2017-11-20 19:49:47 +00:00
|
|
|
/*-
|
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*
|
1994-05-26 06:35:07 +00:00
|
|
|
* Copyright (c) 1989, 1993, 1994
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
|
* Rick Macklem at The University of Guelph.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1994-05-26 06:35:07 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef lint
|
1998-07-15 06:33:15 +00:00
|
|
|
static const char copyright[] =
|
1994-05-26 06:35:07 +00:00
|
|
|
"@(#) Copyright (c) 1989, 1993, 1994\n\
|
|
|
|
|
The Regents of the University of California. All rights reserved.\n";
|
2002-05-01 06:49:43 +00:00
|
|
|
#endif /* not lint */
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#ifndef lint
|
1998-07-15 06:33:15 +00:00
|
|
|
#if 0
|
1997-03-11 12:51:00 +00:00
|
|
|
static char sccsid[] = "@(#)nfsd.c 8.9 (Berkeley) 3/29/95";
|
1998-07-15 06:33:15 +00:00
|
|
|
#endif
|
|
|
|
|
static const char rcsid[] =
|
1999-08-28 00:22:10 +00:00
|
|
|
"$FreeBSD$";
|
2002-05-01 06:49:43 +00:00
|
|
|
#endif /* not lint */
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/syslog.h>
|
|
|
|
|
#include <sys/wait.h>
|
|
|
|
|
#include <sys/mount.h>
|
2009-05-24 01:18:56 +00:00
|
|
|
#include <sys/fcntl.h>
|
2001-10-16 21:55:53 +00:00
|
|
|
#include <sys/linker.h>
|
|
|
|
|
#include <sys/module.h>
|
2011-04-10 01:54:42 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
2012-11-27 22:34:46 +00:00
|
|
|
#include <sys/sysctl.h>
|
2011-04-10 01:54:42 +00:00
|
|
|
#include <sys/ucred.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#include <rpc/rpc.h>
|
|
|
|
|
#include <rpc/pmap_clnt.h>
|
2009-06-24 18:42:21 +00:00
|
|
|
#include <rpcsvc/nfs_prot.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1999-11-11 17:35:36 +00:00
|
|
|
#include <netdb.h>
|
|
|
|
|
#include <arpa/inet.h>
|
2009-05-24 01:18:56 +00:00
|
|
|
#include <nfs/nfssvc.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2018-06-14 20:36:55 +00:00
|
|
|
#include <fs/nfs/nfsproto.h>
|
|
|
|
|
#include <fs/nfs/nfskpiport.h>
|
|
|
|
|
#include <fs/nfs/nfs.h>
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <err.h>
|
|
|
|
|
#include <errno.h>
|
2001-10-16 21:55:53 +00:00
|
|
|
#include <signal.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2002-05-01 06:49:43 +00:00
|
|
|
#include <string.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <unistd.h>
|
2012-11-27 22:34:46 +00:00
|
|
|
#include <sysexits.h>
|
|
|
|
|
|
|
|
|
|
#include <getopt.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2012-10-19 14:49:42 +00:00
|
|
|
static int debug = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2009-05-24 01:18:56 +00:00
|
|
|
#define NFSD_STABLERESTART "/var/db/nfs-stablerestart"
|
2011-04-10 01:54:42 +00:00
|
|
|
#define NFSD_STABLEBACKUP "/var/db/nfs-stablerestart.bak"
|
2005-01-23 21:34:00 +00:00
|
|
|
#define MAXNFSDCNT 256
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#define DEFNFSDCNT 4
|
2016-12-08 23:29:56 +00:00
|
|
|
#define NFS_VER2 2
|
|
|
|
|
#define NFS_VER3 3
|
|
|
|
|
#define NFS_VER4 4
|
2012-10-19 14:49:42 +00:00
|
|
|
static pid_t children[MAXNFSDCNT]; /* PIDs of children */
|
2018-06-14 20:36:55 +00:00
|
|
|
static pid_t masterpid; /* PID of master/parent */
|
2012-10-19 14:49:42 +00:00
|
|
|
static int nfsdcnt; /* number of children */
|
2012-11-27 22:34:46 +00:00
|
|
|
static int nfsdcnt_set;
|
|
|
|
|
static int minthreads;
|
|
|
|
|
static int maxthreads;
|
2012-10-19 14:49:42 +00:00
|
|
|
static int nfssvc_nfsd; /* Set to correct NFSSVC_xxx flag */
|
|
|
|
|
static int stablefd = -1; /* Fd for the stable restart file */
|
|
|
|
|
static int backupfd; /* Fd for the backup stable restart file */
|
2012-11-27 22:34:46 +00:00
|
|
|
static const char *getopt_shortopts;
|
|
|
|
|
static const char *getopt_usage;
|
|
|
|
|
|
|
|
|
|
static int minthreads_set;
|
|
|
|
|
static int maxthreads_set;
|
|
|
|
|
|
|
|
|
|
static struct option longopts[] = {
|
|
|
|
|
{ "debug", no_argument, &debug, 1 },
|
|
|
|
|
{ "minthreads", required_argument, &minthreads_set, 1 },
|
|
|
|
|
{ "maxthreads", required_argument, &maxthreads_set, 1 },
|
2018-06-14 20:36:55 +00:00
|
|
|
{ "pnfs", required_argument, NULL, 'p' },
|
|
|
|
|
{ "mirror", required_argument, NULL, 'm' },
|
2012-11-27 22:34:46 +00:00
|
|
|
{ NULL, 0, NULL, 0}
|
|
|
|
|
};
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void cleanup(int);
|
|
|
|
|
static void child_cleanup(int);
|
|
|
|
|
static void killchildren(void);
|
|
|
|
|
static void nfsd_exit(int);
|
|
|
|
|
static void nonfs(int);
|
|
|
|
|
static void reapchild(int);
|
|
|
|
|
static int setbindhost(struct addrinfo **ia, const char *bindhost,
|
|
|
|
|
struct addrinfo hints);
|
2019-02-16 00:15:54 +00:00
|
|
|
static void start_server(int, struct nfsd_nfsd_args *, const char *vhost);
|
2013-02-14 01:01:53 +00:00
|
|
|
static void unregistration(void);
|
|
|
|
|
static void usage(void);
|
|
|
|
|
static void open_stable(int *, int *);
|
|
|
|
|
static void copy_stable(int, int);
|
|
|
|
|
static void backup_stable(int);
|
2013-02-14 01:25:14 +00:00
|
|
|
static void set_nfsdcnt(int);
|
2018-06-14 20:36:55 +00:00
|
|
|
static void parse_dsserver(const char *, struct nfsd_nfsd_args *);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Nfs server daemon mostly just a user context for nfssvc()
|
|
|
|
|
*
|
|
|
|
|
* 1 - do file descriptor and signal cleanup
|
|
|
|
|
* 2 - fork the nfsd(s)
|
|
|
|
|
* 3 - create server socket(s)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
* 4 - register socket with rpcbind
|
1994-05-26 06:35:07 +00:00
|
|
|
*
|
|
|
|
|
* For connectionless protocols, just pass the socket into the kernel via.
|
|
|
|
|
* nfssvc().
|
|
|
|
|
* For connection based sockets, loop doing accepts. When you get a new
|
|
|
|
|
* socket from accept, pass the msgsock into the kernel via. nfssvc().
