xref: /titanic_50/usr/src/lib/libshare/nfs/libshare_nfs.c (revision a237e38e9161f0acd6451439d4a7dd597e66291d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * NFS specific functions
31  */
32 #include <stdio.h>
33 #include <string.h>
34 #include <ctype.h>
35 #include <stdlib.h>
36 #include <unistd.h>
37 #include <zone.h>
38 #include <errno.h>
39 #include <locale.h>
40 #include <signal.h>
41 #include "libshare.h"
42 #include "libshare_impl.h"
43 #include <nfs/export.h>
44 #include <pwd.h>
45 #include <limits.h>
46 #include <libscf.h>
47 #include "nfslog_config.h"
48 #include "nfslogtab.h"
49 #include "libshare_nfs.h"
50 #include <rpcsvc/daemon_utils.h>
51 #include <nfs/nfs.h>
52 
53 /* should really be in some global place */
54 #define	DEF_WIN	30000
55 #define	OPT_CHUNK	1024
56 
57 int debug = 0;
58 
59 
60 /* internal functions */
61 static int nfs_init();
62 static void nfs_fini();
63 static int nfs_enable_share(sa_share_t);
64 static int nfs_disable_share(char *);
65 static int nfs_validate_property(sa_property_t, sa_optionset_t);
66 static int nfs_validate_security_mode(char *);
67 static int nfs_is_security_opt(char *);
68 static int nfs_parse_legacy_options(sa_group_t, char *);
69 static char *nfs_format_options(sa_group_t, int);
70 static int nfs_set_proto_prop(sa_property_t);
71 static sa_protocol_properties_t nfs_get_proto_set();
72 static char *nfs_get_status();
73 static char *nfs_space_alias(char *);
74 
75 /*
76  * ops vector that provides the protocol specific info and operations
77  * for share management.
78  */
79 
80 struct sa_plugin_ops sa_plugin_ops = {
81 	SA_PLUGIN_VERSION,
82 	"nfs",
83 	nfs_init,
84 	nfs_fini,
85 	nfs_enable_share,
86 	nfs_disable_share,
87 	nfs_validate_property,
88 	nfs_validate_security_mode,
89 	nfs_is_security_opt,
90 	nfs_parse_legacy_options,
91 	nfs_format_options,
92 	nfs_set_proto_prop,
93 	nfs_get_proto_set,
94 	nfs_get_status,
95 	nfs_space_alias,
96 	NULL,
97 	NULL
98 };
99 
100 /*
101  * list of support services needed
102  * defines should come from head/rpcsvc/daemon_utils.h
103  */
104 
105 static char *service_list_default[] =
106 	{ STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NULL };
107 static char *service_list_logging[] =
108 	{ STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, NULL };
109 
110 /*
111  * option definitions.  Make sure to keep the #define for the option
112  * index just before the entry it is the index for. Changing the order
113  * can cause breakage.  E.g OPT_RW is index 1 and must precede the
114  * line that includes the SHOPT_RW and OPT_RW entries.
115  */
116 
117 struct option_defs optdefs[] = {
118 #define	OPT_RO		0
119 	{SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST},
120 #define	OPT_RW		1
121 	{SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST},
122 #define	OPT_ROOT	2
123 	{SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST},
124 #define	OPT_SECURE	3
125 	{SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED},
126 #define	OPT_ANON	4
127 	{SHOPT_ANON, OPT_ANON, OPT_TYPE_USER},
128 #define	OPT_WINDOW	5
129 	{SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER},
130 #define	OPT_NOSUID	6
131 	{SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN},
132 #define	OPT_ACLOK	7
133 	{SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN},
134 #define	OPT_NOSUB	8
135 	{SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN},
136 #define	OPT_SEC		9
137 	{SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY},
138 #define	OPT_PUBLIC	10
139 	{SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY},
140 #define	OPT_INDEX	11
141 	{SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE},
142 #define	OPT_LOG		12
143 	{SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG},
144 #define	OPT_CKSUM	13
145 	{SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET},
146 #ifdef VOLATILE_FH_TEST	/* XXX added for testing volatile fh's only */
147 #define	OPT_VOLFH	14
148 	{SHOPT_VOLFH, OPT_VOLFH},
149 #endif /* VOLATILE_FH_TEST */
150 	NULL
151 };
152 
153 /*
154  * list of properties that are related to security flavors.
155  */
156 static char *seclist[] = {
157 	SHOPT_RO,
158 	SHOPT_RW,
159 	SHOPT_ROOT,
160 	SHOPT_WINDOW,
161 	NULL
162 };
163 
164 /* structure for list of securities */
165 struct securities {
166 	sa_security_t security;
167 	struct securities *next;
168 };
169 
170 /*
171  * findopt(name)
172  *
173  * Lookup option "name" in the option table and return the table
174  * index.
175  */
176 
177 static int
178 findopt(char *name)
179 {
180 	int i;
181 	if (name != NULL) {
182 	    for (i = 0; optdefs[i].tag != NULL; i++) {
183 		if (strcmp(optdefs[i].tag, name) == 0)
184 		    return (i);
185 	    }
186 	}
187 	return (-1);
188 }
189 
190 /*
191  * gettype(name)
192  *
193  * Return the type of option "name".
194  */
195 
196 static int
197 gettype(char *name)
198 {
199 	int optdef;
200 
201 	optdef = findopt(name);
202 	if (optdef != -1)
203 	    return (optdefs[optdef].type);
204 	return (OPT_TYPE_ANY);
205 }
206 
207 /*
208  * nfs_validate_security_mode(mode)
209  *
210  * is the specified mode string a valid one for use with NFS?
211  */
212 
213 static int
214 nfs_validate_security_mode(char *mode)
215 {
216 	seconfig_t secinfo;
217 	int err;
218 
219 	(void) memset(&secinfo, '\0', sizeof (secinfo));
220 	err = nfs_getseconfig_byname(mode, &secinfo);
221 	if (err == SC_NOERROR)
222 	    return (1);
223 	return (0);
224 }
225 
226 /*
227  * nfs_is_security_opt(tok)
228  *
229  * check to see if tok represents an option that is only valid in some
230  * security flavor.
231  */
232 
233 static int
234 nfs_is_security_opt(char *tok)
235 {
236 	int i;
237 
238 	for (i = 0; seclist[i] != NULL; i++) {
239 	    if (strcmp(tok, seclist[i]) == 0)
240 		return (1);
241 	}
242 	return (0);
243 }
244 
245 /*
246  * find_security(seclist, sec)
247  *
248  * Walk the current list of security flavors and return true if it is
249  * present, else return false.
250  */
251 
252 static int
253 find_security(struct securities *seclist, sa_security_t sec)
254 {
255 	while (seclist != NULL) {
256 	    if (seclist->security == sec)
257 		return (1);
258 	    seclist = seclist->next;
259 	}
260 	return (0);
261 }
262 
263 /*
264  * make_security_list(group, securitymodes, proto)
265  *	go through the list of securitymodes and add them to the
266  *	group's list of security optionsets. We also keep a list of
267  *	those optionsets so we don't have to find them later. All of
268  *	these will get copies of the same properties.
269  */
270 
271 static struct securities *
272 make_security_list(sa_group_t group, char *securitymodes, char *proto)
273 {
274 	char *tok, *next = NULL;
275 	struct securities *curp, *headp = NULL, *prev;
276 	sa_security_t check;
277 	int freetok = 0;
278 
279 	for (tok = securitymodes; tok != NULL; tok = next) {
280 	    next = strchr(tok, ':');
281 	    if (next != NULL)
282 		*next++ = '\0';
283 	    if (strcmp(tok, "default") == 0) {
284 		/* resolve default into the real type */
285 		tok = nfs_space_alias(tok);
286 		freetok = 1;
287 	    }
288 	    check = sa_get_security(group, tok, proto);
289 
290 	    /* add to the security list if it isn't there already */
291 	    if (check == NULL || !find_security(headp, check)) {
292 		curp = (struct securities *)calloc(1,
293 						sizeof (struct securities));
294 		if (curp != NULL) {
295 		    if (check == NULL) {
296 			curp->security = sa_create_security(group, tok,
297 								proto);
298 		    } else {
299 			curp->security = check;
300 		    }
301 			/*
302 			 * note that the first time through the loop,
303 			 * headp will be NULL and prev will be
304 			 * undefined.  Since headp is NULL, we set
305 			 * both it and prev to the curp (first
306 			 * structure to be allocated).
307 			 *
308 			 * later passes through the loop will have
309 			 * headp not being NULL and prev will be used
310 			 * to allocate at the end of the list.
311 			 */
312 		    if (headp == NULL) {
313 			headp = curp;
314 			prev = curp;
315 		    } else {
316 			prev->next = curp;
317 			prev = curp;
318 		    }
319 		}
320 	    }
321 
322 	    if (freetok) {
323 		freetok = 0;
324 		sa_free_attr_string(tok);
325 	    }
326 	}
327 	return (headp);
328 }
329 
330 static void
331 free_security_list(struct securities *sec)
332 {
333 	struct securities *next;
334 	if (sec != NULL) {
335 	    for (next = sec->next; sec != NULL; sec = next) {
336 		next = sec->next;
337 		free(sec);
338 	    }
339 	}
340 }
341 
342 /*
343  * nfs_alistcat(str1, str2, sep)
344  *
345  * concatenate str1 and str2 into a new string using sep as a separate
346  * character. If memory allocation fails, return NULL;
347  */
348 
349 static char *
350 nfs_alistcat(char *str1, char *str2, char sep)
351 {
352 	char *newstr;
353 	size_t len;
354 
355 	len = strlen(str1) + strlen(str2) + 2;
356 	newstr = (char *)malloc(len);
357 	if (newstr != NULL)
358 	    (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2);
359 	return (newstr);
360 }
361 
362 /*
363  * add_security_prop(sec, name, value, persist)
364  *
365  * Add the property to the securities structure. This accumulates
366  * properties for as part of parsing legacy options.
367  */
368 
369 static int
370 add_security_prop(struct securities *sec, char *name, char *value,
371 			int persist, int iszfs)
372 {
373 	sa_property_t prop;
374 	int ret = SA_OK;
375 
376 	for (; sec != NULL; sec = sec->next) {
377 	    if (value == NULL) {
378 		if (strcmp(name, SHOPT_RW) == 0 || strcmp(name, SHOPT_RO) == 0)
379 		    value = "*";
380 		else
381 		    value = "true";
382 	    }
383 
384 		/*
385 		 * Get the existing property, if it exists, so we can
386 		 * determine what to do with it. The ro/rw/root
387 		 * properties can be merged if multiple instances of
388 		 * these properies are given. For example, if "rw"
389 		 * exists with a value "host1" and a later token of
390 		 * rw="host2" is seen, the values are merged into a
391 		 * single rw="host1:host2".
392 		 */
393 	    prop = sa_get_property(sec->security, name);
394 
395 	    if (prop != NULL) {
396 		char *oldvalue;
397 		char *newvalue;
398 
399 		/*
400 		 * The security options of ro/rw/root might appear
401 		 * multiple times. If they do, the values need to be
402 		 * merged into an access list. If it was previously
403 		 * empty, the new value alone is added.
