2017-11-20 19:49:47 +00:00
|
|
|
/*-
|
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*
|
1994-05-26 06:35:07 +00:00
|
|
|
* Copyright (c) 1989, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
|
* Herb Hasler and Rick Macklem at The University of Guelph.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1994-05-26 06:35:07 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef lint
|
1998-07-15 06:21:41 +00:00
|
|
|
static const char copyright[] =
|
1994-05-26 06:35:07 +00:00
|
|
|
"@(#) Copyright (c) 1989, 1993\n\
|
|
|
|
|
The Regents of the University of California. All rights reserved.\n";
|
1994-09-22 22:17:02 +00:00
|
|
|
#endif /*not lint*/
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1998-07-15 06:21:41 +00:00
|
|
|
#if 0
|
2002-10-16 16:04:50 +00:00
|
|
|
#ifndef lint
|
1998-07-15 06:21:41 +00:00
|
|
|
static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
|
1994-09-22 22:17:02 +00:00
|
|
|
#endif /*not lint*/
|
2002-10-16 16:04:50 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
2020-06-16 02:35:30 +00:00
|
|
|
#include <sys/conf.h>
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#include <sys/fcntl.h>
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
#include <sys/fnv_hash.h>
|
2002-05-14 23:24:28 +00:00
|
|
|
#include <sys/linker.h>
|
|
|
|
|
#include <sys/module.h>
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <sys/mount.h>
|
2017-10-04 08:43:56 +00:00
|
|
|
#include <sys/queue.h>
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
|
#include <sys/syslog.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#include <rpc/rpc.h>
|
2003-01-16 07:27:30 +00:00
|
|
|
#include <rpc/rpc_com.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <rpc/pmap_clnt.h>
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#include <rpc/pmap_prot.h>
|
|
|
|
|
#include <rpcsvc/mount.h>
|
1995-06-27 11:07:30 +00:00
|
|
|
#include <nfs/nfsproto.h>
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <nfs/nfssvc.h>
|
2001-09-18 23:34:44 +00:00
|
|
|
#include <nfsserver/nfs.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <fs/nfs/nfsport.h>
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
|
|
|
|
#include <ctype.h>
|
1998-07-15 06:21:41 +00:00
|
|
|
#include <err.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <grp.h>
|
2005-08-24 19:17:06 +00:00
|
|
|
#include <libutil.h>
|
2002-09-25 04:06:37 +00:00
|
|
|
#include <limits.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <netdb.h>
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
#include <signal.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include "pathnames.h"
|
2006-05-23 17:10:17 +00:00
|
|
|
#include "mntopts.h"
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Structures for keeping the mount list and export list
|
|
|
|
|
*/
|
|
|
|
|
struct mountlist {
|
2009-06-24 18:42:21 +00:00
|
|
|
char ml_host[MNTNAMLEN+1];
|
|
|
|
|
char ml_dirp[MNTPATHLEN+1];
|
2017-10-04 08:48:05 +00:00
|
|
|
|
|
|
|
|
SLIST_ENTRY(mountlist) next;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dirlist {
|
|
|
|
|
struct dirlist *dp_left;
|
|
|
|
|
struct dirlist *dp_right;
|
|
|
|
|
int dp_flag;
|
|
|
|
|
struct hostlist *dp_hosts; /* List of hosts this dir exported to */
|
2017-09-26 09:18:18 +00:00
|
|
|
char *dp_dirp;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
/* dp_flag bits */
|
|
|
|
|
#define DP_DEFSET 0x1
|
1995-06-27 11:07:30 +00:00
|
|
|
#define DP_HOSTSET 0x2
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2020-06-14 00:40:00 +00:00
|
|
|
/*
|
|
|
|
|
* maproot/mapall credentials.
|
2020-10-10 00:01:40 +00:00
|
|
|
* cr_smallgrps can be used for a group list up to SMALLNGROUPS in size.
|
|
|
|
|
* Larger group lists are malloc'd/free'd.
|
2020-06-14 00:40:00 +00:00
|
|
|
*/
|
2020-10-10 00:01:40 +00:00
|
|
|
#define SMALLNGROUPS 32
|
2020-06-14 00:40:00 +00:00
|
|
|
struct expcred {
|
|
|
|
|
uid_t cr_uid;
|
|
|
|
|
int cr_ngroups;
|
2020-10-10 00:01:40 +00:00
|
|
|
gid_t cr_smallgrps[SMALLNGROUPS];
|
|
|
|
|
gid_t *cr_groups;
|
2020-06-14 00:40:00 +00:00
|
|
|
};
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
struct exportlist {
|
|
|
|
|
struct dirlist *ex_dirl;
|
|
|
|
|
struct dirlist *ex_defdir;
|
2019-05-14 22:00:47 +00:00
|
|
|
struct grouplist *ex_grphead;
|
1994-05-26 06:35:07 +00:00
|
|
|
int ex_flag;
|
|
|
|
|
fsid_t ex_fs;
|
|
|
|
|
char *ex_fsdir;
|
1997-07-16 09:27:53 +00:00
|
|
|
char *ex_indexfile;
|
2020-06-14 00:40:00 +00:00
|
|
|
struct expcred ex_defanon;
|
|
|
|
|
uint64_t ex_defexflags;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int ex_numsecflavors;
|
|
|
|
|
int ex_secflavors[MAXSECFLAVORS];
|
2012-09-24 23:57:16 +00:00
|
|
|
int ex_defnumsecflavors;
|
|
|
|
|
int ex_defsecflavors[MAXSECFLAVORS];
|
2017-10-04 08:43:56 +00:00
|
|
|
|
|
|
|
|
SLIST_ENTRY(exportlist) entries;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
/* ex_flag bits */
|
|
|
|
|
#define EX_LINKED 0x1
|
2019-06-03 22:58:51 +00:00
|
|
|
#define EX_DONE 0x2
|
|
|
|
|
#define EX_DEFSET 0x4
|
|
|
|
|
#define EX_PUBLICFH 0x8
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2019-05-10 23:52:17 +00:00
|
|
|
SLIST_HEAD(exportlisthead, exportlist);
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
struct netmsk {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct sockaddr_storage nt_net;
|
2001-04-21 20:06:18 +00:00
|
|
|
struct sockaddr_storage nt_mask;
|
1998-12-29 09:38:49 +00:00
|
|
|
char *nt_name;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
union grouptypes {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *gt_addrinfo;
|
1994-05-26 06:35:07 +00:00
|
|
|
struct netmsk gt_net;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct grouplist {
|
|
|
|
|
int gr_type;
|
|
|
|
|
union grouptypes gr_ptr;
|
|
|
|
|
struct grouplist *gr_next;
|
2020-06-14 00:40:00 +00:00
|
|
|
struct expcred gr_anon;
|
|
|
|
|
uint64_t gr_exflags;
|
2019-06-03 22:58:51 +00:00
|
|
|
int gr_flag;
|
2012-09-24 23:57:16 +00:00
|
|
|
int gr_numsecflavors;
|
|
|
|
|
int gr_secflavors[MAXSECFLAVORS];
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
/* Group types */
|
|
|
|
|
#define GT_NULL 0x0
|
|
|
|
|
#define GT_HOST 0x1
|
|
|
|
|
#define GT_NET 0x2
|
2001-04-18 00:28:37 +00:00
|
|
|
#define GT_DEFAULT 0x3
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
#define GT_IGNORE 0x5
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/* Group flags */
|
|
|
|
|
#define GR_FND 0x1
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
struct hostlist {
|
1995-06-27 11:07:30 +00:00
|
|
|
int ht_flag; /* Uses DP_xx bits */
|
1994-05-26 06:35:07 +00:00
|
|
|
struct grouplist *ht_grp;
|
|
|
|
|
struct hostlist *ht_next;
|
|
|
|
|
};
|
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
struct fhreturn {
|
|
|
|
|
int fhr_flag;
|
|
|
|
|
int fhr_vers;
|
|
|
|
|
nfsfh_t fhr_fh;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int fhr_numsecflavors;
|
|
|
|
|
int *fhr_secflavors;
|
1995-06-27 11:07:30 +00:00
|
|
|
};
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
#define GETPORT_MAXTRY 20 /* Max tries to get a port # */
|
|
|
|
|
|
2020-06-06 00:40:02 +00:00
|
|
|
/*
|
|
|
|
|
* How long to delay a reload of exports when there are RPC request(s)
|
|
|
|
|
* to process, in usec. Must be less than 1second.
|
|
|
|
|
*/
|
|
|
|
|
#define RELOADDELAY 250000
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/* Global defs */
|
2015-07-04 08:40:48 +00:00
|
|
|
static char *add_expdir(struct dirlist **, char *, int);
|
|
|
|
|
static void add_dlist(struct dirlist **, struct dirlist *,
|
2019-06-03 22:58:51 +00:00
|
|
|
struct grouplist *, int, struct exportlist *,
|
2020-06-14 00:40:00 +00:00
|
|
|
struct expcred *, uint64_t);
|
2015-07-04 08:40:48 +00:00
|
|
|
static void add_mlist(char *, char *);
|
2023-05-06 18:57:14 +00:00
|
|
|
static int check_path_component(const char *, char **);
|
|
|
|
|
static int check_dirpath(char *, char **);
|
|
|
|
|
static int check_statfs(const char *, struct statfs *, char **);
|
2015-07-04 08:40:48 +00:00
|
|
|
static int check_options(struct dirlist *);
|
|
|
|
|
static int checkmask(struct sockaddr *sa);
|
|
|
|
|
static int chk_host(struct dirlist *, struct sockaddr *, int *, int *,
|
|
|
|
|
int *, int **);
|
2016-01-07 05:34:39 +00:00
|
|
|
static char *strsep_quote(char **stringp, const char *delim);
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
static int create_service(struct netconfig *nconf);
|
|
|
|
|
static void complete_service(struct netconfig *nconf, char *port_str);
|
|
|
|
|
static void clearout_service(void);
|
2015-07-04 08:40:48 +00:00
|
|
|
static void del_mlist(char *hostp, char *dirp);
|
|
|
|
|
static struct dirlist *dirp_search(struct dirlist *, char *);
|
2019-06-03 22:58:51 +00:00
|
|
|
static int do_export_mount(struct exportlist *, struct statfs *);
|
2020-06-14 00:40:00 +00:00
|
|
|
static int do_mount(struct exportlist *, struct grouplist *, uint64_t,
|
|
|
|
|
struct expcred *, char *, int, struct statfs *, int, int *);
|
2015-07-04 08:40:48 +00:00
|
|
|
static int do_opt(char **, char **, struct exportlist *,
|
2020-06-14 00:40:00 +00:00
|
|
|
struct grouplist *, int *, uint64_t *, struct expcred *);
|
2019-05-10 23:52:17 +00:00
|
|
|
static struct exportlist *ex_search(fsid_t *, struct exportlisthead *);
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct exportlist *get_exp(void);
|
|
|
|
|
static void free_dir(struct dirlist *);
|
|
|
|
|
static void free_exp(struct exportlist *);
|
|
|
|
|
static void free_grp(struct grouplist *);
|
|
|
|
|
static void free_host(struct hostlist *);
|
2019-06-03 22:58:51 +00:00
|
|
|
static void free_v4rootexp(void);
|
|
|
|
|
static void get_exportlist_one(int);
|
|
|
|
|
static void get_exportlist(int);
|
2019-05-10 23:52:17 +00:00
|
|
|
static void insert_exports(struct exportlist *, struct exportlisthead *);
|
|
|
|
|
static void free_exports(struct exportlisthead *);
|
2019-06-03 22:58:51 +00:00
|
|
|
static void read_exportfile(int);
|
|
|
|
|
static int compare_nmount_exportlist(struct iovec *, int, char *);
|
|
|
|
|
static int compare_export(struct exportlist *, struct exportlist *);
|
2020-06-14 00:40:00 +00:00
|
|
|
static int compare_cred(struct expcred *, struct expcred *);
|
2019-06-03 22:58:51 +00:00
|
|
|
static int compare_secflavor(int *, int *, int);
|
2019-05-11 22:41:58 +00:00
|
|
|
static void delete_export(struct iovec *, int, struct statfs *, char *);
|
2015-07-04 08:40:48 +00:00
|
|
|
static int get_host(char *, struct grouplist *, struct grouplist *);
|
|
|
|
|
static struct hostlist *get_ht(void);
|
|
|
|
|
static int get_line(void);
|
|
|
|
|
static void get_mountlist(void);
|
|
|
|
|
static int get_net(char *, struct netmsk *, int);
|
2018-02-08 01:34:35 +00:00
|
|
|
static void getexp_err(struct exportlist *, struct grouplist *, const char *);
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct grouplist *get_grp(void);
|
|
|
|
|
static void hang_dirp(struct dirlist *, struct grouplist *,
|
2020-06-14 00:40:00 +00:00
|
|
|
struct exportlist *, int, struct expcred *, uint64_t);
|
2015-07-04 08:40:48 +00:00
|
|
|
static void huphandler(int sig);
|
|
|
|
|
static int makemask(struct sockaddr_storage *ssp, int bitlen);
|
|
|
|
|
static void mntsrv(struct svc_req *, SVCXPRT *);
|
|
|
|
|
static void nextfield(char **, char **);
|
|
|
|
|
static void out_of_mem(void);
|
2020-06-14 00:40:00 +00:00
|
|
|
static void parsecred(char *, struct expcred *);
|
2015-07-04 08:40:48 +00:00
|
|
|
static int parsesec(char *, struct exportlist *);
|
|
|
|
|
static int put_exlist(struct dirlist *, XDR *, struct dirlist *,
|
|
|
|
|
int *, int);
|
|
|
|
|
static void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
|
|
|
|
|
static int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
|
|
|
|
|
struct sockaddr *samask);
|
|
|
|
|
static int scan_tree(struct dirlist *, struct sockaddr *);
|
|
|
|
|
static void usage(void);
|
|
|
|
|
static int xdr_dir(XDR *, char *);
|
|
|
|
|
static int xdr_explist(XDR *, caddr_t);
|
|
|
|
|
static int xdr_explist_brief(XDR *, caddr_t);
|
|
|
|
|
static int xdr_explist_common(XDR *, caddr_t, int);
|
|
|
|
|
static int xdr_fhs(XDR *, caddr_t);
|
|
|
|
|
static int xdr_mlist(XDR *, caddr_t);
|
|
|
|
|
static void terminate(int);
|
2020-06-14 00:40:00 +00:00
|
|
|
static void cp_cred(struct expcred *, struct expcred *);
|
2015-07-04 08:40:48 +00:00
|
|
|
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
#define EXPHASH(f) (fnv_32_buf((f), sizeof(fsid_t), 0) % exphashsize)
|
|
|
|
|
static struct exportlisthead *exphead = NULL;
|
2019-06-03 22:58:51 +00:00
|
|
|
static struct exportlisthead *oldexphead = NULL;
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
static int exphashsize = 0;
|
2019-05-10 23:52:17 +00:00
|
|
|
static SLIST_HEAD(, mountlist) mlhead = SLIST_HEAD_INITIALIZER(&mlhead);
|
2015-07-04 08:40:48 +00:00
|
|
|
static char *exnames_default[2] = { _PATH_EXPORTS, NULL };
|
|
|
|
|
static char **exnames;
|
|
|
|
|
static char **hosts = NULL;
|
|
|
|
|
static int force_v2 = 0;
|
|
|
|
|
static int resvport_only = 1;
|
|
|
|
|
static int nhosts = 0;
|
|
|
|
|
static int dir_only = 1;
|
|
|
|
|
static int dolog = 0;
|
|
|
|
|
static int got_sighup = 0;
|
|
|
|
|
static int xcreated = 0;
|
|
|
|
|
|
|
|
|
|
static char *svcport_str = NULL;
|
|
|
|
|
static int mallocd_svcport = 0;
|
|
|
|
|
static int *sock_fd;
|
|
|
|
|
static int sock_fdcnt;
|
|
|
|
|
static int sock_fdpos;
|
|
|
|
|
static int suspend_nfsd = 0;
|
|
|
|
|
|
|
|
|
|
static int opt_flags;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
static int have_v6 = 1;
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static int v4root_phase = 0;
|
|
|
|
|
static char v4root_dirpath[PATH_MAX + 1];
|
2019-06-03 22:58:51 +00:00
|
|
|
static struct exportlist *v4root_ep = NULL;
|
2015-07-04 08:40:48 +00:00
|
|
|
static int has_publicfh = 0;
|
2019-06-03 22:58:51 +00:00
|
|
|
static int has_set_publicfh = 0;
|
2009-05-27 22:02:54 +00:00
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct pidfh *pfh = NULL;
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Bits for opt_flags above */
|
1994-05-26 06:35:07 +00:00
|
|
|
#define OP_MAPROOT 0x01
|
|
|
|
|
#define OP_MAPALL 0x02
|
2001-09-18 23:34:44 +00:00
|
|
|
/* 0x4 free */
|
1994-05-26 06:35:07 +00:00
|
|
|
#define OP_MASK 0x08
|
|
|
|
|
#define OP_NET 0x10
|
|
|
|
|
#define OP_ALLDIRS 0x40
|
2001-04-21 20:06:18 +00:00
|
|
|
#define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
|
2002-07-18 20:52:17 +00:00
|
|
|
#define OP_QUIET 0x100
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#define OP_MASKLEN 0x200
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#define OP_SEC 0x400
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
2015-07-04 08:40:48 +00:00
|
|
|
static int debug = 1;
|
|
|
|
|
static void SYSLOG(int, const char *, ...) __printflike(2, 3);
|
1994-05-26 06:35:07 +00:00
|
|
|
#define syslog SYSLOG
|
|
|
|
|
#else
|
2015-07-04 08:40:48 +00:00
|
|
|
static int debug = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
#endif
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/*
|
|
|
|
|
* The LOGDEBUG() syslog() calls are always compiled into the daemon.
|
|
|
|
|
* To enable them, create a file at _PATH_MOUNTDDEBUG. This file can be empty.
|
|
|
|
|
* To disable the logging, just delete the file at _PATH_MOUNTDDEBUG.
|
|
|
|
|
*/
|
|
|
|
|
static int logdebug = 0;
|
|
|
|
|
#define LOGDEBUG(format, ...) \
|
|
|
|
|
(logdebug ? syslog(LOG_DEBUG, format, ## __VA_ARGS__) : 0)
|
|
|
|
|
|
2016-01-07 05:34:39 +00:00
|
|
|
/*
|
|
|
|
|
* Similar to strsep(), but it allows for quoted strings
|
|
|
|
|
* and escaped characters.
|
|
|
|
|
*
|
|
|
|
|
* It returns the string (or NULL, if *stringp is NULL),
|
|
|
|
|
* which is a de-quoted version of the string if necessary.
|
|
|
|
|
*
|
|
|
|
|
* It modifies *stringp in place.
|
|
|
|
|
*/
|
|
|
|
|
static char *
|
|
|
|
|
strsep_quote(char **stringp, const char *delim)
|
|
|
|
|
{
|
|
|
|
|
char *srcptr, *dstptr, *retval;
|
|
|
|
|
char quot = 0;
|
|
|
|
|
|
|
|
|
|
if (stringp == NULL || *stringp == NULL)
|
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
|
|
srcptr = dstptr = retval = *stringp;
|
|
|
|
|
|
|
|
|
|
while (*srcptr) {
|
|
|
|
|
/*
|
|
|
|
|
* We're looking for several edge cases here.
|
|
|
|
|
* First: if we're in quote state (quot != 0),
|
|
|
|
|
* then we ignore the delim characters, but otherwise
|
|
|
|
|
* process as normal, unless it is the quote character.
|
|
|
|
|
* Second: if the current character is a backslash,
|
|
|
|
|
* we take the next character as-is, without checking
|
|
|
|
|
* for delim, quote, or backslash. Exception: if the
|
|
|
|
|
* next character is a NUL, that's the end of the string.
|
|
|
|
|
* Third: if the character is a quote character, we toggle
|
|
|
|
|
* quote state.
|
|
|
|
|
* Otherwise: check the current character for NUL, or
|
|
|
|
|
* being in delim, and end the string if either is true.
|
|
|
|
|
*/
|
|
|
|
|
if (*srcptr == '\\') {
|
|
|
|
|
srcptr++;
|
|
|
|
|
/*
|
|
|
|
|
* The edge case here is if the next character
|
|
|
|
|
* is NUL, we want to stop processing. But if
|
|
|
|
|
* it's not NUL, then we simply want to copy it.
