2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
7 * This code is derived from software contributed to Berkeley by
8 * Herb Hasler and Rick Macklem at The University of Guelph.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 static const char copyright[] =
37 "@(#) Copyright (c) 1989, 1993\n\
38 The Regents of the University of California. All rights reserved.\n";
43 static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
47 #include <sys/cdefs.h>
48 __FBSDID("$FreeBSD$");
50 #include <sys/param.h>
51 #include <sys/fcntl.h>
52 #include <sys/fnv_hash.h>
53 #include <sys/linker.h>
54 #include <sys/module.h>
55 #include <sys/mount.h>
56 #include <sys/queue.h>
58 #include <sys/sysctl.h>
59 #include <sys/syslog.h>
62 #include <rpc/rpc_com.h>
63 #include <rpc/pmap_clnt.h>
64 #include <rpc/pmap_prot.h>
65 #include <rpcsvc/mount.h>
66 #include <nfs/nfsproto.h>
67 #include <nfs/nfssvc.h>
68 #include <nfsserver/nfs.h>
70 #include <fs/nfs/nfsport.h>
72 #include <arpa/inet.h>
87 #include "pathnames.h"
95 * Structures for keeping the mount list and export list
98 char ml_host[MNTNAMLEN+1];
99 char ml_dirp[MNTPATHLEN+1];
101 SLIST_ENTRY(mountlist) next;
105 struct dirlist *dp_left;
106 struct dirlist *dp_right;
108 struct hostlist *dp_hosts; /* List of hosts this dir exported to */
112 #define DP_DEFSET 0x1
113 #define DP_HOSTSET 0x2
116 struct dirlist *ex_dirl;
117 struct dirlist *ex_defdir;
118 struct grouplist *ex_grphead;
123 struct xucred ex_defanon;
125 int ex_numsecflavors;
126 int ex_secflavors[MAXSECFLAVORS];
127 int ex_defnumsecflavors;
128 int ex_defsecflavors[MAXSECFLAVORS];
130 SLIST_ENTRY(exportlist) entries;
133 #define EX_LINKED 0x1
135 #define EX_DEFSET 0x4
136 #define EX_PUBLICFH 0x8
138 SLIST_HEAD(exportlisthead, exportlist);
141 struct sockaddr_storage nt_net;
142 struct sockaddr_storage nt_mask;
147 struct addrinfo *gt_addrinfo;
148 struct netmsk gt_net;
153 union grouptypes gr_ptr;
154 struct grouplist *gr_next;
155 struct xucred gr_anon;
158 int gr_numsecflavors;
159 int gr_secflavors[MAXSECFLAVORS];
165 #define GT_DEFAULT 0x3
166 #define GT_IGNORE 0x5
172 int ht_flag; /* Uses DP_xx bits */
173 struct grouplist *ht_grp;
174 struct hostlist *ht_next;
181 int fhr_numsecflavors;
185 #define GETPORT_MAXTRY 20 /* Max tries to get a port # */
188 * How long to delay a reload of exports when there are RPC request(s)
189 * to process, in usec. Must be less than 1second.
191 #define RELOADDELAY 250000
194 static char *add_expdir(struct dirlist **, char *, int);
195 static void add_dlist(struct dirlist **, struct dirlist *,
196 struct grouplist *, int, struct exportlist *,
197 struct xucred *, int);
198 static void add_mlist(char *, char *);
199 static int check_dirpath(char *);
200 static int check_options(struct dirlist *);
201 static int checkmask(struct sockaddr *sa);
202 static int chk_host(struct dirlist *, struct sockaddr *, int *, int *,
204 static char *strsep_quote(char **stringp, const char *delim);
205 static int create_service(struct netconfig *nconf);
206 static void complete_service(struct netconfig *nconf, char *port_str);
207 static void clearout_service(void);
208 static void del_mlist(char *hostp, char *dirp);
209 static struct dirlist *dirp_search(struct dirlist *, char *);
210 static int do_export_mount(struct exportlist *, struct statfs *);
211 static int do_mount(struct exportlist *, struct grouplist *, int,
212 struct xucred *, char *, int, struct statfs *, int, int *);
213 static int do_opt(char **, char **, struct exportlist *,
214 struct grouplist *, int *, int *, struct xucred *);
215 static struct exportlist *ex_search(fsid_t *, struct exportlisthead *);
216 static struct exportlist *get_exp(void);
217 static void free_dir(struct dirlist *);
218 static void free_exp(struct exportlist *);
219 static void free_grp(struct grouplist *);
220 static void free_host(struct hostlist *);
221 static void free_v4rootexp(void);
222 static void get_exportlist_one(int);
223 static void get_exportlist(int);
224 static void insert_exports(struct exportlist *, struct exportlisthead *);
225 static void free_exports(struct exportlisthead *);
226 static void read_exportfile(int);
227 static int compare_nmount_exportlist(struct iovec *, int, char *);
228 static int compare_export(struct exportlist *, struct exportlist *);
229 static int compare_cred(struct xucred *, struct xucred *);
230 static int compare_secflavor(int *, int *, int);
231 static void delete_export(struct iovec *, int, struct statfs *, char *);
232 static int get_host(char *, struct grouplist *, struct grouplist *);
233 static struct hostlist *get_ht(void);
234 static int get_line(void);
235 static void get_mountlist(void);
236 static int get_net(char *, struct netmsk *, int);
237 static void getexp_err(struct exportlist *, struct grouplist *, const char *);
238 static struct grouplist *get_grp(void);
239 static void hang_dirp(struct dirlist *, struct grouplist *,
240 struct exportlist *, int, struct xucred *, int);
241 static void huphandler(int sig);
242 static int makemask(struct sockaddr_storage *ssp, int bitlen);
243 static void mntsrv(struct svc_req *, SVCXPRT *);
244 static void nextfield(char **, char **);
245 static void out_of_mem(void);
246 static void parsecred(char *, struct xucred *);
247 static int parsesec(char *, struct exportlist *);
248 static int put_exlist(struct dirlist *, XDR *, struct dirlist *,
250 static void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
251 static int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
252 struct sockaddr *samask);
253 static int scan_tree(struct dirlist *, struct sockaddr *);
254 static void usage(void);
255 static int xdr_dir(XDR *, char *);
256 static int xdr_explist(XDR *, caddr_t);
257 static int xdr_explist_brief(XDR *, caddr_t);
258 static int xdr_explist_common(XDR *, caddr_t, int);
259 static int xdr_fhs(XDR *, caddr_t);
260 static int xdr_mlist(XDR *, caddr_t);
261 static void terminate(int);
263 #define EXPHASH(f) (fnv_32_buf((f), sizeof(fsid_t), 0) % exphashsize)
264 static struct exportlisthead *exphead = NULL;
265 static struct exportlisthead *oldexphead = NULL;
266 static int exphashsize = 0;
267 static SLIST_HEAD(, mountlist) mlhead = SLIST_HEAD_INITIALIZER(&mlhead);
268 static char *exnames_default[2] = { _PATH_EXPORTS, NULL };
269 static char **exnames;
270 static char **hosts = NULL;
271 static struct xucred def_anon = {
278 static int force_v2 = 0;
279 static int resvport_only = 1;
280 static int nhosts = 0;
281 static int dir_only = 1;
282 static int dolog = 0;
283 static int got_sighup = 0;
284 static int xcreated = 0;
286 static char *svcport_str = NULL;
287 static int mallocd_svcport = 0;
289 static int sock_fdcnt;
290 static int sock_fdpos;
291 static int suspend_nfsd = 0;
293 static int opt_flags;
294 static int have_v6 = 1;
296 static int v4root_phase = 0;
297 static char v4root_dirpath[PATH_MAX + 1];
298 static struct exportlist *v4root_ep = NULL;
299 static int has_publicfh = 0;
300 static int has_set_publicfh = 0;
302 static struct pidfh *pfh = NULL;
303 /* Bits for opt_flags above */
304 #define OP_MAPROOT 0x01
305 #define OP_MAPALL 0x02
309 #define OP_ALLDIRS 0x40
310 #define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
311 #define OP_QUIET 0x100
312 #define OP_MASKLEN 0x200
316 static int debug = 1;
317 static void SYSLOG(int, const char *, ...) __printflike(2, 3);
318 #define syslog SYSLOG
320 static int debug = 0;
324 * The LOGDEBUG() syslog() calls are always compiled into the daemon.
325 * To enable them, create a file at _PATH_MOUNTDDEBUG. This file can be empty.
326 * To disable the logging, just delete the file at _PATH_MOUNTDDEBUG.
328 static int logdebug = 0;
329 #define LOGDEBUG(format, ...) \
330 (logdebug ? syslog(LOG_DEBUG, format, ## __VA_ARGS__) : 0)
333 * Similar to strsep(), but it allows for quoted strings
334 * and escaped characters.
336 * It returns the string (or NULL, if *stringp is NULL),
337 * which is a de-quoted version of the string if necessary.
339 * It modifies *stringp in place.
342 strsep_quote(char **stringp, const char *delim)
344 char *srcptr, *dstptr, *retval;
347 if (stringp == NULL || *stringp == NULL)
350 srcptr = dstptr = retval = *stringp;
354 * We're looking for several edge cases here.
355 * First: if we're in quote state (quot != 0),
356 * then we ignore the delim characters, but otherwise
357 * process as normal, unless it is the quote character.
358 * Second: if the current character is a backslash,
359 * we take the next character as-is, without checking
360 * for delim, quote, or backslash. Exception: if the
361 * next character is a NUL, that's the end of the string.
362 * Third: if the character is a quote character, we toggle
364 * Otherwise: check the current character for NUL, or
365 * being in delim, and end the string if either is true.
367 if (*srcptr == '\\') {
370 * The edge case here is if the next character
371 * is NUL, we want to stop processing. But if
372 * it's not NUL, then we simply want to copy it.
375 *dstptr++ = *srcptr++;
379 if (quot == 0 && (*srcptr == '\'' || *srcptr == '"')) {
383 if (quot && *srcptr == quot) {
384 /* End of the quoted part */
389 if (!quot && strchr(delim, *srcptr))
391 *dstptr++ = *srcptr++;
394 *stringp = (*srcptr == '\0') ? NULL : srcptr + 1;
395 *dstptr = 0; /* Terminate the string */
400 * Mountd server for NFS mount protocol as described in:
401 * NFS: Network File System Protocol Specification, RFC1094, Appendix A
402 * The optional arguments are the exports file name
403 * default: _PATH_EXPORTS
404 * and "-n" to allow nonroot mount.
