1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * NFS specific functions 29 */ 30 #include <stdio.h> 31 #include <string.h> 32 #include <ctype.h> 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <zone.h> 36 #include <errno.h> 37 #include <locale.h> 38 #include <signal.h> 39 #include "libshare.h" 40 #include "libshare_impl.h" 41 #include <nfs/export.h> 42 #include <pwd.h> 43 #include <limits.h> 44 #include <libscf.h> 45 #include "nfslog_config.h" 46 #include "nfslogtab.h" 47 #include "libshare_nfs.h" 48 #include <rpcsvc/daemon_utils.h> 49 #include <nfs/nfs.h> 50 #include <nfs/nfssys.h> 51 52 /* should really be in some global place */ 53 #define DEF_WIN 30000 54 #define OPT_CHUNK 1024 55 56 int debug = 0; 57 58 #define NFS_SERVER_SVC "svc:/network/nfs/server:default" 59 60 /* internal functions */ 61 static int nfs_init(); 62 static void nfs_fini(); 63 static int nfs_enable_share(sa_share_t); 64 static int nfs_disable_share(sa_share_t, char *); 65 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 66 static int nfs_validate_security_mode(char *); 67 static int nfs_is_security_opt(char *); 68 static int nfs_parse_legacy_options(sa_group_t, char *); 69 static char *nfs_format_options(sa_group_t, int); 70 static int nfs_set_proto_prop(sa_property_t); 71 static sa_protocol_properties_t nfs_get_proto_set(); 72 static char *nfs_get_status(); 73 static char *nfs_space_alias(char *); 74 static uint64_t nfs_features(); 75 76 /* 77 * ops vector that provides the protocol specific info and operations 78 * for share management. 79 */ 80 81 struct sa_plugin_ops sa_plugin_ops = { 82 SA_PLUGIN_VERSION, 83 "nfs", 84 nfs_init, 85 nfs_fini, 86 nfs_enable_share, 87 nfs_disable_share, 88 nfs_validate_property, 89 nfs_validate_security_mode, 90 nfs_is_security_opt, 91 nfs_parse_legacy_options, 92 nfs_format_options, 93 nfs_set_proto_prop, 94 nfs_get_proto_set, 95 nfs_get_status, 96 nfs_space_alias, 97 NULL, /* update_legacy */ 98 NULL, /* delete_legacy */ 99 NULL, /* change_notify */ 100 NULL, /* enable_resource */ 101 NULL, /* disable_resource */ 102 nfs_features, 103 NULL, /* transient shares */ 104 NULL, /* notify resource */ 105 NULL, /* rename_resource */ 106 NULL, /* run_command */ 107 NULL, /* command_help */ 108 NULL /* delete_proto_section */ 109 }; 110 111 /* 112 * list of support services needed 113 * defines should come from head/rpcsvc/daemon_utils.h 114 */ 115 116 static char *service_list_default[] = 117 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NULL }; 118 static char *service_list_logging[] = 119 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, NULL }; 120 121 /* 122 * option definitions. Make sure to keep the #define for the option 123 * index just before the entry it is the index for. Changing the order 124 * can cause breakage. E.g OPT_RW is index 1 and must precede the 125 * line that includes the SHOPT_RW and OPT_RW entries. 126 */ 127 128 struct option_defs optdefs[] = { 129 #define OPT_RO 0 130 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 131 #define OPT_RW 1 132 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 133 #define OPT_ROOT 2 134 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 135 #define OPT_SECURE 3 136 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 137 #define OPT_ANON 4 138 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 139 #define OPT_WINDOW 5 140 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 141 #define OPT_NOSUID 6 142 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 143 #define OPT_ACLOK 7 144 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 145 #define OPT_NOSUB 8 146 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 147 #define OPT_SEC 9 148 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 149 #define OPT_PUBLIC 10 150 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 151 #define OPT_INDEX 11 152 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 153 #define OPT_LOG 12 154 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 155 #define OPT_CKSUM 13 156 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 157 #define OPT_NONE 14 158 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST}, 159 #define OPT_ROOT_MAPPING 15 160 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER}, 161 #define OPT_CHARSET_MAP 16 162 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST}, 163 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 164 #define OPT_VOLFH 17 165 {SHOPT_VOLFH, OPT_VOLFH}, 166 #endif /* VOLATILE_FH_TEST */ 167 NULL 168 }; 169 170 /* 171 * Codesets that may need to be converted to UTF-8 for file paths. 172 * Add new names here to add new property support. If we ever get a 173 * way to query the kernel for character sets, this should become 174 * dynamically loaded. Make sure changes here are reflected in 175 * cmd/fs.d/nfs/mountd/nfscmd.c 176 */ 177 178 static char *legal_conv[] = { 179 "euc-cn", 180 "euc-jp", 181 "euc-jpms", 182 "euc-kr", 183 "euc-tw", 184 "iso8859-1", 185 "iso8859-2", 186 "iso8859-5", 187 "iso8859-6", 188 "iso8859-7", 189 "iso8859-8", 190 "iso8859-9", 191 "iso8859-13", 192 "iso8859-15", 193 "koi8-r", 194 NULL 195 }; 196 197 /* 198 * list of properties that are related to security flavors. 199 */ 200 static char *seclist[] = { 201 SHOPT_RO, 202 SHOPT_RW, 203 SHOPT_ROOT, 204 SHOPT_WINDOW, 205 SHOPT_NONE, 206 SHOPT_ROOT_MAPPING, 207 NULL 208 }; 209 210 /* structure for list of securities */ 211 struct securities { 212 sa_security_t security; 213 struct securities *next; 214 }; 215 216 /* 217 * findcharset(charset) 218 * 219 * Returns B_TRUE if the charset is a legal conversion otherwise 220 * B_FALSE. This will need to be rewritten to be more efficient when 221 * we have a dynamic list of legal conversions. 222 */ 223 224 static boolean_t 225 findcharset(char *charset) 226 { 227 int i; 228 229 for (i = 0; legal_conv[i] != NULL; i++) 230 if (strcmp(charset, legal_conv[i]) == 0) 231 return (B_TRUE); 232 return (B_FALSE); 233 } 234 235 /* 236 * findopt(name) 237 * 238 * Lookup option "name" in the option table and return the table 239 * index. 240 */ 241 242 static int 243 findopt(char *name) 244 { 245 int i; 246 if (name != NULL) { 247 for (i = 0; optdefs[i].tag != NULL; i++) { 248 if (strcmp(optdefs[i].tag, name) == 0) 249 return (i); 250 } 251 if (findcharset(name)) 252 return (OPT_CHARSET_MAP); 253 } 254 return (-1); 255 } 256 257 /* 258 * gettype(name) 259 * 260 * Return the type of option "name". 261 */ 262 263 static int 264 gettype(char *name) 265 { 266 int optdef; 267 268 optdef = findopt(name); 269 if (optdef != -1) 270 return (optdefs[optdef].type); 271 return (OPT_TYPE_ANY); 272 } 273 274 /* 275 * nfs_validate_security_mode(mode) 276 * 277 * is the specified mode string a valid one for use with NFS? 278 */ 279 280 static int 281 nfs_validate_security_mode(char *mode) 282 { 283 seconfig_t secinfo; 284 int err; 285 286 (void) memset(&secinfo, '\0', sizeof (secinfo)); 287 err = nfs_getseconfig_byname(mode, &secinfo); 288 if (err == SC_NOERROR) 289 return (1); 290 return (0); 291 } 292 293 /* 294 * nfs_is_security_opt(tok) 295 * 296 * check to see if tok represents an option that is only valid in some 297 * security flavor. 298 */ 299 300 static int 301 nfs_is_security_opt(char *tok) 302 { 303 int i; 304 305 for (i = 0; seclist[i] != NULL; i++) { 306 if (strcmp(tok, seclist[i]) == 0) 307 return (1); 308 } 309 return (0); 310 } 311 312 /* 313 * find_security(seclist, sec) 314 * 315 * Walk the current list of security flavors and return true if it is 316 * present, else return false. 317 */ 318 319 static int 320 find_security(struct securities *seclist, sa_security_t sec) 321 { 322 while (seclist != NULL) { 323 if (seclist->security == sec) 324 return (1); 325 seclist = seclist->next; 326 } 327 return (0); 328 } 329 330 /* 331 * make_security_list(group, securitymodes, proto) 332 * go through the list of securitymodes and add them to the 333 * group's list of security optionsets. We also keep a list of 334 * those optionsets so we don't have to find them later. All of 335 * these will get copies of the same properties. 336 */ 337 338 static struct securities * 339 make_security_list(sa_group_t group, char *securitymodes, char *proto) 340 { 341 char *tok, *next = NULL; 342 struct securities *curp, *headp = NULL, *prev; 343 sa_security_t check; 344 int freetok = 0; 345 346 for (tok = securitymodes; tok != NULL; tok = next) { 347 next = strchr(tok, ':'); 348 if (next != NULL) 349 *next++ = '\0'; 350 if (strcmp(tok, "default") == 0) { 351 /* resolve default into the real type */ 352 tok = nfs_space_alias(tok); 353 freetok = 1; 354 } 355 check = sa_get_security(group, tok, proto); 356 357 /* add to the security list if it isn't there already */ 358 if (check == NULL || !find_security(headp, check)) { 359 curp = (struct securities *)calloc(1, 360 sizeof (struct securities)); 361 if (curp != NULL) { 362 if (check == NULL) { 363 curp->security = sa_create_security( 364 group, tok, proto); 365 } else { 366 curp->security = check; 367 } 368 /* 369 * note that the first time through the loop, 370 * headp will be NULL and prev will be 371 * undefined. Since headp is NULL, we set 372 * both it and prev to the curp (first 373 * structure to be allocated). 374 * 375 * later passes through the loop will have 376 * headp not being NULL and prev will be used 377 * to allocate at the end of the list. 378 */ 379 if (headp == NULL) { 380 headp = curp; 381 prev = curp; 382 } else { 383 prev->next = curp; 384 prev = curp; 385 } 386 } 387 } 388 389 if (freetok) { 390 freetok = 0; 391 sa_free_attr_string(tok); 392 } 393 } 394 return (headp); 395 } 396 397 static void 398 free_security_list(struct securities *sec) 399 { 400 struct securities *next; 401 if (sec != NULL) { 402 for (next = sec->next; sec != NULL; sec = next) { 403 next = sec->next; 404 free(sec); 405 } 406 } 407 } 408 409 /* 410 * nfs_alistcat(str1, str2, sep) 411 * 412 * concatenate str1 and str2 into a new string using sep as a separate 413 * character. If memory allocation fails, return NULL; 414 */ 415 416 static char * 417 nfs_alistcat(char *str1, char *str2, char sep) 418 { 419 char *newstr; 420 size_t len; 421 422 len = strlen(str1) + strlen(str2) + 2; 423 newstr = (char *)malloc(len); 424 if (newstr != NULL) 425 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 426 return (newstr); 427 } 428 429 /* 430 * add_security_prop(sec, name, value, persist) 431 * 432 * Add the property to the securities structure. This accumulates 433 * properties for as part of parsing legacy options. 