xref: /titanic_41/usr/src/cmd/fs.d/autofs/autod_nfs.c (revision 5fbb41393be5d63f75952b1d72d4df2642d22557)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <stdio.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <ctype.h>
30 #include <syslog.h>
31 #include <string.h>
32 #include <deflt.h>
33 #include <kstat.h>
34 #include <sys/param.h>
35 #include <sys/types.h>
36 #include <sys/time.h>
37 #include <sys/stat.h>
38 #include <sys/wait.h>
39 #include <sys/socket.h>
40 #include <netinet/in.h>
41 #include <signal.h>
42 #include <sys/signal.h>
43 #include <rpc/rpc.h>
44 #include <rpc/pmap_clnt.h>
45 #include <sys/mount.h>
46 #include <sys/mntent.h>
47 #include <sys/mnttab.h>
48 #include <sys/fstyp.h>
49 #include <sys/fsid.h>
50 #include <arpa/inet.h>
51 #include <netdb.h>
52 #include <netconfig.h>
53 #include <netdir.h>
54 #include <errno.h>
55 #define	NFSCLIENT
56 #include <nfs/nfs.h>
57 #include <nfs/mount.h>
58 #include <rpcsvc/mount.h>
59 #include <rpc/nettype.h>
60 #include <locale.h>
61 #include <setjmp.h>
62 #include <sys/socket.h>
63 #include <thread.h>
64 #include <limits.h>
65 #include <nss_dbdefs.h>			/* for NSS_BUFLEN_HOSTS */
66 #include <nfs/nfs_sec.h>
67 #include <sys/sockio.h>
68 #include <net/if.h>
69 #include <assert.h>
70 #include <nfs/nfs_clnt.h>
71 #include <rpcsvc/nfs4_prot.h>
72 #define	NO_RDDIR_CACHE
73 #include "automount.h"
74 #include "replica.h"
75 #include "nfs_subr.h"
76 #include "webnfs.h"
77 #include <sys/sockio.h>
78 #include <net/if.h>
79 #include <assert.h>
80 #include <rpcsvc/daemon_utils.h>
81 #include <pwd.h>
82 #include <strings.h>
83 #include <tsol/label.h>
84 #include <zone.h>
85 
86 extern void set_nfsv4_ephemeral_mount_to(void);
87 
88 extern char *nfs_get_qop_name();
89 extern AUTH *nfs_create_ah();
90 extern enum snego_stat nfs_sec_nego();
91 
92 #define	MAXHOSTS	512
93 
94 /* number of transports to try */
95 #define	MNT_PREF_LISTLEN	2
96 #define	FIRST_TRY		1
97 #define	SECOND_TRY		2
98 
99 #define	MNTTYPE_CACHEFS "cachefs"
100 
101 /*
102  * host cache states
103  */
104 #define	NOHOST		0
105 #define	GOODHOST	1
106 #define	DEADHOST	2
107 
108 #define	NFS_ARGS_EXTB_secdata(args, secdata) \
109 	{ (args).nfs_args_ext = NFS_ARGS_EXTB, \
110 	(args).nfs_ext_u.nfs_extB.secdata = secdata; }
111 
112 struct cache_entry {
113 	struct	cache_entry *cache_next;
114 	char	*cache_host;
115 	time_t	cache_time;
116 	int	cache_state;
117 	rpcvers_t cache_reqvers;
118 	rpcvers_t cache_outvers;
119 	char	*cache_proto;
120 };
121 
122 struct mfs_snego_t {
123 	int sec_opt;
124 	bool_t snego_done;
125 	char *nfs_flavor;
126 	seconfig_t nfs_sec;
127 };
128 typedef struct mfs_snego_t mfs_snego_t;
129 
130 static struct cache_entry *cache_head = NULL;
131 rwlock_t cache_lock;	/* protect the cache chain */
132 
133 static enum nfsstat nfsmount(struct mapfs *, char *, char *, int, int, uid_t,
134 	action_list *);
135 static int is_nfs_port(char *);
136 
137 void netbuf_free(struct netbuf *);
138 struct knetconfig *get_knconf(struct netconfig *);
139 void free_knconf(struct knetconfig *);
140 static int get_pathconf(CLIENT *, char *, char *, struct pathcnf **, int);
141 static struct mapfs *enum_servers(struct mapent *, char *);
142 static struct mapfs *get_mysubnet_servers(struct mapfs *);
143 static int subnet_test(int af, struct sioc_addrreq *);
144 static	struct	netbuf *get_addr(char *, rpcprog_t, rpcvers_t,
145 	struct netconfig **, char *, ushort_t, struct t_info *);
146 
147 static	struct	netbuf *get_pubfh(char *, rpcvers_t, mfs_snego_t *,
148 	struct netconfig **, char *, ushort_t, struct t_info *, caddr_t *,
149 	bool_t, char *);
150 
151 static int create_homedir(const char *, const char *);
152 
153 enum type_of_stuff {
154 	SERVER_ADDR = 0,
155 	SERVER_PING = 1,
156 	SERVER_FH = 2
157 };
158 
159 void *get_server_stuff(enum type_of_stuff, char *, rpcprog_t,
160 	rpcvers_t, mfs_snego_t *, struct netconfig **, char *, ushort_t,
161 	struct t_info *, caddr_t *, bool_t, char *, enum clnt_stat *);
162 
163 void *get_the_stuff(enum type_of_stuff, char *, rpcprog_t,
164 	rpcvers_t, mfs_snego_t *, struct netconfig *, ushort_t, struct t_info *,
165 	caddr_t *, bool_t, char *, enum clnt_stat *);
166 
167 struct mapfs *add_mfs(struct mapfs *, int, struct mapfs **, struct mapfs **);
168 void free_mfs(struct mapfs *);
169 static void dump_mfs(struct mapfs *, char *, int);
170 static char *dump_distance(struct mapfs *);
171 static void cache_free(struct cache_entry *);
172 static int cache_check(char *, rpcvers_t *, char *);
173 static void cache_enter(char *, rpcvers_t, rpcvers_t, char *, int);
174 void destroy_auth_client_handle(CLIENT *cl);
175 
176 #ifdef CACHE_DEBUG
177 static void trace_host_cache();
178 static void trace_portmap_cache();
179 #endif /* CACHE_DEBUG */
180 
181 static int rpc_timeout = 20;
182 
183 #ifdef CACHE_DEBUG
184 /*
185  * host cache counters. These variables do not need to be protected
186  * by mutex's. They have been added to measure the utility of the
187  * goodhost/deadhost cache in the lazy hierarchical mounting scheme.
188  */
189 static int host_cache_accesses = 0;
190 static int host_cache_lookups = 0;
191 static int deadhost_cache_hits = 0;
192 static int goodhost_cache_hits = 0;
193 
194 /*
195  * portmap cache counters. These variables do not need to be protected
196  * by mutex's. They have been added to measure the utility of the portmap
197  * cache in the lazy hierarchical mounting scheme.
198  */
199 static int portmap_cache_accesses = 0;
200 static int portmap_cache_lookups = 0;
201 static int portmap_cache_hits = 0;
202 #endif /* CACHE_DEBUG */
203 
204 /*
205  * There are the defaults (range) for the client when determining
206  * which NFS version to use when probing the server (see above).
207  * These will only be used when the vers mount option is not used and
208  * these may be reset if /etc/default/nfs is configured to do so.
209  */
210 static rpcvers_t vers_max_default = NFS_VERSMAX_DEFAULT;
211 static rpcvers_t vers_min_default = NFS_VERSMIN_DEFAULT;
212 
213 /*
214  * list of support services needed
215  */
216 static char	*service_list[] = { STATD, LOCKD, NULL };
217 static char	*service_list_v4[] = { STATD, LOCKD, NFS4CBD, NFSMAPID, NULL };
218 
219 static void read_default_nfs(void);
220 static int is_v4_mount(char *);
221 static void start_nfs4cbd(void);
222 
223 int
224 mount_nfs(
225 	struct mapent *me,
226 	char *mntpnt,
227 	char *prevhost,
228 	int overlay,
229 	uid_t uid,
230 	action_list **alpp)
231 {
232 	struct mapfs *mfs, *mp;
233 	int err = -1;
234 	int cached;
235 	action_list *alp;
236 
237 
238 	alp = *alpp;
239 
240 	read_default_nfs();
241 
242 	mfs = enum_servers(me, prevhost);
243 	if (mfs == NULL)
244 		return (ENOENT);
245 
246 	/*
247 	 * Try loopback if we have something on localhost; if nothing
248 	 * works, we will fall back to NFS
249 	 */
250 	if (is_nfs_port(me->map_mntopts)) {
251 		for (mp = mfs; mp; mp = mp->mfs_next) {
252 			if (self_check(mp->mfs_host)) {
253 				err = loopbackmount(mp->mfs_dir,
254 				    mntpnt, me->map_mntopts, overlay);
255 				if (err) {
256 					mp->mfs_ignore = 1;
257 				} else {
258 					/*
259 					 * Free action_list if there
260 					 * is one as it is not needed.
261 					 * Make sure to set alpp to null
262 					 * so caller doesn't try to free it
263 					 * again.
264 					 */
265 					if (*alpp) {
266 						free(*alpp);
267 						*alpp = NULL;
268 					}
269 					break;
270 				}
271 			}
272 		}
273 	}
274 	if (err) {
275 		cached = strcmp(me->map_mounter, MNTTYPE_CACHEFS) == 0;
276 		err = nfsmount(mfs, mntpnt, me->map_mntopts,
277 		    cached, overlay, uid, alp);
278 		if (err && trace > 1) {
279 			trace_prt(1, "	Couldn't mount %s:%s, err=%d\n",
280 			    mfs->mfs_host, mfs->mfs_dir, err);
281 		}
282 	}
283 	free_mfs(mfs);
284 	return (err);
285 }
286 
287 
288 /*
289  * Using the new ioctl SIOCTONLINK to determine if a host is on the same
290  * subnet. Remove the old network, subnet check.
291  */
292 
293 static struct mapfs *
294 get_mysubnet_servers(struct mapfs *mfs_in)
295 {
296 	int s;
297 	struct mapfs *mfs, *p, *mfs_head = NULL, *mfs_tail = NULL;
298 
299 	struct netconfig *nconf;
300 	NCONF_HANDLE *nc = NULL;
301 	struct nd_hostserv hs;
302 	struct nd_addrlist *retaddrs;
303 	struct netbuf *nb;
304 	struct sioc_addrreq areq;
305 	int res;
306 	int af;
307 	int i;
308 	int sa_size;
309 
310 	hs.h_serv = "rpcbind";
311 
312 	for (mfs = mfs_in; mfs; mfs = mfs->mfs_next) {
313 		nc = setnetconfig();
314 
315 		while (nconf = getnetconfig(nc)) {
316 
317 			/*
318 			 * Care about INET family only. proto_done flag
319 			 * indicates if we have already covered this
320 			 * protocol family. If so skip it
321 			 */
322 			if (((strcmp(nconf->nc_protofmly, NC_INET6) == 0) ||
323 			    (strcmp(nconf->nc_protofmly, NC_INET) == 0)) &&
324 			    (nconf->nc_semantics == NC_TPI_CLTS)) {
325 			} else
326 				continue;
327 
328 			hs.h_host = mfs->mfs_host;
329 
330 			if (netdir_getbyname(nconf, &hs, &retaddrs) != ND_OK)
331 				continue;
332 
333 			/*
334 			 * For each host address see if it's on our
335 			 * local subnet.
336 			 */
337 
338 			if (strcmp(nconf->nc_protofmly, NC_INET6) == 0)
339 				af = AF_INET6;
340 			else
341 				af = AF_INET;
342 			nb = retaddrs->n_addrs;
343 			for (i = 0; i < retaddrs->n_cnt; i++, nb++) {
344 				memset(&areq.sa_addr, 0, sizeof (areq.sa_addr));
345 				memcpy(&areq.sa_addr, nb->buf, MIN(nb->len,
346 				    sizeof (areq.sa_addr)));
347 				if (res = subnet_test(af, &areq)) {
348 					p = add_mfs(mfs, DIST_MYNET,
349 					    &mfs_head, &mfs_tail);
350 					if (!p) {
351 						netdir_free(retaddrs,
352 						    ND_ADDRLIST);
353 						endnetconfig(nc);
354 						return (NULL);
355 					}
356 					break;
357 				}
358 			}  /* end of every host */
359 			if (trace > 2) {
360 				trace_prt(1, "get_mysubnet_servers: host=%s "
361 				    "netid=%s res=%s\n", mfs->mfs_host,
362 				    nconf->nc_netid, res == 1?"SUC":"FAIL");
363 			}
364 
365 			netdir_free(retaddrs, ND_ADDRLIST);
366 		} /* end of while */
367 
368 		endnetconfig(nc);
369 
370 	} /* end of every map */
371 
372 	return (mfs_head);
373 
374 }
375 
376 int
377 subnet_test(int af, struct sioc_addrreq *areq)
378 {
379 	int s;
380 
381 	if ((s = socket(af, SOCK_DGRAM, 0)) < 0) {
382 		return (0);
383 	}
384 
385 	areq->sa_res = -1;
386 
387 	if (ioctl(s, SIOCTONLINK, (caddr_t)areq) < 0) {
388 		syslog(LOG_ERR, "subnet_test:SIOCTONLINK failed");
389 		return (0);
390 	}
391 	close(s);
392 	if (areq->sa_res == 1)
393 		return (1);
394 	else
395 		return (0);
396 
397 
398 }
399 
400 /*
401  * ping a bunch of hosts at once and sort by who responds first
402  */
403 static struct mapfs *
404 sort_servers(struct mapfs *mfs_in, int timeout)
405 {
406 	struct mapfs *m1 = NULL;
407 	enum clnt_stat clnt_stat;
408 
409 	if (!mfs_in)
410 		return (NULL);
411 
412 	clnt_stat = nfs_cast(mfs_in, &m1, timeout);
413 
414 	if (!m1) {
415 		char buff[2048] = {'\0'};
416 
417 		for (m1 = mfs_in; m1; m1 = m1->mfs_next) {
418 			(void) strcat(buff, m1->mfs_host);
419 			if (m1->mfs_next)
420 				(void) strcat(buff, ",");
421 		}
422 
423 		syslog(LOG_ERR, "servers %s not responding: %s",
424 		    buff, clnt_sperrno(clnt_stat));
425 	}
426 
427 	return (m1);
428 }
429 
430 /*
431  * Add a mapfs entry to the list described by *mfs_head and *mfs_tail,
432  * provided it is not marked "ignored" and isn't a dupe of ones we've
433  * already seen.
434  */
435 struct mapfs *
436 add_mfs(struct mapfs *mfs, int distance, struct mapfs **mfs_head,
437 	struct mapfs **mfs_tail)
438 {
439 	struct mapfs *tmp, *new;
440 
441 	for (tmp = *mfs_head; tmp; tmp = tmp->mfs_next)
442 		if ((strcmp(tmp->mfs_host, mfs->mfs_host) == 0 &&
443 		    strcmp(tmp->mfs_dir, mfs->mfs_dir) == 0) ||
444 		    mfs->mfs_ignore)
445 			return (*mfs_head);
446 	new = (struct mapfs *)malloc(sizeof (struct mapfs));
447 	if (!new) {
448 		syslog(LOG_ERR, "Memory allocation failed: %m");
449 		return (NULL);
450 	}
451 	bcopy(mfs, new, sizeof (struct mapfs));
452 	new->mfs_next = NULL;
453 	if (distance)
454 		new->mfs_distance = distance;
455 	if (!*mfs_head)
456 		*mfs_tail = *mfs_head = new;
457 	else {
458 		(*mfs_tail)->mfs_next = new;
459 		*mfs_tail = new;
460 	}
461 	return (*mfs_head);
462 }
463 
464 static void
465 dump_mfs(struct mapfs *mfs, char *message, int level)
466 {
467 	struct mapfs *m1;
468 
469 	if (trace <= level)
470 		return;
471 
472 	trace_prt(1, "%s", message);
473 	if (!mfs) {
474 		trace_prt(0, "mfs is null\n");
475 		return;
476 	}
477 	for (m1 = mfs; m1; m1 = m1->mfs_next)
478 		trace_prt(0, "%s[%s] ", m1->mfs_host, dump_distance(m1));
479 	trace_prt(0, "\n");
480 }
481 
482 static char *
483 dump_distance(struct mapfs *mfs)
484 {
485 	switch (mfs->mfs_distance) {
486 	case 0:			return ("zero");
487 	case DIST_SELF:		return ("self");
488 	case DIST_MYSUB:	return ("mysub");
489 	case DIST_MYNET:	return ("mynet");
490 	case DIST_OTHER:	return ("other");
491 	default:		return ("other");
492 	}
493 }
494 
495 /*
496  * Walk linked list "raw", building a new list consisting of members
497  * NOT found in list "filter", returning the result.
498  */
499 static struct mapfs *
500 filter_mfs(struct mapfs *raw, struct mapfs *filter)
501 {
502 	struct mapfs *mfs, *p, *mfs_head = NULL, *mfs_tail = NULL;
503 	int skip;
504 
505 	if (!raw)
506 		return (NULL);
507 	for (mfs = raw; mfs; mfs = mfs->mfs_next) {
508 		for (skip = 0, p = filter; p; p = p->mfs_next) {
509 			if (strcmp(p->mfs_host, mfs->mfs_host) == 0 &&
510 			    strcmp(p->mfs_dir, mfs->mfs_dir) == 0) {
511 				skip = 1;
512 				break;
513 			}
514 		}
515 		if (skip)
516 			continue;
517 		p = add_mfs(mfs, 0, &mfs_head, &mfs_tail);
518 		if (!p)
519 			return (NULL);
520 	}
521 	return (mfs_head);
522 }
523 
524 /*
525  * Walk a linked list of mapfs structs, freeing each member.
526  */
527 void
528 free_mfs(struct mapfs *mfs)
529 {
530 	struct mapfs *tmp;
531 
532 	while (mfs) {
533 		tmp = mfs->mfs_next;
534 		free(mfs);
535 		mfs = tmp;
536 	}
537 }
538 
539 /*
540  * New code for NFS client failover: we need to carry and sort
541  * lists of server possibilities rather than return a single
542  * entry.  It preserves previous behaviour of sorting first by
543  * locality (loopback-or-preferred/subnet/net/other) and then
544  * by ping times.  We'll short-circuit this process when we
545  * have ENOUGH or more entries.
546  */
547 static struct mapfs *
548 enum_servers(struct mapent *me, char *preferred)
549 {
550 	struct mapfs *p, *m1, *m2, *mfs_head = NULL, *mfs_tail = NULL;
551 
552 	/*
553 	 * Short-circuit for simple cases.
554 	 */
555 	if (!me->map_fs->mfs_next) {
556 		p = add_mfs(me->map_fs, DIST_OTHER, &mfs_head, &mfs_tail);
557 		if (!p)
558 			return (NULL);
559 		return (mfs_head);
560 	}
561 
562 	dump_mfs(me->map_fs, "	enum_servers: mapent: ", 2);
563 
564 	/*
565 	 * get addresses & see if any are myself
566 	 * or were mounted from previously in a
567 	 * hierarchical mount.
