1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 /* 26 * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 27 */ 28 29 /* 30 * NFS specific functions 31 */ 32 #include <stdio.h> 33 #include <string.h> 34 #include <ctype.h> 35 #include <stdlib.h> 36 #include <unistd.h> 37 #include <zone.h> 38 #include <errno.h> 39 #include <locale.h> 40 #include <signal.h> 41 #include <strings.h> 42 #include "libshare.h" 43 #include "libshare_impl.h" 44 #include <nfs/export.h> 45 #include <pwd.h> 46 #include <limits.h> 47 #include <libscf.h> 48 #include <syslog.h> 49 #include <rpcsvc/daemon_utils.h> 50 #include "nfslog_config.h" 51 #include "nfslogtab.h" 52 #include "libshare_nfs.h" 53 #include <nfs/nfs.h> 54 #include <nfs/nfssys.h> 55 #include "smfcfg.h" 56 57 /* should really be in some global place */ 58 #define DEF_WIN 30000 59 #define OPT_CHUNK 1024 60 61 int debug = 0; 62 63 #define NFS_SERVER_SVC "svc:/network/nfs/server:default" 64 #define NFS_CLIENT_SVC (char *)"svc:/network/nfs/client:default" 65 66 /* internal functions */ 67 static int nfs_init(); 68 static void nfs_fini(); 69 static int nfs_enable_share(sa_share_t); 70 static int nfs_disable_share(sa_share_t, char *); 71 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 72 static int nfs_validate_security_mode(char *); 73 static int nfs_is_security_opt(char *); 74 static int nfs_parse_legacy_options(sa_group_t, char *); 75 static char *nfs_format_options(sa_group_t, int); 76 static int nfs_set_proto_prop(sa_property_t); 77 static sa_protocol_properties_t nfs_get_proto_set(); 78 static char *nfs_get_status(); 79 static char *nfs_space_alias(char *); 80 static uint64_t nfs_features(); 81 82 /* 83 * ops vector that provides the protocol specific info and operations 84 * for share management. 85 */ 86 87 struct sa_plugin_ops sa_plugin_ops = { 88 SA_PLUGIN_VERSION, 89 "nfs", 90 nfs_init, 91 nfs_fini, 92 nfs_enable_share, 93 nfs_disable_share, 94 nfs_validate_property, 95 nfs_validate_security_mode, 96 nfs_is_security_opt, 97 nfs_parse_legacy_options, 98 nfs_format_options, 99 nfs_set_proto_prop, 100 nfs_get_proto_set, 101 nfs_get_status, 102 nfs_space_alias, 103 NULL, /* update_legacy */ 104 NULL, /* delete_legacy */ 105 NULL, /* change_notify */ 106 NULL, /* enable_resource */ 107 NULL, /* disable_resource */ 108 nfs_features, 109 NULL, /* transient shares */ 110 NULL, /* notify resource */ 111 NULL, /* rename_resource */ 112 NULL, /* run_command */ 113 NULL, /* command_help */ 114 NULL /* delete_proto_section */ 115 }; 116 117 /* 118 * list of support services needed 119 * defines should come from head/rpcsvc/daemon_utils.h 120 */ 121 122 static char *service_list_default[] = 123 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, REPARSED, NULL }; 124 static char *service_list_logging[] = 125 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, REPARSED, 126 NULL }; 127 128 /* 129 * option definitions. Make sure to keep the #define for the option 130 * index just before the entry it is the index for. Changing the order 131 * can cause breakage. E.g OPT_RW is index 1 and must precede the 132 * line that includes the SHOPT_RW and OPT_RW entries. 133 */ 134 135 struct option_defs optdefs[] = { 136 #define OPT_RO 0 137 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 138 #define OPT_RW 1 139 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 140 #define OPT_ROOT 2 141 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 142 #define OPT_SECURE 3 143 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 144 #define OPT_ANON 4 145 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 146 #define OPT_WINDOW 5 147 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 148 #define OPT_NOSUID 6 149 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 150 #define OPT_ACLOK 7 151 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 152 #define OPT_NOSUB 8 153 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 154 #define OPT_SEC 9 155 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 156 #define OPT_PUBLIC 10 157 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 158 #define OPT_INDEX 11 159 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 160 #define OPT_LOG 12 161 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 162 #define OPT_CKSUM 13 163 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 164 #define OPT_NONE 14 165 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST}, 166 #define OPT_ROOT_MAPPING 15 167 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER}, 168 #define OPT_CHARSET_MAP 16 169 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST}, 170 #define OPT_NOACLFAB 17 171 {SHOPT_NOACLFAB, OPT_NOACLFAB, OPT_TYPE_BOOLEAN}, 172 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 173 #define OPT_VOLFH 18 174 {SHOPT_VOLFH, OPT_VOLFH}, 175 #endif /* VOLATILE_FH_TEST */ 176 NULL 177 }; 178 179 /* 180 * Codesets that may need to be converted to UTF-8 for file paths. 181 * Add new names here to add new property support. If we ever get a 182 * way to query the kernel for character sets, this should become 183 * dynamically loaded. Make sure changes here are reflected in 184 * cmd/fs.d/nfs/mountd/nfscmd.c 185 */ 186 187 static char *legal_conv[] = { 188 "euc-cn", 189 "euc-jp", 190 "euc-jpms", 191 "euc-kr", 192 "euc-tw", 193 "iso8859-1", 194 "iso8859-2", 195 "iso8859-5", 196 "iso8859-6", 197 "iso8859-7", 198 "iso8859-8", 199 "iso8859-9", 200 "iso8859-13", 201 "iso8859-15", 202 "koi8-r", 203 NULL 204 }; 205 206 /* 207 * list of properties that are related to security flavors. 208 */ 209 static char *seclist[] = { 210 SHOPT_RO, 211 SHOPT_RW, 212 SHOPT_ROOT, 213 SHOPT_WINDOW, 214 SHOPT_NONE, 215 SHOPT_ROOT_MAPPING, 216 NULL 217 }; 218 219 /* structure for list of securities */ 220 struct securities { 221 sa_security_t security; 222 struct securities *next; 223 }; 224 225 /* 226 * findcharset(charset) 227 * 228 * Returns B_TRUE if the charset is a legal conversion otherwise 229 * B_FALSE. This will need to be rewritten to be more efficient when 230 * we have a dynamic list of legal conversions. 231 */ 232 233 static boolean_t 234 findcharset(char *charset) 235 { 236 int i; 237 238 for (i = 0; legal_conv[i] != NULL; i++) 239 if (strcmp(charset, legal_conv[i]) == 0) 240 return (B_TRUE); 241 return (B_FALSE); 242 } 243 244 /* 245 * findopt(name) 246 * 247 * Lookup option "name" in the option table and return the table 248 * index. 249 */ 250 251 static int 252 findopt(char *name) 253 { 254 int i; 255 if (name != NULL) { 256 for (i = 0; optdefs[i].tag != NULL; i++) { 257 if (strcmp(optdefs[i].tag, name) == 0) 258 return (optdefs[i].index); 259 } 260 if (findcharset(name)) 261 return (OPT_CHARSET_MAP); 262 } 263 return (-1); 264 } 265 266 /* 267 * gettype(name) 268 * 269 * Return the type of option "name". 270 */ 271 272 static int 273 gettype(char *name) 274 { 275 int optdef; 276 277 optdef = findopt(name); 278 if (optdef != -1) 279 return (optdefs[optdef].type); 280 return (OPT_TYPE_ANY); 281 } 282 283 /* 284 * nfs_validate_security_mode(mode) 285 * 286 * is the specified mode string a valid one for use with NFS? 287 */ 288 289 static int 290 nfs_validate_security_mode(char *mode) 291 { 292 seconfig_t secinfo; 293 int err; 294 295 (void) memset(&secinfo, '\0', sizeof (secinfo)); 296 err = nfs_getseconfig_byname(mode, &secinfo); 297 if (err == SC_NOERROR) 298 return (1); 299 return (0); 300 } 301 302 /* 303 * nfs_is_security_opt(tok) 304 * 305 * check to see if tok represents an option that is only valid in some 306 * security flavor. 307 */ 308 309 static int 310 nfs_is_security_opt(char *tok) 311 { 312 int i; 313 314 for (i = 0; seclist[i] != NULL; i++) { 315 if (strcmp(tok, seclist[i]) == 0) 316 return (1); 317 } 318 return (0); 319 } 320 321 /* 322 * find_security(seclist, sec) 323 * 324 * Walk the current list of security flavors and return true if it is 325 * present, else return false. 326 */ 327 328 static int 329 find_security(struct securities *seclist, sa_security_t sec) 330 { 331 while (seclist != NULL) { 332 if (seclist->security == sec) 333 return (1); 334 seclist = seclist->next; 335 } 336 return (0); 337 } 338 339 /* 340 * make_security_list(group, securitymodes, proto) 341 * go through the list of securitymodes and add them to the 342 * group's list of security optionsets. We also keep a list of 343 * those optionsets so we don't have to find them later. All of 344 * these will get copies of the same properties. 345 */ 346 347 static struct securities * 348 make_security_list(sa_group_t group, char *securitymodes, char *proto) 349 { 350 char *tok, *next = NULL; 351 struct securities *curp, *headp = NULL, *prev; 352 sa_security_t check; 353 int freetok = 0; 354 355 for (tok = securitymodes; tok != NULL; tok = next) { 356 next = strchr(tok, ':'); 357 if (next != NULL) 358 *next++ = '\0'; 359 if (strcmp(tok, "default") == 0) { 360 /* resolve default into the real type */ 361 tok = nfs_space_alias(tok); 362 freetok = 1; 363 } 364 check = sa_get_security(group, tok, proto); 365 366 /* add to the security list if it isn't there already */ 367 if (check == NULL || !find_security(headp, check)) { 368 curp = (struct securities *)calloc(1, 369 sizeof (struct securities)); 370 if (curp != NULL) { 371 if (check == NULL) { 372 curp->security = sa_create_security( 373 group, tok, proto); 374 } else { 375 curp->security = check; 376 } 377 /* 378 * note that the first time through the loop, 379 * headp will be NULL and prev will be 380 * undefined. Since headp is NULL, we set 381 * both it and prev to the curp (first 382 * structure to be allocated). 