1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 1989, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
* Herb Hasler and Rick Macklem at The University of Guelph.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef lint
|
1998-07-15 06:21:41 +00:00
|
|
|
static const char copyright[] =
|
1994-05-26 06:35:07 +00:00
|
|
|
"@(#) Copyright (c) 1989, 1993\n\
|
|
|
|
The Regents of the University of California. All rights reserved.\n";
|
1994-09-22 22:17:02 +00:00
|
|
|
#endif /*not lint*/
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1998-07-15 06:21:41 +00:00
|
|
|
#if 0
|
2002-10-16 16:04:50 +00:00
|
|
|
#ifndef lint
|
1998-07-15 06:21:41 +00:00
|
|
|
static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
|
1994-09-22 22:17:02 +00:00
|
|
|
#endif /*not lint*/
|
2002-10-16 16:04:50 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
#include <sys/param.h>
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#include <sys/fcntl.h>
|
2002-05-14 23:24:28 +00:00
|
|
|
#include <sys/linker.h>
|
|
|
|
#include <sys/module.h>
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <sys/mount.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <sys/syslog.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
#include <rpc/rpc.h>
|
2003-01-16 07:27:30 +00:00
|
|
|
#include <rpc/rpc_com.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <rpc/pmap_clnt.h>
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#include <rpc/pmap_prot.h>
|
|
|
|
#include <rpcsvc/mount.h>
|
1995-06-27 11:07:30 +00:00
|
|
|
#include <nfs/nfsproto.h>
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <nfs/nfssvc.h>
|
2001-09-18 23:34:44 +00:00
|
|
|
#include <nfsserver/nfs.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
#include <fs/nfs/nfsport.h>
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
|
|
#include <ctype.h>
|
1998-07-15 06:21:41 +00:00
|
|
|
#include <err.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <grp.h>
|
2005-08-24 19:17:06 +00:00
|
|
|
#include <libutil.h>
|
2002-09-25 04:06:37 +00:00
|
|
|
#include <limits.h>
|
1994-05-26 06:35:07 +00:00
|
|
|
#include <netdb.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include "pathnames.h"
|
2006-05-23 17:10:17 +00:00
|
|
|
#include "mntopts.h"
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
#include <stdarg.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Structures for keeping the mount list and export list
|
|
|
|
*/
|
|
|
|
struct mountlist {
|
|
|
|
struct mountlist *ml_next;
|
2009-06-24 18:42:21 +00:00
|
|
|
char ml_host[MNTNAMLEN+1];
|
|
|
|
char ml_dirp[MNTPATHLEN+1];
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct dirlist {
|
|
|
|
struct dirlist *dp_left;
|
|
|
|
struct dirlist *dp_right;
|
|
|
|
int dp_flag;
|
|
|
|
struct hostlist *dp_hosts; /* List of hosts this dir exported to */
|
|
|
|
char dp_dirp[1]; /* Actually malloc'd to size of dir */
|
|
|
|
};
|
|
|
|
/* dp_flag bits */
|
|
|
|
#define DP_DEFSET 0x1
|
1995-06-27 11:07:30 +00:00
|
|
|
#define DP_HOSTSET 0x2
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
struct exportlist {
|
|
|
|
struct exportlist *ex_next;
|
|
|
|
struct dirlist *ex_dirl;
|
|
|
|
struct dirlist *ex_defdir;
|
|
|
|
int ex_flag;
|
|
|
|
fsid_t ex_fs;
|
|
|
|
char *ex_fsdir;
|
1997-07-16 09:27:53 +00:00
|
|
|
char *ex_indexfile;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int ex_numsecflavors;
|
|
|
|
int ex_secflavors[MAXSECFLAVORS];
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
/* ex_flag bits */
|
|
|
|
#define EX_LINKED 0x1
|
|
|
|
|
|
|
|
struct netmsk {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct sockaddr_storage nt_net;
|
2001-04-21 20:06:18 +00:00
|
|
|
struct sockaddr_storage nt_mask;
|
1998-12-29 09:38:49 +00:00
|
|
|
char *nt_name;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
union grouptypes {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *gt_addrinfo;
|
1994-05-26 06:35:07 +00:00
|
|
|
struct netmsk gt_net;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct grouplist {
|
|
|
|
int gr_type;
|
|
|
|
union grouptypes gr_ptr;
|
|
|
|
struct grouplist *gr_next;
|
|
|
|
};
|
|
|
|
/* Group types */
|
|
|
|
#define GT_NULL 0x0
|
|
|
|
#define GT_HOST 0x1
|
|
|
|
#define GT_NET 0x2
|
2001-04-18 00:28:37 +00:00
|
|
|
#define GT_DEFAULT 0x3
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
#define GT_IGNORE 0x5
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
struct hostlist {
|
1995-06-27 11:07:30 +00:00
|
|
|
int ht_flag; /* Uses DP_xx bits */
|
1994-05-26 06:35:07 +00:00
|
|
|
struct grouplist *ht_grp;
|
|
|
|
struct hostlist *ht_next;
|
|
|
|
};
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
struct fhreturn {
|
|
|
|
int fhr_flag;
|
|
|
|
int fhr_vers;
|
|
|
|
nfsfh_t fhr_fh;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int fhr_numsecflavors;
|
|
|
|
int *fhr_secflavors;
|
1995-06-27 11:07:30 +00:00
|
|
|
};
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/* Global defs */
|
2002-03-21 13:14:21 +00:00
|
|
|
char *add_expdir(struct dirlist **, char *, int);
|
|
|
|
void add_dlist(struct dirlist **, struct dirlist *,
|
|
|
|
struct grouplist *, int);
|
|
|
|
void add_mlist(char *, char *);
|
|
|
|
int check_dirpath(char *);
|
|
|
|
int check_options(struct dirlist *);
|
2001-04-21 20:06:18 +00:00
|
|
|
int checkmask(struct sockaddr *sa);
|
2002-03-21 13:14:21 +00:00
|
|
|
int chk_host(struct dirlist *, struct sockaddr *, int *, int *);
|
2007-10-20 11:25:34 +00:00
|
|
|
void create_service(struct netconfig *nconf);
|
2001-04-17 22:25:48 +00:00
|
|
|
void del_mlist(char *hostp, char *dirp);
|
2002-03-21 13:14:21 +00:00
|
|
|
struct dirlist *dirp_search(struct dirlist *, char *);
|
|
|
|
int do_mount(struct exportlist *, struct grouplist *, int,
|
|
|
|
struct xucred *, char *, int, struct statfs *);
|
|
|
|
int do_opt(char **, char **, struct exportlist *, struct grouplist *,
|
|
|
|
int *, int *, struct xucred *);
|
|
|
|
struct exportlist *ex_search(fsid_t *);
|
|
|
|
struct exportlist *get_exp(void);
|
|
|
|
void free_dir(struct dirlist *);
|
|
|
|
void free_exp(struct exportlist *);
|
|
|
|
void free_grp(struct grouplist *);
|
|
|
|
void free_host(struct hostlist *);
|
|
|
|
void get_exportlist(void);
|
|
|
|
int get_host(char *, struct grouplist *, struct grouplist *);
|
|
|
|
struct hostlist *get_ht(void);
|
|
|
|
int get_line(void);
|
|
|
|
void get_mountlist(void);
|
|
|
|
int get_net(char *, struct netmsk *, int);
|
|
|
|
void getexp_err(struct exportlist *, struct grouplist *);
|
|
|
|
struct grouplist *get_grp(void);
|
|
|
|
void hang_dirp(struct dirlist *, struct grouplist *,
|
|
|
|
struct exportlist *, int);
|
2001-04-21 00:55:17 +00:00
|
|
|
void huphandler(int sig);
|
2001-04-21 20:06:18 +00:00
|
|
|
int makemask(struct sockaddr_storage *ssp, int bitlen);
|
2002-03-21 13:14:21 +00:00
|
|
|
void mntsrv(struct svc_req *, SVCXPRT *);
|
|
|
|
void nextfield(char **, char **);
|
|
|
|
void out_of_mem(void);
|
|
|
|
void parsecred(char *, struct xucred *);
|
2010-12-20 09:28:28 +00:00
|
|
|
int parsesec(char *, struct exportlist *);
|
2002-07-15 18:34:27 +00:00
|
|
|
int put_exlist(struct dirlist *, XDR *, struct dirlist *, int *, int);
|
2001-04-21 20:06:18 +00:00
|
|
|
void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
|
|
|
|
int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
|
|
|
|
struct sockaddr *samask);
|
2002-03-21 13:14:21 +00:00
|
|
|
int scan_tree(struct dirlist *, struct sockaddr *);
|
|
|
|
static void usage(void);
|
|
|
|
int xdr_dir(XDR *, char *);
|
|
|
|
int xdr_explist(XDR *, caddr_t);
|
2002-07-15 18:34:27 +00:00
|
|
|
int xdr_explist_brief(XDR *, caddr_t);
|
2010-12-20 09:28:28 +00:00
|
|
|
int xdr_explist_common(XDR *, caddr_t, int);
|
2002-03-21 13:14:21 +00:00
|
|
|
int xdr_fhs(XDR *, caddr_t);
|
|
|
|
int xdr_mlist(XDR *, caddr_t);
|
|
|
|
void terminate(int);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
struct exportlist *exphead;
|
|
|
|
struct mountlist *mlhead;
|
|
|
|
struct grouplist *grphead;
|
2007-02-03 00:12:18 +00:00
|
|
|
char *exnames_default[2] = { _PATH_EXPORTS, NULL };
|
|
|
|
char **exnames;
|
2007-10-20 11:25:34 +00:00
|
|
|
char **hosts = NULL;
|
2001-02-18 13:30:20 +00:00
|
|
|
struct xucred def_anon = {
|
2002-02-27 04:45:37 +00:00
|
|
|
XUCRED_VERSION,
|
2001-02-18 13:30:20 +00:00
|
|
|
(uid_t)-2,
|
1994-05-26 06:35:07 +00:00
|
|
|
1,
|
2001-02-18 13:30:20 +00:00
|
|
|
{ (gid_t)-2 },
|
|
|
|
NULL
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
1997-04-22 10:37:27 +00:00
|
|
|
int force_v2 = 0;
|
1995-06-27 11:07:30 +00:00
|
|
|
int resvport_only = 1;
|
2007-10-20 11:25:34 +00:00
|
|
|
int nhosts = 0;
|
1995-06-27 11:07:30 +00:00
|
|
|
int dir_only = 1;
|
2003-10-30 22:57:43 +00:00
|
|
|
int dolog = 0;
|
2001-04-21 00:55:17 +00:00
|
|
|
int got_sighup = 0;
|
2007-10-20 11:25:34 +00:00
|
|
|
int xcreated = 0;
|
|
|
|
|
|
|
|
char *svcport_str = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
int opt_flags;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
static int have_v6 = 1;
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
int v4root_phase = 0;
|
|
|
|
char v4root_dirpath[PATH_MAX + 1];
|
2011-04-24 00:06:56 +00:00
|
|
|
int run_v4server = 1;
|
2009-05-27 22:02:54 +00:00
|
|
|
int has_publicfh = 0;
|
|
|
|
|
2005-08-24 19:17:06 +00:00
|
|
|
struct pidfh *pfh = NULL;
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Bits for opt_flags above */
|
1994-05-26 06:35:07 +00:00
|
|
|
#define OP_MAPROOT 0x01
|
|
|
|
#define OP_MAPALL 0x02
|
2001-09-18 23:34:44 +00:00
|
|
|
/* 0x4 free */
|
1994-05-26 06:35:07 +00:00
|
|
|
#define OP_MASK 0x08
|
|
|
|
#define OP_NET 0x10
|
|
|
|
#define OP_ALLDIRS 0x40
|
2001-04-21 20:06:18 +00:00
|
|
|
#define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
|
2002-07-18 20:52:17 +00:00
|
|
|
#define OP_QUIET 0x100
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
#define OP_MASKLEN 0x200
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
#define OP_SEC 0x400
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
int debug = 1;
|
2002-03-21 13:14:21 +00:00
|
|
|
void SYSLOG(int, const char *, ...) __printflike(2, 3);
|
1994-05-26 06:35:07 +00:00
|
|
|
#define syslog SYSLOG
|
|
|
|
#else
|
|
|
|
int debug = 0;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Mountd server for NFS mount protocol as described in:
|
|
|
|
* NFS: Network File System Protocol Specification, RFC1094, Appendix A
|
|
|
|
* The optional arguments are the exports file name
|
|
|
|
* default: _PATH_EXPORTS
|
|
|
|
* and "-n" to allow nonroot mount.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
main(int argc, char **argv)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-21 00:55:17 +00:00
|
|
|
fd_set readfds;
|
2007-10-20 11:25:34 +00:00
|
|
|
struct netconfig *nconf;
|
|
|
|
char *endptr, **hosts_bak;
|
|
|
|
void *nc_handle;
|
2005-08-24 19:17:06 +00:00
|
|
|
pid_t otherpid;
|
2007-10-20 11:25:34 +00:00
|
|
|
in_port_t svcport;
|
|
|
|
int c, k, s;
|
2003-01-16 07:27:30 +00:00
|
|
|
int maxrec = RPC_MAXDATASIZE;
|
2001-04-17 22:25:48 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/* Check that another mountd isn't already running. */
|
2005-09-16 11:24:28 +00:00
|
|
|
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
|
2005-08-24 19:17:06 +00:00
|
|
|
if (pfh == NULL) {
|
|
|
|
if (errno == EEXIST)
|
|
|
|
errx(1, "mountd already running, pid: %d.", otherpid);
|
|
|
|
warn("cannot open or create pidfile");
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
|
|
|
|
if (s < 0)
|
|
|
|
have_v6 = 0;
|
|
|
|
else
|
|
|
|
close(s);
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2011-04-24 00:06:56 +00:00
|
|
|
while ((c = getopt(argc, argv, "2deh:lnop:r")) != -1)
|
1994-05-26 06:35:07 +00:00
|
|
|
switch (c) {
|
1997-04-22 10:37:27 +00:00
|
|
|
case '2':
|
|
|
|
force_v2 = 1;
|
|
|
|
break;
|
2009-05-28 20:28:13 +00:00
|
|
|
case 'e':
|
2011-04-24 00:06:56 +00:00
|
|
|
/* now a no-op, since this is the default */
|
2009-05-27 22:02:54 +00:00
|
|
|
break;
|
1995-06-27 11:07:30 +00:00
|
|
|
case 'n':
|
|
|
|
resvport_only = 0;
|
|
|
|
break;
|
|
|
|
case 'r':
|
|
|
|
dir_only = 0;
|
|
|
|
break;
|
1995-05-21 19:31:09 +00:00
|
|
|
case 'd':
|
|
|
|
debug = debug ? 0 : 1;
|
|
|
|
break;
|
1997-12-09 18:43:44 +00:00
|
|
|
case 'l':
|
2003-10-30 22:57:43 +00:00
|
|
|
dolog = 1;
|
1997-12-09 18:43:44 +00:00
|
|
|
break;
|
2011-04-24 00:06:56 +00:00
|
|
|
case 'o':
|
|
|
|
run_v4server = 0;
|
|
|
|
break;
|
2004-03-04 04:42:52 +00:00
|
|
|
case 'p':
|
|
|
|
endptr = NULL;
|
|
|
|
svcport = (in_port_t)strtoul(optarg, &endptr, 10);
|
|
|
|
if (endptr == NULL || *endptr != '\0' ||
|
|
|
|
svcport == 0 || svcport >= IPPORT_MAX)
|
|
|
|
usage();
|
2007-10-20 11:25:34 +00:00
|
|
|
svcport_str = strdup(optarg);
|
|
|
|
break;
|
|
|
|
case 'h':
|
|
|
|
++nhosts;
|
|
|
|
hosts_bak = hosts;
|
|
|
|
hosts_bak = realloc(hosts, nhosts * sizeof(char *));
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
if (hosts != NULL) {
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
free(hosts[k]);
|
|
|
|
free(hosts);
|
|
|
|
out_of_mem();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
hosts = hosts_bak;
|
|
|
|
hosts[nhosts - 1] = strdup(optarg);
|
|
|
|
if (hosts[nhosts - 1] == NULL) {
|
|
|
|
for (k = 0; k < (nhosts - 1); k++)
|
|
|
|
free(hosts[k]);
|
|
|
|
free(hosts);
|
|
|
|
out_of_mem();
|
|
|
|
}
|
2004-03-04 04:42:52 +00:00
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
default:
|
1998-07-15 06:21:41 +00:00
|
|
|
usage();
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
2009-05-27 22:02:54 +00:00
|
|
|
|
|
|
|
/*
|
2011-04-24 00:06:56 +00:00
|
|
|
* Unless the "-o" option was specified, try and run "nfsd".
