1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * NFS specific functions 29 */ 30 #include <stdio.h> 31 #include <string.h> 32 #include <ctype.h> 33 #include <stdlib.h> 34 #include <unistd.h> 35 #include <zone.h> 36 #include <errno.h> 37 #include <locale.h> 38 #include <signal.h> 39 #include "libshare.h" 40 #include "libshare_impl.h" 41 #include <nfs/export.h> 42 #include <pwd.h> 43 #include <limits.h> 44 #include <libscf.h> 45 #include "nfslog_config.h" 46 #include "nfslogtab.h" 47 #include "libshare_nfs.h" 48 #include <rpcsvc/daemon_utils.h> 49 #include <nfs/nfs.h> 50 #include <nfs/nfssys.h> 51 52 /* should really be in some global place */ 53 #define DEF_WIN 30000 54 #define OPT_CHUNK 1024 55 56 int debug = 0; 57 58 #define NFS_SERVER_SVC "svc:/network/nfs/server:default" 59 60 /* internal functions */ 61 static int nfs_init(); 62 static void nfs_fini(); 63 static int nfs_enable_share(sa_share_t); 64 static int nfs_disable_share(sa_share_t, char *); 65 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t); 66 static int nfs_validate_security_mode(char *); 67 static int nfs_is_security_opt(char *); 68 static int nfs_parse_legacy_options(sa_group_t, char *); 69 static char *nfs_format_options(sa_group_t, int); 70 static int nfs_set_proto_prop(sa_property_t); 71 static sa_protocol_properties_t nfs_get_proto_set(); 72 static char *nfs_get_status(); 73 static char *nfs_space_alias(char *); 74 static uint64_t nfs_features(); 75 76 /* 77 * ops vector that provides the protocol specific info and operations 78 * for share management. 79 */ 80 81 struct sa_plugin_ops sa_plugin_ops = { 82 SA_PLUGIN_VERSION, 83 "nfs", 84 nfs_init, 85 nfs_fini, 86 nfs_enable_share, 87 nfs_disable_share, 88 nfs_validate_property, 89 nfs_validate_security_mode, 90 nfs_is_security_opt, 91 nfs_parse_legacy_options, 92 nfs_format_options, 93 nfs_set_proto_prop, 94 nfs_get_proto_set, 95 nfs_get_status, 96 nfs_space_alias, 97 NULL, /* update_legacy */ 98 NULL, /* delete_legacy */ 99 NULL, /* change_notify */ 100 NULL, /* enable_resource */ 101 NULL, /* disable_resource */ 102 nfs_features, 103 NULL, /* transient shares */ 104 NULL, /* notify resource */ 105 NULL, /* rename_resource */ 106 NULL, /* run_command */ 107 NULL, /* command_help */ 108 NULL /* delete_proto_section */ 109 }; 110 111 /* 112 * list of support services needed 113 * defines should come from head/rpcsvc/daemon_utils.h 114 */ 115 116 static char *service_list_default[] = 117 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, REPARSED, NULL }; 118 static char *service_list_logging[] = 119 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, REPARSED, 120 NULL }; 121 122 /* 123 * option definitions. Make sure to keep the #define for the option 124 * index just before the entry it is the index for. Changing the order 125 * can cause breakage. E.g OPT_RW is index 1 and must precede the 126 * line that includes the SHOPT_RW and OPT_RW entries. 127 */ 128 129 struct option_defs optdefs[] = { 130 #define OPT_RO 0 131 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 132 #define OPT_RW 1 133 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 134 #define OPT_ROOT 2 135 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 136 #define OPT_SECURE 3 137 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 138 #define OPT_ANON 4 139 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 140 #define OPT_WINDOW 5 141 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 142 #define OPT_NOSUID 6 143 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 144 #define OPT_ACLOK 7 145 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 146 #define OPT_NOSUB 8 147 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 148 #define OPT_SEC 9 149 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 150 #define OPT_PUBLIC 10 151 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 152 #define OPT_INDEX 11 153 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 154 #define OPT_LOG 12 155 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 156 #define OPT_CKSUM 13 157 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 158 #define OPT_NONE 14 159 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST}, 160 #define OPT_ROOT_MAPPING 15 161 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER}, 162 #define OPT_CHARSET_MAP 16 163 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST}, 164 #define OPT_NOACLFAB 17 165 {SHOPT_NOACLFAB, OPT_NOACLFAB, OPT_TYPE_BOOLEAN}, 166 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 167 #define OPT_VOLFH 18 168 {SHOPT_VOLFH, OPT_VOLFH}, 169 #endif /* VOLATILE_FH_TEST */ 170 NULL 171 }; 172 173 /* 174 * Codesets that may need to be converted to UTF-8 for file paths. 