1 /* 2 * Copyright (c) 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Herb Hasler and Rick Macklem at The University of Guelph. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 4. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifndef lint 34 static const char copyright[] = 35 "@(#) Copyright (c) 1989, 1993\n\ 36 The Regents of the University of California. All rights reserved.\n"; 37 #endif /*not lint*/ 38 39 #if 0 40 #ifndef lint 41 static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; 42 #endif /*not lint*/ 43 #endif 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include <sys/param.h> 49 #include <sys/fcntl.h> 50 #include <sys/linker.h> 51 #include <sys/module.h> 52 #include <sys/mount.h> 53 #include <sys/stat.h> 54 #include <sys/sysctl.h> 55 #include <sys/syslog.h> 56 57 #include <rpc/rpc.h> 58 #include <rpc/rpc_com.h> 59 #include <rpc/pmap_clnt.h> 60 #include <rpc/pmap_prot.h> 61 #include <rpcsvc/mount.h> 62 #include <nfs/nfsproto.h> 63 #include <nfs/nfssvc.h> 64 #include <nfsserver/nfs.h> 65 66 #include <fs/nfs/nfsport.h> 67 68 #include <arpa/inet.h> 69 70 #include <ctype.h> 71 #include <err.h> 72 #include <errno.h> 73 #include <grp.h> 74 #include <libutil.h> 75 #include <limits.h> 76 #include <netdb.h> 77 #include <pwd.h> 78 #include <signal.h> 79 #include <stdio.h> 80 #include <stdlib.h> 81 #include <string.h> 82 #include <unistd.h> 83 #include "pathnames.h" 84 #include "mntopts.h" 85 86 #ifdef DEBUG 87 #include <stdarg.h> 88 #endif 89 90 /* 91 * Structures for keeping the mount list and export list 92 */ 93 struct mountlist { 94 struct mountlist *ml_next; 95 char ml_host[MNTNAMLEN+1]; 96 char ml_dirp[MNTPATHLEN+1]; 97 }; 98 99 struct dirlist { 100 struct dirlist *dp_left; 101 struct dirlist *dp_right; 102 int dp_flag; 103 struct hostlist *dp_hosts; /* List of hosts this dir exported to */ 104 char dp_dirp[1]; /* Actually malloc'd to size of dir */ 105 }; 106 /* dp_flag bits */ 107 #define DP_DEFSET 0x1 108 #define DP_HOSTSET 0x2 109 110 struct exportlist { 111 struct exportlist *ex_next; 112 struct dirlist *ex_dirl; 113 struct dirlist *ex_defdir; 114 int ex_flag; 115 fsid_t ex_fs; 116 char *ex_fsdir; 117 char *ex_indexfile; 118 int ex_numsecflavors; 119 int ex_secflavors[MAXSECFLAVORS]; 120 int ex_defnumsecflavors; 121 int ex_defsecflavors[MAXSECFLAVORS]; 122 }; 123 /* ex_flag bits */ 124 #define EX_LINKED 0x1 125 126 struct netmsk { 127 struct sockaddr_storage nt_net; 128 struct sockaddr_storage nt_mask; 129 char *nt_name; 130 }; 131 132 union grouptypes { 133 struct addrinfo *gt_addrinfo; 134 struct netmsk gt_net; 135 }; 136 137 struct grouplist { 138 int gr_type; 139 union grouptypes gr_ptr; 140 struct grouplist *gr_next; 141 int gr_numsecflavors; 142 int gr_secflavors[MAXSECFLAVORS]; 143 }; 144 /* Group types */ 145 #define GT_NULL 0x0 146 #define GT_HOST 0x1 147 #define GT_NET 0x2 148 #define GT_DEFAULT 0x3 149 #define GT_IGNORE 0x5 150 151 struct hostlist { 152 int ht_flag; /* Uses DP_xx bits */ 153 struct grouplist *ht_grp; 154 struct hostlist *ht_next; 155 }; 156 157 struct fhreturn { 158 int fhr_flag; 159 int fhr_vers; 160 nfsfh_t fhr_fh; 161 int fhr_numsecflavors; 162 int *fhr_secflavors; 163 }; 164 165 #define GETPORT_MAXTRY 20 /* Max tries to get a port # */ 166 167 /* Global defs */ 168 char *add_expdir(struct dirlist **, char *, int); 169 void add_dlist(struct dirlist **, struct dirlist *, 170 struct grouplist *, int, struct exportlist *); 171 void add_mlist(char *, char *); 172 int check_dirpath(char *); 173 int check_options(struct dirlist *); 174 int checkmask(struct sockaddr *sa); 175 int chk_host(struct dirlist *, struct sockaddr *, int *, int *, int *, 176 int **); 177 static int create_service(struct netconfig *nconf); 178 static void complete_service(struct netconfig *nconf, char *port_str); 179 static void clearout_service(void); 180 void del_mlist(char *hostp, char *dirp); 181 struct dirlist *dirp_search(struct dirlist *, char *); 182 int do_mount(struct exportlist *, struct grouplist *, int, 183 struct xucred *, char *, int, struct statfs *); 184 int do_opt(char **, char **, struct exportlist *, struct grouplist *, 185 int *, int *, struct xucred *); 186 struct exportlist *ex_search(fsid_t *); 187 struct exportlist *get_exp(void); 188 void free_dir(struct dirlist *); 189 void free_exp(struct exportlist *); 190 void free_grp(struct grouplist *); 191 void free_host(struct hostlist *); 192 void get_exportlist(void); 193 int get_host(char *, struct grouplist *, struct grouplist *); 194 struct hostlist *get_ht(void); 195 int get_line(void); 196 void get_mountlist(void); 197 int get_net(char *, struct netmsk *, int); 198 void getexp_err(struct exportlist *, struct grouplist *); 199 struct grouplist *get_grp(void); 200 void hang_dirp(struct dirlist *, struct grouplist *, 201 struct exportlist *, int); 202 void huphandler(int sig); 203 int makemask(struct sockaddr_storage *ssp, int bitlen); 204 void mntsrv(struct svc_req *, SVCXPRT *); 205 void nextfield(char **, char **); 206 void out_of_mem(void); 207 void parsecred(char *, struct xucred *); 208 int parsesec(char *, struct exportlist *); 209 int put_exlist(struct dirlist *, XDR *, struct dirlist *, int *, int); 210 void *sa_rawaddr(struct sockaddr *sa, int *nbytes); 211 int sacmp(struct sockaddr *sa1, struct sockaddr *sa2, 212 struct sockaddr *samask); 213 int scan_tree(struct dirlist *, struct sockaddr *); 214 static void usage(void); 215 int xdr_dir(XDR *, char *); 216 int xdr_explist(XDR *, caddr_t); 217 int xdr_explist_brief(XDR *, caddr_t); 218 int xdr_explist_common(XDR *, caddr_t, int); 219 int xdr_fhs(XDR *, caddr_t); 220 int xdr_mlist(XDR *, caddr_t); 221 void terminate(int); 222 223 struct exportlist *exphead; 224 struct mountlist *mlhead; 225 struct grouplist *grphead; 226 char *exnames_default[2] = { _PATH_EXPORTS, NULL }; 227 char **exnames; 228 char **hosts = NULL; 229 struct xucred def_anon = { 230 XUCRED_VERSION, 231 (uid_t)-2, 232 1, 233 { (gid_t)-2 }, 234 NULL 235 }; 236 int force_v2 = 0; 237 int resvport_only = 1; 238 int nhosts = 0; 239 int dir_only = 1; 240 int dolog = 0; 241 int got_sighup = 0; 242 int xcreated = 0; 243 244 char *svcport_str = NULL; 245 static int mallocd_svcport = 0; 246 static int *sock_fd; 247 static int sock_fdcnt; 248 static int sock_fdpos; 249 250 int opt_flags; 251 static int have_v6 = 1; 252 253 int v4root_phase = 0; 254 char v4root_dirpath[PATH_MAX + 1]; 255 int run_v4server = 1; 256 int has_publicfh = 0; 257 258 struct pidfh *pfh = NULL; 259 /* Bits for opt_flags above */ 260 #define OP_MAPROOT 0x01 261 #define OP_MAPALL 0x02 262 /* 0x4 free */ 263 #define OP_MASK 0x08 264 #define OP_NET 0x10 265 #define OP_ALLDIRS 0x40 266 #define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */ 267 #define OP_QUIET 0x100 268 #define OP_MASKLEN 0x200 269 #define OP_SEC 0x400 270 271 #ifdef DEBUG 272 int debug = 1; 273 void SYSLOG(int, const char *, ...) __printflike(2, 3); 274 #define syslog SYSLOG 275 #else 276 int debug = 0; 277 #endif 278 279 /* 280 * Mountd server for NFS mount protocol as described in: 281 * NFS: Network File System Protocol Specification, RFC1094, Appendix A 282 * The optional arguments are the exports file name 283 * default: _PATH_EXPORTS 284 * and "-n" to allow nonroot mount. 285 */ 286 int 287 main(int argc, char **argv) 288 { 289 fd_set readfds; 290 struct netconfig *nconf; 291 char *endptr, **hosts_bak; 292 void *nc_handle; 293 pid_t otherpid; 294 in_port_t svcport; 295 int c, k, s; 296 int maxrec = RPC_MAXDATASIZE; 297 int attempt_cnt, port_len, port_pos, ret; 298 char **port_list; 299 300 /* Check that another mountd isn't already running. */ 301 pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid); 302 if (pfh == NULL) { 303 if (errno == EEXIST) 304 errx(1, "mountd already running, pid: %d.", otherpid); 305 warn("cannot open or create pidfile"); 306 } 307 308 s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP); 309 if (s < 0) 310 have_v6 = 0; 311 else 312 close(s); 313 314 while ((c = getopt(argc, argv, "2deh:lnop:r")) != -1) 315 switch (c) { 316 case '2': 317 force_v2 = 1; 318 break; 319 case 'e': 320 /* now a no-op, since this is the default */ 321 break; 322 case 'n': 323 resvport_only = 0; 324 break; 325 case 'r': 326 dir_only = 0; 327 break; 328 case 'd': 329 debug = debug ? 0 : 1; 330 break; 331 case 'l': 332 dolog = 1; 333 break; 334 case 'o': 335 run_v4server = 0; 336 break; 337 case 'p': 338 endptr = NULL; 339 svcport = (in_port_t)strtoul(optarg, &endptr, 10); 340 if (endptr == NULL || *endptr != '\0' || 341 svcport == 0 || svcport >= IPPORT_MAX) 342 usage(); 343 svcport_str = strdup(optarg); 344 break; 345 case 'h': 346 ++nhosts; 347 hosts_bak = hosts; 348 hosts_bak = realloc(hosts, nhosts * sizeof(char *)); 349 if (hosts_bak == NULL) { 350 if (hosts != NULL) { 351 for (k = 0; k < nhosts; k++) 352 free(hosts[k]); 353 free(hosts); 354 out_of_mem(); 355 } 356 } 357 hosts = hosts_bak; 358 hosts[nhosts - 1] = strdup(optarg); 359 if (hosts[nhosts - 1] == NULL) { 360 for (k = 0; k < (nhosts - 1); k++) 361 free(hosts[k]); 362 free(hosts); 363 out_of_mem(); 364 } 365 break; 366 default: 367 usage(); 368 }; 369 370 /* 371 * Unless the "-o" option was specified, try and run "nfsd". 372 * If "-o" was specified, try and run "nfsserver". 