407 main(int argc, char **argv)
410 struct netconfig *nconf;
411 char *endptr, **hosts_bak;
416 int maxrec = RPC_MAXDATASIZE;
417 int attempt_cnt, port_len, port_pos, ret;
419 uint64_t curtime, nexttime;
422 sigset_t sighup_mask;
424 /* Check that another mountd isn't already running. */
425 pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
428 errx(1, "mountd already running, pid: %d.", otherpid);
429 warn("cannot open or create pidfile");
432 s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
438 while ((c = getopt(argc, argv, "2deh:lnp:rS")) != -1)
444 /* now a no-op, since this is the default */
453 debug = debug ? 0 : 1;
460 svcport = (in_port_t)strtoul(optarg, &endptr, 10);
461 if (endptr == NULL || *endptr != '\0' ||
462 svcport == 0 || svcport >= IPPORT_MAX)
464 svcport_str = strdup(optarg);
469 hosts_bak = realloc(hosts, nhosts * sizeof(char *));
470 if (hosts_bak == NULL) {
472 for (k = 0; k < nhosts; k++)
479 hosts[nhosts - 1] = strdup(optarg);
480 if (hosts[nhosts - 1] == NULL) {
481 for (k = 0; k < (nhosts - 1); k++)
494 if (modfind("nfsd") < 0) {
495 /* Not present in kernel, try loading it */
496 if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
497 errx(1, "NFS server is not available");
505 exnames = exnames_default;
506 openlog("mountd", LOG_PID, LOG_DAEMON);
508 warnx("getting export list");
511 warnx("getting mount list");
517 signal(SIGINT, SIG_IGN);
518 signal(SIGQUIT, SIG_IGN);
520 signal(SIGHUP, huphandler);
521 signal(SIGTERM, terminate);
522 signal(SIGPIPE, SIG_IGN);
526 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
527 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
528 rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
530 if (!resvport_only) {
531 if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
532 &resvport_only, sizeof(resvport_only)) != 0 &&
534 syslog(LOG_ERR, "sysctl: %m");
540 * If no hosts were specified, add a wildcard entry to bind to
541 * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the
545 hosts = malloc(sizeof(char *));
553 hosts_bak = realloc(hosts, (nhosts + 2) *
555 if (hosts_bak == NULL) {
556 for (k = 0; k < nhosts; k++)
563 hosts[nhosts - 2] = "::1";
565 hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *));
566 if (hosts_bak == NULL) {
567 for (k = 0; k < nhosts; k++)
577 hosts[nhosts - 1] = "127.0.0.1";
585 nc_handle = setnetconfig();
586 while ((nconf = getnetconfig(nc_handle))) {
587 if (nconf->nc_flag & NC_VISIBLE) {
588 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
592 ret = create_service(nconf);
594 /* Ignore this call */
598 * Failed to bind port, so close off
599 * all sockets created and try again
600 * if the port# was dynamically
601 * assigned via bind(2).
604 if (mallocd_svcport != 0 &&
605 attempt_cnt < GETPORT_MAXTRY) {
612 "bindresvport_sa: %m");
616 /* Start over at the first service. */
620 nc_handle = setnetconfig();
622 } else if (mallocd_svcport != 0 &&
623 attempt_cnt == GETPORT_MAXTRY) {
625 * For the last attempt, allow
626 * different port #s for each nconf
627 * by saving the svcport_str and
628 * setting it back to NULL.
630 port_list = realloc(port_list,
631 (port_len + 1) * sizeof(char *));
632 if (port_list == NULL)
634 port_list[port_len++] = svcport_str;
643 * Successfully bound the ports, so call complete_service() to
644 * do the rest of the setup on the service(s).
648 nc_handle = setnetconfig();
649 while ((nconf = getnetconfig(nc_handle))) {
650 if (nconf->nc_flag & NC_VISIBLE) {
651 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
654 } else if (port_list != NULL) {
655 if (port_pos >= port_len) {
656 syslog(LOG_ERR, "too many port#s");
659 complete_service(nconf, port_list[port_pos++]);
661 complete_service(nconf, svcport_str);
664 endnetconfig(nc_handle);
666 if (port_list != NULL) {
667 for (port_pos = 0; port_pos < port_len; port_pos++)
668 free(port_list[port_pos]);
673 syslog(LOG_ERR, "could not create any services");
677 /* Expand svc_run() here so that we can call get_exportlist(). */
678 curtime = nexttime = 0;
679 sigemptyset(&sighup_mask);
680 sigaddset(&sighup_mask, SIGHUP);
682 clock_gettime(CLOCK_MONOTONIC, &tp);
684 curtime = curtime * 1000000 + tp.tv_nsec / 1000;
685 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
686 if (got_sighup && curtime >= nexttime) {
688 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
690 clock_gettime(CLOCK_MONOTONIC, &tp);
691 nexttime = tp.tv_sec;
692 nexttime = nexttime * 1000000 + tp.tv_nsec / 1000 +
695 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
698 * If a reload is pending, poll for received request(s),
699 * otherwise set a RELOADDELAY timeout, since a SIGHUP
700 * could be processed between the got_sighup test and
701 * the select() system call.
707 tv.tv_usec = RELOADDELAY;
709 switch (select(svc_maxfd + 1, &readfds, NULL, NULL, &tv)) {
711 if (errno == EINTR) {
712 /* Allow a reload now. */
716 syslog(LOG_ERR, "mountd died: select: %m");
719 /* Allow a reload now. */
723 svc_getreqset(&readfds);
729 * This routine creates and binds sockets on the appropriate
730 * addresses. It gets called one time for each transport.
731 * It returns 0 upon success, 1 for ingore the call and -1 to indicate
732 * bind failed with EADDRINUSE.
733 * Any file descriptors that have been created are stored in sock_fd and
734 * the total count of them is maintained in sock_fdcnt.
737 create_service(struct netconfig *nconf)
739 struct addrinfo hints, *res = NULL;
740 struct sockaddr_in *sin;
741 struct sockaddr_in6 *sin6;
742 struct __rpc_sockinfo si;
748 u_int32_t host_addr[4]; /* IPv4 or IPv6 */
751 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
752 (nconf->nc_semantics != NC_TPI_COTS) &&
753 (nconf->nc_semantics != NC_TPI_COTS_ORD))
754 return (1); /* not my type */
757 * XXX - using RPC library internal functions.
759 if (!__rpc_nconf2sockinfo(nconf, &si)) {
760 syslog(LOG_ERR, "cannot get information for %s",
765 /* Get mountd's address on this transport */
766 memset(&hints, 0, sizeof hints);
767 hints.ai_family = si.si_af;
768 hints.ai_socktype = si.si_socktype;
769 hints.ai_protocol = si.si_proto;
772 * Bind to specific IPs if asked to
775 while (nhostsbak > 0) {
777 sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int));
780 sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */
783 hints.ai_flags = AI_PASSIVE;
786 * XXX - using RPC library internal functions.
788 if ((fd = __rpc_nconf2fd(nconf)) < 0) {
790 if (errno == EAFNOSUPPORT &&
791 nconf->nc_semantics != NC_TPI_CLTS)
794 syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
795 "cannot create socket for %s", nconf->nc_netid);
801 switch (hints.ai_family) {
803 if (inet_pton(AF_INET, hosts[nhostsbak],
805 hints.ai_flags |= AI_NUMERICHOST;
808 * Skip if we have an AF_INET6 address.
810 if (inet_pton(AF_INET6, hosts[nhostsbak],
818 if (inet_pton(AF_INET6, hosts[nhostsbak],
820 hints.ai_flags |= AI_NUMERICHOST;
823 * Skip if we have an AF_INET address.
825 if (inet_pton(AF_INET, hosts[nhostsbak],
833 * We're doing host-based access checks here, so don't
834 * allow v4-in-v6 to confuse things. The kernel will
835 * disable it by default on NFS sockets too.
837 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
840 "can't disable v4-in-v6 on IPv6 socket");
849 * If no hosts were specified, just bind to INADDR_ANY
851 if (strcmp("*", hosts[nhostsbak]) == 0) {
852 if (svcport_str == NULL) {
853 res = malloc(sizeof(struct addrinfo));
857 res->ai_flags = hints.ai_flags;
858 res->ai_family = hints.ai_family;
859 res->ai_protocol = hints.ai_protocol;
860 switch (res->ai_family) {
862 sin = malloc(sizeof(struct sockaddr_in));
865 sin->sin_family = AF_INET;
866 sin->sin_port = htons(0);
867 sin->sin_addr.s_addr = htonl(INADDR_ANY);
868 res->ai_addr = (struct sockaddr*) sin;
869 res->ai_addrlen = (socklen_t)
870 sizeof(struct sockaddr_in);
873 sin6 = malloc(sizeof(struct sockaddr_in6));
876 sin6->sin6_family = AF_INET6;
877 sin6->sin6_port = htons(0);
878 sin6->sin6_addr = in6addr_any;
879 res->ai_addr = (struct sockaddr*) sin6;
880 res->ai_addrlen = (socklen_t)
881 sizeof(struct sockaddr_in6);
884 syslog(LOG_ERR, "bad addr fam %d",
889 if ((aicode = getaddrinfo(NULL, svcport_str,
890 &hints, &res)) != 0) {
892 "cannot get local address for %s: %s",
894 gai_strerror(aicode));
900 if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
901 &hints, &res)) != 0) {
903 "cannot get local address for %s: %s",
904 nconf->nc_netid, gai_strerror(aicode));
911 sock_fd[sock_fdcnt - 1] = fd;
913 /* Now, attempt the bind. */
914 r = bindresvport_sa(fd, res->ai_addr);
916 if (errno == EADDRINUSE && mallocd_svcport != 0) {
917 if (mallocd_res != 0) {
924 syslog(LOG_ERR, "bindresvport_sa: %m");
928 if (svcport_str == NULL) {
929 svcport_str = malloc(NI_MAXSERV * sizeof(char));
930 if (svcport_str == NULL)
934 if (getnameinfo(res->ai_addr,
935 res->ai_addr->sa_len, NULL, NI_MAXHOST,
936 svcport_str, NI_MAXSERV * sizeof(char),
937 NI_NUMERICHOST | NI_NUMERICSERV))
938 errx(1, "Cannot get port number");
940 if (mallocd_res != 0) {
951 * Called after all the create_service() calls have succeeded, to complete
952 * the setup and registration.
955 complete_service(struct netconfig *nconf, char *port_str)
957 struct addrinfo hints, *res = NULL;
958 struct __rpc_sockinfo si;
959 struct netbuf servaddr;
960 SVCXPRT *transp = NULL;
961 int aicode, fd, nhostsbak;
964 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
965 (nconf->nc_semantics != NC_TPI_COTS) &&
966 (nconf->nc_semantics != NC_TPI_COTS_ORD))
967 return; /* not my type */
970 * XXX - using RPC library internal functions.