175 * Add new names here to add new property support. If we ever get a 176 * way to query the kernel for character sets, this should become 177 * dynamically loaded. Make sure changes here are reflected in 178 * cmd/fs.d/nfs/mountd/nfscmd.c 179 */ 180 181 static char *legal_conv[] = { 182 "euc-cn", 183 "euc-jp", 184 "euc-jpms", 185 "euc-kr", 186 "euc-tw", 187 "iso8859-1", 188 "iso8859-2", 189 "iso8859-5", 190 "iso8859-6", 191 "iso8859-7", 192 "iso8859-8", 193 "iso8859-9", 194 "iso8859-13", 195 "iso8859-15", 196 "koi8-r", 197 NULL 198 }; 199 200 /* 201 * list of properties that are related to security flavors. 202 */ 203 static char *seclist[] = { 204 SHOPT_RO, 205 SHOPT_RW, 206 SHOPT_ROOT, 207 SHOPT_WINDOW, 208 SHOPT_NONE, 209 SHOPT_ROOT_MAPPING, 210 NULL 211 }; 212 213 /* structure for list of securities */ 214 struct securities { 215 sa_security_t security; 216 struct securities *next; 217 }; 218 219 /* 220 * findcharset(charset) 221 * 222 * Returns B_TRUE if the charset is a legal conversion otherwise 223 * B_FALSE. This will need to be rewritten to be more efficient when 224 * we have a dynamic list of legal conversions. 225 */ 226 227 static boolean_t 228 findcharset(char *charset) 229 { 230 int i; 231 232 for (i = 0; legal_conv[i] != NULL; i++) 233 if (strcmp(charset, legal_conv[i]) == 0) 234 return (B_TRUE); 235 return (B_FALSE); 236 } 237 238 /* 239 * findopt(name) 240 * 241 * Lookup option "name" in the option table and return the table 242 * index. 243 */ 244 245 static int 246 findopt(char *name) 247 { 248 int i; 249 if (name != NULL) { 250 for (i = 0; optdefs[i].tag != NULL; i++) { 251 if (strcmp(optdefs[i].tag, name) == 0) 252 return (i); 253 } 254 if (findcharset(name)) 255 return (OPT_CHARSET_MAP); 256 } 257 return (-1); 258 } 259 260 /* 261 * gettype(name) 262 * 263 * Return the type of option "name". 264 */ 265 266 static int 267 gettype(char *name) 268 { 269 int optdef; 270 271 optdef = findopt(name); 272 if (optdef != -1) 273 return (optdefs[optdef].type); 274 return (OPT_TYPE_ANY); 275 } 276 277 /* 278 * nfs_validate_security_mode(mode) 279 * 280 * is the specified mode string a valid one for use with NFS? 281 */ 282 283 static int 284 nfs_validate_security_mode(char *mode) 285 { 286 seconfig_t secinfo; 287 int err; 288 289 (void) memset(&secinfo, '\0', sizeof (secinfo)); 290 err = nfs_getseconfig_byname(mode, &secinfo); 291 if (err == SC_NOERROR) 292 return (1); 293 return (0); 294 } 295 296 /* 297 * nfs_is_security_opt(tok) 298 * 299 * check to see if tok represents an option that is only valid in some 300 * security flavor. 301 */ 302 303 static int 304 nfs_is_security_opt(char *tok) 305 { 306 int i; 307 308 for (i = 0; seclist[i] != NULL; i++) { 309 if (strcmp(tok, seclist[i]) == 0) 310 return (1); 311 } 312 return (0); 313 } 314 315 /* 316 * find_security(seclist, sec) 317 * 318 * Walk the current list of security flavors and return true if it is 319 * present, else return false. 320 */ 321 322 static int 323 find_security(struct securities *seclist, sa_security_t sec) 324 { 325 while (seclist != NULL) { 326 if (seclist->security == sec) 327 return (1); 328 seclist = seclist->next; 329 } 330 return (0); 331 } 332 333 /* 334 * make_security_list(group, securitymodes, proto) 335 * go through the list of securitymodes and add them to the 336 * group's list of security optionsets. We also keep a list of 337 * those optionsets so we don't have to find them later. All of 338 * these will get copies of the same properties. 