1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * NFS specific functions 29 */ 30 #include <stdio.h> 31 #include <string.h> 32 #include <ctype.h> 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <zone.h> 36 #include <errno.h> 37 #include <locale.h> 38 #include <signal.h> 39 #include "libshare.h" 40 #include "libshare_impl.h" 41 #include <nfs/export.h> 42 #include <pwd.h> 43 #include <limits.h> 44 #include <libscf.h> 45 #include "nfslog_config.h" 46 #include "nfslogtab.h" 47 #include "libshare_nfs.h" 48 #include <rpcsvc/daemon_utils.h> 49 #include <nfs/nfs.h> 50 #include <nfs/nfssys.h> 51 52 /* should really be in some global place */ 53 #define DEF_WIN 30000 54 #define OPT_CHUNK 1024 55 56 int debug = 0; 57 58 #define NFS_SERVER_SVC "svc:/network/nfs/server:default" 59 60 /* internal functions */ 61 static int nfs_init(); 62 static void nfs_fini(); 63 static int nfs_enable_share(sa_share_t); 64 static int nfs_disable_share(sa_share_t, char *); 65 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 66 static int nfs_validate_security_mode(char *); 67 static int nfs_is_security_opt(char *); 68 static int nfs_parse_legacy_options(sa_group_t, char *); 69 static char *nfs_format_options(sa_group_t, int); 70 static int nfs_set_proto_prop(sa_property_t); 71 static sa_protocol_properties_t nfs_get_proto_set(); 72 static char *nfs_get_status(); 73 static char *nfs_space_alias(char *); 74 static uint64_t nfs_features(); 75 76 /* 77 * ops vector that provides the protocol specific info and operations 78 * for share management. 79 */ 80 81 struct sa_plugin_ops sa_plugin_ops = { 82 SA_PLUGIN_VERSION, 83 "nfs", 84 nfs_init, 85 nfs_fini, 86 nfs_enable_share, 87 nfs_disable_share, 88 nfs_validate_property, 89 nfs_validate_security_mode, 90 nfs_is_security_opt, 91 nfs_parse_legacy_options, 92 nfs_format_options, 93 nfs_set_proto_prop, 94 nfs_get_proto_set, 95 nfs_get_status, 96 nfs_space_alias, 97 NULL, /* update_legacy */ 98 NULL, /* delete_legacy */ 99 NULL, /* change_notify */ 100 NULL, /* enable_resource */ 101 NULL, /* disable_resource */ 102 nfs_features, 103 NULL, /* transient shares */ 104 NULL, /* notify resource */ 105 NULL, /* rename_resource */ 106 NULL, /* run_command */ 107 NULL, /* command_help */ 108 NULL /* delete_proto_section */ 109 }; 110 111 /* 112 * list of support services needed 113 * defines should come from head/rpcsvc/daemon_utils.h 114 */ 115 116 static char *service_list_default[] = 117 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NULL }; 118 static char *service_list_logging[] = 119 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, NULL }; 120 121 /* 122 * option definitions. Make sure to keep the #define for the option 123 * index just before the entry it is the index for. Changing the order 124 * can cause breakage. E.g OPT_RW is index 1 and must precede the 125 * line that includes the SHOPT_RW and OPT_RW entries. 126 */ 127 128 struct option_defs optdefs[] = { 129 #define OPT_RO 0 130 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 131 #define OPT_RW 1 132 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 133 #define OPT_ROOT 2 134 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 135 #define OPT_SECURE 3 136 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 137 #define OPT_ANON 4 138 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 139 #define OPT_WINDOW 5 140 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 141 #define OPT_NOSUID 6 142 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 143 #define OPT_ACLOK 7 144 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 145 #define OPT_NOSUB 8 146 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 147 #define OPT_SEC 9 148 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 149 #define OPT_PUBLIC 10 150 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 151 #define OPT_INDEX 11 152 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 153 #define OPT_LOG 12 154 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 155 #define OPT_CKSUM 13 156 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 157 #define OPT_NONE 14 158 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST}, 159 #define OPT_ROOT_MAPPING 15 160 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER}, 161 #define OPT_CHARSET_MAP 16 162 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST}, 163 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 164 #define OPT_VOLFH 17 165 {SHOPT_VOLFH, OPT_VOLFH}, 166 #endif /* VOLATILE_FH_TEST */ 167 NULL 168 }; 169 170 /* 171 * Codesets that may need to be converted to UTF-8 for file paths. 172 * Add new names here to add new property support. If we ever get a 173 * way to query the kernel for character sets, this should become 174 * dynamically loaded. Make sure changes here are reflected in 175 * cmd/fs.d/nfs/mountd/nfscmd.c 176 */ 177 178 static char *legal_conv[] = { 179 "euc-cn", 180 "euc-jp", 181 "euc-jpms", 182 "euc-kr", 183 "euc-tw", 184 "iso8859-1", 185 "iso8859-2", 186 "iso8859-5", 187 "iso8859-6", 188 "iso8859-7", 189 "iso8859-8", 190 "iso8859-9", 191 "iso8859-13", 192 "iso8859-15", 193 "koi8-r", 194 NULL 195 }; 196 197 /* 198 * list of properties that are related to security flavors. 199 */ 200 static char *seclist[] = { 201 SHOPT_RO, 202 SHOPT_RW, 203 SHOPT_ROOT, 204 SHOPT_WINDOW, 205 SHOPT_NONE, 206 SHOPT_ROOT_MAPPING, 207 NULL 208 }; 209 210 /* structure for list of securities */ 211 struct securities { 212 sa_security_t security; 213 struct securities *next; 214 }; 215 216 /* 217 * findcharset(charset) 218 * 219 * Returns B_TRUE if the charset is a legal conversion otherwise 220 * B_FALSE. This will need to be rewritten to be more efficient when 221 * we have a dynamic list of legal conversions. 222 */ 223 224 static boolean_t 225 findcharset(char *charset) 226 { 227 int i; 228 229 for (i = 0; legal_conv[i] != NULL; i++) 230 if (strcmp(charset, legal_conv[i]) == 0) 231 return (B_TRUE); 232 return (B_FALSE); 233 } 234 235 /* 236 * findopt(name) 237 * 238 * Lookup option "name" in the option table and return the table 239 * index. 240 */ 241 242 static int 243 findopt(char *name) 244 { 245 int i; 246 if (name != NULL) { 247 for (i = 0; optdefs[i].tag != NULL; i++) { 248 if (strcmp(optdefs[i].tag, name) == 0) 249 return (i); 250 } 251 if (findcharset(name)) 252 return (OPT_CHARSET_MAP); 253 } 254 return (-1); 255 } 256 257 /* 258 * gettype(name) 259 * 260 * Return the type of option "name". 261 */ 262 263 static int 264 gettype(char *name) 265 { 266 int optdef; 267 268 optdef = findopt(name); 269 if (optdef != -1) 270 return (optdefs[optdef].type); 271 return (OPT_TYPE_ANY); 272 } 273 274 /* 275 * nfs_validate_security_mode(mode) 276 * 277 * is the specified mode string a valid one for use with NFS? 278 */ 279 280 static int 281 nfs_validate_security_mode(char *mode) 282 { 283 seconfig_t secinfo; 284 int err; 285 286 (void) memset(&secinfo, '\0', sizeof (secinfo)); 287 err = nfs_getseconfig_byname(mode, &secinfo); 288 if (err == SC_NOERROR) 289 return (1); 290 return (0); 291 } 292 293 /* 294 * nfs_is_security_opt(tok) 295 * 296 * check to see if tok represents an option that is only valid in some 297 * security flavor. 298 */ 299 300 static int 301 nfs_is_security_opt(char *tok) 302 { 303 int i; 304 305 for (i = 0; seclist[i] != NULL; i++) { 306 if (strcmp(tok, seclist[i]) == 0) 307 return (1); 308 } 309 return (0); 310 } 311 312 /* 313 * find_security(seclist, sec) 314 * 315 * Walk the current list of security flavors and return true if it is 316 * present, else return false. 317 */ 318 319 static int 320 find_security(struct securities *seclist, sa_security_t sec) 321 { 322 while (seclist != NULL) { 323 if (seclist->security == sec) 324 return (1); 325 seclist = seclist->next; 326 } 327 return (0); 328 } 329 330 /* 331 * make_security_list(group, securitymodes, proto) 332 * go through the list of securitymodes and add them to the 333 * group's list of security optionsets. We also keep a list of 334 * those optionsets so we don't have to find them later. All of 335 * these will get copies of the same properties. 336 */ 337 338 static struct securities * 339 make_security_list(sa_group_t group, char *securitymodes, char *proto) 340 { 341 char *tok, *next = NULL; 342 struct securities *curp, *headp = NULL, *prev; 343 sa_security_t check; 344 int freetok = 0; 345 346 for (tok = securitymodes; tok != NULL; tok = next) { 347 next = strchr(tok, ':'); 348 if (next != NULL) 349 *next++ = '\0'; 350 if (strcmp(tok, "default") == 0) { 351 /* resolve default into the real type */ 352 tok = nfs_space_alias(tok); 353 freetok = 1; 354 } 355 check = sa_get_security(group, tok, proto); 356 357 /* add to the security list if it isn't there already */ 358 if (check == NULL || !find_security(headp, check)) { 359 curp = (struct securities *)calloc(1, 360 sizeof (struct securities)); 361 if (curp != NULL) { 362 if (check == NULL) { 363 curp->security = sa_create_security( 364 group, tok, proto); 365 } else { 366 curp->security = check; 367 } 368 /* 369 * note that the first time through the loop, 370 * headp will be NULL and prev will be 371 * undefined. Since headp is NULL, we set 372 * both it and prev to the curp (first 373 * structure to be allocated). 374 * 375 * later passes through the loop will have 376 * headp not being NULL and prev will be used 377 * to allocate at the end of the list. 378 */ 379 if (headp == NULL) { 380 headp = curp; 381 prev = curp; 382 } else { 383 prev->next = curp; 384 prev = curp; 385 } 386 } 387 } 388 389 if (freetok) { 390 freetok = 0; 391 sa_free_attr_string(tok); 392 } 393 } 394 return (headp); 395 } 396 397 static void 398 free_security_list(struct securities *sec) 399 { 400 struct securities *next; 401 if (sec != NULL) { 402 for (next = sec->next; sec != NULL; sec = next) { 403 next = sec->next; 404 free(sec); 405 } 406 } 407 } 408 409 /* 410 * nfs_alistcat(str1, str2, sep) 411 * 412 * concatenate str1 and str2 into a new string using sep as a separate 413 * character. If memory allocation fails, return NULL; 414 */ 415 416 static char * 417 nfs_alistcat(char *str1, char *str2, char sep) 418 { 419 char *newstr; 420 size_t len; 421 422 len = strlen(str1) + strlen(str2) + 2; 423 newstr = (char *)malloc(len); 424 if (newstr != NULL) 425 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 426 return (newstr); 427 } 428 429 /* 430 * add_security_prop(sec, name, value, persist) 431 * 432 * Add the property to the securities structure. This accumulates 433 * properties for as part of parsing legacy options. 