9fc2f99030
Two significant security enhancements are part of this release: * NFSD's RPC header encoding and decoding, including RPCSEC GSS and gssproxy header parsing, has been overhauled to make it more memory-safe. * Support for Kerberos AES-SHA2-based encryption types has been added for both the NFS client and server. This provides a clean path for deprecating and removing insecure encryption types based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with Kerberos may now be used on systems with fips enabled. In addition to these, NFSD is now able to handle crossing into an auto-mounted mount point on an exported NFS mount. A number of fixes have been made to NFSD's server-side copy implementation. RPC metrics have been converted to per-CPU variables. This helps reduce unnecessary cross-CPU and cross-node memory bus traffic, and significantly reduces noise when KCSAN is enabled. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmPzgiYACgkQM2qzM29m f5dB2A//eqjpj+FgAN+UjygrwMC4ahAsPX3Sc3FG8/lTAiao3NFVFY2gxAiCPyVE CFk+tUyfL23oXvbyfIBe3LhxSBOf621xU6up2OzqAzJqh1Q9iUWB6as3I14to8ZU sWpxXo5ofwk1hzkbrvOAVkyfY0emwsr00iBeWMawkpBe8FZEQA31OYj3/xHr6bBI zEVlZPBZAZlp0DZ74tb+bBLs/EOnqKj+XLWcogCH13JB3sn2umF6cQNkYgsxvHGa TNQi4LEdzWZGme242LfBRiGGwm1xuVIjlAhYV/R1wIjaknE3QBzqfXc6lJx74WII HaqpRJGrKqdo7B+1gaXCl/AMS7YluED1CBrxuej0wBG7l2JEB7m2MFMQ4LTQjgsn nrr3P70DgbB4LuPCPyUS7dtsMmUXabIqP7niiCR4T1toH6lBmHAgEi4cFmkzg7Cd EoFzn888mtDpfx4fghcsRWS5oKXEzbPJfu5+IZOD63+UB+NGpi0Xo2s23sJPK8vz kqK/X63JYOUxWUvK0zkj/c/wW1cLqIaBwnSKbShou5/BL+cZVI+uJYrnEesgpoB2 5fh/cZv3hdcoOPO7OfcjCLQYy4J6RCWajptnk/hcS3lMvBTBrnq697iAqCVURDKU Xfmlf7XbBwje+sk4eHgqVGEqqVjrEmoqbmA2OS44WSS5LDvxXdI= =ZG/7 -----END PGP SIGNATURE----- Merge tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux Pull nfsd updates from Chuck Lever: "Two significant security enhancements are part of this release: - NFSD's RPC header encoding and decoding, including RPCSEC GSS and gssproxy header parsing, has been overhauled to make it more memory-safe. - Support for Kerberos AES-SHA2-based encryption types has been added for both the NFS client and server. This provides a clean path for deprecating and removing insecure encryption types based on DES and SHA-1. AES-SHA2 is also FIPS-140 compliant, so that NFS with Kerberos may now be used on systems with fips enabled. In addition to these, NFSD is now able to handle crossing into an auto-mounted mount point on an exported NFS mount. A number of fixes have been made to NFSD's server-side copy implementation. RPC metrics have been converted to per-CPU variables. This helps reduce unnecessary cross-CPU and cross-node memory bus traffic, and significantly reduces noise when KCSAN is enabled" * tag 'nfsd-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (121 commits) NFSD: Clean up nfsd_symlink() NFSD: copy the whole verifier in nfsd_copy_write_verifier nfsd: don't fsync nfsd_files on last close SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open NFSD: fix problems with cleanup on errors in nfsd4_copy nfsd: fix race to check ls_layouts nfsd: don't hand out delegation on setuid files being opened for write SUNRPC: Remove ->xpo_secure_port() SUNRPC: Clean up the svc_xprt_flags() macro nfsd: remove fs/nfsd/fault_inject.c NFSD: fix leaked reference count of nfsd4_ssc_umount_item nfsd: clean up potential nfsd_file refcount leaks in COPY codepath nfsd: zero out pointers after putting nfsd_files on COPY setup error SUNRPC: Fix whitespace damage in svcauth_unix.c nfsd: eliminate __nfs4_get_fd nfsd: add some kerneldoc comments for stateid preprocessing functions nfsd: eliminate find_deleg_file_locked nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS SUNRPC: Add encryption self-tests ...