373 */ 374 if (run_v4server > 0) { 375 if (modfind("nfsd") < 0) { 376 /* Not present in kernel, try loading it */ 377 if (kldload("nfsd") < 0 || modfind("nfsd") < 0) 378 errx(1, "NFS server is not available"); 379 } 380 } else if (modfind("nfsserver") < 0) { 381 /* Not present in kernel, try loading it */ 382 if (kldload("nfsserver") < 0 || modfind("nfsserver") < 0) 383 errx(1, "NFS server is not available"); 384 } 385 386 argc -= optind; 387 argv += optind; 388 grphead = (struct grouplist *)NULL; 389 exphead = (struct exportlist *)NULL; 390 mlhead = (struct mountlist *)NULL; 391 if (argc > 0) 392 exnames = argv; 393 else 394 exnames = exnames_default; 395 openlog("mountd", LOG_PID, LOG_DAEMON); 396 if (debug) 397 warnx("getting export list"); 398 get_exportlist(); 399 if (debug) 400 warnx("getting mount list"); 401 get_mountlist(); 402 if (debug) 403 warnx("here we go"); 404 if (debug == 0) { 405 daemon(0, 0); 406 signal(SIGINT, SIG_IGN); 407 signal(SIGQUIT, SIG_IGN); 408 } 409 signal(SIGHUP, huphandler); 410 signal(SIGTERM, terminate); 411 signal(SIGPIPE, SIG_IGN); 412 413 pidfile_write(pfh); 414 415 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); 416 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); 417 rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); 418 419 if (!resvport_only) { 420 if (sysctlbyname("vfs.nfsrv.nfs_privport", NULL, NULL, 421 &resvport_only, sizeof(resvport_only)) != 0 && 422 errno != ENOENT) { 423 syslog(LOG_ERR, "sysctl: %m"); 424 exit(1); 425 } 426 } 427 428 /* 429 * If no hosts were specified, add a wildcard entry to bind to 430 * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the 431 * list. 432 */ 433 if (nhosts == 0) { 434 hosts = malloc(sizeof(char**)); 435 if (hosts == NULL) 436 out_of_mem(); 437 hosts[0] = "*"; 438 nhosts = 1; 439 } else { 440 hosts_bak = hosts; 441 if (have_v6) { 442 hosts_bak = realloc(hosts, (nhosts + 2) * 443 sizeof(char *)); 444 if (hosts_bak == NULL) { 445 for (k = 0; k < nhosts; k++) 446 free(hosts[k]); 447 free(hosts); 448 out_of_mem(); 449 } else 450 hosts = hosts_bak; 451 nhosts += 2; 452 hosts[nhosts - 2] = "::1"; 453 } else { 454 hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *)); 455 if (hosts_bak == NULL) { 456 for (k = 0; k < nhosts; k++) 457 free(hosts[k]); 458 free(hosts); 459 out_of_mem(); 460 } else { 461 nhosts += 1; 462 hosts = hosts_bak; 463 } 464 } 465 466 hosts[nhosts - 1] = "127.0.0.1"; 467 } 468 469 attempt_cnt = 1; 470 sock_fdcnt = 0; 471 sock_fd = NULL; 472 port_list = NULL; 473 port_len = 0; 474 nc_handle = setnetconfig(); 475 while ((nconf = getnetconfig(nc_handle))) { 476 if (nconf->nc_flag & NC_VISIBLE) { 477 if (have_v6 == 0 && strcmp(nconf->nc_protofmly, 478 "inet6") == 0) { 479 /* DO NOTHING */ 480 } else { 481 ret = create_service(nconf); 482 if (ret == 1) 483 /* Ignore this call */ 484 continue; 485 if (ret < 0) { 486 /* 487 * Failed to bind port, so close off 488 * all sockets created and try again 489 * if the port# was dynamically 490 * assigned via bind(2). 491 */ 492 clearout_service(); 493 if (mallocd_svcport != 0 && 494 attempt_cnt < GETPORT_MAXTRY) { 495 free(svcport_str); 496 svcport_str = NULL; 497 mallocd_svcport = 0; 498 } else { 499 errno = EADDRINUSE; 500 syslog(LOG_ERR, 501 "bindresvport_sa: %m"); 502 exit(1); 503 } 504 505 /* Start over at the first service. */ 506 free(sock_fd); 507 sock_fdcnt = 0; 508 sock_fd = NULL; 509 nc_handle = setnetconfig(); 510 attempt_cnt++; 511 } else if (mallocd_svcport != 0 && 512 attempt_cnt == GETPORT_MAXTRY) { 513 /* 514 * For the last attempt, allow 515 * different port #s for each nconf 516 * by saving the svcport_str and 517 * setting it back to NULL. 518 */ 519 port_list = realloc(port_list, 520 (port_len + 1) * sizeof(char *)); 521 if (port_list == NULL) 522 out_of_mem(); 523 port_list[port_len++] = svcport_str; 524 svcport_str = NULL; 525 mallocd_svcport = 0; 526 } 527 } 528 } 529 } 530 531 /* 532 * Successfully bound the ports, so call complete_service() to 533 * do the rest of the setup on the service(s). 534 */ 535 sock_fdpos = 0; 536 port_pos = 0; 537 nc_handle = setnetconfig(); 538 while ((nconf = getnetconfig(nc_handle))) { 539 if (nconf->nc_flag & NC_VISIBLE) { 540 if (have_v6 == 0 && strcmp(nconf->nc_protofmly, 541 "inet6") == 0) { 542 /* DO NOTHING */ 543 } else if (port_list != NULL) { 544 if (port_pos >= port_len) { 545 syslog(LOG_ERR, "too many port#s"); 546 exit(1); 547 } 548 complete_service(nconf, port_list[port_pos++]); 549 } else 550 complete_service(nconf, svcport_str); 551 } 552 } 553 endnetconfig(nc_handle); 554 free(sock_fd); 555 if (port_list != NULL) { 556 for (port_pos = 0; port_pos < port_len; port_pos++) 557 free(port_list[port_pos]); 558 free(port_list); 559 } 560 561 if (xcreated == 0) { 562 syslog(LOG_ERR, "could not create any services"); 563 exit(1); 564 } 565 566 /* Expand svc_run() here so that we can call get_exportlist(). */ 567 for (;;) { 568 if (got_sighup) { 569 get_exportlist(); 570 got_sighup = 0; 571 } 572 readfds = svc_fdset; 573 switch (select(svc_maxfd + 1, &readfds, NULL, NULL, NULL)) { 574 case -1: 575 if (errno == EINTR) 576 continue; 577 syslog(LOG_ERR, "mountd died: select: %m"); 578 exit(1); 579 case 0: 580 continue; 581 default: 582 svc_getreqset(&readfds); 583 } 584 } 585 } 586 587 /* 588 * This routine creates and binds sockets on the appropriate 589 * addresses. It gets called one time for each transport. 590 * It returns 0 upon success, 1 for ingore the call and -1 to indicate 591 * bind failed with EADDRINUSE. 592 * Any file descriptors that have been created are stored in sock_fd and 593 * the total count of them is maintained in sock_fdcnt. 594 */ 595 static int 596 create_service(struct netconfig *nconf) 597 { 598 struct addrinfo hints, *res = NULL; 599 struct sockaddr_in *sin; 600 struct sockaddr_in6 *sin6; 601 struct __rpc_sockinfo si; 602 int aicode; 603 int fd; 604 int nhostsbak; 605 int one = 1; 606 int r; 607 u_int32_t host_addr[4]; /* IPv4 or IPv6 */ 608 int mallocd_res; 609 610 if ((nconf->nc_semantics != NC_TPI_CLTS) && 611 (nconf->nc_semantics != NC_TPI_COTS) && 612 (nconf->nc_semantics != NC_TPI_COTS_ORD)) 613 return (1); /* not my type */ 614 615 /* 616 * XXX - using RPC library internal functions. 617 */ 618 if (!__rpc_nconf2sockinfo(nconf, &si)) { 619 syslog(LOG_ERR, "cannot get information for %s", 620 nconf->nc_netid); 621 return (1); 622 } 623 624 /* Get mountd's address on this transport */ 625 memset(&hints, 0, sizeof hints); 626 hints.ai_flags = AI_PASSIVE; 627 hints.ai_family = si.si_af; 628 hints.ai_socktype = si.si_socktype; 629 hints.ai_protocol = si.si_proto; 630 631 /* 632 * Bind to specific IPs if asked to 633 */ 634 nhostsbak = nhosts; 635 while (nhostsbak > 0) { 636 --nhostsbak; 637 sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int)); 638 if (sock_fd == NULL) 639 out_of_mem(); 640 sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */ 641 mallocd_res = 0; 642 643 /* 644 * XXX - using RPC library internal functions. 645 */ 646 if ((fd = __rpc_nconf2fd(nconf)) < 0) { 647 int non_fatal = 0; 648 if (errno == EPROTONOSUPPORT && 649 nconf->nc_semantics != NC_TPI_CLTS) 650 non_fatal = 1; 651 652 syslog(non_fatal ? LOG_DEBUG : LOG_ERR, 653 "cannot create socket for %s", nconf->nc_netid); 654 if (non_fatal != 0) 655 continue; 656 exit(1); 657 } 658 659 switch (hints.ai_family) { 660 case AF_INET: 661 if (inet_pton(AF_INET, hosts[nhostsbak], 662 host_addr) == 1) { 663 hints.ai_flags |= AI_NUMERICHOST; 664 } else { 665 /* 666 * Skip if we have an AF_INET6 address. 667 */ 668 if (inet_pton(AF_INET6, hosts[nhostsbak], 669 host_addr) == 1) { 670 close(fd); 671 continue; 672 } 673 } 674 break; 675 case AF_INET6: 676 if (inet_pton(AF_INET6, hosts[nhostsbak], 677 host_addr) == 1) { 678 hints.ai_flags |= AI_NUMERICHOST; 679 } else { 680 /* 681 * Skip if we have an AF_INET address. 682 */ 683 if (inet_pton(AF_INET, hosts[nhostsbak], 684 host_addr) == 1) { 685 close(fd); 686 continue; 687 } 688 } 689 690 /* 691 * We're doing host-based access checks here, so don't 692 * allow v4-in-v6 to confuse things. The kernel will 693 * disable it by default on NFS sockets too. 694 */ 695 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one, 696 sizeof one) < 0) { 697 syslog(LOG_ERR, 698 "can't disable v4-in-v6 on IPv6 socket"); 699 exit(1); 700 } 701 break; 702 default: 703 break; 704 } 705 706 /* 707 * If no hosts were specified, just bind to INADDR_ANY 708 */ 709 if (strcmp("*", hosts[nhostsbak]) == 0) { 710 if (svcport_str == NULL) { 711 res = malloc(sizeof(struct addrinfo)); 712 if (res == NULL) 713 out_of_mem(); 714 mallocd_res = 1; 715 res->ai_flags = hints.ai_flags; 716 res->ai_family = hints.ai_family; 717 res->ai_protocol = hints.ai_protocol; 718 switch (res->ai_family) { 719 case AF_INET: 720 sin = malloc(sizeof(struct sockaddr_in)); 721 if (sin == NULL) 722 out_of_mem(); 723 sin->sin_family = AF_INET; 724 sin->sin_port = htons(0); 725 sin->sin_addr.s_addr = htonl(INADDR_ANY); 726 res->ai_addr = (struct sockaddr*) sin; 727 res->ai_addrlen = (socklen_t) 728 sizeof(struct sockaddr_in); 729 break; 730 case AF_INET6: 731 sin6 = malloc(sizeof(struct sockaddr_in6)); 732 if (sin6 == NULL) 733 out_of_mem(); 734 sin6->sin6_family = AF_INET6; 735 sin6->sin6_port = htons(0); 736 sin6->sin6_addr = in6addr_any; 737 res->ai_addr = (struct sockaddr*) sin6; 738 res->ai_addrlen = (socklen_t) 739 sizeof(struct sockaddr_in6); 740 break; 741 default: 742 syslog(LOG_ERR, "bad addr fam %d", 743 res->ai_family); 744 exit(1); 745 } 746 } else { 747 if ((aicode = getaddrinfo(NULL, svcport_str, 748 &hints, &res)) != 0) { 749 syslog(LOG_ERR, 750 "cannot get local address for %s: %s", 751 nconf->nc_netid, 752 gai_strerror(aicode)); 753 close(fd); 754 continue; 755 } 756 } 757 } else { 758 if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str, 759 &hints, &res)) != 0) { 760 syslog(LOG_ERR, 761 "cannot get local address for %s: %s", 762 nconf->nc_netid, gai_strerror(aicode)); 763 close(fd); 764 continue; 765 } 766 } 767 768 /* Store the fd. */ 769 sock_fd[sock_fdcnt - 1] = fd; 770 771 /* Now, attempt the bind. */ 772 r = bindresvport_sa(fd, res->ai_addr); 773 if (r != 0) { 774 if (errno == EADDRINUSE && mallocd_svcport != 0) { 775 if (mallocd_res != 0) { 776 free(res->ai_addr); 777 free(res); 778 } else 779 freeaddrinfo(res); 780 return (-1); 781 } 782 syslog(LOG_ERR, "bindresvport_sa: %m"); 783 exit(1); 784 } 785 786 if (svcport_str == NULL) { 787 svcport_str = malloc(NI_MAXSERV * sizeof(char)); 788 if (svcport_str == NULL) 789 out_of_mem(); 790 mallocd_svcport = 1; 791 792 if (getnameinfo(res->ai_addr, 793 res->ai_addr->sa_len, NULL, NI_MAXHOST, 794 svcport_str, NI_MAXSERV * sizeof(char), 795 NI_NUMERICHOST | NI_NUMERICSERV)) 796 errx(1, "Cannot get port number"); 797 } 798 if (mallocd_res != 0) { 799 free(res->ai_addr); 800 free(res); 801 } else 802 freeaddrinfo(res); 803 res = NULL; 804 } 805 return (0); 806 } 807 808 /* 809 * Called after all the create_service() calls have succeeded, to complete 810 * the setup and registration. 