|
|
|
|
|
*/
|
|
|
|
|
if (*srcptr) {
|
|
|
|
|
*dstptr++ = *srcptr++;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (quot == 0 && (*srcptr == '\'' || *srcptr == '"')) {
|
|
|
|
|
quot = *srcptr++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (quot && *srcptr == quot) {
|
|
|
|
|
/* End of the quoted part */
|
|
|
|
|
quot = 0;
|
|
|
|
|
srcptr++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (!quot && strchr(delim, *srcptr))
|
|
|
|
|
break;
|
|
|
|
|
*dstptr++ = *srcptr++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*stringp = (*srcptr == '\0') ? NULL : srcptr + 1;
|
2019-06-25 17:00:53 +00:00
|
|
|
*dstptr = 0; /* Terminate the string */
|
2016-01-07 05:34:39 +00:00
|
|
|
return (retval);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Mountd server for NFS mount protocol as described in:
|
|
|
|
|
* NFS: Network File System Protocol Specification, RFC1094, Appendix A
|
|
|
|
|
* The optional arguments are the exports file name
|
|
|
|
|
* default: _PATH_EXPORTS
|
|
|
|
|
* and "-n" to allow nonroot mount.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
main(int argc, char **argv)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-21 00:55:17 +00:00
|
|
|
fd_set readfds;
|
2007-10-20 11:25:34 +00:00
|
|
|
struct netconfig *nconf;
|
|
|
|
|
char *endptr, **hosts_bak;
|
|
|
|
|
void *nc_handle;
|
2005-08-24 19:17:06 +00:00
|
|
|
pid_t otherpid;
|
2007-10-20 11:25:34 +00:00
|
|
|
in_port_t svcport;
|
|
|
|
|
int c, k, s;
|
2003-01-16 07:27:30 +00:00
|
|
|
int maxrec = RPC_MAXDATASIZE;
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
int attempt_cnt, port_len, port_pos, ret;
|
|
|
|
|
char **port_list;
|
2020-06-06 00:40:02 +00:00
|
|
|
uint64_t curtime, nexttime;
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
struct timespec tp;
|
2020-10-24 22:48:28 +00:00
|
|
|
sigset_t sig_mask, sighup_mask;
|
|
|
|
|
int enable_rpcbind;
|
2001-04-17 22:25:48 +00:00
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
enable_rpcbind = 1;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/* Check that another mountd isn't already running. */
|
2005-09-16 11:24:28 +00:00
|
|
|
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
|
2005-08-24 19:17:06 +00:00
|
|
|
if (pfh == NULL) {
|
|
|
|
|
if (errno == EEXIST)
|
|
|
|
|
errx(1, "mountd already running, pid: %d.", otherpid);
|
|
|
|
|
warn("cannot open or create pidfile");
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
|
s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
|
|
|
|
|
if (s < 0)
|
|
|
|
|
have_v6 = 0;
|
|
|
|
|
else
|
|
|
|
|
close(s);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1)
|
1994-05-26 06:35:07 +00:00
|
|
|
switch (c) {
|
1997-04-22 10:37:27 +00:00
|
|
|
case '2':
|
|
|
|
|
force_v2 = 1;
|
|
|
|
|
break;
|
2009-05-28 20:28:13 +00:00
|
|
|
case 'e':
|
2011-04-24 00:06:56 +00:00
|
|
|
/* now a no-op, since this is the default */
|
2009-05-27 22:02:54 +00:00
|
|
|
break;
|
1995-06-27 11:07:30 +00:00
|
|
|
case 'n':
|
|
|
|
|
resvport_only = 0;
|
|
|
|
|
break;
|
2020-10-24 22:48:28 +00:00
|
|
|
case 'R':
|
|
|
|
|
/* Do not support Mount protocol */
|
|
|
|
|
enable_rpcbind = 0;
|
|
|
|
|
break;
|
1995-06-27 11:07:30 +00:00
|
|
|
case 'r':
|
|
|
|
|
dir_only = 0;
|
|
|
|
|
break;
|
1995-05-21 19:31:09 +00:00
|
|
|
case 'd':
|
|
|
|
|
debug = debug ? 0 : 1;
|
|
|
|
|
break;
|
1997-12-09 18:43:44 +00:00
|
|
|
case 'l':
|
2003-10-30 22:57:43 +00:00
|
|
|
dolog = 1;
|
1997-12-09 18:43:44 +00:00
|
|
|
break;
|
2004-03-04 04:42:52 +00:00
|
|
|
case 'p':
|
|
|
|
|
endptr = NULL;
|
|
|
|
|
svcport = (in_port_t)strtoul(optarg, &endptr, 10);
|
|
|
|
|
if (endptr == NULL || *endptr != '\0' ||
|
|
|
|
|
svcport == 0 || svcport >= IPPORT_MAX)
|
|
|
|
|
usage();
|
2007-10-20 11:25:34 +00:00
|
|
|
svcport_str = strdup(optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 'h':
|
|
|
|
|
++nhosts;
|
|
|
|
|
hosts_bak = hosts;
|
|
|
|
|
hosts_bak = realloc(hosts, nhosts * sizeof(char *));
|
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
|
if (hosts != NULL) {
|
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
|
free(hosts[k]);
|
|
|
|
|
free(hosts);
|
|
|
|
|
out_of_mem();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
hosts = hosts_bak;
|
|
|
|
|
hosts[nhosts - 1] = strdup(optarg);
|
|
|
|
|
if (hosts[nhosts - 1] == NULL) {
|
|
|
|
|
for (k = 0; k < (nhosts - 1); k++)
|
|
|
|
|
free(hosts[k]);
|
|
|
|
|
free(hosts);
|
|
|
|
|
out_of_mem();
|
|
|
|
|
}
|
2004-03-04 04:42:52 +00:00
|
|
|
break;
|
2012-10-15 00:17:16 +00:00
|
|
|
case 'S':
|
|
|
|
|
suspend_nfsd = 1;
|
|
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
default:
|
1998-07-15 06:21:41 +00:00
|
|
|
usage();
|
2016-04-15 22:31:22 +00:00
|
|
|
}
|
2020-10-24 22:48:28 +00:00
|
|
|
if (enable_rpcbind == 0) {
|
|
|
|
|
if (svcport_str != NULL) {
|
|
|
|
|
warnx("-p option not compatible with -R, ignored");
|
|
|
|
|
free(svcport_str);
|
|
|
|
|
svcport_str = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (nhosts > 0) {
|
|
|
|
|
warnx("-h option not compatible with -R, ignored");
|
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
|
free(hosts[k]);
|
|
|
|
|
free(hosts);
|
|
|
|
|
hosts = NULL;
|
|
|
|
|
nhosts = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
2015-04-29 12:33:00 +00:00
|
|
|
if (modfind("nfsd") < 0) {
|
2009-05-27 22:02:54 +00:00
|
|
|
/* Not present in kernel, try loading it */
|
2015-04-29 12:33:00 +00:00
|
|
|
if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
|
2009-05-27 22:02:54 +00:00
|
|
|
errx(1, "NFS server is not available");
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
argc -= optind;
|
|
|
|
|
argv += optind;
|
2007-02-03 00:12:18 +00:00
|
|
|
if (argc > 0)
|
|
|
|
|
exnames = argv;
|
|
|
|
|
else
|
|
|
|
|
exnames = exnames_default;
|
1994-05-26 06:35:07 +00:00
|
|
|
openlog("mountd", LOG_PID, LOG_DAEMON);
|
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("getting export list");
|
2019-06-03 22:58:51 +00:00
|
|
|
get_exportlist(0);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("getting mount list");
|
1994-05-26 06:35:07 +00:00
|
|
|
get_mountlist();
|
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("here we go");
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug == 0) {
|
|
|
|
|
daemon(0, 0);
|
|
|
|
|
signal(SIGINT, SIG_IGN);
|
|
|
|
|
signal(SIGQUIT, SIG_IGN);
|
|
|
|
|
}
|
2001-04-21 00:55:17 +00:00
|
|
|
signal(SIGHUP, huphandler);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
signal(SIGTERM, terminate);
|
2006-11-18 22:43:20 +00:00
|
|
|
signal(SIGPIPE, SIG_IGN);
|
2005-08-24 19:17:06 +00:00
|
|
|
|
|
|
|
|
pidfile_write(pfh);
|
|
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
if (enable_rpcbind != 0) {
|
|
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
|
|
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
|
|
|
|
|
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
|
|
|
|
|
|
|
|
|
|
if (!resvport_only) {
|
|
|
|
|
if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
|
|
|
|
|
&resvport_only, sizeof(resvport_only)) != 0 &&
|
|
|
|
|
errno != ENOENT) {
|
|
|
|
|
syslog(LOG_ERR, "sysctl: %m");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
1997-04-09 20:17:15 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
/*
|
|
|
|
|
* If no hosts were specified, add a wildcard entry to bind to
|
|
|
|
|
* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added
|
|
|
|
|
* to the list.
|
|
|
|
|
*/
|
|
|
|
|
if (nhosts == 0) {
|
|
|
|
|
hosts = malloc(sizeof(char *));
|
|
|
|
|
if (hosts == NULL)
|
2007-10-20 11:25:34 +00:00
|
|
|
out_of_mem();
|
2020-10-24 22:48:28 +00:00
|
|
|
hosts[0] = "*";
|
|
|
|
|
nhosts = 1;
|
|
|
|
|
} else {
|
|
|
|
|
hosts_bak = hosts;
|
|
|
|
|
if (have_v6) {
|
|
|
|
|
hosts_bak = realloc(hosts, (nhosts + 2) *
|
|
|
|
|
sizeof(char *));
|
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
|
free(hosts[k]);
|
|
|
|
|
free(hosts);
|
|
|
|
|
out_of_mem();
|
|
|
|
|
} else
|
|
|
|
|
hosts = hosts_bak;
|
|
|
|
|
nhosts += 2;
|
|
|
|
|
hosts[nhosts - 2] = "::1";
|
2007-10-20 11:25:34 +00:00
|
|
|
} else {
|
2020-10-24 22:48:28 +00:00
|
|
|
hosts_bak = realloc(hosts, (nhosts + 1) *
|
|
|
|
|
sizeof(char *));
|
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
|
free(hosts[k]);
|
|
|
|
|
free(hosts);
|
|
|
|
|
out_of_mem();
|
|
|
|
|
} else {
|
|
|
|
|
nhosts += 1;
|
|
|
|
|
hosts = hosts_bak;
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
hosts[nhosts - 1] = "127.0.0.1";
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
attempt_cnt = 1;
|
|
|
|
|
sock_fdcnt = 0;
|
|
|
|
|
sock_fd = NULL;
|
|
|
|
|
port_list = NULL;
|
|
|
|
|
port_len = 0;
|
2020-10-24 22:48:28 +00:00
|
|
|
if (enable_rpcbind != 0) {
|
|
|
|
|
nc_handle = setnetconfig();
|
|
|
|
|
while ((nconf = getnetconfig(nc_handle))) {
|
|
|
|
|
if (nconf->nc_flag & NC_VISIBLE) {
|
|
|
|
|
if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
|
|
|
|
|
"inet6") == 0) {
|
|
|
|
|
/* DO NOTHING */
|
|
|
|
|
} else {
|
|
|
|
|
ret = create_service(nconf);
|
|
|
|
|
if (ret == 1)
|
|
|
|
|
/* Ignore this call */
|
|
|
|
|
continue;
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
/*
|
|
|
|
|
* Failed to bind port, so close
|
|
|
|
|
* off all sockets created and
|
|
|
|
|
* try again if the port# was
|
|
|
|
|
* dynamically assigned via
|
|
|
|
|
* bind(2).
|
|
|
|
|
*/
|
|
|
|
|
clearout_service();
|
|
|
|
|
if (mallocd_svcport != 0 &&
|
|
|
|
|
attempt_cnt <
|
|
|
|
|
GETPORT_MAXTRY) {
|
|
|
|
|
free(svcport_str);
|
|
|
|
|
svcport_str = NULL;
|
|
|
|
|
mallocd_svcport = 0;
|
|
|
|
|
} else {
|
|
|
|
|
errno = EADDRINUSE;
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"bindresvport_sa:"
|
|
|
|
|
" %m");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Start over at the first
|
|
|
|
|
* service.
|
|
|
|
|
*/
|
|
|
|
|
free(sock_fd);
|
|
|
|
|
sock_fdcnt = 0;
|
|
|
|
|
sock_fd = NULL;
|
|
|
|
|
nc_handle = setnetconfig();
|
|
|
|
|
attempt_cnt++;
|
|
|
|
|
} else if (mallocd_svcport != 0 &&
|
|
|
|
|
attempt_cnt == GETPORT_MAXTRY) {
|
|
|
|
|
/*
|
|
|
|
|
* For the last attempt, allow
|
|
|
|
|
* different port #s for each
|
|
|
|
|
* nconf by saving the
|
|
|
|
|
* svcport_str setting it back
|
|
|
|
|
* to NULL.
|
|
|
|
|
*/
|
|
|
|
|
port_list = realloc(port_list,
|
|
|
|
|
(port_len + 1) *
|
|
|
|
|
sizeof(char *));
|
|
|
|
|
if (port_list == NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
port_list[port_len++] =
|
|
|
|
|
svcport_str;
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
svcport_str = NULL;
|
|
|
|
|
mallocd_svcport = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
/*
|
|
|
|
|
* Successfully bound the ports, so call complete_service() to
|
|
|
|
|
* do the rest of the setup on the service(s).
|
|
|
|
|
*/
|
|
|
|
|
sock_fdpos = 0;
|
|
|
|
|
port_pos = 0;
|
|
|
|
|
nc_handle = setnetconfig();
|
|
|
|
|
while ((nconf = getnetconfig(nc_handle))) {
|
|
|
|
|
if (nconf->nc_flag & NC_VISIBLE) {
|
|
|
|
|
if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
|
|
|
|
|
"inet6") == 0) {
|
|
|
|
|
/* DO NOTHING */
|
|
|
|
|
} else if (port_list != NULL) {
|
|
|
|
|
if (port_pos >= port_len) {
|
|
|
|
|
syslog(LOG_ERR, "too many"
|
|
|
|
|
" port#s");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
complete_service(nconf,
|
|
|
|
|
port_list[port_pos++]);
|
|
|
|
|
} else
|
|
|
|
|
complete_service(nconf, svcport_str);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
endnetconfig(nc_handle);
|
|
|
|
|
free(sock_fd);
|
|
|
|
|
if (port_list != NULL) {
|
|
|
|
|
for (port_pos = 0; port_pos < port_len; port_pos++)
|
|
|
|
|
free(port_list[port_pos]);
|
|
|
|
|
free(port_list);
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2020-10-24 22:48:28 +00:00
|
|
|
if (xcreated == 0) {
|
|
|
|
|
syslog(LOG_ERR, "could not create any services");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2001-04-21 00:55:17 +00:00
|
|
|
|
|
|
|
|
/* Expand svc_run() here so that we can call get_exportlist(). */
|
2020-06-06 00:40:02 +00:00
|
|
|
curtime = nexttime = 0;
|
|
|
|
|
sigemptyset(&sighup_mask);
|
|
|
|
|
sigaddset(&sighup_mask, SIGHUP);
|
2001-04-21 00:55:17 +00:00
|
|
|
for (;;) {
|
2020-06-06 00:40:02 +00:00
|
|
|
clock_gettime(CLOCK_MONOTONIC, &tp);
|
|
|
|
|
curtime = tp.tv_sec;
|
|
|
|
|
curtime = curtime * 1000000 + tp.tv_nsec / 1000;
|
2020-10-24 22:48:28 +00:00
|
|
|
sigprocmask(SIG_BLOCK, &sighup_mask, &sig_mask);
|
2020-06-06 00:40:02 +00:00
|
|
|
if (got_sighup && curtime >= nexttime) {
|
2001-04-21 00:55:17 +00:00
|
|
|
got_sighup = 0;
|
2020-06-06 00:40:02 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
|
|
|
|
get_exportlist(1);
|
|
|
|
|
clock_gettime(CLOCK_MONOTONIC, &tp);
|
|
|
|
|
nexttime = tp.tv_sec;
|
|
|
|
|
nexttime = nexttime * 1000000 + tp.tv_nsec / 1000 +
|
|
|
|
|
RELOADDELAY;
|
|
|
|
|
} else
|
|
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If a reload is pending, poll for received request(s),
|
|
|
|
|
* otherwise set a RELOADDELAY timeout, since a SIGHUP
|
|
|
|
|
* could be processed between the got_sighup test and
|
|
|
|
|
* the select() system call.
|
|
|
|
|
*/
|
|
|
|
|
tv.tv_sec = 0;
|
|
|
|
|
if (got_sighup)
|
|
|
|
|
tv.tv_usec = 0;
|
|
|
|
|
else
|
|
|
|
|
tv.tv_usec = RELOADDELAY;
|
2020-10-24 22:48:28 +00:00
|
|
|
if (enable_rpcbind != 0) {
|
|
|
|
|
readfds = svc_fdset;
|
|
|
|
|
switch (select(svc_maxfd + 1, &readfds, NULL, NULL,
|
|
|
|
|
&tv)) {
|
|
|
|
|
case -1:
|
|
|
|
|
if (errno == EINTR) {
|
|
|
|
|
/* Allow a reload now. */
|
|
|
|
|
nexttime = 0;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
syslog(LOG_ERR, "mountd died: select: %m");
|
|
|
|
|
exit(1);
|
|
|
|
|
case 0:
|
2020-06-06 00:40:02 +00:00
|
|
|
/* Allow a reload now. */
|
|
|
|
|
nexttime = 0;
|
|
|
|
|
continue;
|
2020-10-24 22:48:28 +00:00
|
|
|
default:
|
|
|
|
|
svc_getreqset(&readfds);
|
2020-06-06 00:40:02 +00:00
|
|
|
}
|
2020-10-24 22:48:28 +00:00
|
|
|
} else {
|
|
|
|
|
/* Simply wait for a signal. */
|
|
|
|
|
sigsuspend(&sig_mask);
|
2001-04-21 00:55:17 +00:00
|
|
|
}
|
|
|
|
|
}
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This routine creates and binds sockets on the appropriate
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
* addresses. It gets called one time for each transport.
|
2023-01-19 13:23:51 +00:00
|
|
|
* It returns 0 upon success, 1 for ignore the call and -1 to indicate
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
* bind failed with EADDRINUSE.
|
|
|
|
|
* Any file descriptors that have been created are stored in sock_fd and
|
|
|
|
|
* the total count of them is maintained in sock_fdcnt.
|
2007-10-20 11:25:34 +00:00
|
|
|
*/
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
static int
|
2007-10-20 11:25:34 +00:00
|
|
|
create_service(struct netconfig *nconf)
|
|
|
|
|
{
|
|
|
|
|
struct addrinfo hints, *res = NULL;
|
|
|
|
|
struct sockaddr_in *sin;
|
|
|
|
|
struct sockaddr_in6 *sin6;
|
|
|
|
|
struct __rpc_sockinfo si;
|
|
|
|
|
int aicode;
|
|
|
|
|
int fd;
|
|
|
|
|
int nhostsbak;
|
|
|
|
|
int one = 1;
|
|
|
|
|
int r;
|
|
|
|
|
u_int32_t host_addr[4]; /* IPv4 or IPv6 */
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
int mallocd_res;
|
2007-10-20 11:25:34 +00:00
|
|
|
|
|
|
|
|
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
|
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS) &&
|
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS_ORD))
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
return (1); /* not my type */
|
2007-10-20 11:25:34 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX - using RPC library internal functions.
|
|
|
|
|
*/
|
|
|
|
|
if (!__rpc_nconf2sockinfo(nconf, &si)) {
|
|
|
|
|
syslog(LOG_ERR, "cannot get information for %s",
|
|
|
|
|
nconf->nc_netid);
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
return (1);
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get mountd's address on this transport */
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_family = si.si_af;
|
|
|
|
|
hints.ai_socktype = si.si_socktype;
|
|
|
|
|
hints.ai_protocol = si.si_proto;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Bind to specific IPs if asked to
|
|
|
|
|
*/
|
|
|
|
|
nhostsbak = nhosts;
|
|
|
|
|
while (nhostsbak > 0) {
|
|
|
|
|
--nhostsbak;
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int));
|
|
|
|
|
if (sock_fd == NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */
|
|
|
|
|
mallocd_res = 0;
|
|
|
|
|
|
2015-01-19 00:33:32 +00:00
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
|
2007-10-20 11:25:34 +00:00
|
|
|
/*
|
|
|
|
|
* XXX - using RPC library internal functions.
|
|
|
|
|
*/
|
|
|
|
|
if ((fd = __rpc_nconf2fd(nconf)) < 0) {
|
|
|
|
|
int non_fatal = 0;
|
2012-12-21 15:54:13 +00:00
|
|
|
if (errno == EAFNOSUPPORT &&
|
2007-10-20 11:25:34 +00:00
|
|
|
nconf->nc_semantics != NC_TPI_CLTS)
|
|
|
|
|
non_fatal = 1;
|
|
|
|
|
|
|
|
|
|
syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
|
|
|
|
|
"cannot create socket for %s", nconf->nc_netid);
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
if (non_fatal != 0)
|
|
|
|
|
continue;
|
|
|
|
|
exit(1);
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (hints.ai_family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
if (inet_pton(AF_INET, hosts[nhostsbak],
|
|
|
|
|
host_addr) == 1) {
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
hints.ai_flags |= AI_NUMERICHOST;
|
2007-10-20 11:25:34 +00:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Skip if we have an AF_INET6 address.
|
|
|
|
|
*/
|
|
|
|
|
if (inet_pton(AF_INET6, hosts[nhostsbak],
|
|
|
|
|
host_addr) == 1) {
|
|
|
|
|
close(fd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
if (inet_pton(AF_INET6, hosts[nhostsbak],
|
|
|
|
|
host_addr) == 1) {
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
hints.ai_flags |= AI_NUMERICHOST;
|
2007-10-20 11:25:34 +00:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Skip if we have an AF_INET address.
|
|
|
|
|
*/
|
|
|
|
|
if (inet_pton(AF_INET, hosts[nhostsbak],
|
|
|
|
|
host_addr) == 1) {
|
|
|
|
|
close(fd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We're doing host-based access checks here, so don't
|
|
|
|
|
* allow v4-in-v6 to confuse things. The kernel will
|
|
|
|
|
* disable it by default on NFS sockets too.
