Merge branch 'master' of https://github.com/dCache/nfs4j into ck/Inode

Signed-off-by: Christian Kohlschütter <[email protected]>

Author: kohlschuetter

benchmarks/src/main/java/org/dcache/nfs/benchmarks/SubjectBenchmark.java

@@ -0,0 +1,54 @@
+package org.dcache.nfs.benchmarks;
+
+import com.sun.security.auth.UnixNumericGroupPrincipal;
+import com.sun.security.auth.UnixNumericUserPrincipal;
+import java.security.Principal;
+import java.util.Set;
+import javax.security.auth.Subject;
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.State;
+
+@BenchmarkMode(Mode.Throughput)
+@State(Scope.Benchmark)
+public class SubjectBenchmark {
+
+
+    @Benchmark
+    public Subject subjectByAddingToSet() {
+        Subject subject = new Subject();
+        subject.getPrincipals().add(new UnixNumericUserPrincipal(0));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(0, true));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(1, false));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(2, false));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(3, false));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(4, false));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(5, false));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(6, false));
+        subject.setReadOnly();
+        return subject;
+    }
+
+
+    @Benchmark
+    public Subject subjectByPassingSet() {
+
+        Principal[] principals = new Principal[]{
+              new UnixNumericUserPrincipal(0),
+              new UnixNumericGroupPrincipal(0, true),
+              new UnixNumericGroupPrincipal(1, false),
+              new UnixNumericGroupPrincipal(2, false),
+              new UnixNumericGroupPrincipal(3, false),
+              new UnixNumericGroupPrincipal(4, false),
+              new UnixNumericGroupPrincipal(5, false),
+              new UnixNumericGroupPrincipal(6, false)
+        };
+
+        return new Subject(true, Set.of(principals), Set.of(), Set.of());
+    }
+}
+
+

core/src/main/java/org/dcache/nfs/util/UnixSubjects.java

@@ -95,10 +95,11 @@ public static boolean hasGid(Subject subject, long gid) {
      * @return subject with given uid, gid.
      */
     public static Subject toSubject(long uid, long gid) {
-        return new Subject(false,
-                Set.of(new UnixNumericUserPrincipal(uid), new UnixNumericGroupPrincipal(gid, true)),
-                Set.of(),
-                Set.of());
+        var subject = new Subject();
+        subject.getPrincipals().add(new UnixNumericUserPrincipal(uid));
+        subject.getPrincipals().add(new UnixNumericGroupPrincipal(gid, true));
+
+        return subject;
     }
 
     /**
@@ -110,12 +111,10 @@ public static Subject toSubject(long uid, long gid) {
      * @return subject with given uid, gid and gids.
      */
     public static Subject toSubject(long uid, long gid, long... gids) {
-        Subject subject = toSubject(uid, gid);
-        subject.getPrincipals()
-                .addAll(
-                        Arrays.stream(gids)
-                                .mapToObj(l -> new UnixNumericGroupPrincipal(l, false))
-                                .collect(Collectors.toSet()));
+        var subject = toSubject(uid, gid);
+        for (long aux : gids) {
+            subject.getPrincipals().add(new UnixNumericGroupPrincipal(aux, false));
+        }
         return subject;
     }
 

core/src/main/java/org/dcache/nfs/v4/NFS4Client.java

@@ -89,9 +89,14 @@ public class NFS4Client {
     private final byte[] _ownerId;
 
     /**
-     * Verifier that is used to detect client reboots.
+     * Client side generated verifier that is used to detect client reboots.
      */
-    private final verifier4 _verifier;
+    private final verifier4 _clientVerifier;
+
+    /**
+     * Server side generated verifier that is used to detect retry.
+     */
+    private verifier4 _serverVerifier;
 
     /**
      * The RPCSEC_GSS principal sent via the RPC headers.
@@ -194,7 +199,8 @@ public NFS4Client(NFSv4StateHandler stateHandler, clientid4 clientId, int minorV
         _stateHandler = stateHandler;
         _clock = _stateHandler.getClock();
         _ownerId = Arrays.copyOf(ownerID, ownerID.length);
-        _verifier = verifier;
+        _clientVerifier = verifier;
+        _serverVerifier = verifier4.valueOf(System.currentTimeMillis());
         _principal = principal;
         _clientId = clientId;
 