|
|
|
|
* If "-o" was specified, try and run "nfsserver".
|
2009-05-27 22:02:54 +00:00
|
|
|
*/
|
|
|
|
if (run_v4server > 0) {
|
|
|
|
if (modfind("nfsd") < 0) {
|
|
|
|
/* Not present in kernel, try loading it */
|
|
|
|
if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
|
|
|
|
errx(1, "NFS server is not available");
|
|
|
|
}
|
|
|
|
} else if (modfind("nfsserver") < 0) {
|
|
|
|
/* Not present in kernel, try loading it */
|
|
|
|
if (kldload("nfsserver") < 0 || modfind("nfsserver") < 0)
|
|
|
|
errx(1, "NFS server is not available");
|
|
|
|
}
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
argc -= optind;
|
|
|
|
argv += optind;
|
|
|
|
grphead = (struct grouplist *)NULL;
|
|
|
|
exphead = (struct exportlist *)NULL;
|
|
|
|
mlhead = (struct mountlist *)NULL;
|
2007-02-03 00:12:18 +00:00
|
|
|
if (argc > 0)
|
|
|
|
exnames = argv;
|
|
|
|
else
|
|
|
|
exnames = exnames_default;
|
1994-05-26 06:35:07 +00:00
|
|
|
openlog("mountd", LOG_PID, LOG_DAEMON);
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("getting export list");
|
1994-05-26 06:35:07 +00:00
|
|
|
get_exportlist();
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("getting mount list");
|
1994-05-26 06:35:07 +00:00
|
|
|
get_mountlist();
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("here we go");
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug == 0) {
|
|
|
|
daemon(0, 0);
|
|
|
|
signal(SIGINT, SIG_IGN);
|
|
|
|
signal(SIGQUIT, SIG_IGN);
|
|
|
|
}
|
2001-04-21 00:55:17 +00:00
|
|
|
signal(SIGHUP, huphandler);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
signal(SIGTERM, terminate);
|
2006-11-18 22:43:20 +00:00
|
|
|
signal(SIGPIPE, SIG_IGN);
|
2005-08-24 19:17:06 +00:00
|
|
|
|
|
|
|
pidfile_write(pfh);
|
|
|
|
|
2009-06-24 18:42:21 +00:00
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
|
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
|
2003-01-16 07:27:30 +00:00
|
|
|
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
|
|
|
|
|
1997-04-09 20:17:15 +00:00
|
|
|
if (!resvport_only) {
|
2001-09-20 02:15:17 +00:00
|
|
|
if (sysctlbyname("vfs.nfsrv.nfs_privport", NULL, NULL,
|
|
|
|
&resvport_only, sizeof(resvport_only)) != 0 &&
|
|
|
|
errno != ENOENT) {
|
1997-04-09 20:17:15 +00:00
|
|
|
syslog(LOG_ERR, "sysctl: %m");
|
|
|
|
exit(1);
|
|
|
|
}
|
1997-03-27 20:01:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2007-10-20 11:25:34 +00:00
|
|
|
/*
|
|
|
|
* If no hosts were specified, add a wildcard entry to bind to
|
|
|
|
* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the
|
|
|
|
* list.
|
|
|
|
*/
|
|
|
|
if (nhosts == 0) {
|
|
|
|
hosts = malloc(sizeof(char**));
|
|
|
|
if (hosts == NULL)
|
|
|
|
out_of_mem();
|
|
|
|
hosts[0] = "*";
|
|
|
|
nhosts = 1;
|
|
|
|
} else {
|
|
|
|
hosts_bak = hosts;
|
|
|
|
if (have_v6) {
|
|
|
|
hosts_bak = realloc(hosts, (nhosts + 2) *
|
|
|
|
sizeof(char *));
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
free(hosts[k]);
|
|
|
|
free(hosts);
|
|
|
|
out_of_mem();
|
|
|
|
} else
|
|
|
|
hosts = hosts_bak;
|
|
|
|
nhosts += 2;
|
|
|
|
hosts[nhosts - 2] = "::1";
|
|
|
|
} else {
|
|
|
|
hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *));
|
|
|
|
if (hosts_bak == NULL) {
|
|
|
|
for (k = 0; k < nhosts; k++)
|
|
|
|
free(hosts[k]);
|
|
|
|
free(hosts);
|
|
|
|
out_of_mem();
|
|
|
|
} else {
|
|
|
|
nhosts += 1;
|
|
|
|
hosts = hosts_bak;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2007-10-20 11:25:34 +00:00
|
|
|
hosts[nhosts - 1] = "127.0.0.1";
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2007-10-20 11:25:34 +00:00
|
|
|
nc_handle = setnetconfig();
|
|
|
|
while ((nconf = getnetconfig(nc_handle))) {
|
|
|
|
if (nconf->nc_flag & NC_VISIBLE) {
|
|
|
|
if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
|
|
|
|
"inet6") == 0) {
|
|
|
|
/* DO NOTHING */
|
|
|
|
} else
|
|
|
|
create_service(nconf);
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2007-10-20 11:25:34 +00:00
|
|
|
endnetconfig(nc_handle);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
if (xcreated == 0) {
|
|
|
|
syslog(LOG_ERR, "could not create any services");
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
2001-04-21 00:55:17 +00:00
|
|
|
|
|
|
|
/* Expand svc_run() here so that we can call get_exportlist(). */
|
|
|
|
for (;;) {
|
|
|
|
if (got_sighup) {
|
|
|
|
get_exportlist();
|
|
|
|
got_sighup = 0;
|
|
|
|
}
|
|
|
|
readfds = svc_fdset;
|
|
|
|
switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) {
|
|
|
|
case -1:
|
|
|
|
if (errno == EINTR)
|
|
|
|
continue;
|
|
|
|
syslog(LOG_ERR, "mountd died: select: %m");
|
|
|
|
exit(1);
|
|
|
|
case 0:
|
|
|
|
continue;
|
|
|
|
default:
|
|
|
|
svc_getreqset(&readfds);
|
|
|
|
}
|
|
|
|
}
|
2007-10-20 11:25:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This routine creates and binds sockets on the appropriate
|
|
|
|
* addresses. It gets called one time for each transport and
|
|
|
|
* registrates the service with rpcbind on that trasport.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
create_service(struct netconfig *nconf)
|
|
|
|
{
|
|
|
|
struct addrinfo hints, *res = NULL;
|
|
|
|
struct sockaddr_in *sin;
|
|
|
|
struct sockaddr_in6 *sin6;
|
|
|
|
struct __rpc_sockinfo si;
|
|
|
|
struct netbuf servaddr;
|
|
|
|
SVCXPRT *transp = NULL;
|
|
|
|
int aicode;
|
|
|
|
int fd;
|
|
|
|
int nhostsbak;
|
|
|
|
int one = 1;
|
|
|
|
int r;
|
|
|
|
int registered = 0;
|
|
|
|
u_int32_t host_addr[4]; /* IPv4 or IPv6 */
|
|
|
|
|
|
|
|
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS) &&
|
|
|
|
(nconf->nc_semantics != NC_TPI_COTS_ORD))
|
|
|
|
return; /* not my type */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - using RPC library internal functions.
|
|
|
|
*/
|
|
|
|
if (!__rpc_nconf2sockinfo(nconf, &si)) {
|
|
|
|
syslog(LOG_ERR, "cannot get information for %s",
|
|
|
|
nconf->nc_netid);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get mountd's address on this transport */
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
hints.ai_family = si.si_af;
|
|
|
|
hints.ai_socktype = si.si_socktype;
|
|
|
|
hints.ai_protocol = si.si_proto;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Bind to specific IPs if asked to
|
|
|
|
*/
|
|
|
|
nhostsbak = nhosts;
|
|
|
|
while (nhostsbak > 0) {
|
|
|
|
--nhostsbak;
|
|
|
|
/*
|
|
|
|
* XXX - using RPC library internal functions.
|
|
|
|
*/
|
|
|
|
if ((fd = __rpc_nconf2fd(nconf)) < 0) {
|
|
|
|
int non_fatal = 0;
|
|
|
|
if (errno == EPROTONOSUPPORT &&
|
|
|
|
nconf->nc_semantics != NC_TPI_CLTS)
|
|
|
|
non_fatal = 1;
|
|
|
|
|
|
|
|
syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
|
|
|
|
"cannot create socket for %s", nconf->nc_netid);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (hints.ai_family) {
|
|
|
|
case AF_INET:
|
|
|
|
if (inet_pton(AF_INET, hosts[nhostsbak],
|
|
|
|
host_addr) == 1) {
|
|
|
|
hints.ai_flags &= AI_NUMERICHOST;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Skip if we have an AF_INET6 address.
|
|
|
|
*/
|
|
|
|
if (inet_pton(AF_INET6, hosts[nhostsbak],
|
|
|
|
host_addr) == 1) {
|
|
|
|
close(fd);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
if (inet_pton(AF_INET6, hosts[nhostsbak],
|
|
|
|
host_addr) == 1) {
|
|
|
|
hints.ai_flags &= AI_NUMERICHOST;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Skip if we have an AF_INET address.
|
|
|
|
*/
|
|
|
|
if (inet_pton(AF_INET, hosts[nhostsbak],
|
|
|
|
host_addr) == 1) {
|
|
|
|
close(fd);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We're doing host-based access checks here, so don't
|
|
|
|
* allow v4-in-v6 to confuse things. The kernel will
|
|
|
|
* disable it by default on NFS sockets too.
