|
nfs-ganesha 1.4
|
00001 /* 00002 * 00003 * 00004 * Copyright CEA/DAM/DIF (2008) 00005 * contributeur : Philippe DENIEL philippe.deniel@cea.fr 00006 * Thomas LEIBOVICI thomas.leibovici@cea.fr 00007 * 00008 * 00009 * This program is free software; you can redistribute it and/or 00010 * modify it under the terms of the GNU Lesser General Public 00011 * License as published by the Free Software Foundation; either 00012 * version 3 of the License, or (at your option) any later version. 00013 * 00014 * This program is distributed in the hope that it will be useful, 00015 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00016 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00017 * Lesser General Public License for more details. 00018 * 00019 * You should have received a copy of the GNU Lesser General Public 00020 * License along with this library; if not, write to the Free Software 00021 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 00022 * 02110-1301 USA 00023 * 00024 * --------------------------------------- 00025 */ 00026 00038 #ifndef _NFS_EXPORTS_H 00039 #define _NFS_EXPORTS_H 00040 00041 #include <pthread.h> 00042 #include <sys/types.h> 00043 #include <sys/param.h> 00044 00045 #include "ganesha_rpc.h" 00046 #ifdef _HAVE_GSSAPI 00047 #include <gssapi/gssapi.h> 00048 #include <gssapi/gssapi_krb5.h> 00049 #endif 00050 #include <dirent.h> /* for having MAXNAMLEN */ 00051 #include <netdb.h> /* for having MAXHOSTNAMELEN */ 00052 #include "HashData.h" 00053 #include "HashTable.h" 00054 #include "nfs23.h" 00055 #include "nfs4.h" 00056 #include "mount.h" 00057 #include "nfs_stat.h" 00058 #include "cache_inode.h" 00059 #include "nfs_ip_stats.h" 00060 #include "nlm_list.h" 00061 00062 /* 00063 * Export List structure 00064 */ 00065 #define EXPORT_KEY_SIZE 8 00066 #define ANON_UID -2 00067 #define ANON_GID -2 00068 00069 #define EXPORT_LINESIZE 1024 00070 #define INPUT_SIZE 1024 00071 00072 typedef struct exportlist_client_hostif__ 00073 { 00074 unsigned int clientaddr; 00075 struct in6_addr clientaddr6; 00076 } exportlist_client_hostif_t; 00077 00078 typedef struct exportlist_client_net__ 00079 { 00080 unsigned int netaddr; 00081 unsigned int netmask; 00082 } exportlist_client_net_t; 00083 00084 typedef struct exportlist_client_netgrp__ 00085 { 00086 char netgroupname[MAXHOSTNAMELEN]; 00087 } exportlist_client_netgrp_t; 00088 00089 typedef struct exportlist_client_wildcard_host__ 00090 { 00091 char wildcard[MAXHOSTNAMELEN]; 00092 } exportlist_client_wildcard_host_t; 00093 00094 #define GSS_DEFINE_LEN_TEMP 255 00095 typedef struct exportlist_client_gss__ 00096 { 00097 char princname[GSS_DEFINE_LEN_TEMP]; 00098 } exportlist_client_gss_t; 00099 00100 typedef enum exportlist_access_type__ 00101 { 00102 ACCESSTYPE_RW = 1, /* All operations are allowed */ 00103 ACCESSTYPE_RO = 2, /* Filesystem is readonly (nfs_read allowed) */ 00104 ACCESSTYPE_MDONLY = 3, /* Data operations are forbidden */ 00105 ACCESSTYPE_MDONLY_RO = 4 /* Data operations are forbidden, 00106 and the filesystem is read-only. */ 00107 } exportlist_access_type_t; 00108 00109 typedef enum exportlist_client_type__ 00110 { 00111 HOSTIF_CLIENT = 1, 00112 NETWORK_CLIENT = 2, 00113 NETGROUP_CLIENT = 3, 00114 WILDCARDHOST_CLIENT = 4, 00115 