2 * Copyright (c) 1989, 1993
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Herb Hasler and Rick Macklem at The University of Guelph.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 static const char copyright[] =
35 "@(#) Copyright (c) 1989, 1993\n\
36 The Regents of the University of California. All rights reserved.\n";
41 static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
48 #include <sys/param.h>
49 #include <sys/fcntl.h>
50 #include <sys/linker.h>
51 #include <sys/module.h>
52 #include <sys/mount.h>
54 #include <sys/sysctl.h>
55 #include <sys/syslog.h>
58 #include <rpc/rpc_com.h>
59 #include <rpc/pmap_clnt.h>
60 #include <rpc/pmap_prot.h>
61 #include <rpcsvc/mount.h>
62 #include <nfs/nfsproto.h>
63 #include <nfs/nfssvc.h>
64 #include <nfsserver/nfs.h>
66 #include <fs/nfs/nfsport.h>
68 #include <arpa/inet.h>
83 #include "pathnames.h"
91 * Structures for keeping the mount list and export list
94 struct mountlist *ml_next;
95 char ml_host[MNTNAMLEN+1];
96 char ml_dirp[MNTPATHLEN+1];
100 struct dirlist *dp_left;
101 struct dirlist *dp_right;
103 struct hostlist *dp_hosts; /* List of hosts this dir exported to */
104 char dp_dirp[1]; /* Actually malloc'd to size of dir */
107 #define DP_DEFSET 0x1
108 #define DP_HOSTSET 0x2
111 struct exportlist *ex_next;
112 struct dirlist *ex_dirl;
113 struct dirlist *ex_defdir;
118 int ex_numsecflavors;
119 int ex_secflavors[MAXSECFLAVORS];
120 int ex_defnumsecflavors;
121 int ex_defsecflavors[MAXSECFLAVORS];
124 #define EX_LINKED 0x1
127 struct sockaddr_storage nt_net;
128 struct sockaddr_storage nt_mask;
133 struct addrinfo *gt_addrinfo;
134 struct netmsk gt_net;
139 union grouptypes gr_ptr;
140 struct grouplist *gr_next;
141 int gr_numsecflavors;
142 int gr_secflavors[MAXSECFLAVORS];
148 #define GT_DEFAULT 0x3
149 #define GT_IGNORE 0x5
152 int ht_flag; /* Uses DP_xx bits */
153 struct grouplist *ht_grp;
154 struct hostlist *ht_next;
161 int fhr_numsecflavors;
165 #define GETPORT_MAXTRY 20 /* Max tries to get a port # */
168 static char *add_expdir(struct dirlist **, char *, int);
169 static void add_dlist(struct dirlist **, struct dirlist *,
170 struct grouplist *, int, struct exportlist *);
171 static void add_mlist(char *, char *);
172 static int check_dirpath(char *);
173 static int check_options(struct dirlist *);
174 static int checkmask(struct sockaddr *sa);
175 static int chk_host(struct dirlist *, struct sockaddr *, int *, int *,
177 static int create_service(struct netconfig *nconf);
178 static void complete_service(struct netconfig *nconf, char *port_str);
179 static void clearout_service(void);
180 static void del_mlist(char *hostp, char *dirp);
181 static struct dirlist *dirp_search(struct dirlist *, char *);
182 static int do_mount(struct exportlist *, struct grouplist *, int,
183 struct xucred *, char *, int, struct statfs *);
184 static int do_opt(char **, char **, struct exportlist *,
185 struct grouplist *, int *, int *, struct xucred *);
186 static struct exportlist *ex_search(fsid_t *);
187 static struct exportlist *get_exp(void);
188 static void free_dir(struct dirlist *);
189 static void free_exp(struct exportlist *);
190 static void free_grp(struct grouplist *);
191 static void free_host(struct hostlist *);
192 static void get_exportlist(void);
193 static int get_host(char *, struct grouplist *, struct grouplist *);
194 static struct hostlist *get_ht(void);
195 static int get_line(void);
196 static void get_mountlist(void);
197 static int get_net(char *, struct netmsk *, int);
198 static void getexp_err(struct exportlist *, struct grouplist *);
199 static struct grouplist *get_grp(void);
200 static void hang_dirp(struct dirlist *, struct grouplist *,
201 struct exportlist *, int);
202 static void huphandler(int sig);
203 static int makemask(struct sockaddr_storage *ssp, int bitlen);
204 static void mntsrv(struct svc_req *, SVCXPRT *);
205 static void nextfield(char **, char **);
206 static void out_of_mem(void);
207 static void parsecred(char *, struct xucred *);
208 static int parsesec(char *, struct exportlist *);
209 static int put_exlist(struct dirlist *, XDR *, struct dirlist *,
211 static void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
212 static int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
213 struct sockaddr *samask);
214 static int scan_tree(struct dirlist *, struct sockaddr *);
215 static void usage(void);
216 static int xdr_dir(XDR *, char *);
217 static int xdr_explist(XDR *, caddr_t);
218 static int xdr_explist_brief(XDR *, caddr_t);
219 static int xdr_explist_common(XDR *, caddr_t, int);
220 static int xdr_fhs(XDR *, caddr_t);
221 static int xdr_mlist(XDR *, caddr_t);
222 static void terminate(int);
224 static struct exportlist *exphead;
225 static struct mountlist *mlhead;
226 static struct grouplist *grphead;
227 static char *exnames_default[2] = { _PATH_EXPORTS, NULL };
228 static char **exnames;
229 static char **hosts = NULL;
230 static struct xucred def_anon = {
237 static int force_v2 = 0;
238 static int resvport_only = 1;
239 static int nhosts = 0;
240 static int dir_only = 1;
241 static int dolog = 0;
242 static int got_sighup = 0;
243 static int xcreated = 0;
245 static char *svcport_str = NULL;
246 static int mallocd_svcport = 0;
248 static int sock_fdcnt;
249 static int sock_fdpos;
250 static int suspend_nfsd = 0;
252 static int opt_flags;
253 static int have_v6 = 1;
255 static int v4root_phase = 0;
256 static char v4root_dirpath[PATH_MAX + 1];
257 static int has_publicfh = 0;
259 static struct pidfh *pfh = NULL;
260 /* Bits for opt_flags above */
261 #define OP_MAPROOT 0x01
262 #define OP_MAPALL 0x02
266 #define OP_ALLDIRS 0x40
267 #define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
268 #define OP_QUIET 0x100
269 #define OP_MASKLEN 0x200
273 static int debug = 1;
274 static void SYSLOG(int, const char *, ...) __printflike(2, 3);
275 #define syslog SYSLOG
277 static int debug = 0;
281 * Mountd server for NFS mount protocol as described in:
282 * NFS: Network File System Protocol Specification, RFC1094, Appendix A
283 * The optional arguments are the exports file name
284 * default: _PATH_EXPORTS
285 * and "-n" to allow nonroot mount.
