xref: /freebsd/usr.sbin/nfsd/nfsd.c (revision f0cfa1b168014f56c02b83e5f28412cc5f78d117)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Rick Macklem at The University of Guelph.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #ifndef lint
36 static const char copyright[] =
37 "@(#) Copyright (c) 1989, 1993, 1994\n\
38 	The Regents of the University of California.  All rights reserved.\n";
39 #endif /* not lint */
40 
41 #ifndef lint
42 #if 0
43 static char sccsid[] = "@(#)nfsd.c	8.9 (Berkeley) 3/29/95";
44 #endif
45 static const char rcsid[] =
46   "$FreeBSD$";
47 #endif /* not lint */
48 
49 #include <sys/param.h>
50 #include <sys/syslog.h>
51 #include <sys/wait.h>
52 #include <sys/mount.h>
53 #include <sys/fcntl.h>
54 #include <sys/linker.h>
55 #include <sys/module.h>
56 #include <sys/types.h>
57 #include <sys/stat.h>
58 #include <sys/sysctl.h>
59 #include <sys/ucred.h>
60 
61 #include <rpc/rpc.h>
62 #include <rpc/pmap_clnt.h>
63 #include <rpcsvc/nfs_prot.h>
64 
65 #include <netdb.h>
66 #include <arpa/inet.h>
67 #include <nfsserver/nfs.h>
68 #include <nfs/nfssvc.h>
69 
70 #include <err.h>
71 #include <errno.h>
72 #include <signal.h>
73 #include <stdio.h>
74 #include <stdlib.h>
75 #include <string.h>
76 #include <unistd.h>
77 #include <sysexits.h>
78 
79 #include <getopt.h>
80 
81 static int	debug = 0;
82 
83 #define	NFSD_STABLERESTART	"/var/db/nfs-stablerestart"
84 #define	NFSD_STABLEBACKUP	"/var/db/nfs-stablerestart.bak"
85 #define	MAXNFSDCNT	256
86 #define	DEFNFSDCNT	 4
87 #define	NFS_VER2	 2
88 #define NFS_VER3	 3
89 #define NFS_VER4	 4
90 static pid_t children[MAXNFSDCNT]; /* PIDs of children */
91 static int nfsdcnt;		/* number of children */
92 static int nfsdcnt_set;
93 static int minthreads;
94 static int maxthreads;
95 static int nfssvc_nfsd;		/* Set to correct NFSSVC_xxx flag */
96 static int stablefd = -1;	/* Fd for the stable restart file */
97 static int backupfd;		/* Fd for the backup stable restart file */
98 static const char *getopt_shortopts;
99 static const char *getopt_usage;
100 
101 static int minthreads_set;
102 static int maxthreads_set;
103 
104 static struct option longopts[] = {
105 	{ "debug", no_argument, &debug, 1 },
106 	{ "minthreads", required_argument, &minthreads_set, 1 },
107 	{ "maxthreads", required_argument, &maxthreads_set, 1 },
108 	{ NULL, 0, NULL, 0}
109 };
110 
111 static void	cleanup(int);
112 static void	child_cleanup(int);
113 static void	killchildren(void);
114 static void	nfsd_exit(int);
115 static void	nonfs(int);
116 static void	reapchild(int);
117 static int	setbindhost(struct addrinfo **ia, const char *bindhost,
118 		    struct addrinfo hints);
119 static void	start_server(int);
120 static void	unregistration(void);
121 static void	usage(void);
122 static void	open_stable(int *, int *);
123 static void	copy_stable(int, int);
124 static void	backup_stable(int);
125 static void	set_nfsdcnt(int);
126 
127 /*
128  * Nfs server daemon mostly just a user context for nfssvc()
129  *
130  * 1 - do file descriptor and signal cleanup
131  * 2 - fork the nfsd(s)
132  * 3 - create server socket(s)
133  * 4 - register socket with rpcbind
134  *
135  * For connectionless protocols, just pass the socket into the kernel via.
136  * nfssvc().
137  * For connection based sockets, loop doing accepts. When you get a new
138  * socket from accept, pass the msgsock into the kernel via. nfssvc().
