/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * NFS Version 4 client side SECINFO code.
 */

#include <nfs/nfs4_clnt.h>
#include <nfs/nfs4.h>
#include <nfs/nfs_clnt.h>
#include <nfs/rnode4.h>
#include <sys/cmn_err.h>
#include <sys/cred.h>
#include <sys/systm.h>

/*
 * Set up the security flavors supported in this release.
 * In the order of potential usage.
 */
#define SECINFO_SUPPORT_COUNT 6 /* sys, krb5, krb5i, krb5p, none, dh */
static char krb5_val[] = {'\x2A', '\x86', '\x48', '\x86', '\xF7', \
                        '\x12', '\x01', '\x02', '\x02'};
static sec_oid4 krb5_oid = {9, krb5_val};
static SECINFO4res *secinfo_support;

/* XXX should come from auth.h, do the cleanup someday */
extern void sec_clnt_freeinfo(struct sec_data *);

/*
 * "nfsstat -m" needs to print out what flavor is used for a mount
 * point. V3 kernel gets the nfs pseudo flavor from the userland and provides
 * nfsstat with such information. However, in V4, we do not have nfs pseudo
 * flavors mapping in the kernel for the rpcsec_gss data negotiated from
 * the nfs server.
 *
 * XXX
 * Hard coded the mapping in V4 for now. We should look into a possibility
 * to return the rpcsec_gss mechanism and service information to nfsstat and
 * perhaps have nfsstat print out the mech and service seperately...
 *
 * We should avoid referring to nfssec.conf file in V4. The original reason
 * for having /etc/nfssec.conf file is because V3 MOUNT protocol can only
 * return an integer for a flavor, thus the term "nfs pseudo flavor" is
 * defined and the nfssec.conf file is used to map the nfs pseudo flavor
 * to rpcsec_gss data (mech, service, default-qop). Now, V4 can return the
 * rpcsec_gss data instead of an integer, so in theory, V4 should not need
 * to depend on the nfssec.conf file anymore.
 */
#define NFS_FLAVOR_KRB5         390003
#define NFS_FLAVOR_KRB5I        390004
#define NFS_FLAVOR_KRB5P        390005

/*
 * Currently, 6 flavors are supported: sys, krb5, krb5i, krb5p, dh, none.
 * Without proper keys, krb5* or dh will fail.
 *
 * XXX kgss_indicate_mechs() should be able to tell us what gss mechanisms
 * are supported on this host (/etc/gss/mech), thus nfs should be able to
 * use them. However, the dh640 and dh1024 implementation are not nfs tested.
 * Should look into using kgss_indicate_mechs when new gss mechanism is added.
 */
void
nfs4_secinfo_init(void)
{
        secinfo4 *val;
        int i;

        secinfo_support = kmem_alloc(sizeof (SECINFO4res), KM_SLEEP);
        secinfo_support->SECINFO4resok_len = SECINFO_SUPPORT_COUNT;
        val = kmem_alloc(
            secinfo_support->SECINFO4resok_len * sizeof (secinfo4),
            KM_SLEEP);

        val[0].flavor = AUTH_SYS;
        val[0].flavor_info.oid.sec_oid4_len = 0;
        val[0].flavor_info.oid.sec_oid4_val = NULL;
        val[0].flavor_info.service = 0;
        val[0].flavor_info.qop = 0;

        /* add krb5, krb5i, krb5p */
        for (i = 1; i <= 3; i++) {
                val[i].flavor = RPCSEC_GSS;
                val[i].flavor_info.oid = krb5_oid;      /* struct copy */
                val[i].flavor_info.service = i;
                val[i].flavor_info.qop = 0;
        }

        val[4].flavor = AUTH_DH;
        val[4].flavor_info.oid.sec_oid4_len = 0;
        val[4].flavor_info.oid.sec_oid4_val = NULL;
        val[4].flavor_info.service = 0;
        val[4].flavor_info.qop = 0;

        val[5].flavor = AUTH_NONE;
        val[5].flavor_info.oid.sec_oid4_len = 0;
        val[5].flavor_info.oid.sec_oid4_val = NULL;
        val[5].flavor_info.service = 0;
        val[5].flavor_info.qop = 0;