|
|
|
|
|
*/
|
|
|
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
|
|
|
|
|
sizeof one) < 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't disable v4-in-v6 on IPv6 socket");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If no hosts were specified, just bind to INADDR_ANY
|
|
|
|
|
*/
|
|
|
|
|
if (strcmp("*", hosts[nhostsbak]) == 0) {
|
|
|
|
|
if (svcport_str == NULL) {
|
|
|
|
|
res = malloc(sizeof(struct addrinfo));
|
|
|
|
|
if (res == NULL)
|
|
|
|
|
out_of_mem();
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
mallocd_res = 1;
|
2007-10-20 11:25:34 +00:00
|
|
|
res->ai_flags = hints.ai_flags;
|
|
|
|
|
res->ai_family = hints.ai_family;
|
|
|
|
|
res->ai_protocol = hints.ai_protocol;
|
|
|
|
|
switch (res->ai_family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
sin = malloc(sizeof(struct sockaddr_in));
|
|
|
|
|
if (sin == NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
sin->sin_family = AF_INET;
|
|
|
|
|
sin->sin_port = htons(0);
|
|
|
|
|
sin->sin_addr.s_addr = htonl(INADDR_ANY);
|
|
|
|
|
res->ai_addr = (struct sockaddr*) sin;
|
|
|
|
|
res->ai_addrlen = (socklen_t)
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
sizeof(struct sockaddr_in);
|
2007-10-20 11:25:34 +00:00
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
sin6 = malloc(sizeof(struct sockaddr_in6));
|
2007-10-27 12:24:47 +00:00
|
|
|
if (sin6 == NULL)
|
2007-10-20 11:25:34 +00:00
|
|
|
out_of_mem();
|
|
|
|
|
sin6->sin6_family = AF_INET6;
|
|
|
|
|
sin6->sin6_port = htons(0);
|
|
|
|
|
sin6->sin6_addr = in6addr_any;
|
|
|
|
|
res->ai_addr = (struct sockaddr*) sin6;
|
|
|
|
|
res->ai_addrlen = (socklen_t)
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
sizeof(struct sockaddr_in6);
|
2007-10-20 11:25:34 +00:00
|
|
|
break;
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
default:
|
|
|
|
|
syslog(LOG_ERR, "bad addr fam %d",
|
|
|
|
|
res->ai_family);
|
|
|
|
|
exit(1);
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ((aicode = getaddrinfo(NULL, svcport_str,
|
|
|
|
|
&hints, &res)) != 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"cannot get local address for %s: %s",
|
|
|
|
|
nconf->nc_netid,
|
|
|
|
|
gai_strerror(aicode));
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
close(fd);
|
2007-10-20 11:25:34 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
|
|
|
|
|
&hints, &res)) != 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"cannot get local address for %s: %s",
|
|
|
|
|
nconf->nc_netid, gai_strerror(aicode));
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
close(fd);
|
2007-10-20 11:25:34 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
/* Store the fd. */
|
|
|
|
|
sock_fd[sock_fdcnt - 1] = fd;
|
|
|
|
|
|
|
|
|
|
/* Now, attempt the bind. */
|
2007-10-20 11:25:34 +00:00
|
|
|
r = bindresvport_sa(fd, res->ai_addr);
|
|
|
|
|
if (r != 0) {
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
if (errno == EADDRINUSE && mallocd_svcport != 0) {
|
|
|
|
|
if (mallocd_res != 0) {
|
|
|
|
|
free(res->ai_addr);
|
|
|
|
|
free(res);
|
|
|
|
|
} else
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
return (-1);
|
|
|
|
|
}
|
2007-10-20 11:25:34 +00:00
|
|
|
syslog(LOG_ERR, "bindresvport_sa: %m");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
if (svcport_str == NULL) {
|
|
|
|
|
svcport_str = malloc(NI_MAXSERV * sizeof(char));
|
|
|
|
|
if (svcport_str == NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
mallocd_svcport = 1;
|
|
|
|
|
|
|
|
|
|
if (getnameinfo(res->ai_addr,
|
|
|
|
|
res->ai_addr->sa_len, NULL, NI_MAXHOST,
|
|
|
|
|
svcport_str, NI_MAXSERV * sizeof(char),
|
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV))
|
|
|
|
|
errx(1, "Cannot get port number");
|
|
|
|
|
}
|
|
|
|
|
if (mallocd_res != 0) {
|
|
|
|
|
free(res->ai_addr);
|
|
|
|
|
free(res);
|
|
|
|
|
} else
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
res = NULL;
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Called after all the create_service() calls have succeeded, to complete
|
|
|
|
|
* the setup and registration.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
complete_service(struct netconfig *nconf, char *port_str)
|
|
|
|
|
{
|
|
|
|
|
struct addrinfo hints, *res = NULL;
|
|
|
|
|
struct __rpc_sockinfo si;
|
|
|
|
|
struct netbuf servaddr;
|
|
|
|
|
SVCXPRT *transp = NULL;
|
|
|
|
|
int aicode, fd, nhostsbak;
|
|
|
|
|
int registered = 0;
|
|
|
|
|
|
|
|
|
|
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
|
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS) &&
|
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS_ORD))
|
|
|
|
|
return; /* not my type */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX - using RPC library internal functions.
|
|
|
|
|
*/
|
|
|
|
|
if (!__rpc_nconf2sockinfo(nconf, &si)) {
|
|
|
|
|
syslog(LOG_ERR, "cannot get information for %s",
|
|
|
|
|
nconf->nc_netid);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nhostsbak = nhosts;
|
|
|
|
|
while (nhostsbak > 0) {
|
|
|
|
|
--nhostsbak;
|
|
|
|
|
if (sock_fdpos >= sock_fdcnt) {
|
|
|
|
|
/* Should never happen. */
|
|
|
|
|
syslog(LOG_ERR, "Ran out of socket fd's");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
fd = sock_fd[sock_fdpos++];
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2018-11-14 19:06:43 +00:00
|
|
|
/*
|
|
|
|
|
* Using -1 tells listen(2) to use
|
|
|
|
|
* kern.ipc.soacceptqueue for the backlog.
|
|
|
|
|
*/
|
2007-10-20 11:25:34 +00:00
|
|
|
if (nconf->nc_semantics != NC_TPI_CLTS)
|
2018-11-14 19:06:43 +00:00
|
|
|
listen(fd, -1);
|
2007-10-20 11:25:34 +00:00
|
|
|
|
|
|
|
|
if (nconf->nc_semantics == NC_TPI_CLTS )
|
|
|
|
|
transp = svc_dg_create(fd, 0, 0);
|
|
|
|
|
else
|
|
|
|
|
transp = svc_vc_create(fd, RPC_MAXDATASIZE,
|
|
|
|
|
RPC_MAXDATASIZE);
|
|
|
|
|
|
|
|
|
|
if (transp != (SVCXPRT *) NULL) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
|
2007-10-20 11:25:34 +00:00
|
|
|
NULL))
|
|
|
|
|
syslog(LOG_ERR,
|
2009-06-24 18:42:21 +00:00
|
|
|
"can't register %s MOUNTVERS service",
|
2007-10-20 11:25:34 +00:00
|
|
|
nconf->nc_netid);
|
|
|
|
|
if (!force_v2) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
|
2007-10-20 11:25:34 +00:00
|
|
|
mntsrv, NULL))
|
|
|
|
|
syslog(LOG_ERR,
|
2009-06-24 18:42:21 +00:00
|
|
|
"can't register %s MOUNTVERS3 service",
|
2007-10-20 11:25:34 +00:00
|
|
|
nconf->nc_netid);
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
syslog(LOG_WARNING, "can't create %s services",
|
|
|
|
|
nconf->nc_netid);
|
|
|
|
|
|
|
|
|
|
if (registered == 0) {
|
|
|
|
|
registered = 1;
|
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
hints.ai_family = si.si_af;
|
|
|
|
|
hints.ai_socktype = si.si_socktype;
|
|
|
|
|
hints.ai_protocol = si.si_proto;
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
if ((aicode = getaddrinfo(NULL, port_str, &hints,
|
2007-10-20 11:25:34 +00:00
|
|
|
&res)) != 0) {
|
|
|
|
|
syslog(LOG_ERR, "cannot get local address: %s",
|
|
|
|
|
gai_strerror(aicode));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
servaddr.buf = malloc(res->ai_addrlen);
|
|
|
|
|
memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
|
|
|
|
|
servaddr.len = res->ai_addrlen;
|
|
|
|
|
|
2009-06-24 18:42:21 +00:00
|
|
|
rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
|
|
|
|
|
rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
|
2007-10-20 11:25:34 +00:00
|
|
|
|
|
|
|
|
xcreated++;
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
}
|
|
|
|
|
} /* end while */
|
1998-07-15 06:21:41 +00:00
|
|
|
}
|
|
|
|
|
|
Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.
Reviewed by: jhb
MFC after: 2 weeks
2011-06-02 19:33:33 +00:00
|
|
|
/*
|
|
|
|
|
* Clear out sockets after a failure to bind one of them, so that the
|
|
|
|
|
* cycle of socket creation/binding can start anew.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
clearout_service(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < sock_fdcnt; i++) {
|
|
|
|
|
if (sock_fd[i] >= 0) {
|
|
|
|
|
shutdown(sock_fd[i], SHUT_RDWR);
|
|
|
|
|
close(sock_fd[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1998-07-15 06:21:41 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
usage(void)
|
1998-07-15 06:21:41 +00:00
|
|
|
{
|
|
|
|
|
fprintf(stderr,
|
2009-05-28 20:28:13 +00:00
|
|
|
"usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
|
2012-10-15 00:17:16 +00:00
|
|
|
"[-S] [-h <bindip>] [export_file ...]\n");
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The mount rpc service
|
|
|
|
|
*/
|
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct exportlist *ep;
|
|
|
|
|
struct dirlist *dp;
|
1995-06-27 11:07:30 +00:00
|
|
|
struct fhreturn fhr;
|
1994-05-26 06:35:07 +00:00
|
|
|
struct stat stb;
|
|
|
|
|
struct statfs fsb;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
char host[NI_MAXHOST], numerichost[NI_MAXHOST];
|
|
|
|
|
int lookup_failed = 1;
|
|
|
|
|
struct sockaddr *saddr;
|
1995-06-27 11:07:30 +00:00
|
|
|
u_short sport;
|
2009-06-24 18:42:21 +00:00
|
|
|
char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
|
2020-07-22 23:39:58 +00:00
|
|
|
int defset, hostset;
|
|
|
|
|
long bad = 0;
|
1995-06-27 11:07:30 +00:00
|
|
|
sigset_t sighup_mask;
|
2012-09-24 23:57:16 +00:00
|
|
|
int numsecflavors, *secflavorsp;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
sigemptyset(&sighup_mask);
|
|
|
|
|
sigaddset(&sighup_mask, SIGHUP);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
saddr = svc_getrpccaller(transp)->buf;
|
|
|
|
|
switch (saddr->sa_family) {
|
|
|
|
|
case AF_INET6:
|
2001-04-17 22:25:48 +00:00
|
|
|
sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
case AF_INET:
|
2001-04-17 22:25:48 +00:00
|
|
|
sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
syslog(LOG_ERR, "request from unknown address family");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-12-06 18:21:48 +00:00
|
|
|
switch (rqstp->rq_proc) {
|
|
|
|
|
case MOUNTPROC_MNT:
|
|
|
|
|
case MOUNTPROC_UMNT:
|
|
|
|
|
case MOUNTPROC_UMNTALL:
|
|
|
|
|
lookup_failed = getnameinfo(saddr, saddr->sa_len, host,
|
|
|
|
|
sizeof host, NULL, 0, 0);
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
getnameinfo(saddr, saddr->sa_len, numerichost,
|
|
|
|
|
sizeof numerichost, NULL, 0, NI_NUMERICHOST);
|
1994-05-26 06:35:07 +00:00
|
|
|
switch (rqstp->rq_proc) {
|
|
|
|
|
case NULLPROC:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_MNT:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"mount request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE, "undecodable mount request from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_decode(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the real pathname and make sure it is a directory
|
1995-06-27 11:07:30 +00:00
|
|
|
* or a regular file if the -r option was specified
|
|
|
|
|
* and it exists.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
1999-10-06 18:20:44 +00:00
|
|
|
if (realpath(rpcpath, dirpath) == NULL ||
|
1994-05-26 06:35:07 +00:00
|
|
|
stat(dirpath, &stb) < 0 ||
|
|
|
|
|
statfs(dirpath, &fsb) < 0) {
|
|
|
|
|
chdir("/"); /* Just in case realpath doesn't */
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
1998-07-15 06:21:41 +00:00
|
|
|
"mount request from %s for non existent path %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("stat failed on %s", dirpath);
|
1997-08-29 19:22:28 +00:00
|
|
|
bad = ENOENT; /* We will send error reply later */
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2018-02-21 00:19:02 +00:00
|
|
|
if (!bad &&
|
|
|
|
|
!S_ISDIR(stb.st_mode) &&
|
|
|
|
|
(dir_only || !S_ISREG(stb.st_mode))) {
|
|
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"mount request from %s for non-directory path %s",
|
|
|
|
|
numerichost, dirpath);
|
|
|
|
|
if (debug)
|
|
|
|
|
warnx("mounting non-directory %s", dirpath);
|
|
|
|
|
bad = ENOTDIR; /* We will send error reply later */
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/* Check in the exports list */
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
|
2018-02-21 00:19:02 +00:00
|
|
|
if (bad)
|
|
|
|
|
ep = NULL;
|
|
|
|
|
else
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
ep = ex_search(&fsb.f_fsid, exphead);
|
1995-06-27 11:07:30 +00:00
|
|
|
hostset = defset = 0;
|
2012-09-24 23:57:16 +00:00
|
|
|
if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset,
|
|
|
|
|
&numsecflavors, &secflavorsp) ||
|
1994-05-26 06:35:07 +00:00
|
|
|
((dp = dirp_search(ep->ex_dirl, dirpath)) &&
|
2012-09-24 23:57:16 +00:00
|
|
|
chk_host(dp, saddr, &defset, &hostset, &numsecflavors,
|
|
|
|
|
&secflavorsp)) ||
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
(defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
|
|
|
|
|
scan_tree(ep->ex_dirl, saddr) == 0))) {
|
1997-08-29 19:22:28 +00:00
|
|
|
if (bad) {
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
|
1997-08-29 19:22:28 +00:00
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1997-08-29 19:22:28 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2012-09-24 23:57:16 +00:00
|
|
|
if (hostset & DP_HOSTSET) {
|
1995-06-27 11:07:30 +00:00
|
|
|
fhr.fhr_flag = hostset;
|
2012-09-24 23:57:16 +00:00
|
|
|
fhr.fhr_numsecflavors = numsecflavors;
|
|
|
|
|
fhr.fhr_secflavors = secflavorsp;
|
|
|
|
|
} else {
|
1995-06-27 11:07:30 +00:00
|
|
|
fhr.fhr_flag = defset;
|
2012-09-24 23:57:16 +00:00
|
|
|
fhr.fhr_numsecflavors = ep->ex_defnumsecflavors;
|
|
|
|
|
fhr.fhr_secflavors = ep->ex_defsecflavors;
|
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
fhr.fhr_vers = rqstp->rq_vers;
|
1994-05-26 06:35:07 +00:00
|
|
|
/* Get the file handle */
|
1997-03-11 12:43:45 +00:00
|
|
|
memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
|
1995-06-27 11:07:30 +00:00
|
|
|
if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
|
1994-05-26 06:35:07 +00:00
|
|
|
bad = errno;
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't get fh for %s", dirpath);
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
|
1994-05-26 06:35:07 +00:00
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
|
|
|
|
|
(caddr_t)&fhr))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
|
|
|
|
add_mlist(host, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
else
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
add_mlist(numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("mount successful");
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"mount request succeeded from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1997-12-09 18:43:44 +00:00
|
|
|
} else {
|
2018-02-21 00:19:02 +00:00
|
|
|
if (!bad)
|
|
|
|
|
bad = EACCES;
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"mount request denied from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1997-12-09 18:43:44 +00:00
|
|
|
}
|
1997-08-29 19:22:28 +00:00
|
|
|
|
2003-10-26 05:58:21 +00:00
|
|
|
if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
|
|
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_DUMP:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
2003-10-30 22:57:43 +00:00
|
|
|
else if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"dump request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_UMNT:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"umount request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE, "undecodable umount request from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_decode(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
1999-10-06 18:20:44 +00:00
|
|
|
if (realpath(rpcpath, dirpath) == NULL) {
|
|
|
|
|
syslog(LOG_NOTICE, "umount request from %s "
|
|
|
|
|
"for non existent path %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1999-10-06 18:20:44 +00:00
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
2001-04-17 22:25:48 +00:00
|
|
|
del_mlist(host, dirpath);
|
|
|
|
|
del_mlist(numerichost, dirpath);
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"umount request succeeded from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_UMNTALL:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"umountall request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
2001-04-17 22:25:48 +00:00
|
|
|
del_mlist(host, NULL);
|
|
|
|
|
del_mlist(numerichost, NULL);
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"umountall request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_EXPORT:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
|
|
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
|
|
|
|
|
(caddr_t)NULL))
|
2002-07-15 18:34:27 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
|
"export request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
default:
|
|
|
|
|
svcerr_noproc(transp);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Xdr conversion for a dirpath string
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_dir(XDR *xdrsp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2009-06-24 18:42:21 +00:00
|
|
|
return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
1995-06-27 11:07:30 +00:00
|
|
|
* Xdr routine to generate file handle reply
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_fhs(XDR *xdrsp, caddr_t cp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2002-03-20 17:55:10 +00:00
|
|
|
struct fhreturn *fhrp = (struct fhreturn *)cp;
|
1995-06-27 11:07:30 +00:00
|
|
|
u_long ok = 0, len, auth;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int i;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
if (!xdr_long(xdrsp, &ok))
|
|
|
|
|
return (0);
|
1995-06-27 11:07:30 +00:00
|
|
|
switch (fhrp->fhr_vers) {
|
|
|
|
|
case 1:
|
|
|
|
|
return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
|
|
|
|
|
case 3:
|
|
|
|
|
len = NFSX_V3FH;
|
|
|
|
|
if (!xdr_long(xdrsp, &len))
|
|
|
|
|
return (0);
|
|
|
|
|
if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
|
|
|
|
|
return (0);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (fhrp->fhr_numsecflavors) {
|
|
|
|
|
if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
|
|
|
|
|
return (0);
|
|
|
|
|
for (i = 0; i < fhrp->fhr_numsecflavors; i++)
|
|
|
|
|
if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
|
|
|
|
|
return (0);
|
|
|
|
|
return (1);
|
|
|
|
|
} else {
|
|
|
|
|
auth = AUTH_SYS;
|
|
|
|
|
len = 1;
|
|
|
|
|
if (!xdr_long(xdrsp, &len))
|
|
|
|
|
return (0);
|
|
|
|
|
return (xdr_long(xdrsp, &auth));
|
|
|
|
|
}
|
2016-04-15 22:31:22 +00:00
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
return (0);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct mountlist *mlp;
|
|
|
|
|
int true = 1;
|
|
|
|
|
int false = 0;
|
|
|
|
|
char *strp;
|
|
|
|
|
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_FOREACH(mlp, &mlhead, next) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
|
return (0);
|
|
|
|
|
strp = &mlp->ml_host[0];
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
strp = &mlp->ml_dirp[0];
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
|
return (0);
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Xdr conversion for export list
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct exportlist *ep;
|
|
|
|
|
int false = 0;
|
1995-06-27 11:07:30 +00:00
|
|
|
int putdef;
|
|
|
|
|
sigset_t sighup_mask;
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
int i;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
sigemptyset(&sighup_mask);
|
|
|
|
|
sigaddset(&sighup_mask, SIGHUP);
|
|
|
|
|
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
|
2017-10-04 08:43:56 +00:00
|
|
|
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
for (i = 0; i < exphashsize; i++)
|
|
|
|
|
SLIST_FOREACH(ep, &exphead[i], entries) {
|
|
|
|
|
putdef = 0;
|
|
|
|
|
if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
|
|
|
|
|
&putdef, brief))
|
|
|
|
|
goto errout;
|
|
|
|
|
if (ep->ex_defdir && putdef == 0 &&
|
|
|
|
|
put_exlist(ep->ex_defdir, xdrsp, NULL,
|
|
|
|
|
&putdef, brief))
|
|
|
|
|
goto errout;
|
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
|
return (0);
|
|
|
|
|
return (1);
|
|
|
|
|
errout:
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Called from xdr_explist() to traverse the tree and export the
|
|
|
|
|
* directory paths.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
|
|
|
|
|
int brief)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct grouplist *grp;
|
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
int true = 1;
|
|
|
|
|
int false = 0;
|
|
|
|
|
int gotalldir = 0;
|
|
|
|
|
char *strp;
|
|
|
|
|
|
|
|
|
|
if (dp) {
|
2002-07-15 18:34:27 +00:00
|
|
|
if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
|
return (1);
|
|
|
|
|
strp = dp->dp_dirp;
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
|
|
|
|
|
gotalldir = 1;
|
|
|
|
|
*putdefp = 1;
|
|
|
|
|
}
|
2002-07-15 18:34:27 +00:00
|
|
|
if (brief) {
|
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
|
return (1);
|
|
|
|
|
strp = "(...)";
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
2002-07-15 18:34:27 +00:00
|
|
|
return (1);
|
|
|
|
|
} else if ((dp->dp_flag & DP_DEFSET) == 0 &&
|
1994-05-26 06:35:07 +00:00
|
|
|
(gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
|
|
|
|
|
hp = dp->dp_hosts;
|
|
|
|
|
while (hp) {
|
|
|
|
|
grp = hp->ht_grp;
|
|
|
|
|
if (grp->gr_type == GT_HOST) {
|
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
|
1995-05-30 06:12:45 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp,
|
2009-06-24 18:42:21 +00:00
|
|
|
MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
} else if (grp->gr_type == GT_NET) {
|
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
|
return (1);
|
|
|
|
|
strp = grp->gr_ptr.gt_net.nt_name;
|
1995-05-30 06:12:45 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp,
|
2009-06-24 18:42:21 +00:00
|
|
|
MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
hp = hp->ht_next;
|
|
|
|
|
if (gotalldir && hp == (struct hostlist *)NULL) {
|
|
|
|
|
hp = adp->dp_hosts;
|
|
|
|
|
gotalldir = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
|
return (1);
|
2002-07-15 18:34:27 +00:00
|
|
|
if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist(XDR *xdrsp, caddr_t cp)
|
2002-07-15 18:34:27 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return xdr_explist_common(xdrsp, cp, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist_brief(XDR *xdrsp, caddr_t cp)
|
2002-07-15 18:34:27 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return xdr_explist_common(xdrsp, cp, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static char *line;
|
|
|
|
|
static size_t linesize;
|
|
|
|
|
static FILE *exp_file;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
2007-02-03 00:12:18 +00:00
|
|
|
* Get the export list from one, currently open file
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2007-02-03 00:12:18 +00:00
|
|
|
static void
|
2019-06-03 22:58:51 +00:00
|
|
|
get_exportlist_one(int passno)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2017-10-04 08:43:56 +00:00
|
|
|
struct exportlist *ep;
|
2019-06-03 22:58:51 +00:00
|
|
|
struct grouplist *grp, *tgrp, *savgrp;
|
1994-05-26 06:35:07 +00:00
|
|
|
struct dirlist *dirhead;
|
2007-02-03 00:12:18 +00:00
|
|
|
struct statfs fsb;
|
2020-06-14 00:40:00 +00:00
|
|
|
struct expcred anon;
|
1994-05-26 06:35:07 +00:00
|
|
|
char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
|
2023-05-06 18:57:14 +00:00
|
|
|
char *err_msg = NULL;
|
2020-06-14 00:40:00 +00:00
|
|
|
int len, has_host, got_nondir, dirplen, netgrp;
|
|
|
|
|
uint64_t exflags;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_phase = 0;
|
2020-10-10 00:01:40 +00:00
|
|
|
anon.cr_groups = NULL;
|
1994-05-26 06:35:07 +00:00
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
|
while (get_line()) {
|
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("got line %s", line);
|
1994-05-26 06:35:07 +00:00
|
|
|
cp = line;
|
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
|
if (*cp == '#')
|
|
|
|
|
goto nextline;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set defaults.
