reactos/base/services/nfsd/nfs41_client.c

442 lines
13 KiB
C

/* NFSv4.1 client for Windows
* Copyright © 2012 The Regents of the University of Michigan
*
* Olga Kornievskaia <aglo@umich.edu>
* Casey Bodley <cbodley@umich.edu>
*
* This library is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at
* your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* without any warranty; without even the implied warranty of merchantability
* or fitness for a particular purpose. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA
*/
#include <windows.h>
#include <stdio.h>
#include <time.h>
#include <winsock2.h>
#include <iphlpapi.h> /* for GetAdaptersAddresses() */
#include <wincrypt.h> /* for Crypt*() functions */
#include <winsock2.h> /* for hostent struct */
#include "tree.h"
#include "delegation.h"
#include "daemon_debug.h"
#include "nfs41_ops.h"
uint32_t nfs41_exchange_id_flags(
IN bool_t is_data)
{
uint32_t flags = EXCHGID4_FLAG_SUPP_MOVED_REFER;
if (is_data)
flags |= EXCHGID4_FLAG_USE_PNFS_DS;
else
flags |= EXCHGID4_FLAG_USE_NON_PNFS | EXCHGID4_FLAG_USE_PNFS_MDS;
return flags;
}
static int pnfs_client_init(
IN nfs41_client *client)
{
enum pnfs_status pnfsstat;
int status = NO_ERROR;
/* initialize the pnfs layout and device lists for metadata clients */
pnfsstat = pnfs_layout_list_create(&client->layouts);
if (pnfsstat) {
status = ERROR_NOT_ENOUGH_MEMORY;
goto out;
}
pnfsstat = pnfs_file_device_list_create(&client->devices);
if (pnfsstat) {
status = ERROR_NOT_ENOUGH_MEMORY;
goto out_err_layouts;
}
out:
return status;
out_err_layouts:
pnfs_layout_list_free(client->layouts);
client->layouts = NULL;
goto out;
}
static int update_server(
IN nfs41_client *client,
IN const char *server_scope,
IN const server_owner4 *owner)
{
nfs41_server *server;
int status;
/* find a server matching the owner.major_id and scope */
status = nfs41_server_find_or_create(owner->so_major_id,
server_scope, nfs41_rpc_netaddr(client->rpc), &server);
if (status)
goto out;
/* if the server is the same, we now have an extra reference. if
* the servers are different, we still need to deref the old server.
* so both cases can be treated the same */
if (client->server)
nfs41_server_deref(client->server);
client->server = server;
out:
return status;
}
static int update_exchangeid_res(
IN nfs41_client *client,
IN const nfs41_exchange_id_res *exchangeid)
{
client->clnt_id = exchangeid->clientid;
client->seq_id = exchangeid->sequenceid;
client->roles = exchangeid->flags & EXCHGID4_FLAG_MASK_PNFS;
return update_server(client, exchangeid->server_scope,
&exchangeid->server_owner);
}
int nfs41_client_create(
IN nfs41_rpc_clnt *rpc,
IN const client_owner4 *owner,
IN bool_t is_data,
IN const nfs41_exchange_id_res *exchangeid,
OUT nfs41_client **client_out)
{
int status;
nfs41_client *client;
client = calloc(1, sizeof(nfs41_client));
if (client == NULL) {
status = GetLastError();
goto out_err_rpc;
}
memcpy(&client->owner, owner, sizeof(client_owner4));
client->rpc = rpc;
client->is_data = is_data;
status = update_exchangeid_res(client, exchangeid);
if (status)
goto out_err_client;
list_init(&client->state.opens);
list_init(&client->state.delegations);
InitializeCriticalSection(&client->state.lock);
//initialize a lock used to protect access to client id and client id seq#
InitializeSRWLock(&client->exid_lock);
InitializeConditionVariable(&client->recovery.cond);
InitializeCriticalSection(&client->recovery.lock);
status = pnfs_client_init(client);
if (status) {
eprintf("pnfs_client_init() failed with %d\n", status);
goto out_err_client;
}
*client_out = client;
out:
return status;
out_err_client:
nfs41_client_free(client); /* also calls nfs41_rpc_clnt_free() */
goto out;
out_err_rpc:
nfs41_rpc_clnt_free(rpc);
goto out;
}
static void dprint_roles(