404 		 */
405 		oldvalue = sa_get_property_attr(prop, "value");
406 		if (oldvalue != NULL) {
407 			/*
408 			 * The general case is to concatenate the new
409 			 * value onto the old value for multiple
410 			 * rw(ro/root) properties. A special case
411 			 * exists when either the old or new is the
412 			 * "all" case. In the special case, if both
413 			 * are "all", then it is "all", else if one is
414 			 * an access-list, that replaces the "all".
415 			 */
416 		    if (strcmp(oldvalue, "*") == 0) {
417 			/* Replace old value with new value. */
418 			newvalue = strdup(value);
419 		    } else if (strcmp(value, "*") == 0) {
420 			/* Keep old value and ignore the new value. */
421 			newvalue = NULL;
422 		    } else {
423 			/* Make a new list of old plus new access-list. */
424 			newvalue = nfs_alistcat(oldvalue, value, ':');
425 		    }
426 
427 		    if (newvalue != NULL) {
428 			(void) sa_remove_property(prop);
429 			prop = sa_create_property(name, newvalue);
430 			ret = sa_add_property(sec->security, prop);
431 			free(newvalue);
432 		    }
433 		    if (oldvalue != NULL)
434 			sa_free_attr_string(oldvalue);
435 		}
436 	    } else {
437 		prop = sa_create_property(name, value);
438 		ret = sa_add_property(sec->security, prop);
439 	    }
440 	    if (ret == SA_OK && !iszfs) {
441 		ret = sa_commit_properties(sec->security, !persist);
442 	    }
443 	}
444 	return (ret);
445 }
446 
447 /*
448  * check to see if group/share is persistent.
449  */
450 static int
451 is_persistent(sa_group_t group)
452 {
453 	char *type;
454 	int persist = 1;
455 
456 	type = sa_get_group_attr(group, "type");
457 	if (type != NULL && strcmp(type, "persist") != 0)
458 	    persist = 0;
459 	if (type != NULL)
460 	    sa_free_attr_string(type);
461 	return (persist);
462 }
463 
464 /*
465  * invalid_security(options)
466  *
467  * search option string for any invalid sec= type.
468  * return true (1) if any are not valid else false (0)
469  */
470 static int
471 invalid_security(char *options)
472 {
473 	char *copy, *base, *token, *value;
474 	int ret = 0;
475 
476 	copy = strdup(options);
477 	token = base = copy;
478 	while (token != NULL && ret == 0) {
479 	    token = strtok(base, ",");
480 	    base = NULL;
481 	    if (token != NULL) {
482 		value = strchr(token, '=');
483 		if (value != NULL)
484 		    *value++ = '\0';
485 		if (strcmp(token, "sec") == 0) {
486 		    /* have security flavors so check them */
487 		    char *tok, *next;
488 		    for (next = NULL, tok = value; tok != NULL; tok = next) {
489 			next = strchr(tok, ':');
490 			if (next != NULL)
491 			    *next++ = '\0';
492 			ret = !nfs_validate_security_mode(tok);
493 			if (ret)
494 			    break;
495 		    }
496 		}
497 	    }
498 	}
499 	if (copy != NULL)
500 	    free(copy);
501 	return (ret);
502 }
503 
504 /*
505  * nfs_parse_legacy_options(group, options)
506  *
507  * Parse the old style options into internal format and store on the
508  * specified group.  Group could be a share for full legacy support.
509  */
510 
511 static int
512 nfs_parse_legacy_options(sa_group_t group, char *options)
513 {
514 	char *dup = strdup(options);
515 	char *base;
516 	char *token;
517 	sa_optionset_t optionset;
518 	struct securities *security_list = NULL;
519 	sa_property_t prop;
520 	int ret = SA_OK;
521 	int iszfs = 0;
522 	sa_group_t parent;
523 	int persist = 0;
524 	char *lasts;
525 
526 	/* do we have an existing optionset? */
527 	optionset = sa_get_optionset(group, "nfs");
528 	if (optionset == NULL) {
529 	    /* didn't find existing optionset so create one */
530 	    optionset = sa_create_optionset(group, "nfs");
531 	} else {
532 		/*
533 		 * have an existing optionset so we need to compare
534 		 * options in order to detect errors. For now, we
535 		 * assume that the first optionset is the correct one
536 		 * and the others will be the same. This needs to be
537 		 * fixed before the final code is ready.
538 		 */
539 	    return (ret);
540 	}
541 
542 	if (strcmp(options, SHOPT_RW) == 0) {
543 		/*
544 		 * there is a special case of only the option "rw"
545 		 * being the default option. We don't have to do
546 		 * anything.
547 		 */
548 	    return (ret);
549 	}
550 
551 	/*
552 	 * check if security types are present and validate them. If
553 	 * any are not legal, fail.
554 	 */
555 
556 	if (invalid_security(options)) {
557 	    return (SA_INVALID_SECURITY);
558 	}
559 
560 	/*
561 	 * in order to not attempt to change ZFS properties unless
562 	 * absolutely necessary, we never do it in the legacy parsing.
563 	 */
564 	if (sa_is_share(group)) {
565 	    char *zfs;
566 	    parent = sa_get_parent_group(group);
567 	    if (parent != NULL) {
568 		zfs = sa_get_group_attr(parent, "zfs");
569 		if (zfs != NULL) {
570 		    sa_free_attr_string(zfs);
571 		    iszfs++;
572 		}
573 	    }
574 	} else {
575 	    iszfs = sa_group_is_zfs(group);
576 	}
577 
578 	/*
579 	 * we need to step through each option in the string and then
580 	 * add either the option or the security option as needed. If
581 	 * this is not a persistent share, don't commit to the
582 	 * repository. If there is an error, we also want to abort the
583 	 * processing and report it.
584 	 */
585 	persist = is_persistent(group);
586 	base = dup;
587 	token = dup;
588 	lasts = NULL;
589 	while (token != NULL && ret == SA_OK) {
590 	    ret = SA_OK;
591 	    token = strtok_r(base, ",", &lasts);
592 	    base = NULL;
593 	    if (token != NULL) {
594 		char *value;
595 		/*
596 		 * if the option has a value, it will have an '=' to
597 		 * separate the name from the value. The following
598 		 * code will result in value != NULL and token
599 		 * pointing to just the name if there is a value.
600 		 */
601 		value = strchr(token, '=');
602 		if (value != NULL) {
603 		    *value++ = '\0';
604 		}
605 		if (strcmp(token, "sec") == 0 || strcmp(token, "secure") == 0) {
606 			/*
607 			 * Once in security parsing, we only
608 			 * do security. We do need to move
609 			 * between the security node and the
610 			 * toplevel. The security tag goes on
611 			 * the root while the following ones
612 			 * go on the security.
613 			 */
614 		    if (security_list != NULL) {
615 			/* have an old list so close it and start the new */
616 			free_security_list(security_list);
617 		    }
618 		    if (strcmp(token, "secure") == 0) {
619 			value = "dh";
620 		    } else {
621 			if (value == NULL) {
622 			    ret = SA_SYNTAX_ERR;
623 			    break;
624 			}
625 		    }
626 		    security_list = make_security_list(group, value, "nfs");
627 		} else {
628 			/*
629 			 * Note that the "old" syntax allowed a
630 			 * default security model This must be
631 			 * accounted for and internally converted to
632 			 * "standard" security structure.
633 			 */
634 		    if (nfs_is_security_opt(token)) {
635 			if (security_list == NULL) {
636 				/*
637 				 * need to have a security option. This
638 				 * will be "closed" when a defined "sec="
639 				 * option is seen. This is technically an
640 				 * error but will be allowed with warning.
641 				 */
642 			    security_list = make_security_list(group,
643 								"default",
644 								"nfs");
645 			}
646 			if (security_list != NULL) {
647 			    ret = add_security_prop(security_list, token,
648 							value, persist,
649 							iszfs);
650 			} else {
651 			    ret = SA_NO_MEMORY;
652 			}
653 		    } else {
654 			/* regular options */
655 			if (value == NULL) {
656 			    if (strcmp(token, SHOPT_RW) == 0 ||
657 				strcmp(token, SHOPT_RO) == 0)
658 				value = "*";
659 			    else if (strcmp(token, SHOPT_LOG) == 0)
660 				value = "global";
661 			    else
662 				value = "true";
663 			}
664 			prop = sa_create_property(token, value);
665 			ret = sa_add_property(optionset, prop);
666 			if (ret != SA_OK) {
667 			    break;
668 			}
669 			if (!iszfs) {
670 			    ret = sa_commit_properties(optionset, !persist);
671 			}
672 		    }
673 		}
674 	    }
675 	}
676 	if (security_list != NULL)
677 	    free_security_list(security_list);
678 	if (dup != NULL)
679 	    free(dup);
680 	return (ret);
681 }
682 
683 /*
684  * is_a_number(number)
685  *
686  * is the string a number in one of the forms we want to use?
687  */
688 
689 static int
690 is_a_number(char *number)
691 {
692 	int ret = 1;
693 	int hex = 0;
694 
695 	if (strncmp(number, "0x", 2) == 0) {
696 	    number += 2;
697 	    hex = 1;
698 	} else if (*number == '-')
699 	    number++; /* skip the minus */
700 
701 	while (ret == 1 && *number != '\0') {
702 	    if (hex) {
703 		ret = isxdigit(*number++);
704 	    } else {
705 		ret = isdigit(*number++);
706 	    }
707 	}
708 	return (ret);
709 }
710 
711 /*
712  * Look for the specified tag in the configuration file. If it is found,
713  * enable logging and set the logging configuration information for exp.
714  */
715 static void
716 configlog(struct exportdata *exp, char *tag)
717 {
718 	nfsl_config_t *configlist = NULL, *configp;
719 	int error = 0;
720 	char globaltag[] = DEFAULTTAG;
721 
722 	/*
723 	 * Sends config errors to stderr
724 	 */
725 	nfsl_errs_to_syslog = B_FALSE;
726 
727 	/*
728 	 * get the list of configuration settings
729 	 */
730 	error = nfsl_getconfig_list(&configlist);
731 	if (error) {
732 		(void) fprintf(stderr,
733 				dgettext(TEXT_DOMAIN,
734 					"Cannot get log configuration: %s\n"),
735 				strerror(error));
736 	}
737 
738 	if (tag == NULL)
739 		tag = globaltag;
740 	if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) {
741 		nfsl_freeconfig_list(&configlist);
742 		(void) fprintf(stderr,
743 				dgettext(TEXT_DOMAIN,
744 					"No tags matching \"%s\"\n"), tag);
745 		/* bad configuration */
746 		error = ENOENT;
747 		goto err;
748 	}
749 
750 	if ((exp->ex_tag = strdup(tag)) == NULL) {
751 		error = ENOMEM;
752 		goto out;
753 	}
754 	if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) {
755 		error = ENOMEM;
756 		goto out;
757 	}
758 	exp->ex_flags |= EX_LOG;
759 	if (configp->nc_rpclogpath != NULL)
760 		exp->ex_flags |= EX_LOG_ALLOPS;
761 out:
762 	if (configlist != NULL)
763 	    nfsl_freeconfig_list(&configlist);
764 
765 err:
766 	if (error != 0) {
767 		if (exp->ex_flags != NULL)
768 			free(exp->ex_tag);
769 		if (exp->ex_log_buffer != NULL)
770 			free(exp->ex_log_buffer);
771 		(void) fprintf(stderr,
772 				dgettext(TEXT_DOMAIN,
773 					"Cannot set log configuration: %s\n"),
774 				strerror(error));
775 	}
776 }
777 
778 /*
779  * fill_export_from_optionset(export, optionset)
780  *
781  * In order to share, we need to set all the possible general options
782  * into the export structure. Share info will be filled in by the
783  * caller. Various property values get turned into structure specific
784  * values.
