2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
8 * Herb Hasler and Rick Macklem at The University of Guelph.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 static const char copyright[] =
37 "@(#) Copyright (c) 1989, 1993\n\
38 The Regents of the University of California. All rights reserved.\n";
43 static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
47 #include <sys/cdefs.h>
48 #include <sys/param.h>
50 #include <sys/fcntl.h>
51 #include <sys/fnv_hash.h>
52 #include <sys/linker.h>
53 #include <sys/module.h>
54 #include <sys/mount.h>
55 #include <sys/queue.h>
57 #include <sys/sysctl.h>
58 #include <sys/syslog.h>
61 #include <rpc/rpc_com.h>
62 #include <rpc/pmap_clnt.h>
63 #include <rpc/pmap_prot.h>
64 #include <rpcsvc/mount.h>
65 #include <nfs/nfsproto.h>
66 #include <nfs/nfssvc.h>
67 #include <nfsserver/nfs.h>
69 #include <fs/nfs/nfsport.h>
71 #include <arpa/inet.h>
86 #include "pathnames.h"
94 * Structures for keeping the mount list and export list
97 char ml_host[MNTNAMLEN+1];
98 char ml_dirp[MNTPATHLEN+1];
100 SLIST_ENTRY(mountlist) next;
104 struct dirlist *dp_left;
105 struct dirlist *dp_right;
107 struct hostlist *dp_hosts; /* List of hosts this dir exported to */
111 #define DP_DEFSET 0x1
112 #define DP_HOSTSET 0x2
115 * maproot/mapall credentials.
116 * cr_smallgrps can be used for a group list up to SMALLNGROUPS in size.
117 * Larger group lists are malloc'd/free'd.
119 #define SMALLNGROUPS 32
123 gid_t cr_smallgrps[SMALLNGROUPS];
128 struct dirlist *ex_dirl;
129 struct dirlist *ex_defdir;
130 struct grouplist *ex_grphead;
135 struct expcred ex_defanon;
136 uint64_t ex_defexflags;
137 int ex_numsecflavors;
138 int ex_secflavors[MAXSECFLAVORS];
139 int ex_defnumsecflavors;
140 int ex_defsecflavors[MAXSECFLAVORS];
142 SLIST_ENTRY(exportlist) entries;
145 #define EX_LINKED 0x1
147 #define EX_DEFSET 0x4
148 #define EX_PUBLICFH 0x8
150 SLIST_HEAD(exportlisthead, exportlist);
153 struct sockaddr_storage nt_net;
154 struct sockaddr_storage nt_mask;
159 struct addrinfo *gt_addrinfo;
160 struct netmsk gt_net;
165 union grouptypes gr_ptr;
166 struct grouplist *gr_next;
167 struct expcred gr_anon;
170 int gr_numsecflavors;
171 int gr_secflavors[MAXSECFLAVORS];
177 #define GT_DEFAULT 0x3
178 #define GT_IGNORE 0x5
184 int ht_flag; /* Uses DP_xx bits */
185 struct grouplist *ht_grp;
186 struct hostlist *ht_next;
193 int fhr_numsecflavors;
197 #define GETPORT_MAXTRY 20 /* Max tries to get a port # */
200 * How long to delay a reload of exports when there are RPC request(s)
201 * to process, in usec. Must be less than 1second.
203 #define RELOADDELAY 250000
206 static char *add_expdir(struct dirlist **, char *, int);
207 static void add_dlist(struct dirlist **, struct dirlist *,
208 struct grouplist *, int, struct exportlist *,
209 struct expcred *, uint64_t);
210 static void add_mlist(char *, char *);
211 static int check_path_component(const char *, char **);
212 static int check_dirpath(char *, char **);
213 static int check_statfs(const char *, struct statfs *, char **);
214 static int check_options(struct dirlist *);
215 static int checkmask(struct sockaddr *sa);
216 static int chk_host(struct dirlist *, struct sockaddr *, int *, int *,
218 static char *strsep_quote(char **stringp, const char *delim);
219 static int create_service(struct netconfig *nconf);
220 static void complete_service(struct netconfig *nconf, char *port_str);
221 static void clearout_service(void);
222 static void del_mlist(char *hostp, char *dirp);
223 static struct dirlist *dirp_search(struct dirlist *, char *);
224 static int do_export_mount(struct exportlist *, struct statfs *);
225 static int do_mount(struct exportlist *, struct grouplist *, uint64_t,
226 struct expcred *, char *, int, struct statfs *, int, int *);
227 static int do_opt(char **, char **, struct exportlist *,
228 struct grouplist *, int *, uint64_t *, struct expcred *);
229 static struct exportlist *ex_search(fsid_t *, struct exportlisthead *);
230 static struct exportlist *get_exp(void);
231 static void free_dir(struct dirlist *);
232 static void free_exp(struct exportlist *);
233 static void free_grp(struct grouplist *);
234 static void free_host(struct hostlist *);
235 static void free_v4rootexp(void);
236 static void get_exportlist_one(int);
237 static void get_exportlist(int);
238 static void insert_exports(struct exportlist *, struct exportlisthead *);
239 static void free_exports(struct exportlisthead *);
240 static void read_exportfile(int);
241 static int compare_nmount_exportlist(struct iovec *, int, char *);
242 static int compare_export(struct exportlist *, struct exportlist *);
243 static int compare_cred(struct expcred *, struct expcred *);
244 static int compare_secflavor(int *, int *, int);
245 static void delete_export(struct iovec *, int, struct statfs *, char *);
246 static int get_host(char *, struct grouplist *, struct grouplist *);
247 static struct hostlist *get_ht(void);
248 static int get_line(void);
249 static void get_mountlist(void);
250 static int get_net(char *, struct netmsk *, int);
251 static void getexp_err(struct exportlist *, struct grouplist *, const char *);
252 static struct grouplist *get_grp(void);
253 static void hang_dirp(struct dirlist *, struct grouplist *,
254 struct exportlist *, int, struct expcred *, uint64_t);
255 static void huphandler(int sig);
256 static int makemask(struct sockaddr_storage *ssp, int bitlen);
257 static void mntsrv(struct svc_req *, SVCXPRT *);
258 static void nextfield(char **, char **);
259 static void out_of_mem(void);
260 static void parsecred(char *, struct expcred *);
261 static int parsesec(char *, struct exportlist *);
262 static int put_exlist(struct dirlist *, XDR *, struct dirlist *,
264 static void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
265 static int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
266 struct sockaddr *samask);
267 static int scan_tree(struct dirlist *, struct sockaddr *);
268 static void usage(void);
269 static int xdr_dir(XDR *, char *);
270 static int xdr_explist(XDR *, caddr_t);
271 static int xdr_explist_brief(XDR *, caddr_t);
272 static int xdr_explist_common(XDR *, caddr_t, int);
273 static int xdr_fhs(XDR *, caddr_t);
274 static int xdr_mlist(XDR *, caddr_t);
275 static void terminate(int);
276 static void cp_cred(struct expcred *, struct expcred *);
278 #define EXPHASH(f) (fnv_32_buf((f), sizeof(fsid_t), 0) % exphashsize)
279 static struct exportlisthead *exphead = NULL;
280 static struct exportlisthead *oldexphead = NULL;
281 static int exphashsize = 0;
282 static SLIST_HEAD(, mountlist) mlhead = SLIST_HEAD_INITIALIZER(&mlhead);
283 static char *exnames_default[2] = { _PATH_EXPORTS, NULL };
284 static char **exnames;
285 static char **hosts = NULL;
286 static int force_v2 = 0;
287 static int resvport_only = 1;
288 static int nhosts = 0;
289 static int dir_only = 1;
290 static int dolog = 0;
291 static _Atomic(int) got_sighup = 0;
292 static int xcreated = 0;
294 static char *svcport_str = NULL;
295 static int mallocd_svcport = 0;
297 static int sock_fdcnt;
298 static int sock_fdpos;
299 static int suspend_nfsd = 0;
301 static int opt_flags;
302 static int have_v6 = 1;
304 static int v4root_phase = 0;
305 static char v4root_dirpath[PATH_MAX + 1];
306 static struct exportlist *v4root_ep = NULL;
307 static int has_publicfh = 0;
308 static int has_set_publicfh = 0;
310 static struct pidfh *pfh = NULL;
311 /* Bits for opt_flags above */
312 #define OP_MAPROOT 0x01
313 #define OP_MAPALL 0x02
317 #define OP_ALLDIRS 0x40
318 #define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
319 #define OP_QUIET 0x100
320 #define OP_MASKLEN 0x200
322 #define OP_CLASSMASK 0x800 /* mask not specified, is Class A/B/C default */
325 static int debug = 1;
326 static void SYSLOG(int, const char *, ...) __printflike(2, 3);
327 #define syslog SYSLOG
329 static int debug = 0;
333 * The LOGDEBUG() syslog() calls are always compiled into the daemon.
334 * To enable them, create a file at _PATH_MOUNTDDEBUG. This file can be empty.
335 * To disable the logging, just delete the file at _PATH_MOUNTDDEBUG.
337 static int logdebug = 0;
338 #define LOGDEBUG(format, ...) \
339 (logdebug ? syslog(LOG_DEBUG, format, ## __VA_ARGS__) : 0)
342 * Similar to strsep(), but it allows for quoted strings
343 * and escaped characters.
345 * It returns the string (or NULL, if *stringp is NULL),
346 * which is a de-quoted version of the string if necessary.
348 * It modifies *stringp in place.
351 strsep_quote(char **stringp, const char *delim)
353 char *srcptr, *dstptr, *retval;
356 if (stringp == NULL || *stringp == NULL)
359 srcptr = dstptr = retval = *stringp;
363 * We're looking for several edge cases here.
364 * First: if we're in quote state (quot != 0),
365 * then we ignore the delim characters, but otherwise
366 * process as normal, unless it is the quote character.
367 * Second: if the current character is a backslash,
368 * we take the next character as-is, without checking
369 * for delim, quote, or backslash. Exception: if the
370 * next character is a NUL, that's the end of the string.
371 * Third: if the character is a quote character, we toggle
373 * Otherwise: check the current character for NUL, or
374 * being in delim, and end the string if either is true.
376 if (*srcptr == '\\') {
379 * The edge case here is if the next character
380 * is NUL, we want to stop processing. But if
381 * it's not NUL, then we simply want to copy it.
384 *dstptr++ = *srcptr++;
388 if (quot == 0 && (*srcptr == '\'' || *srcptr == '"')) {
392 if (quot && *srcptr == quot) {
393 /* End of the quoted part */
398 if (!quot && strchr(delim, *srcptr))
400 *dstptr++ = *srcptr++;
403 *stringp = (*srcptr == '\0') ? NULL : srcptr + 1;
404 *dstptr = 0; /* Terminate the string */
409 * Mountd server for NFS mount protocol as described in:
410 * NFS: Network File System Protocol Specification, RFC1094, Appendix A
411 * The optional arguments are the exports file name
412 * default: _PATH_EXPORTS
413 * and "-n" to allow nonroot mount.