|
|
|
|
|
*/
|
|
|
|
|
has_host = FALSE;
|
2020-10-10 00:01:40 +00:00
|
|
|
anon.cr_groups = anon.cr_smallgrps;
|
2020-06-16 02:35:30 +00:00
|
|
|
anon.cr_uid = UID_NOBODY;
|
2020-06-14 00:40:00 +00:00
|
|
|
anon.cr_ngroups = 1;
|
2020-06-16 02:35:30 +00:00
|
|
|
anon.cr_groups[0] = GID_NOGROUP;
|
1994-05-26 06:35:07 +00:00
|
|
|
exflags = MNT_EXPORTED;
|
|
|
|
|
got_nondir = 0;
|
|
|
|
|
opt_flags = 0;
|
|
|
|
|
ep = (struct exportlist *)NULL;
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Handle the V4 root dir.
|
|
|
|
|
*/
|
|
|
|
|
if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
|
|
|
|
|
/*
|
|
|
|
|
* V4: just indicates that it is the v4 root point,
|
|
|
|
|
* so skip over that and set v4root_phase.
|
|
|
|
|
*/
|
|
|
|
|
if (v4root_phase > 0) {
|
|
|
|
|
syslog(LOG_ERR, "V4:duplicate line, ignored");
|
|
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
v4root_phase = 1;
|
|
|
|
|
cp += 3;
|
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create new exports list entry
|
|
|
|
|
*/
|
|
|
|
|
len = endcp-cp;
|
|
|
|
|
tgrp = grp = get_grp();
|
|
|
|
|
while (len > 0) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (len > MNTNAMLEN) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "mountpoint too long");
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
if (*cp == '-') {
|
|
|
|
|
if (ep == (struct exportlist *)NULL) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp,
|
|
|
|
|
"flag before export path definition");
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("doing opt %s", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
got_nondir = 1;
|
|
|
|
|
if (do_opt(&cp, &endcp, ep, grp, &has_host,
|
|
|
|
|
&exflags, &anon)) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
} else if (*cp == '/') {
|
|
|
|
|
savedc = *endcp;
|
|
|
|
|
*endcp = '\0';
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase > 1) {
|
|
|
|
|
if (dirp != NULL) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "Multiple V4 dirs");
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-05-06 18:57:14 +00:00
|
|
|
if (check_dirpath(cp, &err_msg) &&
|
|
|
|
|
check_statfs(cp, &fsb, &err_msg)) {
|
2015-05-16 12:05:26 +00:00
|
|
|
if ((fsb.f_flags & MNT_AUTOMOUNTED) != 0)
|
|
|
|
|
syslog(LOG_ERR, "Warning: exporting of "
|
|
|
|
|
"automounted fs %s not supported", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (got_nondir) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "dirs must be first");
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 1) {
|
|
|
|
|
if (dirp != NULL) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "Multiple V4 dirs");
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
if (strlen(v4root_dirpath) == 0) {
|
|
|
|
|
strlcpy(v4root_dirpath, cp,
|
|
|
|
|
sizeof (v4root_dirpath));
|
|
|
|
|
} else if (strcmp(v4root_dirpath, cp)
|
|
|
|
|
!= 0) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"different V4 dirpath %s", cp);
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = cp;
|
|
|
|
|
v4root_phase = 2;
|
|
|
|
|
got_nondir = 1;
|
|
|
|
|
ep = get_exp();
|
1994-05-26 06:35:07 +00:00
|
|
|
} else {
|
2009-05-27 22:02:54 +00:00
|
|
|
if (ep) {
|
2020-05-21 01:55:35 +00:00
|
|
|
if (fsidcmp(&ep->ex_fs, &fsb.f_fsid)
|
|
|
|
|
!= 0) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp,
|
|
|
|
|
"fsid mismatch");
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* See if this directory is already
|
|
|
|
|
* in the list.
|
|
|
|
|
*/
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
ep = ex_search(&fsb.f_fsid, exphead);
|
2009-05-27 22:02:54 +00:00
|
|
|
if (ep == (struct exportlist *)NULL) {
|
|
|
|
|
ep = get_exp();
|
|
|
|
|
ep->ex_fs = fsb.f_fsid;
|
2017-09-26 09:18:18 +00:00
|
|
|
ep->ex_fsdir = strdup(fsb.f_mntonname);
|
|
|
|
|
if (ep->ex_fsdir == NULL)
|
2009-05-27 22:02:54 +00:00
|
|
|
out_of_mem();
|
|
|
|
|
if (debug)
|
|
|
|
|
warnx(
|
|
|
|
|
"making new ep fs=0x%x,0x%x",
|
|
|
|
|
fsb.f_fsid.val[0],
|
|
|
|
|
fsb.f_fsid.val[1]);
|
|
|
|
|
} else if (debug)
|
|
|
|
|
warnx("found ep fs=0x%x,0x%x",
|
|
|
|
|
fsb.f_fsid.val[0],
|
|
|
|
|
fsb.f_fsid.val[1]);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2009-05-27 22:02:54 +00:00
|
|
|
* Add dirpath to export mount point.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = add_expdir(&dirhead, cp, len);
|
|
|
|
|
dirplen = len;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2023-05-06 18:57:14 +00:00
|
|
|
if (err_msg != NULL) {
|
|
|
|
|
getexp_err(ep, tgrp, err_msg);
|
|
|
|
|
free(err_msg);
|
|
|
|
|
err_msg = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
getexp_err(ep, tgrp,
|
|
|
|
|
"symbolic link in export path or "
|
|
|
|
|
"statfs failed");
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
*endcp = savedc;
|
|
|
|
|
} else {
|
|
|
|
|
savedc = *endcp;
|
|
|
|
|
*endcp = '\0';
|
|
|
|
|
got_nondir = 1;
|
|
|
|
|
if (ep == (struct exportlist *)NULL) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp,
|
|
|
|
|
"host(s) before export path definition");
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the host or netgroup.
|
|
|
|
|
*/
|
|
|
|
|
setnetgrent(cp);
|
|
|
|
|
netgrp = getnetgrent(&hst, &usr, &dom);
|
|
|
|
|
do {
|
|
|
|
|
if (has_host) {
|
|
|
|
|
grp->gr_next = get_grp();
|
|
|
|
|
grp = grp->gr_next;
|
|
|
|
|
}
|
|
|
|
|
if (netgrp) {
|
1998-06-15 15:41:41 +00:00
|
|
|
if (hst == 0) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"null hostname in netgroup %s, skipping", cp);
|
1998-06-15 15:43:13 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1998-06-15 15:41:41 +00:00
|
|
|
} else if (get_host(hst, grp, tgrp)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"bad host %s in netgroup %s, skipping", hst, cp);
|
1997-09-12 16:25:24 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
} else if (get_host(cp, grp, tgrp)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad host %s, skipping", cp);
|
1997-09-12 16:25:24 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
has_host = TRUE;
|
|
|
|
|
} while (netgrp && getnetgrent(&hst, &usr, &dom));
|
|
|
|
|
endnetgrent();
|
|
|
|
|
*endcp = savedc;
|
|
|
|
|
}
|
|
|
|
|
cp = endcp;
|
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
|
len = endcp - cp;
|
|
|
|
|
}
|
|
|
|
|
if (check_options(dirhead)) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
if (!has_host) {
|
2001-04-18 00:28:37 +00:00
|
|
|
grp->gr_type = GT_DEFAULT;
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("adding a default entry");
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Don't allow a network export coincide with a list of
|
|
|
|
|
* host(s) on the same line.
|
|
|
|
|
*/
|
|
|
|
|
} else if ((opt_flags & OP_NET) && tgrp->gr_next) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "network/host conflict");
|
1994-05-26 06:35:07 +00:00
|
|
|
goto nextline;
|
1997-09-12 16:25:24 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/*
|
|
|
|
|
* If an export list was specified on this line, make sure
|
1997-09-12 16:25:24 +00:00
|
|
|
* that we have at least one valid entry, otherwise skip it.
|
|
|
|
|
*/
|
|
|
|
|
} else {
|
|
|
|
|
grp = tgrp;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
while (grp && grp->gr_type == GT_IGNORE)
|
1997-09-12 16:25:24 +00:00
|
|
|
grp = grp->gr_next;
|
|
|
|
|
if (! grp) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "no valid entries");
|
1997-09-12 16:25:24 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 1) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, "V4:root, no dirp, ignored");
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Loop through hosts, pushing the exports into the kernel.
|
|
|
|
|
* After loop, tgrp points to the start of the list and
|
|
|
|
|
* grp points to the last entry in the list.
|
2019-06-03 22:58:51 +00:00
|
|
|
* Do not do the do_mount() for passno == 1, since the
|
|
|
|
|
* second pass will do it, as required.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
|
grp = tgrp;
|
|
|
|
|
do {
|
2019-06-03 22:58:51 +00:00
|
|
|
grp->gr_exflags = exflags;
|
2020-06-14 00:40:00 +00:00
|
|
|
cp_cred(&grp->gr_anon, &anon);
|
2019-06-03 22:58:51 +00:00
|
|
|
if (v4root_phase == 2 && passno == 0)
|
|
|
|
|
LOGDEBUG("do_mount v4root");
|
|
|
|
|
if (passno == 0 && do_mount(ep, grp, exflags, &anon,
|
|
|
|
|
dirp, dirplen, &fsb, ep->ex_numsecflavors,
|
|
|
|
|
ep->ex_secflavors)) {
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(ep, tgrp, NULL);
|
2001-04-17 22:25:48 +00:00
|
|
|
goto nextline;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
} while (grp->gr_next && (grp = grp->gr_next));
|
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
/*
|
|
|
|
|
* For V4: don't enter in mount lists.
|
|
|
|
|
*/
|
2009-06-23 21:48:04 +00:00
|
|
|
if (v4root_phase > 0 && v4root_phase <= 2) {
|
|
|
|
|
/*
|
2019-06-03 23:07:46 +00:00
|
|
|
* These structures are used for the reload,
|
2019-06-03 22:58:51 +00:00
|
|
|
* so save them for that case. Otherwise, just
|
2009-06-23 21:48:04 +00:00
|
|
|
* free them up now.
|
|
|
|
|
*/
|
2019-06-03 22:58:51 +00:00
|
|
|
if (passno == 1 && ep != NULL) {
|
|
|
|
|
savgrp = tgrp;
|
|
|
|
|
while (tgrp != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* Save the security flavors and exflags
|
|
|
|
|
* for this host set in the groups.
|
|
|
|
|
*/
|
|
|
|
|
tgrp->gr_numsecflavors =
|
|
|
|
|
ep->ex_numsecflavors;
|
|
|
|
|
if (ep->ex_numsecflavors > 0)
|
|
|
|
|
memcpy(tgrp->gr_secflavors,
|
|
|
|
|
ep->ex_secflavors,
|
|
|
|
|
sizeof(ep->ex_secflavors));
|
|
|
|
|
tgrp = tgrp->gr_next;
|
|
|
|
|
}
|
|
|
|
|
if (v4root_ep == NULL) {
|
|
|
|
|
v4root_ep = ep;
|
|
|
|
|
ep = NULL; /* Don't free below. */
|
|
|
|
|
}
|
|
|
|
|
grp->gr_next = v4root_ep->ex_grphead;
|
|
|
|
|
v4root_ep->ex_grphead = savgrp;
|
|
|
|
|
}
|
2009-06-23 21:48:04 +00:00
|
|
|
if (ep != NULL)
|
|
|
|
|
free_exp(ep);
|
|
|
|
|
while (tgrp != NULL) {
|
|
|
|
|
grp = tgrp;
|
|
|
|
|
tgrp = tgrp->gr_next;
|
|
|
|
|
free_grp(grp);
|
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
2009-06-23 21:48:04 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Success. Update the data structures.
|
|
|
|
|
*/
|
|
|
|
|
if (has_host) {
|
2019-06-03 22:58:51 +00:00
|
|
|
hang_dirp(dirhead, tgrp, ep, opt_flags, &anon, exflags);
|
2019-05-14 22:00:47 +00:00
|
|
|
grp->gr_next = ep->ex_grphead;
|
|
|
|
|
ep->ex_grphead = tgrp;
|
1994-05-26 06:35:07 +00:00
|
|
|
} else {
|
|
|
|
|
hang_dirp(dirhead, (struct grouplist *)NULL, ep,
|
2019-06-03 22:58:51 +00:00
|
|
|
opt_flags, &anon, exflags);
|
1994-05-26 06:35:07 +00:00
|
|
|
free_grp(grp);
|
|
|
|
|
}
|
|
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
|
if ((ep->ex_flag & EX_LINKED) == 0) {
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
insert_exports(ep, exphead);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
ep->ex_flag |= EX_LINKED;
|
|
|
|
|
}
|
|
|
|
|
nextline:
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_phase = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
if (dirhead) {
|
|
|
|
|
free_dir(dirhead);
|
|
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
|
}
|
2020-10-10 00:01:40 +00:00
|
|
|
if (anon.cr_groups != anon.cr_smallgrps) {
|
|
|
|
|
free(anon.cr_groups);
|
|
|
|
|
anon.cr_groups = NULL;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2007-02-03 00:12:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get the export list from all specified files
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2019-06-03 22:58:51 +00:00
|
|
|
get_exportlist(int passno)
|
2007-02-03 00:12:18 +00:00
|
|
|
{
|
|
|
|
|
struct export_args export;
|
|
|
|
|
struct iovec *iov;
|
2019-05-11 22:41:58 +00:00
|
|
|
struct statfs *mntbufp;
|
2007-02-03 00:12:18 +00:00
|
|
|
char errmsg[255];
|
2021-03-09 00:08:02 +00:00
|
|
|
int error, i, nfs_maxvers, num;
|
2007-02-03 00:12:18 +00:00
|
|
|
int iovlen;
|
2009-05-27 22:02:54 +00:00
|
|
|
struct nfsex_args eargs;
|
2019-06-03 22:58:51 +00:00
|
|
|
FILE *debug_file;
|
2021-03-09 00:08:02 +00:00
|
|
|
size_t nfs_maxvers_size;
|
2019-06-03 22:58:51 +00:00
|
|
|
|
|
|
|
|
if ((debug_file = fopen(_PATH_MOUNTDDEBUG, "r")) != NULL) {
|
|
|
|
|
fclose(debug_file);
|
|
|
|
|
logdebug = 1;
|
|
|
|
|
} else
|
|
|
|
|
logdebug = 0;
|
|
|
|
|
LOGDEBUG("passno=%d", passno);
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_dirpath[0] = '\0';
|
2019-06-03 22:58:51 +00:00
|
|
|
free_v4rootexp();
|
|
|
|
|
if (passno == 1) {
|
|
|
|
|
/*
|
|
|
|
|
* Save the current lists as old ones, so that the new lists
|
|
|
|
|
* can be compared with the old ones in the 2nd pass.
|
|
|
|
|
*/
|
|
|
|
|
for (i = 0; i < exphashsize; i++) {
|
|
|
|
|
SLIST_FIRST(&oldexphead[i]) = SLIST_FIRST(&exphead[i]);
|
|
|
|
|
SLIST_INIT(&exphead[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Note that the public fh has not yet been set. */
|
|
|
|
|
has_set_publicfh = 0;
|
|
|
|
|
|
|
|
|
|
/* Read the export file(s) and process them */
|
|
|
|
|
read_exportfile(passno);
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Just make the old lists empty.
|
|
|
|
|
* exphashsize == 0 for the first call, before oldexphead
|
|
|
|
|
* has been initialized-->loop won't be executed.
|
|
|
|
|
*/
|
|
|
|
|
for (i = 0; i < exphashsize; i++)
|
|
|
|
|
SLIST_INIT(&oldexphead[i]);
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-03 00:12:18 +00:00
|
|
|
bzero(&export, sizeof(export));
|
|
|
|
|
export.ex_flags = MNT_DELEXPORT;
|
|
|
|
|
iov = NULL;
|
|
|
|
|
iovlen = 0;
|
|
|
|
|
bzero(errmsg, sizeof(errmsg));
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
if (suspend_nfsd != 0)
|
|
|
|
|
(void)nfssvc(NFSSVC_SUSPENDNFSD, NULL);
|
2007-02-03 00:12:18 +00:00
|
|
|
/*
|
2019-06-03 22:58:51 +00:00
|
|
|
* Delete the old V4 root dir.
|
2009-05-27 22:02:54 +00:00
|
|
|
*/
|
|
|
|
|
bzero(&eargs, sizeof (eargs));
|
|
|
|
|
eargs.export.ex_flags = MNT_DELEXPORT;
|
2020-06-14 00:40:00 +00:00
|
|
|
if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT, (caddr_t)&eargs) < 0 &&
|
2009-05-27 22:02:54 +00:00
|
|
|
errno != ENOENT)
|
|
|
|
|
syslog(LOG_ERR, "Can't delete exports for V4:");
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "from", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "update", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "export", &export,
|
|
|
|
|
sizeof(export));
|
|
|
|
|
build_iovec(&iov, &iovlen, "errmsg", errmsg,
|
|
|
|
|
sizeof(errmsg));
|
2009-05-27 22:02:54 +00:00
|
|
|
|
2007-02-03 00:12:18 +00:00
|
|
|
/*
|
2019-06-03 22:58:51 +00:00
|
|
|
* For passno == 1, compare the old and new lists updating the kernel
|
|
|
|
|
* exports for any cases that have changed.
|
|
|
|
|
* This call is doing the second pass through the lists.
|
|
|
|
|
* If it fails, fall back on the bulk reload.
|
2007-02-03 00:12:18 +00:00
|
|
|
*/
|
2019-06-03 22:58:51 +00:00
|
|
|
if (passno == 1 && compare_nmount_exportlist(iov, iovlen, errmsg) ==
|
|
|
|
|
0) {
|
|
|
|
|
LOGDEBUG("compareok");
|
|
|
|
|
/* Free up the old lists. */
|
|
|
|
|
free_exports(oldexphead);
|
|
|
|
|
} else {
|
|
|
|
|
LOGDEBUG("doing passno=0");
|
|
|
|
|
/*
|
|
|
|
|
* Clear flag that notes if a public fh has been exported.
|
|
|
|
|
* It is set by do_mount() if MNT_EXPUBLIC is set for the entry.
|
|
|
|
|
*/
|
|
|
|
|
has_publicfh = 0;
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/* exphead == NULL if not yet allocated (first call). */
|
|
|
|
|
if (exphead != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* First, get rid of the old lists.
|
|
|
|
|
*/
|
|
|
|
|
free_exports(exphead);
|
|
|
|
|
free_exports(oldexphead);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* And delete exports that are in the kernel for all local
|
|
|
|
|
* filesystems.
|
|
|
|
|
* XXX: Should know how to handle all local exportable
|
|
|
|
|
* filesystems.
|
|
|
|
|
*/
|
|
|
|
|
num = getmntinfo(&mntbufp, MNT_NOWAIT);
|
|
|
|
|
|
|
|
|
|
/* Allocate hash tables, for first call. */
|
|
|
|
|
if (exphead == NULL) {
|
|
|
|
|
/* Target an average linked list length of 10. */
|
|
|
|
|
exphashsize = num / 10;
|
|
|
|
|
if (exphashsize < 1)
|
|
|
|
|
exphashsize = 1;
|
|
|
|
|
else if (exphashsize > 100000)
|
|
|
|
|
exphashsize = 100000;
|
|
|
|
|
exphead = malloc(exphashsize * sizeof(*exphead));
|
|
|
|
|
oldexphead = malloc(exphashsize * sizeof(*oldexphead));
|
|
|
|
|
if (exphead == NULL || oldexphead == NULL)
|
|
|
|
|
errx(1, "Can't malloc hash tables");
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < exphashsize; i++) {
|
|
|
|
|
SLIST_INIT(&exphead[i]);
|
|
|
|
|
SLIST_INIT(&oldexphead[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < num; i++)
|
|
|
|
|
delete_export(iov, iovlen, &mntbufp[i], errmsg);
|
2007-02-03 00:12:18 +00:00
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
|
|
|
|
|
/* Read the export file(s) and process them */
|
|
|
|
|
read_exportfile(0);
|
|
|
|
|
}
|
2007-02-03 00:12:18 +00:00
|
|
|
|
2021-03-09 00:08:02 +00:00
|
|
|
if (strlen(v4root_dirpath) == 0) {
|
|
|
|
|
/* Check to see if a V4: line is needed. */
|
|
|
|
|
nfs_maxvers_size = sizeof(nfs_maxvers);
|
|
|
|
|
error = sysctlbyname("vfs.nfsd.server_max_nfsvers",
|
|
|
|
|
&nfs_maxvers, &nfs_maxvers_size, NULL, 0);
|
|
|
|
|
if (error != 0 || nfs_maxvers < NFS_VER2 || nfs_maxvers >
|
|
|
|
|
NFS_VER4) {
|
|
|
|
|
syslog(LOG_ERR, "sysctlbyname(vfs.nfsd."