IN int level,
IN uint32_t roles)
{
dprintf(level, "roles: %s%s%s\n",
(roles & EXCHGID4_FLAG_USE_NON_PNFS) ? "USE_NON_PNFS " : "",
(roles & EXCHGID4_FLAG_USE_PNFS_MDS) ? "USE_PNFS_MDS " : "",
(roles & EXCHGID4_FLAG_USE_PNFS_DS) ? "USE_PNFS_DS" : "");
}
int nfs41_client_renew(
IN nfs41_client *client)
{
nfs41_exchange_id_res exchangeid = { 0 };
int status;
status = nfs41_exchange_id(client->rpc, &client->owner,
nfs41_exchange_id_flags(client->is_data), &exchangeid);
if (status) {
eprintf("nfs41_exchange_id() failed with %d\n", status);
status = ERROR_BAD_NET_RESP;
goto out;
}
if (client->is_data) { /* require USE_PNFS_DS */
if ((exchangeid.flags & EXCHGID4_FLAG_USE_PNFS_DS) == 0) {
eprintf("client expected USE_PNFS_DS\n");
status = ERROR_BAD_NET_RESP;
goto out;
}
} else { /* require USE_NON_PNFS or USE_PNFS_MDS */
if ((exchangeid.flags & EXCHGID4_FLAG_USE_NON_PNFS) == 0 &&
(exchangeid.flags & EXCHGID4_FLAG_USE_PNFS_MDS) == 0) {
eprintf("client expected USE_NON_PNFS OR USE_PNFS_MDS\n");
status = ERROR_BAD_NET_RESP;
goto out;
}
}
dprint_roles(2, exchangeid.flags);
AcquireSRWLockExclusive(&client->exid_lock);
status = update_exchangeid_res(client, &exchangeid);
ReleaseSRWLockExclusive(&client->exid_lock);
out:
return status;
}
void nfs41_client_free(
IN nfs41_client *client)
{
dprintf(2, "nfs41_client_free(%llu)\n", client->clnt_id);
nfs41_client_delegation_free(client);
if (client->session) nfs41_session_free(client->session);
nfs41_destroy_clientid(client->rpc, client->clnt_id);
if (client->server) nfs41_server_deref(client->server);
nfs41_rpc_clnt_free(client->rpc);
if (client->layouts) pnfs_layout_list_free(client->layouts);
if (client->devices) pnfs_file_device_list_free(client->devices);
DeleteCriticalSection(&client->state.lock);
DeleteCriticalSection(&client->recovery.lock);
free(client);
}
/* client_owner generation
* we choose to use MAC addresses to generate a client_owner value that
* is unique to a machine and persists over restarts. because the client
* can have multiple network adapters/addresses, we take each adapter into
* account. the specification suggests that "for privacy reasons, it is
* best to perform some one-way function," so we apply an md5 hash to the
* sorted list of MAC addresses */
/* References:
* RFC 5661: 2.4. Client Identifiers and Client Owners
* http://tools.ietf.org/html/rfc5661#section-2.4
*
* MSDN: GetAdaptersAddresses Function
* http://msdn.microsoft.com/en-us/library/aa365915%28VS.85%29.aspx
*
* MSDN: Example C Program: Creating an MD5 Hash from File Content
* http://msdn.microsoft.com/en-us/library/aa382380%28VS.85%29.aspx */
/* use an rbtree to sort mac address entries */
struct mac_entry {
RB_ENTRY(mac_entry) rbnode;
PBYTE address;
ULONG length;
};
int mac_cmp(struct mac_entry *lhs, struct mac_entry *rhs)
{
const int diff = rhs->length - lhs->length;
return diff ? diff : strncmp((const char*)lhs->address,
(const char*)rhs->address, lhs->length);
}
RB_HEAD(mac_tree, mac_entry);
RB_GENERATE(mac_tree, mac_entry, rbnode, mac_cmp)
static void mac_entry_insert(
IN struct mac_tree *root,
IN PBYTE address,
IN ULONG length)
{
struct mac_entry *entry;
entry = calloc(1, sizeof(struct mac_entry));
if (entry == NULL)
return;
entry->address = address;
entry->length = length;
if (RB_INSERT(mac_tree, root, entry))
free(entry);
}
static int adapter_valid(
IN const IP_ADAPTER_ADDRESSES *addr)
{
/* ignore generic interfaces whose address is not unique */
switch (addr->IfType) {
case IF_TYPE_SOFTWARE_LOOPBACK:
case IF_TYPE_TUNNEL:
return 0;
}
/* must have an address */
if (addr->PhysicalAddressLength == 0)
return 0;
#ifndef __REACTOS__
/* must support ip */
return addr->Ipv4Enabled || addr->Ipv6Enabled;
#else
return 1;
#endif
}
static DWORD hash_mac_addrs(
IN HCRYPTHASH hash)
{