280 lines
6.7 KiB
C
280 lines
6.7 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Process version 3 NFSACL requests.
|
|
*
|
|
* Copyright (C) 2002-2003 Andreas Gruenbacher <agruen@suse.de>
|
|
*/
|
|
|
|
#include "nfsd.h"
|
|
/* FIXME: nfsacl.h is a broken header */
|
|
#include <linux/nfsacl.h>
|
|
#include <linux/gfp.h>
|
|
#include "cache.h"
|
|
#include "xdr3.h"
|
|
#include "vfs.h"
|
|
|
|
/*
|
|
* NULL call.
|
|
*/
|
|
static __be32
|
|
nfsd3_proc_null(struct svc_rqst *rqstp)
|
|
{
|
|
return rpc_success;
|
|
}
|
|
|
|
/*
|
|
* Get the Access and/or Default ACL of a file.
|
|
*/
|
|
static __be32 nfsd3_proc_getacl(struct svc_rqst *rqstp)
|
|
{
|
|
struct nfsd3_getaclargs *argp = rqstp->rq_argp;
|
|
struct nfsd3_getaclres *resp = rqstp->rq_resp;
|
|
struct posix_acl *acl;
|
|
struct inode *inode;
|
|
svc_fh *fh;
|
|
|
|
fh = fh_copy(&resp->fh, &argp->fh);
|
|
resp->status = fh_verify(rqstp, &resp->fh, 0, NFSD_MAY_NOP);
|
|
if (resp->status != nfs_ok)
|
|
goto out;
|
|
|
|
inode = d_inode(fh->fh_dentry);
|
|
|
|
if (argp->mask & ~NFS_ACL_MASK) {
|
|
resp->status = nfserr_inval;
|
|
goto out;
|
|
}
|
|
resp->mask = argp->mask;
|
|
|
|
if (resp->mask & (NFS_ACL|NFS_ACLCNT)) {
|
|
acl = get_inode_acl(inode, ACL_TYPE_ACCESS);
|
|
if (acl == NULL) {
|
|
/* Solaris returns the inode's minimum ACL. */
|
|
acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
|
|
}
|
|
if (IS_ERR(acl)) {
|
|
resp->status = nfserrno(PTR_ERR(acl));
|
|
goto fail;
|
|
}
|
|
resp->acl_access = acl;
|
|
}
|
|
if (resp->mask & (NFS_DFACL|NFS_DFACLCNT)) {
|
|
/* Check how Solaris handles requests for the Default ACL
|
|
of a non-directory! */
|
|
acl = get_inode_acl(inode, ACL_TYPE_DEFAULT);
|
|
if (IS_ERR(acl)) {
|
|
resp->status = nfserrno(PTR_ERR(acl));
|
|
goto fail;
|
|
}
|
|
resp->acl_default = acl;
|
|
}
|
|
|
|
/* resp->acl_{access,default} are released in nfs3svc_release_getacl. */
|
|
out:
|
|
return rpc_success;
|
|
|
|
fail:
|
|
posix_acl_release(resp->acl_access);
|
|
posix_acl_release(resp->acl_default);
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* Set the Access and/or Default ACL of a file.