972 if (!__rpc_nconf2sockinfo(nconf, &si)) {
973 syslog(LOG_ERR, "cannot get information for %s",
979 while (nhostsbak > 0) {
981 if (sock_fdpos >= sock_fdcnt) {
982 /* Should never happen. */
983 syslog(LOG_ERR, "Ran out of socket fd's");
986 fd = sock_fd[sock_fdpos++];
991 * Using -1 tells listen(2) to use
992 * kern.ipc.soacceptqueue for the backlog.
994 if (nconf->nc_semantics != NC_TPI_CLTS)
997 if (nconf->nc_semantics == NC_TPI_CLTS )
998 transp = svc_dg_create(fd, 0, 0);
1000 transp = svc_vc_create(fd, RPC_MAXDATASIZE,
1003 if (transp != (SVCXPRT *) NULL) {
1004 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
1007 "can't register %s MOUNTVERS service",
1010 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
1013 "can't register %s MOUNTVERS3 service",
1017 syslog(LOG_WARNING, "can't create %s services",
1020 if (registered == 0) {
1022 memset(&hints, 0, sizeof hints);
1023 hints.ai_flags = AI_PASSIVE;
1024 hints.ai_family = si.si_af;
1025 hints.ai_socktype = si.si_socktype;
1026 hints.ai_protocol = si.si_proto;
1028 if ((aicode = getaddrinfo(NULL, port_str, &hints,
1030 syslog(LOG_ERR, "cannot get local address: %s",
1031 gai_strerror(aicode));
1035 servaddr.buf = malloc(res->ai_addrlen);
1036 memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
1037 servaddr.len = res->ai_addrlen;
1039 rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
1040 rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
1049 * Clear out sockets after a failure to bind one of them, so that the
1050 * cycle of socket creation/binding can start anew.
1053 clearout_service(void)
1057 for (i = 0; i < sock_fdcnt; i++) {
1058 if (sock_fd[i] >= 0) {
1059 shutdown(sock_fd[i], SHUT_RDWR);
1069 "usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
1070 "[-S] [-h <bindip>] [export_file ...]\n");
1075 * The mount rpc service
1078 mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
1080 struct exportlist *ep;
1082 struct fhreturn fhr;
1085 char host[NI_MAXHOST], numerichost[NI_MAXHOST];
1086 int lookup_failed = 1;
1087 struct sockaddr *saddr;
1089 char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
1090 int bad = 0, defset, hostset;
1091 sigset_t sighup_mask;
1092 int numsecflavors, *secflavorsp;
1094 sigemptyset(&sighup_mask);
1095 sigaddset(&sighup_mask, SIGHUP);
1096 saddr = svc_getrpccaller(transp)->buf;
1097 switch (saddr->sa_family) {
1099 sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
1102 sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
1105 syslog(LOG_ERR, "request from unknown address family");
1108 switch (rqstp->rq_proc) {
1110 case MOUNTPROC_UMNT:
1111 case MOUNTPROC_UMNTALL:
1112 lookup_failed = getnameinfo(saddr, saddr->sa_len, host,
1113 sizeof host, NULL, 0, 0);
1115 getnameinfo(saddr, saddr->sa_len, numerichost,
1116 sizeof numerichost, NULL, 0, NI_NUMERICHOST);
1117 switch (rqstp->rq_proc) {
1119 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
1120 syslog(LOG_ERR, "can't send reply");
1123 if (sport >= IPPORT_RESERVED && resvport_only) {
1125 "mount request from %s from unprivileged port",
1127 svcerr_weakauth(transp);
1130 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
1131 syslog(LOG_NOTICE, "undecodable mount request from %s",
1133 svcerr_decode(transp);
1138 * Get the real pathname and make sure it is a directory
1139 * or a regular file if the -r option was specified
1142 if (realpath(rpcpath, dirpath) == NULL ||
1143 stat(dirpath, &stb) < 0 ||
1144 statfs(dirpath, &fsb) < 0) {
1145 chdir("/"); /* Just in case realpath doesn't */
1147 "mount request from %s for non existent path %s",
1148 numerichost, dirpath);
1150 warnx("stat failed on %s", dirpath);
1151 bad = ENOENT; /* We will send error reply later */
1154 !S_ISDIR(stb.st_mode) &&
1155 (dir_only || !S_ISREG(stb.st_mode))) {
1157 "mount request from %s for non-directory path %s",
1158 numerichost, dirpath);
1160 warnx("mounting non-directory %s", dirpath);
1161 bad = ENOTDIR; /* We will send error reply later */
1164 /* Check in the exports list */
1165 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
1169 ep = ex_search(&fsb.f_fsid, exphead);
1170 hostset = defset = 0;
1171 if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset,
1172 &numsecflavors, &secflavorsp) ||
1173 ((dp = dirp_search(ep->ex_dirl, dirpath)) &&
1174 chk_host(dp, saddr, &defset, &hostset, &numsecflavors,
1176 (defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
1177 scan_tree(ep->ex_dirl, saddr) == 0))) {
1179 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1181 syslog(LOG_ERR, "can't send reply");
1182 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1185 if (hostset & DP_HOSTSET) {
1186 fhr.fhr_flag = hostset;
1187 fhr.fhr_numsecflavors = numsecflavors;
1188 fhr.fhr_secflavors = secflavorsp;
1190 fhr.fhr_flag = defset;
1191 fhr.fhr_numsecflavors = ep->ex_defnumsecflavors;
1192 fhr.fhr_secflavors = ep->ex_defsecflavors;
1194 fhr.fhr_vers = rqstp->rq_vers;
1195 /* Get the file handle */
1196 memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
1197 if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
1199 syslog(LOG_ERR, "can't get fh for %s", dirpath);
1200 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1202 syslog(LOG_ERR, "can't send reply");
1203 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1206 if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
1208 syslog(LOG_ERR, "can't send reply");
1210 add_mlist(host, dirpath);
1212 add_mlist(numerichost, dirpath);
1214 warnx("mount successful");
1217 "mount request succeeded from %s for %s",
1218 numerichost, dirpath);
1223 "mount request denied from %s for %s",
1224 numerichost, dirpath);
1227 if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
1229 syslog(LOG_ERR, "can't send reply");
1230 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1232 case MOUNTPROC_DUMP:
1233 if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
1234 syslog(LOG_ERR, "can't send reply");
1237 "dump request succeeded from %s",
1240 case MOUNTPROC_UMNT:
1241 if (sport >= IPPORT_RESERVED && resvport_only) {
1243 "umount request from %s from unprivileged port",
1245 svcerr_weakauth(transp);
1248 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
1249 syslog(LOG_NOTICE, "undecodable umount request from %s",
1251 svcerr_decode(transp);
1254 if (realpath(rpcpath, dirpath) == NULL) {
1255 syslog(LOG_NOTICE, "umount request from %s "
1256 "for non existent path %s",
1257 numerichost, dirpath);
1259 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1260 syslog(LOG_ERR, "can't send reply");
1262 del_mlist(host, dirpath);
1263 del_mlist(numerichost, dirpath);
1266 "umount request succeeded from %s for %s",
1267 numerichost, dirpath);
1269 case MOUNTPROC_UMNTALL:
1270 if (sport >= IPPORT_RESERVED && resvport_only) {
1272 "umountall request from %s from unprivileged port",
1274 svcerr_weakauth(transp);
1277 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1278 syslog(LOG_ERR, "can't send reply");
1280 del_mlist(host, NULL);
1281 del_mlist(numerichost, NULL);
1284 "umountall request succeeded from %s",
1287 case MOUNTPROC_EXPORT:
1288 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
1289 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
1291 syslog(LOG_ERR, "can't send reply");
1294 "export request succeeded from %s",
1298 svcerr_noproc(transp);
1304 * Xdr conversion for a dirpath string
1307 xdr_dir(XDR *xdrsp, char *dirp)
1309 return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
1313 * Xdr routine to generate file handle reply
1316 xdr_fhs(XDR *xdrsp, caddr_t cp)
1318 struct fhreturn *fhrp = (struct fhreturn *)cp;
1319 u_long ok = 0, len, auth;
1322 if (!xdr_long(xdrsp, &ok))
1324 switch (fhrp->fhr_vers) {
1326 return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
1329 if (!xdr_long(xdrsp, &len))
1331 if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
1333 if (fhrp->fhr_numsecflavors) {
1334 if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
1336 for (i = 0; i < fhrp->fhr_numsecflavors; i++)
1337 if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
1343 if (!xdr_long(xdrsp, &len))
1345 return (xdr_long(xdrsp, &auth));
1352 xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
1354 struct mountlist *mlp;
1359 SLIST_FOREACH(mlp, &mlhead, next) {
1360 if (!xdr_bool(xdrsp, &true))
1362 strp = &mlp->ml_host[0];
1363 if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
1365 strp = &mlp->ml_dirp[0];
1366 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1369 if (!xdr_bool(xdrsp, &false))
1375 * Xdr conversion for export list
1378 xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
1380 struct exportlist *ep;
1383 sigset_t sighup_mask;
1386 sigemptyset(&sighup_mask);
1387 sigaddset(&sighup_mask, SIGHUP);
1388 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
1390 for (i = 0; i < exphashsize; i++)
1391 SLIST_FOREACH(ep, &exphead[i], entries) {
1393 if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
1396 if (ep->ex_defdir && putdef == 0 &&
1397 put_exlist(ep->ex_defdir, xdrsp, NULL,
1401 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1402 if (!xdr_bool(xdrsp, &false))
1406 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1411 * Called from xdr_explist() to traverse the tree and export the
1415 put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
1418 struct grouplist *grp;
1419 struct hostlist *hp;
1426 if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
1428 if (!xdr_bool(xdrsp, &true))
1431 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1433 if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
1438 if (!xdr_bool(xdrsp, &true))
1441 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1443 } else if ((dp->dp_flag & DP_DEFSET) == 0 &&
1444 (gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
1448 if (grp->gr_type == GT_HOST) {
1449 if (!xdr_bool(xdrsp, &true))
1451 strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
1452 if (!xdr_string(xdrsp, &strp,
1455 } else if (grp->gr_type == GT_NET) {
1456 if (!xdr_bool(xdrsp, &true))
1458 strp = grp->gr_ptr.gt_net.nt_name;
1459 if (!xdr_string(xdrsp, &strp,
1464 if (gotalldir && hp == (struct hostlist *)NULL) {
1470 if (!xdr_bool(xdrsp, &false))
1472 if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
1479 xdr_explist(XDR *xdrsp, caddr_t cp)
1482 return xdr_explist_common(xdrsp, cp, 0);
1486 xdr_explist_brief(XDR *xdrsp, caddr_t cp)
1489 return xdr_explist_common(xdrsp, cp, 1);
1493 static size_t linesize;
1494 static FILE *exp_file;
1497 * Get the export list from one, currently open file
1500 get_exportlist_one(int passno)
1502 struct exportlist *ep;
1503 struct grouplist *grp, *tgrp, *savgrp;
1504 struct dirlist *dirhead;
1507 char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
1508 int len, has_host, exflags, got_nondir, dirplen, netgrp;
1511 dirhead = (struct dirlist *)NULL;
1512 while (get_line()) {
1514 warnx("got line %s", line);
1516 nextfield(&cp, &endcp);
1525 exflags = MNT_EXPORTED;
1528 ep = (struct exportlist *)NULL;
1532 * Handle the V4 root dir.