139  * The arguments are:
140  *	-r - reregister with rpcbind
141  *	-d - unregister with rpcbind
142  *	-t - support tcp nfs clients
143  *	-u - support udp nfs clients
144  *	-e - forces it to run a server that supports nfsv4
145  * followed by "n" which is the number of nfsds' to fork off
146  */
147 int
148 main(int argc, char **argv)
149 {
150 	struct nfsd_addsock_args addsockargs;
151 	struct addrinfo *ai_udp, *ai_tcp, *ai_udp6, *ai_tcp6, hints;
152 	struct netconfig *nconf_udp, *nconf_tcp, *nconf_udp6, *nconf_tcp6;
153 	struct netbuf nb_udp, nb_tcp, nb_udp6, nb_tcp6;
154 	struct sockaddr_in inetpeer;
155 	struct sockaddr_in6 inet6peer;
156 	fd_set ready, sockbits;
157 	fd_set v4bits, v6bits;
158 	int ch, connect_type_cnt, i, maxsock, msgsock;
159 	socklen_t len;
160 	int on = 1, unregister, reregister, sock;
161 	int tcp6sock, ip6flag, tcpflag, tcpsock;
162 	int udpflag, ecode, error, s;
163 	int bindhostc, bindanyflag, rpcbreg, rpcbregcnt;
164 	int nfssvc_addsock;
165 	int longindex = 0;
166 	int nfs_minvers = NFS_VER2;
167 	size_t nfs_minvers_size;
168 	const char *lopt;
169 	char **bindhost = NULL;
170 	pid_t pid;
171 
172 	nfsdcnt = DEFNFSDCNT;
173 	unregister = reregister = tcpflag = maxsock = 0;
174 	bindanyflag = udpflag = connect_type_cnt = bindhostc = 0;
175 	getopt_shortopts = "ah:n:rdtue";
176 	getopt_usage =
177 	    "usage:\n"
178 	    "  nfsd [-ardtue] [-h bindip]\n"
179 	    "       [-n numservers] [--minthreads #] [--maxthreads #]\n";
180 	while ((ch = getopt_long(argc, argv, getopt_shortopts, longopts,
181 		    &longindex)) != -1)
182 		switch (ch) {
183 		case 'a':
184 			bindanyflag = 1;
185 			break;
186 		case 'n':
187 			set_nfsdcnt(atoi(optarg));
188 			break;
189 		case 'h':
190 			bindhostc++;
191 			bindhost = realloc(bindhost,sizeof(char *)*bindhostc);
192 			if (bindhost == NULL)
193 				errx(1, "Out of memory");
194 			bindhost[bindhostc-1] = strdup(optarg);
195 			if (bindhost[bindhostc-1] == NULL)
196 				errx(1, "Out of memory");
197 			break;
198 		case 'r':
199 			reregister = 1;
200 			break;
201 		case 'd':
202 			unregister = 1;
203 			break;
204 		case 't':
205 			tcpflag = 1;
206 			break;
207 		case 'u':
208 			udpflag = 1;
209 			break;
210 		case 'e':
211 			/* now a no-op, since this is the default */
212 			break;
213 		case 0:
214 			lopt = longopts[longindex].name;
215 			if (!strcmp(lopt, "minthreads")) {
216 				minthreads = atoi(optarg);
217 			} else if (!strcmp(lopt, "maxthreads")) {
218 				maxthreads = atoi(optarg);
219 			}
220 			break;
221 		default:
222 		case '?':
223 			usage();
224 		}
225 	if (!tcpflag && !udpflag)
226 		udpflag = 1;
227 	argv += optind;
228 	argc -= optind;
229 	if (minthreads_set && maxthreads_set && minthreads > maxthreads)
230 		errx(EX_USAGE,
231 		    "error: minthreads(%d) can't be greater than "
232 		    "maxthreads(%d)", minthreads, maxthreads);
233 
234 	/*
235 	 * XXX
236 	 * Backward compatibility, trailing number is the count of daemons.
237 	 */
238 	if (argc > 1)
239 		usage();
240 	if (argc == 1)
241 		set_nfsdcnt(atoi(argv[0]));
242 
243 	/*
244 	 * Unless the "-o" option was specified, try and run "nfsd".
245 	 * If "-o" was specified, try and run "nfsserver".
246 	 */
247 	if (modfind("nfsd") < 0) {
248 		/* Not present in kernel, try loading it */
249 		if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
250 			errx(1, "NFS server is not available");
251 	}
252 
253 	ip6flag = 1;
254 	s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
255 	if (s == -1) {
256 		if (errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
257 			err(1, "socket");
258 		ip6flag = 0;
259 	} else if (getnetconfigent("udp6") == NULL ||
260 		getnetconfigent("tcp6") == NULL) {
261 		ip6flag = 0;
262 	}
263 	if (s != -1)
264 		close(s);
265 
266 	if (bindhostc == 0 || bindanyflag) {
267 		bindhostc++;
268 		bindhost = realloc(bindhost,sizeof(char *)*bindhostc);
269 		if (bindhost == NULL)
270 			errx(1, "Out of memory");
271 		bindhost[bindhostc-1] = strdup("*");
272 		if (bindhost[bindhostc-1] == NULL)
273 			errx(1, "Out of memory");
274 	}
275 
276 	nfs_minvers_size = sizeof(nfs_minvers);
277 	error = sysctlbyname("vfs.nfsd.server_min_nfsvers", &nfs_minvers,
278 	    &nfs_minvers_size, NULL, 0);
279 	if (error != 0 || nfs_minvers < NFS_VER2 || nfs_minvers > NFS_VER4) {
280 		warnx("sysctlbyname(vfs.nfsd.server_min_nfsvers) failed,"
281 		    " defaulting to NFSv2");
282 		nfs_minvers = NFS_VER2;
283 	}
284 
285 	if (unregister) {
286 		unregistration();
287 		exit (0);
288 	}
289 	if (reregister) {
290 		if (udpflag) {
291 			memset(&hints, 0, sizeof hints);
292 			hints.ai_flags = AI_PASSIVE;
293 			hints.ai_family = AF_INET;
294 			hints.ai_socktype = SOCK_DGRAM;
295 			hints.ai_protocol = IPPROTO_UDP;
296 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp);
297 			if (ecode != 0)
298 				err(1, "getaddrinfo udp: %s", gai_strerror(ecode));
299 			nconf_udp = getnetconfigent("udp");
300 			if (nconf_udp == NULL)
301 				err(1, "getnetconfigent udp failed");
302 			nb_udp.buf = ai_udp->ai_addr;
303 			nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
