2 * Copyright (c) 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Rick Macklem at The University of Guelph.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by the University of
19 * California, Berkeley and its contributors.
20 * 4. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 static const char copyright[] =
39 "@(#) Copyright (c) 1992, 1993, 1994\n\
40 The Regents of the University of California. All rights reserved.\n";
45 static char sccsid[] = "@(#)mount_nfs.c 8.11 (Berkeley) 5/4/95";
47 static const char rcsid[] =
51 #include <sys/param.h>
52 #include <sys/mount.h>
54 #include <sys/syslog.h>
57 #include <rpc/pmap_clnt.h>
58 #include <rpc/pmap_prot.h>
61 #include <netiso/iso.h>
65 #include <kerberosIV/des.h>
66 #include <kerberosIV/krb.h>
69 #include <nfs/rpcv2.h>
70 #include <nfs/nfsproto.h>
72 #include <nfs/nqnfs.h>
74 #include <arpa/inet.h>
89 #define ALTF_NOCONN 0x2
90 #define ALTF_DUMBTIMR 0x4
92 #define ALTF_KERB 0x10
93 #define ALTF_NFSV3 0x20
94 #define ALTF_RDIRPLUS 0x40
95 #define ALTF_MNTUDP 0x80
96 #define ALTF_RESVPORT 0x100
97 #define ALTF_SEQPACKET 0x200
98 #define ALTF_NQNFS 0x400
99 #define ALTF_SOFT 0x800
100 #define ALTF_TCP 0x1000
101 #define ALTF_PORT 0x2000
102 #define ALTF_NFSV2 0x4000
103 #define ALTF_ACREGMIN 0x8000
104 #define ALTF_ACREGMAX 0x10000
105 #define ALTF_ACDIRMIN 0x20000
106 #define ALTF_ACDIRMAX 0x40000
108 struct mntopt mopts[] = {
113 { "bg", 0, ALTF_BG, 1 },
114 { "conn", 1, ALTF_NOCONN, 1 },
115 { "dumbtimer", 0, ALTF_DUMBTIMR, 1 },
116 { "intr", 0, ALTF_INTR, 1 },
118 { "kerb", 0, ALTF_KERB, 1 },
120 { "nfsv3", 0, ALTF_NFSV3, 1 },
121 { "rdirplus", 0, ALTF_RDIRPLUS, 1 },
122 { "mntudp", 0, ALTF_MNTUDP, 1 },
123 { "resvport", 0, ALTF_RESVPORT, 1 },
125 { "seqpacket", 0, ALTF_SEQPACKET, 1 },
127 { "nqnfs", 0, ALTF_NQNFS, 1 },
128 { "soft", 0, ALTF_SOFT, 1 },
129 { "tcp", 0, ALTF_TCP, 1 },
130 { "port=", 0, ALTF_PORT, 1 },
131 { "nfsv2", 0, ALTF_NFSV2, 1 },
132 { "acregmin=", 0, ALTF_ACREGMIN, 1 },
133 { "acregmax=", 0, ALTF_ACREGMAX, 1 },
134 { "acdirmin=", 0, ALTF_ACDIRMIN, 1 },
135 { "acdirmax=", 0, ALTF_ACDIRMAX, 1 },
139 struct nfs_args nfsdefargs = {
141 (struct sockaddr *)0,
142 sizeof (struct sockaddr_in),
170 u_char nfh[NFSX_V3FHMAX];
172 #define DEF_RETRY 10000
175 int retrycnt = DEF_RETRY;
177 int nfsproto = IPPROTO_UDP;
188 char realm[REALM_SZ];
193 struct nfsrpc_nickverf kverf;
194 struct nfsrpc_fullblock kin, kout;
198 NFSKERBKEYSCHED_T kerb_keysched;
201 int getnfsargs __P((char *, struct nfs_args *));
203 struct iso_addr *iso_addr __P((const char *));
205 void set_rpc_maxgrouplist __P((int));
206 void usage __P((void)) __dead2;
207 int xdr_dir __P((XDR *, char *));
208 int xdr_fh __P((XDR *, struct nfhret *));
211 * Used to set mount flags with getmntopts. Call with dir=TRUE to
212 * initialize altflags from the current mount flags. Call with
213 * dir=FALSE to update mount flags with the new value of altflags after
214 * the call to getmntopts.