@@ -236,8 +242,8 @@ public byte[] getOwnerId() {
      *
      * @return client generated verifier
      */
-    public verifier4 verifier() {
-        return _verifier;
+    public verifier4 serverGeneratedVerifier() {
+        return _serverVerifier;
     }
 
     /**
@@ -248,10 +254,15 @@ public clientid4 getId() {
         return _clientId;
     }
 
-    public boolean verifierEquals(verifier4 verifier) {
-        return _verifier.equals(verifier);
+    public boolean clientGeneratedVerifierEquals(verifier4 verifier) {
+        return _clientVerifier.equals(verifier);
     }
 
+    public boolean serverGeneratedVerifierEquals(verifier4 verifier) {
+        return _serverVerifier.equals(verifier);
+    }
+
+
     public synchronized boolean isConfirmed() {
         return _isConfirmed;
     }
@@ -294,6 +305,7 @@ public void refreshLeaseTime() {
     public synchronized void reset() {
         refreshLeaseTime();
         _isConfirmed = false;
+        _serverVerifier = verifier4.valueOf(System.currentTimeMillis());
     }
 
     /**

core/src/main/java/org/dcache/nfs/v4/OperationEXCHANGE_ID.java

@@ -156,7 +156,7 @@ public void process(CompoundContext context, nfs_resop4 result) throws ChimeraNF
                 throw new NoEntException("no such client");
             }
 
-            if (!client.verifierEquals(verifier)) {
+            if (!client.clientGeneratedVerifierEquals(verifier)) {
                 _log.debug("case 8: Update but Wrong Verifier");
                 throw new NotSameException("Update but Wrong Verifier");
             }
@@ -181,7 +181,7 @@ public void process(CompoundContext context, nfs_resop4 result) throws ChimeraNF
             } else {
 
                 if (client.isConfirmed()) {
-                    if (client.verifierEquals(verifier) && principal.equals(client.principal())) {
+                    if (client.clientGeneratedVerifierEquals(verifier) && principal.equals(client.principal())) {
                         _log.debug("Case 2: Non-Update on Existing Client ID");
                         client.refreshLeaseTime();
                     } else if (principal.equals(client.principal())) {

core/src/main/java/org/dcache/nfs/v4/OperationSETCLIENTID.java

@@ -55,28 +55,53 @@ public void process(CompoundContext context, nfs_resop4 result) throws ChimeraNF
         final byte[] id = _args.opsetclientid.client.id;
         NFS4Client client = context.getStateHandler().clientByOwner(id);
 
-        if (client != null && client.isConfirmed() && client.isLeaseValid()) {
 
-            if (!client.principal().equals(context.getPrincipal())) {
-                netaddr4 addr = new netaddr4(client.getRemoteAddress());
-                res.status = nfsstat.NFSERR_CLID_INUSE;
-                res.client_using = new clientaddr4(addr);
-                throw new ClidInUseException();
-            }
-            client.reset();
+        if (client == null) {
+            // new client
+            client = context.getStateHandler().createClient(
+                    context.getRemoteSocketAddress(),
+                    context.getLocalSocketAddress(),
+                    context.getMinorversion(),
+                    _args.opsetclientid.client.id, _args.opsetclientid.client.verifier,
+                    context.getPrincipal(), false);
+        } else if (!client.isConfirmed()) {
 
