2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
13 #include <afsconfig.h>
14 #include "afs/param.h"
18 #include "afs/sysincludes.h" /* Standard vendor system headers */
21 #if !defined(AFS_LINUX20_ENV)
24 #include <netinet/in.h>
27 #include "h/hashing.h"
29 #if !defined(AFS_HPUX110_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV)
30 #include <netinet/in_var.h>
31 #endif /* ! AFS_HPUX110_ENV */
32 #endif /* !defined(UKERNEL) */
34 #include "afsincludes.h" /* Afs-based standard headers */
35 #include "afs/afs_stats.h" /* afs statistics */
37 #if defined(AFS_SUN56_ENV)
39 #include <inet/common.h>
40 #if defined(AFS_SUN58_ENV)
41 #include <netinet/ip6.h>
46 /* Exported variables */
47 afs_rwlock_t afs_xconn; /* allocation lock for new things */
48 afs_rwlock_t afs_xinterface; /* for multiple client address */
49 afs_int32 cryptall = 0; /* encrypt all communications */
51 /* some connection macros */
54 #define new_conn_vector(xcv) \
56 xcv = (struct sa_conn_vector *) \
57 afs_osi_Alloc(sizeof(struct sa_conn_vector)); \
59 memset((char *)xcv, 0, sizeof(struct sa_conn_vector)); \
63 /* select a connection to return (if no connection has lower utilization
65 #define conn_vec_select_conn(xcv, bix, conn) \
67 (bix) = ((xcv)->select_index)++ % CVEC_LEN; \
68 (conn) = &((xcv)->cvec[bix]); \
71 #define struct_conn(s) ((struct afs_conn *)(s))
73 #define REPORT_CONNECTIONS_ISSUED 0 /* enable to see utilization */
76 * Find a connection with call slots available, allocating one
77 * if nothing is available and we find an allocated slot
78 * @param xcv A connection vector
79 * @param create If set, a new connection may be created
81 static struct afs_conn *
82 find_preferred_connection(struct sa_conn_vector *xcv, int create)
85 struct afs_conn *tc = NULL;
88 for(cix = 0; cix < CVEC_LEN; ++cix) {
89 tc = &(xcv->cvec[cix]);
93 tc->forceConnectFS = 1;
99 if (tc->refCount < (RX_MAXCALLS-1)) {
102 } else if (cix == (CVEC_LEN-1))
103 conn_vec_select_conn(xcv, bix, tc);
105 } /* for cix < CVEC_LEN */
108 afs_warn("find_preferred_connection: no connection and !create\n");
117 #if REPORT_CONNECTIONS_ISSUED
118 afs_warn("Issuing conn %d refCount=%d parent refCount=%d\n", bix,
119 tc->refCount, xcv->refCount);
125 } /* find_preferred_connection */
129 * Release all connections for unix user xu at server xs
134 release_conns_user_server(struct unixuser *xu, struct server *xs)
139 struct sa_conn_vector *tcv, **lcv;
140 for (sa = (xs)->addr; sa; sa = sa->next_sa) {
142 for (tcv = *lcv; tcv; lcv = &tcv->next, tcv = *lcv) {
143 if (tcv->user == (xu) && tcv->refCount == 0) {
145 /* our old friend, the GLOCK */
146 glocked = ISAFS_GLOCK();
149 for(cix = 0; cix < CVEC_LEN; ++cix) {
150 tc = &(tcv->cvec[cix]);
152 rx_DestroyConnection(tc->id);
156 afs_osi_Free(tcv, sizeof(struct sa_conn_vector));
157 break; /* at most one instance per server */
158 } /*Found unreferenced connection for user */
160 } /*For each connection on the server */
162 } /* release_conns_user_server */
166 release_conns_vector(struct sa_conn_vector *xcv)
170 struct sa_conn_vector *tcv = NULL;
171 struct sa_conn_vector **lcv = NULL;
172 for (tcv = xcv; tcv; lcv = &tcv->next, tcv = *lcv) {
174 /* you know it, you love it, the GLOCK */
175 glocked = ISAFS_GLOCK();
178 for(cix = 0; cix < CVEC_LEN; ++cix) {
179 tc = &(tcv->cvec[cix]);
181 rx_DestroyConnection( tc->id );
185 afs_osi_Free(tcv, sizeof(struct sa_conn_vector));
188 } /* release_conns_vector */
191 unsigned int VNOSERVERS = 0;