568 	 */
569 	if (trace > 2)
570 		trace_prt(1, "	enum_servers: looking for pref/self\n");
571 	for (m1 = me->map_fs; m1; m1 = m1->mfs_next) {
572 		if (m1->mfs_ignore)
573 			continue;
574 		if (self_check(m1->mfs_host) ||
575 		    strcmp(m1->mfs_host, preferred) == 0) {
576 			p = add_mfs(m1, DIST_SELF, &mfs_head, &mfs_tail);
577 			if (!p)
578 				return (NULL);
579 		}
580 	}
581 	if (trace > 2 && m1)
582 		trace_prt(1, "	enum_servers: pref/self found, %s\n",
583 		    m1->mfs_host);
584 
585 	/*
586 	 * look for entries on this subnet
587 	 */
588 	dump_mfs(m1, "	enum_servers: input of get_mysubnet_servers: ", 2);
589 	m1 = get_mysubnet_servers(me->map_fs);
590 	dump_mfs(m1, "	enum_servers: output of get_mysubnet_servers: ", 3);
591 	if (m1 && m1->mfs_next) {
592 		m2 = sort_servers(m1, rpc_timeout / 2);
593 		dump_mfs(m2, "	enum_servers: output of sort_servers: ", 3);
594 		free_mfs(m1);
595 		m1 = m2;
596 	}
597 
598 	for (m2 = m1; m2; m2 = m2->mfs_next) {
599 		p = add_mfs(m2, 0, &mfs_head, &mfs_tail);
600 		if (!p)
601 			return (NULL);
602 	}
603 	if (m1)
604 		free_mfs(m1);
605 
606 	/*
607 	 * add the rest of the entries at the end
608 	 */
609 	m1 = filter_mfs(me->map_fs, mfs_head);
610 	dump_mfs(m1, "	enum_servers: etc: output of filter_mfs: ", 3);
611 	m2 = sort_servers(m1, rpc_timeout / 2);
612 	dump_mfs(m2, "	enum_servers: etc: output of sort_servers: ", 3);
613 	if (m1)
614 		free_mfs(m1);
615 	m1 = m2;
616 	for (m2 = m1; m2; m2 = m2->mfs_next) {
617 		p = add_mfs(m2, DIST_OTHER, &mfs_head, &mfs_tail);
618 		if (!p)
619 			return (NULL);
620 	}
621 	if (m1)
622 		free_mfs(m1);
623 
624 done:
625 	dump_mfs(mfs_head, "  enum_servers: output: ", 1);
626 	return (mfs_head);
627 }
628 
629 static enum nfsstat
630 nfsmount(
631 	struct mapfs *mfs_in,
632 	char *mntpnt, char *opts,
633 	int cached, int overlay,
634 	uid_t uid,
635 	action_list *alp)
636 {
637 	CLIENT *cl;
638 	char remname[MAXPATHLEN], *mnttabtext = NULL;
639 	char mopts[MAX_MNTOPT_STR];
640 	char netname[MAXNETNAMELEN+1];
641 	char	*mntopts = NULL;
642 	int mnttabcnt = 0;
643 	int loglevel;
644 	struct mnttab m;
645 	struct nfs_args *argp = NULL, *head = NULL, *tail = NULL,
646 	    *prevhead, *prevtail;
647 	int flags;
648 	struct fhstatus fhs;
649 	struct timeval timeout;
650 	enum clnt_stat rpc_stat;
651 	enum nfsstat status;
652 	struct stat stbuf;
653 	struct netconfig *nconf;
654 	rpcvers_t vers, versmin; /* used to negotiate nfs version in pingnfs */
655 				/* and mount version with mountd */
656 	rpcvers_t outvers;	/* final version to be used during mount() */
657 	rpcvers_t nfsvers;	/* version in map options, 0 if not there */
658 	rpcvers_t mountversmax;	/* tracks the max mountvers during retries */
659 
660 	/* used to negotiate nfs version using webnfs */
661 	rpcvers_t pubvers, pubversmin, pubversmax;
662 	int posix;
663 	struct nd_addrlist *retaddrs;
664 	struct mountres3 res3;
665 	nfs_fh3 fh3;
666 	char *fstype;
667 	int count, i;
668 	char scerror_msg[MAXMSGLEN];
669 	int *auths;
670 	int delay;
671 	int retries;
672 	char *nfs_proto = NULL;
673 	uint_t nfs_port = 0;
674 	char *p, *host, *rhost, *dir;
675 	struct mapfs *mfs = NULL;
676 	int error, last_error = 0;
677 	int replicated;
678 	int entries = 0;
679 	int v2cnt = 0, v3cnt = 0, v4cnt = 0;
680 	int v2near = 0, v3near = 0, v4near = 0;
681 	int skipentry = 0;
682 	char *nfs_flavor;
683 	seconfig_t nfs_sec;
684 	int sec_opt, scerror;
685 	struct sec_data *secdata;
686 	int secflags;
687 	struct netbuf *syncaddr;
688 	bool_t	use_pubfh;
689 	ushort_t thisport;
690 	int got_val;
691 	mfs_snego_t mfssnego_init, mfssnego;
692 
693 	dump_mfs(mfs_in, "  nfsmount: input: ", 2);
694 	replicated = (mfs_in->mfs_next != NULL);
695 	m.mnt_mntopts = opts;
696 	if (replicated && hasmntopt(&m, MNTOPT_SOFT)) {
697 		if (verbose)
698 			syslog(LOG_WARNING,
699 		    "mount on %s is soft and will not be replicated.", mntpnt);
700 		replicated = 0;
701 	}
702 	if (replicated && !hasmntopt(&m, MNTOPT_RO)) {
703 		if (verbose)
704 			syslog(LOG_WARNING,
705 		    "mount on %s is not read-only and will not be replicated.",
706 			    mntpnt);
707 		replicated = 0;
708 	}
709 	if (replicated && cached) {
710 		if (verbose)
711 			syslog(LOG_WARNING,
712 		    "mount on %s is cached and will not be replicated.",
713 			    mntpnt);
714 		replicated = 0;
715 	}
716 	if (replicated)
717 		loglevel = LOG_WARNING;
718 	else
719 		loglevel = LOG_ERR;
720 
721 	if (trace > 1) {
722 		if (replicated)
723 			trace_prt(1, "	nfsmount: replicated mount on %s %s:\n",
724 			    mntpnt, opts);
725 		else
726 			trace_prt(1, "	nfsmount: standard mount on %s %s:\n",
727 			    mntpnt, opts);
728 		for (mfs = mfs_in; mfs; mfs = mfs->mfs_next)
729 			trace_prt(1, "	  %s:%s\n",
730 			    mfs->mfs_host, mfs->mfs_dir);
731 	}
732 
733 	/*
734 	 * Make sure mountpoint is safe to mount on
735 	 */
736 	if (lstat(mntpnt, &stbuf) < 0) {
737 		syslog(LOG_ERR, "Couldn't stat %s: %m", mntpnt);
738 		return (NFSERR_NOENT);
739 	}
740 
741 	/*
742 	 * Get protocol specified in options list, if any.
743 	 */
744 	if ((str_opt(&m, "proto", &nfs_proto)) == -1) {
745 		return (NFSERR_NOENT);
746 	}
747 
748 	/*
749 	 * Get port specified in options list, if any.
750 	 */
751 	got_val = nopt(&m, MNTOPT_PORT, (int *)&nfs_port);
752 	if (!got_val)
753 		nfs_port = 0;	/* "unspecified" */
754 	if (nfs_port > USHRT_MAX) {
755 		syslog(LOG_ERR, "%s: invalid port number %d", mntpnt, nfs_port);
756 		return (NFSERR_NOENT);
757 	}
758 
759 	/*
760 	 * Set mount(2) flags here, outside of the loop.
761 	 */
762 	flags = MS_OPTIONSTR;
763 	flags |= (hasmntopt(&m, MNTOPT_RO) == NULL) ? 0 : MS_RDONLY;
764 	flags |= (hasmntopt(&m, MNTOPT_NOSUID) == NULL) ? 0 : MS_NOSUID;
765 	flags |= overlay ? MS_OVERLAY : 0;
766 	if (mntpnt[strlen(mntpnt) - 1] != ' ')
767 		/* direct mount point without offsets */
768 		flags |= MS_OVERLAY;
769 
770 	use_pubfh = (hasmntopt(&m, MNTOPT_PUBLIC) == NULL) ? FALSE : TRUE;
771 
772 	(void) memset(&mfssnego_init, 0, sizeof (mfs_snego_t));
773 	if (hasmntopt(&m, MNTOPT_SECURE) != NULL) {
774 		if (++mfssnego_init.sec_opt > 1) {
775 			syslog(loglevel,
776 			    "conflicting security options");
777 			return (NFSERR_IO);
778 		}
779 		if (nfs_getseconfig_byname("dh", &mfssnego_init.nfs_sec)) {
780 			syslog(loglevel,
781 			    "error getting dh information from %s",
782 			    NFSSEC_CONF);
783 			return (NFSERR_IO);
784 		}
785 	}
786 
787 	if (hasmntopt(&m, MNTOPT_SEC) != NULL) {
788 		if ((str_opt(&m, MNTOPT_SEC,
789 		    &mfssnego_init.nfs_flavor)) == -1) {
790 			syslog(LOG_ERR, "nfsmount: no memory");
791 			return (NFSERR_IO);
792 		}
793 	}
794 
795 	if (mfssnego_init.nfs_flavor) {
796 		if (++mfssnego_init.sec_opt > 1) {
797 			syslog(loglevel,
798 			    "conflicting security options");
799 			free(mfssnego_init.nfs_flavor);
800 			return (NFSERR_IO);
801 		}
802 		if (nfs_getseconfig_byname(mfssnego_init.nfs_flavor,
803 		    &mfssnego_init.nfs_sec)) {
804 			syslog(loglevel,
805 			    "error getting %s information from %s",
806 			    mfssnego_init.nfs_flavor, NFSSEC_CONF);
807 			free(mfssnego_init.nfs_flavor);
808 			return (NFSERR_IO);
809 		}
810 		free(mfssnego_init.nfs_flavor);
811 	}
812 
813 nextentry:
814 	skipentry = 0;
815 
816 	got_val = nopt(&m, MNTOPT_VERS, (int *)&nfsvers);
817 	if (!got_val)
818 		nfsvers = 0;	/* "unspecified" */
819 	if (set_versrange(nfsvers, &vers, &versmin) != 0) {
820 		syslog(LOG_ERR, "Incorrect NFS version specified for %s",
821 		    mntpnt);
822 		last_error = NFSERR_NOENT;
823 		goto ret;
824 	}
825 
826 	if (nfsvers != 0) {
827 		pubversmax = pubversmin = nfsvers;
828 	} else {
829 		pubversmax = vers;
830 		pubversmin = versmin;
831 	}
832 
833 	/*
834 	 * Walk the whole list, pinging and collecting version
835 	 * info so that we can make sure the mount will be
836 	 * homogeneous with respect to version.
837 	 *
838 	 * If we have a version preference, this is easy; we'll
839 	 * just reject anything that doesn't match.
840 	 *
841 	 * If not, we want to try to provide the best compromise
842 	 * that considers proximity, preference for a higher version,
843 	 * sorted order, and number of replicas.  We will count
844 	 * the number of V2 and V3 replicas and also the number
845 	 * which are "near", i.e. the localhost or on the same
846 	 * subnet.
847 	 */
848 	for (mfs = mfs_in; mfs; mfs = mfs->mfs_next) {
849 
850 
851 		if (mfs->mfs_ignore)
852 			continue;
853 
854 		/*
855 		 * If the host is '[a:d:d:r:e:s:s'],
856 		 * only use 'a:d:d:r:e:s:s' for communication
857 		 */
858 		host = strdup(mfs->mfs_host);
859 		if (host == NULL) {
860 			syslog(LOG_ERR, "nfsmount: no memory");
861 			last_error = NFSERR_IO;
862 			goto out;
863 		}
864 		unbracket(&host);
865 
866 		(void) memcpy(&mfssnego, &mfssnego_init, sizeof (mfs_snego_t));
867 
868 		if (use_pubfh == TRUE || mfs->mfs_flags & MFS_URL) {
869 			char *path;
870 
871 			if (nfs_port != 0 && mfs->mfs_port != 0 &&
872 			    nfs_port != mfs->mfs_port) {
873 
874 				syslog(LOG_ERR, "nfsmount: port (%u) in nfs URL"
875 				    " not the same as port (%d) in port "
876 				    "option\n", mfs->mfs_port, nfs_port);
877 				last_error = NFSERR_IO;
878 				goto out;
879 
880 			} else if (nfs_port != 0)
881 				thisport = nfs_port;
882 			else
883 				thisport = mfs->mfs_port;
884 
885 			dir = mfs->mfs_dir;
886 
887 			if ((mfs->mfs_flags & MFS_URL) == 0) {
888 				path = malloc(strlen(dir) + 2);
889 				if (path == NULL) {
890 					syslog(LOG_ERR, "nfsmount: no memory");
891 					last_error = NFSERR_IO;
892 					goto out;
893 				}
894 				path[0] = (char)WNL_NATIVEPATH;
895 				(void) strcpy(&path[1], dir);
896 			} else {
897 				path = dir;
898 			}
899 
900 			argp = (struct nfs_args *)
901 			    malloc(sizeof (struct nfs_args));
902 
903 			if (!argp) {
904 				if (path != dir)
905 					free(path);
906 				syslog(LOG_ERR, "nfsmount: no memory");
907 				last_error = NFSERR_IO;
908 				goto out;
909 			}
910 			(void) memset(argp, 0, sizeof (*argp));
911 
912 			/*
913 			 * RDMA support
914 			 * By now Mount argument struct has been allocated,
915 			 * either a pub_fh path will be taken or the regular
916 			 * one. So here if a protocol was specified and it
917 			 * was not rdma we let it be, else we set DO_RDMA.
918 			 * If no proto was there we advise on trying RDMA.
919 			 */
920 			if (nfs_proto) {
921 				if (strcmp(nfs_proto, "rdma") == 0) {
922 					free(nfs_proto);
923 					nfs_proto = NULL;
924 					argp->flags |= NFSMNT_DORDMA;
925 				}
926 			} else
927 				argp->flags |= NFSMNT_TRYRDMA;
928 
929 			for (pubvers = pubversmax; pubvers >= pubversmin;
930 			    pubvers--) {
931 
932 				nconf = NULL;
933 				argp->addr = get_pubfh(host, pubvers, &mfssnego,
934 				    &nconf, nfs_proto, thisport, NULL,
935 				    &argp->fh, TRUE, path);
936 
937 				if (argp->addr != NULL)
938 					break;
939 
940 				if (nconf != NULL)
941 					freenetconfigent(nconf);
942 			}
943 
944 			if (path != dir)
945 				free(path);
946 
947 			if (argp->addr != NULL) {
948 
949 				/*
950 				 * The use of llock option for NFSv4
951 				 * mounts is not required since file
952 				 * locking is included within the protocol
953 				 */
954 				if (pubvers != NFS_V4)
955 					argp->flags |= NFSMNT_LLOCK;
956 
957 				argp->flags |= NFSMNT_PUBLIC;
958 
959 				vers = pubvers;
960 				mfs->mfs_args = argp;
961 				mfs->mfs_version = pubvers;
962 				mfs->mfs_nconf = nconf;
963 				mfs->mfs_flags |= MFS_FH_VIA_WEBNFS;
964 
965 			} else {
966 				free(argp);
967 
968 				/*
969 				 * If -public was specified, give up
970 				 * on this entry now.
971 				 */
972 				if (use_pubfh == TRUE) {
973 					syslog(loglevel,
974 					    "%s: no public file handle support",
975 					    host);
976 					last_error = NFSERR_NOENT;
977 					mfs->mfs_ignore = 1;
978 					continue;
979 				}
980 
981 				/*
982 				 * Back off to a conventional mount.
983 				 *
984 				 * URL's can contain escape characters. Get
985 				 * rid of them.
986 				 */
987 				path = malloc(strlen(dir) + 2);
988 
989 				if (path == NULL) {
990 					syslog(LOG_ERR, "nfsmount: no memory");
991 					last_error = NFSERR_IO;
992 					goto out;
993 				}
994 
995 				strcpy(path, dir);
996 				URLparse(path);
997 				mfs->mfs_dir = path;
998 				mfs->mfs_flags |= MFS_ALLOC_DIR;
999 				mfs->mfs_flags &= ~MFS_URL;
1000 			}
1001 		}
1002 
1003 		if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) ==  0) {
1004 			i = pingnfs(host, get_retry(opts) + 1, &vers, versmin,
1005 			    0, FALSE, NULL, nfs_proto);
1006 			if (i != RPC_SUCCESS) {
1007 				if (i == RPC_PROGVERSMISMATCH) {
1008 					syslog(loglevel, "server %s: NFS "
1009 					    "protocol version mismatch",
1010 					    host);
1011 				} else {
1012 					syslog(loglevel, "server %s not "
1013 					    "responding", host);
1014 				}
1015 				mfs->mfs_ignore = 1;
1016 				last_error = NFSERR_NOENT;
1017 				continue;
1018 			}
1019 			if (nfsvers != 0 && nfsvers != vers) {
1020 				if (nfs_proto == NULL)
1021 					syslog(loglevel,
1022 					    "NFS version %d "
1023 					    "not supported by %s",
1024 					    nfsvers, host);
1025 				else
1026 					syslog(loglevel,
1027 					    "NFS version %d "
1028 					    "with proto %s "
1029 					    "not supported by %s",
1030 					    nfsvers, nfs_proto, host);
1031 				mfs->mfs_ignore = 1;
1032 				last_error = NFSERR_NOENT;
1033 				continue;
1034 			}
1035 		}
1036 
1037 		free(host);
1038 
1039 		switch (vers) {
1040 		case NFS_V4: v4cnt++; break;
1041 		case NFS_V3: v3cnt++; break;
1042 		case NFS_VERSION: v2cnt++; break;
1043 		default: break;
1044 		}
1045 
1046 		/*
1047 		 * It's not clear how useful this stuff is if
1048 		 * we are using webnfs across the internet, but it
1049 		 * can't hurt.
1050 		 */
1051 		if (mfs->mfs_distance &&
1052 		    mfs->mfs_distance <= DIST_MYSUB) {
1053 			switch (vers) {
1054 			case NFS_V4: v4near++; break;
1055 			case NFS_V3: v3near++; break;
1056 			case NFS_VERSION: v2near++; break;
1057 			default: break;
1058 			}
1059 		}
1060 
1061 		/*
1062 		 * If the mount is not replicated, we don't want to
1063 		 * ping every entry, so we'll stop here.  This means
1064 		 * that we may have to go back to "nextentry" above
1065 		 * to consider another entry if we can't get
1066 		 * all the way to mount(2) with this one.
1067 		 */
1068 		if (!replicated)
1069 			break;
1070 
1071 	}
1072 
1073 	if (nfsvers == 0) {
1074 		/*
1075 		 * Choose the NFS version.
1076 		 * We prefer higher versions, but will choose a one-
1077 		 * version downgrade in service if we can use a local
1078 		 * network interface and avoid a router.
1079 		 */
1080 		if (v4cnt && v4cnt >= v3cnt && (v4near || !v3near))
1081 			nfsvers = NFS_V4;
1082 		else if (v3cnt && v3cnt >= v2cnt && (v3near || !v2near))
1083 			nfsvers = NFS_V3;
1084 		else
1085 			nfsvers = NFS_VERSION;
1086 		if (trace > 2)
1087 			trace_prt(1,
1088 		    "  nfsmount: v4=%d[%d]v3=%d[%d],v2=%d[%d] => v%d.\n",
1089 			    v4cnt, v4near, v3cnt, v3near,
1090 			    v2cnt, v2near, nfsvers);
1091 	}
1092 
1093 	/*
1094 	 * Since we don't support different NFS versions in replicated
1095 	 * mounts, set fstype now.
1096 	 * Also take the opportunity to set
1097 	 * the mount protocol version as appropriate.
1098 	 */
1099 	switch (nfsvers) {
1100 	case NFS_V4:
1101 		fstype = MNTTYPE_NFS4;
1102 		break;
1103 	case NFS_V3:
1104 		fstype = MNTTYPE_NFS3;
1105 		if (use_pubfh == FALSE) {
1106 			mountversmax = MOUNTVERS3;
1107 			versmin = MOUNTVERS3;
1108 		}
1109 		break;
1110 	case NFS_VERSION:
1111 		fstype = MNTTYPE_NFS;
1112 		if (use_pubfh == FALSE) {
1113 			mountversmax = MOUNTVERS_POSIX;
1114 			versmin = MOUNTVERS;
1115 		}
1116 		break;
1117 	}
1118 
1119 	/*
1120 	 * Our goal here is to evaluate each of several possible
1121 	 * replicas and try to come up with a list we can hand
1122 	 * to mount(2).  If we don't have a valid "head" at the
1123 	 * end of this process, it means we have rejected all
1124 	 * potential server:/path tuples.  We will fail quietly
1125 	 * in front of mount(2), and will have printed errors
1126 	 * where we found them.
1127 	 * XXX - do option work outside loop w careful design
1128 	 * XXX - use macro for error condition free handling
1129 	 */
1130 	for (mfs = mfs_in; mfs; mfs = mfs->mfs_next) {
1131 
1132 		/*
1133 		 * Initialize retry and delay values on a per-server basis.
1134 		 */
1135 		retries = get_retry(opts);
1136 		delay = INITDELAY;
1137 retry:
1138 		if (mfs->mfs_ignore)
1139 			continue;
1140 
1141 		/*
1142 		 * If we don't have a fh yet, and if this is not a replicated
1143 		 * mount, we haven't done a pingnfs() on the next entry,
1144 		 * so we don't know if the next entry is up or if it
1145 		 * supports an NFS version we like.  So if we had a problem
1146 		 * with an entry, we need to go back and run through some new
1147 		 * code.
1148 		 */
1149 		if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) == 0 &&
1150 		    !replicated && skipentry)
1151 			goto nextentry;
1152 
1153 		vers = mountversmax;
1154 		host = mfs->mfs_host;
1155 		dir = mfs->mfs_dir;
1156 
1157 		/*
1158 		 * Remember the possible '[a:d:d:r:e:s:s]' as the address to be
1159 		 * later passed to mount(2) and used in the mnttab line, but
1160 		 * only use 'a:d:d:r:e:s:s' for communication
1161 		 */
1162 		rhost = strdup(host);
1163 		if (rhost == NULL) {
1164 			syslog(LOG_ERR, "nfsmount: no memory");
1165 			last_error = NFSERR_IO;
1166 			goto out;
1167 		}
1168 		unbracket(&host);
1169 
1170 		(void) sprintf(remname, "%s:%s", rhost, dir);
1171 		if (trace > 4 && replicated)
1172 			trace_prt(1, "	nfsmount: examining %s\n", remname);
1173 
1174 		/*
1175 		 * If it's cached we need to get cachefs to mount it.