#if !defined(lint)
        ASSERT(SECINFO_SUPPORT_COUNT == 6);
#endif

        secinfo_support->SECINFO4resok_val = val;
}

/*
 * clean up secinfo_support
 */
void
nfs4_secinfo_fini(void)
{

        kmem_free(secinfo_support->SECINFO4resok_val,
            secinfo_support->SECINFO4resok_len * sizeof (secinfo4));
        kmem_free(secinfo_support, sizeof (SECINFO4res));
}

/*
 * Map RPCSEC_GSS data to a nfs pseudo flavor number defined
 * in the nfssec.conf file.
 *
 * mechanism    service    qop       nfs-pseudo-flavor
 * ----------------------------------------------------
 * kerberos_v5  none       default   390003/krb5
 * kerberos_v5  integrity  default   390004/krb5i
 * kerberos_v5  privacy    default   390005/krb5p
 *
 * XXX need to re-visit the mapping semantics when a new
 * security mechanism is to be added.
 */
int
secinfo2nfsflavor(sec_oid4 *mech_oid, rpc_gss_svc_t service)
{
        /* Is this kerberos_v5? */
        if (bcmp(mech_oid->sec_oid4_val, krb5_oid.sec_oid4_val,
            krb5_oid.sec_oid4_len) != 0) {
                return (0);
        }

        /* for krb5, krb5i, krb5p mapping */
        switch (service) {
        case RPC_GSS_SVC_NONE:
                return (NFS_FLAVOR_KRB5);
        case RPC_GSS_SVC_INTEGRITY:
                return (NFS_FLAVOR_KRB5I);
        case RPC_GSS_SVC_PRIVACY:
                return (NFS_FLAVOR_KRB5P);
        default:
                break;
        }

        /* no mapping */
        return (0);
}

/*
 * secinfo_create() maps the secinfo4 data coming over the wire
 * to sv_secinfo data structure in servinfo4_t
 */
static sv_secinfo_t *
secinfo_create(servinfo4_t *svp, SECINFO4res *sec_info, char *servname)
{
        uint_t i, seccnt, scnt;
        sec_data_t *sdata;
        sv_secinfo_t *sinfo;
        uint_t len = sec_info->SECINFO4resok_len;
        secinfo4 *value = sec_info->SECINFO4resok_val;

        if (len == 0)
                return (NULL);

        seccnt = len;

        /*
         * If there is no valid sv_dhsec data available but an AUTH_DH
         * is in the list, skip AUTH_DH flavor.
         */
        if (!svp->sv_dhsec) {
                for (i = 0; i < len; i++) {
                        if (value[i].flavor == AUTH_DH)
                                seccnt--;
                }
        }

        if (seccnt == 0)
                return (NULL);

        sdata = kmem_alloc(sizeof (sec_data_t) * seccnt, KM_SLEEP);
        scnt = 0;
        for (i = 0; i < len; i++) {
                secinfo4 *val = &value[i];
                gss_clntdata_t *data;
                rpcsec_gss_info *info;

                sdata[scnt].flags = 0;
                sdata[scnt].rpcflavor = val->flavor;

                switch (val->flavor) {
                case RPCSEC_GSS:
                        data = kmem_alloc(sizeof (gss_clntdata_t), KM_SLEEP);
                        data->realm[0] = '\0';
                        info = &val->flavor_info;
                        data->service = (rpc_gss_service_t)info->service;
                        data->qop = (uint_t)info->qop;
                        data->mechanism.length = info->oid.sec_oid4_len;
                        data->mechanism.elements =
                            kmem_alloc(info->oid.sec_oid4_len, KM_SLEEP);
                        bcopy(info->oid.sec_oid4_val,
                            data->mechanism.elements, info->oid.sec_oid4_len);
                        data->uname[0] = 'n'; data->uname[1] = 'f';
                        data->uname[2] = 's'; data->uname[3] = '\0';
                        (void) strcpy(data->inst, servname);

                        sdata[scnt].data = (caddr_t)data;
                        sdata[scnt].secmod =
                            secinfo2nfsflavor(&info->oid, info->service);
                        scnt++;
                        break;
                case AUTH_DH:
                        if (svp->sv_dhsec) {
                                sdata[scnt] = *svp->sv_dhsec;
                                scnt++;
                                break;
                        }
                        /* no auth_dh data on the client, skip auth_dh */
                        continue;
                default:
                        sdata[scnt].secmod = val->flavor;
                        sdata[scnt].data = NULL;
                        scnt++;
                        break;
                }
        }