217 setflags(int* altflags, int* nfsflags, int dir)
221 if (*nfsflags & NFSMNT_##nf) \
222 *altflags |= ALTF_##af; \
224 *altflags &= ~ALTF_##af; \
226 if (*altflags & ALTF_##af) \
227 *nfsflags |= NFSMNT_##nf; \
229 *nfsflags &= ~NFSMNT_##nf; \
254 register struct nfs_args *nfsargsp;
255 struct nfs_args nfsargs;
256 struct nfsd_cargs ncd;
257 int mntflags, altflags, i, nfssvc_flag, num;
258 char *name, *p, *spec;
265 (void)strcpy(realm, KRB_REALM);
266 if (sizeof (struct nfsrpc_nickverf) != RPCX_NICKVERF ||
267 sizeof (struct nfsrpc_fullblock) != RPCX_FULLBLOCK ||
268 ((char *)&ktick.kt) - ((char *)&ktick) != NFSX_UNSIGNED ||
269 ((char *)ktick.kt.dat) - ((char *)&ktick) != 2 * NFSX_UNSIGNED)
270 fprintf(stderr, "Yikes! NFSKERB structs not packed!!\n");
272 retrycnt = DEF_RETRY;
276 nfsargs = nfsdefargs;
278 while ((c = getopt(argc, argv,
279 "23a:bcdD:g:I:iKL:lm:No:PpqR:r:sTt:w:x:U")) != -1)
288 num = strtol(optarg, &p, 10);
290 errx(1, "illegal -a value -- %s", optarg);
291 nfsargsp->readahead = num;
292 nfsargsp->flags |= NFSMNT_READAHEAD;
298 nfsargsp->flags |= NFSMNT_NOCONN;
301 num = strtol(optarg, &p, 10);
303 errx(1, "illegal -D value -- %s", optarg);
304 nfsargsp->deadthresh = num;
305 nfsargsp->flags |= NFSMNT_DEADTHRESH;
308 nfsargsp->flags |= NFSMNT_DUMBTIMR;
311 num = strtol(optarg, &p, 10);
313 errx(1, "illegal -g value -- %s", optarg);
315 set_rpc_maxgrouplist(num);
317 nfsargsp->maxgrouplist = num;
318 nfsargsp->flags |= NFSMNT_MAXGRPS;
321 num = strtol(optarg, &p, 10);
323 errx(1, "illegal -I value -- %s", optarg);
324 nfsargsp->readdirsize = num;
325 nfsargsp->flags |= NFSMNT_READDIRSIZE;
328 nfsargsp->flags |= NFSMNT_INT;
332 nfsargsp->flags |= NFSMNT_KERB;
336 num = strtol(optarg, &p, 10);
338 errx(1, "illegal -L value -- %s", optarg);
339 nfsargsp->leaseterm = num;
340 nfsargsp->flags |= NFSMNT_LEASETERM;
343 nfsargsp->flags |= NFSMNT_RDIRPLUS;
347 (void)strncpy(realm, optarg, REALM_SZ - 1);
348 realm[REALM_SZ - 1] = '\0';
352 nfsargsp->flags &= ~NFSMNT_RESVPORT;
356 setflags(&altflags, &nfsargsp->flags, TRUE);
358 altflags |= ALTF_NFSV2;
359 else if (mountmode == V3)
360 altflags |= ALTF_NFSV3;
361 getmntopts(optarg, mopts, &mntflags, &altflags);
362 setflags(&altflags, &nfsargsp->flags, FALSE);
364 * Handle altflags which don't map directly to
367 if(altflags & ALTF_BG)
369 if(altflags & ALTF_MNTUDP)
372 if(altflags & ALTF_SEQPACKET)
373 nfsargsp->sotype = SOCK_SEQPACKET;
375 if(altflags & ALTF_TCP) {
376 nfsargsp->sotype = SOCK_STREAM;
377 nfsproto = IPPROTO_TCP;
379 if(altflags & ALTF_PORT)
380 port_no = atoi(strstr(optarg, "port=") + 5);
382 if(altflags & ALTF_NFSV2)
384 if(altflags & ALTF_NFSV3)
386 if(altflags & ALTF_ACREGMIN)
387 nfsargsp->acregmin = atoi(strstr(optarg,
389 if(altflags & ALTF_ACREGMAX)
390 nfsargsp->acregmax = atoi(strstr(optarg,
392 if(altflags & ALTF_ACDIRMIN)
393 nfsargsp->acdirmin = atoi(strstr(optarg,
395 if(altflags & ALTF_ACDIRMAX)
396 nfsargsp->acdirmax = atoi(strstr(optarg,
400 /* obsolete for NFSMNT_RESVPORT, now default */
404 nfsargsp->sotype = SOCK_SEQPACKET;
409 nfsargsp->flags |= NFSMNT_NQNFS;
412 num = strtol(optarg, &p, 10);
414 errx(1, "illegal -R value -- %s", optarg);
418 num = strtol(optarg, &p, 10);