434 */ 435 436 static int 437 add_security_prop(struct securities *sec, char *name, char *value, 438 int persist, int iszfs) 439 { 440 sa_property_t prop; 441 int ret = SA_OK; 442 443 for (; sec != NULL; sec = sec->next) { 444 if (value == NULL) { 445 if (strcmp(name, SHOPT_RW) == 0 || 446 strcmp(name, SHOPT_RO) == 0) 447 value = "*"; 448 else 449 value = "true"; 450 } 451 452 /* 453 * Get the existing property, if it exists, so we can 454 * determine what to do with it. The ro/rw/root 455 * properties can be merged if multiple instances of 456 * these properies are given. For example, if "rw" 457 * exists with a value "host1" and a later token of 458 * rw="host2" is seen, the values are merged into a 459 * single rw="host1:host2". 460 */ 461 prop = sa_get_property(sec->security, name); 462 463 if (prop != NULL) { 464 char *oldvalue; 465 char *newvalue; 466 467 /* 468 * The security options of ro/rw/root might appear 469 * multiple times. If they do, the values need to be 470 * merged into an access list. If it was previously 471 * empty, the new value alone is added. 472 */ 473 oldvalue = sa_get_property_attr(prop, "value"); 474 if (oldvalue != NULL) { 475 /* 476 * The general case is to concatenate the new 477 * value onto the old value for multiple 478 * rw(ro/root) properties. A special case 479 * exists when either the old or new is the 480 * "all" case. In the special case, if both 481 * are "all", then it is "all", else if one is 482 * an access-list, that replaces the "all". 483 */ 484 if (strcmp(oldvalue, "*") == 0) { 485 /* Replace old value with new value. */ 486 newvalue = strdup(value); 487 } else if (strcmp(value, "*") == 0 || 488 strcmp(oldvalue, value) == 0) { 489 /* 490 * Keep old value and ignore 491 * the new value. 492 */ 493 newvalue = NULL; 494 } else { 495 /* 496 * Make a new list of old plus new 497 * access-list. 498 */ 499 newvalue = nfs_alistcat(oldvalue, 500 value, ':'); 501 } 502 503 if (newvalue != NULL) { 504 (void) sa_remove_property(prop); 505 prop = sa_create_property(name, 506 newvalue); 507 ret = sa_add_property(sec->security, 508 prop); 509 free(newvalue); 510 } 511 if (oldvalue != NULL) 512 sa_free_attr_string(oldvalue); 513 } 514 } else { 515 prop = sa_create_property(name, value); 516 ret = sa_add_property(sec->security, prop); 517 } 518 if (ret == SA_OK && !iszfs) { 519 ret = sa_commit_properties(sec->security, !persist); 520 } 521 } 522 return (ret); 523 } 524 525 /* 526 * check to see if group/share is persistent. 527 */ 528 static int 529 is_persistent(sa_group_t group) 530 { 531 char *type; 532 int persist = 1; 533 534 type = sa_get_group_attr(group, "type"); 535 if (type != NULL && strcmp(type, "persist") != 0) 536 persist = 0; 537 if (type != NULL) 538 sa_free_attr_string(type); 539 return (persist); 540 } 541 542 /* 543 * invalid_security(options) 544 * 545 * search option string for any invalid sec= type. 546 * return true (1) if any are not valid else false (0) 547 */ 548 static int 549 invalid_security(char *options) 550 { 551 char *copy, *base, *token, *value; 552 int ret = 0; 553 554 copy = strdup(options); 555 token = base = copy; 556 while (token != NULL && ret == 0) { 557 token = strtok(base, ","); 558 base = NULL; 559 if (token != NULL) { 560 value = strchr(token, '='); 561 if (value != NULL) 562 *value++ = '\0'; 563 if (strcmp(token, "sec") == 0) { 564 /* HAVE security flavors so check them */ 565 char *tok, *next; 566 for (next = NULL, tok = value; tok != NULL; 567 tok = next) { 568 next = strchr(tok, ':'); 569 if (next != NULL) 570 *next++ = '\0'; 571 ret = !nfs_validate_security_mode(tok); 572 if (ret) 573 break; 574 } 575 } 576 } 577 } 578 if (copy != NULL) 579 free(copy); 580 return (ret); 581 } 582 583 /* 584 * nfs_parse_legacy_options(group, options) 585 * 586 * Parse the old style options into internal format and store on the 587 * specified group. Group could be a share for full legacy support. 588 */ 589 590 static int 591 nfs_parse_legacy_options(sa_group_t group, char *options) 592 { 593 char *dup; 594 char *base; 595 char *token; 596 sa_optionset_t optionset; 597 struct securities *security_list = NULL; 598 sa_property_t prop; 599 int ret = SA_OK; 600 int iszfs = 0; 601 sa_group_t parent; 602 int persist = 0; 603 char *lasts; 604 605 /* do we have an existing optionset? */ 606 optionset = sa_get_optionset(group, "nfs"); 607 if (optionset == NULL) { 608 /* didn't find existing optionset so create one */ 609 optionset = sa_create_optionset(group, "nfs"); 610 } else { 611 /* 612 * Have an existing optionset . Ideally, we would need 613 * to compare options in order to detect errors. For 614 * now, we assume that the first optionset is the 615 * correct one and the others will be the same. An 616 * empty optionset is the same as no optionset so we 617 * don't want to exit in that case. Getting an empty 618 * optionset can occur with ZFS property checking. 619 */ 620 if (sa_get_property(optionset, NULL) != NULL) 621 return (ret); 622 } 623 624 if (strcmp(options, SHOPT_RW) == 0) { 625 /* 626 * there is a special case of only the option "rw" 627 * being the default option. We don't have to do 628 * anything. 629 */ 630 return (ret); 631 } 632 633 /* 634 * check if security types are present and validate them. If 635 * any are not legal, fail. 636 */ 637 638 if (invalid_security(options)) { 639 return (SA_INVALID_SECURITY); 640 } 641 642 /* 643 * in order to not attempt to change ZFS properties unless 644 * absolutely necessary, we never do it in the legacy parsing. 645 */ 646 if (sa_is_share(group)) { 647 char *zfs; 648 parent = sa_get_parent_group(group); 649 if (parent != NULL) { 650 zfs = sa_get_group_attr(parent, "zfs"); 651 if (zfs != NULL) { 652 sa_free_attr_string(zfs); 653 iszfs++; 654 } 655 } 656 } else { 657 iszfs = sa_group_is_zfs(group); 658 } 659 660 /* We need a copy of options for the next part. */ 661 dup = strdup(options); 662 if (dup == NULL) 663 return (SA_NO_MEMORY); 664 665 /* 666 * we need to step through each option in the string and then 667 * add either the option or the security option as needed. If 668 * this is not a persistent share, don't commit to the 669 * repository. If there is an error, we also want to abort the 670 * processing and report it. 671 */ 672 persist = is_persistent(group); 673 base = dup; 674 token = dup; 675 lasts = NULL; 676 while (token != NULL && ret == SA_OK) { 677 ret = SA_OK; 678 token = strtok_r(base, ",", &lasts); 679 base = NULL; 680 if (token != NULL) { 681 char *value; 682 /* 683 * if the option has a value, it will have an '=' to 684 * separate the name from the value. The following 685 * code will result in value != NULL and token 686 * pointing to just the name if there is a value. 687 */ 688 value = strchr(token, '='); 689 if (value != NULL) { 690 *value++ = '\0'; 691 } 692 if (strcmp(token, "sec") == 0 || 693 strcmp(token, "secure") == 0) { 694 /* 695 * Once in security parsing, we only 696 * do security. We do need to move 697 * between the security node and the 698 * toplevel. The security tag goes on 699 * the root while the following ones 700 * go on the security. 701 */ 702 if (security_list != NULL) { 703 /* 704 * have an old list so close it and 705 * start the new 706 */ 707 free_security_list(security_list); 708 } 709 if (strcmp(token, "secure") == 0) { 710 value = "dh"; 711 } else { 712 if (value == NULL) { 713 ret = SA_SYNTAX_ERR; 714 break; 715 } 716 } 717 security_list = make_security_list(group, 718 value, "nfs"); 719 } else { 720 /* 721 * Note that the "old" syntax allowed a 722 * default security model This must be 723 * accounted for and internally converted to 724 * "standard" security structure. 725 */ 726 if (nfs_is_security_opt(token)) { 727 if (security_list == NULL) { 728 /* 729 * need to have a 730 * security 731 * option. This will 732 * be "closed" when a 733 * defined "sec=" 734 * option is 735 * seen. This is 736 * technically an 737 * error but will be 738 * allowed with 739 * warning. 740 */ 741 security_list = 742 make_security_list(group, 743 "default", 744 "nfs"); 745 } 746 if (security_list != NULL) { 747 ret = add_security_prop( 748 security_list, token, 749 value, persist, iszfs); 750 } else { 751 ret = SA_NO_MEMORY; 752 } 753 } else { 754 /* regular options */ 755 if (value == NULL) { 756 if (strcmp(token, SHOPT_RW) == 757 0 || strcmp(token, 758 SHOPT_RO) == 0) { 759 value = "*"; 760 } else { 761 value = "global"; 762 if (strcmp(token, 763 SHOPT_LOG) != 0) { 764 value = "true"; 765 } 766 } 767 } 768 /* 769 * In all cases, create the 770 * property specified. If the 771 * value was NULL, the default 772 * value will have been 773 * substituted. 774 */ 775 prop = sa_create_property(token, value); 776 ret = sa_add_property(optionset, prop); 777 if (ret != SA_OK) 778 break; 779 780 if (!iszfs) { 781 ret = sa_commit_properties( 782 optionset, !persist); 783 } 784 } 785 } 786 } 787 } 788 if (security_list != NULL) 789 free_security_list(security_list); 790 791 free(dup); 792 return (ret); 793 } 794 795 /* 796 * is_a_number(number) 797 * 798 * is the string a number in one of the forms we want to use? 799 */ 800 801 static int 802 is_a_number(char *number) 803 { 804 int ret = 1; 805 int hex = 0; 806 807 if (strncmp(number, "0x", 2) == 0) { 808 number += 2; 809 hex = 1; 810 } else if (*number == '-') { 811 number++; /* skip the minus */ 812 } 813 while (ret == 1 && *number != '\0') { 814 if (hex) { 815 ret = isxdigit(*number++); 816 } else { 817 ret = isdigit(*number++); 818 } 819 } 820 return (ret); 821 } 822 823 /* 824 * Look for the specified tag in the configuration file. If it is found, 825 * enable logging and set the logging configuration information for exp. 826 */ 827 static void 828 configlog(struct exportdata *exp, char *tag) 829 { 830 nfsl_config_t *configlist = NULL, *configp; 831 int error = 0; 832 char globaltag[] = DEFAULTTAG; 833 834 /* 835 * Sends config errors to stderr 836 */ 837 nfsl_errs_to_syslog = B_FALSE; 838 839 /* 840 * get the list of configuration settings 841 */ 842 error = nfsl_getconfig_list(&configlist); 843 if (error) { 844 (void) fprintf(stderr, 845 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 846 strerror(error)); 847 } 848 849 if (tag == NULL) 850 tag = globaltag; 851 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 852 nfsl_freeconfig_list(&configlist); 853 (void) fprintf(stderr, 854 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 855 /* bad configuration */ 856 error = ENOENT; 857 goto err; 858 } 859 860 if ((exp->ex_tag = strdup(tag)) == NULL) { 861 error = ENOMEM; 862 goto out; 863 } 864 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 865 error = ENOMEM; 866 goto out; 867 } 868 exp->ex_flags |= EX_LOG; 869 if (configp->nc_rpclogpath != NULL) 870 exp->ex_flags |= EX_LOG_ALLOPS; 871 out: 872 if (configlist != NULL) 873 nfsl_freeconfig_list(&configlist); 874 875 err: 876 if (error != 0) { 877 if (exp->ex_flags != NULL) 878 free(exp->ex_tag); 879 if (exp->ex_log_buffer != NULL) 880 free(exp->ex_log_buffer); 881 (void) fprintf(stderr, 882 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 883 strerror(error)); 884 } 885 } 886 887 /* 888 * fill_export_from_optionset(export, optionset) 889 * 890 * In order to share, we need to set all the possible general options 891 * into the export structure. Share info will be filled in by the 892 * caller. Various property values get turned into structure specific 893 * values. 