304 			if (nfs_minvers == NFS_VER2)
305 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
306 				    &nb_udp))
307 					err(1, "rpcb_set udp failed");
308 			if (nfs_minvers <= NFS_VER3)
309 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
310 				    &nb_udp))
311 					err(1, "rpcb_set udp failed");
312 			freeaddrinfo(ai_udp);
313 		}
314 		if (udpflag && ip6flag) {
315 			memset(&hints, 0, sizeof hints);
316 			hints.ai_flags = AI_PASSIVE;
317 			hints.ai_family = AF_INET6;
318 			hints.ai_socktype = SOCK_DGRAM;
319 			hints.ai_protocol = IPPROTO_UDP;
320 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp6);
321 			if (ecode != 0)
322 				err(1, "getaddrinfo udp6: %s", gai_strerror(ecode));
323 			nconf_udp6 = getnetconfigent("udp6");
324 			if (nconf_udp6 == NULL)
325 				err(1, "getnetconfigent udp6 failed");
326 			nb_udp6.buf = ai_udp6->ai_addr;
327 			nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
328 			if (nfs_minvers == NFS_VER2)
329 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
330 				    &nb_udp6))
331 					err(1, "rpcb_set udp6 failed");
332 			if (nfs_minvers <= NFS_VER3)
333 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
334 				    &nb_udp6))
335 					err(1, "rpcb_set udp6 failed");
336 			freeaddrinfo(ai_udp6);
337 		}
338 		if (tcpflag) {
339 			memset(&hints, 0, sizeof hints);
340 			hints.ai_flags = AI_PASSIVE;
341 			hints.ai_family = AF_INET;
342 			hints.ai_socktype = SOCK_STREAM;
343 			hints.ai_protocol = IPPROTO_TCP;
344 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp);
345 			if (ecode != 0)
346 				err(1, "getaddrinfo tcp: %s", gai_strerror(ecode));
347 			nconf_tcp = getnetconfigent("tcp");
348 			if (nconf_tcp == NULL)
349 				err(1, "getnetconfigent tcp failed");
350 			nb_tcp.buf = ai_tcp->ai_addr;
351 			nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
352 			if (nfs_minvers == NFS_VER2)
353 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
354 				    &nb_tcp))
355 					err(1, "rpcb_set tcp failed");
356 			if (nfs_minvers <= NFS_VER3)
357 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
358 				    &nb_tcp))
359 					err(1, "rpcb_set tcp failed");
360 			freeaddrinfo(ai_tcp);
361 		}
362 		if (tcpflag && ip6flag) {
363 			memset(&hints, 0, sizeof hints);
364 			hints.ai_flags = AI_PASSIVE;
365 			hints.ai_family = AF_INET6;
366 			hints.ai_socktype = SOCK_STREAM;
367 			hints.ai_protocol = IPPROTO_TCP;
368 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp6);
369 			if (ecode != 0)
370 				err(1, "getaddrinfo tcp6: %s", gai_strerror(ecode));
371 			nconf_tcp6 = getnetconfigent("tcp6");
372 			if (nconf_tcp6 == NULL)
373 				err(1, "getnetconfigent tcp6 failed");
374 			nb_tcp6.buf = ai_tcp6->ai_addr;
375 			nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
376 			if (nfs_minvers == NFS_VER2)
377 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
378 				    &nb_tcp6))
379 					err(1, "rpcb_set tcp6 failed");
380 			if (nfs_minvers <= NFS_VER3)
381 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6,
382 				   &nb_tcp6))
383 					err(1, "rpcb_set tcp6 failed");
384 			freeaddrinfo(ai_tcp6);
385 		}
386 		exit (0);
387 	}
388 	if (debug == 0) {
389 		daemon(0, 0);
390 		(void)signal(SIGHUP, SIG_IGN);
391 		(void)signal(SIGINT, SIG_IGN);
392 		/*
393 		 * nfsd sits in the kernel most of the time.  It needs
394 		 * to ignore SIGTERM/SIGQUIT in order to stay alive as long
395 		 * as possible during a shutdown, otherwise loopback
396 		 * mounts will not be able to unmount.
397 		 */
398 		(void)signal(SIGTERM, SIG_IGN);
399 		(void)signal(SIGQUIT, SIG_IGN);
400 	}
401 	(void)signal(SIGSYS, nonfs);
402 	(void)signal(SIGCHLD, reapchild);
403 	(void)signal(SIGUSR2, backup_stable);
404 
405 	openlog("nfsd", LOG_PID | (debug ? LOG_PERROR : 0), LOG_DAEMON);
406 
407 	/*
408 	 * For V4, we open the stablerestart file and call nfssvc()
409 	 * to get it loaded. This is done before the daemons do the
410 	 * regular nfssvc() call to service NFS requests.
411 	 * (This way the file remains open until the last nfsd is killed
412 	 *  off.)
413 	 * It and the backup copy will be created as empty files
414 	 * the first time this nfsd is started and should never be
415 	 * deleted/replaced if at all possible. It should live on a
416 	 * local, non-volatile storage device that does not do hardware
417 	 * level write-back caching. (See SCSI doc for more information
418 	 * on how to prevent write-back caching on SCSI disks.)
419 	 */
420 	open_stable(&stablefd, &backupfd);
421 	if (stablefd < 0) {
422 		syslog(LOG_ERR, "Can't open %s: %m\n", NFSD_STABLERESTART);
423 		exit(1);
424 	}
425 	/* This system call will fail for old kernels, but that's ok. */
426 	nfssvc(NFSSVC_BACKUPSTABLE, NULL);
427 	if (nfssvc(NFSSVC_STABLERESTART, (caddr_t)&stablefd) < 0) {
428 		syslog(LOG_ERR, "Can't read stable storage file: %m\n");
429 		exit(1);
430 	}
431 	nfssvc_addsock = NFSSVC_NFSDADDSOCK;
432 	nfssvc_nfsd = NFSSVC_NFSDNFSD;
433 
434 	if (tcpflag) {
435 		/*
436 		 * For TCP mode, we fork once to start the first
437 		 * kernel nfsd thread. The kernel will add more
438 		 * threads as needed.