|
|
|
|
*/
|
|
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
|
|
|
|
sizeof one) < 0) {
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"can't disable v4-in-v6 on IPv6 socket");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If no hosts were specified, just bind to INADDR_ANY
|
|
|
|
*/
|
|
|
|
if (strcmp("*", hosts[nhostsbak]) == 0) {
|
|
|
|
if (svcport_str == NULL) {
|
|
|
|
res = malloc(sizeof(struct addrinfo));
|
|
|
|
if (res == NULL)
|
|
|
|
out_of_mem();
|
|
|
|
res->ai_flags = hints.ai_flags;
|
|
|
|
res->ai_family = hints.ai_family;
|
|
|
|
res->ai_protocol = hints.ai_protocol;
|
|
|
|
switch (res->ai_family) {
|
|
|
|
case AF_INET:
|
|
|
|
sin = malloc(sizeof(struct sockaddr_in));
|
|
|
|
if (sin == NULL)
|
|
|
|
out_of_mem();
|
|
|
|
sin->sin_family = AF_INET;
|
|
|
|
sin->sin_port = htons(0);
|
|
|
|
sin->sin_addr.s_addr = htonl(INADDR_ANY);
|
|
|
|
res->ai_addr = (struct sockaddr*) sin;
|
|
|
|
res->ai_addrlen = (socklen_t)
|
|
|
|
sizeof(res->ai_addr);
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
sin6 = malloc(sizeof(struct sockaddr_in6));
|
2007-10-27 12:24:47 +00:00
|
|
|
if (sin6 == NULL)
|
2007-10-20 11:25:34 +00:00
|
|
|
out_of_mem();
|
|
|
|
sin6->sin6_family = AF_INET6;
|
|
|
|
sin6->sin6_port = htons(0);
|
|
|
|
sin6->sin6_addr = in6addr_any;
|
|
|
|
res->ai_addr = (struct sockaddr*) sin6;
|
|
|
|
res->ai_addrlen = (socklen_t)
|
|
|
|
sizeof(res->ai_addr);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if ((aicode = getaddrinfo(NULL, svcport_str,
|
|
|
|
&hints, &res)) != 0) {
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"cannot get local address for %s: %s",
|
|
|
|
nconf->nc_netid,
|
|
|
|
gai_strerror(aicode));
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
|
|
|
|
&hints, &res)) != 0) {
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"cannot get local address for %s: %s",
|
|
|
|
nconf->nc_netid, gai_strerror(aicode));
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
r = bindresvport_sa(fd, res->ai_addr);
|
|
|
|
if (r != 0) {
|
|
|
|
syslog(LOG_ERR, "bindresvport_sa: %m");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nconf->nc_semantics != NC_TPI_CLTS)
|
|
|
|
listen(fd, SOMAXCONN);
|
|
|
|
|
|
|
|
if (nconf->nc_semantics == NC_TPI_CLTS )
|
|
|
|
transp = svc_dg_create(fd, 0, 0);
|
|
|
|
else
|
|
|
|
transp = svc_vc_create(fd, RPC_MAXDATASIZE,
|
|
|
|
RPC_MAXDATASIZE);
|
|
|
|
|
|
|
|
if (transp != (SVCXPRT *) NULL) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
|
2007-10-20 11:25:34 +00:00
|
|
|
NULL))
|
|
|
|
syslog(LOG_ERR,
|
2009-06-24 18:42:21 +00:00
|
|
|
"can't register %s MOUNTVERS service",
|
2007-10-20 11:25:34 +00:00
|
|
|
nconf->nc_netid);
|
|
|
|
if (!force_v2) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
|
2007-10-20 11:25:34 +00:00
|
|
|
mntsrv, NULL))
|
|
|
|
syslog(LOG_ERR,
|
2009-06-24 18:42:21 +00:00
|
|
|
"can't register %s MOUNTVERS3 service",
|
2007-10-20 11:25:34 +00:00
|
|
|
nconf->nc_netid);
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
syslog(LOG_WARNING, "can't create %s services",
|
|
|
|
nconf->nc_netid);
|
|
|
|
|
|
|
|
if (registered == 0) {
|
|
|
|
registered = 1;
|
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
hints.ai_family = si.si_af;
|
|
|
|
hints.ai_socktype = si.si_socktype;
|
|
|
|
hints.ai_protocol = si.si_proto;
|
|
|
|
|
|
|
|
if (svcport_str == NULL) {
|
|
|
|
svcport_str = malloc(NI_MAXSERV * sizeof(char));
|
|
|
|
if (svcport_str == NULL)
|
|
|
|
out_of_mem();
|
|
|
|
|
|
|
|
if (getnameinfo(res->ai_addr,
|
|
|
|
res->ai_addr->sa_len, NULL, NI_MAXHOST,
|
|
|
|
svcport_str, NI_MAXSERV * sizeof(char),
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV))
|
|
|
|
errx(1, "Cannot get port number");
|
|
|
|
}
|
|
|
|
|
|
|
|
if((aicode = getaddrinfo(NULL, svcport_str, &hints,
|
|
|
|
&res)) != 0) {
|
|
|
|
syslog(LOG_ERR, "cannot get local address: %s",
|
|
|
|
gai_strerror(aicode));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
servaddr.buf = malloc(res->ai_addrlen);
|
|
|
|
memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
|
|
|
|
servaddr.len = res->ai_addrlen;
|
|
|
|
|
2009-06-24 18:42:21 +00:00
|
|
|
rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
|
|
|
|
rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
|
2007-10-20 11:25:34 +00:00
|
|
|
|
|
|
|
xcreated++;
|
|
|
|
freeaddrinfo(res);
|
|
|
|
}
|
|
|
|
} /* end while */
|
1998-07-15 06:21:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
usage(void)
|
1998-07-15 06:21:41 +00:00
|
|
|
{
|
|
|
|
fprintf(stderr,
|
2009-05-28 20:28:13 +00:00
|
|
|
"usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
|
2007-10-20 11:25:34 +00:00
|
|
|
"[-h <bindip>] [export_file ...]\n");
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The mount rpc service
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep;
|
|
|
|
struct dirlist *dp;
|
1995-06-27 11:07:30 +00:00
|
|
|
struct fhreturn fhr;
|
1994-05-26 06:35:07 +00:00
|
|
|
struct stat stb;
|
|
|
|
struct statfs fsb;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
char host[NI_MAXHOST], numerichost[NI_MAXHOST];
|
|
|
|
int lookup_failed = 1;
|
|
|
|
struct sockaddr *saddr;
|
1995-06-27 11:07:30 +00:00
|
|
|
u_short sport;
|
2009-06-24 18:42:21 +00:00
|
|
|
char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
|
1997-08-29 19:22:28 +00:00
|
|
|
int bad = 0, defset, hostset;
|
1995-06-27 11:07:30 +00:00
|
|
|
sigset_t sighup_mask;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
sigemptyset(&sighup_mask);
|
|
|
|
sigaddset(&sighup_mask, SIGHUP);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
saddr = svc_getrpccaller(transp)->buf;
|
|
|
|
switch (saddr->sa_family) {
|
|
|
|
case AF_INET6:
|
2001-04-17 22:25:48 +00:00
|
|
|
sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
case AF_INET:
|
2001-04-17 22:25:48 +00:00
|
|
|
sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
syslog(LOG_ERR, "request from unknown address family");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
lookup_failed = getnameinfo(saddr, saddr->sa_len, host, sizeof host,
|
|
|
|
NULL, 0, 0);
|
|
|
|
getnameinfo(saddr, saddr->sa_len, numerichost,
|
|
|
|
sizeof numerichost, NULL, 0, NI_NUMERICHOST);
|
1994-05-26 06:35:07 +00:00
|
|
|
switch (rqstp->rq_proc) {
|
|
|
|
case NULLPROC:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_MNT:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"mount request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
return;
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE, "undecodable mount request from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_decode(transp);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the real pathname and make sure it is a directory
|
1995-06-27 11:07:30 +00:00
|
|
|
* or a regular file if the -r option was specified
|
|
|
|
* and it exists.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
1999-10-06 18:20:44 +00:00
|
|
|
if (realpath(rpcpath, dirpath) == NULL ||
|
1994-05-26 06:35:07 +00:00
|
|
|
stat(dirpath, &stb) < 0 ||
|
1995-06-27 11:07:30 +00:00
|
|
|
(!S_ISDIR(stb.st_mode) &&
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
(dir_only || !S_ISREG(stb.st_mode))) ||
|
1994-05-26 06:35:07 +00:00
|
|
|
statfs(dirpath, &fsb) < 0) {
|
|
|
|
chdir("/"); /* Just in case realpath doesn't */
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
1998-07-15 06:21:41 +00:00
|
|
|
"mount request from %s for non existent path %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("stat failed on %s", dirpath);
|
1997-08-29 19:22:28 +00:00
|
|
|
bad = ENOENT; /* We will send error reply later */
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Check in the exports list */
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
ep = ex_search(&fsb.f_fsid);
|
1995-06-27 11:07:30 +00:00
|
|
|
hostset = defset = 0;
|
|
|
|
if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset) ||
|
1994-05-26 06:35:07 +00:00
|
|
|
((dp = dirp_search(ep->ex_dirl, dirpath)) &&
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
chk_host(dp, saddr, &defset, &hostset)) ||
|
|
|
|
(defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
|
|
|
|
scan_tree(ep->ex_dirl, saddr) == 0))) {
|
1997-08-29 19:22:28 +00:00
|
|
|
if (bad) {
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
|
1997-08-29 19:22:28 +00:00
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1997-08-29 19:22:28 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
|
|
|
return;
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
if (hostset & DP_HOSTSET)
|
|
|
|
fhr.fhr_flag = hostset;
|
|
|
|
else
|
|
|
|
fhr.fhr_flag = defset;
|
|
|
|
fhr.fhr_vers = rqstp->rq_vers;
|
1994-05-26 06:35:07 +00:00
|
|
|
/* Get the file handle */
|
1997-03-11 12:43:45 +00:00
|
|
|
memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
|
1995-06-27 11:07:30 +00:00
|
|
|
if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
|
1994-05-26 06:35:07 +00:00
|
|
|
bad = errno;
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't get fh for %s", dirpath);
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
|
1994-05-26 06:35:07 +00:00
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
}
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
fhr.fhr_numsecflavors = ep->ex_numsecflavors;
|
|
|
|
fhr.fhr_secflavors = ep->ex_secflavors;
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
|
|
|
|
(caddr_t)&fhr))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
|
|
|
add_mlist(host, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
else
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
add_mlist(numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("mount successful");
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"mount request succeeded from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1997-12-09 18:43:44 +00:00
|
|
|
} else {
|
1994-05-26 06:35:07 +00:00
|
|
|
bad = EACCES;
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"mount request denied from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1997-12-09 18:43:44 +00:00
|
|
|
}
|
1997-08-29 19:22:28 +00:00
|
|
|
|
2003-10-26 05:58:21 +00:00
|
|
|
if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
|
|
|
|
(caddr_t)&bad))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_DUMP:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
2003-10-30 22:57:43 +00:00
|
|
|
else if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"dump request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_UMNT:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"umount request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
return;
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE, "undecodable umount request from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_decode(transp);
|
|
|
|
return;
|
|
|
|
}
|
1999-10-06 18:20:44 +00:00
|
|
|
if (realpath(rpcpath, dirpath) == NULL) {
|
|
|
|
syslog(LOG_NOTICE, "umount request from %s "
|
|
|
|
"for non existent path %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1999-10-06 18:20:44 +00:00
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
2001-04-17 22:25:48 +00:00
|
|
|
del_mlist(host, dirpath);
|
|
|
|
del_mlist(numerichost, dirpath);
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"umount request succeeded from %s for %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost, dirpath);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_UMNTALL:
|
1995-06-27 11:07:30 +00:00
|
|
|
if (sport >= IPPORT_RESERVED && resvport_only) {
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"umountall request from %s from unprivileged port",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
svcerr_weakauth(transp);
|
|
|
|
return;
|
|
|
|
}
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (!lookup_failed)
|
2001-04-17 22:25:48 +00:00
|
|
|
del_mlist(host, NULL);
|
|
|
|
del_mlist(numerichost, NULL);
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"umountall request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
2009-06-24 18:42:21 +00:00
|
|
|
case MOUNTPROC_EXPORT:
|
2003-10-26 05:58:21 +00:00
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
|
|
|
|
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
|
|
|
|
(caddr_t)NULL))
|
2002-07-15 18:34:27 +00:00
|
|
|
syslog(LOG_ERR, "can't send reply");
|
2003-10-30 22:57:43 +00:00
|
|
|
if (dolog)
|
1997-12-09 18:43:44 +00:00
|
|
|
syslog(LOG_NOTICE,
|
|
|
|
"export request succeeded from %s",
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
numerichost);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
default:
|
|
|
|
svcerr_noproc(transp);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Xdr conversion for a dirpath string
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_dir(XDR *xdrsp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2009-06-24 18:42:21 +00:00
|
|
|
return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1995-06-27 11:07:30 +00:00
|
|
|
* Xdr routine to generate file handle reply
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_fhs(XDR *xdrsp, caddr_t cp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2002-03-20 17:55:10 +00:00
|
|
|
struct fhreturn *fhrp = (struct fhreturn *)cp;
|
1995-06-27 11:07:30 +00:00
|
|
|
u_long ok = 0, len, auth;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int i;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
if (!xdr_long(xdrsp, &ok))
|
|
|
|
return (0);
|
1995-06-27 11:07:30 +00:00
|
|
|
switch (fhrp->fhr_vers) {
|
|
|
|
case 1:
|
|
|
|
return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
|
|
|
|
case 3:
|
|
|
|
len = NFSX_V3FH;
|
|
|
|
if (!xdr_long(xdrsp, &len))
|
|
|
|
return (0);
|
|
|
|
if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
|
|
|
|
return (0);
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
if (fhrp->fhr_numsecflavors) {
|
|
|
|
if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
|
|
|
|
return (0);
|
|
|
|
for (i = 0; i < fhrp->fhr_numsecflavors; i++)
|
|
|
|
if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
|
|
|
|
return (0);
|
|
|
|
return (1);
|
|
|
|
} else {
|
|
|
|
auth = AUTH_SYS;
|
|
|
|
len = 1;
|
|
|
|
if (!xdr_long(xdrsp, &len))
|
|
|
|
return (0);
|
|
|
|
return (xdr_long(xdrsp, &auth));
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
};
|
|
|
|
return (0);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct mountlist *mlp;
|
|
|
|
int true = 1;
|
|
|
|
int false = 0;
|
|
|
|
char *strp;
|
|
|
|
|
|
|
|
mlp = mlhead;
|
|
|
|
while (mlp) {
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
return (0);
|
|
|
|
strp = &mlp->ml_host[0];
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
strp = &mlp->ml_dirp[0];
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
mlp = mlp->ml_next;
|
|
|
|
}
|
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
return (0);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Xdr conversion for export list
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep;
|
|
|
|
int false = 0;
|
1995-06-27 11:07:30 +00:00
|
|
|
int putdef;
|
|
|
|
sigset_t sighup_mask;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
sigemptyset(&sighup_mask);
|
|
|
|
sigaddset(&sighup_mask, SIGHUP);
|
|
|
|
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
ep = exphead;
|
|
|
|
while (ep) {
|
|
|
|
putdef = 0;
|
2002-07-15 18:34:27 +00:00
|
|
|
if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
|
|
|
|
&putdef, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
goto errout;
|
|
|
|
if (ep->ex_defdir && putdef == 0 &&
|
|
|
|
put_exlist(ep->ex_defdir, xdrsp, (struct dirlist *)NULL,
|
2002-07-15 18:34:27 +00:00
|
|
|
&putdef, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
goto errout;
|
|
|
|
ep = ep->ex_next;
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
return (0);
|
|
|
|
return (1);
|
|
|
|
errout:
|
1995-06-27 11:07:30 +00:00
|
|
|
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called from xdr_explist() to traverse the tree and export the
|
|
|
|
* directory paths.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
|
|
|
|
int brief)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct grouplist *grp;
|
|
|
|
struct hostlist *hp;
|
|
|
|
int true = 1;
|
|
|
|
int false = 0;
|
|
|
|
int gotalldir = 0;
|
|
|
|
char *strp;
|
|
|
|
|
|
|
|
if (dp) {
|
2002-07-15 18:34:27 +00:00
|
|
|
if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
return (1);
|
|
|
|
strp = dp->dp_dirp;
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
|
|
|
|
gotalldir = 1;
|
|
|
|
*putdefp = 1;
|
|
|
|
}
|
2002-07-15 18:34:27 +00:00
|
|
|
if (brief) {
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
return (1);
|
|
|
|
strp = "(...)";
|
2009-06-24 18:42:21 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
|
2002-07-15 18:34:27 +00:00
|
|
|
return (1);
|
|
|
|
} else if ((dp->dp_flag & DP_DEFSET) == 0 &&
|
1994-05-26 06:35:07 +00:00
|
|
|
(gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
|
|
|
|
hp = dp->dp_hosts;
|
|
|
|
while (hp) {
|
|
|
|
grp = hp->ht_grp;
|
|
|
|
if (grp->gr_type == GT_HOST) {
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
|
1995-05-30 06:12:45 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp,
|
2009-06-24 18:42:21 +00:00
|
|
|
MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
} else if (grp->gr_type == GT_NET) {
|
|
|
|
if (!xdr_bool(xdrsp, &true))
|
|
|
|
return (1);
|
|
|
|
strp = grp->gr_ptr.gt_net.nt_name;
|
1995-05-30 06:12:45 +00:00
|
|
|
if (!xdr_string(xdrsp, &strp,
|
2009-06-24 18:42:21 +00:00
|
|
|
MNTNAMLEN))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
hp = hp->ht_next;
|
|
|
|
if (gotalldir && hp == (struct hostlist *)NULL) {
|
|
|
|
hp = adp->dp_hosts;
|
|
|
|
gotalldir = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!xdr_bool(xdrsp, &false))
|
|
|
|
return (1);
|
2002-07-15 18:34:27 +00:00
|
|
|
if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2002-07-15 18:34:27 +00:00
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist(XDR *xdrsp, caddr_t cp)
|
2002-07-15 18:34:27 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
return xdr_explist_common(xdrsp, cp, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
xdr_explist_brief(XDR *xdrsp, caddr_t cp)
|
2002-07-15 18:34:27 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
return xdr_explist_common(xdrsp, cp, 1);
|
|
|
|
}
|
|
|
|
|
2002-05-14 23:24:28 +00:00
|
|
|
char *line;
|
|
|
|
int linesize;
|
1994-05-26 06:35:07 +00:00
|
|
|
FILE *exp_file;
|
|
|
|
|
|
|
|
/*
|
2007-02-03 00:12:18 +00:00
|
|
|
* Get the export list from one, currently open file
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2007-02-03 00:12:18 +00:00
|
|
|
static void
|
2010-12-20 09:28:28 +00:00
|
|
|
get_exportlist_one(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep, *ep2;
|
|
|
|
struct grouplist *grp, *tgrp;
|
|
|
|
struct exportlist **epp;
|
|
|
|
struct dirlist *dirhead;
|
2007-02-03 00:12:18 +00:00
|
|
|
struct statfs fsb;
|
2001-02-18 13:30:20 +00:00
|
|
|
struct xucred anon;
|
1994-05-26 06:35:07 +00:00
|
|
|
char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
|
2007-02-03 00:12:18 +00:00
|
|
|
int len, has_host, exflags, got_nondir, dirplen, netgrp;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_phase = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
while (get_line()) {
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("got line %s", line);
|
1994-05-26 06:35:07 +00:00
|
|
|
cp = line;
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
if (*cp == '#')
|
|
|
|
goto nextline;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set defaults.