        ASSERT(seccnt == scnt);
        sinfo = kmem_alloc(sizeof (sv_secinfo_t), KM_SLEEP);
        sinfo->count = seccnt;
        sinfo->sdata = sdata;

        return (sinfo);
}

/*
 * secinfo_free() frees the malloc'd portion of a sv_secinfo_t in servinfo4_t.
 *
 * This is similar to sec_clnt_freeinfo() offered from rpcsec module,
 * except that sec_clnt_freeinfo() frees up an individual secdata.
 */
void
secinfo_free(sv_secinfo_t *secinfo)
{
        int i;

        if (secinfo == NULL)
                return;

        for (i = 0; i < secinfo->count; i++) {
                if (secinfo->sdata[i].rpcflavor == RPCSEC_GSS) {
                        gss_clntdata_t *data = (gss_clntdata_t *)
                            secinfo->sdata[i].data;

                        /*
                         * An auth handle may already cached in rpcsec_gss
                         * module per this secdata. Purge the cache entry
                         * before freeing up this secdata. Can't use
                         * sec_clnt_freeinfo since the allocation of secinfo
                         * is different from sec_data.
                         */
                        (void) rpc_gss_secpurge((void *)&secinfo->sdata[i]);

                        kmem_free(data->mechanism.elements,
                            data->mechanism.length);
                        kmem_free(data, sizeof (gss_clntdata_t));
                }

                if (secinfo->sdata[i].rpcflavor == AUTH_DH) {

                        /* release ref to sv_dhsec */
                        secinfo->sdata[i].data = NULL;

                        /*
                         * No need to purge the auth_dh cache entry (e.g. call
                         * purge_authtab()) since the AUTH_DH data used here
                         * are always the same.
                         */
                }
        }
        kmem_free(secinfo->sdata, sizeof (sec_data_t) * secinfo->count);
        kmem_free(secinfo, sizeof (sv_secinfo_t));
}

/*
 * Check if there is more secinfo to try.
 * If TRUE, try again.
 */
static bool_t
secinfo_check(servinfo4_t *svp)
{

        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
        if (svp->sv_secinfo == NULL) {
                nfs_rw_exit(&svp->sv_lock);
                return (FALSE);
        }

        svp->sv_secinfo->index++;
        if (svp->sv_secinfo->index < svp->sv_secinfo->count) {
                svp->sv_flags |= SV4_TRYSECINFO;
                svp->sv_currsec =
                    &svp->sv_secinfo->sdata[svp->sv_secinfo->index];
                nfs_rw_exit(&svp->sv_lock);
                return (TRUE);
        } else {
                svp->sv_secinfo->index = 0;
                svp->sv_flags &= ~SV4_TRYSECINFO;
                svp->sv_currsec = NULL;
                nfs_rw_exit(&svp->sv_lock);
                return (FALSE);
        }
}

/*
 * Update the secinfo related fields in svp.
 *
 * secinfo_update will free the previous sv_secinfo and update with
 * the new secinfo. However, if the sv_secinfo is saved into sv_save_secinfo
 * before the recovery starts via save_mnt_secinfo(), sv_secinfo will not
 * be freed until the recovery is done.
 */
static void
secinfo_update(servinfo4_t *svp, SECINFO4res *sec_info)
{

        sv_secinfo_t *newsecinfo;

        /*
         * Create secinfo before freeing the old one to make sure
         * they are not using the same address.
         */
        newsecinfo = secinfo_create(svp, sec_info, svp->sv_hostname);

        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
        if (svp->sv_secinfo && svp->sv_secinfo != svp->sv_save_secinfo) {
                secinfo_free(svp->sv_secinfo);
        }

        svp->sv_secinfo = newsecinfo;
        if (svp->sv_secinfo) {
                svp->sv_secinfo->index = 0;
                svp->sv_flags |= SV4_TRYSECINFO;
                svp->sv_currsec =
                    &svp->sv_secinfo->sdata[svp->sv_secinfo->index];
        } else {
                svp->sv_flags &= ~SV4_TRYSECINFO;
                svp->sv_currsec = NULL;
        }
        nfs_rw_exit(&svp->sv_lock);
}