1534 if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
1536 * V4: just indicates that it is the v4 root point,
1537 * so skip over that and set v4root_phase.
1539 if (v4root_phase > 0) {
1540 syslog(LOG_ERR, "V4:duplicate line, ignored");
1545 nextfield(&cp, &endcp);
1549 * Create new exports list entry
1552 tgrp = grp = get_grp();
1554 if (len > MNTNAMLEN) {
1555 getexp_err(ep, tgrp, "mountpoint too long");
1559 if (ep == (struct exportlist *)NULL) {
1560 getexp_err(ep, tgrp,
1561 "flag before export path definition");
1565 warnx("doing opt %s", cp);
1567 if (do_opt(&cp, &endcp, ep, grp, &has_host,
1569 getexp_err(ep, tgrp, NULL);
1572 } else if (*cp == '/') {
1575 if (v4root_phase > 1) {
1577 getexp_err(ep, tgrp, "Multiple V4 dirs");
1581 if (check_dirpath(cp) &&
1582 statfs(cp, &fsb) >= 0) {
1583 if ((fsb.f_flags & MNT_AUTOMOUNTED) != 0)
1584 syslog(LOG_ERR, "Warning: exporting of "
1585 "automounted fs %s not supported", cp);
1587 getexp_err(ep, tgrp, "dirs must be first");
1590 if (v4root_phase == 1) {
1592 getexp_err(ep, tgrp, "Multiple V4 dirs");
1595 if (strlen(v4root_dirpath) == 0) {
1596 strlcpy(v4root_dirpath, cp,
1597 sizeof (v4root_dirpath));
1598 } else if (strcmp(v4root_dirpath, cp)
1601 "different V4 dirpath %s", cp);
1602 getexp_err(ep, tgrp, NULL);
1611 if (fsidcmp(&ep->ex_fs, &fsb.f_fsid)
1613 getexp_err(ep, tgrp,
1619 * See if this directory is already
1622 ep = ex_search(&fsb.f_fsid, exphead);
1623 if (ep == (struct exportlist *)NULL) {
1625 ep->ex_fs = fsb.f_fsid;
1626 ep->ex_fsdir = strdup(fsb.f_mntonname);
1627 if (ep->ex_fsdir == NULL)
1631 "making new ep fs=0x%x,0x%x",
1635 warnx("found ep fs=0x%x,0x%x",
1641 * Add dirpath to export mount point.
1643 dirp = add_expdir(&dirhead, cp, len);
1647 getexp_err(ep, tgrp,
1648 "symbolic link in export path or statfs failed");
1656 if (ep == (struct exportlist *)NULL) {
1657 getexp_err(ep, tgrp,
1658 "host(s) before export path definition");
1663 * Get the host or netgroup.
1666 netgrp = getnetgrent(&hst, &usr, &dom);
1669 grp->gr_next = get_grp();
1675 "null hostname in netgroup %s, skipping", cp);
1676 grp->gr_type = GT_IGNORE;
1677 } else if (get_host(hst, grp, tgrp)) {
1679 "bad host %s in netgroup %s, skipping", hst, cp);
1680 grp->gr_type = GT_IGNORE;
1682 } else if (get_host(cp, grp, tgrp)) {
1683 syslog(LOG_ERR, "bad host %s, skipping", cp);
1684 grp->gr_type = GT_IGNORE;
1687 } while (netgrp && getnetgrent(&hst, &usr, &dom));
1692 nextfield(&cp, &endcp);
1695 if (check_options(dirhead)) {
1696 getexp_err(ep, tgrp, NULL);
1700 grp->gr_type = GT_DEFAULT;
1702 warnx("adding a default entry");
1705 * Don't allow a network export coincide with a list of
1706 * host(s) on the same line.
1708 } else if ((opt_flags & OP_NET) && tgrp->gr_next) {
1709 getexp_err(ep, tgrp, "network/host conflict");
1713 * If an export list was specified on this line, make sure
1714 * that we have at least one valid entry, otherwise skip it.
1718 while (grp && grp->gr_type == GT_IGNORE)
1721 getexp_err(ep, tgrp, "no valid entries");
1726 if (v4root_phase == 1) {
1727 getexp_err(ep, tgrp, "V4:root, no dirp, ignored");
1732 * Loop through hosts, pushing the exports into the kernel.
1733 * After loop, tgrp points to the start of the list and
1734 * grp points to the last entry in the list.
1735 * Do not do the do_mount() for passno == 1, since the
1736 * second pass will do it, as required.
1740 grp->gr_exflags = exflags;
1741 grp->gr_anon = anon;
1742 if (v4root_phase == 2 && passno == 0)
1743 LOGDEBUG("do_mount v4root");
1744 if (passno == 0 && do_mount(ep, grp, exflags, &anon,
1745 dirp, dirplen, &fsb, ep->ex_numsecflavors,
1746 ep->ex_secflavors)) {
1747 getexp_err(ep, tgrp, NULL);
1750 } while (grp->gr_next && (grp = grp->gr_next));
1753 * For V4: don't enter in mount lists.
1755 if (v4root_phase > 0 && v4root_phase <= 2) {
1757 * These structures are used for the reload,
1758 * so save them for that case. Otherwise, just
1761 if (passno == 1 && ep != NULL) {
1763 while (tgrp != NULL) {
1765 * Save the security flavors and exflags
1766 * for this host set in the groups.
1768 tgrp->gr_numsecflavors =
1769 ep->ex_numsecflavors;
1770 if (ep->ex_numsecflavors > 0)
1771 memcpy(tgrp->gr_secflavors,
1773 sizeof(ep->ex_secflavors));
1774 tgrp = tgrp->gr_next;
1776 if (v4root_ep == NULL) {
1778 ep = NULL; /* Don't free below. */
1780 grp->gr_next = v4root_ep->ex_grphead;
1781 v4root_ep->ex_grphead = savgrp;
1785 while (tgrp != NULL) {
1787 tgrp = tgrp->gr_next;
1794 * Success. Update the data structures.
1797 hang_dirp(dirhead, tgrp, ep, opt_flags, &anon, exflags);
1798 grp->gr_next = ep->ex_grphead;
1799 ep->ex_grphead = tgrp;
1801 hang_dirp(dirhead, (struct grouplist *)NULL, ep,
1802 opt_flags, &anon, exflags);
1805 dirhead = (struct dirlist *)NULL;
1806 if ((ep->ex_flag & EX_LINKED) == 0) {
1807 insert_exports(ep, exphead);
1809 ep->ex_flag |= EX_LINKED;
1815 dirhead = (struct dirlist *)NULL;
1821 * Get the export list from all specified files
1824 get_exportlist(int passno)
1826 struct export_args export;
1828 struct statfs *mntbufp;
1832 struct nfsex_args eargs;
1835 if ((debug_file = fopen(_PATH_MOUNTDDEBUG, "r")) != NULL) {
1840 LOGDEBUG("passno=%d", passno);
1841 v4root_dirpath[0] = '\0';
1845 * Save the current lists as old ones, so that the new lists
1846 * can be compared with the old ones in the 2nd pass.
1848 for (i = 0; i < exphashsize; i++) {
1849 SLIST_FIRST(&oldexphead[i]) = SLIST_FIRST(&exphead[i]);
1850 SLIST_INIT(&exphead[i]);
1853 /* Note that the public fh has not yet been set. */
1854 has_set_publicfh = 0;
1856 /* Read the export file(s) and process them */
1857 read_exportfile(passno);
1860 * Just make the old lists empty.
1861 * exphashsize == 0 for the first call, before oldexphead
1862 * has been initialized-->loop won't be executed.
1864 for (i = 0; i < exphashsize; i++)
1865 SLIST_INIT(&oldexphead[i]);
1868 bzero(&export, sizeof(export));
1869 export.ex_flags = MNT_DELEXPORT;
1872 bzero(errmsg, sizeof(errmsg));
1874 if (suspend_nfsd != 0)
1875 (void)nfssvc(NFSSVC_SUSPENDNFSD, NULL);
1877 * Delete the old V4 root dir.
1879 bzero(&eargs, sizeof (eargs));
1880 eargs.export.ex_flags = MNT_DELEXPORT;
1881 if (nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&eargs) < 0 &&
1883 syslog(LOG_ERR, "Can't delete exports for V4:");
1885 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
1886 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
1887 build_iovec(&iov, &iovlen, "from", NULL, 0);
1888 build_iovec(&iov, &iovlen, "update", NULL, 0);
1889 build_iovec(&iov, &iovlen, "export", &export,
1891 build_iovec(&iov, &iovlen, "errmsg", errmsg,
1895 * For passno == 1, compare the old and new lists updating the kernel
1896 * exports for any cases that have changed.
1897 * This call is doing the second pass through the lists.
1898 * If it fails, fall back on the bulk reload.
1900 if (passno == 1 && compare_nmount_exportlist(iov, iovlen, errmsg) ==
1902 LOGDEBUG("compareok");
1903 /* Free up the old lists. */
1904 free_exports(oldexphead);
1906 LOGDEBUG("doing passno=0");
1908 * Clear flag that notes if a public fh has been exported.
1909 * It is set by do_mount() if MNT_EXPUBLIC is set for the entry.
1913 /* exphead == NULL if not yet allocated (first call). */
1914 if (exphead != NULL) {
1916 * First, get rid of the old lists.
