static uint64_t
allocids(int flag, int nuids, int ngids)
{
rval_t r;
uid_t su = 0;
gid_t sg = 0;
struct door_info di;
door_handle_t dh;
int err;
zone_t *zone = crgetzone(CRED());
dh = idmap_get_door(zone);
if (dh == NULL)
return (set_errno(EPERM));
if ((err = door_ki_info(dh, &di)) != 0) {
door_ki_rele(dh);
return (set_errno(err));
}
door_ki_rele(dh);
if (curproc->p_pid != di.di_target)
return (set_errno(EPERM));
if (flag)
idmap_purge_cache(zone);
if (nuids < 0 || ngids < 0)
return (set_errno(EINVAL));
if (flag != 0 || nuids > 0)
err = eph_uid_alloc(zone, flag, &su, nuids);
if (err == 0 && (flag != 0 || ngids > 0))
err = eph_gid_alloc(zone, flag, &sg, ngids);
if (err != 0)
return (set_errno(EOVERFLOW));
r.r_val1 = su;
r.r_val2 = sg;
return (r.r_vals);
}
/*
* Register the klpd.
* If the pid_t passed in is positive, update the registration for
* the specific process; that is only possible if the process already
* has a registration on it. This change of registration will affect
* all processes which share common ancestry.
*
* MY_PID (pid 0) can be used to create or change the context for
* the current process, typically done after fork().
*
* A negative value can be used to register a klpd globally.
*
* The per-credential klpd needs to be cleaned up when entering
* a zone or unsetting the flag.
*/
int
klpd_reg(int did, idtype_t type, id_t id, priv_set_t *psetbuf)
{
cred_t *cr = CRED();
door_handle_t dh;
klpd_reg_t *kpd;
priv_set_t pset;
door_info_t di;
credklpd_t *ckp = NULL;
pid_t pid = -1;
projid_t proj = -1;
kproject_t *kpp = NULL;
if (CR_FLAGS(cr) & PRIV_XPOLICY)
return (set_errno(EINVAL));
if (copyin(psetbuf, &pset, sizeof (priv_set_t)))
return (set_errno(EFAULT));
if (!priv_issubset(&pset, &CR_OEPRIV(cr)))
return (set_errno(EPERM));
switch (type) {
case P_PID:
pid = (pid_t)id;
if (pid == P_MYPID)
pid = curproc->p_pid;
if (pid == curproc->p_pid)
ckp = crklpd_alloc();
break;
case P_PROJID:
proj = (projid_t)id;
kpp = project_hold_by_id(proj, crgetzone(cr),
PROJECT_HOLD_FIND);
if (kpp == NULL)
return (set_errno(ESRCH));
break;
default:
return (set_errno(ENOTSUP));
}
/*
* Verify the door passed in; it must be a door and we won't
* allow processes to be called on their own behalf.
*/
dh = door_ki_lookup(did);
if (dh == NULL || door_ki_info(dh, &di) != 0) {
if (ckp != NULL)
crklpd_rele(ckp);
if (kpp != NULL)
project_rele(kpp);
return (set_errno(EBADF));
}
if (type == P_PID && pid == di.di_target) {
if (ckp != NULL)
crklpd_rele(ckp);
ASSERT(kpp == NULL);
return (set_errno(EINVAL));
}
kpd = kmem_zalloc(sizeof (*kpd), KM_SLEEP);
crhold(kpd->klpd_cred = cr);
kpd->klpd_door = dh;
kpd->klpd_door_pid = di.di_target;
kpd->klpd_ref = 1;
kpd->klpd_pset = pset;
if (kpp != NULL) {
mutex_enter(&klpd_mutex);
kpd = klpd_link(kpd, &kpp->kpj_klpd, B_TRUE);
mutex_exit(&klpd_mutex);
if (kpd != NULL)
klpd_rele(kpd);
project_rele(kpp);
} else if ((int)pid < 0) {
/* Global daemon */
mutex_enter(&klpd_mutex);
(void) klpd_link(kpd, &klpd_list, B_FALSE);
mutex_exit(&klpd_mutex);
} else if (pid == curproc->p_pid) {
proc_t *p = curproc;
cred_t *newcr = cralloc();
/* No need to lock, sole reference to ckp */
kpd = klpd_link(kpd, &ckp->crkl_reg, B_TRUE);
if (kpd != NULL)
klpd_rele(kpd);
mutex_enter(&p->p_crlock);
cr = p->p_cred;
crdup_to(cr, newcr);
crsetcrklpd(newcr, ckp);
p->p_cred = newcr; /* Already held for p_cred */
crhold(newcr); /* Hold once for the current thread */
mutex_exit(&p->p_crlock);
crfree(cr); /* One for the p_cred */
crset(p, newcr);
} else {
proc_t *p;
cred_t *pcr;
mutex_enter(&pidlock);
p = prfind(pid);
if (p == NULL || !prochasprocperm(p, curproc, CRED())) {
mutex_exit(&pidlock);
klpd_rele(kpd);
return (set_errno(p == NULL ? ESRCH : EPERM));
}
mutex_enter(&p->p_crlock);
crhold(pcr = p->p_cred);
mutex_exit(&pidlock);
mutex_exit(&p->p_crlock);
/*
* We're going to update the credential's ckp in place;
* this requires that it exists.