/*
 * Save the original mount point security information.
 *
 * sv_savesec saves the pointer of sv_currsec which points to one of the
 * secinfo data in the sv_secinfo list. i.e. sv_currsec == &sv_secinfo[index].
 *
 * sv_save_secinfo saves the pointer of sv_secinfo which is the list of
 * secinfo data returned by the server.
 */
void
save_mnt_secinfo(servinfo4_t *svp)
{
        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
        if (svp->sv_currsec) {
                svp->sv_savesec = svp->sv_currsec;
                svp->sv_save_secinfo = svp->sv_secinfo;
        } else {
                ASSERT(svp->sv_save_secinfo == NULL);
                svp->sv_savesec = svp->sv_secdata;
        }
        nfs_rw_exit(&svp->sv_lock);
}

/*
 * Check if we need to restore what is saved in sv_savesec and sv_save_secinfo
 * to be the current secinfo information - sv_currsec and sv_secinfo.
 *
 * If op a node that is a stub for a crossed mount point,
 * keep the original secinfo flavor for the current file system,
 * not the crossed one.
 */
void
check_mnt_secinfo(servinfo4_t *svp, vnode_t *vp)
{
        bool_t is_restore;

        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);

        is_restore = (vp == NULL || (RP_ISSTUB(VTOR4(vp)))) &&
            svp->sv_save_secinfo &&
            (svp->sv_secinfo != svp->sv_save_secinfo);

        if (is_restore) {
                secinfo_free(svp->sv_secinfo);
                if (svp->sv_savesec == svp->sv_secdata) {
                        ASSERT(svp->sv_save_secinfo == NULL);
                        svp->sv_secinfo = NULL;
                        svp->sv_currsec = NULL;
                } else {
                        ASSERT(svp->sv_save_secinfo != NULL);
                        svp->sv_secinfo = svp->sv_save_secinfo;
                        svp->sv_currsec = svp->sv_savesec;
                }
        } else {
                if (svp->sv_save_secinfo &&
                    svp->sv_save_secinfo != svp->sv_secinfo)
                        secinfo_free(svp->sv_save_secinfo);
        }

        svp->sv_save_secinfo = NULL;
        svp->sv_savesec = NULL;

        nfs_rw_exit(&svp->sv_lock);
}

/*
 * Use the security flavors supported on the client to try
 * PUTROOTFH until a flavor is found.
 *
 * PUTROOTFH could return NFS4ERR_RESOURCE and NFS4ERR_WRONGSEC that
 * may need a recovery action. This routine only handles NFS4ERR_WRONGSEC.
 * For other recovery action, it returns ok to the caller for retry.
 */
static int
secinfo_tryroot_otw(mntinfo4_t *mi, cred_t *cr)
{
        COMPOUND4args_clnt args;
        COMPOUND4res_clnt res;
        nfs_argop4 argop;
        int doqueue = 1;
        bool_t needrecov = FALSE;
        nfs4_error_t e = { 0, NFS4_OK, RPC_SUCCESS };

        /* use the flavors supported on the client */
        secinfo_update(mi->mi_curr_serv, secinfo_support);

        /* Compound {Putroofh} */
        args.ctag = TAG_PUTROOTFH;

        args.array_len = 1;
        args.array = &argop;

        argop.argop = OP_PUTROOTFH;
retry:
        NFS4_DEBUG(nfs4_client_call_debug, (CE_NOTE,
            "secinfo_tryroot_otw: %s call, mi 0x%p",
            needrecov ? "recov" : "first", (void*)mi));

        rfs4call(mi, &args, &res, cr, &doqueue, RFSCALL_SOFT, &e);

        needrecov = nfs4_needs_recovery(&e, FALSE, mi->mi_vfsp);
        if (e.error && !needrecov) {
                return (e.error);
        }

        if (res.status == NFS4ERR_WRONGSEC) {
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                if (secinfo_check(mi->mi_curr_serv))
                        goto retry;
                /*
                 * Have tried all flavors supported on the client,
                 * but still get NFS4ERR_WRONGSEC. Nothing more can
                 * be done.
                 */
                return (geterrno4(res.status));
        }

        if (needrecov) {
                NFS4_DEBUG(nfs4_client_recov_debug, (CE_NOTE,
                    "secinfo_tryroot_otw: let the caller retry\n"));

                if (!e.error)
                        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                return (0);
        }

        if (res.status) {
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                return (geterrno4(res.status));
        }