1176 		 */
1177 		if (cached) {
1178 			char *copts = opts;
1179 
1180 			/*
1181 			 * If we started with a URL we need to turn on
1182 			 * -o public if not on already
1183 			 */
1184 			if (use_pubfh == FALSE &&
1185 			    (mfs->mfs_flags & MFS_FH_VIA_WEBNFS)) {
1186 
1187 				copts = malloc(strlen(opts) +
1188 				    strlen(",public")+1);
1189 
1190 				if (copts == NULL) {
1191 					syslog(LOG_ERR, "nfsmount: no memory");
1192 					last_error = NFSERR_IO;
1193 					goto out;
1194 				}
1195 
1196 				strcpy(copts, opts);
1197 
1198 				if (strlen(copts) != 0)
1199 					strcat(copts, ",");
1200 
1201 				strcat(copts, "public");
1202 			}
1203 
1204 			last_error = mount_generic(remname, MNTTYPE_CACHEFS,
1205 			    copts, mntpnt, overlay);
1206 
1207 			if (copts != opts)
1208 				free(copts);
1209 
1210 			if (last_error) {
1211 				skipentry = 1;
1212 				mfs->mfs_ignore = 1;
1213 				continue;
1214 			}
1215 			goto out;
1216 		}
1217 
1218 		if (mfs->mfs_args == NULL) {
1219 
1220 			/*
1221 			 * Allocate nfs_args structure
1222 			 */
1223 			argp = (struct nfs_args *)
1224 			    malloc(sizeof (struct nfs_args));
1225 
1226 			if (!argp) {
1227 				syslog(LOG_ERR, "nfsmount: no memory");
1228 				last_error = NFSERR_IO;
1229 				goto out;
1230 			}
1231 
1232 			(void) memset(argp, 0, sizeof (*argp));
1233 
1234 			/*
1235 			 * RDMA support
1236 			 * By now Mount argument struct has been allocated,
1237 			 * either a pub_fh path will be taken or the regular
1238 			 * one. So here if a protocol was specified and it
1239 			 * was not rdma we let it be, else we set DO_RDMA.
1240 			 * If no proto was there we advise on trying RDMA.
1241 			 */
1242 			if (nfs_proto) {
1243 				if (strcmp(nfs_proto, "rdma") == 0) {
1244 					free(nfs_proto);
1245 					nfs_proto = NULL;
1246 					argp->flags |= NFSMNT_DORDMA;
1247 				}
1248 			} else
1249 				argp->flags |= NFSMNT_TRYRDMA;
1250 		} else {
1251 			argp = mfs->mfs_args;
1252 			mfs->mfs_args = NULL;
1253 
1254 			/*
1255 			 * Skip entry if we already have file handle but the
1256 			 * NFS version is wrong.
1257 			 */
1258 			if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) &&
1259 			    mfs->mfs_version != nfsvers) {
1260 
1261 				free(argp);
1262 				skipentry = 1;
1263 				mfs->mfs_ignore = 1;
1264 				continue;
1265 			}
1266 		}
1267 
1268 		prevhead = head;
1269 		prevtail = tail;
1270 		if (!head)
1271 			head = tail = argp;
1272 		else
1273 			tail = tail->nfs_ext_u.nfs_extB.next = argp;
1274 
1275 		/*
1276 		 * WebNFS and NFSv4 behave similarly in that they
1277 		 * don't use the mount protocol.  Therefore, avoid
1278 		 * mount protocol like things when version 4 is being
1279 		 * used.
1280 		 */
1281 		if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) == 0 &&
1282 		    nfsvers != NFS_V4) {
1283 			timeout.tv_usec = 0;
1284 			timeout.tv_sec = rpc_timeout;
1285 			rpc_stat = RPC_TIMEDOUT;
1286 
1287 			/* Create the client handle. */
1288 
1289 			if (trace > 1) {
1290 				trace_prt(1,
1291 				    "  nfsmount: Get mount version: request "
1292 				    "vers=%d min=%d\n", vers, versmin);
1293 			}
1294 
1295 			while ((cl = clnt_create_vers(host, MOUNTPROG, &outvers,
1296 			    versmin, vers, "udp")) == NULL) {
1297 				if (trace > 4) {
1298 					trace_prt(1,
1299 					    "  nfsmount: Can't get mount "
1300 					    "version: rpcerr=%d\n",
1301 					    rpc_createerr.cf_stat);
1302 				}
1303 				if (rpc_createerr.cf_stat == RPC_UNKNOWNHOST ||
1304 				    rpc_createerr.cf_stat == RPC_TIMEDOUT)
1305 					break;
1306 
1307 			/*
1308 			 * backoff and return lower version to retry the ping.
1309 			 * XXX we should be more careful and handle
1310 			 * RPC_PROGVERSMISMATCH here, because that error
1311 			 * is handled in clnt_create_vers(). It's not done to
1312 			 * stay in sync with the nfs mount command.
1313 			 */
1314 				vers--;
1315 				if (vers < versmin)
1316 					break;
1317 				if (trace > 4) {
1318 					trace_prt(1,
1319 					    "  nfsmount: Try version=%d\n",
1320 					    vers);
1321 				}
1322 			}
1323 
1324 			if (cl == NULL) {
1325 				free(argp);
1326 				head = prevhead;
1327 				tail = prevtail;
1328 				if (tail)
1329 					tail->nfs_ext_u.nfs_extB.next = NULL;
1330 				last_error = NFSERR_NOENT;
1331 
1332 				if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST &&
1333 				    rpc_createerr.cf_stat !=
1334 				    RPC_PROGVERSMISMATCH &&
1335 				    retries-- > 0) {
1336 					DELAY(delay);
1337 					goto retry;
1338 				}
1339 
1340 				syslog(loglevel, "%s %s", host,
1341 				    clnt_spcreateerror(
1342 				    "server not responding"));
1343 				skipentry = 1;
1344 				mfs->mfs_ignore = 1;
1345 				continue;
1346 			}
1347 			if (trace > 1) {
1348 				trace_prt(1,
1349 				    "	nfsmount: mount version=%d\n", outvers);
1350 			}
1351 #ifdef MALLOC_DEBUG
1352 			add_alloc("CLNT_HANDLE", cl, 0, __FILE__, __LINE__);
1353 			add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
1354 			    __FILE__, __LINE__);
1355 #endif
1356 
1357 			if (__clnt_bindresvport(cl) < 0) {
1358 				free(argp);
1359 				head = prevhead;
1360 				tail = prevtail;
1361 				if (tail)
1362 					tail->nfs_ext_u.nfs_extB.next = NULL;
1363 				last_error = NFSERR_NOENT;
1364 
1365 				if (retries-- > 0) {
1366 					destroy_auth_client_handle(cl);
1367 					DELAY(delay);
1368 					goto retry;
1369 				}
1370 
1371 				syslog(loglevel, "mount %s: %s", host,
1372 				    "Couldn't bind to reserved port");
1373 				destroy_auth_client_handle(cl);
1374 				skipentry = 1;
1375 				mfs->mfs_ignore = 1;
1376 				continue;
1377 			}
1378 
1379 #ifdef MALLOC_DEBUG
1380 			drop_alloc("AUTH_HANDLE", cl->cl_auth,
1381 			    __FILE__, __LINE__);
1382 #endif
1383 			AUTH_DESTROY(cl->cl_auth);
1384 			if ((cl->cl_auth = authsys_create_default()) == NULL) {
1385 				free(argp);
1386 				head = prevhead;
1387 				tail = prevtail;
1388 				if (tail)
1389 					tail->nfs_ext_u.nfs_extB.next = NULL;
1390 				last_error = NFSERR_NOENT;
1391 
1392 				if (retries-- > 0) {
1393 					destroy_auth_client_handle(cl);
1394 					DELAY(delay);
1395 					goto retry;
1396 				}
1397 
1398 				syslog(loglevel, "mount %s: %s", host,
1399 				    "Failed creating default auth handle");
1400 				destroy_auth_client_handle(cl);
1401 				skipentry = 1;
1402 				mfs->mfs_ignore = 1;
1403 				continue;
1404 			}
1405 #ifdef MALLOC_DEBUG
1406 			add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
1407 			    __FILE__, __LINE__);
1408 #endif
1409 		} else
1410 			cl = NULL;
1411 
1412 		/*
1413 		 * set security options
1414 		 */
1415 		sec_opt = 0;
1416 		(void) memset(&nfs_sec, 0, sizeof (nfs_sec));
1417 		if (hasmntopt(&m, MNTOPT_SECURE) != NULL) {
1418 			if (++sec_opt > 1) {
1419 				syslog(loglevel,
1420 				    "conflicting security options for %s",
1421 				    remname);
1422 				free(argp);
1423 				head = prevhead;
1424 				tail = prevtail;
1425 				if (tail)
1426 					tail->nfs_ext_u.nfs_extB.next = NULL;
1427 				last_error = NFSERR_IO;
1428 				destroy_auth_client_handle(cl);
1429 				skipentry = 1;
1430 				mfs->mfs_ignore = 1;
1431 				continue;
1432 			}
1433 			if (nfs_getseconfig_byname("dh", &nfs_sec)) {
1434 				syslog(loglevel,
1435 				    "error getting dh information from %s",
1436 				    NFSSEC_CONF);
1437 				free(argp);
1438 				head = prevhead;
1439 				tail = prevtail;
1440 				if (tail)
1441 					tail->nfs_ext_u.nfs_extB.next = NULL;
1442 				last_error = NFSERR_IO;
1443 				destroy_auth_client_handle(cl);
1444 				skipentry = 1;
1445 				mfs->mfs_ignore = 1;
1446 				continue;
1447 			}
1448 		}
1449 
1450 		nfs_flavor = NULL;
1451 		if (hasmntopt(&m, MNTOPT_SEC) != NULL) {
1452 			if ((str_opt(&m, MNTOPT_SEC, &nfs_flavor)) == -1) {
1453 				syslog(LOG_ERR, "nfsmount: no memory");
1454 				last_error = NFSERR_IO;
1455 				destroy_auth_client_handle(cl);
1456 				goto out;
1457 			}
1458 		}
1459 
1460 		if (nfs_flavor) {
1461 			if (++sec_opt > 1) {
1462 				syslog(loglevel,
1463 				    "conflicting security options for %s",
1464 				    remname);
1465 				free(nfs_flavor);
1466 				free(argp);
1467 				head = prevhead;
1468 				tail = prevtail;
1469 				if (tail)
1470 					tail->nfs_ext_u.nfs_extB.next = NULL;
1471 				last_error = NFSERR_IO;
1472 				destroy_auth_client_handle(cl);
1473 				skipentry = 1;
1474 				mfs->mfs_ignore = 1;
1475 				continue;
1476 			}
1477 			if (nfs_getseconfig_byname(nfs_flavor, &nfs_sec)) {
1478 				syslog(loglevel,
1479 				    "error getting %s information from %s",
1480 				    nfs_flavor, NFSSEC_CONF);
1481 				free(nfs_flavor);
1482 				free(argp);
1483 				head = prevhead;
1484 				tail = prevtail;
1485 				if (tail)
1486 					tail->nfs_ext_u.nfs_extB.next = NULL;
1487 				last_error = NFSERR_IO;
1488 				destroy_auth_client_handle(cl);
1489 				skipentry = 1;
1490 				mfs->mfs_ignore = 1;
1491 				continue;
1492 			}
1493 			free(nfs_flavor);
1494 		}
1495 
1496 		posix = (nfsvers != NFS_V4 &&
1497 		    hasmntopt(&m, MNTOPT_POSIX) != NULL) ? 1 : 0;
1498 
1499 		if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) == 0 &&
1500 		    nfsvers != NFS_V4) {
1501 			bool_t give_up_on_mnt;
1502 			bool_t got_mnt_error;
1503 		/*
1504 		 * If we started with a URL, if first byte of path is not "/",
1505 		 * then the mount will likely fail, so we should try again
1506 		 * with a prepended "/".
1507 		 */
1508 			if (mfs->mfs_flags & MFS_ALLOC_DIR && *dir != '/')
1509 				give_up_on_mnt = FALSE;
1510 			else
1511 				give_up_on_mnt = TRUE;
1512 
1513 			got_mnt_error = FALSE;
1514 
1515 try_mnt_slash:
1516 			if (got_mnt_error == TRUE) {
1517 				int i, l;
1518 
1519 				give_up_on_mnt = TRUE;
1520 				l = strlen(dir);
1521 
1522 				/*
1523 				 * Insert a "/" to front of mfs_dir.
1524 				 */
1525 				for (i = l; i > 0; i--)
1526 					dir[i] = dir[i-1];
1527 
1528 				dir[0] = '/';
1529 			}
1530 
1531 			/* Get fhandle of remote path from server's mountd */
1532 
1533 			switch (outvers) {
1534 			case MOUNTVERS:
1535 				if (posix) {
1536 					free(argp);
1537 					head = prevhead;
1538 					tail = prevtail;
1539 					if (tail)
1540 						tail->nfs_ext_u.nfs_extB.next =
1541 						    NULL;
1542 					last_error = NFSERR_NOENT;
1543 					syslog(loglevel,
1544 					    "can't get posix info for %s",
1545 					    host);
1546 					destroy_auth_client_handle(cl);
1547 					skipentry = 1;
1548 					mfs->mfs_ignore = 1;
1549 					continue;
1550 				}
1551 		    /* FALLTHRU */
1552 			case MOUNTVERS_POSIX:
1553 				if (nfsvers == NFS_V3) {
1554 					free(argp);
1555 					head = prevhead;
1556 					tail = prevtail;
1557 					if (tail)
1558 						tail->nfs_ext_u.nfs_extB.next =
1559 						    NULL;
1560 					last_error = NFSERR_NOENT;
1561 					syslog(loglevel,
1562 					    "%s doesn't support NFS Version 3",
1563 					    host);
1564 					destroy_auth_client_handle(cl);
1565 					skipentry = 1;
1566 					mfs->mfs_ignore = 1;
1567 					continue;
1568 				}
1569 				rpc_stat = clnt_call(cl, MOUNTPROC_MNT,
1570 				    xdr_dirpath, (caddr_t)&dir,
1571 				    xdr_fhstatus, (caddr_t)&fhs, timeout);
1572 				if (rpc_stat != RPC_SUCCESS) {
1573 
1574 					if (give_up_on_mnt == FALSE) {
1575 						got_mnt_error = TRUE;
1576 						goto try_mnt_slash;
1577 					}
1578 
1579 				/*
1580 				 * Given the way "clnt_sperror" works, the "%s"
1581 				 * immediately following the "not responding"
1582 				 * is correct.
1583 				 */
1584 					free(argp);
1585 					head = prevhead;
1586 					tail = prevtail;
1587 					if (tail)
1588 						tail->nfs_ext_u.nfs_extB.next =
1589 						    NULL;
1590 					last_error = NFSERR_NOENT;
1591 
1592 					if (retries-- > 0) {
1593 						destroy_auth_client_handle(cl);
1594 						DELAY(delay);
1595 						goto retry;
1596 					}
1597 
1598 					if (trace > 3) {
1599 						trace_prt(1,
1600 						    "  nfsmount: mount RPC "
1601 						    "failed for %s\n",
1602 						    host);
1603 					}
1604 					syslog(loglevel,
1605 					    "%s server not responding%s",
1606 					    host, clnt_sperror(cl, ""));
1607 					destroy_auth_client_handle(cl);
1608 					skipentry = 1;
1609 					mfs->mfs_ignore = 1;
1610 					continue;
1611 				}
1612 				if ((errno = fhs.fhs_status) != MNT_OK)  {
1613 
1614 					if (give_up_on_mnt == FALSE) {
1615 						got_mnt_error = TRUE;
1616 						goto try_mnt_slash;
1617 					}
1618 
1619 					free(argp);
1620 					head = prevhead;
1621 					tail = prevtail;
1622 					if (tail)
1623 						tail->nfs_ext_u.nfs_extB.next =
1624 						    NULL;
1625 					if (errno == EACCES) {
1626 						status = NFSERR_ACCES;
1627 					} else {
1628 						syslog(loglevel, "%s: %m",
1629 						    host);
1630 						status = NFSERR_IO;
1631 					}
1632 					if (trace > 3) {
1633 						trace_prt(1,
1634 						    "  nfsmount: mount RPC gave"
1635 						    " %d for %s:%s\n",
1636 						    errno, host, dir);
1637 					}
1638 					last_error = status;
1639 					destroy_auth_client_handle(cl);
1640 					skipentry = 1;
1641 					mfs->mfs_ignore = 1;
1642 					continue;
1643 				}
1644 				argp->fh = malloc((sizeof (fhandle)));
1645 				if (!argp->fh) {
1646 					syslog(LOG_ERR, "nfsmount: no memory");
1647 					last_error = NFSERR_IO;
1648 					destroy_auth_client_handle(cl);
1649 					goto out;
1650 				}
1651 				(void) memcpy(argp->fh,
1652 				    &fhs.fhstatus_u.fhs_fhandle,
1653 				    sizeof (fhandle));
1654 				break;
1655 			case MOUNTVERS3:
1656 				posix = 0;
1657 				(void) memset((char *)&res3, '\0',
1658 				    sizeof (res3));
1659 				rpc_stat = clnt_call(cl, MOUNTPROC_MNT,
1660 				    xdr_dirpath, (caddr_t)&dir,
1661 				    xdr_mountres3, (caddr_t)&res3, timeout);
1662 				if (rpc_stat != RPC_SUCCESS) {
1663 
1664 					if (give_up_on_mnt == FALSE) {
1665 						got_mnt_error = TRUE;
1666 						goto try_mnt_slash;
1667 					}
1668 
1669 				/*
1670 				 * Given the way "clnt_sperror" works, the "%s"
1671 				 * immediately following the "not responding"
1672 				 * is correct.
1673 				 */
1674 					free(argp);
1675 					head = prevhead;
1676 					tail = prevtail;
1677 					if (tail)
1678 						tail->nfs_ext_u.nfs_extB.next =
1679 						    NULL;
1680 					last_error = NFSERR_NOENT;
1681 
1682 					if (retries-- > 0) {
1683 						destroy_auth_client_handle(cl);
1684 						DELAY(delay);
1685 						goto retry;
1686 					}
1687 
1688 					if (trace > 3) {
1689 						trace_prt(1,
1690 						    "  nfsmount: mount RPC "
1691 						    "failed for %s\n",
1692 						    host);
1693 					}
1694 					syslog(loglevel,
1695 					    "%s server not responding%s",
1696 					    remname, clnt_sperror(cl, ""));
1697 					destroy_auth_client_handle(cl);
1698 					skipentry = 1;
1699 					mfs->mfs_ignore = 1;
1700 					continue;
1701 				}
1702 				if ((errno = res3.fhs_status) != MNT_OK)  {
1703 
1704 					if (give_up_on_mnt == FALSE) {
1705 						got_mnt_error = TRUE;
1706 						goto try_mnt_slash;
1707 					}
1708 
1709 					free(argp);
1710 					head = prevhead;
1711 					tail = prevtail;
1712 					if (tail)
1713 						tail->nfs_ext_u.nfs_extB.next =
1714 						    NULL;
1715 					if (errno == EACCES) {
1716 						status = NFSERR_ACCES;
1717 					} else {
1718 						syslog(loglevel, "%s: %m",
1719 						    remname);
1720 						status = NFSERR_IO;
1721 					}
1722 					if (trace > 3) {
1723 						trace_prt(1,
1724 						    "  nfsmount: mount RPC gave"
1725 						    " %d for %s:%s\n",
1726 						    errno, host, dir);
1727 					}
1728 					last_error = status;
1729 					destroy_auth_client_handle(cl);
1730 					skipentry = 1;
1731 					mfs->mfs_ignore = 1;
1732 					continue;
1733 				}
1734 
1735 			/*
1736 			 *  Negotiate the security flavor for nfs_mount
1737 			 */
1738 				auths = res3.mountres3_u.mountinfo.
1739 				    auth_flavors.auth_flavors_val;
1740 				count = res3.mountres3_u.mountinfo.
1741 				    auth_flavors.auth_flavors_len;
1742 
1743 				if (sec_opt) {
1744 					for (i = 0; i < count; i++)
1745 						if (auths[i] ==
1746 						    nfs_sec.sc_nfsnum) {
1747 							break;
1748 						}
1749 					if (i >= count) {
1750 						syslog(LOG_ERR,
1751 						    "%s: does not support "
1752 						    "security \"%s\"\n",
1753 						    remname, nfs_sec.sc_name);
1754 						clnt_freeres(cl, xdr_mountres3,
1755 						    (caddr_t)&res3);
1756 						free(argp);
1757 						head = prevhead;
1758 						tail = prevtail;
1759 						if (tail)
1760 							tail->nfs_ext_u.