339 */ 340 341 static struct securities * 342 make_security_list(sa_group_t group, char *securitymodes, char *proto) 343 { 344 char *tok, *next = NULL; 345 struct securities *curp, *headp = NULL, *prev; 346 sa_security_t check; 347 int freetok = 0; 348 349 for (tok = securitymodes; tok != NULL; tok = next) { 350 next = strchr(tok, ':'); 351 if (next != NULL) 352 *next++ = '\0'; 353 if (strcmp(tok, "default") == 0) { 354 /* resolve default into the real type */ 355 tok = nfs_space_alias(tok); 356 freetok = 1; 357 } 358 check = sa_get_security(group, tok, proto); 359 360 /* add to the security list if it isn't there already */ 361 if (check == NULL || !find_security(headp, check)) { 362 curp = (struct securities *)calloc(1, 363 sizeof (struct securities)); 364 if (curp != NULL) { 365 if (check == NULL) { 366 curp->security = sa_create_security( 367 group, tok, proto); 368 } else { 369 curp->security = check; 370 } 371 /* 372 * note that the first time through the loop, 373 * headp will be NULL and prev will be 374 * undefined. Since headp is NULL, we set 375 * both it and prev to the curp (first 376 * structure to be allocated). 377 * 378 * later passes through the loop will have 379 * headp not being NULL and prev will be used 380 * to allocate at the end of the list. 381 */ 382 if (headp == NULL) { 383 headp = curp; 384 prev = curp; 385 } else { 386 prev->next = curp; 387 prev = curp; 388 } 389 } 390 } 391 392 if (freetok) { 393 freetok = 0; 394 sa_free_attr_string(tok); 395 } 396 } 397 return (headp); 398 } 399 400 static void 401 free_security_list(struct securities *sec) 402 { 403 struct securities *next; 404 if (sec != NULL) { 405 for (next = sec->next; sec != NULL; sec = next) { 406 next = sec->next; 407 free(sec); 408 } 409 } 410 } 411 412 /* 413 * nfs_alistcat(str1, str2, sep) 414 * 415 * concatenate str1 and str2 into a new string using sep as a separate 416 * character. If memory allocation fails, return NULL; 417 */ 418 419 static char * 420 nfs_alistcat(char *str1, char *str2, char sep) 421 { 422 char *newstr; 423 size_t len; 424 425 len = strlen(str1) + strlen(str2) + 2; 426 newstr = (char *)malloc(len); 427 if (newstr != NULL) 428 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 429 return (newstr); 430 } 431 432 /* 433 * add_security_prop(sec, name, value, persist) 434 * 435 * Add the property to the securities structure. This accumulates 436 * properties for as part of parsing legacy options. 437 */ 438 439 static int 440 add_security_prop(struct securities *sec, char *name, char *value, 441 int persist, int iszfs) 442 { 443 sa_property_t prop; 444 int ret = SA_OK; 445 446 for (; sec != NULL; sec = sec->next) { 447 if (value == NULL) { 448 if (strcmp(name, SHOPT_RW) == 0 || 449 strcmp(name, SHOPT_RO) == 0) 450 value = "*"; 451 else 452 value = "true"; 453 } 454 455 /* 456 * Get the existing property, if it exists, so we can 457 * determine what to do with it. The ro/rw/root 458 * properties can be merged if multiple instances of 459 * these properies are given. For example, if "rw" 460 * exists with a value "host1" and a later token of 461 * rw="host2" is seen, the values are merged into a 462 * single rw="host1:host2". 463 */ 464 prop = sa_get_property(sec->security, name); 465 466 if (prop != NULL) { 467 char *oldvalue; 468 char *newvalue; 469 470 /* 471 * The security options of ro/rw/root might appear 472 * multiple times. If they do, the values need to be 473 * merged into an access list. If it was previously 474 * empty, the new value alone is added. 475 */ 476 oldvalue = sa_get_property_attr(prop, "value"); 477 if (oldvalue != NULL) { 478 /* 479 * The general case is to concatenate the new 480 * value onto the old value for multiple 481 * rw(ro/root) properties. A special case 482 * exists when either the old or new is the 483 * "all" case. In the special case, if both 484 * are "all", then it is "all", else if one is 485 * an access-list, that replaces the "all". 486 */ 487 if (strcmp(oldvalue, "*") == 0) { 488 /* Replace old value with new value. */ 489 newvalue = strdup(value); 490 } else if (strcmp(value, "*") == 0 || 491 strcmp(oldvalue, value) == 0) { 492 /* 493 * Keep old value and ignore 494 * the new value. 495 */ 496 newvalue = NULL; 497 } else { 498 /* 499 * Make a new list of old plus new 500 * access-list. 501 */ 502 newvalue = nfs_alistcat(oldvalue, 503 value, ':'); 504 } 505 506 if (newvalue != NULL) { 507 (void) sa_remove_property(prop); 508 prop = sa_create_property(name, 509 newvalue); 510 ret = sa_add_property(sec->security, 511 prop); 512 free(newvalue); 513 } 514 if (oldvalue != NULL) 515 sa_free_attr_string(oldvalue); 516 } 517 } else { 518 prop = sa_create_property(name, value); 519 ret = sa_add_property(sec->security, prop); 520 } 521 if (ret == SA_OK && !iszfs) { 522 ret = sa_commit_properties(sec->security, !persist); 523 } 524 } 525 return (ret); 526 } 527 528 /* 529 * check to see if group/share is persistent. 