288 main(int argc, char **argv)
291 struct netconfig *nconf;
292 char *endptr, **hosts_bak;
297 int maxrec = RPC_MAXDATASIZE;
298 int attempt_cnt, port_len, port_pos, ret;
301 /* Check that another mountd isn't already running. */
302 pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
305 errx(1, "mountd already running, pid: %d.", otherpid);
306 warn("cannot open or create pidfile");
309 s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
315 while ((c = getopt(argc, argv, "2deh:lnp:rS")) != -1)
321 /* now a no-op, since this is the default */
330 debug = debug ? 0 : 1;
337 svcport = (in_port_t)strtoul(optarg, &endptr, 10);
338 if (endptr == NULL || *endptr != '\0' ||
339 svcport == 0 || svcport >= IPPORT_MAX)
341 svcport_str = strdup(optarg);
346 hosts_bak = realloc(hosts, nhosts * sizeof(char *));
347 if (hosts_bak == NULL) {
349 for (k = 0; k < nhosts; k++)
356 hosts[nhosts - 1] = strdup(optarg);
357 if (hosts[nhosts - 1] == NULL) {
358 for (k = 0; k < (nhosts - 1); k++)
371 if (modfind("nfsd") < 0) {
372 /* Not present in kernel, try loading it */
373 if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
374 errx(1, "NFS server is not available");
379 grphead = (struct grouplist *)NULL;
380 exphead = (struct exportlist *)NULL;
381 mlhead = (struct mountlist *)NULL;
385 exnames = exnames_default;
386 openlog("mountd", LOG_PID, LOG_DAEMON);
388 warnx("getting export list");
391 warnx("getting mount list");
397 signal(SIGINT, SIG_IGN);
398 signal(SIGQUIT, SIG_IGN);
400 signal(SIGHUP, huphandler);
401 signal(SIGTERM, terminate);
402 signal(SIGPIPE, SIG_IGN);
406 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
407 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
408 rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
410 if (!resvport_only) {
411 if (sysctlbyname("vfs.nfsrv.nfs_privport", NULL, NULL,
412 &resvport_only, sizeof(resvport_only)) != 0 &&
414 syslog(LOG_ERR, "sysctl: %m");
420 * If no hosts were specified, add a wildcard entry to bind to
421 * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the
425 hosts = malloc(sizeof(char**));
433 hosts_bak = realloc(hosts, (nhosts + 2) *
435 if (hosts_bak == NULL) {
436 for (k = 0; k < nhosts; k++)
443 hosts[nhosts - 2] = "::1";
445 hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *));
446 if (hosts_bak == NULL) {
447 for (k = 0; k < nhosts; k++)
457 hosts[nhosts - 1] = "127.0.0.1";
465 nc_handle = setnetconfig();
466 while ((nconf = getnetconfig(nc_handle))) {
467 if (nconf->nc_flag & NC_VISIBLE) {
468 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
472 ret = create_service(nconf);
474 /* Ignore this call */
478 * Failed to bind port, so close off
479 * all sockets created and try again
480 * if the port# was dynamically
481 * assigned via bind(2).
484 if (mallocd_svcport != 0 &&
485 attempt_cnt < GETPORT_MAXTRY) {
492 "bindresvport_sa: %m");
496 /* Start over at the first service. */
500 nc_handle = setnetconfig();
502 } else if (mallocd_svcport != 0 &&
503 attempt_cnt == GETPORT_MAXTRY) {
505 * For the last attempt, allow
506 * different port #s for each nconf
507 * by saving the svcport_str and
508 * setting it back to NULL.
510 port_list = realloc(port_list,
511 (port_len + 1) * sizeof(char *));
512 if (port_list == NULL)
514 port_list[port_len++] = svcport_str;
523 * Successfully bound the ports, so call complete_service() to
524 * do the rest of the setup on the service(s).
528 nc_handle = setnetconfig();
529 while ((nconf = getnetconfig(nc_handle))) {
530 if (nconf->nc_flag & NC_VISIBLE) {
531 if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
534 } else if (port_list != NULL) {
535 if (port_pos >= port_len) {
536 syslog(LOG_ERR, "too many port#s");
539 complete_service(nconf, port_list[port_pos++]);
541 complete_service(nconf, svcport_str);
544 endnetconfig(nc_handle);
546 if (port_list != NULL) {
547 for (port_pos = 0; port_pos < port_len; port_pos++)
548 free(port_list[port_pos]);
553 syslog(LOG_ERR, "could not create any services");
557 /* Expand svc_run() here so that we can call get_exportlist(). */
564 switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) {
568 syslog(LOG_ERR, "mountd died: select: %m");
573 svc_getreqset(&readfds);
579 * This routine creates and binds sockets on the appropriate
580 * addresses. It gets called one time for each transport.
581 * It returns 0 upon success, 1 for ingore the call and -1 to indicate
582 * bind failed with EADDRINUSE.
583 * Any file descriptors that have been created are stored in sock_fd and
584 * the total count of them is maintained in sock_fdcnt.
587 create_service(struct netconfig *nconf)
589 struct addrinfo hints, *res = NULL;
590 struct sockaddr_in *sin;
591 struct sockaddr_in6 *sin6;
592 struct __rpc_sockinfo si;
598 u_int32_t host_addr[4]; /* IPv4 or IPv6 */
601 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
602 (nconf->nc_semantics != NC_TPI_COTS) &&
603 (nconf->nc_semantics != NC_TPI_COTS_ORD))
604 return (1); /* not my type */
607 * XXX - using RPC library internal functions.
609 if (!__rpc_nconf2sockinfo(nconf, &si)) {
610 syslog(LOG_ERR, "cannot get information for %s",
615 /* Get mountd's address on this transport */
616 memset(&hints, 0, sizeof hints);
617 hints.ai_family = si.si_af;
618 hints.ai_socktype = si.si_socktype;
619 hints.ai_protocol = si.si_proto;
622 * Bind to specific IPs if asked to
625 while (nhostsbak > 0) {
627 sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int));
630 sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */
633 hints.ai_flags = AI_PASSIVE;
636 * XXX - using RPC library internal functions.
638 if ((fd = __rpc_nconf2fd(nconf)) < 0) {
640 if (errno == EAFNOSUPPORT &&
641 nconf->nc_semantics != NC_TPI_CLTS)
644 syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
645 "cannot create socket for %s", nconf->nc_netid);
651 switch (hints.ai_family) {
653 if (inet_pton(AF_INET, hosts[nhostsbak],
655 hints.ai_flags |= AI_NUMERICHOST;
658 * Skip if we have an AF_INET6 address.
660 if (inet_pton(AF_INET6, hosts[nhostsbak],
668 if (inet_pton(AF_INET6, hosts[nhostsbak],
670 hints.ai_flags |= AI_NUMERICHOST;
673 * Skip if we have an AF_INET address.
675 if (inet_pton(AF_INET, hosts[nhostsbak],
683 * We're doing host-based access checks here, so don't
684 * allow v4-in-v6 to confuse things. The kernel will
685 * disable it by default on NFS sockets too.
687 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
690 "can't disable v4-in-v6 on IPv6 socket");
699 * If no hosts were specified, just bind to INADDR_ANY
701 if (strcmp("*", hosts[nhostsbak]) == 0) {
702 if (svcport_str == NULL) {
703 res = malloc(sizeof(struct addrinfo));
707 res->ai_flags = hints.ai_flags;
708 res->ai_family = hints.ai_family;
709 res->ai_protocol = hints.ai_protocol;
710 switch (res->ai_family) {
712 sin = malloc(sizeof(struct sockaddr_in));
715 sin->sin_family = AF_INET;
716 sin->sin_port = htons(0);
717 sin->sin_addr.s_addr = htonl(INADDR_ANY);
718 res->ai_addr = (struct sockaddr*) sin;
719 res->ai_addrlen = (socklen_t)
720 sizeof(struct sockaddr_in);
723 sin6 = malloc(sizeof(struct sockaddr_in6));
726 sin6->sin6_family = AF_INET6;
727 sin6->sin6_port = htons(0);
728 sin6->sin6_addr = in6addr_any;
729 res->ai_addr = (struct sockaddr*) sin6;
730 res->ai_addrlen = (socklen_t)
731 sizeof(struct sockaddr_in6);
734 syslog(LOG_ERR, "bad addr fam %d",
739 if ((aicode = getaddrinfo(NULL, svcport_str,
740 &hints, &res)) != 0) {
742 "cannot get local address for %s: %s",
744 gai_strerror(aicode));
750 if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
751 &hints, &res)) != 0) {
753 "cannot get local address for %s: %s",
754 nconf->nc_netid, gai_strerror(aicode));
761 sock_fd[sock_fdcnt - 1] = fd;
763 /* Now, attempt the bind. */
764 r = bindresvport_sa(fd, res->ai_addr);
766 if (errno == EADDRINUSE && mallocd_svcport != 0) {
767 if (mallocd_res != 0) {
774 syslog(LOG_ERR, "bindresvport_sa: %m");
778 if (svcport_str == NULL) {
779 svcport_str = malloc(NI_MAXSERV * sizeof(char));
780 if (svcport_str == NULL)
784 if (getnameinfo(res->ai_addr,
785 res->ai_addr->sa_len, NULL, NI_MAXHOST,
786 svcport_str, NI_MAXSERV * sizeof(char),
787 NI_NUMERICHOST | NI_NUMERICSERV))
788 errx(1, "Cannot get port number");
790 if (mallocd_res != 0) {
801 * Called after all the create_service() calls have succeeded, to complete
802 * the setup and registration.