-        } else {
+            // existing client, but not confirmed. either retry or client restarted before confirmation
+            context.getStateHandler().removeClient(client);
             client = context.getStateHandler().createClient(
                     context.getRemoteSocketAddress(),
                     context.getLocalSocketAddress(),
                     context.getMinorversion(),
                     _args.opsetclientid.client.id, _args.opsetclientid.client.verifier,
                     context.getPrincipal(), false);
+
+        } else if (!client.clientGeneratedVerifierEquals(verifier)) {
+
+            // existing client, different verifier. Client rebooted.
+            // create new record, keep the old one as required by the RFC 7530
+            client = context.getStateHandler().createClient(
+                    context.getRemoteSocketAddress(),
+                    context.getLocalSocketAddress(),
+                    context.getMinorversion(),
+                    _args.opsetclientid.client.id, _args.opsetclientid.client.verifier,
+                    context.getPrincipal(), false);
+
+        } else if (client.isLeaseValid()) {
+
+            // can't be reused, if principal have changes and client has state
+            if (!client.principal().equals(context.getPrincipal()) && client.hasState()) {
+                netaddr4 addr = new netaddr4(client.getRemoteAddress());
+                res.status = nfsstat.NFSERR_CLID_INUSE;
+                res.client_using = new clientaddr4(addr);
+                throw new ClidInUseException();
+            }
+
+            client.reset();
         }
 
         res.resok4 = new SETCLIENTID4resok();
         res.resok4.clientid = client.getId();
-        res.resok4.setclientid_confirm = client.verifier();
+        res.resok4.setclientid_confirm = client.serverGeneratedVerifier();
         res.status = nfsstat.NFS_OK;
     }
 }

core/src/main/java/org/dcache/nfs/v4/OperationSETCLIENTID_CONFIRM.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009 - 2017 Deutsches Elektronen-Synchroton,
+ * Copyright (c) 2009 - 2025 Deutsches Elektronen-Synchroton,
  * Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
  *
  * This library is free software; you can redistribute it and/or modify
@@ -49,7 +49,7 @@ public void process(CompoundContext context, nfs_resop4 result) throws ChimeraNF
         NFS4Client client = context.getStateHandler().getClient(_args.opsetclientid_confirm.clientid);
 
         res.status = nfsstat.NFSERR_INVAL;
-        if (client.verifierEquals(_args.opsetclientid_confirm.setclientid_confirm)) {
+        if (client.serverGeneratedVerifierEquals(_args.opsetclientid_confirm.setclientid_confirm)) {
             res.status = nfsstat.NFS_OK;
             client.setConfirmed();
         }

core/src/main/java/org/dcache/nfs/vfs/FileHandle.java

@@ -1,4 +1,7 @@
 /*
+ * Copyright (c) 2012 - 2025 Deutsches Elektronen-Synchroton,
+ * Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
+ *
  * This library is free software; you can redistribute it and/or modify
  * it under the terms of the GNU Library General Public License as
  * published by the Free Software Foundation; either version 2 of the

core/src/main/java/org/dcache/nfs/vfs/Inode.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009 - 2024 Deutsches Elektronen-Synchroton,
+ * Copyright (c) 2009 - 2025 Deutsches Elektronen-Synchroton,
  * Member of the Helmholtz Association, (DESY), HAMBURG, GERMANY
  *
  * This library is free software; you can redistribute it and/or modify
@@ -42,8 +42,6 @@ public class Inode {
     private final static int MIN_LEN = 14;
     private final static int VERSION = 1;
     private final static int MAGIC = 0xCAFFEE;
-    private final static byte[] FH_V0_REG = new byte[] {0x30, 0x3a};
-    private final static byte[] FH_V0_PFS = new byte[] {0x32, 0x35, 0x35, 0x3a};
 
     private final int version;
     private final int magic;
@@ -94,46 +92,24 @@ public Inode(byte[] bytes) {
 
