Commit Graph

141 Commits

Author SHA1 Message Date
Andriy Gapon
020d6f96e3 mountd: fix a crash when getgrouplist reports too many groups
Previously the code only warned about the condition and then happily
proceeded to use the too large value resulting in the array
out-of-bounds access.

Obtained from:	Panzura (Chuanbo Zheng)
MFC after:	10 days
Sponsored by:	Panzura
2018-04-16 09:17:36 +00:00
Ravi Pokala
b235f015f8 mountd: Return proper errno values in a few error paths
When attempting to mount a non-directory which exists, return ENOTDIR instead
of ENOENT. If stat() or statfs() failed, don't pass part of the invalid
(struct statfs) to ex_search(). In that same case, preserve the value of "bad"
rather than overwriting with EACCES.

Submitted by:	Bruce Leverett (Panasas)
Reviewed by:	rmacklem
MFC after:	1 week
Sponsored by:	Panasas
Differential Revision:	https://reviews.freebsd.org/D14438
2018-02-21 00:19:02 +00:00
Conrad Meyer
354fce2869 mountd(8): Produce vaguely meaningful error messages
Sponsored by:	Dell EMC Isilon
2018-02-08 01:34:35 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Emmanuel Vadot
1da3e8b097 mountd: Convert mountlist to SLIST
Use SLIST from sys/queue.h instead of homebrew linked list for mountlist.

Reviewed by:	bapt, rmacklem
MFC after:	1 week
Sponsored by:	Gandi.net
Differential Revision:	https://reviews.freebsd.org/D12504
2017-10-04 08:48:05 +00:00
Emmanuel Vadot
c9ac0f714c mountd: Convert exportlist to SLIST
Use SLIST from sys/queue.h instead of homebrew linked list for the exportlist.

Reviewed by:	bapt, rmacklem
MFC after:	1 week
Sponsored by:	Gandi.net
Differential Revision:	https://reviews.freebsd.org/D12502
2017-10-04 08:43:56 +00:00
Emmanuel Vadot
92e73ccc73 mountd: Avoid memory leak by freeing dp_dirp
Introduced in r324007, the data alloced by strdup was never free'ed.
While here, remove cast to caddr_t when freeing dp.

Reported by:	bde
MFC after:	1 week
X MFC With:	r324007
2017-09-26 12:15:13 +00:00
Emmanuel Vadot
89b859e39a mountd: Remove unneeded cast
Reported by:	kib
MFC after:	1 week
X MFC With:	r324007
2017-09-26 11:11:17 +00:00
Emmanuel Vadot
380a3fcd05 mountd: Replace malloc+strcpy to strdup
Reviewed by:	bapt
MFC after:	1 week
Sponsored by:	Gandi.net
Differential Revision:	https://reviews.freebsd.org/D12503
2017-09-26 09:18:18 +00:00
Rick Macklem
947572b4ee Change the default uid/gid values for nobody/nogroup to 65534/65533.
The default values found in /etc/passwd and /etc/group are 65534, 65533.
In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits.
Without this patch, a file created by root on an NFS exported volume without
the "-root=" export option will end up owned by uid 4**32 - 2.
When discussed on freebsd-current@, it seemed that users preferred the
values being changed to 65534/65533.
I have not added code to acquire these values from the databases, since
the mountd daemon might get "stuck" during startup waiting for a non-responsive
password database server.

Discussed on:	freebsd-current
2017-05-14 00:38:41 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Rick Macklem
5ebee88d80 mountd(8) was erroneously setting the sysctl for the old NFS server
when the new/default NFS server was running, for the "-n" option.

This patch fixes the problem for head and stable/11. For stable/10 the
patch will need to be modified when MFC'd, since the stable/10 mountd.c
handles both old and new NFS servers.
Since the new NFS server uses vfs.nfsd.nfs_privport == 0 by default,
there wouldn't have been many users affected by the code not setting
it to 0 when the "-n" option was specified.

