1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 2014, 2016 by Delphix. All rights reserved. 25 * Copyright 2018 Nexenta Systems, Inc. 26 * Copyright 2022 RackTop Systems. 27 */ 28 29 /* 30 * NFS specific functions 31 */ 32 33 #include <stdio.h> 34 #include <string.h> 35 #include <ctype.h> 36 #include <stdlib.h> 37 #include <unistd.h> 38 #include <errno.h> 39 #include <locale.h> 40 #include <signal.h> 41 #include <strings.h> 42 #include "libshare.h" 43 #include "libshare_impl.h" 44 #include <nfs/export.h> 45 #include <pwd.h> 46 #include <grp.h> 47 #include <limits.h> 48 #include <libscf.h> 49 #include <syslog.h> 50 #include <rpcsvc/daemon_utils.h> 51 #include "nfslog_config.h" 52 #include "nfslogtab.h" 53 #include "libshare_nfs.h" 54 #include <nfs/nfs.h> 55 #include <nfs/nfssys.h> 56 #include <netconfig.h> 57 #include <sys/debug.h> 58 #include "smfcfg.h" 59 60 /* should really be in some global place */ 61 #define DEF_WIN 30000 62 #define OPT_CHUNK 1024 63 64 int debug = 0; 65 66 #define NFS_SERVER_SVC "svc:/network/nfs/server:default" 67 #define NFS_CLIENT_SVC (char *)"svc:/network/nfs/client:default" 68 69 /* internal functions */ 70 static int nfs_init(void); 71 static void nfs_fini(void); 72 static int nfs_enable_share(sa_share_t); 73 static int nfs_disable_share(sa_share_t, char *); 74 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 75 static int nfs_validate_security_mode(char *); 76 static int nfs_is_security_opt(char *); 77 static int nfs_parse_legacy_options(sa_group_t, char *); 78 static char *nfs_format_options(sa_group_t, int); 79 static int nfs_set_proto_prop(sa_property_t); 80 static sa_protocol_properties_t nfs_get_proto_set(); 81 static char *nfs_get_status(void); 82 static char *nfs_space_alias(char *); 83 static uint64_t nfs_features(void); 84 static int boolean_check(char *); 85 86 /* validators for protocol properties */ 87 static int range_check_validator(uint_t, char *); 88 static int range_check_validator_client(uint_t, char *); 89 static int range_check_validator_server(uint_t, char *); 90 static int onoff_validator(uint_t, char *); 91 static int domain_validator(uint_t, char *); 92 static int boolean_validator(uint_t, char *); 93 static int protocol_validator(uint_t, char *); 94 95 /* 96 * ops vector that provides the protocol specific info and operations 97 * for share management. 98 */ 99 100 struct sa_plugin_ops sa_plugin_ops = { 101 SA_PLUGIN_VERSION, 102 "nfs", 103 nfs_init, 104 nfs_fini, 105 nfs_enable_share, 106 nfs_disable_share, 107 nfs_validate_property, 108 nfs_validate_security_mode, 109 nfs_is_security_opt, 110 nfs_parse_legacy_options, 111 nfs_format_options, 112 nfs_set_proto_prop, 113 nfs_get_proto_set, 114 nfs_get_status, 115 nfs_space_alias, 116 NULL, /* update_legacy */ 117 NULL, /* delete_legacy */ 118 NULL, /* change_notify */ 119 NULL, /* enable_resource */ 120 NULL, /* disable_resource */ 121 nfs_features, 122 NULL, /* transient shares */ 123 NULL, /* notify resource */ 124 NULL, /* rename_resource */ 125 NULL, /* run_command */ 126 NULL, /* command_help */ 127 NULL /* delete_proto_section */ 128 }; 129 130 /* 131 * list of support services needed 132 * defines should come from head/rpcsvc/daemon_utils.h 133 */ 134 135 static char *service_list_default[] = 136 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, REPARSED, NULL }; 137 static char *service_list_logging[] = 138 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, REPARSED, 139 NULL }; 140 141 /* 142 * option definitions. Make sure to keep the #define for the option 143 * index just before the entry it is the index for. Changing the order 144 * can cause breakage. E.g OPT_RW is index 1 and must precede the 145 * line that includes the SHOPT_RW and OPT_RW entries. 146 */ 147 148 struct option_defs optdefs[] = { 149 #define OPT_RO 0 150 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 151 #define OPT_RW 1 152 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 153 #define OPT_ROOT 2 154 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 155 #define OPT_SECURE 3 156 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 157 #define OPT_ANON 4 158 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 159 #define OPT_WINDOW 5 160 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 161 #define OPT_NOSUID 6 162 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 163 #define OPT_ACLOK 7 164 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 165 #define OPT_NOSUB 8 166 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 167 #define OPT_SEC 9 168 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 169 #define OPT_PUBLIC 10 170 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 171 #define OPT_INDEX 11 172 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 173 #define OPT_LOG 12 174 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 175 #define OPT_CKSUM 13 176 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 177 #define OPT_NONE 14 178 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST}, 179 #define OPT_ROOT_MAPPING 15 180 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER}, 181 #define OPT_CHARSET_MAP 16 182 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST}, 183 #define OPT_NOACLFAB 17 184 {SHOPT_NOACLFAB, OPT_NOACLFAB, OPT_TYPE_BOOLEAN}, 185 #define OPT_UIDMAP 18 186 {SHOPT_UIDMAP, OPT_UIDMAP, OPT_TYPE_MAPPING}, 187 #define OPT_GIDMAP 19 188 {SHOPT_GIDMAP, OPT_GIDMAP, OPT_TYPE_MAPPING}, 189 #define OPT_NOHIDE 20 190 {SHOPT_NOHIDE, OPT_NOHIDE, OPT_TYPE_BOOLEAN}, 191 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 192 #define OPT_VOLFH 21 193 {SHOPT_VOLFH, OPT_VOLFH}, 194 #endif /* VOLATILE_FH_TEST */ 195 }; 196 197 /* 198 * Codesets that may need to be converted to UTF-8 for file paths. 199 * Add new names here to add new property support. If we ever get a 200 * way to query the kernel for character sets, this should become 201 * dynamically loaded. Make sure changes here are reflected in 202 * cmd/fs.d/nfs/mountd/nfscmd.c 203 */ 204 205 static char *legal_conv[] = { 206 "euc-cn", 207 "euc-jp", 208 "euc-jpms", 209 "euc-kr", 210 "euc-tw", 211 "iso8859-1", 212 "iso8859-2", 213 "iso8859-5", 214 "iso8859-6", 215 "iso8859-7", 216 "iso8859-8", 217 "iso8859-9", 218 "iso8859-13", 219 "iso8859-15", 220 "koi8-r", 221 NULL 222 }; 223 224 /* 225 * list of properties that are related to security flavors. 226 */ 227 static char *seclist[] = { 228 SHOPT_RO, 229 SHOPT_RW, 230 SHOPT_ROOT, 231 SHOPT_WINDOW, 232 SHOPT_NONE, 233 SHOPT_ROOT_MAPPING, 234 SHOPT_UIDMAP, 235 SHOPT_GIDMAP, 236 NULL 237 }; 238 239 /* structure for list of securities */ 240 struct securities { 241 sa_security_t security; 242 struct securities *next; 243 }; 244 245 /* 246 * findcharset(charset) 247 * 248 * Returns B_TRUE if the charset is a legal conversion otherwise 249 * B_FALSE. This will need to be rewritten to be more efficient when 250 * we have a dynamic list of legal conversions. 251 */ 252 253 static boolean_t 254 findcharset(char *charset) 255 { 256 int i; 257 258 for (i = 0; legal_conv[i] != NULL; i++) 259 if (strcmp(charset, legal_conv[i]) == 0) 260 return (B_TRUE); 261 return (B_FALSE); 262 } 263 264 /* 265 * findopt(name) 266 * 267 * Lookup option "name" in the option table and return the table 268 * index. 269 */ 270 271 static int 272 findopt(char *name) 273 { 274 int i; 275 if (name != NULL) { 276 for (i = 0; i < ARRAY_SIZE(optdefs); i++) { 277 if (strcmp(optdefs[i].tag, name) == 0) 278 return (optdefs[i].index); 279 } 280 if (findcharset(name)) 281 return (OPT_CHARSET_MAP); 282 } 283 return (-1); 284 } 285 286 /* 287 * gettype(name) 288 * 289 * Return the type of option "name". 290 */ 291 292 static int 293 gettype(char *name) 294 { 295 int optdef; 296 297 optdef = findopt(name); 298 if (optdef != -1) 299 return (optdefs[optdef].type); 300 return (OPT_TYPE_ANY); 301 } 302 303 /* 304 * nfs_validate_security_mode(mode) 305 * 306 * is the specified mode string a valid one for use with NFS? 307 */ 308 309 static int 310 nfs_validate_security_mode(char *mode) 311 { 312 seconfig_t secinfo; 313 int err; 314 315 (void) memset(&secinfo, '\0', sizeof (secinfo)); 316 err = nfs_getseconfig_byname(mode, &secinfo); 317 if (err == SC_NOERROR) 318 return (1); 319 return (0); 320 } 321 322 /* 323 * nfs_is_security_opt(tok) 324 * 325 * check to see if tok represents an option that is only valid in some 326 * security flavor. 327 */ 328 329 static int 330 nfs_is_security_opt(char *tok) 331 { 332 int i; 333 334 for (i = 0; seclist[i] != NULL; i++) { 335 if (strcmp(tok, seclist[i]) == 0) 336 return (1); 337 } 338 return (0); 339 } 340 341 /* 342 * find_security(seclist, sec) 343 * 344 * Walk the current list of security flavors and return true if it is 345 * present, else return false. 346 */ 347 348 static int 349 find_security(struct securities *seclist, sa_security_t sec) 350 { 351 while (seclist != NULL) { 352 if (seclist->security == sec) 353 return (1); 354 seclist = seclist->next; 355 } 356 return (0); 357 } 358 359 /* 360 * make_security_list(group, securitymodes, proto) 361 * go through the list of securitymodes and add them to the 362 * group's list of security optionsets. We also keep a list of 363 * those optionsets so we don't have to find them later. All of 364 * these will get copies of the same properties. 365 */ 366 367 static struct securities * 368 make_security_list(sa_group_t group, char *securitymodes, char *proto) 369 { 370 char *tok, *next = NULL; 371 struct securities *curp, *headp = NULL, *prev; 372 sa_security_t check; 373 int freetok = 0; 374 375 for (tok = securitymodes; tok != NULL; tok = next) { 376 next = strchr(tok, ':'); 377 if (next != NULL) 378 *next++ = '\0'; 379 if (strcmp(tok, "default") == 0) { 380 /* resolve default into the real type */ 381 tok = nfs_space_alias(tok); 382 freetok = 1; 383 } 384 check = sa_get_security(group, tok, proto); 385 386 /* add to the security list if it isn't there already */ 387 if (check == NULL || !find_security(headp, check)) { 388 curp = (struct securities *)calloc(1, 389 sizeof (struct securities)); 390 if (curp != NULL) { 391 if (check == NULL) { 392 curp->security = sa_create_security( 393 group, tok, proto); 394 } else { 395 curp->security = check; 396 } 397 /* 398 * note that the first time through the loop, 399 * headp will be NULL and prev will be 400 * undefined. Since headp is NULL, we set 401 * both it and prev to the curp (first 402 * structure to be allocated). 