811 */ 812 static void 813 complete_service(struct netconfig *nconf, char *port_str) 814 { 815 struct addrinfo hints, *res = NULL; 816 struct __rpc_sockinfo si; 817 struct netbuf servaddr; 818 SVCXPRT *transp = NULL; 819 int aicode, fd, nhostsbak; 820 int registered = 0; 821 822 if ((nconf->nc_semantics != NC_TPI_CLTS) && 823 (nconf->nc_semantics != NC_TPI_COTS) && 824 (nconf->nc_semantics != NC_TPI_COTS_ORD)) 825 return; /* not my type */ 826 827 /* 828 * XXX - using RPC library internal functions. 829 */ 830 if (!__rpc_nconf2sockinfo(nconf, &si)) { 831 syslog(LOG_ERR, "cannot get information for %s", 832 nconf->nc_netid); 833 return; 834 } 835 836 nhostsbak = nhosts; 837 while (nhostsbak > 0) { 838 --nhostsbak; 839 if (sock_fdpos >= sock_fdcnt) { 840 /* Should never happen. */ 841 syslog(LOG_ERR, "Ran out of socket fd's"); 842 return; 843 } 844 fd = sock_fd[sock_fdpos++]; 845 if (fd < 0) 846 continue; 847 848 if (nconf->nc_semantics != NC_TPI_CLTS) 849 listen(fd, SOMAXCONN); 850 851 if (nconf->nc_semantics == NC_TPI_CLTS ) 852 transp = svc_dg_create(fd, 0, 0); 853 else 854 transp = svc_vc_create(fd, RPC_MAXDATASIZE, 855 RPC_MAXDATASIZE); 856 857 if (transp != (SVCXPRT *) NULL) { 858 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv, 859 NULL)) 860 syslog(LOG_ERR, 861 "can't register %s MOUNTVERS service", 862 nconf->nc_netid); 863 if (!force_v2) { 864 if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3, 865 mntsrv, NULL)) 866 syslog(LOG_ERR, 867 "can't register %s MOUNTVERS3 service", 868 nconf->nc_netid); 869 } 870 } else 871 syslog(LOG_WARNING, "can't create %s services", 872 nconf->nc_netid); 873 874 if (registered == 0) { 875 registered = 1; 876 memset(&hints, 0, sizeof hints); 877 hints.ai_flags = AI_PASSIVE; 878 hints.ai_family = si.si_af; 879 hints.ai_socktype = si.si_socktype; 880 hints.ai_protocol = si.si_proto; 881 882 if ((aicode = getaddrinfo(NULL, port_str, &hints, 883 &res)) != 0) { 884 syslog(LOG_ERR, "cannot get local address: %s", 885 gai_strerror(aicode)); 886 exit(1); 887 } 888 889 servaddr.buf = malloc(res->ai_addrlen); 890 memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen); 891 servaddr.len = res->ai_addrlen; 892 893 rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr); 894 rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr); 895 896 xcreated++; 897 freeaddrinfo(res); 898 } 899 } /* end while */ 900 } 901 902 /* 903 * Clear out sockets after a failure to bind one of them, so that the 904 * cycle of socket creation/binding can start anew. 905 */ 906 static void 907 clearout_service(void) 908 { 909 int i; 910 911 for (i = 0; i < sock_fdcnt; i++) { 912 if (sock_fd[i] >= 0) { 913 shutdown(sock_fd[i], SHUT_RDWR); 914 close(sock_fd[i]); 915 } 916 } 917 } 918 919 static void 920 usage(void) 921 { 922 fprintf(stderr, 923 "usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] " 924 "[-h <bindip>] [export_file ...]\n"); 925 exit(1); 926 } 927 928 /* 929 * The mount rpc service 930 */ 931 void 932 mntsrv(struct svc_req *rqstp, SVCXPRT *transp) 933 { 934 struct exportlist *ep; 935 struct dirlist *dp; 936 struct fhreturn fhr; 937 struct stat stb; 938 struct statfs fsb; 939 char host[NI_MAXHOST], numerichost[NI_MAXHOST]; 940 int lookup_failed = 1; 941 struct sockaddr *saddr; 942 u_short sport; 943 char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN]; 944 int bad = 0, defset, hostset; 945 sigset_t sighup_mask; 946 int numsecflavors, *secflavorsp; 947 948 sigemptyset(&sighup_mask); 949 sigaddset(&sighup_mask, SIGHUP); 950 saddr = svc_getrpccaller(transp)->buf; 951 switch (saddr->sa_family) { 952 case AF_INET6: 953 sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port); 954 break; 955 case AF_INET: 956 sport = ntohs(((struct sockaddr_in *)saddr)->sin_port); 957 break; 958 default: 959 syslog(LOG_ERR, "request from unknown address family"); 960 return; 961 } 962 lookup_failed = getnameinfo(saddr, saddr->sa_len, host, sizeof host, 963 NULL, 0, 0); 964 getnameinfo(saddr, saddr->sa_len, numerichost, 965 sizeof numerichost, NULL, 0, NI_NUMERICHOST); 966 switch (rqstp->rq_proc) { 967 case NULLPROC: 968 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL)) 969 syslog(LOG_ERR, "can't send reply"); 970 return; 971 case MOUNTPROC_MNT: 972 if (sport >= IPPORT_RESERVED && resvport_only) { 973 syslog(LOG_NOTICE, 974 "mount request from %s from unprivileged port", 975 numerichost); 976 svcerr_weakauth(transp); 977 return; 978 } 979 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) { 980 syslog(LOG_NOTICE, "undecodable mount request from %s", 981 numerichost); 982 svcerr_decode(transp); 983 return; 984 } 985 986 /* 987 * Get the real pathname and make sure it is a directory 988 * or a regular file if the -r option was specified 989 * and it exists. 990 */ 991 if (realpath(rpcpath, dirpath) == NULL || 992 stat(dirpath, &stb) < 0 || 993 (!S_ISDIR(stb.st_mode) && 994 (dir_only || !S_ISREG(stb.st_mode))) || 995 statfs(dirpath, &fsb) < 0) { 996 chdir("/"); /* Just in case realpath doesn't */ 997 syslog(LOG_NOTICE, 998 "mount request from %s for non existent path %s", 999 numerichost, dirpath); 1000 if (debug) 1001 warnx("stat failed on %s", dirpath); 1002 bad = ENOENT; /* We will send error reply later */ 1003 } 1004 1005 /* Check in the exports list */ 1006 sigprocmask(SIG_BLOCK, &sighup_mask, NULL); 1007 ep = ex_search(&fsb.f_fsid); 1008 hostset = defset = 0; 1009 if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset, 1010 &numsecflavors, &secflavorsp) || 1011 ((dp = dirp_search(ep->ex_dirl, dirpath)) && 1012 chk_host(dp, saddr, &defset, &hostset, &numsecflavors, 1013 &secflavorsp)) || 1014 (defset && scan_tree(ep->ex_defdir, saddr) == 0 && 1015 scan_tree(ep->ex_dirl, saddr) == 0))) { 1016 if (bad) { 1017 if (!svc_sendreply(transp, (xdrproc_t)xdr_long, 1018 (caddr_t)&bad)) 1019 syslog(LOG_ERR, "can't send reply"); 1020 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); 1021 return; 1022 } 1023 if (hostset & DP_HOSTSET) { 1024 fhr.fhr_flag = hostset; 1025 fhr.fhr_numsecflavors = numsecflavors; 1026 fhr.fhr_secflavors = secflavorsp; 1027 } else { 1028 fhr.fhr_flag = defset; 1029 fhr.fhr_numsecflavors = ep->ex_defnumsecflavors; 1030 fhr.fhr_secflavors = ep->ex_defsecflavors; 1031 } 1032 fhr.fhr_vers = rqstp->rq_vers; 1033 /* Get the file handle */ 1034 memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t)); 1035 if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) { 1036 bad = errno; 1037 syslog(LOG_ERR, "can't get fh for %s", dirpath); 1038 if (!svc_sendreply(transp, (xdrproc_t)xdr_long, 1039 (caddr_t)&bad)) 1040 syslog(LOG_ERR, "can't send reply"); 1041 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); 1042 return; 1043 } 1044 if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs, 1045 (caddr_t)&fhr)) 1046 syslog(LOG_ERR, "can't send reply"); 1047 if (!lookup_failed) 1048 add_mlist(host, dirpath); 1049 else 1050 add_mlist(numerichost, dirpath); 1051 if (debug) 1052 warnx("mount successful"); 1053 if (dolog) 1054 syslog(LOG_NOTICE, 1055 "mount request succeeded from %s for %s", 1056 numerichost, dirpath); 1057 } else { 1058 bad = EACCES; 1059 syslog(LOG_NOTICE, 1060 "mount request denied from %s for %s", 1061 numerichost, dirpath); 1062 } 1063 1064 if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long, 1065 (caddr_t)&bad)) 1066 syslog(LOG_ERR, "can't send reply"); 1067 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); 1068 return; 1069 case MOUNTPROC_DUMP: 1070 if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL)) 1071 syslog(LOG_ERR, "can't send reply"); 1072 else if (dolog) 1073 syslog(LOG_NOTICE, 1074 "dump request succeeded from %s", 1075 numerichost); 1076 return; 1077 case MOUNTPROC_UMNT: 1078 if (sport >= IPPORT_RESERVED && resvport_only) { 1079 syslog(LOG_NOTICE, 1080 "umount request from %s from unprivileged port", 1081 numerichost); 1082 svcerr_weakauth(transp); 1083 return; 1084 } 1085 if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) { 1086 syslog(LOG_NOTICE, "undecodable umount request from %s", 1087 numerichost); 1088 svcerr_decode(transp); 1089 return; 1090 } 1091 if (realpath(rpcpath, dirpath) == NULL) { 1092 syslog(LOG_NOTICE, "umount request from %s " 1093 "for non existent path %s", 1094 numerichost, dirpath); 1095 } 1096 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL)) 1097 syslog(LOG_ERR, "can't send reply"); 1098 if (!lookup_failed) 1099 del_mlist(host, dirpath); 1100 del_mlist(numerichost, dirpath); 1101 if (dolog) 1102 syslog(LOG_NOTICE, 1103 "umount request succeeded from %s for %s", 1104 numerichost, dirpath); 1105 return; 1106 case MOUNTPROC_UMNTALL: 1107 if (sport >= IPPORT_RESERVED && resvport_only) { 1108 syslog(LOG_NOTICE, 1109 "umountall request from %s from unprivileged port", 1110 numerichost); 1111 svcerr_weakauth(transp); 1112 return; 1113 } 1114 if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL)) 1115 syslog(LOG_ERR, "can't send reply"); 1116 if (!lookup_failed) 1117 del_mlist(host, NULL); 1118 del_mlist(numerichost, NULL); 1119 if (dolog) 1120 syslog(LOG_NOTICE, 1121 "umountall request succeeded from %s", 1122 numerichost); 1123 return; 1124 case MOUNTPROC_EXPORT: 1125 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL)) 1126 if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief, 1127 (caddr_t)NULL)) 1128 syslog(LOG_ERR, "can't send reply"); 1129 if (dolog) 1130 syslog(LOG_NOTICE, 1131 "export request succeeded from %s", 1132 numerichost); 1133 return; 1134 default: 1135 svcerr_noproc(transp); 1136 return; 1137 } 1138 } 1139 1140 /* 1141 * Xdr conversion for a dirpath string 1142 */ 1143 int 1144 xdr_dir(XDR *xdrsp, char *dirp) 1145 { 1146 return (xdr_string(xdrsp, &dirp, MNTPATHLEN)); 1147 } 1148 1149 /* 1150 * Xdr routine to generate file handle reply 1151 */ 1152 int 1153 xdr_fhs(XDR *xdrsp, caddr_t cp) 1154 { 1155 struct fhreturn *fhrp = (struct fhreturn *)cp; 1156 u_long ok = 0, len, auth; 1157 int i; 1158 1159 if (!xdr_long(xdrsp, &ok)) 1160 return (0); 1161 switch (fhrp->fhr_vers) { 1162 case 1: 1163 return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH)); 1164 case 3: 1165 len = NFSX_V3FH; 1166 if (!xdr_long(xdrsp, &len)) 1167 return (0); 1168 if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len)) 1169 return (0); 1170 if (fhrp->fhr_numsecflavors) { 1171 if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors)) 1172 return (0); 1173 for (i = 0; i < fhrp->fhr_numsecflavors; i++) 1174 