PR:		213450
Submitted by:	rs@bytecamp.net
MFC after:	2 weeks
2016-10-25 00:52:42 +00:00
Marcelo Araujo
a175f065d9 Use MIN macro from sys/param.h.
MFC after:	2 weeks.
2016-05-02 01:49:42 +00:00
Pedro F. Giffuni
80c7cc1c8f Cleanup unnecessary semicolons from utilities we all love. 2016-04-15 22:31:22 +00:00
Josh Paetzel
b875c2e96d Allow /etc/exports to contain usernames/groups with spaces in them.
If you are getting your users/groups from a directory service such
as LDAP or AD it's possible for those usernames or groupnames to
contain spaces.

Submitted by:	Sean E. Fagan
Reviewed by:	rmacklem
MFC after:	1 week
Sponsored by:	iXsystems
2016-01-07 05:34:39 +00:00
Ulrich Spörlein
c9e1c304c1 Fix type mismatches for malloc(3) and Co.
This is rather pedantic, as for most architectures it holds that
sizeof(type *) == sizeof(type **)

Found by:	clang static analyzer
Reviewed by:	ed
Differential Revision: https://reviews.freebsd.org/D4722
2015-12-29 11:24:41 +00:00
Edward Tomasz Napierala
19c46d8cf7 Staticize some stuff in mountd(8); no functional changes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-07-04 08:40:48 +00:00
Rick Macklem
9896584a4b Add a warning message to mountd for exported file
systems that are automounted, since that configuration
isn't supported. This still allows the export, since
two emails I received felt that this should not be
disabled. It sends the message to syslog(LOG_ERR..), so that
it goes to the same places as the other messages related
to /etc/exports problems, even though it is a warning and not an error.

Reviewed by:	trasz
MFC after:	2 weeks
2015-05-16 12:05:26 +00:00
Edward Tomasz Napierala
79b8680737 Remove oldnfs leftovers from mountd(8).
Reviewed by:	rmacklem@
Sponsored by:	The FreeBSD Foundation
2015-04-29 12:33:00 +00:00
Simon J. Gerraty
2ef26470c5 No need to delete export from filesystems which are not exported. 2015-04-18 19:52:39 +00:00
Konstantin Belousov
5d6f5b24ca Mountd iterating over the mount points may race with the parallel
unmount, which causes error from nmount(2) call when performing
MNT_DELEXPORT over the directory which ceased to be a mount point.

The race is legitimate and innocent, but results in the chatty mountd.
Silence it by providing an distinguished error code for the situation,
and ignoring the error in mountd loop.

Based on the patch by:	Andreas Longwitz <longwitz@incore.de>
Prodded and tested by:	bdrewery
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-02-10 18:00:32 +00:00
Ryan Stone
9745de4c2c When mountd is creating sockets, it iterates over all addresses specified
in the "hosts" array and eventually looks up the network address with
getaddrinfo(). At one point it checks for a numeric address and if it
sees one, it sets a hint parameter to force getaddrinfo to interpret the
host as a numeric address. However that hint is not cleared for subsequent
iterations of the loop and if any hosts seen after this point are host names,
getaddrinfo will fail on the name.  The result of this bug is that you cannot
pass a host name to the -h flag.

Unfortunately, the first iteration will either process ::1 or 127.0.0.1,
so the flag is set on the first iteration and all host names will fail
to be processed.

The same bug applies to rpc.lockd and rpc.statd, so fix them too.

Differential Revision:	https://reviews.freebsd.org/D1507
Reported by:	Dylan Martin
MFC after:	1 week
Sponsored by:	Sandvine Inc.
2015-01-19 00:33:32 +00:00
Bryan Drewery
4a185fa6c9 Avoid showing stale errors when nmount(2) fails.
Sometimes nmount(2) will fail without setting errmsg. The previous (ignored)
error would then be shown as the reason for the failed call if the next
nmount(2) also fails without [ENOENT,ENOTSUP].

An example is when there is a tmpfs mounted with -o size. vfs_filteropt() adds
'size' as an error in errmsg due to 'size' not being in tmpfs_updateopts. Then
tmpfs_mount returns [ENOTSUP] from nmount(2), which is then ignored. The next
call may race with an unmount causing an invalid [EINVAL] that then does log an
error, with the tmpfs errmsg.

The race itself is a separate issue to fix as it is expected to have an
[ENOENT] returned instead.