439 		 */
440 		pid = fork();
441 		if (pid == -1) {
442 			syslog(LOG_ERR, "fork: %m");
443 			nfsd_exit(1);
444 		}
445 		if (pid) {
446 			children[0] = pid;
447 		} else {
448 			(void)signal(SIGUSR1, child_cleanup);
449 			setproctitle("server");
450 			start_server(0);
451 		}
452 	}
453 
454 	(void)signal(SIGUSR1, cleanup);
455 	FD_ZERO(&v4bits);
456 	FD_ZERO(&v6bits);
457 	FD_ZERO(&sockbits);
458 
459 	rpcbregcnt = 0;
460 	/* Set up the socket for udp and rpcb register it. */
461 	if (udpflag) {
462 		rpcbreg = 0;
463 		for (i = 0; i < bindhostc; i++) {
464 			memset(&hints, 0, sizeof hints);
465 			hints.ai_flags = AI_PASSIVE;
466 			hints.ai_family = AF_INET;
467 			hints.ai_socktype = SOCK_DGRAM;
468 			hints.ai_protocol = IPPROTO_UDP;
469 			if (setbindhost(&ai_udp, bindhost[i], hints) == 0) {
470 				rpcbreg = 1;
471 				rpcbregcnt++;
472 				if ((sock = socket(ai_udp->ai_family,
473 				    ai_udp->ai_socktype,
474 				    ai_udp->ai_protocol)) < 0) {
475 					syslog(LOG_ERR,
476 					    "can't create udp socket");
477 					nfsd_exit(1);
478 				}
479 				if (bind(sock, ai_udp->ai_addr,
480 				    ai_udp->ai_addrlen) < 0) {
481 					syslog(LOG_ERR,
482 					    "can't bind udp addr %s: %m",
483 					    bindhost[i]);
484 					nfsd_exit(1);
485 				}
486 				freeaddrinfo(ai_udp);
487 				addsockargs.sock = sock;
488 				addsockargs.name = NULL;
489 				addsockargs.namelen = 0;
490 				if (nfssvc(nfssvc_addsock, &addsockargs) < 0) {
491 					syslog(LOG_ERR, "can't Add UDP socket");
492 					nfsd_exit(1);
493 				}
494 				(void)close(sock);
495 			}
496 		}
497 		if (rpcbreg == 1) {
498 			memset(&hints, 0, sizeof hints);
499 			hints.ai_flags = AI_PASSIVE;
500 			hints.ai_family = AF_INET;
501 			hints.ai_socktype = SOCK_DGRAM;
502 			hints.ai_protocol = IPPROTO_UDP;
503 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp);
504 			if (ecode != 0) {
505 				syslog(LOG_ERR, "getaddrinfo udp: %s",
506 				   gai_strerror(ecode));
507 				nfsd_exit(1);
508 			}
509 			nconf_udp = getnetconfigent("udp");
510 			if (nconf_udp == NULL)
511 				err(1, "getnetconfigent udp failed");
512 			nb_udp.buf = ai_udp->ai_addr;
513 			nb_udp.len = nb_udp.maxlen = ai_udp->ai_addrlen;
514 			if (nfs_minvers == NFS_VER2)
515 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp,
516 				    &nb_udp))
517 					err(1, "rpcb_set udp failed");
518 			if (nfs_minvers <= NFS_VER3)
519 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp,
520 				    &nb_udp))
521 					err(1, "rpcb_set udp failed");
522 			freeaddrinfo(ai_udp);
523 		}
524 	}
525 
526 	/* Set up the socket for udp6 and rpcb register it. */
527 	if (udpflag && ip6flag) {
528 		rpcbreg = 0;
529 		for (i = 0; i < bindhostc; i++) {
530 			memset(&hints, 0, sizeof hints);
531 			hints.ai_flags = AI_PASSIVE;
532 			hints.ai_family = AF_INET6;
533 			hints.ai_socktype = SOCK_DGRAM;
534 			hints.ai_protocol = IPPROTO_UDP;
535 			if (setbindhost(&ai_udp6, bindhost[i], hints) == 0) {
536 				rpcbreg = 1;
537 				rpcbregcnt++;
538 				if ((sock = socket(ai_udp6->ai_family,
539 				    ai_udp6->ai_socktype,
540 				    ai_udp6->ai_protocol)) < 0) {
541 					syslog(LOG_ERR,
542 						"can't create udp6 socket");
543 					nfsd_exit(1);
544 				}
545 				if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
546 				    &on, sizeof on) < 0) {
547 					syslog(LOG_ERR,
548 					    "can't set v6-only binding for "
549 					    "udp6 socket: %m");
550 					nfsd_exit(1);
551 				}
552 				if (bind(sock, ai_udp6->ai_addr,
553 				    ai_udp6->ai_addrlen) < 0) {
554 					syslog(LOG_ERR,
555 					    "can't bind udp6 addr %s: %m",
556 					    bindhost[i]);
557 					nfsd_exit(1);
558 				}
559 				freeaddrinfo(ai_udp6);
560 				addsockargs.sock = sock;
561 				addsockargs.name = NULL;
562 				addsockargs.namelen = 0;
563 				if (nfssvc(nfssvc_addsock, &addsockargs) < 0) {