805 complete_service(struct netconfig *nconf, char *port_str)
807 struct addrinfo hints, *res = NULL;
808 struct __rpc_sockinfo si;
809 struct netbuf servaddr;
810 SVCXPRT *transp = NULL;
811 int aicode, fd, nhostsbak;
814 if ((nconf->nc_semantics != NC_TPI_CLTS) &&
815 (nconf->nc_semantics != NC_TPI_COTS) &&
816 (nconf->nc_semantics != NC_TPI_COTS_ORD))
817 return; /* not my type */
820 * XXX - using RPC library internal functions.
822 if (!__rpc_nconf2sockinfo(nconf, &si)) {
823 syslog(LOG_ERR, "cannot get information for %s",
829 while (nhostsbak > 0) {
831 if (sock_fdpos >= sock_fdcnt) {
832 /* Should never happen. */
833 syslog(LOG_ERR, "Ran out of socket fd's");
836 fd = sock_fd[sock_fdpos++];
840 if (nconf->nc_semantics != NC_TPI_CLTS)
841 listen(fd, SOMAXCONN);
843 if (nconf->nc_semantics == NC_TPI_CLTS )
844 transp = svc_dg_create(fd, 0, 0);
846 transp = svc_vc_create(fd, RPC_MAXDATASIZE,
849 if (transp != (SVCXPRT *) NULL) {
850 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
853 "can't register %s MOUNTVERS service",
856 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
859 "can't register %s MOUNTVERS3 service",
863 syslog(LOG_WARNING, "can't create %s services",
866 if (registered == 0) {
868 memset(&hints, 0, sizeof hints);
869 hints.ai_flags = AI_PASSIVE;
870 hints.ai_family = si.si_af;
871 hints.ai_socktype = si.si_socktype;
872 hints.ai_protocol = si.si_proto;
874 if ((aicode = getaddrinfo(NULL, port_str, &hints,
876 syslog(LOG_ERR, "cannot get local address: %s",
877 gai_strerror(aicode));
881 servaddr.buf = malloc(res->ai_addrlen);
882 memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
883 servaddr.len = res->ai_addrlen;
885 rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
886 rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
895 * Clear out sockets after a failure to bind one of them, so that the
896 * cycle of socket creation/binding can start anew.
899 clearout_service(void)
903 for (i = 0; i < sock_fdcnt; i++) {
904 if (sock_fd[i] >= 0) {
905 shutdown(sock_fd[i], SHUT_RDWR);
915 "usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
916 "[-S] [-h <bindip>] [export_file ...]\n");
921 * The mount rpc service
924 mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
926 struct exportlist *ep;
931 char host[NI_MAXHOST], numerichost[NI_MAXHOST];
932 int lookup_failed = 1;
933 struct sockaddr *saddr;
935 char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
936 int bad = 0, defset, hostset;
937 sigset_t sighup_mask;
938 int numsecflavors, *secflavorsp;
940 sigemptyset(&sighup_mask);
941 sigaddset(&sighup_mask, SIGHUP);
942 saddr = svc_getrpccaller(transp)->buf;
943 switch (saddr->sa_family) {
945 sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
948 sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
951 syslog(LOG_ERR, "request from unknown address family");
954 lookup_failed = getnameinfo(saddr, saddr->sa_len, host, sizeof host,
956 getnameinfo(saddr, saddr->sa_len, numerichost,
957 sizeof numerichost, NULL, 0, NI_NUMERICHOST);
958 switch (rqstp->rq_proc) {
960 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
961 syslog(LOG_ERR, "can't send reply");
964 if (sport >= IPPORT_RESERVED && resvport_only) {
966 "mount request from %s from unprivileged port",
968 svcerr_weakauth(transp);
971 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
972 syslog(LOG_NOTICE, "undecodable mount request from %s",
974 svcerr_decode(transp);
979 * Get the real pathname and make sure it is a directory
980 * or a regular file if the -r option was specified
983 if (realpath(rpcpath, dirpath) == NULL ||
984 stat(dirpath, &stb) < 0 ||
985 (!S_ISDIR(stb.st_mode) &&
986 (dir_only || !S_ISREG(stb.st_mode))) ||
987 statfs(dirpath, &fsb) < 0) {
988 chdir("/"); /* Just in case realpath doesn't */
990 "mount request from %s for non existent path %s",
991 numerichost, dirpath);
993 warnx("stat failed on %s", dirpath);
994 bad = ENOENT; /* We will send error reply later */
997 /* Check in the exports list */
998 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
999 ep = ex_search(&fsb.f_fsid);
1000 hostset = defset = 0;
1001 if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset,
1002 &numsecflavors, &secflavorsp) ||
1003 ((dp = dirp_search(ep->ex_dirl, dirpath)) &&
1004 chk_host(dp, saddr, &defset, &hostset, &numsecflavors,
1006 (defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
1007 scan_tree(ep->ex_dirl, saddr) == 0))) {
1009 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1011 syslog(LOG_ERR, "can't send reply");
1012 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1015 if (hostset & DP_HOSTSET) {
1016 fhr.fhr_flag = hostset;
1017 fhr.fhr_numsecflavors = numsecflavors;
1018 fhr.fhr_secflavors = secflavorsp;
1020 fhr.fhr_flag = defset;
1021 fhr.fhr_numsecflavors = ep->ex_defnumsecflavors;
1022 fhr.fhr_secflavors = ep->ex_defsecflavors;
1024 fhr.fhr_vers = rqstp->rq_vers;
1025 /* Get the file handle */
1026 memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
1027 if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
1029 syslog(LOG_ERR, "can't get fh for %s", dirpath);
1030 if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
1032 syslog(LOG_ERR, "can't send reply");
1033 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1036 if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
1038 syslog(LOG_ERR, "can't send reply");
1040 add_mlist(host, dirpath);
1042 add_mlist(numerichost, dirpath);
1044 warnx("mount successful");
1047 "mount request succeeded from %s for %s",
1048 numerichost, dirpath);
1052 "mount request denied from %s for %s",
1053 numerichost, dirpath);
1056 if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
1058 syslog(LOG_ERR, "can't send reply");
1059 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1061 case MOUNTPROC_DUMP:
1062 if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
1063 syslog(LOG_ERR, "can't send reply");
1066 "dump request succeeded from %s",
1069 case MOUNTPROC_UMNT:
1070 if (sport >= IPPORT_RESERVED && resvport_only) {
1072 "umount request from %s from unprivileged port",
1074 svcerr_weakauth(transp);
1077 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
1078 syslog(LOG_NOTICE, "undecodable umount request from %s",
1080 svcerr_decode(transp);
1083 if (realpath(rpcpath, dirpath) == NULL) {
1084 syslog(LOG_NOTICE, "umount request from %s "
1085 "for non existent path %s",
1086 numerichost, dirpath);
1088 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1089 syslog(LOG_ERR, "can't send reply");
1091 del_mlist(host, dirpath);
1092 del_mlist(numerichost, dirpath);
1095 "umount request succeeded from %s for %s",
1096 numerichost, dirpath);
1098 case MOUNTPROC_UMNTALL:
1099 if (sport >= IPPORT_RESERVED && resvport_only) {
1101 "umountall request from %s from unprivileged port",
1103 svcerr_weakauth(transp);
1106 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
1107 syslog(LOG_ERR, "can't send reply");
1109 del_mlist(host, NULL);
1110 del_mlist(numerichost, NULL);
1113 "umountall request succeeded from %s",
1116 case MOUNTPROC_EXPORT:
1117 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
1118 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
1120 syslog(LOG_ERR, "can't send reply");
1123 "export request succeeded from %s",
1127 svcerr_noproc(transp);
1133 * Xdr conversion for a dirpath string
1136 xdr_dir(XDR *xdrsp, char *dirp)