194 * Pick a security object to use for a connection to a given server,
198 * The AFS connection for which the security object is required
199 * @param[out] secLevel
200 * The security level of the returned object
203 * An rx security object. This function is guaranteed to return
204 * an object, although that object may be rxnull (with a secLevel
207 static struct rx_securityClass *
208 afs_pickSecurityObject(struct afs_conn *conn, int *secLevel)
210 struct rx_securityClass *secObj = NULL;
211 union tokenUnion *token;
213 /* Do we have tokens ? */
214 if (conn->parent->user->states & UHasTokens) {
215 token = afs_FindToken(conn->parent->user->tokens, RX_SECIDX_KAD);
217 *secLevel = RX_SECIDX_KAD;
218 /* kerberos tickets on channel 2 */
219 secObj = rxkad_NewClientSecurityObject(
220 cryptall ? rxkad_crypt : rxkad_clear,
221 (struct ktc_encryptionKey *)
222 token->rxkad.clearToken.HandShakeKey,
223 token->rxkad.clearToken.AuthHandle,
224 token->rxkad.ticketLen, token->rxkad.ticket);
225 /* We're going to use this token, so populate the viced */
226 conn->parent->user->viceId = token->rxkad.clearToken.ViceId;
229 if (secObj == NULL) {
231 secObj = rxnull_NewClientSecurityObject();
239 * Try setting up a connection to the server containing the specified fid.
240 * Gets the volume, checks if it's up and does the connection by server address.
243 * @param areq Request filled in by the caller.
244 * @param locktype Type of lock that will be used.
246 * @return The conn struct, or NULL.
249 afs_Conn(struct VenusFid *afid, struct vrequest *areq,
252 u_short fsport = AFS_FSPORT;
254 struct afs_conn *tconn = NULL;
255 struct srvAddr *lowp = NULL;
259 struct srvAddr *sa1p;
261 AFS_STATCNT(afs_Conn);
262 /* Get fid's volume. */
263 tv = afs_GetVolume(afid, areq, READ_LOCK);
266 afs_FinalizeReq(areq);
267 areq->volumeError = 1;
272 if (tv->serverHost[0] && tv->serverHost[0]->cell) {
273 fsport = tv->serverHost[0]->cell->fsport;
278 /* First is always lowest rank, if it's up */
279 if ((tv->status[0] == not_busy) && tv->serverHost[0]
280 && !(tv->serverHost[0]->addr->sa_flags & SRVR_ISDOWN) &&
281 !(((areq->idleError > 0) || (areq->tokenError > 0))
282 && (areq->skipserver[0] == 1)))
283 lowp = tv->serverHost[0]->addr;
285 /* Otherwise we look at all of them. There are seven levels of
286 * not_busy. This means we will check a volume seven times before it
287 * is marked offline. Ideally, we only need two levels, but this
288 * serves a second purpose of waiting some number of seconds before
289 * the client decides the volume is offline (ie: a clone could finish
292 for (notbusy = not_busy; (!lowp && (notbusy <= end_not_busy)); notbusy++) {
293 for (i = 0; i < AFS_MAXHOSTS && tv->serverHost[i]; i++) {
294 if (((areq->tokenError > 0)||(areq->idleError > 0))
295 && (areq->skipserver[i] == 1))
297 if (tv->status[i] != notbusy) {
298 if (tv->status[i] == rd_busy || tv->status[i] == rdwr_busy) {
299 if (!areq->busyCount)
301 } else if (tv->status[i] == offline) {
302 if (!areq->volumeError)
303 areq->volumeError = VOLMISSING;
307 for (sa1p = tv->serverHost[i]->addr; sa1p; sa1p = sa1p->next_sa) {
308 if (sa1p->sa_flags & SRVR_ISDOWN)
310 if (!lowp || (lowp->sa_iprank > sa1p->sa_iprank))
315 afs_PutVolume(tv, READ_LOCK);
318 tu = afs_GetUser(areq->uid, afid->Cell, SHARED_LOCK);
319 tconn = afs_ConnBySA(lowp, fsport, afid->Cell, tu, 0 /*!force */ ,
320 1 /*create */ , locktype);
322 afs_PutUser(tu, SHARED_LOCK);
330 * Connects to a server by it's server address.