PIP_ADAPTER_ADDRESSES addr, addrs = NULL;
struct mac_tree rbtree = RB_INITIALIZER(rbtree);
struct mac_entry *entry, *node;
ULONG len;
DWORD status;
/* start with enough room for DEFAULT_MINIMUM_ENTITIES */
len = DEFAULT_MINIMUM_ENTITIES * sizeof(IP_ADAPTER_ADDRESSES);
do {
PIP_ADAPTER_ADDRESSES tmp;
/* reallocate the buffer until we can fit all of it */
tmp = realloc(addrs, len);
if (tmp == NULL) {
status = GetLastError();
goto out;
}
addrs = tmp;
status = GetAdaptersAddresses(AF_UNSPEC,
GAA_FLAG_INCLUDE_ALL_INTERFACES | GAA_FLAG_SKIP_ANYCAST |
GAA_FLAG_SKIP_DNS_SERVER | GAA_FLAG_SKIP_FRIENDLY_NAME |
GAA_FLAG_SKIP_MULTICAST | GAA_FLAG_SKIP_UNICAST,
NULL, addrs, &len);
} while (status == ERROR_BUFFER_OVERFLOW);
if (status) {
eprintf("GetAdaptersAddresses() failed with %d\n", status);
goto out;
}
/* get the mac address of each adapter */
for (addr = addrs; addr; addr = addr->Next)
if (adapter_valid(addr))
mac_entry_insert(&rbtree, addr->PhysicalAddress,
addr->PhysicalAddressLength);
/* require at least one valid address */
if (RB_EMPTY(&rbtree)) {
status = ERROR_FILE_NOT_FOUND;
eprintf("GetAdaptersAddresses() did not return "
"any valid mac addresses, failing with %d.\n", status);
goto out;
}
RB_FOREACH_SAFE(entry, mac_tree, &rbtree, node) {
RB_REMOVE(mac_tree, &rbtree, entry);
if (!CryptHashData(hash, entry->address, entry->length, 0)) {
status = GetLastError();
eprintf("CryptHashData() failed with %d\n", status);
/* don't break here, we need to free the rest */
}
free(entry);
}
out:
free(addrs);
return status;
}
int nfs41_client_owner(
IN const char *name,
IN uint32_t sec_flavor,
OUT client_owner4 *owner)
{
HCRYPTPROV context;
HCRYPTHASH hash;
PBYTE buffer;
DWORD length;
const ULONGLONG time_created = GetTickCount64();
int status;
char username[UNLEN + 1];
DWORD len = UNLEN + 1;
if (!GetUserNameA(username, &len)) {
status = GetLastError();
eprintf("GetUserName() failed with %d\n", status);
goto out;
}
/* owner.verifier = "time created" */
memcpy(owner->co_verifier, &time_created, sizeof(time_created));
/* set up the md5 hash generator */
if (!CryptAcquireContext(&context, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
status = GetLastError();
eprintf("CryptAcquireContext() failed with %d\n", status);
goto out;
}
if (!CryptCreateHash(context, CALG_MD5, 0, 0, &hash)) {
status = GetLastError();
eprintf("CryptCreateHash() failed with %d\n", status);
goto out_context;
}
if (!CryptHashData(hash, (const BYTE*)&sec_flavor, (DWORD)sizeof(sec_flavor), 0)) {
status = GetLastError();
eprintf("CryptHashData() failed with %d\n", status);
goto out_hash;
}
if (!CryptHashData(hash, (const BYTE*)username, (DWORD)strlen(username), 0)) {
status = GetLastError();
eprintf("CryptHashData() failed with %d\n", status);
goto out_hash;
}
if (!CryptHashData(hash, (const BYTE*)name, (DWORD)strlen(name), 0)) {
status = GetLastError();
eprintf("CryptHashData() failed with %d\n", status);
goto out_hash;
}
/* add the mac address from each applicable adapter to the hash */
status = hash_mac_addrs(hash);
if (status) {
eprintf("hash_mac_addrs() failed with %d\n", status);
goto out_hash;
}
/* extract the hash size (should always be 16 for md5) */
buffer = (PBYTE)&owner->co_ownerid_len;
length = (DWORD)sizeof(DWORD);
if (!CryptGetHashParam(hash, HP_HASHSIZE, buffer, &length, 0)) {
status = GetLastError();
eprintf("CryptGetHashParam(size) failed with %d\n", status);
goto out_hash;
}
/* extract the hash buffer */
buffer = owner->co_ownerid;
length = owner->co_ownerid_len;
if (!CryptGetHashParam(hash, HP_HASHVAL, buffer, &length, 0)) {
status = GetLastError();
eprintf("CryptGetHashParam(val) failed with %d\n", status);
goto out_hash;
}
out_hash:
CryptDestroyHash(hash);
out_context:
CryptReleaseContext(context, 0);
out:
return status;
}