1761 							    nfs_extB.next =
1762 							    NULL;
1763 						last_error = NFSERR_IO;
1764 						destroy_auth_client_handle(cl);
1765 						skipentry = 1;
1766 						mfs->mfs_ignore = 1;
1767 						continue;
1768 					}
1769 				} else if (count > 0) {
1770 					for (i = 0; i < count; i++) {
1771 						if (!(scerror =
1772 						    nfs_getseconfig_bynumber(
1773 						    auths[i], &nfs_sec))) {
1774 							sec_opt++;
1775 							break;
1776 						}
1777 					}
1778 					if (i >= count) {
1779 						if (nfs_syslog_scerr(scerror,
1780 						    scerror_msg)
1781 						    != -1) {
1782 							syslog(LOG_ERR,
1783 							    "%s cannot be "
1784 							    "mounted because it"
1785 							    " is shared with "
1786 							    "security flavor %d"
1787 							    " which %s",
1788 							    remname,
1789 							    auths[i-1],
1790 							    scerror_msg);
1791 						}
1792 						clnt_freeres(cl, xdr_mountres3,
1793 						    (caddr_t)&res3);
1794 						free(argp);
1795 						head = prevhead;
1796 						tail = prevtail;
1797 						if (tail)
1798 							tail->nfs_ext_u.
1799 							    nfs_extB.next =
1800 							    NULL;
1801 						last_error = NFSERR_IO;
1802 						destroy_auth_client_handle(cl);
1803 						skipentry = 1;
1804 						mfs->mfs_ignore = 1;
1805 						continue;
1806 						}
1807 				}
1808 
1809 				fh3.fh3_length =
1810 				    res3.mountres3_u.mountinfo.fhandle.
1811 				    fhandle3_len;
1812 				(void) memcpy(fh3.fh3_u.data,
1813 				    res3.mountres3_u.mountinfo.fhandle.
1814 				    fhandle3_val,
1815 				    fh3.fh3_length);
1816 				clnt_freeres(cl, xdr_mountres3,
1817 				    (caddr_t)&res3);
1818 				argp->fh = malloc(sizeof (nfs_fh3));
1819 				if (!argp->fh) {
1820 					syslog(LOG_ERR, "nfsmount: no memory");
1821 					last_error = NFSERR_IO;
1822 					destroy_auth_client_handle(cl);
1823 					goto out;
1824 				}
1825 				(void) memcpy(argp->fh, &fh3, sizeof (nfs_fh3));
1826 				break;
1827 			default:
1828 				free(argp);
1829 				head = prevhead;
1830 				tail = prevtail;
1831 				if (tail)
1832 					tail->nfs_ext_u.nfs_extB.next = NULL;
1833 				last_error = NFSERR_NOENT;
1834 				syslog(loglevel,
1835 				    "unknown MOUNT version %ld on %s",
1836 				    vers, remname);
1837 				destroy_auth_client_handle(cl);
1838 				skipentry = 1;
1839 				mfs->mfs_ignore = 1;
1840 				continue;
1841 			} /* switch */
1842 		}
1843 		if (nfsvers == NFS_V4) {
1844 			argp->fh = strdup(dir);
1845 			if (argp->fh == NULL) {
1846 				syslog(LOG_ERR, "nfsmount: no memory");
1847 				last_error = NFSERR_IO;
1848 				goto out;
1849 			}
1850 		}
1851 
1852 		if (trace > 4)
1853 			trace_prt(1, "	nfsmount: have %s filehandle for %s\n",
1854 			    fstype, remname);
1855 
1856 		argp->flags |= NFSMNT_NEWARGS;
1857 		argp->flags |= NFSMNT_INT;	/* default is "intr" */
1858 		argp->flags |= NFSMNT_HOSTNAME;
1859 		argp->hostname = strdup(host);
1860 		if (argp->hostname == NULL) {
1861 			syslog(LOG_ERR, "nfsmount: no memory");
1862 			last_error = NFSERR_IO;
1863 			goto out;
1864 		}
1865 
1866 		/*
1867 		 * In this case, we want NFSv4 to behave like
1868 		 * non-WebNFS so that we get the server address.
1869 		 */
1870 		if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) == 0) {
1871 			nconf = NULL;
1872 
1873 			if (nfs_port != 0)
1874 				thisport = nfs_port;
1875 			else
1876 				thisport = mfs->mfs_port;
1877 
1878 			/*
1879 			 * For NFSv4, we want to avoid rpcbind, so call
1880 			 * get_server_stuff() directly to tell it that
1881 			 * we want to go "direct_to_server".  Otherwise,
1882 			 * do what has always been done.
1883 			 */
1884 			if (nfsvers == NFS_V4) {
1885 				enum clnt_stat cstat;
1886 				argp->addr = get_server_stuff(SERVER_ADDR,
1887 				    host, NFS_PROGRAM, nfsvers, NULL,
1888 				    &nconf, nfs_proto, thisport, NULL,
1889 				    NULL, TRUE, NULL, &cstat);
1890 			} else {
1891 				argp->addr = get_addr(host, NFS_PROGRAM,
1892 				    nfsvers, &nconf, nfs_proto,
1893 				    thisport, NULL);
1894 			}
1895 
1896 			if (argp->addr == NULL) {
1897 				if (argp->hostname)
1898 					free(argp->hostname);
1899 				free(argp->fh);
1900 				free(argp);
1901 				head = prevhead;
1902 				tail = prevtail;
1903 				if (tail)
1904 					tail->nfs_ext_u.nfs_extB.next = NULL;
1905 				last_error = NFSERR_NOENT;
1906 
1907 				if (retries-- > 0) {
1908 					destroy_auth_client_handle(cl);
1909 					DELAY(delay);
1910 					goto retry;
1911 				}
1912 
1913 				syslog(loglevel, "%s: no NFS service", host);
1914 				destroy_auth_client_handle(cl);
1915 				skipentry = 1;
1916 				mfs->mfs_ignore = 1;
1917 				continue;
1918 			}
1919 			if (trace > 4)
1920 				trace_prt(1,
1921 				    "\tnfsmount: have net address for %s\n",
1922 				    remname);
1923 
1924 		} else {
1925 			nconf = mfs->mfs_nconf;
1926 			mfs->mfs_nconf = NULL;
1927 		}
1928 
1929 		argp->flags |= NFSMNT_KNCONF;
1930 		argp->knconf = get_knconf(nconf);
1931 		if (argp->knconf == NULL) {
1932 			netbuf_free(argp->addr);
1933 			freenetconfigent(nconf);
1934 			if (argp->hostname)
1935 				free(argp->hostname);
1936 			free(argp->fh);
1937 			free(argp);
1938 			head = prevhead;
1939 			tail = prevtail;
1940 			if (tail)
1941 				tail->nfs_ext_u.nfs_extB.next = NULL;
1942 			last_error = NFSERR_NOSPC;
1943 			destroy_auth_client_handle(cl);
1944 			skipentry = 1;
1945 			mfs->mfs_ignore = 1;
1946 			continue;
1947 		}
1948 		if (trace > 4)
1949 			trace_prt(1,
1950 			    "\tnfsmount: have net config for %s\n",
1951 			    remname);
1952 
1953 		if (hasmntopt(&m, MNTOPT_SOFT) != NULL) {
1954 			argp->flags |= NFSMNT_SOFT;
1955 		}
1956 		if (hasmntopt(&m, MNTOPT_NOINTR) != NULL) {
1957 			argp->flags &= ~(NFSMNT_INT);
1958 		}
1959 		if (hasmntopt(&m, MNTOPT_NOAC) != NULL) {
1960 			argp->flags |= NFSMNT_NOAC;
1961 		}
1962 		if (hasmntopt(&m, MNTOPT_NOCTO) != NULL) {
1963 			argp->flags |= NFSMNT_NOCTO;
1964 		}
1965 		if (hasmntopt(&m, MNTOPT_FORCEDIRECTIO) != NULL) {
1966 			argp->flags |= NFSMNT_DIRECTIO;
1967 		}
1968 		if (hasmntopt(&m, MNTOPT_NOFORCEDIRECTIO) != NULL) {
1969 			argp->flags &= ~(NFSMNT_DIRECTIO);
1970 		}
1971 
1972 		/*
1973 		 * Set up security data for argp->nfs_ext_u.nfs_extB.secdata.
1974 		 */
1975 		if (mfssnego.snego_done) {
1976 			memcpy(&nfs_sec, &mfssnego.nfs_sec,
1977 			    sizeof (seconfig_t));
1978 		} else if (!sec_opt) {
1979 			/*
1980 			 * Get default security mode.
1981 			 */
1982 			if (nfs_getseconfig_default(&nfs_sec)) {
1983 				syslog(loglevel,
1984 				    "error getting default security entry\n");
1985 				free_knconf(argp->knconf);
1986 				netbuf_free(argp->addr);
1987 				freenetconfigent(nconf);
1988 				if (argp->hostname)
1989 					free(argp->hostname);
1990 				free(argp->fh);
1991 				free(argp);
1992 				head = prevhead;
1993 				tail = prevtail;
1994 				if (tail)
1995 					tail->nfs_ext_u.nfs_extB.next = NULL;
1996 				last_error = NFSERR_NOSPC;
1997 				destroy_auth_client_handle(cl);
1998 				skipentry = 1;
1999 				mfs->mfs_ignore = 1;
2000 				continue;
2001 			}
2002 			argp->flags |= NFSMNT_SECDEFAULT;
2003 		}
2004 
2005 		/*
2006 		 * For AUTH_DH
2007 		 * get the network address for the time service on
2008 		 * the server.	If an RPC based time service is
2009 		 * not available then try the IP time service.
2010 		 *
2011 		 * Eventurally, we want to move this code to nfs_clnt_secdata()
2012 		 * when autod_nfs.c and mount.c can share the same
2013 		 * get_the_addr/get_the_stuff routine.
2014 		 */
2015 		secflags = 0;
2016 		syncaddr = NULL;
2017 		retaddrs = NULL;
2018 
2019 		if (nfs_sec.sc_rpcnum == AUTH_DH || nfsvers == NFS_V4) {
2020 		/*
2021 		 * If not using the public fh and not NFS_V4, we can try
2022 		 * talking RPCBIND. Otherwise, assume that firewalls
2023 		 * prevent us from doing that.
2024 		 */
2025 			if ((mfs->mfs_flags & MFS_FH_VIA_WEBNFS) == 0 &&
2026 			    nfsvers != NFS_V4) {
2027 			syncaddr = get_the_stuff(SERVER_ADDR, host, RPCBPROG,
2028 			    RPCBVERS, NULL, nconf, 0, NULL, NULL, FALSE,
2029 			    NULL, NULL);
2030 			}
2031 
2032 			if (syncaddr != NULL) {
2033 				/* for flags in sec_data */
2034 				secflags |= AUTH_F_RPCTIMESYNC;
2035 			} else {
2036 				struct nd_hostserv hs;
2037 				int error;
2038 
2039 				hs.h_host = host;
2040 				hs.h_serv = "timserver";
2041 				error = netdir_getbyname(nconf, &hs, &retaddrs);
2042 
2043 				if (error != ND_OK &&
2044 				    nfs_sec.sc_rpcnum == AUTH_DH) {
2045 					syslog(loglevel,
2046 					    "%s: secure: no time service\n",
2047 					    host);
2048 					free_knconf(argp->knconf);
2049 					netbuf_free(argp->addr);
2050 					freenetconfigent(nconf);
2051 					if (argp->hostname)
2052 						free(argp->hostname);
2053 					free(argp->fh);
2054 					free(argp);
2055 					head = prevhead;
2056 					tail = prevtail;
2057 					if (tail)
2058 						tail->nfs_ext_u.nfs_extB.next =
2059 						    NULL;
2060 					last_error = NFSERR_IO;
2061 					destroy_auth_client_handle(cl);
2062 					skipentry = 1;
2063 					mfs->mfs_ignore = 1;
2064 					continue;
2065 				}
2066 
2067 				if (error == ND_OK)
2068 					syncaddr = retaddrs->n_addrs;
2069 
2070 			/*
2071 			 * For potential usage by NFS V4 when AUTH_DH
2072 			 * is negotiated via SECINFO in the kernel.
2073 			 */
2074 				if (nfsvers == NFS_V4 && syncaddr &&
2075 				    host2netname(netname, host, NULL)) {
2076 					argp->syncaddr =
2077 					    malloc(sizeof (struct netbuf));
2078 					argp->syncaddr->buf =
2079 					    malloc(syncaddr->len);
2080 					(void) memcpy(argp->syncaddr->buf,
2081 					    syncaddr->buf, syncaddr->len);
2082 					argp->syncaddr->len = syncaddr->len;
2083 					argp->syncaddr->maxlen =
2084 					    syncaddr->maxlen;
2085 					argp->netname = strdup(netname);
2086 					argp->flags |= NFSMNT_SECURE;
2087 				}
2088 			} /* syncaddr */
2089 		} /* AUTH_DH */
2090 
2091 		/*
2092 		 * TSOL notes: automountd in tsol extension
2093 		 * has "read down" capability, i.e. we allow
2094 		 * a user to trigger an nfs mount into a lower
2095 		 * labeled zone. We achieve this by always having
2096 		 * root issue the mount request so that the
2097 		 * lookup ops can go past /zone/<zone_name>
2098 		 * on the server side.
2099 		 */
2100 		if (is_system_labeled())
2101 			nfs_sec.sc_uid = (uid_t)0;
2102 		else
2103 			nfs_sec.sc_uid = uid;
2104 		/*
2105 		 * If AUTH_DH is a chosen flavor now, its data will be stored
2106 		 * in the sec_data structure via nfs_clnt_secdata().
2107 		 */
2108 		if (!(secdata = nfs_clnt_secdata(&nfs_sec, host, argp->knconf,
2109 		    syncaddr, secflags))) {
2110 			syslog(LOG_ERR,
2111 			    "errors constructing security related data\n");
2112 			if (secflags & AUTH_F_RPCTIMESYNC)
2113 				netbuf_free(syncaddr);
2114 			else if (retaddrs)
2115 				netdir_free(retaddrs, ND_ADDRLIST);
2116 			if (argp->syncaddr)
2117 				netbuf_free(argp->syncaddr);
2118 			if (argp->netname)
2119 				free(argp->netname);
2120 			if (argp->hostname)
2121 				free(argp->hostname);
2122 			free_knconf(argp->knconf);
2123 			netbuf_free(argp->addr);
2124 			freenetconfigent(nconf);
2125 			free(argp->fh);
2126 			free(argp);
2127 			head = prevhead;
2128 			tail = prevtail;
2129 			if (tail)
2130 				tail->nfs_ext_u.nfs_extB.next = NULL;
2131 			last_error = NFSERR_IO;
2132 			destroy_auth_client_handle(cl);
2133 			skipentry = 1;
2134 			mfs->mfs_ignore = 1;
2135 			continue;
2136 		}
2137 		NFS_ARGS_EXTB_secdata(*argp, secdata);
2138 		/* end of security stuff */
2139 
2140 		if (trace > 4)
2141 			trace_prt(1,
2142 			    "  nfsmount: have secure info for %s\n", remname);
2143 
2144 		if (hasmntopt(&m, MNTOPT_GRPID) != NULL) {
2145 			argp->flags |= NFSMNT_GRPID;
2146 		}
2147 		if (nopt(&m, MNTOPT_RSIZE, &argp->rsize)) {
2148 			argp->flags |= NFSMNT_RSIZE;
2149 		}
2150 		if (nopt(&m, MNTOPT_WSIZE, &argp->wsize)) {
2151 			argp->flags |= NFSMNT_WSIZE;
2152 		}
2153 		if (nopt(&m, MNTOPT_TIMEO, &argp->timeo)) {
2154 			argp->flags |= NFSMNT_TIMEO;
2155 		}
2156 		if (nopt(&m, MNTOPT_RETRANS, &argp->retrans)) {
2157 			argp->flags |= NFSMNT_RETRANS;
2158 		}
2159 		if (nopt(&m, MNTOPT_ACTIMEO, &argp->acregmax)) {
2160 			argp->flags |= NFSMNT_ACREGMAX;
2161 			argp->flags |= NFSMNT_ACDIRMAX;
2162 			argp->flags |= NFSMNT_ACDIRMIN;
2163 			argp->flags |= NFSMNT_ACREGMIN;
2164 			argp->acdirmin = argp->acregmin = argp->acdirmax
2165 			    = argp->acregmax;
2166 		} else {
2167 			if (nopt(&m, MNTOPT_ACREGMIN, &argp->acregmin)) {
2168 				argp->flags |= NFSMNT_ACREGMIN;
2169 			}
2170 			if (nopt(&m, MNTOPT_ACREGMAX, &argp->acregmax)) {
2171 				argp->flags |= NFSMNT_ACREGMAX;
2172 			}
2173 			if (nopt(&m, MNTOPT_ACDIRMIN, &argp->acdirmin)) {
2174 				argp->flags |= NFSMNT_ACDIRMIN;
2175 			}
2176 			if (nopt(&m, MNTOPT_ACDIRMAX, &argp->acdirmax)) {
2177 				argp->flags |= NFSMNT_ACDIRMAX;
2178 			}
2179 		}
2180 
2181 		if (posix) {
2182 			argp->pathconf = NULL;
2183 			if (error = get_pathconf(cl, dir, remname,
2184 			    &argp->pathconf, retries)) {
2185 				if (secflags & AUTH_F_RPCTIMESYNC)
2186 					netbuf_free(syncaddr);
2187 				else if (retaddrs)
2188 					netdir_free(retaddrs, ND_ADDRLIST);
2189 				free_knconf(argp->knconf);
2190 				netbuf_free(argp->addr);
2191 				freenetconfigent(nconf);
2192 				nfs_free_secdata(
2193 				    argp->nfs_ext_u.nfs_extB.secdata);
2194 				if (argp->syncaddr)
2195 					netbuf_free(argp->syncaddr);
2196 				if (argp->netname)
2197 					free(argp->netname);
2198 				if (argp->hostname)
2199 					free(argp->hostname);
2200 				free(argp->fh);
2201 				free(argp);
2202 				head = prevhead;
2203 				tail = prevtail;
2204 				if (tail)
2205 					tail->nfs_ext_u.nfs_extB.next = NULL;
2206 				last_error = NFSERR_IO;
2207 
2208 				if (error == RET_RETRY && retries-- > 0) {
2209 					destroy_auth_client_handle(cl);
2210 					DELAY(delay);
2211 					goto retry;
2212 				}
2213 
2214 				destroy_auth_client_handle(cl);
2215 				skipentry = 1;
2216 				mfs->mfs_ignore = 1;
2217 				continue;
2218 			}
2219 			argp->flags |= NFSMNT_POSIX;
2220 			if (trace > 4)
2221 				trace_prt(1,
2222 				    "  nfsmount: have pathconf for %s\n",
2223 				    remname);
2224 		}
2225 
2226 		/*
2227 		 * free loop-specific data structures
2228 		 */
2229 		destroy_auth_client_handle(cl);
2230 		freenetconfigent(nconf);
2231 		if (secflags & AUTH_F_RPCTIMESYNC)
2232 			netbuf_free(syncaddr);
2233 		else if (retaddrs)
2234 			netdir_free(retaddrs, ND_ADDRLIST);
2235 
2236 		/*
2237 		 * Decide whether to use remote host's lockd or local locking.
2238 		 * If we are using the public fh, we've already turned
2239 		 * LLOCK on.
2240 		 */
2241 		if (hasmntopt(&m, MNTOPT_LLOCK))
2242 			argp->flags |= NFSMNT_LLOCK;
2243 		if (!(argp->flags & NFSMNT_LLOCK) && nfsvers == NFS_VERSION &&
2244 		    remote_lock(host, argp->fh)) {
2245 			syslog(loglevel, "No network locking on %s : "
2246 			"contact admin to install server change", host);
2247 			argp->flags |= NFSMNT_LLOCK;
2248 		}
2249 
2250 		/*
2251 		 * Build a string for /etc/mnttab.
2252 		 * If possible, coalesce strings with same 'dir' info.
2253 		 */
2254 		if ((mfs->mfs_flags & MFS_URL) == 0) {
2255 			char *tmp;
2256 
2257 			if (mnttabcnt) {
2258 				p = strrchr(mnttabtext, (int)':');
2259 				if (!p || strcmp(p+1, dir) != 0) {
2260 					mnttabcnt += strlen(remname) + 2;
2261 				} else {
2262 					*p = '\0';
2263 					mnttabcnt += strlen(rhost) + 2;
2264 				}
2265 				if ((tmp = realloc(mnttabtext,
2266 				    mnttabcnt)) != NULL) {
2267 					mnttabtext = tmp;
2268 					strcat(mnttabtext, ",");
2269 				} else {
2270 					free(mnttabtext);
2271 					mnttabtext = NULL;
2272 				}
2273 			} else {
2274 				mnttabcnt = strlen(remname) + 1;
2275 				if ((mnttabtext = malloc(mnttabcnt)) != NULL)
2276 					mnttabtext[0] = '\0';
2277 			}
2278 
2279 			if (mnttabtext != NULL)
2280 				strcat(mnttabtext, remname);
2281 
2282 		} else {
2283 			char *tmp;
2284 			int more_cnt = 0;
2285 			char sport[16];
2286 
2287 			more_cnt += strlen("nfs://");
2288 			more_cnt += strlen(mfs->mfs_host);
2289 
2290 			if (mfs->mfs_port != 0) {
2291 				(void) sprintf(sport, ":%u", mfs->mfs_port);
2292 			} else
2293 				sport[0] = '\0';
2294 
2295 			more_cnt += strlen(sport);
2296 			more_cnt += 1; /* "/" */
2297 			more_cnt += strlen(mfs->mfs_dir);
2298 
2299 			if (mnttabcnt) {
2300 				more_cnt += 1; /* "," */
2301 				mnttabcnt += more_cnt;
2302 
2303 				if ((tmp = realloc(mnttabtext,
2304 				    mnttabcnt)) != NULL) {
2305 					mnttabtext = tmp;
2306 					strcat(mnttabtext, ",");
2307 				} else {
2308 					free(mnttabtext);
2309 					mnttabtext = NULL;
2310 				}
2311 			} else {
2312 				mnttabcnt = more_cnt + 1;
2313 				if ((mnttabtext = malloc(mnttabcnt)) != NULL)
2314 					mnttabtext[0] = '\0';
2315 			}
2316 
2317 			if (mnttabtext != NULL) {
2318 				strcat(mnttabtext, "nfs://");
2319 				strcat(mnttabtext, mfs->mfs_host);
2320 				strcat(mnttabtext, sport);
2321 				strcat(mnttabtext, "/");
2322 				strcat(mnttabtext, mfs->mfs_dir);
2323 			}
2324 		}
2325 
2326 		if (!mnttabtext) {
2327 			syslog(LOG_ERR, "nfsmount: no memory");
2328 			last_error = NFSERR_IO;
2329 			goto out;
2330 		}
2331 
2332 		/*
2333 		 * At least one entry, can call mount(2).