434 */ 435 436 static int 437 add_security_prop(struct securities *sec, char *name, char *value, 438 int persist, int iszfs) 439 { 440 sa_property_t prop; 441 int ret = SA_OK; 442 443 for (; sec != NULL; sec = sec->next) { 444 if (value == NULL) { 445 if (strcmp(name, SHOPT_RW) == 0 || 446 strcmp(name, SHOPT_RO) == 0) 447 value = "*"; 448 else 449 value = "true"; 450 } 451 452 /* 453 * Get the existing property, if it exists, so we can 454 * determine what to do with it. The ro/rw/root 455 * properties can be merged if multiple instances of 456 * these properies are given. For example, if "rw" 457 * exists with a value "host1" and a later token of 458 * rw="host2" is seen, the values are merged into a 459 * single rw="host1:host2". 460 */ 461 prop = sa_get_property(sec->security, name); 462 463 if (prop != NULL) { 464 char *oldvalue; 465 char *newvalue; 466 467 /* 468 * The security options of ro/rw/root might appear 469 * multiple times. If they do, the values need to be 470 * merged into an access list. If it was previously 471 * empty, the new value alone is added. 472 */ 473 oldvalue = sa_get_property_attr(prop, "value"); 474 if (oldvalue != NULL) { 475 /* 476 * The general case is to concatenate the new 477 * value onto the old value for multiple 478 * rw(ro/root) properties. A special case 479 * exists when either the old or new is the 480 * "all" case. In the special case, if both 481 * are "all", then it is "all", else if one is 482 * an access-list, that replaces the "all". 483 */ 484 if (strcmp(oldvalue, "*") == 0) { 485 /* Replace old value with new value. */ 486 newvalue = strdup(value); 487 } else if (strcmp(value, "*") == 0 || 488 strcmp(oldvalue, value) == 0) { 489 /* 490 * Keep old value and ignore 491 * the new value. 492 */ 493 newvalue = NULL; 494 } else { 495 /* 496 * Make a new list of old plus new 497 * access-list. 498 */ 499 newvalue = nfs_alistcat(oldvalue, 500 value, ':'); 501 } 502 503 if (newvalue != NULL) { 504 (void) sa_remove_property(prop); 505 prop = sa_create_property(name, 506 newvalue); 507 ret = sa_add_property(sec->security, 508 prop); 509 free(newvalue); 510 } 511 if (oldvalue != NULL) 512 sa_free_attr_string(oldvalue); 513 } 514 } else { 515 prop = sa_create_property(name, value); 516 ret = sa_add_property(sec->security, prop); 517 } 518 if (ret == SA_OK && !iszfs) { 519 ret = sa_commit_properties(sec->security, !persist); 520 } 521 } 522 return (ret); 523 } 524 525 /* 526 * check to see if group/share is persistent. 527 */ 528 static int 529 is_persistent(sa_group_t group) 530 { 531 char *type; 532 int persist = 1; 533 534 type = sa_get_group_attr(group, "type"); 535 if (type != NULL && strcmp(type, "persist") != 0) 536 persist = 0; 537 if (type != NULL) 538 sa_free_attr_string(type); 539 return (persist); 540 } 541 542 /* 543 * invalid_security(options) 544 * 545 * search option string for any invalid sec= type. 546 * return true (1) if any are not valid else false (0) 547 */ 548 static int 549 invalid_security(char *options) 550 { 551 char *copy, *base, *token, *value; 552 int ret = 0; 553 554 copy = strdup(options); 555 token = base = copy; 556 while (token != NULL && ret == 0) { 557 token = strtok(base, ","); 558 base = NULL; 559 if (token != NULL) { 560 value = strchr(token, '='); 561 if (value != NULL) 562 *value++ = '\0'; 563 if (strcmp(token, "sec") == 0) { 564 /* HAVE security flavors so check them */ 565 char *tok, *next; 566 for (next = NULL, tok = value; tok != NULL; 567 tok = next) { 568 next = strchr(tok, ':'); 569 if (next != NULL) 570 *next++ = '\0'; 571 ret = !nfs_validate_security_mode(tok); 572 if (ret) 573 break; 574 } 575 } 576 } 577 } 578 if (copy != NULL) 579 free(copy); 580 return (ret); 581 } 582 583 /* 584 * nfs_parse_legacy_options(group, options) 585 * 586 * Parse the old style options into internal format and store on the 587 * specified group. Group could be a share for full legacy support. 588 */ 589 590 static int 591 nfs_parse_legacy_options(sa_group_t group, char *options) 592 { 593 char *dup; 594 char *base; 595 char *token; 596 sa_optionset_t optionset; 597 struct securities *security_list = NULL; 598 sa_property_t prop; 599 int ret = SA_OK; 600 int iszfs = 0; 601 sa_group_t parent; 602 int persist = 0; 603 char *lasts; 604 605 /* do we have an existing optionset? */ 606 optionset = sa_get_optionset(group, "nfs"); 607 if (optionset == NULL) { 608 /* didn't find existing optionset so create one */ 609 optionset = sa_create_optionset(group, "nfs"); 610 } else { 611 /* 612 * Have an existing optionset . Ideally, we would need 613 * to compare options in order to detect errors. For 614 * now, we assume that the first optionset is the 615 * correct one and the others will be the same. An 616 * empty optionset is the same as no optionset so we 617 * don't want to exit in that case. Getting an empty 618 * optionset can occur with ZFS property checking. 619 */ 620 if (sa_get_property(optionset, NULL) != NULL) 621 return (ret); 622 } 623 624 if (strcmp(options, SHOPT_RW) == 0) { 625 /* 626 * there is a special case of only the option "rw" 627 * being the default option. We don't have to do 628 * anything. 629 */ 630 return (ret); 631 } 632 633 /* 634 * check if security types are present and validate them. If 635 * any are not legal, fail. 636 */ 637 638 if (invalid_security(options)) { 639 return (SA_INVALID_SECURITY); 640 } 641 642 /* 643 * in order to not attempt to change ZFS properties unless 644 * absolutely necessary, we never do it in the legacy parsing. 645 */ 646 if (sa_is_share(group)) { 647 char *zfs; 648 parent = sa_get_parent_group(group); 649 if (parent != NULL) { 650 zfs = sa_get_group_attr(parent, "zfs"); 651 if (zfs != NULL) { 652 sa_free_attr_string(zfs); 653 iszfs++; 654 } 655 } 656 } else { 657 iszfs = sa_group_is_zfs(group); 658 } 659 660 /* We need a copy of options for the next part. */ 661 dup = strdup(options); 662 if (dup == NULL) 663 return (SA_NO_MEMORY); 664 665 /* 666 * we need to step through each option in the string and then 667 * add either the option or the security option as needed. If 668 * this is not a persistent share, don't commit to the 669 * repository. If there is an error, we also want to abort the 670 * processing and report it. 671 */ 672 persist = is_persistent(group); 673 base = dup; 674 token = dup; 675 lasts = NULL; 676 while (token != NULL && ret == SA_OK) { 677 ret = SA_OK; 678 token = strtok_r(base, ",", &lasts); 679 base = NULL; 680 if (token != NULL) { 681 char *value; 682 /* 683 * if the option has a value, it will have an '=' to 684 * separate the name from the value. The following 685 * code will result in value != NULL and token 686 * pointing to just the name if there is a value. 687 */ 688 value = strchr(token, '='); 689 if (value != NULL) { 690 *value++ = '\0'; 691 } 692 if (strcmp(token, "sec") == 0 || 693 strcmp(token, "secure") == 0) { 694 /* 695 * Once in security parsing, we only 696 * do security. We do need to move 697 * between the security node and the 698 * toplevel. The security tag goes on 699 * the root while the following ones 700 * go on the security. 701 */ 702 if (security_list != NULL) { 703 /* 704 * have an old list so close it and 705 * start the new 706 */ 707 free_security_list(security_list); 708 } 709 if (strcmp(token, "secure") == 0) { 710 value = "dh"; 711 } else { 712 if (value == NULL) { 713 ret = SA_SYNTAX_ERR; 714 break; 715 } 716 } 717 security_list = make_security_list(group, 718 value, "nfs"); 719 } else { 720 /* 721 * Note that the "old" syntax allowed a 722 * default security model This must be 723 * accounted for and internally converted to 724 * "standard" security structure. 725 */ 726 if (nfs_is_security_opt(token)) { 727 if (security_list == NULL) { 728 /* 729 * need to have a 730 * security 731 * option. This will 732 * be "closed" when a 733 * defined "sec=" 734 * option is 735 * seen. This is 736 * technically an 737 * error but will be 738 * allowed with 739 * warning. 740 */ 741 security_list = 742 make_security_list(group, 743 "default", 744 "nfs"); 745 } 746 if (security_list != NULL) { 747 ret = add_security_prop( 748 security_list, token, 749 value, persist, iszfs); 750 } else { 751 ret = SA_NO_MEMORY; 752 } 753 } else { 754 /* regular options */ 755 if (value == NULL) { 756 if (strcmp(token, SHOPT_RW) == 757 0 || strcmp(token, 758 SHOPT_RO) == 0) { 759 value = "*"; 760 } else { 761 value = "global"; 762 if (strcmp(token, 763 SHOPT_LOG) != 0) { 764 value = "true"; 765 } 766 } 767 } 768 /* 769 * In all cases, create the 770 * property specified. If the 771 * value was NULL, the default 772 * value will have been 773 * substituted. 774 */ 775 prop = sa_create_property(token, value); 776 ret = sa_add_property(optionset, prop); 777 if (ret != SA_OK) 778 break; 779 780 if (!iszfs) { 781 ret = sa_commit_properties( 782 optionset, !persist); 783 } 784 } 785 } 786 } 787 } 788 if (security_list != NULL) 789 free_security_list(security_list); 790 791 free(dup); 792 return (ret); 793 } 794 795 /* 796 * is_a_number(number) 797 * 798 * is the string a number in one of the forms we want to use? 799 */ 800 801 static int 802 is_a_number(char *number) 803 { 804 int ret = 1; 805 int hex = 0; 806 807 if (strncmp(number, "0x", 2) == 0) { 808 number += 2; 809 hex = 1; 810 } else if (*number == '-') { 811 number++; /* skip the minus */ 812 } 813 while (ret == 1 && *number != '\0') { 814 if (hex) { 815 ret = isxdigit(*number++); 816 } else { 817 ret = isdigit(*number++); 818 } 819 } 820 return (ret); 821 } 822 823 /* 824 * Look for the specified tag in the configuration file. If it is found, 825 * enable logging and set the logging configuration information for exp. 826 */ 827 static void 828 configlog(struct exportdata *exp, char *tag) 829 { 830 nfsl_config_t *configlist = NULL, *configp; 831 int error = 0; 832 char globaltag[] = DEFAULTTAG; 833 834 /* 835 * Sends config errors to stderr 836 */ 837 nfsl_errs_to_syslog = B_FALSE; 838 839 /* 840 * get the list of configuration settings 841 */ 842 error = nfsl_getconfig_list(&configlist); 843 if (error) { 844 (void) fprintf(stderr, 845 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 846 strerror(error)); 847 } 848 849 if (tag == NULL) 850 tag = globaltag; 851 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 852 nfsl_freeconfig_list(&configlist); 853 (void) fprintf(stderr, 854 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 855 /* bad configuration */ 856 error = ENOENT; 857 goto err; 858 } 859 860 if ((exp->ex_tag = strdup(tag)) == NULL) { 861 error = ENOMEM; 862 goto out; 863 } 864 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 865 error = ENOMEM; 866 goto out; 867 } 868 exp->ex_flags |= EX_LOG; 869 if (configp->nc_rpclogpath != NULL) 870 exp->ex_flags |= EX_LOG_ALLOPS; 871 out: 872 if (configlist != NULL) 873 nfsl_freeconfig_list(&configlist); 874 875 err: 876 if (error != 0) { 877 if (exp->ex_flags != NULL) 878 free(exp->ex_tag); 879 if (exp->ex_log_buffer != NULL) 880 free(exp->ex_log_buffer); 881 (void) fprintf(stderr, 882 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 883 strerror(error)); 884 } 885 } 886 887 /* 888 * fill_export_from_optionset(export, optionset) 889 * 890 * In order to share, we need to set all the possible general options 891 * into the export structure. Share info will be filled in by the 892 * caller. Various property values get turned into structure specific 893 * values. 