530 */ 531 static int 532 is_persistent(sa_group_t group) 533 { 534 char *type; 535 int persist = 1; 536 537 type = sa_get_group_attr(group, "type"); 538 if (type != NULL && strcmp(type, "persist") != 0) 539 persist = 0; 540 if (type != NULL) 541 sa_free_attr_string(type); 542 return (persist); 543 } 544 545 /* 546 * invalid_security(options) 547 * 548 * search option string for any invalid sec= type. 549 * return true (1) if any are not valid else false (0) 550 */ 551 static int 552 invalid_security(char *options) 553 { 554 char *copy, *base, *token, *value; 555 int ret = 0; 556 557 copy = strdup(options); 558 token = base = copy; 559 while (token != NULL && ret == 0) { 560 token = strtok(base, ","); 561 base = NULL; 562 if (token != NULL) { 563 value = strchr(token, '='); 564 if (value != NULL) 565 *value++ = '\0'; 566 if (strcmp(token, "sec") == 0) { 567 /* HAVE security flavors so check them */ 568 char *tok, *next; 569 for (next = NULL, tok = value; tok != NULL; 570 tok = next) { 571 next = strchr(tok, ':'); 572 if (next != NULL) 573 *next++ = '\0'; 574 ret = !nfs_validate_security_mode(tok); 575 if (ret) 576 break; 577 } 578 } 579 } 580 } 581 if (copy != NULL) 582 free(copy); 583 return (ret); 584 } 585 586 /* 587 * nfs_parse_legacy_options(group, options) 588 * 589 * Parse the old style options into internal format and store on the 590 * specified group. Group could be a share for full legacy support. 591 */ 592 593 static int 594 nfs_parse_legacy_options(sa_group_t group, char *options) 595 { 596 char *dup; 597 char *base; 598 char *token; 599 sa_optionset_t optionset; 600 struct securities *security_list = NULL; 601 sa_property_t prop; 602 int ret = SA_OK; 603 int iszfs = 0; 604 sa_group_t parent; 605 int persist = 0; 606 char *lasts; 607 608 /* do we have an existing optionset? */ 609 optionset = sa_get_optionset(group, "nfs"); 610 if (optionset == NULL) { 611 /* didn't find existing optionset so create one */ 612 optionset = sa_create_optionset(group, "nfs"); 613 } else { 614 /* 615 * Have an existing optionset . Ideally, we would need 616 * to compare options in order to detect errors. For 617 * now, we assume that the first optionset is the 618 * correct one and the others will be the same. An 619 * empty optionset is the same as no optionset so we 620 * don't want to exit in that case. Getting an empty 621 * optionset can occur with ZFS property checking. 622 */ 623 if (sa_get_property(optionset, NULL) != NULL) 624 return (ret); 625 } 626 627 if (strcmp(options, SHOPT_RW) == 0) { 628 /* 629 * there is a special case of only the option "rw" 630 * being the default option. We don't have to do 631 * anything. 632 */ 633 return (ret); 634 } 635 636 /* 637 * check if security types are present and validate them. If 638 * any are not legal, fail. 639 */ 640 641 if (invalid_security(options)) { 642 return (SA_INVALID_SECURITY); 643 } 644 645 /* 646 * in order to not attempt to change ZFS properties unless 647 * absolutely necessary, we never do it in the legacy parsing. 648 */ 649 if (sa_is_share(group)) { 650 char *zfs; 651 parent = sa_get_parent_group(group); 652 if (parent != NULL) { 653 zfs = sa_get_group_attr(parent, "zfs"); 654 if (zfs != NULL) { 655 sa_free_attr_string(zfs); 656 iszfs++; 657 } 658 } 659 } else { 660 iszfs = sa_group_is_zfs(group); 661 } 662 663 /* We need a copy of options for the next part. */ 664 dup = strdup(options); 665 if (dup == NULL) 666 return (SA_NO_MEMORY); 667 668 /* 669 * we need to step through each option in the string and then 670 * add either the option or the security option as needed. If 671 * this is not a persistent share, don't commit to the 672 * repository. If there is an error, we also want to abort the 673 * processing and report it. 674 */ 675 persist = is_persistent(group); 676 base = dup; 677 token = dup; 678 lasts = NULL; 679 while (token != NULL && ret == SA_OK) { 680 ret = SA_OK; 681 token = strtok_r(base, ",", &lasts); 682 base = NULL; 683 if (token != NULL) { 684 char *value; 685 /* 686 * if the option has a value, it will have an '=' to 687 * separate the name from the value. The following 688 * code will result in value != NULL and token 689 * pointing to just the name if there is a value. 