|
|
|
|
*/
|
|
|
|
has_host = FALSE;
|
|
|
|
anon = def_anon;
|
|
|
|
exflags = MNT_EXPORTED;
|
|
|
|
got_nondir = 0;
|
|
|
|
opt_flags = 0;
|
|
|
|
ep = (struct exportlist *)NULL;
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Handle the V4 root dir.
|
|
|
|
*/
|
|
|
|
if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
|
|
|
|
/*
|
|
|
|
* V4: just indicates that it is the v4 root point,
|
|
|
|
* so skip over that and set v4root_phase.
|
|
|
|
*/
|
|
|
|
if (v4root_phase > 0) {
|
|
|
|
syslog(LOG_ERR, "V4:duplicate line, ignored");
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
v4root_phase = 1;
|
|
|
|
cp += 3;
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Create new exports list entry
|
|
|
|
*/
|
|
|
|
len = endcp-cp;
|
|
|
|
tgrp = grp = get_grp();
|
|
|
|
while (len > 0) {
|
2009-06-24 18:42:21 +00:00
|
|
|
if (len > MNTNAMLEN) {
|
1994-05-26 06:35:07 +00:00
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
if (*cp == '-') {
|
|
|
|
if (ep == (struct exportlist *)NULL) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("doing opt %s", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
got_nondir = 1;
|
|
|
|
if (do_opt(&cp, &endcp, ep, grp, &has_host,
|
|
|
|
&exflags, &anon)) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
} else if (*cp == '/') {
|
|
|
|
savedc = *endcp;
|
|
|
|
*endcp = '\0';
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase > 1) {
|
|
|
|
if (dirp != NULL) {
|
|
|
|
syslog(LOG_ERR, "Multiple V4 dirs");
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
if (check_dirpath(cp) &&
|
|
|
|
statfs(cp, &fsb) >= 0) {
|
|
|
|
if (got_nondir) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "dirs must be first");
|
1994-05-26 06:35:07 +00:00
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 1) {
|
|
|
|
if (dirp != NULL) {
|
|
|
|
syslog(LOG_ERR, "Multiple V4 dirs");
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
if (strlen(v4root_dirpath) == 0) {
|
|
|
|
strlcpy(v4root_dirpath, cp,
|
|
|
|
sizeof (v4root_dirpath));
|
|
|
|
} else if (strcmp(v4root_dirpath, cp)
|
|
|
|
!= 0) {
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"different V4 dirpath %s", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = cp;
|
|
|
|
v4root_phase = 2;
|
|
|
|
got_nondir = 1;
|
|
|
|
ep = get_exp();
|
1994-05-26 06:35:07 +00:00
|
|
|
} else {
|
2009-05-27 22:02:54 +00:00
|
|
|
if (ep) {
|
|
|
|
if (ep->ex_fs.val[0] !=
|
|
|
|
fsb.f_fsid.val[0] ||
|
|
|
|
ep->ex_fs.val[1] !=
|
|
|
|
fsb.f_fsid.val[1]) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* See if this directory is already
|
|
|
|
* in the list.
|
|
|
|
*/
|
|
|
|
ep = ex_search(&fsb.f_fsid);
|
|
|
|
if (ep == (struct exportlist *)NULL) {
|
|
|
|
ep = get_exp();
|
|
|
|
ep->ex_fs = fsb.f_fsid;
|
|
|
|
ep->ex_fsdir = (char *)malloc
|
|
|
|
(strlen(fsb.f_mntonname) + 1);
|
|
|
|
if (ep->ex_fsdir)
|
|
|
|
strcpy(ep->ex_fsdir,
|
|
|
|
fsb.f_mntonname);
|
|
|
|
else
|
|
|
|
out_of_mem();
|
|
|
|
if (debug)
|
|
|
|
warnx(
|
|
|
|
"making new ep fs=0x%x,0x%x",
|
|
|
|
fsb.f_fsid.val[0],
|
|
|
|
fsb.f_fsid.val[1]);
|
|
|
|
} else if (debug)
|
|
|
|
warnx("found ep fs=0x%x,0x%x",
|
|
|
|
fsb.f_fsid.val[0],
|
|
|
|
fsb.f_fsid.val[1]);
|
|
|
|
}
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2009-05-27 22:02:54 +00:00
|
|
|
* Add dirpath to export mount point.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp = add_expdir(&dirhead, cp, len);
|
|
|
|
dirplen = len;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
*endcp = savedc;
|
|
|
|
} else {
|
|
|
|
savedc = *endcp;
|
|
|
|
*endcp = '\0';
|
|
|
|
got_nondir = 1;
|
|
|
|
if (ep == (struct exportlist *)NULL) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the host or netgroup.
|
|
|
|
*/
|
|
|
|
setnetgrent(cp);
|
|
|
|
netgrp = getnetgrent(&hst, &usr, &dom);
|
|
|
|
do {
|
|
|
|
if (has_host) {
|
|
|
|
grp->gr_next = get_grp();
|
|
|
|
grp = grp->gr_next;
|
|
|
|
}
|
|
|
|
if (netgrp) {
|
1998-06-15 15:41:41 +00:00
|
|
|
if (hst == 0) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
"null hostname in netgroup %s, skipping", cp);
|
1998-06-15 15:43:13 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1998-06-15 15:41:41 +00:00
|
|
|
} else if (get_host(hst, grp, tgrp)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,
|
|
|
|
"bad host %s in netgroup %s, skipping", hst, cp);
|
1997-09-12 16:25:24 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
} else if (get_host(cp, grp, tgrp)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad host %s, skipping", cp);
|
1997-09-12 16:25:24 +00:00
|
|
|
grp->gr_type = GT_IGNORE;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
has_host = TRUE;
|
|
|
|
} while (netgrp && getnetgrent(&hst, &usr, &dom));
|
|
|
|
endnetgrent();
|
|
|
|
*endcp = savedc;
|
|
|
|
}
|
|
|
|
cp = endcp;
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
len = endcp - cp;
|
|
|
|
}
|
|
|
|
if (check_options(dirhead)) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
if (!has_host) {
|
2001-04-18 00:28:37 +00:00
|
|
|
grp->gr_type = GT_DEFAULT;
|
1994-05-26 06:35:07 +00:00
|
|
|
if (debug)
|
1998-07-15 06:21:41 +00:00
|
|
|
warnx("adding a default entry");
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't allow a network export coincide with a list of
|
|
|
|
* host(s) on the same line.
|
|
|
|
*/
|
|
|
|
} else if ((opt_flags & OP_NET) && tgrp->gr_next) {
|
2001-04-21 20:06:18 +00:00
|
|
|
syslog(LOG_ERR, "network/host conflict");
|
1994-05-26 06:35:07 +00:00
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
1997-09-12 16:25:24 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/*
|
|
|
|
* If an export list was specified on this line, make sure
|
1997-09-12 16:25:24 +00:00
|
|
|
* that we have at least one valid entry, otherwise skip it.
|
|
|
|
*/
|
|
|
|
} else {
|
|
|
|
grp = tgrp;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
while (grp && grp->gr_type == GT_IGNORE)
|
1997-09-12 16:25:24 +00:00
|
|
|
grp = grp->gr_next;
|
|
|
|
if (! grp) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 1) {
|
|
|
|
syslog(LOG_ERR, "V4:root, no dirp, ignored");
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
* Loop through hosts, pushing the exports into the kernel.
|
|
|
|
* After loop, tgrp points to the start of the list and
|
|
|
|
* grp points to the last entry in the list.
|
|
|
|
*/
|
|
|
|
grp = tgrp;
|
|
|
|
do {
|
2001-04-17 22:25:48 +00:00
|
|
|
if (do_mount(ep, grp, exflags, &anon, dirp, dirplen,
|
|
|
|
&fsb)) {
|
|
|
|
getexp_err(ep, tgrp);
|
|
|
|
goto nextline;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
} while (grp->gr_next && (grp = grp->gr_next));
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
/*
|
|
|
|
* For V4: don't enter in mount lists.
|
|
|
|
*/
|
2009-06-23 21:48:04 +00:00
|
|
|
if (v4root_phase > 0 && v4root_phase <= 2) {
|
|
|
|
/*
|
|
|
|
* Since these structures aren't used by mountd,
|
|
|
|
* free them up now.
|
|
|
|
*/
|
|
|
|
if (ep != NULL)
|
|
|
|
free_exp(ep);
|
|
|
|
while (tgrp != NULL) {
|
|
|
|
grp = tgrp;
|
|
|
|
tgrp = tgrp->gr_next;
|
|
|
|
free_grp(grp);
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
goto nextline;
|
2009-06-23 21:48:04 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
* Success. Update the data structures.
|
|
|
|
*/
|
|
|
|
if (has_host) {
|
1995-06-27 11:07:30 +00:00
|
|
|
hang_dirp(dirhead, tgrp, ep, opt_flags);
|
1994-05-26 06:35:07 +00:00
|
|
|
grp->gr_next = grphead;
|
|
|
|
grphead = tgrp;
|
|
|
|
} else {
|
|
|
|
hang_dirp(dirhead, (struct grouplist *)NULL, ep,
|
1995-06-27 11:07:30 +00:00
|
|
|
opt_flags);
|
1994-05-26 06:35:07 +00:00
|
|
|
free_grp(grp);
|
|
|
|
}
|
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
if ((ep->ex_flag & EX_LINKED) == 0) {
|
|
|
|
ep2 = exphead;
|
|
|
|
epp = &exphead;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Insert in the list in alphabetical order.
|
|
|
|
*/
|
|
|
|
while (ep2 && strcmp(ep2->ex_fsdir, ep->ex_fsdir) < 0) {
|
|
|
|
epp = &ep2->ex_next;
|
|
|
|
ep2 = ep2->ex_next;
|
|
|
|
}
|
|
|
|
if (ep2)
|
|
|
|
ep->ex_next = ep2;
|
|
|
|
*epp = ep;
|
|
|
|
ep->ex_flag |= EX_LINKED;
|
|
|
|
}
|
|
|
|
nextline:
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_phase = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
if (dirhead) {
|
|
|
|
free_dir(dirhead);
|
|
|
|
dirhead = (struct dirlist *)NULL;
|
|
|
|
}
|
|
|
|
}
|
2007-02-03 00:12:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the export list from all specified files
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
get_exportlist(void)
|
2007-02-03 00:12:18 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep, *ep2;
|
|
|
|
struct grouplist *grp, *tgrp;
|
|
|
|
struct export_args export;
|
|
|
|
struct iovec *iov;
|
|
|
|
struct statfs *fsp, *mntbufp;
|
|
|
|
struct xvfsconf vfc;
|
|
|
|
char *dirp;
|
|
|
|
char errmsg[255];
|
|
|
|
int dirplen, num, i;
|
|
|
|
int iovlen;
|
2007-04-13 10:25:49 +00:00
|
|
|
int done;
|
2009-05-27 22:02:54 +00:00
|
|
|
struct nfsex_args eargs;
|
2007-02-03 00:12:18 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
v4root_dirpath[0] = '\0';
|
2007-02-03 00:12:18 +00:00
|
|
|
bzero(&export, sizeof(export));
|
|
|
|
export.ex_flags = MNT_DELEXPORT;
|
|
|
|
dirp = NULL;
|
|
|
|
dirplen = 0;
|
|
|
|
iov = NULL;
|
|
|
|
iovlen = 0;
|
|
|
|
bzero(errmsg, sizeof(errmsg));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* First, get rid of the old list
|
|
|
|
*/
|
|
|
|
ep = exphead;
|
|
|
|
while (ep) {
|
|
|
|
ep2 = ep;
|
|
|
|
ep = ep->ex_next;
|
|
|
|
free_exp(ep2);
|
|
|
|
}
|
|
|
|
exphead = (struct exportlist *)NULL;
|
|
|
|
|
|
|
|
grp = grphead;
|
|
|
|
while (grp) {
|
|
|
|
tgrp = grp;
|
|
|
|
grp = grp->gr_next;
|
|
|
|
free_grp(tgrp);
|
|
|
|
}
|
|
|
|
grphead = (struct grouplist *)NULL;
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
/*
|
|
|
|
* and the old V4 root dir.