894 */ 895 896 static int 897 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 898 { 899 sa_property_t option; 900 int ret = SA_OK; 901 902 for (option = sa_get_property(optionset, NULL); 903 option != NULL; option = sa_get_next_property(option)) { 904 char *name; 905 char *value; 906 uint32_t val; 907 908 /* 909 * since options may be set/reset multiple times, always do an 910 * explicit set or clear of the option. This allows defaults 911 * to be set and then the protocol specific to override. 912 */ 913 914 name = sa_get_property_attr(option, "type"); 915 value = sa_get_property_attr(option, "value"); 916 switch (findopt(name)) { 917 case OPT_ANON: 918 if (value != NULL && is_a_number(value)) { 919 val = strtoul(value, NULL, 0); 920 } else { 921 struct passwd *pw; 922 pw = getpwnam(value != NULL ? value : "nobody"); 923 if (pw != NULL) { 924 val = pw->pw_uid; 925 } else { 926 val = UID_NOBODY; 927 } 928 endpwent(); 929 } 930 export->ex_anon = val; 931 break; 932 case OPT_NOSUID: 933 if (value != NULL && (strcasecmp(value, "true") == 0 || 934 strcmp(value, "1") == 0)) 935 export->ex_flags |= EX_NOSUID; 936 else 937 export->ex_flags &= ~EX_NOSUID; 938 break; 939 case OPT_ACLOK: 940 if (value != NULL && (strcasecmp(value, "true") == 0 || 941 strcmp(value, "1") == 0)) 942 export->ex_flags |= EX_ACLOK; 943 else 944 export->ex_flags &= ~EX_ACLOK; 945 break; 946 case OPT_NOSUB: 947 if (value != NULL && (strcasecmp(value, "true") == 0 || 948 strcmp(value, "1") == 0)) 949 export->ex_flags |= EX_NOSUB; 950 else 951 export->ex_flags &= ~EX_NOSUB; 952 break; 953 case OPT_PUBLIC: 954 if (value != NULL && (strcasecmp(value, "true") == 0 || 955 strcmp(value, "1") == 0)) 956 export->ex_flags |= EX_PUBLIC; 957 else 958 export->ex_flags &= ~EX_PUBLIC; 959 break; 960 case OPT_INDEX: 961 if (value != NULL && (strcmp(value, "..") == 0 || 962 strchr(value, '/') != NULL)) { 963 /* this is an error */ 964 (void) printf(dgettext(TEXT_DOMAIN, 965 "NFS: index=\"%s\" not valid;" 966 "must be a filename.\n"), 967 value); 968 break; 969 } 970 if (value != NULL && *value != '\0' && 971 strcmp(value, ".") != 0) { 972 /* valid index file string */ 973 if (export->ex_index != NULL) { 974 /* left over from "default" */ 975 free(export->ex_index); 976 } 977 /* remember to free */ 978 export->ex_index = strdup(value); 979 if (export->ex_index == NULL) { 980 (void) printf(dgettext(TEXT_DOMAIN, 981 "NFS: out of memory setting " 982 "index property\n")); 983 break; 984 } 985 export->ex_flags |= EX_INDEX; 986 } 987 break; 988 case OPT_LOG: 989 if (value == NULL) 990 value = strdup("global"); 991 if (value != NULL) 992 configlog(export, 993 strlen(value) ? value : "global"); 994 break; 995 case OPT_CHARSET_MAP: 996 /* 997 * Set EX_CHARMAP when there is at least one 998 * charmap conversion property. This will get 999 * checked by the nfs server when it needs to. 1000 */ 1001 export->ex_flags |= EX_CHARMAP; 1002 break; 1003 default: 1004 /* have a syntactic error */ 1005 (void) printf(dgettext(TEXT_DOMAIN, 1006 "NFS: unrecognized option %s=%s\n"), 1007 name, value != NULL ? value : ""); 1008 break; 1009 } 1010 if (name != NULL) 1011 sa_free_attr_string(name); 1012 if (value != NULL) 1013 sa_free_attr_string(value); 1014 } 1015 return (ret); 1016 } 1017 1018 /* 1019 * cleanup_export(export) 1020 * 1021 * Cleanup the allocated areas so we don't leak memory 1022 */ 1023 1024 static void 1025 cleanup_export(struct exportdata *export) 1026 { 1027 int i; 1028 1029 if (export->ex_index != NULL) 1030 free(export->ex_index); 1031 if (export->ex_secinfo != NULL) { 1032 for (i = 0; i < export->ex_seccnt; i++) 1033 if (export->ex_secinfo[i].s_rootnames != NULL) 1034 free(export->ex_secinfo[i].s_rootnames); 1035 free(export->ex_secinfo); 1036 } 1037 } 1038 1039 /* 1040 * Given a seconfig entry and a colon-separated 1041 * list of names, allocate an array big enough 1042 * to hold the root list, then convert each name to 1043 * a principal name according to the security 1044 * info and assign it to an array element. 1045 * Return the array and its size. 1046 */ 1047 static caddr_t * 1048 get_rootnames(seconfig_t *sec, char *list, int *count) 1049 { 1050 caddr_t *a; 1051 int c, i; 1052 char *host, *p; 1053 1054 /* 1055 * Count the number of strings in the list. 1056 * This is the number of colon separators + 1. 1057 */ 1058 c = 1; 1059 for (p = list; *p; p++) 1060 if (*p == ':') 1061 c++; 1062 *count = c; 1063 1064 a = (caddr_t *)malloc(c * sizeof (char *)); 1065 if (a == NULL) { 1066 (void) printf(dgettext(TEXT_DOMAIN, 1067 "get_rootnames: no memory\n")); 1068 } else { 1069 for (i = 0; i < c; i++) { 1070 host = strtok(list, ":"); 1071 if (!nfs_get_root_principal(sec, host, &a[i])) { 1072 free(a); 1073 a = NULL; 1074 break; 1075 } 1076 list = NULL; 1077 } 1078 } 1079 1080 return (a); 1081 } 1082 1083 /* 1084 * fill_security_from_secopts(sp, secopts) 1085 * 1086 * Fill the secinfo structure from the secopts optionset. 1087 */ 1088 1089 static int 1090 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1091 { 1092 sa_property_t prop; 1093 char *type; 1094 int longform; 1095 int err = SC_NOERROR; 1096 uint32_t val; 1097 1098 type = sa_get_security_attr(secopts, "sectype"); 1099 if (type != NULL) { 1100 /* named security type needs secinfo to be filled in */ 1101 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1102 sa_free_attr_string(type); 1103 if (err != SC_NOERROR) 1104 return (err); 1105 } else { 1106 /* default case */ 1107 err = nfs_getseconfig_default(&sp->s_secinfo); 1108 if (err != SC_NOERROR) 1109 return (err); 1110 } 1111 1112 err = SA_OK; 1113 for (prop = sa_get_property(secopts, NULL); 1114 prop != NULL && err == SA_OK; 1115 prop = sa_get_next_property(prop)) { 1116 char *name; 1117 char *value; 1118 1119 name = sa_get_property_attr(prop, "type"); 1120 value = sa_get_property_attr(prop, "value"); 1121 1122 longform = value != NULL && strcmp(value, "*") != 0; 1123 1124 switch (findopt(name)) { 1125 case OPT_RO: 1126 sp->s_flags |= longform ? M_ROL : M_RO; 1127 break; 1128 case OPT_RW: 1129 sp->s_flags |= longform ? M_RWL : M_RW; 1130 break; 1131 case OPT_ROOT: 1132 sp->s_flags |= M_ROOT; 1133 /* 1134 * if we are using AUTH_UNIX, handle like other things 1135 * such as RO/RW 1136 */ 1137 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1138 continue; 1139 /* not AUTH_UNIX */ 1140 if (value != NULL) { 1141 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1142 value, &sp->s_rootcnt); 1143 if (sp->s_rootnames == NULL) { 1144 err = SA_BAD_VALUE; 1145 (void) fprintf(stderr, 1146 dgettext(TEXT_DOMAIN, 1147 "Bad root list\n")); 1148 } 1149 } 1150 break; 1151 case OPT_NONE: 1152 sp->s_flags |= M_NONE; 1153 break; 1154 case OPT_WINDOW: 1155 if (value != NULL) { 1156 sp->s_window = atoi(value); 1157 /* just in case */ 1158 if (sp->s_window < 0) 1159 sp->s_window = DEF_WIN; 1160 } 1161 break; 1162 case OPT_ROOT_MAPPING: 1163 if (value != NULL && is_a_number(value)) { 1164 val = strtoul(value, NULL, 0); 1165 } else { 1166 struct passwd *pw; 1167 pw = getpwnam(value != NULL ? value : "nobody"); 1168 if (pw != NULL) { 1169 val = pw->pw_uid; 1170 } else { 1171 val = UID_NOBODY; 1172 } 1173 endpwent(); 1174 } 1175 sp->s_rootid = val; 1176 break; 1177 default: 1178 break; 1179 } 1180 if (name != NULL) 1181 sa_free_attr_string(name); 1182 if (value != NULL) 1183 sa_free_attr_string(value); 1184 } 1185 /* if rw/ro options not set, use default of RW */ 1186 if ((sp->s_flags & NFS_RWMODES) == 0) 1187 sp->s_flags |= M_RW; 1188 return (err); 1189 } 1190 1191 /* 1192 * This is for testing only 1193 * It displays the export structure that 1194 * goes into the kernel. 1195 */ 1196 static void 1197 printarg(char *path, struct exportdata *ep) 1198 { 1199 int i, j; 1200 struct secinfo *sp; 1201 1202 if (debug == 0) 1203 return; 1204 1205 (void) printf("%s:\n", path); 1206 (void) printf("\tex_version = %d\n", ep->ex_version); 1207 (void) printf("\tex_path = %s\n", ep->ex_path); 1208 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1209 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1210 if (ep->ex_flags & EX_NOSUID) 1211 (void) printf("NOSUID "); 1212 if (ep->ex_flags & EX_ACLOK) 1213 (void) printf("ACLOK "); 1214 if (ep->ex_flags & EX_PUBLIC) 1215 (void) printf("PUBLIC "); 1216 if (ep->ex_flags & EX_NOSUB) 1217 (void) printf("NOSUB "); 1218 if (ep->ex_flags & EX_LOG) 1219 (void) printf("LOG "); 1220 if (ep->ex_flags & EX_CHARMAP) 1221 (void) printf("CHARMAP "); 1222 if (ep->ex_flags & EX_LOG_ALLOPS) 1223 (void) printf("LOG_ALLOPS "); 1224 if (ep->ex_flags == 0) 1225 (void) printf("(none)"); 1226 (void) printf("\n"); 1227 if (ep->ex_flags & EX_LOG) { 1228 (void) printf("\tex_log_buffer = %s\n", 1229 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1230 (void) printf("\tex_tag = %s\n", 1231 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1232 } 1233 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1234 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1235 (void) printf("\n"); 1236 for (i = 0; i < ep->ex_seccnt; i++) { 1237 sp = &ep->ex_secinfo[i]; 1238 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1239 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1240 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1241 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1242 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1243 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1244 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1245 if (sp->s_flags & M_NONE) (void) printf("M_NONE "); 1246 if (sp->s_flags == 0) (void) printf("(none)"); 1247 (void) printf("\n"); 1248 (void) printf("\t\ts_window = %d\n", sp->s_window); 1249 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid); 1250 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1251 (void) fflush(stdout); 1252 for (j = 0; j < sp->s_rootcnt; j++) 1253 (void) printf("%s ", sp->s_rootnames[j] ? 