690 */ 691 value = strchr(token, '='); 692 if (value != NULL) { 693 *value++ = '\0'; 694 } 695 if (strcmp(token, "sec") == 0 || 696 strcmp(token, "secure") == 0) { 697 /* 698 * Once in security parsing, we only 699 * do security. We do need to move 700 * between the security node and the 701 * toplevel. The security tag goes on 702 * the root while the following ones 703 * go on the security. 704 */ 705 if (security_list != NULL) { 706 /* 707 * have an old list so close it and 708 * start the new 709 */ 710 free_security_list(security_list); 711 } 712 if (strcmp(token, "secure") == 0) { 713 value = "dh"; 714 } else { 715 if (value == NULL) { 716 ret = SA_SYNTAX_ERR; 717 break; 718 } 719 } 720 security_list = make_security_list(group, 721 value, "nfs"); 722 } else { 723 /* 724 * Note that the "old" syntax allowed a 725 * default security model This must be 726 * accounted for and internally converted to 727 * "standard" security structure. 728 */ 729 if (nfs_is_security_opt(token)) { 730 if (security_list == NULL) { 731 /* 732 * need to have a 733 * security 734 * option. This will 735 * be "closed" when a 736 * defined "sec=" 737 * option is 738 * seen. This is 739 * technically an 740 * error but will be 741 * allowed with 742 * warning. 743 */ 744 security_list = 745 make_security_list(group, 746 "default", 747 "nfs"); 748 } 749 if (security_list != NULL) { 750 ret = add_security_prop( 751 security_list, token, 752 value, persist, iszfs); 753 } else { 754 ret = SA_NO_MEMORY; 755 } 756 } else { 757 /* regular options */ 758 if (value == NULL) { 759 if (strcmp(token, SHOPT_RW) == 760 0 || strcmp(token, 761 SHOPT_RO) == 0) { 762 value = "*"; 763 } else { 764 value = "global"; 765 if (strcmp(token, 766 SHOPT_LOG) != 0) { 767 value = "true"; 768 } 769 } 770 } 771 /* 772 * In all cases, create the 773 * property specified. If the 774 * value was NULL, the default 775 * value will have been 776 * substituted. 777 */ 778 prop = sa_create_property(token, value); 779 ret = sa_add_property(optionset, prop); 780 if (ret != SA_OK) 781 break; 782 783 if (!iszfs) { 784 ret = sa_commit_properties( 785 optionset, !persist); 786 } 787 } 788 } 789 } 790 } 791 if (security_list != NULL) 792 free_security_list(security_list); 793 794 free(dup); 795 return (ret); 796 } 797 798 /* 799 * is_a_number(number) 800 * 801 * is the string a number in one of the forms we want to use? 802 */ 803 804 static int 805 is_a_number(char *number) 806 { 807 int ret = 1; 808 int hex = 0; 809 810 if (strncmp(number, "0x", 2) == 0) { 811 number += 2; 812 hex = 1; 813 } else if (*number == '-') { 814 number++; /* skip the minus */ 815 } 816 while (ret == 1 && *number != '\0') { 817 if (hex) { 818 ret = isxdigit(*number++); 819 } else { 820 ret = isdigit(*number++); 821 } 822 } 823 return (ret); 824 } 825 826 /* 827 * Look for the specified tag in the configuration file. If it is found, 828 * enable logging and set the logging configuration information for exp. 829 */ 830 static void 831 configlog(struct exportdata *exp, char *tag) 832 { 833 nfsl_config_t *configlist = NULL, *configp; 834 int error = 0; 835 char globaltag[] = DEFAULTTAG; 836 837 /* 838 * Sends config errors to stderr 839 */ 840 nfsl_errs_to_syslog = B_FALSE; 841 842 /* 843 * get the list of configuration settings 844 */ 845 error = nfsl_getconfig_list(&configlist); 846 if (error) { 847 (void) fprintf(stderr, 848 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 849 strerror(error)); 850 } 851 852 if (tag == NULL) 853 tag = globaltag; 854 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 855 nfsl_freeconfig_list(&configlist); 856 (void) fprintf(stderr, 857 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 858 /* bad configuration */ 859 error = ENOENT; 860 goto err; 861 } 862 863 if ((exp->ex_tag = strdup(tag)) == NULL) { 864 error = ENOMEM; 865 goto out; 866 } 867 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 868 error = ENOMEM; 869 goto out; 870 } 871 exp->ex_flags |= EX_LOG; 872 if (configp->nc_rpclogpath != NULL) 873 exp->ex_flags |= EX_LOG_ALLOPS; 874 