1138 return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
1142 * Xdr routine to generate file handle reply
1145 xdr_fhs(XDR *xdrsp, caddr_t cp)
1147 struct fhreturn *fhrp = (struct fhreturn *)cp;
1148 u_long ok = 0, len, auth;
1151 if (!xdr_long(xdrsp, &ok))
1153 switch (fhrp->fhr_vers) {
1155 return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
1158 if (!xdr_long(xdrsp, &len))
1160 if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
1162 if (fhrp->fhr_numsecflavors) {
1163 if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
1165 for (i = 0; i < fhrp->fhr_numsecflavors; i++)
1166 if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
1172 if (!xdr_long(xdrsp, &len))
1174 return (xdr_long(xdrsp, &auth));
1181 xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
1183 struct mountlist *mlp;
1190 if (!xdr_bool(xdrsp, &true))
1192 strp = &mlp->ml_host[0];
1193 if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
1195 strp = &mlp->ml_dirp[0];
1196 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1200 if (!xdr_bool(xdrsp, &false))
1206 * Xdr conversion for export list
1209 xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
1211 struct exportlist *ep;
1214 sigset_t sighup_mask;
1216 sigemptyset(&sighup_mask);
1217 sigaddset(&sighup_mask, SIGHUP);
1218 sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
1222 if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
1225 if (ep->ex_defdir && putdef == 0 &&
1226 put_exlist(ep->ex_defdir, xdrsp, (struct dirlist *)NULL,
1231 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1232 if (!xdr_bool(xdrsp, &false))
1236 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
1241 * Called from xdr_explist() to traverse the tree and export the
1245 put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
1248 struct grouplist *grp;
1249 struct hostlist *hp;
1256 if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
1258 if (!xdr_bool(xdrsp, &true))
1261 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1263 if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
1268 if (!xdr_bool(xdrsp, &true))
1271 if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
1273 } else if ((dp->dp_flag & DP_DEFSET) == 0 &&
1274 (gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
1278 if (grp->gr_type == GT_HOST) {
1279 if (!xdr_bool(xdrsp, &true))
1281 strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
1282 if (!xdr_string(xdrsp, &strp,
1285 } else if (grp->gr_type == GT_NET) {
1286 if (!xdr_bool(xdrsp, &true))
1288 strp = grp->gr_ptr.gt_net.nt_name;
1289 if (!xdr_string(xdrsp, &strp,
1294 if (gotalldir && hp == (struct hostlist *)NULL) {
1300 if (!xdr_bool(xdrsp, &false))
1302 if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
1309 xdr_explist(XDR *xdrsp, caddr_t cp)
1312 return xdr_explist_common(xdrsp, cp, 0);
1316 xdr_explist_brief(XDR *xdrsp, caddr_t cp)
1319 return xdr_explist_common(xdrsp, cp, 1);
1323 static size_t linesize;
1324 static FILE *exp_file;
1327 * Get the export list from one, currently open file
1330 get_exportlist_one(void)
1332 struct exportlist *ep, *ep2;
1333 struct grouplist *grp, *tgrp;
1334 struct exportlist **epp;
1335 struct dirlist *dirhead;
1338 char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
1339 int len, has_host, exflags, got_nondir, dirplen, netgrp;
1342 dirhead = (struct dirlist *)NULL;
1343 while (get_line()) {
1345 warnx("got line %s", line);
1347 nextfield(&cp, &endcp);
1356 exflags = MNT_EXPORTED;
1359 ep = (struct exportlist *)NULL;
1363 * Handle the V4 root dir.
1365 if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
1367 * V4: just indicates that it is the v4 root point,
1368 * so skip over that and set v4root_phase.
1370 if (v4root_phase > 0) {
1371 syslog(LOG_ERR, "V4:duplicate line, ignored");
1376 nextfield(&cp, &endcp);
1380 * Create new exports list entry
1383 tgrp = grp = get_grp();
1385 if (len > MNTNAMLEN) {
1386 getexp_err(ep, tgrp);
1390 if (ep == (struct exportlist *)NULL) {
1391 getexp_err(ep, tgrp);
1395 warnx("doing opt %s", cp);
1397 if (do_opt(&cp, &endcp, ep, grp, &has_host,
1399 getexp_err(ep, tgrp);
1402 } else if (*cp == '/') {
1405 if (v4root_phase > 1) {
1407 syslog(LOG_ERR, "Multiple V4 dirs");
1408 getexp_err(ep, tgrp);
1412 if (check_dirpath(cp) &&
1413 statfs(cp, &fsb) >= 0) {
1414 if ((fsb.f_flags & MNT_AUTOMOUNTED) != 0)
1415 syslog(LOG_ERR, "Warning: exporting of "
1416 "automounted fs %s not supported", cp);
1418 syslog(LOG_ERR, "dirs must be first");
1419 getexp_err(ep, tgrp);
1422 if (v4root_phase == 1) {
1424 syslog(LOG_ERR, "Multiple V4 dirs");
1425 getexp_err(ep, tgrp);
1428 if (strlen(v4root_dirpath) == 0) {
1429 strlcpy(v4root_dirpath, cp,
1430 sizeof (v4root_dirpath));
1431 } else if (strcmp(v4root_dirpath, cp)
1434 "different V4 dirpath %s", cp);
1435 getexp_err(ep, tgrp);
1444 if (ep->ex_fs.val[0] !=
1445 fsb.f_fsid.val[0] ||
1447 fsb.f_fsid.val[1]) {
1448 getexp_err(ep, tgrp);
1453 * See if this directory is already
1456 ep = ex_search(&fsb.f_fsid);
1457 if (ep == (struct exportlist *)NULL) {
1459 ep->ex_fs = fsb.f_fsid;
1460 ep->ex_fsdir = (char *)malloc
1461 (strlen(fsb.f_mntonname) + 1);
1463 strcpy(ep->ex_fsdir,
1469 "making new ep fs=0x%x,0x%x",
1473 warnx("found ep fs=0x%x,0x%x",
1479 * Add dirpath to export mount point.
1481 dirp = add_expdir(&dirhead, cp, len);
1485 getexp_err(ep, tgrp);
1493 if (ep == (struct exportlist *)NULL) {
1494 getexp_err(ep, tgrp);
1499 * Get the host or netgroup.
1502 netgrp = getnetgrent(&hst, &usr, &dom);
1505 grp->gr_next = get_grp();
1511 "null hostname in netgroup %s, skipping", cp);
1512 grp->gr_type = GT_IGNORE;
1513 } else if (get_host(hst, grp, tgrp)) {
1515 "bad host %s in netgroup %s, skipping", hst, cp);
1516 grp->gr_type = GT_IGNORE;
1518 } else if (get_host(cp, grp, tgrp)) {
1519 syslog(LOG_ERR, "bad host %s, skipping", cp);
1520 grp->gr_type = GT_IGNORE;
1523 } while (netgrp && getnetgrent(&hst, &usr, &dom));
1528 nextfield(&cp, &endcp);
1531 if (check_options(dirhead)) {
1532 getexp_err(ep, tgrp);
1536 grp->gr_type = GT_DEFAULT;
1538 warnx("adding a default entry");
1541 * Don't allow a network export coincide with a list of
1542 * host(s) on the same line.
1544 } else if ((opt_flags & OP_NET) && tgrp->gr_next) {
1545 syslog(LOG_ERR, "network/host conflict");
1546 getexp_err(ep, tgrp);
1550 * If an export list was specified on this line, make sure
1551 * that we have at least one valid entry, otherwise skip it.
1555 while (grp && grp->gr_type == GT_IGNORE)
1558 getexp_err(ep, tgrp);
1563 if (v4root_phase == 1) {
1564 syslog(LOG_ERR, "V4:root, no dirp, ignored");
1565 getexp_err(ep, tgrp);
1570 * Loop through hosts, pushing the exports into the kernel.
1571 * After loop, tgrp points to the start of the list and
1572 * grp points to the last entry in the list.
1576 if (do_mount(ep, grp, exflags, &anon, dirp, dirplen,
1578 getexp_err(ep, tgrp);
1581 } while (grp->gr_next && (grp = grp->gr_next));
1584 * For V4: don't enter in mount lists.
1586 if (v4root_phase > 0 && v4root_phase <= 2) {
1588 * Since these structures aren't used by mountd,
1593 while (tgrp != NULL) {
1595 tgrp = tgrp->gr_next;
1602 * Success. Update the data structures.
1605 hang_dirp(dirhead, tgrp, ep, opt_flags);
1606 grp->gr_next = grphead;
1609 hang_dirp(dirhead, (struct grouplist *)NULL, ep,
1613 dirhead = (struct dirlist *)NULL;
1614 if ((ep->ex_flag & EX_LINKED) == 0) {
1619 * Insert in the list in alphabetical order.