*/
ckp = crgetcrklpd(pcr);
if (ckp == NULL) {
crfree(pcr);
klpd_rele(kpd);
return (set_errno(EINVAL));
}
crklpd_setreg(ckp, kpd);
crfree(pcr);
}
return (0);
}
/*
* nfscmd_send(arg, result)
*
* Send a command to the daemon listening on the door. The result is
* returned in the result pointer if the function return value is
* NFSCMD_ERR_SUCCESS. Otherwise it is the error value.
*/
int
nfscmd_send(nfscmd_arg_t *arg, nfscmd_res_t *res)
{
door_handle_t dh;
door_arg_t da;
door_info_t di;
int ntries = 0;
int last = 0;
retry:
mutex_enter(&nfscmd_lock);
dh = nfscmd_dh;
if (dh != NULL)
door_ki_hold(dh);
mutex_exit(&nfscmd_lock);
if (dh == NULL) {
/*
* The rendezvous point has not been established yet !
* This could mean that either mountd(1m) has not yet
* been started or that _this_ routine nuked the door
* handle after receiving an EINTR for a REVOKED door.
*
* Returning NFSAUTH_DROP will cause the NFS client
* to retransmit the request, so let's try to be more
* rescillient and attempt for ntries before we bail.
*/
if (++ntries % NFSCMD_DR_TRYCNT) {
delay(hz);
goto retry;
}
return (NFSCMD_ERR_DROP);
}
da.data_ptr = (char *)arg;
da.data_size = sizeof (nfscmd_arg_t);
da.desc_ptr = NULL;
da.desc_num = 0;
da.rbuf = (char *)res;
da.rsize = sizeof (nfscmd_res_t);
switch (door_ki_upcall(dh, &da)) {
case 0:
/* Success */
break;
case EAGAIN:
/* Need to retry a couple of times */
door_ki_rele(dh);
delay(hz);
goto retry;
/* NOTREACHED */
case EINTR:
if (!door_ki_info(dh, &di)) {
if (di.di_attributes & DOOR_REVOKED) {
/*
* The server barfed and revoked
* the (existing) door on us; we
* want to wait to give smf(5) a
* chance to restart mountd(1m)
* and establish a new door handle.
*/
mutex_enter(&nfscmd_lock);
if (dh == nfscmd_dh)
nfscmd_dh = NULL;
mutex_exit(&nfscmd_lock);
door_ki_rele(dh);
delay(hz);
goto retry;
}
/*
* If the door was _not_ revoked on us,
* then more than likely we took an INTR,
* so we need to fail the operation.
*/
door_ki_rele(dh);
}
/*
* The only failure that can occur from getting
* the door info is EINVAL, so we let the code
* below handle it.
*/
/* FALLTHROUGH */
case EBADF:
case EINVAL:
default:
/*
* If we have a stale door handle, give smf a last
* chance to start it by sleeping for a little bit.
* If we're still hosed, we'll fail the call.
*
* Since we're going to reacquire the door handle
* upon the retry, we opt to sleep for a bit and
* _not_ to clear mountd_dh. If mountd restarted
* and was able to set mountd_dh, we should see
* the new instance; if not, we won't get caught
* up in the retry/DELAY loop.
*/
door_ki_rele(dh);
if (!last) {
delay(hz);
last++;
goto retry;
}
res->error = NFSCMD_ERR_FAIL;
break;
}
return (res->error);
}
/*
* Callup to the mountd to get access information in the kernel.
*/
static bool_t
nfsauth_retrieve(struct exportinfo *exi, char *req_netid, int flavor,
struct netbuf *addr, int *access, uid_t clnt_uid, gid_t clnt_gid,
uint_t clnt_gids_cnt, const gid_t *clnt_gids, uid_t *srv_uid,
gid_t *srv_gid, uint_t *srv_gids_cnt, gid_t **srv_gids)
{
varg_t varg = {0};
nfsauth_res_t res = {0};
XDR xdrs;
size_t absz;
caddr_t abuf;
int last = 0;
door_arg_t da;
door_info_t di;
door_handle_t dh;
uint_t ntries = 0;
/*
* No entry in the cache for this client/flavor
* so we need to call the nfsauth service in the
* mount daemon.