In this example the mount being shown is actually nullfs, not tmpfs that the
error is from.

  mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument mount option <size> is unknown

It should only show:

  mountd[740]: can't delete exports for /poudriere/data/.m/exp-head-commit-test-devel/04/.npkg: Invalid argument

MFC after:	2 weeks
2014-08-19 21:04:31 +00:00
Sergey Kandaurov
dcdc127b07 Check if the -sec option is given without an argument.
PR:		bin/170413
Submitted by:	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
MFC after:	1 week
2013-02-20 12:40:26 +00:00
Kevin Lo
a5752d55e0 Fix socket calls on error post-r243965.
Submitted by:	Garrett Cooper
2012-12-21 15:54:13 +00:00
Rick Macklem
c548eb5cad Add a new '-S' option to mountd, which tells it to suspend
execution of the nfsd threads while it is reloading the exports.
This avoids clients from getting intermittent access errors
when the exports are being reloaded non-atomically.
It is not an ideal solution, since requests will back up while
the nfsd threads are suspended. Also, when this option is used,
if mountd crashes while reloading exports, mountd will have to
be restarted to get the nfsd threads to resume execution.
This has been tested by Vincent Hoffman (vince at unsane.co.uk)
and John Hickey (jh at deterlab.net).
The nfse patch offers a more comprehensive solution for this issue.

PR:		kern/9619, kern/131342
Reviewed by:	kib
MFC after:	2 weeks
2012-10-15 00:17:16 +00:00
Rick Macklem
c3f86a256c Attila Bogar reported a bug in mountd when multiple export
entries with different security flavors are in the exports(5)
file. For that case, mountd replies with the security flavors
of the last entry and not the correct one for the client host.
This patch fixes that by storing separate copies of the flavors
for each host/net case, plus a default one for the case where
no hosts/nets are specified on an entry in the exports(5) file.
Unlike the patch in the PR, it replies with the security flavors
for the entry instead of merging the security flavors for all
the entries and replying with that.

Tested by:	attila.bogar at linguamatics.com
PR:		kern/164933
MFC after:	2 weeks
2012-09-24 23:57:16 +00:00
Xin LI
7790916244 Show error messages if nmount() failed.
MFC after:	1 month
2012-08-27 19:08:47 +00:00
Eitan Adler
e0bcf08675 Fix warning when compiling with gcc46:
error: variable 'dirp' set but not used
	error: variable 'dirplen' set but not used

Approved by:	dim, cperciva (mentor, blanket for pre-mentorship already-approved commits)
MFC after:	3 days
2012-01-20 01:38:12 +00:00
Ulrich Spörlein
3df5ecac8c Spelling fixes for usr.sbin/ 2011-12-30 10:58:14 +00:00
Xin LI
5375015146 Use calloc() instead of an explicit memset.
MFC after:	2 weeks
2011-07-14 07:35:28 +00:00
Rick Macklem
8fb6ad5d8a Fix the nfs related daemons so that they don't intermittently
fail with "bind: address already in use". This problem was reported
to the freebsd-stable@ mailing list on Feb. 19 under the subject
heading "statd/lockd startup failure" by george+freebsd at m5p dot com.
The problem is that the first combination of {udp,tcp X ipv4,ipv6}
would select a port# dynamically, but one of the other three combinations
would have that port# already in use. The patch is somewhat involved
because it was requested by dougb@ that the four combinations use the
same port# wherever possible. The patch splits the create_service()
function into two functions. The first goes as far as bind(2) in a
loop for up to GETPORT_MAXTRY - 1 times, attempting to use the same port#
for all four cases. If these attempts fail, the last attempt allows
the 4 cases to use different port #s. After this function has succeeded,
the second function, called complete_service(), does the rest of what
create_service() did.
The three daemons mountd, rpc.lockd and rpc.statd all have a
create_service() function that is patched in a similar way. However,
create_service() has non-trivial differences for the three daemons
that made it impractical to share the same functions between them.