out: 875 if (configlist != NULL) 876 nfsl_freeconfig_list(&configlist); 877 878 err: 879 if (error != 0) { 880 if (exp->ex_flags != NULL) 881 free(exp->ex_tag); 882 if (exp->ex_log_buffer != NULL) 883 free(exp->ex_log_buffer); 884 (void) fprintf(stderr, 885 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 886 strerror(error)); 887 } 888 } 889 890 /* 891 * fill_export_from_optionset(export, optionset) 892 * 893 * In order to share, we need to set all the possible general options 894 * into the export structure. Share info will be filled in by the 895 * caller. Various property values get turned into structure specific 896 * values. 897 */ 898 899 static int 900 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 901 { 902 sa_property_t option; 903 int ret = SA_OK; 904 905 for (option = sa_get_property(optionset, NULL); 906 option != NULL; option = sa_get_next_property(option)) { 907 char *name; 908 char *value; 909 uint32_t val; 910 911 /* 912 * since options may be set/reset multiple times, always do an 913 * explicit set or clear of the option. This allows defaults 914 * to be set and then the protocol specific to override. 915 */ 916 917 name = sa_get_property_attr(option, "type"); 918 value = sa_get_property_attr(option, "value"); 919 switch (findopt(name)) { 920 case OPT_ANON: 921 if (value != NULL && is_a_number(value)) { 922 val = strtoul(value, NULL, 0); 923 } else { 924 struct passwd *pw; 925 pw = getpwnam(value != NULL ? value : "nobody"); 926 if (pw != NULL) { 927 val = pw->pw_uid; 928 } else { 929 val = UID_NOBODY; 930 } 931 endpwent(); 932 } 933 export->ex_anon = val; 934 break; 935 case OPT_NOSUID: 936 if (value != NULL && (strcasecmp(value, "true") == 0 || 937 strcmp(value, "1") == 0)) 938 export->ex_flags |= EX_NOSUID; 939 else 940 export->ex_flags &= ~EX_NOSUID; 941 break; 942 case OPT_ACLOK: 943 if (value != NULL && (strcasecmp(value, "true") == 0 || 944 strcmp(value, "1") == 0)) 945 export->ex_flags |= EX_ACLOK; 946 else 947 export->ex_flags &= ~EX_ACLOK; 948 break; 949 case OPT_NOSUB: 950 if (value != NULL && (strcasecmp(value, "true") == 0 || 951 strcmp(value, "1") == 0)) 952 export->ex_flags |= EX_NOSUB; 953 else 954 export->ex_flags &= ~EX_NOSUB; 955 break; 956 case OPT_PUBLIC: 957 if (value != NULL && (strcasecmp(value, "true") == 0 || 958 strcmp(value, "1") == 0)) 959 export->ex_flags |= EX_PUBLIC; 960 else 961 export->ex_flags &= ~EX_PUBLIC; 962 break; 963 case OPT_INDEX: 964 if (value != NULL && (strcmp(value, "..") == 0 || 965 strchr(value, '/') != NULL)) { 966 /* this is an error */ 967 (void) printf(dgettext(TEXT_DOMAIN, 968 "NFS: index=\"%s\" not valid;" 969 "must be a filename.\n"), 970 value); 971 break; 972 } 973 if (value != NULL && *value != '\0' && 974 strcmp(value, ".") != 0) { 975 /* valid index file string */ 976 if (export->ex_index != NULL) { 977 /* left over from "default" */ 978 free(export->ex_index); 979 } 980 /* remember to free */ 981 export->ex_index = strdup(value); 982 if (export->ex_index == NULL) { 983 (void) printf(dgettext(TEXT_DOMAIN, 984 "NFS: out of memory setting " 985 "index property\n")); 986 break; 987 } 988 export->ex_flags |= EX_INDEX; 989 } 990 break; 991 case OPT_LOG: 992 if (value == NULL) 993 value = strdup("global"); 994 if (value != NULL) 995 configlog(export, 996 strlen(value) ? value : "global"); 997 break; 998 case OPT_CHARSET_MAP: 999 /* 1000 * Set EX_CHARMAP when there is at least one 1001 * charmap conversion property. This will get 1002 * checked by the nfs server when it needs to. 1003 */ 1004 export->ex_flags |= EX_CHARMAP; 1005 break; 1006 case OPT_NOACLFAB: 1007 if (value != NULL && (strcasecmp(value, "true") == 0 || 1008 strcmp(value, "1") == 0)) 1009 export->ex_flags |= EX_NOACLFAB; 1010 else 1011 export->ex_flags &= ~EX_NOACLFAB; 1012 break; 1013 default: 1014 /* have a syntactic error */ 1015 (void) printf(dgettext(TEXT_DOMAIN, 1016 "NFS: unrecognized option %s=%s\n"), 1017 name != NULL ? name : "", 1018 value != NULL ? value : ""); 1019 break; 1020 } 1021 if (name != NULL) 1022 sa_free_attr_string(name); 1023 if (value != NULL) 1024 sa_free_attr_string(value); 1025 } 1026 return (ret); 1027 } 1028 1029 /* 1030 * cleanup_export(export) 1031 * 1032 * Cleanup the allocated areas so we don't leak memory 1033 */ 1034 1035 static void 1036 cleanup_export(struct exportdata *export) 1037 { 1038 int i; 1039 1040 if (export->ex_index != NULL) 1041 free(export->ex_index); 1042 if (export->ex_secinfo != NULL) { 1043 for (i = 0; i < export->ex_seccnt; i++) 1044 if (export->ex_secinfo[i].s_rootnames != NULL) 1045 free(export->ex_secinfo[i].s_rootnames); 1046 free(export->ex_secinfo); 1047 } 1048 } 1049 1050 /* 1051 * Given a seconfig entry and a colon-separated 1052 * list of names, allocate an array big enough 1053 * to hold the root list, then convert each name to 1054 * a principal name according to the security 1055 * info and assign it to an array element. 