894 */ 895 896 static int 897 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 898 { 899 sa_property_t option; 900 int ret = SA_OK; 901 902 for (option = sa_get_property(optionset, NULL); 903 option != NULL; option = sa_get_next_property(option)) { 904 char *name; 905 char *value; 906 uint32_t val; 907 908 /* 909 * since options may be set/reset multiple times, always do an 910 * explicit set or clear of the option. This allows defaults 911 * to be set and then the protocol specific to override. 912 */ 913 914 name = sa_get_property_attr(option, "type"); 915 value = sa_get_property_attr(option, "value"); 916 switch (findopt(name)) { 917 case OPT_ANON: 918 if (value != NULL && is_a_number(value)) { 919 val = strtoul(value, NULL, 0); 920 } else { 921 struct passwd *pw; 922 pw = getpwnam(value != NULL ? value : "nobody"); 923 if (pw != NULL) { 924 val = pw->pw_uid; 925 } else { 926 val = UID_NOBODY; 927 } 928 endpwent(); 929 } 930 export->ex_anon = val; 931 break; 932 case OPT_NOSUID: 933 if (value != NULL && (strcasecmp(value, "true") == 0 || 934 strcmp(value, "1") == 0)) 935 export->ex_flags |= EX_NOSUID; 936 else 937 export->ex_flags &= ~EX_NOSUID; 938 break; 939 case OPT_ACLOK: 940 if (value != NULL && (strcasecmp(value, "true") == 0 || 941 strcmp(value, "1") == 0)) 942 export->ex_flags |= EX_ACLOK; 943 else 944 export->ex_flags &= ~EX_ACLOK; 945 break; 946 case OPT_NOSUB: 947 if (value != NULL && (strcasecmp(value, "true") == 0 || 948 strcmp(value, "1") == 0)) 949 export->ex_flags |= EX_NOSUB; 950 else 951 export->ex_flags &= ~EX_NOSUB; 952 break; 953 case OPT_PUBLIC: 954 if (value != NULL && (strcasecmp(value, "true") == 0 || 955 strcmp(value, "1") == 0)) 956 export->ex_flags |= EX_PUBLIC; 957 else 958 export->ex_flags &= ~EX_PUBLIC; 959 break; 960 case OPT_INDEX: 961 if (value != NULL && (strcmp(value, "..") == 0 || 962 strchr(value, '/') != NULL)) { 963 /* this is an error */ 964 (void) printf(dgettext(TEXT_DOMAIN, 965 "NFS: index=\"%s\" not valid;" 966 "must be a filename.\n"), 967 value); 968 break; 969 } 970 if (value != NULL && *value != '\0' && 971 strcmp(value, ".") != 0) { 972 /* valid index file string */ 973 if (export->ex_index != NULL) { 974 /* left over from "default" */ 975 free(export->ex_index); 976 } 977 /* remember to free */ 978 export->ex_index = strdup(value); 979 if (export->ex_index == NULL) { 980 (void) printf(dgettext(TEXT_DOMAIN, 981 "NFS: out of memory setting " 982 "index property\n")); 983 break; 984 } 985 export->ex_flags |= EX_INDEX; 986 } 987 break; 988 case OPT_LOG: 989 if (value == NULL) 990 value = strdup("global"); 991 if (value != NULL) 992 configlog(export, 993 strlen(value) ? value : "global"); 994 break; 995 case OPT_CHARSET_MAP: 996 /* 997 * Set EX_CHARMAP when there is at least one 998 * charmap conversion property. This will get 999 * checked by the nfs server when it needs to. 1000 */ 1001 export->ex_flags |= EX_CHARMAP; 1002 break; 1003 default: 1004 /* have a syntactic error */ 1005 (void) printf(dgettext(TEXT_DOMAIN, 1006 "NFS: unrecognized option %s=%s\n"), 1007 name, value != NULL ? value : ""); 1008 break; 1009 } 1010 if (name != NULL) 1011 sa_free_attr_string(name); 1012 if (value != NULL) 1013 sa_free_attr_string(value); 1014 } 1015 return (ret); 1016 } 1017 1018 /* 1019 * cleanup_export(export) 1020 * 1021 * Cleanup the allocated areas so we don't leak memory 1022 */ 1023 1024 static void 1025 cleanup_export(struct exportdata *export) 1026 { 1027 int i; 1028 1029 if (export->ex_index != NULL) 1030 free(export->ex_index); 1031 if (export->ex_secinfo != NULL) { 1032 for (i = 0; i < export->ex_seccnt; i++) 1033 if (export->ex_secinfo[i].s_rootnames != NULL) 1034 free(export->ex_secinfo[i].s_rootnames); 1035 free(export->ex_secinfo); 1036 } 1037 } 1038 1039 /* 1040 * Given a seconfig entry and a colon-separated 1041 * list of names, allocate an array big enough 1042 * to hold the root list, then convert each name to 1043 * a principal name according to the security 1044 * info and assign it to an array element. 1045 * Return the array and its size. 1046 */ 1047 static caddr_t * 1048 get_rootnames(seconfig_t *sec, char *list, int *count) 1049 { 1050 caddr_t *a; 1051 int c, i; 1052 char *host, *p; 1053 1054 /* 1055 * Count the number of strings in the list. 1056 * This is the number of colon separators + 1. 1057 */ 1058 c = 1; 1059 for (p = list; *p; p++) 1060 if (*p == ':') 1061 c++; 1062 *count = c; 1063 1064 a = (caddr_t *)malloc(c * sizeof (char *)); 1065 if (a == NULL) { 1066 (void) printf(dgettext(TEXT_DOMAIN, 1067 "get_rootnames: no memory\n")); 1068 } else { 1069 for (i = 0; i < c; i++) { 1070 host = strtok(list, ":"); 1071 if (!nfs_get_root_principal(sec, host, &a[i])) { 1072 free(a); 1073 a = NULL; 1074 break; 1075 } 1076 list = NULL; 1077 } 1078 } 1079 1080 return (a); 1081 } 1082 1083 /* 1084 * fill_security_from_secopts(sp, secopts) 1085 * 1086 * Fill the secinfo structure from the secopts optionset. 1087 */ 1088 1089 static int 1090 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1091 { 1092 sa_property_t prop; 1093 char *type; 1094 int longform; 1095 int err = SC_NOERROR; 1096 uint32_t val; 1097 1098 type = sa_get_security_attr(secopts, "sectype"); 1099 if (type != NULL) { 1100 /* named security type needs secinfo to be filled in */ 1101 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1102 sa_free_attr_string(type); 1103 if (err != SC_NOERROR) 1104 return (err); 1105 } else { 1106 /* default case */ 1107 err = nfs_getseconfig_default(&sp->s_secinfo); 1108 if (err != SC_NOERROR) 1109 return (err); 1110 } 1111 1112 err = SA_OK; 1113 for (prop = sa_get_property(secopts, NULL); 1114 prop != NULL && err == SA_OK; 1115 prop = sa_get_next_property(prop)) { 1116 char *name; 1117 char *value; 1118 1119 name = sa_get_property_attr(prop, "type"); 1120 value = sa_get_property_attr(prop, "value"); 1121 1122 longform = value != NULL && strcmp(value, "*") != 0; 1123 1124 switch (findopt(name)) { 1125 case OPT_RO: 1126 sp->s_flags |= longform ? M_ROL : M_RO; 1127 break; 1128 case OPT_RW: 1129 sp->s_flags |= longform ? M_RWL : M_RW; 1130 break; 1131 case OPT_ROOT: 1132 sp->s_flags |= M_ROOT; 1133 /* 1134 * if we are using AUTH_UNIX, handle like other things 1135 * such as RO/RW 1136 */ 1137 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1138 continue; 1139 /* not AUTH_UNIX */ 1140 if (value != NULL) { 1141 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1142 value, &sp->s_rootcnt); 1143 if (sp->s_rootnames == NULL) { 1144 err = SA_BAD_VALUE; 1145 (void) fprintf(stderr, 1146 dgettext(TEXT_DOMAIN, 1147 "Bad root list\n")); 1148 } 1149 } 1150 break; 1151 case OPT_NONE: 1152 sp->s_flags |= M_NONE; 1153 break; 1154 case OPT_WINDOW: 1155 if (value != NULL) { 1156 sp->s_window = atoi(value); 1157 /* just in case */ 1158 if (sp->s_window < 0) 1159 sp->s_window = DEF_WIN; 1160 } 1161 break; 1162 case OPT_ROOT_MAPPING: 1163 if (value != NULL && is_a_number(value)) { 1164 val = strtoul(value, NULL, 0); 1165 } else { 1166 struct passwd *pw; 1167 pw = getpwnam(value != NULL ? value : "nobody"); 1168 if (pw != NULL) { 1169 val = pw->pw_uid; 1170 } else { 1171 val = UID_NOBODY; 1172 } 1173 endpwent(); 1174 } 1175 sp->s_rootid = val; 1176 break; 1177 default: 1178 break; 1179 } 1180 if (name != NULL) 1181 sa_free_attr_string(name); 1182 if (value != NULL) 1183 sa_free_attr_string(value); 1184 } 1185 /* if rw/ro options not set, use default of RW */ 1186 if ((sp->s_flags & NFS_RWMODES) == 0) 1187 sp->s_flags |= M_RW; 1188 return (err); 1189 } 1190 1191 /* 1192 * This is for testing only 1193 * It displays the export structure that 1194 * goes into the kernel. 1195 */ 1196 static void 1197 printarg(char *path, struct exportdata *ep) 1198 { 1199 int i, j; 1200 struct secinfo *sp; 1201 1202 if (debug == 0) 1203 return; 1204 1205 (void) printf("%s:\n", path); 1206 (void) printf("\tex_version = %d\n", ep->ex_version); 1207 (void) printf("\tex_path = %s\n", ep->ex_path); 1208 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1209 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1210 if (ep->ex_flags & EX_NOSUID) 1211 (void) printf("NOSUID "); 1212 if (ep->ex_flags & EX_ACLOK) 1213 (void) printf("ACLOK "); 1214 if (ep->ex_flags & EX_PUBLIC) 1215 (void) printf("PUBLIC "); 1216 if (ep->ex_flags & EX_NOSUB) 1217 (void) printf("NOSUB "); 1218 if (ep->ex_flags & EX_LOG) 1219 (void) printf("LOG "); 1220 if (ep->ex_flags & EX_CHARMAP) 1221 (void) printf("CHARMAP "); 1222 if (ep->ex_flags & EX_LOG_ALLOPS) 1223 (void) printf("LOG_ALLOPS "); 1224 if (ep->ex_flags == 0) 1225 (void) printf("(none)"); 1226 (void) printf("\n"); 1227 if (ep->ex_flags & EX_LOG) { 1228 (void) printf("\tex_log_buffer = %s\n", 1229 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1230 (void) printf("\tex_tag = %s\n", 1231 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1232 } 1233 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1234 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1235 (void) printf("\n"); 1236 for (i = 0; i < ep->ex_seccnt; i++) { 1237 sp = &ep->ex_secinfo[i]; 1238 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1239 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1240 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1241 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1242 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1243 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1244 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1245 if (sp->s_flags & M_NONE) (void) printf("M_NONE "); 1246 if (sp->s_flags == 0) (void) printf("(none)"); 1247 (void) printf("\n"); 1248 (void) printf("\t\ts_window = %d\n", sp->s_window); 1249 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid); 1250 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1251 (void) fflush(stdout); 1252 for (j = 0; j < sp->s_rootcnt; j++) 1253 (void) printf("%s ", sp->s_rootnames[j] ? 