1918 free_exports(exphead);
1919 free_exports(oldexphead);
1923 * And delete exports that are in the kernel for all local
1925 * XXX: Should know how to handle all local exportable
1928 num = getmntinfo(&mntbufp, MNT_NOWAIT);
1930 /* Allocate hash tables, for first call. */
1931 if (exphead == NULL) {
1932 /* Target an average linked list length of 10. */
1933 exphashsize = num / 10;
1934 if (exphashsize < 1)
1936 else if (exphashsize > 100000)
1937 exphashsize = 100000;
1938 exphead = malloc(exphashsize * sizeof(*exphead));
1939 oldexphead = malloc(exphashsize * sizeof(*oldexphead));
1940 if (exphead == NULL || oldexphead == NULL)
1941 errx(1, "Can't malloc hash tables");
1943 for (i = 0; i < exphashsize; i++) {
1944 SLIST_INIT(&exphead[i]);
1945 SLIST_INIT(&oldexphead[i]);
1949 for (i = 0; i < num; i++)
1950 delete_export(iov, iovlen, &mntbufp[i], errmsg);
1953 /* Read the export file(s) and process them */
1958 /* Free strings allocated by strdup() in getmntopts.c */
1959 free(iov[0].iov_base); /* fstype */
1960 free(iov[2].iov_base); /* fspath */
1961 free(iov[4].iov_base); /* from */
1962 free(iov[6].iov_base); /* update */
1963 free(iov[8].iov_base); /* export */
1964 free(iov[10].iov_base); /* errmsg */
1966 /* free iov, allocated by realloc() */
1972 * If there was no public fh, clear any previous one set.
1974 if (has_publicfh == 0) {
1975 LOGDEBUG("clear public fh");
1976 (void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
1979 /* Resume the nfsd. If they weren't suspended, this is harmless. */
1980 (void)nfssvc(NFSSVC_RESUMENFSD, NULL);
1981 LOGDEBUG("eo get_exportlist");
1985 * Insert an export entry in the appropriate list.
1988 insert_exports(struct exportlist *ep, struct exportlisthead *exhp)
1992 i = EXPHASH(&ep->ex_fs);
1993 LOGDEBUG("fs=%s hash=%i", ep->ex_fsdir, i);
1994 SLIST_INSERT_HEAD(&exhp[i], ep, entries);
1998 * Free up the exports lists passed in as arguments.
2001 free_exports(struct exportlisthead *exhp)
2003 struct exportlist *ep, *ep2;
2006 for (i = 0; i < exphashsize; i++) {
2007 SLIST_FOREACH_SAFE(ep, &exhp[i], entries, ep2) {
2008 SLIST_REMOVE(&exhp[i], ep, exportlist, entries);
2011 SLIST_INIT(&exhp[i]);
2016 * Read the exports file(s) and call get_exportlist_one() for each line.
2019 read_exportfile(int passno)
2024 * Read in the exports file and build the list, calling
2025 * nmount() as we go along to push the export rules into the kernel.
2028 for (i = 0; exnames[i] != NULL; i++) {
2030 warnx("reading exports from %s", exnames[i]);
2031 if ((exp_file = fopen(exnames[i], "r")) == NULL) {
2032 syslog(LOG_WARNING, "can't open %s", exnames[i]);
2035 get_exportlist_one(passno);
2040 syslog(LOG_ERR, "can't open any exports file");
2046 * Compare the export lists against the old ones and do nmount() operations
2047 * for any cases that have changed. This avoids doing nmount() for entries
2048 * that have not changed.
2049 * Return 0 upon success, 1 otherwise.
2052 compare_nmount_exportlist(struct iovec *iov, int iovlen, char *errmsg)
2054 struct exportlist *ep, *oep;
2055 struct grouplist *grp;
2056 struct statfs fs, ofs;
2060 * Loop through the current list and look for an entry in the old
2062 * If found, check to see if it the same.
2063 * If it is not the same, delete and re-export.
2064 * Then mark it done on the old list.
2067 * Any entries left in the old list after processing must have their
2070 for (i = 0; i < exphashsize; i++)
2071 SLIST_FOREACH(ep, &exphead[i], entries) {
2072 LOGDEBUG("foreach ep=%s", ep->ex_fsdir);
2073 oep = ex_search(&ep->ex_fs, oldexphead);
2076 * Check the mount paths are the same.
2077 * If not, return 1 so that the reload of the
2078 * exports will be done in bulk, the
2081 LOGDEBUG("found old exp");
2082 if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
2084 LOGDEBUG("same fsdir");
2086 * Test to see if the entry is the same.
2087 * If not the same delete exports and
2090 if (compare_export(ep, oep) != 0) {
2092 * Clear has_publicfh if if was set
2093 * in the old exports, but only if it
2094 * has not been set during processing of
2095 * the exports for this pass, as
2096 * indicated by has_set_publicfh.
2098 if (has_set_publicfh == 0 &&
2099 (oep->ex_flag & EX_PUBLICFH) != 0)
2102 /* Delete and re-export. */
2103 if (statfs(ep->ex_fsdir, &fs) < 0)
2105 delete_export(iov, iovlen, &fs, errmsg);
2106 ret = do_export_mount(ep, &fs);
2110 oep->ex_flag |= EX_DONE;
2113 LOGDEBUG("not found so export");
2114 /* Not found, so do export. */
2115 if (statfs(ep->ex_fsdir, &fs) < 0)
2117 ret = do_export_mount(ep, &fs);
2123 /* Delete exports not done. */
2124 for (i = 0; i < exphashsize; i++)
2125 SLIST_FOREACH(oep, &oldexphead[i], entries) {
2126 if ((oep->ex_flag & EX_DONE) == 0) {
2127 LOGDEBUG("not done delete=%s", oep->ex_fsdir);
2128 if (statfs(oep->ex_fsdir, &ofs) >= 0 &&
2129 fsidcmp(&oep->ex_fs, &ofs.f_fsid) == 0) {
2130 LOGDEBUG("do delete");
2132 * Clear has_publicfh if if was set
2133 * in the old exports, but only if it
2134 * has not been set during processing of
2135 * the exports for this pass, as
2136 * indicated by has_set_publicfh.
2138 if (has_set_publicfh == 0 &&
2139 (oep->ex_flag & EX_PUBLICFH) != 0)
2142 delete_export(iov, iovlen, &ofs,
2148 /* Do the V4 root exports, as required. */
2150 if (v4root_ep != NULL)
2151 grp = v4root_ep->ex_grphead;
2153 while (v4root_ep != NULL && grp != NULL) {
2154 LOGDEBUG("v4root expath=%s", v4root_dirpath);
2155 ret = do_mount(v4root_ep, grp, grp->gr_exflags, &grp->gr_anon,
2156 v4root_dirpath, strlen(v4root_dirpath), &fs,
2157 grp->gr_numsecflavors, grp->gr_secflavors);
2170 * Compare old and current exportlist entries for the fsid and return 0
2171 * if they are the same, 1 otherwise.
2174 compare_export(struct exportlist *ep, struct exportlist *oep)
2176 struct grouplist *grp, *ogrp;
2178 if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
2180 if ((ep->ex_flag & EX_DEFSET) != (oep->ex_flag & EX_DEFSET))
2182 if ((ep->ex_defdir != NULL && oep->ex_defdir == NULL) ||
2183 (ep->ex_defdir == NULL && oep->ex_defdir != NULL))
2185 if (ep->ex_defdir != NULL && (ep->ex_defdir->dp_flag & DP_DEFSET) !=
2186 (oep->ex_defdir->dp_flag & DP_DEFSET))
2188 if ((ep->ex_flag & EX_DEFSET) != 0 && (ep->ex_defnumsecflavors !=
2189 oep->ex_defnumsecflavors || ep->ex_defexflags !=
2190 oep->ex_defexflags || compare_cred(&ep->ex_defanon,
2191 &oep->ex_defanon) != 0 || compare_secflavor(ep->ex_defsecflavors,
2192 oep->ex_defsecflavors, ep->ex_defnumsecflavors) != 0))
2195 /* Now, check all the groups. */
2196 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
2198 for (grp = ep->ex_grphead; grp != NULL; grp = grp->gr_next) {
2199 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp =
2201 if ((ogrp->gr_flag & GR_FND) == 0 &&
2202 grp->gr_numsecflavors == ogrp->gr_numsecflavors &&
2203 grp->gr_exflags == ogrp->gr_exflags &&
2204 compare_cred(&grp->gr_anon, &ogrp->gr_anon) == 0 &&
2205 compare_secflavor(grp->gr_secflavors,
2206 ogrp->gr_secflavors, grp->gr_numsecflavors) == 0)
2209 ogrp->gr_flag |= GR_FND;
2213 for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
2214 if ((ogrp->gr_flag & GR_FND) == 0)
2220 * This algorithm compares two arrays of "n" items. It returns 0 if they are
2221 * the "same" and 1 otherwise. Although suboptimal, it is always safe to
2222 * return 1, which makes compare_nmount_export() reload the exports entry.
2223 * "same" refers to having the same set of values in the two arrays.
2224 * The arrays are in no particular order and duplicates (multiple entries
2225 * in an array with the same value) is allowed.
2226 * The algorithm is inefficient, but the common case of indentical arrays is
2227 * handled first and "n" is normally fairly small.
2228 * Since the two functions need the same algorithm but for arrays of
2229 * different types (gid_t vs int), this is done as a macro.
2231 #define COMPARE_ARRAYS(a1, a2, n) \
2233 int fnd, fndarray[(n)], i, j; \
2234 /* Handle common case of identical arrays. */ \
2235 for (i = 0; i < (n); i++) \
2236 if ((a1)[i] != (a2)[i]) \
2240 for (i = 0; i < (n); i++) \
2242 for (i = 0; i < (n); i++) { \
2244 for (j = 0; j < (n); j++) { \
2245 if ((a1)[i] == (a2)[j]) { \
2253 for (i = 0; i < (n); i++) \
2254 if (fndarray[i] == 0) \
2260 * Compare to struct xucred's. Return 0 if the same and 1 otherwise.
2263 compare_cred(struct xucred *cr0, struct xucred *cr1)
2266 if (cr0->cr_uid != cr1->cr_uid || cr0->cr_ngroups != cr1->cr_ngroups)
2269 COMPARE_ARRAYS(cr0->cr_groups, cr1->cr_groups, cr0->cr_ngroups);
2273 * Compare two lists of security flavors. Return 0 if the same and 1 otherwise.
2276 compare_secflavor(int *sec1, int *sec2, int nsec)
2279 COMPARE_ARRAYS(sec1, sec2, nsec);
2283 * Delete an exports entry.
2286 delete_export(struct iovec *iov, int iovlen, struct statfs *fsp, char *errmsg)
2288 struct xvfsconf vfc;
2290 if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
2291 syslog(LOG_ERR, "getvfsbyname() failed for %s",
2297 * We do not need to delete "export" flag from
2298 * filesystems that do not have it set.
2300 if (!(fsp->f_flags & MNT_EXPORTED))
2303 * Do not delete export for network filesystem by
2304 * passing "export" arg to nmount().
2305 * It only makes sense to do this for local filesystems.