1056 * Return the array and its size. 1057 */ 1058 static caddr_t * 1059 get_rootnames(seconfig_t *sec, char *list, int *count) 1060 { 1061 caddr_t *a; 1062 int c, i; 1063 char *host, *p; 1064 1065 /* 1066 * Count the number of strings in the list. 1067 * This is the number of colon separators + 1. 1068 */ 1069 c = 1; 1070 for (p = list; *p; p++) 1071 if (*p == ':') 1072 c++; 1073 *count = c; 1074 1075 a = (caddr_t *)malloc(c * sizeof (char *)); 1076 if (a == NULL) { 1077 (void) printf(dgettext(TEXT_DOMAIN, 1078 "get_rootnames: no memory\n")); 1079 } else { 1080 for (i = 0; i < c; i++) { 1081 host = strtok(list, ":"); 1082 if (!nfs_get_root_principal(sec, host, &a[i])) { 1083 free(a); 1084 a = NULL; 1085 break; 1086 } 1087 list = NULL; 1088 } 1089 } 1090 1091 return (a); 1092 } 1093 1094 /* 1095 * fill_security_from_secopts(sp, secopts) 1096 * 1097 * Fill the secinfo structure from the secopts optionset. 1098 */ 1099 1100 static int 1101 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1102 { 1103 sa_property_t prop; 1104 char *type; 1105 int longform; 1106 int err = SC_NOERROR; 1107 uint32_t val; 1108 1109 type = sa_get_security_attr(secopts, "sectype"); 1110 if (type != NULL) { 1111 /* named security type needs secinfo to be filled in */ 1112 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1113 sa_free_attr_string(type); 1114 if (err != SC_NOERROR) 1115 return (err); 1116 } else { 1117 /* default case */ 1118 err = nfs_getseconfig_default(&sp->s_secinfo); 1119 if (err != SC_NOERROR) 1120 return (err); 1121 } 1122 1123 err = SA_OK; 1124 for (prop = sa_get_property(secopts, NULL); 1125 prop != NULL && err == SA_OK; 1126 prop = sa_get_next_property(prop)) { 1127 char *name; 1128 char *value; 1129 1130 name = sa_get_property_attr(prop, "type"); 1131 value = sa_get_property_attr(prop, "value"); 1132 1133 longform = value != NULL && strcmp(value, "*") != 0; 1134 1135 switch (findopt(name)) { 1136 case OPT_RO: 1137 sp->s_flags |= longform ? M_ROL : M_RO; 1138 break; 1139 case OPT_RW: 1140 sp->s_flags |= longform ? M_RWL : M_RW; 1141 break; 1142 case OPT_ROOT: 1143 sp->s_flags |= M_ROOT; 1144 /* 1145 * if we are using AUTH_UNIX, handle like other things 1146 * such as RO/RW 1147 */ 1148 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1149 continue; 1150 /* not AUTH_UNIX */ 1151 if (value != NULL) { 1152 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1153 value, &sp->s_rootcnt); 1154 if (sp->s_rootnames == NULL) { 1155 err = SA_BAD_VALUE; 1156 (void) fprintf(stderr, 1157 dgettext(TEXT_DOMAIN, 1158 "Bad root list\n")); 1159 } 1160 } 1161 break; 1162 case OPT_NONE: 1163 sp->s_flags |= M_NONE; 1164 break; 1165 case OPT_WINDOW: 1166 if (value != NULL) { 1167 sp->s_window = atoi(value); 1168 /* just in case */ 1169 if (sp->s_window < 0) 1170 sp->s_window = DEF_WIN; 1171 } 1172 break; 1173 case OPT_ROOT_MAPPING: 1174 if (value != NULL && is_a_number(value)) { 1175 val = strtoul(value, NULL, 0); 1176 } else { 1177 struct passwd *pw; 1178 pw = getpwnam(value != NULL ? value : "nobody"); 1179 if (pw != NULL) { 1180 val = pw->pw_uid; 1181 } else { 1182 val = UID_NOBODY; 1183 } 1184 endpwent(); 1185 } 1186 sp->s_rootid = val; 1187 break; 1188 default: 1189 break; 1190 } 1191 if (name != NULL) 1192 sa_free_attr_string(name); 1193 if (value != NULL) 1194 sa_free_attr_string(value); 1195 } 1196 /* if rw/ro options not set, use default of RW */ 1197 if ((sp->s_flags & NFS_RWMODES) == 0) 1198 sp->s_flags |= M_RW; 1199 return (err); 1200 } 1201 1202 /* 1203 * This is for testing only 1204 * It displays the export structure that 1205 * goes into the kernel. 