785  */
786 
787 static int
788 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset)
789 {
790 	sa_property_t option;
791 	int ret = SA_OK;
792 
793 	for (option = sa_get_property(optionset, NULL);
794 		option != NULL; option = sa_get_next_property(option)) {
795 	    char *name;
796 	    char *value;
797 	    uint32_t val;
798 
799 	/*
800 	 * since options may be set/reset multiple times, always do an
801 	 * explicit set or clear of the option. This allows defaults
802 	 * to be set and then the protocol specifici to override.
803 	 */
804 
805 	    name = sa_get_property_attr(option, "type");
806 	    value = sa_get_property_attr(option, "value");
807 	    switch (findopt(name)) {
808 	    case OPT_ANON:
809 		if (value != NULL && is_a_number(value)) {
810 		    val = strtoul(value, NULL, 0);
811 		} else {
812 		    struct passwd *pw;
813 		    pw = getpwnam(value != NULL ? value : "nobody");
814 		    if (pw != NULL) {
815 			val = pw->pw_uid;
816 		    } else {
817 			val = UID_NOBODY;
818 		    }
819 		    endpwent();
820 		}
821 		export->ex_anon = val;
822 		break;
823 	    case OPT_NOSUID:
824 		if (value != NULL &&
825 		    (strcasecmp(value, "true") == 0 || strcmp(value, "1") == 0))
826 		    export->ex_flags |= EX_NOSUID;
827 		else
828 		    export->ex_flags &= ~EX_NOSUID;
829 		break;
830 	    case OPT_ACLOK:
831 		if (value != NULL &&
832 		    (strcasecmp(value, "true") == 0 ||
833 			strcmp(value, "1") == 0))
834 		    export->ex_flags |= EX_ACLOK;
835 		else
836 		    export->ex_flags &= ~EX_ACLOK;
837 		break;
838 	    case OPT_NOSUB:
839 		if (value != NULL &&
840 		    (strcasecmp(value, "true") == 0 || strcmp(value, "1") == 0))
841 		    export->ex_flags |= EX_NOSUB;
842 		else
843 		    export->ex_flags &= ~EX_NOSUB;
844 		break;
845 	    case OPT_PUBLIC:
846 		if (value != NULL &&
847 		    (strcasecmp(value, "true") == 0 || strcmp(value, "1") == 0))
848 		    export->ex_flags |= EX_PUBLIC;
849 		else
850 		    export->ex_flags &= ~EX_PUBLIC;
851 		break;
852 	    case OPT_INDEX:
853 		if (value != NULL &&
854 		    (strcmp(value, "..") == 0 || strchr(value, '/') != NULL)) {
855 		    /* this is an error */
856 		    (void) printf(dgettext(TEXT_DOMAIN,
857 					    "NFS: index=\"%s\" not valid;"
858 					    "must be a filename.\n"),
859 			    value);
860 		    break;
861 		}
862 		if (value != NULL && *value != '\0' &&
863 			strcmp(value, ".") != 0) {
864 		    /* valid index file string */
865 		    if (export->ex_index != NULL) {
866 			/* left over from "default" */
867 			free(export->ex_index);
868 		    }
869 		    export->ex_index = strdup(value); /* remember to free */
870 		    if (export->ex_index == NULL) {
871 			(void) printf(dgettext(TEXT_DOMAIN,
872 						"NFS: out of memory setting "
873 						"index property\n"));
874 			break;
875 		    }
876 		    export->ex_flags |= EX_INDEX;
877 		}
878 		break;
879 	    case OPT_LOG:
880 		if (value == NULL)
881 		    value = strdup("global");
882 		if (value != NULL)
883 		    configlog(export, strlen(value) ? value : "global");
884 		break;
885 	    case OPT_CKSUM:
886 		/* TBD: not ready yet */
887 		break;
888 	    default:
889 		/* have a syntactic error */
890 		(void) printf(dgettext(TEXT_DOMAIN,
891 					"NFS: unrecognized option %s=%s\n"),
892 			name, value != NULL ? value : "");
893 		break;
894 	    }
895 	    if (name != NULL)
896 		sa_free_attr_string(name);
897 	    if (value != NULL)
898 		sa_free_attr_string(value);
899 	}
900 	return (ret);
901 }
902 
903 /*
904  * cleanup_export(export)
905  *
906  * Cleanup the allocated areas so we don't leak memory
907  */
908 
909 static void
910 cleanup_export(struct exportdata *export)
911 {
912 	int i;
913 
914 	if (export->ex_index != NULL)
915 	    free(export->ex_index);
916 	if (export->ex_secinfo != NULL) {
917 	    for (i = 0; i < export->ex_seccnt; i++)
918 		if (export->ex_secinfo[i].s_rootnames != NULL) {
919 		    free(export->ex_secinfo[i].s_rootnames);
920 		}
921 	    free(export->ex_secinfo);
922 	}
923 }
924 
925 /*
926  * Given a seconfig entry and a colon-separated
927  * list of names, allocate an array big enough
928  * to hold the root list, then convert each name to
929  * a principal name according to the security
930  * info and assign it to an array element.
931  * Return the array and its size.
932  */
933 static caddr_t *
934 get_rootnames(seconfig_t *sec, char *list, int *count)
935 {
936 	caddr_t *a;
937 	int c, i;
938 	char *host, *p;
939 
940 	/*
941 	 * Count the number of strings in the list.
942 	 * This is the number of colon separators + 1.
943 	 */
944 	c = 1;
945 	for (p = list; *p; p++)
946 		if (*p == ':')
947 			c++;
948 	*count = c;
949 
950 	a = (caddr_t *)malloc(c * sizeof (char *));
951 	if (a == NULL) {
952 		(void) printf(dgettext(TEXT_DOMAIN,
953 					"get_rootnames: no memory\n"));
954 	} else {
955 	    for (i = 0; i < c; i++) {
956 		host = strtok(list, ":");
957 		if (!nfs_get_root_principal(sec, host, &a[i])) {
958 		    free(a);
959 		    a = NULL;
960 		    break;
961 		}
962 		list = NULL;
963 	    }
964 	}
965 
966 	return (a);
967 }
968 
969 /*
970  * fill_security_from_secopts(sp, secopts)
971  *
972  * Fill the secinfo structure from the secopts optionset.
973  */
974 
975 static int
976 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts)
977 {
978 	sa_property_t prop;
979 	char *type;
980 	int longform;
981 	int err = SC_NOERROR;
982 
983 	type = sa_get_security_attr(secopts, "sectype");
984 	if (type != NULL) {
985 	    /* named security type needs secinfo to be filled in */
986 	    err = nfs_getseconfig_byname(type, &sp->s_secinfo);
987 	    sa_free_attr_string(type);
988 	    if (err != SC_NOERROR)
989 		return (err);
990 	} else {
991 	    /* default case */
992 	    err = nfs_getseconfig_default(&sp->s_secinfo);
993 	    if (err != SC_NOERROR)
994 		return (err);
995 	}
996 
997 	err = SA_OK;
998 	for (prop = sa_get_property(secopts, NULL);
999 		prop != NULL && err == SA_OK;
1000 		prop = sa_get_next_property(prop)) {
1001 	    char *name;
1002 	    char *value;
1003 
1004 	    name = sa_get_property_attr(prop, "type");
1005 	    value = sa_get_property_attr(prop, "value");
1006 
1007 	    longform = value != NULL && strcmp(value, "*") != 0;
1008 
1009 	    switch (findopt(name)) {
1010 	    case OPT_RO:
1011 		sp->s_flags |= longform ? M_ROL : M_RO;
1012 		break;
1013 	    case OPT_RW:
1014 		sp->s_flags |= longform ? M_RWL : M_RW;
1015 		break;
1016 	    case OPT_ROOT:
1017 		sp->s_flags |= M_ROOT;
1018 		/*
1019 		 * if we are using AUTH_UNIX, handle like other things
1020 		 * such as RO/RW
1021 		 */
1022 		if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX)
1023 		    continue;
1024 		/* not AUTH_UNIX */
1025 		if (value != NULL) {
1026 		    sp->s_rootnames = get_rootnames(&sp->s_secinfo, value,
1027 							&sp->s_rootcnt);
1028 		    if (sp->s_rootnames == NULL) {
1029 			err = SA_BAD_VALUE;
1030 			(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1031 							"Bad root list\n"));
1032 		    }
1033 		}
1034 		break;
1035 	    case OPT_WINDOW:
1036 		if (value != NULL) {
1037 		    sp->s_window = atoi(value);
1038 		    if (sp->s_window < 0)
1039 			sp->s_window = DEF_WIN; /* just in case */
1040 		}
1041 		break;
1042 	    default:
1043 		break;
1044 	    }
1045 	    if (name != NULL)
1046 		sa_free_attr_string(name);
1047 	    if (value != NULL)
1048 		sa_free_attr_string(value);
1049 	}
1050 	/* if rw/ro options not set, use default of RW */
1051 	if ((sp->s_flags & NFS_RWMODES) == 0)
1052 	    sp->s_flags |= M_RW;
1053 	return (err);
1054 }
1055 
1056 /*
1057  * This is for testing only
1058  * It displays the export structure that
1059  * goes into the kernel.
1060  */
1061 static void
1062 printarg(char *path, struct exportdata *ep)
1063 {
1064 	int i, j;
1065 	struct secinfo *sp;
1066 
1067 	if (debug == 0)
1068 	    return;
1069 
1070 	(void) printf("%s:\n", path);
1071 	(void) printf("\tex_version = %d\n", ep->ex_version);
1072 	(void) printf("\tex_path = %s\n", ep->ex_path);
1073 	(void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen);
1074 	(void) printf("\tex_flags: (0x%02x) ", ep->ex_flags);
1075 	if (ep->ex_flags & EX_NOSUID)
1076 		(void) printf("NOSUID ");
1077 	if (ep->ex_flags & EX_ACLOK)
1078 		(void) printf("ACLOK ");
1079 	if (ep->ex_flags & EX_PUBLIC)
1080 		(void) printf("PUBLIC ");
1081 	if (ep->ex_flags & EX_NOSUB)
1082 		(void) printf("NOSUB ");
1083 	if (ep->ex_flags & EX_LOG)
1084 		(void) printf("LOG ");
1085 	if (ep->ex_flags & EX_LOG_ALLOPS)
1086 		(void) printf("LOG_ALLOPS ");
1087 	if (ep->ex_flags == 0)
1088 		(void) printf("(none)");
1089 	(void) 	printf("\n");
1090 	if (ep->ex_flags & EX_LOG) {
1091 		(void) printf("\tex_log_buffer = %s\n",
1092 			(ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)"));
1093 		(void) printf("\tex_tag = %s\n",
1094 				(ep->ex_tag ? ep->ex_tag : "(NULL)"));
1095 	}
1096 	(void) printf("\tex_anon = %d\n", ep->ex_anon);
1097 	(void) printf("\tex_seccnt = %d\n", ep->ex_seccnt);
1098 	(void) printf("\n");
1099 	for (i = 0; i < ep->ex_seccnt; i++) {
1100 		sp = &ep->ex_secinfo[i];
1101 		(void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name);
1102 		(void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags);
1103 		if (sp->s_flags & M_ROOT) (void) printf("M_ROOT ");
1104 		if (sp->s_flags & M_RO) (void) printf("M_RO ");
1105 		if (sp->s_flags & M_ROL) (void) printf("M_ROL ");
1106 		if (sp->s_flags & M_RW) (void) printf("M_RW ");
1107 		if (sp->s_flags & M_RWL) (void) printf("M_RWL ");
1108 		if (sp->s_flags == 0) (void) printf("(none)");
1109 		(void) printf("\n");
1110 		(void) printf("\t\ts_window = %d\n", sp->s_window);
1111 		(void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt);
1112 		(void) fflush(stdout);
1113 		for (j = 0; j < sp->s_rootcnt; j++)
1114 			(void) printf("%s ", sp->s_rootnames[j] ?