403 * 404 * later passes through the loop will have 405 * headp not being NULL and prev will be used 406 * to allocate at the end of the list. 407 */ 408 if (headp == NULL) { 409 headp = curp; 410 prev = curp; 411 } else { 412 prev->next = curp; 413 prev = curp; 414 } 415 } 416 } 417 418 if (freetok) { 419 freetok = 0; 420 sa_free_attr_string(tok); 421 } 422 } 423 return (headp); 424 } 425 426 static void 427 free_security_list(struct securities *sec) 428 { 429 struct securities *next; 430 if (sec != NULL) { 431 for (next = sec->next; sec != NULL; sec = next) { 432 next = sec->next; 433 free(sec); 434 } 435 } 436 } 437 438 /* 439 * nfs_alistcat(str1, str2, sep) 440 * 441 * concatenate str1 and str2 into a new string using sep as a separate 442 * character. If memory allocation fails, return NULL; 443 */ 444 445 static char * 446 nfs_alistcat(char *str1, char *str2, char sep) 447 { 448 char *newstr; 449 size_t len; 450 451 len = strlen(str1) + strlen(str2) + 2; 452 newstr = (char *)malloc(len); 453 if (newstr != NULL) 454 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 455 return (newstr); 456 } 457 458 /* 459 * add_security_prop(sec, name, value, persist, iszfs) 460 * 461 * Add the property to the securities structure. This accumulates 462 * properties for as part of parsing legacy options. 463 */ 464 465 static int 466 add_security_prop(struct securities *sec, char *name, char *value, 467 int persist, int iszfs) 468 { 469 sa_property_t prop; 470 int ret = SA_OK; 471 472 for (; sec != NULL; sec = sec->next) { 473 if (value == NULL) { 474 if (strcmp(name, SHOPT_RW) == 0 || 475 strcmp(name, SHOPT_RO) == 0) 476 value = "*"; 477 else 478 value = "true"; 479 } 480 481 /* 482 * Get the existing property, if it exists, so we can 483 * determine what to do with it. The ro/rw/root 484 * properties can be merged if multiple instances of 485 * these properies are given. For example, if "rw" 486 * exists with a value "host1" and a later token of 487 * rw="host2" is seen, the values are merged into a 488 * single rw="host1:host2". 489 */ 490 prop = sa_get_property(sec->security, name); 491 492 if (prop != NULL) { 493 char *oldvalue; 494 char *newvalue; 495 496 /* 497 * The security options of ro/rw/root/uidmap/gidmap 498 * might appear multiple times. If they do, the values 499 * need to be merged. If it was previously empty, the 500 * new value alone is added. 501 */ 502 oldvalue = sa_get_property_attr(prop, "value"); 503 if (oldvalue != NULL) { 504 char sep = ':'; 505 506 if (strcmp(name, SHOPT_UIDMAP) == 0 || 507 strcmp(name, SHOPT_GIDMAP) == 0) 508 sep = '~'; 509 510 /* 511 * The general case is to concatenate the new 512 * value onto the old value for multiple 513 * rw(ro/root/uidmap/gidmap) properties. For 514 * rw/ro/root a special case exists when either 515 * the old or new is the "all" case. In the 516 * special case, if both are "all", then it is 517 * "all", else if one is an access-list, that 518 * replaces the "all". 519 */ 520 if (strcmp(oldvalue, "*") == 0) { 521 /* Replace old value with new value. */ 522 newvalue = strdup(value); 523 } else if (strcmp(value, "*") == 0 || 524 strcmp(oldvalue, value) == 0) { 525 /* 526 * Keep old value and ignore 527 * the new value. 528 */ 529 newvalue = NULL; 530 } else { 531 /* 532 * Make a new list of old plus new 533 * access-list. 534 */ 535 newvalue = nfs_alistcat(oldvalue, 536 value, sep); 537 } 538 539 if (newvalue != NULL) { 540 (void) sa_remove_property(prop); 541 prop = sa_create_property(name, 542 newvalue); 543 ret = sa_add_property(sec->security, 544 prop); 545 free(newvalue); 546 } 547 548 sa_free_attr_string(oldvalue); 549 } 550 } else { 551 prop = sa_create_property(name, value); 552 ret = sa_add_property(sec->security, prop); 553 } 554 if (ret == SA_OK && !iszfs) { 555 ret = sa_commit_properties(sec->security, !persist); 556 } 557 } 558 return (ret); 559 } 560 561 /* 562 * check to see if group/share is persistent. 563 */ 564 static int 565 is_persistent(sa_group_t group) 566 { 567 char *type; 568 int persist = 1; 569 570 type = sa_get_group_attr(group, "type"); 571 if (type != NULL && strcmp(type, "persist") != 0) 572 persist = 0; 573 if (type != NULL) 574 sa_free_attr_string(type); 575 return (persist); 576 } 577 578 /* 579 * invalid_security(options) 580 * 581 * search option string for any invalid sec= type. 582 * return true (1) if any are not valid else false (0) 583 */ 584 static int 585 invalid_security(char *options) 586 { 587 char *copy, *base, *token, *value; 588 int ret = 0; 589 590 copy = strdup(options); 591 token = base = copy; 592 while (token != NULL && ret == 0) { 593 token = strtok(base, ","); 594 base = NULL; 595 if (token != NULL) { 596 value = strchr(token, '='); 597 if (value != NULL) 598 *value++ = '\0'; 599 if (strcmp(token, SHOPT_SEC) == 0) { 600 /* HAVE security flavors so check them */ 601 char *tok, *next; 602 for (next = NULL, tok = value; tok != NULL; 603 tok = next) { 604 next = strchr(tok, ':'); 605 if (next != NULL) 606 *next++ = '\0'; 607 ret = !nfs_validate_security_mode(tok); 608 if (ret) 609 break; 610 } 611 } 612 } 613 } 614 if (copy != NULL) 615 free(copy); 616 return (ret); 617 } 618 619 /* 620 * nfs_parse_legacy_options(group, options) 621 * 622 * Parse the old style options into internal format and store on the 623 * specified group. Group could be a share for full legacy support. 624 */ 625 626 static int 627 nfs_parse_legacy_options(sa_group_t group, char *options) 628 { 629 char *dup; 630 char *base; 631 char *token; 632 sa_optionset_t optionset; 633 struct securities *security_list = NULL; 634 sa_property_t prop; 635 int ret = SA_OK; 636 int iszfs = 0; 637 sa_group_t parent; 638 int persist = 0; 639 char *lasts; 640 641 /* do we have an existing optionset? */ 642 optionset = sa_get_optionset(group, "nfs"); 643 if (optionset == NULL) { 644 /* didn't find existing optionset so create one */ 645 optionset = sa_create_optionset(group, "nfs"); 646 } else { 647 /* 648 * Have an existing optionset . Ideally, we would need 649 * to compare options in order to detect errors. For 650 * now, we assume that the first optionset is the 651 * correct one and the others will be the same. An 652 * empty optionset is the same as no optionset so we 653 * don't want to exit in that case. Getting an empty 654 * optionset can occur with ZFS property checking. 655 */ 656 if (sa_get_property(optionset, NULL) != NULL) 657 return (ret); 658 } 659 660 if (strcmp(options, SHOPT_RW) == 0) { 661 /* 662 * there is a special case of only the option "rw" 663 * being the default option. We don't have to do 664 * anything. 665 */ 666 return (ret); 667 } 668 669 /* 670 * check if security types are present and validate them. If 671 * any are not legal, fail. 672 */ 673 674 if (invalid_security(options)) { 675 return (SA_INVALID_SECURITY); 676 } 677 678 /* 679 * in order to not attempt to change ZFS properties unless 680 * absolutely necessary, we never do it in the legacy parsing. 681 */ 682 if (sa_is_share(group)) { 683 char *zfs; 684 parent = sa_get_parent_group(group); 685 if (parent != NULL) { 686 zfs = sa_get_group_attr(parent, "zfs"); 687 if (zfs != NULL) { 688 sa_free_attr_string(zfs); 689 iszfs++; 690 } 691 } 692 } else { 693 iszfs = sa_group_is_zfs(group); 694 } 695 696 /* We need a copy of options for the next part. */ 697 dup = strdup(options); 698 if (dup == NULL) 699 return (SA_NO_MEMORY); 700 701 /* 702 * we need to step through each option in the string and then 703 * add either the option or the security option as needed. If 704 * this is not a persistent share, don't commit to the 705 * repository. If there is an error, we also want to abort the 706 * processing and report it. 707 */ 708 persist = is_persistent(group); 709 base = dup; 710 token = dup; 711 lasts = NULL; 712 while (token != NULL && ret == SA_OK) { 713 token = strtok_r(base, ",", &lasts); 714 base = NULL; 715 if (token != NULL) { 716 char *value; 717 /* 718 * if the option has a value, it will have an '=' to 719 * separate the name from the value. The following 720 * code will result in value != NULL and token 721 * pointing to just the name if there is a value. 722 */ 723 value = strchr(token, '='); 724 if (value != NULL) { 725 *value++ = '\0'; 726 } 727 if (strcmp(token, SHOPT_SEC) == 0 || 728 strcmp(token, SHOPT_SECURE) == 0) { 729 /* 730 * Once in security parsing, we only 731 * do security. We do need to move 732 * between the security node and the 733 * toplevel. The security tag goes on 734 * the root while the following ones 735 * go on the security. 736 */ 737 if (security_list != NULL) { 738 /* 739 * have an old list so close it and 740 * start the new 741 */ 742 free_security_list(security_list); 743 } 744 if (strcmp(token, SHOPT_SECURE) == 0) { 745 value = "dh"; 746 } else { 747 if (value == NULL) { 748 ret = SA_SYNTAX_ERR; 749 break; 750 } 751 } 752 security_list = make_security_list(group, 753 value, "nfs"); 754 } else { 755 /* 756 * Note that the "old" syntax allowed a 757 * default security model. This must be 758 * accounted for and internally converted to 759 * "standard" security structure. 760 */ 761 if (nfs_is_security_opt(token)) { 762 if (security_list == NULL) { 763 /* 764 * need to have a 765 * security 766 * option. This will 767 * be "closed" when a 768 * defined "sec=" 769 * option is 770 * seen. This is 771 * technically an 772 * error but will be 773 * allowed with 774 * warning. 775 */ 776 security_list = 777 make_security_list(group, 778 "default", 779 "nfs"); 780 } 781 if (security_list != NULL) { 782 ret = add_security_prop( 783 security_list, token, 784 value, persist, iszfs); 785 } else { 786 ret = SA_NO_MEMORY; 787 } 788 } else { 789 /* regular options */ 790 if (value == NULL) { 791 if (strcmp(token, SHOPT_RW) == 792 0 || strcmp(token, 793 SHOPT_RO) == 0) { 794 value = "*"; 795 } else { 796 value = "global"; 797 if (strcmp(token, 798 SHOPT_LOG) != 0) { 799 value = "true"; 800 } 801 } 802 } 803 /* 804 * In all cases, create the 805 * property specified. If the 806 * value was NULL, the default 807 * value will have been 808 * substituted. 809 */ 810 prop = sa_create_property(token, value); 811 ret = sa_add_property(optionset, prop); 812 if (ret != SA_OK) 813 break; 814 815 if (!iszfs) { 816 ret = sa_commit_properties( 817 optionset, !persist); 818 } 819 } 820 } 821 } 822 } 823 if (security_list != NULL) 824 free_security_list(security_list); 825 826 free(dup); 827 return (ret); 828 } 829 830 /* 831 * is_a_number(number) 832 * 833 * is the string a number in one of the forms we want to use? 834 */ 835 836 static int 837 is_a_number(char *number) 838 { 839 int ret = 1; 840 int hex = 0; 841 842 if (strncmp(number, "0x", 2) == 0) { 843 number += 2; 844 hex = 1; 845 } else if (*number == '-') { 846 number++; /* skip the minus */ 847 } 848 while (ret == 1 && *number != '\0') { 849 if (hex) { 850 ret = isxdigit(*number++); 851 } else { 852 ret = isdigit(*number++); 853 } 854 } 855 return (ret); 856 } 857 858 /* 859 * Look for the specified tag in the configuration file. If it is found, 860 * enable logging and set the logging configuration information for exp. 861 */ 862 static void 863 configlog(struct exportdata *exp, char *tag) 864 { 865 nfsl_config_t *configlist = NULL, *configp; 866 int error = 0; 867 char globaltag[] = DEFAULTTAG; 868 869 /* 870 * Sends config errors to stderr 871 */ 872 nfsl_errs_to_syslog = B_FALSE; 873 874 /* 875 * get the list of configuration settings 876 */ 877 error = nfsl_getconfig_list(&configlist); 878 if (error) { 879 (void) fprintf(stderr, 880 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 881 strerror(error)); 882 } 883 884 if (tag == NULL) 885 tag = globaltag; 886 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 887 nfsl_freeconfig_list(&configlist); 888 (void) fprintf(stderr, 889 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 890 /* bad configuration */ 891 error = ENOENT; 892 goto err; 893 } 894 895 if ((exp->ex_tag = strdup(tag)) == NULL) { 896 error = ENOMEM; 897 goto out; 898 } 899 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 900 error = ENOMEM; 901 goto out; 902 } 903 exp->ex_flags |= EX_LOG; 904 if (configp->nc_rpclogpath != NULL) 905 exp->ex_flags |= EX_LOG_ALLOPS; 906 out: 907 if (configlist != NULL) 908 nfsl_freeconfig_list(&configlist); 909 910 err: 911 if (error != 0) { 912 free(exp->ex_tag); 913 free(exp->ex_log_buffer); 914 (void) fprintf(stderr, 915 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 916 strerror(error)); 917 } 918 } 919 920 /* 921 * fill_export_from_optionset(export, optionset) 922 * 923 * In order to share, we need to set all the possible general options 924 * into the export structure. Share info will be filled in by the 925 * caller. Various property values get turned into structure specific 926 * values. 