2334 		 */
2335 		entries++;
2336 
2337 		/*
2338 		 * If replication was defeated, don't do more work
2339 		 */
2340 		if (!replicated)
2341 			break;
2342 	}
2343 
2344 
2345 	/*
2346 	 * Did we get through all possibilities without success?
2347 	 */
2348 	if (!entries)
2349 		goto out;
2350 
2351 	/* Make "xattr" the default if "noxattr" is not specified. */
2352 	strcpy(mopts, opts);
2353 	if (!hasmntopt(&m, MNTOPT_NOXATTR) && !hasmntopt(&m, MNTOPT_XATTR)) {
2354 		if (strlen(mopts) > 0)
2355 			strcat(mopts, ",");
2356 		strcat(mopts, "xattr");
2357 	}
2358 
2359 	/*
2360 	 * enable services as needed.
2361 	 */
2362 	{
2363 		char **sl;
2364 
2365 		if (strcmp(fstype, MNTTYPE_NFS4) == 0)
2366 			sl = service_list_v4;
2367 		else
2368 			sl = service_list;
2369 
2370 		(void) _check_services(sl);
2371 	}
2372 
2373 	/*
2374 	 * Whew; do the mount, at last.
2375 	 */
2376 	if (trace > 1) {
2377 		trace_prt(1, "	mount %s %s (%s)\n", mnttabtext, mntpnt, mopts);
2378 	}
2379 
2380 	/*
2381 	 * About to do a nfs mount, make sure the mount_to is set for
2382 	 * potential ephemeral mounts with NFSv4.
2383 	 */
2384 	set_nfsv4_ephemeral_mount_to();
2385 
2386 	/*
2387 	 * If no action list pointer then do the mount, otherwise
2388 	 * build the actions list pointer with the mount information.
2389 	 * so the mount can be done in the kernel.
2390 	 */
2391 	if (alp == NULL) {
2392 		if (mount(mnttabtext, mntpnt, flags | MS_DATA, fstype,
2393 		    head, sizeof (*head), mopts, MAX_MNTOPT_STR) < 0) {
2394 			if (trace > 1)
2395 				trace_prt(1, "	Mount of %s on %s: %d\n",
2396 				    mnttabtext, mntpnt, errno);
2397 			if (errno != EBUSY || verbose)
2398 				syslog(LOG_ERR,
2399 				"Mount of %s on %s: %m", mnttabtext, mntpnt);
2400 			last_error = NFSERR_IO;
2401 			goto out;
2402 		}
2403 
2404 		last_error = NFS_OK;
2405 		if (stat(mntpnt, &stbuf) == 0) {
2406 			if (trace > 1) {
2407 				trace_prt(1, "	mount %s dev=%x rdev=%x OK\n",
2408 				    mnttabtext, stbuf.st_dev, stbuf.st_rdev);
2409 			}
2410 		} else {
2411 			if (trace > 1) {
2412 				trace_prt(1, "	mount %s OK\n", mnttabtext);
2413 				trace_prt(1, "	stat of %s failed\n", mntpnt);
2414 			}
2415 
2416 		}
2417 	} else {
2418 		alp->action.action = AUTOFS_MOUNT_RQ;
2419 		alp->action.action_list_entry_u.mounta.spec =
2420 		    strdup(mnttabtext);
2421 		alp->action.action_list_entry_u.mounta.dir = strdup(mntpnt);
2422 		alp->action.action_list_entry_u.mounta.flags =
2423 		    flags | MS_DATA;
2424 		alp->action.action_list_entry_u.mounta.fstype =
2425 		    strdup(fstype);
2426 		alp->action.action_list_entry_u.mounta.dataptr = (char *)head;
2427 		alp->action.action_list_entry_u.mounta.datalen =
2428 		    sizeof (*head);
2429 		mntopts = malloc(strlen(mopts) + 1);
2430 		strcpy(mntopts, mopts);
2431 		mntopts[strlen(mopts)] = '\0';
2432 		alp->action.action_list_entry_u.mounta.optptr = mntopts;
2433 		alp->action.action_list_entry_u.mounta.optlen =
2434 		    strlen(mntopts) + 1;
2435 		last_error = NFS_OK;
2436 		goto ret;
2437 	}
2438 
2439 out:
2440 	argp = head;
2441 	while (argp) {
2442 		if (argp->pathconf)
2443 			free(argp->pathconf);
2444 		free_knconf(argp->knconf);
2445 		netbuf_free(argp->addr);
2446 		if (argp->syncaddr)
2447 			netbuf_free(argp->syncaddr);
2448 		if (argp->netname) {
2449 			free(argp->netname);
2450 		}
2451 		if (argp->hostname)
2452 			free(argp->hostname);
2453 		nfs_free_secdata(argp->nfs_ext_u.nfs_extB.secdata);
2454 		free(argp->fh);
2455 		head = argp;
2456 		argp = argp->nfs_ext_u.nfs_extB.next;
2457 		free(head);
2458 	}
2459 ret:
2460 	if (nfs_proto)
2461 		free(nfs_proto);
2462 	if (mnttabtext)
2463 		free(mnttabtext);
2464 
2465 	for (mfs = mfs_in; mfs; mfs = mfs->mfs_next) {
2466 
2467 		if (mfs->mfs_flags & MFS_ALLOC_DIR) {
2468 			free(mfs->mfs_dir);
2469 			mfs->mfs_dir = NULL;
2470 			mfs->mfs_flags &= ~MFS_ALLOC_DIR;
2471 		}
2472 
2473 		if (mfs->mfs_args != NULL && alp == NULL) {
2474 			free(mfs->mfs_args);
2475 			mfs->mfs_args = NULL;
2476 		}
2477 
2478 		if (mfs->mfs_nconf != NULL) {
2479 			freenetconfigent(mfs->mfs_nconf);
2480 			mfs->mfs_nconf = NULL;
2481 		}
2482 	}
2483 
2484 	return (last_error);
2485 }
2486 
2487 /*
2488  * get_pathconf(cl, path, fsname, pcnf, cretries)
2489  * ugliness that requires that ppathcnf and pathcnf stay consistent
2490  * cretries is a copy of retries used to determine when to syslog
2491  * on retry situations.
2492  */
2493 static int
2494 get_pathconf(CLIENT *cl, char *path, char *fsname, struct pathcnf **pcnf,
2495 	int cretries)
2496 {
2497 	struct ppathcnf *p = NULL;
2498 	enum clnt_stat rpc_stat;
2499 	struct timeval timeout;
2500 
2501 	p = (struct ppathcnf *)malloc(sizeof (struct ppathcnf));
2502 	if (p == NULL) {
2503 		syslog(LOG_ERR, "get_pathconf: Out of memory");
2504 		return (RET_ERR);
2505 	}
2506 	memset((caddr_t)p, 0, sizeof (struct ppathcnf));
2507 
2508 	timeout.tv_sec = 10;
2509 	timeout.tv_usec = 0;
2510 	rpc_stat = clnt_call(cl, MOUNTPROC_PATHCONF,
2511 	    xdr_dirpath, (caddr_t)&path, xdr_ppathcnf, (caddr_t)p, timeout);
2512 	if (rpc_stat != RPC_SUCCESS) {
2513 		if (cretries-- <= 0) {
2514 			syslog(LOG_ERR,
2515 			    "get_pathconf: %s: server not responding: %s",
2516 			    fsname, clnt_sperror(cl, ""));
2517 		}
2518 		free(p);
2519 		return (RET_RETRY);
2520 	}
2521 	if (_PC_ISSET(_PC_ERROR, p->pc_mask)) {
2522 		syslog(LOG_ERR, "get_pathconf: no info for %s", fsname);
2523 		free(p);
2524 		return (RET_ERR);
2525 	}
2526 	*pcnf = (struct pathcnf *)p;
2527 	return (RET_OK);
2528 }
2529 
2530 struct knetconfig *
2531 get_knconf(nconf)
2532 	struct netconfig *nconf;
2533 {
2534 	struct stat stbuf;
2535 	struct knetconfig *k;
2536 
2537 	if (stat(nconf->nc_device, &stbuf) < 0) {
2538 		syslog(LOG_ERR, "get_knconf: stat %s: %m", nconf->nc_device);
2539 		return (NULL);
2540 	}
2541 	k = (struct knetconfig *)malloc(sizeof (*k));
2542 	if (k == NULL)
2543 		goto nomem;
2544 	k->knc_semantics = nconf->nc_semantics;
2545 	k->knc_protofmly = strdup(nconf->nc_protofmly);
2546 	if (k->knc_protofmly == NULL)
2547 		goto nomem;
2548 	k->knc_proto = strdup(nconf->nc_proto);
2549 	if (k->knc_proto == NULL)
2550 		goto nomem;
2551 	k->knc_rdev = stbuf.st_rdev;
2552 
2553 	return (k);
2554 
2555 nomem:
2556 	syslog(LOG_ERR, "get_knconf: no memory");
2557 	free_knconf(k);
2558 	return (NULL);
2559 }
2560 
2561 void
2562 free_knconf(k)
2563 	struct knetconfig *k;
2564 {
2565 	if (k == NULL)
2566 		return;
2567 	if (k->knc_protofmly)
2568 		free(k->knc_protofmly);
2569 	if (k->knc_proto)
2570 		free(k->knc_proto);
2571 	free(k);
2572 }
2573 
2574 void
2575 netbuf_free(nb)
2576 	struct netbuf *nb;
2577 {
2578 	if (nb == NULL)
2579 		return;
2580 	if (nb->buf)
2581 		free(nb->buf);
2582 	free(nb);
2583 }
2584 
2585 #define	SMALL_HOSTNAME		20
2586 #define	SMALL_PROTONAME		10
2587 #define	SMALL_PROTOFMLYNAME		10
2588 
2589 struct portmap_cache {
2590 	int cache_prog;
2591 	int cache_vers;
2592 	time_t cache_time;
2593 	char cache_small_hosts[SMALL_HOSTNAME + 1];
2594 	char *cache_hostname;
2595 	char *cache_proto;
2596 	char *cache_protofmly;
2597 	char cache_small_protofmly[SMALL_PROTOFMLYNAME + 1];
2598 	char cache_small_proto[SMALL_PROTONAME + 1];
2599 	struct netbuf cache_srv_addr;
2600 	struct portmap_cache *cache_prev, *cache_next;
2601 };
2602 
2603 rwlock_t portmap_cache_lock;
2604 static int portmap_cache_valid_time = 30;
2605 struct portmap_cache *portmap_cache_head, *portmap_cache_tail;
2606 
2607 #ifdef MALLOC_DEBUG
2608 void
2609 portmap_cache_flush()
2610 {
2611 	struct  portmap_cache *next = NULL, *cp;
2612 
2613 	(void) rw_wrlock(&portmap_cache_lock);
2614 	for (cp = portmap_cache_head; cp; cp = cp->cache_next) {
2615 		if (cp->cache_hostname != NULL &&
2616 		    cp->cache_hostname !=
2617 		    cp->cache_small_hosts)
2618 			free(cp->cache_hostname);
2619 		if (cp->cache_proto != NULL &&
2620 		    cp->cache_proto !=
2621 		    cp->cache_small_proto)
2622 			free(cp->cache_proto);
2623 		if (cp->cache_srv_addr.buf != NULL)
2624 			free(cp->cache_srv_addr.buf);
2625 		next = cp->cache_next;
2626 		free(cp);
2627 	}
2628 	portmap_cache_head = NULL;
2629 	portmap_cache_tail = NULL;
2630 	(void) rw_unlock(&portmap_cache_lock);
2631 }
2632 #endif
2633 
2634 /*
2635  * Returns 1 if the entry is found in the cache, 0 otherwise.
2636  */
2637 static int
2638 portmap_cache_lookup(hostname, prog, vers, nconf, addrp)
2639 	char *hostname;
2640 	rpcprog_t prog;
2641 	rpcvers_t vers;
2642 	struct netconfig *nconf;
2643 	struct netbuf *addrp;
2644 {
2645 	struct	portmap_cache *cachep, *prev, *next = NULL, *cp;
2646 	int	retval = 0;
2647 
2648 	timenow = time(NULL);
2649 
2650 	(void) rw_rdlock(&portmap_cache_lock);
2651 
2652 	/*
2653 	 * Increment the portmap cache counters for # accesses and lookups
2654 	 * Use a smaller factor (100 vs 1000 for the host cache) since
2655 	 * initial analysis shows this cache is looked up 10% that of the
2656 	 * host cache.
2657 	 */
2658 #ifdef CACHE_DEBUG
2659 	portmap_cache_accesses++;
2660 	portmap_cache_lookups++;
2661 	if ((portmap_cache_lookups%100) == 0)
2662 		trace_portmap_cache();
2663 #endif /* CACHE_DEBUG */
2664 
2665 	for (cachep = portmap_cache_head; cachep;
2666 		cachep = cachep->cache_next) {
2667 		if (timenow > cachep->cache_time) {
2668 			/*
2669 			 * We stumbled across an entry in the cache which
2670 			 * has timed out. Free up all the entries that
2671 			 * were added before it, which will positionally
2672 			 * be after this entry. And adjust neighboring
2673 			 * pointers.
2674 			 * When we drop the lock and re-acquire it, we
2675 			 * need to start from the beginning.
2676 			 */
2677 			(void) rw_unlock(&portmap_cache_lock);
2678 			(void) rw_wrlock(&portmap_cache_lock);
2679 			for (cp = portmap_cache_head;
2680 				cp && (cp->cache_time >= timenow);
2681 				cp = cp->cache_next)
2682 				;
2683 			if (cp == NULL)
2684 				goto done;
2685 			/*
2686 			 * Adjust the link of the predecessor.
2687 			 * Make the tail point to the new last entry.
2688 			 */
2689 			prev = cp->cache_prev;
2690 			if (prev == NULL) {
2691 				portmap_cache_head = NULL;
2692 				portmap_cache_tail = NULL;
2693 			} else {
2694 				prev->cache_next = NULL;
2695 				portmap_cache_tail = prev;
2696 			}
2697 			for (; cp; cp = next) {
2698 				if (cp->cache_hostname != NULL &&
2699 				    cp->cache_hostname !=
2700 				    cp->cache_small_hosts)
2701 					free(cp->cache_hostname);
2702 				if (cp->cache_proto != NULL &&
2703 				    cp->cache_proto !=
2704 				    cp->cache_small_proto)
2705 					free(cp->cache_proto);
2706 				if (cp->cache_srv_addr.buf != NULL)
2707 					free(cp->cache_srv_addr.buf);
2708 				next = cp->cache_next;
2709 				free(cp);
2710 			}
2711 			goto done;
2712 		}
2713 		if (cachep->cache_hostname == NULL ||
2714 		    prog != cachep->cache_prog || vers != cachep->cache_vers ||
2715 		    strcmp(nconf->nc_proto, cachep->cache_proto) != 0 ||
2716 		    strcmp(nconf->nc_protofmly, cachep->cache_protofmly) != 0 ||
2717 		    strcmp(hostname, cachep->cache_hostname) != 0)
2718 			continue;
2719 		/*
2720 		 * Cache Hit.
2721 		 */
2722 #ifdef CACHE_DEBUG
2723 		portmap_cache_hits++;	/* up portmap cache hit counter */
2724 #endif /* CACHE_DEBUG */
2725 		addrp->len = cachep->cache_srv_addr.len;
2726 		memcpy(addrp->buf, cachep->cache_srv_addr.buf, addrp->len);
2727 		retval = 1;
2728 		break;
2729 	}
2730 done:
2731 	(void) rw_unlock(&portmap_cache_lock);
2732 	return (retval);
2733 }
2734 
2735 static void
2736 portmap_cache_enter(hostname, prog, vers, nconf, addrp)
2737 	char *hostname;
2738 	rpcprog_t prog;
2739 	rpcvers_t vers;
2740 	struct netconfig *nconf;
2741 	struct netbuf *addrp;
2742 {
2743 	struct portmap_cache *cachep;
2744 	int protofmlylen;
2745 	int protolen, hostnamelen;
2746 
2747 	timenow = time(NULL);
2748 
2749 	cachep = malloc(sizeof (struct portmap_cache));
2750 	if (cachep == NULL)
2751 		return;
2752 	memset((char *)cachep, 0, sizeof (*cachep));
2753 
2754 	hostnamelen = strlen(hostname);
2755 	if (hostnamelen <= SMALL_HOSTNAME)
2756 		cachep->cache_hostname = cachep->cache_small_hosts;
2757 	else {
2758 		cachep->cache_hostname = malloc(hostnamelen + 1);
2759 		if (cachep->cache_hostname == NULL)
2760 			goto nomem;
2761 	}
2762 	strcpy(cachep->cache_hostname, hostname);
2763 	protolen = strlen(nconf->nc_proto);
2764 	if (protolen <= SMALL_PROTONAME)
2765 		cachep->cache_proto = cachep->cache_small_proto;
2766 	else {
2767 		cachep->cache_proto = malloc(protolen + 1);
2768 		if (cachep->cache_proto == NULL)
2769 			goto nomem;
2770 	}
2771 	protofmlylen = strlen(nconf->nc_protofmly);
2772 	if (protofmlylen <= SMALL_PROTOFMLYNAME)
2773 		cachep->cache_protofmly = cachep->cache_small_protofmly;
2774 	else {
2775 		cachep->cache_protofmly = malloc(protofmlylen + 1);
2776 		if (cachep->cache_protofmly == NULL)
2777 			goto nomem;
2778 	}
2779 
2780 	strcpy(cachep->cache_proto, nconf->nc_proto);
2781 	cachep->cache_prog = prog;
2782 	cachep->cache_vers = vers;
2783 	cachep->cache_time = timenow + portmap_cache_valid_time;
2784 	cachep->cache_srv_addr.len = addrp->len;
2785 	cachep->cache_srv_addr.buf = malloc(addrp->len);
2786 	if (cachep->cache_srv_addr.buf == NULL)
2787 		goto nomem;
2788 	memcpy(cachep->cache_srv_addr.buf, addrp->buf, addrp->maxlen);
2789 	cachep->cache_prev = NULL;
2790 	(void) rw_wrlock(&portmap_cache_lock);
2791 	/*
2792 	 * There's a window in which we could have multiple threads making
2793 	 * the same cache entry. This can be avoided by walking the cache
2794 	 * once again here to check and see if there are duplicate entries
2795 	 * (after grabbing the write lock). This isn't fatal and I'm not
2796 	 * going to bother with this.
2797 	 */
2798 #ifdef CACHE_DEBUG
2799 	portmap_cache_accesses++;	/* up portmap cache access counter */
2800 #endif /* CACHE_DEBUG */
2801 	cachep->cache_next = portmap_cache_head;
2802 	if (portmap_cache_head != NULL)
2803 		portmap_cache_head->cache_prev = cachep;
2804 	portmap_cache_head = cachep;
2805 	(void) rw_unlock(&portmap_cache_lock);
2806 	return;
2807 
2808 nomem:
2809 	syslog(LOG_ERR, "portmap_cache_enter: Memory allocation failed");
2810 	if (cachep->cache_srv_addr.buf)
2811 		free(cachep->cache_srv_addr.buf);
2812 	if (cachep->cache_proto && protolen > SMALL_PROTONAME)
2813 		free(cachep->cache_proto);
2814 	if (cachep->cache_hostname && hostnamelen > SMALL_HOSTNAME)
2815 		free(cachep->cache_hostname);
2816 	if (cachep->cache_protofmly && protofmlylen > SMALL_PROTOFMLYNAME)
2817 		free(cachep->cache_protofmly);
2818 	if (cachep)
2819 		free(cachep);
2820 	cachep = NULL;
2821 }
2822 
2823 static int
2824 get_cached_srv_addr(char *hostname, rpcprog_t prog, rpcvers_t vers,
2825 	struct netconfig *nconf, struct netbuf *addrp)
2826 {
2827 	if (portmap_cache_lookup(hostname, prog, vers, nconf, addrp))
2828 		return (1);
2829 	if (rpcb_getaddr(prog, vers, nconf, addrp, hostname) == 0)
2830 		return (0);
2831 	portmap_cache_enter(hostname, prog, vers, nconf, addrp);
2832 	return (1);
2833 }
2834 
2835 /*
2836  * Get the network address on "hostname" for program "prog"
2837  * with version "vers" by using the nconf configuration data
2838  * passed in.