1621 while (ep2 && strcmp(ep2->ex_fsdir, ep->ex_fsdir) < 0) {
1622 epp = &ep2->ex_next;
1628 ep->ex_flag |= EX_LINKED;
1634 dirhead = (struct dirlist *)NULL;
1640 * Get the export list from all specified files
1643 get_exportlist(void)
1645 struct exportlist *ep, *ep2;
1646 struct grouplist *grp, *tgrp;
1647 struct export_args export;
1649 struct statfs *fsp, *mntbufp;
1650 struct xvfsconf vfc;
1655 struct nfsex_args eargs;
1657 if (suspend_nfsd != 0)
1658 (void)nfssvc(NFSSVC_SUSPENDNFSD, NULL);
1659 v4root_dirpath[0] = '\0';
1660 bzero(&export, sizeof(export));
1661 export.ex_flags = MNT_DELEXPORT;
1664 bzero(errmsg, sizeof(errmsg));
1667 * First, get rid of the old list
1675 exphead = (struct exportlist *)NULL;
1683 grphead = (struct grouplist *)NULL;
1686 * and the old V4 root dir.
1688 bzero(&eargs, sizeof (eargs));
1689 eargs.export.ex_flags = MNT_DELEXPORT;
1690 if (nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&eargs) < 0 &&
1692 syslog(LOG_ERR, "Can't delete exports for V4:");
1695 * and clear flag that notes if a public fh has been exported.
1700 * And delete exports that are in the kernel for all local
1702 * XXX: Should know how to handle all local exportable filesystems.
1704 num = getmntinfo(&mntbufp, MNT_NOWAIT);
1707 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
1708 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
1709 build_iovec(&iov, &iovlen, "from", NULL, 0);
1710 build_iovec(&iov, &iovlen, "update", NULL, 0);
1711 build_iovec(&iov, &iovlen, "export", &export, sizeof(export));
1712 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
1715 for (i = 0; i < num; i++) {
1717 if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
1718 syslog(LOG_ERR, "getvfsbyname() failed for %s",
1724 * We do not need to delete "export" flag from
1725 * filesystems that do not have it set.
1727 if (!(fsp->f_flags & MNT_EXPORTED))
1730 * Do not delete export for network filesystem by
1731 * passing "export" arg to nmount().
1732 * It only makes sense to do this for local filesystems.
1734 if (vfc.vfc_flags & VFCF_NETWORK)
1737 iov[1].iov_base = fsp->f_fstypename;
1738 iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
1739 iov[3].iov_base = fsp->f_mntonname;
1740 iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
1741 iov[5].iov_base = fsp->f_mntfromname;
1742 iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
1746 * EXDEV is returned when path exists but is not a
1747 * mount point. May happens if raced with unmount.
1749 if (nmount(iov, iovlen, fsp->f_flags) < 0 &&
1750 errno != ENOENT && errno != ENOTSUP && errno != EXDEV) {
1752 "can't delete exports for %s: %m %s",
1753 fsp->f_mntonname, errmsg);
1758 /* Free strings allocated by strdup() in getmntopts.c */
1759 free(iov[0].iov_base); /* fstype */
1760 free(iov[2].iov_base); /* fspath */
1761 free(iov[4].iov_base); /* from */
1762 free(iov[6].iov_base); /* update */
1763 free(iov[8].iov_base); /* export */
1764 free(iov[10].iov_base); /* errmsg */
1766 /* free iov, allocated by realloc() */
1772 * Read in the exports file and build the list, calling
1773 * nmount() as we go along to push the export rules into the kernel.
1776 for (i = 0; exnames[i] != NULL; i++) {
1778 warnx("reading exports from %s", exnames[i]);
1779 if ((exp_file = fopen(exnames[i], "r")) == NULL) {
1780 syslog(LOG_WARNING, "can't open %s", exnames[i]);
1783 get_exportlist_one();
1788 syslog(LOG_ERR, "can't open any exports file");
1793 * If there was no public fh, clear any previous one set.
1795 if (has_publicfh == 0)
1796 (void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
1798 /* Resume the nfsd. If they weren't suspended, this is harmless. */
1799 (void)nfssvc(NFSSVC_RESUMENFSD, NULL);
1803 * Allocate an export list element
1805 static struct exportlist *
1808 struct exportlist *ep;
1810 ep = (struct exportlist *)calloc(1, sizeof (struct exportlist));
1811 if (ep == (struct exportlist *)NULL)
1817 * Allocate a group list element
1819 static struct grouplist *
1822 struct grouplist *gp;
1824 gp = (struct grouplist *)calloc(1, sizeof (struct grouplist));
1825 if (gp == (struct grouplist *)NULL)
1831 * Clean up upon an error in get_exportlist().
1834 getexp_err(struct exportlist *ep, struct grouplist *grp)
1836 struct grouplist *tgrp;
1838 if (!(opt_flags & OP_QUIET))
1839 syslog(LOG_ERR, "bad exports list line %s", line);
1840 if (ep && (ep->ex_flag & EX_LINKED) == 0)
1850 * Search the export list for a matching fs.
1852 static struct exportlist *
1853 ex_search(fsid_t *fsid)
1855 struct exportlist *ep;
1859 if (ep->ex_fs.val[0] == fsid->val[0] &&
1860 ep->ex_fs.val[1] == fsid->val[1])
1868 * Add a directory path to the list.
1871 add_expdir(struct dirlist **dpp, char *cp, int len)
1875 dp = (struct dirlist *)malloc(sizeof (struct dirlist) + len);
1876 if (dp == (struct dirlist *)NULL)
1879 dp->dp_right = (struct dirlist *)NULL;
1881 dp->dp_hosts = (struct hostlist *)NULL;
1882 strcpy(dp->dp_dirp, cp);
1884 return (dp->dp_dirp);
1888 * Hang the dir list element off the dirpath binary tree as required
1889 * and update the entry for host.
1892 hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
1895 struct hostlist *hp;
1896 struct dirlist *dp2;
1898 if (flags & OP_ALLDIRS) {
1903 if (grp == (struct grouplist *)NULL) {
1904 ep->ex_defdir->dp_flag |= DP_DEFSET;
1905 /* Save the default security flavors list. */
1906 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
1907 if (ep->ex_numsecflavors > 0)
1908 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
1909 sizeof(ep->ex_secflavors));
1910 } else while (grp) {
1913 hp->ht_next = ep->ex_defdir->dp_hosts;
1914 ep->ex_defdir->dp_hosts = hp;
1915 /* Save the security flavors list for this host set. */
1916 grp->gr_numsecflavors = ep->ex_numsecflavors;
1917 if (ep->ex_numsecflavors > 0)
1918 memcpy(grp->gr_secflavors, ep->ex_secflavors,
1919 sizeof(ep->ex_secflavors));
1925 * Loop through the directories adding them to the tree.
1929 add_dlist(&ep->ex_dirl, dp, grp, flags, ep);
1936 * Traverse the binary tree either updating a node that is already there
1937 * for the new directory or adding the new node.
1940 add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
1941 int flags, struct exportlist *ep)
1944 struct hostlist *hp;
1949 cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
1951 add_dlist(&dp->dp_left, newdp, grp, flags, ep);
1953 } else if (cmp < 0) {
1954 add_dlist(&dp->dp_right, newdp, grp, flags, ep);
1957 free((caddr_t)newdp);
1960 dp->dp_left = (struct dirlist *)NULL;
1966 * Hang all of the host(s) off of the directory point.
1971 hp->ht_next = dp->dp_hosts;
1973 /* Save the security flavors list for this host set. */
1974 grp->gr_numsecflavors = ep->ex_numsecflavors;
1975 if (ep->ex_numsecflavors > 0)
1976 memcpy(grp->gr_secflavors, ep->ex_secflavors,
1977 sizeof(ep->ex_secflavors));
1981 dp->dp_flag |= DP_DEFSET;
1982 /* Save the default security flavors list. */
1983 ep->ex_defnumsecflavors = ep->ex_numsecflavors;
1984 if (ep->ex_numsecflavors > 0)
1985 memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
1986 sizeof(ep->ex_secflavors));
1991 * Search for a dirpath on the export point.
1993 static struct dirlist *
1994 dirp_search(struct dirlist *dp, char *dirp)
1999 cmp = strcmp(dp->dp_dirp, dirp);
2001 return (dirp_search(dp->dp_left, dirp));
2003 return (dirp_search(dp->dp_right, dirp));
2011 * Scan for a host match in a directory tree.