*/
varg.vers = V_PROTO;
varg.arg_u.arg.cmd = NFSAUTH_ACCESS;
varg.arg_u.arg.areq.req_client.n_len = addr->len;
varg.arg_u.arg.areq.req_client.n_bytes = addr->buf;
varg.arg_u.arg.areq.req_netid = req_netid;
varg.arg_u.arg.areq.req_path = exi->exi_export.ex_path;
varg.arg_u.arg.areq.req_flavor = flavor;
varg.arg_u.arg.areq.req_clnt_uid = clnt_uid;
varg.arg_u.arg.areq.req_clnt_gid = clnt_gid;
varg.arg_u.arg.areq.req_clnt_gids.len = clnt_gids_cnt;
varg.arg_u.arg.areq.req_clnt_gids.val = (gid_t *)clnt_gids;
DTRACE_PROBE1(nfsserv__func__nfsauth__varg, varg_t *, &varg);
/*
* Setup the XDR stream for encoding the arguments. Notice that
* in addition to the args having variable fields (req_netid and
* req_path), the argument data structure is itself versioned,
* so we need to make sure we can size the arguments buffer
* appropriately to encode all the args. If we can't get sizing
* info _or_ properly encode the arguments, there's really no
* point in continuting, so we fail the request.
*/
if ((absz = xdr_sizeof(xdr_varg, &varg)) == 0) {
*access = NFSAUTH_DENIED;
return (FALSE);
}
abuf = (caddr_t)kmem_alloc(absz, KM_SLEEP);
xdrmem_create(&xdrs, abuf, absz, XDR_ENCODE);
if (!xdr_varg(&xdrs, &varg)) {
XDR_DESTROY(&xdrs);
goto fail;
}
XDR_DESTROY(&xdrs);
/*
* Prepare the door arguments
*
* We don't know the size of the message the daemon
* will pass back to us. By setting rbuf to NULL,
* we force the door code to allocate a buf of the
* appropriate size. We must set rsize > 0, however,
* else the door code acts as if no response was
* expected and doesn't pass the data to us.
*/
da.data_ptr = (char *)abuf;
da.data_size = absz;
da.desc_ptr = NULL;
da.desc_num = 0;
da.rbuf = NULL;
da.rsize = 1;
retry:
mutex_enter(&mountd_lock);
dh = mountd_dh;
if (dh != NULL)
door_ki_hold(dh);
mutex_exit(&mountd_lock);
if (dh == NULL) {
/*
* The rendezvous point has not been established yet!
* This could mean that either mountd(1m) has not yet
* been started or that _this_ routine nuked the door
* handle after receiving an EINTR for a REVOKED door.
*
* Returning NFSAUTH_DROP will cause the NFS client
* to retransmit the request, so let's try to be more
* rescillient and attempt for ntries before we bail.
*/
if (++ntries % NFSAUTH_DR_TRYCNT) {
delay(hz);
goto retry;
}
kmem_free(abuf, absz);
sys_log("nfsauth: mountd has not established door");
*access = NFSAUTH_DROP;
return (FALSE);
}
ntries = 0;
/*
* Now that we've got what we need, place the call.
*/
switch (door_ki_upcall_limited(dh, &da, NULL, SIZE_MAX, 0)) {
case 0: /* Success */
door_ki_rele(dh);
if (da.data_ptr == NULL && da.data_size == 0) {
/*
* The door_return that contained the data
* failed! We're here because of the 2nd
* door_return (w/o data) such that we can
* get control of the thread (and exit
* gracefully).
*/
DTRACE_PROBE1(nfsserv__func__nfsauth__door__nil,
door_arg_t *, &da);
goto fail;
}
break;
case EAGAIN:
/*
* Server out of resources; back off for a bit
*/
door_ki_rele(dh);
delay(hz);
goto retry;
/* NOTREACHED */
case EINTR:
if (!door_ki_info(dh, &di)) {
door_ki_rele(dh);
if (di.di_attributes & DOOR_REVOKED) {
/*
* The server barfed and revoked
* the (existing) door on us; we
* want to wait to give smf(5) a
* chance to restart mountd(1m)
* and establish a new door handle.
*/
mutex_enter(&mountd_lock);
if (dh == mountd_dh) {
door_ki_rele(mountd_dh);
mountd_dh = NULL;
}
mutex_exit(&mountd_lock);
delay(hz);
goto retry;
}
/*
* If the door was _not_ revoked on us,
* then more than likely we took an INTR,
* so we need to fail the operation.
*/
goto fail;
}
/*
* The only failure that can occur from getting
* the door info is EINVAL, so we let the code
* below handle it.
*/
/* FALLTHROUGH */
case EBADF:
case EINVAL:
default:
/*
* If we have a stale door handle, give smf a last
* chance to start it by sleeping for a little bit.
* If we're still hosed, we'll fail the call.
*
* Since we're going to reacquire the door handle
* upon the retry, we opt to sleep for a bit and
* _not_ to clear mountd_dh. If mountd restarted
* and was able to set mountd_dh, we should see
* the new instance; if not, we won't get caught
* up in the retry/DELAY loop.
*/
door_ki_rele(dh);
if (!last) {
delay(hz);
last++;
goto retry;
}
sys_log("nfsauth: stale mountd door handle");
goto fail;
}