420 errx(1, "illegal -r value -- %s", optarg);
421 nfsargsp->rsize = num;
422 nfsargsp->flags |= NFSMNT_RSIZE;
425 nfsargsp->flags |= NFSMNT_SOFT;
428 nfsargsp->sotype = SOCK_STREAM;
429 nfsproto = IPPROTO_TCP;
432 num = strtol(optarg, &p, 10);
434 errx(1, "illegal -t value -- %s", optarg);
435 nfsargsp->timeo = num;
436 nfsargsp->flags |= NFSMNT_TIMEO;
439 num = strtol(optarg, &p, 10);
441 errx(1, "illegal -w value -- %s", optarg);
442 nfsargsp->wsize = num;
443 nfsargsp->flags |= NFSMNT_WSIZE;
446 num = strtol(optarg, &p, 10);
448 errx(1, "illegal -x value -- %s", optarg);
449 nfsargsp->retrans = num;
450 nfsargsp->flags |= NFSMNT_RETRANS;
470 if (!getnfsargs(spec, nfsargsp))
474 error = getvfsbyname("nfs", &vfc);
475 if (error && vfsisloadable("nfs")) {
477 err(EX_OSERR, "vfsload(nfs)");
478 endvfsent(); /* clear cache */
479 error = getvfsbyname("nfs", &vfc);
482 errx(EX_OSERR, "nfs filesystem is not available");
484 if (mount(vfc.vfc_name, name, mntflags, nfsargsp))
487 if (mount("nfs", name, mntflags, nfsargsp))
490 if (nfsargsp->flags & (NFSMNT_NQNFS | NFSMNT_KERB)) {
491 if ((opflags & ISBGRND) == 0) {
498 (void) close(STDIN_FILENO);
499 (void) close(STDOUT_FILENO);
500 (void) close(STDERR_FILENO);
503 openlog("mount_nfs:", LOG_PID, LOG_DAEMON);
504 nfssvc_flag = NFSSVC_MNTD;
506 while (nfssvc(nfssvc_flag, (caddr_t)&ncd) < 0) {
507 if (errno != ENEEDAUTH) {
508 syslog(LOG_ERR, "nfssvc err %m");
512 NFSSVC_MNTD | NFSSVC_GOTAUTH | NFSSVC_AUTHINFAIL;
515 * Set up as ncd_authuid for the kerberos call.
516 * Must set ruid to ncd_authuid and reset the
517 * ticket name iff ncd_authuid is not the same
518 * as last time, so that the right ticket file
520 * Get the Kerberos credential structure so that
521 * we have the session key and get a ticket for
523 * For more info see the IETF Draft "Authentication
526 if (ncd.ncd_authuid != last_ruid) {
528 (void)sprintf(buf, "%s%d",
529 TKT_ROOT, ncd.ncd_authuid);
530 krb_set_tkt_string(buf);
531 last_ruid = ncd.ncd_authuid;
533 setreuid(ncd.ncd_authuid, 0);
534 kret = krb_get_cred(NFS_KERBSRV, inst, realm, &kcr);
535 if (kret == RET_NOTKT) {
536 kret = get_ad_tkt(NFS_KERBSRV, inst, realm,
538 if (kret == KSUCCESS)
539 kret = krb_get_cred(NFS_KERBSRV, inst, realm,
542 if (kret == KSUCCESS)
543 kret = krb_mk_req(&ktick.kt, NFS_KERBSRV, inst,
547 * Fill in the AKN_FULLNAME authenticator and verifier.
548 * Along with the Kerberos ticket, we need to build
549 * the timestamp verifier and encrypt it in CBC mode.
551 if (kret == KSUCCESS &&
552 ktick.kt.length <= (RPCAUTH_MAXSIZ-3*NFSX_UNSIGNED)
553 && gettimeofday(&ktv, (struct timezone *)0) == 0) {
554 ncd.ncd_authtype = RPCAUTH_KERB4;
555 ncd.ncd_authstr = (u_char *)&ktick;
556 ncd.ncd_authlen = nfsm_rndup(ktick.kt.length) +
558 ncd.ncd_verfstr = (u_char *)&kverf;
559 ncd.ncd_verflen = sizeof (kverf);
560 memmove(ncd.ncd_key, kcr.session,
561 sizeof (kcr.session));
562 kin.t1 = htonl(ktv.tv_sec);
563 kin.t2 = htonl(ktv.tv_usec);
564 kin.w1 = htonl(NFS_KERBTTL);
565 kin.w2 = htonl(NFS_KERBTTL - 1);
566 bzero((caddr_t)kivec, sizeof (kivec));
569 * Encrypt kin in CBC mode using the session
575 * Finally, fill the timestamp verifier into the
576 * authenticator and verifier.