1115 					sp->s_rootnames[j] : "<null>");
1116 		(void) printf("\n\n");
1117 	}
1118 }
1119 
1120 /*
1121  * count_security(opts)
1122  *
1123  * Count the number of security types (flavors). The optionset has
1124  * been populated with the security flavors as a holding mechanism.
1125  * We later use this number to allocate data structures.
1126  */
1127 
1128 static int
1129 count_security(sa_optionset_t opts)
1130 {
1131 	int count = 0;
1132 	sa_property_t prop;
1133 	if (opts != NULL) {
1134 	    for (prop = sa_get_property(opts, NULL); prop != NULL;
1135 		prop = sa_get_next_property(prop)) {
1136 		count++;
1137 	    }
1138 	}
1139 	return (count);
1140 }
1141 
1142 /*
1143  * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep)
1144  *
1145  * provides a mechanism to format NFS properties into legacy output
1146  * format. If the buffer would overflow, it is reallocated and grown
1147  * as appropriate. Special cases of converting internal form of values
1148  * to those used by "share" are done. this function does one property
1149  * at a time.
1150  */
1151 
1152 static void
1153 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr,
1154 			sa_property_t prop, int sep)
1155 {
1156 	char *name;
1157 	char *value;
1158 	int curlen;
1159 	char *buff = *rbuff;
1160 	size_t buffsize = *rbuffsize;
1161 
1162 	name = sa_get_property_attr(prop, "type");
1163 	value = sa_get_property_attr(prop, "value");
1164 	if (buff != NULL)
1165 	    curlen = strlen(buff);
1166 	else
1167 	    curlen = 0;
1168 	if (name != NULL) {
1169 	    int len;
1170 	    len = strlen(name) + sep;
1171 
1172 		/*
1173 		 * A future RFE would be to replace this with more
1174 		 * generic code and to possibly handle more types.
1175 		 */
1176 	    switch (gettype(name)) {
1177 	    case OPT_TYPE_BOOLEAN:
1178 		if (value != NULL && strcasecmp(value, "false") == 0) {
1179 		    *name = '\0';
1180 		}
1181 		if (value != NULL)
1182 		    sa_free_attr_string(value);
1183 		value = NULL;
1184 		break;
1185 	    case OPT_TYPE_ACCLIST:
1186 		if (value != NULL && strcmp(value, "*") == 0) {
1187 		    sa_free_attr_string(value);
1188 		    value = NULL;
1189 		} else {
1190 		    if (value != NULL)
1191 			len += 1 + strlen(value);
1192 		}
1193 		break;
1194 	    case OPT_TYPE_LOGTAG:
1195 		if (value != NULL && strlen(value) == 0) {
1196 		    sa_free_attr_string(value);
1197 		    value = NULL;
1198 		} else {
1199 		    if (value != NULL)
1200 			len += 1 + strlen(value);
1201 		}
1202 		break;
1203 	    default:
1204 		if (value != NULL)
1205 		    len += 1 + strlen(value);
1206 		break;
1207 	    }
1208 	    while (buffsize <= (curlen + len)) {
1209 		/* need more room */
1210 		buffsize += incr;
1211 		buff = realloc(buff, buffsize);
1212 		if (buff == NULL) {
1213 		    /* realloc failed so free everything */
1214 		    if (*rbuff != NULL)
1215 			free(*rbuff);
1216 		}
1217 		*rbuff = buff;
1218 		*rbuffsize = buffsize;
1219 		if (buff == NULL) {
1220 		    return;
1221 		}
1222 	    }
1223 	    if (buff == NULL)
1224 		return;
1225 	    if (value == NULL)
1226 		(void) snprintf(buff + curlen, buffsize - curlen,
1227 				"%s%s", sep ? "," : "",
1228 				name, value != NULL ? value : "");
1229 	    else
1230 		(void) snprintf(buff + curlen, buffsize - curlen,
1231 				"%s%s=%s", sep ? "," : "",
1232 				name, value != NULL ? value : "");
1233 	}
1234 	if (name != NULL)
1235 	    sa_free_attr_string(name);
1236 	if (value != NULL)
1237 	    sa_free_attr_string(value);
1238 }
1239 
1240 /*
1241  * nfs_format_options(group, hier)
1242  *
1243  * format all the options on the group into an old-style option
1244  * string. If hier is non-zero, walk up the tree to get inherited
1245  * options.
1246  */
1247 
1248 static char *
1249 nfs_format_options(sa_group_t group, int hier)
1250 {
1251 	sa_optionset_t options = NULL;
1252 	sa_optionset_t secoptions;
1253 	sa_property_t prop, secprop;
1254 	sa_security_t security;
1255 	char *buff;
1256 	size_t buffsize;
1257 
1258 	options = sa_get_derived_optionset(group, "nfs", hier);
1259 
1260 	/*
1261 	 * have a an optionset relative to this item, if any. format
1262 	 * these then add any security definitions.
1263 	 */
1264 	buff = malloc(OPT_CHUNK);
1265 	if (buff != NULL) {
1266 	    int sep = 0;
1267 	    buff[0] = '\0';
1268 	    buffsize = OPT_CHUNK;
1269 		/*
1270 		 * do the default set first but skip any option that is also
1271 		 * in the protocol specific optionset.
1272 		 */
1273 	    if (options != NULL) {
1274 		for (prop = sa_get_property(options, NULL); prop != NULL;
1275 			prop = sa_get_next_property(prop)) {
1276 			/*
1277 			 * use this one since we skipped any of these that
1278 			 * were also in optdefault
1279 			 */
1280 		    nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, prop, sep);
1281 		    if (buff == NULL) {
1282 			/*
1283 			 * buff could become NULL if there isn't
1284 			 * enough memory for nfs_sprint_option to
1285 			 * realloc() as necessary. We can't really do
1286 			 * anything about it at this point so we
1287 			 * return NULL.  The caller should handle the
1288 			 * failure. Note that this
1289 			 */
1290 			return (buff);
1291 		    }
1292 		    sep = 1;
1293 		}
1294 	    }
1295 	    secoptions = (sa_optionset_t)sa_get_all_security_types(group,
1296 								"nfs", hier);
1297 	    if (secoptions != NULL) {
1298 		for (secprop = sa_get_property(secoptions, NULL);
1299 		    secprop != NULL; secprop = sa_get_next_property(secprop)) {
1300 		    char *sectype;
1301 
1302 		    sectype = sa_get_property_attr(secprop, "type");
1303 		    security = (sa_security_t)sa_get_derived_security(group,
1304 								sectype,
1305 								"nfs", hier);
1306 		    if (security != NULL) {
1307 			if (sectype != NULL) {
1308 			    prop = sa_create_property("sec", sectype);
1309 			    nfs_sprint_option(&buff, &buffsize, OPT_CHUNK,
1310 						prop, sep);
1311 			    (void) sa_remove_property(prop);
1312 			sep = 1;
1313 			}
1314 			for (prop = sa_get_property(security, NULL);
1315 			    prop != NULL;
1316 			    prop = sa_get_next_property(prop)) {
1317 
1318 			    nfs_sprint_option(&buff, &buffsize, OPT_CHUNK,
1319 						prop, sep);
1320 			    if (buff == NULL) {
1321 				/* catastrophic memory failure */
1322 				sa_free_derived_optionset(secoptions);
1323 				if (security != NULL)
1324 				    sa_free_derived_optionset(security);
1325 				if (sectype != NULL)
1326 				    sa_free_attr_string(sectype);
1327 				if (options != NULL)
1328 				    sa_free_derived_optionset(options);
1329 				return (buff);
1330 			    }
1331 			    sep = 1;
1332 			}
1333 			sa_free_derived_optionset(security);
1334 		    }
1335 		    if (sectype != NULL)
1336 			sa_free_attr_string(sectype);
1337 		}
1338 		sa_free_derived_optionset(secoptions);
1339 	    }
1340 	}
1341 	if (options != NULL)
1342 	    sa_free_derived_optionset(options);
1343 	return (buff);
1344 }
1345 /*
1346  * Append an entry to the nfslogtab file
1347  */
1348 static int
1349 nfslogtab_add(dir, buffer, tag)
1350 	char *dir, *buffer, *tag;
1351 {
1352 	FILE *f;
1353 	struct logtab_ent lep;
1354 	int error = 0;
1355 
1356 	/*
1357 	 * Open the file for update and create it if necessary.
1358 	 * This may leave the I/O offset at the end of the file,
1359 	 * so rewind back to the beginning of the file.
1360 	 */
1361 	f = fopen(NFSLOGTAB, "a+");
1362 	if (f == NULL) {
1363 		error = errno;
1364 		goto out;
1365 	}
1366 	rewind(f);
1367 
1368 	if (lockf(fileno(f), F_LOCK, 0L) < 0) {
1369 		(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1370 			"share complete, however failed to lock %s "
1371 			"for update: %s\n"), NFSLOGTAB, strerror(errno));
1372 		error = -1;
1373 		goto out;
1374 	}
1375 
1376 	if (logtab_deactivate_after_boot(f) == -1) {
1377 		(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1378 			"share complete, however could not deactivate "
1379 			"entries in %s\n"), NFSLOGTAB);
1380 		error = -1;
1381 		goto out;
1382 	}
1383 
1384 	/*
1385 	 * Remove entries matching buffer and sharepoint since we're
1386 	 * going to replace it with perhaps an entry with a new tag.