416 main(int argc, char **argv)
419 struct netconfig *nconf;
420 char *endptr, **hosts_bak;
425 int maxrec = RPC_MAXDATASIZE;
426 int attempt_cnt, port_len, port_pos, ret;
428 uint64_t curtime, nexttime;
431 sigset_t sig_mask, sighup_mask;
435 /* Check that another mountd isn't already running. */
436 pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
439 errx(1, "mountd already running, pid: %d.", otherpid);
440 warn("cannot open or create pidfile");
443 s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
449 while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1)
455 /* now a no-op, since this is the default */
461 /* Do not support Mount protocol */
468 debug = debug ? 0 : 1;
475 svcport = (in_port_t)strtoul(optarg, &endptr, 10);
476 if (endptr == NULL || *endptr != '\0' ||
477 svcport == 0 || svcport >= IPPORT_MAX)
479 svcport_str = strdup(optarg);
484 hosts_bak = realloc(hosts, nhosts * sizeof(char *));
485 if (hosts_bak == NULL) {
487 for (k = 0; k < nhosts; k++)
494 hosts[nhosts - 1] = strdup(optarg);
495 if (hosts[nhosts - 1] == NULL) {
496 for (k = 0; k < (nhosts - 1); k++)
508 if (enable_rpcbind == 0) {
509 if (svcport_str != NULL) {
510 warnx("-p option not compatible with -R, ignored");
515 warnx("-h option not compatible with -R, ignored");
516 for (k = 0; k < nhosts; k++)
524 if (modfind("nfsd") < 0) {
525 /* Not present in kernel, try loading it */
526 if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
527 errx(1, "NFS server is not available");
535 exnames = exnames_default;
536 openlog("mountd", LOG_PID, LOG_DAEMON);
538 warnx("getting export list");
541 warnx("getting mount list");
547 signal(SIGINT, SIG_IGN);
548 signal(SIGQUIT, SIG_IGN);
550 signal(SIGHUP, huphandler);
551 signal(SIGTERM, terminate);
552 signal(SIGPIPE, SIG_IGN);
556 if (enable_rpcbind != 0) {
557 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
558 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
559 rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
561 if (!resvport_only) {
562 if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
563 &resvport_only, sizeof(resvport_only)) != 0 &&
565 syslog(LOG_ERR, "sysctl: %m");
571 * If no hosts were specified, add a wildcard entry to bind to
572 * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added
576 hosts = malloc(sizeof(char *));
584 hosts_bak = realloc(hosts, (nhosts + 2) *
586 if (hosts_bak == NULL) {
587 for (k = 0; k < nhosts; k++)
594 hosts[nhosts - 2] = "::1";
596 hosts_bak = realloc(hosts, (nhosts + 1) *
598 if (hosts_bak == NULL) {
599 for (k = 0; k < nhosts; k++)
609 hosts[nhosts - 1] = "127.0.0.1";
618 if (enable_rpcbind != 0) {
619 nc_handle = setnetconfig();
620 while ((nconf = getnetconfig(nc_handle))) {
621 if (nconf->nc_flag & NC_VISIBLE) {
622 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
626 ret = create_service(nconf);
628 /* Ignore this call */
632 * Failed to bind port, so close
633 * off all sockets created and
634 * try again if the port# was
635 * dynamically assigned via
639 if (mallocd_svcport != 0 &&
654 * Start over at the first
660 nc_handle = setnetconfig();
662 } else if (mallocd_svcport != 0 &&
663 attempt_cnt == GETPORT_MAXTRY) {
665 * For the last attempt, allow
666 * different port #s for each
667 * nconf by saving the
668 * svcport_str setting it back
671 port_list = realloc(port_list,
674 if (port_list == NULL)
676 port_list[port_len++] =
686 * Successfully bound the ports, so call complete_service() to
687 * do the rest of the setup on the service(s).
691 nc_handle = setnetconfig();
692 while ((nconf = getnetconfig(nc_handle))) {
693 if (nconf->nc_flag & NC_VISIBLE) {
694 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
697 } else if (port_list != NULL) {
698 if (port_pos >= port_len) {
699 syslog(LOG_ERR, "too many"
703 complete_service(nconf,
704 port_list[port_pos++]);
706 complete_service(nconf, svcport_str);
709 endnetconfig(nc_handle);
711 if (port_list != NULL) {
712 for (port_pos = 0; port_pos < port_len; port_pos++)
713 free(port_list[port_pos]);
718 syslog(LOG_ERR, "could not create any services");
723 /* Expand svc_run() here so that we can call get_exportlist(). */
724 curtime = nexttime = 0;
725 sigemptyset(&sighup_mask);
726 sigaddset(&sighup_mask, SIGHUP);
728 clock_gettime(CLOCK_MONOTONIC, &tp);
730 curtime = curtime * 1000000 + tp.tv_nsec / 1000;
731 sigprocmask(SIG_BLOCK, &sighup_mask, &sig_mask);
732 if (got_sighup && curtime >= nexttime) {
734 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
736 clock_gettime(CLOCK_MONOTONIC, &tp);
737 nexttime = tp.tv_sec;
738 nexttime = nexttime * 1000000 + tp.tv_nsec / 1000 +
741 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
744 * If a reload is pending, poll for received request(s),
745 * otherwise set a RELOADDELAY timeout, since a SIGHUP
746 * could be processed between the got_sighup test and
747 * the select() system call.
753 tv.tv_usec = RELOADDELAY;
754 if (enable_rpcbind != 0) {
756 switch (select(svc_maxfd + 1, &readfds, NULL, NULL,
759 if (errno == EINTR) {
760 /* Allow a reload now. */
764 syslog(LOG_ERR, "mountd died: select: %m");
767 /* Allow a reload now. */
771 svc_getreqset(&readfds);
774 /* Simply wait for a signal. */
775 sigsuspend(&sig_mask);
781 * This routine creates and binds sockets on the appropriate
782 * addresses. It gets called one time for each transport.
783 * It returns 0 upon success, 1 for ignore the call and -1 to indicate
784 * bind failed with EADDRINUSE.
785 * Any file descriptors that have been created are stored in sock_fd and
786 * the total count of them is maintained in sock_fdcnt.
789 create_service(struct netconfig *nconf)
791 struct addrinfo hints, *res = NULL;
792 struct sockaddr_in *sin;
793 struct sockaddr_in6 *sin6;
794 struct __rpc_sockinfo si;
800 u_int32_t host_addr[4]; /* IPv4 or IPv6 */
803 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
804 (nconf->nc_semantics != NC_TPI_COTS) &&
805 (nconf->nc_semantics != NC_TPI_COTS_ORD))
806 return (1); /* not my type */
809 * XXX - using RPC library internal functions.
811 if (!__rpc_nconf2sockinfo(nconf, &si)) {
812 syslog(LOG_ERR, "cannot get information for %s",
817 /* Get mountd's address on this transport */
818 memset(&hints, 0, sizeof hints);
819 hints.ai_family = si.si_af;
820 hints.ai_socktype = si.si_socktype;
821 hints.ai_protocol = si.si_proto;
824 * Bind to specific IPs if asked to
827 while (nhostsbak > 0) {
829 sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int));
832 sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */
835 hints.ai_flags = AI_PASSIVE;
838 * XXX - using RPC library internal functions.
840 if ((fd = __rpc_nconf2fd(nconf)) < 0) {
842 if (errno == EAFNOSUPPORT &&
843 nconf->nc_semantics != NC_TPI_CLTS)
846 syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
847 "cannot create socket for %s", nconf->nc_netid);
853 switch (hints.ai_family) {
855 if (inet_pton(AF_INET, hosts[nhostsbak],
857 hints.ai_flags |= AI_NUMERICHOST;
860 * Skip if we have an AF_INET6 address.
862 if (inet_pton(AF_INET6, hosts[nhostsbak],
870 if (inet_pton(AF_INET6, hosts[nhostsbak],
872 hints.ai_flags |= AI_NUMERICHOST;
875 * Skip if we have an AF_INET address.
877 if (inet_pton(AF_INET, hosts[nhostsbak],
885 * We're doing host-based access checks here, so don't
886 * allow v4-in-v6 to confuse things. The kernel will
887 * disable it by default on NFS sockets too.
889 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
892 "can't disable v4-in-v6 on IPv6 socket");
901 * If no hosts were specified, just bind to INADDR_ANY
903 if (strcmp("*", hosts[nhostsbak]) == 0) {
904 if (svcport_str == NULL) {
905 res = malloc(sizeof(struct addrinfo));
909 res->ai_flags = hints.ai_flags;
910 res->ai_family = hints.ai_family;
911 res->ai_protocol = hints.ai_protocol;
912 switch (res->ai_family) {
914 sin = malloc(sizeof(struct sockaddr_in));
917 sin->sin_family = AF_INET;
918 sin->sin_port = htons(0);
919 sin->sin_addr.s_addr = htonl(INADDR_ANY);
920 res->ai_addr = (struct sockaddr*) sin;
921 res->ai_addrlen = (socklen_t)
922 sizeof(struct sockaddr_in);
925 sin6 = malloc(sizeof(struct sockaddr_in6));
928 sin6->sin6_family = AF_INET6;
929 sin6->sin6_port = htons(0);
930 sin6->sin6_addr = in6addr_any;
931 res->ai_addr = (struct sockaddr*) sin6;
932 res->ai_addrlen = (socklen_t)
933 sizeof(struct sockaddr_in6);
936 syslog(LOG_ERR, "bad addr fam %d",
941 if ((aicode = getaddrinfo(NULL, svcport_str,
942 &hints, &res)) != 0) {
944 "cannot get local address for %s: %s",
946 gai_strerror(aicode));
952 if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
953 &hints, &res)) != 0) {
955 "cannot get local address for %s: %s",
956 nconf->nc_netid, gai_strerror(aicode));
963 sock_fd[sock_fdcnt - 1] = fd;
965 /* Now, attempt the bind. */
966 r = bindresvport_sa(fd, res->ai_addr);
968 if (errno == EADDRINUSE && mallocd_svcport != 0) {
969 if (mallocd_res != 0) {
976 syslog(LOG_ERR, "bindresvport_sa: %m");
980 if (svcport_str == NULL) {
981 svcport_str = malloc(NI_MAXSERV * sizeof(char));
982 if (svcport_str == NULL)
986 if (getnameinfo(res->ai_addr,
987 res->ai_addr->sa_len, NULL, NI_MAXHOST,
988 svcport_str, NI_MAXSERV * sizeof(char),
989 NI_NUMERICHOST | NI_NUMERICSERV))
990 errx(1, "Cannot get port number");
992 if (mallocd_res != 0) {
1003 * Called after all the create_service() calls have succeeded, to complete
1004 * the setup and registration.
1007 complete_service(struct netconfig *nconf, char *port_str)
1009 struct addrinfo hints, *res = NULL;
1010 struct __rpc_sockinfo si;
1011 struct netbuf servaddr;
1012 SVCXPRT *transp = NULL;
1013 int aicode, fd, nhostsbak;
1016 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
1017 (nconf->nc_semantics != NC_TPI_COTS) &&
1018 (nconf->nc_semantics != NC_TPI_COTS_ORD))
1019 return; /* not my type */
1022 * XXX - using RPC library internal functions.
1024 if (!__rpc_nconf2sockinfo(nconf, &si)) {
1025 syslog(LOG_ERR, "cannot get information for %s",
1031 while (nhostsbak > 0) {
1033 if (sock_fdpos >= sock_fdcnt) {
1034 /* Should never happen. */
1035 syslog(LOG_ERR, "Ran out of socket fd's");
1038 fd = sock_fd[sock_fdpos++];
1043 * Using -1 tells listen(2) to use
1044 * kern.ipc.soacceptqueue for the backlog.
