Page MenuHomeFreeBSD
Differential D25869 Diff 75175 sys/fs/nfsserver/nfs_nfsdkrpc.c

Changeset View

Standalone View

View Options

sys/fs/nfsserver/nfs_nfsdkrpc.c

Show All 40 Lines
#include <fs/nfs/nfsport.h> #include <fs/nfs/nfsport.h>
#include <rpc/rpc.h> #include <rpc/rpc.h>
#include <rpc/rpcsec_gss.h> #include <rpc/rpcsec_gss.h>
#include <fs/nfsserver/nfs_fha_new.h> #include <fs/nfsserver/nfs_fha_new.h>
#include <security/audit/audit.h>
#include <security/mac/mac_framework.h> #include <security/mac/mac_framework.h>
NFSDLOCKMUTEX; NFSDLOCKMUTEX;
NFSV4ROOTLOCKMUTEX; NFSV4ROOTLOCKMUTEX;
struct nfsv4lock nfsd_suspend_lock; struct nfsv4lock nfsd_suspend_lock;
char *nfsrv_zeropnfsdat = NULL; char *nfsrv_zeropnfsdat = NULL;
/* /*
▲ Show 20 LinesShow All 320 Lines▼ Show 20 Linesnfs_proc(struct nfsrv_descript *nd, u_int32_t xid, SVCXPRT *xprt,
* Handle the request. There are three cases. * Handle the request. There are three cases.
* RC_DOIT - do the RPC * RC_DOIT - do the RPC
* RC_REPLY - return the reply already created * RC_REPLY - return the reply already created
* RC_DROPIT - just throw the request away * RC_DROPIT - just throw the request away
*/ */
if (cacherep == RC_DOIT) { if (cacherep == RC_DOIT) {
if ((nd->nd_flag & ND_NFSV41) != 0) if ((nd->nd_flag & ND_NFSV41) != 0)
nd->nd_xprt = xprt; nd->nd_xprt = xprt;
AUDIT_NFSRPC_ENTER(nd, curthread);
asomersUnsubmitted
Done
Inline Actions

What's different about NFSv4 here?

asomers: What's different about NFSv4 here?
shivankAuthorUnsubmitted
Done
Inline Actions

NFSv4 audit support is in separate feature branch here. Due to NFSv4's slightly different nature ( 1 compound RPC and numbers of suboperations in it ), I audit each of its sub-operation in nfsrvd_compound() by adding AUDIT_NFSRPC_ENTER/EXIT like this.

shivank: NFSv4 audit support is in separate feature branch [[ https://github.
asomersUnsubmitted
Done
Inline Actions

I get it. NFSv4 goes through this code path, but it's pointless to audit arguments for the compound RPC. You'll audit the operations instead.

asomers: I get it. NFSv4 goes through this code path, but it's pointless to audit arguments for the…
AUDIT_NFSARG_NETSOCKADDR(nd, nd->nd_nam);
nfsrvd_dorpc(nd, isdgram, tagstr, taglen, minorvers); nfsrvd_dorpc(nd, isdgram, tagstr, taglen, minorvers);
asomersUnsubmitted
Done
Inline Actions

This code will only audit one of the two nd_nam fields. But both fields can be used at the same time. Can you audit both instead?

asomers: This code will only audit one of the two nd_nam fields. But both fields can be used at the…
shivankAuthorUnsubmitted
Done
Inline Actions
nd.nd_nam = svc_getrpccaller(rqst);
nd.nd_nam2 = rqst->rq_addr;

and,

#define svc_getrpccaller(rq)					\
	((rq)->rq_addr ? (rq)->rq_addr :			\
	    (struct sockaddr *) &(rq)->rq_xprt->xp_rtaddr)

So, when(TCP) nd_nam2 == NULL, nd_nam is client sockaddr. And, when(UDP) nd_nam2 != NULL, nd_nam and nd_nam2 are same. Therefore, Only one need to be audited.

shivank: ``` nd.nd_nam = svc_getrpccaller(rqst); nd.nd_nam2 = rqst->rq_addr; ``` and, ``` #define…
asomersUnsubmitted
Done
Inline Actions

Hm, it looks like nd_nam2 is really just a glorified boolean: it's either null or not null. So we could audit it that way. The comment says that it indicates whether the mount uses TCP. But from a security auditing perspective, who cares? I think you should just ignore it.

asomers: Hm, it looks like nd_nam2 is really just a glorified boolean: it's either null or not null. So…
rmacklemUnsubmitted
Done
Inline Actions

Yep. If you really want the history behind this, it goes something like this...
A few years ago when this was written (about 1987), UDP passed the client
address up through soreceive() as an mbuf of type MT_SONAME, so nd_nam2
was an mbuf ptr.

For TCP (it was the first NFS over TCP implementation ever done as far as I know),
nd_nam was filled in by the kernel variant of getpeername() and was a struct sockaddr *.

Since the code used the client address for exports checking, the one in the mbuf
(nd_nam2) was copied to nd_nam to simplify this checking.

This was all long before the kernel RPC came along and nd_nam2 has just lived on.
(It is filled in from a slightly different place in the krpc code, but I don't believe it
can ever be different than nd_nam for UDP and is just NULL for TCP.)

rmacklem: Yep. If you really want the history behind this, it goes something like this... A few years ago…
AUDIT_NFSRPC_EXIT(nd, curthread);
if ((nd->nd_flag & ND_NFSV41) != 0) { if ((nd->nd_flag & ND_NFSV41) != 0) {
if (nd->nd_repstat != NFSERR_REPLYFROMCACHE && if (nd->nd_repstat != NFSERR_REPLYFROMCACHE &&
(nd->nd_flag & ND_SAVEREPLY) != 0) { (nd->nd_flag & ND_SAVEREPLY) != 0) {
/* Cache a copy of the reply. */ /* Cache a copy of the reply. */
m = m_copym(nd->nd_mreq, 0, M_COPYALL, m = m_copym(nd->nd_mreq, 0, M_COPYALL,
M_WAITOK); M_WAITOK);
} else } else
m = NULL; m = NULL;
▲ Show 20 LinesShow All 202 LinesShow Last 20 Lines