GSSPRINCIPAL_CLIENT = 5, 00116 HOSTIF_CLIENT_V6 = 6, 00117 BAD_CLIENT = 7 00118 } exportlist_client_type_t; 00119 00120 typedef enum exportlist_status__ 00121 { EXPORTLIST_OK = 1, 00122 EXPORTLIST_UNAVAILABLE = 2 00123 } exportlist_status_t; 00124 00125 typedef union exportlist_client_union__ 00126 { 00127 exportlist_client_hostif_t hostif; 00128 exportlist_client_net_t network; 00129 exportlist_client_netgrp_t netgroup; 00130 exportlist_client_wildcard_host_t wildcard; 00131 exportlist_client_gss_t gssprinc; 00132 } exportlist_client_union_t; 00133 00134 typedef struct exportlist_client_entry__ 00135 { 00136 exportlist_client_type_t type; 00137 exportlist_client_union_t client; 00138 unsigned int options; /* avail. mnt options */ 00139 } exportlist_client_entry_t; 00140 00141 #define EXPORTS_NB_MAX_CLIENTS 128 00142 00143 typedef struct exportlist_client__ 00144 { 00145 unsigned int num_clients; /* num clients */ 00146 exportlist_client_entry_t clientarray[EXPORTS_NB_MAX_CLIENTS]; /* allowed clients */ 00147 } exportlist_client_t; 00148 00149 /* fsal up filter list is needed in exportlist. 00150 * Inluding fsal_up.h would cause header file issues however. */ 00151 #ifdef _USE_FSAL_UP 00152 struct fsal_up_filter_list_t_; 00153 #endif 00154 00155 typedef struct exportlist__ 00156 { 00157 unsigned short id; /* entry identifier */ 00158 exportlist_status_t status; /* entry's status */ 00159 char dirname[MAXNAMLEN]; /* path relative to fs root */ 00160 char fullpath[MAXPATHLEN]; /* the path from the root */ 00161 char fsname[MAXNAMLEN]; /* File system name, MAXNAMLEN is used for wanting of a better constant */ 00162 char pseudopath[MAXPATHLEN]; /* nfsv4 pseudo-filesystem 'virtual' path */ 00163 char referral[MAXPATHLEN]; /* String describing NFSv4 referral */ 00164 00165 char FS_specific[MAXPATHLEN]; /* filesystem specific option string */ 00166 char FS_tag[MAXPATHLEN]; /* filesystem "tag" string */ 00167 fsal_export_context_t FS_export_context; /* the export context associated with this export entry */ 00168 00169 exportlist_access_type_t access_type; /* allowed operations for this export. Used by the older Access 00170 * list Access_Type export permissions scheme as well as the newer 00171 * R_Access, RW_Access, MDONLY_Access, MDONLY_R_Access lists.*/ 00172 bool_t new_access_list_version; /* the new access list version (TRUE) is teh *_Access lists. 00173 * The old (FALSE) is Access and Access_Type. */ 00174 00175 fsal_fsid_t filesystem_id; /* fileset id */ 00176 fsal_handle_t *proot_handle; /* FSAL handle for the root of the file system */ 00177 00178 uid_t anonymous_uid; /* root uid when no root access is available */ 00179 /* uid when access is available but all users are being squashed. */ 00180 gid_t anonymous_gid; /* root gid when no root access is available */ 00181 /* gid when access is available but all users are being squashed. */ 00182 bool_t all_anonymous; /* When set to true, all users including root will be given the anon uid/gid */ 00183 unsigned int options; /* avail. mnt options */ 00184 00185 unsigned char seckey[EXPORT_KEY_SIZE]; /* Checksum for FH validity */ 00186 00187 bool_t use_ganesha_write_buffer; 00188 bool_t use_commit; 00189 00190 fsal_size_t MaxRead; /* Max Read for this entry */ 00191 