1046 if (nconf->nc_semantics != NC_TPI_CLTS)
1049 if (nconf->nc_semantics == NC_TPI_CLTS )
1050 transp = svc_dg_create(fd, 0, 0);
1052 transp = svc_vc_create(fd, RPC_MAXDATASIZE,
1055 if (transp != (SVCXPRT *) NULL) {
1056 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
1059 "can't register %s MOUNTVERS service",
1062 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
1065 "can't register %s MOUNTVERS3 service",
1069 syslog(LOG_WARNING, "can't create %s services",
1072 if (registered == 0) {
1074 memset(&hints, 0, sizeof hints);
1075 hints.ai_flags = AI_PASSIVE;
1076 hints.ai_family = si.si_af;
1077 hints.ai_socktype = si.si_socktype;
1078 hints.ai_protocol = si.si_proto;
1080 if ((aicode = getaddrinfo(NULL, port_str, &hints,
1082 syslog(LOG_ERR, "cannot get local address: %s",
1083 gai_strerror(aicode));
1087 servaddr.buf = malloc(res->ai_addrlen);
1088 memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
1089 servaddr.len = res->ai_addrlen;
1091 rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
1092 rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
1101 * Clear out sockets after a failure to bind one of them, so that the
1102 * cycle of socket creation/binding can start anew.
1105 clearout_service(void)
1109 for (i = 0; i < sock_fdcnt; i++) {
1110 if (sock_fd[i] >= 0) {
1111 shutdown(sock_fd[i], SHUT_RDWR);
1121 "usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
1122 "[-S] [-h <bindip>] [export_file ...]\n");
1127 * The mount rpc service
1130 mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
1132 struct exportlist *ep;
1134 struct fhreturn fhr;
1137 char host[NI_MAXHOST], numerichost[NI_MAXHOST];
1138 int lookup_failed = 1;
1139 struct sockaddr *saddr;
1141 char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
1142 int defset, hostset;
1144 sigset_t sighup_mask;
1145 int numsecflavors, *secflavorsp;
1147 sigemptyset(&sighup_mask);
1148 sigaddset(&sighup_mask, SIGHUP);
1149 saddr = svc_getrpccaller(transp)->buf;
1150 switch (saddr->sa_family) {
1152 sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
1155 sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
1158 syslog(LOG_ERR, "request from unknown address family");
1161 switch (rqstp->rq_proc) {
1163 case MOUNTPROC_UMNT:
1164 case MOUNTPROC_UMNTALL:
1165 lookup_failed = getnameinfo(saddr, saddr->sa_len, host,
1166 sizeof host, NULL, 0, 0);
1168 getnameinfo(saddr, saddr->sa_len, numerichost,
1169 sizeof numerichost, NULL, 0, NI_NUMERICHOST);
1170 switch (rqstp->rq_proc) {
1172 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
1173 syslog(LOG_ERR, "can't send reply");
1176 if (sport >= IPPORT_RESERVED && resvport_only) {
1178 "mount request from %s from unprivileged port",
1180 svcerr_weakauth(transp);
1183 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
1184 syslog(LOG_NOTICE, "undecodable mount request from %s",
1186 svcerr_decode(transp);
1191 * Get the real pathname and make sure it is a directory
1192 * or a regular file if the -r option was specified
1195 if (realpath(rpcpath, dirpath) == NULL ||
1196 stat(dirpath, &stb) < 0 ||
1197 statfs(dirpath, &fsb) < 0) {
1198 chdir("/"); /* Just in case realpath doesn't */
1200 "mount request from %s for non existent path %s",
1201 numerichost, dirpath);
1203 warnx("stat failed on %s", dirpath);
1204 bad = ENOENT; /* We will send error reply later */
1207 !S_ISDIR(stb.st_mode) &&
1208 (dir_only || !S_ISREG(stb.st_mode))) {
1210 "mount request from %s for non-directory path %s",
1211 numerichost, dirpath);
1213 warnx("mounting non-directory %s", dirpath);
1214 bad = ENOTDIR; /* We will send error reply later */
1217 /* Check in the exports list */
1218 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
1222 ep = ex_search(&fsb.f_fsid, exphead);
1223 hostset = defset = 0;
1224 if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset,
1225 &numsecflavors, &secflavorsp) ||
1226 ((dp = dirp_search(ep->ex_dirl, dirpath)) &&
1227 chk_host(dp, saddr, &defset, &hostset, &numsecflavors,
1229 (defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
1230 scan_tree(ep->ex_dirl, saddr) == 0))) {
1232 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1234 syslog(LOG_ERR, "can't send reply");
1235 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1238 if (hostset & DP_HOSTSET) {
1239 fhr.fhr_flag = hostset;
1240 fhr.fhr_numsecflavors = numsecflavors;
1241 fhr.fhr_secflavors = secflavorsp;
1243 fhr.fhr_flag = defset;
1244 fhr.fhr_numsecflavors = ep->ex_defnumsecflavors;
1245 fhr.fhr_secflavors = ep->ex_defsecflavors;
1247 fhr.fhr_vers = rqstp->rq_vers;
1248 /* Get the file handle */
1249 memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
1250 if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
1252 syslog(LOG_ERR, "can't get fh for %s", dirpath);
1253 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1255 syslog(LOG_ERR, "can't send reply");
1256 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1259 if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
1261 syslog(LOG_ERR, "can't send reply");
1263 add_mlist(host, dirpath);
1265 add_mlist(numerichost, dirpath);
1267 warnx("mount successful");
1270 "mount request succeeded from %s for %s",
1271 numerichost, dirpath);
1276 "mount request denied from %s for %s",
1277 numerichost, dirpath);
1280 if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
1282 syslog(LOG_ERR, "can't send reply");
1283 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1285 case MOUNTPROC_DUMP:
1286 if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
1287 syslog(LOG_ERR, "can't send reply");
1290 "dump request succeeded from %s",
1293 case MOUNTPROC_UMNT:
1294 if (sport >= IPPORT_RESERVED && resvport_only) {
1296 "umount request from %s from unprivileged port",
1298 svcerr_weakauth(transp);
1301 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
1302 syslog(LOG_NOTICE, "undecodable umount request from %s",
1304 svcerr_decode(transp);
1307 if (realpath(rpcpath, dirpath) == NULL) {
1308 syslog(LOG_NOTICE, "umount request from %s "
1309 "for non existent path %s",
1310 numerichost, dirpath);
1312 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1313 syslog(LOG_ERR, "can't send reply");
1315 del_mlist(host, dirpath);
1316 del_mlist(numerichost, dirpath);
1319 "umount request succeeded from %s for %s",
1320 numerichost, dirpath);
1322 case MOUNTPROC_UMNTALL:
1323 if (sport >= IPPORT_RESERVED && resvport_only) {
1325 "umountall request from %s from unprivileged port",
1327 svcerr_weakauth(transp);
1330 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1331 syslog(LOG_ERR, "can't send reply");
1333 del_mlist(host, NULL);
1334 del_mlist(numerichost, NULL);
1337 "umountall request succeeded from %s",
1340 case MOUNTPROC_EXPORT:
1341 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
1342 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
1344 syslog(LOG_ERR, "can't send reply");
1347 "export request succeeded from %s",
1351 svcerr_noproc(transp);
1357 * Xdr conversion for a dirpath string
1360 xdr_dir(XDR *xdrsp, char *dirp)
1362 return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
1366 * Xdr routine to generate file handle reply
1369 xdr_fhs(XDR *xdrsp, caddr_t cp)
1371 struct fhreturn *fhrp = (struct fhreturn *)cp;
1372 u_long ok = 0, len, auth;
1375 if (!xdr_long(xdrsp, &ok))
1377 switch (fhrp->fhr_vers) {
1379 return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
1382 if (!xdr_long(xdrsp, &len))
1384 if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
1386 if (fhrp->fhr_numsecflavors) {
1387 if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
1389 for (i = 0; i < fhrp->fhr_numsecflavors; i++)
1390 if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
1396 if (!xdr_long(xdrsp, &len))
1398 return (xdr_long(xdrsp, &auth));
1405 xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
1407 struct mountlist *mlp;
1412 SLIST_FOREACH(mlp, &mlhead, next) {
1413 if (!xdr_bool(xdrsp, &true))
1415 strp = &mlp->ml_host[0];
1416 if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
1418 strp = &mlp->ml_dirp[0];
1419 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1422 if (!xdr_bool(xdrsp, &false))
1428 * Xdr conversion for export list
1431 xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
1433 struct exportlist *ep;
1436 sigset_t sighup_mask;
1439 sigemptyset(&sighup_mask);
1440 sigaddset(&sighup_mask, SIGHUP);
1441 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
1443 for (i = 0; i < exphashsize; i++)
1444 SLIST_FOREACH(ep, &exphead[i], entries) {
1446 if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
1449 if (ep->ex_defdir && putdef == 0 &&
1450 put_exlist(ep->ex_defdir, xdrsp, NULL,
1454 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1455 if (!xdr_bool(xdrsp, &false))
1459 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1464 * Called from xdr_explist() to traverse the tree and export the
1468 put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
1471 struct grouplist *grp;
1472 struct hostlist *hp;
1479 if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
1481 if (!xdr_bool(xdrsp, &true))
1484 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1486 if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
1491 if (!xdr_bool(xdrsp, &true))
1494 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1496 } else if ((dp->dp_flag & DP_DEFSET) == 0 &&
1497 (gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
1501 if (grp->gr_type == GT_HOST) {
1502 if (!xdr_bool(xdrsp, &true))
1504 strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
1505 if (!xdr_string(xdrsp, &strp,
1508 } else if (grp->gr_type == GT_NET) {
1509 if (!xdr_bool(xdrsp, &true))
1511 strp = grp->gr_ptr.gt_net.nt_name;
1512 if (!xdr_string(xdrsp, &strp,
1517 if (gotalldir && hp == (struct hostlist *)NULL) {
1523 if (!xdr_bool(xdrsp, &false))
1525 if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
1532 xdr_explist(XDR *xdrsp, caddr_t cp)
1535 return xdr_explist_common(xdrsp, cp, 0);
1539 xdr_explist_brief(XDR *xdrsp, caddr_t cp)
1542 return xdr_explist_common(xdrsp, cp, 1);
1546 static size_t linesize;
1547 static FILE *exp_file;
1550 * Get the export list from one, currently open file
1553 get_exportlist_one(int passno)
1555 struct exportlist *ep;
1556 struct grouplist *grp, *tgrp, *savgrp;
1557 struct dirlist *dirhead;
1559 struct expcred anon;
1560 char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
1561 char *err_msg = NULL;
1562 int len, has_host, got_nondir, dirplen, netgrp;
1566 anon.cr_groups = NULL;
1567 dirhead = (struct dirlist *)NULL;
1568 while (get_line()) {
1570 warnx("got line %s", line);
1572 nextfield(&cp, &endcp);
1580 anon.cr_groups = anon.cr_smallgrps;
1581 anon.cr_uid = UID_NOBODY;
1582 anon.cr_ngroups = 1;
1583 anon.cr_groups[0] = GID_NOGROUP;
1584 exflags = MNT_EXPORTED;
1587 ep = (struct exportlist *)NULL;
1591 * Handle the V4 root dir.