|
|
|
|
|
* The arguments are:
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
* -r - reregister with rpcbind
|
|
|
|
|
* -d - unregister with rpcbind
|
1994-05-26 06:35:07 +00:00
|
|
|
* -t - support tcp nfs clients
|
|
|
|
|
* -u - support udp nfs clients
|
2009-05-28 20:28:13 +00:00
|
|
|
* -e - forces it to run a server that supports nfsv4
|
2018-06-14 20:36:55 +00:00
|
|
|
* -p - enable a pNFS service
|
|
|
|
|
* -m - set the mirroring level for a pNFS service
|
1994-05-26 06:35:07 +00:00
|
|
|
* followed by "n" which is the number of nfsds' to fork off
|
|
|
|
|
*/
|
|
|
|
|
int
|
2004-11-06 18:15:44 +00:00
|
|
|
main(int argc, char **argv)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
struct nfsd_addsock_args addsockargs;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *ai_udp, *ai_tcp, *ai_udp6, *ai_tcp6, hints;
|
|
|
|
|
struct netconfig *nconf_udp, *nconf_tcp, *nconf_udp6, *nconf_tcp6;
|
|
|
|
|
struct netbuf nb_udp, nb_tcp, nb_udp6, nb_tcp6;
|
2018-11-04 06:39:01 +00:00
|
|
|
struct sockaddr_storage peer;
|
1994-05-26 06:35:07 +00:00
|
|
|
fd_set ready, sockbits;
|
2005-12-21 02:25:59 +00:00
|
|
|
int ch, connect_type_cnt, i, maxsock, msgsock;
|
2005-12-21 10:12:05 +00:00
|
|
|
socklen_t len;
|
2001-10-16 21:55:53 +00:00
|
|
|
int on = 1, unregister, reregister, sock;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int tcp6sock, ip6flag, tcpflag, tcpsock;
|
2015-04-30 12:55:27 +00:00
|
|
|
int udpflag, ecode, error, s;
|
2001-10-16 21:55:53 +00:00
|
|
|
int bindhostc, bindanyflag, rpcbreg, rpcbregcnt;
|
2011-04-10 01:54:42 +00:00
|
|
|
int nfssvc_addsock;
|
2012-11-27 22:34:46 +00:00
|
|
|
int longindex = 0;
|
2016-12-08 23:29:56 +00:00
|
|
|
int nfs_minvers = NFS_VER2;
|
|
|
|
|
size_t nfs_minvers_size;
|
2012-11-27 22:34:46 +00:00
|
|
|
const char *lopt;
|
1999-11-11 17:35:36 +00:00
|
|
|
char **bindhost = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
pid_t pid;
|
2018-06-14 20:36:55 +00:00
|
|
|
struct nfsd_nfsd_args nfsdargs;
|
2019-02-16 00:15:54 +00:00
|
|
|
const char *vhostname = NULL;
|
1994-09-22 22:17:02 +00:00
|
|
|
|
2018-06-14 20:36:55 +00:00
|
|
|
nfsdargs.mirrorcnt = 1;
|
2018-06-30 12:14:20 +00:00
|
|
|
nfsdargs.addr = NULL;
|
|
|
|
|
nfsdargs.addrlen = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
nfsdcnt = DEFNFSDCNT;
|
2001-10-16 21:55:53 +00:00
|
|
|
unregister = reregister = tcpflag = maxsock = 0;
|
|
|
|
|
bindanyflag = udpflag = connect_type_cnt = bindhostc = 0;
|
2019-02-16 00:15:54 +00:00
|
|
|
getopt_shortopts = "ah:n:rdtuep:m:V:";
|
2012-11-27 22:34:46 +00:00
|
|
|
getopt_usage =
|
|
|
|
|
"usage:\n"
|
2015-04-30 12:55:27 +00:00
|
|
|
" nfsd [-ardtue] [-h bindip]\n"
|
2018-06-14 20:36:55 +00:00
|
|
|
" [-n numservers] [--minthreads #] [--maxthreads #]\n"
|
2019-02-16 00:15:54 +00:00
|
|
|
" [-p/--pnfs dsserver0:/dsserver0-mounted-on-dir,...,\n"
|
|
|
|
|
" [-V virtual_hostname]\n"
|
|
|
|
|
" dsserverN:/dsserverN-mounted-on-dir] [-m mirrorlevel]\n";
|
2012-11-27 22:34:46 +00:00
|
|
|
while ((ch = getopt_long(argc, argv, getopt_shortopts, longopts,
|
|
|
|
|
&longindex)) != -1)
|
1994-05-26 06:35:07 +00:00
|
|
|
switch (ch) {
|
2019-02-16 00:15:54 +00:00
|
|
|
case 'V':
|
|
|
|
|
if (strlen(optarg) <= MAXHOSTNAMELEN)
|
|
|
|
|
vhostname = optarg;
|
|
|
|
|
else
|
|
|
|
|
warnx("Virtual host name (%s) is too long",
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
1999-11-11 17:35:36 +00:00
|
|
|
case 'a':
|
|
|
|
|
bindanyflag = 1;
|
|
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
case 'n':
|
2013-02-14 01:25:14 +00:00
|
|
|
set_nfsdcnt(atoi(optarg));
|
1994-05-26 06:35:07 +00:00
|
|
|
break;
|
1999-11-11 17:35:36 +00:00
|
|
|
case 'h':
|
|
|
|
|
bindhostc++;
|
|
|
|
|
bindhost = realloc(bindhost,sizeof(char *)*bindhostc);
|
|
|
|
|
if (bindhost == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
bindhost[bindhostc-1] = strdup(optarg);
|
|
|
|
|
if (bindhost[bindhostc-1] == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
case 'r':
|
|
|
|
|
reregister = 1;
|
|
|
|
|
break;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case 'd':
|
|
|
|
|
unregister = 1;
|
|
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
case 't':
|
|
|
|
|
tcpflag = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 'u':
|
|
|
|
|
udpflag = 1;
|
|
|
|
|
break;
|
2009-05-28 20:28:13 +00:00
|
|
|
case 'e':
|
2011-04-24 00:06:56 +00:00
|
|
|
/* now a no-op, since this is the default */
|
|
|
|
|
break;
|
2018-06-14 20:36:55 +00:00
|
|
|
case 'p':
|
|
|
|
|
/* Parse out the DS server host names and mount pts. */
|
|
|
|
|
parse_dsserver(optarg, &nfsdargs);
|
|
|
|
|
break;
|
|
|
|
|
case 'm':
|
|
|
|
|
/* Set the mirror level for a pNFS service. */
|
|
|
|
|
i = atoi(optarg);
|
|
|
|
|
if (i < 2 || i > NFSDEV_MAXMIRRORS)
|
|
|
|
|
errx(1, "Mirror level out of range 2<-->%d",
|
|
|
|
|
NFSDEV_MAXMIRRORS);
|
|
|
|
|
nfsdargs.mirrorcnt = i;
|
|
|
|
|
break;
|
2012-11-27 22:34:46 +00:00
|
|
|
case 0:
|
|
|
|
|
lopt = longopts[longindex].name;
|
|
|
|
|
if (!strcmp(lopt, "minthreads")) {
|
|
|
|
|
minthreads = atoi(optarg);
|
|
|
|
|
} else if (!strcmp(lopt, "maxthreads")) {
|
|
|
|
|
maxthreads = atoi(optarg);
|
|
|
|
|
}
|
|
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
default:
|
|
|
|
|
case '?':
|
|
|
|
|
usage();
|
2016-04-15 22:31:22 +00:00
|
|
|
}
|
1996-05-01 03:13:45 +00:00
|
|
|
if (!tcpflag && !udpflag)
|
|
|
|
|
udpflag = 1;
|
1994-05-26 06:35:07 +00:00
|
|
|
argv += optind;
|
|
|
|
|
argc -= optind;
|
2012-11-28 02:47:31 +00:00
|
|
|
if (minthreads_set && maxthreads_set && minthreads > maxthreads)
|
|
|
|
|
errx(EX_USAGE,
|
|
|
|
|
"error: minthreads(%d) can't be greater than "
|
|
|
|
|
"maxthreads(%d)", minthreads, maxthreads);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX
|
|
|
|
|
* Backward compatibility, trailing number is the count of daemons.
|
|
|
|
|
*/
|
|
|
|
|
if (argc > 1)
|
|
|
|
|
usage();
|
2013-02-14 01:25:14 +00:00
|
|
|
if (argc == 1)
|
|
|
|
|
set_nfsdcnt(atoi(argv[0]));
|
2001-03-25 23:32:55 +00:00
|
|
|
|
2009-05-24 01:18:56 +00:00
|
|
|
/*
|
2011-04-24 00:06:56 +00:00
|
|
|
* Unless the "-o" option was specified, try and run "nfsd".