383 * 384 * later passes through the loop will have 385 * headp not being NULL and prev will be used 386 * to allocate at the end of the list. 387 */ 388 if (headp == NULL) { 389 headp = curp; 390 prev = curp; 391 } else { 392 prev->next = curp; 393 prev = curp; 394 } 395 } 396 } 397 398 if (freetok) { 399 freetok = 0; 400 sa_free_attr_string(tok); 401 } 402 } 403 return (headp); 404 } 405 406 static void 407 free_security_list(struct securities *sec) 408 { 409 struct securities *next; 410 if (sec != NULL) { 411 for (next = sec->next; sec != NULL; sec = next) { 412 next = sec->next; 413 free(sec); 414 } 415 } 416 } 417 418 /* 419 * nfs_alistcat(str1, str2, sep) 420 * 421 * concatenate str1 and str2 into a new string using sep as a separate 422 * character. If memory allocation fails, return NULL; 423 */ 424 425 static char * 426 nfs_alistcat(char *str1, char *str2, char sep) 427 { 428 char *newstr; 429 size_t len; 430 431 len = strlen(str1) + strlen(str2) + 2; 432 newstr = (char *)malloc(len); 433 if (newstr != NULL) 434 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 435 return (newstr); 436 } 437 438 /* 439 * add_security_prop(sec, name, value, persist) 440 * 441 * Add the property to the securities structure. This accumulates 442 * properties for as part of parsing legacy options. 443 */ 444 445 static int 446 add_security_prop(struct securities *sec, char *name, char *value, 447 int persist, int iszfs) 448 { 449 sa_property_t prop; 450 int ret = SA_OK; 451 452 for (; sec != NULL; sec = sec->next) { 453 if (value == NULL) { 454 if (strcmp(name, SHOPT_RW) == 0 || 455 strcmp(name, SHOPT_RO) == 0) 456 value = "*"; 457 else 458 value = "true"; 459 } 460 461 /* 462 * Get the existing property, if it exists, so we can 463 * determine what to do with it. The ro/rw/root 464 * properties can be merged if multiple instances of 465 * these properies are given. For example, if "rw" 466 * exists with a value "host1" and a later token of 467 * rw="host2" is seen, the values are merged into a 468 * single rw="host1:host2". 469 */ 470 prop = sa_get_property(sec->security, name); 471 472 if (prop != NULL) { 473 char *oldvalue; 474 char *newvalue; 475 476 /* 477 * The security options of ro/rw/root might appear 478 * multiple times. If they do, the values need to be 479 * merged into an access list. If it was previously 480 * empty, the new value alone is added. 481 */ 482 oldvalue = sa_get_property_attr(prop, "value"); 483 if (oldvalue != NULL) { 484 /* 485 * The general case is to concatenate the new 486 * value onto the old value for multiple 487 * rw(ro/root) properties. A special case 488 * exists when either the old or new is the 489 * "all" case. In the special case, if both 490 * are "all", then it is "all", else if one is 491 * an access-list, that replaces the "all". 492 */ 493 if (strcmp(oldvalue, "*") == 0) { 494 /* Replace old value with new value. */ 495 newvalue = strdup(value); 496 } else if (strcmp(value, "*") == 0 || 497 strcmp(oldvalue, value) == 0) { 498 /* 499 * Keep old value and ignore 500 * the new value. 501 */ 502 newvalue = NULL; 503 } else { 504 /* 505 * Make a new list of old plus new 506 * access-list. 507 */ 508 newvalue = nfs_alistcat(oldvalue, 509 value, ':'); 510 } 511 512 if (newvalue != NULL) { 513 (void) sa_remove_property(prop); 514 prop = sa_create_property(name, 515 newvalue); 516 ret = sa_add_property(sec->security, 517 prop); 518 free(newvalue); 519 } 520 if (oldvalue != NULL) 521 sa_free_attr_string(oldvalue); 522 } 523 } else { 524 prop = sa_create_property(name, value); 525 ret = sa_add_property(sec->security, prop); 526 } 527 if (ret == SA_OK && !iszfs) { 528 ret = sa_commit_properties(sec->security, !persist); 529 } 530 } 531 return (ret); 532 } 533 534 /* 535 * check to see if group/share is persistent. 536 */ 537 static int 538 is_persistent(sa_group_t group) 539 { 540 char *type; 541 int persist = 1; 542 543 type = sa_get_group_attr(group, "type"); 544 if (type != NULL && strcmp(type, "persist") != 0) 545 persist = 0; 546 if (type != NULL) 547 sa_free_attr_string(type); 548 return (persist); 549 } 550 551 /* 552 * invalid_security(options) 553 * 554 * search option string for any invalid sec= type. 555 * return true (1) if any are not valid else false (0) 556 */ 557 static int 558 invalid_security(char *options) 559 { 560 char *copy, *base, *token, *value; 561 int ret = 0; 562 563 copy = strdup(options); 564 token = base = copy; 565 while (token != NULL && ret == 0) { 566 token = strtok(base, ","); 567 base = NULL; 568 if (token != NULL) { 569 value = strchr(token, '='); 570 if (value != NULL) 571 *value++ = '\0'; 572 if (strcmp(token, "sec") == 0) { 573 /* HAVE security flavors so check them */ 574 char *tok, *next; 575 for (next = NULL, tok = value; tok != NULL; 576 tok = next) { 577 next = strchr(tok, ':'); 578 if (next != NULL) 579 *next++ = '\0'; 580 ret = !nfs_validate_security_mode(tok); 581 if (ret) 582 break; 583 } 584 } 585 } 586 } 587 if (copy != NULL) 588 free(copy); 589 return (ret); 590 } 591 592 /* 593 * nfs_parse_legacy_options(group, options) 594 * 595 * Parse the old style options into internal format and store on the 596 * specified group. Group could be a share for full legacy support. 597 */ 598 599 static int 600 nfs_parse_legacy_options(sa_group_t group, char *options) 601 { 602 char *dup; 603 char *base; 604 char *token; 605 sa_optionset_t optionset; 606 struct securities *security_list = NULL; 607 sa_property_t prop; 608 int ret = SA_OK; 609 int iszfs = 0; 610 sa_group_t parent; 611 int persist = 0; 612 char *lasts; 613 614 /* do we have an existing optionset? */ 615 optionset = sa_get_optionset(group, "nfs"); 616 if (optionset == NULL) { 617 /* didn't find existing optionset so create one */ 618 optionset = sa_create_optionset(group, "nfs"); 619 } else { 620 /* 621 * Have an existing optionset . Ideally, we would need 622 * to compare options in order to detect errors. For 623 * now, we assume that the first optionset is the 624 * correct one and the others will be the same. An 625 * empty optionset is the same as no optionset so we 626 * don't want to exit in that case. Getting an empty 627 * optionset can occur with ZFS property checking. 628 */ 629 if (sa_get_property(optionset, NULL) != NULL) 630 return (ret); 631 } 632 633 if (strcmp(options, SHOPT_RW) == 0) { 634 /* 635 * there is a special case of only the option "rw" 636 * being the default option. We don't have to do 637 * anything. 638 */ 639 return (ret); 640 } 641 642 /* 643 * check if security types are present and validate them. If 644 * any are not legal, fail. 645 */ 646 647 if (invalid_security(options)) { 648 return (SA_INVALID_SECURITY); 649 } 650 651 /* 652 * in order to not attempt to change ZFS properties unless 653 * absolutely necessary, we never do it in the legacy parsing. 654 */ 655 if (sa_is_share(group)) { 656 char *zfs; 657 parent = sa_get_parent_group(group); 658 if (parent != NULL) { 659 zfs = sa_get_group_attr(parent, "zfs"); 660 if (zfs != NULL) { 661 sa_free_attr_string(zfs); 662 iszfs++; 663 } 664 } 665 } else { 666 iszfs = sa_group_is_zfs(group); 667 } 668 669 /* We need a copy of options for the next part. */ 670 dup = strdup(options); 671 if (dup == NULL) 672 return (SA_NO_MEMORY); 673 674 /* 675 * we need to step through each option in the string and then 676 * add either the option or the security option as needed. If 677 * this is not a persistent share, don't commit to the 678 * repository. If there is an error, we also want to abort the 679 * processing and report it. 680 */ 681 persist = is_persistent(group); 682 base = dup; 683 token = dup; 684 lasts = NULL; 685 while (token != NULL && ret == SA_OK) { 686 ret = SA_OK; 687 token = strtok_r(base, ",", &lasts); 688 base = NULL; 689 if (token != NULL) { 690 char *value; 691 /* 692 * if the option has a value, it will have an '=' to 693 * separate the name from the value. The following 694 * code will result in value != NULL and token 695 * pointing to just the name if there is a value. 696 */ 697 value = strchr(token, '='); 698 if (value != NULL) { 699 *value++ = '\0'; 700 } 701 if (strcmp(token, "sec") == 0 || 702 strcmp(token, "secure") == 0) { 703 /* 704 * Once in security parsing, we only 705 * do security. We do need to move 706 * between the security node and the 707 * toplevel. The security tag goes on 708 * the root while the following ones 709 * go on the security. 710 */ 711 if (security_list != NULL) { 712 /* 713 * have an old list so close it and 714 * start the new 715 */ 716 free_security_list(security_list); 717 } 718 if (strcmp(token, "secure") == 0) { 719 value = "dh"; 720 } else { 721 if (value == NULL) { 722 ret = SA_SYNTAX_ERR; 723 break; 724 } 725 } 726 security_list = make_security_list(group, 727 value, "nfs"); 728 } else { 729 /* 730 * Note that the "old" syntax allowed a 731 * default security model This must be 732 * accounted for and internally converted to 733 * "standard" security structure. 734 */ 735 if (nfs_is_security_opt(token)) { 736 if (security_list == NULL) { 737 /* 738 * need to have a 739 * security 740 * option. This will 741 * be "closed" when a 742 * defined "sec=" 743 * option is 744 * seen. This is 745 * technically an 746 * error but will be 747 * allowed with 748 * warning. 749 */ 750 security_list = 751 make_security_list(group, 752 "default", 753 "nfs"); 754 } 755 if (security_list != NULL) { 756 ret = add_security_prop( 757 security_list, token, 758 value, persist, iszfs); 759 } else { 760 ret = SA_NO_MEMORY; 761 } 762 } else { 763 /* regular options */ 764 if (value == NULL) { 765 if (strcmp(token, SHOPT_RW) == 766 0 || strcmp(token, 767 SHOPT_RO) == 0) { 768 value = "*"; 769 } else { 770 value = "global"; 771 if (strcmp(token, 772 SHOPT_LOG) != 0) { 773 value = "true"; 774 } 775 } 776 } 777 /* 778 * In all cases, create the 779 * property specified. If the 780 * value was NULL, the default 781 * value will have been 782 * substituted. 