1254 sp->s_rootnames[j] : "<null>"); 1255 (void) printf("\n\n"); 1256 } 1257 } 1258 1259 /* 1260 * count_security(opts) 1261 * 1262 * Count the number of security types (flavors). The optionset has 1263 * been populated with the security flavors as a holding mechanism. 1264 * We later use this number to allocate data structures. 1265 */ 1266 1267 static int 1268 count_security(sa_optionset_t opts) 1269 { 1270 int count = 0; 1271 sa_property_t prop; 1272 if (opts != NULL) { 1273 for (prop = sa_get_property(opts, NULL); prop != NULL; 1274 prop = sa_get_next_property(prop)) { 1275 count++; 1276 } 1277 } 1278 return (count); 1279 } 1280 1281 /* 1282 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1283 * 1284 * provides a mechanism to format NFS properties into legacy output 1285 * format. If the buffer would overflow, it is reallocated and grown 1286 * as appropriate. Special cases of converting internal form of values 1287 * to those used by "share" are done. this function does one property 1288 * at a time. 1289 */ 1290 1291 static int 1292 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1293 sa_property_t prop, int sep) 1294 { 1295 char *name; 1296 char *value; 1297 int curlen; 1298 char *buff = *rbuff; 1299 size_t buffsize = *rbuffsize; 1300 int printed = B_FALSE; 1301 1302 name = sa_get_property_attr(prop, "type"); 1303 value = sa_get_property_attr(prop, "value"); 1304 if (buff != NULL) 1305 curlen = strlen(buff); 1306 else 1307 curlen = 0; 1308 if (name != NULL) { 1309 int len; 1310 len = strlen(name) + sep; 1311 1312 /* 1313 * A future RFE would be to replace this with more 1314 * generic code and to possibly handle more types. 1315 */ 1316 switch (gettype(name)) { 1317 case OPT_TYPE_BOOLEAN: 1318 /* 1319 * For NFS, boolean value of FALSE means it 1320 * doesn't show up in the option list at all. 1321 */ 1322 if (value != NULL && strcasecmp(value, "false") == 0) 1323 goto skip; 1324 if (value != NULL) { 1325 sa_free_attr_string(value); 1326 value = NULL; 1327 } 1328 break; 1329 case OPT_TYPE_ACCLIST: 1330 if (value != NULL && strcmp(value, "*") == 0) { 1331 sa_free_attr_string(value); 1332 value = NULL; 1333 } else { 1334 if (value != NULL) 1335 len += 1 + strlen(value); 1336 } 1337 break; 1338 case OPT_TYPE_LOGTAG: 1339 if (value != NULL && strlen(value) == 0) { 1340 sa_free_attr_string(value); 1341 value = NULL; 1342 } else { 1343 if (value != NULL) 1344 len += 1 + strlen(value); 1345 } 1346 break; 1347 default: 1348 if (value != NULL) 1349 len += 1 + strlen(value); 1350 break; 1351 } 1352 while (buffsize <= (curlen + len)) { 1353 /* need more room */ 1354 buffsize += incr; 1355 buff = realloc(buff, buffsize); 1356 if (buff == NULL) { 1357 /* realloc failed so free everything */ 1358 if (*rbuff != NULL) 1359 free(*rbuff); 1360 } 1361 *rbuff = buff; 1362 *rbuffsize = buffsize; 1363 if (buff == NULL) 1364 goto skip; 1365 1366 } 1367 1368 if (buff == NULL) 1369 goto skip; 1370 1371 if (value == NULL) { 1372 (void) snprintf(buff + curlen, buffsize - curlen, 1373 "%s%s", sep ? "," : "", 1374 name, value != NULL ? value : ""); 1375 } else { 1376 (void) snprintf(buff + curlen, buffsize - curlen, 1377 "%s%s=%s", sep ? "," : "", 1378 name, value != NULL ? value : ""); 1379 } 1380 printed = B_TRUE; 1381 } 1382 skip: 1383 if (name != NULL) 1384 sa_free_attr_string(name); 1385 if (value != NULL) 1386 sa_free_attr_string(value); 1387 return (printed); 1388 } 1389 1390 /* 1391 * nfs_format_options(group, hier) 1392 * 1393 * format all the options on the group into an old-style option 1394 * string. If hier is non-zero, walk up the tree to get inherited 1395 * options. 1396 */ 1397 1398 static char * 1399 nfs_format_options(sa_group_t group, int hier) 1400 { 1401 sa_optionset_t options = NULL; 1402 sa_optionset_t secoptions = NULL; 1403 sa_property_t prop, secprop; 1404 sa_security_t security = NULL; 1405 char *buff; 1406 size_t buffsize; 1407 char *sectype = NULL; 1408 int sep = 0; 1409 1410 1411 buff = malloc(OPT_CHUNK); 1412 if (buff == NULL) { 1413 return (NULL); 1414 } 1415 1416 buff[0] = '\0'; 1417 buffsize = OPT_CHUNK; 1418 1419 /* 1420 * We may have a an optionset relative to this item. format 1421 * these if we find them and then add any security definitions. 1422 */ 1423 1424 options = sa_get_derived_optionset(group, "nfs", hier); 1425 1426 /* 1427 * do the default set first but skip any option that is also 1428 * in the protocol specific optionset. 1429 */ 1430 if (options != NULL) { 1431 for (prop = sa_get_property(options, NULL); 1432 prop != NULL; prop = sa_get_next_property(prop)) { 1433 /* 1434 * use this one since we skipped any 1435 * of these that were also in 1436 * optdefault 1437 */ 1438 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1439 prop, sep)) 1440 sep = 1; 1441 if (buff == NULL) { 1442 /* 1443 * buff could become NULL if there 1444 * isn't enough memory for 1445 * nfs_sprint_option to realloc() 1446 * as necessary. We can't really 1447 * do anything about it at this 1448 * point so we return NULL. The 1449 * caller should handle the 1450 * failure. 1451 */ 1452 if (options != NULL) 1453 sa_free_derived_optionset( 1454 options); 1455 return (buff); 1456 } 1457 } 1458 } 1459 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1460 "nfs", hier); 1461 if (secoptions != NULL) { 1462 for (secprop = sa_get_property(secoptions, NULL); 1463 secprop != NULL; 1464 secprop = sa_get_next_property(secprop)) { 1465 sectype = sa_get_property_attr(secprop, "type"); 1466 security = 1467 (sa_security_t)sa_get_derived_security( 1468 group, sectype, "nfs", hier); 1469 if (security != NULL) { 1470 if (sectype != NULL) { 1471 prop = sa_create_property( 1472 "sec", sectype); 1473 if (prop == NULL) 1474 goto err; 1475 if (nfs_sprint_option(&buff, 1476 &buffsize, OPT_CHUNK, prop, sep)) 1477 sep = 1; 1478 (void) sa_remove_property(prop); 1479 if (buff == NULL) 1480 goto err; 1481 } 1482 for (prop = sa_get_property(security, 1483 NULL); prop != NULL; 1484 prop = sa_get_next_property(prop)) { 1485 if (nfs_sprint_option(&buff, 1486 &buffsize, OPT_CHUNK, prop, sep)) 1487 sep = 1; 1488 if (buff == NULL) 1489 goto err; 1490 } 1491 sa_free_derived_optionset(security); 1492 } 1493 if (sectype != NULL) 1494 sa_free_attr_string(sectype); 1495 } 1496 sa_free_derived_optionset(secoptions); 1497 } 1498 1499 if (options != NULL) 1500 sa_free_derived_optionset(options); 1501 return (buff); 1502 1503 err: 1504 /* 1505 * If we couldn't allocate memory for option printing, we need 1506 * to break out of the nested loops, cleanup and return NULL. 1507 */ 1508 if (secoptions != NULL) 1509 sa_free_derived_optionset(secoptions); 1510 if (security != NULL) 1511 sa_free_derived_optionset(security); 1512 if (sectype != NULL) 1513 sa_free_attr_string(sectype); 1514 if (options != NULL) 1515 sa_free_derived_optionset(options); 1516 return (NULL); 1517 } 1518 1519 /* 1520 * Append an entry to the nfslogtab file 1521 */ 1522 static int 1523 nfslogtab_add(dir, buffer, tag) 1524 char *dir, *buffer, *tag; 1525 { 1526 FILE *f; 1527 struct logtab_ent lep; 1528 int error = 0; 1529 1530 /* 1531 * Open the file for update and create it if necessary. 1532 * This may leave the I/O offset at the end of the file, 1533 * so rewind back to the beginning of the file. 1534 */ 1535 f = fopen(NFSLOGTAB, "a+"); 1536 if (f == NULL) { 1537 error = errno; 1538 goto out; 1539 } 1540 rewind(f); 1541 1542 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1543 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1544 "share complete, however failed to lock %s " 1545 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1546 error = -1; 1547 goto out; 1548 } 1549 1550 if (logtab_deactivate_after_boot(f) == -1) { 1551 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1552 "share complete, however could not deactivate " 1553 "entries in %s\n"), NFSLOGTAB); 1554 error = -1; 1555 goto out; 1556 } 1557 1558 /* 1559 * Remove entries matching buffer and sharepoint since we're 1560 * going to replace it with perhaps an entry with a new tag. 1561 */ 1562 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1563 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1564 "share complete, however could not remove matching " 1565 "entries in %s\n"), NFSLOGTAB); 1566 error = -1; 1567 goto out; 1568 } 1569 1570 /* 1571 * Deactivate all active entries matching this sharepoint 1572 */ 1573 if (logtab_deactivate(f, NULL, dir, NULL)) { 1574 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1575 "share complete, however could not deactivate matching " 1576 "entries in %s\n"), NFSLOGTAB); 1577 error = -1; 1578 goto out; 1579 } 1580 1581 lep.le_buffer = buffer; 1582 lep.le_path = dir; 1583 lep.le_tag = tag; 1584 lep.le_state = LES_ACTIVE; 1585 1586 /* 1587 * Add new sharepoint / buffer location to nfslogtab 1588 */ 1589 if (logtab_putent(f, &lep) < 0) { 1590 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1591 "share complete, however could not add %s to %s\n"), 1592 dir, NFSLOGTAB); 1593 error = -1; 1594 } 1595 1596 out: 1597 if (f != NULL) 1598 (void) fclose(f); 1599 return (error); 1600 } 1601 1602 /* 1603 * Deactivate an entry from the nfslogtab file 1604 */ 1605 static int 1606 nfslogtab_deactivate(path) 1607 char *path; 1608 { 1609 FILE *f; 1610 int error = 0; 1611 1612 f = fopen(NFSLOGTAB, "r+"); 1613 if (f == NULL) { 1614 error = errno; 1615 goto out; 1616 } 1617 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1618 error = errno; 1619 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1620 "share complete, however could not lock %s for " 1621 "update: %s\n"), NFSLOGTAB, strerror(error)); 1622 goto out; 1623 } 1624 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1625 error = -1; 1626 (void) fprintf(stderr, 1627 dgettext(TEXT_DOMAIN, 1628 "share complete, however could not " 1629 "deactivate %s in %s\n"), path, NFSLOGTAB); 1630 goto out; 1631 } 1632 1633 out: if (f != NULL) 1634 (void) fclose(f); 1635 1636 return (error); 1637 } 1638 1639 /* 1640 * check_public(group, skipshare) 1641 * 1642 * Check the group for any shares that have the public property 1643 * enabled. We skip "skipshare" since that is the one we are 1644 * working with. This is a separate function to make handling 1645 * subgroups simpler. Returns true if there is a share with public. 