|
|
|
|
|
* If "-o" was specified, try and run "nfsserver".
|
2009-05-24 01:18:56 +00:00
|
|
|
*/
|
2015-04-30 12:55:27 +00:00
|
|
|
if (modfind("nfsd") < 0) {
|
2009-05-24 01:18:56 +00:00
|
|
|
/* Not present in kernel, try loading it */
|
2015-04-30 12:55:27 +00:00
|
|
|
if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
|
2009-05-24 01:18:56 +00:00
|
|
|
errx(1, "NFS server is not available");
|
|
|
|
|
}
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ip6flag = 1;
|
|
|
|
|
s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
|
2001-03-25 23:32:55 +00:00
|
|
|
if (s == -1) {
|
2012-12-19 21:00:22 +00:00
|
|
|
if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
2001-03-25 23:32:55 +00:00
|
|
|
err(1, "socket");
|
|
|
|
|
ip6flag = 0;
|
|
|
|
|
} else if (getnetconfigent("udp6") == NULL ||
|
|
|
|
|
getnetconfigent("tcp6") == NULL) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ip6flag = 0;
|
2001-03-25 23:32:55 +00:00
|
|
|
}
|
|
|
|
|
if (s != -1)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
close(s);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1999-11-11 17:35:36 +00:00
|
|
|
if (bindhostc == 0 || bindanyflag) {
|
|
|
|
|
bindhostc++;
|
|
|
|
|
bindhost = realloc(bindhost,sizeof(char *)*bindhostc);
|
|
|
|
|
if (bindhost == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
bindhost[bindhostc-1] = strdup("*");
|
|
|
|
|
if (bindhost[bindhostc-1] == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-08 23:29:56 +00:00
|
|
|
nfs_minvers_size = sizeof(nfs_minvers);
|
|
|
|
|
error = sysctlbyname("vfs.nfsd.server_min_nfsvers", &nfs_minvers,
|
|
|
|
|
&nfs_minvers_size, NULL, 0);
|
|
|
|
|
if (error != 0 || nfs_minvers < NFS_VER2 || nfs_minvers > NFS_VER4) {
|
|
|
|
|
warnx("sysctlbyname(vfs.nfsd.server_min_nfsvers) failed,"
|
|
|
|
|
" defaulting to NFSv2");
|
|
|
|
|
nfs_minvers = NFS_VER2;
|
|
|
|
|
}
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (unregister) {
|
|
|
|
|
unregistration();
|
|
|
|
|
exit (0);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
if (reregister) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (udpflag) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp);
|
2001-03-25 23:32:55 +00:00
|
|
|
if (ecode != 0)
|
|
|
|
|
err(1, "getaddrinfo udp: %s", gai_strerror(ecode));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
nconf_udp = getnetconfigent("udp");
|
|
|
|
|
if (nconf_udp == NULL)
|
|
|
|
|
err(1, "getnetconfigent udp failed");
|
|
|
|
|
nb_udp.buf = ai_udp->ai_addr;
|
|
|
|
|
nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
|
|
|
|
|
&nb_udp))
|
|
|
|
|
err(1, "rpcb_set udp failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
|
|
|
|
|
&nb_udp))
|
|
|
|
|
err(1, "rpcb_set udp failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_udp);
|
|
|
|
|
}
|
|
|
|
|
if (udpflag && ip6flag) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp6);
|
2001-03-25 23:32:55 +00:00
|
|
|
if (ecode != 0)
|
|
|
|
|
err(1, "getaddrinfo udp6: %s", gai_strerror(ecode));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
nconf_udp6 = getnetconfigent("udp6");
|
|
|
|
|
if (nconf_udp6 == NULL)
|
|
|
|
|
err(1, "getnetconfigent udp6 failed");
|
|
|
|
|
nb_udp6.buf = ai_udp6->ai_addr;
|
|
|
|
|
nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
|
|
|
|
|
&nb_udp6))
|
|
|
|
|
err(1, "rpcb_set udp6 failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
|
|
|
|
|
&nb_udp6))
|
|
|
|
|
err(1, "rpcb_set udp6 failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_udp6);
|
|
|
|
|
}
|
|
|
|
|
if (tcpflag) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp);
|
2001-03-25 23:32:55 +00:00
|
|
|
if (ecode != 0)
|
|
|
|
|
err(1, "getaddrinfo tcp: %s", gai_strerror(ecode));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
nconf_tcp = getnetconfigent("tcp");
|
|
|
|
|
if (nconf_tcp == NULL)
|
|
|
|
|
err(1, "getnetconfigent tcp failed");
|
|
|
|
|
nb_tcp.buf = ai_tcp->ai_addr;
|
|
|
|
|
nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
|
|
|
|
|
&nb_tcp))
|
|
|
|
|
err(1, "rpcb_set tcp failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
|
|
|
|
|
&nb_tcp))
|
|
|
|
|
err(1, "rpcb_set tcp failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_tcp);
|
|
|
|
|
}
|
|
|
|
|
if (tcpflag && ip6flag) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp6);
|
2001-03-25 23:32:55 +00:00
|
|
|
if (ecode != 0)
|
|
|
|
|
err(1, "getaddrinfo tcp6: %s", gai_strerror(ecode));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
nconf_tcp6 = getnetconfigent("tcp6");
|
|
|
|
|
if (nconf_tcp6 == NULL)
|
|
|
|
|
err(1, "getnetconfigent tcp6 failed");
|
|
|
|
|
nb_tcp6.buf = ai_tcp6->ai_addr;
|
|
|
|
|
nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
|
|
|
|
|
&nb_tcp6))
|
|
|
|
|
err(1, "rpcb_set tcp6 failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6,
|
|
|
|
|
&nb_tcp6))
|
|
|
|
|
err(1, "rpcb_set tcp6 failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_tcp6);
|
|
|
|
|
}
|
|
|
|
|
exit (0);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2001-03-25 23:32:55 +00:00
|
|
|
if (debug == 0) {
|
|
|
|
|
daemon(0, 0);
|
|
|
|
|
(void)signal(SIGHUP, SIG_IGN);
|
|
|
|
|
(void)signal(SIGINT, SIG_IGN);
|
|
|
|
|
/*
|
|
|
|
|
* nfsd sits in the kernel most of the time. It needs
|
|
|
|
|
* to ignore SIGTERM/SIGQUIT in order to stay alive as long
|
|
|
|
|
* as possible during a shutdown, otherwise loopback
|
|
|
|
|
* mounts will not be able to unmount.
|
|
|
|
|
*/
|
|
|
|
|
(void)signal(SIGTERM, SIG_IGN);
|
|
|
|
|
(void)signal(SIGQUIT, SIG_IGN);
|
|
|
|
|
}
|
2001-10-16 21:55:53 +00:00
|
|
|
(void)signal(SIGSYS, nonfs);
|
2001-03-25 23:32:55 +00:00
|
|
|
(void)signal(SIGCHLD, reapchild);
|
2011-04-10 01:54:42 +00:00
|
|
|
(void)signal(SIGUSR2, backup_stable);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2012-11-27 22:34:46 +00:00
|
|
|
openlog("nfsd", LOG_PID | (debug ? LOG_PERROR : 0), LOG_DAEMON);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
/*
|
2009-05-24 01:18:56 +00:00
|
|
|
* For V4, we open the stablerestart file and call nfssvc()
|
|
|
|
|
* to get it loaded. This is done before the daemons do the
|
|
|
|
|
* regular nfssvc() call to service NFS requests.
|
|
|
|
|
* (This way the file remains open until the last nfsd is killed
|
|
|
|
|
* off.)
|
2011-04-10 01:54:42 +00:00
|
|
|
* It and the backup copy will be created as empty files
|
|
|
|
|
* the first time this nfsd is started and should never be
|
|
|
|
|
* deleted/replaced if at all possible. It should live on a
|
2009-05-24 01:18:56 +00:00
|
|
|
* local, non-volatile storage device that does not do hardware
|
|
|
|
|
* level write-back caching. (See SCSI doc for more information
|
|
|
|
|
* on how to prevent write-back caching on SCSI disks.)