        /*
         * Done.
         *
         * Now, mi->sv_curr_server->sv_currsec points to the flavor found.
         * SV4_TRYSECINFO has been cleared in rfs4call.
         * sv_currsec will be used.
         */
        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
        return (e.error);
}

/*
 * Caculate the total number of components within a given pathname.
 * Assuming the given pathname is not null.
 * e.g. returns 5 for "/a/b/c/d/e" or "a/b/c/d/e"
 *      returns 0 for "/"
 */
static int
comp_total(char *inpath)
{
        int tnum = 0;
        char *slash;

        while (*inpath != '\0') {

                if (*inpath == '/') {
                        inpath++;
                        continue;
                }
                if ((slash = (char *)strchr(inpath, '/')) == NULL) {
                        tnum++;
                        break;
                } else {
                        tnum++;
                        inpath = slash + 1;
                }
        }

        return (tnum);
}

/*
 * Get the pointer of the n-th component in the given path.
 * Mark the preceeding '/' of the component to be '\0' when done.
 * Assuming nth is > 0.
 */
static void
comp_getn(char *inpath, int nth, component4 *comp)
{
        char *path = inpath, *comp_start, *slash = NULL;
        int count = 0;

        while ((count != nth) && (*path != '\0')) {

                comp_start = path;

                /* ignore slashes prior to the component name */
                while (*path == '/')
                        path++;

                if (*path != '\0') {
                        comp_start = path;
                        count++;
                }

                if ((slash = strchr(path, '/')) == NULL)
                        break;
                else
                        path = slash + 1;
        }

        if (count == nth) {
                if (slash)
                        *slash = '\0';
                comp->utf8string_len = strlen(comp_start);
                comp->utf8string_val = comp_start;

                if (comp_start != inpath) {
                        comp_start--;
                        *comp_start = '\0';
                }
        } else {
                comp->utf8string_len = 0;
                comp->utf8string_val = NULL;
        }
}

/*
 * SECINFO over the wire compound operation
 *
 *      compound {PUTROOTFH, {LOOKUP parent-path}, SECINFO component}
 *
 * This routine assumes there is a component to work on, thus the
 * given pathname (svp->sv_path) has to have at least 1 component.
 *
 * isrecov - TRUE if this routine is called from a recovery thread.
 *
 * nfs4secinfo_otw() only deals with NFS4ERR_WRONGSEC recovery. If this
 * is already in a recovery thread, then setup the non-wrongsec recovery
 * action thru nfs4_start_recovery and return to the outer loop in
 * nfs4_recov_thread() for recovery. If this is not called from a recovery
 * thread, then error out and let the caller decide what to do.
 */
static int
nfs4secinfo_otw(mntinfo4_t *mi, cred_t *cr, servinfo4_t *svp, int isrecov)
{
        COMPOUND4args_clnt args;
        COMPOUND4res_clnt res;
        nfs_argop4 *argop;
        nfs_resop4 *resop;
        lookup4_param_t lookuparg;
        uint_t path_len;
        int doqueue;
        int numops, num_argops;
        char *tmp_path;
        component4 comp;
        uint_t ncomp, tcomp;
        bool_t needrecov = FALSE;
        nfs4_error_t e = { 0, NFS4_OK, RPC_SUCCESS };

        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        ncomp = tcomp = comp_total(svp->sv_path);
        path_len = strlen(svp->sv_path);
        nfs_rw_exit(&svp->sv_lock);
        ASSERT(ncomp > 0);

retry:
        tmp_path = kmem_alloc(path_len + 1, KM_SLEEP);
        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        bcopy(svp->sv_path, tmp_path, path_len + 1);
        nfs_rw_exit(&svp->sv_lock);
        comp_getn(tmp_path, ncomp, &comp);

        args.ctag = TAG_SECINFO;

        lookuparg.l4_getattrs = LKP4_NO_ATTRIBUTES;
        lookuparg.argsp = &args;
        lookuparg.resp = &res;
        lookuparg.header_len = 1;       /* Putrootfh */
        lookuparg.trailer_len = 1;      /* Secinfo */
        lookuparg.ga_bits = 0;
        lookuparg.mi = mi;

        /* setup LOOKUPs for parent path */
        (void) nfs4lookup_setup(tmp_path, &lookuparg, 0);

        argop = args.array;

        /* put root fh */
        argop[0].argop = OP_PUTROOTFH;