564 					syslog(LOG_ERR,
565 					    "can't add UDP6 socket");
566 					nfsd_exit(1);
567 				}
568 				(void)close(sock);
569 			}
570 		}
571 		if (rpcbreg == 1) {
572 			memset(&hints, 0, sizeof hints);
573 			hints.ai_flags = AI_PASSIVE;
574 			hints.ai_family = AF_INET6;
575 			hints.ai_socktype = SOCK_DGRAM;
576 			hints.ai_protocol = IPPROTO_UDP;
577 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_udp6);
578 			if (ecode != 0) {
579 				syslog(LOG_ERR, "getaddrinfo udp6: %s",
580 				   gai_strerror(ecode));
581 				nfsd_exit(1);
582 			}
583 			nconf_udp6 = getnetconfigent("udp6");
584 			if (nconf_udp6 == NULL)
585 				err(1, "getnetconfigent udp6 failed");
586 			nb_udp6.buf = ai_udp6->ai_addr;
587 			nb_udp6.len = nb_udp6.maxlen = ai_udp6->ai_addrlen;
588 			if (nfs_minvers == NFS_VER2)
589 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_udp6,
590 				    &nb_udp6))
591 					err(1,
592 					    "rpcb_set udp6 failed");
593 			if (nfs_minvers <= NFS_VER3)
594 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_udp6,
595 				    &nb_udp6))
596 					err(1,
597 					    "rpcb_set udp6 failed");
598 			freeaddrinfo(ai_udp6);
599 		}
600 	}
601 
602 	/* Set up the socket for tcp and rpcb register it. */
603 	if (tcpflag) {
604 		rpcbreg = 0;
605 		for (i = 0; i < bindhostc; i++) {
606 			memset(&hints, 0, sizeof hints);
607 			hints.ai_flags = AI_PASSIVE;
608 			hints.ai_family = AF_INET;
609 			hints.ai_socktype = SOCK_STREAM;
610 			hints.ai_protocol = IPPROTO_TCP;
611 			if (setbindhost(&ai_tcp, bindhost[i], hints) == 0) {
612 				rpcbreg = 1;
613 				rpcbregcnt++;
614 				if ((tcpsock = socket(AF_INET, SOCK_STREAM,
615 				    0)) < 0) {
616 					syslog(LOG_ERR,
617 					    "can't create tcp socket");
618 					nfsd_exit(1);
619 				}
620 				if (setsockopt(tcpsock, SOL_SOCKET,
621 				    SO_REUSEADDR,
622 				    (char *)&on, sizeof(on)) < 0)
623 					syslog(LOG_ERR,
624 					     "setsockopt SO_REUSEADDR: %m");
625 				if (bind(tcpsock, ai_tcp->ai_addr,
626 				    ai_tcp->ai_addrlen) < 0) {
627 					syslog(LOG_ERR,
628 					    "can't bind tcp addr %s: %m",
629 					    bindhost[i]);
630 					nfsd_exit(1);
631 				}
632 				if (listen(tcpsock, -1) < 0) {
633 					syslog(LOG_ERR, "listen failed");
634 					nfsd_exit(1);
635 				}
636 				freeaddrinfo(ai_tcp);
637 				FD_SET(tcpsock, &sockbits);
638 				FD_SET(tcpsock, &v4bits);
639 				maxsock = tcpsock;
640 				connect_type_cnt++;
641 			}
642 		}
643 		if (rpcbreg == 1) {
644 			memset(&hints, 0, sizeof hints);
645 			hints.ai_flags = AI_PASSIVE;
646 			hints.ai_family = AF_INET;
647 			hints.ai_socktype = SOCK_STREAM;
648 			hints.ai_protocol = IPPROTO_TCP;
649 			ecode = getaddrinfo(NULL, "nfs", &hints,
650 			     &ai_tcp);
651 			if (ecode != 0) {
652 				syslog(LOG_ERR, "getaddrinfo tcp: %s",
653 				   gai_strerror(ecode));
654 				nfsd_exit(1);
655 			}
656 			nconf_tcp = getnetconfigent("tcp");
657 			if (nconf_tcp == NULL)
658 				err(1, "getnetconfigent tcp failed");
659 			nb_tcp.buf = ai_tcp->ai_addr;
660 			nb_tcp.len = nb_tcp.maxlen = ai_tcp->ai_addrlen;
661 			if (nfs_minvers == NFS_VER2)
662 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp,
663 				    &nb_tcp))
664 					err(1, "rpcb_set tcp failed");
665 			if (nfs_minvers <= NFS_VER3)
666 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp,
667 				    &nb_tcp))
668 					err(1, "rpcb_set tcp failed");
669 			freeaddrinfo(ai_tcp);
670 		}
671 	}
672 
673 	/* Set up the socket for tcp6 and rpcb register it. */
674 	if (tcpflag && ip6flag) {
675 		rpcbreg = 0;
676 		for (i = 0; i < bindhostc; i++) {
677 			memset(&hints, 0, sizeof hints);
678 			hints.ai_flags = AI_PASSIVE;
679 			hints.ai_family = AF_INET6;
680 			hints.ai_socktype = SOCK_STREAM;
681 			hints.ai_protocol = IPPROTO_TCP;
682 			if (setbindhost(&ai_tcp6, bindhost[i], hints) == 0) {