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
*/
|
2015-04-30 12:55:27 +00:00
|
|
|
open_stable(&stablefd, &backupfd);
|
|
|
|
|
if (stablefd < 0) {
|
|
|
|
|
syslog(LOG_ERR, "Can't open %s: %m\n", NFSD_STABLERESTART);
|
|
|
|
|
exit(1);
|
2009-05-24 01:18:56 +00:00
|
|
|
}
|
2015-04-30 12:55:27 +00:00
|
|
|
/* This system call will fail for old kernels, but that's ok. */
|
|
|
|
|
nfssvc(NFSSVC_BACKUPSTABLE, NULL);
|
|
|
|
|
if (nfssvc(NFSSVC_STABLERESTART, (caddr_t)&stablefd) < 0) {
|
|
|
|
|
syslog(LOG_ERR, "Can't read stable storage file: %m\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
nfssvc_addsock = NFSSVC_NFSDADDSOCK;
|
2018-06-14 20:36:55 +00:00
|
|
|
nfssvc_nfsd = NFSSVC_NFSDNFSD | NFSSVC_NEWSTRUCT;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
|
2015-04-30 12:55:27 +00:00
|
|
|
if (tcpflag) {
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
/*
|
|
|
|
|
* For TCP mode, we fork once to start the first
|
|
|
|
|
* kernel nfsd thread. The kernel will add more
|
|
|
|
|
* threads as needed.
|
|
|
|
|
*/
|
2018-06-14 20:36:55 +00:00
|
|
|
masterpid = getpid();
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
pid = fork();
|
|
|
|
|
if (pid == -1) {
|
1994-05-26 06:35:07 +00:00
|
|
|
syslog(LOG_ERR, "fork: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (pid) {
|
|
|
|
|
children[0] = pid;
|
|
|
|
|
} else {
|
|
|
|
|
(void)signal(SIGUSR1, child_cleanup);
|
|
|
|
|
setproctitle("server");
|
2019-02-16 00:15:54 +00:00
|
|
|
start_server(0, &nfsdargs, vhostname);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2001-10-16 21:55:53 +00:00
|
|
|
(void)signal(SIGUSR1, cleanup);
|
2002-07-22 14:01:44 +00:00
|
|
|
FD_ZERO(&sockbits);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
|
rpcbregcnt = 0;
|
|
|
|
|
/* Set up the socket for udp and rpcb register it. */
|
|
|
|
|
if (udpflag) {
|
|
|
|
|
rpcbreg = 0;
|
|
|
|
|
for (i = 0; i < bindhostc; i++) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
if (setbindhost(&ai_udp, bindhost[i], hints) == 0) {
|
|
|
|
|
rpcbreg = 1;
|
|
|
|
|
rpcbregcnt++;
|
|
|
|
|
if ((sock = socket(ai_udp->ai_family,
|
|
|
|
|
ai_udp->ai_socktype,
|
|
|
|
|
ai_udp->ai_protocol)) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't create udp socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
if (bind(sock, ai_udp->ai_addr,
|
|
|
|
|
ai_udp->ai_addrlen) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't bind udp addr %s: %m",
|
|
|
|
|
bindhost[i]);
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
freeaddrinfo(ai_udp);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
addsockargs.sock = sock;
|
|
|
|
|
addsockargs.name = NULL;
|
|
|
|
|
addsockargs.namelen = 0;
|
2009-05-24 01:18:56 +00:00
|
|
|
if (nfssvc(nfssvc_addsock, &addsockargs) < 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR, "can't Add UDP socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
(void)close(sock);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (rpcbreg == 1) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp);
|
|
|
|
|
if (ecode != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getaddrinfo udp: %s",
|
|
|
|
|
gai_strerror(ecode));
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
nconf_udp = getnetconfigent("udp");
|
|
|
|
|
if (nconf_udp == NULL)
|
|
|
|
|
err(1, "getnetconfigent udp failed");
|
|
|
|
|
nb_udp.buf = ai_udp->ai_addr;
|
|
|
|
|
nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
|
|
|
|
|
&nb_udp))
|
|
|
|
|
err(1, "rpcb_set udp failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
|
|
|
|
|
&nb_udp))
|
|
|
|
|
err(1, "rpcb_set udp failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_udp);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/* Set up the socket for udp6 and rpcb register it. */
|
|
|
|
|
if (udpflag && ip6flag) {
|
|
|
|
|
rpcbreg = 0;
|
|
|
|
|
for (i = 0; i < bindhostc; i++) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
if (setbindhost(&ai_udp6, bindhost[i], hints) == 0) {
|
|
|
|
|
rpcbreg = 1;
|
|
|
|
|
rpcbregcnt++;
|
|
|
|
|
if ((sock = socket(ai_udp6->ai_family,
|
|
|
|
|
ai_udp6->ai_socktype,
|
|
|
|
|
ai_udp6->ai_protocol)) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't create udp6 socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2002-07-22 15:22:53 +00:00
|
|
|
if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
&on, sizeof on) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't set v6-only binding for "
|
|
|
|
|
"udp6 socket: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
if (bind(sock, ai_udp6->ai_addr,
|
|
|
|
|
ai_udp6->ai_addrlen) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't bind udp6 addr %s: %m",
|
|
|
|
|
bindhost[i]);
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
freeaddrinfo(ai_udp6);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
addsockargs.sock = sock;
|
|
|
|
|
addsockargs.name = NULL;
|
|
|
|
|
addsockargs.namelen = 0;
|
2009-05-24 01:18:56 +00:00
|
|
|
if (nfssvc(nfssvc_addsock, &addsockargs) < 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't add UDP6 socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
(void)close(sock);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (rpcbreg == 1) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp6);
|
|
|
|
|
if (ecode != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getaddrinfo udp6: %s",
|
|
|
|
|
gai_strerror(ecode));
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
nconf_udp6 = getnetconfigent("udp6");
|
|
|
|
|
if (nconf_udp6 == NULL)
|
|
|
|
|
err(1, "getnetconfigent udp6 failed");
|
|
|
|
|
nb_udp6.buf = ai_udp6->ai_addr;
|
|
|
|
|
nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
|
|
|
|
|
&nb_udp6))
|
|
|
|
|
err(1,
|
|
|
|
|
"rpcb_set udp6 failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
|
|
|
|
|
&nb_udp6))
|
|
|
|
|
err(1,
|
|
|
|
|
"rpcb_set udp6 failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_udp6);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
|
/* Set up the socket for tcp and rpcb register it. */
|
|
|
|
|
if (tcpflag) {
|
|
|
|
|
rpcbreg = 0;
|
|
|
|
|
for (i = 0; i < bindhostc; i++) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
if (setbindhost(&ai_tcp, bindhost[i], hints) == 0) {
|
|
|
|
|
rpcbreg = 1;
|
|
|
|
|
rpcbregcnt++;
|
|
|
|
|
if ((tcpsock = socket(AF_INET, SOCK_STREAM,
|
|
|
|
|
0)) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
2012-10-22 03:16:32 +00:00
|
|
|
"can't create tcp socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
if (setsockopt(tcpsock, SOL_SOCKET,
|
|
|
|
|
SO_REUSEADDR,
|
|
|
|
|
(char *)&on, sizeof(on)) < 0)
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"setsockopt SO_REUSEADDR: %m");
|
|
|
|
|
if (bind(tcpsock, ai_tcp->ai_addr,
|
|
|
|
|
ai_tcp->ai_addrlen) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't bind tcp addr %s: %m",
|
|
|
|
|
bindhost[i]);