1387 	 */
1388 	if (logtab_rement(f, buffer, dir, NULL, -1)) {
1389 		(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1390 			"share complete, however could not remove matching "
1391 			"entries in %s\n"), NFSLOGTAB);
1392 		error = -1;
1393 		goto out;
1394 	}
1395 
1396 	/*
1397 	 * Deactivate all active entries matching this sharepoint
1398 	 */
1399 	if (logtab_deactivate(f, NULL, dir, NULL)) {
1400 		(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1401 			"share complete, however could not deactivate matching "
1402 			"entries in %s\n"), NFSLOGTAB);
1403 		error = -1;
1404 		goto out;
1405 	}
1406 
1407 	lep.le_buffer = buffer;
1408 	lep.le_path = dir;
1409 	lep.le_tag = tag;
1410 	lep.le_state = LES_ACTIVE;
1411 
1412 	/*
1413 	 * Add new sharepoint / buffer location to nfslogtab
1414 	 */
1415 	if (logtab_putent(f, &lep) < 0) {
1416 		(void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1417 			"share complete, however could not add %s to %s\n"),
1418 			dir, NFSLOGTAB);
1419 		error = -1;
1420 	}
1421 
1422 out:
1423 	if (f != NULL)
1424 		(void) fclose(f);
1425 	return (error);
1426 }
1427 
1428 /*
1429  * Deactivate an entry from the nfslogtab file
1430  */
1431 static int
1432 nfslogtab_deactivate(path)
1433 	char *path;
1434 {
1435 	FILE *f;
1436 	int error = 0;
1437 
1438 	f = fopen(NFSLOGTAB, "r+");
1439 	if (f == NULL) {
1440 		error = errno;
1441 		goto out;
1442 	}
1443 	if (lockf(fileno(f), F_LOCK, 0L) < 0) {
1444 		error = errno;
1445 		(void)  fprintf(stderr, dgettext(TEXT_DOMAIN,
1446 			"share complete, however could not lock %s for "
1447 			"update: %s\n"), NFSLOGTAB, strerror(error));
1448 		goto out;
1449 	}
1450 	if (logtab_deactivate(f, NULL, path, NULL) == -1) {
1451 		error = -1;
1452 		(void) fprintf(stderr,
1453 			dgettext(TEXT_DOMAIN,
1454 				"share complete, however could not "
1455 				"deactivate %s in %s\n"), path, NFSLOGTAB);
1456 		goto out;
1457 	}
1458 
1459 out:	if (f != NULL)
1460 		(void) fclose(f);
1461 
1462 	return (error);
1463 }
1464 
1465 /*
1466  * public_exists(share)
1467  *
1468  * check to see if public option is set on any other share than the
1469  * one specified.
1470  */
1471 static int
1472 public_exists(sa_share_t skipshare)
1473 {
1474 	sa_share_t share;
1475 	sa_group_t group;
1476 	sa_optionset_t opt;
1477 	sa_property_t prop;
1478 	int exists = 0;
1479 	sa_handle_t handle;
1480 
1481 	group = sa_get_parent_group(skipshare);
1482 	if (group == NULL)
1483 	    return (SA_NO_SUCH_GROUP);
1484 
1485 	handle = sa_find_group_handle(group);
1486 	if (handle == NULL)
1487 	    return (SA_SYSTEM_ERR);
1488 
1489 	for (group = sa_get_group(handle, NULL); group != NULL;
1490 	    group = sa_get_next_group(group)) {
1491 	    for (share = sa_get_share(group, NULL); share != NULL;
1492 		share = sa_get_next_share(share)) {
1493 		if (share == skipshare)
1494 		    continue;
1495 		opt = sa_get_optionset(share, "nfs");
1496 		if (opt != NULL) {
1497 		    prop = sa_get_property(opt, "public");
1498 		    if (prop != NULL) {
1499 			char *shared;
1500 			shared = sa_get_share_attr(share, "shared");
1501 			if (shared != NULL) {
1502 			    exists = strcmp(shared, "true") == 0;
1503 			    sa_free_attr_string(shared);
1504 			    goto out;
1505 			}
1506 		    }
1507 		}
1508 	    }
1509 	}
1510 out:
1511 	return (exists);
1512 }
1513 
1514 /*
1515  * sa_enable_share at the protocol level, enable_share must tell the
1516  * implementation that it is to enable the share. This entails
1517  * converting the path and options into the appropriate ioctl
1518  * calls. It is assumed that all error checking of paths, etc. were
1519  * done earlier.
1520  */
1521 static int
1522 nfs_enable_share(sa_share_t share)
1523 {
1524 	struct exportdata export;
1525 	sa_optionset_t secoptlist;
1526 	struct secinfo *sp;
1527 	int num_secinfo;
1528 	sa_optionset_t opt;
1529 	sa_security_t sec;
1530 	sa_property_t prop;
1531 	char *path;
1532 	int err = SA_OK;
1533 
1534 	/* Don't drop core if the NFS module isn't loaded. */
1535 	(void) signal(SIGSYS, SIG_IGN);
1536 
1537 	/* get the path since it is important in several places */
1538 	path = sa_get_share_attr(share, "path");
1539 	if (path == NULL)
1540 	    return (SA_NO_SUCH_PATH);
1541 
1542 	/*
1543 	 * find the optionsets and security sets.  There may not be
1544 	 * any or there could be one or two for each of optionset and
1545 	 * security may have multiple, one per security type per
1546 	 * protocol type.
1547 	 */
1548 	opt = sa_get_derived_optionset(share, "nfs", 1);
1549 	secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1);
1550 	if (secoptlist != NULL)
1551 	    num_secinfo = MAX(1, count_security(secoptlist));
1552 	else
1553 	    num_secinfo = 1;
1554 
1555 	/*
1556 	 * walk through the options and fill in the structure
1557 	 * appropriately.
1558 	 */
1559 
1560 	(void) memset(&export, '\0', sizeof (export));
1561 
1562 	/*
1563 	 * do non-security options first since there is only one after
1564 	 * the derived group is constructed.
1565 	 */
1566 	export.ex_version = EX_CURRENT_VERSION;
1567 	export.ex_anon = UID_NOBODY; /* this is our default value */
1568 	export.ex_index = NULL;
1569 	export.ex_path = path;
1570 	export.ex_pathlen = strlen(path) + 1;
1571 
1572 	sp = calloc(num_secinfo, sizeof (struct secinfo));
1573 
1574 	if (opt != NULL)
1575 	    err = fill_export_from_optionset(&export, opt);
1576 
1577 	/*
1578 	 * check to see if "public" is set. If it is, then make sure
1579 	 * no other share has it set. If it is already used, fail.
1580 	 */
1581 
1582 	if (export.ex_flags & EX_PUBLIC && public_exists(share)) {
1583 	    (void) printf(dgettext(TEXT_DOMAIN,
1584 					"NFS: Cannot share more than one file "
1585 			    "system with 'public' property\n"));
1586 	    err = SA_NOT_ALLOWED;
1587 	    goto out;
1588 	}
1589 
1590 	if (sp == NULL) {
1591 		/* failed to alloc memory */
1592 	    (void) printf("NFS: no memory for security\n");
1593 	    err = SA_NO_MEMORY;
1594 	} else {
1595 	    int i;
1596 	    export.ex_secinfo = sp;
1597 	    /* get default secinfo */
1598 	    export.ex_seccnt = num_secinfo;
1599 		/*
1600 		 * since we must have one security option defined, we
1601 		 * init to the default and then override as we find
1602 		 * defined security options. This handles the case
1603 		 * where we have no defined options but we need to set
1604 		 * up one.
1605 		 */
1606 	    sp[0].s_window = DEF_WIN;
1607 	    sp[0].s_rootnames = NULL;
1608 	    /* setup a default in case no properties defined */
1609 	    if (nfs_getseconfig_default(&sp[0].s_secinfo)) {
1610 		(void) printf(dgettext(TEXT_DOMAIN,
1611 				    "NFS: nfs_getseconfig_default: failed to "
1612 				    "get default security mode\n"));
1613 		err = SA_CONFIG_ERR;
1614 	    }
1615 	    if (secoptlist != NULL) {
1616 		for (i = 0, prop = sa_get_property(secoptlist, NULL);
1617 		    prop != NULL && i < num_secinfo;
1618 		    prop = sa_get_next_property(prop), i++) {
1619 		    char *sectype;
1620 
1621 		    sectype = sa_get_property_attr(prop, "type");
1622 		    /* if sectype is NULL, we can't do anything so skip */
1623 		    if (sectype == NULL)
1624 			continue;
1625 		    sec = (sa_security_t)sa_get_derived_security(share,
1626 								sectype,
1627 								"nfs", 1);
1628 		    sp[i].s_window = DEF_WIN;
1629 		    sp[i].s_rootcnt = 0;
1630 		    sp[i].s_rootnames = NULL;
1631 
1632 		    (void) fill_security_from_secopts(&sp[i], sec);
1633 		    if (sec != NULL)
1634 			sa_free_derived_security(sec);
1635 		    if (sectype != NULL)
1636 			sa_free_attr_string(sectype);
1637 		}
1638 	    }
1639 		/*
1640 		 * when we get here, we can do the exportfs system call and
1641 		 * initiate thinsg. We probably want to enable the nfs.server
1642 		 * service first if it isn't running within SMF.
1643 		 */
1644 		/* check nfs.server status and start if needed */
1645 
1646 		/* now add the share to the internal tables */
1647 	    printarg(path, &export);
1648 		/*
1649 		 * call the exportfs system call which is implemented
1650 		 * via the nfssys() call as the EXPORTFS subfunction.
1651 		 */
1652 	    if ((err = exportfs(path, &export)) < 0) {
1653 		err = SA_SYSTEM_ERR;
1654 		switch (errno) {
1655 		case EREMOTE:
1656 		    (void) printf(dgettext(TEXT_DOMAIN,
1657 						"NFS: Cannot share remote file"
1658 						"system: %s\n"),
1659 					path);
1660 		    break;
1661 		case EPERM:
1662 		    if (getzoneid() != GLOBAL_ZONEID) {
1663 			(void) printf(dgettext(TEXT_DOMAIN,
1664 					"NFS: Cannot share file systems "
1665 					"in non-global zones: %s\n"), path);
1666 			err = SA_NOT_SUPPORTED;
1667 			break;
1668 		    }
1669 		    err = SA_NO_PERMISSION;
1670 		    /* FALLTHROUGH */
1671 		default:
1672 		    break;
1673 		}
1674 	    } else {
1675 		/* update sharetab with an add/modify */
1676 		(void) sa_update_sharetab(share, "nfs");
1677 	    }
1678 	}
1679 
1680 	if (err == SA_OK) {
1681 		/*
1682 		 * enable services as needed. This should probably be
1683 		 * done elsewhere in order to minimize the calls to
1684 		 * check services.
1685 		 */
1686 		/*
1687 		 * check to see if logging and other services need to
1688 		 * be triggered, but only if there wasn't an
1689 		 * error. This is probably where sharetab should be
1690 		 * updated with the NFS specific entry.
1691 		 */
1692 	    if (export.ex_flags & EX_LOG) {
1693 		/* enable logging */
1694 		if (nfslogtab_add(path, export.ex_log_buffer,
1695 		    export.ex_tag) != 0) {
1696 		    (void) fprintf(stderr,
1697 				dgettext(TEXT_DOMAIN,
1698 					"Could not enable logging for %s\n"),
1699 				path);
1700 		}
1701 		_check_services(service_list_logging);
1702 	    } else {
1703 		/*
1704 		 * don't have logging so remove it from file. It might
1705 		 * not be thre, but that doesn't matter.
1706 		 */
1707 		(void) nfslogtab_deactivate(path);
1708 		_check_services(service_list_default);
1709 	    }
1710 	}
1711 
1712 out:
1713 	if (path != NULL)
1714 	    free(path);
1715 
1716 	cleanup_export(&export);
1717 	if (opt != NULL)
1718 	    sa_free_derived_optionset(opt);
1719 	if (secoptlist != NULL)
1720 	    (void) sa_destroy_optionset(secoptlist);
1721 	return (err);
1722 }
1723 
1724 /*
1725  * nfs_disable_share(share)
1726  *
1727  * Unshare the specified share.  How much error checking should be
1728  * done? We only do basic errors for now.