2307 if (vfc.vfc_flags & VFCF_NETWORK)
2310 iov[1].iov_base = fsp->f_fstypename;
2311 iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
2312 iov[3].iov_base = fsp->f_mntonname;
2313 iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
2314 iov[5].iov_base = fsp->f_mntfromname;
2315 iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
2319 * EXDEV is returned when path exists but is not a
2320 * mount point. May happens if raced with unmount.
2322 if (nmount(iov, iovlen, fsp->f_flags) < 0 && errno != ENOENT &&
2323 errno != ENOTSUP && errno != EXDEV) {
2325 "can't delete exports for %s: %m %s",
2326 fsp->f_mntonname, errmsg);
2331 * Allocate an export list element
2333 static struct exportlist *
2336 struct exportlist *ep;
2338 ep = (struct exportlist *)calloc(1, sizeof (struct exportlist));
2339 if (ep == (struct exportlist *)NULL)
2345 * Allocate a group list element
2347 static struct grouplist *
2350 struct grouplist *gp;
2352 gp = (struct grouplist *)calloc(1, sizeof (struct grouplist));
2353 if (gp == (struct grouplist *)NULL)
2359 * Clean up upon an error in get_exportlist().
2362 getexp_err(struct exportlist *ep, struct grouplist *grp, const char *reason)
2364 struct grouplist *tgrp;
2366 if (!(opt_flags & OP_QUIET)) {
2368 syslog(LOG_ERR, "bad exports list line '%s': %s", line,
2371 syslog(LOG_ERR, "bad exports list line '%s'", line);
2373 if (ep && (ep->ex_flag & EX_LINKED) == 0)
2383 * Search the export list for a matching fs.
2385 static struct exportlist *
2386 ex_search(fsid_t *fsid, struct exportlisthead *exhp)
2388 struct exportlist *ep;
2392 SLIST_FOREACH(ep, &exhp[i], entries) {
2393 if (fsidcmp(&ep->ex_fs, fsid) == 0)
2401 * Add a directory path to the list.
2404 add_expdir(struct dirlist **dpp, char *cp, int len)
2408 dp = malloc(sizeof (struct dirlist));
2409 if (dp == (struct dirlist *)NULL)
2412 dp->dp_right = (struct dirlist *)NULL;
2414 dp->dp_hosts = (struct hostlist *)NULL;
2415 dp->dp_dirp = strndup(cp, len);
2416 if (dp->dp_dirp == NULL)
2419 return (dp->dp_dirp);
2423 * Hang the dir list element off the dirpath binary tree as required
2424 * and update the entry for host.
2427 hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
2428 int flags, struct xucred *anoncrp, int exflags)
2430 struct hostlist *hp;
2431 struct dirlist *dp2;
2433 if (flags & OP_ALLDIRS) {
2438 if (grp == (struct grouplist *)NULL) {
2439 ep->ex_flag |= EX_DEFSET;
2440 ep->ex_defdir->dp_flag |= DP_DEFSET;
2441 /* Save the default security flavors list. */
2442 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
2443 if (ep->ex_numsecflavors > 0)
2444 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
2445 sizeof(ep->ex_secflavors));
2446 ep->ex_defanon = *anoncrp;
2447 ep->ex_defexflags = exflags;
2448 } else while (grp) {
2451 hp->ht_next = ep->ex_defdir->dp_hosts;
2452 ep->ex_defdir->dp_hosts = hp;
2453 /* Save the security flavors list for this host set. */
2454 grp->gr_numsecflavors = ep->ex_numsecflavors;
2455 if (ep->ex_numsecflavors > 0)
2456 memcpy(grp->gr_secflavors, ep->ex_secflavors,
2457 sizeof(ep->ex_secflavors));
2463 * Loop through the directories adding them to the tree.
2467 add_dlist(&ep->ex_dirl, dp, grp, flags, ep, anoncrp,
2475 * Traverse the binary tree either updating a node that is already there
2476 * for the new directory or adding the new node.
2479 add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
2480 int flags, struct exportlist *ep, struct xucred *anoncrp, int exflags)
2483 struct hostlist *hp;
2488 cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
2490 add_dlist(&dp->dp_left, newdp, grp, flags, ep, anoncrp,
2493 } else if (cmp < 0) {
2494 add_dlist(&dp->dp_right, newdp, grp, flags, ep, anoncrp,
2498 free((caddr_t)newdp);
2501 dp->dp_left = (struct dirlist *)NULL;
2507 * Hang all of the host(s) off of the directory point.
2512 hp->ht_next = dp->dp_hosts;
2514 /* Save the security flavors list for this host set. */
2515 grp->gr_numsecflavors = ep->ex_numsecflavors;
2516 if (ep->ex_numsecflavors > 0)
2517 memcpy(grp->gr_secflavors, ep->ex_secflavors,
2518 sizeof(ep->ex_secflavors));
2522 ep->ex_flag |= EX_DEFSET;
2523 dp->dp_flag |= DP_DEFSET;
2524 /* Save the default security flavors list. */
2525 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
2526 if (ep->ex_numsecflavors > 0)
2527 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
2528 sizeof(ep->ex_secflavors));
2529 ep->ex_defanon = *anoncrp;
2530 ep->ex_defexflags = exflags;
2535 * Search for a dirpath on the export point.
2537 static struct dirlist *
2538 dirp_search(struct dirlist *dp, char *dirp)
2543 cmp = strcmp(dp->dp_dirp, dirp);
2545 return (dirp_search(dp->dp_left, dirp));
2547 return (dirp_search(dp->dp_right, dirp));
2555 * Scan for a host match in a directory tree.
2558 chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
2559 int *hostsetp, int *numsecflavors, int **secflavorsp)
2561 struct hostlist *hp;
2562 struct grouplist *grp;
2563 struct addrinfo *ai;
2566 if (dp->dp_flag & DP_DEFSET)
2567 *defsetp = dp->dp_flag;
2571 switch (grp->gr_type) {
2573 ai = grp->gr_ptr.gt_addrinfo;
2574 for (; ai; ai = ai->ai_next) {
2575 if (!sacmp(ai->ai_addr, saddr, NULL)) {
2577 (hp->ht_flag | DP_HOSTSET);
2578 if (numsecflavors != NULL) {
2580 grp->gr_numsecflavors;
2589 if (!sacmp(saddr, (struct sockaddr *)
2590 &grp->gr_ptr.gt_net.nt_net,
2592 &grp->gr_ptr.gt_net.nt_mask)) {
2593 *hostsetp = (hp->ht_flag | DP_HOSTSET);
2594 if (numsecflavors != NULL) {
2596 grp->gr_numsecflavors;
2611 * Scan tree for a host that matches the address.
2614 scan_tree(struct dirlist *dp, struct sockaddr *saddr)
2616 int defset, hostset;
2619 if (scan_tree(dp->dp_left, saddr))
2621 if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL))
2623 if (scan_tree(dp->dp_right, saddr))
2630 * Traverse the dirlist tree and free it up.
2633 free_dir(struct dirlist *dp)
2637 free_dir(dp->dp_left);
2638 free_dir(dp->dp_right);
2639 free_host(dp->dp_hosts);
2646 * Parse a colon separated list of security flavors
2649 parsesec(char *seclist, struct exportlist *ep)
2654 ep->ex_numsecflavors = 0;
2656 cp = strchr(seclist, ':');
2662 if (!strcmp(seclist, "sys"))
2664 else if (!strcmp(seclist, "krb5"))
2665 flavor = RPCSEC_GSS_KRB5;
2666 else if (!strcmp(seclist, "krb5i"))
2667 flavor = RPCSEC_GSS_KRB5I;
2668 else if (!strcmp(seclist, "krb5p"))
2669 flavor = RPCSEC_GSS_KRB5P;
2673 syslog(LOG_ERR, "bad sec flavor: %s", seclist);
2676 if (ep->ex_numsecflavors == MAXSECFLAVORS) {
2679 syslog(LOG_ERR, "too many sec flavors: %s", seclist);
2682 ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
2683 ep->ex_numsecflavors++;
2695 * Parse the option string and update fields.
2696 * Option arguments may either be -<option>=<value> or
2700 do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
2701 int *has_hostp, int *exflagsp, struct xucred *cr)
2703 char *cpoptarg, *cpoptend;
2704 char *cp, *endcp, *cpopt, savedc, savedc2;
2705 int allflag, usedarg;
2713 while (cpopt && *cpopt) {
2716 if ((cpoptend = strchr(cpopt, ','))) {
2718 if ((cpoptarg = strchr(cpopt, '=')))
2721 if ((cpoptarg = strchr(cpopt, '=')))
2725 nextfield(&cp, &endcp);
2727 if (endcp > cp && *cp != '-') {
2735 if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
2736 *exflagsp |= MNT_EXRDONLY;
2737 } else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
2738 !(allflag = strcmp(cpopt, "mapall")) ||
2739 !strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
2741 parsecred(cpoptarg, cr);
2743 *exflagsp |= MNT_EXPORTANON;
2744 opt_flags |= OP_MAPALL;
2746 opt_flags |= OP_MAPROOT;
2747 } else if (cpoptarg && (!strcmp(cpopt, "mask") ||
2748 !strcmp(cpopt, "m"))) {
2749 if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
2750 syslog(LOG_ERR, "bad mask: %s", cpoptarg);
2754 opt_flags |= OP_MASK;
2755 } else if (cpoptarg && (!strcmp(cpopt, "network") ||
2756 !strcmp(cpopt, "n"))) {
2757 if (strchr(cpoptarg, '/') != NULL) {
2759 fprintf(stderr, "setting OP_MASKLEN\n");
2760 opt_flags |= OP_MASKLEN;
2762 if (grp->gr_type != GT_NULL) {
2763 syslog(LOG_ERR, "network/host conflict");
2765 } else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
2766 syslog(LOG_ERR, "bad net: %s", cpoptarg);
2769 grp->gr_type = GT_NET;
2772 opt_flags |= OP_NET;
2773 } else if (!strcmp(cpopt, "alldirs")) {
2774 opt_flags |= OP_ALLDIRS;
2775 } else if (!strcmp(cpopt, "public")) {
2776 *exflagsp |= MNT_EXPUBLIC;
2777 } else if (!strcmp(cpopt, "webnfs")) {
2778 *exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
2779 opt_flags |= OP_MAPALL;
2780 } else if (cpoptarg && !strcmp(cpopt, "index")) {
2781 ep->ex_indexfile = strdup(cpoptarg);
2782 } else if (!strcmp(cpopt, "quiet")) {
2783 opt_flags |= OP_QUIET;
2784 } else if (cpoptarg && !strcmp(cpopt, "sec")) {
2785 if (parsesec(cpoptarg, ep))
2787 opt_flags |= OP_SEC;
2790 syslog(LOG_ERR, "bad opt %s", cpopt);
2809 * Translate a character string to the corresponding list of network
2810 * addresses for a hostname.