683 				rpcbreg = 1;
684 				rpcbregcnt++;
685 				if ((tcp6sock = socket(ai_tcp6->ai_family,
686 				    ai_tcp6->ai_socktype,
687 				    ai_tcp6->ai_protocol)) < 0) {
688 					syslog(LOG_ERR,
689 					    "can't create tcp6 socket");
690 					nfsd_exit(1);
691 				}
692 				if (setsockopt(tcp6sock, SOL_SOCKET,
693 				    SO_REUSEADDR,
694 				    (char *)&on, sizeof(on)) < 0)
695 					syslog(LOG_ERR,
696 					    "setsockopt SO_REUSEADDR: %m");
697 				if (setsockopt(tcp6sock, IPPROTO_IPV6,
698 				    IPV6_V6ONLY, &on, sizeof on) < 0) {
699 					syslog(LOG_ERR,
700 					"can't set v6-only binding for tcp6 "
701 					    "socket: %m");
702 					nfsd_exit(1);
703 				}
704 				if (bind(tcp6sock, ai_tcp6->ai_addr,
705 				    ai_tcp6->ai_addrlen) < 0) {
706 					syslog(LOG_ERR,
707 					    "can't bind tcp6 addr %s: %m",
708 					    bindhost[i]);
709 					nfsd_exit(1);
710 				}
711 				if (listen(tcp6sock, -1) < 0) {
712 					syslog(LOG_ERR, "listen failed");
713 					nfsd_exit(1);
714 				}
715 				freeaddrinfo(ai_tcp6);
716 				FD_SET(tcp6sock, &sockbits);
717 				FD_SET(tcp6sock, &v6bits);
718 				if (maxsock < tcp6sock)
719 					maxsock = tcp6sock;
720 				connect_type_cnt++;
721 			}
722 		}
723 		if (rpcbreg == 1) {
724 			memset(&hints, 0, sizeof hints);
725 			hints.ai_flags = AI_PASSIVE;
726 			hints.ai_family = AF_INET6;
727 			hints.ai_socktype = SOCK_STREAM;
728 			hints.ai_protocol = IPPROTO_TCP;
729 			ecode = getaddrinfo(NULL, "nfs", &hints, &ai_tcp6);
730 			if (ecode != 0) {
731 				syslog(LOG_ERR, "getaddrinfo tcp6: %s",
732 				   gai_strerror(ecode));
733 				nfsd_exit(1);
734 			}
735 			nconf_tcp6 = getnetconfigent("tcp6");
736 			if (nconf_tcp6 == NULL)
737 				err(1, "getnetconfigent tcp6 failed");
738 			nb_tcp6.buf = ai_tcp6->ai_addr;
739 			nb_tcp6.len = nb_tcp6.maxlen = ai_tcp6->ai_addrlen;
740 			if (nfs_minvers == NFS_VER2)
741 				if (!rpcb_set(NFS_PROGRAM, 2, nconf_tcp6,
742 				    &nb_tcp6))
743 					err(1, "rpcb_set tcp6 failed");
744 			if (nfs_minvers <= NFS_VER3)
745 				if (!rpcb_set(NFS_PROGRAM, 3, nconf_tcp6,
746 				    &nb_tcp6))
747 					err(1, "rpcb_set tcp6 failed");
748 			freeaddrinfo(ai_tcp6);
749 		}
750 	}
751 
752 	if (rpcbregcnt == 0) {
753 		syslog(LOG_ERR, "rpcb_set() failed, nothing to do: %m");
754 		nfsd_exit(1);
755 	}
756 
757 	if (tcpflag && connect_type_cnt == 0) {
758 		syslog(LOG_ERR, "tcp connects == 0, nothing to do: %m");
759 		nfsd_exit(1);
760 	}
761 
762 	setproctitle("master");
763 	/*
764 	 * We always want a master to have a clean way to to shut nfsd down
765 	 * (with unregistration): if the master is killed, it unregisters and
766 	 * kills all children. If we run for UDP only (and so do not have to
767 	 * loop waiting waiting for accept), we instead make the parent
768 	 * a "server" too. start_server will not return.
769 	 */
770 	if (!tcpflag)
771 		start_server(1);
772 
773 	/*
774 	 * Loop forever accepting connections and passing the sockets
775 	 * into the kernel for the mounts.
776 	 */
777 	for (;;) {
778 		ready = sockbits;
779 		if (connect_type_cnt > 1) {
780 			if (select(maxsock + 1,
781 			    &ready, NULL, NULL, NULL) < 1) {
782 				error = errno;
783 				if (error == EINTR)
784 					continue;
785 				syslog(LOG_ERR, "select failed: %m");
786 				nfsd_exit(1);
787 			}
788 		}
789 		for (tcpsock = 0; tcpsock <= maxsock; tcpsock++) {
790 			if (FD_ISSET(tcpsock, &ready)) {
791 				if (FD_ISSET(tcpsock, &v4bits)) {
792 					len = sizeof(inetpeer);
793 					if ((msgsock = accept(tcpsock,
794 					    (struct sockaddr *)&inetpeer, &len)) < 0) {
795 						error = errno;
796 						syslog(LOG_ERR, "accept failed: %m");
797 						if (error == ECONNABORTED ||
798 						    error == EINTR)
799 							continue;
800 						nfsd_exit(1);
801 					}
802 					memset(inetpeer.sin_zero, 0,