783 */ 784 prop = sa_create_property(token, value); 785 ret = sa_add_property(optionset, prop); 786 if (ret != SA_OK) 787 break; 788 789 if (!iszfs) { 790 ret = sa_commit_properties( 791 optionset, !persist); 792 } 793 } 794 } 795 } 796 } 797 if (security_list != NULL) 798 free_security_list(security_list); 799 800 free(dup); 801 return (ret); 802 } 803 804 /* 805 * is_a_number(number) 806 * 807 * is the string a number in one of the forms we want to use? 808 */ 809 810 static int 811 is_a_number(char *number) 812 { 813 int ret = 1; 814 int hex = 0; 815 816 if (strncmp(number, "0x", 2) == 0) { 817 number += 2; 818 hex = 1; 819 } else if (*number == '-') { 820 number++; /* skip the minus */ 821 } 822 while (ret == 1 && *number != '\0') { 823 if (hex) { 824 ret = isxdigit(*number++); 825 } else { 826 ret = isdigit(*number++); 827 } 828 } 829 return (ret); 830 } 831 832 /* 833 * Look for the specified tag in the configuration file. If it is found, 834 * enable logging and set the logging configuration information for exp. 835 */ 836 static void 837 configlog(struct exportdata *exp, char *tag) 838 { 839 nfsl_config_t *configlist = NULL, *configp; 840 int error = 0; 841 char globaltag[] = DEFAULTTAG; 842 843 /* 844 * Sends config errors to stderr 845 */ 846 nfsl_errs_to_syslog = B_FALSE; 847 848 /* 849 * get the list of configuration settings 850 */ 851 error = nfsl_getconfig_list(&configlist); 852 if (error) { 853 (void) fprintf(stderr, 854 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 855 strerror(error)); 856 } 857 858 if (tag == NULL) 859 tag = globaltag; 860 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 861 nfsl_freeconfig_list(&configlist); 862 (void) fprintf(stderr, 863 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 864 /* bad configuration */ 865 error = ENOENT; 866 goto err; 867 } 868 869 if ((exp->ex_tag = strdup(tag)) == NULL) { 870 error = ENOMEM; 871 goto out; 872 } 873 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 874 error = ENOMEM; 875 goto out; 876 } 877 exp->ex_flags |= EX_LOG; 878 if (configp->nc_rpclogpath != NULL) 879 exp->ex_flags |= EX_LOG_ALLOPS; 880 out: 881 if (configlist != NULL) 882 nfsl_freeconfig_list(&configlist); 883 884 err: 885 if (error != 0) { 886 if (exp->ex_flags != NULL) 887 free(exp->ex_tag); 888 if (exp->ex_log_buffer != NULL) 889 free(exp->ex_log_buffer); 890 (void) fprintf(stderr, 891 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 892 strerror(error)); 893 } 894 } 895 896 /* 897 * fill_export_from_optionset(export, optionset) 898 * 899 * In order to share, we need to set all the possible general options 900 * into the export structure. Share info will be filled in by the 901 * caller. Various property values get turned into structure specific 902 * values. 903 */ 904 905 static int 906 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 907 { 908 sa_property_t option; 909 int ret = SA_OK; 910 911 for (option = sa_get_property(optionset, NULL); 912 option != NULL; option = sa_get_next_property(option)) { 913 char *name; 914 char *value; 915 uint32_t val; 916 917 /* 918 * since options may be set/reset multiple times, always do an 919 * explicit set or clear of the option. This allows defaults 920 * to be set and then the protocol specific to override. 921 */ 922 923 name = sa_get_property_attr(option, "type"); 924 value = sa_get_property_attr(option, "value"); 925 switch (findopt(name)) { 926 case OPT_ANON: 927 if (value != NULL && is_a_number(value)) { 928 val = strtoul(value, NULL, 0); 929 } else { 930 struct passwd *pw; 931 pw = getpwnam(value != NULL ? value : "nobody"); 932 if (pw != NULL) { 933 val = pw->pw_uid; 934 } else { 935 val = UID_NOBODY; 936 } 937 endpwent(); 938 } 939 export->ex_anon = val; 940 break; 941 case OPT_NOSUID: 942 if (value != NULL && (strcasecmp(value, "true") == 0 || 943 strcmp(value, "1") == 0)) 944 export->ex_flags |= EX_NOSUID; 945 else 946 export->ex_flags &= ~EX_NOSUID; 947 break; 948 case OPT_ACLOK: 949 if (value != NULL && (strcasecmp(value, "true") == 0 || 950 strcmp(value, "1") == 0)) 951 export->ex_flags |= EX_ACLOK; 952 else 953 export->ex_flags &= ~EX_ACLOK; 954 break; 955 case OPT_NOSUB: 956 if (value != NULL && (strcasecmp(value, "true") == 0 || 957 strcmp(value, "1") == 0)) 958 export->ex_flags |= EX_NOSUB; 959 else 960 export->ex_flags &= ~EX_NOSUB; 961 break; 962 case OPT_PUBLIC: 963 if (value != NULL && (strcasecmp(value, "true") == 0 || 964 strcmp(value, "1") == 0)) 965 export->ex_flags |= EX_PUBLIC; 966 else 967 export->ex_flags &= ~EX_PUBLIC; 968 break; 969 case OPT_INDEX: 970 if (value != NULL && (strcmp(value, "..") == 0 || 971 strchr(value, '/') != NULL)) { 972 /* this is an error */ 973 (void) printf(dgettext(TEXT_DOMAIN, 974 "NFS: index=\"%s\" not valid;" 975 "must be a filename.\n"), 976 value); 977 break; 978 } 979 if (value != NULL && *value != '\0' && 980 strcmp(value, ".") != 0) { 981 /* valid index file string */ 982 if (export->ex_index != NULL) { 983 /* left over from "default" */ 984 free(export->ex_index); 985 } 986 /* remember to free */ 987 export->ex_index = strdup(value); 988 if (export->ex_index == NULL) { 989 (void) printf(dgettext(TEXT_DOMAIN, 990 "NFS: out of memory setting " 991 "index property\n")); 992 break; 993 } 994 export->ex_flags |= EX_INDEX; 995 } 996 break; 997 case OPT_LOG: 998 if (value == NULL) 999 value = strdup("global"); 1000 if (value != NULL) 1001 configlog(export, 1002 strlen(value) ? value : "global"); 1003 break; 1004 case OPT_CHARSET_MAP: 1005 /* 1006 * Set EX_CHARMAP when there is at least one 1007 * charmap conversion property. This will get 1008 * checked by the nfs server when it needs to. 1009 */ 1010 export->ex_flags |= EX_CHARMAP; 1011 break; 1012 case OPT_NOACLFAB: 1013 if (value != NULL && (strcasecmp(value, "true") == 0 || 1014 strcmp(value, "1") == 0)) 1015 export->ex_flags |= EX_NOACLFAB; 1016 else 1017 export->ex_flags &= ~EX_NOACLFAB; 1018 break; 1019 default: 1020 /* have a syntactic error */ 1021 (void) printf(dgettext(TEXT_DOMAIN, 1022 "NFS: unrecognized option %s=%s\n"), 1023 name != NULL ? name : "", 1024 value != NULL ? value : ""); 1025 break; 1026 } 1027 if (name != NULL) 1028 sa_free_attr_string(name); 1029 if (value != NULL) 1030 sa_free_attr_string(value); 1031 } 1032 return (ret); 1033 } 1034 1035 /* 1036 * cleanup_export(export) 1037 * 1038 * Cleanup the allocated areas so we don't leak memory 1039 */ 1040 1041 static void 1042 cleanup_export(struct exportdata *export) 1043 { 1044 int i; 1045 1046 if (export->ex_index != NULL) 1047 free(export->ex_index); 1048 if (export->ex_secinfo != NULL) { 1049 for (i = 0; i < export->ex_seccnt; i++) 1050 if (export->ex_secinfo[i].s_rootnames != NULL) 1051 free(export->ex_secinfo[i].s_rootnames); 1052 free(export->ex_secinfo); 1053 } 1054 } 1055 1056 /* 1057 * Given a seconfig entry and a colon-separated 1058 * list of names, allocate an array big enough 1059 * to hold the root list, then convert each name to 1060 * a principal name according to the security 1061 * info and assign it to an array element. 1062 * Return the array and its size. 1063 */ 1064 static caddr_t * 1065 get_rootnames(seconfig_t *sec, char *list, int *count) 1066 { 1067 caddr_t *a; 1068 int c, i; 1069 char *host, *p; 1070 1071 /* 1072 * Count the number of strings in the list. 1073 * This is the number of colon separators + 1. 1074 */ 1075 c = 1; 1076 for (p = list; *p; p++) 1077 if (*p == ':') 1078 c++; 1079 *count = c; 1080 1081 a = (caddr_t *)malloc(c * sizeof (char *)); 1082 if (a == NULL) { 1083 (void) printf(dgettext(TEXT_DOMAIN, 1084 "get_rootnames: no memory\n")); 1085 } else { 1086 for (i = 0; i < c; i++) { 1087 host = strtok(list, ":"); 1088 if (!nfs_get_root_principal(sec, host, &a[i])) { 1089 free(a); 1090 a = NULL; 1091 break; 1092 } 1093 list = NULL; 1094 } 1095 } 1096 1097 return (a); 1098 } 1099 1100 /* 1101 * fill_security_from_secopts(sp, secopts) 1102 * 1103 * Fill the secinfo structure from the secopts optionset. 1104 */ 1105 1106 static int 1107 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1108 { 1109 sa_property_t prop; 1110 char *type; 1111 int longform; 1112 int err = SC_NOERROR; 1113 uint32_t val; 1114 1115 type = sa_get_security_attr(secopts, "sectype"); 1116 if (type != NULL) { 1117 /* named security type needs secinfo to be filled in */ 1118 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1119 sa_free_attr_string(type); 1120 if (err != SC_NOERROR) 1121 return (err); 1122 } else { 1123 /* default case */ 1124 err = nfs_getseconfig_default(&sp->s_secinfo); 1125 if (err != SC_NOERROR) 1126 return (err); 1127 } 1128 1129 err = SA_OK; 1130 for (prop = sa_get_property(secopts, NULL); 1131 prop != NULL && err == SA_OK; 1132 prop = sa_get_next_property(prop)) { 1133 char *name; 1134 char *value; 1135 1136 name = sa_get_property_attr(prop, "type"); 1137 value = sa_get_property_attr(prop, "value"); 1138 1139 longform = value != NULL && strcmp(value, "*") != 0; 1140 1141 switch (findopt(name)) { 1142 case OPT_RO: 1143 sp->s_flags |= longform ? M_ROL : M_RO; 1144 break; 1145 case OPT_RW: 1146 sp->s_flags |= longform ? M_RWL : M_RW; 1147 break; 1148 case OPT_ROOT: 1149 sp->s_flags |= M_ROOT; 1150 /* 1151 * if we are using AUTH_UNIX, handle like other things 1152 * such as RO/RW 1153 */ 1154 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1155 continue; 1156 /* not AUTH_UNIX */ 1157 if (value != NULL) { 1158 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1159 value, &sp->s_rootcnt); 1160 if (sp->s_rootnames == NULL) { 1161 err = SA_BAD_VALUE; 1162 (void) fprintf(stderr, 1163 dgettext(TEXT_DOMAIN, 1164 "Bad root list\n")); 1165 } 1166 } 1167 break; 1168 case OPT_NONE: 1169 sp->s_flags |= M_NONE; 1170 break; 1171 case OPT_WINDOW: 1172 if (value != NULL) { 1173 sp->s_window = atoi(value); 1174 /* just in case */ 1175 if (sp->s_window < 0) 1176 sp->s_window = DEF_WIN; 1177 } 1178 break; 1179 case OPT_ROOT_MAPPING: 1180 if (value != NULL && is_a_number(value)) { 1181 val = strtoul(value, NULL, 0); 1182 } else { 1183 struct passwd *pw; 1184 pw = getpwnam(value != NULL ? value : "nobody"); 1185 if (pw != NULL) { 1186 val = pw->pw_uid; 1187 } else { 1188 val = UID_NOBODY; 1189 } 1190 endpwent(); 1191 } 1192 sp->s_rootid = val; 1193 break; 1194 default: 1195 break; 1196 } 1197 if (name != NULL) 1198 sa_free_attr_string(name); 1199 if (value != NULL) 1200 sa_free_attr_string(value); 1201 } 1202 /* if rw/ro options not set, use default of RW */ 1203 if ((sp->s_flags & NFS_RWMODES) == 0) 1204 sp->s_flags |= M_RW; 1205 return (err); 1206 } 1207 1208 /* 1209 * This is for testing only 1210 * It displays the export structure that 1211 * goes into the kernel. 