1254 sp->s_rootnames[j] : "<null>"); 1255 (void) printf("\n\n"); 1256 } 1257 } 1258 1259 /* 1260 * count_security(opts) 1261 * 1262 * Count the number of security types (flavors). The optionset has 1263 * been populated with the security flavors as a holding mechanism. 1264 * We later use this number to allocate data structures. 1265 */ 1266 1267 static int 1268 count_security(sa_optionset_t opts) 1269 { 1270 int count = 0; 1271 sa_property_t prop; 1272 if (opts != NULL) { 1273 for (prop = sa_get_property(opts, NULL); prop != NULL; 1274 prop = sa_get_next_property(prop)) { 1275 count++; 1276 } 1277 } 1278 return (count); 1279 } 1280 1281 /* 1282 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1283 * 1284 * provides a mechanism to format NFS properties into legacy output 1285 * format. If the buffer would overflow, it is reallocated and grown 1286 * as appropriate. Special cases of converting internal form of values 1287 * to those used by "share" are done. this function does one property 1288 * at a time. 1289 */ 1290 1291 static int 1292 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1293 sa_property_t prop, int sep) 1294 { 1295 char *name; 1296 char *value; 1297 int curlen; 1298 char *buff = *rbuff; 1299 size_t buffsize = *rbuffsize; 1300 int printed = B_FALSE; 1301 1302 name = sa_get_property_attr(prop, "type"); 1303 value = sa_get_property_attr(prop, "value"); 1304 if (buff != NULL) 1305 curlen = strlen(buff); 1306 else 1307 curlen = 0; 1308 if (name != NULL) { 1309 int len; 1310 len = strlen(name) + sep; 1311 1312 /* 1313 * A future RFE would be to replace this with more 1314 * generic code and to possibly handle more types. 1315 */ 1316 switch (gettype(name)) { 1317 case OPT_TYPE_BOOLEAN: 1318 /* 1319 * For NFS, boolean value of FALSE means it 1320 * doesn't show up in the option list at all. 1321 */ 1322 if (value != NULL && strcasecmp(value, "false") == 0) 1323 goto skip; 1324 if (value != NULL) { 1325 sa_free_attr_string(value); 1326 value = NULL; 1327 } 1328 break; 1329 case OPT_TYPE_ACCLIST: 1330 if (value != NULL && strcmp(value, "*") == 0) { 1331 sa_free_attr_string(value); 1332 value = NULL; 1333 } else { 1334 if (value != NULL) 1335 len += 1 + strlen(value); 1336 } 1337 break; 1338 case OPT_TYPE_LOGTAG: 1339 if (value != NULL && strlen(value) == 0) { 1340 sa_free_attr_string(value); 1341 value = NULL; 1342 } else { 1343 if (value != NULL) 1344 len += 1 + strlen(value); 1345 } 1346 break; 1347 default: 1348 if (value != NULL) 1349 len += 1 + strlen(value); 1350 break; 1351 } 1352 while (buffsize <= (curlen + len)) { 1353 /* need more room */ 1354 buffsize += incr; 1355 buff = realloc(buff, buffsize); 1356 if (buff == NULL) { 1357 /* realloc failed so free everything */ 1358 if (*rbuff != NULL) 1359 free(*rbuff); 1360 } 1361 *rbuff = buff; 1362 *rbuffsize = buffsize; 1363 if (buff == NULL) 1364 goto skip; 1365 1366 } 1367 1368 if (buff == NULL) 1369 goto skip; 1370 1371 if (value == NULL) { 1372 (void) snprintf(buff + curlen, buffsize - curlen, 1373 "%s%s", sep ? "," : "", 1374 name, value != NULL ? value : ""); 1375 } else { 1376 (void) snprintf(buff + curlen, buffsize - curlen, 1377 "%s%s=%s", sep ? "," : "", 1378 name, value != NULL ? value : ""); 1379 } 1380 printed = B_TRUE; 1381 } 1382 skip: 1383 if (name != NULL) 1384 sa_free_attr_string(name); 1385 if (value != NULL) 1386 sa_free_attr_string(value); 1387 return (printed); 1388 } 1389 1390 /* 1391 * nfs_format_options(group, hier) 1392 * 1393 * format all the options on the group into an old-style option 1394 * string. If hier is non-zero, walk up the tree to get inherited 1395 * options. 1396 */ 1397 1398 static char * 1399 nfs_format_options(sa_group_t group, int hier) 1400 { 1401 sa_optionset_t options = NULL; 1402 sa_optionset_t secoptions = NULL; 1403 sa_property_t prop, secprop; 1404 sa_security_t security = NULL; 1405 char *buff; 1406 size_t buffsize; 1407 char *sectype = NULL; 1408 int sep = 0; 1409 1410 1411 buff = malloc(OPT_CHUNK); 1412 if (buff == NULL) { 1413 return (NULL); 1414 } 1415 1416 buff[0] = '\0'; 1417 buffsize = OPT_CHUNK; 1418 1419 /* 1420 * We may have a an optionset relative to this item. format 1421 * these if we find them and then add any security definitions. 1422 */ 1423 1424 options = sa_get_derived_optionset(group, "nfs", hier); 1425 1426 /* 1427 * do the default set first but skip any option that is also 1428 * in the protocol specific optionset. 1429 */ 1430 if (options != NULL) { 1431 for (prop = sa_get_property(options, NULL); 1432 prop != NULL; prop = sa_get_next_property(prop)) { 1433 /* 1434 * use this one since we skipped any 1435 * of these that were also in 1436 * optdefault 1437 */ 1438 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1439 prop, sep)) 1440 sep = 1; 1441 if (buff == NULL) { 1442 /* 1443 * buff could become NULL if there 1444 * isn't enough memory for 1445 * nfs_sprint_option to realloc() 1446 * as necessary. We can't really 1447 * do anything about it at this 1448 * point so we return NULL. The 1449 * caller should handle the 1450 * failure. 1451 */ 1452 if (options != NULL) 1453 sa_free_derived_optionset( 1454 options); 1455 return (buff); 1456 } 1457 } 1458 } 1459 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1460 "nfs", hier); 1461 if (secoptions != NULL) { 1462 for (secprop = sa_get_property(secoptions, NULL); 1463 secprop != NULL; 1464 secprop = sa_get_next_property(secprop)) { 1465 sectype = sa_get_property_attr(secprop, "type"); 1466 security = 1467 (sa_security_t)sa_get_derived_security( 1468 group, sectype, "nfs", hier); 1469 if (security != NULL) { 1470 if (sectype != NULL) { 1471 prop = sa_create_property( 1472 "sec", sectype); 1473 if (prop == NULL) 1474 goto err; 1475 if (nfs_sprint_option(&buff, 1476 &buffsize, OPT_CHUNK, prop, sep)) 1477 sep = 1; 1478 (void) sa_remove_property(prop); 1479 if (buff == NULL) 1480 goto err; 1481 } 1482 for (prop = sa_get_property(security, 1483 NULL); prop != NULL; 1484 prop = sa_get_next_property(prop)) { 1485 if (nfs_sprint_option(&buff, 1486 &buffsize, OPT_CHUNK, prop, sep)) 1487 sep = 1; 1488 if (buff == NULL) 1489 goto err; 1490 } 1491 sa_free_derived_optionset(security); 1492 } 1493 if (sectype != NULL) 1494 sa_free_attr_string(sectype); 1495 } 1496 sa_free_derived_optionset(secoptions); 1497 } 1498 1499 if (options != NULL) 1500 sa_free_derived_optionset(options); 1501 return (buff); 1502 1503 err: 1504 /* 1505 * If we couldn't allocate memory for option printing, we need 1506 * to break out of the nested loops, cleanup and return NULL. 1507 */ 1508 if (secoptions != NULL) 1509 sa_free_derived_optionset(secoptions); 1510 if (security != NULL) 1511 sa_free_derived_optionset(security); 1512 if (sectype != NULL) 1513 sa_free_attr_string(sectype); 1514 if (options != NULL) 1515 sa_free_derived_optionset(options); 1516 return (NULL); 1517 } 1518 1519 /* 1520 * Append an entry to the nfslogtab file 1521 */ 1522 static int 1523 nfslogtab_add(dir, buffer, tag) 1524 char *dir, *buffer, *tag; 1525 { 1526 FILE *f; 1527 struct logtab_ent lep; 1528 int error = 0; 1529 1530 /* 1531 * Open the file for update and create it if necessary. 1532 * This may leave the I/O offset at the end of the file, 1533 * so rewind back to the beginning of the file. 1534 */ 1535 f = fopen(NFSLOGTAB, "a+"); 1536 if (f == NULL) { 1537 error = errno; 1538 goto out; 1539 } 1540 rewind(f); 1541 1542 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1543 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1544 "share complete, however failed to lock %s " 1545 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1546 error = -1; 1547 goto out; 1548 } 1549 1550 if (logtab_deactivate_after_boot(f) == -1) { 1551 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1552 "share complete, however could not deactivate " 1553 "entries in %s\n"), NFSLOGTAB); 1554 error = -1; 1555 goto out; 1556 } 1557 1558 /* 1559 * Remove entries matching buffer and sharepoint since we're 1560 * going to replace it with perhaps an entry with a new tag. 1561 */ 1562 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1563 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1564 "share complete, however could not remove matching " 1565 "entries in %s\n"), NFSLOGTAB); 1566 error = -1; 1567 goto out; 1568 } 1569 1570 /* 1571 * Deactivate all active entries matching this sharepoint 1572 */ 1573 if (logtab_deactivate(f, NULL, dir, NULL)) { 1574 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1575 "share complete, however could not deactivate matching " 1576 "entries in %s\n"), NFSLOGTAB); 1577 error = -1; 1578 goto out; 1579 } 1580 1581 lep.le_buffer = buffer; 1582 lep.le_path = dir; 1583 lep.le_tag = tag; 1584 lep.le_state = LES_ACTIVE; 1585 1586 /* 1587 * Add new sharepoint / buffer location to nfslogtab 1588 */ 1589 if (logtab_putent(f, &lep) < 0) { 1590 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1591 "share complete, however could not add %s to %s\n"), 1592 dir, NFSLOGTAB); 1593 error = -1; 1594 } 1595 1596 out: 1597 if (f != NULL) 1598 (void) fclose(f); 1599 return (error); 1600 } 1601 1602 /* 1603 * Deactivate an entry from the nfslogtab file 1604 */ 1605 static int 1606 nfslogtab_deactivate(path) 1607 char *path; 1608 { 1609 FILE *f; 1610 int error = 0; 1611 1612 f = fopen(NFSLOGTAB, "r+"); 1613 if (f == NULL) { 1614 error = errno; 1615 goto out; 1616 } 1617 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1618 error = errno; 1619 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1620 "share complete, however could not lock %s for " 1621 "update: %s\n"), NFSLOGTAB, strerror(error)); 1622 goto out; 1623 } 1624 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1625 error = -1; 1626 (void) fprintf(stderr, 1627 dgettext(TEXT_DOMAIN, 1628 "share complete, however could not " 1629 "deactivate %s in %s\n"), path, NFSLOGTAB); 1630 goto out; 1631 } 1632 1633 out: if (f != NULL) 1634 (void) fclose(f); 1635 1636 return (error); 1637 } 1638 1639 /* 1640 * check_public(group, skipshare) 1641 * 1642 * Check the group for any shares that have the public property 1643 * enabled. We skip "skipshare" since that is the one we are 1644 * working with. This is a separate function to make handling 1645 * subgroups simpler. Returns true if there is a share with public. 