1593 if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
1595 * V4: just indicates that it is the v4 root point,
1596 * so skip over that and set v4root_phase.
1598 if (v4root_phase > 0) {
1599 syslog(LOG_ERR, "V4:duplicate line, ignored");
1604 nextfield(&cp, &endcp);
1608 * Create new exports list entry
1611 tgrp = grp = get_grp();
1613 if (len > MNTNAMLEN) {
1614 getexp_err(ep, tgrp, "mountpoint too long");
1618 if (ep == (struct exportlist *)NULL) {
1619 getexp_err(ep, tgrp,
1620 "flag before export path definition");
1624 warnx("doing opt %s", cp);
1626 if (do_opt(&cp, &endcp, ep, grp, &has_host,
1628 getexp_err(ep, tgrp, NULL);
1631 } else if (*cp == '/') {
1634 if (v4root_phase > 1) {
1636 getexp_err(ep, tgrp, "Multiple V4 dirs");
1640 if (check_dirpath(cp, &err_msg) &&
1641 check_statfs(cp, &fsb, &err_msg)) {
1642 if ((fsb.f_flags & MNT_AUTOMOUNTED) != 0)
1643 syslog(LOG_ERR, "Warning: exporting of "
1644 "automounted fs %s not supported", cp);
1646 getexp_err(ep, tgrp, "dirs must be first");
1649 if (v4root_phase == 1) {
1651 getexp_err(ep, tgrp, "Multiple V4 dirs");
1654 if (strlen(v4root_dirpath) == 0) {
1655 strlcpy(v4root_dirpath, cp,
1656 sizeof (v4root_dirpath));
1657 } else if (strcmp(v4root_dirpath, cp)
1660 "different V4 dirpath %s", cp);
1661 getexp_err(ep, tgrp, NULL);
1670 if (fsidcmp(&ep->ex_fs, &fsb.f_fsid)
1672 getexp_err(ep, tgrp,
1678 * See if this directory is already
1681 ep = ex_search(&fsb.f_fsid, exphead);
1682 if (ep == (struct exportlist *)NULL) {
1684 ep->ex_fs = fsb.f_fsid;
1685 ep->ex_fsdir = strdup(fsb.f_mntonname);
1686 if (ep->ex_fsdir == NULL)
1690 "making new ep fs=0x%x,0x%x",
1694 warnx("found ep fs=0x%x,0x%x",
1700 * Add dirpath to export mount point.
1702 dirp = add_expdir(&dirhead, cp, len);
1706 if (err_msg != NULL) {
1707 getexp_err(ep, tgrp, err_msg);
1711 getexp_err(ep, tgrp,
1712 "symbolic link in export path or "
1722 if (ep == (struct exportlist *)NULL) {
1723 getexp_err(ep, tgrp,
1724 "host(s) before export path definition");
1729 * Get the host or netgroup.
1732 netgrp = getnetgrent(&hst, &usr, &dom);
1735 grp->gr_next = get_grp();
1741 "null hostname in netgroup %s, skipping", cp);
1742 grp->gr_type = GT_IGNORE;
1743 } else if (get_host(hst, grp, tgrp)) {
1745 "bad host %s in netgroup %s, skipping", hst, cp);
1746 grp->gr_type = GT_IGNORE;
1748 } else if (get_host(cp, grp, tgrp)) {
1749 syslog(LOG_ERR, "bad host %s, skipping", cp);
1750 grp->gr_type = GT_IGNORE;
1753 } while (netgrp && getnetgrent(&hst, &usr, &dom));
1758 nextfield(&cp, &endcp);
1761 if (opt_flags & OP_CLASSMASK)
1763 "WARNING: No mask specified for %s, "
1764 "using out-of-date default",
1765 (&grp->gr_ptr.gt_net)->nt_name);
1766 if (check_options(dirhead)) {
1767 getexp_err(ep, tgrp, NULL);
1771 grp->gr_type = GT_DEFAULT;
1773 warnx("adding a default entry");
1776 * Don't allow a network export coincide with a list of
1777 * host(s) on the same line.
1779 } else if ((opt_flags & OP_NET) && tgrp->gr_next) {
1780 getexp_err(ep, tgrp, "network/host conflict");
1784 * If an export list was specified on this line, make sure
1785 * that we have at least one valid entry, otherwise skip it.
1789 while (grp && grp->gr_type == GT_IGNORE)
1792 getexp_err(ep, tgrp, "no valid entries");
1797 if (v4root_phase == 1) {
1798 getexp_err(ep, tgrp, "V4:root, no dirp, ignored");
1803 * Loop through hosts, pushing the exports into the kernel.
1804 * After loop, tgrp points to the start of the list and
1805 * grp points to the last entry in the list.
1806 * Do not do the do_mount() for passno == 1, since the
1807 * second pass will do it, as required.
1811 grp->gr_exflags = exflags;
1812 cp_cred(&grp->gr_anon, &anon);
1813 if (v4root_phase == 2 && passno == 0)
1814 LOGDEBUG("do_mount v4root");
1815 if (passno == 0 && do_mount(ep, grp, exflags, &anon,
1816 dirp, dirplen, &fsb, ep->ex_numsecflavors,
1817 ep->ex_secflavors)) {
1818 getexp_err(ep, tgrp, NULL);
1821 } while (grp->gr_next && (grp = grp->gr_next));
1824 * For V4: don't enter in mount lists.
1826 if (v4root_phase > 0 && v4root_phase <= 2) {
1828 * These structures are used for the reload,
1829 * so save them for that case. Otherwise, just
1832 if (passno == 1 && ep != NULL) {
1834 while (tgrp != NULL) {
1836 * Save the security flavors and exflags
1837 * for this host set in the groups.
1839 tgrp->gr_numsecflavors =
1840 ep->ex_numsecflavors;
1841 if (ep->ex_numsecflavors > 0)
1842 memcpy(tgrp->gr_secflavors,
1844 sizeof(ep->ex_secflavors));
1845 tgrp = tgrp->gr_next;
1847 if (v4root_ep == NULL) {
1849 ep = NULL; /* Don't free below. */
1851 grp->gr_next = v4root_ep->ex_grphead;
1852 v4root_ep->ex_grphead = savgrp;
1856 while (tgrp != NULL) {
1858 tgrp = tgrp->gr_next;
1865 * Success. Update the data structures.
1868 hang_dirp(dirhead, tgrp, ep, opt_flags, &anon, exflags);
1869 grp->gr_next = ep->ex_grphead;
1870 ep->ex_grphead = tgrp;
1872 hang_dirp(dirhead, (struct grouplist *)NULL, ep,
1873 opt_flags, &anon, exflags);
1876 dirhead = (struct dirlist *)NULL;
1877 if ((ep->ex_flag & EX_LINKED) == 0) {
1878 insert_exports(ep, exphead);
1880 ep->ex_flag |= EX_LINKED;
1886 dirhead = (struct dirlist *)NULL;
1888 if (anon.cr_groups != anon.cr_smallgrps) {
1889 free(anon.cr_groups);
1890 anon.cr_groups = NULL;
1896 * Get the export list from all specified files
1899 get_exportlist(int passno)
1901 struct export_args export;
1903 struct statfs *mntbufp;
1905 int error, i, nfs_maxvers, num;
1907 struct nfsex_args eargs;
1909 size_t nfs_maxvers_size;
1911 if ((debug_file = fopen(_PATH_MOUNTDDEBUG, "r")) != NULL) {
1916 LOGDEBUG("passno=%d", passno);
1917 v4root_dirpath[0] = '\0';
1921 * Save the current lists as old ones, so that the new lists
1922 * can be compared with the old ones in the 2nd pass.
1924 for (i = 0; i < exphashsize; i++) {
1925 SLIST_FIRST(&oldexphead[i]) = SLIST_FIRST(&exphead[i]);
1926 SLIST_INIT(&exphead[i]);
1929 /* Note that the public fh has not yet been set. */
1930 has_set_publicfh = 0;
1932 /* Read the export file(s) and process them */
1933 read_exportfile(passno);
1936 * Just make the old lists empty.
1937 * exphashsize == 0 for the first call, before oldexphead
1938 * has been initialized-->loop won't be executed.
1940 for (i = 0; i < exphashsize; i++)
1941 SLIST_INIT(&oldexphead[i]);
1944 bzero(&export, sizeof(export));
1945 export.ex_flags = MNT_DELEXPORT;
1948 bzero(errmsg, sizeof(errmsg));
1950 if (suspend_nfsd != 0)
1951 (void)nfssvc(NFSSVC_SUSPENDNFSD, NULL);
1953 * Delete the old V4 root dir.
1955 bzero(&eargs, sizeof (eargs));
1956 eargs.export.ex_flags = MNT_DELEXPORT;
1957 if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT, (caddr_t)&eargs) < 0 &&
1959 syslog(LOG_ERR, "Can't delete exports for V4:");
1961 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
1962 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
1963 build_iovec(&iov, &iovlen, "from", NULL, 0);
1964 build_iovec(&iov, &iovlen, "update", NULL, 0);
1965 build_iovec(&iov, &iovlen, "export", &export,
1967 build_iovec(&iov, &iovlen, "errmsg", errmsg,
1971 * For passno == 1, compare the old and new lists updating the kernel
1972 * exports for any cases that have changed.
1973 * This call is doing the second pass through the lists.
1974 * If it fails, fall back on the bulk reload.
1976 if (passno == 1 && compare_nmount_exportlist(iov, iovlen, errmsg) ==
1978 LOGDEBUG("compareok");
1979 /* Free up the old lists. */
1980 free_exports(oldexphead);
1982 LOGDEBUG("doing passno=0");
1984 * Clear flag that notes if a public fh has been exported.
1985 * It is set by do_mount() if MNT_EXPUBLIC is set for the entry.
1989 /* exphead == NULL if not yet allocated (first call). */
1990 if (exphead != NULL) {
1992 * First, get rid of the old lists.
1994 free_exports(exphead);
1995 free_exports(oldexphead);
1999 * And delete exports that are in the kernel for all local
2001 * XXX: Should know how to handle all local exportable
2004 num = getmntinfo(&mntbufp, MNT_NOWAIT);
2006 /* Allocate hash tables, for first call. */
2007 if (exphead == NULL) {
2008 /* Target an average linked list length of 10. */
2009 exphashsize = num / 10;
2010 if (exphashsize < 1)
2012 else if (exphashsize > 100000)
2013 exphashsize = 100000;
2014 exphead = malloc(exphashsize * sizeof(*exphead));
2015 oldexphead = malloc(exphashsize * sizeof(*oldexphead));
2016 if (exphead == NULL || oldexphead == NULL)
2017 errx(1, "Can't malloc hash tables");
2019 for (i = 0; i < exphashsize; i++) {
2020 SLIST_INIT(&exphead[i]);
2021 SLIST_INIT(&oldexphead[i]);
2025 for (i = 0; i < num; i++)
2026 delete_export(iov, iovlen, &mntbufp[i], errmsg);
2029 /* Read the export file(s) and process them */
2033 if (strlen(v4root_dirpath) == 0) {
2034 /* Check to see if a V4: line is needed. */
2035 nfs_maxvers_size = sizeof(nfs_maxvers);
2036 error = sysctlbyname("vfs.nfsd.server_max_nfsvers",
2037 &nfs_maxvers, &nfs_maxvers_size, NULL, 0);
2038 if (error != 0 || nfs_maxvers < NFS_VER2 || nfs_maxvers >
2040 syslog(LOG_ERR, "sysctlbyname(vfs.nfsd."