2813 get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
2815 struct grouplist *checkgrp;
2816 struct addrinfo *ai, *tai, hints;
2818 char host[NI_MAXHOST];
2820 if (grp->gr_type != GT_NULL) {
2821 syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
2824 memset(&hints, 0, sizeof hints);
2825 hints.ai_flags = AI_CANONNAME;
2826 hints.ai_protocol = IPPROTO_UDP;
2827 ecode = getaddrinfo(cp, NULL, &hints, &ai);
2829 syslog(LOG_ERR,"can't get address info for host %s", cp);
2832 grp->gr_ptr.gt_addrinfo = ai;
2833 while (ai != NULL) {
2834 if (ai->ai_canonname == NULL) {
2835 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
2836 sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
2837 strlcpy(host, "?", sizeof(host));
2838 ai->ai_canonname = strdup(host);
2839 ai->ai_flags |= AI_CANONNAME;
2842 fprintf(stderr, "got host %s\n", ai->ai_canonname);
2844 * Sanity check: make sure we don't already have an entry
2845 * for this host in the grouplist.
2847 for (checkgrp = tgrp; checkgrp != NULL;
2848 checkgrp = checkgrp->gr_next) {
2849 if (checkgrp->gr_type != GT_HOST)
2851 for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
2852 tai = tai->ai_next) {
2853 if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
2857 "ignoring duplicate host %s\n",
2859 grp->gr_type = GT_IGNORE;
2865 grp->gr_type = GT_HOST;
2870 * Free up an exports list component
2873 free_exp(struct exportlist *ep)
2875 struct grouplist *grp, *tgrp;
2877 if (ep->ex_defdir) {
2878 free_host(ep->ex_defdir->dp_hosts);
2879 free((caddr_t)ep->ex_defdir);
2883 if (ep->ex_indexfile)
2884 free(ep->ex_indexfile);
2885 free_dir(ep->ex_dirl);
2886 grp = ep->ex_grphead;
2896 * Free up the v4root exports.
2899 free_v4rootexp(void)
2902 if (v4root_ep != NULL) {
2903 free_exp(v4root_ep);
2912 free_host(struct hostlist *hp)
2914 struct hostlist *hp2;
2923 static struct hostlist *
2926 struct hostlist *hp;
2928 hp = (struct hostlist *)malloc(sizeof (struct hostlist));
2929 if (hp == (struct hostlist *)NULL)
2931 hp->ht_next = (struct hostlist *)NULL;
2937 * Out of memory, fatal
2943 syslog(LOG_ERR, "out of memory");
2948 * Call do_mount() from the struct exportlist, for each case needed.
2951 do_export_mount(struct exportlist *ep, struct statfs *fsp)
2953 struct grouplist *grp, defgrp;
2957 LOGDEBUG("do_export_mount=%s", ep->ex_fsdir);
2958 dirlen = strlen(ep->ex_fsdir);
2959 if ((ep->ex_flag & EX_DEFSET) != 0) {
2960 defgrp.gr_type = GT_DEFAULT;
2961 defgrp.gr_next = NULL;
2962 /* We have an entry for all other hosts/nets. */
2963 LOGDEBUG("ex_defexflags=0x%x", ep->ex_defexflags);
2964 ret = do_mount(ep, &defgrp, ep->ex_defexflags, &ep->ex_defanon,
2965 ep->ex_fsdir, dirlen, fsp, ep->ex_defnumsecflavors,
2966 ep->ex_defsecflavors);
2971 /* Do a mount for each group. */
2972 grp = ep->ex_grphead;
2973 while (grp != NULL) {
2974 LOGDEBUG("do mount gr_type=0x%x gr_exflags=0x%x",
2975 grp->gr_type, grp->gr_exflags);
2976 ret = do_mount(ep, grp, grp->gr_exflags, &grp->gr_anon,
2977 ep->ex_fsdir, dirlen, fsp, grp->gr_numsecflavors,
2978 grp->gr_secflavors);
2987 * Do the nmount() syscall with the update flag to push the export info into
2991 do_mount(struct exportlist *ep, struct grouplist *grp, int exflags,
2992 struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb,
2993 int numsecflavors, int *secflavors)
2996 struct addrinfo *ai;
2997 struct export_args *eap;
3005 struct nfsex_args nfsea;
3007 eap = &nfsea.export;
3015 bzero(eap, sizeof (struct export_args));
3016 bzero(errmsg, sizeof(errmsg));
3017 eap->ex_flags = exflags;
3018 eap->ex_anon = *anoncrp;
3019 LOGDEBUG("do_mount exflags=0x%x", exflags);
3020 eap->ex_indexfile = ep->ex_indexfile;
3021 if (grp->gr_type == GT_HOST)
3022 ai = grp->gr_ptr.gt_addrinfo;
3025 eap->ex_numsecflavors = numsecflavors;
3026 LOGDEBUG("do_mount numsec=%d", numsecflavors);
3027 for (i = 0; i < eap->ex_numsecflavors; i++)
3028 eap->ex_secflavors[i] = secflavors[i];
3029 if (eap->ex_numsecflavors == 0) {
3030 eap->ex_numsecflavors = 1;
3031 eap->ex_secflavors[0] = AUTH_SYS;
3035 if (v4root_phase == 0) {
3036 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
3037 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
3038 build_iovec(&iov, &iovlen, "from", NULL, 0);
3039 build_iovec(&iov, &iovlen, "update", NULL, 0);
3040 build_iovec(&iov, &iovlen, "export", eap,
3041 sizeof (struct export_args));
3042 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
3046 switch (grp->gr_type) {
3048 if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
3050 eap->ex_addr = ai->ai_addr;
3051 eap->ex_addrlen = ai->ai_addrlen;
3052 eap->ex_masklen = 0;
3055 if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
3059 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
3061 ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
3063 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
3064 eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
3067 eap->ex_addr = NULL;
3068 eap->ex_addrlen = 0;
3069 eap->ex_mask = NULL;
3070 eap->ex_masklen = 0;
3077 syslog(LOG_ERR, "bad grouptype");
3085 * For V4:, use the nfssvc() syscall, instead of mount().
3087 if (v4root_phase == 2) {
3088 nfsea.fspec = v4root_dirpath;
3089 if (nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&nfsea) < 0) {
3090 syslog(LOG_ERR, "Exporting V4: failed");
3096 * Maybe I should just use the fsb->f_mntonname path
3097 * instead of looping back up the dirp to the mount
3099 * Also, needs to know how to export all types of local
3100 * exportable filesystems and not just "ufs".
3102 iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
3103 iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
3104 iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
3105 iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
3106 iov[5].iov_base = fsb->f_mntfromname; /* "from" */
3107 iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
3110 while (nmount(iov, iovlen, fsb->f_flags) < 0) {
3114 cp = dirp + dirplen - 1;
3115 if (opt_flags & OP_QUIET) {
3119 if (errno == EPERM) {
3121 warnx("can't change attributes for %s: %s",
3124 "can't change attributes for %s: %s",
3129 if (opt_flags & OP_ALLDIRS) {
3130 if (errno == EINVAL)
3132 "-alldirs requested but %s is not a filesystem mountpoint",
3136 "could not remount %s: %m",
3141 /* back up over the last component */
3142 while (*cp == '/' && cp > dirp)
3144 while (*(cp - 1) != '/' && cp > dirp)
3148 warnx("mnt unsucc");
3149 syslog(LOG_ERR, "can't export %s %s",
3157 * Check that we're still on the same
3160 if (statfs(dirp, &fsb1) != 0 ||
3161 fsidcmp(&fsb1.f_fsid, &fsb->f_fsid) != 0) {
3164 "can't export %s %s", dirp,
3173 * For the experimental server:
3174 * If this is the public directory, get the file handle
3175 * and load it into the kernel via the nfssvc() syscall.
3177 if ((exflags & MNT_EXPUBLIC) != 0) {
3181 if (eap->ex_indexfile != NULL)
3182 public_name = eap->ex_indexfile;
3185 if (getfh(public_name, &fh) < 0)
3187 "Can't get public fh for %s", public_name);
3188 else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
3190 "Can't set public fh for %s", public_name);
3193 has_set_publicfh = 1;
3194 ep->ex_flag |= EX_PUBLICFH;
3206 /* free strings allocated by strdup() in getmntopts.c */
3208 free(iov[0].iov_base); /* fstype */
3209 free(iov[2].iov_base); /* fspath */
3210 free(iov[4].iov_base); /* from */
3211 free(iov[6].iov_base); /* update */
3212 free(iov[8].iov_base); /* export */
3213 free(iov[10].iov_base); /* errmsg */
3215 /* free iov, allocated by realloc() */
3222 * Translate a net address.
3224 * If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
3227 get_net(char *cp, struct netmsk *net, int maskflg)
3229 struct netent *np = NULL;
3230 char *name, *p, *prefp;
3231 struct sockaddr_in sin;
3232 struct sockaddr *sa = NULL;
3233 struct addrinfo hints, *ai = NULL;
3234 char netname[NI_MAXHOST];
3238 if ((opt_flags & OP_MASKLEN) && !maskflg) {
3239 p = strchr(cp, '/');
3245 * Check for a numeric address first. We wish to avoid
3246 * possible DNS lookups in getnetbyname().
3248 if (isxdigit(*cp) || *cp == ':') {
3249 memset(&hints, 0, sizeof hints);
3250 /* Ensure the mask and the network have the same family. */
3251 if (maskflg && (opt_flags & OP_NET))
3252 hints.ai_family = net->nt_net.ss_family;
3253 else if (!maskflg && (opt_flags & OP_HAVEMASK))
3254 hints.ai_family = net->nt_mask.ss_family;
3256 hints.ai_family = AF_UNSPEC;
3257 hints.ai_flags = AI_NUMERICHOST;
3258 if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
3260 if (sa != NULL && ai->ai_family == AF_INET) {
3262 * The address in `cp' is really a network address, so
3263 * use inet_network() to re-interpret this correctly.
3264 * e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
3266 bzero(&sin, sizeof sin);
3267 sin.sin_family = AF_INET;
3268 sin.sin_len = sizeof sin;
3269 sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
3271 fprintf(stderr, "get_net: v4 addr %s\n",
3272 inet_ntoa(sin.sin_addr));
3273 sa = (struct sockaddr *)&sin;
3276 if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
3277 bzero(&sin, sizeof sin);
3278 sin.sin_family = AF_INET;
3279 sin.sin_len = sizeof sin;
3280 sin.sin_addr = inet_makeaddr(np->n_net, 0);
3281 sa = (struct sockaddr *)&sin;
3287 /* The specified sockaddr is a mask. */
3288 if (checkmask(sa) != 0)
3290 bcopy(sa, &net->nt_mask, sa->sa_len);
3291 opt_flags |= OP_HAVEMASK;
3293 /* The specified sockaddr is a network address. */
3294 bcopy(sa, &net->nt_net, sa->sa_len);
3296 /* Get a network name for the export list. */
3299 } else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
3300 NULL, 0, NI_NUMERICHOST) == 0) {
3305 if ((net->nt_name = strdup(name)) == NULL)
3309 * Extract a mask from either a "/<masklen>" suffix, or
3310 * from the class of an IPv4 address.