|
|
|
|
|
"server_max_nfsvers) failed, defaulting to NFSv3");
|
|
|
|
|
nfs_maxvers = NFS_VER3;
|
|
|
|
|
}
|
|
|
|
|
if (nfs_maxvers == NFS_VER4)
|
|
|
|
|
syslog(LOG_ERR, "NFSv4 requires at least one V4: line");
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-03 00:12:18 +00:00
|
|
|
if (iov != NULL) {
|
|
|
|
|
/* Free strings allocated by strdup() in getmntopts.c */
|
|
|
|
|
free(iov[0].iov_base); /* fstype */
|
|
|
|
|
free(iov[2].iov_base); /* fspath */
|
|
|
|
|
free(iov[4].iov_base); /* from */
|
|
|
|
|
free(iov[6].iov_base); /* update */
|
|
|
|
|
free(iov[8].iov_base); /* export */
|
|
|
|
|
free(iov[10].iov_base); /* errmsg */
|
|
|
|
|
|
|
|
|
|
/* free iov, allocated by realloc() */
|
|
|
|
|
free(iov);
|
|
|
|
|
iovlen = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
/*
|
|
|
|
|
* If there was no public fh, clear any previous one set.
|
|
|
|
|
*/
|
2019-06-03 22:58:51 +00:00
|
|
|
if (has_publicfh == 0) {
|
|
|
|
|
LOGDEBUG("clear public fh");
|
2009-05-27 22:02:54 +00:00
|
|
|
(void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
|
2019-06-03 22:58:51 +00:00
|
|
|
}
|
2012-10-15 00:17:16 +00:00
|
|
|
|
|
|
|
|
/* Resume the nfsd. If they weren't suspended, this is harmless. */
|
|
|
|
|
(void)nfssvc(NFSSVC_RESUMENFSD, NULL);
|
2019-06-03 22:58:51 +00:00
|
|
|
LOGDEBUG("eo get_exportlist");
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2019-05-10 23:52:17 +00:00
|
|
|
/*
|
|
|
|
|
* Insert an export entry in the appropriate list.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
insert_exports(struct exportlist *ep, struct exportlisthead *exhp)
|
|
|
|
|
{
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
uint32_t i;
|
2019-05-10 23:52:17 +00:00
|
|
|
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
i = EXPHASH(&ep->ex_fs);
|
2019-06-03 22:58:51 +00:00
|
|
|
LOGDEBUG("fs=%s hash=%i", ep->ex_fsdir, i);
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
SLIST_INSERT_HEAD(&exhp[i], ep, entries);
|
2019-05-10 23:52:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free up the exports lists passed in as arguments.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
free_exports(struct exportlisthead *exhp)
|
|
|
|
|
{
|
|
|
|
|
struct exportlist *ep, *ep2;
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
int i;
|
2019-05-10 23:52:17 +00:00
|
|
|
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
for (i = 0; i < exphashsize; i++) {
|
|
|
|
|
SLIST_FOREACH_SAFE(ep, &exhp[i], entries, ep2) {
|
|
|
|
|
SLIST_REMOVE(&exhp[i], ep, exportlist, entries);
|
|
|
|
|
free_exp(ep);
|
|
|
|
|
}
|
|
|
|
|
SLIST_INIT(&exhp[i]);
|
2019-05-10 23:52:17 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-11 22:41:58 +00:00
|
|
|
/*
|
|
|
|
|
* Read the exports file(s) and call get_exportlist_one() for each line.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2019-06-03 22:58:51 +00:00
|
|
|
read_exportfile(int passno)
|
2019-05-11 22:41:58 +00:00
|
|
|
{
|
|
|
|
|
int done, i;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read in the exports file and build the list, calling
|
|
|
|
|
* nmount() as we go along to push the export rules into the kernel.
|
|
|
|
|
*/
|
|
|
|
|
done = 0;
|
|
|
|
|
for (i = 0; exnames[i] != NULL; i++) {
|
|
|
|
|
if (debug)
|
|
|
|
|
warnx("reading exports from %s", exnames[i]);
|
|
|
|
|
if ((exp_file = fopen(exnames[i], "r")) == NULL) {
|
|
|
|
|
syslog(LOG_WARNING, "can't open %s", exnames[i]);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2019-06-03 22:58:51 +00:00
|
|
|
get_exportlist_one(passno);
|
2019-05-11 22:41:58 +00:00
|
|
|
fclose(exp_file);
|
|
|
|
|
done++;
|
|
|
|
|
}
|
|
|
|
|
if (done == 0) {
|
|
|
|
|
syslog(LOG_ERR, "can't open any exports file");
|
|
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/*
|
|
|
|
|
* Compare the export lists against the old ones and do nmount() operations
|
|
|
|
|
* for any cases that have changed. This avoids doing nmount() for entries
|
|
|
|
|
* that have not changed.
|
|
|
|
|
* Return 0 upon success, 1 otherwise.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
compare_nmount_exportlist(struct iovec *iov, int iovlen, char *errmsg)
|
|
|
|
|
{
|
|
|
|
|
struct exportlist *ep, *oep;
|
|
|
|
|
struct grouplist *grp;
|
|
|
|
|
struct statfs fs, ofs;
|
|
|
|
|
int i, ret;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop through the current list and look for an entry in the old
|
|
|
|
|
* list.
|
|
|
|
|
* If found, check to see if it the same.
|
|
|
|
|
* If it is not the same, delete and re-export.
|
|
|
|
|
* Then mark it done on the old list.
|
|
|
|
|
* else (not found)
|
|
|
|
|
* export it.
|
|
|
|
|
* Any entries left in the old list after processing must have their
|
|
|
|
|
* exports deleted.
|
|
|
|
|
*/
|
|
|
|
|
for (i = 0; i < exphashsize; i++)
|
|
|
|
|
SLIST_FOREACH(ep, &exphead[i], entries) {
|
|
|
|
|
LOGDEBUG("foreach ep=%s", ep->ex_fsdir);
|
|
|
|
|
oep = ex_search(&ep->ex_fs, oldexphead);
|
|
|
|
|
if (oep != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* Check the mount paths are the same.
|
|
|
|
|
* If not, return 1 so that the reload of the
|
|
|
|
|
* exports will be done in bulk, the
|
|
|
|
|
* passno == 0 way.
|
|
|
|
|
*/
|
|
|
|
|
LOGDEBUG("found old exp");
|
|
|
|
|
if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
|
|
|
|
|
return (1);
|
|
|
|
|
LOGDEBUG("same fsdir");
|
|
|
|
|
/*
|
|
|
|
|
* Test to see if the entry is the same.
|
|
|
|
|
* If not the same delete exports and
|
|
|
|
|
* re-export.
|
|
|
|
|
*/
|
|
|
|
|
if (compare_export(ep, oep) != 0) {
|
|
|
|
|
/*
|
|
|
|
|
* Clear has_publicfh if if was set
|
|
|
|
|
* in the old exports, but only if it
|
|
|
|
|
* has not been set during processing of
|
|
|
|
|
* the exports for this pass, as
|
|
|
|
|
* indicated by has_set_publicfh.
|
|
|
|
|
*/
|
|
|
|
|
if (has_set_publicfh == 0 &&
|
|
|
|
|
(oep->ex_flag & EX_PUBLICFH) != 0)
|
|
|
|
|
has_publicfh = 0;
|
|
|
|
|
|
|
|
|
|
/* Delete and re-export. */
|
|
|
|
|
if (statfs(ep->ex_fsdir, &fs) < 0)
|
|
|
|
|
return (1);
|
|
|
|
|
delete_export(iov, iovlen, &fs, errmsg);
|
|
|
|
|
ret = do_export_mount(ep, &fs);
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
return (ret);
|
|
|
|
|
}
|
|
|
|
|
oep->ex_flag |= EX_DONE;
|
|
|
|
|
LOGDEBUG("exdone");
|
|
|
|
|
} else {
|
|
|
|
|
LOGDEBUG("not found so export");
|
|
|
|
|
/* Not found, so do export. */
|
|
|
|
|
if (statfs(ep->ex_fsdir, &fs) < 0)
|
|
|
|
|
return (1);
|
|
|
|
|
ret = do_export_mount(ep, &fs);
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
return (ret);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Delete exports not done. */
|
|
|
|
|
for (i = 0; i < exphashsize; i++)
|
|
|
|
|
SLIST_FOREACH(oep, &oldexphead[i], entries) {
|
|
|
|
|
if ((oep->ex_flag & EX_DONE) == 0) {
|
|
|
|
|
LOGDEBUG("not done delete=%s", oep->ex_fsdir);
|
|
|
|
|
if (statfs(oep->ex_fsdir, &ofs) >= 0 &&
|
2020-05-21 01:55:35 +00:00
|
|
|
fsidcmp(&oep->ex_fs, &ofs.f_fsid) == 0) {
|
2019-06-03 22:58:51 +00:00
|
|
|
LOGDEBUG("do delete");
|
|
|
|
|
/*
|
|
|
|
|
* Clear has_publicfh if if was set
|
|
|
|
|
* in the old exports, but only if it
|
|
|
|
|
* has not been set during processing of
|
|
|
|
|
* the exports for this pass, as
|
|
|
|
|
* indicated by has_set_publicfh.
|
|
|
|
|
*/
|
|
|
|
|
if (has_set_publicfh == 0 &&
|
|
|
|
|
(oep->ex_flag & EX_PUBLICFH) != 0)
|
|
|
|
|
has_publicfh = 0;
|
|
|
|
|
|
|
|
|
|
delete_export(iov, iovlen, &ofs,
|
|
|
|
|
errmsg);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Do the V4 root exports, as required. */
|
|
|
|
|
grp = NULL;
|
|
|
|
|
if (v4root_ep != NULL)
|
|
|
|
|
grp = v4root_ep->ex_grphead;
|
|
|
|
|
v4root_phase = 2;
|
|
|
|
|
while (v4root_ep != NULL && grp != NULL) {
|
|
|
|
|
LOGDEBUG("v4root expath=%s", v4root_dirpath);
|
|
|
|
|
ret = do_mount(v4root_ep, grp, grp->gr_exflags, &grp->gr_anon,
|
|
|
|
|
v4root_dirpath, strlen(v4root_dirpath), &fs,
|
|
|
|
|
grp->gr_numsecflavors, grp->gr_secflavors);
|
|
|
|
|
if (ret != 0) {
|
|
|
|
|
v4root_phase = 0;
|
|
|
|
|
return (ret);
|
|
|
|
|
}
|
|
|
|
|
grp = grp->gr_next;
|
|
|
|
|
}
|
|
|
|
|
v4root_phase = 0;
|
|
|
|
|
free_v4rootexp();
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Compare old and current exportlist entries for the fsid and return 0
|
|
|
|
|
* if they are the same, 1 otherwise.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
compare_export(struct exportlist *ep, struct exportlist *oep)
|
|
|
|
|
{
|
|
|
|
|
struct grouplist *grp, *ogrp;
|
|
|
|
|
|
|
|
|
|
if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
|
|
|
|
|
return (1);
|
|
|
|
|
if ((ep->ex_flag & EX_DEFSET) != (oep->ex_flag & EX_DEFSET))
|
|
|
|
|
return (1);
|
|
|
|
|
if ((ep->ex_defdir != NULL && oep->ex_defdir == NULL) ||
|
|
|
|
|
(ep->ex_defdir == NULL && oep->ex_defdir != NULL))
|
|
|
|
|
return (1);
|
|
|
|
|
if (ep->ex_defdir != NULL && (ep->ex_defdir->dp_flag & DP_DEFSET) !=
|
|
|
|
|
(oep->ex_defdir->dp_flag & DP_DEFSET))
|
|
|
|
|
return (1);
|
|
|
|
|
if ((ep->ex_flag & EX_DEFSET) != 0 && (ep->ex_defnumsecflavors !=
|
|
|
|
|
oep->ex_defnumsecflavors || ep->ex_defexflags !=
|
|
|
|
|
oep->ex_defexflags || compare_cred(&ep->ex_defanon,
|
|
|
|
|
&oep->ex_defanon) != 0 || compare_secflavor(ep->ex_defsecflavors,
|
|
|
|
|
oep->ex_defsecflavors, ep->ex_defnumsecflavors) != 0))
|
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
|
|
/* Now, check all the groups. */
|
|
|
|
|
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
|
|
|
|
|
ogrp->gr_flag = 0;
|
|
|
|
|
for (grp = ep->ex_grphead; grp != NULL; grp = grp->gr_next) {
|
|
|
|
|
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp =
|
|
|
|
|
ogrp->gr_next)
|
|
|
|
|
if ((ogrp->gr_flag & GR_FND) == 0 &&
|
|
|
|
|
grp->gr_numsecflavors == ogrp->gr_numsecflavors &&
|
|
|
|
|
grp->gr_exflags == ogrp->gr_exflags &&
|
|
|
|
|
compare_cred(&grp->gr_anon, &ogrp->gr_anon) == 0 &&
|
|
|
|
|
compare_secflavor(grp->gr_secflavors,
|
|
|
|
|
ogrp->gr_secflavors, grp->gr_numsecflavors) == 0)
|
|
|
|
|
break;
|
|
|
|
|
if (ogrp != NULL)
|
|
|
|
|
ogrp->gr_flag |= GR_FND;
|
|
|
|
|
else
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
|
|
|
|
|
if ((ogrp->gr_flag & GR_FND) == 0)
|
|
|
|
|
return (1);
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This algorithm compares two arrays of "n" items. It returns 0 if they are
|
|
|
|
|
* the "same" and 1 otherwise. Although suboptimal, it is always safe to
|
|
|
|
|
* return 1, which makes compare_nmount_export() reload the exports entry.
|
|
|
|
|
* "same" refers to having the same set of values in the two arrays.
|
|
|
|
|
* The arrays are in no particular order and duplicates (multiple entries
|
|
|
|
|
* in an array with the same value) is allowed.
|
|
|
|
|
* The algorithm is inefficient, but the common case of indentical arrays is
|
|
|
|
|
* handled first and "n" is normally fairly small.
|
|
|
|
|
* Since the two functions need the same algorithm but for arrays of
|
|
|
|
|
* different types (gid_t vs int), this is done as a macro.
|
|
|
|
|
*/
|
|
|
|
|
#define COMPARE_ARRAYS(a1, a2, n) \
|
|
|
|
|
do { \
|
|
|
|
|
int fnd, fndarray[(n)], i, j; \
|
|
|
|
|
/* Handle common case of identical arrays. */ \
|
|
|
|
|
for (i = 0; i < (n); i++) \
|
|
|
|
|
if ((a1)[i] != (a2)[i]) \
|
|
|
|
|
break; \
|
|
|
|
|
if (i == (n)) \
|
|
|
|
|
return (0); \
|
|
|
|
|
for (i = 0; i < (n); i++) \
|
|
|
|
|
fndarray[i] = 0; \
|
|
|
|
|
for (i = 0; i < (n); i++) { \
|
|
|
|
|
fnd = 0; \
|
|
|
|
|
for (j = 0; j < (n); j++) { \
|
|
|
|
|
if ((a1)[i] == (a2)[j]) { \
|
|
|
|
|
fndarray[j] = 1; \
|
|
|
|
|
fnd = 1; \
|
|
|
|
|
} \
|
|
|
|
|
} \
|
|
|
|
|
if (fnd == 0) \
|
|
|
|
|
return (1); \
|
|
|
|
|
} \
|
|
|
|
|
for (i = 0; i < (n); i++) \
|
|
|
|
|
if (fndarray[i] == 0) \
|
|
|
|
|
return (1); \
|
|
|
|
|
return (0); \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
/*
|
2020-06-14 00:40:00 +00:00
|
|
|
* Compare two struct expcred's. Return 0 if the same and 1 otherwise.
|
2019-06-03 22:58:51 +00:00
|
|
|
*/
|
|
|
|
|
static int
|
2020-06-14 00:40:00 +00:00
|
|
|
compare_cred(struct expcred *cr0, struct expcred *cr1)
|
2019-06-03 22:58:51 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (cr0->cr_uid != cr1->cr_uid || cr0->cr_ngroups != cr1->cr_ngroups)
|
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
|
|
COMPARE_ARRAYS(cr0->cr_groups, cr1->cr_groups, cr0->cr_ngroups);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Compare two lists of security flavors. Return 0 if the same and 1 otherwise.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
compare_secflavor(int *sec1, int *sec2, int nsec)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
COMPARE_ARRAYS(sec1, sec2, nsec);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-11 22:41:58 +00:00
|
|
|
/*
|
|
|
|
|
* Delete an exports entry.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
delete_export(struct iovec *iov, int iovlen, struct statfs *fsp, char *errmsg)
|
|
|
|
|
{
|
|
|
|
|
struct xvfsconf vfc;
|
|
|
|
|
|
|
|
|
|
if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
|
|
|
|
|
syslog(LOG_ERR, "getvfsbyname() failed for %s",
|
|
|
|
|
fsp->f_fstypename);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We do not need to delete "export" flag from
|
|
|
|
|
* filesystems that do not have it set.
|
|
|
|
|
*/
|
|
|
|
|
if (!(fsp->f_flags & MNT_EXPORTED))
|
|
|
|
|
return;
|
|
|
|
|
/*
|
|
|
|
|
* Do not delete export for network filesystem by
|
|
|
|
|
* passing "export" arg to nmount().
|
|
|
|
|
* It only makes sense to do this for local filesystems.
|
|
|
|
|
*/
|
|
|
|
|
if (vfc.vfc_flags & VFCF_NETWORK)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
iov[1].iov_base = fsp->f_fstypename;
|
|
|
|
|
iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
|
|
|
|
|
iov[3].iov_base = fsp->f_mntonname;
|
|
|
|
|
iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
|
|
|
|
|
iov[5].iov_base = fsp->f_mntfromname;
|
|
|
|
|
iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
|
|
|
|
|
errmsg[0] = '\0';
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* EXDEV is returned when path exists but is not a
|
|
|
|
|
* mount point. May happens if raced with unmount.
|
|
|
|
|
*/
|
|
|
|
|
if (nmount(iov, iovlen, fsp->f_flags) < 0 && errno != ENOENT &&
|
|
|
|
|
errno != ENOTSUP && errno != EXDEV) {
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"can't delete exports for %s: %m %s",
|
|
|
|
|
fsp->f_mntonname, errmsg);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Allocate an export list element
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct exportlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_exp(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct exportlist *ep;
|
|
|
|
|
|
2011-07-14 07:35:28 +00:00
|
|
|
ep = (struct exportlist *)calloc(1, sizeof (struct exportlist));
|
1994-05-26 06:35:07 +00:00
|
|
|
if (ep == (struct exportlist *)NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
return (ep);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allocate a group list element
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct grouplist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_grp(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct grouplist *gp;
|
|
|
|
|
|
2011-07-14 07:35:28 +00:00
|
|
|
gp = (struct grouplist *)calloc(1, sizeof (struct grouplist));
|
1994-05-26 06:35:07 +00:00
|
|
|
if (gp == (struct grouplist *)NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
return (gp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Clean up upon an error in get_exportlist().
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2018-02-08 01:34:35 +00:00
|
|
|
getexp_err(struct exportlist *ep, struct grouplist *grp, const char *reason)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct grouplist *tgrp;
|
|
|
|
|
|
2018-02-08 01:34:35 +00:00
|
|
|
if (!(opt_flags & OP_QUIET)) {
|
|
|
|
|
if (reason != NULL)
|
|
|
|
|
syslog(LOG_ERR, "bad exports list line '%s': %s", line,
|
|
|
|
|
reason);
|
|
|
|
|
else
|
|
|
|
|
syslog(LOG_ERR, "bad exports list line '%s'", line);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
if (ep && (ep->ex_flag & EX_LINKED) == 0)
|
|
|
|
|
free_exp(ep);
|
|
|
|
|
while (grp) {
|
|
|
|
|
tgrp = grp;
|
|
|
|
|
grp = grp->gr_next;
|
|
|
|
|
free_grp(tgrp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search the export list for a matching fs.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct exportlist *
|
2019-05-10 23:52:17 +00:00
|
|
|
ex_search(fsid_t *fsid, struct exportlisthead *exhp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct exportlist *ep;
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
uint32_t i;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
Replace a single linked list with a hash table of lists.
mountd.c uses a single linked list of "struct exportlist" structures,
where there is one of these for each exported file system on the NFS server.
This list gets long if there are a large number of file systems exported and
the list must be searched for each line in the exports file(s) when
SIGHUP causes the exports file(s) to be reloaded.
A simple benchmark that traverses SLIST() elements and compares two 32bit
fields in the structure for equal (which is what the search is)
appears to take a couple of nsec. So, for a server with 72000 exported file
systems, this can take about 5sec during reload of the exports file(s).
By replacing the single linked list with a hash table with a target of
10 elements per list, the time should be reduced to less than 1msec.