2041 "server_max_nfsvers) failed, defaulting to NFSv3");
2042 nfs_maxvers = NFS_VER3;
2044 if (nfs_maxvers == NFS_VER4)
2045 syslog(LOG_ERR, "NFSv4 requires at least one V4: line");
2049 /* Free strings allocated by strdup() in getmntopts.c */
2050 free(iov[0].iov_base); /* fstype */
2051 free(iov[2].iov_base); /* fspath */
2052 free(iov[4].iov_base); /* from */
2053 free(iov[6].iov_base); /* update */
2054 free(iov[8].iov_base); /* export */
2055 free(iov[10].iov_base); /* errmsg */
2057 /* free iov, allocated by realloc() */
2063 * If there was no public fh, clear any previous one set.
2065 if (has_publicfh == 0) {
2066 LOGDEBUG("clear public fh");
2067 (void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
2070 /* Resume the nfsd. If they weren't suspended, this is harmless. */
2071 (void)nfssvc(NFSSVC_RESUMENFSD, NULL);
2072 LOGDEBUG("eo get_exportlist");
2076 * Insert an export entry in the appropriate list.
2079 insert_exports(struct exportlist *ep, struct exportlisthead *exhp)
2083 i = EXPHASH(&ep->ex_fs);
2084 LOGDEBUG("fs=%s hash=%i", ep->ex_fsdir, i);
2085 SLIST_INSERT_HEAD(&exhp[i], ep, entries);
2089 * Free up the exports lists passed in as arguments.
2092 free_exports(struct exportlisthead *exhp)
2094 struct exportlist *ep, *ep2;
2097 for (i = 0; i < exphashsize; i++) {
2098 SLIST_FOREACH_SAFE(ep, &exhp[i], entries, ep2) {
2099 SLIST_REMOVE(&exhp[i], ep, exportlist, entries);
2102 SLIST_INIT(&exhp[i]);
2107 * Read the exports file(s) and call get_exportlist_one() for each line.
2110 read_exportfile(int passno)
2115 * Read in the exports file and build the list, calling
2116 * nmount() as we go along to push the export rules into the kernel.
2119 for (i = 0; exnames[i] != NULL; i++) {
2121 warnx("reading exports from %s", exnames[i]);
2122 if ((exp_file = fopen(exnames[i], "r")) == NULL) {
2123 syslog(LOG_WARNING, "can't open %s", exnames[i]);
2126 get_exportlist_one(passno);
2131 syslog(LOG_ERR, "can't open any exports file");
2137 * Compare the export lists against the old ones and do nmount() operations
2138 * for any cases that have changed. This avoids doing nmount() for entries
2139 * that have not changed.
2140 * Return 0 upon success, 1 otherwise.
2143 compare_nmount_exportlist(struct iovec *iov, int iovlen, char *errmsg)
2145 struct exportlist *ep, *oep;
2146 struct grouplist *grp;
2147 struct statfs fs, ofs;
2151 * Loop through the current list and look for an entry in the old
2153 * If found, check to see if it the same.
2154 * If it is not the same, delete and re-export.
2155 * Then mark it done on the old list.
2158 * Any entries left in the old list after processing must have their
2161 for (i = 0; i < exphashsize; i++)
2162 SLIST_FOREACH(ep, &exphead[i], entries) {
2163 LOGDEBUG("foreach ep=%s", ep->ex_fsdir);
2164 oep = ex_search(&ep->ex_fs, oldexphead);
2167 * Check the mount paths are the same.
2168 * If not, return 1 so that the reload of the
2169 * exports will be done in bulk, the
2172 LOGDEBUG("found old exp");
2173 if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
2175 LOGDEBUG("same fsdir");
2177 * Test to see if the entry is the same.
2178 * If not the same delete exports and
2181 if (compare_export(ep, oep) != 0) {
2183 * Clear has_publicfh if if was set
2184 * in the old exports, but only if it
2185 * has not been set during processing of
2186 * the exports for this pass, as
2187 * indicated by has_set_publicfh.
2189 if (has_set_publicfh == 0 &&
2190 (oep->ex_flag & EX_PUBLICFH) != 0)
2193 /* Delete and re-export. */
2194 if (statfs(ep->ex_fsdir, &fs) < 0)
2196 delete_export(iov, iovlen, &fs, errmsg);
2197 ret = do_export_mount(ep, &fs);
2201 oep->ex_flag |= EX_DONE;
2204 LOGDEBUG("not found so export");
2205 /* Not found, so do export. */
2206 if (statfs(ep->ex_fsdir, &fs) < 0)
2208 ret = do_export_mount(ep, &fs);
2214 /* Delete exports not done. */
2215 for (i = 0; i < exphashsize; i++)
2216 SLIST_FOREACH(oep, &oldexphead[i], entries) {
2217 if ((oep->ex_flag & EX_DONE) == 0) {
2218 LOGDEBUG("not done delete=%s", oep->ex_fsdir);
2219 if (statfs(oep->ex_fsdir, &ofs) >= 0 &&
2220 fsidcmp(&oep->ex_fs, &ofs.f_fsid) == 0) {
2221 LOGDEBUG("do delete");
2223 * Clear has_publicfh if if was set
2224 * in the old exports, but only if it
2225 * has not been set during processing of
2226 * the exports for this pass, as
2227 * indicated by has_set_publicfh.
2229 if (has_set_publicfh == 0 &&
2230 (oep->ex_flag & EX_PUBLICFH) != 0)
2233 delete_export(iov, iovlen, &ofs,
2239 /* Do the V4 root exports, as required. */
2241 if (v4root_ep != NULL)
2242 grp = v4root_ep->ex_grphead;
2244 while (v4root_ep != NULL && grp != NULL) {
2245 LOGDEBUG("v4root expath=%s", v4root_dirpath);
2246 ret = do_mount(v4root_ep, grp, grp->gr_exflags, &grp->gr_anon,
2247 v4root_dirpath, strlen(v4root_dirpath), &fs,
2248 grp->gr_numsecflavors, grp->gr_secflavors);
2261 * Compare old and current exportlist entries for the fsid and return 0
2262 * if they are the same, 1 otherwise.
2265 compare_export(struct exportlist *ep, struct exportlist *oep)
2267 struct grouplist *grp, *ogrp;
2269 if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
2271 if ((ep->ex_flag & EX_DEFSET) != (oep->ex_flag & EX_DEFSET))
2273 if ((ep->ex_defdir != NULL && oep->ex_defdir == NULL) ||
2274 (ep->ex_defdir == NULL && oep->ex_defdir != NULL))
2276 if (ep->ex_defdir != NULL && (ep->ex_defdir->dp_flag & DP_DEFSET) !=
2277 (oep->ex_defdir->dp_flag & DP_DEFSET))
2279 if ((ep->ex_flag & EX_DEFSET) != 0 && (ep->ex_defnumsecflavors !=
2280 oep->ex_defnumsecflavors || ep->ex_defexflags !=
2281 oep->ex_defexflags || compare_cred(&ep->ex_defanon,
2282 &oep->ex_defanon) != 0 || compare_secflavor(ep->ex_defsecflavors,
2283 oep->ex_defsecflavors, ep->ex_defnumsecflavors) != 0))
2286 /* Now, check all the groups. */
2287 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
2289 for (grp = ep->ex_grphead; grp != NULL; grp = grp->gr_next) {
2290 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp =
2292 if ((ogrp->gr_flag & GR_FND) == 0 &&
2293 grp->gr_numsecflavors == ogrp->gr_numsecflavors &&
2294 grp->gr_exflags == ogrp->gr_exflags &&
2295 compare_cred(&grp->gr_anon, &ogrp->gr_anon) == 0 &&
2296 compare_secflavor(grp->gr_secflavors,
2297 ogrp->gr_secflavors, grp->gr_numsecflavors) == 0)
2300 ogrp->gr_flag |= GR_FND;
2304 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
2305 if ((ogrp->gr_flag & GR_FND) == 0)
2311 * This algorithm compares two arrays of "n" items. It returns 0 if they are
2312 * the "same" and 1 otherwise. Although suboptimal, it is always safe to
2313 * return 1, which makes compare_nmount_export() reload the exports entry.
2314 * "same" refers to having the same set of values in the two arrays.
2315 * The arrays are in no particular order and duplicates (multiple entries
2316 * in an array with the same value) is allowed.
2317 * The algorithm is inefficient, but the common case of identical arrays is
2318 * handled first and "n" is normally fairly small.
2319 * Since the two functions need the same algorithm but for arrays of
2320 * different types (gid_t vs int), this is done as a macro.
2322 #define COMPARE_ARRAYS(a1, a2, n) \
2324 int fnd, fndarray[(n)], i, j; \
2325 /* Handle common case of identical arrays. */ \
2326 for (i = 0; i < (n); i++) \
2327 if ((a1)[i] != (a2)[i]) \
2331 for (i = 0; i < (n); i++) \
2333 for (i = 0; i < (n); i++) { \
2335 for (j = 0; j < (n); j++) { \
2336 if ((a1)[i] == (a2)[j]) { \
2344 for (i = 0; i < (n); i++) \
2345 if (fndarray[i] == 0) \
2351 * Compare two struct expcred's. Return 0 if the same and 1 otherwise.
2354 compare_cred(struct expcred *cr0, struct expcred *cr1)
2357 if (cr0->cr_uid != cr1->cr_uid || cr0->cr_ngroups != cr1->cr_ngroups)
2360 COMPARE_ARRAYS(cr0->cr_groups, cr1->cr_groups, cr0->cr_ngroups);
2364 * Compare two lists of security flavors. Return 0 if the same and 1 otherwise.
2367 compare_secflavor(int *sec1, int *sec2, int nsec)
2370 COMPARE_ARRAYS(sec1, sec2, nsec);
2374 * Delete an exports entry.
2377 delete_export(struct iovec *iov, int iovlen, struct statfs *fsp, char *errmsg)
2379 struct xvfsconf vfc;
2381 if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
2382 syslog(LOG_ERR, "getvfsbyname() failed for %s",
2388 * We do not need to delete "export" flag from
2389 * filesystems that do not have it set.
2391 if (!(fsp->f_flags & MNT_EXPORTED))
2394 * Do not delete export for network filesystem by
2395 * passing "export" arg to nmount().
2396 * It only makes sense to do this for local filesystems.
2398 if (vfc.vfc_flags & VFCF_NETWORK)
2401 iov[1].iov_base = fsp->f_fstypename;
2402 iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
2403 iov[3].iov_base = fsp->f_mntonname;
2404 iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
2405 iov[5].iov_base = fsp->f_mntfromname;
2406 iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
2410 * EXDEV is returned when path exists but is not a
2411 * mount point. May happens if raced with unmount.
2413 if (nmount(iov, iovlen, fsp->f_flags) < 0 && errno != ENOENT &&
2414 errno != ENOTSUP && errno != EXDEV) {
2416 "can't delete exports for %s: %m %s",
2417 fsp->f_mntonname, errmsg);
2422 * Allocate an export list element
2424 static struct exportlist *
2427 struct exportlist *ep;
2429 ep = (struct exportlist *)calloc(1, sizeof (struct exportlist));
2430 if (ep == (struct exportlist *)NULL)
2436 * Allocate a group list element
2438 static struct grouplist *
2441 struct grouplist *gp;
2443 gp = (struct grouplist *)calloc(1, sizeof (struct grouplist));
2444 if (gp == (struct grouplist *)NULL)
2450 * Clean up upon an error in get_exportlist().
