2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
13 #include <afsconfig.h>
14 #include "afs/param.h"
18 #include "afs/sysincludes.h" /* Standard vendor system headers */
21 #if !defined(AFS_LINUX20_ENV)
24 #include <netinet/in.h>
27 #include "h/hashing.h"
29 #if !defined(AFS_HPUX110_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV)
30 #include <netinet/in_var.h>
31 #endif /* ! AFS_HPUX110_ENV */
32 #endif /* !defined(UKERNEL) */
34 #include "afsincludes.h" /* Afs-based standard headers */
35 #include "afs/afs_stats.h" /* afs statistics */
37 #if defined(AFS_SUN56_ENV)
39 #include <inet/common.h>
40 #if defined(AFS_SUN58_ENV)
41 #include <netinet/ip6.h>
46 /* Exported variables */
47 afs_rwlock_t afs_xconn; /* allocation lock for new things */
48 afs_rwlock_t afs_xinterface; /* for multiple client address */
49 afs_int32 cryptall = 0; /* encrypt all communications */
52 unsigned int VNOSERVERS = 0;
55 * Pick a security object to use for a connection to a given server,
59 * The AFS connection for which the security object is required
60 * @param[out] secLevel
61 * The security level of the returned object
64 * An rx security object. This function is guaranteed to return
65 * an object, although that object may be rxnull (with a secLevel
68 static struct rx_securityClass *
69 afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
71 struct rx_securityClass *secObj = NULL;
72 union tokenUnion *token;
74 /* Do we have tokens ? */
75 if (conn->user->states & UHasTokens) {
76 token = afs_FindToken(conn->user->tokens, RX_SECIDX_KAD);
78 *secLevel = RX_SECIDX_KAD;
79 /* kerberos tickets on channel 2 */
80 secObj = rxkad_NewClientSecurityObject(
81 cryptall ? rxkad_crypt : rxkad_clear,
82 (struct ktc_encryptionKey *)
83 token->rxkad.clearToken.HandShakeKey,
84 token->rxkad.clearToken.AuthHandle,
85 token->rxkad.ticketLen, token->rxkad.ticket);
86 /* We're going to use this token, so populate the viced */
87 conn->user->viceId = token->rxkad.clearToken.ViceId;
92 secObj = rxnull_NewClientSecurityObject();
100 * Try setting up a connection to the server containing the specified fid.
101 * Gets the volume, checks if it's up and does the connection by server address.
104 * @param areq Request filled in by the caller.
105 * @param locktype Type of lock that will be used.
107 * @return The conn struct, or NULL.
110 afs_Conn(struct VenusFid *afid, struct vrequest *areq,
113 u_short fsport = AFS_FSPORT;
115 struct afs_conn *tconn = NULL;
116 struct srvAddr *lowp = NULL;
120 struct srvAddr *sa1p;
122 AFS_STATCNT(afs_Conn);
123 /* Get fid's volume. */
124 tv = afs_GetVolume(afid, areq, READ_LOCK);
127 afs_FinalizeReq(areq);
128 areq->volumeError = 1;
133 if (tv->serverHost[0] && tv->serverHost[0]->cell) {
134 fsport = tv->serverHost[0]->cell->fsport;
139 /* First is always lowest rank, if it's up */
140 if ((tv->status[0] == not_busy) && tv->serverHost[0]
141 && !(tv->serverHost[0]->addr->sa_flags & SRVR_ISDOWN) &&
142 !(((areq->idleError > 0) || (areq->tokenError > 0))
143 && (areq->skipserver[0] == 1)))
144 lowp = tv->serverHost[0]->addr;
146 /* Otherwise we look at all of them. There are seven levels of
147 * not_busy. This means we will check a volume seven times before it
148 * is marked offline. Ideally, we only need two levels, but this
149 * serves a second purpose of waiting some number of seconds before
150 * the client decides the volume is offline (ie: a clone could finish
153 for (notbusy = not_busy; (!lowp && (notbusy <= end_not_busy)); notbusy++) {
154 for (i = 0; i < AFS_MAXHOSTS && tv->serverHost[i]; i++) {
155 if (((areq->tokenError > 0)||(areq->idleError > 0))
156 && (areq->skipserver[i] == 1))
158 if (tv->status[i] != notbusy) {
159 if (tv->status[i] == rd_busy || tv->status[i] == rdwr_busy) {
160 if (!areq->busyCount)
162 } else if (tv->status[i] == offline) {
163 if (!areq->volumeError)
164 areq->volumeError = VOLMISSING;
168 for (sa1p = tv->serverHost[i]->addr; sa1p; sa1p = sa1p->next_sa) {
169 if (sa1p->sa_flags & SRVR_ISDOWN)
171 if (!lowp || (lowp->sa_iprank > sa1p->sa_iprank))
176 afs_PutVolume(tv, READ_LOCK);
179 tu = afs_GetUser(areq->uid, afid->Cell, SHARED_LOCK);
180 tconn = afs_ConnBySA(lowp, fsport, afid->Cell, tu, 0 /*!force */ ,
181 1 /*create */ , locktype);
183 afs_PutUser(tu, SHARED_LOCK);
191 * Connects to a server by it's server address.