        /* setup SECINFO op */
        num_argops = args.array_len;
        argop[num_argops - 1].argop = OP_SECINFO;
        argop[num_argops - 1].nfs_argop4_u.opsecinfo.name.utf8string_len =
            comp.utf8string_len;
        argop[num_argops - 1].nfs_argop4_u.opsecinfo.name.utf8string_val =
            comp.utf8string_val;

        doqueue = 1;

        NFS4_DEBUG(nfs4_client_call_debug, (CE_NOTE,
            "nfs4secinfo_otw: %s call, mi 0x%p",
            needrecov ? "recov" : "first", (void*)mi));

        rfs4call(mi, &args, &res, cr, &doqueue, RFSCALL_SOFT, &e);

        needrecov = nfs4_needs_recovery(&e, FALSE, mi->mi_vfsp);
        if (e.error && !needrecov) {
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                kmem_free(tmp_path, path_len + 1);
                return (e.error);
        }

        /*
         * Secinfo compound op may fail with NFS4ERR_WRONGSEC from
         * PUTROOTFH or LOOKUP. Special handling here to recover it.
         */
        if (res.status == NFS4ERR_WRONGSEC) {

                if (res.array_len == 1) {
                        /*
                         * If a flavor can not be found via trying
                         * all supported flavors on the client, no
                         * more operations.
                         */
                        ncomp = tcomp;
                        nfs4args_lookup_free(argop, num_argops);
                        kmem_free(argop,
                            lookuparg.arglen * sizeof (nfs_argop4));
                        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                        kmem_free(tmp_path, path_len + 1);

                        if (e.error = secinfo_tryroot_otw(mi, cr)) {
                                return (e.error);
                        }
                        goto retry;
                }
                ncomp = res.array_len - 1;
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                kmem_free(tmp_path, path_len + 1);
                goto retry;
        }

        /*
         * This routine does not do recovery for non NFS4ERR_WRONGSEC error.
         * However, if this is already in a recovery thread, then
         * set up the recovery action thru nfs4_start_recovery and
         * return ok back to the outer loop in nfs4_recov_thread for
         * recovery.
         */
        if (needrecov) {
                bool_t abort;

                /* If not in a recovery thread, bail out */
                if (!isrecov) {
                        if (!e.error) {
                                e.error = geterrno4(res.status);
                                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                        }

                        nfs4args_lookup_free(argop, num_argops);
                        kmem_free(argop,
                            lookuparg.arglen * sizeof (nfs_argop4));
                        kmem_free(tmp_path, path_len + 1);
                        return (e.error);
                }

                NFS4_DEBUG(nfs4_client_recov_debug, (CE_NOTE,
                    "nfs4secinfo_otw: recovery in a recovery thread\n"));

                abort = nfs4_start_recovery(&e, mi, NULL,
                    NULL, NULL, NULL, OP_SECINFO, NULL, NULL, NULL);
                if (!e.error) {
                        e.error = geterrno4(res.status);
                        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                }
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                kmem_free(tmp_path, path_len + 1);
                if (abort == FALSE) {
                        /*
                         * Return ok to let the outer loop in
                         * nfs4_recov_thread continue with the recovery action.
                         */
                        return (0);
                }
                return (e.error);
        }

        if (res.status) {
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                kmem_free(tmp_path, path_len + 1);
                return (geterrno4(res.status));
        }

        /*
         * Success! Now get the SECINFO result.
         */
        numops = res.array_len;
        resop = &res.array[numops-1];   /* secinfo res */
        ASSERT(resop->resop == OP_SECINFO);

        if (resop->nfs_resop4_u.opsecinfo.SECINFO4resok_len == 0) {
                /*
                 * Server does not return any flavor for this export point.
                 * Return EACCES.
                 */
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(tmp_path, path_len + 1);
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                kmem_free(argop, num_argops * sizeof (nfs_argop4));
                return (EACCES);
        }

        secinfo_update(mi->mi_curr_serv, &resop->nfs_resop4_u.opsecinfo);

        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        if (svp->sv_secinfo == NULL) {
                nfs_rw_exit(&svp->sv_lock);
                /*
                 * This could be because the server requires AUTH_DH, but
                 * the client does not have netname/syncaddr data
                 * from sv_dhsec.
                 */
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                kmem_free(tmp_path, path_len + 1);
                return (EACCES);
        }
        nfs_rw_exit(&svp->sv_lock);