|
|
*/
|
|
static __be32 nfsd3_proc_setacl(struct svc_rqst *rqstp)
|
|
{
|
|
struct nfsd3_setaclargs *argp = rqstp->rq_argp;
|
|
struct nfsd3_attrstat *resp = rqstp->rq_resp;
|
|
struct inode *inode;
|
|
svc_fh *fh;
|
|
int error;
|
|
|
|
fh = fh_copy(&resp->fh, &argp->fh);
|
|
resp->status = fh_verify(rqstp, &resp->fh, 0, NFSD_MAY_SATTR);
|
|
if (resp->status != nfs_ok)
|
|
goto out;
|
|
|
|
inode = d_inode(fh->fh_dentry);
|
|
|
|
error = fh_want_write(fh);
|
|
if (error)
|
|
goto out_errno;
|
|
|
|
inode_lock(inode);
|
|
|
|
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_ACCESS,
|
|
argp->acl_access);
|
|
if (error)
|
|
goto out_drop_lock;
|
|
error = set_posix_acl(&nop_mnt_idmap, fh->fh_dentry, ACL_TYPE_DEFAULT,
|
|
argp->acl_default);
|
|
|
|
out_drop_lock:
|
|
inode_unlock(inode);
|
|
fh_drop_write(fh);
|
|
out_errno:
|
|
resp->status = nfserrno(error);
|
|
out:
|
|
/* argp->acl_{access,default} may have been allocated in
|
|
nfs3svc_decode_setaclargs. */
|
|
posix_acl_release(argp->acl_access);
|
|
posix_acl_release(argp->acl_default);
|
|
return rpc_success;
|
|
}
|
|
|
|
/*
|
|
* XDR decode functions
|
|
*/
|
|
|
|
static bool
|
|
nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, struct xdr_stream *xdr)
|
|
{
|
|
struct nfsd3_getaclargs *args = rqstp->rq_argp;
|
|
|
|
if (!svcxdr_decode_nfs_fh3(xdr, &args->fh))
|
|
return false;
|
|
if (xdr_stream_decode_u32(xdr, &args->mask) < 0)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static bool
|
|
nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, struct xdr_stream *xdr)
|
|
{
|
|
struct nfsd3_setaclargs *argp = rqstp->rq_argp;
|
|
|
|
if (!svcxdr_decode_nfs_fh3(xdr, &argp->fh))
|
|
return false;
|
|
if (xdr_stream_decode_u32(xdr, &argp->mask) < 0)
|
|
return false;
|
|
if (argp->mask & ~NFS_ACL_MASK)
|
|
return false;
|
|
if (!nfs_stream_decode_acl(xdr, NULL, (argp->mask & NFS_ACL) ?
|
|
&argp->acl_access : NULL))
|
|
return false;
|
|
if (!nfs_stream_decode_acl(xdr, NULL, (argp->mask & NFS_DFACL) ?
|
|
&argp->acl_default : NULL))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* XDR encode functions
|
|
*/
|
|
|
|
/* GETACL */
|
|
static bool
|
|
nfs3svc_encode_getaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr)
|
|
{
|
|
struct nfsd3_getaclres *resp = rqstp->rq_resp;
|
|
struct dentry *dentry = resp->fh.fh_dentry;
|
|
struct inode *inode;
|
|
|
|
if (!svcxdr_encode_nfsstat3(xdr, resp->status))
|
|
return false;
|
|
switch (resp->status) {
|
|
case nfs_ok:
|
|
inode = d_inode(dentry);
|
|
if (!svcxdr_encode_post_op_attr(rqstp, xdr, &resp->fh))
|
|
return false;
|
|
if (xdr_stream_encode_u32(xdr, resp->mask) < 0)
|
|
return false;
|
|
|
|
if (!nfs_stream_encode_acl(xdr, inode, resp->acl_access,
|
|
resp->mask & NFS_ACL, 0))
|
|
return false;