2839  *
2840  * If the address of a netconfig pointer is null then
2841  * information is not sufficient and no netbuf will be returned.
2842  *
2843  * tinfo argument is for matching the get_the_addr() defined in
2844  * ../nfs/mount/mount.c
2845  */
2846 void *
2847 get_the_stuff(
2848 	enum type_of_stuff type_of_stuff,
2849 	char *hostname,
2850 	rpcprog_t prog,
2851 	rpcprog_t vers,
2852 	mfs_snego_t *mfssnego,
2853 	struct netconfig *nconf,
2854 	ushort_t port,
2855 	struct t_info *tinfo,
2856 	caddr_t *fhp,
2857 	bool_t direct_to_server,
2858 	char *fspath,
2859 	enum clnt_stat *cstat)
2860 
2861 {
2862 	struct netbuf *nb = NULL;
2863 	struct t_bind *tbind = NULL;
2864 	int fd = -1;
2865 	enum clnt_stat cs = RPC_TIMEDOUT;
2866 	CLIENT *cl = NULL;
2867 	struct timeval tv;
2868 	AUTH *ah = NULL;
2869 	AUTH *new_ah = NULL;
2870 	struct snego_t snego;
2871 
2872 	if (nconf == NULL) {
2873 		goto done;
2874 	}
2875 
2876 	if (prog == NFS_PROGRAM && vers == NFS_V4)
2877 		if (strncasecmp(nconf->nc_proto, NC_UDP, strlen(NC_UDP)) == 0)
2878 			goto done;
2879 
2880 	if ((fd = t_open(nconf->nc_device, O_RDWR, tinfo)) < 0) {
2881 		goto done;
2882 	}
2883 
2884 	/* LINTED pointer alignment */
2885 	if ((tbind = (struct t_bind *)t_alloc(fd, T_BIND, T_ADDR))
2886 		    == NULL) {
2887 			goto done;
2888 	}
2889 
2890 	if (direct_to_server == TRUE) {
2891 		struct nd_hostserv hs;
2892 		struct nd_addrlist *retaddrs;
2893 		hs.h_host = hostname;
2894 
2895 		if (trace > 1)
2896 			trace_prt(1, "	get_the_stuff: %s call "
2897 				"direct to server %s\n",
2898 				type_of_stuff == SERVER_FH ? "pub fh" :
2899 				type_of_stuff == SERVER_ADDR ? "get address" :
2900 				type_of_stuff == SERVER_PING ? "ping" :
2901 				"unknown", hostname);
2902 		if (port == 0)
2903 			hs.h_serv = "nfs";
2904 		else
2905 			hs.h_serv = NULL;
2906 
2907 		if (netdir_getbyname(nconf, &hs, &retaddrs) != ND_OK) {
2908 			goto done;
2909 		}
2910 		memcpy(tbind->addr.buf, retaddrs->n_addrs->buf,
2911 			retaddrs->n_addrs->len);
2912 		tbind->addr.len = retaddrs->n_addrs->len;
2913 		netdir_free((void *)retaddrs, ND_ADDRLIST);
2914 		if (port) {
2915 			/* LINTED pointer alignment */
2916 
2917 			if (strcmp(nconf->nc_protofmly, NC_INET) == NULL)
2918 				((struct sockaddr_in *)
2919 				tbind->addr.buf)->sin_port =
2920 					htons((ushort_t)port);
2921 			else if (strcmp(nconf->nc_protofmly, NC_INET6) == NULL)
2922 				((struct sockaddr_in6 *)
2923 				tbind->addr.buf)->sin6_port =
2924 					htons((ushort_t)port);
2925 		}
2926 
2927 		if (type_of_stuff == SERVER_FH) {
2928 			if (netdir_options(nconf, ND_SET_RESERVEDPORT, fd,
2929 				NULL) == -1)
2930 				if (trace > 1)
2931 					trace_prt(1, "\tget_the_stuff: "
2932 						"ND_SET_RESERVEDPORT(%s) "
2933 						"failed\n", hostname);
2934 		}
2935 
2936 		cl = clnt_tli_create(fd, nconf, &tbind->addr, prog,
2937 			vers, 0, 0);
2938 
2939 		if (trace > 1)
2940 			trace_prt(1, "	get_the_stuff: clnt_tli_create(%s) "
2941 				"returned %p\n", hostname, cl);
2942 		if (cl == NULL)
2943 			goto done;
2944 #ifdef MALLOC_DEBUG
2945 		add_alloc("CLNT_HANDLE", cl, 0, __FILE__, __LINE__);
2946 		add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
2947 			__FILE__, __LINE__);
2948 #endif
2949 
2950 		switch (type_of_stuff) {
2951 		case SERVER_FH:
2952 		    {
2953 		    enum snego_stat sec;
2954 
2955 		    ah = authsys_create_default();
2956 		    if (ah != NULL) {
2957 #ifdef MALLOC_DEBUG
2958 			drop_alloc("AUTH_HANDLE", cl->cl_auth,
2959 				__FILE__, __LINE__);
2960 #endif
2961 			AUTH_DESTROY(cl->cl_auth);
2962 			cl->cl_auth = ah;
2963 #ifdef MALLOC_DEBUG
2964 			add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
2965 				__FILE__, __LINE__);
2966 #endif
2967 		    }
2968 
2969 		    if (!mfssnego->snego_done && vers != NFS_V4) {
2970 			/*
2971 			 * negotiate sec flavor.
2972 			 */
2973 			snego.cnt = 0;
2974 			if ((sec = nfs_sec_nego(vers, cl, fspath, &snego)) ==
2975 				SNEGO_SUCCESS) {
2976 			    int jj;
2977 
2978 			/*
2979 			 * check if server supports the one
2980 			 * specified in the sec= option.
2981 			 */
2982 			    if (mfssnego->sec_opt) {
2983 				for (jj = 0; jj < snego.cnt; jj++) {
2984 				    if (snego.array[jj] ==
2985 					mfssnego->nfs_sec.sc_nfsnum) {
2986 					mfssnego->snego_done = TRUE;
2987 					break;
2988 				    }
2989 				}
2990 			    }
2991 
2992 			/*
2993 			 * find a common sec flavor
2994 			 */
2995 			    if (!mfssnego->snego_done) {
2996 				for (jj = 0; jj < snego.cnt; jj++) {
2997 				    if (!nfs_getseconfig_bynumber(
2998 					snego.array[jj], &mfssnego->nfs_sec)) {
2999 					mfssnego->snego_done = TRUE;
3000 					break;
3001 				    }
3002 				}
3003 			    }
3004 			    if (!mfssnego->snego_done)
3005 				return (NULL);
3006 
3007 			/*
3008 			 * Now that the flavor has been
3009 			 * negotiated, get the fh.
3010 			 *
3011 			 * First, create an auth handle using the negotiated
3012 			 * sec flavor in the next lookup to
3013 			 * fetch the filehandle.
3014 			 */
3015 			    new_ah = nfs_create_ah(cl, hostname,
3016 					&mfssnego->nfs_sec);
3017 			    if (new_ah == NULL)
3018 				goto done;
3019 #ifdef MALLOC_DEBUG
3020 			    drop_alloc("AUTH_HANDLE", cl->cl_auth,
3021 				__FILE__, __LINE__);
3022 #endif
3023 			    AUTH_DESTROY(cl->cl_auth);
3024 			    cl->cl_auth = new_ah;
3025 #ifdef MALLOC_DEBUG
3026 			    add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
3027 				__FILE__, __LINE__);
3028 #endif
3029 			} else if (sec == SNEGO_ARRAY_TOO_SMALL ||
3030 			    sec == SNEGO_FAILURE) {
3031 			    goto done;
3032 			}
3033 			/*
3034 			 * Note that if sec == SNEGO_DEF_VALID
3035 			 * the default sec flavor is acceptable.
3036 			 * Use it to get the filehandle.
3037 			 */
3038 		    }
3039 		    }
3040 
3041 		    switch (vers) {
3042 		    case NFS_VERSION:
3043 			    {
3044 			    wnl_diropargs arg;
3045 			    wnl_diropres res;
3046 
3047 			    memset((char *)&arg.dir, 0, sizeof (wnl_fh));
3048 			    memset((char *)&res, 0, sizeof (wnl_diropres));
3049 			    arg.name = fspath;
3050 			    if (wnlproc_lookup_2(&arg, &res, cl) !=
3051 				RPC_SUCCESS || res.status != NFS_OK)
3052 				    goto done;
3053 			    *fhp = malloc(sizeof (wnl_fh));
3054 
3055 			    if (*fhp == NULL) {
3056 				    syslog(LOG_ERR, "no memory\n");
3057 				    goto done;
3058 			    }
3059 
3060 			    memcpy((char *)*fhp,
3061 			    (char *)&res.wnl_diropres_u.wnl_diropres.file,
3062 				sizeof (wnl_fh));
3063 			    cs = RPC_SUCCESS;
3064 			    }
3065 			    break;
3066 		    case NFS_V3:
3067 			    {
3068 			    WNL_LOOKUP3args arg;
3069 			    WNL_LOOKUP3res res;
3070 			    nfs_fh3 *fh3p;
3071 
3072 			    memset((char *)&arg.what.dir, 0, sizeof (wnl_fh3));
3073 			    memset((char *)&res, 0, sizeof (WNL_LOOKUP3res));
3074 			    arg.what.name = fspath;
3075 			    if (wnlproc3_lookup_3(&arg, &res, cl) !=
3076 				RPC_SUCCESS || res.status != NFS3_OK)
3077 				    goto done;
3078 
3079 			    fh3p = (nfs_fh3 *)malloc(sizeof (*fh3p));
3080 
3081 			    if (fh3p == NULL) {
3082 				    syslog(LOG_ERR, "no memory\n");
3083 				    goto done;
3084 			    }
3085 
3086 			    fh3p->fh3_length = res.
3087 				WNL_LOOKUP3res_u.res_ok.object.data.data_len;
3088 			    memcpy(fh3p->fh3_u.data, res.
3089 				WNL_LOOKUP3res_u.res_ok.object.data.data_val,
3090 				fh3p->fh3_length);
3091 
3092 			    *fhp = (caddr_t)fh3p;
3093 
3094 			    cs = RPC_SUCCESS;
3095 			    }
3096 			    break;
3097 		    case NFS_V4:
3098 			    tv.tv_sec = 10;
3099 			    tv.tv_usec = 0;
3100 			    cs = clnt_call(cl, NULLPROC, xdr_void, 0,
3101 				xdr_void, 0, tv);
3102 			    if (cs != RPC_SUCCESS)
3103 				    goto done;
3104 			    *fhp = strdup(fspath);
3105 			    break;
3106 		    }
3107 		    break;
3108 		case SERVER_ADDR:
3109 		case SERVER_PING:
3110 			tv.tv_sec = 10;
3111 			tv.tv_usec = 0;
3112 			cs = clnt_call(cl, NULLPROC, xdr_void, 0,
3113 				xdr_void, 0, tv);
3114 			if (trace > 1)
3115 				trace_prt(1,
3116 					"get_the_stuff: clnt_call(%s) "
3117 					"returned %s\n",
3118 				hostname,
3119 					cs == RPC_SUCCESS ? "success" :
3120 					"failure");
3121 
3122 			if (cs != RPC_SUCCESS)
3123 				goto done;
3124 			break;
3125 		}
3126 
3127 	} else if (type_of_stuff != SERVER_FH) {
3128 
3129 		if (type_of_stuff == SERVER_ADDR) {
3130 			if (get_cached_srv_addr(hostname, prog, vers, nconf,
3131 			    &tbind->addr) == 0)
3132 				goto done;
3133 		}
3134 
3135 		if (port) {
3136 			/* LINTED pointer alignment */
3137 			if (strcmp(nconf->nc_protofmly, NC_INET) == NULL)
3138 				((struct sockaddr_in *)
3139 				tbind->addr.buf)->sin_port =
3140 					htons((ushort_t)port);
3141 			else if (strcmp(nconf->nc_protofmly, NC_INET6) == NULL)
3142 				((struct sockaddr_in6 *)
3143 				tbind->addr.buf)->sin6_port =
3144 					htons((ushort_t)port);
3145 			cl = clnt_tli_create(fd, nconf, &tbind->addr,
3146 				prog, vers, 0, 0);
3147 			if (cl == NULL)
3148 				goto done;
3149 #ifdef MALLOC_DEBUG
3150 			add_alloc("CLNT_HANDLE", cl, 0, __FILE__, __LINE__);
3151 			add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
3152 				__FILE__, __LINE__);
3153 #endif
3154 			tv.tv_sec = 10;
3155 			tv.tv_usec = 0;
3156 			cs = clnt_call(cl, NULLPROC, xdr_void, 0, xdr_void,
3157 				0, tv);
3158 			if (cs != RPC_SUCCESS)
3159 				goto done;
3160 		}
3161 
3162 	} else {
3163 		/* can't happen */
3164 		goto done;
3165 	}
3166 
3167 	if (type_of_stuff != SERVER_PING) {
3168 
3169 		cs = RPC_SYSTEMERROR;
3170 
3171 		/*
3172 		 * Make a copy of the netbuf to return
3173 		 */
3174 		nb = (struct netbuf *)malloc(sizeof (struct netbuf));
3175 		if (nb == NULL) {
3176 			syslog(LOG_ERR, "no memory\n");
3177 			goto done;
3178 		}
3179 		*nb = tbind->addr;
3180 		nb->buf = (char *)malloc(nb->maxlen);
3181 		if (nb->buf == NULL) {
3182 			syslog(LOG_ERR, "no memory\n");
3183 			free(nb);
3184 			nb = NULL;
3185 			goto done;
3186 		}
3187 		(void) memcpy(nb->buf, tbind->addr.buf, tbind->addr.len);
3188 
3189 		cs = RPC_SUCCESS;
3190 	}
3191 
3192 done:
3193 	if (cl != NULL) {
3194 		if (ah != NULL) {
3195 #ifdef MALLOC_DEBUG
3196 			drop_alloc("AUTH_HANDLE", cl->cl_auth,
3197 				__FILE__, __LINE__);
3198 #endif
3199 			AUTH_DESTROY(cl->cl_auth);
3200 			cl->cl_auth = NULL;
3201 		}
3202 #ifdef MALLOC_DEBUG
3203 		drop_alloc("CLNT_HANDLE", cl, __FILE__, __LINE__);
3204 #endif
3205 		clnt_destroy(cl);
3206 	}
3207 
3208 	if (tbind) {
3209 		t_free((char *)tbind, T_BIND);
3210 		tbind = NULL;
3211 	}
3212 
3213 	if (fd >= 0)
3214 		(void) t_close(fd);
3215 
3216 	if (cstat != NULL)
3217 		*cstat = cs;
3218 
3219 	return (nb);
3220 }
3221 
3222 /*
3223  * Get a network address on "hostname" for program "prog"
3224  * with version "vers".  If the port number is specified (non zero)
3225  * then try for a TCP/UDP transport and set the port number of the
3226  * resulting IP address.
3227  *
3228  * If the address of a netconfig pointer was passed and
3229  * if it's not null, use it as the netconfig otherwise
3230  * assign the address of the netconfig that was used to
3231  * establish contact with the service.
3232  *
3233  * tinfo argument is for matching the get_addr() defined in
3234  * ../nfs/mount/mount.c
3235  */
3236 
3237 static struct netbuf *
3238 get_addr(char *hostname, rpcprog_t prog, rpcvers_t vers,
3239 	struct netconfig **nconfp, char *proto, ushort_t port,
3240 	struct t_info *tinfo)
3241 
3242 {
3243 	enum clnt_stat cstat;
3244 
3245 	return (get_server_stuff(SERVER_ADDR, hostname, prog, vers, NULL,
3246 		nconfp, proto, port, tinfo, NULL, FALSE, NULL, &cstat));
3247 }
3248 
3249 static struct netbuf *
3250 get_pubfh(char *hostname, rpcvers_t vers, mfs_snego_t *mfssnego,
3251 	struct netconfig **nconfp, char *proto, ushort_t port,
3252 	struct t_info *tinfo, caddr_t *fhp, bool_t get_pubfh, char *fspath)
3253 {
3254 	enum clnt_stat cstat;
3255 
3256 	return (get_server_stuff(SERVER_FH, hostname, NFS_PROGRAM, vers,
3257 	    mfssnego, nconfp, proto, port, tinfo, fhp, get_pubfh, fspath,
3258 	    &cstat));
3259 }
3260 
3261 static enum clnt_stat
3262 get_ping(char *hostname, rpcprog_t prog, rpcvers_t vers,
3263 	struct netconfig **nconfp, ushort_t port, bool_t direct_to_server)
3264 {
3265 	enum clnt_stat cstat;
3266 
3267 	(void) get_server_stuff(SERVER_PING, hostname, prog, vers, NULL, nconfp,
3268 	    NULL, port, NULL, NULL, direct_to_server, NULL, &cstat);
3269 
3270 	return (cstat);
3271 }
3272 
3273 void *
3274 get_server_stuff(
3275 	enum type_of_stuff type_of_stuff,
3276 	char *hostname,
3277 	rpcprog_t prog,
3278 	rpcvers_t vers,
3279 	mfs_snego_t *mfssnego,
3280 	struct netconfig **nconfp,
3281 	char *proto,
3282 	ushort_t port,			/* may be zero */
3283 	struct t_info *tinfo,
3284 	caddr_t *fhp,
3285 	bool_t direct_to_server,
3286 	char *fspath,
3287 	enum clnt_stat *cstatp)
3288 {
3289 	struct netbuf *nb = NULL;
3290 	struct netconfig *nconf = NULL;
3291 	NCONF_HANDLE *nc = NULL;
3292 	int nthtry = FIRST_TRY;
3293 
3294 	if (nconfp && *nconfp)
3295 		return (get_the_stuff(type_of_stuff, hostname, prog, vers,
3296 		    mfssnego, *nconfp, port, tinfo, fhp, direct_to_server,
3297 		    fspath, cstatp));
3298 
3299 
3300 	/*
3301 	 * No nconf passed in.
3302 	 *
3303 	 * Try to get a nconf from /etc/netconfig.
3304 	 * First choice is COTS, second is CLTS unless proto
3305 	 * is specified.  When we retry, we reset the
3306 	 * netconfig list, so that we search the whole list
3307 	 * for the next choice.
3308 	 */
3309 	if ((nc = setnetpath()) == NULL)
3310 		goto done;
3311 
3312 	/*
3313 	 * If proto is specified, then only search for the match,
3314 	 * otherwise try COTS first, if failed, then try CLTS.
3315 	 */
3316 	if (proto) {
3317 
3318 		while (nconf = getnetpath(nc)) {
3319 			if (strcmp(nconf->nc_proto, proto))
3320 				continue;
3321 			/*
3322 			 * If the port number is specified then TCP/UDP
3323 			 * is needed. Otherwise any cots/clts will do.
3324 			 */
3325 			if (port)  {
3326 				if ((strcmp(nconf->nc_protofmly, NC_INET) &&
3327 				    strcmp(nconf->nc_protofmly, NC_INET6)) ||
3328 				    (strcmp(nconf->nc_proto, NC_TCP) &&
3329 				    strcmp(nconf->nc_proto, NC_UDP)))
3330 					continue;
3331 			}
3332 
3333 			nb = get_the_stuff(type_of_stuff, hostname, prog, vers,
3334 			    mfssnego, nconf, port, tinfo, fhp,
3335 			    direct_to_server, fspath, cstatp);
3336 
3337 			if (*cstatp == RPC_SUCCESS)
3338 				break;
3339 
3340 			assert(nb == NULL);
3341 
3342 		} /* end of while */
3343 
3344 		if (nconf == NULL)
3345 			goto done;
3346 
3347 	} else {
3348 retry:
3349 		while (nconf = getnetpath(nc)) {
3350 			if (nconf->nc_flag & NC_VISIBLE) {
3351 				if (nthtry == FIRST_TRY) {
3352 					if ((nconf->nc_semantics ==
3353 					    NC_TPI_COTS_ORD) ||
3354 					    (nconf->nc_semantics ==
3355 					    NC_TPI_COTS)) {
3356 						if (port == 0)
3357 							break;
3358 						if ((strcmp(nconf->nc_protofmly,
3359 						    NC_INET) == 0 ||
3360 						    strcmp(nconf->nc_protofmly,
3361 						    NC_INET6) == 0) &&
3362 						    (strcmp(nconf->nc_proto,
3363 						    NC_TCP) == 0))
3364 							break;
3365 					}
3366 				}
3367 				if (nthtry == SECOND_TRY) {
3368 					if (nconf->nc_semantics ==
3369 					    NC_TPI_CLTS) {
3370 						if (port == 0)
3371 							break;
3372 						if ((strcmp(nconf->nc_protofmly,
3373 						    NC_INET) == 0 ||
3374 						    strcmp(nconf->nc_protofmly,
3375 						    NC_INET6) == 0) &&
3376 						    (strcmp(nconf->nc_proto,
3377 						    NC_UDP) == 0))
3378 							break;
3379 					}
3380 				}
3381 			}
3382 		} /* while */
3383 		if (nconf == NULL) {
3384 			if (++nthtry <= MNT_PREF_LISTLEN) {
3385 				endnetpath(nc);
3386 				if ((nc = setnetpath()) == NULL)
3387 					goto done;
3388 				goto retry;
3389 			} else
3390 				goto done;
3391 		} else {
3392 			nb = get_the_stuff(type_of_stuff, hostname, prog, vers,
3393 			    mfssnego, nconf, port, tinfo, fhp, direct_to_server,
3394 			    fspath, cstatp);
3395 			if (*cstatp != RPC_SUCCESS)
3396 				/*
3397 				 * Continue the same search path in the
3398 				 * netconfig db until no more matched nconf
3399 				 * (nconf == NULL).