3312 if (opt_flags & OP_MASKLEN) {
3313 preflen = strtol(prefp, NULL, 10);
3314 if (preflen < 0L || preflen == LONG_MAX)
3316 bcopy(sa, &net->nt_mask, sa->sa_len);
3317 if (makemask(&net->nt_mask, (int)preflen) != 0)
3319 opt_flags |= OP_HAVEMASK;
3321 } else if (sa->sa_family == AF_INET &&
3322 (opt_flags & OP_MASK) == 0) {
3325 addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
3326 if (IN_CLASSA(addr))
3328 else if (IN_CLASSB(addr))
3330 else if (IN_CLASSC(addr))
3332 else if (IN_CLASSD(addr))
3335 preflen = 32; /* XXX */
3337 bcopy(sa, &net->nt_mask, sa->sa_len);
3338 makemask(&net->nt_mask, (int)preflen);
3339 opt_flags |= OP_HAVEMASK;
3354 * Parse out the next white space separated field
3357 nextfield(char **cp, char **endcp)
3363 while (*p == ' ' || *p == '\t')
3366 while (*p != '\0') {
3371 if (*p == '\\' && *(p + 1) != '\0')
3373 else if (*p == '\'' || *p == '"')
3375 else if (*p == ' ' || *p == '\t')
3384 * Get an exports file line. Skip over blank lines and handle line
3392 int totlen, cont_line;
3395 * Loop around ignoring blank lines and getting all continuation lines.
3400 if ((p = fgetln(exp_file, &len)) == NULL)
3405 (*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
3415 if (linesize < len + totlen + 1) {
3416 linesize = len + totlen + 1;
3417 line = realloc(line, linesize);
3421 memcpy(line + totlen, p, len);
3423 line[totlen] = '\0';
3424 } while (totlen == 0 || cont_line);
3429 * Parse a description of a credential.
3432 parsecred(char *namelist, struct xucred *cr)
3439 gid_t groups[XU_NGROUPS + 1];
3442 cr->cr_version = XUCRED_VERSION;
3444 * Set up the unprivileged user.
3447 cr->cr_groups[0] = 65533;
3450 * Get the user's password table entry.
3453 name = strsep_quote(&names, ":");
3454 /* Bug? name could be NULL here */
3455 if (isdigit(*name) || *name == '-')
3456 pw = getpwuid(atoi(name));
3458 pw = getpwnam(name);
3460 * Credentials specified as those of a user.
3462 if (names == NULL) {
3464 syslog(LOG_ERR, "unknown user: %s", name);
3467 cr->cr_uid = pw->pw_uid;
3468 ngroups = XU_NGROUPS + 1;
3469 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
3470 syslog(LOG_ERR, "too many groups");
3471 ngroups = XU_NGROUPS + 1;
3475 * Compress out duplicate.
3477 cr->cr_groups[0] = groups[0];
3478 if (ngroups > 1 && groups[0] == groups[1]) {
3479 cr->cr_ngroups = ngroups - 1;
3480 for (cnt = 2; cnt < ngroups; cnt++)
3481 cr->cr_groups[cnt - 1] = groups[cnt];
3483 cr->cr_ngroups = ngroups;
3484 if (cr->cr_ngroups > XU_NGROUPS)
3485 cr->cr_ngroups = XU_NGROUPS;
3486 for (cnt = 1; cnt < ngroups; cnt++)
3487 cr->cr_groups[cnt] = groups[cnt];
3492 * Explicit credential specified as a colon separated list:
3496 cr->cr_uid = pw->pw_uid;
3497 else if (isdigit(*name) || *name == '-')
3498 cr->cr_uid = atoi(name);
3500 syslog(LOG_ERR, "unknown user: %s", name);
3504 while (names != NULL && *names != '\0' && cr->cr_ngroups < XU_NGROUPS) {
3505 name = strsep_quote(&names, ":");
3506 if (isdigit(*name) || *name == '-') {
3507 cr->cr_groups[cr->cr_ngroups++] = atoi(name);
3509 if ((gr = getgrnam(name)) == NULL) {
3510 syslog(LOG_ERR, "unknown group: %s", name);
3513 cr->cr_groups[cr->cr_ngroups++] = gr->gr_gid;
3516 if (names != NULL && *names != '\0' && cr->cr_ngroups == XU_NGROUPS)
3517 syslog(LOG_ERR, "too many groups");
3520 #define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
3522 * Routines that maintain the remote mounttab
3527 struct mountlist *mlp;
3528 char *host, *dirp, *cp;
3532 if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
3533 if (errno == ENOENT)
3536 syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
3540 while (fgets(str, STRSIZ, mlfile) != NULL) {
3542 host = strsep(&cp, " \t\n");
3543 dirp = strsep(&cp, " \t\n");
3544 if (host == NULL || dirp == NULL)
3546 mlp = (struct mountlist *)malloc(sizeof (*mlp));
3547 if (mlp == (struct mountlist *)NULL)
3549 strncpy(mlp->ml_host, host, MNTNAMLEN);
3550 mlp->ml_host[MNTNAMLEN] = '\0';
3551 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
3552 mlp->ml_dirp[MNTPATHLEN] = '\0';
3554 SLIST_INSERT_HEAD(&mlhead, mlp, next);
3560 del_mlist(char *hostp, char *dirp)
3562 struct mountlist *mlp, *mlp2;
3566 SLIST_FOREACH_SAFE(mlp, &mlhead, next, mlp2) {
3567 if (!strcmp(mlp->ml_host, hostp) &&
3568 (!dirp || !strcmp(mlp->ml_dirp, dirp))) {
3570 SLIST_REMOVE(&mlhead, mlp, mountlist, next);
3575 if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
3576 syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
3579 SLIST_FOREACH(mlp, &mlhead, next) {
3580 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
3587 add_mlist(char *hostp, char *dirp)
3589 struct mountlist *mlp;
3592 SLIST_FOREACH(mlp, &mlhead, next) {
3593 if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
3597 mlp = (struct mountlist *)malloc(sizeof (*mlp));
3598 if (mlp == (struct mountlist *)NULL)
3600 strncpy(mlp->ml_host, hostp, MNTNAMLEN);
3601 mlp->ml_host[MNTNAMLEN] = '\0';
3602 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
3603 mlp->ml_dirp[MNTPATHLEN] = '\0';
3604 SLIST_INSERT_HEAD(&mlhead, mlp, next);
3605 if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
3606 syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
3609 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
3614 * Free up a group list.
3617 free_grp(struct grouplist *grp)
3619 if (grp->gr_type == GT_HOST) {
3620 if (grp->gr_ptr.gt_addrinfo != NULL)
3621 freeaddrinfo(grp->gr_ptr.gt_addrinfo);
3622 } else if (grp->gr_type == GT_NET) {
3623 if (grp->gr_ptr.gt_net.nt_name)
3624 free(grp->gr_ptr.gt_net.nt_name);
3631 SYSLOG(int pri, const char *fmt, ...)
3636 vfprintf(stderr, fmt, ap);
3642 * Check options for consistency.
3645 check_options(struct dirlist *dp)
3648 if (v4root_phase == 0 && dp == NULL)
3650 if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
3651 syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
3654 if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
3655 syslog(LOG_ERR, "-mask requires -network");
3658 if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
3659 syslog(LOG_ERR, "-network requires mask specification");
3662 if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
3663 syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
3666 if (v4root_phase > 0 &&
3668 ~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
3669 syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
3672 if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
3673 syslog(LOG_ERR, "-alldirs has multiple directories");
3680 * Check an absolute directory path for any symbolic links. Return true
3683 check_dirpath(char *dirp)
3690 while (*cp && ret) {
3693 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
3699 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
3705 * Make a netmask according to the specified prefix length. The ss_family
3706 * and other non-address fields must be initialised before calling this.
3709 makemask(struct sockaddr_storage *ssp, int bitlen)
3714 if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
3716 if (bitlen > len * CHAR_BIT)
3719 for (i = 0; i < len; i++) {
3720 bits = MIN(CHAR_BIT, bitlen);
3721 *p++ = (u_char)~0 << (CHAR_BIT - bits);
3728 * Check that the sockaddr is a valid netmask. Returns 0 if the mask
3729 * is acceptable (i.e. of the form 1...10....0).
3732 checkmask(struct sockaddr *sa)
3737 if ((mask = sa_rawaddr(sa, &len)) == NULL)
3740 for (i = 0; i < len; i++)
3741 if (mask[i] != 0xff)
3744 if (~mask[i] & (u_char)(~mask[i] + 1))
3748 for (; i < len; i++)
3755 * Compare two sockaddrs according to a specified mask. Return zero if
3756 * `sa1' matches `sa2' when filtered by the netmask in `samask'.
3757 * If samask is NULL, perform a full comparison.
3760 sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
3762 unsigned char *p1, *p2, *mask;
3765 if (sa1->sa_family != sa2->sa_family ||
3766 (p1 = sa_rawaddr(sa1, &len)) == NULL ||
3767 (p2 = sa_rawaddr(sa2, NULL)) == NULL)
3770 switch (sa1->sa_family) {
3772 if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
3773 ((struct sockaddr_in6 *)sa2)->sin6_scope_id)
3778 /* Simple binary comparison if no mask specified. */
3780 return (memcmp(p1, p2, len));
3782 /* Set up the mask, and do a mask-based comparison. */
3783 if (sa1->sa_family != samask->sa_family ||
3784 (mask = sa_rawaddr(samask, NULL)) == NULL)
3787 for (i = 0; i < len; i++)
3788 if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
3794 * Return a pointer to the part of the sockaddr that contains the
3795 * raw address, and set *nbytes to its length in bytes. Returns
3796 * NULL if the address family is unknown.
3799 sa_rawaddr(struct sockaddr *sa, int *nbytes) {
3803 switch (sa->sa_family) {
3805 len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
3806 p = &((struct sockaddr_in *)sa)->sin_addr;
3809 len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
3810 p = &((struct sockaddr_in6 *)sa)->sin6_addr;
3823 huphandler(int sig __unused)
3830 terminate(int sig __unused)
3832 pidfile_remove(pfh);
3833 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
3834 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);