2014 chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
2015 int *hostsetp, int *numsecflavors, int **secflavorsp)
2017 struct hostlist *hp;
2018 struct grouplist *grp;
2019 struct addrinfo *ai;
2022 if (dp->dp_flag & DP_DEFSET)
2023 *defsetp = dp->dp_flag;
2027 switch (grp->gr_type) {
2029 ai = grp->gr_ptr.gt_addrinfo;
2030 for (; ai; ai = ai->ai_next) {
2031 if (!sacmp(ai->ai_addr, saddr, NULL)) {
2033 (hp->ht_flag | DP_HOSTSET);
2034 if (numsecflavors != NULL) {
2036 grp->gr_numsecflavors;
2045 if (!sacmp(saddr, (struct sockaddr *)
2046 &grp->gr_ptr.gt_net.nt_net,
2048 &grp->gr_ptr.gt_net.nt_mask)) {
2049 *hostsetp = (hp->ht_flag | DP_HOSTSET);
2050 if (numsecflavors != NULL) {
2052 grp->gr_numsecflavors;
2067 * Scan tree for a host that matches the address.
2070 scan_tree(struct dirlist *dp, struct sockaddr *saddr)
2072 int defset, hostset;
2075 if (scan_tree(dp->dp_left, saddr))
2077 if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL))
2079 if (scan_tree(dp->dp_right, saddr))
2086 * Traverse the dirlist tree and free it up.
2089 free_dir(struct dirlist *dp)
2093 free_dir(dp->dp_left);
2094 free_dir(dp->dp_right);
2095 free_host(dp->dp_hosts);
2101 * Parse a colon separated list of security flavors
2104 parsesec(char *seclist, struct exportlist *ep)
2109 ep->ex_numsecflavors = 0;
2111 cp = strchr(seclist, ':');
2117 if (!strcmp(seclist, "sys"))
2119 else if (!strcmp(seclist, "krb5"))
2120 flavor = RPCSEC_GSS_KRB5;
2121 else if (!strcmp(seclist, "krb5i"))
2122 flavor = RPCSEC_GSS_KRB5I;
2123 else if (!strcmp(seclist, "krb5p"))
2124 flavor = RPCSEC_GSS_KRB5P;
2128 syslog(LOG_ERR, "bad sec flavor: %s", seclist);
2131 if (ep->ex_numsecflavors == MAXSECFLAVORS) {
2134 syslog(LOG_ERR, "too many sec flavors: %s", seclist);
2137 ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
2138 ep->ex_numsecflavors++;
2150 * Parse the option string and update fields.
2151 * Option arguments may either be -<option>=<value> or
2155 do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
2156 int *has_hostp, int *exflagsp, struct xucred *cr)
2158 char *cpoptarg, *cpoptend;
2159 char *cp, *endcp, *cpopt, savedc, savedc2;
2160 int allflag, usedarg;
2168 while (cpopt && *cpopt) {
2171 if ((cpoptend = strchr(cpopt, ','))) {
2173 if ((cpoptarg = strchr(cpopt, '=')))
2176 if ((cpoptarg = strchr(cpopt, '=')))
2180 nextfield(&cp, &endcp);
2182 if (endcp > cp && *cp != '-') {
2190 if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
2191 *exflagsp |= MNT_EXRDONLY;
2192 } else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
2193 !(allflag = strcmp(cpopt, "mapall")) ||
2194 !strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
2196 parsecred(cpoptarg, cr);
2198 *exflagsp |= MNT_EXPORTANON;
2199 opt_flags |= OP_MAPALL;
2201 opt_flags |= OP_MAPROOT;
2202 } else if (cpoptarg && (!strcmp(cpopt, "mask") ||
2203 !strcmp(cpopt, "m"))) {
2204 if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
2205 syslog(LOG_ERR, "bad mask: %s", cpoptarg);
2209 opt_flags |= OP_MASK;
2210 } else if (cpoptarg && (!strcmp(cpopt, "network") ||
2211 !strcmp(cpopt, "n"))) {
2212 if (strchr(cpoptarg, '/') != NULL) {
2214 fprintf(stderr, "setting OP_MASKLEN\n");
2215 opt_flags |= OP_MASKLEN;
2217 if (grp->gr_type != GT_NULL) {
2218 syslog(LOG_ERR, "network/host conflict");
2220 } else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
2221 syslog(LOG_ERR, "bad net: %s", cpoptarg);
2224 grp->gr_type = GT_NET;
2227 opt_flags |= OP_NET;
2228 } else if (!strcmp(cpopt, "alldirs")) {
2229 opt_flags |= OP_ALLDIRS;
2230 } else if (!strcmp(cpopt, "public")) {
2231 *exflagsp |= MNT_EXPUBLIC;
2232 } else if (!strcmp(cpopt, "webnfs")) {
2233 *exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
2234 opt_flags |= OP_MAPALL;
2235 } else if (cpoptarg && !strcmp(cpopt, "index")) {
2236 ep->ex_indexfile = strdup(cpoptarg);
2237 } else if (!strcmp(cpopt, "quiet")) {
2238 opt_flags |= OP_QUIET;
2239 } else if (cpoptarg && !strcmp(cpopt, "sec")) {
2240 if (parsesec(cpoptarg, ep))
2242 opt_flags |= OP_SEC;
2245 syslog(LOG_ERR, "bad opt %s", cpopt);
2264 * Translate a character string to the corresponding list of network
2265 * addresses for a hostname.
2268 get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
2270 struct grouplist *checkgrp;
2271 struct addrinfo *ai, *tai, hints;
2273 char host[NI_MAXHOST];
2275 if (grp->gr_type != GT_NULL) {
2276 syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
2279 memset(&hints, 0, sizeof hints);
2280 hints.ai_flags = AI_CANONNAME;
2281 hints.ai_protocol = IPPROTO_UDP;
2282 ecode = getaddrinfo(cp, NULL, &hints, &ai);
2284 syslog(LOG_ERR,"can't get address info for host %s", cp);
2287 grp->gr_ptr.gt_addrinfo = ai;
2288 while (ai != NULL) {
2289 if (ai->ai_canonname == NULL) {
2290 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
2291 sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
2292 strlcpy(host, "?", sizeof(host));
2293 ai->ai_canonname = strdup(host);
2294 ai->ai_flags |= AI_CANONNAME;
2297 fprintf(stderr, "got host %s\n", ai->ai_canonname);
2299 * Sanity check: make sure we don't already have an entry
2300 * for this host in the grouplist.
2302 for (checkgrp = tgrp; checkgrp != NULL;
2303 checkgrp = checkgrp->gr_next) {
2304 if (checkgrp->gr_type != GT_HOST)
2306 for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
2307 tai = tai->ai_next) {
2308 if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
2312 "ignoring duplicate host %s\n",
2314 grp->gr_type = GT_IGNORE;
2320 grp->gr_type = GT_HOST;
2325 * Free up an exports list component
2328 free_exp(struct exportlist *ep)
2331 if (ep->ex_defdir) {
2332 free_host(ep->ex_defdir->dp_hosts);
2333 free((caddr_t)ep->ex_defdir);
2337 if (ep->ex_indexfile)
2338 free(ep->ex_indexfile);
2339 free_dir(ep->ex_dirl);
2347 free_host(struct hostlist *hp)
2349 struct hostlist *hp2;
2358 static struct hostlist *
2361 struct hostlist *hp;
2363 hp = (struct hostlist *)malloc(sizeof (struct hostlist));
2364 if (hp == (struct hostlist *)NULL)
2366 hp->ht_next = (struct hostlist *)NULL;
2372 * Out of memory, fatal
2378 syslog(LOG_ERR, "out of memory");
2383 * Do the nmount() syscall with the update flag to push the export info into
2387 do_mount(struct exportlist *ep, struct grouplist *grp, int exflags,
2388 struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb)
2391 struct addrinfo *ai;
2392 struct export_args *eap;
2400 struct nfsex_args nfsea;
2402 eap = &nfsea.export;
2410 bzero(eap, sizeof (struct export_args));
2411 bzero(errmsg, sizeof(errmsg));
2412 eap->ex_flags = exflags;
2413 eap->ex_anon = *anoncrp;
2414 eap->ex_indexfile = ep->ex_indexfile;
2415 if (grp->gr_type == GT_HOST)
2416 ai = grp->gr_ptr.gt_addrinfo;
2419 eap->ex_numsecflavors = ep->ex_numsecflavors;
2420 for (i = 0; i < eap->ex_numsecflavors; i++)
2421 eap->ex_secflavors[i] = ep->ex_secflavors[i];
2422 if (eap->ex_numsecflavors == 0) {
2423 eap->ex_numsecflavors = 1;
2424 eap->ex_secflavors[0] = AUTH_SYS;
2428 if (v4root_phase == 0) {
2429 build_iovec(&iov, &iovlen, "fstype", NULL, 0);
2430 build_iovec(&iov, &iovlen, "fspath", NULL, 0);
2431 build_iovec(&iov, &iovlen, "from", NULL, 0);
2432 build_iovec(&iov, &iovlen, "update", NULL, 0);
2433 build_iovec(&iov, &iovlen, "export", eap,
2434 sizeof (struct export_args));
2435 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
2439 switch (grp->gr_type) {
2441 if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
2443 eap->ex_addr = ai->ai_addr;
2444 eap->ex_addrlen = ai->ai_addrlen;
2445 eap->ex_masklen = 0;
2448 if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
2452 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
2454 ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
2456 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
2457 eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
2460 eap->ex_addr = NULL;
2461 eap->ex_addrlen = 0;
2462 eap->ex_mask = NULL;
2463 eap->ex_masklen = 0;
2470 syslog(LOG_ERR, "bad grouptype");
2478 * For V4:, use the nfssvc() syscall, instead of mount().