578 ktick.kind = htonl(RPCAKN_FULLNAME);
579 kverf.kind = htonl(RPCAKN_FULLNAME);
580 NFS_KERBW1(ktick.kt) = kout.w1;
581 ktick.kt.length = htonl(ktick.kt.length);
582 kverf.verf.t1 = kout.t1;
583 kverf.verf.t2 = kout.t2;
584 kverf.verf.w2 = kout.w2;
585 nfssvc_flag = NFSSVC_MNTD | NFSSVC_GOTAUTH;
595 * Return RPC_SUCCESS if server responds.
598 pingnfsserver(addr, version, sotype)
599 struct sockaddr_in *addr;
603 struct sockaddr_in sin;
606 int so = RPC_ANYSOCK;
608 struct timeval pertry, try;
612 if ((tport = port_no ? port_no :
613 pmap_getport(&sin, RPCPROG_NFS, version, nfsproto)) == 0) {
614 return rpc_createerr.cf_stat;
617 sin.sin_port = htons(tport);
621 if (sotype == SOCK_STREAM)
622 clp = clnttcp_create(&sin, RPCPROG_NFS, version,
625 clp = clntudp_create(&sin, RPCPROG_NFS, version,
628 return rpc_createerr.cf_stat;
632 stat = clnt_call(clp, NFSPROC_NULL,
633 xdr_void, NULL, xdr_void, NULL, try);
641 getnfsargs(spec, nfsargsp)
643 struct nfs_args *nfsargsp;
645 register CLIENT *clp;
647 static struct sockaddr_in saddr;
649 static struct sockaddr_iso isoaddr;
650 struct iso_addr *isop;
653 struct timeval pertry, try;
654 enum clnt_stat clnt_stat;
655 int so = RPC_ANYSOCK, i, nfsvers, mntvers, orgcnt;
656 char *hostp, *delimp;
661 static struct nfhret nfhret;
662 static char nam[MNAMELEN + 1];
664 strncpy(nam, spec, MNAMELEN);
665 nam[MNAMELEN] = '\0';
666 if ((delimp = strchr(spec, '@')) != NULL) {
668 } else if ((delimp = strchr(spec, ':')) != NULL) {
672 warnx("no <host>:<dirpath> or <dirpath>@<host> spec");
677 * DUMB!! Until the mount protocol works on iso transport, we must
678 * supply both an iso and an inet address for the host.
681 if (!strncmp(hostp, "iso=", 4)) {
686 if ((delimp = strchr(hostp, '+')) == NULL) {
687 warnx("no iso+inet address");
691 if ((isop = iso_addr(hostp)) == NULL) {
692 warnx("bad ISO address");
695 memset(&isoaddr, 0, sizeof (isoaddr));
696 memmove(&isoaddr.siso_addr, isop, sizeof (struct iso_addr));
697 isoaddr.siso_len = sizeof (isoaddr);
698 isoaddr.siso_family = AF_ISO;
699 isoaddr.siso_tlen = 2;
700 isoport = htons(NFS_PORT);
701 memmove(TSEL(&isoaddr), &isoport, isoaddr.siso_tlen);
707 * Handle an internet host address and reverse resolve it if
710 if (isdigit(*hostp)) {
711 if ((saddr.sin_addr.s_addr = inet_addr(hostp)) == -1) {
712 warnx("bad net address %s", hostp);
715 } else if ((hp = gethostbyname(hostp)) != NULL)
716 memmove(&saddr.sin_addr, hp->h_addr,
717 MIN(hp->h_length, sizeof(saddr.sin_addr)));
719 warnx("can't get net id for host");
723 if ((nfsargsp->flags & NFSMNT_KERB)) {
724 if ((hp = gethostbyaddr((char *)&saddr.sin_addr.s_addr,
725 sizeof (u_long), AF_INET)) == (struct hostent *)0) {
726 warnx("can't reverse resolve net address");
729 memmove(&saddr.sin_addr, hp->h_addr,
730 MIN(hp->h_length, sizeof(saddr.sin_addr)));
731 strncpy(inst, hp->h_name, INST_SZ);
732 inst[INST_SZ - 1] = '\0';
733 if (cp = strchr(inst, '.'))