3400 				 */
3401 				goto retry;
3402 		}
3403 	} /* if !proto */
3404 
3405 	/*
3406 	 * Got nconf and nb.  Now dup the netconfig structure (nconf)
3407 	 * and return it thru nconfp.
3408 	 */
3409 	*nconfp = getnetconfigent(nconf->nc_netid);
3410 	if (*nconfp == NULL) {
3411 		syslog(LOG_ERR, "no memory\n");
3412 		free(nb);
3413 		nb = NULL;
3414 	}
3415 done:
3416 	if (nc)
3417 		endnetpath(nc);
3418 	return (nb);
3419 }
3420 
3421 
3422 /*
3423  * Sends a null call to the remote host's (NFS program, versp). versp
3424  * may be "NULL" in which case the default maximum version is used.
3425  * Upon return, versp contains the maximum version supported iff versp!= NULL.
3426  */
3427 enum clnt_stat
3428 pingnfs(
3429 	char *hostpart,
3430 	int attempts,
3431 	rpcvers_t *versp,
3432 	rpcvers_t versmin,
3433 	ushort_t port,			/* may be zero */
3434 	bool_t usepub,
3435 	char *path,
3436 	char *proto)
3437 {
3438 	CLIENT *cl = NULL;
3439 	struct timeval rpc_to_new = {15, 0};
3440 	static struct timeval rpc_rtrans_new = {-1, -1};
3441 	enum clnt_stat clnt_stat;
3442 	int i, j;
3443 	rpcvers_t versmax;	/* maximum version to try against server */
3444 	rpcvers_t outvers;	/* version supported by host on last call */
3445 	rpcvers_t vers_to_try;	/* to try different versions against host */
3446 	char *hostname;
3447 	struct netconfig *nconf;
3448 
3449 	hostname = strdup(hostpart);
3450 	if (hostname == NULL) {
3451 		return (RPC_SYSTEMERROR);
3452 	}
3453 	unbracket(&hostname);
3454 
3455 	if (path != NULL && strcmp(hostname, "nfs") == 0 &&
3456 	    strncmp(path, "//", 2) == 0) {
3457 		char *sport;
3458 
3459 		hostname = strdup(path+2);
3460 
3461 		if (hostname == NULL)
3462 			return (RPC_SYSTEMERROR);
3463 
3464 		path = strchr(hostname, '/');
3465 
3466 		/*
3467 		 * This cannot happen. If it does, give up
3468 		 * on the ping as this is obviously a corrupt
3469 		 * entry.
3470 		 */
3471 		if (path == NULL) {
3472 			free(hostname);
3473 			return (RPC_SUCCESS);
3474 		}
3475 
3476 		/*
3477 		 * Probable end point of host string.
3478 		 */
3479 		*path = '\0';
3480 
3481 		sport = strchr(hostname, ':');
3482 
3483 		if (sport != NULL && sport < path) {
3484 
3485 			/*
3486 			 * Actual end point of host string.
3487 			 */
3488 			*sport = '\0';
3489 			port = htons((ushort_t)atoi(sport+1));
3490 		}
3491 
3492 		usepub = TRUE;
3493 	}
3494 
3495 	/* Pick up the default versions and then set them appropriately */
3496 	if (versp) {
3497 		versmax = *versp;
3498 		/* use versmin passed in */
3499 	} else {
3500 		read_default_nfs();
3501 		set_versrange(0, &versmax, &versmin);
3502 	}
3503 
3504 	if (proto &&
3505 	    strncasecmp(proto, NC_UDP, strlen(NC_UDP)) == 0 &&
3506 	    versmax == NFS_V4) {
3507 		if (versmin == NFS_V4) {
3508 			if (versp) {
3509 				*versp = versmax - 1;
3510 				return (RPC_SUCCESS);
3511 			}
3512 			return (RPC_PROGUNAVAIL);
3513 		} else {
3514 			versmax--;
3515 		}
3516 	}
3517 
3518 	if (versp)
3519 		*versp = versmax;
3520 
3521 	switch (cache_check(hostname, versp, proto)) {
3522 	case GOODHOST:
3523 		if (hostname != hostpart)
3524 			free(hostname);
3525 		return (RPC_SUCCESS);
3526 	case DEADHOST:
3527 		if (hostname != hostpart)
3528 			free(hostname);
3529 		return (RPC_TIMEDOUT);
3530 	case NOHOST:
3531 	default:
3532 		break;
3533 	}
3534 
3535 	/*
3536 	 * XXX The retransmission time rpcbrmttime is a global defined
3537 	 * in the rpc library (rpcb_clnt.c). We use (and like) the default
3538 	 * value of 15 sec in the rpc library. The code below is to protect
3539 	 * us in case it changes. This need not be done under a lock since
3540 	 * any # of threads entering this function will get the same
3541 	 * retransmission value.
3542 	 */
3543 	if (rpc_rtrans_new.tv_sec == -1 && rpc_rtrans_new.tv_usec == -1) {
3544 		__rpc_control(CLCR_GET_RPCB_RMTTIME, (char *)&rpc_rtrans_new);
3545 		if (rpc_rtrans_new.tv_sec != 15 && rpc_rtrans_new.tv_sec != 0)
3546 			if (trace > 1)
3547 				trace_prt(1, "RPC library rttimer changed\n");
3548 	}
3549 
3550 	/*
3551 	 * XXX Manipulate the total timeout to get the number of
3552 	 * desired retransmissions. This code is heavily dependant on
3553 	 * the RPC backoff mechanism in clnt_dg_call (clnt_dg.c).
3554 	 */
3555 	for (i = 0, j = rpc_rtrans_new.tv_sec; i < attempts-1; i++) {
3556 		if (j < RPC_MAX_BACKOFF)
3557 			j *= 2;
3558 		else
3559 			j = RPC_MAX_BACKOFF;
3560 		rpc_to_new.tv_sec += j;
3561 	}
3562 
3563 	vers_to_try = versmax;
3564 
3565 	/*
3566 	 * check the host's version within the timeout
3567 	 */
3568 	if (trace > 1)
3569 		trace_prt(1, "	ping: %s timeout=%ld request vers=%d min=%d\n",
3570 		    hostname, rpc_to_new.tv_sec, versmax, versmin);
3571 
3572 	if (usepub == FALSE) {
3573 		do {
3574 			/*
3575 			 * If NFSv4, then we do the same thing as is used
3576 			 * for public filehandles so that we avoid rpcbind
3577 			 */
3578 			if (vers_to_try == NFS_V4) {
3579 				if (trace > 4) {
3580 				trace_prt(1, "  pingnfs: Trying ping via "
3581 				    "\"circuit_v\"\n");
3582 				}
3583 
3584 				cl = clnt_create_service_timed(hostname, "nfs",
3585 				    NFS_PROGRAM, vers_to_try,
3586 				    port, "circuit_v", &rpc_to_new);
3587 				if (cl != NULL) {
3588 					outvers = vers_to_try;
3589 					break;
3590 				}
3591 				if (trace > 4) {
3592 					trace_prt(1,
3593 					    "  pingnfs: Can't ping via "
3594 					    "\"circuit_v\" %s: RPC error=%d\n",
3595 					    hostname, rpc_createerr.cf_stat);
3596 				}
3597 
3598 			} else {
3599 				cl = clnt_create_vers_timed(hostname,
3600 				    NFS_PROGRAM, &outvers, versmin, vers_to_try,
3601 				    "datagram_v", &rpc_to_new);
3602 				if (cl != NULL)
3603 					break;
3604 				if (trace > 4) {
3605 					trace_prt(1,
3606 					    "  pingnfs: Can't ping via "
3607 					    "\"datagram_v\"%s: RPC error=%d\n",
3608 					    hostname, rpc_createerr.cf_stat);
3609 				}
3610 				if (rpc_createerr.cf_stat == RPC_UNKNOWNHOST ||
3611 				    rpc_createerr.cf_stat == RPC_TIMEDOUT)
3612 					break;
3613 				if (rpc_createerr.cf_stat ==
3614 				    RPC_PROGNOTREGISTERED) {
3615 					if (trace > 4) {
3616 						trace_prt(1,
3617 						    "  pingnfs: Trying ping "
3618 						    "via \"circuit_v\"\n");
3619 					}
3620 					cl = clnt_create_vers_timed(hostname,
3621 					    NFS_PROGRAM, &outvers,
3622 					    versmin, vers_to_try,
3623 					    "circuit_v", &rpc_to_new);
3624 					if (cl != NULL)
3625 						break;
3626 					if (trace > 4) {
3627 						trace_prt(1,
3628 						    "  pingnfs: Can't ping "
3629 						    "via \"circuit_v\" %s: "
3630 						    "RPC error=%d\n",
3631 						    hostname,
3632 						    rpc_createerr.cf_stat);
3633 					}
3634 				}
3635 			}
3636 
3637 		/*
3638 		 * backoff and return lower version to retry the ping.
3639 		 * XXX we should be more careful and handle
3640 		 * RPC_PROGVERSMISMATCH here, because that error is handled
3641 		 * in clnt_create_vers(). It's not done to stay in sync
3642 		 * with the nfs mount command.
3643 		 */
3644 			vers_to_try--;
3645 			if (vers_to_try < versmin)
3646 				break;
3647 			if (versp != NULL) {	/* recheck the cache */
3648 				*versp = vers_to_try;
3649 				if (trace > 4) {
3650 					trace_prt(1,
3651 					    "  pingnfs: check cache: vers=%d\n",
3652 					    *versp);
3653 				}
3654 				switch (cache_check(hostname, versp, proto)) {
3655 				case GOODHOST:
3656 					if (hostname != hostpart)
3657 						free(hostname);
3658 					return (RPC_SUCCESS);
3659 				case DEADHOST:
3660 					if (hostname != hostpart)
3661 						free(hostname);
3662 					return (RPC_TIMEDOUT);
3663 				case NOHOST:
3664 				default:
3665 					break;
3666 				}
3667 			}
3668 			if (trace > 4) {
3669 				trace_prt(1, "  pingnfs: Try version=%d\n",
3670 				    vers_to_try);
3671 			}
3672 		} while (cl == NULL);
3673 
3674 
3675 		if (cl == NULL) {
3676 			if (verbose)
3677 				syslog(LOG_ERR, "pingnfs: %s%s",
3678 				    hostname, clnt_spcreateerror(""));
3679 			clnt_stat = rpc_createerr.cf_stat;
3680 		} else {
3681 			clnt_destroy(cl);
3682 			clnt_stat = RPC_SUCCESS;
3683 		}
3684 
3685 	} else {
3686 		for (vers_to_try = versmax; vers_to_try >= versmin;
3687 		    vers_to_try--) {
3688 
3689 			nconf = NULL;
3690 
3691 			if (trace > 4) {
3692 				trace_prt(1, "  pingnfs: Try version=%d "
3693 				    "using get_ping()\n", vers_to_try);
3694 			}
3695 
3696 			clnt_stat = get_ping(hostname, NFS_PROGRAM,
3697 			    vers_to_try, &nconf, port, TRUE);
3698 
3699 			if (nconf != NULL)
3700 				freenetconfigent(nconf);
3701 
3702 			if (clnt_stat == RPC_SUCCESS) {
3703 				outvers = vers_to_try;
3704 				break;
3705 			}
3706 		}
3707 	}
3708 
3709 	if (trace > 1)
3710 		clnt_stat == RPC_SUCCESS ?
3711 		    trace_prt(1, "	pingnfs OK: nfs version=%d\n", outvers):
3712 		    trace_prt(1, "	pingnfs FAIL: can't get nfs version\n");
3713 
3714 	if (clnt_stat == RPC_SUCCESS) {
3715 		cache_enter(hostname, versmax, outvers, proto, GOODHOST);
3716 		if (versp != NULL)
3717 			*versp = outvers;
3718 	} else
3719 		cache_enter(hostname, versmax, versmax, proto, DEADHOST);
3720 
3721 	if (hostpart != hostname)
3722 		free(hostname);
3723 
3724 	return (clnt_stat);
3725 }
3726 
3727 #define	MNTTYPE_LOFS	"lofs"
3728 
3729 int
3730 loopbackmount(fsname, dir, mntopts, overlay)
3731 	char *fsname;		/* Directory being mounted */
3732 	char *dir;		/* Directory being mounted on */
3733 	char *mntopts;
3734 	int overlay;
3735 {
3736 	struct mnttab mnt;
3737 	int flags = 0;
3738 	char fstype[] = MNTTYPE_LOFS;
3739 	int dirlen;
3740 	struct stat st;
3741 	char optbuf[MAX_MNTOPT_STR];
3742 
3743 	dirlen = strlen(dir);
3744 	if (dir[dirlen-1] == ' ')
3745 		dirlen--;
3746 
3747 	if (dirlen == strlen(fsname) &&
3748 		strncmp(fsname, dir, dirlen) == 0) {
3749 		syslog(LOG_ERR,
3750 			"Mount of %s on %s would result in deadlock, aborted\n",
3751 			fsname, dir);
3752 		return (RET_ERR);
3753 	}
3754 	mnt.mnt_mntopts = mntopts;
3755 	if (hasmntopt(&mnt, MNTOPT_RO) != NULL)
3756 		flags |= MS_RDONLY;
3757 
3758 	(void) strlcpy(optbuf, mntopts, sizeof (optbuf));
3759 
3760 	if (overlay)
3761 		flags |= MS_OVERLAY;
3762 
3763 	if (trace > 1)
3764 		trace_prt(1,
3765 			"  loopbackmount: fsname=%s, dir=%s, flags=%d\n",
3766 			fsname, dir, flags);
3767 
3768 	if (is_system_labeled()) {
3769 		if (create_homedir((const char *)fsname,
3770 		    (const char *)dir) == 0) {
3771 			return (NFSERR_NOENT);
3772 		}
3773 	}
3774 
3775 	if (mount(fsname, dir, flags | MS_DATA | MS_OPTIONSTR, fstype,
3776 	    NULL, 0, optbuf, sizeof (optbuf)) < 0) {
3777 		syslog(LOG_ERR, "Mount of %s on %s: %m", fsname, dir);
3778 		return (RET_ERR);
3779 	}
3780 
3781 	if (stat(dir, &st) == 0) {
3782 		if (trace > 1) {
3783 			trace_prt(1,
3784 			    "  loopbackmount of %s on %s dev=%x rdev=%x OK\n",
3785 			    fsname, dir, st.st_dev, st.st_rdev);
3786 		}
3787 	} else {
3788 		if (trace > 1) {
3789 			trace_prt(1,
3790 			    "  loopbackmount of %s on %s OK\n", fsname, dir);
3791 			trace_prt(1, "	stat of %s failed\n", dir);
3792 		}
3793 	}
3794 
3795 	return (0);
3796 }
3797 
3798 /*
3799  * Look for the value of a numeric option of the form foo=x.  If found, set
3800  * *valp to the value and return non-zero.  If not found or the option is
3801  * malformed, return zero.
3802  */
3803 
3804 int
3805 nopt(mnt, opt, valp)
3806 	struct mnttab *mnt;
3807 	char *opt;
3808 	int *valp;			/* OUT */
3809 {
3810 	char *equal;
3811 	char *str;
3812 
3813 	/*
3814 	 * We should never get a null pointer, but if we do, it's better to
3815 	 * ignore the option than to dump core.
3816 	 */
3817 
3818 	if (valp == NULL) {
3819 		syslog(LOG_DEBUG, "null pointer for %s option", opt);
3820 		return (0);
3821 	}
3822 
3823 	if (str = hasmntopt(mnt, opt)) {
3824 		if (equal = strchr(str, '=')) {
3825 			*valp = atoi(&equal[1]);
3826 			return (1);
3827 		} else {
3828 			syslog(LOG_ERR, "Bad numeric option '%s'", str);
3829 		}
3830 	}
3831 	return (0);
3832 }
3833 
3834 int
3835 nfsunmount(mnt)
3836 	struct mnttab *mnt;
3837 {
3838 	struct timeval timeout;
3839 	CLIENT *cl;
3840 	enum clnt_stat rpc_stat;
3841 	char *host, *path;
3842 	struct replica *list;
3843 	int i, count = 0;
3844 	int isv4mount = is_v4_mount(mnt->mnt_mountp);
3845 
3846 	if (trace > 1)
3847 		trace_prt(1, "	nfsunmount: umount %s\n", mnt->mnt_mountp);
3848 
3849 	if (umount(mnt->mnt_mountp) < 0) {
3850 		if (trace > 1)
3851 			trace_prt(1, "	nfsunmount: umount %s FAILED\n",
3852 				mnt->mnt_mountp);
3853 		if (errno)
3854 			return (errno);
3855 	}
3856 
3857 	/*
3858 	 * If this is a NFSv4 mount, the mount protocol was not used
3859 	 * so we just return.
3860 	 */
3861 	if (isv4mount) {
3862 		if (trace > 1)
3863 			trace_prt(1, "	nfsunmount: umount %s OK\n",
3864 				mnt->mnt_mountp);
3865 		return (0);
3866 	}
3867 
3868 	/*
3869 	 * If mounted with -o public, then no need to contact server
3870 	 * because mount protocol was not used.
3871 	 */
3872 	if (hasmntopt(mnt, MNTOPT_PUBLIC) != NULL) {
3873 		return (0);
3874 	}
3875 
3876 	/*
3877 	 * The rest of this code is advisory to the server.
3878 	 * If it fails return success anyway.
3879 	 */
3880 
3881 	list = parse_replica(mnt->mnt_special, &count);
3882 	if (!list) {
3883 		if (count >= 0)
3884 			syslog(LOG_ERR,
3885 			    "Memory allocation failed: %m");
3886 		return (ENOMEM);
3887 	}
3888 
3889 	for (i = 0; i < count; i++) {
3890 
3891 		host = list[i].host;
3892 		path = list[i].path;
3893 
3894 		/*
3895 		 * Skip file systems mounted using WebNFS, because mount
3896 		 * protocol was not used.
3897 		 */
3898 		if (strcmp(host, "nfs") == 0 && strncmp(path, "//", 2) == 0)
3899 			continue;
3900 
3901 		cl = clnt_create(host, MOUNTPROG, MOUNTVERS, "datagram_v");
3902 		if (cl == NULL)
3903 			break;
3904 #ifdef MALLOC_DEBUG
3905 		add_alloc("CLNT_HANDLE", cl, 0, __FILE__, __LINE__);
3906 		add_alloc("AUTH_HANDLE", cl->cl_auth, 0,
3907 			__FILE__, __LINE__);
3908 #endif
3909 		if (__clnt_bindresvport(cl) < 0) {
3910 			if (verbose)
3911 				syslog(LOG_ERR, "umount %s:%s: %s",
3912 					host, path,
3913 					"Couldn't bind to reserved port");
3914 			destroy_auth_client_handle(cl);
3915 			continue;
3916 		}
3917 #ifdef MALLOC_DEBUG
3918 		drop_alloc("AUTH_HANDLE", cl->cl_auth, __FILE__, __LINE__);
3919 #endif
3920 		AUTH_DESTROY(cl->cl_auth);
3921 		if ((cl->cl_auth = authsys_create_default()) == NULL) {
3922 			if (verbose)
3923 				syslog(LOG_ERR, "umount %s:%s: %s",
3924 					host, path,
3925 					"Failed creating default auth handle");
3926 			destroy_auth_client_handle(cl);
3927 			continue;
3928 		}
3929 #ifdef MALLOC_DEBUG
3930 		add_alloc("AUTH_HANDLE", cl->cl_auth, 0, __FILE__, __LINE__);
3931 #endif
3932 		timeout.tv_usec = 0;
3933 		timeout.tv_sec = 5;
3934 		rpc_stat = clnt_call(cl, MOUNTPROC_UMNT, xdr_dirpath,
3935 			    (caddr_t)&path, xdr_void, (char *)NULL, timeout);
3936 		if (verbose && rpc_stat != RPC_SUCCESS)
3937 			syslog(LOG_ERR, "%s: %s",
3938 				host, clnt_sperror(cl, "unmount"));
3939 		destroy_auth_client_handle(cl);
3940 	}
3941 
3942 	free_replica(list, count);
3943 
3944 	if (trace > 1)
3945 		trace_prt(1, "	nfsunmount: umount %s OK\n", mnt->mnt_mountp);
3946 
3947 done:
3948 	return (0);
3949 }
3950 
3951 /*
3952  * Put a new entry in the cache chain by prepending it to the front.