193 * @param sap Server address.
194 * @param aport Server port.
196 * @param tu Connect as this user.
197 * @param force_if_down
199 * @param locktype Specifies type of lock to be used for this function.
201 * @return The new connection.
204 afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
205 struct unixuser *tu, int force_if_down, afs_int32 create,
208 struct afs_conn *tc = 0;
209 struct rx_securityClass *csec; /*Security class object */
210 int isec; /*Security index */
213 if (!sap || ((sap->sa_flags & SRVR_ISDOWN) && !force_if_down)) {
214 /* sa is known down, and we don't want to force it. */
218 ObtainSharedLock(&afs_xconn, 15);
219 /* Get conn by port and user. */
220 for (tc = sap->conns; tc; tc = tc->next) {
221 if (tc->user == tu && tc->port == aport) {
226 if (!tc && !create) {
227 /* Not found and can't create a new one. */
228 ReleaseSharedLock(&afs_xconn);
232 if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
233 afs_warnuser("afs_ConnBySA: disconnected\n");
234 ReleaseSharedLock(&afs_xconn);
239 /* No such connection structure exists. Create one and splice it in.
240 * Make sure the server record has been marked as used (for the purposes
241 * of calculating up & down times, it's now considered to be an
242 * ``active'' server). Also make sure the server's lastUpdateEvalTime
243 * gets set, marking the time of its ``birth''.
245 UpgradeSToWLock(&afs_xconn, 37);
246 tc = afs_osi_Alloc(sizeof(struct afs_conn));
247 osi_Assert(tc != NULL);
248 memset(tc, 0, sizeof(struct afs_conn));
253 tc->refCount = 0; /* bumped below */
254 tc->forceConnectFS = 1;
255 tc->id = (struct rx_connection *)0;
256 tc->next = sap->conns;
258 afs_ActivateServer(sap);
260 ConvertWToSLock(&afs_xconn);
261 } /* end of if (!tc) */
264 if (tu->states & UTokensBad) {
265 /* we may still have an authenticated RPC connection here,
266 * we'll have to create a new, unauthenticated, connection.
267 * Perhaps a better way to do this would be to set
268 * conn->forceConnectFS on all conns when the token first goes
269 * bad, but that's somewhat trickier, due to locking
270 * constraints (though not impossible).
272 if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
273 tc->forceConnectFS = 1; /* force recreation of connection */
275 tu->states &= ~UHasTokens; /* remove the authentication info */
278 if (tc->forceConnectFS) {
279 UpgradeSToWLock(&afs_xconn, 38);
280 csec = (struct rx_securityClass *)0;
283 rx_DestroyConnection(tc->id);
287 * Stupid hack to determine if using vldb service or file system
290 if (aport == sap->server->cell->vlport)
296 csec = afs_pickSecurityObject(tc, &isec);
299 tc->id = rx_NewConnection(sap->sa_ip, aport, service, csec, isec);
302 rx_SetConnHardDeadTime(tc->id, afs_rx_harddead);
304 /* set to a RX_CALL_TIMEOUT error to allow MTU retry to trigger */
305 rx_SetServerConnIdleDeadErr(tc->id, RX_CALL_DEAD);
306 rx_SetConnIdleDeadTime(tc->id, afs_rx_idledead);
307 rx_SetMsgsizeRetryErr(tc->id, RX_MSGSIZE);
310 * Only do this for the base connection, not per-user.