740 if (mountmode == ANY || mountmode == V3) {
743 nfsargsp->flags |= NFSMNT_NFSV3;
747 nfsargsp->flags &= ~NFSMNT_NFSV3;
749 nfhret.stat = EACCES; /* Mark not yet successful */
750 while (retrycnt > 0) {
751 saddr.sin_family = AF_INET;
752 saddr.sin_port = htons(PMAPPORT);
753 if ((tport = port_no ? port_no :
754 pmap_getport(&saddr, RPCPROG_NFS,
755 nfsvers, nfsproto)) == 0) {
756 if ((opflags & ISBGRND) == 0)
757 clnt_pcreateerror("NFS Portmap");
760 * First ping the nfs server to see if it supports
761 * the version of the protocol we want to use.
763 clnt_stat = pingnfsserver(&saddr, nfsvers,
765 if (clnt_stat == RPC_PROGVERSMISMATCH) {
766 if (mountmode == ANY) {
770 errx(1, "can't contact NFS server");
776 if (mnttcp_ok && nfsargsp->sotype == SOCK_STREAM)
777 clp = clnttcp_create(&saddr, RPCPROG_MNT, mntvers,
780 clp = clntudp_create(&saddr, RPCPROG_MNT, mntvers,
783 if ((opflags & ISBGRND) == 0)
784 clnt_pcreateerror("Cannot MNT RPC");
786 clp->cl_auth = authunix_create_default();
789 if (nfsargsp->flags & NFSMNT_KERB)
790 nfhret.auth = RPCAUTH_KERB4;
792 nfhret.auth = RPCAUTH_UNIX;
793 nfhret.vers = mntvers;
794 clnt_stat = clnt_call(clp, RPCMNT_MOUNT,
795 xdr_dir, spec, xdr_fh, &nfhret, try);
796 if (clnt_stat != RPC_SUCCESS) {
797 if (clnt_stat == RPC_PROGVERSMISMATCH) {
798 if (mountmode == ANY) {
803 clnt_sperror(clp, "MNT RPC"));
806 if ((opflags & ISBGRND) == 0)
807 warnx("%s", clnt_sperror(clp,
810 auth_destroy(clp->cl_auth);
816 if (--retrycnt > 0) {
817 if (opflags & BGRND) {
825 (void) close(STDIN_FILENO);
826 (void) close(STDOUT_FILENO);
827 (void) close(STDERR_FILENO);
835 if (opflags & ISBGRND)
837 warnx("can't access %s: %s", spec, strerror(nfhret.stat));
840 saddr.sin_port = htons(tport);
843 nfsargsp->addr = (struct sockaddr *) &isoaddr;
844 nfsargsp->addrlen = sizeof (isoaddr);
848 nfsargsp->addr = (struct sockaddr *) &saddr;
849 nfsargsp->addrlen = sizeof (saddr);
851 nfsargsp->fh = nfhret.nfh;
852 nfsargsp->fhsize = nfhret.fhsize;
853 nfsargsp->hostname = nam;
858 * xdr routines for mount rpc's
865 return (xdr_string(xdrsp, &dirp, RPCMNT_PATHLEN));
871 register struct nfhret *np;
874 long auth, authcnt, authfnd = 0;
876 if (!xdr_u_long(xdrsp, &np->stat))
882 np->fhsize = NFSX_V2FH;
883 return (xdr_opaque(xdrsp, (caddr_t)np->nfh, NFSX_V2FH));
885 if (!xdr_long(xdrsp, &np->fhsize))
887 if (np->fhsize <= 0 || np->fhsize > NFSX_V3FHMAX)
889 if (!xdr_opaque(xdrsp, (caddr_t)np->nfh, np->fhsize))
891 if (!xdr_long(xdrsp, &authcnt))
893 for (i = 0; i < authcnt; i++) {
894 if (!xdr_long(xdrsp, &auth))
896 if (auth == np->auth)
900 * Some servers, such as DEC's OSF/1 return a nil authenticator
901 * list to indicate RPCAUTH_UNIX.
903 if (!authfnd && (authcnt > 0 || np->auth != RPCAUTH_UNIX))
913 (void)fprintf(stderr, "%s\n%s\n%s\n%s\n",
914 "usage: mount_nfs [-23KNPTUbcdilqs] [-D deadthresh] [-I readdirsize]",
915 " [-L leaseterm] [-R retrycnt] [-a maxreadahead]",
916 " [-g maxgroups] [-m realm] [-o options] [-r readsize]",
917 " [-t timeout] [-w writesize] [-x retrans] rhost:path node");