1646 */ 1647 static int 1648 check_public(sa_group_t group, sa_share_t skipshare) 1649 { 1650 int exists = B_FALSE; 1651 sa_share_t share; 1652 sa_optionset_t opt; 1653 sa_property_t prop; 1654 char *shared; 1655 1656 for (share = sa_get_share(group, NULL); share != NULL; 1657 share = sa_get_next_share(share)) { 1658 if (share == skipshare) 1659 continue; 1660 1661 opt = sa_get_optionset(share, "nfs"); 1662 if (opt == NULL) 1663 continue; 1664 prop = sa_get_property(opt, "public"); 1665 if (prop == NULL) 1666 continue; 1667 shared = sa_get_share_attr(share, "shared"); 1668 if (shared != NULL) { 1669 exists = strcmp(shared, "true") == 0; 1670 sa_free_attr_string(shared); 1671 if (exists == B_TRUE) 1672 break; 1673 } 1674 } 1675 1676 return (exists); 1677 } 1678 1679 /* 1680 * public_exists(handle, share) 1681 * 1682 * check to see if public option is set on any other share than the 1683 * one specified. Need to check zfs sub-groups as well as the top 1684 * level groups. 1685 */ 1686 static int 1687 public_exists(sa_handle_t handle, sa_share_t skipshare) 1688 { 1689 sa_group_t group = NULL; 1690 1691 /* 1692 * If we don't have a handle, we can only do syntax check. We 1693 * can't check against other shares so we assume OK and will 1694 * catch the problem only when we actually try to apply it. 1695 */ 1696 if (handle == NULL) 1697 return (SA_OK); 1698 1699 if (skipshare != NULL) { 1700 group = sa_get_parent_group(skipshare); 1701 if (group == NULL) 1702 return (SA_NO_SUCH_GROUP); 1703 } 1704 1705 for (group = sa_get_group(handle, NULL); group != NULL; 1706 group = sa_get_next_group(group)) { 1707 /* Walk any ZFS subgroups as well as all standard groups */ 1708 if (sa_group_is_zfs(group)) { 1709 sa_group_t subgroup; 1710 for (subgroup = sa_get_sub_group(group); 1711 subgroup != NULL; 1712 subgroup = sa_get_next_group(subgroup)) { 1713 if (check_public(subgroup, skipshare)) 1714 return (B_TRUE); 1715 } 1716 } else { 1717 if (check_public(group, skipshare)) 1718 return (B_TRUE); 1719 } 1720 } 1721 return (B_FALSE); 1722 } 1723 1724 /* 1725 * sa_enable_share at the protocol level, enable_share must tell the 1726 * implementation that it is to enable the share. This entails 1727 * converting the path and options into the appropriate ioctl 1728 * calls. It is assumed that all error checking of paths, etc. were 1729 * done earlier. 1730 */ 1731 static int 1732 nfs_enable_share(sa_share_t share) 1733 { 1734 struct exportdata export; 1735 sa_optionset_t secoptlist; 1736 struct secinfo *sp; 1737 int num_secinfo; 1738 sa_optionset_t opt; 1739 sa_security_t sec; 1740 sa_property_t prop; 1741 char *path; 1742 int err = SA_OK; 1743 int i; 1744 int iszfs; 1745 sa_handle_t handle; 1746 1747 /* Don't drop core if the NFS module isn't loaded. */ 1748 (void) signal(SIGSYS, SIG_IGN); 1749 1750 /* get the path since it is important in several places */ 1751 path = sa_get_share_attr(share, "path"); 1752 if (path == NULL) 1753 return (SA_NO_SUCH_PATH); 1754 1755 iszfs = sa_path_is_zfs(path); 1756 /* 1757 * find the optionsets and security sets. There may not be 1758 * any or there could be one or two for each of optionset and 1759 * security may have multiple, one per security type per 1760 * protocol type. 1761 */ 1762 opt = sa_get_derived_optionset(share, "nfs", 1); 1763 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1764 if (secoptlist != NULL) 1765 num_secinfo = MAX(1, count_security(secoptlist)); 1766 else 1767 num_secinfo = 1; 1768 1769 /* 1770 * walk through the options and fill in the structure 1771 * appropriately. 1772 */ 1773 1774 (void) memset(&export, '\0', sizeof (export)); 1775 1776 /* 1777 * do non-security options first since there is only one after 1778 * the derived group is constructed. 1779 */ 1780 export.ex_version = EX_CURRENT_VERSION; 1781 export.ex_anon = UID_NOBODY; /* this is our default value */ 1782 export.ex_index = NULL; 1783 export.ex_path = path; 1784 export.ex_pathlen = strlen(path) + 1; 1785 1786 if (opt != NULL) 1787 err = fill_export_from_optionset(&export, opt); 1788 1789 /* 1790 * check to see if "public" is set. If it is, then make sure 1791 * no other share has it set. If it is already used, fail. 1792 */ 1793 1794 handle = sa_find_group_handle((sa_group_t)share); 1795 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) { 1796 (void) printf(dgettext(TEXT_DOMAIN, 1797 "NFS: Cannot share more than one file " 1798 "system with 'public' property\n")); 1799 err = SA_NOT_ALLOWED; 1800 goto out; 1801 } 1802 1803 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1804 if (sp == NULL) { 1805 err = SA_NO_MEMORY; 1806 (void) printf(dgettext(TEXT_DOMAIN, 1807 "NFS: NFS: no memory for security\n")); 1808 goto out; 1809 } 1810 export.ex_secinfo = sp; 1811 /* get default secinfo */ 1812 export.ex_seccnt = num_secinfo; 1813 /* 1814 * since we must have one security option defined, we 1815 * init to the default and then override as we find 1816 * defined security options. This handles the case 1817 * where we have no defined options but we need to set 1818 * up one. 1819 */ 1820 sp[0].s_window = DEF_WIN; 1821 sp[0].s_rootnames = NULL; 1822 /* setup a default in case no properties defined */ 1823 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1824 (void) printf(dgettext(TEXT_DOMAIN, 1825 "NFS: nfs_getseconfig_default: failed to " 1826 "get default security mode\n")); 1827 err = SA_CONFIG_ERR; 1828 } 1829 if (secoptlist != NULL) { 1830 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1831 prop != NULL && i < num_secinfo; 1832 prop = sa_get_next_property(prop), i++) { 1833 char *sectype; 1834 sectype = sa_get_property_attr(prop, "type"); 1835 /* 1836 * if sectype is NULL, we probably 1837 * have a memory problem and can't get 1838 * the correct values. Rather than 1839 * exporting with incorrect security, 1840 * don't share it. 1841 */ 1842 if (sectype == NULL) { 1843 err = SA_NO_MEMORY; 1844 (void) printf(dgettext(TEXT_DOMAIN, 1845 "NFS: Cannot share %s: " 1846 "no memory\n"), path); 1847 goto out; 1848 } 1849 sec = (sa_security_t)sa_get_derived_security( 1850 share, sectype, "nfs", 1); 1851 sp[i].s_window = DEF_WIN; 1852 sp[i].s_rootcnt = 0; 1853 sp[i].s_rootnames = NULL; 1854 (void) fill_security_from_secopts(&sp[i], sec); 1855 if (sec != NULL) 1856 sa_free_derived_security(sec); 1857 if (sectype != NULL) 1858 sa_free_attr_string(sectype); 1859 } 1860 } 1861 /* 1862 * when we get here, we can do the exportfs system call and 1863 * initiate thinsg. We probably want to enable the nfs.server 1864 * service first if it isn't running within SMF. 1865 */ 1866 /* check nfs.server status and start if needed */ 1867 /* now add the share to the internal tables */ 1868 printarg(path, &export); 1869 /* 1870 * call the exportfs system call which is implemented 1871 * via the nfssys() call as the EXPORTFS subfunction. 1872 */ 1873 if (iszfs) { 1874 struct exportfs_args ea; 1875 share_t sh; 1876 char *str; 1877 priv_set_t *priv_effective; 1878 int privileged; 1879 1880 /* 1881 * If we aren't a privileged user 1882 * and NFS server service isn't running 1883 * then print out an error message 1884 * and return EPERM 1885 */ 1886 1887 priv_effective = priv_allocset(); 1888 (void) getppriv(PRIV_EFFECTIVE, priv_effective); 1889 1890 privileged = (priv_isfullset(priv_effective) == B_TRUE); 1891 priv_freeset(priv_effective); 1892 1893 if (!privileged && 1894 (str = smf_get_state(NFS_SERVER_SVC)) != NULL) { 1895 err = 0; 1896 if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) { 1897 (void) printf(dgettext(TEXT_DOMAIN, 1898 "NFS: Cannot share remote " 1899 "filesystem: %s\n"), path); 1900 (void) printf(dgettext(TEXT_DOMAIN, 1901 "NFS: Service needs to be enabled " 1902 "by a privileged user\n")); 1903 err = SA_SYSTEM_ERR; 1904 errno = EPERM; 1905 } 1906 free(str); 1907 } 1908 1909 if (err == 0) { 1910 ea.dname = path; 1911 ea.uex = &export; 1912 1913 sa_sharetab_fill_zfs(share, &sh, "nfs"); 1914 err = sa_share_zfs(share, NULL, path, &sh, 1915 &ea, ZFS_SHARE_NFS); 1916 if (err != SA_OK) { 1917 errno = err; 1918 err = -1; 1919 } 1920 sa_emptyshare(&sh); 1921 } 1922 } else { 1923 err = exportfs(path, &export); 1924 } 1925 1926 if (err < 0) { 1927 err = SA_SYSTEM_ERR; 1928 switch (errno) { 1929 case EREMOTE: 1930 (void) printf(dgettext(TEXT_DOMAIN, 1931 "NFS: Cannot share filesystems " 1932 "in non-global zones: %s\n"), path); 1933 err = SA_NOT_SUPPORTED; 1934 break; 1935 case EPERM: 1936 if (getzoneid() != GLOBAL_ZONEID) { 1937 (void) printf(dgettext(TEXT_DOMAIN, 1938 "NFS: Cannot share file systems " 1939 "in non-global zones: %s\n"), path); 1940 err = SA_NOT_SUPPORTED; 1941 break; 1942 } 1943 err = SA_NO_PERMISSION; 1944 /* FALLTHROUGH */ 1945 default: 1946 break; 1947 } 1948 } else { 1949 /* update sharetab with an add/modify */ 1950 if (!iszfs) { 1951 (void) sa_update_sharetab(share, "nfs"); 1952 } 1953 } 1954 1955 if (err == SA_OK) { 1956 /* 1957 * enable services as needed. This should probably be 1958 * done elsewhere in order to minimize the calls to 1959 * check services. 1960 */ 1961 /* 1962 * check to see if logging and other services need to 1963 * be triggered, but only if there wasn't an 1964 * error. This is probably where sharetab should be 1965 * updated with the NFS specific entry. 1966 */ 1967 if (export.ex_flags & EX_LOG) { 1968 /* enable logging */ 1969 if (nfslogtab_add(path, export.ex_log_buffer, 1970 export.ex_tag) != 0) { 1971 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1972 "Could not enable logging for %s\n"), 1973 path); 1974 } 1975 _check_services(service_list_logging); 1976 } else { 1977 /* 1978 * don't have logging so remove it from file. It might 1979 * not be thre, but that doesn't matter. 