1212 */ 1213 static void 1214 printarg(char *path, struct exportdata *ep) 1215 { 1216 int i, j; 1217 struct secinfo *sp; 1218 1219 if (debug == 0) 1220 return; 1221 1222 (void) printf("%s:\n", path); 1223 (void) printf("\tex_version = %d\n", ep->ex_version); 1224 (void) printf("\tex_path = %s\n", ep->ex_path); 1225 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1226 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1227 if (ep->ex_flags & EX_NOSUID) 1228 (void) printf("NOSUID "); 1229 if (ep->ex_flags & EX_ACLOK) 1230 (void) printf("ACLOK "); 1231 if (ep->ex_flags & EX_PUBLIC) 1232 (void) printf("PUBLIC "); 1233 if (ep->ex_flags & EX_NOSUB) 1234 (void) printf("NOSUB "); 1235 if (ep->ex_flags & EX_LOG) 1236 (void) printf("LOG "); 1237 if (ep->ex_flags & EX_CHARMAP) 1238 (void) printf("CHARMAP "); 1239 if (ep->ex_flags & EX_LOG_ALLOPS) 1240 (void) printf("LOG_ALLOPS "); 1241 if (ep->ex_flags == 0) 1242 (void) printf("(none)"); 1243 (void) printf("\n"); 1244 if (ep->ex_flags & EX_LOG) { 1245 (void) printf("\tex_log_buffer = %s\n", 1246 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1247 (void) printf("\tex_tag = %s\n", 1248 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1249 } 1250 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1251 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1252 (void) printf("\n"); 1253 for (i = 0; i < ep->ex_seccnt; i++) { 1254 sp = &ep->ex_secinfo[i]; 1255 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1256 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1257 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1258 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1259 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1260 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1261 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1262 if (sp->s_flags & M_NONE) (void) printf("M_NONE "); 1263 if (sp->s_flags == 0) (void) printf("(none)"); 1264 (void) printf("\n"); 1265 (void) printf("\t\ts_window = %d\n", sp->s_window); 1266 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid); 1267 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1268 (void) fflush(stdout); 1269 for (j = 0; j < sp->s_rootcnt; j++) 1270 (void) printf("%s ", sp->s_rootnames[j] ? 1271 sp->s_rootnames[j] : "<null>"); 1272 (void) printf("\n\n"); 1273 } 1274 } 1275 1276 /* 1277 * count_security(opts) 1278 * 1279 * Count the number of security types (flavors). The optionset has 1280 * been populated with the security flavors as a holding mechanism. 1281 * We later use this number to allocate data structures. 1282 */ 1283 1284 static int 1285 count_security(sa_optionset_t opts) 1286 { 1287 int count = 0; 1288 sa_property_t prop; 1289 if (opts != NULL) { 1290 for (prop = sa_get_property(opts, NULL); prop != NULL; 1291 prop = sa_get_next_property(prop)) { 1292 count++; 1293 } 1294 } 1295 return (count); 1296 } 1297 1298 /* 1299 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1300 * 1301 * provides a mechanism to format NFS properties into legacy output 1302 * format. If the buffer would overflow, it is reallocated and grown 1303 * as appropriate. Special cases of converting internal form of values 1304 * to those used by "share" are done. this function does one property 1305 * at a time. 1306 */ 1307 1308 static int 1309 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1310 sa_property_t prop, int sep) 1311 { 1312 char *name; 1313 char *value; 1314 int curlen; 1315 char *buff = *rbuff; 1316 size_t buffsize = *rbuffsize; 1317 int printed = B_FALSE; 1318 1319 name = sa_get_property_attr(prop, "type"); 1320 value = sa_get_property_attr(prop, "value"); 1321 if (buff != NULL) 1322 curlen = strlen(buff); 1323 else 1324 curlen = 0; 1325 if (name != NULL) { 1326 int len; 1327 len = strlen(name) + sep; 1328 1329 /* 1330 * A future RFE would be to replace this with more 1331 * generic code and to possibly handle more types. 1332 */ 1333 switch (gettype(name)) { 1334 case OPT_TYPE_BOOLEAN: 1335 /* 1336 * For NFS, boolean value of FALSE means it 1337 * doesn't show up in the option list at all. 1338 */ 1339 if (value != NULL && strcasecmp(value, "false") == 0) 1340 goto skip; 1341 if (value != NULL) { 1342 sa_free_attr_string(value); 1343 value = NULL; 1344 } 1345 break; 1346 case OPT_TYPE_ACCLIST: 1347 if (value != NULL && strcmp(value, "*") == 0) { 1348 sa_free_attr_string(value); 1349 value = NULL; 1350 } else { 1351 if (value != NULL) 1352 len += 1 + strlen(value); 1353 } 1354 break; 1355 case OPT_TYPE_LOGTAG: 1356 if (value != NULL && strlen(value) == 0) { 1357 sa_free_attr_string(value); 1358 value = NULL; 1359 } else { 1360 if (value != NULL) 1361 len += 1 + strlen(value); 1362 } 1363 break; 1364 default: 1365 if (value != NULL) 1366 len += 1 + strlen(value); 1367 break; 1368 } 1369 while (buffsize <= (curlen + len)) { 1370 /* need more room */ 1371 buffsize += incr; 1372 buff = realloc(buff, buffsize); 1373 if (buff == NULL) { 1374 /* realloc failed so free everything */ 1375 if (*rbuff != NULL) 1376 free(*rbuff); 1377 } 1378 *rbuff = buff; 1379 *rbuffsize = buffsize; 1380 if (buff == NULL) 1381 goto skip; 1382 1383 } 1384 1385 if (buff == NULL) 1386 goto skip; 1387 1388 if (value == NULL) { 1389 (void) snprintf(buff + curlen, buffsize - curlen, 1390 "%s%s", sep ? "," : "", 1391 name, value != NULL ? value : ""); 1392 } else { 1393 (void) snprintf(buff + curlen, buffsize - curlen, 1394 "%s%s=%s", sep ? "," : "", 1395 name, value != NULL ? value : ""); 1396 } 1397 printed = B_TRUE; 1398 } 1399 skip: 1400 if (name != NULL) 1401 sa_free_attr_string(name); 1402 if (value != NULL) 1403 sa_free_attr_string(value); 1404 return (printed); 1405 } 1406 1407 /* 1408 * nfs_format_options(group, hier) 1409 * 1410 * format all the options on the group into an old-style option 1411 * string. If hier is non-zero, walk up the tree to get inherited 1412 * options. 1413 */ 1414 1415 static char * 1416 nfs_format_options(sa_group_t group, int hier) 1417 { 1418 sa_optionset_t options = NULL; 1419 sa_optionset_t secoptions = NULL; 1420 sa_property_t prop, secprop; 1421 sa_security_t security = NULL; 1422 char *buff; 1423 size_t buffsize; 1424 char *sectype = NULL; 1425 int sep = 0; 1426 1427 1428 buff = malloc(OPT_CHUNK); 1429 if (buff == NULL) { 1430 return (NULL); 1431 } 1432 1433 buff[0] = '\0'; 1434 buffsize = OPT_CHUNK; 1435 1436 /* 1437 * We may have a an optionset relative to this item. format 1438 * these if we find them and then add any security definitions. 1439 */ 1440 1441 options = sa_get_derived_optionset(group, "nfs", hier); 1442 1443 /* 1444 * do the default set first but skip any option that is also 1445 * in the protocol specific optionset. 1446 */ 1447 if (options != NULL) { 1448 for (prop = sa_get_property(options, NULL); 1449 prop != NULL; prop = sa_get_next_property(prop)) { 1450 /* 1451 * use this one since we skipped any 1452 * of these that were also in 1453 * optdefault 1454 */ 1455 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1456 prop, sep)) 1457 sep = 1; 1458 if (buff == NULL) { 1459 /* 1460 * buff could become NULL if there 1461 * isn't enough memory for 1462 * nfs_sprint_option to realloc() 1463 * as necessary. We can't really 1464 * do anything about it at this 1465 * point so we return NULL. The 1466 * caller should handle the 1467 * failure. 1468 */ 1469 if (options != NULL) 1470 sa_free_derived_optionset( 1471 options); 1472 return (buff); 1473 } 1474 } 1475 } 1476 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1477 "nfs", hier); 1478 if (secoptions != NULL) { 1479 for (secprop = sa_get_property(secoptions, NULL); 1480 secprop != NULL; 1481 secprop = sa_get_next_property(secprop)) { 1482 sectype = sa_get_property_attr(secprop, "type"); 1483 security = 1484 (sa_security_t)sa_get_derived_security( 1485 group, sectype, "nfs", hier); 1486 if (security != NULL) { 1487 if (sectype != NULL) { 1488 prop = sa_create_property( 1489 "sec", sectype); 1490 if (prop == NULL) 1491 goto err; 1492 if (nfs_sprint_option(&buff, 1493 &buffsize, OPT_CHUNK, prop, sep)) 1494 sep = 1; 1495 (void) sa_remove_property(prop); 1496 if (buff == NULL) 1497 goto err; 1498 } 1499 for (prop = sa_get_property(security, 1500 NULL); prop != NULL; 1501 prop = sa_get_next_property(prop)) { 1502 if (nfs_sprint_option(&buff, 1503 &buffsize, OPT_CHUNK, prop, sep)) 1504 sep = 1; 1505 if (buff == NULL) 1506 goto err; 1507 } 1508 sa_free_derived_optionset(security); 1509 } 1510 if (sectype != NULL) 1511 sa_free_attr_string(sectype); 1512 } 1513 sa_free_derived_optionset(secoptions); 1514 } 1515 1516 if (options != NULL) 1517 sa_free_derived_optionset(options); 1518 return (buff); 1519 1520 err: 1521 /* 1522 * If we couldn't allocate memory for option printing, we need 1523 * to break out of the nested loops, cleanup and return NULL. 1524 */ 1525 if (secoptions != NULL) 1526 sa_free_derived_optionset(secoptions); 1527 if (security != NULL) 1528 sa_free_derived_optionset(security); 1529 if (sectype != NULL) 1530 sa_free_attr_string(sectype); 1531 if (options != NULL) 1532 sa_free_derived_optionset(options); 1533 return (buff); 1534 } 1535 1536 /* 1537 * Append an entry to the nfslogtab file 1538 */ 1539 static int 1540 nfslogtab_add(dir, buffer, tag) 1541 char *dir, *buffer, *tag; 1542 { 1543 FILE *f; 1544 struct logtab_ent lep; 1545 int error = 0; 1546 1547 /* 1548 * Open the file for update and create it if necessary. 