|
|
|
|
*/
|
|
|
|
bzero(&eargs, sizeof (eargs));
|
|
|
|
eargs.export.ex_flags = MNT_DELEXPORT;
|
|
|
|
if (run_v4server > 0 &&
|
|
|
|
nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&eargs) < 0 &&
|
|
|
|
errno != ENOENT)
|
|
|
|
syslog(LOG_ERR, "Can't delete exports for V4:");
|
|
|
|
|
|
|
|
/*
|
|
|
|
* and clear flag that notes if a public fh has been exported.
|
|
|
|
*/
|
|
|
|
has_publicfh = 0;
|
|
|
|
|
2007-02-03 00:12:18 +00:00
|
|
|
/*
|
|
|
|
* And delete exports that are in the kernel for all local
|
|
|
|
* filesystems.
|
|
|
|
* XXX: Should know how to handle all local exportable filesystems.
|
|
|
|
*/
|
|
|
|
num = getmntinfo(&mntbufp, MNT_NOWAIT);
|
|
|
|
|
|
|
|
if (num > 0) {
|
|
|
|
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "from", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "update", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "export", &export, sizeof(export));
|
|
|
|
build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < num; i++) {
|
|
|
|
fsp = &mntbufp[i];
|
|
|
|
if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
|
|
|
|
syslog(LOG_ERR, "getvfsbyname() failed for %s",
|
|
|
|
fsp->f_fstypename);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do not delete export for network filesystem by
|
|
|
|
* passing "export" arg to nmount().
|
|
|
|
* It only makes sense to do this for local filesystems.
|
|
|
|
*/
|
|
|
|
if (vfc.vfc_flags & VFCF_NETWORK)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
iov[1].iov_base = fsp->f_fstypename;
|
|
|
|
iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
|
|
|
|
iov[3].iov_base = fsp->f_mntonname;
|
|
|
|
iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
|
|
|
|
iov[5].iov_base = fsp->f_mntfromname;
|
|
|
|
iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
|
|
|
|
|
|
|
|
if (nmount(iov, iovlen, fsp->f_flags) < 0 &&
|
|
|
|
errno != ENOENT && errno != ENOTSUP) {
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"can't delete exports for %s: %m %s",
|
|
|
|
fsp->f_mntonname, errmsg);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (iov != NULL) {
|
|
|
|
/* Free strings allocated by strdup() in getmntopts.c */
|
|
|
|
free(iov[0].iov_base); /* fstype */
|
|
|
|
free(iov[2].iov_base); /* fspath */
|
|
|
|
free(iov[4].iov_base); /* from */
|
|
|
|
free(iov[6].iov_base); /* update */
|
|
|
|
free(iov[8].iov_base); /* export */
|
|
|
|
free(iov[10].iov_base); /* errmsg */
|
|
|
|
|
|
|
|
/* free iov, allocated by realloc() */
|
|
|
|
free(iov);
|
|
|
|
iovlen = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Read in the exports file and build the list, calling
|
|
|
|
* nmount() as we go along to push the export rules into the kernel.
|
|
|
|
*/
|
2007-04-13 10:25:49 +00:00
|
|
|
done = 0;
|
2007-02-03 00:12:18 +00:00
|
|
|
for (i = 0; exnames[i] != NULL; i++) {
|
|
|
|
if (debug)
|
|
|
|
warnx("reading exports from %s", exnames[i]);
|
|
|
|
if ((exp_file = fopen(exnames[i], "r")) == NULL) {
|
2007-04-13 10:25:49 +00:00
|
|
|
syslog(LOG_WARNING, "can't open %s", exnames[i]);
|
|
|
|
continue;
|
2007-02-03 00:12:18 +00:00
|
|
|
}
|
|
|
|
get_exportlist_one();
|
|
|
|
fclose(exp_file);
|
2007-04-13 10:25:49 +00:00
|
|
|
done++;
|
|
|
|
}
|
|
|
|
if (done == 0) {
|
|
|
|
syslog(LOG_ERR, "can't open any exports file");
|
|
|
|
exit(2);
|
2007-02-03 00:12:18 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If there was no public fh, clear any previous one set.
|
|
|
|
*/
|
|
|
|
if (run_v4server > 0 && has_publicfh == 0)
|
|
|
|
(void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate an export list element
|
|
|
|
*/
|
|
|
|
struct exportlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_exp(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep;
|
|
|
|
|
|
|
|
ep = (struct exportlist *)malloc(sizeof (struct exportlist));
|
|
|
|
if (ep == (struct exportlist *)NULL)
|
|
|
|
out_of_mem();
|
1997-03-11 12:43:45 +00:00
|
|
|
memset(ep, 0, sizeof(struct exportlist));
|
1994-05-26 06:35:07 +00:00
|
|
|
return (ep);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate a group list element
|
|
|
|
*/
|
|
|
|
struct grouplist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_grp(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct grouplist *gp;
|
|
|
|
|
|
|
|
gp = (struct grouplist *)malloc(sizeof (struct grouplist));
|
|
|
|
if (gp == (struct grouplist *)NULL)
|
|
|
|
out_of_mem();
|
1997-03-11 12:43:45 +00:00
|
|
|
memset(gp, 0, sizeof(struct grouplist));
|
1994-05-26 06:35:07 +00:00
|
|
|
return (gp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Clean up upon an error in get_exportlist().
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
getexp_err(struct exportlist *ep, struct grouplist *grp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct grouplist *tgrp;
|
|
|
|
|
2002-07-18 20:52:17 +00:00
|
|
|
if (!(opt_flags & OP_QUIET))
|
|
|
|
syslog(LOG_ERR, "bad exports list line %s", line);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (ep && (ep->ex_flag & EX_LINKED) == 0)
|
|
|
|
free_exp(ep);
|
|
|
|
while (grp) {
|
|
|
|
tgrp = grp;
|
|
|
|
grp = grp->gr_next;
|
|
|
|
free_grp(tgrp);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Search the export list for a matching fs.
|
|
|
|
*/
|
|
|
|
struct exportlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
ex_search(fsid_t *fsid)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct exportlist *ep;
|
|
|
|
|
|
|
|
ep = exphead;
|
|
|
|
while (ep) {
|
|
|
|
if (ep->ex_fs.val[0] == fsid->val[0] &&
|
|
|
|
ep->ex_fs.val[1] == fsid->val[1])
|
|
|
|
return (ep);
|
|
|
|
ep = ep->ex_next;
|
|
|
|
}
|
|
|
|
return (ep);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a directory path to the list.
|
|
|
|
*/
|
|
|
|
char *
|
2010-12-20 09:28:28 +00:00
|
|
|
add_expdir(struct dirlist **dpp, char *cp, int len)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct dirlist *dp;
|
|
|
|
|
|
|
|
dp = (struct dirlist *)malloc(sizeof (struct dirlist) + len);
|
1998-07-15 06:21:41 +00:00
|
|
|
if (dp == (struct dirlist *)NULL)
|
|
|
|
out_of_mem();
|
1994-05-26 06:35:07 +00:00
|
|
|
dp->dp_left = *dpp;
|
|
|
|
dp->dp_right = (struct dirlist *)NULL;
|
|
|
|
dp->dp_flag = 0;
|
|
|
|
dp->dp_hosts = (struct hostlist *)NULL;
|
|
|
|
strcpy(dp->dp_dirp, cp);
|
|
|
|
*dpp = dp;
|
|
|
|
return (dp->dp_dirp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Hang the dir list element off the dirpath binary tree as required
|
|
|
|
* and update the entry for host.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
|
|
|
|
int flags)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct hostlist *hp;
|
|
|
|
struct dirlist *dp2;
|
|
|
|
|
1995-06-27 11:07:30 +00:00
|
|
|
if (flags & OP_ALLDIRS) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (ep->ex_defdir)
|
|
|
|
free((caddr_t)dp);
|
|
|
|
else
|
|
|
|
ep->ex_defdir = dp;
|
1995-06-27 11:07:30 +00:00
|
|
|
if (grp == (struct grouplist *)NULL) {
|
1994-05-26 06:35:07 +00:00
|
|
|
ep->ex_defdir->dp_flag |= DP_DEFSET;
|
1995-06-27 11:07:30 +00:00
|
|
|
} else while (grp) {
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = get_ht();
|
|
|
|
hp->ht_grp = grp;
|
|
|
|
hp->ht_next = ep->ex_defdir->dp_hosts;
|
|
|
|
ep->ex_defdir->dp_hosts = hp;
|
|
|
|
grp = grp->gr_next;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
|
|
|
|
/*
|
1998-07-15 06:21:41 +00:00
|
|
|
* Loop through the directories adding them to the tree.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
while (dp) {
|
|
|
|
dp2 = dp->dp_left;
|
1995-06-27 11:07:30 +00:00
|
|
|
add_dlist(&ep->ex_dirl, dp, grp, flags);
|
1994-05-26 06:35:07 +00:00
|
|
|
dp = dp2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Traverse the binary tree either updating a node that is already there
|
|
|
|
* for the new directory or adding the new node.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
|
|
|
|
int flags)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct dirlist *dp;
|
|
|
|
struct hostlist *hp;
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
dp = *dpp;
|
|
|
|
if (dp) {
|
|
|
|
cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
|
|
|
|
if (cmp > 0) {
|
1995-06-27 11:07:30 +00:00
|
|
|
add_dlist(&dp->dp_left, newdp, grp, flags);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
} else if (cmp < 0) {
|
1995-06-27 11:07:30 +00:00
|
|
|
add_dlist(&dp->dp_right, newdp, grp, flags);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
} else
|
|
|
|
free((caddr_t)newdp);
|
|
|
|
} else {
|
|
|
|
dp = newdp;
|
|
|
|
dp->dp_left = (struct dirlist *)NULL;
|
|
|
|
*dpp = dp;
|
|
|
|
}
|
|
|
|
if (grp) {
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Hang all of the host(s) off of the directory point.
|
|
|
|
*/
|
|
|
|
do {
|
|
|
|
hp = get_ht();
|
|
|
|
hp->ht_grp = grp;
|
|
|
|
hp->ht_next = dp->dp_hosts;
|
|
|
|
dp->dp_hosts = hp;
|
|
|
|
grp = grp->gr_next;
|
|
|
|
} while (grp);
|
1995-06-27 11:07:30 +00:00
|
|
|
} else {
|
1994-05-26 06:35:07 +00:00
|
|
|
dp->dp_flag |= DP_DEFSET;
|
1995-06-27 11:07:30 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Search for a dirpath on the export point.
|
|
|
|
*/
|
|
|
|
struct dirlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
dirp_search(struct dirlist *dp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
if (dp) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
cmp = strcmp(dp->dp_dirp, dirp);
|
1994-05-26 06:35:07 +00:00
|
|
|
if (cmp > 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (dirp_search(dp->dp_left, dirp));
|
1994-05-26 06:35:07 +00:00
|
|
|
else if (cmp < 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return (dirp_search(dp->dp_right, dirp));
|
1994-05-26 06:35:07 +00:00
|
|
|
else
|
|
|
|
return (dp);
|
|
|
|
}
|
|
|
|
return (dp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Scan for a host match in a directory tree.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
|
|
|
|
int *hostsetp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct hostlist *hp;
|
|
|
|
struct grouplist *grp;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *ai;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
if (dp->dp_flag & DP_DEFSET)
|
1995-06-27 11:07:30 +00:00
|
|
|
*defsetp = dp->dp_flag;
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = dp->dp_hosts;
|
|
|
|
while (hp) {
|
|
|
|
grp = hp->ht_grp;
|
|
|
|
switch (grp->gr_type) {
|
|
|
|
case GT_HOST:
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = grp->gr_ptr.gt_addrinfo;
|
|
|
|
for (; ai; ai = ai->ai_next) {
|
2001-04-21 20:06:18 +00:00
|
|
|
if (!sacmp(ai->ai_addr, saddr, NULL)) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*hostsetp =
|
|
|
|
(hp->ht_flag | DP_HOSTSET);
|
|
|
|
return (1);
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
case GT_NET:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (!sacmp(saddr, (struct sockaddr *)
|
|
|
|
&grp->gr_ptr.gt_net.nt_net,
|
|
|
|
(struct sockaddr *)
|
|
|
|
&grp->gr_ptr.gt_net.nt_mask)) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*hostsetp = (hp->ht_flag | DP_HOSTSET);
|
|
|
|
return (1);
|
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
break;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
hp = hp->ht_next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Scan tree for a host that matches the address.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
scan_tree(struct dirlist *dp, struct sockaddr *saddr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
1995-06-27 11:07:30 +00:00
|
|
|
int defset, hostset;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
if (scan_tree(dp->dp_left, saddr))
|
|
|
|
return (1);
|
1995-06-27 11:07:30 +00:00
|
|
|
if (chk_host(dp, saddr, &defset, &hostset))
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
if (scan_tree(dp->dp_right, saddr))
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Traverse the dirlist tree and free it up.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_dir(struct dirlist *dp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
if (dp) {
|
|
|
|
free_dir(dp->dp_left);
|
|
|
|
free_dir(dp->dp_right);
|
|
|
|
free_host(dp->dp_hosts);
|
|
|
|
free((caddr_t)dp);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
/*
|
|
|
|
* Parse a colon separated list of security flavors
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
parsesec(char *seclist, struct exportlist *ep)
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
{
|
|
|
|
char *cp, savedc;
|
|
|
|
int flavor;
|
|
|
|
|
|
|
|
ep->ex_numsecflavors = 0;
|
|
|
|
for (;;) {
|
|
|
|
cp = strchr(seclist, ':');
|
|
|
|
if (cp) {
|
|
|
|
savedc = *cp;
|
|
|
|
*cp = '\0';
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!strcmp(seclist, "sys"))
|
|
|
|
flavor = AUTH_SYS;
|
|
|
|
else if (!strcmp(seclist, "krb5"))
|
|
|
|
flavor = RPCSEC_GSS_KRB5;
|
|
|
|
else if (!strcmp(seclist, "krb5i"))
|
|
|
|
flavor = RPCSEC_GSS_KRB5I;
|
|
|
|
else if (!strcmp(seclist, "krb5p"))
|
|
|
|
flavor = RPCSEC_GSS_KRB5P;
|
|
|
|
else {
|
|
|
|
if (cp)
|
|
|
|
*cp = savedc;
|
|
|
|
syslog(LOG_ERR, "bad sec flavor: %s", seclist);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
if (ep->ex_numsecflavors == MAXSECFLAVORS) {
|
|
|
|
if (cp)
|
|
|
|
*cp = savedc;
|
|
|
|
syslog(LOG_ERR, "too many sec flavors: %s", seclist);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
|
|
|
|
ep->ex_numsecflavors++;
|
|
|
|
if (cp) {
|
|
|
|
*cp = savedc;
|
|
|
|
seclist = cp + 1;
|
|
|
|
} else {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
* Parse the option string and update fields.