if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i])) 1175 return (0); 1176 return (1); 1177 } else { 1178 auth = AUTH_SYS; 1179 len = 1; 1180 if (!xdr_long(xdrsp, &len)) 1181 return (0); 1182 return (xdr_long(xdrsp, &auth)); 1183 } 1184 }; 1185 return (0); 1186 } 1187 1188 int 1189 xdr_mlist(XDR *xdrsp, caddr_t cp __unused) 1190 { 1191 struct mountlist *mlp; 1192 int true = 1; 1193 int false = 0; 1194 char *strp; 1195 1196 mlp = mlhead; 1197 while (mlp) { 1198 if (!xdr_bool(xdrsp, &true)) 1199 return (0); 1200 strp = &mlp->ml_host[0]; 1201 if (!xdr_string(xdrsp, &strp, MNTNAMLEN)) 1202 return (0); 1203 strp = &mlp->ml_dirp[0]; 1204 if (!xdr_string(xdrsp, &strp, MNTPATHLEN)) 1205 return (0); 1206 mlp = mlp->ml_next; 1207 } 1208 if (!xdr_bool(xdrsp, &false)) 1209 return (0); 1210 return (1); 1211 } 1212 1213 /* 1214 * Xdr conversion for export list 1215 */ 1216 int 1217 xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief) 1218 { 1219 struct exportlist *ep; 1220 int false = 0; 1221 int putdef; 1222 sigset_t sighup_mask; 1223 1224 sigemptyset(&sighup_mask); 1225 sigaddset(&sighup_mask, SIGHUP); 1226 sigprocmask(SIG_BLOCK, &sighup_mask, NULL); 1227 ep = exphead; 1228 while (ep) { 1229 putdef = 0; 1230 if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir, 1231 &putdef, brief)) 1232 goto errout; 1233 if (ep->ex_defdir && putdef == 0 && 1234 put_exlist(ep->ex_defdir, xdrsp, (struct dirlist *)NULL, 1235 &putdef, brief)) 1236 goto errout; 1237 ep = ep->ex_next; 1238 } 1239 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); 1240 if (!xdr_bool(xdrsp, &false)) 1241 return (0); 1242 return (1); 1243 errout: 1244 sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); 1245 return (0); 1246 } 1247 1248 /* 1249 * Called from xdr_explist() to traverse the tree and export the 1250 * directory paths. 1251 */ 1252 int 1253 put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp, 1254 int brief) 1255 { 1256 struct grouplist *grp; 1257 struct hostlist *hp; 1258 int true = 1; 1259 int false = 0; 1260 int gotalldir = 0; 1261 char *strp; 1262 1263 if (dp) { 1264 if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief)) 1265 return (1); 1266 if (!xdr_bool(xdrsp, &true)) 1267 return (1); 1268 strp = dp->dp_dirp; 1269 if (!xdr_string(xdrsp, &strp, MNTPATHLEN)) 1270 return (1); 1271 if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) { 1272 gotalldir = 1; 1273 *putdefp = 1; 1274 } 1275 if (brief) { 1276 if (!xdr_bool(xdrsp, &true)) 1277 return (1); 1278 strp = "(...)"; 1279 if (!xdr_string(xdrsp, &strp, MNTPATHLEN)) 1280 return (1); 1281 } else if ((dp->dp_flag & DP_DEFSET) == 0 && 1282 (gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) { 1283 hp = dp->dp_hosts; 1284 while (hp) { 1285 grp = hp->ht_grp; 1286 if (grp->gr_type == GT_HOST) { 1287 if (!xdr_bool(xdrsp, &true)) 1288 return (1); 1289 strp = grp->gr_ptr.gt_addrinfo->ai_canonname; 1290 if (!xdr_string(xdrsp, &strp, 1291 MNTNAMLEN)) 1292 return (1); 1293 } else if (grp->gr_type == GT_NET) { 1294 if (!xdr_bool(xdrsp, &true)) 1295 return (1); 1296 strp = grp->gr_ptr.gt_net.nt_name; 1297 if (!xdr_string(xdrsp, &strp, 1298 MNTNAMLEN)) 1299 return (1); 1300 } 1301 hp = hp->ht_next; 1302 if (gotalldir && hp == (struct hostlist *)NULL) { 1303 hp = adp->dp_hosts; 1304 gotalldir = 0; 1305 } 1306 } 1307 } 1308 if (!xdr_bool(xdrsp, &false)) 1309 return (1); 1310 if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief)) 1311 return (1); 1312 } 1313 return (0); 1314 } 1315 1316 int 1317 xdr_explist(XDR *xdrsp, caddr_t cp) 1318 { 1319 1320 return xdr_explist_common(xdrsp, cp, 0); 1321 } 1322 1323 int 1324 xdr_explist_brief(XDR *xdrsp, caddr_t cp) 1325 { 1326 1327 return xdr_explist_common(xdrsp, cp, 1); 1328 } 1329 1330 char *line; 1331 int linesize; 1332 FILE *exp_file; 1333 1334 /* 1335 * Get the export list from one, currently open file 1336 */ 1337 static void 1338 get_exportlist_one(void) 1339 { 1340 struct exportlist *ep, *ep2; 1341 struct grouplist *grp, *tgrp; 1342 struct exportlist **epp; 1343 struct dirlist *dirhead; 1344 struct statfs fsb; 1345 struct xucred anon; 1346 char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc; 1347 int len, has_host, exflags, got_nondir, dirplen, netgrp; 1348 1349 v4root_phase = 0; 1350 dirhead = (struct dirlist *)NULL; 1351 while (get_line()) { 1352 if (debug) 1353 warnx("got line %s", line); 1354 cp = line; 1355 nextfield(&cp, &endcp); 1356 if (*cp == '#') 1357 goto nextline; 1358 1359 /* 1360 * Set defaults. 1361 */ 1362 has_host = FALSE; 1363 anon = def_anon; 1364 exflags = MNT_EXPORTED; 1365 got_nondir = 0; 1366 opt_flags = 0; 1367 ep = (struct exportlist *)NULL; 1368 dirp = NULL; 1369 1370 /* 1371 * Handle the V4 root dir. 1372 */ 1373 if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') { 1374 /* 1375 * V4: just indicates that it is the v4 root point, 1376 * so skip over that and set v4root_phase. 1377 */ 1378 if (v4root_phase > 0) { 1379 syslog(LOG_ERR, "V4:duplicate line, ignored"); 1380 goto nextline; 1381 } 1382 v4root_phase = 1; 1383 cp += 3; 1384 nextfield(&cp, &endcp); 1385 } 1386 1387 /* 1388 * Create new exports list entry 1389 */ 1390 len = endcp-cp; 1391 tgrp = grp = get_grp(); 1392 while (len > 0) { 1393 if (len > MNTNAMLEN) { 1394 getexp_err(ep, tgrp); 1395 goto nextline; 1396 } 1397 if (*cp == '-') { 1398 if (ep == (struct exportlist *)NULL) { 1399 getexp_err(ep, tgrp); 1400 goto nextline; 1401 } 1402 if (debug) 1403 warnx("doing opt %s", cp); 1404 got_nondir = 1; 1405 if (do_opt(&cp, &endcp, ep, grp, &has_host, 1406 &exflags, &anon)) { 1407 getexp_err(ep, tgrp); 1408 goto nextline; 1409 } 1410 } else if (*cp == '/') { 1411 savedc = *endcp; 1412 *endcp = '\0'; 1413 if (v4root_phase > 1) { 1414 if (dirp != NULL) { 1415 syslog(LOG_ERR, "Multiple V4 dirs"); 1416 getexp_err(ep, tgrp); 1417 goto nextline; 1418 } 1419 } 1420 if (check_dirpath(cp) && 1421 statfs(cp, &fsb) >= 0) { 1422 if (got_nondir) { 1423 syslog(LOG_ERR, "dirs must be first"); 1424 getexp_err(ep, tgrp); 1425 goto nextline; 1426 } 1427 if (v4root_phase == 1) { 1428 if (dirp != NULL) { 1429 syslog(LOG_ERR, "Multiple V4 dirs"); 1430 getexp_err(ep, tgrp); 1431 goto nextline; 1432 } 1433 if (strlen(v4root_dirpath) == 0) { 1434 strlcpy(v4root_dirpath, cp, 1435 sizeof (v4root_dirpath)); 1436 } else if (strcmp(v4root_dirpath, cp) 1437 != 0) { 1438 syslog(LOG_ERR, 1439 "different V4 dirpath %s", cp); 1440 getexp_err(ep, tgrp); 1441 goto nextline; 1442 } 1443 dirp = cp; 1444 v4root_phase = 2; 1445 got_nondir = 1; 1446 ep = get_exp(); 1447 } else { 1448 if (ep) { 1449 if (ep->ex_fs.val[0] != 1450 fsb.f_fsid.val[0] || 1451 ep->ex_fs.val[1] != 1452 fsb.f_fsid.val[1]) { 1453 getexp_err(ep, tgrp); 1454 goto nextline; 1455 } 1456 } else { 1457 /* 1458 * See if this directory is already 1459 * in the list. 1460 */ 1461 ep = ex_search(&fsb.f_fsid); 1462 if (ep == (struct exportlist *)NULL) { 1463 ep = get_exp(); 1464 ep->ex_fs = fsb.f_fsid; 1465 ep->ex_fsdir = (char *)malloc 1466 (strlen(fsb.f_mntonname) + 1); 1467 if (ep->ex_fsdir) 1468 strcpy(ep->ex_fsdir, 1469 fsb.f_mntonname); 1470 else 1471 out_of_mem(); 1472 if (debug) 1473 warnx( 1474 "making new ep fs=0x%x,0x%x", 1475 fsb.f_fsid.val[0], 1476 fsb.f_fsid.val[1]); 1477 } else if (debug) 1478 warnx("found ep fs=0x%x,0x%x", 1479 fsb.f_fsid.val[0], 1480 fsb.f_fsid.val[1]); 1481 } 1482 1483 /* 1484 * Add dirpath to export mount point. 1485 */ 1486 dirp = add_expdir(&dirhead, cp, len); 1487 dirplen = len; 1488 } 1489 } else { 1490 getexp_err(ep, tgrp); 1491 goto nextline; 1492 } 1493 *endcp = savedc; 1494 } else { 1495 savedc = *endcp; 1496 *endcp = '\0'; 1497 got_nondir = 1; 1498 if (ep == (struct exportlist *)NULL) { 1499 getexp_err(ep, tgrp); 1500 goto nextline; 1501 } 1502 1503 /* 1504 * Get the host or netgroup. 1505 */ 1506 setnetgrent(cp); 1507 netgrp = getnetgrent(&hst, &usr, &dom); 1508 do { 1509 if (has_host) { 1510 grp->gr_next = get_grp(); 1511 grp = grp->gr_next; 1512 } 1513 if (netgrp) { 1514 if (hst == 0) { 1515 syslog(LOG_ERR, 1516 "null hostname in netgroup %s, skipping", cp); 1517 grp->gr_type = GT_IGNORE; 1518 } else if (get_host(hst, grp, tgrp)) { 1519 syslog(LOG_ERR, 1520 "bad host %s in netgroup %s, skipping", hst, cp); 1521 grp->gr_type = GT_IGNORE; 1522 } 1523 } else if (get_host(cp, grp, tgrp)) { 1524 syslog(LOG_ERR, "bad host %s, skipping", cp); 1525 grp->gr_type = GT_IGNORE; 1526 } 1527 has_host = TRUE; 1528 } while (netgrp && getnetgrent(&hst, &usr, &dom)); 1529 endnetgrent(); 1530 *endcp = savedc; 1531 } 1532 cp = endcp; 1533 nextfield(&cp, &endcp); 1534 len = endcp - cp; 1535 } 1536 if (check_options(dirhead)) { 1537 getexp_err(ep, tgrp); 1538 goto nextline; 1539 } 1540 if (!has_host) { 1541 grp->gr_type = GT_DEFAULT; 1542 if (debug) 1543 warnx("adding a default entry"); 1544 1545 /* 1546 * Don't allow a network export coincide with a list of 1547 * host(s) on the same line. 1548 */ 1549 } else if ((opt_flags & OP_NET) && tgrp->gr_next) { 1550 syslog(LOG_ERR, "network/host conflict"); 1551 getexp_err(ep, tgrp); 1552 goto nextline; 1553 1554 /* 1555 * If an export list was specified on this line, make sure 1556 * that we have at least one valid entry, otherwise skip it. 1557 */ 1558 } else { 1559 grp = tgrp; 1560 while (grp && grp->gr_type == GT_IGNORE) 1561 grp = grp->gr_next; 1562 if (! grp) { 1563 getexp_err(ep, tgrp); 1564 goto nextline; 1565 } 1566 } 1567 1568 if (v4root_phase == 1) { 1569 syslog(LOG_ERR, "V4:root, no dirp, ignored"); 1570 getexp_err(ep, tgrp); 1571 goto nextline; 1572 } 1573 1574 /* 1575 * Loop through hosts, pushing the exports into the kernel. 1576 * After loop, tgrp points to the start of the list and 1577 * grp points to the last entry in the list. 1578 */ 1579 grp = tgrp; 1580 do { 1581 if (do_mount(ep, grp, exflags, &anon, dirp, dirplen, 1582 &fsb)) { 1583 getexp_err(ep, tgrp); 1584 goto nextline; 1585 } 1586 } while (grp->gr_next && (grp = grp->gr_next)); 1587 1588 /* 1589 * For V4: don't enter in mount lists. 1590 */ 1591 if (v4root_phase > 0 && v4root_phase <= 2) { 1592 /* 1593 * Since these structures aren't used by mountd, 1594 * free them up now. 1595 */ 1596 if (ep != NULL) 1597 free_exp(ep); 1598 while (tgrp != NULL) { 1599 grp = tgrp; 1600 tgrp = tgrp->gr_next; 1601 free_grp(grp); 1602 } 1603 goto nextline; 1604 } 1605 1606 /* 1607 * Success. Update the data structures. 