1549 * This may leave the I/O offset at the end of the file, 1550 * so rewind back to the beginning of the file. 1551 */ 1552 f = fopen(NFSLOGTAB, "a+"); 1553 if (f == NULL) { 1554 error = errno; 1555 goto out; 1556 } 1557 rewind(f); 1558 1559 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1560 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1561 "share complete, however failed to lock %s " 1562 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1563 error = -1; 1564 goto out; 1565 } 1566 1567 if (logtab_deactivate_after_boot(f) == -1) { 1568 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1569 "share complete, however could not deactivate " 1570 "entries in %s\n"), NFSLOGTAB); 1571 error = -1; 1572 goto out; 1573 } 1574 1575 /* 1576 * Remove entries matching buffer and sharepoint since we're 1577 * going to replace it with perhaps an entry with a new tag. 1578 */ 1579 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1580 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1581 "share complete, however could not remove matching " 1582 "entries in %s\n"), NFSLOGTAB); 1583 error = -1; 1584 goto out; 1585 } 1586 1587 /* 1588 * Deactivate all active entries matching this sharepoint 1589 */ 1590 if (logtab_deactivate(f, NULL, dir, NULL)) { 1591 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1592 "share complete, however could not deactivate matching " 1593 "entries in %s\n"), NFSLOGTAB); 1594 error = -1; 1595 goto out; 1596 } 1597 1598 lep.le_buffer = buffer; 1599 lep.le_path = dir; 1600 lep.le_tag = tag; 1601 lep.le_state = LES_ACTIVE; 1602 1603 /* 1604 * Add new sharepoint / buffer location to nfslogtab 1605 */ 1606 if (logtab_putent(f, &lep) < 0) { 1607 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1608 "share complete, however could not add %s to %s\n"), 1609 dir, NFSLOGTAB); 1610 error = -1; 1611 } 1612 1613 out: 1614 if (f != NULL) 1615 (void) fclose(f); 1616 return (error); 1617 } 1618 1619 /* 1620 * Deactivate an entry from the nfslogtab file 1621 */ 1622 static int 1623 nfslogtab_deactivate(path) 1624 char *path; 1625 { 1626 FILE *f; 1627 int error = 0; 1628 1629 f = fopen(NFSLOGTAB, "r+"); 1630 if (f == NULL) { 1631 error = errno; 1632 goto out; 1633 } 1634 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1635 error = errno; 1636 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1637 "share complete, however could not lock %s for " 1638 "update: %s\n"), NFSLOGTAB, strerror(error)); 1639 goto out; 1640 } 1641 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1642 error = -1; 1643 (void) fprintf(stderr, 1644 dgettext(TEXT_DOMAIN, 1645 "share complete, however could not " 1646 "deactivate %s in %s\n"), path, NFSLOGTAB); 1647 goto out; 1648 } 1649 1650 out: if (f != NULL) 1651 (void) fclose(f); 1652 1653 return (error); 1654 } 1655 1656 /* 1657 * check_public(group, skipshare) 1658 * 1659 * Check the group for any shares that have the public property 1660 * enabled. We skip "skipshare" since that is the one we are 1661 * working with. This is a separate function to make handling 1662 * subgroups simpler. Returns true if there is a share with public. 1663 */ 1664 static int 1665 check_public(sa_group_t group, sa_share_t skipshare) 1666 { 1667 int exists = B_FALSE; 1668 sa_share_t share; 1669 sa_optionset_t opt; 1670 sa_property_t prop; 1671 char *shared; 1672 1673 for (share = sa_get_share(group, NULL); share != NULL; 1674 share = sa_get_next_share(share)) { 1675 if (share == skipshare) 1676 continue; 1677 1678 opt = sa_get_optionset(share, "nfs"); 1679 if (opt == NULL) 1680 continue; 1681 prop = sa_get_property(opt, "public"); 1682 if (prop == NULL) 1683 continue; 1684 shared = sa_get_share_attr(share, "shared"); 1685 if (shared != NULL) { 1686 exists = strcmp(shared, "true") == 0; 1687 sa_free_attr_string(shared); 1688 if (exists == B_TRUE) 1689 break; 1690 } 1691 } 1692 1693 return (exists); 1694 } 1695 1696 /* 1697 * public_exists(handle, share) 1698 * 1699 * check to see if public option is set on any other share than the 1700 * one specified. Need to check zfs sub-groups as well as the top 1701 * level groups. 1702 */ 1703 static int 1704 public_exists(sa_handle_t handle, sa_share_t skipshare) 1705 { 1706 sa_group_t group = NULL; 1707 1708 /* 1709 * If we don't have a handle, we can only do syntax check. We 1710 * can't check against other shares so we assume OK and will 1711 * catch the problem only when we actually try to apply it. 1712 */ 1713 if (handle == NULL) 1714 return (SA_OK); 1715 1716 if (skipshare != NULL) { 1717 group = sa_get_parent_group(skipshare); 1718 if (group == NULL) 1719 return (SA_NO_SUCH_GROUP); 1720 } 1721 1722 for (group = sa_get_group(handle, NULL); group != NULL; 1723 group = sa_get_next_group(group)) { 1724 /* Walk any ZFS subgroups as well as all standard groups */ 1725 if (sa_group_is_zfs(group)) { 1726 sa_group_t subgroup; 1727 for (subgroup = sa_get_sub_group(group); 1728 subgroup != NULL; 1729 subgroup = sa_get_next_group(subgroup)) { 1730 if (check_public(subgroup, skipshare)) 1731 return (B_TRUE); 1732 } 1733 } else { 1734 if (check_public(group, skipshare)) 1735 return (B_TRUE); 1736 } 1737 } 1738 return (B_FALSE); 1739 } 1740 1741 /* 1742 * sa_enable_share at the protocol level, enable_share must tell the 1743 * implementation that it is to enable the share. This entails 1744 * converting the path and options into the appropriate ioctl 1745 * calls. It is assumed that all error checking of paths, etc. were 1746 * done earlier. 1747 */ 1748 static int 1749 nfs_enable_share(sa_share_t share) 1750 { 1751 struct exportdata export; 1752 sa_optionset_t secoptlist; 1753 struct secinfo *sp; 1754 int num_secinfo; 1755 sa_optionset_t opt; 1756 sa_security_t sec; 1757 sa_property_t prop; 1758 char *path; 1759 int err = SA_OK; 1760 int i; 1761 int iszfs; 1762 sa_handle_t handle; 1763 1764 /* Don't drop core if the NFS module isn't loaded. */ 1765 (void) signal(SIGSYS, SIG_IGN); 1766 1767 /* get the path since it is important in several places */ 1768 path = sa_get_share_attr(share, "path"); 1769 if (path == NULL) 1770 return (SA_NO_SUCH_PATH); 1771 1772 iszfs = sa_path_is_zfs(path); 1773 /* 1774 * find the optionsets and security sets. There may not be 1775 * any or there could be one or two for each of optionset and 1776 * security may have multiple, one per security type per 1777 * protocol type. 1778 */ 1779 opt = sa_get_derived_optionset(share, "nfs", 1); 1780 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1781 if (secoptlist != NULL) 1782 num_secinfo = MAX(1, count_security(secoptlist)); 1783 else 1784 num_secinfo = 1; 1785 1786 /* 1787 * walk through the options and fill in the structure 1788 * appropriately. 1789 */ 1790 1791 (void) memset(&export, '\0', sizeof (export)); 1792 1793 /* 1794 * do non-security options first since there is only one after 1795 * the derived group is constructed. 1796 */ 1797 export.ex_version = EX_CURRENT_VERSION; 1798 export.ex_anon = UID_NOBODY; /* this is our default value */ 1799 export.ex_index = NULL; 1800 export.ex_path = path; 1801 export.ex_pathlen = strlen(path) + 1; 1802 1803 if (opt != NULL) 1804 err = fill_export_from_optionset(&export, opt); 1805 1806 /* 1807 * check to see if "public" is set. If it is, then make sure 1808 * no other share has it set. If it is already used, fail. 1809 */ 1810 1811 handle = sa_find_group_handle((sa_group_t)share); 1812 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) { 1813 (void) printf(dgettext(TEXT_DOMAIN, 1814 "NFS: Cannot share more than one file " 1815 "system with 'public' property\n")); 1816 err = SA_NOT_ALLOWED; 1817 goto out; 1818 } 1819 1820 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1821 if (sp == NULL) { 1822 err = SA_NO_MEMORY; 1823 (void) printf(dgettext(TEXT_DOMAIN, 1824 "NFS: NFS: no memory for security\n")); 1825 goto out; 1826 } 1827 export.ex_secinfo = sp; 1828 /* get default secinfo */ 1829 export.ex_seccnt = num_secinfo; 1830 /* 1831 * since we must have one security option defined, we 1832 * init to the default and then override as we find 1833 * defined security options. This handles the case 1834 * where we have no defined options but we need to set 1835 * up one. 1836 */ 1837 sp[0].s_window = DEF_WIN; 1838 sp[0].s_rootnames = NULL; 1839 /* setup a default in case no properties defined */ 1840 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1841 (void) printf(dgettext(TEXT_DOMAIN, 1842 "NFS: nfs_getseconfig_default: failed to " 1843 "get default security mode\n")); 1844 err = SA_CONFIG_ERR; 1845 } 1846 if (secoptlist != NULL) { 1847 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1848 prop != NULL && i < num_secinfo; 1849 prop = sa_get_next_property(prop), i++) { 1850 char *sectype; 1851 sectype = sa_get_property_attr(prop, "type"); 1852 /* 1853 * if sectype is NULL, we probably 1854 * have a memory problem and can't get 1855 * the correct values. Rather than 1856 * exporting with incorrect security, 1857 * don't share it. 1858 */ 1859 if (sectype == NULL) { 1860 err = SA_NO_MEMORY; 1861 (void) printf(dgettext(TEXT_DOMAIN, 1862 "NFS: Cannot share %s: " 1863 "no memory\n"), path); 1864 goto out; 1865 } 1866 sec = (sa_security_t)sa_get_derived_security( 1867 share, sectype, "nfs", 1); 1868 sp[i].s_window = DEF_WIN; 1869 sp[i].s_rootcnt = 0; 1870 sp[i].s_rootnames = NULL; 1871 (void) fill_security_from_secopts(&sp[i], sec); 1872 if (sec != NULL) 1873 sa_free_derived_security(sec); 1874 if (sectype != NULL) 1875 sa_free_attr_string(sectype); 1876 } 1877 } 1878 /* 1879 * when we get here, we can do the exportfs system call and 1880 * initiate thinsg. We probably want to enable the nfs.server 1881 * service first if it isn't running within SMF. 1882 */ 1883 /* check nfs.server status and start if needed */ 1884 /* now add the share to the internal tables */ 1885 printarg(path, &export); 1886 /* 1887 * call the exportfs system call which is implemented 1888 * via the nfssys() call as the EXPORTFS subfunction. 