927 */ 928 929 static int 930 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 931 { 932 sa_property_t option; 933 int ret = SA_OK; 934 935 for (option = sa_get_property(optionset, NULL); 936 option != NULL; option = sa_get_next_property(option)) { 937 char *name; 938 char *value; 939 uint32_t val; 940 941 /* 942 * since options may be set/reset multiple times, always do an 943 * explicit set or clear of the option. This allows defaults 944 * to be set and then the protocol specific to override. 945 */ 946 947 name = sa_get_property_attr(option, "type"); 948 value = sa_get_property_attr(option, "value"); 949 switch (findopt(name)) { 950 case OPT_ANON: 951 if (value != NULL && is_a_number(value)) { 952 val = strtoul(value, NULL, 0); 953 } else { 954 struct passwd *pw; 955 pw = getpwnam(value != NULL ? value : "nobody"); 956 if (pw != NULL) { 957 val = pw->pw_uid; 958 } else { 959 val = UID_NOBODY; 960 } 961 endpwent(); 962 } 963 export->ex_anon = val; 964 break; 965 case OPT_NOSUID: 966 if (value != NULL && (strcasecmp(value, "true") == 0 || 967 strcmp(value, "1") == 0)) 968 export->ex_flags |= EX_NOSUID; 969 else 970 export->ex_flags &= ~EX_NOSUID; 971 break; 972 case OPT_ACLOK: 973 if (value != NULL && (strcasecmp(value, "true") == 0 || 974 strcmp(value, "1") == 0)) 975 export->ex_flags |= EX_ACLOK; 976 else 977 export->ex_flags &= ~EX_ACLOK; 978 break; 979 case OPT_NOSUB: 980 if (value != NULL && (strcasecmp(value, "true") == 0 || 981 strcmp(value, "1") == 0)) 982 export->ex_flags |= EX_NOSUB; 983 else 984 export->ex_flags &= ~EX_NOSUB; 985 break; 986 case OPT_PUBLIC: 987 if (value != NULL && (strcasecmp(value, "true") == 0 || 988 strcmp(value, "1") == 0)) 989 export->ex_flags |= EX_PUBLIC; 990 else 991 export->ex_flags &= ~EX_PUBLIC; 992 break; 993 case OPT_INDEX: 994 if (value != NULL && (strcmp(value, "..") == 0 || 995 strchr(value, '/') != NULL)) { 996 /* this is an error */ 997 (void) printf(dgettext(TEXT_DOMAIN, 998 "NFS: index=\"%s\" not valid;" 999 "must be a filename.\n"), 1000 value); 1001 break; 1002 } 1003 if (value != NULL && *value != '\0' && 1004 strcmp(value, ".") != 0) { 1005 /* valid index file string */ 1006 if (export->ex_index != NULL) { 1007 /* left over from "default" */ 1008 free(export->ex_index); 1009 } 1010 /* remember to free */ 1011 export->ex_index = strdup(value); 1012 if (export->ex_index == NULL) { 1013 (void) printf(dgettext(TEXT_DOMAIN, 1014 "NFS: out of memory setting " 1015 "index property\n")); 1016 break; 1017 } 1018 export->ex_flags |= EX_INDEX; 1019 } 1020 break; 1021 case OPT_LOG: 1022 if (value == NULL) 1023 value = strdup("global"); 1024 if (value != NULL) 1025 configlog(export, 1026 strlen(value) ? value : "global"); 1027 break; 1028 case OPT_CHARSET_MAP: 1029 /* 1030 * Set EX_CHARMAP when there is at least one 1031 * charmap conversion property. This will get 1032 * checked by the nfs server when it needs to. 1033 */ 1034 export->ex_flags |= EX_CHARMAP; 1035 break; 1036 case OPT_NOACLFAB: 1037 if (value != NULL && (strcasecmp(value, "true") == 0 || 1038 strcmp(value, "1") == 0)) 1039 export->ex_flags |= EX_NOACLFAB; 1040 else 1041 export->ex_flags &= ~EX_NOACLFAB; 1042 break; 1043 case OPT_NOHIDE: 1044 if (value != NULL && (strcasecmp(value, "true") == 0 || 1045 strcmp(value, "1") == 0)) 1046 export->ex_flags |= EX_NOHIDE; 1047 else 1048 export->ex_flags &= ~EX_NOHIDE; 1049 1050 break; 1051 default: 1052 /* have a syntactic error */ 1053 (void) printf(dgettext(TEXT_DOMAIN, 1054 "NFS: unrecognized option %s=%s\n"), 1055 name != NULL ? name : "", 1056 value != NULL ? value : ""); 1057 break; 1058 } 1059 if (name != NULL) 1060 sa_free_attr_string(name); 1061 if (value != NULL) 1062 sa_free_attr_string(value); 1063 } 1064 return (ret); 1065 } 1066 1067 /* 1068 * cleanup_export(export) 1069 * 1070 * Cleanup the allocated areas so we don't leak memory 1071 */ 1072 1073 static void 1074 cleanup_export(struct exportdata *export) 1075 { 1076 int i; 1077 1078 free(export->ex_index); 1079 1080 for (i = 0; i < export->ex_seccnt; i++) { 1081 struct secinfo *s = &export->ex_secinfo[i]; 1082 1083 while (s->s_rootcnt > 0) 1084 free(s->s_rootnames[--s->s_rootcnt]); 1085 1086 free(s->s_rootnames); 1087 } 1088 free(export->ex_secinfo); 1089 } 1090 1091 /* 1092 * Given a seconfig entry and a colon-separated 1093 * list of names, allocate an array big enough 1094 * to hold the root list, then convert each name to 1095 * a principal name according to the security 1096 * info and assign it to an array element. 1097 * Return the array and its size. 1098 */ 1099 static caddr_t * 1100 get_rootnames(seconfig_t *sec, char *list, int *count) 1101 { 1102 caddr_t *a; 1103 int c, i; 1104 char *host, *p; 1105 1106 /* 1107 * Count the number of strings in the list. 1108 * This is the number of colon separators + 1. 1109 */ 1110 c = 1; 1111 for (p = list; *p; p++) 1112 if (*p == ':') 1113 c++; 1114 *count = c; 1115 1116 a = (caddr_t *)malloc(c * sizeof (char *)); 1117 if (a == NULL) { 1118 (void) printf(dgettext(TEXT_DOMAIN, 1119 "get_rootnames: no memory\n")); 1120 *count = 0; 1121 } else { 1122 for (i = 0; i < c; i++) { 1123 host = strtok(list, ":"); 1124 if (!nfs_get_root_principal(sec, host, &a[i])) { 1125 while (i > 0) 1126 free(a[--i]); 1127 free(a); 1128 a = NULL; 1129 *count = 0; 1130 break; 1131 } 1132 list = NULL; 1133 } 1134 } 1135 1136 return (a); 1137 } 1138 1139 /* 1140 * fill_security_from_secopts(sp, secopts) 1141 * 1142 * Fill the secinfo structure from the secopts optionset. 1143 */ 1144 1145 static int 1146 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1147 { 1148 sa_property_t prop; 1149 char *type; 1150 int longform; 1151 int err = SC_NOERROR; 1152 uint32_t val; 1153 1154 type = sa_get_security_attr(secopts, "sectype"); 1155 if (type != NULL) { 1156 /* named security type needs secinfo to be filled in */ 1157 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1158 sa_free_attr_string(type); 1159 if (err != SC_NOERROR) 1160 return (err); 1161 } else { 1162 /* default case */ 1163 err = nfs_getseconfig_default(&sp->s_secinfo); 1164 if (err != SC_NOERROR) 1165 return (err); 1166 } 1167 1168 err = SA_OK; 1169 for (prop = sa_get_property(secopts, NULL); 1170 prop != NULL && err == SA_OK; 1171 prop = sa_get_next_property(prop)) { 1172 char *name; 1173 char *value; 1174 1175 name = sa_get_property_attr(prop, "type"); 1176 value = sa_get_property_attr(prop, "value"); 1177 1178 longform = value != NULL && strcmp(value, "*") != 0; 1179 1180 switch (findopt(name)) { 1181 case OPT_RO: 1182 sp->s_flags |= longform ? M_ROL : M_RO; 1183 break; 1184 case OPT_RW: 1185 sp->s_flags |= longform ? M_RWL : M_RW; 1186 break; 1187 case OPT_ROOT: 1188 sp->s_flags |= M_ROOT; 1189 /* 1190 * if we are using AUTH_UNIX, handle like other things 1191 * such as RO/RW 1192 */ 1193 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1194 break; 1195 /* not AUTH_UNIX */ 1196 if (value != NULL) { 1197 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1198 value, &sp->s_rootcnt); 1199 if (sp->s_rootnames == NULL) { 1200 err = SA_BAD_VALUE; 1201 (void) fprintf(stderr, 1202 dgettext(TEXT_DOMAIN, 1203 "Bad root list\n")); 1204 } 1205 } 1206 break; 1207 case OPT_NONE: 1208 sp->s_flags |= M_NONE; 1209 break; 1210 case OPT_WINDOW: 1211 if (value != NULL) { 1212 sp->s_window = atoi(value); 1213 /* just in case */ 1214 if (sp->s_window < 0) 1215 sp->s_window = DEF_WIN; 1216 } 1217 break; 1218 case OPT_ROOT_MAPPING: 1219 if (value != NULL && is_a_number(value)) { 1220 val = strtoul(value, NULL, 0); 1221 } else { 1222 struct passwd *pw; 1223 pw = getpwnam(value != NULL ? value : "nobody"); 1224 if (pw != NULL) { 1225 val = pw->pw_uid; 1226 } else { 1227 val = UID_NOBODY; 1228 } 1229 endpwent(); 1230 } 1231 sp->s_rootid = val; 1232 break; 1233 case OPT_UIDMAP: 1234 case OPT_GIDMAP: 1235 sp->s_flags |= M_MAP; 1236 break; 1237 default: 1238 break; 1239 } 1240 if (name != NULL) 1241 sa_free_attr_string(name); 1242 if (value != NULL) 1243 sa_free_attr_string(value); 1244 } 1245 /* if rw/ro options not set, use default of RW */ 1246 if ((sp->s_flags & NFS_RWMODES) == 0) 1247 sp->s_flags |= M_RW; 1248 return (err); 1249 } 1250 1251 /* 1252 * This is for testing only 1253 * It displays the export structure that 1254 * goes into the kernel. 1255 */ 1256 static void 1257 printarg(char *path, struct exportdata *ep) 1258 { 1259 int i, j; 1260 struct secinfo *sp; 1261 1262 if (debug == 0) 1263 return; 1264 1265 (void) printf("%s:\n", path); 1266 (void) printf("\tex_version = %d\n", ep->ex_version); 1267 (void) printf("\tex_path = %s\n", ep->ex_path); 1268 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1269 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1270 if (ep->ex_flags & EX_NOSUID) 1271 (void) printf("NOSUID "); 1272 if (ep->ex_flags & EX_ACLOK) 1273 (void) printf("ACLOK "); 1274 if (ep->ex_flags & EX_PUBLIC) 1275 (void) printf("PUBLIC "); 1276 if (ep->ex_flags & EX_NOSUB) 1277 (void) printf("NOSUB "); 1278 if (ep->ex_flags & EX_LOG) 1279 (void) printf("LOG "); 1280 if (ep->ex_flags & EX_CHARMAP) 1281 (void) printf("CHARMAP "); 1282 if (ep->ex_flags & EX_LOG_ALLOPS) 1283 (void) printf("LOG_ALLOPS "); 1284 if (ep->ex_flags == 0) 1285 (void) printf("(none)"); 1286 (void) printf("\n"); 1287 if (ep->ex_flags & EX_LOG) { 1288 (void) printf("\tex_log_buffer = %s\n", 1289 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1290 (void) printf("\tex_tag = %s\n", 1291 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1292 } 1293 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1294 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1295 (void) printf("\n"); 1296 for (i = 0; i < ep->ex_seccnt; i++) { 1297 sp = &ep->ex_secinfo[i]; 1298 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1299 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1300 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1301 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1302 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1303 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1304 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1305 if (sp->s_flags & M_NONE) (void) printf("M_NONE "); 1306 if (sp->s_flags & M_MAP) (void) printf("M_MAP "); 1307 if (sp->s_flags == 0) (void) printf("(none)"); 1308 (void) printf("\n"); 1309 (void) printf("\t\ts_window = %d\n", sp->s_window); 1310 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid); 1311 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1312 (void) fflush(stdout); 1313 for (j = 0; j < sp->s_rootcnt; j++) 1314 (void) printf("%s ", sp->s_rootnames[j] ? 