1646 */ 1647 static int 1648 check_public(sa_group_t group, sa_share_t skipshare) 1649 { 1650 int exists = B_FALSE; 1651 sa_share_t share; 1652 sa_optionset_t opt; 1653 sa_property_t prop; 1654 char *shared; 1655 1656 for (share = sa_get_share(group, NULL); share != NULL; 1657 share = sa_get_next_share(share)) { 1658 if (share == skipshare) 1659 continue; 1660 1661 opt = sa_get_optionset(share, "nfs"); 1662 if (opt == NULL) 1663 continue; 1664 prop = sa_get_property(opt, "public"); 1665 if (prop == NULL) 1666 continue; 1667 shared = sa_get_share_attr(share, "shared"); 1668 if (shared != NULL) { 1669 exists = strcmp(shared, "true") == 0; 1670 sa_free_attr_string(shared); 1671 if (exists == B_TRUE) 1672 break; 1673 } 1674 } 1675 1676 return (exists); 1677 } 1678 1679 /* 1680 * public_exists(handle, share) 1681 * 1682 * check to see if public option is set on any other share than the 1683 * one specified. Need to check zfs sub-groups as well as the top 1684 * level groups. 1685 */ 1686 static int 1687 public_exists(sa_handle_t handle, sa_share_t skipshare) 1688 { 1689 sa_group_t group = NULL; 1690 1691 /* 1692 * If we don't have a handle, we can only do syntax check. We 1693 * can't check against other shares so we assume OK and will 1694 * catch the problem only when we actually try to apply it. 1695 */ 1696 if (handle == NULL) 1697 return (SA_OK); 1698 1699 if (skipshare != NULL) { 1700 group = sa_get_parent_group(skipshare); 1701 if (group == NULL) 1702 return (SA_NO_SUCH_GROUP); 1703 } 1704 1705 for (group = sa_get_group(handle, NULL); group != NULL; 1706 group = sa_get_next_group(group)) { 1707 /* Walk any ZFS subgroups as well as all standard groups */ 1708 if (sa_group_is_zfs(group)) { 1709 sa_group_t subgroup; 1710 for (subgroup = sa_get_sub_group(group); 1711 subgroup != NULL; 1712 subgroup = sa_get_next_group(subgroup)) { 1713 if (check_public(subgroup, skipshare)) 1714 return (B_TRUE); 1715 } 1716 } else { 1717 if (check_public(group, skipshare)) 1718 return (B_TRUE); 1719 } 1720 } 1721 return (B_FALSE); 1722 } 1723 1724 /* 1725 * sa_enable_share at the protocol level, enable_share must tell the 1726 * implementation that it is to enable the share. This entails 1727 * converting the path and options into the appropriate ioctl 1728 * calls. It is assumed that all error checking of paths, etc. were 1729 * done earlier. 1730 */ 1731 static int 1732 nfs_enable_share(sa_share_t share) 1733 { 1734 struct exportdata export; 1735 sa_optionset_t secoptlist; 1736 struct secinfo *sp; 1737 int num_secinfo; 1738 sa_optionset_t opt; 1739 sa_security_t sec; 1740 sa_property_t prop; 1741 char *path; 1742 int err = SA_OK; 1743 int i; 1744 int iszfs; 1745 sa_handle_t handle; 1746 1747 /* Don't drop core if the NFS module isn't loaded. */ 1748 (void) signal(SIGSYS, SIG_IGN); 1749 1750 /* get the path since it is important in several places */ 1751 path = sa_get_share_attr(share, "path"); 1752 if (path == NULL) 1753 return (SA_NO_SUCH_PATH); 1754 1755 iszfs = sa_path_is_zfs(path); 1756 /* 1757 * find the optionsets and security sets. There may not be 1758 * any or there could be one or two for each of optionset and 1759 * security may have multiple, one per security type per 1760 * protocol type. 1761 */ 1762 opt = sa_get_derived_optionset(share, "nfs", 1); 1763 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1764 if (secoptlist != NULL) 1765 num_secinfo = MAX(1, count_security(secoptlist)); 1766 else 1767 num_secinfo = 1; 1768 1769 /* 1770 * walk through the options and fill in the structure 1771 * appropriately. 1772 */ 1773 1774 (void) memset(&export, '\0', sizeof (export)); 1775 1776 /* 1777 * do non-security options first since there is only one after 1778 * the derived group is constructed. 1779 */ 1780 export.ex_version = EX_CURRENT_VERSION; 1781 export.ex_anon = UID_NOBODY; /* this is our default value */ 1782 export.ex_index = NULL; 1783 export.ex_path = path; 1784 export.ex_pathlen = strlen(path) + 1; 1785 1786 if (opt != NULL) 1787 err = fill_export_from_optionset(&export, opt); 1788 1789 /* 1790 * check to see if "public" is set. If it is, then make sure 1791 * no other share has it set. If it is already used, fail. 1792 */ 1793 1794 handle = sa_find_group_handle((sa_group_t)share); 1795 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) { 1796 (void) printf(dgettext(TEXT_DOMAIN, 1797 "NFS: Cannot share more than one file " 1798 "system with 'public' property\n")); 1799 err = SA_NOT_ALLOWED; 1800 goto out; 1801 } 1802 1803 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1804 if (sp == NULL) { 1805 err = SA_NO_MEMORY; 1806 (void) printf(dgettext(TEXT_DOMAIN, 1807 "NFS: NFS: no memory for security\n")); 1808 goto out; 1809 } 1810 export.ex_secinfo = sp; 1811 /* get default secinfo */ 1812 export.ex_seccnt = num_secinfo; 1813 /* 1814 * since we must have one security option defined, we 1815 * init to the default and then override as we find 1816 * defined security options. This handles the case 1817 * where we have no defined options but we need to set 1818 * up one. 1819 */ 1820 sp[0].s_window = DEF_WIN; 1821 sp[0].s_rootnames = NULL; 1822 /* setup a default in case no properties defined */ 1823 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1824 (void) printf(dgettext(TEXT_DOMAIN, 1825 "NFS: nfs_getseconfig_default: failed to " 1826 "get default security mode\n")); 1827 err = SA_CONFIG_ERR; 1828 } 1829 if (secoptlist != NULL) { 1830 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1831 prop != NULL && i < num_secinfo; 1832 prop = sa_get_next_property(prop), i++) { 1833 char *sectype; 1834 sectype = sa_get_property_attr(prop, "type"); 1835 /* 1836 * if sectype is NULL, we probably 1837 * have a memory problem and can't get 1838 * the correct values. Rather than 1839 * exporting with incorrect security, 1840 * don't share it. 1841 */ 1842 if (sectype == NULL) { 1843 err = SA_NO_MEMORY; 1844 (void) printf(dgettext(TEXT_DOMAIN, 1845 "NFS: Cannot share %s: " 1846 "no memory\n"), path); 1847 goto out; 1848 } 1849 sec = (sa_security_t)sa_get_derived_security( 1850 share, sectype, "nfs", 1); 1851 sp[i].s_window = DEF_WIN; 1852 sp[i].s_rootcnt = 0; 1853 sp[i].s_rootnames = NULL; 1854 (void) fill_security_from_secopts(&sp[i], sec); 1855 if (sec != NULL) 1856 sa_free_derived_security(sec); 1857 if (sectype != NULL) 1858 sa_free_attr_string(sectype); 1859 } 1860 } 1861 /* 1862 * when we get here, we can do the exportfs system call and 1863 * initiate thinsg. We probably want to enable the nfs.server 1864 * service first if it isn't running within SMF. 1865 */ 1866 /* check nfs.server status and start if needed */ 1867 /* now add the share to the internal tables */ 1868 printarg(path, &export); 1869 /* 1870 * call the exportfs system call which is implemented 1871 * via the nfssys() call as the EXPORTFS subfunction. 1872 */ 1873 if (iszfs) { 1874 struct exportfs_args ea; 1875 share_t sh; 1876 char *str; 1877 priv_set_t *priv_effective; 1878 int privileged; 1879 1880 /* 1881 * If we aren't a privileged user 1882 * and NFS server service isn't running 1883 * then print out an error message 1884 * and return EPERM 1885 */ 1886 1887 priv_effective = priv_allocset(); 1888 (void) getppriv(PRIV_EFFECTIVE, priv_effective); 1889 1890 privileged = (priv_isfullset(priv_effective) == B_TRUE); 1891 priv_freeset(priv_effective); 1892 1893 if (!privileged && 1894 (str = smf_get_state(NFS_SERVER_SVC)) != NULL) { 1895 err = 0; 1896 if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) { 1897 (void) printf(dgettext(TEXT_DOMAIN, 1898 "NFS: Cannot share remote " 1899 "filesystem: %s\n"), path); 1900 (void) printf(dgettext(TEXT_DOMAIN, 1901 "NFS: Service needs to be enabled " 1902 "by a privileged user\n")); 1903 err = SA_SYSTEM_ERR; 1904 errno = EPERM; 1905 } 1906 free(str); 1907 } 1908 1909 if (err == 0) { 1910 ea.dname = path; 1911 ea.uex = &export; 1912 1913 sa_sharetab_fill_zfs(share, &sh, "nfs"); 1914 err = sa_share_zfs(share, NULL, path, &sh, 1915 &ea, ZFS_SHARE_NFS); 1916 sa_emptyshare(&sh); 1917 } 1918 } else { 1919 err = exportfs(path, &export); 1920 } 1921 1922 if (err < 0) { 1923 err = SA_SYSTEM_ERR; 1924 switch (errno) { 1925 case EREMOTE: 1926 (void) printf(dgettext(TEXT_DOMAIN, 1927 "NFS: Cannot share filesystems " 1928 "in non-global zones: %s\n"), path); 1929 err = SA_NOT_SUPPORTED; 1930 break; 1931 case EPERM: 1932 if (getzoneid() != GLOBAL_ZONEID) { 1933 (void) printf(dgettext(TEXT_DOMAIN, 1934 "NFS: Cannot share file systems " 1935 "in non-global zones: %s\n"), path); 1936 err = SA_NOT_SUPPORTED; 1937 break; 1938 } 1939 err = SA_NO_PERMISSION; 1940 /* FALLTHROUGH */ 1941 default: 1942 break; 1943 } 1944 } else { 1945 /* update sharetab with an add/modify */ 1946 if (!iszfs) { 1947 (void) sa_update_sharetab(share, "nfs"); 1948 } 1949 } 1950 1951 if (err == SA_OK) { 1952 /* 1953 * enable services as needed. This should probably be 1954 * done elsewhere in order to minimize the calls to 1955 * check services. 1956 */ 1957 /* 1958 * check to see if logging and other services need to 1959 * be triggered, but only if there wasn't an 1960 * error. This is probably where sharetab should be 1961 * updated with the NFS specific entry. 1962 */ 1963 if (export.ex_flags & EX_LOG) { 1964 /* enable logging */ 1965 if (nfslogtab_add(path, export.ex_log_buffer, 1966 export.ex_tag) != 0) { 1967 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1968 "Could not enable logging for %s\n"), 1969 path); 1970 } 1971 _check_services(service_list_logging); 1972 } else { 1973 /* 1974 * don't have logging so remove it from file. It might 1975 * not be thre, but that doesn't matter. 