332 * @param sap Server address.
333 * @param aport Server port.
335 * @param tu Connect as this user.
336 * @param force_if_down
338 * @param locktype Specifies type of lock to be used for this function.
340 * @return The new connection.
343 afs_ConnBySA(struct srvAddr *sap, unsigned short aport, afs_int32 acell,
344 struct unixuser *tu, int force_if_down, afs_int32 create,
347 int glocked, foundvec;
348 struct afs_conn *tc = NULL;
349 struct sa_conn_vector *tcv = NULL;
350 struct rx_securityClass *csec; /*Security class object */
351 int isec; /*Security index */
354 /* find cached connection */
355 ObtainSharedLock(&afs_xconn, 15);
357 for (tcv = sap->conns; tcv; tcv = tcv->next) {
358 if (tcv->user == tu && tcv->port == aport) {
359 /* return most eligible conn */
362 UpgradeSToWLock(&afs_xconn, 37);
363 tc = find_preferred_connection(tcv, create);
364 ConvertWToSLock(&afs_xconn);
369 if (!tc && !create) {
370 /* Not found and can't create a new one. */
371 ReleaseSharedLock(&afs_xconn);
375 if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
376 afs_warnuser("afs_ConnBySA: disconnected\n");
377 ReleaseSharedLock(&afs_xconn);
381 if (!foundvec && create) {
382 /* No such connection vector exists. Create one and splice it in.
383 * Make sure the server record has been marked as used (for the purposes
384 * of calculating up & down times, it's now considered to be an
385 * ``active'' server). Also make sure the server's lastUpdateEvalTime
386 * gets set, marking the time of its ``birth''.
388 UpgradeSToWLock(&afs_xconn, 37);
389 new_conn_vector(tcv);
394 tcv->next = sap->conns;
397 /* all struct afs_conn ptrs come from here */
398 tc = find_preferred_connection(tcv, create);
400 afs_ActivateServer(sap);
402 ConvertWToSLock(&afs_xconn);
403 } /* end of if (!tcv) */
406 /* Not found and no alternatives. */
407 ReleaseSharedLock(&afs_xconn);
411 if (tu->states & UTokensBad) {
412 /* we may still have an authenticated RPC connection here,
413 * we'll have to create a new, unauthenticated, connection.
414 * Perhaps a better way to do this would be to set
415 * conn->forceConnectFS on all conns when the token first goes
416 * bad, but that's somewhat trickier, due to locking
417 * constraints (though not impossible).
419 if (tc->id && (rx_SecurityClassOf(tc->id) != 0)) {
420 tc->forceConnectFS = 1; /* force recreation of connection */
422 tu->states &= ~UHasTokens; /* remove the authentication info */
425 glocked = ISAFS_GLOCK();
426 if (tc->forceConnectFS) {
427 UpgradeSToWLock(&afs_xconn, 38);
428 csec = (struct rx_securityClass *)0;
432 rx_DestroyConnection(tc->id);
437 * Stupid hack to determine if using vldb service or file system
440 if (aport == sap->server->cell->vlport)
446 csec = afs_pickSecurityObject(tc, &isec);
450 tc->id = rx_NewConnection(sap->sa_ip, aport, service, csec, isec);
454 rx_SetConnHardDeadTime(tc->id, afs_rx_harddead);
456 /* set to a RX_CALL_TIMEOUT error to allow MTU retry to trigger */
457 rx_SetServerConnIdleDeadErr(tc->id, RX_CALL_DEAD);
458 rx_SetConnIdleDeadTime(tc->id, afs_rx_idledead);
459 rx_SetMsgsizeRetryErr(tc->id, RX_MSGSIZE);
462 * Only do this for the base connection, not per-user.
463 * Will need to be revisited if/when CB gets security.