1315 sp->s_rootnames[j] : "<null>"); 1316 (void) printf("\n\n"); 1317 } 1318 } 1319 1320 /* 1321 * count_security(opts) 1322 * 1323 * Count the number of security types (flavors). The optionset has 1324 * been populated with the security flavors as a holding mechanism. 1325 * We later use this number to allocate data structures. 1326 */ 1327 1328 static int 1329 count_security(sa_optionset_t opts) 1330 { 1331 int count = 0; 1332 sa_property_t prop; 1333 if (opts != NULL) { 1334 for (prop = sa_get_property(opts, NULL); prop != NULL; 1335 prop = sa_get_next_property(prop)) { 1336 count++; 1337 } 1338 } 1339 return (count); 1340 } 1341 1342 /* 1343 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1344 * 1345 * provides a mechanism to format NFS properties into legacy output 1346 * format. If the buffer would overflow, it is reallocated and grown 1347 * as appropriate. Special cases of converting internal form of values 1348 * to those used by "share" are done. this function does one property 1349 * at a time. 1350 */ 1351 1352 static int 1353 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1354 sa_property_t prop, int sep) 1355 { 1356 char *name; 1357 char *value; 1358 int curlen; 1359 char *buff = *rbuff; 1360 size_t buffsize = *rbuffsize; 1361 int printed = B_FALSE; 1362 1363 name = sa_get_property_attr(prop, "type"); 1364 value = sa_get_property_attr(prop, "value"); 1365 if (buff != NULL) 1366 curlen = strlen(buff); 1367 else 1368 curlen = 0; 1369 if (name != NULL) { 1370 int len; 1371 len = strlen(name) + sep; 1372 1373 /* 1374 * A future RFE would be to replace this with more 1375 * generic code and to possibly handle more types. 1376 */ 1377 switch (gettype(name)) { 1378 case OPT_TYPE_BOOLEAN: 1379 /* 1380 * For NFS, boolean value of FALSE means it 1381 * doesn't show up in the option list at all. 1382 */ 1383 if (value != NULL && strcasecmp(value, "false") == 0) 1384 goto skip; 1385 if (value != NULL) { 1386 sa_free_attr_string(value); 1387 value = NULL; 1388 } 1389 break; 1390 case OPT_TYPE_ACCLIST: 1391 if (value != NULL && strcmp(value, "*") == 0) { 1392 sa_free_attr_string(value); 1393 value = NULL; 1394 } else { 1395 if (value != NULL) 1396 len += 1 + strlen(value); 1397 } 1398 break; 1399 case OPT_TYPE_LOGTAG: 1400 if (value != NULL && strlen(value) == 0) { 1401 sa_free_attr_string(value); 1402 value = NULL; 1403 } else { 1404 if (value != NULL) 1405 len += 1 + strlen(value); 1406 } 1407 break; 1408 default: 1409 if (value != NULL) 1410 len += 1 + strlen(value); 1411 break; 1412 } 1413 while (buffsize <= (curlen + len)) { 1414 /* need more room */ 1415 buffsize += incr; 1416 buff = realloc(buff, buffsize); 1417 if (buff == NULL) { 1418 /* realloc failed so free everything */ 1419 if (*rbuff != NULL) 1420 free(*rbuff); 1421 } 1422 *rbuff = buff; 1423 *rbuffsize = buffsize; 1424 if (buff == NULL) 1425 goto skip; 1426 1427 } 1428 1429 if (buff == NULL) 1430 goto skip; 1431 1432 if (value == NULL) { 1433 (void) snprintf(buff + curlen, buffsize - curlen, 1434 "%s%s", sep ? "," : "", name); 1435 } else { 1436 (void) snprintf(buff + curlen, buffsize - curlen, 1437 "%s%s=%s", sep ? "," : "", 1438 name, value != NULL ? value : ""); 1439 } 1440 printed = B_TRUE; 1441 } 1442 skip: 1443 if (name != NULL) 1444 sa_free_attr_string(name); 1445 if (value != NULL) 1446 sa_free_attr_string(value); 1447 return (printed); 1448 } 1449 1450 /* 1451 * nfs_format_options(group, hier) 1452 * 1453 * format all the options on the group into an old-style option 1454 * string. If hier is non-zero, walk up the tree to get inherited 1455 * options. 1456 */ 1457 1458 static char * 1459 nfs_format_options(sa_group_t group, int hier) 1460 { 1461 sa_optionset_t options = NULL; 1462 sa_optionset_t secoptions = NULL; 1463 sa_property_t prop, secprop; 1464 sa_security_t security = NULL; 1465 char *buff; 1466 size_t buffsize; 1467 char *sectype = NULL; 1468 int sep = 0; 1469 1470 1471 buff = malloc(OPT_CHUNK); 1472 if (buff == NULL) { 1473 return (NULL); 1474 } 1475 1476 buff[0] = '\0'; 1477 buffsize = OPT_CHUNK; 1478 1479 /* 1480 * We may have a an optionset relative to this item. format 1481 * these if we find them and then add any security definitions. 1482 */ 1483 1484 options = sa_get_derived_optionset(group, "nfs", hier); 1485 1486 /* 1487 * do the default set first but skip any option that is also 1488 * in the protocol specific optionset. 1489 */ 1490 if (options != NULL) { 1491 for (prop = sa_get_property(options, NULL); 1492 prop != NULL; prop = sa_get_next_property(prop)) { 1493 /* 1494 * use this one since we skipped any 1495 * of these that were also in 1496 * optdefault 1497 */ 1498 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1499 prop, sep)) 1500 sep = 1; 1501 if (buff == NULL) { 1502 /* 1503 * buff could become NULL if there 1504 * isn't enough memory for 1505 * nfs_sprint_option to realloc() 1506 * as necessary. We can't really 1507 * do anything about it at this 1508 * point so we return NULL. The 1509 * caller should handle the 1510 * failure. 1511 */ 1512 if (options != NULL) 1513 sa_free_derived_optionset( 1514 options); 1515 return (buff); 1516 } 1517 } 1518 } 1519 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1520 "nfs", hier); 1521 if (secoptions != NULL) { 1522 for (secprop = sa_get_property(secoptions, NULL); 1523 secprop != NULL; 1524 secprop = sa_get_next_property(secprop)) { 1525 sectype = sa_get_property_attr(secprop, "type"); 1526 security = 1527 (sa_security_t)sa_get_derived_security( 1528 group, sectype, "nfs", hier); 1529 if (security != NULL) { 1530 if (sectype != NULL) { 1531 prop = sa_create_property( 1532 "sec", sectype); 1533 if (prop == NULL) 1534 goto err; 1535 if (nfs_sprint_option(&buff, 1536 &buffsize, OPT_CHUNK, prop, sep)) 1537 sep = 1; 1538 (void) sa_remove_property(prop); 1539 if (buff == NULL) 1540 goto err; 1541 } 1542 for (prop = sa_get_property(security, 1543 NULL); prop != NULL; 1544 prop = sa_get_next_property(prop)) { 1545 if (nfs_sprint_option(&buff, 1546 &buffsize, OPT_CHUNK, prop, sep)) 1547 sep = 1; 1548 if (buff == NULL) 1549 goto err; 1550 } 1551 sa_free_derived_optionset(security); 1552 } 1553 if (sectype != NULL) 1554 sa_free_attr_string(sectype); 1555 } 1556 sa_free_derived_optionset(secoptions); 1557 } 1558 1559 if (options != NULL) 1560 sa_free_derived_optionset(options); 1561 return (buff); 1562 1563 err: 1564 /* 1565 * If we couldn't allocate memory for option printing, we need 1566 * to break out of the nested loops, cleanup and return NULL. 1567 */ 1568 if (secoptions != NULL) 1569 sa_free_derived_optionset(secoptions); 1570 if (security != NULL) 1571 sa_free_derived_optionset(security); 1572 if (sectype != NULL) 1573 sa_free_attr_string(sectype); 1574 if (options != NULL) 1575 sa_free_derived_optionset(options); 1576 return (buff); 1577 } 1578 1579 /* 1580 * Append an entry to the nfslogtab file 1581 */ 1582 static int 1583 nfslogtab_add(char *dir, char *buffer, char *tag) 1584 { 1585 FILE *f; 1586 struct logtab_ent lep; 1587 int error = 0; 1588 1589 /* 1590 * Open the file for update and create it if necessary. 1591 * This may leave the I/O offset at the end of the file, 1592 * so rewind back to the beginning of the file. 1593 */ 1594 f = fopen(NFSLOGTAB, "a+"); 1595 if (f == NULL) { 1596 error = errno; 1597 goto out; 1598 } 1599 rewind(f); 1600 1601 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1602 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1603 "share complete, however failed to lock %s " 1604 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1605 error = -1; 1606 goto out; 1607 } 1608 1609 if (logtab_deactivate_after_boot(f) == -1) { 1610 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1611 "share complete, however could not deactivate " 1612 "entries in %s\n"), NFSLOGTAB); 1613 error = -1; 1614 goto out; 1615 } 1616 1617 /* 1618 * Remove entries matching buffer and sharepoint since we're 1619 * going to replace it with perhaps an entry with a new tag. 1620 */ 1621 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1622 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1623 "share complete, however could not remove matching " 1624 "entries in %s\n"), NFSLOGTAB); 1625 error = -1; 1626 goto out; 1627 } 1628 1629 /* 1630 * Deactivate all active entries matching this sharepoint 1631 */ 1632 if (logtab_deactivate(f, NULL, dir, NULL)) { 1633 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1634 "share complete, however could not deactivate matching " 1635 "entries in %s\n"), NFSLOGTAB); 1636 error = -1; 1637 goto out; 1638 } 1639 1640 lep.le_buffer = buffer; 1641 lep.le_path = dir; 1642 lep.le_tag = tag; 1643 lep.le_state = LES_ACTIVE; 1644 1645 /* 1646 * Add new sharepoint / buffer location to nfslogtab 1647 */ 1648 if (logtab_putent(f, &lep) < 0) { 1649 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1650 "share complete, however could not add %s to %s\n"), 1651 dir, NFSLOGTAB); 1652 error = -1; 1653 } 1654 1655 out: 1656 if (f != NULL) 1657 (void) fclose(f); 1658 return (error); 1659 } 1660 1661 /* 1662 * Deactivate an entry from the nfslogtab file 1663 */ 1664 static int 1665 nfslogtab_deactivate(char *path) 1666 { 1667 FILE *f; 1668 int error = 0; 1669 1670 f = fopen(NFSLOGTAB, "r+"); 1671 if (f == NULL) { 1672 error = errno; 1673 goto out; 1674 } 1675 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1676 error = errno; 1677 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1678 "share complete, however could not lock %s for " 1679 "update: %s\n"), NFSLOGTAB, strerror(error)); 1680 goto out; 1681 } 1682 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1683 error = -1; 1684 (void) fprintf(stderr, 1685 dgettext(TEXT_DOMAIN, 1686 "share complete, however could not " 1687 "deactivate %s in %s\n"), path, NFSLOGTAB); 1688 goto out; 1689 } 1690 1691 out: if (f != NULL) 1692 (void) fclose(f); 1693 1694 return (error); 1695 } 1696 1697 /* 1698 * check_public(group, skipshare) 1699 * 1700 * Check the group for any shares that have the public property 1701 * enabled. We skip "skipshare" since that is the one we are 1702 * working with. This is a separate function to make handling 1703 * subgroups simpler. Returns true if there is a share with public. 