|
|
if (!nfs_stream_encode_acl(xdr, inode, resp->acl_default,
|
|
resp->mask & NFS_DFACL,
|
|
NFS_ACL_DEFAULT))
|
|
return false;
|
|
break;
|
|
default:
|
|
if (!svcxdr_encode_post_op_attr(rqstp, xdr, &resp->fh))
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/* SETACL */
|
|
static bool
|
|
nfs3svc_encode_setaclres(struct svc_rqst *rqstp, struct xdr_stream *xdr)
|
|
{
|
|
struct nfsd3_attrstat *resp = rqstp->rq_resp;
|
|
|
|
return svcxdr_encode_nfsstat3(xdr, resp->status) &&
|
|
svcxdr_encode_post_op_attr(rqstp, xdr, &resp->fh);
|
|
}
|
|
|
|
/*
|
|
* XDR release functions
|
|
*/
|
|
static void nfs3svc_release_getacl(struct svc_rqst *rqstp)
|
|
{
|
|
struct nfsd3_getaclres *resp = rqstp->rq_resp;
|
|
|
|
fh_put(&resp->fh);
|
|
posix_acl_release(resp->acl_access);
|
|
posix_acl_release(resp->acl_default);
|
|
}
|
|
|
|
struct nfsd3_voidargs { int dummy; };
|
|
|
|
#define ST 1 /* status*/
|
|
#define AT 21 /* attributes */
|
|
#define pAT (1+AT) /* post attributes - conditional */
|
|
#define ACL (1+NFS_ACL_MAX_ENTRIES*3) /* Access Control List */
|
|
|
|
static const struct svc_procedure nfsd_acl_procedures3[3] = {
|
|
[ACLPROC3_NULL] = {
|
|
.pc_func = nfsd3_proc_null,
|
|
.pc_decode = nfssvc_decode_voidarg,
|
|
.pc_encode = nfssvc_encode_voidres,
|
|
.pc_argsize = sizeof(struct nfsd_voidargs),
|
|
.pc_argzero = sizeof(struct nfsd_voidargs),
|
|
.pc_ressize = sizeof(struct nfsd_voidres),
|
|
.pc_cachetype = RC_NOCACHE,
|
|
.pc_xdrressize = ST,
|
|
.pc_name = "NULL",
|
|
},
|
|
[ACLPROC3_GETACL] = {
|
|
.pc_func = nfsd3_proc_getacl,
|
|
.pc_decode = nfs3svc_decode_getaclargs,
|
|
.pc_encode = nfs3svc_encode_getaclres,
|
|
.pc_release = nfs3svc_release_getacl,
|
|
.pc_argsize = sizeof(struct nfsd3_getaclargs),
|
|
.pc_argzero = sizeof(struct nfsd3_getaclargs),
|
|
.pc_ressize = sizeof(struct nfsd3_getaclres),
|
|
.pc_cachetype = RC_NOCACHE,
|
|
.pc_xdrressize = ST+1+2*(1+ACL),
|
|
.pc_name = "GETACL",
|
|
},
|
|
[ACLPROC3_SETACL] = {
|
|
.pc_func = nfsd3_proc_setacl,
|
|
.pc_decode = nfs3svc_decode_setaclargs,
|
|
.pc_encode = nfs3svc_encode_setaclres,
|
|
.pc_release = nfs3svc_release_fhandle,
|
|
.pc_argsize = sizeof(struct nfsd3_setaclargs),
|
|
.pc_argzero = sizeof(struct nfsd3_setaclargs),
|
|
.pc_ressize = sizeof(struct nfsd3_attrstat),
|
|
.pc_cachetype = RC_NOCACHE,
|
|
.pc_xdrressize = ST+pAT,
|
|
.pc_name = "SETACL",
|
|
},
|
|
};
|
|
|
|
static DEFINE_PER_CPU_ALIGNED(unsigned long,
|
|
nfsd_acl_count3[ARRAY_SIZE(nfsd_acl_procedures3)]);
|
|
const struct svc_version nfsd_acl_version3 = {
|
|
.vs_vers = 3,
|
|
.vs_nproc = ARRAY_SIZE(nfsd_acl_procedures3),
|
|
.vs_proc = nfsd_acl_procedures3,
|
|
.vs_count = nfsd_acl_count3,
|
|
.vs_dispatch = nfsd_dispatch,
|
|
.vs_xdrsize = NFS3_SVC_XDRSIZE,
|
|
};
|
|
|