        /*
         * If this is not the original request, try again using the
         * new secinfo data in mi.
         */
        if (ncomp != tcomp) {

                ncomp = tcomp;
                nfs4args_lookup_free(argop, num_argops);
                kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                kmem_free(tmp_path, path_len + 1);
                goto retry;
        }

        /* Done! */
        nfs4args_lookup_free(argop, num_argops);
        kmem_free(argop, lookuparg.arglen * sizeof (nfs_argop4));
        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
        kmem_free(tmp_path, path_len + 1);

        return (0); /* got the secinfo */
}

/*
 * Get the security information per mount point.
 * Use the server pathname to get the secinfo.
 */
int
nfs4_secinfo_path(mntinfo4_t *mi, cred_t *cr, int isrecov)
{
        int error = 0;
        int ncomp;
        servinfo4_t *svp = mi->mi_curr_serv;

        /*
         * Get the server pathname that is being mounted on.
         */
        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        ASSERT(svp->sv_path != NULL);

        /* returns 0 for root, no matter how many leading /'s */
        ncomp = comp_total(svp->sv_path);

        /*
         * If mounting server rootdir, use available secinfo list
         * on the client. No SECINFO call here since SECINFO op
         * expects a component name.
         */
        if (ncomp == 0) {
                if (svp->sv_secinfo == NULL) {
                        nfs_rw_exit(&svp->sv_lock);
                        secinfo_update(svp, secinfo_support);
                        return (0);
                }
                nfs_rw_exit(&svp->sv_lock);

                if (secinfo_check(svp))
                        return (0); /* try again */

                /* no flavors in sv_secinfo work */
                return (EACCES);
        }
        nfs_rw_exit(&svp->sv_lock);

        /*
         * Get the secinfo from the server.
         */
        error = nfs4secinfo_otw(mi, cr, svp, isrecov);

        if (error) {

                (void) nfs_rw_enter_sig(&svp->sv_lock, RW_WRITER, 0);
                if (svp->sv_secinfo) {
                        if (svp->sv_save_secinfo == svp->sv_secinfo) {
                                svp->sv_save_secinfo = NULL;
                                svp->sv_savesec = NULL;
                        }
                        secinfo_free(svp->sv_secinfo);
                        svp->sv_secinfo = NULL;
                        svp->sv_currsec = NULL;
                        svp->sv_flags &= ~SV4_TRYSECINFO;
                }

                if (svp->sv_save_secinfo) {
                        secinfo_free(svp->sv_save_secinfo);
                        svp->sv_save_secinfo = NULL;
                        svp->sv_savesec = NULL;
                }
                nfs_rw_exit(&svp->sv_lock);
        }

        return (error);
}

/*
 * (secinfo) compound based on a given filehandle and component name.
 *
 * i.e. (secinfo) PUTFH (fh), SECINFO nm
 */
int
nfs4_secinfo_fh_otw(mntinfo4_t *mi, nfs4_sharedfh_t *fh, char *nm, cred_t *cr)
{
        COMPOUND4args_clnt args;
        COMPOUND4res_clnt res;
        nfs_argop4 argop[2];
        nfs_resop4 *resop;
        int num_argops, doqueue;
        nfs4_error_t e = { 0, NFS4_OK, RPC_SUCCESS };
        servinfo4_t *svp;

        ASSERT(strlen(nm) > 0);

        num_argops = 2; /* Putfh, Secinfo nm */
        args.ctag = TAG_SECINFO;
        args.array_len = num_argops;
        args.array = argop;

        /* putfh fh */
        argop[0].argop = OP_CPUTFH;
        argop[0].nfs_argop4_u.opcputfh.sfh = fh;

        /* setup SECINFO op */
        argop[1].argop = OP_CSECINFO;
        argop[1].nfs_argop4_u.opcsecinfo.cname = nm;

        doqueue = 1;

        rfs4call(mi, &args, &res, cr, &doqueue, RFSCALL_SOFT, &e);

        if (e.error)
                return (e.error);

        if (res.status) {
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                return (geterrno4(res.status));
        }