1608 */ 1609 if (has_host) { 1610 hang_dirp(dirhead, tgrp, ep, opt_flags); 1611 grp->gr_next = grphead; 1612 grphead = tgrp; 1613 } else { 1614 hang_dirp(dirhead, (struct grouplist *)NULL, ep, 1615 opt_flags); 1616 free_grp(grp); 1617 } 1618 dirhead = (struct dirlist *)NULL; 1619 if ((ep->ex_flag & EX_LINKED) == 0) { 1620 ep2 = exphead; 1621 epp = &exphead; 1622 1623 /* 1624 * Insert in the list in alphabetical order. 1625 */ 1626 while (ep2 && strcmp(ep2->ex_fsdir, ep->ex_fsdir) < 0) { 1627 epp = &ep2->ex_next; 1628 ep2 = ep2->ex_next; 1629 } 1630 if (ep2) 1631 ep->ex_next = ep2; 1632 *epp = ep; 1633 ep->ex_flag |= EX_LINKED; 1634 } 1635 nextline: 1636 v4root_phase = 0; 1637 if (dirhead) { 1638 free_dir(dirhead); 1639 dirhead = (struct dirlist *)NULL; 1640 } 1641 } 1642 } 1643 1644 /* 1645 * Get the export list from all specified files 1646 */ 1647 void 1648 get_exportlist(void) 1649 { 1650 struct exportlist *ep, *ep2; 1651 struct grouplist *grp, *tgrp; 1652 struct export_args export; 1653 struct iovec *iov; 1654 struct statfs *fsp, *mntbufp; 1655 struct xvfsconf vfc; 1656 char errmsg[255]; 1657 int num, i; 1658 int iovlen; 1659 int done; 1660 struct nfsex_args eargs; 1661 1662 v4root_dirpath[0] = '\0'; 1663 bzero(&export, sizeof(export)); 1664 export.ex_flags = MNT_DELEXPORT; 1665 iov = NULL; 1666 iovlen = 0; 1667 bzero(errmsg, sizeof(errmsg)); 1668 1669 /* 1670 * First, get rid of the old list 1671 */ 1672 ep = exphead; 1673 while (ep) { 1674 ep2 = ep; 1675 ep = ep->ex_next; 1676 free_exp(ep2); 1677 } 1678 exphead = (struct exportlist *)NULL; 1679 1680 grp = grphead; 1681 while (grp) { 1682 tgrp = grp; 1683 grp = grp->gr_next; 1684 free_grp(tgrp); 1685 } 1686 grphead = (struct grouplist *)NULL; 1687 1688 /* 1689 * and the old V4 root dir. 1690 */ 1691 bzero(&eargs, sizeof (eargs)); 1692 eargs.export.ex_flags = MNT_DELEXPORT; 1693 if (run_v4server > 0 && 1694 nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&eargs) < 0 && 1695 errno != ENOENT) 1696 syslog(LOG_ERR, "Can't delete exports for V4:"); 1697 1698 /* 1699 * and clear flag that notes if a public fh has been exported. 1700 */ 1701 has_publicfh = 0; 1702 1703 /* 1704 * And delete exports that are in the kernel for all local 1705 * filesystems. 1706 * XXX: Should know how to handle all local exportable filesystems. 1707 */ 1708 num = getmntinfo(&mntbufp, MNT_NOWAIT); 1709 1710 if (num > 0) { 1711 build_iovec(&iov, &iovlen, "fstype", NULL, 0); 1712 build_iovec(&iov, &iovlen, "fspath", NULL, 0); 1713 build_iovec(&iov, &iovlen, "from", NULL, 0); 1714 build_iovec(&iov, &iovlen, "update", NULL, 0); 1715 build_iovec(&iov, &iovlen, "export", &export, sizeof(export)); 1716 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 1717 } 1718 1719 for (i = 0; i < num; i++) { 1720 fsp = &mntbufp[i]; 1721 if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) { 1722 syslog(LOG_ERR, "getvfsbyname() failed for %s", 1723 fsp->f_fstypename); 1724 continue; 1725 } 1726 1727 /* 1728 * Do not delete export for network filesystem by 1729 * passing "export" arg to nmount(). 1730 * It only makes sense to do this for local filesystems. 1731 */ 1732 if (vfc.vfc_flags & VFCF_NETWORK) 1733 continue; 1734 1735 iov[1].iov_base = fsp->f_fstypename; 1736 iov[1].iov_len = strlen(fsp->f_fstypename) + 1; 1737 iov[3].iov_base = fsp->f_mntonname; 1738 iov[3].iov_len = strlen(fsp->f_mntonname) + 1; 1739 iov[5].iov_base = fsp->f_mntfromname; 1740 iov[5].iov_len = strlen(fsp->f_mntfromname) + 1; 1741 1742 if (nmount(iov, iovlen, fsp->f_flags) < 0 && 1743 errno != ENOENT && errno != ENOTSUP) { 1744 syslog(LOG_ERR, 1745 "can't delete exports for %s: %m %s", 1746 fsp->f_mntonname, errmsg); 1747 } 1748 } 1749 1750 if (iov != NULL) { 1751 /* Free strings allocated by strdup() in getmntopts.c */ 1752 free(iov[0].iov_base); /* fstype */ 1753 free(iov[2].iov_base); /* fspath */ 1754 free(iov[4].iov_base); /* from */ 1755 free(iov[6].iov_base); /* update */ 1756 free(iov[8].iov_base); /* export */ 1757 free(iov[10].iov_base); /* errmsg */ 1758 1759 /* free iov, allocated by realloc() */ 1760 free(iov); 1761 iovlen = 0; 1762 } 1763 1764 /* 1765 * Read in the exports file and build the list, calling 1766 * nmount() as we go along to push the export rules into the kernel. 1767 */ 1768 done = 0; 1769 for (i = 0; exnames[i] != NULL; i++) { 1770 if (debug) 1771 warnx("reading exports from %s", exnames[i]); 1772 if ((exp_file = fopen(exnames[i], "r")) == NULL) { 1773 syslog(LOG_WARNING, "can't open %s", exnames[i]); 1774 continue; 1775 } 1776 get_exportlist_one(); 1777 fclose(exp_file); 1778 done++; 1779 } 1780 if (done == 0) { 1781 syslog(LOG_ERR, "can't open any exports file"); 1782 exit(2); 1783 } 1784 1785 /* 1786 * If there was no public fh, clear any previous one set. 1787 */ 1788 if (run_v4server > 0 && has_publicfh == 0) 1789 (void) nfssvc(NFSSVC_NOPUBLICFH, NULL); 1790 } 1791 1792 /* 1793 * Allocate an export list element 1794 */ 1795 struct exportlist * 1796 get_exp(void) 1797 { 1798 struct exportlist *ep; 1799 1800 ep = (struct exportlist *)calloc(1, sizeof (struct exportlist)); 1801 if (ep == (struct exportlist *)NULL) 1802 out_of_mem(); 1803 return (ep); 1804 } 1805 1806 /* 1807 * Allocate a group list element 1808 */ 1809 struct grouplist * 1810 get_grp(void) 1811 { 1812 struct grouplist *gp; 1813 1814 gp = (struct grouplist *)calloc(1, sizeof (struct grouplist)); 1815 if (gp == (struct grouplist *)NULL) 1816 out_of_mem(); 1817 return (gp); 1818 } 1819 1820 /* 1821 * Clean up upon an error in get_exportlist(). 1822 */ 1823 void 1824 getexp_err(struct exportlist *ep, struct grouplist *grp) 1825 { 1826 struct grouplist *tgrp; 1827 1828 if (!(opt_flags & OP_QUIET)) 1829 syslog(LOG_ERR, "bad exports list line %s", line); 1830 if (ep && (ep->ex_flag & EX_LINKED) == 0) 1831 free_exp(ep); 1832 while (grp) { 1833 tgrp = grp; 1834 grp = grp->gr_next; 1835 free_grp(tgrp); 1836 } 1837 } 1838 1839 /* 1840 * Search the export list for a matching fs. 1841 */ 1842 struct exportlist * 1843 ex_search(fsid_t *fsid) 1844 { 1845 struct exportlist *ep; 1846 1847 ep = exphead; 1848 while (ep) { 1849 if (ep->ex_fs.val[0] == fsid->val[0] && 1850 ep->ex_fs.val[1] == fsid->val[1]) 1851 return (ep); 1852 ep = ep->ex_next; 1853 } 1854 return (ep); 1855 } 1856 1857 /* 1858 * Add a directory path to the list. 1859 */ 1860 char * 1861 add_expdir(struct dirlist **dpp, char *cp, int len) 1862 { 1863 struct dirlist *dp; 1864 1865 dp = (struct dirlist *)malloc(sizeof (struct dirlist) + len); 1866 if (dp == (struct dirlist *)NULL) 1867 out_of_mem(); 1868 dp->dp_left = *dpp; 1869 dp->dp_right = (struct dirlist *)NULL; 1870 dp->dp_flag = 0; 1871 dp->dp_hosts = (struct hostlist *)NULL; 1872 strcpy(dp->dp_dirp, cp); 1873 *dpp = dp; 1874 return (dp->dp_dirp); 1875 } 1876 1877 /* 1878 * Hang the dir list element off the dirpath binary tree as required 1879 * and update the entry for host. 1880 */ 1881 void 1882 hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep, 1883 int flags) 1884 { 1885 struct hostlist *hp; 1886 struct dirlist *dp2; 1887 1888 if (flags & OP_ALLDIRS) { 1889 if (ep->ex_defdir) 1890 free((caddr_t)dp); 1891 else 1892 ep->ex_defdir = dp; 1893 if (grp == (struct grouplist *)NULL) { 1894 ep->ex_defdir->dp_flag |= DP_DEFSET; 1895 /* Save the default security flavors list. */ 1896 ep->ex_defnumsecflavors = ep->ex_numsecflavors; 1897 if (ep->ex_numsecflavors > 0) 1898 memcpy(ep->ex_defsecflavors, ep->ex_secflavors, 1899 sizeof(ep->ex_secflavors)); 1900 } else while (grp) { 1901 hp = get_ht(); 1902 hp->ht_grp = grp; 1903 hp->ht_next = ep->ex_defdir->dp_hosts; 1904 ep->ex_defdir->dp_hosts = hp; 1905 /* Save the security flavors list for this host set. */ 1906 grp->gr_numsecflavors = ep->ex_numsecflavors; 1907 if (ep->ex_numsecflavors > 0) 1908 memcpy(grp->gr_secflavors, ep->ex_secflavors, 1909 sizeof(ep->ex_secflavors)); 1910 grp = grp->gr_next; 1911 } 1912 } else { 1913 1914 /* 1915 * Loop through the directories adding them to the tree. 1916 */ 1917 while (dp) { 1918 dp2 = dp->dp_left; 1919 add_dlist(&ep->ex_dirl, dp, grp, flags, ep); 1920 dp = dp2; 1921 } 1922 } 1923 } 1924 1925 /* 1926 * Traverse the binary tree either updating a node that is already there 1927 * for the new directory or adding the new node. 1928 */ 1929 void 1930 add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp, 1931 int flags, struct exportlist *ep) 1932 { 1933 struct dirlist *dp; 1934 struct hostlist *hp; 1935 int cmp; 1936 1937 dp = *dpp; 1938 if (dp) { 1939 cmp = strcmp(dp->dp_dirp, newdp->dp_dirp); 1940 if (cmp > 0) { 1941 add_dlist(&dp->dp_left, newdp, grp, flags, ep); 1942 return; 1943 } else if (cmp < 0) { 1944 add_dlist(&dp->dp_right, newdp, grp, flags, ep); 1945 return; 1946 } else 1947 free((caddr_t)newdp); 1948 } else { 1949 dp = newdp; 1950 dp->dp_left = (struct dirlist *)NULL; 1951 *dpp = dp; 1952 } 1953 if (grp) { 1954 1955 /* 1956 * Hang all of the host(s) off of the directory point. 1957 */ 1958 do { 1959 hp = get_ht(); 1960 hp->ht_grp = grp; 1961 hp->ht_next = dp->dp_hosts; 1962 dp->dp_hosts = hp; 1963 /* Save the security flavors list for this host set. */ 1964 grp->gr_numsecflavors = ep->ex_numsecflavors; 1965 if (ep->ex_numsecflavors > 0) 1966 memcpy(grp->gr_secflavors, ep->ex_secflavors, 1967 sizeof(ep->ex_secflavors)); 1968 grp = grp->gr_next; 1969 } while (grp); 1970 } else { 1971 dp->dp_flag |= DP_DEFSET; 1972 /* Save the default security flavors list. */ 1973 ep->ex_defnumsecflavors = ep->ex_numsecflavors; 1974 if (ep->ex_numsecflavors > 0) 1975 memcpy(ep->ex_defsecflavors, ep->ex_secflavors, 1976 sizeof(ep->ex_secflavors)); 1977 } 1978 } 1979 1980 /* 1981 * Search for a dirpath on the export point. 