2453 getexp_err(struct exportlist *ep, struct grouplist *grp, const char *reason)
2455 struct grouplist *tgrp;
2457 if (!(opt_flags & OP_QUIET)) {
2459 syslog(LOG_ERR, "bad exports list line '%s': %s", line,
2462 syslog(LOG_ERR, "bad exports list line '%s'", line);
2464 if (ep && (ep->ex_flag & EX_LINKED) == 0)
2474 * Search the export list for a matching fs.
2476 static struct exportlist *
2477 ex_search(fsid_t *fsid, struct exportlisthead *exhp)
2479 struct exportlist *ep;
2483 SLIST_FOREACH(ep, &exhp[i], entries) {
2484 if (fsidcmp(&ep->ex_fs, fsid) == 0)
2492 * Add a directory path to the list.
2495 add_expdir(struct dirlist **dpp, char *cp, int len)
2499 dp = malloc(sizeof (struct dirlist));
2500 if (dp == (struct dirlist *)NULL)
2503 dp->dp_right = (struct dirlist *)NULL;
2505 dp->dp_hosts = (struct hostlist *)NULL;
2506 dp->dp_dirp = strndup(cp, len);
2507 if (dp->dp_dirp == NULL)
2510 return (dp->dp_dirp);
2514 * Hang the dir list element off the dirpath binary tree as required
2515 * and update the entry for host.
2518 hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
2519 int flags, struct expcred *anoncrp, uint64_t exflags)
2521 struct hostlist *hp;
2522 struct dirlist *dp2;
2524 if (flags & OP_ALLDIRS) {
2529 if (grp == (struct grouplist *)NULL) {
2530 ep->ex_flag |= EX_DEFSET;
2531 ep->ex_defdir->dp_flag |= DP_DEFSET;
2532 /* Save the default security flavors list. */
2533 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
2534 if (ep->ex_numsecflavors > 0)
2535 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
2536 sizeof(ep->ex_secflavors));
2537 cp_cred(&ep->ex_defanon, anoncrp);
2538 ep->ex_defexflags = exflags;
2539 } else while (grp) {
2542 hp->ht_next = ep->ex_defdir->dp_hosts;
2543 ep->ex_defdir->dp_hosts = hp;
2544 /* Save the security flavors list for this host set. */
2545 grp->gr_numsecflavors = ep->ex_numsecflavors;
2546 if (ep->ex_numsecflavors > 0)
2547 memcpy(grp->gr_secflavors, ep->ex_secflavors,
2548 sizeof(ep->ex_secflavors));
2554 * Loop through the directories adding them to the tree.
2558 add_dlist(&ep->ex_dirl, dp, grp, flags, ep, anoncrp,
2566 * Traverse the binary tree either updating a node that is already there
2567 * for the new directory or adding the new node.
2570 add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
2571 int flags, struct exportlist *ep, struct expcred *anoncrp,
2575 struct hostlist *hp;
2580 cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
2582 add_dlist(&dp->dp_left, newdp, grp, flags, ep, anoncrp,
2585 } else if (cmp < 0) {
2586 add_dlist(&dp->dp_right, newdp, grp, flags, ep, anoncrp,
2590 free((caddr_t)newdp);
2593 dp->dp_left = (struct dirlist *)NULL;
2599 * Hang all of the host(s) off of the directory point.
2604 hp->ht_next = dp->dp_hosts;
2606 /* Save the security flavors list for this host set. */
2607 grp->gr_numsecflavors = ep->ex_numsecflavors;
2608 if (ep->ex_numsecflavors > 0)
2609 memcpy(grp->gr_secflavors, ep->ex_secflavors,
2610 sizeof(ep->ex_secflavors));
2614 ep->ex_flag |= EX_DEFSET;
2615 dp->dp_flag |= DP_DEFSET;
2616 /* Save the default security flavors list. */
2617 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
2618 if (ep->ex_numsecflavors > 0)
2619 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
2620 sizeof(ep->ex_secflavors));
2621 cp_cred(&ep->ex_defanon, anoncrp);
2622 ep->ex_defexflags = exflags;
2627 * Search for a dirpath on the export point.
2629 static struct dirlist *
2630 dirp_search(struct dirlist *dp, char *dirp)
2635 cmp = strcmp(dp->dp_dirp, dirp);
2637 return (dirp_search(dp->dp_left, dirp));
2639 return (dirp_search(dp->dp_right, dirp));
2647 * Scan for a host match in a directory tree.
2650 chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
2651 int *hostsetp, int *numsecflavors, int **secflavorsp)
2653 struct hostlist *hp;
2654 struct grouplist *grp;
2655 struct addrinfo *ai;
2658 if (dp->dp_flag & DP_DEFSET)
2659 *defsetp = dp->dp_flag;
2663 switch (grp->gr_type) {
2665 ai = grp->gr_ptr.gt_addrinfo;
2666 for (; ai; ai = ai->ai_next) {
2667 if (!sacmp(ai->ai_addr, saddr, NULL)) {
2669 (hp->ht_flag | DP_HOSTSET);
2670 if (numsecflavors != NULL) {
2672 grp->gr_numsecflavors;
2681 if (!sacmp(saddr, (struct sockaddr *)
2682 &grp->gr_ptr.gt_net.nt_net,
2684 &grp->gr_ptr.gt_net.nt_mask)) {
2685 *hostsetp = (hp->ht_flag | DP_HOSTSET);
2686 if (numsecflavors != NULL) {
2688 grp->gr_numsecflavors;
2703 * Scan tree for a host that matches the address.
2706 scan_tree(struct dirlist *dp, struct sockaddr *saddr)
2708 int defset, hostset;
2711 if (scan_tree(dp->dp_left, saddr))
2713 if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL))
2715 if (scan_tree(dp->dp_right, saddr))
2722 * Traverse the dirlist tree and free it up.
2725 free_dir(struct dirlist *dp)
2729 free_dir(dp->dp_left);
2730 free_dir(dp->dp_right);
2731 free_host(dp->dp_hosts);
2738 * Parse a colon separated list of security flavors
2741 parsesec(char *seclist, struct exportlist *ep)
2746 ep->ex_numsecflavors = 0;
2748 cp = strchr(seclist, ':');
2754 if (!strcmp(seclist, "sys"))
2756 else if (!strcmp(seclist, "krb5"))
2757 flavor = RPCSEC_GSS_KRB5;
2758 else if (!strcmp(seclist, "krb5i"))
2759 flavor = RPCSEC_GSS_KRB5I;
2760 else if (!strcmp(seclist, "krb5p"))
2761 flavor = RPCSEC_GSS_KRB5P;
2765 syslog(LOG_ERR, "bad sec flavor: %s", seclist);
2768 if (ep->ex_numsecflavors == MAXSECFLAVORS) {
2771 syslog(LOG_ERR, "too many sec flavors: %s", seclist);
2774 ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
2775 ep->ex_numsecflavors++;
2787 * Parse the option string and update fields.
2788 * Option arguments may either be -<option>=<value> or
2792 do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
2793 int *has_hostp, uint64_t *exflagsp, struct expcred *cr)
2795 char *cpoptarg, *cpoptend;
2796 char *cp, *endcp, *cpopt, savedc, savedc2;
2797 int allflag, usedarg;
2805 while (cpopt && *cpopt) {
2808 if ((cpoptend = strchr(cpopt, ','))) {
2810 if ((cpoptarg = strchr(cpopt, '=')))
2813 if ((cpoptarg = strchr(cpopt, '=')))
2817 nextfield(&cp, &endcp);
2819 if (endcp > cp && *cp != '-') {
2827 if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
2828 *exflagsp |= MNT_EXRDONLY;
2829 } else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
2830 !(allflag = strcmp(cpopt, "mapall")) ||
2831 !strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
2833 parsecred(cpoptarg, cr);
2835 *exflagsp |= MNT_EXPORTANON;
2836 opt_flags |= OP_MAPALL;
2838 opt_flags |= OP_MAPROOT;
2839 } else if (cpoptarg && (!strcmp(cpopt, "mask") ||
2840 !strcmp(cpopt, "m"))) {
2841 if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
2842 syslog(LOG_ERR, "bad mask: %s", cpoptarg);
2846 opt_flags |= OP_MASK;
2847 } else if (cpoptarg && (!strcmp(cpopt, "network") ||
2848 !strcmp(cpopt, "n"))) {
2849 if (strchr(cpoptarg, '/') != NULL) {
2851 fprintf(stderr, "setting OP_MASKLEN\n");
2852 opt_flags |= OP_MASKLEN;
2854 if (grp->gr_type != GT_NULL) {
2855 syslog(LOG_ERR, "network/host conflict");
2857 } else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
2858 syslog(LOG_ERR, "bad net: %s", cpoptarg);
2861 grp->gr_type = GT_NET;
2864 opt_flags |= OP_NET;
2865 } else if (!strcmp(cpopt, "alldirs")) {
2866 opt_flags |= OP_ALLDIRS;
2867 } else if (!strcmp(cpopt, "public")) {
2868 *exflagsp |= MNT_EXPUBLIC;
2869 } else if (!strcmp(cpopt, "webnfs")) {
2870 *exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
2871 opt_flags |= OP_MAPALL;
2872 } else if (cpoptarg && !strcmp(cpopt, "index")) {
2873 ep->ex_indexfile = strdup(cpoptarg);
2874 } else if (!strcmp(cpopt, "quiet")) {
2875 opt_flags |= OP_QUIET;
2876 } else if (cpoptarg && !strcmp(cpopt, "sec")) {
2877 if (parsesec(cpoptarg, ep))
2879 opt_flags |= OP_SEC;
2881 } else if (!strcmp(cpopt, "tls")) {
2882 *exflagsp |= MNT_EXTLS;
2883 } else if (!strcmp(cpopt, "tlscert")) {
2884 *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT);
2885 } else if (!strcmp(cpopt, "tlscertuser")) {
2886 *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT |
2889 syslog(LOG_ERR, "bad opt %s", cpopt);
2908 * Translate a character string to the corresponding list of network
2909 * addresses for a hostname.
2912 get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
2914 struct grouplist *checkgrp;
2915 struct addrinfo *ai, *tai, hints;
2917 char host[NI_MAXHOST];
2919 if (grp->gr_type != GT_NULL) {
2920 syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
2923 memset(&hints, 0, sizeof hints);
2924 hints.ai_flags = AI_CANONNAME;
2925 hints.ai_protocol = IPPROTO_UDP;
2926 ecode = getaddrinfo(cp, NULL, &hints, &ai);
2928 syslog(LOG_ERR,"can't get address info for host %s", cp);
2931 grp->gr_ptr.gt_addrinfo = ai;
2932 while (ai != NULL) {
2933 if (ai->ai_canonname == NULL) {
2934 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
2935 sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
2936 strlcpy(host, "?", sizeof(host));
2937 ai->ai_canonname = strdup(host);
2938 ai->ai_flags |= AI_CANONNAME;
2941 fprintf(stderr, "got host %s\n", ai->ai_canonname);
2943 * Sanity check: make sure we don't already have an entry
2944 * for this host in the grouplist.