1976 */ 1977 (void) nfslogtab_deactivate(path); 1978 _check_services(service_list_default); 1979 } 1980 } 1981 1982 out: 1983 if (path != NULL) 1984 free(path); 1985 1986 cleanup_export(&export); 1987 if (opt != NULL) 1988 sa_free_derived_optionset(opt); 1989 if (secoptlist != NULL) 1990 (void) sa_destroy_optionset(secoptlist); 1991 return (err); 1992 } 1993 1994 /* 1995 * nfs_disable_share(share, path) 1996 * 1997 * Unshare the specified share. Note that "path" is the same path as 1998 * what is in the "share" object. It is passed in to avoid an 1999 * additional lookup. A missing "path" value makes this a no-op 2000 * function. 2001 */ 2002 static int 2003 nfs_disable_share(sa_share_t share, char *path) 2004 { 2005 int err; 2006 int ret = SA_OK; 2007 int iszfs; 2008 sa_group_t parent; 2009 sa_handle_t handle; 2010 2011 if (path == NULL) 2012 return (ret); 2013 2014 /* 2015 * If the share is in a ZFS group we need to handle it 2016 * differently. Just being on a ZFS file system isn't 2017 * enough since we may be in a legacy share case. 2018 */ 2019 parent = sa_get_parent_group(share); 2020 iszfs = sa_group_is_zfs(parent); 2021 if (iszfs) { 2022 struct exportfs_args ea; 2023 share_t sh = { 0 }; 2024 ea.dname = path; 2025 ea.uex = NULL; 2026 sh.sh_path = path; 2027 sh.sh_fstype = "nfs"; 2028 2029 err = sa_share_zfs(share, NULL, path, &sh, 2030 &ea, ZFS_UNSHARE_NFS); 2031 } else { 2032 err = exportfs(path, NULL); 2033 } 2034 if (err < 0) { 2035 /* 2036 * TBD: only an error in some 2037 * cases - need better analysis 2038 */ 2039 switch (errno) { 2040 case EPERM: 2041 case EACCES: 2042 ret = SA_NO_PERMISSION; 2043 if (getzoneid() != GLOBAL_ZONEID) { 2044 ret = SA_NOT_SUPPORTED; 2045 } 2046 break; 2047 case EINVAL: 2048 case ENOENT: 2049 ret = SA_NO_SUCH_PATH; 2050 break; 2051 default: 2052 ret = SA_SYSTEM_ERR; 2053 break; 2054 } 2055 } 2056 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 2057 handle = sa_find_group_handle((sa_group_t)share); 2058 if (!iszfs) 2059 (void) sa_delete_sharetab(handle, path, "nfs"); 2060 /* just in case it was logged */ 2061 (void) nfslogtab_deactivate(path); 2062 } 2063 return (ret); 2064 } 2065 2066 /* 2067 * check_rorwnone(v1, v2, v3) 2068 * 2069 * check ro vs rw vs none values. Over time this may get beefed up. 2070 * for now it just does simple checks. v1 is never NULL but v2 or v3 2071 * could be. 2072 */ 2073 2074 static int 2075 check_rorwnone(char *v1, char *v2, char *v3) 2076 { 2077 int ret = SA_OK; 2078 if (v2 != NULL && strcmp(v1, v2) == 0) 2079 ret = SA_VALUE_CONFLICT; 2080 else if (v3 != NULL && strcmp(v1, v3) == 0) 2081 ret = SA_VALUE_CONFLICT; 2082 2083 return (ret); 2084 } 2085 2086 /* 2087 * nfs_validate_property(handle, property, parent) 2088 * 2089 * Check that the property has a legitimate value for its type. 2090 */ 2091 2092 static int 2093 nfs_validate_property(sa_handle_t handle, sa_property_t property, 2094 sa_optionset_t parent) 2095 { 2096 int ret = SA_OK; 2097 char *propname; 2098 char *other1; 2099 char *other2; 2100 int optindex; 2101 nfsl_config_t *configlist; 2102 sa_group_t parent_group; 2103 char *value; 2104 2105 propname = sa_get_property_attr(property, "type"); 2106 2107 if ((optindex = findopt(propname)) < 0) 2108 ret = SA_NO_SUCH_PROP; 2109 2110 /* need to validate value range here as well */ 2111 2112 if (ret == SA_OK) { 2113 parent_group = sa_get_parent_group((sa_share_t)parent); 2114 if (optdefs[optindex].share && parent_group != NULL && 2115 !sa_is_share(parent_group)) 2116 ret = SA_PROP_SHARE_ONLY; 2117 } 2118 if (ret == SA_OK) { 2119 if (optdefs[optindex].index == OPT_PUBLIC) { 2120 /* 2121 * Public is special in that only one instance can 2122 * be in the repository at the same time. 2123 */ 2124 if (public_exists(handle, parent_group)) { 2125 sa_free_attr_string(propname); 2126 return (SA_VALUE_CONFLICT); 2127 } 2128 } 2129 value = sa_get_property_attr(property, "value"); 2130 if (value != NULL) { 2131 /* first basic type checking */ 2132 switch (optdefs[optindex].type) { 2133 case OPT_TYPE_NUMBER: 2134 /* check that the value is all digits */ 2135 if (!is_a_number(value)) 2136 ret = SA_BAD_VALUE; 2137 break; 2138 case OPT_TYPE_BOOLEAN: 2139 if (strlen(value) == 0 || 2140 strcasecmp(value, "true") == 0 || 2141 strcmp(value, "1") == 0 || 2142 strcasecmp(value, "false") == 0 || 2143 strcmp(value, "0") == 0) { 2144 ret = SA_OK; 2145 } else { 2146 ret = SA_BAD_VALUE; 2147 } 2148 break; 2149 case OPT_TYPE_USER: 2150 if (!is_a_number(value)) { 2151 struct passwd *pw; 2152 /* 2153 * in this case it would have to be a 2154 * user name 2155 */ 2156 pw = getpwnam(value); 2157 if (pw == NULL) 2158 ret = SA_BAD_VALUE; 2159 endpwent(); 2160 } else { 2161 uint64_t intval; 2162 intval = strtoull(value, NULL, 0); 2163 if (intval > UID_MAX && intval != ~0) 2164 ret = SA_BAD_VALUE; 2165 } 2166 break; 2167 case OPT_TYPE_FILE: 2168 if (strcmp(value, "..") == 0 || 2169 strchr(value, '/') != NULL) { 2170 ret = SA_BAD_VALUE; 2171 } 2172 break; 2173 case OPT_TYPE_ACCLIST: { 2174 sa_property_t oprop1; 2175 sa_property_t oprop2; 2176 char *ovalue1 = NULL; 2177 char *ovalue2 = NULL; 2178 2179 if (parent == NULL) 2180 break; 2181 /* 2182 * access list handling. Should eventually 2183 * validate that all the values make sense. 2184 * Also, ro and rw may have cross value 2185 * conflicts. 2186 */ 2187 if (strcmp(propname, SHOPT_RO) == 0) { 2188 other1 = SHOPT_RW; 2189 other2 = SHOPT_NONE; 2190 } else if (strcmp(propname, SHOPT_RW) == 0) { 2191 other1 = SHOPT_RO; 2192 other2 = SHOPT_NONE; 2193 } else if (strcmp(propname, SHOPT_NONE) == 0) { 2194 other1 = SHOPT_RO; 2195 other2 = SHOPT_RW; 2196 } else { 2197 other1 = NULL; 2198 other2 = NULL; 2199 } 2200 if (other1 == NULL && other2 == NULL) 2201 break; 2202 2203 /* compare rw(ro) with ro(rw) */ 2204 2205 oprop1 = sa_get_property(parent, other1); 2206 oprop2 = sa_get_property(parent, other2); 2207 if (oprop1 == NULL && oprop2 == NULL) 2208 break; 2209 /* 2210 * Only potential confusion if other1 2211 * or other2 exists. Check the values 2212 * and run the check if there is a 2213 * value other than the one we are 2214 * explicitly looking at. 2215 */ 2216 ovalue1 = sa_get_property_attr(oprop1, "value"); 2217 ovalue2 = sa_get_property_attr(oprop2, "value"); 2218 if (ovalue1 != NULL || ovalue2 != NULL) 2219 ret = check_rorwnone(value, ovalue1, 2220 ovalue2); 2221 2222 if (ovalue1 != NULL) 2223 sa_free_attr_string(ovalue1); 2224 if (ovalue2 != NULL) 2225 sa_free_attr_string(ovalue2); 2226 break; 2227 } 2228 case OPT_TYPE_LOGTAG: 2229 if (nfsl_getconfig_list(&configlist) == 0) { 2230 int error; 2231 if (value == NULL || 2232 strlen(value) == 0) { 2233 if (value != NULL) 2234 sa_free_attr_string( 2235 value); 2236 value = strdup("global"); 2237 } 2238 if (value != NULL && 2239 nfsl_findconfig(configlist, value, 2240 &error) == NULL) { 2241 ret = SA_BAD_VALUE; 2242 } 2243 /* Must always free when done */ 2244 nfsl_freeconfig_list(&configlist); 2245 } else { 2246 ret = SA_CONFIG_ERR; 2247 } 2248 break; 2249 case OPT_TYPE_STRING: 2250 /* whatever is here should be ok */ 2251 break; 2252 case OPT_TYPE_SECURITY: 2253 /* 2254 * The "sec" property isn't used in the 2255 * non-legacy parts of sharemgr. We need to 2256 * reject it here. For legacy, it is pulled 2257 * out well before we get here. 2258 */ 2259 ret = SA_NO_SUCH_PROP; 2260 break; 2261 default: 2262 break; 2263 } 2264 2265 if (value != NULL) 2266 sa_free_attr_string(value); 2267 2268 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2269 /* do the property specific check */ 2270 ret = optdefs[optindex].check(handle, property); 2271 } 2272 } 2273 } 2274 2275 if (propname != NULL) 2276 sa_free_attr_string(propname); 2277 return (ret); 2278 } 2279 2280 /* 2281 * Protocol management functions 2282 * 2283 * Properties defined in the default files are defined in 2284 * proto_option_defs for parsing and validation. If "other" and 2285 * "compare" are set, then the value for this property should be 2286 * compared against the property specified in "other" using the 2287 * "compare" check (either <= or >=) in order to ensure that the 2288 * values are in the correct range. E.g. setting server_versmin 2289 * higher than server_versmax should not be allowed. 2290 */ 2291 2292 struct proto_option_defs { 2293 char *tag; 2294 char *name; /* display name -- remove protocol identifier */ 2295 int index; 2296 int type; 2297 union { 2298 int intval; 2299 char *string; 2300 } defvalue; 2301 uint32_t svcs; 2302 int32_t minval; 2303 int32_t maxval; 2304 char *file; 2305 char *other; 2306 int compare; 2307 #define OPT_CMP_GE 0 2308 #define OPT_CMP_LE 1 2309 int (*check)(char *); 2310 } proto_options[] = { 2311 #define PROTO_OPT_NFSD_SERVERS 0 2312 {"nfsd_servers", 2313 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD, 2314 1, INT32_MAX, NFSADMIN}, 2315 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2316 {"lockd_listen_backlog", 2317 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2318 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX, NFSADMIN}, 2319 #define PROTO_OPT_LOCKD_SERVERS 2 2320 {"lockd_servers", 2321 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20, 2322 SVC_LOCKD, 1, INT32_MAX, NFSADMIN}, 2323 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2324 {"lockd_retransmit_timeout", 2325 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2326 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2327 #define PROTO_OPT_GRACE_PERIOD 4 2328 {"grace_period", 2329 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90, 2330 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2331 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2332 {"nfs_server_versmin", 2333 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER, 2334 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2335 NFS_VERSMAX, NFSADMIN, "server_versmax", OPT_CMP_LE}, 2336 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2337 {"nfs_server_versmax", 2338 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER, 2339 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2340 NFS_VERSMAX, NFSADMIN, "server_versmin", OPT_CMP_GE}, 2341 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2342 {"nfs_client_versmin", 2343 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER, 2344 (int)NFS_VERSMIN_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2345 NFSADMIN, "client_versmax", OPT_CMP_LE}, 2346 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2347 {"nfs_client_versmax", 2348 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER, 2349 (int)NFS_VERSMAX_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2350 NFSADMIN, "client_versmin", OPT_CMP_GE}, 2351 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2352 {"nfs_server_delegation", 2353 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION, 2354 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0, 2355 NFSADMIN}, 2356 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2357 {"nfsmapid_domain", 2358 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN, 2359 NULL, SVC_NFSMAPID, 0, 0, NFSADMIN}, 2360 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2361 {"nfsd_max_connections", 2362 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS, 2363 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX, NFSADMIN}, 2364 #define PROTO_OPT_NFSD_PROTOCOL 12 2365 {"nfsd_protocol", 2366 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0, 2367 SVC_NFSD, 0, 0, NFSADMIN}, 2368 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2369 {"nfsd_listen_backlog", 2370 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG, 2371 OPT_TYPE_NUMBER, 0, 2372 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2373 {NULL} 2374 }; 2375 2376 /* 2377 * the protoset holds the defined options so we don't have to read 2378 * them multiple times 2379 */ 2380 static sa_protocol_properties_t protoset; 2381 2382 static int 2383 findprotoopt(char *name, int whichname) 2384 { 2385 int i; 2386 for (i = 0; proto_options[i].tag != NULL; i++) { 2387 if (whichname == 1) { 2388 if (strcasecmp(proto_options[i].name, name) == 0) 2389 return (i); 2390 } else { 2391 if (strcasecmp(proto_options[i].tag, name) == 0) 2392 return (i); 2393 } 2394 } 2395 return (-1); 2396 } 2397 2398 /* 2399 * fixcaselower(str) 2400 * 2401 * convert a string to lower case (inplace). 2402 */ 2403 2404 static void 2405 fixcaselower(char *str) 2406 { 2407 while (*str) { 2408 *str = tolower(*str); 2409 str++; 2410 } 2411 } 2412 2413 /* 2414 * fixcaseupper(str) 2415 * 2416 * convert a string to upper case (inplace). 2417 */ 2418 2419 static void 2420 fixcaseupper(char *str) 2421 { 2422 while (*str) { 2423 *str = toupper(*str); 2424 str++; 2425 } 2426 } 2427 2428 /* 2429 * skipwhitespace(str) 2430 * 2431 * Skip leading white space. It is assumed that it is called with a 2432 * valid pointer. 2433 */ 2434 2435 static char * 2436 skipwhitespace(char *str) 2437 { 2438 while (*str && isspace(*str)) 2439 str++; 2440 2441 return (str); 2442 } 2443 2444 /* 2445 * extractprop() 2446 * 2447 * Extract the property and value out of the line and create the 2448 * property in the optionset. 2449 */ 2450 static int 2451 extractprop(char *name, char *value) 2452 { 2453 sa_property_t prop; 2454 int index; 2455 int ret = SA_OK; 2456 /* 2457 * Remove any leading 2458 * white space. 2459 */ 2460 name = skipwhitespace(name); 2461 2462 index = findprotoopt(name, 0); 2463 if (index >= 0) { 2464 fixcaselower(name); 2465 prop = sa_create_property(proto_options[index].name, value); 2466 if (prop != NULL) 2467 ret = sa_add_protocol_property(protoset, prop); 2468 else 2469 ret = SA_NO_MEMORY; 2470 } 2471 return (ret); 2472 } 2473 2474 /* 2475 * initprotofromdefault() 2476 * 2477 * Read the default file(s) and add the defined values to the 2478 * protoset. Note that default values are known from the built in 2479 * table in case the file doesn't have a definition. Not having the 2480 * /etc/default/nfs file is OK since we have builtin default 2481 * values. The default file will get constructed as needed if values 2482 * are changed from the defaults. 2483 */ 2484 2485 static int 2486 initprotofromdefault() 2487 { 2488 FILE *nfs; 2489 char buff[BUFSIZ]; 2490 char *name; 2491 char *value; 2492 int ret = SA_OK; 2493 2494 protoset = sa_create_protocol_properties("nfs"); 2495 2496 if (protoset != NULL) { 2497 nfs = fopen(NFSADMIN, "r"); 2498 if (nfs != NULL) { 2499 while (ret == SA_OK && 2500 fgets(buff, sizeof (buff), nfs) != NULL) { 2501 switch (buff[0]) { 2502 case '\n': 2503 case '#': 2504 /* skip */ 2505 break; 2506 default: 2507 name = buff; 2508 buff[strlen(buff) - 1] = '\0'; 2509 value = strchr(name, '='); 2510 if (value != NULL) { 2511 *value++ = '\0'; 2512 ret = extractprop(name, value); 2513 } 2514 } 2515 } 2516 (void) fclose(nfs); 2517 } else { 2518 switch (errno) { 2519 case EPERM: 2520 case EACCES: 2521 ret = SA_NO_PERMISSION; 2522 break; 2523 case ENOENT: 2524 break; 2525 default: 2526 ret = SA_SYSTEM_ERR; 2527 break; 2528 } 2529 } 2530 } else { 2531 ret = SA_NO_MEMORY; 2532 } 2533 return (ret); 2534 } 2535 2536 /* 2537 * add_defaults() 2538 * 2539 * Add the default values for any property not defined in the parsing 2540 * of the default files. Values are set according to their defined 2541 * types. 2542 */ 2543 2544 static void 2545 add_defaults() 2546 { 2547 int i; 2548 char number[MAXDIGITS]; 2549 2550 for (i = 0; proto_options[i].tag != NULL; i++) { 2551 sa_property_t prop; 2552 prop = sa_get_protocol_property(protoset, 2553 proto_options[i].name); 2554 if (prop == NULL) { 2555 /* add the default value */ 2556 switch (proto_options[i].type) { 2557 case OPT_TYPE_NUMBER: 2558 (void) snprintf(number, sizeof (number), "%d", 2559 proto_options[i].defvalue.intval); 2560 prop = sa_create_property(proto_options[i].name, 2561 number); 2562 break; 2563 2564 case OPT_TYPE_BOOLEAN: 2565 prop = sa_create_property(proto_options[i].name, 2566 proto_options[i].defvalue.intval ? 2567 "true" : "false"); 2568 break; 2569 2570 case OPT_TYPE_ONOFF: 2571 prop = sa_create_property(proto_options[i].name, 2572 proto_options[i].defvalue.intval ? 2573 "on" : "off"); 2574 break; 2575 2576 default: 2577 /* treat as strings of zero length */ 2578 prop = sa_create_property(proto_options[i].name, 2579 ""); 2580 break; 2581 } 2582 if (prop != NULL) 2583 (void) sa_add_protocol_property(protoset, prop); 2584 } 2585 } 2586 } 2587 2588 static void 2589 free_protoprops() 2590 { 2591 if (protoset != NULL) { 2592 xmlFreeNode(protoset); 2593 protoset = NULL; 2594 } 2595 } 2596 2597 /* 2598 * nfs_init() 2599 * 2600 * Initialize the NFS plugin. 2601 */ 2602 2603 static int 2604 nfs_init() 2605 { 2606 int ret = SA_OK; 2607 2608 if (sa_plugin_ops.sa_init != nfs_init) { 2609 (void) printf(dgettext(TEXT_DOMAIN, 2610 "NFS plugin not properly initialized\n")); 2611 return (SA_CONFIG_ERR); 2612 } 2613 2614 ret = initprotofromdefault(); 2615 if (ret != SA_OK) { 2616 (void) printf(dgettext(TEXT_DOMAIN, 2617 "NFS plugin problem with default file: %s\n"), 2618 sa_errorstr(ret)); 2619 ret = SA_OK; 2620 } 2621 add_defaults(); 2622 2623 return (ret); 2624 } 2625 2626 /* 2627 * nfs_fini() 2628 * 2629 * uninitialize the NFS plugin. Want to avoid memory leaks. 2630 */ 2631 2632 static void 2633 nfs_fini() 2634 { 2635 free_protoprops(); 2636 } 2637 2638 /* 2639 * nfs_get_proto_set() 2640 * 2641 * Return an optionset with all the protocol specific properties in 2642 * it. 2643 */ 2644 2645 static sa_protocol_properties_t 2646 nfs_get_proto_set() 2647 { 2648 return (protoset); 2649 } 2650 2651 struct deffile { 2652 struct deffile *next; 2653 char *line; 2654 }; 2655 2656 /* 2657 * read_default_file(fname) 2658 * 2659 * Read the specified default file. We return a list of entries. This 2660 * get used for adding or removing values. 2661 */ 2662 2663 static struct deffile * 2664 read_default_file(char *fname) 2665 { 2666 FILE *file; 2667 struct deffile *defs = NULL; 2668 struct deffile *newdef; 2669 struct deffile *prevdef = NULL; 2670 char buff[BUFSIZ * 2]; 2671 2672 file = fopen(fname, "r"); 2673 if (file != NULL) { 2674 while (fgets(buff, sizeof (buff), file) != NULL) { 2675 newdef = (struct deffile *)calloc(1, 2676 sizeof (struct deffile)); 2677 if (newdef != NULL) { 2678 /* Make sure we skip any leading whitespace. */ 2679 newdef->line = strdup(skipwhitespace(buff)); 2680 if (defs == NULL) { 2681 prevdef = defs = newdef; 2682 } else { 2683 prevdef->next = newdef; 2684 prevdef = newdef; 2685 } 2686 } 2687 } 2688 (void) fclose(file); 2689 } else { 2690 int ret = SA_OK; 2691 switch (errno) { 2692 case EPERM: 2693 case EACCES: 2694 ret = SA_NO_PERMISSION; 2695 break; 2696 case ENOENT: 2697 break; 2698 default: 2699 ret = SA_SYSTEM_ERR; 2700 break; 2701 } 2702 if (ret == SA_OK) { 2703 /* Want at least one comment line */ 2704 defs = (struct deffile *) 2705 calloc(1, sizeof (struct deffile)); 2706 defs->line = strdup("# NFS default file\n"); 2707 } 2708 } 2709 return (defs); 2710 } 2711 2712 static void 2713 free_default_file(struct deffile *defs) 2714 { 2715 struct deffile *curdefs = NULL; 2716 2717 while (defs != NULL) { 2718 curdefs = defs; 2719 defs = defs->next; 2720 if (curdefs->line != NULL) 2721 free(curdefs->line); 2722 free(curdefs); 2723 } 2724 } 2725 2726 /* 2727 * write_default_file(fname, defs) 2728 * 2729 * Write the default file back. 2730 */ 2731 2732 static int 2733 write_default_file(char *fname, struct deffile *defs) 2734 { 2735 FILE *file; 2736 int ret = SA_OK; 2737 sigset_t old, new; 2738 2739 file = fopen(fname, "w+"); 2740 if (file != NULL) { 2741 (void) sigprocmask(SIG_BLOCK, NULL, &new); 2742 (void) sigaddset(&new, SIGHUP); 2743 (void) sigaddset(&new, SIGINT); 2744 (void) sigaddset(&new, SIGQUIT); 2745 (void) sigaddset(&new, SIGTSTP); 2746 (void) sigprocmask(SIG_SETMASK, &new, &old); 2747 while (defs != NULL) { 2748 (void) fputs(defs->line, file); 2749 defs = defs->next; 2750 } 2751 (void) fsync(fileno(file)); 2752 (void) sigprocmask(SIG_SETMASK, &old, NULL); 2753 (void) fclose(file); 2754 } else { 2755 switch (errno) { 2756 case EPERM: 2757 case EACCES: 2758 ret = SA_NO_PERMISSION; 2759 break; 2760 default: 2761 ret = SA_SYSTEM_ERR; 2762 } 2763 } 2764 return (ret); 2765 } 2766 2767 2768 /* 2769 * set_default_file_value(tag, value) 2770 * 2771 * Set the default file value for tag to value. Then rewrite the file. 2772 * tag and value are always set. The caller must ensure this. 2773 */ 2774 2775 #define MAX_STRING_LENGTH 256 2776 static int 2777 set_default_file_value(char *tag, char *value) 2778 { 2779 int ret = SA_OK; 2780 struct deffile *root; 2781 struct deffile *defs; 2782 struct deffile *prev; 2783 char string[MAX_STRING_LENGTH]; 2784 int len; 2785 boolean_t update = B_FALSE; 2786 2787 (void) snprintf(string, MAX_STRING_LENGTH, "%s=", tag); 2788 len = strlen(string); 2789 2790 root = defs = read_default_file(NFSADMIN); 2791 if (root == NULL) { 2792 switch (errno) { 2793 case EPERM: 2794 case EACCES: 2795 ret = SA_NO_PERMISSION; 2796 break; 2797 default: 2798 ret = SA_NO_MEMORY; 2799 break; 2800 } 2801 return (ret); 2802 } 2803 2804 while (defs != NULL) { 2805 if (defs->line != NULL && 2806 strncasecmp(defs->line, string, len) == 0) { 2807 /* replace with the new value */ 2808 free(defs->line); 2809 fixcaseupper(tag); 2810 (void) snprintf(string, sizeof (string), 2811 "%s=%s\n", tag, value); 2812 string[MAX_STRING_LENGTH - 1] = '\0'; 2813 defs->line = strdup(string); 2814 update = B_TRUE; 2815 break; 2816 } 2817 defs = defs->next; 2818 } 2819 if (!update) { 2820 defs = root; 2821 /* didn't find, so see if it is a comment */ 2822 (void) snprintf(string, MAX_STRING_LENGTH, "#%s=", tag); 2823 len = strlen(string); 2824 while (defs != NULL) { 2825 if (strncasecmp(defs->line, string, len) == 0) { 2826 /* replace with the new value */ 2827 free(defs->line); 2828 fixcaseupper(tag); 2829 (void) snprintf(string, sizeof (string), 2830 "%s=%s\n", tag, value); 2831 string[MAX_STRING_LENGTH - 1] = '\0'; 2832 defs->line = strdup(string); 2833 update = B_TRUE; 2834 break; 2835 } 2836 defs = defs->next; 2837 } 2838 } 2839 if (!update) { 2840 fixcaseupper(tag); 2841 (void) snprintf(string, sizeof (string), "%s=%s\n", 2842 tag, value); 2843 prev = root; 2844 while (prev->next != NULL) 2845 prev = prev->next; 2846 defs = malloc(sizeof (struct deffile)); 2847 prev->next = defs; 2848 if (defs != NULL) { 2849 defs->next = NULL; 2850 defs->line = strdup(string); 2851 update = B_TRUE; 2852 } 2853 } 2854 if (update) { 2855 ret = write_default_file(NFSADMIN, root); 2856 } 2857 free_default_file(root); 2858 return (ret); 2859 } 2860 2861 /* 2862 * service_in_state(service, chkstate) 2863 * 2864 * Want to know if the specified service is in the desired state 2865 * (chkstate) or not. Return true (1) if it is and false (0) if it 2866 * isn't. 2867 */ 2868 static int 2869 service_in_state(char *service, const char *chkstate) 2870 { 2871 char *state; 2872 int ret = B_FALSE; 2873 2874 state = smf_get_state(service); 2875 if (state != NULL) { 2876 /* got the state so get the equality for the return value */ 2877 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 2878 free(state); 2879 } 2880 return (ret); 2881 } 2882 2883 /* 2884 * restart_service(svcs) 2885 * 2886 * Walk through the bit mask of services that need to be restarted in 2887 * order to use the new property values. Some properties affect 2888 * multiple daemons. Should only restart a service if it is currently 2889 * enabled (online). 2890 */ 2891 2892 static void 2893 restart_service(uint32_t svcs) 2894 { 2895 uint32_t mask; 2896 int ret; 2897 char *service; 2898 2899 for (mask = 1; svcs != 0; mask <<= 1) { 2900 switch (svcs & mask) { 2901 case SVC_LOCKD: 2902 service = LOCKD; 2903 break; 2904 case SVC_STATD: 2905 service = STATD; 2906 break; 2907 case SVC_NFSD: 2908 service = NFSD; 2909 break; 2910 case SVC_MOUNTD: 2911 service = MOUNTD; 2912 break; 2913 case SVC_NFS4CBD: 2914 service = NFS4CBD; 2915 break; 2916 case SVC_NFSMAPID: 2917 service = NFSMAPID; 2918 break; 2919 case SVC_RQUOTAD: 2920 service = RQUOTAD; 2921 break; 2922 case SVC_NFSLOGD: 2923 service = NFSLOGD; 2924 break; 2925 default: 2926 continue; 2927 } 2928 2929 /* 2930 * Only attempt to restart the service if it is 2931 * currently running. In the future, it may be 2932 * desirable to use smf_refresh_instance if the NFS 2933 * services ever implement the refresh method. 2934 */ 2935 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 2936 ret = smf_restart_instance(service); 2937 /* 2938 * There are only a few SMF errors at this point, but 2939 * it is also possible that a bad value may have put 2940 * the service into maintenance if there wasn't an 2941 * SMF level error. 2942 */ 2943 if (ret != 0) { 2944 (void) fprintf(stderr, 2945 dgettext(TEXT_DOMAIN, 2946 "%s failed to restart: %s\n"), 2947 scf_strerror(scf_error())); 2948 } else { 2949 /* 2950 * Check whether it has gone to "maintenance" 2951 * mode or not. Maintenance implies something 2952 * went wrong. 2953 */ 2954 if (service_in_state(service, 2955 SCF_STATE_STRING_MAINT)) { 2956 (void) fprintf(stderr, 2957 dgettext(TEXT_DOMAIN, 2958 "%s failed to restart\n"), 2959 service); 2960 } 2961 } 2962 } 2963 svcs &= ~mask; 2964 } 2965 } 2966 2967 /* 2968 * nfs_minmax_check(name, value) 2969 * 2970 * Verify that the value for the property specified by index is valid 2971 * relative to the opposite value in the case of a min/max variable. 2972 * Currently, server_minvers/server_maxvers and 2973 * client_minvers/client_maxvers are the only ones to check. 2974 */ 2975 2976 static int 2977 nfs_minmax_check(int index, int value) 2978 { 2979 int val; 2980 char *pval; 2981 sa_property_t prop; 2982 sa_optionset_t opts; 2983 int ret = B_TRUE; 2984 2985 if (proto_options[index].other != NULL) { 2986 /* have a property to compare against */ 2987 opts = nfs_get_proto_set(); 2988 prop = sa_get_property(opts, proto_options[index].other); 2989 /* 2990 * If we don't find the property, assume default 2991 * values which will work since the max will be at the 2992 * max and the min at the min. 2993 */ 2994 if (prop != NULL) { 2995 pval = sa_get_property_attr(prop, "value"); 2996 if (pval != NULL) { 2997 val = strtoul(pval, NULL, 0); 2998 if (proto_options[index].compare == 2999 OPT_CMP_LE) { 3000 ret = value <= val ? B_TRUE : B_FALSE; 3001 } else if (proto_options[index].compare == 3002 OPT_CMP_GE) { 3003 ret = value >= val ? B_TRUE : B_FALSE; 3004 } 3005 } 3006 } 3007 } 3008 return (ret); 3009 } 3010 3011 /* 3012 * nfs_validate_proto_prop(index, name, value) 3013 * 3014 * Verify that the property specified by name can take the new 3015 * value. This is a sanity check to prevent bad values getting into 3016 * the default files. All values need to be checked against what is 3017 * allowed by their defined type. If a type isn't explicitly defined 3018 * here, it is treated as a string. 3019 * 3020 * Note that OPT_TYPE_NUMBER will additionally check that the value is 3021 * within the range specified and potentially against another property 3022 * value as well as specified in the proto_options members other and 3023 * compare. 3024 */ 3025 3026 static int 3027 nfs_validate_proto_prop(int index, char *name, char *value) 3028 { 3029 int ret = SA_OK; 3030 char *cp; 3031 #ifdef lint 3032 name = name; 3033 #endif 3034 3035 switch (proto_options[index].type) { 3036 case OPT_TYPE_NUMBER: 3037 if (!is_a_number(value)) 3038 ret = SA_BAD_VALUE; 3039 else { 3040 int val; 3041 val = strtoul(value, NULL, 0); 3042 if (val < proto_options[index].minval || 3043 val > proto_options[index].maxval) 3044 ret = SA_BAD_VALUE; 3045 /* 3046 * For server_versmin/server_versmax and 3047 * client_versmin/client_versmax, the value of the 3048 * min(max) should be checked to be correct relative 3049 * to the current max(min). 3050 */ 3051 if (!nfs_minmax_check(index, val)) { 3052 ret = SA_BAD_VALUE; 3053 } 3054 } 3055 break; 3056 3057 case OPT_TYPE_DOMAIN: 3058 /* 3059 * needs to be a qualified domain so will have at 3060 * least one period and other characters on either 3061 * side of it. A zero length string is also allowed 3062 * and is the way to turn off the override. 3063 */ 3064 if (strlen(value) == 0) 3065 break; 3066 cp = strchr(value, '.'); 3067 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 3068 ret = SA_BAD_VALUE; 3069 break; 3070 3071 case OPT_TYPE_BOOLEAN: 3072 if (strlen(value) == 0 || 3073 strcasecmp(value, "true") == 0 || 3074 strcmp(value, "1") == 0 || 3075 strcasecmp(value, "false") == 0 || 3076 strcmp(value, "0") == 0) { 3077 ret = SA_OK; 3078 } else { 3079 ret = SA_BAD_VALUE; 3080 } 3081 break; 3082 3083 case OPT_TYPE_ONOFF: 3084 if (strcasecmp(value, "on") != 0 && 3085 strcasecmp(value, "off") != 0) { 3086 ret = SA_BAD_VALUE; 3087 } 3088 break; 3089 3090 case OPT_TYPE_PROTOCOL: 3091 if (strlen(value) != 0 && 3092 strcasecmp(value, "all") != 0 && 3093 strcasecmp(value, "tcp") != 0 && 3094 strcasecmp(value, "udp") != 0) 3095 ret = SA_BAD_VALUE; 3096 break; 3097 3098 default: 3099 /* treat as a string */ 3100 break; 3101 } 3102 return (ret); 3103 } 3104 3105 /* 3106 * nfs_set_proto_prop(prop) 3107 * 3108 * check that prop is valid. 3109 */ 3110 3111 static int 3112 nfs_set_proto_prop(sa_property_t prop) 3113 { 3114 int ret = SA_OK; 3115 char *name; 3116 char *value; 3117 3118 name = sa_get_property_attr(prop, "type"); 3119 value = sa_get_property_attr(prop, "value"); 3120 if (name != NULL && value != NULL) { 3121 int index = findprotoopt(name, 1); 3122 if (index >= 0) { 3123 /* should test for valid value */ 3124 ret = nfs_validate_proto_prop(index, name, value); 3125 if (ret == SA_OK) 3126 ret = set_default_file_value( 3127 proto_options[index].tag, value); 3128 if (ret == SA_OK) 3129 restart_service(proto_options[index].svcs); 3130 } 3131 } 3132 if (name != NULL) 3133 sa_free_attr_string(name); 3134 if (value != NULL) 3135 sa_free_attr_string(value); 3136 return (ret); 3137 } 3138 3139 /* 3140 * nfs_get_status() 3141 * 3142 * What is the current status of the nfsd? We use the SMF state here. 3143 * Caller must free the returned value. 3144 */ 3145 3146 static char * 3147 nfs_get_status() 3148 { 3149 char *state; 3150 state = smf_get_state(NFSD); 3151 return (state != NULL ? state : strdup("-")); 3152 } 3153 3154 /* 3155 * nfs_space_alias(alias) 3156 * 3157 * Lookup the space (security) name. If it is default, convert to the 3158 * real name. 3159 */ 3160 3161 static char * 3162 nfs_space_alias(char *space) 3163 { 3164 char *name = space; 3165 seconfig_t secconf; 3166 3167 /* 3168 * Only the space named "default" is special. If it is used, 3169 * the default needs to be looked up and the real name used. 3170 * This is normally "sys" but could be changed. We always 3171 * change defautl to the real name. 3172 */ 3173 if (strcmp(space, "default") == 0 && 3174 nfs_getseconfig_default(&secconf) == 0) { 3175 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 3176 name = secconf.sc_name; 3177 } 3178 return (strdup(name)); 3179 } 3180 3181 /* 3182 * nfs_features() 3183 * 3184 * Return a mask of the features required. 3185 */ 3186 3187 static uint64_t 3188 nfs_features() 3189 { 3190 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER); 3191 } 3192