        /*
         * Success! Now get the SECINFO result.
         */
        resop = &res.array[1];  /* secinfo res */
        ASSERT(resop->resop == OP_SECINFO);

        if (resop->nfs_resop4_u.opsecinfo.SECINFO4resok_len == 0) {
                /*
                 * Server does not return any flavor for this export point.
                 * Return EACCES.
                 */
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                return (EACCES);
        }

        secinfo_update(mi->mi_curr_serv, &resop->nfs_resop4_u.opsecinfo);

        svp = mi->mi_curr_serv;
        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        if (mi->mi_curr_serv->sv_secinfo == NULL) {
                nfs_rw_exit(&svp->sv_lock);
                /*
                 * This could be because the server requires AUTH_DH, but
                 * the client does not have netname/syncaddr data
                 * from sv_dhsec.
                 */
                xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);
                return (EACCES);
        }
        nfs_rw_exit(&svp->sv_lock);

        /* Done! */
        xdr_free(xdr_COMPOUND4res_clnt, (caddr_t)&res);

        return (0); /* got the secinfo */
}

/*
 * Making secinfo operation with a given vnode.
 *
 * This routine is not used by the recovery thread.
 * Mainly used in response to NFS4ERR_WRONGSEC from lookup.
 */
int
nfs4_secinfo_vnode_otw(vnode_t *dvp, char *nm, cred_t *cr)
{
        ASSERT(strlen(nm) > 0);

        return (nfs4_secinfo_fh_otw(VTOMI4(dvp), VTOR4(dvp)->r_fh, nm, cr));
}

/*
 * Making secinfo operation with a given vnode if this vnode
 * has a parent node. If the given vnode is a root node, use
 * the pathname from the mntinfor4_t to do the secinfo call.
 *
 * This routine is mainly used by the recovery thread.
 */
int
nfs4_secinfo_vnode(vnode_t *vp, cred_t *cr, int isrecov)
{
        svnode_t *svp = VTOSV(vp);
        char *nm;
        int error = 0;

        /*
         * If there is a parent filehandle, use it to get the secinfo,
         * otherwise, use mntinfo4_t pathname to get the secinfo.
         */
        if (svp->sv_dfh) {
                nm = fn_name(svp->sv_name); /* get the actual component name */
                error = nfs4_secinfo_fh_otw(VTOMI4(vp), svp->sv_dfh, nm, cr);
                kmem_free(nm, MAXNAMELEN);
        } else {
                error = nfs4_secinfo_path(VTOMI4(vp), cr, isrecov);
        }

        return (error);
}

/*
 * We are here because the client gets NFS4ERR_WRONGSEC.
 *
 * Get the security information from the server and indicate
 * a set of new security information is here to try.
 * Start with the server path that's mounted.
 */
int
nfs4_secinfo_recov(mntinfo4_t *mi, vnode_t *vp1, vnode_t *vp2)
{
        int error = 0;
        cred_t *cr, *lcr = NULL;
        servinfo4_t *svp = mi->mi_curr_serv;

        /*
         * If the client explicitly specifies a preferred flavor to use
         * and gets NFS4ERR_WRONGSEC back, there is no need to negotiate
         * the flavor.
         */
        (void) nfs_rw_enter_sig(&svp->sv_lock, RW_READER, 0);
        if (! (svp->sv_flags & SV4_TRYSECDEFAULT)) {
                error = geterrno4(NFS4ERR_WRONGSEC);
                nfs_rw_exit(&svp->sv_lock);
        } else {
                cr = crgetcred();

                if (svp->sv_secdata->uid != 0) {
                        lcr = crdup(cr);
                        (void) crsetugid(lcr, svp->sv_secdata->uid,
                            crgetgid(cr));
                }
                nfs_rw_exit(&svp->sv_lock);

                if (vp1 == NULL && vp2 == NULL) {
                        error = nfs4_secinfo_path(mi, cr, TRUE);

                        if (lcr && error == EACCES)
                                error = nfs4_secinfo_path(mi, lcr, TRUE);
                } else if (vp1) {
                        error = nfs4_secinfo_vnode(vp1, cr, TRUE);

                        if (lcr && error == EACCES)
                                error = nfs4_secinfo_vnode(vp1, lcr, TRUE);
                } /* else */
                        /* ??? */

                crfree(cr);
                if (lcr != NULL)
                        crfree(lcr);
        }

        mutex_enter(&mi->mi_lock);
        mi->mi_recovflags &= ~MI4R_NEED_SECINFO;
        mutex_exit(&mi->mi_lock);

        return (error);
}