2946 for (checkgrp = tgrp; checkgrp != NULL;
2947 checkgrp = checkgrp->gr_next) {
2948 if (checkgrp->gr_type != GT_HOST)
2950 for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
2951 tai = tai->ai_next) {
2952 if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
2956 "ignoring duplicate host %s\n",
2958 grp->gr_type = GT_IGNORE;
2964 grp->gr_type = GT_HOST;
2969 * Free up an exports list component
2972 free_exp(struct exportlist *ep)
2974 struct grouplist *grp, *tgrp;
2976 if (ep->ex_defdir) {
2977 free_host(ep->ex_defdir->dp_hosts);
2978 free((caddr_t)ep->ex_defdir);
2982 if (ep->ex_indexfile)
2983 free(ep->ex_indexfile);
2984 free_dir(ep->ex_dirl);
2985 grp = ep->ex_grphead;
2991 if (ep->ex_defanon.cr_groups != ep->ex_defanon.cr_smallgrps)
2992 free(ep->ex_defanon.cr_groups);
2997 * Free up the v4root exports.
3000 free_v4rootexp(void)
3003 if (v4root_ep != NULL) {
3004 free_exp(v4root_ep);
3013 free_host(struct hostlist *hp)
3015 struct hostlist *hp2;
3024 static struct hostlist *
3027 struct hostlist *hp;
3029 hp = (struct hostlist *)malloc(sizeof (struct hostlist));
3030 if (hp == (struct hostlist *)NULL)
3032 hp->ht_next = (struct hostlist *)NULL;
3038 * Out of memory, fatal
3044 syslog(LOG_ERR, "out of memory");
3049 * Call do_mount() from the struct exportlist, for each case needed.
3052 do_export_mount(struct exportlist *ep, struct statfs *fsp)
3054 struct grouplist *grp, defgrp;
3058 LOGDEBUG("do_export_mount=%s", ep->ex_fsdir);
3059 dirlen = strlen(ep->ex_fsdir);
3060 if ((ep->ex_flag & EX_DEFSET) != 0) {
3061 defgrp.gr_type = GT_DEFAULT;
3062 defgrp.gr_next = NULL;
3063 /* We have an entry for all other hosts/nets. */
3064 LOGDEBUG("ex_defexflags=0x%jx", (uintmax_t)ep->ex_defexflags);
3065 ret = do_mount(ep, &defgrp, ep->ex_defexflags, &ep->ex_defanon,
3066 ep->ex_fsdir, dirlen, fsp, ep->ex_defnumsecflavors,
3067 ep->ex_defsecflavors);
3072 /* Do a mount for each group. */
3073 grp = ep->ex_grphead;
3074 while (grp != NULL) {
3075 LOGDEBUG("do mount gr_type=0x%x gr_exflags=0x%jx",
3076 grp->gr_type, (uintmax_t)grp->gr_exflags);
3077 ret = do_mount(ep, grp, grp->gr_exflags, &grp->gr_anon,
3078 ep->ex_fsdir, dirlen, fsp, grp->gr_numsecflavors,
3079 grp->gr_secflavors);
3088 * Do the nmount() syscall with the update flag to push the export info into
3092 do_mount(struct exportlist *ep, struct grouplist *grp, uint64_t exflags,
3093 struct expcred *anoncrp, char *dirp, int dirplen, struct statfs *fsb,
3094 int numsecflavors, int *secflavors)
3097 struct addrinfo *ai;
3098 struct export_args *eap;
3106 struct nfsex_args nfsea;
3108 eap = &nfsea.export;
3116 bzero(eap, sizeof (struct export_args));
3117 bzero(errmsg, sizeof(errmsg));
3118 eap->ex_flags = exflags;
3119 eap->ex_uid = anoncrp->cr_uid;
3120 eap->ex_ngroups = anoncrp->cr_ngroups;
3121 if (eap->ex_ngroups > 0) {
3122 eap->ex_groups = malloc(eap->ex_ngroups * sizeof(gid_t));
3123 memcpy(eap->ex_groups, anoncrp->cr_groups, eap->ex_ngroups *
3126 LOGDEBUG("do_mount exflags=0x%jx", (uintmax_t)exflags);
3127 eap->ex_indexfile = ep->ex_indexfile;
3128 if (grp->gr_type == GT_HOST)
3129 ai = grp->gr_ptr.gt_addrinfo;
3132 eap->ex_numsecflavors = numsecflavors;
3133 LOGDEBUG("do_mount numsec=%d", numsecflavors);
3134 for (i = 0; i < eap->ex_numsecflavors; i++)
3135 eap->ex_secflavors[i] = secflavors[i];
3136 if (eap->ex_numsecflavors == 0) {
3137 eap->ex_numsecflavors = 1;
3138 eap->ex_secflavors[0] = AUTH_SYS;
3142 if (v4root_phase == 0) {
3143 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
3144 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
3145 build_iovec(&iov, &iovlen, "from", NULL, 0);
3146 build_iovec(&iov, &iovlen, "update", NULL, 0);
3147 build_iovec(&iov, &iovlen, "export", eap,
3148 sizeof (struct export_args));
3149 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
3153 switch (grp->gr_type) {
3155 if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
3157 eap->ex_addr = ai->ai_addr;
3158 eap->ex_addrlen = ai->ai_addrlen;
3159 eap->ex_masklen = 0;
3162 if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
3166 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
3168 ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
3170 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
3171 eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
3174 eap->ex_addr = NULL;
3175 eap->ex_addrlen = 0;
3176 eap->ex_mask = NULL;
3177 eap->ex_masklen = 0;
3184 syslog(LOG_ERR, "bad grouptype");
3192 * For V4:, use the nfssvc() syscall, instead of mount().
3194 if (v4root_phase == 2) {
3195 nfsea.fspec = v4root_dirpath;
3196 if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT,
3197 (caddr_t)&nfsea) < 0) {
3198 syslog(LOG_ERR, "Exporting V4: failed");
3205 * Maybe I should just use the fsb->f_mntonname path
3206 * instead of looping back up the dirp to the mount
3208 * Also, needs to know how to export all types of local
3209 * exportable filesystems and not just "ufs".
3211 iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
3212 iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
3213 iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
3214 iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
3215 iov[5].iov_base = fsb->f_mntfromname; /* "from" */
3216 iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
3219 while (nmount(iov, iovlen, fsb->f_flags) < 0) {
3223 cp = dirp + dirplen - 1;
3224 if (opt_flags & OP_QUIET) {
3228 if (errno == EPERM) {
3230 warnx("can't change attributes for %s: %s",
3233 "can't change attributes for %s: %s",
3238 if (opt_flags & OP_ALLDIRS) {
3239 if (errno == EINVAL)
3241 "-alldirs requested but %s is not a filesystem mountpoint",
3245 "could not remount %s: %m",
3250 /* back up over the last component */
3251 while (cp > dirp && *cp == '/')
3253 while (cp > dirp && *(cp - 1) != '/')
3257 warnx("mnt unsucc");
3258 syslog(LOG_ERR, "can't export %s %s",
3266 * Check that we're still on the same
3269 if (statfs(dirp, &fsb1) != 0 ||
3270 fsidcmp(&fsb1.f_fsid, &fsb->f_fsid) != 0) {
3273 "can't export %s %s", dirp,
3282 * For the experimental server:
3283 * If this is the public directory, get the file handle
3284 * and load it into the kernel via the nfssvc() syscall.
3286 if ((exflags & MNT_EXPUBLIC) != 0) {
3290 if (eap->ex_indexfile != NULL)
3291 public_name = eap->ex_indexfile;
3294 if (getfh(public_name, &fh) < 0)
3296 "Can't get public fh for %s", public_name);
3297 else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
3299 "Can't set public fh for %s", public_name);
3302 has_set_publicfh = 1;
3303 ep->ex_flag |= EX_PUBLICFH;
3315 free(eap->ex_groups);
3316 /* free strings allocated by strdup() in getmntopts.c */
3318 free(iov[0].iov_base); /* fstype */
3319 free(iov[2].iov_base); /* fspath */
3320 free(iov[4].iov_base); /* from */
3321 free(iov[6].iov_base); /* update */
3322 free(iov[8].iov_base); /* export */
3323 free(iov[10].iov_base); /* errmsg */
3325 /* free iov, allocated by realloc() */
3332 * Translate a net address.
3334 * If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
3337 get_net(char *cp, struct netmsk *net, int maskflg)
3339 struct netent *np = NULL;
3340 char *name, *p, *prefp;
3341 struct sockaddr_in sin;
3342 struct sockaddr *sa = NULL;
3343 struct addrinfo hints, *ai = NULL;
3344 char netname[NI_MAXHOST];
3348 if ((opt_flags & OP_MASKLEN) && !maskflg) {
3349 p = strchr(cp, '/');
3355 * Check for a numeric address first. We wish to avoid
3356 * possible DNS lookups in getnetbyname().
3358 if (isxdigit(*cp) || *cp == ':') {
3359 memset(&hints, 0, sizeof hints);
3360 /* Ensure the mask and the network have the same family. */
3361 if (maskflg && (opt_flags & OP_NET))
3362 hints.ai_family = net->nt_net.ss_family;
3363 else if (!maskflg && (opt_flags & OP_HAVEMASK))
3364 hints.ai_family = net->nt_mask.ss_family;
3366 hints.ai_family = AF_UNSPEC;
3367 hints.ai_flags = AI_NUMERICHOST;
3368 if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
3370 if (sa != NULL && ai->ai_family == AF_INET) {
3372 * The address in `cp' is really a network address, so
3373 * use inet_network() to re-interpret this correctly.
3374 * e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
3376 bzero(&sin, sizeof sin);
3377 sin.sin_family = AF_INET;
3378 sin.sin_len = sizeof sin;
3379 sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
3381 fprintf(stderr, "get_net: v4 addr %s\n",
3382 inet_ntoa(sin.sin_addr));
3383 sa = (struct sockaddr *)&sin;
3386 if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
3387 bzero(&sin, sizeof sin);
3388 sin.sin_family = AF_INET;
3389 sin.sin_len = sizeof sin;
3390 sin.sin_addr = inet_makeaddr(np->n_net, 0);
3391 sa = (struct sockaddr *)&sin;
3397 /* The specified sockaddr is a mask. */
3398 if (checkmask(sa) != 0)
3400 bcopy(sa, &net->nt_mask, sa->sa_len);
3401 opt_flags |= OP_HAVEMASK;
3402 opt_flags &= ~OP_CLASSMASK;
3404 /* The specified sockaddr is a network address. */
3405 bcopy(sa, &net->nt_net, sa->sa_len);
3407 /* Get a network name for the export list. */
3410 } else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
3411 NULL, 0, NI_NUMERICHOST) == 0) {
3416 if ((net->nt_name = strdup(name)) == NULL)
3420 * Extract a mask from either a "/<masklen>" suffix, or
3421 * from the class of an IPv4 address.