1982 */ 1983 struct dirlist * 1984 dirp_search(struct dirlist *dp, char *dirp) 1985 { 1986 int cmp; 1987 1988 if (dp) { 1989 cmp = strcmp(dp->dp_dirp, dirp); 1990 if (cmp > 0) 1991 return (dirp_search(dp->dp_left, dirp)); 1992 else if (cmp < 0) 1993 return (dirp_search(dp->dp_right, dirp)); 1994 else 1995 return (dp); 1996 } 1997 return (dp); 1998 } 1999 2000 /* 2001 * Scan for a host match in a directory tree. 2002 */ 2003 int 2004 chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp, 2005 int *hostsetp, int *numsecflavors, int **secflavorsp) 2006 { 2007 struct hostlist *hp; 2008 struct grouplist *grp; 2009 struct addrinfo *ai; 2010 2011 if (dp) { 2012 if (dp->dp_flag & DP_DEFSET) 2013 *defsetp = dp->dp_flag; 2014 hp = dp->dp_hosts; 2015 while (hp) { 2016 grp = hp->ht_grp; 2017 switch (grp->gr_type) { 2018 case GT_HOST: 2019 ai = grp->gr_ptr.gt_addrinfo; 2020 for (; ai; ai = ai->ai_next) { 2021 if (!sacmp(ai->ai_addr, saddr, NULL)) { 2022 *hostsetp = 2023 (hp->ht_flag | DP_HOSTSET); 2024 if (numsecflavors != NULL) { 2025 *numsecflavors = 2026 grp->gr_numsecflavors; 2027 *secflavorsp = 2028 grp->gr_secflavors; 2029 } 2030 return (1); 2031 } 2032 } 2033 break; 2034 case GT_NET: 2035 if (!sacmp(saddr, (struct sockaddr *) 2036 &grp->gr_ptr.gt_net.nt_net, 2037 (struct sockaddr *) 2038 &grp->gr_ptr.gt_net.nt_mask)) { 2039 *hostsetp = (hp->ht_flag | DP_HOSTSET); 2040 if (numsecflavors != NULL) { 2041 *numsecflavors = 2042 grp->gr_numsecflavors; 2043 *secflavorsp = 2044 grp->gr_secflavors; 2045 } 2046 return (1); 2047 } 2048 break; 2049 } 2050 hp = hp->ht_next; 2051 } 2052 } 2053 return (0); 2054 } 2055 2056 /* 2057 * Scan tree for a host that matches the address. 2058 */ 2059 int 2060 scan_tree(struct dirlist *dp, struct sockaddr *saddr) 2061 { 2062 int defset, hostset; 2063 2064 if (dp) { 2065 if (scan_tree(dp->dp_left, saddr)) 2066 return (1); 2067 if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL)) 2068 return (1); 2069 if (scan_tree(dp->dp_right, saddr)) 2070 return (1); 2071 } 2072 return (0); 2073 } 2074 2075 /* 2076 * Traverse the dirlist tree and free it up. 2077 */ 2078 void 2079 free_dir(struct dirlist *dp) 2080 { 2081 2082 if (dp) { 2083 free_dir(dp->dp_left); 2084 free_dir(dp->dp_right); 2085 free_host(dp->dp_hosts); 2086 free((caddr_t)dp); 2087 } 2088 } 2089 2090 /* 2091 * Parse a colon separated list of security flavors 2092 */ 2093 int 2094 parsesec(char *seclist, struct exportlist *ep) 2095 { 2096 char *cp, savedc; 2097 int flavor; 2098 2099 ep->ex_numsecflavors = 0; 2100 for (;;) { 2101 cp = strchr(seclist, ':'); 2102 if (cp) { 2103 savedc = *cp; 2104 *cp = '\0'; 2105 } 2106 2107 if (!strcmp(seclist, "sys")) 2108 flavor = AUTH_SYS; 2109 else if (!strcmp(seclist, "krb5")) 2110 flavor = RPCSEC_GSS_KRB5; 2111 else if (!strcmp(seclist, "krb5i")) 2112 flavor = RPCSEC_GSS_KRB5I; 2113 else if (!strcmp(seclist, "krb5p")) 2114 flavor = RPCSEC_GSS_KRB5P; 2115 else { 2116 if (cp) 2117 *cp = savedc; 2118 syslog(LOG_ERR, "bad sec flavor: %s", seclist); 2119 return (1); 2120 } 2121 if (ep->ex_numsecflavors == MAXSECFLAVORS) { 2122 if (cp) 2123 *cp = savedc; 2124 syslog(LOG_ERR, "too many sec flavors: %s", seclist); 2125 return (1); 2126 } 2127 ep->ex_secflavors[ep->ex_numsecflavors] = flavor; 2128 ep->ex_numsecflavors++; 2129 if (cp) { 2130 *cp = savedc; 2131 seclist = cp + 1; 2132 } else { 2133 break; 2134 } 2135 } 2136 return (0); 2137 } 2138 2139 /* 2140 * Parse the option string and update fields. 2141 * Option arguments may either be -<option>=<value> or 2142 * -<option> <value> 2143 */ 2144 int 2145 do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, 2146 int *has_hostp, int *exflagsp, struct xucred *cr) 2147 { 2148 char *cpoptarg, *cpoptend; 2149 char *cp, *endcp, *cpopt, savedc, savedc2; 2150 int allflag, usedarg; 2151 2152 savedc2 = '\0'; 2153 cpopt = *cpp; 2154 cpopt++; 2155 cp = *endcpp; 2156 savedc = *cp; 2157 *cp = '\0'; 2158 while (cpopt && *cpopt) { 2159 allflag = 1; 2160 usedarg = -2; 2161 if ((cpoptend = strchr(cpopt, ','))) { 2162 *cpoptend++ = '\0'; 2163 if ((cpoptarg = strchr(cpopt, '='))) 2164 *cpoptarg++ = '\0'; 2165 } else { 2166 if ((cpoptarg = strchr(cpopt, '='))) 2167 *cpoptarg++ = '\0'; 2168 else { 2169 *cp = savedc; 2170 nextfield(&cp, &endcp); 2171 **endcpp = '\0'; 2172 if (endcp > cp && *cp != '-') { 2173 cpoptarg = cp; 2174 savedc2 = *endcp; 2175 *endcp = '\0'; 2176 usedarg = 0; 2177 } 2178 } 2179 } 2180 if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) { 2181 *exflagsp |= MNT_EXRDONLY; 2182 } else if (cpoptarg && (!strcmp(cpopt, "maproot") || 2183 !(allflag = strcmp(cpopt, "mapall")) || 2184 !strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) { 2185 usedarg++; 2186 parsecred(cpoptarg, cr); 2187 if (allflag == 0) { 2188 *exflagsp |= MNT_EXPORTANON; 2189 opt_flags |= OP_MAPALL; 2190 } else 2191 opt_flags |= OP_MAPROOT; 2192 } else if (cpoptarg && (!strcmp(cpopt, "mask") || 2193 !strcmp(cpopt, "m"))) { 2194 if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) { 2195 syslog(LOG_ERR, "bad mask: %s", cpoptarg); 2196 return (1); 2197 } 2198 usedarg++; 2199 opt_flags |= OP_MASK; 2200 } else if (cpoptarg && (!strcmp(cpopt, "network") || 2201 !strcmp(cpopt, "n"))) { 2202 if (strchr(cpoptarg, '/') != NULL) { 2203 if (debug) 2204 fprintf(stderr, "setting OP_MASKLEN\n"); 2205 opt_flags |= OP_MASKLEN; 2206 } 2207 if (grp->gr_type != GT_NULL) { 2208 syslog(LOG_ERR, "network/host conflict"); 2209 return (1); 2210 } else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) { 2211 syslog(LOG_ERR, "bad net: %s", cpoptarg); 2212 return (1); 2213 } 2214 grp->gr_type = GT_NET; 2215 *has_hostp = 1; 2216 usedarg++; 2217 opt_flags |= OP_NET; 2218 } else if (!strcmp(cpopt, "alldirs")) { 2219 opt_flags |= OP_ALLDIRS; 2220 } else if (!strcmp(cpopt, "public")) { 2221 *exflagsp |= MNT_EXPUBLIC; 2222 } else if (!strcmp(cpopt, "webnfs")) { 2223 *exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON); 2224 opt_flags |= OP_MAPALL; 2225 } else if (cpoptarg && !strcmp(cpopt, "index")) { 2226 ep->ex_indexfile = strdup(cpoptarg); 2227 } else if (!strcmp(cpopt, "quiet")) { 2228 opt_flags |= OP_QUIET; 2229 } else if (!strcmp(cpopt, "sec")) { 2230 if (parsesec(cpoptarg, ep)) 2231 return (1); 2232 opt_flags |= OP_SEC; 2233 usedarg++; 2234 } else { 2235 syslog(LOG_ERR, "bad opt %s", cpopt); 2236 return (1); 2237 } 2238 if (usedarg >= 0) { 2239 *endcp = savedc2; 2240 **endcpp = savedc; 2241 if (usedarg > 0) { 2242 *cpp = cp; 2243 *endcpp = endcp; 2244 } 2245 return (0); 2246 } 2247 cpopt = cpoptend; 2248 } 2249 **endcpp = savedc; 2250 return (0); 2251 } 2252 2253 /* 2254 * Translate a character string to the corresponding list of network 2255 * addresses for a hostname. 2256 */ 2257 int 2258 get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp) 2259 { 2260 struct grouplist *checkgrp; 2261 struct addrinfo *ai, *tai, hints; 2262 int ecode; 2263 char host[NI_MAXHOST]; 2264 2265 if (grp->gr_type != GT_NULL) { 2266 syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp); 2267 return (1); 2268 } 2269 memset(&hints, 0, sizeof hints); 2270 hints.ai_flags = AI_CANONNAME; 2271 hints.ai_protocol = IPPROTO_UDP; 2272 ecode = getaddrinfo(cp, NULL, &hints, &ai); 2273 if (ecode != 0) { 2274 syslog(LOG_ERR,"can't get address info for host %s", cp); 2275 return 1; 2276 } 2277 grp->gr_ptr.gt_addrinfo = ai; 2278 while (ai != NULL) { 2279 if (ai->ai_canonname == NULL) { 2280 if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host, 2281 sizeof host, NULL, 0, NI_NUMERICHOST) != 0) 2282 strlcpy(host, "?", sizeof(host)); 2283 ai->ai_canonname = strdup(host); 2284 ai->ai_flags |= AI_CANONNAME; 2285 } 2286 if (debug) 2287 fprintf(stderr, "got host %s\n", ai->ai_canonname); 2288 /* 2289 * Sanity check: make sure we don't already have an entry 2290 * for this host in the grouplist. 2291 */ 2292 for (checkgrp = tgrp; checkgrp != NULL; 2293 checkgrp = checkgrp->gr_next) { 2294 if (checkgrp->gr_type != GT_HOST) 2295 continue; 2296 for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL; 2297 tai = tai->ai_next) { 2298 if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0) 2299 continue; 2300 if (debug) 2301 fprintf(stderr, 2302 "ignoring duplicate host %s\n", 2303 ai->ai_canonname); 2304 grp->gr_type = GT_IGNORE; 2305 return (0); 2306 } 2307 } 2308 ai = ai->ai_next; 2309 } 2310 grp->gr_type = GT_HOST; 2311 return (0); 2312 } 2313 2314 /* 2315 * Free up an exports list component 2316 */ 2317 void 2318 free_exp(struct exportlist *ep) 2319 { 2320 2321 if (ep->ex_defdir) { 2322 free_host(ep->ex_defdir->dp_hosts); 2323 free((caddr_t)ep->ex_defdir); 2324 } 2325 if (ep->ex_fsdir) 2326 free(ep->ex_fsdir); 2327 if (ep->ex_indexfile) 2328 free(ep->ex_indexfile); 2329 free_dir(ep->ex_dirl); 2330 free((caddr_t)ep); 2331 } 2332 2333 /* 2334 * Free hosts. 2335 */ 2336 void 2337 free_host(struct hostlist *hp) 2338 { 2339 struct hostlist *hp2; 2340 2341 while (hp) { 2342 hp2 = hp; 2343 hp = hp->ht_next; 2344 free((caddr_t)hp2); 2345 } 2346 } 2347 2348 struct hostlist * 2349 get_ht(void) 2350 { 2351 struct hostlist *hp; 2352 2353 hp = (struct hostlist *)malloc(sizeof (struct hostlist)); 2354 if (hp == (struct hostlist *)NULL) 2355 out_of_mem(); 2356 hp->ht_next = (struct hostlist *)NULL; 2357 hp->ht_flag = 0; 2358 return (hp); 2359 } 2360 2361 /* 2362 * Out of memory, fatal 2363 */ 2364 void 2365 out_of_mem(void) 2366 { 2367 2368 syslog(LOG_ERR, "out of memory"); 2369 exit(2); 2370 } 2371 2372 /* 2373 * Do the nmount() syscall with the update flag to push the export info into 2374 * the kernel. 