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2015-04-07 10:25:27 +00:00
|
|
|
if (listen(tcpsock, -1) < 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR, "listen failed");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
freeaddrinfo(ai_tcp);
|
|
|
|
|
FD_SET(tcpsock, &sockbits);
|
|
|
|
|
maxsock = tcpsock;
|
|
|
|
|
connect_type_cnt++;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (rpcbreg == 1) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints,
|
|
|
|
|
&ai_tcp);
|
|
|
|
|
if (ecode != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getaddrinfo tcp: %s",
|
|
|
|
|
gai_strerror(ecode));
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
nconf_tcp = getnetconfigent("tcp");
|
|
|
|
|
if (nconf_tcp == NULL)
|
|
|
|
|
err(1, "getnetconfigent tcp failed");
|
|
|
|
|
nb_tcp.buf = ai_tcp->ai_addr;
|
|
|
|
|
nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
|
|
|
|
|
&nb_tcp))
|
|
|
|
|
err(1, "rpcb_set tcp failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
|
|
|
|
|
&nb_tcp))
|
|
|
|
|
err(1, "rpcb_set tcp failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_tcp);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/* Set up the socket for tcp6 and rpcb register it. */
|
|
|
|
|
if (tcpflag && ip6flag) {
|
|
|
|
|
rpcbreg = 0;
|
|
|
|
|
for (i = 0; i < bindhostc; i++) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
if (setbindhost(&ai_tcp6, bindhost[i], hints) == 0) {
|
|
|
|
|
rpcbreg = 1;
|
|
|
|
|
rpcbregcnt++;
|
|
|
|
|
if ((tcp6sock = socket(ai_tcp6->ai_family,
|
|
|
|
|
ai_tcp6->ai_socktype,
|
|
|
|
|
ai_tcp6->ai_protocol)) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't create tcp6 socket");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
if (setsockopt(tcp6sock, SOL_SOCKET,
|
|
|
|
|
SO_REUSEADDR,
|
|
|
|
|
(char *)&on, sizeof(on)) < 0)
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"setsockopt SO_REUSEADDR: %m");
|
|
|
|
|
if (setsockopt(tcp6sock, IPPROTO_IPV6,
|
2002-07-22 15:22:53 +00:00
|
|
|
IPV6_V6ONLY, &on, sizeof on) < 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't set v6-only binding for tcp6 "
|
|
|
|
|
"socket: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
if (bind(tcp6sock, ai_tcp6->ai_addr,
|
|
|
|
|
ai_tcp6->ai_addrlen) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't bind tcp6 addr %s: %m",
|
|
|
|
|
bindhost[i]);
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2015-04-07 10:25:27 +00:00
|
|
|
if (listen(tcp6sock, -1) < 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR, "listen failed");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
freeaddrinfo(ai_tcp6);
|
|
|
|
|
FD_SET(tcp6sock, &sockbits);
|
|
|
|
|
if (maxsock < tcp6sock)
|
|
|
|
|
maxsock = tcp6sock;
|
|
|
|
|
connect_type_cnt++;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (rpcbreg == 1) {
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = AF_INET6;
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp6);
|
|
|
|
|
if (ecode != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getaddrinfo tcp6: %s",
|
|
|
|
|
gai_strerror(ecode));
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
nconf_tcp6 = getnetconfigent("tcp6");
|
|
|
|
|
if (nconf_tcp6 == NULL)
|
|
|
|
|
err(1, "getnetconfigent tcp6 failed");
|
|
|
|
|
nb_tcp6.buf = ai_tcp6->ai_addr;
|
|
|
|
|
nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
|
2016-12-08 23:29:56 +00:00
|
|
|
if (nfs_minvers == NFS_VER2)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
|
|
|
|
|
&nb_tcp6))
|
|
|
|
|
err(1, "rpcb_set tcp6 failed");
|
|
|
|
|
if (nfs_minvers <= NFS_VER3)
|
|
|
|
|
if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6,
|
|
|
|
|
&nb_tcp6))
|
|
|
|
|
err(1, "rpcb_set tcp6 failed");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
freeaddrinfo(ai_tcp6);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (rpcbregcnt == 0) {
|
|
|
|
|
syslog(LOG_ERR, "rpcb_set() failed, nothing to do: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2001-10-16 21:55:53 +00:00
|
|
|
if (tcpflag && connect_type_cnt == 0) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR, "tcp connects == 0, nothing to do: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
setproctitle("master");
|
2001-10-16 21:55:53 +00:00
|
|
|
/*
|
2017-12-27 03:23:01 +00:00
|
|
|
* We always want a master to have a clean way to shut nfsd down
|
2001-10-16 21:55:53 +00:00
|
|
|
* (with unregistration): if the master is killed, it unregisters and
|
|
|
|
|
* kills all children. If we run for UDP only (and so do not have to
|
2017-12-27 03:23:01 +00:00
|
|
|
* loop waiting for accept), we instead make the parent
|
2001-10-16 21:55:53 +00:00
|
|
|
* a "server" too. start_server will not return.
|
|
|
|
|
*/
|
|
|
|
|
if (!tcpflag)
|
2019-02-16 00:15:54 +00:00
|
|
|
start_server(1, &nfsdargs, vhostname);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop forever accepting connections and passing the sockets
|
|
|
|
|
* into the kernel for the mounts.
|
|
|
|
|
*/
|
|
|
|
|
for (;;) {
|
|
|
|
|
ready = sockbits;
|
|
|
|
|
if (connect_type_cnt > 1) {
|
|
|
|
|
if (select(maxsock + 1,
|
|
|
|
|
&ready, NULL, NULL, NULL) < 1) {
|
2011-02-17 17:03:56 +00:00
|
|
|
error = errno;
|
|
|
|
|
if (error == EINTR)
|
2004-01-11 01:29:03 +00:00
|
|
|
continue;
|
2011-04-10 01:54:42 +00:00
|
|
|
syslog(LOG_ERR, "select failed: %m");
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
for (tcpsock = 0; tcpsock <= maxsock; tcpsock++) {
|
|
|
|
|
if (FD_ISSET(tcpsock, &ready)) {
|
2018-11-04 06:39:01 +00:00
|
|
|
len = sizeof(peer);
|
|
|
|
|
if ((msgsock = accept(tcpsock,
|
|
|
|
|
(struct sockaddr *)&peer, &len)) < 0) {
|
|
|
|
|
error = errno;
|
|
|
|
|
syslog(LOG_ERR, "accept failed: %m");
|
|
|
|
|
if (error == ECONNABORTED ||
|
|
|
|
|
error == EINTR)
|
|
|
|
|
continue;
|
|
|
|
|
nfsd_exit(1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2018-11-04 06:39:01 +00:00
|
|
|
if (setsockopt(msgsock, SOL_SOCKET,
|
|
|
|
|
SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0)
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"setsockopt SO_KEEPALIVE: %m");
|
|
|
|
|
addsockargs.sock = msgsock;
|
|
|
|
|
addsockargs.name = (caddr_t)&peer;
|
|
|
|
|
addsockargs.namelen = len;
|
|
|
|
|
nfssvc(nfssvc_addsock, &addsockargs);
|
|
|
|
|
(void)close(msgsock);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static int
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
setbindhost(struct addrinfo **ai, const char *bindhost, struct addrinfo hints)
|
1999-11-11 17:35:36 +00:00
|
|
|
{
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int ecode;
|
|
|
|
|
u_int32_t host_addr[4]; /* IPv4 or IPv6 */
|
|
|
|
|
const char *hostptr;
|
|
|
|
|
|
|
|
|
|
if (bindhost == NULL || strcmp("*", bindhost) == 0)
|
|
|
|
|
hostptr = NULL;
|
|
|
|
|
else
|
|
|
|
|
hostptr = bindhost;
|
|
|
|
|
|
|
|
|
|
if (hostptr != NULL) {
|
|
|
|