1704 */ 1705 static int 1706 check_public(sa_group_t group, sa_share_t skipshare) 1707 { 1708 int exists = B_FALSE; 1709 sa_share_t share; 1710 sa_optionset_t opt; 1711 sa_property_t prop; 1712 char *shared; 1713 1714 for (share = sa_get_share(group, NULL); share != NULL; 1715 share = sa_get_next_share(share)) { 1716 if (share == skipshare) 1717 continue; 1718 1719 opt = sa_get_optionset(share, "nfs"); 1720 if (opt == NULL) 1721 continue; 1722 prop = sa_get_property(opt, "public"); 1723 if (prop == NULL) 1724 continue; 1725 shared = sa_get_share_attr(share, "shared"); 1726 if (shared != NULL) { 1727 exists = strcmp(shared, "true") == 0; 1728 sa_free_attr_string(shared); 1729 if (exists == B_TRUE) 1730 break; 1731 } 1732 } 1733 1734 return (exists); 1735 } 1736 1737 /* 1738 * public_exists(handle, skipshare) 1739 * 1740 * check to see if public option is set on any other share than the 1741 * one specified. Need to check zfs sub-groups as well as the top 1742 * level groups. 1743 */ 1744 static int 1745 public_exists(sa_handle_t handle, sa_share_t skipshare) 1746 { 1747 sa_group_t group = NULL; 1748 1749 /* 1750 * If we don't have a handle, we can only do syntax check. We 1751 * can't check against other shares so we assume OK and will 1752 * catch the problem only when we actually try to apply it. 1753 */ 1754 if (handle == NULL) 1755 return (SA_OK); 1756 1757 if (skipshare != NULL) { 1758 group = sa_get_parent_group(skipshare); 1759 if (group == NULL) 1760 return (SA_NO_SUCH_GROUP); 1761 } 1762 1763 for (group = sa_get_group(handle, NULL); group != NULL; 1764 group = sa_get_next_group(group)) { 1765 /* Walk any ZFS subgroups as well as all standard groups */ 1766 if (sa_group_is_zfs(group)) { 1767 sa_group_t subgroup; 1768 for (subgroup = sa_get_sub_group(group); 1769 subgroup != NULL; 1770 subgroup = sa_get_next_group(subgroup)) { 1771 if (check_public(subgroup, skipshare)) 1772 return (B_TRUE); 1773 } 1774 } else { 1775 if (check_public(group, skipshare)) 1776 return (B_TRUE); 1777 } 1778 } 1779 return (B_FALSE); 1780 } 1781 1782 /* 1783 * sa_enable_share at the protocol level, enable_share must tell the 1784 * implementation that it is to enable the share. This entails 1785 * converting the path and options into the appropriate ioctl 1786 * calls. It is assumed that all error checking of paths, etc. were 1787 * done earlier. 1788 */ 1789 static int 1790 nfs_enable_share(sa_share_t share) 1791 { 1792 struct exportdata export; 1793 sa_optionset_t secoptlist; 1794 struct secinfo *sp; 1795 int num_secinfo; 1796 sa_optionset_t opt; 1797 sa_security_t sec; 1798 sa_property_t prop; 1799 char *path; 1800 int err = SA_OK; 1801 int i; 1802 int iszfs; 1803 sa_handle_t handle; 1804 1805 /* Don't drop core if the NFS module isn't loaded. */ 1806 (void) signal(SIGSYS, SIG_IGN); 1807 1808 /* get the path since it is important in several places */ 1809 path = sa_get_share_attr(share, "path"); 1810 if (path == NULL) 1811 return (SA_NO_SUCH_PATH); 1812 1813 iszfs = sa_path_is_zfs(path); 1814 /* 1815 * find the optionsets and security sets. There may not be 1816 * any or there could be one or two for each of optionset and 1817 * security may have multiple, one per security type per 1818 * protocol type. 1819 */ 1820 opt = sa_get_derived_optionset(share, "nfs", 1); 1821 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1822 if (secoptlist != NULL) 1823 num_secinfo = MAX(1, count_security(secoptlist)); 1824 else 1825 num_secinfo = 1; 1826 1827 /* 1828 * walk through the options and fill in the structure 1829 * appropriately. 1830 */ 1831 1832 (void) memset(&export, '\0', sizeof (export)); 1833 1834 /* 1835 * do non-security options first since there is only one after 1836 * the derived group is constructed. 1837 */ 1838 export.ex_version = EX_CURRENT_VERSION; 1839 export.ex_anon = UID_NOBODY; /* this is our default value */ 1840 export.ex_index = NULL; 1841 export.ex_path = path; 1842 export.ex_pathlen = strlen(path) + 1; 1843 1844 if (opt != NULL) 1845 err = fill_export_from_optionset(&export, opt); 1846 1847 /* 1848 * check to see if "public" is set. If it is, then make sure 1849 * no other share has it set. If it is already used, fail. 1850 */ 1851 1852 handle = sa_find_group_handle((sa_group_t)share); 1853 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) { 1854 (void) printf(dgettext(TEXT_DOMAIN, 1855 "NFS: Cannot share more than one file " 1856 "system with 'public' property\n")); 1857 err = SA_NOT_ALLOWED; 1858 goto out; 1859 } 1860 1861 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1862 if (sp == NULL) { 1863 err = SA_NO_MEMORY; 1864 (void) printf(dgettext(TEXT_DOMAIN, 1865 "NFS: NFS: no memory for security\n")); 1866 goto out; 1867 } 1868 export.ex_secinfo = sp; 1869 /* get default secinfo */ 1870 export.ex_seccnt = num_secinfo; 1871 /* 1872 * since we must have one security option defined, we 1873 * init to the default and then override as we find 1874 * defined security options. This handles the case 1875 * where we have no defined options but we need to set 1876 * up one. 1877 */ 1878 sp[0].s_window = DEF_WIN; 1879 sp[0].s_rootnames = NULL; 1880 /* setup a default in case no properties defined */ 1881 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1882 (void) printf(dgettext(TEXT_DOMAIN, 1883 "NFS: nfs_getseconfig_default: failed to " 1884 "get default security mode\n")); 1885 err = SA_CONFIG_ERR; 1886 } 1887 if (secoptlist != NULL) { 1888 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1889 prop != NULL && i < num_secinfo; 1890 prop = sa_get_next_property(prop), i++) { 1891 char *sectype; 1892 sectype = sa_get_property_attr(prop, "type"); 1893 /* 1894 * if sectype is NULL, we probably 1895 * have a memory problem and can't get 1896 * the correct values. Rather than 1897 * exporting with incorrect security, 1898 * don't share it. 1899 */ 1900 if (sectype == NULL) { 1901 err = SA_NO_MEMORY; 1902 (void) printf(dgettext(TEXT_DOMAIN, 1903 "NFS: Cannot share %s: " 1904 "no memory\n"), path); 1905 goto out; 1906 } 1907 sec = (sa_security_t)sa_get_derived_security( 1908 share, sectype, "nfs", 1); 1909 sp[i].s_window = DEF_WIN; 1910 sp[i].s_rootcnt = 0; 1911 sp[i].s_rootnames = NULL; 1912 (void) fill_security_from_secopts(&sp[i], sec); 1913 if (sec != NULL) 1914 sa_free_derived_security(sec); 1915 if (sectype != NULL) 1916 sa_free_attr_string(sectype); 1917 } 1918 } 1919 1920 /* now add the share to the internal tables */ 1921 printarg(path, &export); 1922 /* 1923 * call the exportfs system call which is implemented 1924 * via the nfssys() call as the EXPORTFS subfunction. 1925 */ 1926 if (iszfs) { 1927 struct exportfs_args ea; 1928 share_t sh; 1929 1930 ea.dname = path; 1931 ea.uex = &export; 1932 1933 (void) sa_sharetab_fill_zfs(share, &sh, "nfs"); 1934 err = sa_share_zfs(share, NULL, path, &sh, &ea, ZFS_SHARE_NFS); 1935 if (err != SA_OK) { 1936 errno = err; 1937 err = -1; 1938 } 1939 sa_emptyshare(&sh); 1940 } else { 1941 err = exportfs(path, &export); 1942 } 1943 1944 if (err < 0) { 1945 err = SA_SYSTEM_ERR; 1946 switch (errno) { 1947 case EPERM: 1948 err = SA_NO_PERMISSION; 1949 break; 1950 case EEXIST: 1951 err = SA_SHARE_EXISTS; 1952 break; 1953 default: 1954 break; 1955 } 1956 } else { 1957 /* update sharetab with an add/modify */ 1958 if (!iszfs) { 1959 (void) sa_update_sharetab(share, "nfs"); 1960 } 1961 } 1962 1963 if (err == SA_OK) { 1964 /* 1965 * enable services as needed. This should probably be 1966 * done elsewhere in order to minimize the calls to 1967 * check services. 1968 */ 1969 /* 1970 * check to see if logging and other services need to 1971 * be triggered, but only if there wasn't an 1972 * error. This is probably where sharetab should be 1973 * updated with the NFS specific entry. 1974 */ 1975 if (export.ex_flags & EX_LOG) { 1976 /* enable logging */ 1977 if (nfslogtab_add(path, export.ex_log_buffer, 1978 export.ex_tag) != 0) { 1979 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1980 "Could not enable logging for %s\n"), 1981 path); 1982 } 1983 _check_services(service_list_logging); 1984 } else { 1985 /* 1986 * don't have logging so remove it from file. It might 1987 * not be thre, but that doesn't matter. 1988 */ 1989 (void) nfslogtab_deactivate(path); 1990 _check_services(service_list_default); 1991 } 1992 } 1993 1994 out: 1995 if (path != NULL) 1996 free(path); 1997 1998 cleanup_export(&export); 1999 if (opt != NULL) 2000 sa_free_derived_optionset(opt); 2001 if (secoptlist != NULL) 2002 (void) sa_destroy_optionset(secoptlist); 2003 return (err); 2004 } 2005 2006 /* 2007 * nfs_disable_share(share, path) 2008 * 2009 * Unshare the specified share. Note that "path" is the same path as 2010 * what is in the "share" object. It is passed in to avoid an 2011 * additional lookup. A missing "path" value makes this a no-op 2012 * function. 2013 */ 2014 static int 2015 nfs_disable_share(sa_share_t share, char *path) 2016 { 2017 int err; 2018 int ret = SA_OK; 2019 int iszfs; 2020 sa_group_t parent; 2021 sa_handle_t handle; 2022 2023 if (path == NULL) 2024 return (ret); 2025 2026 /* 2027 * If the share is in a ZFS group we need to handle it 2028 * differently. Just being on a ZFS file system isn't 2029 * enough since we may be in a legacy share case. 2030 */ 2031 parent = sa_get_parent_group(share); 2032 iszfs = sa_group_is_zfs(parent); 2033 if (iszfs) { 2034 struct exportfs_args ea; 2035 share_t sh = { 0 }; 2036 ea.dname = path; 2037 ea.uex = NULL; 2038 sh.sh_path = path; 2039 sh.sh_fstype = "nfs"; 2040 2041 err = sa_share_zfs(share, NULL, path, &sh, 2042 &ea, ZFS_UNSHARE_NFS); 2043 if (err != SA_OK) { 2044 errno = err; 2045 err = -1; 2046 } 2047 } else { 2048 err = exportfs(path, NULL); 2049 } 2050 if (err < 0) { 2051 /* 2052 * TBD: only an error in some 2053 * cases - need better analysis 2054 */ 2055 switch (errno) { 2056 case EPERM: 2057 case EACCES: 2058 ret = SA_NO_PERMISSION; 2059 break; 2060 case EINVAL: 2061 case ENOENT: 2062 ret = SA_NO_SUCH_PATH; 2063 break; 2064 default: 2065 ret = SA_SYSTEM_ERR; 2066 break; 2067 } 2068 } 2069 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 2070 handle = sa_find_group_handle((sa_group_t)share); 2071 if (!iszfs) 2072 (void) sa_delete_sharetab(handle, path, "nfs"); 2073 /* just in case it was logged */ 2074 (void) nfslogtab_deactivate(path); 2075 } 2076 return (ret); 2077 } 2078 2079 static int 2080 check_user(char *value) 2081 { 2082 int ret = SA_OK; 2083 2084 if (!is_a_number(value)) { 2085 struct passwd *pw; 2086 /* 2087 * in this case it would have to be a 2088 * user name 2089 */ 2090 pw = getpwnam(value); 2091 if (pw == NULL) 2092 ret = SA_BAD_VALUE; 2093 endpwent(); 2094 } else { 2095 uint64_t intval; 2096 intval = strtoull(value, NULL, 0); 2097 if (intval > UID_MAX && intval != -1) 2098 ret = SA_BAD_VALUE; 2099 } 2100 2101 return (ret); 2102 } 2103 2104 static int 2105 check_group(char *value) 2106 { 2107 int ret = SA_OK; 2108 2109 if (!is_a_number(value)) { 2110 struct group *gr; 2111 /* 2112 * in this case it would have to be a 2113 * group name 2114 */ 2115 gr = getgrnam(value); 2116 if (gr == NULL) 2117 ret = SA_BAD_VALUE; 2118 endgrent(); 2119 } else { 2120 uint64_t intval; 2121 intval = strtoull(value, NULL, 0); 2122 if (intval > UID_MAX && intval != -1) 2123 ret = SA_BAD_VALUE; 2124 } 2125 2126 return (ret); 2127 } 2128 2129 /* 2130 * check_rorwnone(v1, v2, v3) 2131 * 2132 * check ro vs rw vs none values. Over time this may get beefed up. 2133 * for now it just does simple checks. v1 is never NULL but v2 or v3 2134 * could be. 2135 */ 2136 2137 static int 2138 check_rorwnone(char *v1, char *v2, char *v3) 2139 { 2140 int ret = SA_OK; 2141 if (v2 != NULL && strcmp(v1, v2) == 0) 2142 ret = SA_VALUE_CONFLICT; 2143 else if (v3 != NULL && strcmp(v1, v3) == 0) 2144 ret = SA_VALUE_CONFLICT; 2145 2146 return (ret); 2147 } 2148 2149 /* 2150 * nfs_validate_property(handle, property, parent) 2151 * 2152 * Check that the property has a legitimate value for its type. 2153 */ 2154 2155 static int 2156 nfs_validate_property(sa_handle_t handle, sa_property_t property, 2157 sa_optionset_t parent) 2158 { 2159 int ret = SA_OK; 2160 char *propname; 2161 char *other1; 2162 char *other2; 2163 int optindex; 2164 nfsl_config_t *configlist; 2165 sa_group_t parent_group; 2166 char *value; 2167 2168 propname = sa_get_property_attr(property, "type"); 2169 2170 if ((optindex = findopt(propname)) < 0) 2171 ret = SA_NO_SUCH_PROP; 2172 2173 /* need to validate value range here as well */ 2174 2175 if (ret == SA_OK) { 2176 parent_group = sa_get_parent_group((sa_share_t)parent); 2177 if (optdefs[optindex].share && parent_group != NULL && 2178 !sa_is_share(parent_group)) 2179 ret = SA_PROP_SHARE_ONLY; 2180 } 2181 if (ret == SA_OK) { 2182 if (optdefs[optindex].index == OPT_PUBLIC) { 2183 /* 2184 * Public is special in that only one instance can 2185 * be in the repository at the same time. 2186 */ 2187 if (public_exists(handle, parent_group)) { 2188 sa_free_attr_string(propname); 2189 return (SA_VALUE_CONFLICT); 2190 } 2191 } 2192 value = sa_get_property_attr(property, "value"); 2193 if (value != NULL) { 2194 /* first basic type checking */ 2195 switch (optdefs[optindex].type) { 2196 2197 case OPT_TYPE_NUMBER: 2198 /* check that the value is all digits */ 2199 if (!is_a_number(value)) 2200 ret = SA_BAD_VALUE; 2201 break; 2202 2203 case OPT_TYPE_BOOLEAN: 2204 ret = boolean_check(value); 2205 break; 2206 2207 case OPT_TYPE_USER: 2208 ret = check_user(value); 2209 break; 2210 2211 case OPT_TYPE_FILE: 2212 if (strcmp(value, "..") == 0 || 2213 strchr(value, '/') != NULL) { 2214 ret = SA_BAD_VALUE; 2215 } 2216 break; 2217 2218 case OPT_TYPE_ACCLIST: { 2219 sa_property_t oprop1; 2220 sa_property_t oprop2; 2221 char *ovalue1 = NULL; 2222 char *ovalue2 = NULL; 2223 2224 if (parent == NULL) 2225 break; 2226 /* 2227 * access list handling. Should eventually 2228 * validate that all the values make sense. 2229 * Also, ro and rw may have cross value 2230 * conflicts. 2231 */ 2232 if (strcmp(propname, SHOPT_RO) == 0) { 2233 other1 = SHOPT_RW; 2234 other2 = SHOPT_NONE; 2235 } else if (strcmp(propname, SHOPT_RW) == 0) { 2236 other1 = SHOPT_RO; 2237 other2 = SHOPT_NONE; 2238 } else if (strcmp(propname, SHOPT_NONE) == 0) { 2239 other1 = SHOPT_RO; 2240 other2 = SHOPT_RW; 2241 } else { 2242 other1 = NULL; 2243 other2 = NULL; 2244 } 2245 if (other1 == NULL && other2 == NULL) 2246 break; 2247 2248 /* compare rw(ro) with ro(rw) */ 2249 2250 oprop1 = sa_get_property(parent, other1); 2251 oprop2 = sa_get_property(parent, other2); 2252 if (oprop1 == NULL && oprop2 == NULL) 2253 break; 2254 /* 2255 * Only potential confusion if other1 2256 * or other2 exists. Check the values 2257 * and run the check if there is a 2258 * value other than the one we are 2259 * explicitly looking at. 2260 */ 2261 ovalue1 = sa_get_property_attr(oprop1, "value"); 2262 ovalue2 = sa_get_property_attr(oprop2, "value"); 2263 if (ovalue1 != NULL || ovalue2 != NULL) 2264 ret = check_rorwnone(value, ovalue1, 2265 ovalue2); 2266 2267 if (ovalue1 != NULL) 2268 sa_free_attr_string(ovalue1); 2269 if (ovalue2 != NULL) 2270 sa_free_attr_string(ovalue2); 2271 break; 2272 } 2273 2274 case OPT_TYPE_LOGTAG: 2275 if (nfsl_getconfig_list(&configlist) == 0) { 2276 int error; 2277 if (value == NULL || 2278 strlen(value) == 0) { 2279 if (value != NULL) 2280 sa_free_attr_string( 2281 value); 2282 value = strdup("global"); 2283 } 2284 if (value != NULL && 2285 nfsl_findconfig(configlist, value, 2286 &error) == NULL) { 2287 ret = SA_BAD_VALUE; 2288 } 2289 /* Must always free when done */ 2290 nfsl_freeconfig_list(&configlist); 2291 } else { 2292 ret = SA_CONFIG_ERR; 2293 } 2294 break; 2295 2296 case OPT_TYPE_STRING: 2297 /* whatever is here should be ok */ 2298 break; 2299 2300 case OPT_TYPE_SECURITY: 2301 /* 2302 * The "sec" property isn't used in the 2303 * non-legacy parts of sharemgr. We need to 2304 * reject it here. For legacy, it is pulled 2305 * out well before we get here. 2306 */ 2307 ret = SA_NO_SUCH_PROP; 2308 break; 2309 2310 case OPT_TYPE_MAPPING: { 2311 char *p; 2312 char *n; 2313 char *c; 2314 int (*f)(char *); 2315 2316 sa_security_t security; 2317 2318 /* 2319 * mapping is only supported for sec=sys 2320 */ 2321 ret = SA_CONFIG_ERR; 2322 if (parent_group == NULL) 2323 break; 2324 2325 for (security = sa_get_security(parent_group, 2326 NULL, NULL); security != NULL; 2327 security = sa_get_next_security(security)) { 2328 char *type; 2329 char *sectype; 2330 2331 type = sa_get_security_attr(security, 2332 "type"); 2333 if (type == NULL) 2334 continue; 2335 2336 if (strcmp(type, "nfs") != 0) { 2337 sa_free_attr_string(type); 2338 continue; 2339 } 2340 sa_free_attr_string(type); 2341 2342 sectype = sa_get_security_attr(security, 2343 "sectype"); 2344 if (sectype == NULL) 2345 continue; 2346 2347 if (strcmp(sectype, "sys") != 0) { 2348 sa_free_attr_string(sectype); 2349 ret = SA_CONFIG_ERR; 2350 break; 2351 } 2352 sa_free_attr_string(sectype); 2353 ret = SA_OK; 2354 } 2355 2356 if (ret != SA_OK) 2357 break; 2358 2359 assert(optindex == OPT_UIDMAP || 2360 optindex == OPT_GIDMAP); 2361 f = optindex == OPT_UIDMAP ? check_user : 2362 check_group; 2363 2364 2365 p = strdup(value); 2366 if (p == NULL) 2367 ret = SA_BAD_VALUE; 2368 2369 for (c = p; ret == SA_OK && c != NULL; c = n) { 2370 char *s; 2371 char *t; 2372 2373 n = strchr(c, '~'); 2374 if (n != NULL) 2375 *n++ = '\0'; 2376 2377 s = strchr(c, ':'); 2378 if (s != NULL) { 2379 *s++ = '\0'; 2380 t = strchr(s, ':'); 2381 if (t != NULL) 2382 *t = '\0'; 2383 } 2384 2385 if (s == NULL || t == NULL) 2386 ret = SA_BAD_VALUE; 2387 2388 if (ret == SA_OK && *c != '\0' && 2389 strcmp(c, "*") != 0) 2390 ret = f(c); 2391 2392 if (ret == SA_OK && *s != '\0' && 2393 strcmp(s, "-1") != 0) 2394 ret = f(s); 2395 } 2396 2397 free(p); 2398 2399 break; 2400 } 2401 2402 default: 2403 break; 2404 } 2405 2406 if (value != NULL) 2407 sa_free_attr_string(value); 2408 2409 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2410 /* do the property specific check */ 2411 ret = optdefs[optindex].check(handle, property); 2412 } 2413 } 2414 } 2415 2416 if (propname != NULL) 2417 sa_free_attr_string(propname); 2418 return (ret); 2419 } 2420 2421 /* 2422 * Protocol management functions 2423 * 2424 * Properties defined in the default files are defined in 2425 * proto_option_defs for parsing and validation. If "other" and 2426 * "compare" are set, then the value for this property should be 2427 * compared against the property specified in "other" using the 2428 * "compare" check (either <= or >=) in order to ensure that the 2429 * values are in the correct range. E.g. setting server_versmin 2430 * higher than server_versmax should not be allowed. 2431 */ 2432 2433 struct proto_option_defs { 2434 char *tag; 2435 char *name; /* display name -- remove protocol identifier */ 2436 uint_t index; 2437 int type; 2438 union { 2439 int intval; 2440 char *string; 2441 } defvalue; 2442 uint32_t svcs; 2443 int32_t minval; 2444 int32_t maxval; 2445 int (*validator)(uint_t, char *); 2446 } proto_options[] = { 2447 #define PROTO_OPT_NFSD_SERVERS 0 2448 { 2449 .tag = "nfsd_servers", 2450 .name = "servers", 2451 .index = PROTO_OPT_NFSD_SERVERS, 2452 .type = OPT_TYPE_NUMBER, 2453 .defvalue.intval = 1024, 2454 .svcs = SVC_NFSD, 2455 .minval = 1, 2456 .maxval = INT32_MAX, 2457 .validator = range_check_validator 2458 }, 2459 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2460 { 2461 .tag = "lockd_listen_backlog", 2462 .name = "lockd_listen_backlog", 2463 .index = PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2464 .type = OPT_TYPE_NUMBER, 2465 .defvalue.intval = 32, 2466 .svcs = SVC_LOCKD, 2467 .minval = 32, 2468 .maxval = INT32_MAX, 2469 .validator = range_check_validator 2470 }, 2471 #define PROTO_OPT_LOCKD_SERVERS 2 2472 { 2473 .tag = "lockd_servers", 2474 .name = "lockd_servers", 2475 .index = PROTO_OPT_LOCKD_SERVERS, 2476 .type = OPT_TYPE_NUMBER, 2477 .defvalue.intval = 256, 2478 .svcs = SVC_LOCKD, 2479 .minval = 1, 2480 .maxval = INT32_MAX, 2481 .validator = range_check_validator 2482 }, 2483 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2484 { 2485 .tag = "lockd_retransmit_timeout", 2486 .name = "lockd_retransmit_timeout", 2487 .index = PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2488 .type = OPT_TYPE_NUMBER, 2489 .defvalue.intval = 5, 2490 .svcs = SVC_LOCKD, 2491 .minval = 0, 2492 .maxval = INT32_MAX, 2493 .validator = range_check_validator 2494 }, 2495 #define PROTO_OPT_GRACE_PERIOD 4 2496 { 2497 .tag = "grace_period", 2498 .name = "grace_period", 2499 .index = PROTO_OPT_GRACE_PERIOD, 2500 .type = OPT_TYPE_NUMBER, 2501 .defvalue.intval = 90, 2502 .svcs = SVC_LOCKD, 2503 .minval = 0, 2504 .maxval = INT32_MAX, 2505 .validator = range_check_validator 2506 }, 2507 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2508 { 2509 .tag = "nfs_server_versmin", 2510 .name = "server_versmin", 2511 .index = PROTO_OPT_NFS_SERVER_VERSMIN, 2512 .type = OPT_TYPE_STRING, 2513 .defvalue.string = "2", 2514 .svcs = SVC_NFSD | SVC_MOUNTD, 2515 .minval = NFS_VERSMIN, 2516 .maxval = NFS_VERSMAX, 2517 .validator = range_check_validator_server 2518 }, 2519 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2520 { 2521 .tag = "nfs_server_versmax", 2522 .name = "server_versmax", 2523 .index = PROTO_OPT_NFS_SERVER_VERSMAX, 2524 .type = OPT_TYPE_STRING, 2525 .defvalue.string = "4", 2526 .svcs = SVC_NFSD | SVC_MOUNTD, 2527 .minval = NFS_VERSMIN, 2528 .maxval = NFS_VERSMAX, 2529 .validator = range_check_validator_server 2530 }, 2531 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2532 { 2533 .tag = "nfs_client_versmin", 2534 .name = "client_versmin", 2535 .index = PROTO_OPT_NFS_CLIENT_VERSMIN, 2536 .type = OPT_TYPE_NUMBER, 2537 .defvalue.intval = NFS_VERSMIN_DEFAULT, 2538 .svcs = SVC_CLIENT, 2539 .minval = NFS_VERSMIN, 2540 .maxval = NFS_VERSMAX, 2541 .validator = range_check_validator_client 2542 }, 2543 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2544 { 2545 .tag = "nfs_client_versmax", 2546 .name = "client_versmax", 2547 .index = PROTO_OPT_NFS_CLIENT_VERSMAX, 2548 .type = OPT_TYPE_NUMBER, 2549 .defvalue.intval = NFS_VERSMAX_DEFAULT, 2550 .svcs = SVC_CLIENT, 2551 .minval = NFS_VERSMIN, 2552 .maxval = NFS_VERSMAX, 2553 .validator = range_check_validator_client 2554 }, 2555 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2556 { 2557 .tag = "nfs_server_delegation", 2558 .name = "server_delegation", 2559 .index = PROTO_OPT_NFS_SERVER_DELEGATION, 2560 .type = OPT_TYPE_ONOFF, 2561 .defvalue.intval = NFS_SERVER_DELEGATION_DEFAULT, 2562 .svcs = SVC_NFSD, 2563 .validator = onoff_validator 2564 }, 2565 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2566 { 2567 .tag = "nfsmapid_domain", 2568 .name = "nfsmapid_domain", 2569 .index = PROTO_OPT_NFSMAPID_DOMAIN, 2570 .type = OPT_TYPE_DOMAIN, 2571 .defvalue.string = NULL, 2572 .svcs = SVC_NFSMAPID, 2573 .validator = domain_validator 2574 }, 2575 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2576 { 2577 .tag = "nfsd_max_connections", 2578 .name = "max_connections", 2579 .index = PROTO_OPT_NFSD_MAX_CONNECTIONS, 2580 .type = OPT_TYPE_NUMBER, 2581 .defvalue.intval = -1, 2582 .svcs = SVC_NFSD, 2583 .minval = -1, 2584 .maxval = INT32_MAX, 2585 .validator = range_check_validator 2586 }, 2587 #define PROTO_OPT_NFSD_PROTOCOL 12 2588 { 2589 .tag = "nfsd_protocol", 2590 .name = "protocol", 2591 .index = PROTO_OPT_NFSD_PROTOCOL, 2592 .type = OPT_TYPE_PROTOCOL, 2593 .defvalue.intval = 0, 2594 .svcs = SVC_NFSD, 2595 .validator = protocol_validator 2596 }, 2597 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2598 { 2599 .tag = "nfsd_listen_backlog", 2600 .name = "listen_backlog", 2601 .index = PROTO_OPT_NFSD_LISTEN_BACKLOG, 2602 .type = OPT_TYPE_NUMBER, 2603 .defvalue.intval = 0, 2604 .svcs = SVC_NFSD, 2605 .minval = 0, 2606 .maxval = INT32_MAX, 2607 .validator = range_check_validator 2608 }, 2609 #define PROTO_OPT_NFSD_DEVICE 14 2610 { 2611 .tag = "nfsd_device", 2612 .name = "device", 2613 .index = PROTO_OPT_NFSD_DEVICE, 2614 .type = OPT_TYPE_STRING, 2615 .defvalue.string = NULL, 2616 .svcs = SVC_NFSD 2617 }, 2618 #define PROTO_OPT_MOUNTD_LISTEN_BACKLOG 15 2619 { 2620 .tag = "mountd_listen_backlog", 2621 .name = "mountd_listen_backlog", 2622 .index = PROTO_OPT_MOUNTD_LISTEN_BACKLOG, 2623 .type = OPT_TYPE_NUMBER, 2624 .defvalue.intval = 64, 2625 .svcs = SVC_NFSD | SVC_MOUNTD, 2626 .minval = 1, 2627 .maxval = INT32_MAX, 2628 .validator = range_check_validator 2629 }, 2630 #define PROTO_OPT_MOUNTD_MAX_THREADS 16 2631 { 2632 .tag = "mountd_max_threads", 2633 .name = "mountd_max_threads", 2634 .index = PROTO_OPT_MOUNTD_MAX_THREADS, 2635 .type = OPT_TYPE_NUMBER, 2636 .defvalue.intval = 16, 2637 .svcs = SVC_NFSD | SVC_MOUNTD, 2638 .minval = 1, 2639 .maxval = INT32_MAX, 2640 .validator = range_check_validator 2641 }, 2642 #define PROTO_OPT_MOUNTD_PORT 17 2643 { 2644 .tag = "mountd_port", 2645 .name = "mountd_port", 2646 .index = PROTO_OPT_MOUNTD_PORT, 2647 .type = OPT_TYPE_NUMBER, 2648 .defvalue.intval = 0, 2649 .svcs = SVC_NFSD | SVC_MOUNTD, 2650 .minval = 1, 2651 .maxval = UINT16_MAX, 2652 .validator = range_check_validator 2653 }, 2654 #define PROTO_OPT_MOUNTD_REMOTE_DUMP 18 2655 { 2656 .tag = "mountd_remote_dump", 2657 .name = "mountd_remote_dump", 2658 .index = PROTO_OPT_MOUNTD_REMOTE_DUMP, 2659 .type = OPT_TYPE_BOOLEAN, 2660 .defvalue.intval = B_FALSE, 2661 .svcs = SVC_NFSD | SVC_MOUNTD, 2662 .minval = B_FALSE, 2663 .maxval = B_TRUE, 2664 .validator = boolean_validator 2665 }, 2666 #define PROTO_OPT_STATD_PORT 19 2667 { 2668 .tag = "statd_port", 2669 .name = "statd_port", 2670 .index = PROTO_OPT_STATD_PORT, 2671 .type = OPT_TYPE_NUMBER, 2672 .defvalue.intval = 0, 2673 .svcs = SVC_STATD, 2674 .minval = 1, 2675 .maxval = UINT16_MAX, 2676 .validator = range_check_validator 2677 } 2678 }; 2679 2680 /* 2681 * Check the range of value as int range. 2682 */ 2683 static int 2684 range_check_validator_value(uint_t index, int type, char *value, int *intval) 2685 { 2686 int val; 2687 const char *errstr; 2688 2689 if (index >= ARRAY_SIZE(proto_options)) 2690 return (SA_NO_SUCH_PROP); 2691 2692 VERIFY3S(proto_options[index].index, ==, index); 2693 2694 if (!is_a_number(value)) 2695 return (SA_BAD_VALUE); 2696 2697 val = strtonumx(value, proto_options[index].minval, 2698 proto_options[index].maxval, &errstr, 0); 2699 if (errstr != NULL) { 2700 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 2701 "bad option value: %s: %s\n"), proto_options[index].name, 2702 errstr); 2703 return (SA_BAD_VALUE); 2704 } 2705 2706 if (intval != NULL) 2707 *intval = val; 2708 return (SA_OK); 2709 } 2710 2711 static int 2712 range_check_validator(uint_t index, char *value) 2713 { 2714 return (range_check_validator_value(index, OPT_TYPE_NUMBER, 2715 value, NULL)); 2716 } 2717 2718 /* 2719 * Return integer value of versmin or versmax property. 2720 * This will need update, once we add support for minor versions. 2721 */ 2722 static int 2723 nfs_get_vers_minmax(uint_t index) 2724 { 2725 char *pvalue; 2726 sa_property_t prop; 2727 sa_optionset_t opts; 2728 int rval; 2729 const char *errstr; 2730 2731 opts = nfs_get_proto_set(); 2732 prop = sa_get_property(opts, proto_options[index].name); 2733 2734 /* in case of failure, return default */ 2735 if (prop == NULL) { 2736 rval = proto_options[index].defvalue.intval; 2737 } else { 2738 pvalue = sa_get_property_attr(prop, "value"); 2739 rval = strtonumx(pvalue, 2740 proto_options[index].minval, 2741 proto_options[index].maxval, 2742 &errstr, 0); 2743 sa_free_attr_string(pvalue); 2744 if (errstr != NULL) 2745 rval = proto_options[index].defvalue.intval; 2746 } 2747 return (rval); 2748 } 2749 2750 /* 2751 * Verify that the value for the property specified by index is valid 2752 * relative to the opposite value in the case of a min/max variable. 2753 */ 2754 static int 2755 range_check_validator_client(uint_t index, char *value) 2756 { 2757 int ret, val; 2758 2759 if (value == NULL) 2760 return (SA_BAD_VALUE); 2761 2762 ret = range_check_validator_value(index, OPT_TYPE_NUMBER, value, &val); 2763 if (ret != SA_OK) 2764 return (ret); 2765 2766 switch (index) { 2767 case PROTO_OPT_NFS_CLIENT_VERSMIN: 2768 /* versmin must be <= versmax */ 2769 if (val > nfs_get_vers_minmax(PROTO_OPT_NFS_CLIENT_VERSMAX)) 2770 ret = SA_VALUE_CONFLICT; 2771 break; 2772 2773 case PROTO_OPT_NFS_CLIENT_VERSMAX: 2774 /* versmax must be >= versmin */ 2775 if (val < nfs_get_vers_minmax(PROTO_OPT_NFS_CLIENT_VERSMIN)) 2776 ret = SA_VALUE_CONFLICT; 2777 break; 2778 2779 default: 2780 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 2781 "Unexpected nfs protocol validator index: %u\n"), index); 2782 ret = SA_BAD_VALUE; 2783 break; 2784 } 2785 2786 return (ret); 2787 } 2788 2789 /* 2790 * Verify that the value for the property specified by index is valid 2791 * relative to the opposite value in the case of a min/max variable. 2792 */ 2793 static int 2794 range_check_validator_server(uint_t index, char *value) 2795 { 2796 int ret, val; 2797 2798 if (value == NULL) 2799 return (SA_BAD_VALUE); 2800 2801 ret = range_check_validator_value(index, OPT_TYPE_STRING, value, &val); 2802 if (ret != SA_OK) 2803 return (ret); 2804 2805 switch (index) { 2806 case PROTO_OPT_NFS_SERVER_VERSMIN: 2807 /* versmin must be <= versmax */ 2808 if (val > nfs_get_vers_minmax(PROTO_OPT_NFS_SERVER_VERSMAX)) 2809 ret = SA_VALUE_CONFLICT; 2810 break; 2811 2812 case PROTO_OPT_NFS_SERVER_VERSMAX: 2813 /* versmax must be >= versmin */ 2814 if (val < nfs_get_vers_minmax(PROTO_OPT_NFS_SERVER_VERSMIN)) 2815 ret = SA_VALUE_CONFLICT; 2816 break; 2817 2818 default: 2819 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 2820 "Unexpected nfs protocol validator index: %u\n"), index); 2821 ret = SA_BAD_VALUE; 2822 break; 2823 } 2824 2825 return (ret); 2826 } 2827 2828 static int 2829 onoff_validator(uint_t index, char *value) 2830 { 2831 if (index >= ARRAY_SIZE(proto_options)) 2832 return (SA_NO_SUCH_PROP); 2833 2834 VERIFY3S(proto_options[index].index, ==, index); 2835 2836 if (strcasecmp(value, "on") != 0 && 2837 strcasecmp(value, "off") != 0) { 2838 return (SA_BAD_VALUE); 2839 } 2840 return (SA_OK); 2841 } 2842 2843 static int 2844 domain_validator(uint_t index, char *value) 2845 { 2846 char *cp; 2847 2848 if (index >= ARRAY_SIZE(proto_options)) 2849 return (SA_NO_SUCH_PROP); 2850 2851 VERIFY3S(proto_options[index].index, ==, index); 2852 2853 /* 2854 * needs to be a qualified domain so will have at 2855 * least one period and other characters on either 2856 * side of it. A zero length string is also allowed 2857 * and is the way to turn off the override. 2858 */ 2859 if (strlen(value) == 0) 2860 return (SA_OK); 2861 2862 cp = strchr(value, '.'); 2863 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 2864 return (SA_BAD_VALUE); 2865 2866 return (SA_OK); 2867 } 2868 2869 static int 2870 boolean_check(char *value) 2871 { 2872 if (strlen(value) == 0 || 2873 strcasecmp(value, "true") == 0 || 2874 strcasecmp(value, "1") == 0 || 2875 strcasecmp(value, "false") == 0 || 2876 strcasecmp(value, "0") == 0) 2877 return (SA_OK); 2878 2879 return (SA_BAD_VALUE); 2880 } 2881 2882 static int 2883 boolean_validator(uint_t index, char *value) 2884 { 2885 if (index >= ARRAY_SIZE(proto_options)) 2886 return (SA_NO_SUCH_PROP); 2887 2888 VERIFY3S(proto_options[index].index, ==, index); 2889 2890 return (boolean_check(value)); 2891 } 2892 2893 static int 2894 protocol_validator(uint_t index, char *value) 2895 { 2896 struct netconfig *nconf; 2897 void *nc; 2898 boolean_t pfound = B_FALSE; 2899 2900 if (index >= ARRAY_SIZE(proto_options)) 2901 return (SA_NO_SUCH_PROP); 2902 2903 VERIFY3S(proto_options[index].index, ==, index); 2904 2905 if (strcasecmp(value, "all") == 0) 2906 return (SA_OK); 2907 2908 nc = setnetconfig(); 2909 if (nc == NULL) { 2910 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 2911 "setnetconfig failed: %s\n"), strerror(errno)); 2912 } else { 2913 while ((nconf = getnetconfig(nc)) != NULL) { 2914 if (strcmp(nconf->nc_proto, value) == 0) { 2915 pfound = B_TRUE; 2916 break; 2917 } 2918 } 2919 (void) endnetconfig(nc); 2920 } 2921 2922 if (!pfound) 2923 return (SA_BAD_VALUE); 2924 2925 return (SA_OK); 2926 } 2927 2928 /* 2929 * the protoset holds the defined options so we don't have to read 2930 * them multiple times 2931 */ 2932 static sa_protocol_properties_t protoset; 2933 2934 static int 2935 findprotoopt(char *name) 2936 { 2937 int i; 2938 for (i = 0; i < ARRAY_SIZE(proto_options); i++) { 2939 if (strcasecmp(proto_options[i].name, name) == 0) 2940 return (i); 2941 } 2942 return (-1); 2943 } 2944 2945 /* 2946 * fixcaselower(str) 2947 * 2948 * convert a string to lower case (inplace). 2949 */ 2950 2951 static void 2952 fixcaselower(char *str) 2953 { 2954 while (*str) { 2955 *str = tolower(*str); 2956 str++; 2957 } 2958 } 2959 2960 /* 2961 * skipwhitespace(str) 2962 * 2963 * Skip leading white space. It is assumed that it is called with a 2964 * valid pointer. 2965 */ 2966 2967 static char * 2968 skipwhitespace(char *str) 2969 { 2970 while (*str && isspace(*str)) 2971 str++; 2972 2973 return (str); 2974 } 2975 2976 /* 2977 * extractprop() 2978 * 2979 * Extract the property and value out of the line and create the 2980 * property in the optionset. 