Peter Errikson (who has a server with 72000+ exported file systems) ran
a test program using 5 hashes to see how they worked.
fnv_32_buf(fsid,..., 0)
fnv_32_buf(fsid,..., FNV1_32_INIT)
hash32_buf(fsid,..., 0)
hash32_buf(fsid,..., HASHINIT)
- plus simply using the low order bits of fsid.val[0].
The first three behaved about equally well, with the first one being
slightly better than the others.
It has an average variation of about 4.5% about the target list length
and that is what this patch uses.
Peter Errikson also tested this hash table version and found that the
performance wasn't measurably improved by a larger hash table, so a
load factor of 10 appears adequate.
Tested by: pen@lysator.liu.se (with other patches)
PR: 237860
MFC after: 1 month
2019-05-31 01:28:48 +00:00
|
|
|
i = EXPHASH(fsid);
|
|
|
|
|
SLIST_FOREACH(ep, &exhp[i], entries) {
|
2020-05-21 01:55:35 +00:00
|
|
|
if (fsidcmp(&ep->ex_fs, fsid) == 0)
|
1994-05-26 06:35:07 +00:00
|
|
|
return (ep);
|
|
|
|
|
}
|
2017-10-04 08:43:56 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
return (ep);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Add a directory path to the list.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static char *
|
2010-12-20 09:28:28 +00:00
|
|
|
add_expdir(struct dirlist **dpp, char *cp, int len)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct dirlist *dp;
|
|
|
|
|
|
2017-09-26 11:11:17 +00:00
|
|
|
dp = malloc(sizeof (struct dirlist));
|
1998-07-15 06:21:41 +00:00
|
|
|
if (dp == (struct dirlist *)NULL)
|
|
|
|
|
out_of_mem();
|
1994-05-26 06:35:07 +00:00
|
|
|
dp->dp_left = *dpp;
|
|
|
|
|
dp->dp_right = (struct dirlist *)NULL;
|
|
|
|
|
dp->dp_flag = 0;
|
|
|
|
|
dp->dp_hosts = (struct hostlist *)NULL;
|
2017-09-26 09:18:18 +00:00
|
|
|
dp->dp_dirp = strndup(cp, len);
|
|
|
|
|
if (dp->dp_dirp == NULL)
|
|
|
|
|
out_of_mem();
|
1994-05-26 06:35:07 +00:00
|
|
|
*dpp = dp;
|
|
|
|
|
return (dp->dp_dirp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Hang the dir list element off the dirpath binary tree as required
|
|
|
|
|
* and update the entry for host.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
|
2020-06-14 00:40:00 +00:00
|
|
|
int flags, struct expcred *anoncrp, uint64_t exflags)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
struct dirlist *dp2;
|
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
if (flags & OP_ALLDIRS) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (ep->ex_defdir)
|
|
|
|
|
free((caddr_t)dp);
|
|
|
|
|
else
|
|
|
|
|
ep->ex_defdir = dp;
|
1995-06-27 11:07:30 +00:00
|
|
|
if (grp == (struct grouplist *)NULL) {
|
2019-06-03 22:58:51 +00:00
|
|
|
ep->ex_flag |= EX_DEFSET;
|
1994-05-26 06:35:07 +00:00
|
|
|
ep->ex_defdir->dp_flag |= DP_DEFSET;
|
2012-09-24 23:57:16 +00:00
|
|
|
/* Save the default security flavors list. */
|
|
|
|
|
ep->ex_defnumsecflavors = ep->ex_numsecflavors;
|
|
|
|
|
if (ep->ex_numsecflavors > 0)
|
|
|
|
|
memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
|
|
|
|
|
sizeof(ep->ex_secflavors));
|
2020-06-14 00:40:00 +00:00
|
|
|
cp_cred(&ep->ex_defanon, anoncrp);
|
2019-06-03 22:58:51 +00:00
|
|
|
ep->ex_defexflags = exflags;
|
1995-06-27 11:07:30 +00:00
|
|
|
} else while (grp) {
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = get_ht();
|
|
|
|
|
hp->ht_grp = grp;
|
|
|
|
|
hp->ht_next = ep->ex_defdir->dp_hosts;
|
|
|
|
|
ep->ex_defdir->dp_hosts = hp;
|
2012-09-24 23:57:16 +00:00
|
|
|
/* Save the security flavors list for this host set. */
|
|
|
|
|
grp->gr_numsecflavors = ep->ex_numsecflavors;
|
|
|
|
|
if (ep->ex_numsecflavors > 0)
|
|
|
|
|
memcpy(grp->gr_secflavors, ep->ex_secflavors,
|
|
|
|
|
sizeof(ep->ex_secflavors));
|
1994-05-26 06:35:07 +00:00
|
|
|
grp = grp->gr_next;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
/*
|
1998-07-15 06:21:41 +00:00
|
|
|
* Loop through the directories adding them to the tree.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
|
while (dp) {
|
|
|
|
|
dp2 = dp->dp_left;
|
2019-06-03 22:58:51 +00:00
|
|
|
add_dlist(&ep->ex_dirl, dp, grp, flags, ep, anoncrp,
|
|
|
|
|
exflags);
|
1994-05-26 06:35:07 +00:00
|
|
|
dp = dp2;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Traverse the binary tree either updating a node that is already there
|
|
|
|
|
* for the new directory or adding the new node.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
|
2020-06-14 00:40:00 +00:00
|
|
|
int flags, struct exportlist *ep, struct expcred *anoncrp,
|
|
|
|
|
uint64_t exflags)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct dirlist *dp;
|
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
|
|
dp = *dpp;
|
|
|
|
|
if (dp) {
|
|
|
|
|
cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
|
|
|
|
|
if (cmp > 0) {
|
2019-06-03 22:58:51 +00:00
|
|
|
add_dlist(&dp->dp_left, newdp, grp, flags, ep, anoncrp,
|
|
|
|
|
exflags);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
} else if (cmp < 0) {
|
2019-06-03 22:58:51 +00:00
|
|
|
add_dlist(&dp->dp_right, newdp, grp, flags, ep, anoncrp,
|
|
|
|
|
exflags);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
} else
|
|
|
|
|
free((caddr_t)newdp);
|
|
|
|
|
} else {
|
|
|
|
|
dp = newdp;
|
|
|
|
|
dp->dp_left = (struct dirlist *)NULL;
|
|
|
|
|
*dpp = dp;
|
|
|
|
|
}
|
|
|
|
|
if (grp) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Hang all of the host(s) off of the directory point.
|
|
|
|
|
*/
|
|
|
|
|
do {
|
|
|
|
|
hp = get_ht();
|
|
|
|
|
hp->ht_grp = grp;
|
|
|
|
|
hp->ht_next = dp->dp_hosts;
|
|
|
|
|
dp->dp_hosts = hp;
|
2012-09-24 23:57:16 +00:00
|
|
|
/* Save the security flavors list for this host set. */
|
|
|
|
|
grp->gr_numsecflavors = ep->ex_numsecflavors;
|
|
|
|
|
if (ep->ex_numsecflavors > 0)
|
|
|
|
|
memcpy(grp->gr_secflavors, ep->ex_secflavors,
|
|
|
|
|
sizeof(ep->ex_secflavors));
|
1994-05-26 06:35:07 +00:00
|
|
|
grp = grp->gr_next;
|
|
|
|
|
} while (grp);
|
1995-06-27 11:07:30 +00:00
|
|
|
} else {
|
2019-06-03 22:58:51 +00:00
|
|
|
ep->ex_flag |= EX_DEFSET;
|
1994-05-26 06:35:07 +00:00
|
|
|
dp->dp_flag |= DP_DEFSET;
|
2012-09-24 23:57:16 +00:00
|
|
|
/* Save the default security flavors list. */
|
|
|
|
|
ep->ex_defnumsecflavors = ep->ex_numsecflavors;
|
|
|
|
|
if (ep->ex_numsecflavors > 0)
|
|
|
|
|
memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
|
|
|
|
|
sizeof(ep->ex_secflavors));
|
2020-06-14 00:40:00 +00:00
|
|
|
cp_cred(&ep->ex_defanon, anoncrp);
|
2019-06-03 22:58:51 +00:00
|
|
|
ep->ex_defexflags = exflags;
|
1995-06-27 11:07:30 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search for a dirpath on the export point.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct dirlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
dirp_search(struct dirlist *dp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
|
|
if (dp) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
cmp = strcmp(dp->dp_dirp, dirp);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (cmp > 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (dirp_search(dp->dp_left, dirp));
|
1994-05-26 06:35:07 +00:00
|
|
|
else if (cmp < 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (dirp_search(dp->dp_right, dirp));
|
1994-05-26 06:35:07 +00:00
|
|
|
else
|
|
|
|
|
return (dp);
|
|
|
|
|
}
|
|
|
|
|
return (dp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Scan for a host match in a directory tree.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
|
2012-09-24 23:57:16 +00:00
|
|
|
int *hostsetp, int *numsecflavors, int **secflavorsp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
struct grouplist *grp;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *ai;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
|
if (dp->dp_flag & DP_DEFSET)
|
1995-06-27 11:07:30 +00:00
|
|
|
*defsetp = dp->dp_flag;
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = dp->dp_hosts;
|
|
|
|
|
while (hp) {
|
|
|
|
|
grp = hp->ht_grp;
|
|
|
|
|
switch (grp->gr_type) {
|
|
|
|
|
case GT_HOST:
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = grp->gr_ptr.gt_addrinfo;
|
|
|
|
|
for (; ai; ai = ai->ai_next) {
|
2001-04-21 20:06:18 +00:00
|
|
|
if (!sacmp(ai->ai_addr, saddr, NULL)) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*hostsetp =
|
|
|
|
|
(hp->ht_flag | DP_HOSTSET);
|
2012-09-24 23:57:16 +00:00
|
|
|
if (numsecflavors != NULL) {
|
|
|
|
|
*numsecflavors =
|
|
|
|
|
grp->gr_numsecflavors;
|
|
|
|
|
*secflavorsp =
|
|
|
|
|
grp->gr_secflavors;
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
case GT_NET:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (!sacmp(saddr, (struct sockaddr *)
|
|
|
|
|
&grp->gr_ptr.gt_net.nt_net,
|
|
|
|
|
(struct sockaddr *)
|
|
|
|
|
&grp->gr_ptr.gt_net.nt_mask)) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*hostsetp = (hp->ht_flag | DP_HOSTSET);
|
2012-09-24 23:57:16 +00:00
|
|
|
if (numsecflavors != NULL) {
|
|
|
|
|
*numsecflavors =
|
|
|
|
|
grp->gr_numsecflavors;
|
|
|
|
|
*secflavorsp =
|
|
|
|
|
grp->gr_secflavors;
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
break;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = hp->ht_next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Scan tree for a host that matches the address.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
scan_tree(struct dirlist *dp, struct sockaddr *saddr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
1995-06-27 11:07:30 +00:00
|
|
|
int defset, hostset;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
|
if (scan_tree(dp->dp_left, saddr))
|
|
|
|
|
return (1);
|
2012-09-24 23:57:16 +00:00
|
|
|
if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
if (scan_tree(dp->dp_right, saddr))
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Traverse the dirlist tree and free it up.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_dir(struct dirlist *dp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
|
free_dir(dp->dp_left);
|
|
|
|
|
free_dir(dp->dp_right);
|
|
|
|
|
free_host(dp->dp_hosts);
|
2017-09-26 12:15:13 +00:00
|
|
|
free(dp->dp_dirp);
|
|
|
|
|
free(dp);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
/*
|
|
|
|
|
* Parse a colon separated list of security flavors
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
parsesec(char *seclist, struct exportlist *ep)
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
{
|
|
|
|
|
char *cp, savedc;
|
|
|
|
|
int flavor;
|
|
|
|
|
|
|
|
|
|
ep->ex_numsecflavors = 0;
|
|
|
|
|
for (;;) {
|
|
|
|
|
cp = strchr(seclist, ':');
|
|
|
|
|
if (cp) {
|
|
|
|
|
savedc = *cp;
|
|
|
|
|
*cp = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strcmp(seclist, "sys"))
|
|
|
|
|
flavor = AUTH_SYS;
|
|
|
|
|
else if (!strcmp(seclist, "krb5"))
|
|
|
|
|
flavor = RPCSEC_GSS_KRB5;
|
|
|
|
|
else if (!strcmp(seclist, "krb5i"))
|
|
|
|
|
flavor = RPCSEC_GSS_KRB5I;
|
|
|
|
|
else if (!strcmp(seclist, "krb5p"))
|
|
|
|
|
flavor = RPCSEC_GSS_KRB5P;
|
|
|
|
|
else {
|
|
|
|
|
if (cp)
|
|
|
|
|
*cp = savedc;
|
|
|
|
|
syslog(LOG_ERR, "bad sec flavor: %s", seclist);
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
if (ep->ex_numsecflavors == MAXSECFLAVORS) {
|
|
|
|
|
if (cp)
|
|
|
|
|
*cp = savedc;
|
|
|
|
|
syslog(LOG_ERR, "too many sec flavors: %s", seclist);
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
|
|
|
|
|
ep->ex_numsecflavors++;
|
|
|
|
|
if (cp) {
|
|
|
|
|
*cp = savedc;
|
|
|
|
|
seclist = cp + 1;
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Parse the option string and update fields.
|
|
|
|
|
* Option arguments may either be -<option>=<value> or
|
|
|
|
|
* -<option> <value>
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
|
2020-06-14 00:40:00 +00:00
|
|
|
int *has_hostp, uint64_t *exflagsp, struct expcred *cr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
char *cpoptarg, *cpoptend;
|
|
|
|
|
char *cp, *endcp, *cpopt, savedc, savedc2;
|
|
|
|
|
int allflag, usedarg;
|
|
|
|
|
|
1999-10-06 18:20:44 +00:00
|
|
|
savedc2 = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
cpopt = *cpp;
|
|
|
|
|
cpopt++;
|
|
|
|
|
cp = *endcpp;
|
|
|
|
|
savedc = *cp;
|
|
|
|
|
*cp = '\0';
|
|
|
|
|
while (cpopt && *cpopt) {
|
|
|
|
|
allflag = 1;
|
|
|
|
|
usedarg = -2;
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptend = strchr(cpopt, ','))) {
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptend++ = '\0';
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptarg = strchr(cpopt, '=')))
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptarg++ = '\0';
|
|
|
|
|
} else {
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptarg = strchr(cpopt, '=')))
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptarg++ = '\0';
|
|
|
|
|
else {
|
|
|
|
|
*cp = savedc;
|
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
|
**endcpp = '\0';
|
|
|
|
|
if (endcp > cp && *cp != '-') {
|
|
|
|
|
cpoptarg = cp;
|
|
|
|
|
savedc2 = *endcp;
|
|
|
|
|
*endcp = '\0';
|
|
|
|
|
usedarg = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
|
|
|
|
|
*exflagsp |= MNT_EXRDONLY;
|
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
|
|
|
|
|
!(allflag = strcmp(cpopt, "mapall")) ||
|
|
|
|
|
!strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
|
|
|
|
|
usedarg++;
|
|
|
|
|
parsecred(cpoptarg, cr);
|
|
|
|
|
if (allflag == 0) {
|
|
|
|
|
*exflagsp |= MNT_EXPORTANON;
|
|
|
|
|
opt_flags |= OP_MAPALL;
|
|
|
|
|
} else
|
|
|
|
|
opt_flags |= OP_MAPROOT;
|
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "mask") ||
|
2001-04-21 20:06:18 +00:00
|
|
|
!strcmp(cpopt, "m"))) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad mask: %s", cpoptarg);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
usedarg++;
|
|
|
|
|
opt_flags |= OP_MASK;
|
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "network") ||
|
|
|
|
|
!strcmp(cpopt, "n"))) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (strchr(cpoptarg, '/') != NULL) {
|
|
|
|
|
if (debug)
|
|
|
|
|
fprintf(stderr, "setting OP_MASKLEN\n");
|
|
|
|
|
opt_flags |= OP_MASKLEN;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
if (grp->gr_type != GT_NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "network/host conflict");
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
} else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad net: %s", cpoptarg);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
grp->gr_type = GT_NET;
|
|
|
|
|
*has_hostp = 1;
|
|
|
|
|
usedarg++;
|
|
|
|
|
opt_flags |= OP_NET;
|
|
|
|
|
} else if (!strcmp(cpopt, "alldirs")) {
|
|
|
|
|
opt_flags |= OP_ALLDIRS;
|
1997-07-16 09:27:53 +00:00
|
|
|
} else if (!strcmp(cpopt, "public")) {
|
|
|
|
|
*exflagsp |= MNT_EXPUBLIC;
|
|
|
|
|
} else if (!strcmp(cpopt, "webnfs")) {
|
|
|
|
|
*exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
|
|
|
|
|
opt_flags |= OP_MAPALL;
|
|
|
|
|
} else if (cpoptarg && !strcmp(cpopt, "index")) {
|
|
|
|
|
ep->ex_indexfile = strdup(cpoptarg);
|
2002-07-18 20:52:17 +00:00
|
|
|
} else if (!strcmp(cpopt, "quiet")) {
|
|
|
|
|
opt_flags |= OP_QUIET;
|
2013-02-20 12:40:26 +00:00
|
|
|
} else if (cpoptarg && !strcmp(cpopt, "sec")) {
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (parsesec(cpoptarg, ep))
|
|
|
|
|
return (1);
|
|
|
|
|
opt_flags |= OP_SEC;
|
|
|
|
|
usedarg++;
|
2020-08-30 21:21:58 +00:00
|
|
|
} else if (!strcmp(cpopt, "tls")) {
|
|
|
|
|
*exflagsp |= MNT_EXTLS;
|
|
|
|
|
} else if (!strcmp(cpopt, "tlscert")) {
|
|
|
|
|
*exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT);
|
|
|
|
|
} else if (!strcmp(cpopt, "tlscertuser")) {
|
|
|
|
|
*exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT |
|
|
|
|
|
MNT_EXTLSCERTUSER);
|
1994-05-26 06:35:07 +00:00
|
|
|
} else {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad opt %s", cpopt);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
if (usedarg >= 0) {
|
|
|
|
|
*endcp = savedc2;
|
|
|
|
|
**endcpp = savedc;
|
|
|
|
|
if (usedarg > 0) {
|
|
|
|
|
*cpp = cp;
|
|
|
|
|
*endcpp = endcp;
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
cpopt = cpoptend;
|
|
|
|
|
}
|
|
|
|
|
**endcpp = savedc;
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Translate a character string to the corresponding list of network
|
|
|
|
|
* addresses for a hostname.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
struct grouplist *checkgrp;
|
2001-04-17 22:25:48 +00:00
|
|
|
struct addrinfo *ai, *tai, hints;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int ecode;
|
|
|
|
|
char host[NI_MAXHOST];
|
1994-05-26 06:35:07 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (grp->gr_type != GT_NULL) {
|
|
|
|
|
syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
|
hints.ai_flags = AI_CANONNAME;
|
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
|
ecode = getaddrinfo(cp, NULL, &hints, &ai);
|
|
|
|
|
if (ecode != 0) {
|
2001-04-17 22:25:48 +00:00
|
|
|
syslog(LOG_ERR,"can't get address info for host %s", cp);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
grp->gr_ptr.gt_addrinfo = ai;
|
|
|
|
|
while (ai != NULL) {
|
|
|
|
|
if (ai->ai_canonname == NULL) {
|
|
|
|
|
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
|
2005-05-13 16:31:11 +00:00
|
|
|
sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
strlcpy(host, "?", sizeof(host));
|
|
|
|
|
ai->ai_canonname = strdup(host);
|
|
|
|
|
ai->ai_flags |= AI_CANONNAME;
|
2001-04-18 00:28:37 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (debug)
|
2001-04-17 22:25:48 +00:00
|
|
|
fprintf(stderr, "got host %s\n", ai->ai_canonname);
|
|
|
|
|
/*
|
|
|
|
|
* Sanity check: make sure we don't already have an entry
|
|
|
|
|
* for this host in the grouplist.