1889 */ 1890 if (iszfs) { 1891 struct exportfs_args ea; 1892 share_t sh; 1893 char *str; 1894 priv_set_t *priv_effective; 1895 int privileged; 1896 1897 /* 1898 * If we aren't a privileged user 1899 * and NFS server service isn't running 1900 * then print out an error message 1901 * and return EPERM 1902 */ 1903 1904 priv_effective = priv_allocset(); 1905 (void) getppriv(PRIV_EFFECTIVE, priv_effective); 1906 1907 privileged = (priv_isfullset(priv_effective) == B_TRUE); 1908 priv_freeset(priv_effective); 1909 1910 if (!privileged && 1911 (str = smf_get_state(NFS_SERVER_SVC)) != NULL) { 1912 err = 0; 1913 if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) { 1914 (void) printf(dgettext(TEXT_DOMAIN, 1915 "NFS: Cannot share remote " 1916 "filesystem: %s\n"), path); 1917 (void) printf(dgettext(TEXT_DOMAIN, 1918 "NFS: Service needs to be enabled " 1919 "by a privileged user\n")); 1920 err = SA_SYSTEM_ERR; 1921 errno = EPERM; 1922 } 1923 free(str); 1924 } 1925 1926 if (err == 0) { 1927 ea.dname = path; 1928 ea.uex = &export; 1929 1930 (void) sa_sharetab_fill_zfs(share, &sh, "nfs"); 1931 err = sa_share_zfs(share, NULL, path, &sh, 1932 &ea, ZFS_SHARE_NFS); 1933 if (err != SA_OK) { 1934 errno = err; 1935 err = -1; 1936 } 1937 sa_emptyshare(&sh); 1938 } 1939 } else { 1940 err = exportfs(path, &export); 1941 } 1942 1943 if (err < 0) { 1944 err = SA_SYSTEM_ERR; 1945 switch (errno) { 1946 case EREMOTE: 1947 (void) printf(dgettext(TEXT_DOMAIN, 1948 "NFS: Cannot share filesystems " 1949 "in non-global zones: %s\n"), path); 1950 err = SA_NOT_SUPPORTED; 1951 break; 1952 case EPERM: 1953 if (getzoneid() != GLOBAL_ZONEID) { 1954 (void) printf(dgettext(TEXT_DOMAIN, 1955 "NFS: Cannot share file systems " 1956 "in non-global zones: %s\n"), path); 1957 err = SA_NOT_SUPPORTED; 1958 break; 1959 } 1960 err = SA_NO_PERMISSION; 1961 break; 1962 case EEXIST: 1963 err = SA_SHARE_EXISTS; 1964 break; 1965 default: 1966 break; 1967 } 1968 } else { 1969 /* update sharetab with an add/modify */ 1970 if (!iszfs) { 1971 (void) sa_update_sharetab(share, "nfs"); 1972 } 1973 } 1974 1975 if (err == SA_OK) { 1976 /* 1977 * enable services as needed. This should probably be 1978 * done elsewhere in order to minimize the calls to 1979 * check services. 1980 */ 1981 /* 1982 * check to see if logging and other services need to 1983 * be triggered, but only if there wasn't an 1984 * error. This is probably where sharetab should be 1985 * updated with the NFS specific entry. 1986 */ 1987 if (export.ex_flags & EX_LOG) { 1988 /* enable logging */ 1989 if (nfslogtab_add(path, export.ex_log_buffer, 1990 export.ex_tag) != 0) { 1991 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1992 "Could not enable logging for %s\n"), 1993 path); 1994 } 1995 _check_services(service_list_logging); 1996 } else { 1997 /* 1998 * don't have logging so remove it from file. It might 1999 * not be thre, but that doesn't matter. 2000 */ 2001 (void) nfslogtab_deactivate(path); 2002 _check_services(service_list_default); 2003 } 2004 } 2005 2006 out: 2007 if (path != NULL) 2008 free(path); 2009 2010 cleanup_export(&export); 2011 if (opt != NULL) 2012 sa_free_derived_optionset(opt); 2013 if (secoptlist != NULL) 2014 (void) sa_destroy_optionset(secoptlist); 2015 return (err); 2016 } 2017 2018 /* 2019 * nfs_disable_share(share, path) 2020 * 2021 * Unshare the specified share. Note that "path" is the same path as 2022 * what is in the "share" object. It is passed in to avoid an 2023 * additional lookup. A missing "path" value makes this a no-op 2024 * function. 2025 */ 2026 static int 2027 nfs_disable_share(sa_share_t share, char *path) 2028 { 2029 int err; 2030 int ret = SA_OK; 2031 int iszfs; 2032 sa_group_t parent; 2033 sa_handle_t handle; 2034 2035 if (path == NULL) 2036 return (ret); 2037 2038 /* 2039 * If the share is in a ZFS group we need to handle it 2040 * differently. Just being on a ZFS file system isn't 2041 * enough since we may be in a legacy share case. 2042 */ 2043 parent = sa_get_parent_group(share); 2044 iszfs = sa_group_is_zfs(parent); 2045 if (iszfs) { 2046 struct exportfs_args ea; 2047 share_t sh = { 0 }; 2048 ea.dname = path; 2049 ea.uex = NULL; 2050 sh.sh_path = path; 2051 sh.sh_fstype = "nfs"; 2052 2053 err = sa_share_zfs(share, NULL, path, &sh, 2054 &ea, ZFS_UNSHARE_NFS); 2055 if (err != SA_OK) { 2056 errno = err; 2057 err = -1; 2058 } 2059 } else { 2060 err = exportfs(path, NULL); 2061 } 2062 if (err < 0) { 2063 /* 2064 * TBD: only an error in some 2065 * cases - need better analysis 2066 */ 2067 switch (errno) { 2068 case EPERM: 2069 case EACCES: 2070 ret = SA_NO_PERMISSION; 2071 if (getzoneid() != GLOBAL_ZONEID) { 2072 ret = SA_NOT_SUPPORTED; 2073 } 2074 break; 2075 case EINVAL: 2076 case ENOENT: 2077 ret = SA_NO_SUCH_PATH; 2078 break; 2079 default: 2080 ret = SA_SYSTEM_ERR; 2081 break; 2082 } 2083 } 2084 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 2085 handle = sa_find_group_handle((sa_group_t)share); 2086 if (!iszfs) 2087 (void) sa_delete_sharetab(handle, path, "nfs"); 2088 /* just in case it was logged */ 2089 (void) nfslogtab_deactivate(path); 2090 } 2091 return (ret); 2092 } 2093 2094 /* 2095 * check_rorwnone(v1, v2, v3) 2096 * 2097 * check ro vs rw vs none values. Over time this may get beefed up. 2098 * for now it just does simple checks. v1 is never NULL but v2 or v3 2099 * could be. 2100 */ 2101 2102 static int 2103 check_rorwnone(char *v1, char *v2, char *v3) 2104 { 2105 int ret = SA_OK; 2106 if (v2 != NULL && strcmp(v1, v2) == 0) 2107 ret = SA_VALUE_CONFLICT; 2108 else if (v3 != NULL && strcmp(v1, v3) == 0) 2109 ret = SA_VALUE_CONFLICT; 2110 2111 return (ret); 2112 } 2113 2114 /* 2115 * nfs_validate_property(handle, property, parent) 2116 * 2117 * Check that the property has a legitimate value for its type. 2118 */ 2119 2120 static int 2121 nfs_validate_property(sa_handle_t handle, sa_property_t property, 2122 sa_optionset_t parent) 2123 { 2124 int ret = SA_OK; 2125 char *propname; 2126 char *other1; 2127 char *other2; 2128 int optindex; 2129 nfsl_config_t *configlist; 2130 sa_group_t parent_group; 2131 char *value; 2132 2133 propname = sa_get_property_attr(property, "type"); 2134 2135 if ((optindex = findopt(propname)) < 0) 2136 ret = SA_NO_SUCH_PROP; 2137 2138 /* need to validate value range here as well */ 2139 2140 if (ret == SA_OK) { 2141 parent_group = sa_get_parent_group((sa_share_t)parent); 2142 if (optdefs[optindex].share && parent_group != NULL && 2143 !sa_is_share(parent_group)) 2144 ret = SA_PROP_SHARE_ONLY; 2145 } 2146 if (ret == SA_OK) { 2147 if (optdefs[optindex].index == OPT_PUBLIC) { 2148 /* 2149 * Public is special in that only one instance can 2150 * be in the repository at the same time. 2151 */ 2152 if (public_exists(handle, parent_group)) { 2153 sa_free_attr_string(propname); 2154 return (SA_VALUE_CONFLICT); 2155 } 2156 } 2157 value = sa_get_property_attr(property, "value"); 2158 if (value != NULL) { 2159 /* first basic type checking */ 2160 switch (optdefs[optindex].type) { 2161 case OPT_TYPE_NUMBER: 2162 /* check that the value is all digits */ 2163 if (!is_a_number(value)) 2164 ret = SA_BAD_VALUE; 2165 break; 2166 case OPT_TYPE_BOOLEAN: 2167 if (strlen(value) == 0 || 2168 strcasecmp(value, "true") == 0 || 2169 strcmp(value, "1") == 0 || 2170 strcasecmp(value, "false") == 0 || 2171 strcmp(value, "0") == 0) { 2172 ret = SA_OK; 2173 } else { 2174 ret = SA_BAD_VALUE; 2175 } 2176 break; 2177 case OPT_TYPE_USER: 2178 if (!is_a_number(value)) { 2179 struct passwd *pw; 2180 /* 2181 * in this case it would have to be a 2182 * user name 2183 */ 2184 pw = getpwnam(value); 2185 if (pw == NULL) 2186 ret = SA_BAD_VALUE; 2187 endpwent(); 2188 } else { 2189 uint64_t intval; 2190 intval = strtoull(value, NULL, 0); 2191 if (intval > UID_MAX && intval != ~0) 2192 ret = SA_BAD_VALUE; 2193 } 2194 break; 2195 case OPT_TYPE_FILE: 2196 if (strcmp(value, "..") == 0 || 2197 strchr(value, '/') != NULL) { 2198 ret = SA_BAD_VALUE; 2199 } 2200 break; 2201 case OPT_TYPE_ACCLIST: { 2202 sa_property_t oprop1; 2203 sa_property_t oprop2; 2204 char *ovalue1 = NULL; 2205 char *ovalue2 = NULL; 2206 2207 if (parent == NULL) 2208 break; 2209 /* 2210 * access list handling. Should eventually 2211 * validate that all the values make sense. 2212 * Also, ro and rw may have cross value 2213 * conflicts. 2214 */ 2215 if (strcmp(propname, SHOPT_RO) == 0) { 2216 other1 = SHOPT_RW; 2217 other2 = SHOPT_NONE; 2218 } else if (strcmp(propname, SHOPT_RW) == 0) { 2219 other1 = SHOPT_RO; 2220 other2 = SHOPT_NONE; 2221 } else if (strcmp(propname, SHOPT_NONE) == 0) { 2222 other1 = SHOPT_RO; 2223 other2 = SHOPT_RW; 2224 } else { 2225 other1 = NULL; 2226 other2 = NULL; 2227 } 2228 if (other1 == NULL && other2 == NULL) 2229 break; 2230 2231 /* compare rw(ro) with ro(rw) */ 2232 2233 oprop1 = sa_get_property(parent, other1); 2234 oprop2 = sa_get_property(parent, other2); 2235 if (oprop1 == NULL && oprop2 == NULL) 2236 break; 2237 /* 2238 * Only potential confusion if other1 2239 * or other2 exists. Check the values 2240 * and run the check if there is a 2241 * value other than the one we are 2242 * explicitly looking at. 2243 */ 2244 ovalue1 = sa_get_property_attr(oprop1, "value"); 2245 ovalue2 = sa_get_property_attr(oprop2, "value"); 2246 if (ovalue1 != NULL || ovalue2 != NULL) 2247 ret = check_rorwnone(value, ovalue1, 2248 ovalue2); 2249 2250 if (ovalue1 != NULL) 2251 sa_free_attr_string(ovalue1); 2252 if (ovalue2 != NULL) 2253 sa_free_attr_string(ovalue2); 2254 break; 2255 } 2256 case OPT_TYPE_LOGTAG: 2257 if (nfsl_getconfig_list(&configlist) == 0) { 2258 int error; 2259 if (value == NULL || 2260 strlen(value) == 0) { 2261 if (value != NULL) 2262 sa_free_attr_string( 2263 value); 2264 value = strdup("global"); 2265 } 2266 if (value != NULL && 2267 nfsl_findconfig(configlist, value, 2268 &error) == NULL) { 2269 ret = SA_BAD_VALUE; 2270 } 2271 /* Must always free when done */ 2272 nfsl_freeconfig_list(&configlist); 2273 } else { 2274 ret = SA_CONFIG_ERR; 2275 } 2276 break; 2277 case OPT_TYPE_STRING: 2278 /* whatever is here should be ok */ 2279 break; 2280 case OPT_TYPE_SECURITY: 2281 /* 2282 * The "sec" property isn't used in the 2283 * non-legacy parts of sharemgr. We need to 2284 * reject it here. For legacy, it is pulled 2285 * out well before we get here. 2286 */ 2287 ret = SA_NO_SUCH_PROP; 2288 break; 2289 default: 2290 break; 2291 } 2292 2293 if (value != NULL) 2294 sa_free_attr_string(value); 2295 2296 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2297 /* do the property specific check */ 2298 ret = optdefs[optindex].check(handle, property); 2299 } 2300 } 2301 } 2302 2303 if (propname != NULL) 2304 sa_free_attr_string(propname); 2305 return (ret); 2306 } 2307 2308 /* 2309 * Protocol management functions 2310 * 2311 * Properties defined in the default files are defined in 2312 * proto_option_defs for parsing and validation. If "other" and 2313 * "compare" are set, then the value for this property should be 2314 * compared against the property specified in "other" using the 2315 * "compare" check (either <= or >=) in order to ensure that the 2316 * values are in the correct range. E.g. setting server_versmin 2317 * higher than server_versmax should not be allowed. 