465 if ((isec == 0) && (service != 52) && !(tu->states & UTokensBad) &&
466 (tu->viceId == UNDEFVID))
467 rx_SetConnSecondsUntilNatPing(tc->id, 20);
469 tc->forceConnectFS = 0; /* apparently we're appropriately connected now */
472 ConvertWToSLock(&afs_xconn);
473 } /* end of if (tc->forceConnectFS)*/
475 ReleaseSharedLock(&afs_xconn);
480 * forceConnectFS is set whenever we must recompute the connection. UTokensBad
481 * is true only if we know that the tokens are bad. We thus clear this flag
482 * when we get a new set of tokens..
483 * Having force... true and UTokensBad true simultaneously means that the tokens
484 * went bad and we're supposed to create a new, unauthenticated, connection.
486 * @param aserver Server to connect to.
487 * @param aport Connection port.
488 * @param acell The cell where all of this happens.
489 * @param areq The request.
490 * @param aforce Force connection?
491 * @param locktype Type of lock to be used.
493 * @return The established connection.
496 afs_ConnByHost(struct server *aserver, unsigned short aport, afs_int32 acell,
497 struct vrequest *areq, int aforce, afs_int32 locktype)
500 struct afs_conn *tc = NULL;
501 struct srvAddr *sa = NULL;
503 AFS_STATCNT(afs_ConnByHost);
505 if (AFS_IS_DISCONNECTED && !AFS_IN_SYNC) {
506 afs_warnuser("afs_ConnByHost: disconnected\n");
511 1. look for an existing connection
512 2. create a connection at an address believed to be up
513 (if aforce is true, create a connection at the first address)
516 tu = afs_GetUser(areq->uid, acell, SHARED_LOCK);
518 for (sa = aserver->addr; sa; sa = sa->next_sa) {
519 tc = afs_ConnBySA(sa, aport, acell, tu, aforce,
520 0 /*don't create one */ ,
527 for (sa = aserver->addr; sa; sa = sa->next_sa) {
528 tc = afs_ConnBySA(sa, aport, acell, tu, aforce,
536 afs_PutUser(tu, SHARED_LOCK);
539 } /*afs_ConnByHost */
543 * Connect by multiple hosts.
544 * Try to connect to one of the hosts from the ahosts array.
546 * @param ahosts Multiple hosts to connect to.
547 * @param aport Connection port.
548 * @param acell The cell where all of this happens.
549 * @param areq The request.
550 * @param locktype Type of lock to be used.
552 * @return The established connection or NULL.
555 afs_ConnByMHosts(struct server *ahosts[], unsigned short aport,
556 afs_int32 acell, struct vrequest *areq,
560 struct afs_conn *tconn;
563 /* try to find any connection from the set */
564 AFS_STATCNT(afs_ConnByMHosts);
565 for (i = 0; i < AFS_MAXCELLHOSTS; i++) {
566 if ((ts = ahosts[i]) == NULL)
568 tconn = afs_ConnByHost(ts, aport, acell, areq, 0, locktype);
575 } /*afs_ConnByMHosts */
579 * Decrement reference count to this connection.
584 afs_PutConn(struct afs_conn *ac, afs_int32 locktype)
586 AFS_STATCNT(afs_PutConn);
588 ac->parent->refCount--;
593 * Free up a connection vector, allowing, eg, code in afs_user.c
594 * to ignore how connections are stored/pooled
598 afs_ReleaseConns(struct sa_conn_vector *tcv) {
599 release_conns_vector(tcv);
604 * Free connection vector(s) for a user
608 afs_ReleaseConnsUser(struct unixuser *au) {
613 for (i = 0; i < NSERVERS; i++) {
614 for (ts = afs_servers[i]; ts; ts = ts->next) {
615 release_conns_user_server(au, ts);
616 } /*For each server on chain */
617 } /*For each chain */
622 * For multi homed clients, a RPC may timeout because of a
623 * client network interface going down. We need to reopen new
624 * connections in this case.
626 * @param sap Server address.
629 ForceNewConnections(struct srvAddr *sap)
632 struct afs_conn *tc = NULL;
633 struct sa_conn_vector *tcv = NULL;
636 return; /* defensive check */
638 ObtainWriteLock(&afs_xconn, 413);
639 for (tcv = sap->conns; tcv; tcv = tcv->next) {
640 for(cix = 0; cix < CVEC_LEN; ++cix) {
641 tc = &(tcv->cvec[cix]);
643 tc->forceConnectFS = 1;
646 ReleaseWriteLock(&afs_xconn);