Reviewed by:	jhb
MFC after:	2 weeks
2011-06-02 19:33:33 +00:00
Rick Macklem
2a85df8ca0 This patch changes the default NFS server to the new one, which was
referred to as the experimental server. It also adds a new command
line option "-o" to both mountd and nfsd that forces them to use the
old/regular NFS server. The "-e" option for these commands is now
a no-op, since the new server is the default. I will be committing rc
script and man changes soon. Discussed on freebsd-fs@.
2011-04-24 00:06:56 +00:00
Ruslan Ermilov
58202d8973 Fixed conversion of prefix length to a netmask. 2011-03-01 11:47:16 +00:00
Philippe Charnier
a7a7d96c7a Add __unused. Ansi prototypes. 2010-12-20 09:28:28 +00:00
Rick Macklem
56cfc5ed12 If the "-alldirs" export option was used for the V4: line, mountd
would crash in check_options() since dp == NULL for the V4: line.
This patch moves the check for options allowed on the V4: line to
ahead of where dp is used to avoid this crash.

Reported by:	mamalos AT eng.auth.gr
MFC after:	1 week
2010-05-06 00:24:08 +00:00
Doug Rabson
0775314b63 Don't use sys/nfs/rpcv2.h - it is part of the old kernel RPC implementation
and will be removed.
2009-06-24 18:42:21 +00:00
Rick Macklem
73f4ccbd29 When mountd.c parses the nfsv4 root line(s) in /etc/exports, it
allocates data structures that are never linked into the tree or free'd.
As such, mountd would leak memory every time it parsed an nfsv4 root line.
This patch frees up those structures to plug the leak.

Approved by:	kib (mentor)
2009-06-23 21:48:04 +00:00
Brooks Davis
838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
Alexander Kabaev
e7733ffa39 Re-do r192913 in less intrusive way. Only do IP_RECVDSTADDR/IP_SENDSRCADDR
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.

Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.

Reported by:	lstewart
Tested by:	lstewart
2009-06-18 17:10:43 +00:00
Alexander Kabaev
4b119b6669 The change r192913 has added dependency on IP_RECVDSTADDR being
set for RPC UDP sockets. Mountd uses internal libc fuctions
directly and bypasses generic socket initialization completely,
so we need to set IP_RECVDSTADDR here to match the libc behavior.
2009-06-08 03:15:27 +00:00
Rick Macklem
2179ae1ebf Change the "-4" argument for nfsd and mountd to "-e" to avoid
confusion, since it does not refer to IPv4 nor NFSv4, but to
running the experimental server instead of the regular one.

Approved by:	kib (mentor)
2009-05-28 20:28:13 +00:00
Rick Macklem
bcc1d0716a Modify mountd to handle the experimental nfs server as well as the
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.

Approved by:	kib (mentor)
2009-05-27 22:02:54 +00:00
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
Craig Rodrigues
55dd132740 Remove hacks which filter out MNT_ROOTFS.
They are no longer needed now that we filter out MNT_ROOTFS
inside the nmount() call in revision 1.267 of vfs_mount.c.

Reviewed by:	rink
2008-03-05 07:55:07 +00:00
Simon L. B. Nielsen
89ca9145fb Use the correct variable to check for a malloc failing. This fixes a
case where mountd would fail to start with "out of memory" logged to
syslog.
2007-10-27 12:24:47 +00:00
Matteo Riondato
d11e36457b Add the -h <bindip> option to mountd, similar to the one in nfsd(8)
-h bindip
Specify specific IP addresses to bind to for TCP and UDP requests.
This option may be specified multiple times.  If no -h option is
specified, mountd will bind to INADDR_ANY.  Note that when specifying
IP addresses with -h, mountd will automatically add 127.0.0.1 and if
IPv6 is enabled, ::1 to the list.

PR:		bin/114097
Reviewed by:	pjd (an eariler version of the patch)
MFC after:	1 week
2007-10-20 11:25:34 +00:00
Pawel Jakub Dawidek
6c90092b5a Fatal error is only when cannot open any of the given exports files. 2007-04-13 10:25:49 +00:00
Pawel Jakub Dawidek
96968c223b Add support for multiple exports files. This will be useful for example for
ZFS, where we have automatically generated /etc/zfs/exports file, which
should not be edited directly.

Discussed with:	rwatson
2007-02-03 00:12:18 +00:00
Craig Rodrigues
37518a88fb If nmount() fails to export a directory, in the syslog() error message,
add the errmsg string returned by nmount().
2007-01-26 13:26:43 +00:00