         int magic_version = b.getInt();
         int geussVersion = (magic_version & 0xFF000000) >>> 24;
-        if (geussVersion == VERSION) {
-            version = geussVersion;
-            magic = magic_version & 0x00FFFFFF;
-            if (magic != MAGIC) {
-                throw new IllegalArgumentException("Bad magic number");
-            }
-
-            generation = b.getInt();
-            exportIdx = b.getInt();
-            type = (int) b.get();
-            int olen = (int) b.get();
-            fs_opaque = new byte[olen];
-            b.get(fs_opaque);
-
-            this.nfsHandle = bytes.clone();
-        } else if (arrayEquals(bytes, FH_V0_REG, FH_V0_REG.length)
-                || arrayEquals(bytes, FH_V0_PFS, FH_V0_PFS.length)) {
-            magic = MAGIC;
-            generation = 0;
-            type = bytes[1] == FH_V0_REG[1] ? 0 : 1;
-            if (type == 1) {
-                /*
-                 * convert pseudo inode into real one: '255:' => '0:' NOTICE: the converted handle will present himself
-                 * as version 1
-                 */
-                version = 1;
-                exportIdx = 0;
-                fs_opaque = new byte[bytes.length - 2];
-                System.arraycopy(bytes, 2, fs_opaque, 0, fs_opaque.length);
-                fs_opaque[0] = 0x30;
-            } else {
-                version = 0;
-                exportIdx = -1;
-                fs_opaque = bytes;
-            }
-
-            this.nfsHandle = buildNfsHandle();
-        } else {
+        if (geussVersion != VERSION) {
             throw new IllegalArgumentException("Unsupported version: " + geussVersion);
         }
+
+        version = geussVersion;
+        magic = magic_version & 0x00FFFFFF;
+        if (magic != MAGIC) {
+            throw new IllegalArgumentException("Bad magic number");
+        }
+
+        generation = b.getInt();
+        exportIdx = b.getInt();
+        type = (int) b.get();
+        int olen = (int) b.get();
+        fs_opaque = new byte[olen];
+        b.get(fs_opaque);
+
+        this.nfsHandle = bytes.clone();
     }
 
     @Deprecated(forRemoval = true)
@@ -156,17 +132,6 @@ public String toString() {
         return BaseEncoding.base16().lowerCase().encode(nfsHandle);
     }
 
-    private static boolean arrayEquals(byte[] a1, byte[] a2, int len) {
-        if (a1.length < len || a2.length < len)
-            return false;
-        for (int i = 0; i < len; i++) {
-            if (a1[i] != a2[i]) {
-                return false;
-            }
-        }
-        return true;
-    }
-
     public static Inode forNfsHandle(byte[] bytes) {
         return new Inode(bytes);
     }

core/src/test/java/org/dcache/nfs/vfs/FileHandleTest.java

@@ -89,37 +89,4 @@ public void testFileHandleConstructor() {
                 "01caffee00000000ea15b996002e303a494e4f44453a3030303043333732333331373433393234353645423833453434383434453844323844363a30"),
                 inode.toNfsHandle());
     }
-
-    @Test
-    public void testValidHandleV0Regular() {
-        String oldId = "0:INODE:0000C37233174392456EB83E44844E8D28D6:0";
-
-        byte[] bytes = oldId.getBytes(US_ASCII);
-        FileHandle fh = new FileHandle(bytes);
-
-        assertEquals(0, fh.getVersion());
-        assertEquals(0xCAFFEE, fh.getMagic());
-        assertEquals(0, fh.getGeneration());
-        byte[] opaque = fh.getFsOpaque();
-        assertEquals(-1, fh.getExportIdx());
-        assertEquals(0, fh.getType());
-        assertEquals(oldId, new String(opaque, US_ASCII));
-    }
-
-    @Test
-    public void testValidHandleV0Pseudo() {
-        String oldIdPseudo = "255:INODE:0000C37233174392456EB83E44844E8D28D6:0";
-        String oldIdReg = "0:INODE:0000C37233174392456EB83E44844E8D28D6:0";
-
-        byte[] bytes = oldIdPseudo.getBytes(US_ASCII);
-        FileHandle fh = new FileHandle(bytes);
-
-        assertEquals(1, fh.getVersion());
-        assertEquals(0xCAFFEE, fh.getMagic());
-        assertEquals(0, fh.getGeneration());
-        byte[] opaque = fh.getFsOpaque();
-        assertEquals(0, fh.getExportIdx());
-        assertEquals(1, fh.getType());
-        assertEquals(oldIdReg, new String(opaque, US_ASCII));
-    }
 }