|
|
|
|
* Option arguments may either be -<option>=<value> or
|
|
|
|
* -<option> <value>
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
|
|
|
|
int *has_hostp, int *exflagsp, struct xucred *cr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
char *cpoptarg, *cpoptend;
|
|
|
|
char *cp, *endcp, *cpopt, savedc, savedc2;
|
|
|
|
int allflag, usedarg;
|
|
|
|
|
1999-10-06 18:20:44 +00:00
|
|
|
savedc2 = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
cpopt = *cpp;
|
|
|
|
cpopt++;
|
|
|
|
cp = *endcpp;
|
|
|
|
savedc = *cp;
|
|
|
|
*cp = '\0';
|
|
|
|
while (cpopt && *cpopt) {
|
|
|
|
allflag = 1;
|
|
|
|
usedarg = -2;
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptend = strchr(cpopt, ','))) {
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptend++ = '\0';
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptarg = strchr(cpopt, '=')))
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptarg++ = '\0';
|
|
|
|
} else {
|
1998-07-15 06:21:41 +00:00
|
|
|
if ((cpoptarg = strchr(cpopt, '=')))
|
1994-05-26 06:35:07 +00:00
|
|
|
*cpoptarg++ = '\0';
|
|
|
|
else {
|
|
|
|
*cp = savedc;
|
|
|
|
nextfield(&cp, &endcp);
|
|
|
|
**endcpp = '\0';
|
|
|
|
if (endcp > cp && *cp != '-') {
|
|
|
|
cpoptarg = cp;
|
|
|
|
savedc2 = *endcp;
|
|
|
|
*endcp = '\0';
|
|
|
|
usedarg = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
|
|
|
|
*exflagsp |= MNT_EXRDONLY;
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
|
|
|
|
!(allflag = strcmp(cpopt, "mapall")) ||
|
|
|
|
!strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
|
|
|
|
usedarg++;
|
|
|
|
parsecred(cpoptarg, cr);
|
|
|
|
if (allflag == 0) {
|
|
|
|
*exflagsp |= MNT_EXPORTANON;
|
|
|
|
opt_flags |= OP_MAPALL;
|
|
|
|
} else
|
|
|
|
opt_flags |= OP_MAPROOT;
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "mask") ||
|
2001-04-21 20:06:18 +00:00
|
|
|
!strcmp(cpopt, "m"))) {
|
1994-05-26 06:35:07 +00:00
|
|
|
if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad mask: %s", cpoptarg);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
usedarg++;
|
|
|
|
opt_flags |= OP_MASK;
|
|
|
|
} else if (cpoptarg && (!strcmp(cpopt, "network") ||
|
|
|
|
!strcmp(cpopt, "n"))) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (strchr(cpoptarg, '/') != NULL) {
|
|
|
|
if (debug)
|
|
|
|
fprintf(stderr, "setting OP_MASKLEN\n");
|
|
|
|
opt_flags |= OP_MASKLEN;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
if (grp->gr_type != GT_NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "network/host conflict");
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
} else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad net: %s", cpoptarg);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
grp->gr_type = GT_NET;
|
|
|
|
*has_hostp = 1;
|
|
|
|
usedarg++;
|
|
|
|
opt_flags |= OP_NET;
|
|
|
|
} else if (!strcmp(cpopt, "alldirs")) {
|
|
|
|
opt_flags |= OP_ALLDIRS;
|
1997-07-16 09:27:53 +00:00
|
|
|
} else if (!strcmp(cpopt, "public")) {
|
|
|
|
*exflagsp |= MNT_EXPUBLIC;
|
|
|
|
} else if (!strcmp(cpopt, "webnfs")) {
|
|
|
|
*exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
|
|
|
|
opt_flags |= OP_MAPALL;
|
|
|
|
} else if (cpoptarg && !strcmp(cpopt, "index")) {
|
|
|
|
ep->ex_indexfile = strdup(cpoptarg);
|
2002-07-18 20:52:17 +00:00
|
|
|
} else if (!strcmp(cpopt, "quiet")) {
|
|
|
|
opt_flags |= OP_QUIET;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
} else if (!strcmp(cpopt, "sec")) {
|
|
|
|
if (parsesec(cpoptarg, ep))
|
|
|
|
return (1);
|
|
|
|
opt_flags |= OP_SEC;
|
|
|
|
usedarg++;
|
1994-05-26 06:35:07 +00:00
|
|
|
} else {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad opt %s", cpopt);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
if (usedarg >= 0) {
|
|
|
|
*endcp = savedc2;
|
|
|
|
**endcpp = savedc;
|
|
|
|
if (usedarg > 0) {
|
|
|
|
*cpp = cp;
|
|
|
|
*endcpp = endcp;
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
cpopt = cpoptend;
|
|
|
|
}
|
|
|
|
**endcpp = savedc;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Translate a character string to the corresponding list of network
|
|
|
|
* addresses for a hostname.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
struct grouplist *checkgrp;
|
2001-04-17 22:25:48 +00:00
|
|
|
struct addrinfo *ai, *tai, hints;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int ecode;
|
|
|
|
char host[NI_MAXHOST];
|
1994-05-26 06:35:07 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (grp->gr_type != GT_NULL) {
|
|
|
|
syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
memset(&hints, 0, sizeof hints);
|
|
|
|
hints.ai_flags = AI_CANONNAME;
|
|
|
|
hints.ai_protocol = IPPROTO_UDP;
|
|
|
|
ecode = getaddrinfo(cp, NULL, &hints, &ai);
|
|
|
|
if (ecode != 0) {
|
2001-04-17 22:25:48 +00:00
|
|
|
syslog(LOG_ERR,"can't get address info for host %s", cp);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
grp->gr_ptr.gt_addrinfo = ai;
|
|
|
|
while (ai != NULL) {
|
|
|
|
if (ai->ai_canonname == NULL) {
|
|
|
|
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
|
2005-05-13 16:31:11 +00:00
|
|
|
sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
strlcpy(host, "?", sizeof(host));
|
|
|
|
ai->ai_canonname = strdup(host);
|
|
|
|
ai->ai_flags |= AI_CANONNAME;
|
2001-04-18 00:28:37 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (debug)
|
2001-04-17 22:25:48 +00:00
|
|
|
fprintf(stderr, "got host %s\n", ai->ai_canonname);
|
|
|
|
/*
|
|
|
|
* Sanity check: make sure we don't already have an entry
|
|
|
|
* for this host in the grouplist.
|
|
|
|
*/
|
|
|
|
for (checkgrp = tgrp; checkgrp != NULL;
|
|
|
|
checkgrp = checkgrp->gr_next) {
|
|
|
|
if (checkgrp->gr_type != GT_HOST)
|
|
|
|
continue;
|
|
|
|
for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
|
|
|
|
tai = tai->ai_next) {
|
2001-04-21 20:06:18 +00:00
|
|
|
if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
|
2001-04-17 22:25:48 +00:00
|
|
|
continue;
|
|
|
|
if (debug)
|
|
|
|
fprintf(stderr,
|
|
|
|
"ignoring duplicate host %s\n",
|
|
|
|
ai->ai_canonname);
|
|
|
|
grp->gr_type = GT_IGNORE;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = ai->ai_next;
|
|
|
|
}
|
2001-04-17 22:25:48 +00:00
|
|
|
grp->gr_type = GT_HOST;
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free up an exports list component
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_exp(struct exportlist *ep)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
if (ep->ex_defdir) {
|
|
|
|
free_host(ep->ex_defdir->dp_hosts);
|
|
|
|
free((caddr_t)ep->ex_defdir);
|
|
|
|
}
|
|
|
|
if (ep->ex_fsdir)
|
|
|
|
free(ep->ex_fsdir);
|
1997-07-16 09:27:53 +00:00
|
|
|
if (ep->ex_indexfile)
|
|
|
|
free(ep->ex_indexfile);
|
1994-05-26 06:35:07 +00:00
|
|
|
free_dir(ep->ex_dirl);
|
|
|
|
free((caddr_t)ep);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free hosts.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_host(struct hostlist *hp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct hostlist *hp2;
|
|
|
|
|
|
|
|
while (hp) {
|
|
|
|
hp2 = hp;
|
|
|
|
hp = hp->ht_next;
|
|
|
|
free((caddr_t)hp2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
struct hostlist *
|
2010-12-20 09:28:28 +00:00
|
|
|
get_ht(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct hostlist *hp;
|
|
|
|
|
|
|
|
hp = (struct hostlist *)malloc(sizeof (struct hostlist));
|
|
|
|
if (hp == (struct hostlist *)NULL)
|
|
|
|
out_of_mem();
|
|
|
|
hp->ht_next = (struct hostlist *)NULL;
|
1995-06-27 11:07:30 +00:00
|
|
|
hp->ht_flag = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
return (hp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Out of memory, fatal
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
out_of_mem(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "out of memory");
|
1994-05-26 06:35:07 +00:00
|
|
|
exit(2);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2006-05-23 17:10:17 +00:00
|
|
|
* Do the nmount() syscall with the update flag to push the export info into
|
1994-05-26 06:35:07 +00:00
|
|
|
* the kernel.
|
|
|
|
*/
|
|
|
|
int
|
2006-05-23 17:10:17 +00:00
|
|
|
do_mount(struct exportlist *ep, struct grouplist *grp, int exflags,
|
|
|
|
struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-22 21:50:30 +00:00
|
|
|
struct statfs fsb1;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo *ai;
|
2009-05-27 22:02:54 +00:00
|
|
|
struct export_args ea, *eap;
|
2006-05-23 17:10:17 +00:00
|
|
|
char errmsg[255];
|
|
|
|
char *cp;
|
1994-05-26 06:35:07 +00:00
|
|
|
int done;
|
2006-05-23 17:10:17 +00:00
|
|
|
char savedc;
|
|
|
|
struct iovec *iov;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
int i, iovlen;
|
2006-05-23 17:10:17 +00:00
|
|
|
int ret;
|
2009-05-27 22:02:54 +00:00
|
|
|
struct nfsex_args nfsea;
|
|
|
|
|
|
|
|
if (run_v4server > 0)
|
|
|
|
eap = &nfsea.export;
|
|
|
|
else
|
|
|
|
eap = &ea;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
|
|
|
cp = NULL;
|
|
|
|
savedc = '\0';
|
|
|
|
iov = NULL;
|
|
|
|
iovlen = 0;
|
|
|
|
ret = 0;
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
bzero(eap, sizeof (struct export_args));
|
2006-05-23 17:10:17 +00:00
|
|
|
bzero(errmsg, sizeof(errmsg));
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_flags = exflags;
|
|
|
|
eap->ex_anon = *anoncrp;
|
|
|
|
eap->ex_indexfile = ep->ex_indexfile;
|
2001-04-18 00:28:37 +00:00
|
|
|
if (grp->gr_type == GT_HOST)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = grp->gr_ptr.gt_addrinfo;
|
2001-04-18 00:28:37 +00:00
|
|
|
else
|
|
|
|
ai = NULL;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_numsecflavors = ep->ex_numsecflavors;
|
|
|
|
for (i = 0; i < eap->ex_numsecflavors; i++)
|
|
|
|
eap->ex_secflavors[i] = ep->ex_secflavors[i];
|
|
|
|
if (eap->ex_numsecflavors == 0) {
|
|
|
|
eap->ex_numsecflavors = 1;
|
|
|
|
eap->ex_secflavors[0] = AUTH_SYS;
|
Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
2008-11-03 10:38:00 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
done = FALSE;
|
2006-05-23 17:10:17 +00:00
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 0) {
|
|
|
|
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "from", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "update", NULL, 0);
|
|
|
|
build_iovec(&iov, &iovlen, "export", eap,
|
|
|
|
sizeof (struct export_args));
|
|
|
|
build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
|
|
|
|
}
|
2006-05-23 17:10:17 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
while (!done) {
|
|
|
|
switch (grp->gr_type) {
|
|
|
|
case GT_HOST:
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto skip;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr = ai->ai_addr;
|
|
|
|
eap->ex_addrlen = ai->ai_addrlen;
|
|
|
|
eap->ex_masklen = 0;
|
1994-05-26 06:35:07 +00:00
|
|
|
break;
|
|
|
|
case GT_NET:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
have_v6 == 0)
|
|
|
|
goto skip;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr =
|
2001-04-21 20:06:18 +00:00
|
|
|
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addrlen =
|
2006-05-23 17:10:17 +00:00
|
|
|
((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_mask =
|
2001-04-21 20:06:18 +00:00
|
|
|
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
|
1994-05-26 06:35:07 +00:00
|
|
|
break;
|
2001-04-18 00:28:37 +00:00
|
|
|
case GT_DEFAULT:
|
2009-05-27 22:02:54 +00:00
|
|
|
eap->ex_addr = NULL;
|
|
|
|
eap->ex_addrlen = 0;
|
|
|
|
eap->ex_mask = NULL;
|
|
|
|
eap->ex_masklen = 0;
|
2001-04-18 00:28:37 +00:00
|
|
|
break;
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
case GT_IGNORE:
|
2006-05-23 17:10:17 +00:00
|
|
|
ret = 0;
|
|
|
|
goto error_exit;
|
Fixed stupid bug in mountd: it would seem that the kernel doesn't allow
you to push the same host into its NFS export lists twice, but mountd
tries to do it anyway. This means that putting:
/some_file_system -ro host1 host1
in your /etc/exports file causes an error. This is bogus: mountd should be
smart enough to ignore the second instance of host1. This can be a problem
in some configurations that use netgroups. For example, each host in my
netgroups database is has two entries:
startide (startide,-,) (startide.ctr.columbia.edu,-,)
When mountd sees this, it tries to put startide.ctr.columbia.edu into the
export list *twice*. Just listing 'startide' /etc/exports list will also
screw up because mountd will try to resolve the netgroup 'startide' instead
of the hostname 'startide.'
My solution is watch for duplicate entries in get_host() and mark them
as grouptype GT_IGNORE, which do_mount() will now cheefully throw away.
This is a bit of a kludge, but it was the least obtrusive fix I could
come up with.
Also silenced a compiler warning: arguments passwd to xdr_long() should
be u_long, not int. :)
1995-03-26 23:36:38 +00:00
|
|
|
break;
|
1994-05-26 06:35:07 +00:00
|
|
|
default:
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "bad grouptype");
|
1994-05-26 06:35:07 +00:00
|
|
|
if (cp)
|
|
|
|
*cp = savedc;
|
2006-05-23 17:10:17 +00:00
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
1994-05-26 06:35:07 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
2009-05-27 22:02:54 +00:00
|
|
|
* For V4:, use the nfssvc() syscall, instead of mount().