2480 if (v4root_phase == 2) {
2481 nfsea.fspec = v4root_dirpath;
2482 if (nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&nfsea) < 0) {
2483 syslog(LOG_ERR, "Exporting V4: failed");
2489 * Maybe I should just use the fsb->f_mntonname path
2490 * instead of looping back up the dirp to the mount
2492 * Also, needs to know how to export all types of local
2493 * exportable filesystems and not just "ufs".
2495 iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
2496 iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
2497 iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
2498 iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
2499 iov[5].iov_base = fsb->f_mntfromname; /* "from" */
2500 iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
2503 while (nmount(iov, iovlen, fsb->f_flags) < 0) {
2507 cp = dirp + dirplen - 1;
2508 if (opt_flags & OP_QUIET) {
2512 if (errno == EPERM) {
2514 warnx("can't change attributes for %s: %s",
2517 "can't change attributes for %s: %s",
2522 if (opt_flags & OP_ALLDIRS) {
2523 if (errno == EINVAL)
2525 "-alldirs requested but %s is not a filesystem mountpoint",
2529 "could not remount %s: %m",
2534 /* back up over the last component */
2535 while (*cp == '/' && cp > dirp)
2537 while (*(cp - 1) != '/' && cp > dirp)
2541 warnx("mnt unsucc");
2542 syslog(LOG_ERR, "can't export %s %s",
2550 * Check that we're still on the same
2553 if (statfs(dirp, &fsb1) != 0 ||
2554 bcmp(&fsb1.f_fsid, &fsb->f_fsid,
2555 sizeof (fsb1.f_fsid)) != 0) {
2558 "can't export %s %s", dirp,
2567 * For the experimental server:
2568 * If this is the public directory, get the file handle
2569 * and load it into the kernel via the nfssvc() syscall.
2571 if ((exflags & MNT_EXPUBLIC) != 0) {
2575 if (eap->ex_indexfile != NULL)
2576 public_name = eap->ex_indexfile;
2579 if (getfh(public_name, &fh) < 0)
2581 "Can't get public fh for %s", public_name);
2582 else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
2584 "Can't set public fh for %s", public_name);
2597 /* free strings allocated by strdup() in getmntopts.c */
2599 free(iov[0].iov_base); /* fstype */
2600 free(iov[2].iov_base); /* fspath */
2601 free(iov[4].iov_base); /* from */
2602 free(iov[6].iov_base); /* update */
2603 free(iov[8].iov_base); /* export */
2604 free(iov[10].iov_base); /* errmsg */
2606 /* free iov, allocated by realloc() */
2613 * Translate a net address.
2615 * If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
2618 get_net(char *cp, struct netmsk *net, int maskflg)
2620 struct netent *np = NULL;
2621 char *name, *p, *prefp;
2622 struct sockaddr_in sin;
2623 struct sockaddr *sa = NULL;
2624 struct addrinfo hints, *ai = NULL;
2625 char netname[NI_MAXHOST];
2629 if ((opt_flags & OP_MASKLEN) && !maskflg) {
2630 p = strchr(cp, '/');
2636 * Check for a numeric address first. We wish to avoid
2637 * possible DNS lookups in getnetbyname().
2639 if (isxdigit(*cp) || *cp == ':') {
2640 memset(&hints, 0, sizeof hints);
2641 /* Ensure the mask and the network have the same family. */
2642 if (maskflg && (opt_flags & OP_NET))
2643 hints.ai_family = net->nt_net.ss_family;
2644 else if (!maskflg && (opt_flags & OP_HAVEMASK))
2645 hints.ai_family = net->nt_mask.ss_family;
2647 hints.ai_family = AF_UNSPEC;
2648 hints.ai_flags = AI_NUMERICHOST;
2649 if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
2651 if (sa != NULL && ai->ai_family == AF_INET) {
2653 * The address in `cp' is really a network address, so
2654 * use inet_network() to re-interpret this correctly.
2655 * e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
2657 bzero(&sin, sizeof sin);
2658 sin.sin_family = AF_INET;
2659 sin.sin_len = sizeof sin;
2660 sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
2662 fprintf(stderr, "get_net: v4 addr %s\n",
2663 inet_ntoa(sin.sin_addr));
2664 sa = (struct sockaddr *)&sin;
2667 if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
2668 bzero(&sin, sizeof sin);
2669 sin.sin_family = AF_INET;
2670 sin.sin_len = sizeof sin;
2671 sin.sin_addr = inet_makeaddr(np->n_net, 0);
2672 sa = (struct sockaddr *)&sin;
2678 /* The specified sockaddr is a mask. */
2679 if (checkmask(sa) != 0)
2681 bcopy(sa, &net->nt_mask, sa->sa_len);
2682 opt_flags |= OP_HAVEMASK;
2684 /* The specified sockaddr is a network address. */
2685 bcopy(sa, &net->nt_net, sa->sa_len);
2687 /* Get a network name for the export list. */
2690 } else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
2691 NULL, 0, NI_NUMERICHOST) == 0) {
2696 if ((net->nt_name = strdup(name)) == NULL)
2700 * Extract a mask from either a "/<masklen>" suffix, or
2701 * from the class of an IPv4 address.
2703 if (opt_flags & OP_MASKLEN) {
2704 preflen = strtol(prefp, NULL, 10);
2705 if (preflen < 0L || preflen == LONG_MAX)
2707 bcopy(sa, &net->nt_mask, sa->sa_len);
2708 if (makemask(&net->nt_mask, (int)preflen) != 0)
2710 opt_flags |= OP_HAVEMASK;
2712 } else if (sa->sa_family == AF_INET &&
2713 (opt_flags & OP_MASK) == 0) {
2716 addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
2717 if (IN_CLASSA(addr))
2719 else if (IN_CLASSB(addr))
2721 else if (IN_CLASSC(addr))
2723 else if (IN_CLASSD(addr))
2726 preflen = 32; /* XXX */
2728 bcopy(sa, &net->nt_mask, sa->sa_len);
2729 makemask(&net->nt_mask, (int)preflen);
2730 opt_flags |= OP_HAVEMASK;
2745 * Parse out the next white space separated field
2748 nextfield(char **cp, char **endcp)
2753 while (*p == ' ' || *p == '\t')
2755 if (*p == '\n' || *p == '\0')
2759 while (*p != ' ' && *p != '\t' && *p != '\n' && *p != '\0')
2766 * Get an exports file line. Skip over blank lines and handle line
2774 int totlen, cont_line;
2777 * Loop around ignoring blank lines and getting all continuation lines.