2981 */ 2982 static int 2983 extractprop(char *name, char *value) 2984 { 2985 sa_property_t prop; 2986 int index; 2987 int ret = SA_OK; 2988 /* 2989 * Remove any leading 2990 * white space. 2991 */ 2992 name = skipwhitespace(name); 2993 2994 index = findprotoopt(name); 2995 if (index >= 0) { 2996 fixcaselower(name); 2997 prop = sa_create_property(proto_options[index].name, value); 2998 if (prop != NULL) 2999 ret = sa_add_protocol_property(protoset, prop); 3000 else 3001 ret = SA_NO_MEMORY; 3002 } 3003 return (ret); 3004 } 3005 3006 scf_type_t 3007 getscftype(int type) 3008 { 3009 scf_type_t ret; 3010 3011 switch (type) { 3012 case OPT_TYPE_NUMBER: 3013 ret = SCF_TYPE_INTEGER; 3014 break; 3015 case OPT_TYPE_BOOLEAN: 3016 ret = SCF_TYPE_BOOLEAN; 3017 break; 3018 default: 3019 ret = SCF_TYPE_ASTRING; 3020 } 3021 return (ret); 3022 } 3023 3024 char * 3025 getsvcname(uint32_t svcs) 3026 { 3027 char *service; 3028 switch (svcs) { 3029 case SVC_LOCKD: 3030 service = LOCKD; 3031 break; 3032 case SVC_STATD: 3033 service = STATD; 3034 break; 3035 case SVC_NFSD: 3036 service = NFSD; 3037 break; 3038 case SVC_CLIENT: 3039 service = NFS_CLIENT_SVC; 3040 break; 3041 case SVC_NFS4CBD: 3042 service = NFS4CBD; 3043 break; 3044 case SVC_NFSMAPID: 3045 service = NFSMAPID; 3046 break; 3047 case SVC_RQUOTAD: 3048 service = RQUOTAD; 3049 break; 3050 case SVC_NFSLOGD: 3051 service = NFSLOGD; 3052 break; 3053 case SVC_REPARSED: 3054 service = REPARSED; 3055 break; 3056 default: 3057 service = NFSD; 3058 } 3059 return (service); 3060 } 3061 3062 /* 3063 * initprotofromsmf() 3064 * 3065 * Read NFS SMF properties and add the defined values to the 3066 * protoset. Note that default values are known from the built in 3067 * table in case SMF doesn't have a definition. Not having 3068 * SMF properties is OK since we have builtin default 3069 * values. 3070 */ 3071 static int 3072 initprotofromsmf(void) 3073 { 3074 char name[PATH_MAX]; 3075 char value[PATH_MAX]; 3076 int ret = SA_OK, bufsz = 0, i; 3077 3078 protoset = sa_create_protocol_properties("nfs"); 3079 if (protoset != NULL) { 3080 for (i = 0; i < ARRAY_SIZE(proto_options); i++) { 3081 scf_type_t ptype; 3082 char *svc_name; 3083 3084 bzero(value, PATH_MAX); 3085 (void) strncpy(name, proto_options[i].name, PATH_MAX); 3086 /* Replace NULL with the correct instance */ 3087 ptype = getscftype(proto_options[i].type); 3088 svc_name = getsvcname(proto_options[i].svcs); 3089 bufsz = PATH_MAX; 3090 ret = nfs_smf_get_prop(name, value, 3091 (char *)DEFAULT_INSTANCE, ptype, 3092 svc_name, &bufsz); 3093 if (ret == SA_OK) { 3094 ret = extractprop(name, value); 3095 } 3096 } 3097 } else { 3098 ret = SA_NO_MEMORY; 3099 } 3100 3101 return (ret); 3102 } 3103 3104 /* 3105 * add_defaults() 3106 * 3107 * Add the default values for any property not defined 3108 * in NFS SMF repository. 3109 * Values are set according to their defined types. 3110 */ 3111 3112 static void 3113 add_defaults(void) 3114 { 3115 int i; 3116 char number[MAXDIGITS]; 3117 3118 for (i = 0; i < ARRAY_SIZE(proto_options); i++) { 3119 sa_property_t prop; 3120 prop = sa_get_protocol_property(protoset, 3121 proto_options[i].name); 3122 if (prop == NULL) { 3123 /* add the default value */ 3124 switch (proto_options[i].type) { 3125 case OPT_TYPE_NUMBER: 3126 (void) snprintf(number, sizeof (number), "%d", 3127 proto_options[i].defvalue.intval); 3128 prop = sa_create_property(proto_options[i].name, 3129 number); 3130 break; 3131 3132 case OPT_TYPE_BOOLEAN: 3133 prop = sa_create_property(proto_options[i].name, 3134 proto_options[i].defvalue.intval ? 3135 "true" : "false"); 3136 break; 3137 3138 case OPT_TYPE_ONOFF: 3139 prop = sa_create_property(proto_options[i].name, 3140 proto_options[i].defvalue.intval ? 3141 "on" : "off"); 3142 break; 3143 3144 case OPT_TYPE_STRING: 3145 if (proto_options[i].defvalue.string != NULL) { 3146 prop = sa_create_property( 3147 proto_options[i].name, 3148 proto_options[i].defvalue.string); 3149 break; 3150 } 3151 3152 /* FALLTHROUGH */ 3153 default: 3154 /* treat as strings of zero length */ 3155 prop = sa_create_property(proto_options[i].name, 3156 ""); 3157 break; 3158 } 3159 if (prop != NULL) 3160 (void) sa_add_protocol_property(protoset, prop); 3161 } 3162 } 3163 } 3164 3165 static void 3166 free_protoprops(void) 3167 { 3168 if (protoset != NULL) { 3169 xmlFreeNode(protoset); 3170 protoset = NULL; 3171 } 3172 } 3173 3174 /* 3175 * nfs_init() 3176 * 3177 * Initialize the NFS plugin. 3178 */ 3179 3180 static int 3181 nfs_init(void) 3182 { 3183 int ret = SA_OK; 3184 3185 if (sa_plugin_ops.sa_init != nfs_init) { 3186 (void) printf(dgettext(TEXT_DOMAIN, 3187 "NFS plugin not properly initialized\n")); 3188 return (SA_CONFIG_ERR); 3189 } 3190 3191 ret = initprotofromsmf(); 3192 if (ret != SA_OK) { 3193 (void) printf(dgettext(TEXT_DOMAIN, 3194 "NFS plugin problem with SMF repository: %s\n"), 3195 sa_errorstr(ret)); 3196 ret = SA_OK; 3197 } 3198 add_defaults(); 3199 3200 return (ret); 3201 } 3202 3203 /* 3204 * nfs_fini() 3205 * 3206 * uninitialize the NFS plugin. Want to avoid memory leaks. 3207 */ 3208 3209 static void 3210 nfs_fini(void) 3211 { 3212 free_protoprops(); 3213 } 3214 3215 /* 3216 * nfs_get_proto_set() 3217 * 3218 * Return an optionset with all the protocol specific properties in 3219 * it. 3220 */ 3221 3222 static sa_protocol_properties_t 3223 nfs_get_proto_set(void) 3224 { 3225 return (protoset); 3226 } 3227 3228 /* 3229 * service_in_state(service, chkstate) 3230 * 3231 * Want to know if the specified service is in the desired state 3232 * (chkstate) or not. Return true (1) if it is and false (0) if it 3233 * isn't. 3234 */ 3235 static int 3236 service_in_state(char *service, const char *chkstate) 3237 { 3238 char *state; 3239 int ret = B_FALSE; 3240 3241 state = smf_get_state(service); 3242 if (state != NULL) { 3243 /* got the state so get the equality for the return value */ 3244 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 3245 free(state); 3246 } 3247 return (ret); 3248 } 3249 3250 /* 3251 * restart_service(svcs) 3252 * 3253 * Walk through the bit mask of services that need to be restarted in 3254 * order to use the new property values. Some properties affect 3255 * multiple daemons. Should only restart a service if it is currently 3256 * enabled (online). 3257 */ 3258 3259 static void 3260 restart_service(uint32_t svcs) 3261 { 3262 uint32_t mask; 3263 int ret; 3264 char *service; 3265 3266 for (mask = 1; svcs != 0; mask <<= 1) { 3267 switch (svcs & mask) { 3268 case SVC_LOCKD: 3269 service = LOCKD; 3270 break; 3271 case SVC_STATD: 3272 service = STATD; 3273 break; 3274 case SVC_NFSD: 3275 service = NFSD; 3276 break; 3277 case SVC_MOUNTD: 3278 service = MOUNTD; 3279 break; 3280 case SVC_NFS4CBD: 3281 service = NFS4CBD; 3282 break; 3283 case SVC_NFSMAPID: 3284 service = NFSMAPID; 3285 break; 3286 case SVC_RQUOTAD: 3287 service = RQUOTAD; 3288 break; 3289 case SVC_NFSLOGD: 3290 service = NFSLOGD; 3291 break; 3292 case SVC_REPARSED: 3293 service = REPARSED; 3294 break; 3295 case SVC_CLIENT: 3296 service = NFS_CLIENT_SVC; 3297 break; 3298 default: 3299 continue; 3300 } 3301 3302 /* 3303 * Only attempt to restart the service if it is 3304 * currently running. In the future, it may be 3305 * desirable to use smf_refresh_instance if the NFS 3306 * services ever implement the refresh method. 3307 */ 3308 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 3309 ret = smf_restart_instance(service); 3310 /* 3311 * There are only a few SMF errors at this point, but 3312 * it is also possible that a bad value may have put 3313 * the service into maintenance if there wasn't an 3314 * SMF level error. 3315 */ 3316 if (ret != 0) { 3317 (void) fprintf(stderr, 3318 dgettext(TEXT_DOMAIN, 3319 "%s failed to restart: %s\n"), 3320 service, scf_strerror(scf_error())); 3321 } else { 3322 /* 3323 * Check whether it has gone to "maintenance" 3324 * mode or not. Maintenance implies something 3325 * went wrong. 3326 */ 3327 if (service_in_state(service, 3328 SCF_STATE_STRING_MAINT)) { 3329 (void) fprintf(stderr, 3330 dgettext(TEXT_DOMAIN, 3331 "%s failed to restart\n"), 3332 service); 3333 } 3334 } 3335 } 3336 svcs &= ~mask; 3337 } 3338 } 3339 3340 /* 3341 * nfs_set_proto_prop(prop) 3342 * 3343 * check that prop is valid. 3344 */ 3345 3346 static int 3347 nfs_set_proto_prop(sa_property_t prop) 3348 { 3349 int ret = SA_OK; 3350 char *name; 3351 char *value; 3352 struct proto_option_defs *opt; 3353 3354 name = sa_get_property_attr(prop, "type"); 3355 value = sa_get_property_attr(prop, "value"); 3356 if (name == NULL || value == NULL) { 3357 ret = SA_NO_SUCH_PROP; 3358 goto out; 3359 } 3360 3361 int index = findprotoopt(name); 3362 if (index < 0) { 3363 ret = SA_NO_SUCH_PROP; 3364 goto out; 3365 } 3366 opt = &proto_options[index]; 3367 3368 if (opt->validator != NULL) 3369 ret = opt->validator(index, value); 3370 3371 if (ret == SA_OK) { 3372 scf_type_t sctype; 3373 char *svc_name; 3374 char *instance = NULL; 3375 3376 sctype = getscftype(opt->type); 3377 svc_name = getsvcname(opt->svcs); 3378 if (sctype == SCF_TYPE_BOOLEAN) { 3379 if (value != NULL) 3380 sa_free_attr_string(value); 3381 if (string_to_boolean(value) == 0) 3382 value = strdup("0"); 3383 else 3384 value = strdup("1"); 3385 } 3386 ret = nfs_smf_set_prop(name, value, instance, sctype, svc_name); 3387 if (ret == SA_OK) { 3388 restart_service(opt->svcs); 3389 } else { 3390 (void) printf(dgettext(TEXT_DOMAIN, 3391 "Cannot restart NFS services : %s\n"), 3392 sa_errorstr(ret)); 3393 } 3394 } 3395 out: 3396 if (name != NULL) 3397 sa_free_attr_string(name); 3398 if (value != NULL) 3399 sa_free_attr_string(value); 3400 return (ret); 3401 } 3402 3403 /* 3404 * nfs_get_status() 3405 * 3406 * What is the current status of the nfsd? We use the SMF state here. 3407 * Caller must free the returned value. 3408 */ 3409 3410 static char * 3411 nfs_get_status(void) 3412 { 3413 return (smf_get_state(NFSD)); 3414 } 3415 3416 /* 3417 * nfs_space_alias(alias) 3418 * 3419 * Lookup the space (security) name. If it is default, convert to the 3420 * real name. 3421 */ 3422 3423 static char * 3424 nfs_space_alias(char *space) 3425 { 3426 char *name = space; 3427 seconfig_t secconf; 3428 3429 /* 3430 * Only the space named "default" is special. If it is used, 3431 * the default needs to be looked up and the real name used. 3432 * This is normally "sys" but could be changed. We always 3433 * change default to the real name. 3434 */ 3435 if (strcmp(space, "default") == 0 && 3436 nfs_getseconfig_default(&secconf) == 0) { 3437 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 3438 name = secconf.sc_name; 3439 } 3440 return (strdup(name)); 3441 } 3442 3443 /* 3444 * nfs_features() 3445 * 3446 * Return a mask of the features required. 3447 */ 3448 3449 static uint64_t 3450 nfs_features(void) 3451 { 3452 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER); 3453 } 3454