2375 */ 2376 int 2377 do_mount(struct exportlist *ep, struct grouplist *grp, int exflags, 2378 struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb) 2379 { 2380 struct statfs fsb1; 2381 struct addrinfo *ai; 2382 struct export_args ea, *eap; 2383 char errmsg[255]; 2384 char *cp; 2385 int done; 2386 char savedc; 2387 struct iovec *iov; 2388 int i, iovlen; 2389 int ret; 2390 struct nfsex_args nfsea; 2391 2392 if (run_v4server > 0) 2393 eap = &nfsea.export; 2394 else 2395 eap = &ea; 2396 2397 cp = NULL; 2398 savedc = '\0'; 2399 iov = NULL; 2400 iovlen = 0; 2401 ret = 0; 2402 2403 bzero(eap, sizeof (struct export_args)); 2404 bzero(errmsg, sizeof(errmsg)); 2405 eap->ex_flags = exflags; 2406 eap->ex_anon = *anoncrp; 2407 eap->ex_indexfile = ep->ex_indexfile; 2408 if (grp->gr_type == GT_HOST) 2409 ai = grp->gr_ptr.gt_addrinfo; 2410 else 2411 ai = NULL; 2412 eap->ex_numsecflavors = ep->ex_numsecflavors; 2413 for (i = 0; i < eap->ex_numsecflavors; i++) 2414 eap->ex_secflavors[i] = ep->ex_secflavors[i]; 2415 if (eap->ex_numsecflavors == 0) { 2416 eap->ex_numsecflavors = 1; 2417 eap->ex_secflavors[0] = AUTH_SYS; 2418 } 2419 done = FALSE; 2420 2421 if (v4root_phase == 0) { 2422 build_iovec(&iov, &iovlen, "fstype", NULL, 0); 2423 build_iovec(&iov, &iovlen, "fspath", NULL, 0); 2424 build_iovec(&iov, &iovlen, "from", NULL, 0); 2425 build_iovec(&iov, &iovlen, "update", NULL, 0); 2426 build_iovec(&iov, &iovlen, "export", eap, 2427 sizeof (struct export_args)); 2428 build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg)); 2429 } 2430 2431 while (!done) { 2432 switch (grp->gr_type) { 2433 case GT_HOST: 2434 if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0) 2435 goto skip; 2436 eap->ex_addr = ai->ai_addr; 2437 eap->ex_addrlen = ai->ai_addrlen; 2438 eap->ex_masklen = 0; 2439 break; 2440 case GT_NET: 2441 if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 && 2442 have_v6 == 0) 2443 goto skip; 2444 eap->ex_addr = 2445 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_net; 2446 eap->ex_addrlen = 2447 ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len; 2448 eap->ex_mask = 2449 (struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask; 2450 eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len; 2451 break; 2452 case GT_DEFAULT: 2453 eap->ex_addr = NULL; 2454 eap->ex_addrlen = 0; 2455 eap->ex_mask = NULL; 2456 eap->ex_masklen = 0; 2457 break; 2458 case GT_IGNORE: 2459 ret = 0; 2460 goto error_exit; 2461 break; 2462 default: 2463 syslog(LOG_ERR, "bad grouptype"); 2464 if (cp) 2465 *cp = savedc; 2466 ret = 1; 2467 goto error_exit; 2468 }; 2469 2470 /* 2471 * For V4:, use the nfssvc() syscall, instead of mount(). 2472 */ 2473 if (v4root_phase == 2) { 2474 nfsea.fspec = v4root_dirpath; 2475 if (run_v4server > 0 && 2476 nfssvc(NFSSVC_V4ROOTEXPORT, (caddr_t)&nfsea) < 0) { 2477 syslog(LOG_ERR, "Exporting V4: failed"); 2478 return (2); 2479 } 2480 } else { 2481 /* 2482 * XXX: 2483 * Maybe I should just use the fsb->f_mntonname path 2484 * instead of looping back up the dirp to the mount 2485 * point?? 2486 * Also, needs to know how to export all types of local 2487 * exportable filesystems and not just "ufs". 2488 */ 2489 iov[1].iov_base = fsb->f_fstypename; /* "fstype" */ 2490 iov[1].iov_len = strlen(fsb->f_fstypename) + 1; 2491 iov[3].iov_base = fsb->f_mntonname; /* "fspath" */ 2492 iov[3].iov_len = strlen(fsb->f_mntonname) + 1; 2493 iov[5].iov_base = fsb->f_mntfromname; /* "from" */ 2494 iov[5].iov_len = strlen(fsb->f_mntfromname) + 1; 2495 2496 while (nmount(iov, iovlen, fsb->f_flags) < 0) { 2497 if (cp) 2498 *cp-- = savedc; 2499 else 2500 cp = dirp + dirplen - 1; 2501 if (opt_flags & OP_QUIET) { 2502 ret = 1; 2503 goto error_exit; 2504 } 2505 if (errno == EPERM) { 2506 if (debug) 2507 warnx("can't change attributes for %s: %s", 2508 dirp, errmsg); 2509 syslog(LOG_ERR, 2510 "can't change attributes for %s: %s", 2511 dirp, errmsg); 2512 ret = 1; 2513 goto error_exit; 2514 } 2515 if (opt_flags & OP_ALLDIRS) { 2516 if (errno == EINVAL) 2517 syslog(LOG_ERR, 2518 "-alldirs requested but %s is not a filesystem mountpoint", 2519 dirp); 2520 else 2521 syslog(LOG_ERR, 2522 "could not remount %s: %m", 2523 dirp); 2524 ret = 1; 2525 goto error_exit; 2526 } 2527 /* back up over the last component */ 2528 while (*cp == '/' && cp > dirp) 2529 cp--; 2530 while (*(cp - 1) != '/' && cp > dirp) 2531 cp--; 2532 if (cp == dirp) { 2533 if (debug) 2534 warnx("mnt unsucc"); 2535 syslog(LOG_ERR, "can't export %s %s", 2536 dirp, errmsg); 2537 ret = 1; 2538 goto error_exit; 2539 } 2540 savedc = *cp; 2541 *cp = '\0'; 2542 /* 2543 * Check that we're still on the same 2544 * filesystem. 2545 */ 2546 if (statfs(dirp, &fsb1) != 0 || 2547 bcmp(&fsb1.f_fsid, &fsb->f_fsid, 2548 sizeof (fsb1.f_fsid)) != 0) { 2549 *cp = savedc; 2550 syslog(LOG_ERR, 2551 "can't export %s %s", dirp, 2552 errmsg); 2553 ret = 1; 2554 goto error_exit; 2555 } 2556 } 2557 } 2558 2559 /* 2560 * For the experimental server: 2561 * If this is the public directory, get the file handle 2562 * and load it into the kernel via the nfssvc() syscall. 2563 */ 2564 if (run_v4server > 0 && (exflags & MNT_EXPUBLIC) != 0) { 2565 fhandle_t fh; 2566 char *public_name; 2567 2568 if (eap->ex_indexfile != NULL) 2569 public_name = eap->ex_indexfile; 2570 else 2571 public_name = dirp; 2572 if (getfh(public_name, &fh) < 0) 2573 syslog(LOG_ERR, 2574 "Can't get public fh for %s", public_name); 2575 else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0) 2576 syslog(LOG_ERR, 2577 "Can't set public fh for %s", public_name); 2578 else 2579 has_publicfh = 1; 2580 } 2581 skip: 2582 if (ai != NULL) 2583 ai = ai->ai_next; 2584 if (ai == NULL) 2585 done = TRUE; 2586 } 2587 if (cp) 2588 *cp = savedc; 2589 error_exit: 2590 /* free strings allocated by strdup() in getmntopts.c */ 2591 if (iov != NULL) { 2592 free(iov[0].iov_base); /* fstype */ 2593 free(iov[2].iov_base); /* fspath */ 2594 free(iov[4].iov_base); /* from */ 2595 free(iov[6].iov_base); /* update */ 2596 free(iov[8].iov_base); /* export */ 2597 free(iov[10].iov_base); /* errmsg */ 2598 2599 /* free iov, allocated by realloc() */ 2600 free(iov); 2601 } 2602 return (ret); 2603 } 2604 2605 /* 2606 * Translate a net address. 2607 * 2608 * If `maskflg' is nonzero, then `cp' is a netmask, not a network address. 2609 */ 2610 int 2611 get_net(char *cp, struct netmsk *net, int maskflg) 2612 { 2613 struct netent *np = NULL; 2614 char *name, *p, *prefp; 2615 struct sockaddr_in sin; 2616 struct sockaddr *sa = NULL; 2617 struct addrinfo hints, *ai = NULL; 2618 char netname[NI_MAXHOST]; 2619 long preflen; 2620 2621 p = prefp = NULL; 2622 if ((opt_flags & OP_MASKLEN) && !maskflg) { 2623 p = strchr(cp, '/'); 2624 *p = '\0'; 2625 prefp = p + 1; 2626 } 2627 2628 /* 2629 * Check for a numeric address first. We wish to avoid 2630 * possible DNS lookups in getnetbyname(). 2631 */ 2632 if (isxdigit(*cp) || *cp == ':') { 2633 memset(&hints, 0, sizeof hints); 2634 /* Ensure the mask and the network have the same family. */ 2635 if (maskflg && (opt_flags & OP_NET)) 2636 hints.ai_family = net->nt_net.ss_family; 2637 else if (!maskflg && (opt_flags & OP_HAVEMASK)) 2638 hints.ai_family = net->nt_mask.ss_family; 2639 else 2640 hints.ai_family = AF_UNSPEC; 2641 hints.ai_flags = AI_NUMERICHOST; 2642 if (getaddrinfo(cp, NULL, &hints, &ai) == 0) 2643 sa = ai->ai_addr; 2644 if (sa != NULL && ai->ai_family == AF_INET) { 2645 /* 2646 * The address in `cp' is really a network address, so 2647 * use inet_network() to re-interpret this correctly. 2648 * e.g. "127.1" means 127.1.0.0, not 127.0.0.1. 2649 */ 2650 bzero(&sin, sizeof sin); 2651 sin.sin_family = AF_INET; 2652 sin.sin_len = sizeof sin; 2653 sin.sin_addr = inet_makeaddr(inet_network(cp), 0); 2654 if (debug) 2655 fprintf(stderr, "get_net: v4 addr %s\n", 2656 inet_ntoa(sin.sin_addr)); 2657 sa = (struct sockaddr *)&sin; 2658 } 2659 } 2660 if (sa == NULL && (np = getnetbyname(cp)) != NULL) { 2661 bzero(&sin, sizeof sin); 2662 sin.sin_family = AF_INET; 2663 sin.sin_len = sizeof sin; 2664 sin.sin_addr = inet_makeaddr(np->n_net, 0); 2665 sa = (struct sockaddr *)&sin; 2666 } 2667 if (sa == NULL) 2668 goto fail; 2669 2670 if (maskflg) { 2671 /* The specified sockaddr is a mask. */ 2672 if (checkmask(sa) != 0) 2673 goto fail; 2674 bcopy(sa, &net->nt_mask, sa->sa_len); 2675 opt_flags |= OP_HAVEMASK; 2676 } else { 2677 /* The specified sockaddr is a network address. */ 2678 bcopy(sa, &net->nt_net, sa->sa_len); 2679 2680 /* Get a network name for the export list. */ 2681 if (np) { 2682 name = np->n_name; 2683 } else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname, 2684 NULL, 0, NI_NUMERICHOST) == 0) { 2685 name = netname; 2686 } else { 2687 goto fail; 2688 } 2689 if ((net->nt_name = strdup(name)) == NULL) 2690 out_of_mem(); 2691 2692 /* 2693 * Extract a mask from either a "/<masklen>" suffix, or 2694 * from the class of an IPv4 address. 2695 */ 2696 if (opt_flags & OP_MASKLEN) { 2697 preflen = strtol(prefp, NULL, 10); 2698 if (preflen < 0L || preflen == LONG_MAX) 2699 goto fail; 2700 bcopy(sa, &net->nt_mask, sa->sa_len); 2701 if (makemask(&net->nt_mask, (int)preflen) != 0) 2702 goto fail; 2703 opt_flags |= OP_HAVEMASK; 2704 *p = '/'; 2705 } else if (sa->sa_family == AF_INET && 2706 (opt_flags & OP_MASK) == 0) { 2707 in_addr_t addr; 2708 2709 addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr; 2710 if (IN_CLASSA(addr)) 2711 preflen = 8; 2712 else if (IN_CLASSB(addr)) 2713 preflen = 16; 2714 else if (IN_CLASSC(addr)) 2715 preflen = 24; 2716 else if (IN_CLASSD(addr)) 2717 preflen = 28; 2718 else 2719 preflen = 32; /* XXX */ 2720 2721 bcopy(sa, &net->nt_mask, sa->sa_len); 2722 makemask(&net->nt_mask, (int)preflen); 2723 opt_flags |= OP_HAVEMASK; 2724 } 2725 } 2726 2727 if (ai) 2728 freeaddrinfo(ai); 2729 return 0; 2730 2731 fail: 2732 if (ai) 2733 freeaddrinfo(ai); 2734 return 1; 2735 } 2736 2737 /* 2738 * Parse out the next white space separated field 2739 */ 2740 void 2741 nextfield(char **cp, char **endcp) 2742 { 2743 char *p; 2744 2745 p = *cp; 2746 while (*p == ' ' || *p == '\t') 2747 p++; 2748 if (*p == '\n' || *p == '\0') 2749 *cp = *endcp = p; 2750 else { 2751 *cp = p++; 2752 while (*p != ' ' && *p != '\t' && *p != '\n' && *p != '\0') 2753 p++; 2754 *endcp = p; 2755 } 2756 } 2757 2758 /* 2759 * Get an exports file line. Skip over blank lines and handle line 2760 * continuations. 2761 */ 2762 int 2763 get_line(void) 2764 { 2765 char *p, *cp; 2766 size_t len; 2767 int totlen, cont_line; 2768 2769 /* 2770 * Loop around ignoring blank lines and getting all continuation lines. 2771 */ 2772 p = line; 2773 totlen = 0; 2774 do { 2775 if ((p = fgetln(exp_file, &len)) == NULL) 2776 return (0); 2777 cp = p + len - 1; 2778 cont_line = 0; 2779 while (cp >= p && 2780 (*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) { 2781 if (*cp == '\\') 2782 cont_line = 1; 2783 cp--; 2784 len--; 2785 } 2786 if (cont_line) { 2787 *++cp = ' '; 2788 len++; 2789 } 2790 if (linesize < len + totlen + 1) { 2791 linesize = len + totlen + 1; 2792 line = realloc(line, linesize); 2793 if (line == NULL) 2794 out_of_mem(); 2795 } 2796 memcpy(line + totlen, p, len); 2797 totlen += len; 2798 line[totlen] = '\0'; 2799 } while (totlen == 0 || cont_line); 2800 return (1); 2801 } 2802 2803 /* 2804 * Parse a description of a credential. 