803 						sizeof(inetpeer.sin_zero));
804 					if (setsockopt(msgsock, SOL_SOCKET,
805 					    SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0)
806 						syslog(LOG_ERR,
807 						    "setsockopt SO_KEEPALIVE: %m");
808 					addsockargs.sock = msgsock;
809 					addsockargs.name = (caddr_t)&inetpeer;
810 					addsockargs.namelen = len;
811 					nfssvc(nfssvc_addsock, &addsockargs);
812 					(void)close(msgsock);
813 				} else if (FD_ISSET(tcpsock, &v6bits)) {
814 					len = sizeof(inet6peer);
815 					if ((msgsock = accept(tcpsock,
816 					    (struct sockaddr *)&inet6peer,
817 					    &len)) < 0) {
818 						error = errno;
819 						syslog(LOG_ERR,
820 						     "accept failed: %m");
821 						if (error == ECONNABORTED ||
822 						    error == EINTR)
823 							continue;
824 						nfsd_exit(1);
825 					}
826 					if (setsockopt(msgsock, SOL_SOCKET,
827 					    SO_KEEPALIVE, (char *)&on,
828 					    sizeof(on)) < 0)
829 						syslog(LOG_ERR, "setsockopt "
830 						    "SO_KEEPALIVE: %m");
831 					addsockargs.sock = msgsock;
832 					addsockargs.name = (caddr_t)&inet6peer;
833 					addsockargs.namelen = len;
834 					nfssvc(nfssvc_addsock, &addsockargs);
835 					(void)close(msgsock);
836 				}
837 			}
838 		}
839 	}
840 }
841 
842 static int
843 setbindhost(struct addrinfo **ai, const char *bindhost, struct addrinfo hints)
844 {
845 	int ecode;
846 	u_int32_t host_addr[4];  /* IPv4 or IPv6 */
847 	const char *hostptr;
848 
849 	if (bindhost == NULL || strcmp("*", bindhost) == 0)
850 		hostptr = NULL;
851 	else
852 		hostptr = bindhost;
853 
854 	if (hostptr != NULL) {
855 		switch (hints.ai_family) {
856 		case AF_INET:
857 			if (inet_pton(AF_INET, hostptr, host_addr) == 1) {
858 				hints.ai_flags = AI_NUMERICHOST;
859 			} else {
860 				if (inet_pton(AF_INET6, hostptr,
861 				    host_addr) == 1)
862 					return (1);
863 			}
864 			break;
865 		case AF_INET6:
866 			if (inet_pton(AF_INET6, hostptr, host_addr) == 1) {
867 				hints.ai_flags = AI_NUMERICHOST;
868 			} else {
869 				if (inet_pton(AF_INET, hostptr,
870 				    host_addr) == 1)
871 					return (1);
872 			}
873 			break;
874 		default:
875 			break;
876 		}
877 	}
878 
879 	ecode = getaddrinfo(hostptr, "nfs", &hints, ai);
880 	if (ecode != 0) {
881 		syslog(LOG_ERR, "getaddrinfo %s: %s", bindhost,
882 		    gai_strerror(ecode));
883 		return (1);
884 	}
885 	return (0);
886 }
887 
888 static void
889 set_nfsdcnt(int proposed)
890 {
891 
892 	if (proposed < 1) {
893 		warnx("nfsd count too low %d; reset to %d", proposed,
894 		    DEFNFSDCNT);
895 		nfsdcnt = DEFNFSDCNT;
896 	} else if (proposed > MAXNFSDCNT) {
897 		warnx("nfsd count too high %d; truncated to %d", proposed,
898 		    MAXNFSDCNT);
899 		nfsdcnt = MAXNFSDCNT;
900 	} else
901 		nfsdcnt = proposed;
902 	nfsdcnt_set = 1;
903 }
904 
905 static void
906 usage(void)
907 {
908 	(void)fprintf(stderr, "%s", getopt_usage);
909 	exit(1);
910 }
911 
912 static void
913 nonfs(__unused int signo)
914 {
915 	syslog(LOG_ERR, "missing system call: NFS not available");
916 }
917 
918 static void
919 reapchild(__unused int signo)
920 {
921 	pid_t pid;
922 	int i;
923 
924 	while ((pid = wait3(NULL, WNOHANG, NULL)) > 0) {
925 		for (i = 0; i < nfsdcnt; i++)
926 			if (pid == children[i])
927 				children[i] = -1;
928 	}
929 }
930 
931 static void
932 unregistration(void)
933 {
934 	if ((!rpcb_unset(NFS_PROGRAM, 2, NULL)) ||
935 	    (!rpcb_unset(NFS_PROGRAM, 3, NULL)))
936 		syslog(LOG_ERR, "rpcb_unset failed");
937 }
938 
939 static void
940 killchildren(void)
941 {
942 	int i;
943 
944 	for (i = 0; i < nfsdcnt; i++) {
945 		if (children[i] > 0)
946 			kill(children[i], SIGKILL);
947 	}
948 }
949 
950 /*
951  * Cleanup master after SIGUSR1.
952  */
953 static void
954 cleanup(__unused int signo)
955 {
956 	nfsd_exit(0);
957 }
958 
959 /*
960  * Cleanup child after SIGUSR1.