1980 */ 1981 (void) nfslogtab_deactivate(path); 1982 _check_services(service_list_default); 1983 } 1984 } 1985 1986 out: 1987 if (path != NULL) 1988 free(path); 1989 1990 cleanup_export(&export); 1991 if (opt != NULL) 1992 sa_free_derived_optionset(opt); 1993 if (secoptlist != NULL) 1994 (void) sa_destroy_optionset(secoptlist); 1995 return (err); 1996 } 1997 1998 /* 1999 * nfs_disable_share(share, path) 2000 * 2001 * Unshare the specified share. Note that "path" is the same path as 2002 * what is in the "share" object. It is passed in to avoid an 2003 * additional lookup. A missing "path" value makes this a no-op 2004 * function. 2005 */ 2006 static int 2007 nfs_disable_share(sa_share_t share, char *path) 2008 { 2009 int err; 2010 int ret = SA_OK; 2011 int iszfs; 2012 sa_group_t parent; 2013 sa_handle_t handle; 2014 2015 if (path == NULL) 2016 return (ret); 2017 2018 /* 2019 * If the share is in a ZFS group we need to handle it 2020 * differently. Just being on a ZFS file system isn't 2021 * enough since we may be in a legacy share case. 2022 */ 2023 parent = sa_get_parent_group(share); 2024 iszfs = sa_group_is_zfs(parent); 2025 if (iszfs) { 2026 struct exportfs_args ea; 2027 share_t sh = { 0 }; 2028 ea.dname = path; 2029 ea.uex = NULL; 2030 sh.sh_path = path; 2031 sh.sh_fstype = "nfs"; 2032 2033 err = sa_share_zfs(share, NULL, path, &sh, 2034 &ea, ZFS_UNSHARE_NFS); 2035 if (err != SA_OK) { 2036 errno = err; 2037 err = -1; 2038 } 2039 } else { 2040 err = exportfs(path, NULL); 2041 } 2042 if (err < 0) { 2043 /* 2044 * TBD: only an error in some 2045 * cases - need better analysis 2046 */ 2047 switch (errno) { 2048 case EPERM: 2049 case EACCES: 2050 ret = SA_NO_PERMISSION; 2051 if (getzoneid() != GLOBAL_ZONEID) { 2052 ret = SA_NOT_SUPPORTED; 2053 } 2054 break; 2055 case EINVAL: 2056 case ENOENT: 2057 ret = SA_NO_SUCH_PATH; 2058 break; 2059 default: 2060 ret = SA_SYSTEM_ERR; 2061 break; 2062 } 2063 } 2064 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 2065 handle = sa_find_group_handle((sa_group_t)share); 2066 if (!iszfs) 2067 (void) sa_delete_sharetab(handle, path, "nfs"); 2068 /* just in case it was logged */ 2069 (void) nfslogtab_deactivate(path); 2070 } 2071 return (ret); 2072 } 2073 2074 /* 2075 * check_rorwnone(v1, v2, v3) 2076 * 2077 * check ro vs rw vs none values. Over time this may get beefed up. 2078 * for now it just does simple checks. v1 is never NULL but v2 or v3 2079 * could be. 2080 */ 2081 2082 static int 2083 check_rorwnone(char *v1, char *v2, char *v3) 2084 { 2085 int ret = SA_OK; 2086 if (v2 != NULL && strcmp(v1, v2) == 0) 2087 ret = SA_VALUE_CONFLICT; 2088 else if (v3 != NULL && strcmp(v1, v3) == 0) 2089 ret = SA_VALUE_CONFLICT; 2090 2091 return (ret); 2092 } 2093 2094 /* 2095 * nfs_validate_property(handle, property, parent) 2096 * 2097 * Check that the property has a legitimate value for its type. 2098 */ 2099 2100 static int 2101 nfs_validate_property(sa_handle_t handle, sa_property_t property, 2102 sa_optionset_t parent) 2103 { 2104 int ret = SA_OK; 2105 char *propname; 2106 char *other1; 2107 char *other2; 2108 int optindex; 2109 nfsl_config_t *configlist; 2110 sa_group_t parent_group; 2111 char *value; 2112 2113 propname = sa_get_property_attr(property, "type"); 2114 2115 if ((optindex = findopt(propname)) < 0) 2116 ret = SA_NO_SUCH_PROP; 2117 2118 /* need to validate value range here as well */ 2119 2120 if (ret == SA_OK) { 2121 parent_group = sa_get_parent_group((sa_share_t)parent); 2122 if (optdefs[optindex].share && parent_group != NULL && 2123 !sa_is_share(parent_group)) 2124 ret = SA_PROP_SHARE_ONLY; 2125 } 2126 if (ret == SA_OK) { 2127 if (optdefs[optindex].index == OPT_PUBLIC) { 2128 /* 2129 * Public is special in that only one instance can 2130 * be in the repository at the same time. 2131 */ 2132 if (public_exists(handle, parent_group)) { 2133 sa_free_attr_string(propname); 2134 return (SA_VALUE_CONFLICT); 2135 } 2136 } 2137 value = sa_get_property_attr(property, "value"); 2138 if (value != NULL) { 2139 /* first basic type checking */ 2140 switch (optdefs[optindex].type) { 2141 case OPT_TYPE_NUMBER: 2142 /* check that the value is all digits */ 2143 if (!is_a_number(value)) 2144 ret = SA_BAD_VALUE; 2145 break; 2146 case OPT_TYPE_BOOLEAN: 2147 if (strlen(value) == 0 || 2148 strcasecmp(value, "true") == 0 || 2149 strcmp(value, "1") == 0 || 2150 strcasecmp(value, "false") == 0 || 2151 strcmp(value, "0") == 0) { 2152 ret = SA_OK; 2153 } else { 2154 ret = SA_BAD_VALUE; 2155 } 2156 break; 2157 case OPT_TYPE_USER: 2158 if (!is_a_number(value)) { 2159 struct passwd *pw; 2160 /* 2161 * in this case it would have to be a 2162 * user name 2163 */ 2164 pw = getpwnam(value); 2165 if (pw == NULL) 2166 ret = SA_BAD_VALUE; 2167 endpwent(); 2168 } else { 2169 uint64_t intval; 2170 intval = strtoull(value, NULL, 0); 2171 if (intval > UID_MAX && intval != ~0) 2172 ret = SA_BAD_VALUE; 2173 } 2174 break; 2175 case OPT_TYPE_FILE: 2176 if (strcmp(value, "..") == 0 || 2177 strchr(value, '/') != NULL) { 2178 ret = SA_BAD_VALUE; 2179 } 2180 break; 2181 case OPT_TYPE_ACCLIST: { 2182 sa_property_t oprop1; 2183 sa_property_t oprop2; 2184 char *ovalue1 = NULL; 2185 char *ovalue2 = NULL; 2186 2187 if (parent == NULL) 2188 break; 2189 /* 2190 * access list handling. Should eventually 2191 * validate that all the values make sense. 2192 * Also, ro and rw may have cross value 2193 * conflicts. 2194 */ 2195 if (strcmp(propname, SHOPT_RO) == 0) { 2196 other1 = SHOPT_RW; 2197 other2 = SHOPT_NONE; 2198 } else if (strcmp(propname, SHOPT_RW) == 0) { 2199 other1 = SHOPT_RO; 2200 other2 = SHOPT_NONE; 2201 } else if (strcmp(propname, SHOPT_NONE) == 0) { 2202 other1 = SHOPT_RO; 2203 other2 = SHOPT_RW; 2204 } else { 2205 other1 = NULL; 2206 other2 = NULL; 2207 } 2208 if (other1 == NULL && other2 == NULL) 2209 break; 2210 2211 /* compare rw(ro) with ro(rw) */ 2212 2213 oprop1 = sa_get_property(parent, other1); 2214 oprop2 = sa_get_property(parent, other2); 2215 if (oprop1 == NULL && oprop2 == NULL) 2216 break; 2217 /* 2218 * Only potential confusion if other1 2219 * or other2 exists. Check the values 2220 * and run the check if there is a 2221 * value other than the one we are 2222 * explicitly looking at. 2223 */ 2224 ovalue1 = sa_get_property_attr(oprop1, "value"); 2225 ovalue2 = sa_get_property_attr(oprop2, "value"); 2226 if (ovalue1 != NULL || ovalue2 != NULL) 2227 ret = check_rorwnone(value, ovalue1, 2228 ovalue2); 2229 2230 if (ovalue1 != NULL) 2231 sa_free_attr_string(ovalue1); 2232 if (ovalue2 != NULL) 2233 sa_free_attr_string(ovalue2); 2234 break; 2235 } 2236 case OPT_TYPE_LOGTAG: 2237 if (nfsl_getconfig_list(&configlist) == 0) { 2238 int error; 2239 if (value == NULL || 2240 strlen(value) == 0) { 2241 if (value != NULL) 2242 sa_free_attr_string( 2243 value); 2244 value = strdup("global"); 2245 } 2246 if (value != NULL && 2247 nfsl_findconfig(configlist, value, 2248 &error) == NULL) { 2249 ret = SA_BAD_VALUE; 2250 } 2251 /* Must always free when done */ 2252 nfsl_freeconfig_list(&configlist); 2253 } else { 2254 ret = SA_CONFIG_ERR; 2255 } 2256 break; 2257 case OPT_TYPE_STRING: 2258 /* whatever is here should be ok */ 2259 break; 2260 case OPT_TYPE_SECURITY: 2261 /* 2262 * The "sec" property isn't used in the 2263 * non-legacy parts of sharemgr. We need to 2264 * reject it here. For legacy, it is pulled 2265 * out well before we get here. 2266 */ 2267 ret = SA_NO_SUCH_PROP; 2268 break; 2269 default: 2270 break; 2271 } 2272 2273 if (value != NULL) 2274 sa_free_attr_string(value); 2275 2276 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2277 /* do the property specific check */ 2278 ret = optdefs[optindex].check(handle, property); 2279 } 2280 } 2281 } 2282 2283 if (propname != NULL) 2284 sa_free_attr_string(propname); 2285 return (ret); 2286 } 2287 2288 /* 2289 * Protocol management functions 2290 * 2291 * Properties defined in the default files are defined in 2292 * proto_option_defs for parsing and validation. If "other" and 2293 * "compare" are set, then the value for this property should be 2294 * compared against the property specified in "other" using the 2295 * "compare" check (either <= or >=) in order to ensure that the 2296 * values are in the correct range. E.g. setting server_versmin 2297 * higher than server_versmax should not be allowed. 2298 */ 2299 2300 struct proto_option_defs { 2301 char *tag; 2302 char *name; /* display name -- remove protocol identifier */ 2303 int index; 2304 int type; 2305 union { 2306 int intval; 2307 char *string; 2308 } defvalue; 2309 uint32_t svcs; 2310 int32_t minval; 2311 int32_t maxval; 2312 char *file; 2313 char *other; 2314 int compare; 2315 #define OPT_CMP_GE 0 2316 #define OPT_CMP_LE 1 2317 int (*check)(char *); 2318 } proto_options[] = { 2319 #define PROTO_OPT_NFSD_SERVERS 0 2320 {"nfsd_servers", 2321 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD, 2322 1, INT32_MAX, NFSADMIN}, 2323 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2324 {"lockd_listen_backlog", 2325 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2326 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX, NFSADMIN}, 2327 #define PROTO_OPT_LOCKD_SERVERS 2 2328 {"lockd_servers", 2329 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20, 2330 SVC_LOCKD, 1, INT32_MAX, NFSADMIN}, 2331 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2332 {"lockd_retransmit_timeout", 2333 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2334 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2335 #define PROTO_OPT_GRACE_PERIOD 4 2336 {"grace_period", 2337 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90, 2338 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2339 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2340 {"nfs_server_versmin", 2341 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER, 2342 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2343 NFS_VERSMAX, NFSADMIN, "server_versmax", OPT_CMP_LE}, 2344 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2345 {"nfs_server_versmax", 2346 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER, 2347 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2348 NFS_VERSMAX, NFSADMIN, "server_versmin", OPT_CMP_GE}, 2349 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2350 {"nfs_client_versmin", 2351 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER, 2352 (int)NFS_VERSMIN_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2353 NFSADMIN, "client_versmax", OPT_CMP_LE}, 2354 