fsal_size_t MaxWrite; /* Max Write for this entry */ 00192 fsal_size_t PrefRead; /* Preferred Read size */ 00193 fsal_size_t PrefWrite; /* Preferred Write size */ 00194 fsal_size_t PrefReaddir; /* Preferred Readdir size */ 00195 fsal_off_t MaxOffsetWrite; /* Maximum Offset allowed for write */ 00196 fsal_off_t MaxOffsetRead; /* Maximum Offset allowed for read */ 00197 fsal_off_t MaxCacheSize; /* Maximum Cache Size allowed */ 00198 unsigned int UseCookieVerifier; /* Is Cookie verifier to be used ? */ 00199 exportlist_client_t clients; /* allowed clients */ 00200 struct exportlist__ *next; /* next entry */ 00201 unsigned int fsalid ; 00202 00203 pthread_mutex_t exp_state_mutex; /* Mutex to protect the following two lists */ 00204 struct glist_head exp_state_list; /* List of NFS v4 state belonging to this export */ 00205 #ifdef _USE_NLM 00206 struct glist_head exp_lock_list; /* List of locks belonging to this export 00207 * Only need this list if NLM, otherwise 00208 * state list is sufficient 00209 */ 00210 #endif 00211 00212 #ifdef _USE_FSAL_UP 00213 bool_t use_fsal_up; 00214 char fsal_up_type[MAXPATHLEN]; 00215 fsal_time_t fsal_up_timeout; 00216 pthread_t fsal_up_thr; /* This value may be modified later to point to an FSAL CB thread. */ 00217 struct fsal_up_filter_list_t_ *fsal_up_filter_list; /* List of filters to apply through FSAL CB interface. */ 00218 #endif /* _USE_FSAL_UP */ 00219 00220 nfs_worker_stat_t *worker_stats; /* List of worker stats to support per-share stat. */ 00221 } exportlist_t; 00222 00223 /* Constant for options masks */ 00224 #define EXPORT_OPTION_NOSUID 0x00000001 /* mask off setuid mode bit */ 00225 #define EXPORT_OPTION_NOSGID 0x00000002 /* mask off setgid mode bit */ 00226 #define EXPORT_OPTION_ROOT 0x00000004 /* allow root access as root uid */ 00227 #define EXPORT_OPTION_NETENT 0x00000008 /* client entry is a network entry */ 00228 #define EXPORT_OPTION_READ_ACCESS 0x00000010 /* R_Access= option specified */ 00229 #define EXPORT_OPTION_NETGRP 0x00000020 /* client entry is a netgroup */ 00230 #define EXPORT_OPTION_WILDCARD 0x00000040 /* client entry is wildcarded */ 00231 #define EXPORT_OPTION_GSSPRINC 0x00000080 /* client entry is a GSS principal */ 00232 #define EXPORT_OPTION_PSEUDO 0x00000100 /* pseudopath is provided */ 00233 #define EXPORT_OPTION_MAXREAD 0x00000200 /* Max read is provided */ 00234 #define EXPORT_OPTION_MAXWRITE 0x00000400 /* Max write is provided */ 00235 #define EXPORT_OPTION_PREFREAD 0x00000800 /* Pref read is provided */ 00236 #define EXPORT_OPTION_PREFWRITE 0x00001000 /* Pref write is provided */ 00237 #define EXPORT_OPTION_PREFRDDIR 0x00002000 /* Pref readdir size is provided */ 00238 #define EXPORT_OPTION_PRIVILEGED_PORT 0x00004000 /* clients use only privileged port */ 00239 #define EXPORT_OPTION_USE_DATACACHE 0x00008000 /* Is export entry data cached ? */ 00240 #define EXPORT_OPTION_WRITE_ACCESS 0x00010000 /* RW_Access= option specified */ 00241 #define EXPORT_OPTION_MD_WRITE_ACCESS 0x00020000 /* MDONLY_Access= option specified */ 00242 #define EXPORT_OPTION_MD_READ_ACCESS 0x00040000 /* MDONLY_RO_Access= option specified */ 00243 00244 /* @todo BUGAZOMEU : Mettre au carre les flags des flavors */ 00245 00246 #define EXPORT_OPTION_AUTH_NONE 