|
|
|
|
|
*/
|
|
|
|
|
for (checkgrp = tgrp; checkgrp != NULL;
|
|
|
|
|
checkgrp = checkgrp->gr_next) {
|
|
|
|
|
if (checkgrp->gr_type != GT_HOST)
|
|
|
|
|
continue;
|
|
|
|
|
for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
|
|
|
|
|
tai = tai->ai_next) {
|
2001-04-21 20:06:18 +00:00
|
|
|
if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
|
2001-04-17 22:25:48 +00:00
|
|
|
continue;
|
|
|
|
|
if (debug)
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"ignoring duplicate host %s\n",
|
|
|
|
|
ai->ai_canonname);
|
|
|
|
|
grp->gr_type = GT_IGNORE;
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = ai->ai_next;
|
|
|
|
|
}
|
2001-04-17 22:25:48 +00:00
|
|
|
grp->gr_type = GT_HOST;
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free up an exports list component
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_exp(struct exportlist *ep)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2019-05-14 22:00:47 +00:00
|
|
|
struct grouplist *grp, *tgrp;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
if (ep->ex_defdir) {
|
|
|
|
|
free_host(ep->ex_defdir->dp_hosts);
|
|
|
|
|
free((caddr_t)ep->ex_defdir);
|
|
|
|
|
}
|
|
|
|
|
if (ep->ex_fsdir)
|
|
|
|
|
free(ep->ex_fsdir);
|
1997-07-16 09:27:53 +00:00
|
|
|
if (ep->ex_indexfile)
|
|
|
|
|
free(ep->ex_indexfile);
|
1994-05-26 06:35:07 +00:00
|
|
|
free_dir(ep->ex_dirl);
|
2019-05-14 22:00:47 +00:00
|
|
|
grp = ep->ex_grphead;
|
|
|
|
|
while (grp) {
|
|
|
|
|
tgrp = grp;
|
|
|
|
|
grp = grp->gr_next;
|
|
|
|
|
free_grp(tgrp);
|
|
|
|
|
}
|
2020-10-10 00:01:40 +00:00
|
|
|
if (ep->ex_defanon.cr_groups != ep->ex_defanon.cr_smallgrps)
|
|
|
|
|
free(ep->ex_defanon.cr_groups);
|
1994-05-26 06:35:07 +00:00
|
|
|
free((caddr_t)ep);
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/*
|
|
|
|
|
* Free up the v4root exports.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
free_v4rootexp(void)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (v4root_ep != NULL) {
|
|
|
|
|
free_exp(v4root_ep);
|
|
|
|
|
v4root_ep = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Free hosts.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_host(struct hostlist *hp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct hostlist *hp2;
|
|
|
|
|
|
|
|
|
|
while (hp) {
|
|
|
|
|
hp2 = hp;
|
|
|
|
|
hp = hp->ht_next;
|
|
|
|
|
free((caddr_t)hp2);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static struct hostlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_ht(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
|
|
|
|
|
hp = (struct hostlist *)malloc(sizeof (struct hostlist));
|
|
|
|
|
if (hp == (struct hostlist *)NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
hp->ht_next = (struct hostlist *)NULL;
|
1995-06-27 11:07:30 +00:00
|
|
|
hp->ht_flag = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
return (hp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Out of memory, fatal
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
out_of_mem(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "out of memory");
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-03 22:58:51 +00:00
|
|
|
/*
|
|
|
|
|
* Call do_mount() from the struct exportlist, for each case needed.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
do_export_mount(struct exportlist *ep, struct statfs *fsp)
|
|
|
|
|
{
|
|
|
|
|
struct grouplist *grp, defgrp;
|
|
|
|
|
int ret;
|
|
|
|
|
size_t dirlen;
|
|
|
|
|
|
|
|
|
|
LOGDEBUG("do_export_mount=%s", ep->ex_fsdir);
|
|
|
|
|
dirlen = strlen(ep->ex_fsdir);
|
|
|
|
|
if ((ep->ex_flag & EX_DEFSET) != 0) {
|
|
|
|
|
defgrp.gr_type = GT_DEFAULT;
|
|
|
|
|
defgrp.gr_next = NULL;
|
|
|
|
|
/* We have an entry for all other hosts/nets. */
|
2020-06-14 00:40:00 +00:00
|
|
|
LOGDEBUG("ex_defexflags=0x%jx", (uintmax_t)ep->ex_defexflags);
|
2019-06-03 22:58:51 +00:00
|
|
|
ret = do_mount(ep, &defgrp, ep->ex_defexflags, &ep->ex_defanon,
|
|
|
|
|
ep->ex_fsdir, dirlen, fsp, ep->ex_defnumsecflavors,
|
|
|
|
|
ep->ex_defsecflavors);
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
return (ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Do a mount for each group. */
|
|
|
|
|
grp = ep->ex_grphead;
|
|
|
|
|
while (grp != NULL) {
|
2020-06-14 00:40:00 +00:00
|
|
|
LOGDEBUG("do mount gr_type=0x%x gr_exflags=0x%jx",
|
|
|
|
|
grp->gr_type, (uintmax_t)grp->gr_exflags);
|
2019-06-03 22:58:51 +00:00
|
|
|
ret = do_mount(ep, grp, grp->gr_exflags, &grp->gr_anon,
|
|
|
|
|
ep->ex_fsdir, dirlen, fsp, grp->gr_numsecflavors,
|
|
|
|
|
grp->gr_secflavors);
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
return (ret);
|
|
|
|
|
grp = grp->gr_next;
|
|
|
|
|
}
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2006-05-23 17:10:17 +00:00
|
|
|
* Do the nmount() syscall with the update flag to push the export info into
|
1994-05-26 06:35:07 +00:00
|
|
|
* the kernel.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2020-06-14 00:40:00 +00:00
|
|
|
do_mount(struct exportlist *ep, struct grouplist *grp, uint64_t exflags,
|
|
|
|
|
struct expcred *anoncrp, char *dirp, int dirplen, struct statfs *fsb,
|
2019-06-03 22:58:51 +00:00
|
|
|
int numsecflavors, int *secflavors)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-22 21:50:30 +00:00
|
|
|
struct statfs fsb1;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *ai;
|
2015-04-29 12:33:00 +00:00
|
|
|
struct export_args *eap;
|
2006-05-23 17:10:17 +00:00
|
|
|
char errmsg[255];
|
|
|
|
|
char *cp;
|
1994-05-26 06:35:07 +00:00
|
|
|
int done;
|
2006-05-23 17:10:17 +00:00
|
|
|
char savedc;
|
|
|
|
|
struct iovec *iov;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int i, iovlen;
|
2006-05-23 17:10:17 +00:00
|
|
|
int ret;
|
2009-05-27 22:02:54 +00:00
|
|
|
struct nfsex_args nfsea;
|
|
|
|
|
|
2015-04-29 12:33:00 +00:00
|
|
|
eap = &nfsea.export;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
|
|
|
|
cp = NULL;
|
|
|
|
|
savedc = '\0';
|
|
|
|
|
iov = NULL;
|
|
|
|
|
iovlen = 0;
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
bzero(eap, sizeof (struct export_args));
|
2006-05-23 17:10:17 +00:00
|
|
|
bzero(errmsg, sizeof(errmsg));
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_flags = exflags;
|
2020-06-14 00:40:00 +00:00
|
|
|
eap->ex_uid = anoncrp->cr_uid;
|
|
|
|
|
eap->ex_ngroups = anoncrp->cr_ngroups;
|
|
|
|
|
if (eap->ex_ngroups > 0) {
|
|
|
|
|
eap->ex_groups = malloc(eap->ex_ngroups * sizeof(gid_t));
|
|
|
|
|
memcpy(eap->ex_groups, anoncrp->cr_groups, eap->ex_ngroups *
|
|
|
|
|
sizeof(gid_t));
|
|
|
|
|
}
|
|
|
|
|
LOGDEBUG("do_mount exflags=0x%jx", (uintmax_t)exflags);
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_indexfile = ep->ex_indexfile;
|
2001-04-18 00:28:37 +00:00
|
|
|
if (grp->gr_type == GT_HOST)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = grp->gr_ptr.gt_addrinfo;
|
2001-04-18 00:28:37 +00:00
|
|
|
else
|
|
|
|
|
ai = NULL;
|
2019-06-03 22:58:51 +00:00
|
|
|
eap->ex_numsecflavors = numsecflavors;
|
|
|
|
|
LOGDEBUG("do_mount numsec=%d", numsecflavors);
|
2009-05-27 22:02:54 +00:00
|
|
|
for (i = 0; i < eap->ex_numsecflavors; i++)
|
2019-06-03 22:58:51 +00:00
|
|
|
eap->ex_secflavors[i] = secflavors[i];
|
2009-05-27 22:02:54 +00:00
|
|
|
if (eap->ex_numsecflavors == 0) {
|
|
|
|
|
eap->ex_numsecflavors = 1;
|
|
|
|
|
eap->ex_secflavors[0] = AUTH_SYS;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
done = FALSE;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 0) {
|
|
|
|
|
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "from", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "update", NULL, 0);
|
|
|
|
|
build_iovec(&iov, &iovlen, "export", eap,
|
|
|
|
|
sizeof (struct export_args));
|
|
|
|
|
build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
|
|
|
|
|
}
|
2006-05-23 17:10:17 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
while (!done) {
|
|
|
|
|
switch (grp->gr_type) {
|
|
|
|
|
case GT_HOST:
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto skip;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr = ai->ai_addr;
|
|
|
|
|
eap->ex_addrlen = ai->ai_addrlen;
|
|
|
|
|
eap->ex_masklen = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
break;
|
|
|
|
|
case GT_NET:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
have_v6 == 0)
|
|
|
|
|
goto skip;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr =
|
2001-04-21 20:06:18 +00:00
|
|
|
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addrlen =
|
2006-05-23 17:10:17 +00:00
|
|
|
((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_mask =
|
2001-04-21 20:06:18 +00:00
|
|
|
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
|
1994-05-26 06:35:07 +00:00
|
|
|
break;
|
2001-04-18 00:28:37 +00:00
|
|
|
case GT_DEFAULT:
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr = NULL;
|
|
|
|
|
eap->ex_addrlen = 0;
|
|
|
|
|
eap->ex_mask = NULL;
|
|
|
|
|
eap->ex_masklen = 0;
|
2001-04-18 00:28:37 +00:00
|
|
|
break;
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
case GT_IGNORE:
|
2006-05-23 17:10:17 +00:00
|
|
|
ret = 0;
|
|
|
|
|
goto error_exit;
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
default:
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad grouptype");
|
1994-05-26 06:35:07 +00:00
|
|
|
if (cp)
|
|
|
|
|
*cp = savedc;
|
2006-05-23 17:10:17 +00:00
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
2016-04-15 22:31:22 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
2009-05-27 22:02:54 +00:00
|
|
|
* For V4:, use the nfssvc() syscall, instead of mount().
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 2) {
|
|
|
|
|
nfsea.fspec = v4root_dirpath;
|
2020-06-14 00:40:00 +00:00
|
|
|
if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT,
|
|
|
|
|
(caddr_t)&nfsea) < 0) {
|
2009-05-27 22:02:54 +00:00
|
|
|
syslog(LOG_ERR, "Exporting V4: failed");
|
2020-06-14 00:40:00 +00:00
|
|
|
ret = 2;
|
|
|
|
|
goto error_exit;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* XXX:
|
|
|
|
|
* Maybe I should just use the fsb->f_mntonname path
|
|
|
|
|
* instead of looping back up the dirp to the mount
|
|
|
|
|
* point??
|
|
|
|
|
* Also, needs to know how to export all types of local
|
|
|
|
|
* exportable filesystems and not just "ufs".
|
|
|
|
|
*/
|
|
|
|
|
iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
|
|
|
|
|
iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
|
|
|
|
|
iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
|
|
|
|
|
iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
|
|
|
|
|
iov[5].iov_base = fsb->f_mntfromname; /* "from" */
|
|
|
|
|
iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
|
2014-08-19 21:04:31 +00:00
|
|
|
errmsg[0] = '\0';
|
2009-05-27 22:02:54 +00:00
|
|
|
|
|
|
|
|
while (nmount(iov, iovlen, fsb->f_flags) < 0) {
|
|
|
|
|
if (cp)
|
|
|
|
|
*cp-- = savedc;
|
|
|
|
|
else
|
|
|
|
|
cp = dirp + dirplen - 1;
|
|
|
|
|
if (opt_flags & OP_QUIET) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
|
|
|
|
}
|
|
|
|
|
if (errno == EPERM) {
|
|
|
|
|
if (debug)
|
2012-08-27 19:08:47 +00:00
|
|
|
warnx("can't change attributes for %s: %s",
|
|
|
|
|
dirp, errmsg);
|
2002-07-18 20:52:17 +00:00
|
|
|
syslog(LOG_ERR,
|
2012-08-27 19:08:47 +00:00
|
|
|
"can't change attributes for %s: %s",
|
|
|
|
|
dirp, errmsg);
|
2009-05-27 22:02:54 +00:00
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
|
|
|
|
}
|
|
|
|
|
if (opt_flags & OP_ALLDIRS) {
|
|
|
|
|
if (errno == EINVAL)
|
|
|
|
|
syslog(LOG_ERR,
|
2002-07-18 20:52:17 +00:00
|
|
|
"-alldirs requested but %s is not a filesystem mountpoint",
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp);
|
|
|
|
|
else
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"could not remount %s: %m",
|
|
|
|
|
dirp);
|
|
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
|
|
|
|
}
|
|
|
|
|
/* back up over the last component */
|
2020-07-22 21:44:51 +00:00
|
|
|
while (cp > dirp && *cp == '/')
|
2009-05-27 22:02:54 +00:00
|
|
|
cp--;
|
2020-07-22 21:44:51 +00:00
|
|
|
while (cp > dirp && *(cp - 1) != '/')
|
2009-05-27 22:02:54 +00:00
|
|
|
cp--;
|
|
|
|
|
if (cp == dirp) {
|
|
|
|
|
if (debug)
|
|
|
|
|
warnx("mnt unsucc");
|
|
|
|
|
syslog(LOG_ERR, "can't export %s %s",
|
|
|
|
|
dirp, errmsg);
|
|
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
|
|
|
|
}
|
|
|
|
|
savedc = *cp;
|
|
|
|
|
*cp = '\0';
|
|
|
|
|
/*
|
|
|
|
|
* Check that we're still on the same
|
|
|
|
|
* filesystem.
|
|
|
|
|
*/
|
|
|
|
|
if (statfs(dirp, &fsb1) != 0 ||
|
2020-05-21 01:55:35 +00:00
|
|
|
fsidcmp(&fsb1.f_fsid, &fsb->f_fsid) != 0) {
|
2009-05-27 22:02:54 +00:00
|
|
|
*cp = savedc;
|
2002-07-18 20:52:17 +00:00
|
|
|
syslog(LOG_ERR,
|
2009-05-27 22:02:54 +00:00
|
|
|
"can't export %s %s", dirp,
|
|
|
|
|
errmsg);
|
|
|
|
|
ret = 1;
|
|
|
|
|
goto error_exit;
|
|
|
|
|
}
|
2001-04-22 21:50:30 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* For the experimental server:
|
|
|
|
|
* If this is the public directory, get the file handle
|
|
|
|
|
* and load it into the kernel via the nfssvc() syscall.
|
|
|
|
|
*/
|
2015-04-29 12:33:00 +00:00
|
|
|
if ((exflags & MNT_EXPUBLIC) != 0) {
|
2009-05-27 22:02:54 +00:00
|
|
|
fhandle_t fh;
|
|
|
|
|
char *public_name;
|
|
|
|
|
|
|
|
|
|
if (eap->ex_indexfile != NULL)
|
|
|
|
|
public_name = eap->ex_indexfile;
|
|
|
|
|
else
|
|
|
|
|
public_name = dirp;
|
|
|
|
|
if (getfh(public_name, &fh) < 0)
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"Can't get public fh for %s", public_name);
|
|
|
|
|
else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
|
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
|
"Can't set public fh for %s", public_name);
|
2019-06-03 22:58:51 +00:00
|
|
|
else {
|
2009-05-27 22:02:54 +00:00
|
|
|
has_publicfh = 1;
|
2019-06-03 22:58:51 +00:00
|
|
|
has_set_publicfh = 1;
|
|
|
|
|
ep->ex_flag |= EX_PUBLICFH;
|
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
skip:
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai != NULL)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = ai->ai_next;
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
done = TRUE;
|
|
|
|
|
}
|
|
|
|
|
if (cp)
|
|
|
|
|
*cp = savedc;
|
2006-05-23 17:10:17 +00:00
|
|
|
error_exit:
|
2020-06-14 00:40:00 +00:00
|
|
|
free(eap->ex_groups);
|
2006-05-23 17:10:17 +00:00
|
|
|
/* free strings allocated by strdup() in getmntopts.c */
|
|
|
|
|
if (iov != NULL) {
|
|
|
|
|
free(iov[0].iov_base); /* fstype */
|
|
|
|
|
free(iov[2].iov_base); /* fspath */
|
|
|
|
|
free(iov[4].iov_base); /* from */
|
|
|
|
|
free(iov[6].iov_base); /* update */
|
|
|
|
|
free(iov[8].iov_base); /* export */
|
|
|
|
|
free(iov[10].iov_base); /* errmsg */
|
|
|
|
|
|
|
|
|
|
/* free iov, allocated by realloc() */
|
|
|
|
|
free(iov);
|
|
|
|
|
}
|
|
|
|
|
return (ret);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Translate a net address.
|
2001-04-21 20:06:18 +00:00
|
|
|
*
|
|
|
|
|
* If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_net(char *cp, struct netmsk *net, int maskflg)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-23 10:12:31 +00:00
|
|
|
struct netent *np = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
char *name, *p, *prefp;
|
2001-04-21 20:06:18 +00:00
|
|
|
struct sockaddr_in sin;
|
2001-04-23 10:12:31 +00:00
|
|
|
struct sockaddr *sa = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo hints, *ai = NULL;
|
|
|
|
|
char netname[NI_MAXHOST];
|
|
|
|
|
long preflen;
|
|
|
|
|
|
2001-04-17 22:25:48 +00:00
|
|
|
p = prefp = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if ((opt_flags & OP_MASKLEN) && !maskflg) {
|
|
|
|
|
p = strchr(cp, '/');
|
|
|
|
|
*p = '\0';
|
|
|
|
|
prefp = p + 1;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2001-04-23 10:12:31 +00:00
|
|
|
/*
|
|
|
|
|
* Check for a numeric address first. We wish to avoid
|
|
|
|
|
* possible DNS lookups in getnetbyname().
|
|
|
|
|
*/
|
|
|
|
|
if (isxdigit(*cp) || *cp == ':') {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
memset(&hints, 0, sizeof hints);
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Ensure the mask and the network have the same family. */
|
|
|
|
|
if (maskflg && (opt_flags & OP_NET))
|
|
|
|
|
hints.ai_family = net->nt_net.ss_family;
|
|
|
|
|
else if (!maskflg && (opt_flags & OP_HAVEMASK))
|
|
|
|
|
hints.ai_family = net->nt_mask.ss_family;
|
|
|
|
|
else
|
|
|
|
|
hints.ai_family = AF_UNSPEC;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
2001-04-23 10:12:31 +00:00
|
|
|
if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
|
|
|
|
|
sa = ai->ai_addr;
|
|
|
|
|
if (sa != NULL && ai->ai_family == AF_INET) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/*
|
2001-04-21 20:06:18 +00:00
|
|
|
* The address in `cp' is really a network address, so
|
|
|
|
|
* use inet_network() to re-interpret this correctly.
|
|
|
|
|
* e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*/
|
2001-04-21 20:06:18 +00:00
|
|
|
bzero(&sin, sizeof sin);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
sin.sin_family = AF_INET;
|
|
|
|
|
sin.sin_len = sizeof sin;
|
2001-04-21 20:06:18 +00:00
|
|
|
sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (debug)
|
2001-04-21 20:06:18 +00:00
|
|
|
fprintf(stderr, "get_net: v4 addr %s\n",
|
|
|
|
|
inet_ntoa(sin.sin_addr));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
sa = (struct sockaddr *)&sin;
|
2001-04-23 10:12:31 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
|
|
|
|
|
bzero(&sin, sizeof sin);
|
|
|
|
|
sin.sin_family = AF_INET;
|
|
|
|
|
sin.sin_len = sizeof sin;
|
|
|
|
|
sin.sin_addr = inet_makeaddr(np->n_net, 0);
|
|
|
|
|
sa = (struct sockaddr *)&sin;
|
|
|
|
|
}
|
|
|
|
|
if (sa == NULL)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto fail;
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (maskflg) {
|
|
|
|
|
/* The specified sockaddr is a mask. */
|
|
|
|
|
if (checkmask(sa) != 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
|
opt_flags |= OP_HAVEMASK;
|
|
|
|
|
} else {
|
|
|
|
|
/* The specified sockaddr is a network address. */
|
|
|
|
|
bcopy(sa, &net->nt_net, sa->sa_len);
|
1997-04-30 18:40:12 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Get a network name for the export list. */
|
|
|
|
|
if (np) {
|
|
|
|
|
name = np->n_name;
|
|
|
|
|
} else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
|
2005-05-13 16:31:11 +00:00
|
|
|
NULL, 0, NI_NUMERICHOST) == 0) {
|
2001-04-21 20:06:18 +00:00
|
|
|
name = netname;
|
|
|
|
|
} else {
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
if ((net->nt_name = strdup(name)) == NULL)
|
|
|
|
|
out_of_mem();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Extract a mask from either a "/<masklen>" suffix, or
|
|
|
|
|
* from the class of an IPv4 address.
|
|
|
|
|
*/
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (opt_flags & OP_MASKLEN) {
|
|
|
|
|
preflen = strtol(prefp, NULL, 10);
|
2001-04-21 20:06:18 +00:00
|
|
|
if (preflen < 0L || preflen == LONG_MAX)
|
|
|
|
|
goto fail;
|
|
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
|
if (makemask(&net->nt_mask, (int)preflen) != 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto fail;
|
2001-04-21 20:06:18 +00:00
|
|
|
opt_flags |= OP_HAVEMASK;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*p = '/';
|
2001-04-21 20:06:18 +00:00
|
|
|
} else if (sa->sa_family == AF_INET &&
|
|
|
|
|
(opt_flags & OP_MASK) == 0) {
|
|
|
|
|
in_addr_t addr;
|
|
|
|
|
|
2021-10-27 03:48:23 +00:00
|
|
|
syslog(LOG_WARNING,
|
|
|
|
|
"WARNING: No mask specified for %s, "
|
|
|
|
|
"using out-of-date default", name);
|
2001-04-21 20:06:18 +00:00
|
|
|
addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
|
|
|
|
|
if (IN_CLASSA(addr))
|
|
|
|
|
preflen = 8;
|
|
|
|
|
else if (IN_CLASSB(addr))
|
|
|
|
|
preflen = 16;
|
|
|
|
|
else if (IN_CLASSC(addr))
|
|
|
|
|
preflen = 24;
|
2021-10-27 03:48:23 +00:00
|
|
|
else if (IN_CLASSD(addr)) /* XXX Multicast??? */
|
2001-04-21 20:06:18 +00:00
|
|
|
preflen = 28;
|
|
|
|
|
else
|
|
|
|
|
preflen = 32; /* XXX */
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
|
makemask(&net->nt_mask, (int)preflen);
|
|
|
|
|
opt_flags |= OP_HAVEMASK;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
|
if (ai)
|
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
if (ai)
|
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
|
return 1;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parse out the next white space separated field
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
nextfield(char **cp, char **endcp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
char *p;
|
2019-04-30 21:38:38 +00:00
|
|
|
char quot = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
p = *cp;
|
|
|
|
|
while (*p == ' ' || *p == '\t')
|
|
|
|
|
p++;
|
2019-04-30 21:38:38 +00:00
|
|
|
*cp = p;
|
|
|
|
|
while (*p != '\0') {
|
|
|
|
|
if (quot) {
|
|
|
|
|
if (*p == quot)
|
|
|
|
|
quot = 0;
|
|
|
|
|
} else {
|
|
|
|
|
if (*p == '\\' && *(p + 1) != '\0')
|
|
|
|
|
p++;
|
|
|
|
|
else if (*p == '\'' || *p == '"')
|
|
|
|
|
quot = *p;
|
|
|
|
|
else if (*p == ' ' || *p == '\t')
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
p++;
|
|
|
|
|
};
|
|
|
|
|
*endcp = p;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get an exports file line. Skip over blank lines and handle line
|
|
|
|
|
* continuations.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_line(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
char *p, *cp;
|
2002-05-14 23:24:28 +00:00
|
|
|
size_t len;
|
1994-05-26 06:35:07 +00:00
|
|
|
int totlen, cont_line;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop around ignoring blank lines and getting all continuation lines.