1729  */
1730 static int
1731 nfs_disable_share(char *share)
1732 {
1733 	int err;
1734 	int ret = SA_OK;
1735 
1736 	if (share != NULL) {
1737 	    err = exportfs(share, NULL);
1738 	    if (err < 0) {
1739 		/* TBD: only an error in some cases - need better analysis */
1740 		switch (errno) {
1741 		case EPERM:
1742 		case EACCES:
1743 		    ret = SA_NO_PERMISSION;
1744 		    if (getzoneid() != GLOBAL_ZONEID) {
1745 			ret = SA_NOT_SUPPORTED;
1746 		    }
1747 		    break;
1748 		case EINVAL:
1749 		case ENOENT:
1750 		    ret = SA_NO_SUCH_PATH;
1751 		    break;
1752 		default:
1753 		    ret = SA_SYSTEM_ERR;
1754 		    break;
1755 		}
1756 	    }
1757 	    if (ret == SA_OK || ret == SA_NO_SUCH_PATH) {
1758 		(void) sa_delete_sharetab(share, "nfs");
1759 		/* just in case it was logged */
1760 		(void) nfslogtab_deactivate(share);
1761 	    }
1762 	}
1763 	return (ret);
1764 }
1765 
1766 /*
1767  * check ro vs rw values.  Over time this may get beefed up.
1768  * for now it just does simple checks.
1769  */
1770 
1771 static int
1772 check_rorw(char *v1, char *v2)
1773 {
1774 	int ret = SA_OK;
1775 	if (strcmp(v1, v2) == 0)
1776 	    ret = SA_VALUE_CONFLICT;
1777 	return (ret);
1778 }
1779 
1780 /*
1781  * nfs_validate_property(property, parent)
1782  *
1783  * Check that the property has a legitimate value for its type.
1784  */
1785 
1786 static int
1787 nfs_validate_property(sa_property_t property, sa_optionset_t parent)
1788 {
1789 	int ret = SA_OK;
1790 	char *propname;
1791 	char *other;
1792 	int optindex;
1793 	nfsl_config_t *configlist;
1794 	sa_group_t parent_group;
1795 	char *value;
1796 
1797 	propname = sa_get_property_attr(property, "type");
1798 
1799 	if ((optindex = findopt(propname)) < 0)
1800 	    ret = SA_NO_SUCH_PROP;
1801 
1802 	/* need to validate value range here as well */
1803 
1804 	if (ret == SA_OK) {
1805 	    parent_group = sa_get_parent_group((sa_share_t)parent);
1806 	    if (optdefs[optindex].share && !sa_is_share(parent_group)) {
1807 		ret = SA_PROP_SHARE_ONLY;
1808 	    }
1809 	}
1810 	if (ret == SA_OK) {
1811 	    value = sa_get_property_attr(property, "value");
1812 	    if (value != NULL) {
1813 		/* first basic type checking */
1814 		switch (optdefs[optindex].type) {
1815 		case OPT_TYPE_NUMBER:
1816 		    /* check that the value is all digits */
1817 		    if (!is_a_number(value))
1818 			ret = SA_BAD_VALUE;
1819 		    break;
1820 		case OPT_TYPE_BOOLEAN:
1821 		    if (strlen(value) == 0 ||
1822 			strcasecmp(value, "true") == 0 ||
1823 			strcmp(value, "1") == 0 ||
1824 			strcasecmp(value, "false") == 0 ||
1825 			strcmp(value, "0") == 0) {
1826 			ret = SA_OK;
1827 		    } else {
1828 			ret = SA_BAD_VALUE;
1829 		    }
1830 		    break;
1831 		case OPT_TYPE_USER:
1832 		    if (!is_a_number(value)) {
1833 			struct passwd *pw;
1834 			/* in this case it would have to be a user name */
1835 			pw = getpwnam(value);
1836 			if (pw == NULL)
1837 			    ret = SA_BAD_VALUE;
1838 			endpwent();
1839 		    } else {
1840 			uint64_t intval;
1841 			intval = strtoull(value, NULL, 0);
1842 			if (intval > UID_MAX && intval != ~0)
1843 			    ret = SA_BAD_VALUE;
1844 		    }
1845 		    break;
1846 		case OPT_TYPE_FILE:
1847 		    if (strcmp(value, "..") == 0 ||
1848 			strchr(value, '/') != NULL) {
1849 			ret = SA_BAD_VALUE;
1850 		    }
1851 		    break;
1852 		case OPT_TYPE_ACCLIST:
1853 			/*
1854 			 * access list handling. Should eventually
1855 			 * validate that all the values make sense.
1856 			 * Also, ro and rw may have cross value
1857 			 * conflicts.
1858 			 */
1859 		    if (strcmp(propname, SHOPT_RO) == 0)
1860 			other = SHOPT_RW;
1861 		    else if (strcmp(propname, SHOPT_RW) == 0)
1862 			other = SHOPT_RO;
1863 		    else
1864 			other = NULL;
1865 		    if (other != NULL && parent != NULL) {
1866 			/* compare rw(ro) with ro(rw) */
1867 			sa_property_t oprop;
1868 			oprop = sa_get_property(parent, other);
1869 			if (oprop != NULL) {
1870 			    /* only potential confusion if other exists */
1871 			    char *ovalue;
1872 			    ovalue = sa_get_property_attr(oprop, "value");
1873 			    if (ovalue != NULL) {
1874 				ret = check_rorw(value, ovalue);
1875 				sa_free_attr_string(ovalue);
1876 			    }
1877 			}
1878 		    }
1879 		    break;
1880 		case OPT_TYPE_LOGTAG:
1881 		    if (nfsl_getconfig_list(&configlist) == 0) {
1882 			int error;
1883 			if (value == NULL || strlen(value) == 0) {
1884 			    if (value != NULL)
1885 				sa_free_attr_string(value);
1886 			    value = strdup("global");
1887 			}
1888 			if (nfsl_findconfig(configlist, value, &error) == NULL)
1889 			    ret = SA_BAD_VALUE;
1890 			nfsl_freeconfig_list(&configlist);
1891 		    } else {
1892 			ret = SA_CONFIG_ERR;
1893 		    }
1894 		    break;
1895 		case OPT_TYPE_STRING:
1896 		    /* whatever is here should be ok */
1897 		    break;
1898 		case OPT_TYPE_SECURITY:
1899 			/*
1900 			 * The "sec" property isn't used in the
1901 			 * non-legacy parts of sharemgr. We need to
1902 			 * reject it here. For legacy, it is pulled
1903 			 * out well before we get here.
1904 			 */
1905 		    ret = SA_NO_SUCH_PROP;
1906 		    break;
1907 		default:
1908 		    break;
1909 		}
1910 		sa_free_attr_string(value);
1911 		if (ret == SA_OK && optdefs[optindex].check != NULL) {
1912 		    /* do the property specific check */
1913 		    ret = optdefs[optindex].check(property);
1914 		}
1915 	    }
1916 	}
1917 
1918 	if (propname != NULL)
1919 	    sa_free_attr_string(propname);
1920 	return (ret);
1921 }
1922 
1923 /*
1924  * Protocol management functions
1925  *
1926  * Properties defined in the default files are defined in
1927  * proto_option_defs for parsing and validation. If "other" and
1928  * "compare" are set, then the value for this property should be
1929  * compared against the property specified in "other" using the
1930  * "compare" check (either <= or >=) in order to ensure that the
1931  * values are in the correct range.  E.g. setting server_versmin
1932  * higher than server_versmax should not be allowed.
1933  */
1934 
1935 struct proto_option_defs {
1936 	char *tag;
1937 	char *name;	/* display name -- remove protocol identifier */
1938 	int index;
1939 	int type;
1940 	union {
1941 	    int intval;
1942 	    char *string;
1943 	} defvalue;
1944 	uint32_t svcs;
1945 	int32_t minval;
1946 	int32_t maxval;
1947 	char *file;
1948 	char *other;
1949 	int compare;
1950 #define	OPT_CMP_GE	0
1951 #define	OPT_CMP_LE	1
1952 	int (*check)(char *);
1953 } proto_options[] = {
1954 #define	PROTO_OPT_NFSD_SERVERS			0
1955 	{"nfsd_servers",
1956 	    "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD,
1957 	    1, INT32_MAX, NFSADMIN},
1958 #define	PROTO_OPT_LOCKD_LISTEN_BACKLOG		1
1959 	{"lockd_listen_backlog",
1960 	    "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG,
1961 	    OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX, NFSADMIN},
1962 #define	PROTO_OPT_LOCKD_SERVERS			2
1963 	{"lockd_servers",
1964 	    "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20,
1965 	    SVC_LOCKD, 1, INT32_MAX, NFSADMIN},
1966 #define	PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT	3
1967 	{"lockd_retransmit_timeout",
1968 	    "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT,
1969 	    OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX, NFSADMIN},
1970 #define	PROTO_OPT_GRACE_PERIOD			4
1971 	{"grace_period",
1972 	    "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90,
1973 	    SVC_LOCKD, 0, INT32_MAX, NFSADMIN},
1974 #define	PROTO_OPT_NFS_SERVER_VERSMIN		5
1975 	{"nfs_server_versmin",
1976 	    "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER,
1977 	    (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN,
1978 	    NFS_VERSMAX, NFSADMIN, "server_versmax", OPT_CMP_LE},
1979 #define	PROTO_OPT_NFS_SERVER_VERSMAX		6
1980 	{"nfs_server_versmax",
1981 	    "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER,
1982 	    (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN,
1983 	    NFS_VERSMAX, NFSADMIN, "server_versmin", OPT_CMP_GE},
1984 #define	PROTO_OPT_NFS_CLIENT_VERSMIN		7
1985 	{"nfs_client_versmin",
1986 	    "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER,
1987 	    (int)NFS_VERSMIN_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX,
1988 	    NFSADMIN, "client_versmax", OPT_CMP_LE},
1989 #define	PROTO_OPT_NFS_CLIENT_VERSMAX		8
1990 	{"nfs_client_versmax",
1991 	    "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER,
1992 	    (int)NFS_VERSMAX_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX,
1993 	    NFSADMIN, "client_versmin", OPT_CMP_GE},
1994 #define	PROTO_OPT_NFS_SERVER_DELEGATION		9
1995 	{"nfs_server_delegation",
1996 	    "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION,
1997 	    OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0,
1998 	    NFSADMIN},
1999 #define	PROTO_OPT_NFSMAPID_DOMAIN		10
2000 	{"nfsmapid_domain",
2001 	    "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN,
2002 	    NULL, SVC_NFSMAPID, 0, 0, NFSADMIN},
2003 #define	PROTO_OPT_NFSD_MAX_CONNECTIONS		11
2004 	{"nfsd_max_connections",
2005 	    "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS,
2006 	    OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX, NFSADMIN},
2007 #define	PROTO_OPT_NFSD_PROTOCOL			12
2008 	{"nfsd_protocol",
2009 	    "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0,
2010 	    SVC_NFSD, 0, 0, NFSADMIN},
2011 #define	PROTO_OPT_NFSD_LISTEN_BACKLOG		13
2012 	{"nfsd_listen_backlog",
2013 	    "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG,
2014 	    OPT_TYPE_NUMBER, 0,
2015 	    SVC_LOCKD, 0, INT32_MAX, NFSADMIN},
2016 	{NULL}
2017 };
2018 
2019 /*
2020  * the protoset holds the defined options so we don't have to read
2021  * them multiple times
2022  */
2023 sa_protocol_properties_t protoset;
2024 
2025 static int
2026 findprotoopt(char *name, int whichname)
2027 {
2028 	int i;
2029 	for (i = 0; proto_options[i].tag != NULL; i++) {
2030 	    if (whichname == 1) {
2031 		if (strcasecmp(proto_options[i].name, name) == 0)
2032 			return (i);
2033 	    } else {
2034 		if (strcasecmp(proto_options[i].tag, name) == 0)
2035 			return (i);
2036 	    }
2037 	}
2038 	return (-1);
2039 }
2040 
2041 /*
2042  * fixcaselower(str)
2043  *
2044  * convert a string to lower case (inplace).