|
switch (hints.ai_family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
if (inet_pton(AF_INET, hostptr, host_addr) == 1) {
|
|
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
|
|
|
} else {
|
|
|
|
|
if (inet_pton(AF_INET6, hostptr,
|
|
|
|
|
host_addr) == 1)
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
if (inet_pton(AF_INET6, hostptr, host_addr) == 1) {
|
|
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
|
|
|
} else {
|
|
|
|
|
if (inet_pton(AF_INET, hostptr,
|
|
|
|
|
host_addr) == 1)
|
|
|
|
|
return (1);
|
1999-11-11 17:35:36 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2002-05-01 06:49:43 +00:00
|
|
|
break;
|
1999-11-11 17:35:36 +00:00
|
|
|
}
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
|
ecode = getaddrinfo(hostptr, "nfs", &hints, ai);
|
|
|
|
|
if (ecode != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getaddrinfo %s: %s", bindhost,
|
|
|
|
|
gai_strerror(ecode));
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
1999-11-11 17:35:36 +00:00
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:25:14 +00:00
|
|
|
static void
|
|
|
|
|
set_nfsdcnt(int proposed)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (proposed < 1) {
|
|
|
|
|
warnx("nfsd count too low %d; reset to %d", proposed,
|
|
|
|
|
DEFNFSDCNT);
|
|
|
|
|
nfsdcnt = DEFNFSDCNT;
|
|
|
|
|
} else if (proposed > MAXNFSDCNT) {
|
|
|
|
|
warnx("nfsd count too high %d; truncated to %d", proposed,
|
|
|
|
|
MAXNFSDCNT);
|
|
|
|
|
nfsdcnt = MAXNFSDCNT;
|
|
|
|
|
} else
|
|
|
|
|
nfsdcnt = proposed;
|
|
|
|
|
nfsdcnt_set = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2009-12-29 22:53:27 +00:00
|
|
|
usage(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2012-11-27 22:34:46 +00:00
|
|
|
(void)fprintf(stderr, "%s", getopt_usage);
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2004-11-06 18:15:44 +00:00
|
|
|
nonfs(__unused int signo)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
1998-07-15 06:33:15 +00:00
|
|
|
syslog(LOG_ERR, "missing system call: NFS not available");
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2004-11-06 18:15:44 +00:00
|
|
|
reapchild(__unused int signo)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-10-16 21:55:53 +00:00
|
|
|
pid_t pid;
|
|
|
|
|
int i;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2001-10-16 21:55:53 +00:00
|
|
|
while ((pid = wait3(NULL, WNOHANG, NULL)) > 0) {
|
|
|
|
|
for (i = 0; i < nfsdcnt; i++)
|
|
|
|
|
if (pid == children[i])
|
|
|
|
|
children[i] = -1;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2009-12-29 22:53:27 +00:00
|
|
|
unregistration(void)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2009-06-24 18:42:21 +00:00
|
|
|
if ((!rpcb_unset(NFS_PROGRAM, 2, NULL)) ||
|
|
|
|
|
(!rpcb_unset(NFS_PROGRAM, 3, NULL)))
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
syslog(LOG_ERR, "rpcb_unset failed");
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2009-12-29 22:53:27 +00:00
|
|
|
killchildren(void)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < nfsdcnt; i++) {
|
|
|
|
|
if (children[i] > 0)
|
|
|
|
|
kill(children[i], SIGKILL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-10-16 21:55:53 +00:00
|
|
|
/*
|
|
|
|
|
* Cleanup master after SIGUSR1.
|
|
|
|
|
*/
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2004-11-06 18:15:44 +00:00
|
|
|
cleanup(__unused int signo)
|
2001-10-16 21:55:53 +00:00
|
|
|
{
|
|
|
|
|
nfsd_exit(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Cleanup child after SIGUSR1.
|
|
|
|
|
*/
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2004-11-06 18:15:44 +00:00
|
|
|
child_cleanup(__unused int signo)
|
2001-10-16 21:55:53 +00:00
|
|
|
{
|
|
|
|
|
exit(0);
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2001-10-16 21:55:53 +00:00
|
|
|
nfsd_exit(int status)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
|
|
|
|
killchildren();
|
2001-10-16 21:55:53 +00:00
|
|
|
unregistration();
|
|
|
|
|
exit(status);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-27 22:34:46 +00:00
|
|
|
static int
|
|
|
|
|
get_tuned_nfsdcount(void)
|
|
|
|
|
{
|
|
|
|
|
int ncpu, error, tuned_nfsdcnt;
|
|
|
|
|
size_t ncpu_size;
|
|
|
|
|
|
|
|
|
|
ncpu_size = sizeof(ncpu);
|
|
|
|
|
error = sysctlbyname("hw.ncpu", &ncpu, &ncpu_size, NULL, 0);
|
|
|
|
|
if (error) {
|
|
|
|
|
warnx("sysctlbyname(hw.ncpu) failed defaulting to %d nfs servers",
|
|
|
|
|
DEFNFSDCNT);
|
|
|
|
|
tuned_nfsdcnt = DEFNFSDCNT;
|
|
|
|
|
} else {
|
|
|
|
|
tuned_nfsdcnt = ncpu * 8;
|
|
|
|
|
}
|
|
|
|
|
return tuned_nfsdcnt;
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2019-02-16 00:15:54 +00:00
|
|
|
start_server(int master, struct nfsd_nfsd_args *nfsdargp, const char *vhost)
|
2001-10-16 21:55:53 +00:00
|
|
|
{
|
2009-05-24 01:18:56 +00:00
|
|
|
char principal[MAXHOSTNAMELEN + 5];
|
|
|
|
|
int status, error;
|
|
|
|
|
char hostname[MAXHOSTNAMELEN + 1], *cp;
|
|
|
|
|
struct addrinfo *aip, hints;
|
2001-10-16 21:55:53 +00:00
|
|
|
|
|
|
|
|
status = 0;
|
2019-02-16 00:15:54 +00:00
|
|
|
if (vhost == NULL)
|
|
|
|
|
gethostname(hostname, sizeof (hostname));
|
|
|
|
|
else
|
|
|
|
|
strlcpy(hostname, vhost, sizeof (hostname));
|
2015-04-30 12:55:27 +00:00
|
|
|
snprintf(principal, sizeof (principal), "nfs@%s", hostname);
|
|
|
|
|
if ((cp = strchr(hostname, '.')) == NULL ||
|
|
|
|
|
*(cp + 1) == '\0') {
|
|
|
|
|
/* If not fully qualified, try getaddrinfo() */
|
|
|
|
|
memset((void *)&hints, 0, sizeof (hints));
|
|
|
|
|
hints.ai_flags = AI_CANONNAME;
|
|
|
|
|
error = getaddrinfo(hostname, NULL, &hints, &aip);
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
if (aip->ai_canonname != NULL &&
|
|
|
|
|
(cp = strchr(aip->ai_canonname, '.')) !=
|
|
|
|
|
NULL && *(cp + 1) != '\0')
|
|
|
|
|
snprintf(principal, sizeof (principal),
|
|
|
|
|
"nfs@%s", aip->ai_canonname);
|
|
|
|
|
freeaddrinfo(aip);
|
2009-05-24 01:18:56 +00:00
|
|
|
}
|
2015-04-30 12:55:27 +00:00
|
|
|
}
|
2018-06-14 20:36:55 +00:00
|
|
|
nfsdargp->principal = principal;
|
2012-11-27 22:34:46 +00:00
|
|
|
|
2015-04-30 12:55:27 +00:00
|
|
|
if (nfsdcnt_set)
|
2018-06-14 20:36:55 +00:00
|
|
|
nfsdargp->minthreads = nfsdargp->maxthreads = nfsdcnt;
|
2015-04-30 12:55:27 +00:00
|
|
|
else {
|
2018-06-14 20:36:55 +00:00
|
|
|
nfsdargp->minthreads = minthreads_set ? minthreads : get_tuned_nfsdcount();
|
|
|
|
|
nfsdargp->maxthreads = maxthreads_set ? maxthreads : nfsdargp->minthreads;
|
|
|
|
|
if (nfsdargp->maxthreads < nfsdargp->minthreads)
|
|
|
|
|
nfsdargp->maxthreads = nfsdargp->minthreads;
|
2015-04-30 12:55:27 +00:00
|
|
|
}
|
2018-06-14 20:36:55 +00:00
|
|
|
error = nfssvc(nfssvc_nfsd, nfsdargp);
|
2015-04-30 12:55:27 +00:00
|
|
|
if (error < 0 && errno == EAUTH) {
|
|
|
|
|
/*
|
|
|
|
|
* This indicates that it could not register the
|
|
|
|
|
* rpcsec_gss credentials, usually because the
|
|
|
|
|
* gssd daemon isn't running.