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 2) {
|
|
|
|
nfsea.fspec = v4root_dirpath;
|
|
|
|
if (run_v4server > 0 &&
|
|
|
|
nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&nfsea) < 0) {
|
|
|
|
syslog(LOG_ERR, "Exporting V4: failed");
|
|
|
|
return (2);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* XXX:
|
|
|
|
* Maybe I should just use the fsb->f_mntonname path
|
|
|
|
* instead of looping back up the dirp to the mount
|
|
|
|
* point??
|
|
|
|
* Also, needs to know how to export all types of local
|
|
|
|
* exportable filesystems and not just "ufs".
|
|
|
|
*/
|
|
|
|
iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
|
|
|
|
iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
|
|
|
|
iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
|
|
|
|
iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
|
|
|
|
iov[5].iov_base = fsb->f_mntfromname; /* "from" */
|
|
|
|
iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
|
|
|
|
|
|
|
|
while (nmount(iov, iovlen, fsb->f_flags) < 0) {
|
|
|
|
if (cp)
|
|
|
|
*cp-- = savedc;
|
|
|
|
else
|
|
|
|
cp = dirp + dirplen - 1;
|
|
|
|
if (opt_flags & OP_QUIET) {
|
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
|
|
|
}
|
|
|
|
if (errno == EPERM) {
|
|
|
|
if (debug)
|
|
|
|
warnx("can't change attributes for %s",
|
|
|
|
dirp);
|
2002-07-18 20:52:17 +00:00
|
|
|
syslog(LOG_ERR,
|
2009-05-27 22:02:54 +00:00
|
|
|
"can't change attributes for %s",
|
|
|
|
dirp);
|
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
|
|
|
}
|
|
|
|
if (opt_flags & OP_ALLDIRS) {
|
|
|
|
if (errno == EINVAL)
|
|
|
|
syslog(LOG_ERR,
|
2002-07-18 20:52:17 +00:00
|
|
|
"-alldirs requested but %s is not a filesystem mountpoint",
|
2009-05-27 22:02:54 +00:00
|
|
|
dirp);
|
|
|
|
else
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"could not remount %s: %m",
|
|
|
|
dirp);
|
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
|
|
|
}
|
|
|
|
/* back up over the last component */
|
|
|
|
while (*cp == '/' && cp > dirp)
|
|
|
|
cp--;
|
|
|
|
while (*(cp - 1) != '/' && cp > dirp)
|
|
|
|
cp--;
|
|
|
|
if (cp == dirp) {
|
|
|
|
if (debug)
|
|
|
|
warnx("mnt unsucc");
|
|
|
|
syslog(LOG_ERR, "can't export %s %s",
|
|
|
|
dirp, errmsg);
|
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
|
|
|
}
|
|
|
|
savedc = *cp;
|
|
|
|
*cp = '\0';
|
|
|
|
/*
|
|
|
|
* Check that we're still on the same
|
|
|
|
* filesystem.
|
|
|
|
*/
|
|
|
|
if (statfs(dirp, &fsb1) != 0 ||
|
|
|
|
bcmp(&fsb1.f_fsid, &fsb->f_fsid,
|
|
|
|
sizeof (fsb1.f_fsid)) != 0) {
|
|
|
|
*cp = savedc;
|
2002-07-18 20:52:17 +00:00
|
|
|
syslog(LOG_ERR,
|
2009-05-27 22:02:54 +00:00
|
|
|
"can't export %s %s", dirp,
|
|
|
|
errmsg);
|
|
|
|
ret = 1;
|
|
|
|
goto error_exit;
|
|
|
|
}
|
2001-04-22 21:50:30 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* For the experimental server:
|
|
|
|
* If this is the public directory, get the file handle
|
|
|
|
* and load it into the kernel via the nfssvc() syscall.
|
|
|
|
*/
|
|
|
|
if (run_v4server > 0 && (exflags & MNT_EXPUBLIC) != 0) {
|
|
|
|
fhandle_t fh;
|
|
|
|
char *public_name;
|
|
|
|
|
|
|
|
if (eap->ex_indexfile != NULL)
|
|
|
|
public_name = eap->ex_indexfile;
|
|
|
|
else
|
|
|
|
public_name = dirp;
|
|
|
|
if (getfh(public_name, &fh) < 0)
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"Can't get public fh for %s", public_name);
|
|
|
|
else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
|
|
|
|
syslog(LOG_ERR,
|
|
|
|
"Can't set public fh for %s", public_name);
|
|
|
|
else
|
|
|
|
has_publicfh = 1;
|
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
skip:
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai != NULL)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
ai = ai->ai_next;
|
2001-04-18 00:28:37 +00:00
|
|
|
if (ai == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
done = TRUE;
|
|
|
|
}
|
|
|
|
if (cp)
|
|
|
|
*cp = savedc;
|
2006-05-23 17:10:17 +00:00
|
|
|
error_exit:
|
|
|
|
/* free strings allocated by strdup() in getmntopts.c */
|
|
|
|
if (iov != NULL) {
|
|
|
|
free(iov[0].iov_base); /* fstype */
|
|
|
|
free(iov[2].iov_base); /* fspath */
|
|
|
|
free(iov[4].iov_base); /* from */
|
|
|
|
free(iov[6].iov_base); /* update */
|
|
|
|
free(iov[8].iov_base); /* export */
|
|
|
|
free(iov[10].iov_base); /* errmsg */
|
|
|
|
|
|
|
|
/* free iov, allocated by realloc() */
|
|
|
|
free(iov);
|
|
|
|
}
|
|
|
|
return (ret);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Translate a net address.
|
2001-04-21 20:06:18 +00:00
|
|
|
*
|
|
|
|
* If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_net(char *cp, struct netmsk *net, int maskflg)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
2001-04-23 10:12:31 +00:00
|
|
|
struct netent *np = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
char *name, *p, *prefp;
|
2001-04-21 20:06:18 +00:00
|
|
|
struct sockaddr_in sin;
|
2001-04-23 10:12:31 +00:00
|
|
|
struct sockaddr *sa = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
struct addrinfo hints, *ai = NULL;
|
|
|
|
char netname[NI_MAXHOST];
|
|
|
|
long preflen;
|
|
|
|
|
2001-04-17 22:25:48 +00:00
|
|
|
p = prefp = NULL;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if ((opt_flags & OP_MASKLEN) && !maskflg) {
|
|
|
|
p = strchr(cp, '/');
|
|
|
|
*p = '\0';
|
|
|
|
prefp = p + 1;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2001-04-23 10:12:31 +00:00
|
|
|
/*
|
|
|
|
* Check for a numeric address first. We wish to avoid
|
|
|
|
* possible DNS lookups in getnetbyname().
|
|
|
|
*/
|
|
|
|
if (isxdigit(*cp) || *cp == ':') {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
memset(&hints, 0, sizeof hints);
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Ensure the mask and the network have the same family. */
|
|
|
|
if (maskflg && (opt_flags & OP_NET))
|
|
|
|
hints.ai_family = net->nt_net.ss_family;
|
|
|
|
else if (!maskflg && (opt_flags & OP_HAVEMASK))
|
|
|
|
hints.ai_family = net->nt_mask.ss_family;
|
|
|
|
else
|
|
|
|
hints.ai_family = AF_UNSPEC;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
2001-04-23 10:12:31 +00:00
|
|
|
if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
|
|
|
|
sa = ai->ai_addr;
|
|
|
|
if (sa != NULL && ai->ai_family == AF_INET) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
/*
|
2001-04-21 20:06:18 +00:00
|
|
|
* The address in `cp' is really a network address, so
|
|
|
|
* use inet_network() to re-interpret this correctly.
|
|
|
|
* e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*/
|
2001-04-21 20:06:18 +00:00
|
|
|
bzero(&sin, sizeof sin);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
sin.sin_family = AF_INET;
|
|
|
|
sin.sin_len = sizeof sin;
|
2001-04-21 20:06:18 +00:00
|
|
|
sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (debug)
|
2001-04-21 20:06:18 +00:00
|
|
|
fprintf(stderr, "get_net: v4 addr %s\n",
|
|
|
|
inet_ntoa(sin.sin_addr));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
sa = (struct sockaddr *)&sin;
|
2001-04-23 10:12:31 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
|
|
|
|
bzero(&sin, sizeof sin);
|
|
|
|
sin.sin_family = AF_INET;
|
|
|
|
sin.sin_len = sizeof sin;
|
|
|
|
sin.sin_addr = inet_makeaddr(np->n_net, 0);
|
|
|
|
sa = (struct sockaddr *)&sin;
|
|
|
|
}
|
|
|
|
if (sa == NULL)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto fail;
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (maskflg) {
|
|
|
|
/* The specified sockaddr is a mask. */
|
|
|
|
if (checkmask(sa) != 0)
|
|
|
|
goto fail;
|
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
opt_flags |= OP_HAVEMASK;
|
|
|
|
} else {
|
|
|
|
/* The specified sockaddr is a network address. */
|
|
|
|
bcopy(sa, &net->nt_net, sa->sa_len);
|
1997-04-30 18:40:12 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Get a network name for the export list. */
|
|
|
|
if (np) {
|
|
|
|
name = np->n_name;
|
|
|
|
} else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
|
2005-05-13 16:31:11 +00:00
|
|
|
NULL, 0, NI_NUMERICHOST) == 0) {
|
2001-04-21 20:06:18 +00:00
|
|
|
name = netname;
|
|
|
|
} else {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if ((net->nt_name = strdup(name)) == NULL)
|
|
|
|
out_of_mem();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Extract a mask from either a "/<masklen>" suffix, or
|
|
|
|
* from the class of an IPv4 address.
|
|
|
|
*/
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (opt_flags & OP_MASKLEN) {
|
|
|
|
preflen = strtol(prefp, NULL, 10);
|
2001-04-21 20:06:18 +00:00
|
|
|
if (preflen < 0L || preflen == LONG_MAX)
|
|
|
|
goto fail;
|
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
if (makemask(&net->nt_mask, (int)preflen) != 0)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
goto fail;
|
2001-04-21 20:06:18 +00:00
|
|
|
opt_flags |= OP_HAVEMASK;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
*p = '/';
|
2001-04-21 20:06:18 +00:00
|
|
|
} else if (sa->sa_family == AF_INET &&
|
|
|
|
(opt_flags & OP_MASK) == 0) {
|
|
|
|
in_addr_t addr;
|
|
|
|
|
|
|
|
addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
|
|
|
|
if (IN_CLASSA(addr))
|
|
|
|
preflen = 8;
|
|
|
|
else if (IN_CLASSB(addr))
|
|
|
|
preflen = 16;
|
|
|
|
else if (IN_CLASSC(addr))
|
|
|
|
preflen = 24;
|
|
|
|
else if (IN_CLASSD(addr))
|
|
|
|
preflen = 28;
|
|
|
|
else
|
|
|
|
preflen = 32; /* XXX */
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
bcopy(sa, &net->nt_mask, sa->sa_len);
|
|
|
|
makemask(&net->nt_mask, (int)preflen);
|
|
|
|
opt_flags |= OP_HAVEMASK;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
|
|
|
if (ai)
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
if (ai)
|
|
|
|
freeaddrinfo(ai);
|
|
|
|
return 1;
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Parse out the next white space separated field
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
nextfield(char **cp, char **endcp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
p = *cp;
|
|
|
|
while (*p == ' ' || *p == '\t')
|
|
|
|
p++;
|
|
|
|
if (*p == '\n' || *p == '\0')
|
|
|
|
*cp = *endcp = p;
|
|
|
|
else {
|
|
|
|
*cp = p++;
|
|
|
|
while (*p != ' ' && *p != '\t' && *p != '\n' && *p != '\0')
|
|
|
|
p++;
|
|
|
|
*endcp = p;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get an exports file line. Skip over blank lines and handle line
|
|
|
|
* continuations.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
get_line(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
char *p, *cp;
|
2002-05-14 23:24:28 +00:00
|
|
|
size_t len;
|
1994-05-26 06:35:07 +00:00
|
|
|
int totlen, cont_line;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Loop around ignoring blank lines and getting all continuation lines.
|
|
|
|
*/
|
|
|
|
p = line;
|
|
|
|
totlen = 0;
|
|
|
|
do {
|
2002-05-14 23:24:28 +00:00
|
|
|
if ((p = fgetln(exp_file, &len)) == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
cp = p + len - 1;
|
|
|
|
cont_line = 0;
|
|
|
|
while (cp >= p &&
|
|
|
|
(*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
|
|
|
|
if (*cp == '\\')
|
|
|
|
cont_line = 1;
|
|
|
|
cp--;
|
|
|
|
len--;
|
|
|
|
}
|
2001-07-02 23:56:01 +00:00
|
|
|
if (cont_line) {
|
|
|
|
*++cp = ' ';
|
|
|
|
len++;
|
|
|
|
}
|
2002-05-14 23:24:28 +00:00
|
|
|
if (linesize < len + totlen + 1) {
|
|
|
|
linesize = len + totlen + 1;
|
|
|
|
line = realloc(line, linesize);
|
|
|
|
if (line == NULL)
|
|
|
|
out_of_mem();
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2002-05-14 23:24:28 +00:00
|
|
|
memcpy(line + totlen, p, len);
|
|
|
|
totlen += len;
|
|
|
|
line[totlen] = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
} while (totlen == 0 || cont_line);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Parse a description of a credential.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
parsecred(char *namelist, struct xucred *cr)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
char *name;
|
|
|
|
int cnt;
|
|
|
|
char *names;
|
|
|
|
struct passwd *pw;
|
|
|
|
struct group *gr;
|
2009-06-19 17:10:35 +00:00
|
|
|
gid_t groups[XU_NGROUPS + 1];
|
2004-10-02 11:40:48 +00:00
|
|
|
int ngroups;
|
1994-05-26 06:35:07 +00:00
|
|
|
|
2002-02-27 04:45:37 +00:00
|
|
|
cr->cr_version = XUCRED_VERSION;
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
1998-07-15 06:21:41 +00:00
|
|
|
* Set up the unprivileged user.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
cr->cr_uid = -2;
|
|
|
|
cr->cr_groups[0] = -2;
|
|
|
|
cr->cr_ngroups = 1;
|
|
|
|
/*
|
|
|
|
* Get the user's password table entry.