3953  * If there isn't enough memory then just give up.
3954  */
3955 static void
3956 cache_enter(host, reqvers, outvers, proto, state)
3957 	char *host;
3958 	rpcvers_t reqvers;
3959 	rpcvers_t outvers;
3960 	char *proto;
3961 	int state;
3962 {
3963 	struct cache_entry *entry;
3964 	int cache_time = 30;	/* sec */
3965 
3966 	timenow = time(NULL);
3967 
3968 	entry = (struct cache_entry *)malloc(sizeof (struct cache_entry));
3969 	if (entry == NULL)
3970 		return;
3971 	(void) memset((caddr_t)entry, 0, sizeof (struct cache_entry));
3972 	entry->cache_host = strdup(host);
3973 	if (entry->cache_host == NULL) {
3974 		cache_free(entry);
3975 		return;
3976 	}
3977 	entry->cache_reqvers = reqvers;
3978 	entry->cache_outvers = outvers;
3979 	entry->cache_proto = (proto == NULL ? NULL : strdup(proto));
3980 	entry->cache_state = state;
3981 	entry->cache_time = timenow + cache_time;
3982 	(void) rw_wrlock(&cache_lock);
3983 #ifdef CACHE_DEBUG
3984 	host_cache_accesses++;		/* up host cache access counter */
3985 #endif /* CACHE DEBUG */
3986 	entry->cache_next = cache_head;
3987 	cache_head = entry;
3988 	(void) rw_unlock(&cache_lock);
3989 }
3990 
3991 static int
3992 cache_check(host, versp, proto)
3993 	char *host;
3994 	rpcvers_t *versp;
3995 	char *proto;
3996 {
3997 	int state = NOHOST;
3998 	struct cache_entry *ce, *prev;
3999 
4000 	timenow = time(NULL);
4001 
4002 	(void) rw_rdlock(&cache_lock);
4003 
4004 #ifdef CACHE_DEBUG
4005 	/* Increment the lookup and access counters for the host cache */
4006 	host_cache_accesses++;
4007 	host_cache_lookups++;
4008 	if ((host_cache_lookups%1000) == 0)
4009 		trace_host_cache();
4010 #endif /* CACHE DEBUG */
4011 
4012 	for (ce = cache_head; ce; ce = ce->cache_next) {
4013 		if (timenow > ce->cache_time) {
4014 			(void) rw_unlock(&cache_lock);
4015 			(void) rw_wrlock(&cache_lock);
4016 			for (prev = NULL, ce = cache_head; ce;
4017 				prev = ce, ce = ce->cache_next) {
4018 				if (timenow > ce->cache_time) {
4019 					cache_free(ce);
4020 					if (prev)
4021 						prev->cache_next = NULL;
4022 					else
4023 						cache_head = NULL;
4024 					break;
4025 				}
4026 			}
4027 			(void) rw_unlock(&cache_lock);
4028 			return (state);
4029 		}
4030 		if (strcmp(host, ce->cache_host) != 0)
4031 			continue;
4032 		if ((proto == NULL && ce->cache_proto != NULL) ||
4033 		    (proto != NULL && ce->cache_proto == NULL))
4034 			continue;
4035 		if (proto != NULL &&
4036 		    strcmp(proto, ce->cache_proto) != 0)
4037 			continue;
4038 
4039 		if (versp == NULL ||
4040 			(versp != NULL && *versp == ce->cache_reqvers) ||
4041 			(versp != NULL && *versp == ce->cache_outvers)) {
4042 				if (versp != NULL)
4043 					*versp = ce->cache_outvers;
4044 				state = ce->cache_state;
4045 
4046 				/* increment the host cache hit counters */
4047 #ifdef CACHE_DEBUG
4048 				if (state == GOODHOST)
4049 					goodhost_cache_hits++;
4050 				if (state == DEADHOST)
4051 					deadhost_cache_hits++;
4052 #endif /* CACHE_DEBUG */
4053 				(void) rw_unlock(&cache_lock);
4054 				return (state);
4055 		}
4056 	}
4057 	(void) rw_unlock(&cache_lock);
4058 	return (state);
4059 }
4060 
4061 /*
4062  * Free a cache entry and all entries
4063  * further down the chain since they
4064  * will also be expired.
4065  */
4066 static void
4067 cache_free(entry)
4068 	struct cache_entry *entry;
4069 {
4070 	struct cache_entry *ce, *next = NULL;
4071 
4072 	for (ce = entry; ce; ce = next) {
4073 		if (ce->cache_host)
4074 			free(ce->cache_host);
4075 		if (ce->cache_proto)
4076 			free(ce->cache_proto);
4077 		next = ce->cache_next;
4078 		free(ce);
4079 	}
4080 }
4081 
4082 #ifdef MALLOC_DEBUG
4083 void
4084 cache_flush()
4085 {
4086 	(void) rw_wrlock(&cache_lock);
4087 	cache_free(cache_head);
4088 	cache_head = NULL;
4089 	(void) rw_unlock(&cache_lock);
4090 }
4091 
4092 void
4093 flush_caches()
4094 {
4095 	mutex_lock(&cleanup_lock);
4096 	cond_signal(&cleanup_start_cv);
4097 	(void) cond_wait(&cleanup_done_cv, &cleanup_lock);
4098 	mutex_unlock(&cleanup_lock);
4099 	cache_flush();
4100 	portmap_cache_flush();
4101 }
4102 #endif
4103 
4104 /*
4105  * Returns 1, if port option is NFS_PORT or
4106  *	nfsd is running on the port given
4107  * Returns 0, if both port is not NFS_PORT and nfsd is not
4108  *	running on the port.
4109  */
4110 
4111 static int
4112 is_nfs_port(char *opts)
4113 {
4114 	struct mnttab m;
4115 	uint_t nfs_port = 0;
4116 	struct servent sv;
4117 	char buf[256];
4118 	int got_port;
4119 
4120 	m.mnt_mntopts = opts;
4121 
4122 	/*
4123 	 * Get port specified in options list, if any.
4124 	 */
4125 	got_port = nopt(&m, MNTOPT_PORT, (int *)&nfs_port);
4126 
4127 	/*
4128 	 * if no port specified or it is same as NFS_PORT return nfs
4129 	 * To use any other daemon the port number should be different
4130 	 */
4131 	if (!got_port || nfs_port == NFS_PORT)
4132 		return (1);
4133 	/*
4134 	 * If daemon is nfsd, return nfs
4135 	 */
4136 	if (getservbyport_r(nfs_port, NULL, &sv, buf, 256) == &sv &&
4137 	    strcmp(sv.s_name, "nfsd") == 0)
4138 		return (1);
4139 
4140 	/*
4141 	 * daemon is not nfs
4142 	 */
4143 	return (0);
4144 }
4145 
4146 
4147 /*
4148  * destroy_auth_client_handle(cl)
4149  * destroys the created client handle
4150  */
4151 void
4152 destroy_auth_client_handle(CLIENT *cl)
4153 {
4154 	if (cl) {
4155 		if (cl->cl_auth) {
4156 #ifdef MALLOC_DEBUG
4157 			drop_alloc("AUTH_HANDLE", cl->cl_auth,
4158 			    __FILE__, __LINE__);
4159 #endif
4160 			AUTH_DESTROY(cl->cl_auth);
4161 			cl->cl_auth = NULL;
4162 		}
4163 #ifdef MALLOC_DEBUG
4164 		drop_alloc("CLNT_HANDLE", cl,
4165 		    __FILE__, __LINE__);
4166 #endif
4167 		clnt_destroy(cl);
4168 	}
4169 }
4170 
4171 
4172 /*
4173  * Attempt to figure out which version of NFS to use in pingnfs().  If
4174  * the version number was specified (i.e., non-zero), then use it.
4175  * Otherwise, default to the compiled-in default or the default as set
4176  * by the /etc/default/nfs configuration (as read by read_default().
4177  */
4178 int
4179 set_versrange(rpcvers_t nfsvers, rpcvers_t *vers, rpcvers_t *versmin)
4180 {
4181 	switch (nfsvers) {
4182 	case 0:
4183 		*vers = vers_max_default;
4184 		*versmin = vers_min_default;
4185 		break;
4186 	case NFS_V4:
4187 		*vers = NFS_V4;
4188 		*versmin = NFS_V4;
4189 		break;
4190 	case NFS_V3:
4191 		*vers = NFS_V3;
4192 		*versmin = NFS_V3;
4193 		break;
4194 	case NFS_VERSION:
4195 		*vers = NFS_VERSION;		/* version 2 */
4196 		*versmin = NFS_VERSMIN;		/* version 2 */
4197 		break;
4198 	default:
4199 		return (-1);
4200 	}
4201 	return (0);
4202 }
4203 
4204 #ifdef CACHE_DEBUG
4205 /*
4206  * trace_portmap_cache()
4207  * traces the portmap cache values at desired points
4208  */
4209 static void
4210 trace_portmap_cache()
4211 {
4212 	syslog(LOG_ERR, "portmap_cache: accesses=%d lookups=%d hits=%d\n",
4213 	    portmap_cache_accesses, portmap_cache_lookups,
4214 	    portmap_cache_hits);
4215 }
4216 
4217 /*
4218  * trace_host_cache()
4219  * traces the host cache values at desired points
4220  */
4221 static void
4222 trace_host_cache()
4223 {
4224 	syslog(LOG_ERR,
4225 	    "host_cache: accesses=%d lookups=%d deadhits=%d goodhits=%d\n",
4226 	    host_cache_accesses, host_cache_lookups, deadhost_cache_hits,
4227 	    goodhost_cache_hits);
4228 }
4229 #endif /* CACHE_DEBUG */
4230 
4231 /*
4232  * Read the /etc/default/nfs configuration file to determine if the
4233  * client has been configured for a new min/max for the NFS version to
4234  * use.
4235  */
4236 
4237 #define	NFS_DEFAULT_CHECK 60  /* Seconds to check for nfs default changes */
4238 
4239 static void
4240 read_default_nfs(void)
4241 {
4242 	static time_t lastread = 0;
4243 	struct stat buf;
4244 	char *defval;
4245 	int errno;
4246 	int tmp;
4247 
4248 	/*
4249 	 * Fail silently if we can't stat the default nfs config file
4250 	 */
4251 	if (stat(NFSADMIN, &buf))
4252 		return;
4253 
4254 	if (buf.st_mtime == lastread)
4255 		return;
4256 
4257 	/*
4258 	 * Fail silently if error in opening the default nfs config file
4259 	 * We'll check back in NFS_DEFAULT_CHECK seconds
4260 	 */
4261 	if ((defopen(NFSADMIN)) == 0) {
4262 		if ((defval = defread("NFS_CLIENT_VERSMIN=")) != NULL) {
4263 			errno = 0;
4264 			tmp = strtol(defval, (char **)NULL, 10);
4265 			if (errno == 0) {
4266 				vers_min_default = tmp;
4267 			}
4268 		}
4269 		if ((defval = defread("NFS_CLIENT_VERSMAX=")) != NULL) {
4270 			errno = 0;
4271 			tmp = strtol(defval, (char **)NULL, 10);
4272 			if (errno == 0) {
4273 				vers_max_default = tmp;
4274 			}
4275 		}
4276 		/* close defaults file */
4277 		defopen(NULL);
4278 
4279 		lastread = buf.st_mtime;
4280 
4281 		/*
4282 		 * Quick sanity check on the values picked up from the
4283 		 * defaults file.  Make sure that a mistake wasn't
4284 		 * made that will confuse things later on.
4285 		 * If so, reset to compiled-in defaults
4286 		 */
4287 		if (vers_min_default > vers_max_default ||
4288 		    vers_min_default < NFS_VERSMIN ||
4289 		    vers_max_default > NFS_VERSMAX) {
4290 			if (trace > 1) {
4291 				trace_prt(1,
4292 	"  read_default: version minimum/maximum incorrectly configured\n");
4293 				trace_prt(1,
4294 "  read_default: config is min=%d, max%d. Resetting to min=%d, max%d\n",
4295 				    vers_min_default, vers_max_default,
4296 				    NFS_VERSMIN_DEFAULT,
4297 				    NFS_VERSMAX_DEFAULT);
4298 			}
4299 			vers_min_default = NFS_VERSMIN_DEFAULT;
4300 			vers_max_default = NFS_VERSMAX_DEFAULT;
4301 		}
4302 	}
4303 }
4304 
4305 /*
4306  *  Find the mnttab entry that corresponds to "name".
4307  *  We're not sure what the name represents: either
4308  *  a mountpoint name, or a special name (server:/path).
4309  *  Return the last entry in the file that matches.
4310  */
4311 static struct extmnttab *
4312 mnttab_find(dirname)
4313 	char *dirname;
4314 {
4315 	FILE *fp;
4316 	struct extmnttab mnt;
4317 	struct extmnttab *res = NULL;
4318 
4319 	fp = fopen(MNTTAB, "r");
4320 	if (fp == NULL) {
4321 		if (trace > 1)
4322 			trace_prt(1, "	mnttab_find: unable to open mnttab\n");
4323 		return (NULL);
4324 	}
4325 	while (getextmntent(fp, &mnt, sizeof (struct extmnttab)) == 0) {
4326 		if (strcmp(mnt.mnt_mountp, dirname) == 0 ||
4327 		    strcmp(mnt.mnt_special, dirname) == 0) {
4328 			if (res)
4329 				fsfreemnttab(res);
4330 			res = fsdupmnttab(&mnt);
4331 		}
4332 	}
4333 
4334 	resetmnttab(fp);
4335 	fclose(fp);
4336 	if (res == NULL) {
4337 		if (trace > 1)
4338 			trace_prt(1, "	mnttab_find: unable to find %s\n",
4339 				dirname);
4340 	}
4341 	return (res);
4342 }
4343 
4344 /*
4345  * This function's behavior is taken from nfsstat.
4346  * Trying to determine what NFS version was used for the mount.
4347  */
4348 static int
4349 is_v4_mount(char *mntpath)
4350 {
4351 	kstat_ctl_t *kc = NULL;		/* libkstat cookie */
4352 	kstat_t *ksp;
4353 	ulong_t fsid;
4354 	struct mntinfo_kstat mik;
4355 	struct extmnttab *mntp;
4356 	uint_t mnt_minor;
4357 
4358 	if ((mntp = mnttab_find(mntpath)) == NULL)
4359 		return (FALSE);
4360 
4361 	/* save the minor number and free the struct so we don't forget */
4362 	mnt_minor = mntp->mnt_minor;
4363 	fsfreemnttab(mntp);
4364 
4365 	if ((kc = kstat_open()) == NULL)
4366 		return (FALSE);
4367 
4368 	for (ksp = kc->kc_chain; ksp; ksp = ksp->ks_next) {
4369 		if (ksp->ks_type != KSTAT_TYPE_RAW)
4370 			continue;
4371 		if (strcmp(ksp->ks_module, "nfs") != 0)
4372 			continue;
4373 		if (strcmp(ksp->ks_name, "mntinfo") != 0)
4374 			continue;
4375 		if (mnt_minor != ksp->ks_instance)
4376 			continue;
4377 
4378 		if (kstat_read(kc, ksp, &mik) == -1)
4379 			continue;
4380 
4381 		(void) kstat_close(kc);
4382 		if (mik.mik_vers == 4)
4383 			return (TRUE);
4384 		else
4385 			return (FALSE);
4386 	}
4387 	(void) kstat_close(kc);
4388 
4389 	return (FALSE);
4390 }
4391 
4392 static int
4393 create_homedir(const char *src, const char *dst) {
4394 
4395 	struct stat stbuf;
4396 	char *dst_username;
4397 	struct passwd *pwd, pwds;
4398 	char buf_pwd[NSS_BUFLEN_PASSWD];
4399 	int homedir_len;
4400 	int dst_dir_len;
4401 	int src_dir_len;
4402 
4403 	if (trace > 1)
4404 		trace_prt(1, "entered create_homedir\n");
4405 
4406 	if (stat(src, &stbuf) == 0) {
4407 		if (trace > 1)
4408 			trace_prt(1, "src exists\n");
4409 		return (1);
4410 	}
4411 
4412 	dst_username = strrchr(dst, '/');
4413 	if (dst_username) {
4414 		dst_username++; /* Skip over slash */
4415 		pwd = getpwnam_r(dst_username, &pwds, buf_pwd,
4416 		    sizeof (buf_pwd));
4417 		if (pwd == NULL) {
4418 			return (0);
4419 		}
4420 	} else {
4421 		return (0);
4422 	}
4423 
4424 	homedir_len = strlen(pwd->pw_dir);
4425 	dst_dir_len = strlen(dst) - homedir_len;
4426 	src_dir_len = strlen(src) - homedir_len;
4427 
4428 	/* Check that the paths are in the same zone */
4429 	if (src_dir_len < dst_dir_len ||
4430 	    (strncmp(dst, src, dst_dir_len) != 0)) {
4431 		if (trace > 1)
4432 			trace_prt(1, "	paths don't match\n");
4433 		return (0);
4434 	}
4435 	/* Check that mountpoint is an auto_home entry */
4436 	if (dst_dir_len < 0 ||
4437 	    (strcmp(pwd->pw_dir, dst + dst_dir_len) != 0)) {
4438 		return (0);
4439 	}
4440 
4441 	/* Check that source is an home directory entry */
4442 	if (src_dir_len < 0 ||
4443 	    (strcmp(pwd->pw_dir, src + src_dir_len) != 0)) {
4444 		if (trace > 1)
4445 			trace_prt(1, "	homedir (2) doesn't match %s\n",
4446 		src+src_dir_len);
4447 		return (0);
4448 	}
4449 
4450 	if (mkdir(src,
4451 	    S_IRUSR | S_IWUSR | S_IXUSR | S_IXGRP | S_IXOTH) == -1) {
4452 		if (trace > 1) {
4453 			trace_prt(1, "	Couldn't mkdir %s\n", src);
4454 		}
4455 		return (0);
4456 	}
4457 
4458 	if (chown(src, pwd->pw_uid, pwd->pw_gid) == -1) {
4459 		unlink(src);
4460 		return (0);
4461 	}
4462 
4463 	/* Created new home directory for the user */
4464 	return (1);
4465 }
4466 
4467 void
4468 free_nfs_args(struct nfs_args *argp)
4469 {
4470 	struct nfs_args *oldp;
4471 	while (argp) {
4472 		if (argp->pathconf)
4473 			free(argp->pathconf);
4474 		if (argp->knconf)
4475 			free_knconf(argp->knconf);
4476 		if (argp->addr)
4477 			netbuf_free(argp->addr);
4478 		if (argp->syncaddr)
4479 			netbuf_free(argp->syncaddr);
4480 		if (argp->netname)
4481 			free(argp->netname);
4482 		if (argp->hostname)
4483 			free(argp->hostname);
4484 		if (argp->nfs_ext_u.nfs_extB.secdata)
4485 			nfs_free_secdata(argp->nfs_ext_u.nfs_extB.secdata);
4486 		if (argp->fh)
4487 			free(argp->fh);
4488 		if (argp->nfs_ext_u.nfs_extA.secdata) {
4489 			sec_data_t	*sd;
4490 			sd = argp->nfs_ext_u.nfs_extA.secdata;
4491 			if (sd == NULL)
4492 				break;
4493 			switch (sd->rpcflavor) {
4494 			case AUTH_NONE:
4495 			case AUTH_UNIX:
4496 			case AUTH_LOOPBACK:
4497 				break;
4498 			case AUTH_DES:
4499 			{
4500 				dh_k4_clntdata_t	*dhk4;
4501 				dhk4 = (dh_k4_clntdata_t *)sd->data;
4502 				if (dhk4 == NULL)
4503 					break;
4504 				if (dhk4->syncaddr.buf)
4505 					free(dhk4->syncaddr.buf);
4506 				if (dhk4->knconf->knc_protofmly)
4507 					free(dhk4->knconf->knc_protofmly);
4508 				if (dhk4->knconf->knc_proto)
4509 					free(dhk4->knconf->knc_proto);
4510 				if (dhk4->knconf)
4511 					free(dhk4->knconf);
4512 				if (dhk4->netname)
4513 					free(dhk4->netname);
4514 				free(dhk4);
4515 				break;
4516 			}
4517 			case RPCSEC_GSS:
4518 			{
4519 				gss_clntdata_t	*gss;
4520 				gss = (gss_clntdata_t *)sd->data;
4521 				if (gss == NULL)
4522 					break;
4523 				if (gss->mechanism.elements)
4524 					free(gss->mechanism.elements);
4525 				free(gss);
4526 				break;
4527 			}
4528 			}
4529 		}
4530 		oldp = argp;
4531 		if (argp->nfs_args_ext == NFS_ARGS_EXTB)
4532 			argp = argp->nfs_ext_u.nfs_extB.next;
4533 		else
4534 			argp = NULL;
4535 		free(oldp);
4536 	}
4537 }
4538