|
|
|
|
|
* (only the experimental server with nfsv4)
|
|
|
|
|
*/
|
|
|
|
|
syslog(LOG_ERR, "No gssd, using AUTH_SYS only");
|
|
|
|
|
principal[0] = '\0';
|
2018-06-14 20:36:55 +00:00
|
|
|
error = nfssvc(nfssvc_nfsd, nfsdargp);
|
2015-04-30 12:55:27 +00:00
|
|
|
}
|
|
|
|
|
if (error < 0) {
|
2018-06-14 20:36:55 +00:00
|
|
|
if (errno == ENXIO) {
|
|
|
|
|
syslog(LOG_ERR, "Bad -p option, cannot run");
|
|
|
|
|
if (masterpid != 0 && master == 0)
|
|
|
|
|
kill(masterpid, SIGUSR1);
|
|
|
|
|
} else
|
|
|
|
|
syslog(LOG_ERR, "nfssvc: %m");
|
2015-04-30 12:55:27 +00:00
|
|
|
status = 1;
|
2001-10-16 21:55:53 +00:00
|
|
|
}
|
|
|
|
|
if (master)
|
|
|
|
|
nfsd_exit(status);
|
|
|
|
|
else
|
|
|
|
|
exit(status);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2011-04-10 01:54:42 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Open the stable restart file and return the file descriptor for it.
|
|
|
|
|
*/
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2011-04-10 01:54:42 +00:00
|
|
|
open_stable(int *stable_fdp, int *backup_fdp)
|
|
|
|
|
{
|
|
|
|
|
int stable_fd, backup_fd = -1, ret;
|
|
|
|
|
struct stat st, backup_st;
|
|
|
|
|
|
|
|
|
|
/* Open and stat the stable restart file. */
|
|
|
|
|
stable_fd = open(NFSD_STABLERESTART, O_RDWR, 0);
|
|
|
|
|
if (stable_fd < 0)
|
|
|
|
|
stable_fd = open(NFSD_STABLERESTART, O_RDWR | O_CREAT, 0600);
|
|
|
|
|
if (stable_fd >= 0) {
|
|
|
|
|
ret = fstat(stable_fd, &st);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
close(stable_fd);
|
|
|
|
|
stable_fd = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Open and stat the backup stable restart file. */
|
|
|
|
|
if (stable_fd >= 0) {
|
|
|
|
|
backup_fd = open(NFSD_STABLEBACKUP, O_RDWR, 0);
|
|
|
|
|
if (backup_fd < 0)
|
|
|
|
|
backup_fd = open(NFSD_STABLEBACKUP, O_RDWR | O_CREAT,
|
|
|
|
|
0600);
|
|
|
|
|
if (backup_fd >= 0) {
|
|
|
|
|
ret = fstat(backup_fd, &backup_st);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
close(backup_fd);
|
|
|
|
|
backup_fd = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (backup_fd < 0) {
|
|
|
|
|
close(stable_fd);
|
|
|
|
|
stable_fd = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*stable_fdp = stable_fd;
|
|
|
|
|
*backup_fdp = backup_fd;
|
|
|
|
|
if (stable_fd < 0)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Sync up the 2 files, as required. */
|
|
|
|
|
if (st.st_size > 0)
|
|
|
|
|
copy_stable(stable_fd, backup_fd);
|
|
|
|
|
else if (backup_st.st_size > 0)
|
|
|
|
|
copy_stable(backup_fd, stable_fd);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copy the stable restart file to the backup or vice versa.
|
|
|
|
|
*/
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2011-04-10 01:54:42 +00:00
|
|
|
copy_stable(int from_fd, int to_fd)
|
|
|
|
|
{
|
|
|
|
|
int cnt, ret;
|
|
|
|
|
static char buf[1024];
|
|
|
|
|
|
|
|
|
|
ret = lseek(from_fd, (off_t)0, SEEK_SET);
|
|
|
|
|
if (ret >= 0)
|
|
|
|
|
ret = lseek(to_fd, (off_t)0, SEEK_SET);
|
|
|
|
|
if (ret >= 0)
|
|
|
|
|
ret = ftruncate(to_fd, (off_t)0);
|
|
|
|
|
if (ret >= 0)
|
|
|
|
|
do {
|
|
|
|
|
cnt = read(from_fd, buf, 1024);
|
|
|
|
|
if (cnt > 0)
|
|
|
|
|
ret = write(to_fd, buf, cnt);
|
|
|
|
|
else if (cnt < 0)
|
|
|
|
|
ret = cnt;
|
|
|
|
|
} while (cnt > 0 && ret >= 0);
|
|
|
|
|
if (ret >= 0)
|
|
|
|
|
ret = fsync(to_fd);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
syslog(LOG_ERR, "stable restart copy failure: %m");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Back up the stable restart file when indicated by the kernel.
|
|
|
|
|
*/
|
2013-02-14 01:01:53 +00:00
|
|
|
static void
|
2011-04-10 01:54:42 +00:00
|
|
|
backup_stable(__unused int signo)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (stablefd >= 0)
|
|
|
|
|
copy_stable(stablefd, backupfd);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-14 20:36:55 +00:00
|
|
|
/*
|
|
|
|
|
* Parse the pNFS string and extract the DS servers and ports numbers.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
parse_dsserver(const char *optionarg, struct nfsd_nfsd_args *nfsdargp)
|
|
|
|
|
{
|
2018-07-27 23:10:28 +00:00
|
|
|
char *cp, *cp2, *dsaddr, *dshost, *dspath, *dsvol, nfsprt[9];
|
|
|
|
|
char *mdspath, *mdsp, ip6[INET6_ADDRSTRLEN];
|
|
|
|
|
const char *ad;
|
2018-06-14 20:36:55 +00:00
|
|
|
int ecode;
|
|
|
|
|
u_int adsiz, dsaddrcnt, dshostcnt, dspathcnt, hostsiz, pathsiz;
|
2018-07-02 19:26:31 +00:00
|
|
|
u_int mdspathcnt;
|
|
|
|
|
size_t dsaddrsiz, dshostsiz, dspathsiz, nfsprtsiz, mdspathsiz;
|
2018-07-27 23:10:28 +00:00
|
|
|
struct addrinfo hints, *ai_tcp, *res;
|
2018-06-14 20:36:55 +00:00
|
|
|
struct sockaddr_in sin;
|
2018-07-27 23:10:28 +00:00
|
|
|
struct sockaddr_in6 sin6;
|
2018-06-14 20:36:55 +00:00
|
|
|
|
|
|
|
|
cp = strdup(optionarg);
|
|
|
|
|
if (cp == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
|
|
|
|
|
/* Now, do the host names. */
|
|
|
|
|
dspathsiz = 1024;
|
|
|
|
|
dspathcnt = 0;
|
|
|
|
|
dspath = malloc(dspathsiz);
|
|
|
|
|
if (dspath == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
dshostsiz = 1024;
|
|
|
|
|
dshostcnt = 0;
|
|
|
|
|
dshost = malloc(dshostsiz);
|
|
|
|
|
if (dshost == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
dsaddrsiz = 1024;
|
|
|
|
|
dsaddrcnt = 0;
|
|
|
|
|
dsaddr = malloc(dsaddrsiz);
|
|
|
|
|
if (dsaddr == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