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2355 {"nfs_client_versmax", 2356 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER, 2357 (int)NFS_VERSMAX_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2358 NFSADMIN, "client_versmin", OPT_CMP_GE}, 2359 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2360 {"nfs_server_delegation", 2361 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION, 2362 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0, 2363 NFSADMIN}, 2364 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2365 {"nfsmapid_domain", 2366 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN, 2367 NULL, SVC_NFSMAPID, 0, 0, NFSADMIN}, 2368 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2369 {"nfsd_max_connections", 2370 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS, 2371 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX, NFSADMIN}, 2372 #define PROTO_OPT_NFSD_PROTOCOL 12 2373 {"nfsd_protocol", 2374 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0, 2375 SVC_NFSD, 0, 0, NFSADMIN}, 2376 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2377 {"nfsd_listen_backlog", 2378 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG, 2379 OPT_TYPE_NUMBER, 0, 2380 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2381 {NULL} 2382 }; 2383 2384 /* 2385 * the protoset holds the defined options so we don't have to read 2386 * them multiple times 2387 */ 2388 static sa_protocol_properties_t protoset; 2389 2390 static int 2391 findprotoopt(char *name, int whichname) 2392 { 2393 int i; 2394 for (i = 0; proto_options[i].tag != NULL; i++) { 2395 if (whichname == 1) { 2396 if (strcasecmp(proto_options[i].name, name) == 0) 2397 return (i); 2398 } else { 2399 if (strcasecmp(proto_options[i].tag, name) == 0) 2400 return (i); 2401 } 2402 } 2403 return (-1); 2404 } 2405 2406 /* 2407 * fixcaselower(str) 2408 * 2409 * convert a string to lower case (inplace). 2410 */ 2411 2412 static void 2413 fixcaselower(char *str) 2414 { 2415 while (*str) { 2416 *str = tolower(*str); 2417 str++; 2418 } 2419 } 2420 2421 /* 2422 * fixcaseupper(str) 2423 * 2424 * convert a string to upper case (inplace). 2425 */ 2426 2427 static void 2428 fixcaseupper(char *str) 2429 { 2430 while (*str) { 2431 *str = toupper(*str); 2432 str++; 2433 } 2434 } 2435 2436 /* 2437 * skipwhitespace(str) 2438 * 2439 * Skip leading white space. It is assumed that it is called with a 2440 * valid pointer. 2441 */ 2442 2443 static char * 2444 skipwhitespace(char *str) 2445 { 2446 while (*str && isspace(*str)) 2447 str++; 2448 2449 return (str); 2450 } 2451 2452 /* 2453 * extractprop() 2454 * 2455 * Extract the property and value out of the line and create the 2456 * property in the optionset. 2457 */ 2458 static int 2459 extractprop(char *name, char *value) 2460 { 2461 sa_property_t prop; 2462 int index; 2463 int ret = SA_OK; 2464 /* 2465 * Remove any leading 2466 * white space. 2467 */ 2468 name = skipwhitespace(name); 2469 2470 index = findprotoopt(name, 0); 2471 if (index >= 0) { 2472 fixcaselower(name); 2473 prop = sa_create_property(proto_options[index].name, value); 2474 if (prop != NULL) 2475 ret = sa_add_protocol_property(protoset, prop); 2476 else 2477 ret = SA_NO_MEMORY; 2478 } 2479 return (ret); 2480 } 2481 2482 /* 2483 * initprotofromdefault() 2484 * 2485 * Read the default file(s) and add the defined values to the 2486 * protoset. Note that default values are known from the built in 2487 * table in case the file doesn't have a definition. Not having the 2488 * /etc/default/nfs file is OK since we have builtin default 2489 * values. The default file will get constructed as needed if values 2490 * are changed from the defaults. 2491 */ 2492 2493 static int 2494 initprotofromdefault() 2495 { 2496 FILE *nfs; 2497 char buff[BUFSIZ]; 2498 char *name; 2499 char *value; 2500 int ret = SA_OK; 2501 2502 protoset = sa_create_protocol_properties("nfs"); 2503 2504 if (protoset != NULL) { 2505 nfs = fopen(NFSADMIN, "r"); 2506 if (nfs != NULL) { 2507 while (ret == SA_OK && 2508 fgets(buff, sizeof (buff), nfs) != NULL) { 2509 switch (buff[0]) { 2510 case '\n': 2511 case '#': 2512 /* skip */ 2513 break; 2514 default: 2515 name = buff; 2516 buff[strlen(buff) - 1] = '\0'; 2517 value = strchr(name, '='); 2518 if (value != NULL) { 2519 *value++ = '\0'; 2520 ret = extractprop(name, value); 2521 } 2522 } 2523 } 2524 (void) fclose(nfs); 2525 } else { 2526 switch (errno) { 2527 case EPERM: 2528 case EACCES: 2529 ret = SA_NO_PERMISSION; 2530 break; 2531 case ENOENT: 2532 break; 2533 default: 2534 ret = SA_SYSTEM_ERR; 2535 break; 2536 } 2537 } 2538 } else { 2539 ret = SA_NO_MEMORY; 2540 } 2541 return (ret); 2542 } 2543 2544 /* 2545 * add_defaults() 2546 * 2547 * Add the default values for any property not defined in the parsing 2548 * of the default files. Values are set according to their defined 2549 * types. 2550 */ 2551 2552 static void 2553 add_defaults() 2554 { 2555 int i; 2556 char number[MAXDIGITS]; 2557 2558 for (i = 0; proto_options[i].tag != NULL; i++) { 2559 sa_property_t prop; 2560 prop = sa_get_protocol_property(protoset, 2561 proto_options[i].name); 2562 if (prop == NULL) { 2563 /* add the default value */ 2564 switch (proto_options[i].type) { 2565 case OPT_TYPE_NUMBER: 2566 (void) snprintf(number, sizeof (number), "%d", 2567 proto_options[i].defvalue.intval); 2568 prop = sa_create_property(proto_options[i].name, 2569 number); 2570 break; 2571 2572 case OPT_TYPE_BOOLEAN: 2573 prop = sa_create_property(proto_options[i].name, 2574 proto_options[i].defvalue.intval ? 2575 "true" : "false"); 2576 break; 2577 2578 case OPT_TYPE_ONOFF: 2579 prop = sa_create_property(proto_options[i].name, 2580 proto_options[i].defvalue.intval ? 2581 "on" : "off"); 2582 break; 2583 2584 default: 2585 /* treat as strings of zero length */ 2586 prop = sa_create_property(proto_options[i].name, 2587 ""); 2588 break; 2589 } 2590 if (prop != NULL) 2591 (void) sa_add_protocol_property(protoset, prop); 2592 } 2593 } 2594 } 2595 2596 static void 2597 free_protoprops() 2598 { 2599 if (protoset != NULL) { 2600 xmlFreeNode(protoset); 2601 protoset = NULL; 2602 } 2603 } 2604 2605 /* 2606 * nfs_init() 2607 * 2608 * Initialize the NFS plugin. 2609 */ 2610 2611 static int 2612 nfs_init() 2613 { 2614 int ret = SA_OK; 2615 2616 if (sa_plugin_ops.sa_init != nfs_init) { 2617 (void) printf(dgettext(TEXT_DOMAIN, 2618 "NFS plugin not properly initialized\n")); 2619 return (SA_CONFIG_ERR); 2620 } 2621 2622 ret = initprotofromdefault(); 2623 if (ret != SA_OK) { 2624 (void) printf(dgettext(TEXT_DOMAIN, 2625 "NFS plugin problem with default file: %s\n"), 2626 sa_errorstr(ret)); 2627 ret = SA_OK; 2628 } 2629 add_defaults(); 2630 2631 return (ret); 2632 } 2633 2634 /* 2635 * nfs_fini() 2636 * 2637 * uninitialize the NFS plugin. Want to avoid memory leaks. 2638 */ 2639 2640 static void 2641 nfs_fini() 2642 { 2643 free_protoprops(); 2644 } 2645 2646 /* 2647 * nfs_get_proto_set() 2648 * 2649 * Return an optionset with all the protocol specific properties in 2650 * it. 2651 */ 2652 2653 static sa_protocol_properties_t 2654 nfs_get_proto_set() 2655 { 2656 return (protoset); 2657 } 2658 2659 struct deffile { 2660 struct deffile *next; 2661 char *line; 2662 }; 2663 2664 /* 2665 * read_default_file(fname) 2666 * 2667 * Read the specified default file. We return a list of entries. This 2668 * get used for adding or removing values. 2669 */ 2670 2671 static struct deffile * 2672 read_default_file(char *fname) 2673 { 2674 FILE *file; 2675 struct deffile *defs = NULL; 2676 struct deffile *newdef; 2677 struct deffile *prevdef = NULL; 2678 char buff[BUFSIZ * 2]; 2679 2680 file = fopen(fname, "r"); 2681 if (file != NULL) { 2682 while (fgets(buff, sizeof (buff), file) != NULL) { 2683 newdef = (struct deffile *)calloc(1, 2684 sizeof (struct deffile)); 2685 if (newdef != NULL) { 2686 /* Make sure we skip any leading whitespace. */ 2687 newdef->line = strdup(skipwhitespace(buff)); 2688 if (defs == NULL) { 2689 prevdef = defs = newdef; 2690 } else { 2691 prevdef->next = newdef; 2692 prevdef = newdef; 2693 } 2694 } 2695 } 2696 (void) fclose(file); 2697 } else { 2698 int ret = SA_OK; 2699 switch (errno) { 2700 case EPERM: 2701 case EACCES: 2702 ret = SA_NO_PERMISSION; 2703 break; 2704 case ENOENT: 2705 break; 2706 default: 2707 ret = SA_SYSTEM_ERR; 2708 break; 2709 } 2710 if (ret == SA_OK) { 2711 /* Want at least one comment line */ 2712 defs = (struct deffile *) 2713 calloc(1, sizeof (struct deffile)); 2714 defs->line = strdup("# NFS default file\n"); 2715 } 2716 } 2717 return (defs); 2718 } 2719 2720 static void 2721 free_default_file(struct deffile *defs) 2722 { 2723 struct deffile *curdefs = NULL; 2724 2725 while (defs != NULL) { 2726 curdefs = defs; 2727 defs = defs->next; 2728 if (curdefs->line != NULL) 2729 free(curdefs->line); 2730 free(curdefs); 2731 } 2732 } 2733 2734 /* 2735 * write_default_file(fname, defs) 2736 * 2737 * Write the default file back. 2738 */ 2739 2740 static int 2741 write_default_file(char *fname, struct deffile *defs) 2742 { 2743 FILE *file; 2744 int ret = SA_OK; 2745 sigset_t old, new; 2746 2747 file = fopen(fname, "w+"); 2748 if (file != NULL) { 2749 (void) sigprocmask(SIG_BLOCK, NULL, &new); 2750 (void) sigaddset(&new, SIGHUP); 2751 (void) sigaddset(&new, SIGINT); 2752 (void) sigaddset(&new, SIGQUIT); 2753 (void) sigaddset(&new, SIGTSTP); 2754 (void) sigprocmask(SIG_SETMASK, &new, &old); 2755 while (defs != NULL) { 2756 (void) fputs(defs->line, file); 2757 defs = defs->next; 2758 } 2759 (void) fsync(fileno(file)); 2760 (void) sigprocmask(SIG_SETMASK, &old, NULL); 2761 (void) fclose(file); 2762 } else { 2763 switch (errno) { 2764 case EPERM: 2765 case EACCES: 2766 ret = SA_NO_PERMISSION; 2767 break; 2768 default: 2769 ret = SA_SYSTEM_ERR; 2770 } 2771 } 2772 return (ret); 2773 } 2774 2775 2776 /* 2777 * set_default_file_value(tag, value) 2778 * 2779 * Set the default file value for tag to value. Then rewrite the file. 2780 * tag and value are always set. The caller must ensure this. 2781 */ 2782 2783 #define MAX_STRING_LENGTH 256 2784 static int 2785 set_default_file_value(char *tag, char *value) 2786 { 2787 int ret = SA_OK; 2788 struct deffile *root; 2789 struct deffile *defs; 2790 struct deffile *prev; 2791 char string[MAX_STRING_LENGTH]; 2792 int len; 2793 boolean_t update = B_FALSE; 2794 2795 (void) snprintf(string, MAX_STRING_LENGTH, "%s=", tag); 2796 len = strlen(string); 