2045  */
2046 
2047 static void
2048 fixcaselower(char *str)
2049 {
2050 	while (*str) {
2051 	    *str = tolower(*str);
2052 	    str++;
2053 	}
2054 }
2055 
2056 /*
2057  * fixcaseupper(str)
2058  *
2059  * convert a string to upper case (inplace).
2060  */
2061 
2062 static void
2063 fixcaseupper(char *str)
2064 {
2065 	while (*str) {
2066 	    *str = toupper(*str);
2067 	    str++;
2068 	}
2069 }
2070 
2071 /*
2072  * initprotofromdefault()
2073  *
2074  * read the default file(s) and add the defined values to the
2075  * protoset.  Note that default values are known from the built in
2076  * table in case the file doesn't have a definition.
2077  */
2078 
2079 static int
2080 initprotofromdefault()
2081 {
2082 	FILE *nfs;
2083 	char buff[BUFSIZ];
2084 	char *name;
2085 	char *value;
2086 	sa_property_t prop;
2087 	int index;
2088 
2089 	protoset = sa_create_protocol_properties("nfs");
2090 
2091 	if (protoset != NULL) {
2092 	    nfs = fopen(NFSADMIN, "r");
2093 	    if (nfs != NULL) {
2094 		while (fgets(buff, sizeof (buff), nfs) != NULL) {
2095 		    switch (buff[0]) {
2096 		    case '\n':
2097 		    case '#':
2098 			/* skip */
2099 			break;
2100 		    default:
2101 			name = buff;
2102 			buff[strlen(buff) - 1] = '\0';
2103 			value = strchr(name, '=');
2104 			if (value != NULL) {
2105 			    *value++ = '\0';
2106 			    if ((index = findprotoopt(name, 0)) >= 0) {
2107 				fixcaselower(name);
2108 				prop = sa_create_property(
2109 					proto_options[index].name,
2110 					value);
2111 				(void) sa_add_protocol_property(protoset, prop);
2112 			    }
2113 			}
2114 		    }
2115 		}
2116 		if (nfs != NULL)
2117 		    (void) fclose(nfs);
2118 	    }
2119 	}
2120 	if (protoset == NULL)
2121 	    return (SA_NO_MEMORY);
2122 	return (SA_OK);
2123 }
2124 
2125 /*
2126  * add_default()
2127  *
2128  * Add the default values for any property not defined in the parsing
2129  * of the default files. Values are set according to their defined
2130  * types.
2131  */
2132 
2133 static void
2134 add_defaults()
2135 {
2136 	int i;
2137 	char number[MAXDIGITS];
2138 
2139 	for (i = 0; proto_options[i].tag != NULL; i++) {
2140 	    sa_property_t prop;
2141 	    prop = sa_get_protocol_property(protoset, proto_options[i].name);
2142 	    if (prop == NULL) {
2143 		/* add the default value */
2144 		switch (proto_options[i].type) {
2145 		case OPT_TYPE_NUMBER:
2146 		    (void) snprintf(number, sizeof (number), "%d",
2147 				proto_options[i].defvalue.intval);
2148 		    prop = sa_create_property(proto_options[i].name, number);
2149 		    break;
2150 
2151 		case OPT_TYPE_BOOLEAN:
2152 		    prop = sa_create_property(proto_options[i].name,
2153 					proto_options[i].defvalue.intval ?
2154 					"true" : "false");
2155 		    break;
2156 
2157 		case OPT_TYPE_ONOFF:
2158 		    prop = sa_create_property(proto_options[i].name,
2159 					proto_options[i].defvalue.intval ?
2160 					"on" : "off");
2161 		    break;
2162 
2163 		default:
2164 		    /* treat as strings of zero length */
2165 		    prop = sa_create_property(proto_options[i].name, "");
2166 		    break;
2167 		}
2168 		if (prop != NULL)
2169 		    (void) sa_add_protocol_property(protoset, prop);
2170 	    }
2171 	}
2172 }
2173 
2174 static void
2175 free_protoprops()
2176 {
2177 	xmlFreeNode(protoset);
2178 }
2179 
2180 /*
2181  * nfs_init()
2182  *
2183  * Initialize the NFS plugin.
2184  */
2185 
2186 static int
2187 nfs_init()
2188 {
2189 	int ret = SA_OK;
2190 
2191 	if (sa_plugin_ops.sa_init != nfs_init)
2192 	    (void) printf(dgettext(TEXT_DOMAIN,
2193 				    "NFS plugin not properly initialized\n"));
2194 
2195 	ret = initprotofromdefault();
2196 	add_defaults();
2197 
2198 	return (ret);
2199 }
2200 
2201 /*
2202  * nfs_fini()
2203  *
2204  * uninitialize the NFS plugin. Want to avoid memory leaks.
2205  */
2206 
2207 static void
2208 nfs_fini()
2209 {
2210 	free_protoprops();
2211 }
2212 
2213 /*
2214  * nfs_get_proto_set()
2215  *
2216  * Return an optionset with all the protocol specific properties in
2217  * it.
2218  */
2219 
2220 static sa_protocol_properties_t
2221 nfs_get_proto_set()
2222 {
2223 	return (protoset);
2224 }
2225 
2226 struct deffile {
2227 	struct deffile *next;
2228 	char *line;
2229 };
2230 
2231 /*
2232  * read_default_file(fname)
2233  *
2234  * Read the specified default file. We return a list of entries. This
2235  * get used for adding or removing values.
2236  */
2237 
2238 static struct deffile *
2239 read_default_file(char *fname)
2240 {
2241 	FILE *file;
2242 	struct deffile *defs = NULL;
2243 	struct deffile *newdef;
2244 	struct deffile *prevdef = NULL;
2245 	char buff[BUFSIZ * 2];
2246 
2247 	file = fopen(fname, "r");
2248 	if (file != NULL) {
2249 	    while (fgets(buff, sizeof (buff), file) != NULL) {
2250 		newdef = (struct deffile *)calloc(1, sizeof (struct deffile));
2251 		if (newdef != NULL) {
2252 		    newdef->line = strdup(buff);
2253 		    if (defs == NULL) {
2254 			prevdef = defs = newdef;
2255 		    } else {
2256 			prevdef->next = newdef;
2257 			prevdef = newdef;
2258 		    }
2259 		}
2260 	    }
2261 	}
2262 	(void) fclose(file);
2263 	return (defs);
2264 }
2265 
2266 static void
2267 free_default_file(struct deffile *defs)
2268 {
2269 	struct deffile *curdefs = NULL;
2270 
2271 	while (defs != NULL) {
2272 	    curdefs = defs;
2273 	    defs = defs->next;
2274 	    if (curdefs->line != NULL)
2275 		free(curdefs->line);
2276 	    free(curdefs);
2277 	}
2278 }
2279 
2280 /*
2281  * write_default_file(fname, defs)
2282  *
2283  * Write the default file back.
2284  */
2285 
2286 static int
2287 write_default_file(char *fname, struct deffile *defs)
2288 {
2289 	FILE *file;
2290 	int ret = SA_OK;
2291 	sigset_t old, new;
2292 
2293 	file = fopen(fname, "w+");
2294 	if (file != NULL) {
2295 	    (void) sigprocmask(SIG_BLOCK, NULL, &new);
2296 	    (void) sigaddset(&new, SIGHUP);
2297 	    (void) sigaddset(&new, SIGINT);
2298 	    (void) sigaddset(&new, SIGQUIT);
2299 	    (void) sigaddset(&new, SIGTSTP);
2300 	    (void) sigprocmask(SIG_SETMASK, &new, &old);
2301 	    while (defs != NULL) {
2302 		(void) fputs(defs->line, file);
2303 		defs = defs->next;
2304 	    }
2305 	    (void) fsync(fileno(file));
2306 	    (void) sigprocmask(SIG_SETMASK, &old, NULL);
2307 	    (void) fclose(file);
2308 	} else {
2309 	    switch (errno) {
2310 	    case EPERM:
2311 	    case EACCES:
2312 		ret = SA_NO_PERMISSION;
2313 		break;
2314 	    default:
2315 		ret = SA_SYSTEM_ERR;
2316 	    }
2317 	}
2318 	return (ret);
2319 }
2320 
2321 
2322 /*
2323  * set_default_file_value(tag, value)
2324  *
2325  * Set the default file value for tag to value. Then rewrite the file.
2326  * tag and value are always set.  The caller must ensure this.
2327  */
2328 
2329 #define	MAX_STRING_LENGTH	256
2330 static int
2331 set_default_file_value(char *tag, char *value)
2332 {
2333 	int ret = SA_OK;
2334 	struct deffile *root;
2335 	struct deffile *defs;
2336 	struct deffile *prev;
2337 	char string[MAX_STRING_LENGTH];
2338 	int len;
2339 	int update = 0;
2340 
2341 	(void) snprintf(string, MAX_STRING_LENGTH, "%s=", tag);
2342 	len = strlen(string);
2343 
2344 	root = defs = read_default_file(NFSADMIN);
2345 	if (root == NULL) {
2346 	    if (errno == EPERM || errno == EACCES)
2347 		ret = SA_NO_PERMISSION;
2348 	    else
2349 		ret = SA_SYSTEM_ERR;
2350 	} else {
2351 	    while (defs != NULL) {
2352 		if (defs->line != NULL &&
2353 		    strncasecmp(defs->line, string, len) == 0) {
2354 		    /* replace with the new value */
2355 		    free(defs->line);
2356 		    fixcaseupper(tag);
2357 		    (void) snprintf(string, sizeof (string), "%s=%s\n",
2358 					tag, value);
2359 		    string[MAX_STRING_LENGTH - 1] = '\0';
2360 		    defs->line = strdup(string);
2361 		    update = 1;
2362 		    break;
2363 		}
2364 		defs = defs->next;
2365 	    }
2366 	    if (!update) {
2367 		defs = root;
2368 		/* didn't find, so see if it is a comment */
2369 		(void) snprintf(string, MAX_STRING_LENGTH, "#%s=", tag);
2370 		len = strlen(string);
2371 		while (defs != NULL) {
2372 		    if (strncasecmp(defs->line, string, len) == 0) {
2373 			/* replace with the new value */
2374 			free(defs->line);
2375 			fixcaseupper(tag);
2376 			(void) snprintf(string, sizeof (string),
2377 				    "%s=%s\n", tag, value);
2378 			string[MAX_STRING_LENGTH - 1] = '\0';
2379 			defs->line = strdup(string);
2380 			update = 1;
2381 			break;
2382 		    }
2383 		    defs = defs->next;
2384 		}
2385 	    }
2386 	    if (!update) {
2387 		fixcaseupper(tag);
2388 		(void) snprintf(string, sizeof (string), "%s=%s\n",
2389 					tag, value);
2390 		prev = root;
2391 		while (prev->next != NULL)
2392 		    prev = prev->next;
2393 		defs = malloc(sizeof (struct deffile));
2394 		prev->next = defs;
2395 		if (defs != NULL) {
2396 		    defs->next = NULL;
2397 		    defs->line = strdup(string);
2398 		}
2399 	    }
2400 	    if (update) {
2401 		ret = write_default_file(NFSADMIN, root);
2402 	    }
2403 	    free_default_file(root);
2404 	}
2405 	return (ret);
2406 }
2407 
2408 /*
2409  * service_in_state(service, chkstate)
2410  *
2411  * Want to know if the specified service is in the desired state
2412  * (chkstate) or not. Return true (1) if it is and false (0) if it
2413  * isn't.