2018-07-02 19:26:31 +00:00
|
|
|
mdspathsiz = 1024;
|
|
|
|
|
mdspathcnt = 0;
|
|
|
|
|
mdspath = malloc(mdspathsiz);
|
|
|
|
|
if (mdspath == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
2018-06-14 20:36:55 +00:00
|
|
|
|
|
|
|
|
/* Put the NFS port# in "." form. */
|
|
|
|
|
snprintf(nfsprt, 9, ".%d.%d", 2049 >> 8, 2049 & 0xff);
|
|
|
|
|
nfsprtsiz = strlen(nfsprt);
|
|
|
|
|
|
|
|
|
|
ai_tcp = NULL;
|
|
|
|
|
/* Loop around for each DS server name. */
|
|
|
|
|
do {
|
|
|
|
|
cp2 = strchr(cp, ',');
|
|
|
|
|
if (cp2 != NULL) {
|
|
|
|
|
/* Not the last DS in the list. */
|
|
|
|
|
*cp2++ = '\0';
|
|
|
|
|
if (*cp2 == '\0')
|
|
|
|
|
usage();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dsvol = strchr(cp, ':');
|
|
|
|
|
if (dsvol == NULL || *(dsvol + 1) == '\0')
|
|
|
|
|
usage();
|
|
|
|
|
*dsvol++ = '\0';
|
|
|
|
|
|
2018-07-02 19:26:31 +00:00
|
|
|
/* Optional path for MDS file system to be stored on DS. */
|
|
|
|
|
mdsp = strchr(dsvol, '#');
|
|
|
|
|
if (mdsp != NULL) {
|
|
|
|
|
if (*(mdsp + 1) == '\0' || mdsp <= dsvol)
|
|
|
|
|
usage();
|
|
|
|
|
*mdsp++ = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-14 20:36:55 +00:00
|
|
|
/* Append this pathname to dspath. */
|
|
|
|
|
pathsiz = strlen(dsvol);
|
|
|
|
|
if (dspathcnt + pathsiz + 1 > dspathsiz) {
|
|
|
|
|
dspathsiz *= 2;
|
|
|
|
|
dspath = realloc(dspath, dspathsiz);
|
|
|
|
|
if (dspath == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
}
|
|
|
|
|
strcpy(&dspath[dspathcnt], dsvol);
|
|
|
|
|
dspathcnt += pathsiz + 1;
|
|
|
|
|
|
2018-07-02 19:26:31 +00:00
|
|
|
/* Append this pathname to mdspath. */
|
|
|
|
|
if (mdsp != NULL)
|
|
|
|
|
pathsiz = strlen(mdsp);
|
|
|
|
|
else
|
|
|
|
|
pathsiz = 0;
|
|
|
|
|
if (mdspathcnt + pathsiz + 1 > mdspathsiz) {
|
|
|
|
|
mdspathsiz *= 2;
|
|
|
|
|
mdspath = realloc(mdspath, mdspathsiz);
|
|
|
|
|
if (mdspath == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
}
|
|
|
|
|
if (mdsp != NULL)
|
|
|
|
|
strcpy(&mdspath[mdspathcnt], mdsp);
|
|
|
|
|
else
|
|
|
|
|
mdspath[mdspathcnt] = '\0';
|
|
|
|
|
mdspathcnt += pathsiz + 1;
|
|
|
|
|
|
2018-06-14 20:36:55 +00:00
|
|
|
if (ai_tcp != NULL)
|
|
|
|
|
freeaddrinfo(ai_tcp);
|
|
|
|
|
|
|
|
|
|
/* Get the fully qualified domain name and IP address. */
|
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
2018-07-27 23:10:28 +00:00
|
|
|
hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
|
|
|
|
|
hints.ai_family = PF_UNSPEC;
|
2018-06-14 20:36:55 +00:00
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
ecode = getaddrinfo(cp, NULL, &hints, &ai_tcp);
|
|
|
|
|
if (ecode != 0)
|
|
|
|
|
err(1, "getaddrinfo pnfs: %s %s", cp,
|
|
|
|
|
gai_strerror(ecode));
|
2018-07-27 23:10:28 +00:00
|
|
|
ad = NULL;
|
|
|
|
|
for (res = ai_tcp; res != NULL; res = res->ai_next) {
|
|
|
|
|
if (res->ai_addr->sa_family == AF_INET) {
|
|
|
|
|
if (res->ai_addrlen < sizeof(sin))
|
|
|
|
|
err(1, "getaddrinfo() returned "
|
|
|
|
|
"undersized IPv4 address");
|
|
|
|
|
/*
|
|
|
|
|
* Mips cares about sockaddr_in alignment,
|
|
|
|
|
* so copy the address.
|
|
|
|
|
*/
|
|
|
|
|
memcpy(&sin, res->ai_addr, sizeof(sin));
|
|
|
|
|
ad = inet_ntoa(sin.sin_addr);
|
|
|
|
|
break;
|
|
|
|
|
} else if (res->ai_family == AF_INET6) {
|
|
|
|
|
if (res->ai_addrlen < sizeof(sin6))
|
|
|
|
|
err(1, "getaddrinfo() returned "
|
|
|
|
|
"undersized IPv6 address");
|
|
|
|
|
/*
|
|
|
|
|
* Mips cares about sockaddr_in6 alignment,
|
|
|
|
|
* so copy the address.
|
|
|
|
|
*/
|
|
|
|
|
memcpy(&sin6, res->ai_addr, sizeof(sin6));
|
|
|
|
|
ad = inet_ntop(AF_INET6, &sin6.sin6_addr, ip6,
|
|
|
|
|
sizeof(ip6));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX
|
|
|
|
|
* Since a link local address will only
|
|
|
|
|
* work if the client and DS are in the
|
|
|
|
|
* same scope zone, only use it if it is
|
|
|
|
|
* the only address.
|
|
|
|
|
*/
|
|
|
|
|
if (ad != NULL &&
|
|
|
|
|
!IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (ad == NULL)
|
|
|
|
|
err(1, "No IP address for %s", cp);
|
2018-06-14 20:36:55 +00:00
|
|
|
|
|
|
|
|
/* Append this address to dsaddr. */
|
|
|
|
|
adsiz = strlen(ad);
|
|
|
|
|
if (dsaddrcnt + adsiz + nfsprtsiz + 1 > dsaddrsiz) {
|
|
|
|
|
dsaddrsiz *= 2;
|
|
|
|
|
dsaddr = realloc(dsaddr, dsaddrsiz);
|
|
|
|
|
if (dsaddr == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
}
|
|
|
|
|
strcpy(&dsaddr[dsaddrcnt], ad);
|
|
|
|
|
strcat(&dsaddr[dsaddrcnt], nfsprt);
|
|
|
|
|
dsaddrcnt += adsiz + nfsprtsiz + 1;
|
|
|
|
|
|
|
|
|
|
/* Append this hostname to dshost. */
|
|
|
|
|
hostsiz = strlen(ai_tcp->ai_canonname);
|
|
|
|
|
if (dshostcnt + hostsiz + 1 > dshostsiz) {
|
|
|
|
|
dshostsiz *= 2;
|
|
|
|
|
dshost = realloc(dshost, dshostsiz);
|
|
|
|
|
if (dshost == NULL)
|
|
|
|
|
errx(1, "Out of memory");
|
|
|
|
|
}
|
|
|
|
|
strcpy(&dshost[dshostcnt], ai_tcp->ai_canonname);
|
|
|
|
|
dshostcnt += hostsiz + 1;
|
|
|
|
|
|
|
|
|
|
cp = cp2;
|
|
|
|
|
} while (cp != NULL);
|
|
|
|
|
|
|
|
|
|
nfsdargp->addr = dsaddr;
|
|
|
|
|
nfsdargp->addrlen = dsaddrcnt;
|
|
|
|
|
nfsdargp->dnshost = dshost;
|
|
|
|
|
nfsdargp->dnshostlen = dshostcnt;
|
|
|
|
|
nfsdargp->dspath = dspath;
|
|
|
|
|
nfsdargp->dspathlen = dspathcnt;
|
2018-07-02 19:26:31 +00:00
|
|
|
nfsdargp->mdspath = mdspath;
|
|
|
|
|
nfsdargp->mdspathlen = mdspathcnt;
|
2018-06-14 20:36:55 +00:00
|
|
|
freeaddrinfo(ai_tcp);
|
|
|
|
|
}
|
|
|
|
|
|