0x00010000 /* Auth None authentication supported */ 00247 #define EXPORT_OPTION_AUTH_UNIX 0x00020000 /* Auth Unix authentication supported */ 00248 00249 #define EXPORT_OPTION_RPCSEC_GSS_NONE 0x00040000 /* RPCSEC_GSS_NONE supported */ 00250 #define EXPORT_OPTION_RPCSEC_GSS_INTG 0x00080000 /* RPCSEC_GSS INTEGRITY supported */ 00251 #define EXPORT_OPTION_RPCSEC_GSS_PRIV 0x00100000 /* RPCSEC_GSS PRIVACY supported */ 00252 00253 /* protocol flags */ 00254 #define EXPORT_OPTION_NFSV2 0x00200000 /* NFSv2 operations are supported */ 00255 #define EXPORT_OPTION_NFSV3 0x00400000 /* NFSv3 operations are supported */ 00256 #define EXPORT_OPTION_NFSV4 0x00800000 /* NFSv4 operations are supported */ 00257 #define EXPORT_OPTION_UDP 0x01000000 /* UDP protocol is supported */ 00258 #define EXPORT_OPTION_TCP 0x02000000 /* TCP protocol is supported */ 00259 00260 /* Maximum offset set for R/W */ 00261 #define EXPORT_OPTION_MAXOFFSETWRITE 0x04000000 /* Maximum Offset for write is set */ 00262 #define EXPORT_OPTION_MAXOFFSETREAD 0x08000000 /* Maximum Offset for read is set */ 00263 #define EXPORT_OPTION_MAXCACHESIZE 0x10000000 /* Maximum Offset for read is set */ 00264 #define EXPORT_OPTION_USE_PNFS 0x20000000 /* Using pNFS or not using pNFS ? */ 00265 #define EXPORT_OPTION_USE_UQUOTA 0x40000000 /* Using user quota for this export */ 00266 00267 /* nfs_export_check_access() return values */ 00268 #define EXPORT_PERMISSION_GRANTED 0x00000001 00269 #define EXPORT_MDONLY_GRANTED 0x00000002 00270 #define EXPORT_PERMISSION_DENIED 0x00000003 00271 #define EXPORT_WRITE_ATTEMPT_WHEN_RO 0x00000004 00272 #define EXPORT_WRITE_ATTEMPT_WHEN_MDONLY_RO 0x00000005 00273 00274 00275 /* NFS4 specific structures */ 00276 00277 /* 00278 * PseudoFs Tree 00279 */ 00280 typedef struct pseudofs_entry 00281 { 00282 char name[MAXNAMLEN]; 00283 char fullname[MAXPATHLEN]; 00284 unsigned int pseudo_id; 00285 exportlist_t *junction_export; 00286 struct pseudofs_entry *sons; 00287 struct pseudofs_entry *parent; 00288 struct pseudofs_entry *next; 00289 struct pseudofs_entry *last; 00290 } pseudofs_entry_t; 00291 00292 #define MAX_PSEUDO_ENTRY 100 00293 typedef struct pseudofs 00294 { 00295 pseudofs_entry_t root; 00296 unsigned int last_pseudo_id; 00297 pseudofs_entry_t *reverse_tab[MAX_PSEUDO_ENTRY]; 00298 } pseudofs_t; 00299 00300 #define NFS_CLIENT_NAME_LEN 256 00301 typedef struct nfs_client_cred_gss__ 00302 { 00303 unsigned int svc; 00304 unsigned int qop; 00305 unsigned char cname[NFS_CLIENT_NAME_LEN]; 00306 unsigned char stroid[NFS_CLIENT_NAME_LEN]; 00307 #ifdef _HAVE_GSSAPI 00308 gss_ctx_id_t gss_context_id; 00309 #endif 00310 } nfs_client_cred_gss_t; 00311 00312 typedef struct nfs_client_cred__ 00313 { 00314 unsigned int flavor; 00315 unsigned int length; 00316 union 00317 { 00318 struct authunix_parms auth_unix; 00319 nfs_client_cred_gss_t auth_gss; 00320 } auth_union; 00321 } nfs_client_cred_t; 00322 00323 typedef struct nfs_worker_data__ nfs_worker_data_t; 00324 00331 /* Forward references to SAL types */ 00332 typedef struct nfs41_session__ nfs41_session_t; 00333 typedef struct nfs_client_id_t nfs_client_id_t; 00334 typedef struct COMPOUND4res_extended COMPOUND4res_extended; 00335 00342 typedef struct compoud_data 00343 { 00344 nfs_fh4 currentFH; /*< Current