
618 COMPOUND4args_clnt args;
619 COMPOUND4res_clnt res;
622 lookup4_param_t lookuparg;
623 uint_t path_len;
627 component4 comp;
638 retry:
655 /* setup LOOKUPs for parent path */
660 /* put root fh */
663 /* setup SECINFO op */
685 }
687 /*
688 * Secinfo compound op may fail with NFS4ERR_WRONGSEC from
689 * PUTROOTFH or LOOKUP. Special handling here to recover it.
690 */
694 /*
695 * If a flavor can not be found via trying
696 * all supported flavors on the client, no
697 * more operations.
698 */
708 }
710 }
717 }
719 /*
720 * This routine does not do recovery for non NFS4ERR_WRONGSEC error.
721 * However, if this is already in a recovery thread, then
722 * set up the recovery action thru nfs4_start_recovery and
723 * return ok back to the outer loop in nfs4_recov_thread for
724 * recovery.
725 */
727 bool_t abort;
729 /* If not in a recovery thread, bail out */
734 }
741 }
751 }
756 /*
757 * Return ok to let the outer loop in
758 * nfs4_recov_thread continue with the recovery action.
759 */
761 }
763 }
771 }
773 /*
774 * Success! Now get the SECINFO result.
775 */
781 /*
782 * Server does not return any flavor for this export point.
783 * Return EACCES.
784 */
790 }
797 /*
798 * This could be because the server requires AUTH_DH, but
799 * the client does not have netname/syncaddr data
800 * from sv_dhsec.
801 */
807 }
810 /*
811 * If this is not the original request, try again using the
812 * new secinfo data in mi.
813 */
822 }
824 /* Done! */
831 }
833 /*
834 * Get the security information per mount point.
835 * Use the server pathname to get the secinfo.
836 */
837 int
839 {
844 /*
845 * Get the server pathname that is being mounted on.
846 */
850 /* returns 0 for root, no matter how many leading /'s */
853 /*
854 * If mounting server rootdir, use available secinfo list
855 * on the client. No SECINFO call here since SECINFO op
856 * expects a component name.
857 */
863 }
869 /* no flavors in sv_secinfo work */
871 }
874 /*
875 * Get the secinfo from the server.
876 */
886 }
891 }
897 }
899 }
902 }
904 /*
905 * (secinfo) compound based on a given filehandle and component name.
906 *
907 * i.e. (secinfo) PUTFH (fh), SECINFO nm
908 */
909 int
911 {
912 COMPOUND4args_clnt args;
913 COMPOUND4res_clnt res;
927 /* putfh fh */
931 /* setup SECINFO op */
945 }
947 /*
948 * Success! Now get the SECINFO result.
949 */
954 /*
955 * Server does not return any flavor for this export point.
956 * Return EACCES.
957 */
960 }
968 /*
969 * This could be because the server requires AUTH_DH, but
970 * the client does not have netname/syncaddr data
971 * from sv_dhsec.
972 */
975 }
978 /* Done! */
982 }
984 /*
985 * Making secinfo operation with a given vnode.
986 *
987 * This routine is not used by the recovery thread.
988 * Mainly used in response to NFS4ERR_WRONGSEC from lookup.
989 */
990 int
992 {
996 }
998 /*
999 * Making secinfo operation with a given vnode if this vnode
1000 * has a parent node. If the given vnode is a root node, use
1001 * the pathname from the mntinfor4_t to do the secinfo call.
1002 *
1003 * This routine is mainly used by the recovery thread.
1004 */
1005 int
1007 {
1012 /*
1013 * If there is a parent filehandle, use it to get the secinfo,
1014 * otherwise, use mntinfo4_t pathname to get the secinfo.
1015 */
1022 }
1025 }
1027 /*
1028 * We are here because the client gets NFS4ERR_WRONGSEC.
1029 *
1030 * Get the security information from the server and indicate
1031 * a set of new security information is here to try.
1032 * Start with the server path that's mounted.
1033 */
1034 int
1036 {
1041 /*
1042 * If the client explicitly specifies a preferred flavor to use
1043 * and gets NFS4ERR_WRONGSEC back, there is no need to negotiate
1044 * the flavor.
1045 */
1057 }
1071 /* ??? */
1076 }
1083 }