2318 */ 2319 2320 struct proto_option_defs { 2321 char *tag; 2322 char *name; /* display name -- remove protocol identifier */ 2323 int index; 2324 int type; 2325 union { 2326 int intval; 2327 char *string; 2328 } defvalue; 2329 uint32_t svcs; 2330 int32_t minval; 2331 int32_t maxval; 2332 char *other; 2333 int compare; 2334 #define OPT_CMP_GE 0 2335 #define OPT_CMP_LE 1 2336 int (*check)(char *); 2337 } proto_options[] = { 2338 #define PROTO_OPT_NFSD_SERVERS 0 2339 {"nfsd_servers", 2340 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD, 2341 1, INT32_MAX}, 2342 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2343 {"lockd_listen_backlog", 2344 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2345 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX}, 2346 #define PROTO_OPT_LOCKD_SERVERS 2 2347 {"lockd_servers", 2348 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20, 2349 SVC_LOCKD, 1, INT32_MAX}, 2350 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2351 {"lockd_retransmit_timeout", 2352 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2353 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX}, 2354 #define PROTO_OPT_GRACE_PERIOD 4 2355 {"grace_period", 2356 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90, 2357 SVC_LOCKD, 0, INT32_MAX}, 2358 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2359 {"nfs_server_versmin", 2360 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER, 2361 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2362 NFS_VERSMAX, "server_versmax", OPT_CMP_LE}, 2363 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2364 {"nfs_server_versmax", 2365 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER, 2366 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2367 NFS_VERSMAX, "server_versmin", OPT_CMP_GE}, 2368 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2369 {"nfs_client_versmin", 2370 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER, 2371 (int)NFS_VERSMIN_DEFAULT, SVC_CLIENT, NFS_VERSMIN, NFS_VERSMAX, 2372 "client_versmax", OPT_CMP_LE}, 2373 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2374 {"nfs_client_versmax", 2375 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER, 2376 (int)NFS_VERSMAX_DEFAULT, SVC_CLIENT, NFS_VERSMIN, NFS_VERSMAX, 2377 "client_versmin", OPT_CMP_GE}, 2378 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2379 {"nfs_server_delegation", 2380 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION, 2381 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0}, 2382 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2383 {"nfsmapid_domain", 2384 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN, 2385 NULL, SVC_NFSMAPID, 0, 0}, 2386 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2387 {"nfsd_max_connections", 2388 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS, 2389 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX}, 2390 #define PROTO_OPT_NFSD_PROTOCOL 12 2391 {"nfsd_protocol", 2392 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0, 2393 SVC_NFSD, 0, 0}, 2394 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2395 {"nfsd_listen_backlog", 2396 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG, 2397 OPT_TYPE_NUMBER, 0, SVC_NFSD, 0, INT32_MAX}, 2398 #define PROTO_OPT_NFSD_DEVICE 14 2399 {"nfsd_device", 2400 "device", PROTO_OPT_NFSD_DEVICE, 2401 OPT_TYPE_STRING, NULL, SVC_NFSD, 0, 0}, 2402 {NULL} 2403 }; 2404 2405 /* 2406 * the protoset holds the defined options so we don't have to read 2407 * them multiple times 2408 */ 2409 static sa_protocol_properties_t protoset; 2410 2411 static int 2412 findprotoopt(char *name, int whichname) 2413 { 2414 int i; 2415 for (i = 0; proto_options[i].tag != NULL; i++) { 2416 if (whichname == 1) { 2417 if (strcasecmp(proto_options[i].name, name) == 0) 2418 return (i); 2419 } else { 2420 if (strcasecmp(proto_options[i].tag, name) == 0) 2421 return (i); 2422 } 2423 } 2424 return (-1); 2425 } 2426 2427 /* 2428 * fixcaselower(str) 2429 * 2430 * convert a string to lower case (inplace). 2431 */ 2432 2433 static void 2434 fixcaselower(char *str) 2435 { 2436 while (*str) { 2437 *str = tolower(*str); 2438 str++; 2439 } 2440 } 2441 2442 /* 2443 * skipwhitespace(str) 2444 * 2445 * Skip leading white space. It is assumed that it is called with a 2446 * valid pointer. 2447 */ 2448 2449 static char * 2450 skipwhitespace(char *str) 2451 { 2452 while (*str && isspace(*str)) 2453 str++; 2454 2455 return (str); 2456 } 2457 2458 /* 2459 * extractprop() 2460 * 2461 * Extract the property and value out of the line and create the 2462 * property in the optionset. 2463 */ 2464 static int 2465 extractprop(char *name, char *value) 2466 { 2467 sa_property_t prop; 2468 int index; 2469 int ret = SA_OK; 2470 /* 2471 * Remove any leading 2472 * white space. 2473 */ 2474 name = skipwhitespace(name); 2475 2476 index = findprotoopt(name, 1); 2477 if (index >= 0) { 2478 fixcaselower(name); 2479 prop = sa_create_property(proto_options[index].name, value); 2480 if (prop != NULL) 2481 ret = sa_add_protocol_property(protoset, prop); 2482 else 2483 ret = SA_NO_MEMORY; 2484 } 2485 return (ret); 2486 } 2487 2488 scf_type_t 2489 getscftype(int type) 2490 { 2491 scf_type_t ret; 2492 2493 switch (type) { 2494 case OPT_TYPE_NUMBER: 2495 ret = SCF_TYPE_INTEGER; 2496 break; 2497 case OPT_TYPE_BOOLEAN: 2498 ret = SCF_TYPE_BOOLEAN; 2499 break; 2500 default: 2501 ret = SCF_TYPE_ASTRING; 2502 } 2503 return (ret); 2504 } 2505 2506 char * 2507 getsvcname(uint32_t svcs) 2508 { 2509 char *service; 2510 switch (svcs) { 2511 case SVC_LOCKD: 2512 service = LOCKD; 2513 break; 2514 case SVC_STATD: 2515 service = STATD; 2516 break; 2517 case SVC_NFSD: 2518 service = NFSD; 2519 break; 2520 case SVC_CLIENT: 2521 service = NFS_CLIENT_SVC; 2522 break; 2523 case SVC_NFS4CBD: 2524 service = NFS4CBD; 2525 break; 2526 case SVC_NFSMAPID: 2527 service = NFSMAPID; 2528 break; 2529 case SVC_RQUOTAD: 2530 service = RQUOTAD; 2531 break; 2532 case SVC_NFSLOGD: 2533 service = NFSLOGD; 2534 break; 2535 case SVC_REPARSED: 2536 service = REPARSED; 2537 break; 2538 default: 2539 service = NFSD; 2540 } 2541 return (service); 2542 } 2543 2544 /* 2545 * initprotofromsmf() 2546 * 2547 * Read NFS SMF properties and add the defined values to the 2548 * protoset. Note that default values are known from the built in 2549 * table in case SMF doesn't have a definition. Not having 2550 * SMF properties is OK since we have builtin default 2551 * values. 2552 */ 2553 static int 2554 initprotofromsmf() 2555 { 2556 char name[PATH_MAX]; 2557 char value[PATH_MAX]; 2558 int ret = SA_OK, bufsz = 0, i; 2559 2560 protoset = sa_create_protocol_properties("nfs"); 2561 if (protoset != NULL) { 2562 for (i = 0; proto_options[i].tag != NULL; i++) { 2563 scf_type_t ptype; 2564 char *svc_name; 2565 2566 bzero(value, PATH_MAX); 2567 (void) strncpy(name, proto_options[i].name, PATH_MAX); 2568 /* Replace NULL with the correct instance */ 2569 ptype = getscftype(proto_options[i].type); 2570 svc_name = getsvcname(proto_options[i].svcs); 2571 bufsz = PATH_MAX; 2572 ret = nfs_smf_get_prop(name, value, 2573 (char *)DEFAULT_INSTANCE, ptype, 2574 svc_name, &bufsz); 2575 if (ret == SA_OK) { 2576 ret = extractprop(name, value); 2577 } 2578 } 2579 } else { 2580 ret = SA_NO_MEMORY; 2581 } 2582 2583 return (ret); 2584 } 2585 2586 /* 2587 * add_defaults() 2588 * 2589 * Add the default values for any property not defined 2590 * in NFS SMF repository. 2591 * Values are set according to their defined types. 2592 */ 2593 2594 static void 2595 add_defaults() 2596 { 2597 int i; 2598 char number[MAXDIGITS]; 2599 2600 for (i = 0; proto_options[i].tag != NULL; i++) { 2601 sa_property_t prop; 2602 prop = sa_get_protocol_property(protoset, 2603 proto_options[i].name); 2604 if (prop == NULL) { 2605 /* add the default value */ 2606 switch (proto_options[i].type) { 2607 case OPT_TYPE_NUMBER: 2608 (void) snprintf(number, sizeof (number), "%d", 2609 proto_options[i].defvalue.intval); 2610 prop = sa_create_property(proto_options[i].name, 2611 number); 2612 break; 2613 2614 case OPT_TYPE_BOOLEAN: 2615 prop = sa_create_property(proto_options[i].name, 2616 proto_options[i].defvalue.intval ? 2617 "true" : "false"); 2618 break; 2619 2620 case OPT_TYPE_ONOFF: 2621 prop = sa_create_property(proto_options[i].name, 2622 proto_options[i].defvalue.intval ? 2623 "on" : "off"); 2624 break; 2625 2626 default: 2627 /* treat as strings of zero length */ 2628 prop = sa_create_property(proto_options[i].name, 2629 ""); 2630 break; 2631 } 2632 if (prop != NULL) 2633 (void) sa_add_protocol_property(protoset, prop); 2634 } 2635 } 2636 } 2637 2638 static void 2639 free_protoprops() 2640 { 2641 if (protoset != NULL) { 2642 xmlFreeNode(protoset); 2643 protoset = NULL; 2644 } 2645 } 2646 2647 /* 2648 * nfs_init() 2649 * 2650 * Initialize the NFS plugin. 