filehandle */ 00345 nfs_fh4 rootFH; /*< Root filehandle */ 00346 nfs_fh4 savedFH; /*< Saved filehandle */ 00347 nfs_fh4 publicFH; /*< Public filehandle */ 00348 nfs_fh4 mounted_on_FH; /*< File handle to "mounted on" File System */ 00349 stateid4 current_stateid; /*< Current stateid */ 00350 bool_t current_stateid_valid; /*< Current stateid is valid */ 00351 unsigned int minorversion; /*< NFSv4 minor version */ 00352 cache_entry_t *current_entry; /*< Cache entry for current filehandle */ 00353 cache_entry_t *saved_entry; /*< Cache entry for saved filehandle */ 00354 cache_inode_file_type_t current_filetype; /*< File type of current entry */ 00355 cache_inode_file_type_t saved_filetype; /*< File type of saved entry */ 00356 fsal_op_context_t *pcontext; /*< Credentials related to this 00357 fileset (to handle different uid 00358 mapping) */ 00359 exportlist_t *pexport; /*< Export entry related to the request */ 00360 exportlist_t *pfullexportlist; /*< The whole exportlist */ 00361 pseudofs_t *pseudofs; /*< Pointer to the pseudo filesystem tree */ 00362 char MntPath[MAXPATHLEN]; /*< Path (in pseudofs) of the current entry */ 00363 struct svc_req *reqp; /*< RPC Request related to the compound */ 00364 struct nfs_worker_data__ *pworker; /*< Worker thread data */ 00365 nfs_client_cred_t credential; /*< Raw RPC credentials */ 00366 nfs_client_id_t *preserved_clientid; /*< clientid that has lease 00367 reserved, if any */ 00368 #ifdef _USE_NFS4_1 00369 COMPOUND4res_extended *pcached_res; /*< NFv41: pointer to cached RPC res in 00370 a session's slot */ 00371 bool_t use_drc; /*< Set to TRUE if session DRC is to be used */ 00372 uint32_t oppos; /*< Position of the operation within the request 00373 processed */ 00374 nfs41_session_t *psession; /*< Related session (found by OP_SEQUENCE) */ 00375 #endif /* USE_NFS4_1 */ 00376 } compound_data_t; 00377 00378 /* Export list related functions */ 00379 exportlist_t *nfs_Get_export_by_id(exportlist_t * exportroot, 00380 unsigned short exportid); 00381 int nfs_check_anon(exportlist_client_entry_t * pexport_client, 00382 exportlist_t * pexport, 00383 struct user_cred *user_credentials); 00384 int nfs_build_fsal_context(struct svc_req *ptr_req, 00385 exportlist_t * pexport, 00386 fsal_op_context_t * pcontext, 00387 struct user_cred *user_credentials); 00388 int get_req_uid_gid(struct svc_req *ptr_req, 00389 exportlist_t * pexport, 00390 struct user_cred *user_credentials); 00391 00392 00393 int nfs_compare_clientcred(nfs_client_cred_t * pcred1, nfs_client_cred_t * pcred2); 00394 int nfs_rpc_req2client_cred(struct svc_req *reqp, nfs_client_cred_t * pcred); 00395 00396 int nfs_export_check_access(sockaddr_t *hostaddr, 00397 struct svc_req *ptr_req, 00398 exportlist_t * pexport, 00399 unsigned int nfs_prog, 00400 unsigned int mnt_prog, 00401 hash_table_t * ht_ip_stats, 00402 pool_t *ip_stats_pool, 00403 exportlist_client_entry_t * pclient_found, 00404 struct user_cred *user_credentials, 00405 bool_t proc_makes_write); 00406 00407 int nfs_export_check_security(struct svc_req *ptr_req, exportlist_t * pexport); 00408 00409 int nfs_export_tag2path(exportlist_t * exportroot, char *tag, int taglen, char *path, 00410 int pathlen); 00411 00412 #endif /* _NFS_EXPORTS_H */
1.7.3