311 * Will need to be revisited if/when CB gets security.
313 if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
314 (tu->viceId == UNDEFVID))
315 rx_SetConnSecondsUntilNatPing(tc->id, 20);
317 tc->forceConnectFS = 0; /* apparently we're appropriately connected now */
320 ConvertWToSLock(&afs_xconn);
321 } /* end of if (tc->forceConnectFS)*/
323 ReleaseSharedLock(&afs_xconn);
328 * forceConnectFS is set whenever we must recompute the connection. UTokensBad
329 * is true only if we know that the tokens are bad. We thus clear this flag
330 * when we get a new set of tokens..
331 * Having force... true and UTokensBad true simultaneously means that the tokens
332 * went bad and we're supposed to create a new, unauthenticated, connection.
334 * @param aserver Server to connect to.
335 * @param aport Connection port.
336 * @param acell The cell where all of this happens.
337 * @param areq The request.
338 * @param aforce Force connection?
339 * @param locktype Type of lock to be used.
341 * @return The established connection.
344 afs_ConnByHost(struct server *aserver, unsigned short aport, afs_int32 acell,
345 struct vrequest *areq, int aforce, afs_int32 locktype)
348 struct afs_conn *tc = 0;
349 struct srvAddr *sa = 0;
351 AFS_STATCNT(afs_ConnByHost);
353 if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
354 afs_warnuser("afs_ConnByHost: disconnected\n");
359 1. look for an existing connection
360 2. create a connection at an address believed to be up
361 (if aforce is true, create a connection at the first address)
364 tu = afs_GetUser(areq->uid, acell, SHARED_LOCK);
366 for (sa = aserver->addr; sa; sa = sa->next_sa) {
367 tc = afs_ConnBySA(sa, aport, acell, tu, aforce,
368 0 /*don't create one */ ,
375 for (sa = aserver->addr; sa; sa = sa->next_sa) {
376 tc = afs_ConnBySA(sa, aport, acell, tu, aforce,
384 afs_PutUser(tu, SHARED_LOCK);
387 } /*afs_ConnByHost */
391 * Connect by multiple hosts.
392 * Try to connect to one of the hosts from the ahosts array.
394 * @param ahosts Multiple hosts to connect to.
395 * @param aport Connection port.
396 * @param acell The cell where all of this happens.
397 * @param areq The request.
398 * @param locktype Type of lock to be used.
400 * @return The established connection or NULL.
403 afs_ConnByMHosts(struct server *ahosts[], unsigned short aport,
404 afs_int32 acell, struct vrequest *areq,
408 struct afs_conn *tconn;
411 /* try to find any connection from the set */
412 AFS_STATCNT(afs_ConnByMHosts);
413 for (i = 0; i < AFS_MAXCELLHOSTS; i++) {
414 if ((ts = ahosts[i]) == NULL)
416 tconn = afs_ConnByHost(ts, aport, acell, areq, 0, locktype);
423 } /*afs_ConnByMHosts */
427 * Decrement reference count to this connection.
432 afs_PutConn(struct afs_conn *ac, afs_int32 locktype)
434 AFS_STATCNT(afs_PutConn);
440 * For multi homed clients, a RPC may timeout because of a
441 * client network interface going down. We need to reopen new
442 * connections in this case.
444 * @param sap Server address.
447 ForceNewConnections(struct srvAddr *sap)
449 struct afs_conn *tc = 0;
452 return; /* defensive check */
454 ObtainWriteLock(&afs_xconn, 413);
455 for (tc = sap->conns; tc; tc = tc->next)
456 tc->forceConnectFS = 1;
457 ReleaseWriteLock(&afs_xconn);