2651 */ 2652 2653 static int 2654 nfs_init() 2655 { 2656 int ret = SA_OK; 2657 2658 if (sa_plugin_ops.sa_init != nfs_init) { 2659 (void) printf(dgettext(TEXT_DOMAIN, 2660 "NFS plugin not properly initialized\n")); 2661 return (SA_CONFIG_ERR); 2662 } 2663 2664 ret = initprotofromsmf(); 2665 if (ret != SA_OK) { 2666 (void) printf(dgettext(TEXT_DOMAIN, 2667 "NFS plugin problem with SMF repository: %s\n"), 2668 sa_errorstr(ret)); 2669 ret = SA_OK; 2670 } 2671 add_defaults(); 2672 2673 return (ret); 2674 } 2675 2676 /* 2677 * nfs_fini() 2678 * 2679 * uninitialize the NFS plugin. Want to avoid memory leaks. 2680 */ 2681 2682 static void 2683 nfs_fini() 2684 { 2685 free_protoprops(); 2686 } 2687 2688 /* 2689 * nfs_get_proto_set() 2690 * 2691 * Return an optionset with all the protocol specific properties in 2692 * it. 2693 */ 2694 2695 static sa_protocol_properties_t 2696 nfs_get_proto_set() 2697 { 2698 return (protoset); 2699 } 2700 2701 /* 2702 * service_in_state(service, chkstate) 2703 * 2704 * Want to know if the specified service is in the desired state 2705 * (chkstate) or not. Return true (1) if it is and false (0) if it 2706 * isn't. 2707 */ 2708 static int 2709 service_in_state(char *service, const char *chkstate) 2710 { 2711 char *state; 2712 int ret = B_FALSE; 2713 2714 state = smf_get_state(service); 2715 if (state != NULL) { 2716 /* got the state so get the equality for the return value */ 2717 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 2718 free(state); 2719 } 2720 return (ret); 2721 } 2722 2723 /* 2724 * restart_service(svcs) 2725 * 2726 * Walk through the bit mask of services that need to be restarted in 2727 * order to use the new property values. Some properties affect 2728 * multiple daemons. Should only restart a service if it is currently 2729 * enabled (online). 2730 */ 2731 2732 static void 2733 restart_service(uint32_t svcs) 2734 { 2735 uint32_t mask; 2736 int ret; 2737 char *service; 2738 2739 for (mask = 1; svcs != 0; mask <<= 1) { 2740 switch (svcs & mask) { 2741 case SVC_LOCKD: 2742 service = LOCKD; 2743 break; 2744 case SVC_STATD: 2745 service = STATD; 2746 break; 2747 case SVC_NFSD: 2748 service = NFSD; 2749 break; 2750 case SVC_MOUNTD: 2751 service = MOUNTD; 2752 break; 2753 case SVC_NFS4CBD: 2754 service = NFS4CBD; 2755 break; 2756 case SVC_NFSMAPID: 2757 service = NFSMAPID; 2758 break; 2759 case SVC_RQUOTAD: 2760 service = RQUOTAD; 2761 break; 2762 case SVC_NFSLOGD: 2763 service = NFSLOGD; 2764 break; 2765 case SVC_REPARSED: 2766 service = REPARSED; 2767 break; 2768 case SVC_CLIENT: 2769 service = NFS_CLIENT_SVC; 2770 break; 2771 default: 2772 continue; 2773 } 2774 2775 /* 2776 * Only attempt to restart the service if it is 2777 * currently running. In the future, it may be 2778 * desirable to use smf_refresh_instance if the NFS 2779 * services ever implement the refresh method. 2780 */ 2781 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 2782 ret = smf_restart_instance(service); 2783 /* 2784 * There are only a few SMF errors at this point, but 2785 * it is also possible that a bad value may have put 2786 * the service into maintenance if there wasn't an 2787 * SMF level error. 2788 */ 2789 if (ret != 0) { 2790 (void) fprintf(stderr, 2791 dgettext(TEXT_DOMAIN, 2792 "%s failed to restart: %s\n"), 2793 service, scf_strerror(scf_error())); 2794 } else { 2795 /* 2796 * Check whether it has gone to "maintenance" 2797 * mode or not. Maintenance implies something 2798 * went wrong. 2799 */ 2800 if (service_in_state(service, 2801 SCF_STATE_STRING_MAINT)) { 2802 (void) fprintf(stderr, 2803 dgettext(TEXT_DOMAIN, 2804 "%s failed to restart\n"), 2805 service); 2806 } 2807 } 2808 } 2809 svcs &= ~mask; 2810 } 2811 } 2812 2813 /* 2814 * nfs_minmax_check(name, value) 2815 * 2816 * Verify that the value for the property specified by index is valid 2817 * relative to the opposite value in the case of a min/max variable. 2818 * Currently, server_minvers/server_maxvers and 2819 * client_minvers/client_maxvers are the only ones to check. 2820 */ 2821 2822 static int 2823 nfs_minmax_check(int index, int value) 2824 { 2825 int val; 2826 char *pval; 2827 sa_property_t prop; 2828 sa_optionset_t opts; 2829 int ret = B_TRUE; 2830 2831 if (proto_options[index].other != NULL) { 2832 /* have a property to compare against */ 2833 opts = nfs_get_proto_set(); 2834 prop = sa_get_property(opts, proto_options[index].other); 2835 /* 2836 * If we don't find the property, assume default 2837 * values which will work since the max will be at the 2838 * max and the min at the min. 2839 */ 2840 if (prop != NULL) { 2841 pval = sa_get_property_attr(prop, "value"); 2842 if (pval != NULL) { 2843 val = strtoul(pval, NULL, 0); 2844 if (proto_options[index].compare == 2845 OPT_CMP_LE) { 2846 ret = value <= val ? B_TRUE : B_FALSE; 2847 } else if (proto_options[index].compare == 2848 OPT_CMP_GE) { 2849 ret = value >= val ? B_TRUE : B_FALSE; 2850 } 2851 sa_free_attr_string(pval); 2852 } 2853 } 2854 } 2855 return (ret); 2856 } 2857 2858 /* 2859 * nfs_validate_proto_prop(index, name, value) 2860 * 2861 * Verify that the property specified by name can take the new 2862 * value. This is a sanity check to prevent bad values getting into 2863 * the default files. All values need to be checked against what is 2864 * allowed by their defined type. If a type isn't explicitly defined 2865 * here, it is treated as a string. 2866 * 2867 * Note that OPT_TYPE_NUMBER will additionally check that the value is 2868 * within the range specified and potentially against another property 2869 * value as well as specified in the proto_options members other and 2870 * compare. 2871 */ 2872 2873 static int 2874 nfs_validate_proto_prop(int index, char *name, char *value) 2875 { 2876 int ret = SA_OK; 2877 char *cp; 2878 #ifdef lint 2879 name = name; 2880 #endif 2881 switch (proto_options[index].type) { 2882 case OPT_TYPE_NUMBER: 2883 if (!is_a_number(value)) 2884 ret = SA_BAD_VALUE; 2885 else { 2886 int val; 2887 val = strtoul(value, NULL, 0); 2888 if (val < proto_options[index].minval || 2889 val > proto_options[index].maxval) 2890 ret = SA_BAD_VALUE; 2891 /* 2892 * For server_versmin/server_versmax and 2893 * client_versmin/client_versmax, the value of the 2894 * min(max) should be checked to be correct relative 2895 * to the current max(min). 2896 */ 2897 if (!nfs_minmax_check(index, val)) { 2898 ret = SA_BAD_VALUE; 2899 } 2900 } 2901 break; 2902 2903 case OPT_TYPE_DOMAIN: 2904 /* 2905 * needs to be a qualified domain so will have at 2906 * least one period and other characters on either 2907 * side of it. A zero length string is also allowed 2908 * and is the way to turn off the override. 2909 */ 2910 if (strlen(value) == 0) 2911 break; 2912 cp = strchr(value, '.'); 2913 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 2914 ret = SA_BAD_VALUE; 2915 break; 2916 2917 case OPT_TYPE_BOOLEAN: 2918 if (strlen(value) == 0 || 2919 strcasecmp(value, "true") == 0 || 2920 strcmp(value, "1") == 0 || 2921 strcasecmp(value, "false") == 0 || 2922 strcmp(value, "0") == 0) { 2923 ret = SA_OK; 2924 } else { 2925 ret = SA_BAD_VALUE; 2926 } 2927 break; 2928 2929 case OPT_TYPE_ONOFF: 2930 if (strcasecmp(value, "on") != 0 && 2931 strcasecmp(value, "off") != 0) { 2932 ret = SA_BAD_VALUE; 2933 } 2934 break; 2935 2936 case OPT_TYPE_PROTOCOL: 2937 if (strlen(value) != 0 && 2938 strcasecmp(value, "all") != 0 && 2939 strcasecmp(value, "tcp") != 0 && 2940 strcasecmp(value, "udp") != 0) 2941 ret = SA_BAD_VALUE; 2942 break; 2943 2944 default: 2945 /* treat as a string */ 2946 break; 2947 } 2948 return (ret); 2949 } 2950 2951 /* 2952 * nfs_set_proto_prop(prop) 2953 * 2954 * check that prop is valid. 2955 */ 2956 2957 static int 2958 nfs_set_proto_prop(sa_property_t prop) 2959 { 2960 int ret = SA_OK; 2961 char *name; 2962 char *value; 2963 2964 name = sa_get_property_attr(prop, "type"); 2965 value = sa_get_property_attr(prop, "value"); 2966 if (name != NULL && value != NULL) { 2967 scf_type_t sctype; 2968 char *svc_name; 2969 char *instance = NULL; 2970 int index = findprotoopt(name, 1); 2971 2972 ret = nfs_validate_proto_prop(index, name, value); 2973 if (ret == SA_OK) { 2974 sctype = getscftype(proto_options[index].type); 2975 svc_name = getsvcname(proto_options[index].svcs); 2976 if (sctype == SCF_TYPE_BOOLEAN) { 2977 if (value != NULL) 2978 sa_free_attr_string(value); 2979 if (string_to_boolean(value) == 0) 2980 value = strdup("0"); 2981 else 2982 value = strdup("1"); 2983 } 2984 ret = nfs_smf_set_prop(name, value, instance, sctype, 2985 svc_name); 2986 if (ret == SA_OK) { 2987 restart_service(proto_options[index].svcs); 2988 } else { 2989 (void) printf(dgettext(TEXT_DOMAIN, 2990 "Cannot restart NFS services : %s\n"), 2991 sa_errorstr(ret)); 2992 } 2993 } 2994 } 2995 if (name != NULL) 2996 sa_free_attr_string(name); 2997 if (value != NULL) 2998 sa_free_attr_string(value); 2999 return (ret); 3000 } 3001 3002 /* 3003 * nfs_get_status() 3004 * 3005 * What is the current status of the nfsd? We use the SMF state here. 3006 * Caller must free the returned value. 3007 */ 3008 3009 static char * 3010 nfs_get_status() 3011 { 3012 char *state; 3013 state = smf_get_state(NFSD); 3014 return (state != NULL ? state : strdup("-")); 3015 } 3016 3017 /* 3018 * nfs_space_alias(alias) 3019 * 3020 * Lookup the space (security) name. If it is default, convert to the 3021 * real name. 3022 */ 3023 3024 static char * 3025 nfs_space_alias(char *space) 3026 { 3027 char *name = space; 3028 seconfig_t secconf; 3029 3030 /* 3031 * Only the space named "default" is special. If it is used, 3032 * the default needs to be looked up and the real name used. 3033 * This is normally "sys" but could be changed. We always 3034 * change defautl to the real name. 3035 */ 3036 if (strcmp(space, "default") == 0 && 3037 nfs_getseconfig_default(&secconf) == 0) { 3038 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 3039 name = secconf.sc_name; 3040 } 3041 return (strdup(name)); 3042 } 3043 3044 /* 3045 * nfs_features() 3046 * 3047 * Return a mask of the features required. 3048 */ 3049 3050 static uint64_t 3051 nfs_features() 3052 { 3053 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER); 3054 } 3055