2805 */ 2806 void 2807 parsecred(char *namelist, struct xucred *cr) 2808 { 2809 char *name; 2810 int cnt; 2811 char *names; 2812 struct passwd *pw; 2813 struct group *gr; 2814 gid_t groups[XU_NGROUPS + 1]; 2815 int ngroups; 2816 2817 cr->cr_version = XUCRED_VERSION; 2818 /* 2819 * Set up the unprivileged user. 2820 */ 2821 cr->cr_uid = -2; 2822 cr->cr_groups[0] = -2; 2823 cr->cr_ngroups = 1; 2824 /* 2825 * Get the user's password table entry. 2826 */ 2827 names = strsep(&namelist, " \t\n"); 2828 name = strsep(&names, ":"); 2829 if (isdigit(*name) || *name == '-') 2830 pw = getpwuid(atoi(name)); 2831 else 2832 pw = getpwnam(name); 2833 /* 2834 * Credentials specified as those of a user. 2835 */ 2836 if (names == NULL) { 2837 if (pw == NULL) { 2838 syslog(LOG_ERR, "unknown user: %s", name); 2839 return; 2840 } 2841 cr->cr_uid = pw->pw_uid; 2842 ngroups = XU_NGROUPS + 1; 2843 if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) 2844 syslog(LOG_ERR, "too many groups"); 2845 /* 2846 * Compress out duplicate. 2847 */ 2848 cr->cr_ngroups = ngroups - 1; 2849 cr->cr_groups[0] = groups[0]; 2850 for (cnt = 2; cnt < ngroups; cnt++) 2851 cr->cr_groups[cnt - 1] = groups[cnt]; 2852 return; 2853 } 2854 /* 2855 * Explicit credential specified as a colon separated list: 2856 * uid:gid:gid:... 2857 */ 2858 if (pw != NULL) 2859 cr->cr_uid = pw->pw_uid; 2860 else if (isdigit(*name) || *name == '-') 2861 cr->cr_uid = atoi(name); 2862 else { 2863 syslog(LOG_ERR, "unknown user: %s", name); 2864 return; 2865 } 2866 cr->cr_ngroups = 0; 2867 while (names != NULL && *names != '\0' && cr->cr_ngroups < XU_NGROUPS) { 2868 name = strsep(&names, ":"); 2869 if (isdigit(*name) || *name == '-') { 2870 cr->cr_groups[cr->cr_ngroups++] = atoi(name); 2871 } else { 2872 if ((gr = getgrnam(name)) == NULL) { 2873 syslog(LOG_ERR, "unknown group: %s", name); 2874 continue; 2875 } 2876 cr->cr_groups[cr->cr_ngroups++] = gr->gr_gid; 2877 } 2878 } 2879 if (names != NULL && *names != '\0' && cr->cr_ngroups == XU_NGROUPS) 2880 syslog(LOG_ERR, "too many groups"); 2881 } 2882 2883 #define STRSIZ (MNTNAMLEN+MNTPATHLEN+50) 2884 /* 2885 * Routines that maintain the remote mounttab 2886 */ 2887 void 2888 get_mountlist(void) 2889 { 2890 struct mountlist *mlp, **mlpp; 2891 char *host, *dirp, *cp; 2892 char str[STRSIZ]; 2893 FILE *mlfile; 2894 2895 if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) { 2896 if (errno == ENOENT) 2897 return; 2898 else { 2899 syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST); 2900 return; 2901 } 2902 } 2903 mlpp = &mlhead; 2904 while (fgets(str, STRSIZ, mlfile) != NULL) { 2905 cp = str; 2906 host = strsep(&cp, " \t\n"); 2907 dirp = strsep(&cp, " \t\n"); 2908 if (host == NULL || dirp == NULL) 2909 continue; 2910 mlp = (struct mountlist *)malloc(sizeof (*mlp)); 2911 if (mlp == (struct mountlist *)NULL) 2912 out_of_mem(); 2913 strncpy(mlp->ml_host, host, MNTNAMLEN); 2914 mlp->ml_host[MNTNAMLEN] = '\0'; 2915 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN); 2916 mlp->ml_dirp[MNTPATHLEN] = '\0'; 2917 mlp->ml_next = (struct mountlist *)NULL; 2918 *mlpp = mlp; 2919 mlpp = &mlp->ml_next; 2920 } 2921 fclose(mlfile); 2922 } 2923 2924 void 2925 del_mlist(char *hostp, char *dirp) 2926 { 2927 struct mountlist *mlp, **mlpp; 2928 struct mountlist *mlp2; 2929 FILE *mlfile; 2930 int fnd = 0; 2931 2932 mlpp = &mlhead; 2933 mlp = mlhead; 2934 while (mlp) { 2935 if (!strcmp(mlp->ml_host, hostp) && 2936 (!dirp || !strcmp(mlp->ml_dirp, dirp))) { 2937 fnd = 1; 2938 mlp2 = mlp; 2939 *mlpp = mlp = mlp->ml_next; 2940 free((caddr_t)mlp2); 2941 } else { 2942 mlpp = &mlp->ml_next; 2943 mlp = mlp->ml_next; 2944 } 2945 } 2946 if (fnd) { 2947 if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) { 2948 syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST); 2949 return; 2950 } 2951 mlp = mlhead; 2952 while (mlp) { 2953 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp); 2954 mlp = mlp->ml_next; 2955 } 2956 fclose(mlfile); 2957 } 2958 } 2959 2960 void 2961 add_mlist(char *hostp, char *dirp) 2962 { 2963 struct mountlist *mlp, **mlpp; 2964 FILE *mlfile; 2965 2966 mlpp = &mlhead; 2967 mlp = mlhead; 2968 while (mlp) { 2969 if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp)) 2970 return; 2971 mlpp = &mlp->ml_next; 2972 mlp = mlp->ml_next; 2973 } 2974 mlp = (struct mountlist *)malloc(sizeof (*mlp)); 2975 if (mlp == (struct mountlist *)NULL) 2976 out_of_mem(); 2977 strncpy(mlp->ml_host, hostp, MNTNAMLEN); 2978 mlp->ml_host[MNTNAMLEN] = '\0'; 2979 strncpy(mlp->ml_dirp, dirp, MNTPATHLEN); 2980 mlp->ml_dirp[MNTPATHLEN] = '\0'; 2981 mlp->ml_next = (struct mountlist *)NULL; 2982 *mlpp = mlp; 2983 if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) { 2984 syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST); 2985 return; 2986 } 2987 fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp); 2988 fclose(mlfile); 2989 } 2990 2991 /* 2992 * Free up a group list. 2993 */ 2994 void 2995 free_grp(struct grouplist *grp) 2996 { 2997 if (grp->gr_type == GT_HOST) { 2998 if (grp->gr_ptr.gt_addrinfo != NULL) 2999 freeaddrinfo(grp->gr_ptr.gt_addrinfo); 3000 } else if (grp->gr_type == GT_NET) { 3001 if (grp->gr_ptr.gt_net.nt_name) 3002 free(grp->gr_ptr.gt_net.nt_name); 3003 } 3004 free((caddr_t)grp); 3005 } 3006 3007 #ifdef DEBUG 3008 void 3009 SYSLOG(int pri, const char *fmt, ...) 3010 { 3011 va_list ap; 3012 3013 va_start(ap, fmt); 3014 vfprintf(stderr, fmt, ap); 3015 va_end(ap); 3016 } 3017 #endif /* DEBUG */ 3018 3019 /* 3020 * Check options for consistency. 3021 */ 3022 int 3023 check_options(struct dirlist *dp) 3024 { 3025 3026 if (v4root_phase == 0 && dp == NULL) 3027 return (1); 3028 if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) { 3029 syslog(LOG_ERR, "-mapall and -maproot mutually exclusive"); 3030 return (1); 3031 } 3032 if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) { 3033 syslog(LOG_ERR, "-mask requires -network"); 3034 return (1); 3035 } 3036 if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) { 3037 syslog(LOG_ERR, "-network requires mask specification"); 3038 return (1); 3039 } 3040 if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) { 3041 syslog(LOG_ERR, "-mask and /masklen are mutually exclusive"); 3042 return (1); 3043 } 3044 if (v4root_phase > 0 && 3045 (opt_flags & 3046 ~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) { 3047 syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:"); 3048 return (1); 3049 } 3050 if ((opt_flags & OP_ALLDIRS) && dp->dp_left) { 3051 syslog(LOG_ERR, "-alldirs has multiple directories"); 3052 return (1); 3053 } 3054 return (0); 3055 } 3056 3057 /* 3058 * Check an absolute directory path for any symbolic links. Return true 3059 */ 3060 int 3061 check_dirpath(char *dirp) 3062 { 3063 char *cp; 3064 int ret = 1; 3065 struct stat sb; 3066 3067 cp = dirp + 1; 3068 while (*cp && ret) { 3069 if (*cp == '/') { 3070 *cp = '\0'; 3071 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode)) 3072 ret = 0; 3073 *cp = '/'; 3074 } 3075 cp++; 3076 } 3077 if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode)) 3078 ret = 0; 3079 return (ret); 3080 } 3081 3082 /* 3083 * Make a netmask according to the specified prefix length. The ss_family 3084 * and other non-address fields must be initialised before calling this. 3085 */ 3086 int 3087 makemask(struct sockaddr_storage *ssp, int bitlen) 3088 { 3089 u_char *p; 3090 int bits, i, len; 3091 3092 if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL) 3093 return (-1); 3094 if (bitlen > len * CHAR_BIT) 3095 return (-1); 3096 3097 for (i = 0; i < len; i++) { 3098 bits = (bitlen > CHAR_BIT) ? CHAR_BIT : bitlen; 3099 *p++ = (u_char)~0 << (CHAR_BIT - bits); 3100 bitlen -= bits; 3101 } 3102 return 0; 3103 } 3104 3105 /* 3106 * Check that the sockaddr is a valid netmask. Returns 0 if the mask 3107 * is acceptable (i.e. of the form 1...10....0). 3108 */ 3109 int 3110 checkmask(struct sockaddr *sa) 3111 { 3112 u_char *mask; 3113 int i, len; 3114 3115 if ((mask = sa_rawaddr(sa, &len)) == NULL) 3116 return (-1); 3117 3118 for (i = 0; i < len; i++) 3119 if (mask[i] != 0xff) 3120 break; 3121 if (i < len) { 3122 if (~mask[i] & (u_char)(~mask[i] + 1)) 3123 return (-1); 3124 i++; 3125 } 3126 for (; i < len; i++) 3127 if (mask[i] != 0) 3128 return (-1); 3129 return (0); 3130 } 3131 3132 /* 3133 * Compare two sockaddrs according to a specified mask. Return zero if 3134 * `sa1' matches `sa2' when filtered by the netmask in `samask'. 3135 * If samask is NULL, perform a full comparison. 3136 */ 3137 int 3138 sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask) 3139 { 3140 unsigned char *p1, *p2, *mask; 3141 int len, i; 3142 3143 if (sa1->sa_family != sa2->sa_family || 3144 (p1 = sa_rawaddr(sa1, &len)) == NULL || 3145 (p2 = sa_rawaddr(sa2, NULL)) == NULL) 3146 return (1); 3147 3148 switch (sa1->sa_family) { 3149 case AF_INET6: 3150 if (((struct sockaddr_in6 *)sa1)->sin6_scope_id != 3151 ((struct sockaddr_in6 *)sa2)->sin6_scope_id) 3152 return (1); 3153 break; 3154 } 3155 3156 /* Simple binary comparison if no mask specified. */ 3157 if (samask == NULL) 3158 return (memcmp(p1, p2, len)); 3159 3160 /* Set up the mask, and do a mask-based comparison. */ 3161 if (sa1->sa_family != samask->sa_family || 3162 (mask = sa_rawaddr(samask, NULL)) == NULL) 3163 return (1); 3164 3165 for (i = 0; i < len; i++) 3166 if ((p1[i] & mask[i]) != (p2[i] & mask[i])) 3167 return (1); 3168 return (0); 3169 } 3170 3171 /* 3172 * Return a pointer to the part of the sockaddr that contains the 3173 * raw address, and set *nbytes to its length in bytes. Returns 3174 * NULL if the address family is unknown. 3175 */ 3176 void * 3177 sa_rawaddr(struct sockaddr *sa, int *nbytes) { 3178 void *p; 3179 int len; 3180 3181 switch (sa->sa_family) { 3182 case AF_INET: 3183 len = sizeof(((struct sockaddr_in *)sa)->sin_addr); 3184 p = &((struct sockaddr_in *)sa)->sin_addr; 3185 break; 3186 case AF_INET6: 3187 len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr); 3188 p = &((struct sockaddr_in6 *)sa)->sin6_addr; 3189 break; 3190 default: 3191 p = NULL; 3192 len = 0; 3193 } 3194 3195 if (nbytes != NULL) 3196 *nbytes = len; 3197 return (p); 3198 } 3199 3200 void 3201 huphandler(int sig __unused) 3202 { 3203 got_sighup = 1; 3204 } 3205 3206 void terminate(int sig __unused) 3207 { 3208 pidfile_remove(pfh); 3209 rpcb_unset(MOUNTPROG, MOUNTVERS, NULL); 3210 rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL); 3211 exit (0); 3212 } 3213 3214