961  */
962 static void
963 child_cleanup(__unused int signo)
964 {
965 	exit(0);
966 }
967 
968 static void
969 nfsd_exit(int status)
970 {
971 	killchildren();
972 	unregistration();
973 	exit(status);
974 }
975 
976 static int
977 get_tuned_nfsdcount(void)
978 {
979 	int ncpu, error, tuned_nfsdcnt;
980 	size_t ncpu_size;
981 
982 	ncpu_size = sizeof(ncpu);
983 	error = sysctlbyname("hw.ncpu", &ncpu, &ncpu_size, NULL, 0);
984 	if (error) {
985 		warnx("sysctlbyname(hw.ncpu) failed defaulting to %d nfs servers",
986 		    DEFNFSDCNT);
987 		tuned_nfsdcnt = DEFNFSDCNT;
988 	} else {
989 		tuned_nfsdcnt = ncpu * 8;
990 	}
991 	return tuned_nfsdcnt;
992 }
993 
994 static void
995 start_server(int master)
996 {
997 	char principal[MAXHOSTNAMELEN + 5];
998 	struct nfsd_nfsd_args nfsdargs;
999 	int status, error;
1000 	char hostname[MAXHOSTNAMELEN + 1], *cp;
1001 	struct addrinfo *aip, hints;
1002 
1003 	status = 0;
1004 	gethostname(hostname, sizeof (hostname));
1005 	snprintf(principal, sizeof (principal), "nfs@%s", hostname);
1006 	if ((cp = strchr(hostname, '.')) == NULL ||
1007 	    *(cp + 1) == '\0') {
1008 		/* If not fully qualified, try getaddrinfo() */
1009 		memset((void *)&hints, 0, sizeof (hints));
1010 		hints.ai_flags = AI_CANONNAME;
1011 		error = getaddrinfo(hostname, NULL, &hints, &aip);
1012 		if (error == 0) {
1013 			if (aip->ai_canonname != NULL &&
1014 			    (cp = strchr(aip->ai_canonname, '.')) !=
1015 			    NULL && *(cp + 1) != '\0')
1016 				snprintf(principal, sizeof (principal),
1017 				    "nfs@%s", aip->ai_canonname);
1018 			freeaddrinfo(aip);
1019 		}
1020 	}
1021 	nfsdargs.principal = principal;
1022 
1023 	if (nfsdcnt_set)
1024 		nfsdargs.minthreads = nfsdargs.maxthreads = nfsdcnt;
1025 	else {
1026 		nfsdargs.minthreads = minthreads_set ? minthreads : get_tuned_nfsdcount();
1027 		nfsdargs.maxthreads = maxthreads_set ? maxthreads : nfsdargs.minthreads;
1028 		if (nfsdargs.maxthreads < nfsdargs.minthreads)
1029 			nfsdargs.maxthreads = nfsdargs.minthreads;
1030 	}
1031 	error = nfssvc(nfssvc_nfsd, &nfsdargs);
1032 	if (error < 0 && errno == EAUTH) {
1033 		/*
1034 		 * This indicates that it could not register the
1035 		 * rpcsec_gss credentials, usually because the
1036 		 * gssd daemon isn't running.
1037 		 * (only the experimental server with nfsv4)
1038 		 */
1039 		syslog(LOG_ERR, "No gssd, using AUTH_SYS only");
1040 		principal[0] = '\0';
1041 		error = nfssvc(nfssvc_nfsd, &nfsdargs);
1042 	}
1043 	if (error < 0) {
1044 		syslog(LOG_ERR, "nfssvc: %m");
1045 		status = 1;
1046 	}
1047 	if (master)
1048 		nfsd_exit(status);
1049 	else
1050 		exit(status);
1051 }
1052 
1053 /*
1054  * Open the stable restart file and return the file descriptor for it.
1055  */
1056 static void
1057 open_stable(int *stable_fdp, int *backup_fdp)
1058 {
1059 	int stable_fd, backup_fd = -1, ret;
1060 	struct stat st, backup_st;
1061 
1062 	/* Open and stat the stable restart file. */
1063 	stable_fd = open(NFSD_STABLERESTART, O_RDWR, 0);
1064 	if (stable_fd < 0)
1065 		stable_fd = open(NFSD_STABLERESTART, O_RDWR | O_CREAT, 0600);
1066 	if (stable_fd >= 0) {
1067 		ret = fstat(stable_fd, &st);
1068 		if (ret < 0) {
1069 			close(stable_fd);
1070 			stable_fd = -1;
1071 		}
1072 	}
1073 
1074 	/* Open and stat the backup stable restart file. */
1075 	if (stable_fd >= 0) {
1076 		backup_fd = open(NFSD_STABLEBACKUP, O_RDWR, 0);
1077 		if (backup_fd < 0)
1078 			backup_fd = open(NFSD_STABLEBACKUP, O_RDWR | O_CREAT,
1079 			    0600);
1080 		if (backup_fd >= 0) {
1081 			ret = fstat(backup_fd, &backup_st);
1082 			if (ret < 0) {
1083 				close(backup_fd);
1084 				backup_fd = -1;
1085 			}
1086 		}
1087 		if (backup_fd < 0) {
1088 			close(stable_fd);
1089 			stable_fd = -1;
1090 		}
1091 	}
1092 
1093 	*stable_fdp = stable_fd;
1094 	*backup_fdp = backup_fd;
1095 	if (stable_fd < 0)
1096 		return;
1097 
1098 	/* Sync up the 2 files, as required. */
1099 	if (st.st_size > 0)
1100 		copy_stable(stable_fd, backup_fd);
1101 	else if (backup_st.st_size > 0)
1102 		copy_stable(backup_fd, stable_fd);
1103 }
1104 
1105 /*
1106  * Copy the stable restart file to the backup or vice versa.
1107  */
1108 static void
1109 copy_stable(int from_fd, int to_fd)
1110 {
1111 	int cnt, ret;
1112 	static char buf[1024];
1113 
1114 	ret = lseek(from_fd, (off_t)0, SEEK_SET);
1115 	if (ret >= 0)
1116 		ret = lseek(to_fd, (off_t)0, SEEK_SET);
1117 	if (ret >= 0)
1118 		ret = ftruncate(to_fd, (off_t)0);
1119 	if (ret >= 0)
1120 		do {
1121 			cnt = read(from_fd, buf, 1024);
1122 			if (cnt > 0)
1123 				ret = write(to_fd, buf, cnt);
1124 			else if (cnt < 0)
1125 				ret = cnt;
1126 		} while (cnt > 0 && ret >= 0);
1127 	if (ret >= 0)
1128 		ret = fsync(to_fd);
1129 	if (ret < 0)
1130 		syslog(LOG_ERR, "stable restart copy failure: %m");
1131 }
1132 
1133 /*
1134  * Back up the stable restart file when indicated by the kernel.
1135  */
1136 static void
1137 backup_stable(__unused int signo)
1138 {
1139 
1140 	if (stablefd >= 0)
1141 		copy_stable(stablefd, backupfd);
1142 }
1143 
1144