3423 if (opt_flags & OP_MASKLEN) {
3424 preflen = strtol(prefp, NULL, 10);
3425 if (preflen < 0L || preflen == LONG_MAX)
3427 bcopy(sa, &net->nt_mask, sa->sa_len);
3428 if (makemask(&net->nt_mask, (int)preflen) != 0)
3430 opt_flags |= OP_HAVEMASK;
3432 } else if (sa->sa_family == AF_INET &&
3433 (opt_flags & OP_MASK) == 0) {
3436 addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
3437 if (IN_CLASSA(addr))
3439 else if (IN_CLASSB(addr))
3441 else if (IN_CLASSC(addr))
3443 else if (IN_CLASSD(addr)) /* XXX Multicast??? */
3446 preflen = 32; /* XXX */
3448 bcopy(sa, &net->nt_mask, sa->sa_len);
3449 makemask(&net->nt_mask, (int)preflen);
3450 opt_flags |= OP_HAVEMASK | OP_CLASSMASK;
3465 * Parse out the next white space separated field
3468 nextfield(char **cp, char **endcp)
3474 while (*p == ' ' || *p == '\t')
3477 while (*p != '\0') {
3482 if (*p == '\\' && *(p + 1) != '\0')
3484 else if (*p == '\'' || *p == '"')
3486 else if (*p == ' ' || *p == '\t')
3495 * Get an exports file line. Skip over blank lines and handle line
3503 int totlen, cont_line;
3506 * Loop around ignoring blank lines and getting all continuation lines.
3511 if ((p = fgetln(exp_file, &len)) == NULL)
3516 (*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
3526 if (linesize < len + totlen + 1) {
3527 linesize = len + totlen + 1;
3528 line = realloc(line, linesize);
3532 memcpy(line + totlen, p, len);
3534 line[totlen] = '\0';
3535 } while (totlen == 0 || cont_line);
3540 * Parse a description of a credential.
3543 parsecred(char *namelist, struct expcred *cr)
3550 gid_t groups[NGROUPS_MAX + 1];
3552 unsigned long name_ul;
3556 * Set up the unprivileged user.
3558 cr->cr_groups = cr->cr_smallgrps;
3559 cr->cr_uid = UID_NOBODY;
3560 cr->cr_groups[0] = GID_NOGROUP;
3563 * Get the user's password table entry.
3566 name = strsep_quote(&names, ":");
3567 /* Bug? name could be NULL here */
3568 name_ul = strtoul(name, &end, 10);
3569 if (*end != '\0' || end == name)
3570 pw = getpwnam(name);
3572 pw = getpwuid((uid_t)name_ul);
3574 * Credentials specified as those of a user.
3576 if (names == NULL) {
3578 syslog(LOG_ERR, "unknown user: %s", name);
3581 cr->cr_uid = pw->pw_uid;
3582 ngroups = NGROUPS_MAX + 1;
3583 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
3584 syslog(LOG_ERR, "too many groups");
3585 ngroups = NGROUPS_MAX + 1;
3589 * Compress out duplicate.
3591 if (ngroups > 1 && groups[0] == groups[1]) {
3597 if (ngroups > NGROUPS_MAX)
3598 ngroups = NGROUPS_MAX;
3599 if (ngroups > SMALLNGROUPS)
3600 cr->cr_groups = malloc(ngroups * sizeof(gid_t));
3601 cr->cr_ngroups = ngroups;
3602 cr->cr_groups[0] = groups[0];
3603 memcpy(&cr->cr_groups[1], &groups[inpos], (ngroups - 1) *
3608 * Explicit credential specified as a colon separated list:
3612 cr->cr_uid = pw->pw_uid;
3613 } else if (*end != '\0' || end == name) {
3614 syslog(LOG_ERR, "unknown user: %s", name);
3617 cr->cr_uid = name_ul;
3620 while (names != NULL && *names != '\0' && cr->cr_ngroups < NGROUPS_MAX) {
3621 name = strsep_quote(&names, ":");
3622 name_ul = strtoul(name, &end, 10);
3623 if (*end != '\0' || end == name) {
3624 if ((gr = getgrnam(name)) == NULL) {
3625 syslog(LOG_ERR, "unknown group: %s", name);
3628 groups[cr->cr_ngroups++] = gr->gr_gid;
3630 groups[cr->cr_ngroups++] = name_ul;
3633 if (names != NULL && *names != '\0' && cr->cr_ngroups == NGROUPS_MAX)
3634 syslog(LOG_ERR, "too many groups");
3635 if (cr->cr_ngroups > SMALLNGROUPS)
3636 cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t));
3637 memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t));
3640 #define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
3642 * Routines that maintain the remote mounttab
3647 struct mountlist *mlp;
3648 char *host, *dirp, *cp;
3652 if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
3653 if (errno == ENOENT)
3656 syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
3660 while (fgets(str, STRSIZ, mlfile) != NULL) {
3662 host = strsep(&cp, " \t\n");
3663 dirp = strsep(&cp, " \t\n");
3664 if (host == NULL || dirp == NULL)
3666 mlp = (struct mountlist *)malloc(sizeof (*mlp));
3667 if (mlp == (struct mountlist *)NULL)
3669 strncpy(mlp->ml_host, host, MNTNAMLEN);
3670 mlp->ml_host[MNTNAMLEN] = '\0';
3671 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
3672 mlp->ml_dirp[MNTPATHLEN] = '\0';
3674 SLIST_INSERT_HEAD(&mlhead, mlp, next);
3680 del_mlist(char *hostp, char *dirp)
3682 struct mountlist *mlp, *mlp2;
3686 SLIST_FOREACH_SAFE(mlp, &mlhead, next, mlp2) {
3687 if (!strcmp(mlp->ml_host, hostp) &&
3688 (!dirp || !strcmp(mlp->ml_dirp, dirp))) {
3690 SLIST_REMOVE(&mlhead, mlp, mountlist, next);
3695 if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
3696 syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
3699 SLIST_FOREACH(mlp, &mlhead, next) {
3700 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
3707 add_mlist(char *hostp, char *dirp)
3709 struct mountlist *mlp;
3712 SLIST_FOREACH(mlp, &mlhead, next) {
3713 if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
3717 mlp = (struct mountlist *)malloc(sizeof (*mlp));
3718 if (mlp == (struct mountlist *)NULL)
3720 strncpy(mlp->ml_host, hostp, MNTNAMLEN);
3721 mlp->ml_host[MNTNAMLEN] = '\0';
3722 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
3723 mlp->ml_dirp[MNTPATHLEN] = '\0';
3724 SLIST_INSERT_HEAD(&mlhead, mlp, next);
3725 if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
3726 syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
3729 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
3734 * Free up a group list.
3737 free_grp(struct grouplist *grp)
3739 if (grp->gr_type == GT_HOST) {
3740 if (grp->gr_ptr.gt_addrinfo != NULL)
3741 freeaddrinfo(grp->gr_ptr.gt_addrinfo);
3742 } else if (grp->gr_type == GT_NET) {
3743 if (grp->gr_ptr.gt_net.nt_name)
3744 free(grp->gr_ptr.gt_net.nt_name);
3746 if (grp->gr_anon.cr_groups != grp->gr_anon.cr_smallgrps)
3747 free(grp->gr_anon.cr_groups);
3753 SYSLOG(int pri, const char *fmt, ...)
3758 vfprintf(stderr, fmt, ap);
3764 * Check options for consistency.
3767 check_options(struct dirlist *dp)
3770 if (v4root_phase == 0 && dp == NULL)
3772 if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
3773 syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
3776 if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
3777 syslog(LOG_ERR, "-mask requires -network");
3780 if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
3781 syslog(LOG_ERR, "-network requires mask specification");
3784 if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
3785 syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
3788 if (v4root_phase > 0 &&
3790 ~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
3791 syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
3794 if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
3795 syslog(LOG_ERR, "-alldirs has multiple directories");
3802 check_path_component(const char *path, char **err)
3806 if (lstat(path, &sb)) {
3807 asprintf(err, "%s: lstat() failed: %s.\n",
3808 path, strerror(errno));
3812 switch (sb.st_mode & S_IFMT) {
3816 asprintf(err, "%s: path is a symbolic link.\n", path);
3819 asprintf(err, "%s: path is a file rather than a directory.\n",
3823 asprintf(err, "%s: path is not a directory.\n", path);
3830 * Check each path component for the presence of symbolic links. Return true
3833 check_dirpath(char *dirp, char **err)
3842 if (!check_path_component(dirp, err)) {
3852 if (!check_path_component(dirp, err))
3859 * Populate statfs information. Return true on success.
3862 check_statfs(const char *dirp, struct statfs *fsb, char **err)
3864 if (statfs(dirp, fsb)) {
3865 asprintf(err, "%s: statfs() failed: %s\n", dirp,
3874 * Make a netmask according to the specified prefix length. The ss_family
3875 * and other non-address fields must be initialised before calling this.
3878 makemask(struct sockaddr_storage *ssp, int bitlen)
3883 if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
3885 if (bitlen > len * CHAR_BIT)
3888 for (i = 0; i < len; i++) {
3889 bits = MIN(CHAR_BIT, bitlen);
3890 *p++ = (u_char)~0 << (CHAR_BIT - bits);
3897 * Check that the sockaddr is a valid netmask. Returns 0 if the mask
3898 * is acceptable (i.e. of the form 1...10....0).
3901 checkmask(struct sockaddr *sa)
3906 if ((mask = sa_rawaddr(sa, &len)) == NULL)
3909 for (i = 0; i < len; i++)
3910 if (mask[i] != 0xff)
3913 if (~mask[i] & (u_char)(~mask[i] + 1))
3917 for (; i < len; i++)
3924 * Compare two sockaddrs according to a specified mask. Return zero if
3925 * `sa1' matches `sa2' when filtered by the netmask in `samask'.
3926 * If samask is NULL, perform a full comparison.
3929 sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
3931 unsigned char *p1, *p2, *mask;
3934 if (sa1->sa_family != sa2->sa_family ||
3935 (p1 = sa_rawaddr(sa1, &len)) == NULL ||
3936 (p2 = sa_rawaddr(sa2, NULL)) == NULL)
3939 switch (sa1->sa_family) {
3941 if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
3942 ((struct sockaddr_in6 *)sa2)->sin6_scope_id)
3947 /* Simple binary comparison if no mask specified. */
3949 return (memcmp(p1, p2, len));
3951 /* Set up the mask, and do a mask-based comparison. */
3952 if (sa1->sa_family != samask->sa_family ||
3953 (mask = sa_rawaddr(samask, NULL)) == NULL)
3956 for (i = 0; i < len; i++)
3957 if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
3963 * Return a pointer to the part of the sockaddr that contains the
3964 * raw address, and set *nbytes to its length in bytes. Returns
3965 * NULL if the address family is unknown.
3968 sa_rawaddr(struct sockaddr *sa, int *nbytes) {
3972 switch (sa->sa_family) {
3974 len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
3975 p = &((struct sockaddr_in *)sa)->sin_addr;
3978 len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
3979 p = &((struct sockaddr_in6 *)sa)->sin6_addr;
3992 huphandler(int sig __unused)
3999 terminate(int sig __unused)
4001 pidfile_remove(pfh);
4002 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
4003 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
4008 cp_cred(struct expcred *outcr, struct expcred *incr)
4011 outcr->cr_uid = incr->cr_uid;
4012 outcr->cr_ngroups = incr->cr_ngroups;
4013 if (outcr->cr_ngroups > SMALLNGROUPS)
4014 outcr->cr_groups = malloc(outcr->cr_ngroups * sizeof(gid_t));
4016 outcr->cr_groups = outcr->cr_smallgrps;
4017 memcpy(outcr->cr_groups, incr->cr_groups, incr->cr_ngroups *