2782 if ((p = fgetln(exp_file, &len)) == NULL)
2787 (*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
2797 if (linesize < len + totlen + 1) {
2798 linesize = len + totlen + 1;
2799 line = realloc(line, linesize);
2803 memcpy(line + totlen, p, len);
2805 line[totlen] = '\0';
2806 } while (totlen == 0 || cont_line);
2811 * Parse a description of a credential.
2814 parsecred(char *namelist, struct xucred *cr)
2821 gid_t groups[XU_NGROUPS + 1];
2824 cr->cr_version = XUCRED_VERSION;
2826 * Set up the unprivileged user.
2829 cr->cr_groups[0] = -2;
2832 * Get the user's password table entry.
2834 names = strsep(&namelist, " \t\n");
2835 name = strsep(&names, ":");
2836 if (isdigit(*name) || *name == '-')
2837 pw = getpwuid(atoi(name));
2839 pw = getpwnam(name);
2841 * Credentials specified as those of a user.
2843 if (names == NULL) {
2845 syslog(LOG_ERR, "unknown user: %s", name);
2848 cr->cr_uid = pw->pw_uid;
2849 ngroups = XU_NGROUPS + 1;
2850 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups))
2851 syslog(LOG_ERR, "too many groups");
2853 * Compress out duplicate.
2855 cr->cr_ngroups = ngroups - 1;
2856 cr->cr_groups[0] = groups[0];
2857 for (cnt = 2; cnt < ngroups; cnt++)
2858 cr->cr_groups[cnt - 1] = groups[cnt];
2862 * Explicit credential specified as a colon separated list:
2866 cr->cr_uid = pw->pw_uid;
2867 else if (isdigit(*name) || *name == '-')
2868 cr->cr_uid = atoi(name);
2870 syslog(LOG_ERR, "unknown user: %s", name);
2874 while (names != NULL && *names != '\0' && cr->cr_ngroups < XU_NGROUPS) {
2875 name = strsep(&names, ":");
2876 if (isdigit(*name) || *name == '-') {
2877 cr->cr_groups[cr->cr_ngroups++] = atoi(name);
2879 if ((gr = getgrnam(name)) == NULL) {
2880 syslog(LOG_ERR, "unknown group: %s", name);
2883 cr->cr_groups[cr->cr_ngroups++] = gr->gr_gid;
2886 if (names != NULL && *names != '\0' && cr->cr_ngroups == XU_NGROUPS)
2887 syslog(LOG_ERR, "too many groups");
2890 #define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
2892 * Routines that maintain the remote mounttab
2897 struct mountlist *mlp, **mlpp;
2898 char *host, *dirp, *cp;
2902 if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
2903 if (errno == ENOENT)
2906 syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
2911 while (fgets(str, STRSIZ, mlfile) != NULL) {
2913 host = strsep(&cp, " \t\n");
2914 dirp = strsep(&cp, " \t\n");
2915 if (host == NULL || dirp == NULL)
2917 mlp = (struct mountlist *)malloc(sizeof (*mlp));
2918 if (mlp == (struct mountlist *)NULL)
2920 strncpy(mlp->ml_host, host, MNTNAMLEN);
2921 mlp->ml_host[MNTNAMLEN] = '\0';
2922 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
2923 mlp->ml_dirp[MNTPATHLEN] = '\0';
2924 mlp->ml_next = (struct mountlist *)NULL;
2926 mlpp = &mlp->ml_next;
2932 del_mlist(char *hostp, char *dirp)
2934 struct mountlist *mlp, **mlpp;
2935 struct mountlist *mlp2;
2942 if (!strcmp(mlp->ml_host, hostp) &&
2943 (!dirp || !strcmp(mlp->ml_dirp, dirp))) {
2946 *mlpp = mlp = mlp->ml_next;
2947 free((caddr_t)mlp2);
2949 mlpp = &mlp->ml_next;
2954 if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
2955 syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
2960 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
2968 add_mlist(char *hostp, char *dirp)
2970 struct mountlist *mlp, **mlpp;
2976 if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
2978 mlpp = &mlp->ml_next;
2981 mlp = (struct mountlist *)malloc(sizeof (*mlp));
2982 if (mlp == (struct mountlist *)NULL)
2984 strncpy(mlp->ml_host, hostp, MNTNAMLEN);
2985 mlp->ml_host[MNTNAMLEN] = '\0';
2986 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
2987 mlp->ml_dirp[MNTPATHLEN] = '\0';
2988 mlp->ml_next = (struct mountlist *)NULL;
2990 if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
2991 syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
2994 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
2999 * Free up a group list.
3002 free_grp(struct grouplist *grp)
3004 if (grp->gr_type == GT_HOST) {
3005 if (grp->gr_ptr.gt_addrinfo != NULL)
3006 freeaddrinfo(grp->gr_ptr.gt_addrinfo);
3007 } else if (grp->gr_type == GT_NET) {
3008 if (grp->gr_ptr.gt_net.nt_name)
3009 free(grp->gr_ptr.gt_net.nt_name);
3016 SYSLOG(int pri, const char *fmt, ...)
3021 vfprintf(stderr, fmt, ap);
3027 * Check options for consistency.
3030 check_options(struct dirlist *dp)
3033 if (v4root_phase == 0 && dp == NULL)
3035 if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
3036 syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
3039 if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
3040 syslog(LOG_ERR, "-mask requires -network");
3043 if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
3044 syslog(LOG_ERR, "-network requires mask specification");
3047 if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
3048 syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
3051 if (v4root_phase > 0 &&
3053 ~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
3054 syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
3057 if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
3058 syslog(LOG_ERR, "-alldirs has multiple directories");
3065 * Check an absolute directory path for any symbolic links. Return true
3068 check_dirpath(char *dirp)
3075 while (*cp && ret) {
3078 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
3084 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
3090 * Make a netmask according to the specified prefix length. The ss_family
3091 * and other non-address fields must be initialised before calling this.
3094 makemask(struct sockaddr_storage *ssp, int bitlen)
3099 if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
3101 if (bitlen > len * CHAR_BIT)
3104 for (i = 0; i < len; i++) {
3105 bits = (bitlen > CHAR_BIT) ? CHAR_BIT : bitlen;
3106 *p++ = (u_char)~0 << (CHAR_BIT - bits);
3113 * Check that the sockaddr is a valid netmask. Returns 0 if the mask
3114 * is acceptable (i.e. of the form 1...10....0).
3117 checkmask(struct sockaddr *sa)
3122 if ((mask = sa_rawaddr(sa, &len)) == NULL)
3125 for (i = 0; i < len; i++)
3126 if (mask[i] != 0xff)
3129 if (~mask[i] & (u_char)(~mask[i] + 1))
3133 for (; i < len; i++)
3140 * Compare two sockaddrs according to a specified mask. Return zero if
3141 * `sa1' matches `sa2' when filtered by the netmask in `samask'.
3142 * If samask is NULL, perform a full comparison.
3145 sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
3147 unsigned char *p1, *p2, *mask;
3150 if (sa1->sa_family != sa2->sa_family ||
3151 (p1 = sa_rawaddr(sa1, &len)) == NULL ||
3152 (p2 = sa_rawaddr(sa2, NULL)) == NULL)
3155 switch (sa1->sa_family) {
3157 if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
3158 ((struct sockaddr_in6 *)sa2)->sin6_scope_id)
3163 /* Simple binary comparison if no mask specified. */
3165 return (memcmp(p1, p2, len));
3167 /* Set up the mask, and do a mask-based comparison. */
3168 if (sa1->sa_family != samask->sa_family ||
3169 (mask = sa_rawaddr(samask, NULL)) == NULL)
3172 for (i = 0; i < len; i++)
3173 if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
3179 * Return a pointer to the part of the sockaddr that contains the
3180 * raw address, and set *nbytes to its length in bytes. Returns
3181 * NULL if the address family is unknown.
3184 sa_rawaddr(struct sockaddr *sa, int *nbytes) {
3188 switch (sa->sa_family) {
3190 len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
3191 p = &((struct sockaddr_in *)sa)->sin_addr;
3194 len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
3195 p = &((struct sockaddr_in6 *)sa)->sin6_addr;
3208 huphandler(int sig __unused)
3215 terminate(int sig __unused)
3217 pidfile_remove(pfh);
3218 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
3219 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
projects / FreeBSD / FreeBSD.git / blob