2414  */
2415 static int
2416 service_in_state(char *service, const char *chkstate)
2417 {
2418 	char *state;
2419 	int ret = B_FALSE;
2420 
2421 	state = smf_get_state(service);
2422 	if (state != NULL) {
2423 	    /* got the state so get the equality for the return value */
2424 	    ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE;
2425 	    free(state);
2426 	}
2427 	return (ret);
2428 }
2429 
2430 /*
2431  * restart_service(svcs)
2432  *
2433  * Walk through the bit mask of services that need to be restarted in
2434  * order to use the new property values. Some properties affect
2435  * multiple daemons. Should only restart a service if it is currently
2436  * enabled (online).
2437  */
2438 
2439 static void
2440 restart_service(uint32_t svcs)
2441 {
2442 	uint32_t mask;
2443 	int ret;
2444 	char *service;
2445 
2446 	for (mask = 1; svcs != 0; mask <<= 1) {
2447 	    switch (svcs & mask) {
2448 	    case SVC_LOCKD:
2449 		service = LOCKD;
2450 		break;
2451 	    case SVC_STATD:
2452 		service = STATD;
2453 		break;
2454 	    case SVC_NFSD:
2455 		service = NFSD;
2456 		break;
2457 	    case SVC_MOUNTD:
2458 		service = MOUNTD;
2459 		break;
2460 	    case SVC_NFS4CBD:
2461 		service = NFS4CBD;
2462 		break;
2463 	    case SVC_NFSMAPID:
2464 		service = NFSMAPID;
2465 		break;
2466 	    case SVC_RQUOTAD:
2467 		service = RQUOTAD;
2468 		break;
2469 	    case SVC_NFSLOGD:
2470 		service = NFSLOGD;
2471 		break;
2472 	    default:
2473 		continue;
2474 	    }
2475 
2476 		/*
2477 		 * Only attempt to restart the service if it is
2478 		 * currently running. In the future, it may be
2479 		 * desirable to use smf_refresh_instance if the NFS
2480 		 * services ever implement the refresh method.
2481 		 */
2482 	    if (service_in_state(service, SCF_STATE_STRING_ONLINE)) {
2483 		ret = smf_restart_instance(service);
2484 		/*
2485 		 * There are only a few SMF errors at this point, but
2486 		 * it is also possible that a bad value may have put
2487 		 * the service into maintenance if there wasn't an
2488 		 * SMF level error.
2489 		 */
2490 		if (ret != 0) {
2491 		    (void) fprintf(stderr,
2492 				dgettext(TEXT_DOMAIN,
2493 					"%s failed to restart: %s\n"),
2494 				scf_strerror(scf_error()));
2495 		} else {
2496 			/*
2497 			 * Check whether it has gone to "maintenance"
2498 			 * mode or not. Maintenance implies something
2499 			 * went wrong.
2500 			 */
2501 		    if (service_in_state(service, SCF_STATE_STRING_MAINT)) {
2502 			(void) fprintf(stderr,
2503 					dgettext(TEXT_DOMAIN,
2504 						"%s failed to restart\n"),
2505 					service);
2506 		    }
2507 		}
2508 	    }
2509 	    svcs &= ~mask;
2510 	}
2511 }
2512 
2513 /*
2514  * nfs_minmax_check(name, value)
2515  *
2516  * Verify that the value for the property specified by index is valid
2517  * relative to the opposite value in the case of a min/max variable.
2518  * Currently, server_minvers/server_maxvers and
2519  * client_minvers/client_maxvers are the only ones to check.
2520  */
2521 
2522 static int
2523 nfs_minmax_check(int index, int value)
2524 {
2525 	int val;
2526 	char *pval;
2527 	sa_property_t prop;
2528 	sa_optionset_t opts;
2529 	int ret = B_TRUE;
2530 
2531 	if (proto_options[index].other != NULL) {
2532 	    /* have a property to compare against */
2533 	    opts = nfs_get_proto_set();
2534 	    prop = sa_get_property(opts, proto_options[index].other);
2535 		/*
2536 		 * If we don't find the property, assume default
2537 		 * values which will work since the max will be at the
2538 		 * max and the min at the min.
2539 		 */
2540 	    if (prop != NULL) {
2541 		pval = sa_get_property_attr(prop, "value");
2542 		if (pval != NULL) {
2543 		    val = strtoul(pval, NULL, 0);
2544 		    if (proto_options[index].compare == OPT_CMP_LE) {
2545 			ret = value <= val ? B_TRUE : B_FALSE;
2546 		    } else if (proto_options[index].compare == OPT_CMP_GE) {
2547 			ret = value >= val ? B_TRUE : B_FALSE;
2548 		    }
2549 		}
2550 	    }
2551 	}
2552 	return (ret);
2553 }
2554 
2555 /*
2556  * nfs_validate_proto_prop(index, name, value)
2557  *
2558  * Verify that the property specifed by name can take the new
2559  * value. This is a sanity check to prevent bad values getting into
2560  * the default files. All values need to be checked against what is
2561  * allowed by their defined type. If a type isn't explicitly defined
2562  * here, it is treated as a string.
2563  *
2564  * Note that OPT_TYPE_NUMBER will additionally check that the value is
2565  * within the range specified and potentially against another property
2566  * value as well as specified in the proto_options members other and
2567  * compare.
2568  */
2569 
2570 static int
2571 nfs_validate_proto_prop(int index, char *name, char *value)
2572 {
2573 	int ret = SA_OK;
2574 	char *cp;
2575 #ifdef lint
2576 	name = name;
2577 #endif
2578 
2579 	switch (proto_options[index].type) {
2580 	case OPT_TYPE_NUMBER:
2581 	    if (!is_a_number(value))
2582 		ret = SA_BAD_VALUE;
2583 	    else {
2584 		int val;
2585 		val = strtoul(value, NULL, 0);
2586 		if (val < proto_options[index].minval ||
2587 		    val > proto_options[index].maxval)
2588 		    ret = SA_BAD_VALUE;
2589 		/*
2590 		 * For server_versmin/server_versmax and
2591 		 * client_versmin/client_versmax, the value of the
2592 		 * min(max) should be checked to be correct relative
2593 		 * to the current max(min).
2594 		 */
2595 		if (!nfs_minmax_check(index, val)) {
2596 		    ret = SA_BAD_VALUE;
2597 		}
2598 	    }
2599 	    break;
2600 
2601 	case OPT_TYPE_DOMAIN:
2602 		/*
2603 		 * needs to be a qualified domain so will have at
2604 		 * least one period and other characters on either
2605 		 * side of it.  A zero length string is also allowed
2606 		 * and is the way to turn off the override.
2607 		 */
2608 	    if (strlen(value) == 0)
2609 		break;
2610 	    cp = strchr(value, '.');
2611 	    if (cp == NULL || cp == value || strchr(value, '@') != NULL)
2612 		ret = SA_BAD_VALUE;
2613 	    break;
2614 
2615 	case OPT_TYPE_BOOLEAN:
2616 	    if (strlen(value) == 0 ||
2617 		strcasecmp(value, "true") == 0 ||
2618 		strcmp(value, "1") == 0 ||
2619 		strcasecmp(value, "false") == 0 ||
2620 		strcmp(value, "0") == 0) {
2621 		ret = SA_OK;
2622 	    } else {
2623 		ret = SA_BAD_VALUE;
2624 	    }
2625 	    break;
2626 
2627 	case OPT_TYPE_ONOFF:
2628 	    if (strcasecmp(value, "on") != 0 &&
2629 		strcasecmp(value, "off") != 0) {
2630 		ret = SA_BAD_VALUE;
2631 	    }
2632 	    break;
2633 
2634 	case OPT_TYPE_PROTOCOL:
2635 	    if (strcasecmp(value, "all") != 0 &&
2636 		strcasecmp(value, "tcp") != 0 &&
2637 		strcasecmp(value, "udp") != 0)
2638 		ret = SA_BAD_VALUE;
2639 	    break;
2640 
2641 	default:
2642 	    /* treat as a string */
2643 	    break;
2644 	}
2645 	return (ret);
2646 }
2647 
2648 /*
2649  * nfs_set_proto_prop(prop)
2650  *
2651  * check that prop is valid.
2652  */
2653 
2654 static int
2655 nfs_set_proto_prop(sa_property_t prop)
2656 {
2657 	int ret = SA_OK;
2658 	char *name;
2659 	char *value;
2660 
2661 	name = sa_get_property_attr(prop, "type");
2662 	value = sa_get_property_attr(prop, "value");
2663 	if (name != NULL && value != NULL) {
2664 	    int index = findprotoopt(name, 1);
2665 	    if (index >= 0) {
2666 		/* should test for valid value */
2667 		ret = nfs_validate_proto_prop(index, name, value);
2668 		if (ret == SA_OK)
2669 		    ret = set_default_file_value(proto_options[index].tag,
2670 							value);
2671 		if (ret == SA_OK)
2672 		    restart_service(proto_options[index].svcs);
2673 	    }
2674 	}
2675 	if (name != NULL)
2676 	    sa_free_attr_string(name);
2677 	if (value != NULL)
2678 	    sa_free_attr_string(value);
2679 	return (ret);
2680 }
2681 
2682 /*
2683  * nfs_get_status()
2684  *
2685  * What is the current status of the nfsd? We use the SMF state here.
2686  * Caller must free the returned value.
2687  */
2688 
2689 static char *
2690 nfs_get_status()
2691 {
2692 	char *state;
2693 	state = smf_get_state(NFSD);
2694 	return (state != NULL ? state : strdup("-"));
2695 }
2696 
2697 /*
2698  * nfs_space_alias(alias)
2699  *
2700  * Lookup the space (security) name. If it is default, convert to the
2701  * real name.
2702  */
2703 
2704 static char *
2705 nfs_space_alias(char *space)
2706 {
2707 	char *name = space;
2708 	seconfig_t secconf;
2709 
2710 	/*
2711 	 * Only the space named "default" is special. If it is used,
2712 	 * the default needs to be looked up and the real name used.
2713 	 * This is normally "sys" but could be changed.  We always
2714 	 * change defautl to the real name.
2715 	 */
2716 	if (strcmp(space, "default") == 0 &&
2717 	    nfs_getseconfig_default(&secconf) == 0) {
2718 	    if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0)
2719 		name = secconf.sc_name;
2720 	}
2721 	return (strdup(name));
2722 }
2723