2797 2798 root = defs = read_default_file(NFSADMIN); 2799 if (root == NULL) { 2800 switch (errno) { 2801 case EPERM: 2802 case EACCES: 2803 ret = SA_NO_PERMISSION; 2804 break; 2805 default: 2806 ret = SA_NO_MEMORY; 2807 break; 2808 } 2809 return (ret); 2810 } 2811 2812 while (defs != NULL) { 2813 if (defs->line != NULL && 2814 strncasecmp(defs->line, string, len) == 0) { 2815 /* replace with the new value */ 2816 free(defs->line); 2817 fixcaseupper(tag); 2818 (void) snprintf(string, sizeof (string), 2819 "%s=%s\n", tag, value); 2820 string[MAX_STRING_LENGTH - 1] = '\0'; 2821 defs->line = strdup(string); 2822 update = B_TRUE; 2823 break; 2824 } 2825 defs = defs->next; 2826 } 2827 if (!update) { 2828 defs = root; 2829 /* didn't find, so see if it is a comment */ 2830 (void) snprintf(string, MAX_STRING_LENGTH, "#%s=", tag); 2831 len = strlen(string); 2832 while (defs != NULL) { 2833 if (strncasecmp(defs->line, string, len) == 0) { 2834 /* replace with the new value */ 2835 free(defs->line); 2836 fixcaseupper(tag); 2837 (void) snprintf(string, sizeof (string), 2838 "%s=%s\n", tag, value); 2839 string[MAX_STRING_LENGTH - 1] = '\0'; 2840 defs->line = strdup(string); 2841 update = B_TRUE; 2842 break; 2843 } 2844 defs = defs->next; 2845 } 2846 } 2847 if (!update) { 2848 fixcaseupper(tag); 2849 (void) snprintf(string, sizeof (string), "%s=%s\n", 2850 tag, value); 2851 prev = root; 2852 while (prev->next != NULL) 2853 prev = prev->next; 2854 defs = malloc(sizeof (struct deffile)); 2855 prev->next = defs; 2856 if (defs != NULL) { 2857 defs->next = NULL; 2858 defs->line = strdup(string); 2859 update = B_TRUE; 2860 } 2861 } 2862 if (update) { 2863 ret = write_default_file(NFSADMIN, root); 2864 } 2865 free_default_file(root); 2866 return (ret); 2867 } 2868 2869 /* 2870 * service_in_state(service, chkstate) 2871 * 2872 * Want to know if the specified service is in the desired state 2873 * (chkstate) or not. Return true (1) if it is and false (0) if it 2874 * isn't. 2875 */ 2876 static int 2877 service_in_state(char *service, const char *chkstate) 2878 { 2879 char *state; 2880 int ret = B_FALSE; 2881 2882 state = smf_get_state(service); 2883 if (state != NULL) { 2884 /* got the state so get the equality for the return value */ 2885 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 2886 free(state); 2887 } 2888 return (ret); 2889 } 2890 2891 /* 2892 * restart_service(svcs) 2893 * 2894 * Walk through the bit mask of services that need to be restarted in 2895 * order to use the new property values. Some properties affect 2896 * multiple daemons. Should only restart a service if it is currently 2897 * enabled (online). 2898 */ 2899 2900 static void 2901 restart_service(uint32_t svcs) 2902 { 2903 uint32_t mask; 2904 int ret; 2905 char *service; 2906 2907 for (mask = 1; svcs != 0; mask <<= 1) { 2908 switch (svcs & mask) { 2909 case SVC_LOCKD: 2910 service = LOCKD; 2911 break; 2912 case SVC_STATD: 2913 service = STATD; 2914 break; 2915 case SVC_NFSD: 2916 service = NFSD; 2917 break; 2918 case SVC_MOUNTD: 2919 service = MOUNTD; 2920 break; 2921 case SVC_NFS4CBD: 2922 service = NFS4CBD; 2923 break; 2924 case SVC_NFSMAPID: 2925 service = NFSMAPID; 2926 break; 2927 case SVC_RQUOTAD: 2928 service = RQUOTAD; 2929 break; 2930 case SVC_NFSLOGD: 2931 service = NFSLOGD; 2932 break; 2933 default: 2934 continue; 2935 } 2936 2937 /* 2938 * Only attempt to restart the service if it is 2939 * currently running. In the future, it may be 2940 * desirable to use smf_refresh_instance if the NFS 2941 * services ever implement the refresh method. 2942 */ 2943 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 2944 ret = smf_restart_instance(service); 2945 /* 2946 * There are only a few SMF errors at this point, but 2947 * it is also possible that a bad value may have put 2948 * the service into maintenance if there wasn't an 2949 * SMF level error. 2950 */ 2951 if (ret != 0) { 2952 (void) fprintf(stderr, 2953 dgettext(TEXT_DOMAIN, 2954 "%s failed to restart: %s\n"), 2955 scf_strerror(scf_error())); 2956 } else { 2957 /* 2958 * Check whether it has gone to "maintenance" 2959 * mode or not. Maintenance implies something 2960 * went wrong. 2961 */ 2962 if (service_in_state(service, 2963 SCF_STATE_STRING_MAINT)) { 2964 (void) fprintf(stderr, 2965 dgettext(TEXT_DOMAIN, 2966 "%s failed to restart\n"), 2967 service); 2968 } 2969 } 2970 } 2971 svcs &= ~mask; 2972 } 2973 } 2974 2975 /* 2976 * nfs_minmax_check(name, value) 2977 * 2978 * Verify that the value for the property specified by index is valid 2979 * relative to the opposite value in the case of a min/max variable. 2980 * Currently, server_minvers/server_maxvers and 2981 * client_minvers/client_maxvers are the only ones to check. 2982 */ 2983 2984 static int 2985 nfs_minmax_check(int index, int value) 2986 { 2987 int val; 2988 char *pval; 2989 sa_property_t prop; 2990 sa_optionset_t opts; 2991 int ret = B_TRUE; 2992 2993 if (proto_options[index].other != NULL) { 2994 /* have a property to compare against */ 2995 opts = nfs_get_proto_set(); 2996 prop = sa_get_property(opts, proto_options[index].other); 2997 /* 2998 * If we don't find the property, assume default 2999 * values which will work since the max will be at the 3000 * max and the min at the min. 3001 */ 3002 if (prop != NULL) { 3003 pval = sa_get_property_attr(prop, "value"); 3004 if (pval != NULL) { 3005 val = strtoul(pval, NULL, 0); 3006 if (proto_options[index].compare == 3007 OPT_CMP_LE) { 3008 ret = value <= val ? B_TRUE : B_FALSE; 3009 } else if (proto_options[index].compare == 3010 OPT_CMP_GE) { 3011 ret = value >= val ? B_TRUE : B_FALSE; 3012 } 3013 } 3014 } 3015 } 3016 return (ret); 3017 } 3018 3019 /* 3020 * nfs_validate_proto_prop(index, name, value) 3021 * 3022 * Verify that the property specified by name can take the new 3023 * value. This is a sanity check to prevent bad values getting into 3024 * the default files. All values need to be checked against what is 3025 * allowed by their defined type. If a type isn't explicitly defined 3026 * here, it is treated as a string. 3027 * 3028 * Note that OPT_TYPE_NUMBER will additionally check that the value is 3029 * within the range specified and potentially against another property 3030 * value as well as specified in the proto_options members other and 3031 * compare. 3032 */ 3033 3034 static int 3035 nfs_validate_proto_prop(int index, char *name, char *value) 3036 { 3037 int ret = SA_OK; 3038 char *cp; 3039 #ifdef lint 3040 name = name; 3041 #endif 3042 3043 switch (proto_options[index].type) { 3044 case OPT_TYPE_NUMBER: 3045 if (!is_a_number(value)) 3046 ret = SA_BAD_VALUE; 3047 else { 3048 int val; 3049 val = strtoul(value, NULL, 0); 3050 if (val < proto_options[index].minval || 3051 val > proto_options[index].maxval) 3052 ret = SA_BAD_VALUE; 3053 /* 3054 * For server_versmin/server_versmax and 3055 * client_versmin/client_versmax, the value of the 3056 * min(max) should be checked to be correct relative 3057 * to the current max(min). 3058 */ 3059 if (!nfs_minmax_check(index, val)) { 3060 ret = SA_BAD_VALUE; 3061 } 3062 } 3063 break; 3064 3065 case OPT_TYPE_DOMAIN: 3066 /* 3067 * needs to be a qualified domain so will have at 3068 * least one period and other characters on either 3069 * side of it. A zero length string is also allowed 3070 * and is the way to turn off the override. 3071 */ 3072 if (strlen(value) == 0) 3073 break; 3074 cp = strchr(value, '.'); 3075 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 3076 ret = SA_BAD_VALUE; 3077 break; 3078 3079 case OPT_TYPE_BOOLEAN: 3080 if (strlen(value) == 0 || 3081 strcasecmp(value, "true") == 0 || 3082 strcmp(value, "1") == 0 || 3083 strcasecmp(value, "false") == 0 || 3084 strcmp(value, "0") == 0) { 3085 ret = SA_OK; 3086 } else { 3087 ret = SA_BAD_VALUE; 3088 } 3089 break; 3090 3091 case OPT_TYPE_ONOFF: 3092 if (strcasecmp(value, "on") != 0 && 3093 strcasecmp(value, "off") != 0) { 3094 ret = SA_BAD_VALUE; 3095 } 3096 break; 3097 3098 case OPT_TYPE_PROTOCOL: 3099 if (strlen(value) != 0 && 3100 strcasecmp(value, "all") != 0 && 3101 strcasecmp(value, "tcp") != 0 && 3102 strcasecmp(value, "udp") != 0) 3103 ret = SA_BAD_VALUE; 3104 break; 3105 3106 default: 3107 /* treat as a string */ 3108 break; 3109 } 3110 return (ret); 3111 } 3112 3113 /* 3114 * nfs_set_proto_prop(prop) 3115 * 3116 * check that prop is valid. 3117 */ 3118 3119 static int 3120 nfs_set_proto_prop(sa_property_t prop) 3121 { 3122 int ret = SA_OK; 3123 char *name; 3124 char *value; 3125 3126 name = sa_get_property_attr(prop, "type"); 3127 value = sa_get_property_attr(prop, "value"); 3128 if (name != NULL && value != NULL) { 3129 int index = findprotoopt(name, 1); 3130 if (index >= 0) { 3131 /* should test for valid value */ 3132 ret = nfs_validate_proto_prop(index, name, value); 3133 if (ret == SA_OK) 3134 ret = set_default_file_value( 3135 proto_options[index].tag, value); 3136 if (ret == SA_OK) 3137 restart_service(proto_options[index].svcs); 3138 } 3139 } 3140 if (name != NULL) 3141 sa_free_attr_string(name); 3142 if (value != NULL) 3143 sa_free_attr_string(value); 3144 return (ret); 3145 } 3146 3147 /* 3148 * nfs_get_status() 3149 * 3150 * What is the current status of the nfsd? We use the SMF state here. 3151 * Caller must free the returned value. 3152 */ 3153 3154 static char * 3155 nfs_get_status() 3156 { 3157 char *state; 3158 state = smf_get_state(NFSD); 3159 return (state != NULL ? state : strdup("-")); 3160 } 3161 3162 /* 3163 * nfs_space_alias(alias) 3164 * 3165 * Lookup the space (security) name. If it is default, convert to the 3166 * real name. 3167 */ 3168 3169 static char * 3170 nfs_space_alias(char *space) 3171 { 3172 char *name = space; 3173 seconfig_t secconf; 3174 3175 /* 3176 * Only the space named "default" is special. If it is used, 3177 * the default needs to be looked up and the real name used. 3178 * This is normally "sys" but could be changed. We always 3179 * change defautl to the real name. 3180 */ 3181 if (strcmp(space, "default") == 0 && 3182 nfs_getseconfig_default(&secconf) == 0) { 3183 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 3184 name = secconf.sc_name; 3185 } 3186 return (strdup(name)); 3187 } 3188 3189 /* 3190 * nfs_features() 3191 * 3192 * Return a mask of the features required. 3193 */ 3194 3195 static uint64_t 3196 nfs_features() 3197 { 3198 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER); 3199 } 3200