|
|
|
|
|
*/
|
|
|
|
|
p = line;
|
|
|
|
|
totlen = 0;
|
|
|
|
|
do {
|
2002-05-14 23:24:28 +00:00
|
|
|
if ((p = fgetln(exp_file, &len)) == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
cp = p + len - 1;
|
|
|
|
|
cont_line = 0;
|
|
|
|
|
while (cp >= p &&
|
|
|
|
|
(*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
|
|
|
|
|
if (*cp == '\\')
|
|
|
|
|
cont_line = 1;
|
|
|
|
|
cp--;
|
|
|
|
|
len--;
|
|
|
|
|
}
|
2001-07-02 23:56:01 +00:00
|
|
|
if (cont_line) {
|
|
|
|
|
*++cp = ' ';
|
|
|
|
|
len++;
|
|
|
|
|
}
|
2002-05-14 23:24:28 +00:00
|
|
|
if (linesize < len + totlen + 1) {
|
|
|
|
|
linesize = len + totlen + 1;
|
|
|
|
|
line = realloc(line, linesize);
|
|
|
|
|
if (line == NULL)
|
|
|
|
|
out_of_mem();
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2002-05-14 23:24:28 +00:00
|
|
|
memcpy(line + totlen, p, len);
|
|
|
|
|
totlen += len;
|
|
|
|
|
line[totlen] = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
} while (totlen == 0 || cont_line);
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parse a description of a credential.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2020-06-14 00:40:00 +00:00
|
|
|
parsecred(char *namelist, struct expcred *cr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
char *name;
|
2020-10-10 00:01:40 +00:00
|
|
|
int inpos;
|
1994-05-26 06:35:07 +00:00
|
|
|
char *names;
|
|
|
|
|
struct passwd *pw;
|
|
|
|
|
struct group *gr;
|
2020-10-10 00:01:40 +00:00
|
|
|
gid_t groups[NGROUPS_MAX + 1];
|
|
|
|
|
int ngroups;
|
2021-11-18 21:35:25 +00:00
|
|
|
unsigned long name_ul;
|
|
|
|
|
char *end = NULL;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
|
/*
|
1998-07-15 06:21:41 +00:00
|
|
|
* Set up the unprivileged user.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2020-10-10 00:01:40 +00:00
|
|
|
cr->cr_groups = cr->cr_smallgrps;
|
2020-06-16 02:35:30 +00:00
|
|
|
cr->cr_uid = UID_NOBODY;
|
|
|
|
|
cr->cr_groups[0] = GID_NOGROUP;
|
1994-05-26 06:35:07 +00:00
|
|
|
cr->cr_ngroups = 1;
|
|
|
|
|
/*
|
|
|
|
|
* Get the user's password table entry.
|
|
|
|
|
*/
|
2019-04-30 21:38:38 +00:00
|
|
|
names = namelist;
|
|
|
|
|
name = strsep_quote(&names, ":");
|
2016-01-07 05:34:39 +00:00
|
|
|
/* Bug? name could be NULL here */
|
2021-11-18 21:35:25 +00:00
|
|
|
name_ul = strtoul(name, &end, 10);
|
|
|
|
|
if (*end != '\0' || end == name)
|
1994-05-26 06:35:07 +00:00
|
|
|
pw = getpwnam(name);
|
2021-11-18 21:35:25 +00:00
|
|
|
else
|
|
|
|
|
pw = getpwuid((uid_t)name_ul);
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Credentials specified as those of a user.
|
|
|
|
|
*/
|
|
|
|
|
if (names == NULL) {
|
|
|
|
|
if (pw == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown user: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
cr->cr_uid = pw->pw_uid;
|
2020-10-10 00:01:40 +00:00
|
|
|
ngroups = NGROUPS_MAX + 1;
|
|
|
|
|
if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "too many groups");
|
2020-10-10 00:01:40 +00:00
|
|
|
ngroups = NGROUPS_MAX + 1;
|
2018-04-16 09:17:36 +00:00
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2004-10-02 11:40:48 +00:00
|
|
|
* Compress out duplicate.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2020-10-10 00:01:40 +00:00
|
|
|
if (ngroups > 1 && groups[0] == groups[1]) {
|
|
|
|
|
ngroups--;
|
|
|
|
|
inpos = 2;
|
2021-11-18 21:35:25 +00:00
|
|
|
} else {
|
2020-10-10 00:01:40 +00:00
|
|
|
inpos = 1;
|
2021-11-18 21:35:25 +00:00
|
|
|
}
|
2020-10-10 00:01:40 +00:00
|
|
|
if (ngroups > NGROUPS_MAX)
|
|
|
|
|
ngroups = NGROUPS_MAX;
|
|
|
|
|
if (ngroups > SMALLNGROUPS)
|
|
|
|
|
cr->cr_groups = malloc(ngroups * sizeof(gid_t));
|
|
|
|
|
cr->cr_ngroups = ngroups;
|
|
|
|
|
cr->cr_groups[0] = groups[0];
|
|
|
|
|
memcpy(&cr->cr_groups[1], &groups[inpos], (ngroups - 1) *
|
|
|
|
|
sizeof(gid_t));
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Explicit credential specified as a colon separated list:
|
|
|
|
|
* uid:gid:gid:...
|
|
|
|
|
*/
|
2021-11-18 21:35:25 +00:00
|
|
|
if (pw != NULL) {
|
1994-05-26 06:35:07 +00:00
|
|
|
cr->cr_uid = pw->pw_uid;
|
2021-11-18 21:35:25 +00:00
|
|
|
} else if (*end != '\0' || end == name) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown user: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2021-11-18 21:35:25 +00:00
|
|
|
} else {
|
|
|
|
|
cr->cr_uid = name_ul;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
cr->cr_ngroups = 0;
|
2020-06-14 00:40:00 +00:00
|
|
|
while (names != NULL && *names != '\0' && cr->cr_ngroups < NGROUPS_MAX) {
|
2019-04-30 21:38:38 +00:00
|
|
|
name = strsep_quote(&names, ":");
|
2021-11-18 21:35:25 +00:00
|
|
|
name_ul = strtoul(name, &end, 10);
|
|
|
|
|
if (*end != '\0' || end == name) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if ((gr = getgrnam(name)) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown group: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2020-10-10 00:01:40 +00:00
|
|
|
groups[cr->cr_ngroups++] = gr->gr_gid;
|
2021-11-18 21:35:25 +00:00
|
|
|
} else {
|
|
|
|
|
groups[cr->cr_ngroups++] = name_ul;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-06-14 00:40:00 +00:00
|
|
|
if (names != NULL && *names != '\0' && cr->cr_ngroups == NGROUPS_MAX)
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "too many groups");
|
2020-10-10 00:01:40 +00:00
|
|
|
if (cr->cr_ngroups > SMALLNGROUPS)
|
|
|
|
|
cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t));
|
|
|
|
|
memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t));
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
2009-06-24 18:42:21 +00:00
|
|
|
#define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
|
* Routines that maintain the remote mounttab
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
get_mountlist(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2017-10-04 08:48:05 +00:00
|
|
|
struct mountlist *mlp;
|
1997-03-11 12:43:45 +00:00
|
|
|
char *host, *dirp, *cp;
|
1994-05-26 06:35:07 +00:00
|
|
|
char str[STRSIZ];
|
|
|
|
|
FILE *mlfile;
|
|
|
|
|
|
|
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
|
1999-11-12 21:52:10 +00:00
|
|
|
if (errno == ENOENT)
|
|
|
|
|
return;
|
|
|
|
|
else {
|
|
|
|
|
syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
|
|
|
|
|
return;
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
while (fgets(str, STRSIZ, mlfile) != NULL) {
|
1997-03-11 12:43:45 +00:00
|
|
|
cp = str;
|
|
|
|
|
host = strsep(&cp, " \t\n");
|
|
|
|
|
dirp = strsep(&cp, " \t\n");
|
|
|
|
|
if (host == NULL || dirp == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
continue;
|
|
|
|
|
mlp = (struct mountlist *)malloc(sizeof (*mlp));
|
1998-07-15 06:21:41 +00:00
|
|
|
if (mlp == (struct mountlist *)NULL)
|
|
|
|
|
out_of_mem();
|
2009-06-24 18:42:21 +00:00
|
|
|
strncpy(mlp->ml_host, host, MNTNAMLEN);
|
|
|
|
|
mlp->ml_host[MNTNAMLEN] = '\0';
|
|
|
|
|
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
|
|
|
|
|
mlp->ml_dirp[MNTPATHLEN] = '\0';
|
2017-10-04 08:48:05 +00:00
|
|
|
|
|
|
|
|
SLIST_INSERT_HEAD(&mlhead, mlp, next);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
fclose(mlfile);
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2001-04-17 22:25:48 +00:00
|
|
|
del_mlist(char *hostp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2017-10-04 08:48:05 +00:00
|
|
|
struct mountlist *mlp, *mlp2;
|
1994-05-26 06:35:07 +00:00
|
|
|
FILE *mlfile;
|
|
|
|
|
int fnd = 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_FOREACH_SAFE(mlp, &mlhead, next, mlp2) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (!strcmp(mlp->ml_host, hostp) &&
|
|
|
|
|
(!dirp || !strcmp(mlp->ml_dirp, dirp))) {
|
|
|
|
|
fnd = 1;
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_REMOVE(&mlhead, mlp, mountlist, next);
|
|
|
|
|
free((caddr_t)mlp);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (fnd) {
|
|
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
}
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_FOREACH(mlp, &mlhead, next) {
|
1994-05-26 06:35:07 +00:00
|
|
|
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
|
|
|
|
|
}
|
|
|
|
|
fclose(mlfile);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
add_mlist(char *hostp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2017-10-04 08:48:05 +00:00
|
|
|
struct mountlist *mlp;
|
1994-05-26 06:35:07 +00:00
|
|
|
FILE *mlfile;
|
|
|
|
|
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_FOREACH(mlp, &mlhead, next) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-10-04 08:48:05 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
mlp = (struct mountlist *)malloc(sizeof (*mlp));
|
1998-07-15 06:21:41 +00:00
|
|
|
if (mlp == (struct mountlist *)NULL)
|
|
|
|
|
out_of_mem();
|
2009-06-24 18:42:21 +00:00
|
|
|
strncpy(mlp->ml_host, hostp, MNTNAMLEN);
|
|
|
|
|
mlp->ml_host[MNTNAMLEN] = '\0';
|
|
|
|
|
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
|
|
|
|
|
mlp->ml_dirp[MNTPATHLEN] = '\0';
|
2017-10-04 08:48:05 +00:00
|
|
|
SLIST_INSERT_HEAD(&mlhead, mlp, next);
|
1994-05-26 06:35:07 +00:00
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
|
|
|
|
|
fclose(mlfile);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free up a group list.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_grp(struct grouplist *grp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
if (grp->gr_type == GT_HOST) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (grp->gr_ptr.gt_addrinfo != NULL)
|
|
|
|
|
freeaddrinfo(grp->gr_ptr.gt_addrinfo);
|
1994-05-26 06:35:07 +00:00
|
|
|
} else if (grp->gr_type == GT_NET) {
|
|
|
|
|
if (grp->gr_ptr.gt_net.nt_name)
|
|
|
|
|
free(grp->gr_ptr.gt_net.nt_name);
|
|
|
|
|
}
|
2020-10-10 00:01:40 +00:00
|
|
|
if (grp->gr_anon.cr_groups != grp->gr_anon.cr_smallgrps)
|
|
|
|
|
free(grp->gr_anon.cr_groups);
|
1994-05-26 06:35:07 +00:00
|
|
|
free((caddr_t)grp);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
1994-05-26 06:35:07 +00:00
|
|
|
SYSLOG(int pri, const char *fmt, ...)
|
|
|
|
|
{
|
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
|
vfprintf(stderr, fmt, ap);
|
|
|
|
|
va_end(ap);
|
|
|
|
|
}
|
|
|
|
|
#endif /* DEBUG */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check options for consistency.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2010-12-20 09:28:28 +00:00
|
|
|
check_options(struct dirlist *dp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 0 && dp == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
2001-09-18 23:34:44 +00:00
|
|
|
if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
|
|
|
|
|
syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
|
2001-04-21 20:06:18 +00:00
|
|
|
syslog(LOG_ERR, "-mask requires -network");
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
|
|
|
|
|
syslog(LOG_ERR, "-network requires mask specification");
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
|
|
|
|
|
syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
|
|
|
|
|
return (1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase > 0 &&
|
|
|
|
|
(opt_flags &
|
|
|
|
|
~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
|
|
|
|
|
syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
2010-05-06 00:24:08 +00:00
|
|
|
if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
|
|
|
|
|
syslog(LOG_ERR, "-alldirs has multiple directories");
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-06 18:57:14 +00:00
|
|
|
static int
|
|
|
|
|
check_path_component(const char *path, char **err)
|
|
|
|
|
{
|
|
|
|
|
struct stat sb;
|
|
|
|
|
|
|
|
|
|
if (lstat(path, &sb)) {
|
|
|
|
|
asprintf(err, "%s: lstat() failed: %s.\n",
|
|
|
|
|
path, strerror(errno));
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (sb.st_mode & S_IFMT) {
|
|
|
|
|
case S_IFDIR:
|
|
|
|
|
return (1);
|
|
|
|
|
case S_IFLNK:
|
|
|
|
|
asprintf(err, "%s: path is a symbolic link.\n", path);
|
|
|
|
|
break;
|
|
|
|
|
case S_IFREG:
|
|
|
|
|
asprintf(err, "%s: path is a file rather than a directory.\n",
|
|
|
|
|
path);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
asprintf(err, "%s: path is not a directory.\n", path);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2023-05-06 18:57:14 +00:00
|
|
|
* Check each path component for the presence of symbolic links. Return true
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2023-05-06 18:57:14 +00:00
|
|
|
check_dirpath(char *dirp, char **err)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
|
|
cp = dirp + 1;
|
2023-05-06 18:57:14 +00:00
|
|
|
while (*cp) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (*cp == '/') {
|
|
|
|
|
*cp = '\0';
|
2023-05-06 18:57:14 +00:00
|
|
|
|
|
|
|
|
if (!check_path_component(dirp, err)) {
|
|
|
|
|
*cp = '/';
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
*cp = '/';
|
|
|
|
|
}
|
|
|
|
|
cp++;
|
|
|
|
|
}
|
2023-05-06 18:57:14 +00:00
|
|
|
|
|
|
|
|
if (!check_path_component(dirp, err))
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Populate statfs information. Return true on success.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
check_statfs(const char *dirp, struct statfs *fsb, char **err)
|
|
|
|
|
{
|
|
|
|
|
if (statfs(dirp, fsb)) {
|
|
|
|
|
asprintf(err, "%s: statfs() failed: %s\n", dirp,
|
|
|
|
|
strerror(errno));
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
|
* Make a netmask according to the specified prefix length. The ss_family
|
|
|
|
|
* and other non-address fields must be initialised before calling this.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2001-04-21 20:06:18 +00:00
|
|
|
makemask(struct sockaddr_storage *ssp, int bitlen)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
u_char *p;
|
|
|
|
|
int bits, i, len;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
|
|
|
|
|
return (-1);
|
2002-09-25 04:06:37 +00:00
|
|
|
if (bitlen > len * CHAR_BIT)
|
2001-04-21 20:06:18 +00:00
|
|
|
return (-1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++) {
|
2016-05-02 01:49:42 +00:00
|
|
|
bits = MIN(CHAR_BIT, bitlen);
|
2011-03-01 11:47:16 +00:00
|
|
|
*p++ = (u_char)~0 << (CHAR_BIT - bits);
|
2001-04-21 20:06:18 +00:00
|
|
|
bitlen -= bits;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
return 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
|
* Check that the sockaddr is a valid netmask. Returns 0 if the mask
|
|
|
|
|
* is acceptable (i.e. of the form 1...10....0).
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2001-04-21 20:06:18 +00:00
|
|
|
checkmask(struct sockaddr *sa)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
u_char *mask;
|
|
|
|
|
int i, len;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if ((mask = sa_rawaddr(sa, &len)) == NULL)
|
|
|
|
|
return (-1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++)
|
|
|
|
|
if (mask[i] != 0xff)
|
|
|
|
|
break;
|
|
|
|
|
if (i < len) {
|
|
|
|
|
if (~mask[i] & (u_char)(~mask[i] + 1))
|
|
|
|
|
return (-1);
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
for (; i < len; i++)
|
|
|
|
|
if (mask[i] != 0)
|
|
|
|
|
return (-1);
|
|
|
|
|
return (0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
|
* Compare two sockaddrs according to a specified mask. Return zero if
|
|
|
|
|
* `sa1' matches `sa2' when filtered by the netmask in `samask'.
|
2011-12-30 10:58:14 +00:00
|
|
|
* If samask is NULL, perform a full comparison.
|
2001-04-21 20:06:18 +00:00
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static int
|
2001-04-21 20:06:18 +00:00
|
|
|
sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
unsigned char *p1, *p2, *mask;
|
|
|
|
|
int len, i;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (sa1->sa_family != sa2->sa_family ||
|
|
|
|
|
(p1 = sa_rawaddr(sa1, &len)) == NULL ||
|
|
|
|
|
(p2 = sa_rawaddr(sa2, NULL)) == NULL)
|
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
|
|
switch (sa1->sa_family) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case AF_INET6:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
|
|
|
|
|
((struct sockaddr_in6 *)sa2)->sin6_scope_id)
|
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Simple binary comparison if no mask specified. */
|
|
|
|
|
if (samask == NULL)
|
|
|
|
|
return (memcmp(p1, p2, len));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Set up the mask, and do a mask-based comparison. */
|
|
|
|
|
if (sa1->sa_family != samask->sa_family ||
|
|
|
|
|
(mask = sa_rawaddr(samask, NULL)) == NULL)
|
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++)
|
|
|
|
|
if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
|
|
|
|
|
return (1);
|
|
|
|
|
return (0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
|
* Return a pointer to the part of the sockaddr that contains the
|
|
|
|
|
* raw address, and set *nbytes to its length in bytes. Returns
|
|
|
|
|
* NULL if the address family is unknown.
|
|
|
|
|
*/
|
2015-07-04 08:40:48 +00:00
|
|
|
static void *
|
2001-04-21 20:06:18 +00:00
|
|
|
sa_rawaddr(struct sockaddr *sa, int *nbytes) {
|
|
|
|
|
void *p;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int len;
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
switch (sa->sa_family) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case AF_INET:
|
2001-04-21 20:06:18 +00:00
|
|
|
len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
|
|
|
|
|
p = &((struct sockaddr_in *)sa)->sin_addr;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
case AF_INET6:
|
2001-04-21 20:06:18 +00:00
|
|
|
len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
|
|
|
|
|
p = &((struct sockaddr_in6 *)sa)->sin6_addr;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2001-04-21 20:06:18 +00:00
|
|
|
p = NULL;
|
|
|
|
|
len = 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (nbytes != NULL)
|
|
|
|
|
*nbytes = len;
|
|
|
|
|
return (p);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
huphandler(int sig __unused)
|
2001-04-21 00:55:17 +00:00
|
|
|
{
|
2015-07-04 08:40:48 +00:00
|
|
|
|
2001-04-21 00:55:17 +00:00
|
|
|
got_sighup = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-04 08:40:48 +00:00
|
|
|
static void
|
|
|
|
|
terminate(int sig __unused)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2005-08-24 19:17:06 +00:00
|
|
|
pidfile_remove(pfh);
|
2009-06-24 18:42:21 +00:00
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
|
|
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
exit (0);
|
|
|
|
|
}
|
2020-06-14 00:40:00 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
cp_cred(struct expcred *outcr, struct expcred *incr)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
outcr->cr_uid = incr->cr_uid;
|
|
|
|
|
outcr->cr_ngroups = incr->cr_ngroups;
|
2020-10-10 00:01:40 +00:00
|
|
|
if (outcr->cr_ngroups > SMALLNGROUPS)
|
|
|
|
|
outcr->cr_groups = malloc(outcr->cr_ngroups * sizeof(gid_t));
|
|
|
|
|
else
|
|
|
|
|
outcr->cr_groups = outcr->cr_smallgrps;
|
2020-06-14 00:40:00 +00:00
|
|
|
memcpy(outcr->cr_groups, incr->cr_groups, incr->cr_ngroups *
|
|
|
|
|
sizeof(gid_t));
|
|
|
|
|
}
|