|
|
|
|
*/
|
|
|
|
names = strsep(&namelist, " \t\n");
|
|
|
|
name = strsep(&names, ":");
|
|
|
|
if (isdigit(*name) || *name == '-')
|
|
|
|
pw = getpwuid(atoi(name));
|
|
|
|
else
|
|
|
|
pw = getpwnam(name);
|
|
|
|
/*
|
|
|
|
* Credentials specified as those of a user.
|
|
|
|
*/
|
|
|
|
if (names == NULL) {
|
|
|
|
if (pw == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown user: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
cr->cr_uid = pw->pw_uid;
|
2009-06-19 17:10:35 +00:00
|
|
|
ngroups = XU_NGROUPS + 1;
|
1994-05-26 06:35:07 +00:00
|
|
|
if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups))
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "too many groups");
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
2004-10-02 11:40:48 +00:00
|
|
|
* Compress out duplicate.
|
1994-05-26 06:35:07 +00:00
|
|
|
*/
|
|
|
|
cr->cr_ngroups = ngroups - 1;
|
|
|
|
cr->cr_groups[0] = groups[0];
|
|
|
|
for (cnt = 2; cnt < ngroups; cnt++)
|
|
|
|
cr->cr_groups[cnt - 1] = groups[cnt];
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* Explicit credential specified as a colon separated list:
|
|
|
|
* uid:gid:gid:...
|
|
|
|
*/
|
|
|
|
if (pw != NULL)
|
|
|
|
cr->cr_uid = pw->pw_uid;
|
|
|
|
else if (isdigit(*name) || *name == '-')
|
|
|
|
cr->cr_uid = atoi(name);
|
|
|
|
else {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown user: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
cr->cr_ngroups = 0;
|
2009-06-19 17:10:35 +00:00
|
|
|
while (names != NULL && *names != '\0' && cr->cr_ngroups < XU_NGROUPS) {
|
1994-05-26 06:35:07 +00:00
|
|
|
name = strsep(&names, ":");
|
|
|
|
if (isdigit(*name) || *name == '-') {
|
|
|
|
cr->cr_groups[cr->cr_ngroups++] = atoi(name);
|
|
|
|
} else {
|
|
|
|
if ((gr = getgrnam(name)) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "unknown group: %s", name);
|
1994-05-26 06:35:07 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
cr->cr_groups[cr->cr_ngroups++] = gr->gr_gid;
|
|
|
|
}
|
|
|
|
}
|
2009-06-19 17:10:35 +00:00
|
|
|
if (names != NULL && *names != '\0' && cr->cr_ngroups == XU_NGROUPS)
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "too many groups");
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
|
2009-06-24 18:42:21 +00:00
|
|
|
#define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
|
1994-05-26 06:35:07 +00:00
|
|
|
/*
|
|
|
|
* Routines that maintain the remote mounttab
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
get_mountlist(void)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct mountlist *mlp, **mlpp;
|
1997-03-11 12:43:45 +00:00
|
|
|
char *host, *dirp, *cp;
|
1994-05-26 06:35:07 +00:00
|
|
|
char str[STRSIZ];
|
|
|
|
FILE *mlfile;
|
|
|
|
|
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
|
1999-11-12 21:52:10 +00:00
|
|
|
if (errno == ENOENT)
|
|
|
|
return;
|
|
|
|
else {
|
|
|
|
syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
|
|
|
|
return;
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
|
|
|
mlpp = &mlhead;
|
|
|
|
while (fgets(str, STRSIZ, mlfile) != NULL) {
|
1997-03-11 12:43:45 +00:00
|
|
|
cp = str;
|
|
|
|
host = strsep(&cp, " \t\n");
|
|
|
|
dirp = strsep(&cp, " \t\n");
|
|
|
|
if (host == NULL || dirp == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
continue;
|
|
|
|
mlp = (struct mountlist *)malloc(sizeof (*mlp));
|
1998-07-15 06:21:41 +00:00
|
|
|
if (mlp == (struct mountlist *)NULL)
|
|
|
|
out_of_mem();
|
2009-06-24 18:42:21 +00:00
|
|
|
strncpy(mlp->ml_host, host, MNTNAMLEN);
|
|
|
|
mlp->ml_host[MNTNAMLEN] = '\0';
|
|
|
|
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
|
|
|
|
mlp->ml_dirp[MNTPATHLEN] = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
mlp->ml_next = (struct mountlist *)NULL;
|
|
|
|
*mlpp = mlp;
|
|
|
|
mlpp = &mlp->ml_next;
|
|
|
|
}
|
|
|
|
fclose(mlfile);
|
|
|
|
}
|
|
|
|
|
2001-04-17 22:25:48 +00:00
|
|
|
void
|
|
|
|
del_mlist(char *hostp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct mountlist *mlp, **mlpp;
|
|
|
|
struct mountlist *mlp2;
|
|
|
|
FILE *mlfile;
|
|
|
|
int fnd = 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
1994-05-26 06:35:07 +00:00
|
|
|
mlpp = &mlhead;
|
|
|
|
mlp = mlhead;
|
|
|
|
while (mlp) {
|
|
|
|
if (!strcmp(mlp->ml_host, hostp) &&
|
|
|
|
(!dirp || !strcmp(mlp->ml_dirp, dirp))) {
|
|
|
|
fnd = 1;
|
|
|
|
mlp2 = mlp;
|
|
|
|
*mlpp = mlp = mlp->ml_next;
|
|
|
|
free((caddr_t)mlp2);
|
|
|
|
} else {
|
|
|
|
mlpp = &mlp->ml_next;
|
|
|
|
mlp = mlp->ml_next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (fnd) {
|
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
mlp = mlhead;
|
|
|
|
while (mlp) {
|
|
|
|
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
|
|
|
|
mlp = mlp->ml_next;
|
|
|
|
}
|
|
|
|
fclose(mlfile);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
add_mlist(char *hostp, char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
struct mountlist *mlp, **mlpp;
|
|
|
|
FILE *mlfile;
|
|
|
|
|
|
|
|
mlpp = &mlhead;
|
|
|
|
mlp = mlhead;
|
|
|
|
while (mlp) {
|
|
|
|
if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
|
|
|
|
return;
|
|
|
|
mlpp = &mlp->ml_next;
|
|
|
|
mlp = mlp->ml_next;
|
|
|
|
}
|
|
|
|
mlp = (struct mountlist *)malloc(sizeof (*mlp));
|
1998-07-15 06:21:41 +00:00
|
|
|
if (mlp == (struct mountlist *)NULL)
|
|
|
|
out_of_mem();
|
2009-06-24 18:42:21 +00:00
|
|
|
strncpy(mlp->ml_host, hostp, MNTNAMLEN);
|
|
|
|
mlp->ml_host[MNTNAMLEN] = '\0';
|
|
|
|
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
|
|
|
|
mlp->ml_dirp[MNTPATHLEN] = '\0';
|
1994-05-26 06:35:07 +00:00
|
|
|
mlp->ml_next = (struct mountlist *)NULL;
|
|
|
|
*mlpp = mlp;
|
|
|
|
if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
|
1998-07-15 06:21:41 +00:00
|
|
|
syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
|
1994-05-26 06:35:07 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
|
|
|
|
fclose(mlfile);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free up a group list.
|
|
|
|
*/
|
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
free_grp(struct grouplist *grp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
if (grp->gr_type == GT_HOST) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if (grp->gr_ptr.gt_addrinfo != NULL)
|
|
|
|
freeaddrinfo(grp->gr_ptr.gt_addrinfo);
|
1994-05-26 06:35:07 +00:00
|
|
|
} else if (grp->gr_type == GT_NET) {
|
|
|
|
if (grp->gr_ptr.gt_net.nt_name)
|
|
|
|
free(grp->gr_ptr.gt_net.nt_name);
|
|
|
|
}
|
|
|
|
free((caddr_t)grp);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
void
|
|
|
|
SYSLOG(int pri, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
#endif /* DEBUG */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check options for consistency.
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
check_options(struct dirlist *dp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase == 0 && dp == NULL)
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
2001-09-18 23:34:44 +00:00
|
|
|
if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
|
|
|
|
syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
|
1994-05-26 06:35:07 +00:00
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
|
2001-04-21 20:06:18 +00:00
|
|
|
syslog(LOG_ERR, "-mask requires -network");
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
|
|
|
|
syslog(LOG_ERR, "-network requires mask specification");
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
|
|
|
|
syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
|
|
|
|
return (1);
|
1994-05-26 06:35:07 +00:00
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
if (v4root_phase > 0 &&
|
|
|
|
(opt_flags &
|
|
|
|
~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
|
|
|
|
syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
|
|
|
|
return (1);
|
|
|
|
}
|
2010-05-06 00:24:08 +00:00
|
|
|
if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
|
|
|
|
syslog(LOG_ERR, "-alldirs has multiple directories");
|
|
|
|
return (1);
|
|
|
|
}
|
1994-05-26 06:35:07 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check an absolute directory path for any symbolic links. Return true
|
|
|
|
*/
|
|
|
|
int
|
2010-12-20 09:28:28 +00:00
|
|
|
check_dirpath(char *dirp)
|
1994-05-26 06:35:07 +00:00
|
|
|
{
|
|
|
|
char *cp;
|
|
|
|
int ret = 1;
|
|
|
|
struct stat sb;
|
|
|
|
|
|
|
|
cp = dirp + 1;
|
|
|
|
while (*cp && ret) {
|
|
|
|
if (*cp == '/') {
|
|
|
|
*cp = '\0';
|
1995-06-27 11:07:30 +00:00
|
|
|
if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
|
1994-05-26 06:35:07 +00:00
|
|
|
ret = 0;
|
|
|
|
*cp = '/';
|
|
|
|
}
|
|
|
|
cp++;
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
|
1994-05-26 06:35:07 +00:00
|
|
|
ret = 0;
|
|
|
|
return (ret);
|
|
|
|
}
|
1995-06-27 11:07:30 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
* Make a netmask according to the specified prefix length. The ss_family
|
|
|
|
* and other non-address fields must be initialised before calling this.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
makemask(struct sockaddr_storage *ssp, int bitlen)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
u_char *p;
|
|
|
|
int bits, i, len;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
|
|
|
|
return (-1);
|
2002-09-25 04:06:37 +00:00
|
|
|
if (bitlen > len * CHAR_BIT)
|
2001-04-21 20:06:18 +00:00
|
|
|
return (-1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++) {
|
2002-09-25 04:06:37 +00:00
|
|
|
bits = (bitlen > CHAR_BIT) ? CHAR_BIT : bitlen;
|
2011-03-01 11:47:16 +00:00
|
|
|
*p++ = (u_char)~0 << (CHAR_BIT - bits);
|
2001-04-21 20:06:18 +00:00
|
|
|
bitlen -= bits;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
2001-04-21 20:06:18 +00:00
|
|
|
return 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
* Check that the sockaddr is a valid netmask. Returns 0 if the mask
|
|
|
|
* is acceptable (i.e. of the form 1...10....0).
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
checkmask(struct sockaddr *sa)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
u_char *mask;
|
|
|
|
int i, len;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if ((mask = sa_rawaddr(sa, &len)) == NULL)
|
|
|
|
return (-1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++)
|
|
|
|
if (mask[i] != 0xff)
|
|
|
|
break;
|
|
|
|
if (i < len) {
|
|
|
|
if (~mask[i] & (u_char)(~mask[i] + 1))
|
|
|
|
return (-1);
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
for (; i < len; i++)
|
|
|
|
if (mask[i] != 0)
|
|
|
|
return (-1);
|
|
|
|
return (0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
* Compare two sockaddrs according to a specified mask. Return zero if
|
|
|
|
* `sa1' matches `sa2' when filtered by the netmask in `samask'.
|
|
|
|
* If samask is NULL, perform a full comparision.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2001-04-21 20:06:18 +00:00
|
|
|
unsigned char *p1, *p2, *mask;
|
|
|
|
int len, i;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (sa1->sa_family != sa2->sa_family ||
|
|
|
|
(p1 = sa_rawaddr(sa1, &len)) == NULL ||
|
|
|
|
(p2 = sa_rawaddr(sa2, NULL)) == NULL)
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
switch (sa1->sa_family) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case AF_INET6:
|
2001-04-21 20:06:18 +00:00
|
|
|
if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
|
|
|
|
((struct sockaddr_in6 *)sa2)->sin6_scope_id)
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Simple binary comparison if no mask specified. */
|
|
|
|
if (samask == NULL)
|
|
|
|
return (memcmp(p1, p2, len));
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/* Set up the mask, and do a mask-based comparison. */
|
|
|
|
if (sa1->sa_family != samask->sa_family ||
|
|
|
|
(mask = sa_rawaddr(samask, NULL)) == NULL)
|
|
|
|
return (1);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
for (i = 0; i < len; i++)
|
|
|
|
if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
|
|
|
|
return (1);
|
|
|
|
return (0);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
/*
|
|
|
|
* Return a pointer to the part of the sockaddr that contains the
|
|
|
|
* raw address, and set *nbytes to its length in bytes. Returns
|
|
|
|
* NULL if the address family is unknown.
|
|
|
|
*/
|
|
|
|
void *
|
|
|
|
sa_rawaddr(struct sockaddr *sa, int *nbytes) {
|
|
|
|
void *p;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
int len;
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
switch (sa->sa_family) {
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case AF_INET:
|
2001-04-21 20:06:18 +00:00
|
|
|
len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
|
|
|
|
p = &((struct sockaddr_in *)sa)->sin_addr;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
case AF_INET6:
|
2001-04-21 20:06:18 +00:00
|
|
|
len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
|
|
|
|
p = &((struct sockaddr_in6 *)sa)->sin6_addr;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
break;
|
|
|
|
default:
|
2001-04-21 20:06:18 +00:00
|
|
|
p = NULL;
|
|
|
|
len = 0;
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2001-04-21 20:06:18 +00:00
|
|
|
if (nbytes != NULL)
|
|
|
|
*nbytes = len;
|
|
|
|
return (p);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
}
|
|
|
|
|
2001-04-21 00:55:17 +00:00
|
|
|
void
|
2010-12-20 09:28:28 +00:00
|
|
|
huphandler(int sig __unused)
|
2001-04-21 00:55:17 +00:00
|
|
|
{
|
|
|
|
got_sighup = 1;
|
|
|
|
}
|
|
|
|
|
2010-12-20 09:28:28 +00:00
|
|
|
void terminate(int sig __unused)
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
{
|
2005-08-24 19:17:06 +00:00
|
|
|
pidfile_remove(pfh);
|
2009-06-24 18:42:21 +00:00
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
|
|
|
|
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
exit (0);
|
|
|
|
}
|
2009-05-27 22:02:54 +00:00
|
|
|
|