1206 */ 1207 static void 1208 printarg(char *path, struct exportdata *ep) 1209 { 1210 int i, j; 1211 struct secinfo *sp; 1212 1213 if (debug == 0) 1214 return; 1215 1216 (void) printf("%s:\n", path); 1217 (void) printf("\tex_version = %d\n", ep->ex_version); 1218 (void) printf("\tex_path = %s\n", ep->ex_path); 1219 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1220 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1221 if (ep->ex_flags & EX_NOSUID) 1222 (void) printf("NOSUID "); 1223 if (ep->ex_flags & EX_ACLOK) 1224 (void) printf("ACLOK "); 1225 if (ep->ex_flags & EX_PUBLIC) 1226 (void) printf("PUBLIC "); 1227 if (ep->ex_flags & EX_NOSUB) 1228 (void) printf("NOSUB "); 1229 if (ep->ex_flags & EX_LOG) 1230 (void) printf("LOG "); 1231 if (ep->ex_flags & EX_CHARMAP) 1232 (void) printf("CHARMAP "); 1233 if (ep->ex_flags & EX_LOG_ALLOPS) 1234 (void) printf("LOG_ALLOPS "); 1235 if (ep->ex_flags == 0) 1236 (void) printf("(none)"); 1237 (void) printf("\n"); 1238 if (ep->ex_flags & EX_LOG) { 1239 (void) printf("\tex_log_buffer = %s\n", 1240 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1241 (void) printf("\tex_tag = %s\n", 1242 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1243 } 1244 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1245 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1246 (void) printf("\n"); 1247 for (i = 0; i < ep->ex_seccnt; i++) { 1248 sp = &ep->ex_secinfo[i]; 1249 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1250 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1251 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1252 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1253 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1254 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1255 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1256 if (sp->s_flags & M_NONE) (void) printf("M_NONE "); 1257 if (sp->s_flags == 0) (void) printf("(none)"); 1258 (void) printf("\n"); 1259 (void) printf("\t\ts_window = %d\n", sp->s_window); 1260 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid); 1261 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1262 (void) fflush(stdout); 1263 for (j = 0; j < sp->s_rootcnt; j++) 1264 (void) printf("%s ", sp->s_rootnames[j] ? 1265 sp->s_rootnames[j] : "<null>"); 1266 (void) printf("\n\n"); 1267 } 1268 } 1269 1270 /* 1271 * count_security(opts) 1272 * 1273 * Count the number of security types (flavors). The optionset has 1274 * been populated with the security flavors as a holding mechanism. 1275 * We later use this number to allocate data structures. 1276 */ 1277 1278 static int 1279 count_security(sa_optionset_t opts) 1280 { 1281 int count = 0; 1282 sa_property_t prop; 1283 if (opts != NULL) { 1284 for (prop = sa_get_property(opts, NULL); prop != NULL; 1285 prop = sa_get_next_property(prop)) { 1286 count++; 1287 } 1288 } 1289 return (count); 1290 } 1291 1292 /* 1293 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1294 * 1295 * provides a mechanism to format NFS properties into legacy output 1296 * format. If the buffer would overflow, it is reallocated and grown 1297 * as appropriate. Special cases of converting internal form of values 1298 * to those used by "share" are done. this function does one property 1299 * at a time. 1300 */ 1301 1302 static int 1303 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1304 sa_property_t prop, int sep) 1305 { 1306 char *name; 1307 char *value; 1308 int curlen; 1309 char *buff = *rbuff; 1310 size_t buffsize = *rbuffsize; 1311 int printed = B_FALSE; 1312 1313 name = sa_get_property_attr(prop, "type"); 1314 value = sa_get_property_attr(prop, "value"); 1315 if (buff != NULL) 1316 curlen = strlen(buff); 1317 else 1318 curlen = 0; 1319 if (name != NULL) { 1320 int len; 1321 len = strlen(name) + sep; 1322 1323 /* 1324 * A future RFE would be to replace this with more 1325 * generic code and to possibly handle more types. 1326 */ 1327 switch (gettype(name)) { 1328 case OPT_TYPE_BOOLEAN: 1329 /* 1330 * For NFS, boolean value of FALSE means it 1331 * doesn't show up in the option list at all. 1332 */ 1333 if (value != NULL && strcasecmp(value, "false") == 0) 1334 goto skip; 1335 if (value != NULL) { 1336 sa_free_attr_string(value); 1337 value = NULL; 1338 } 1339 break; 1340 case OPT_TYPE_ACCLIST: 1341 if (value != NULL && strcmp(value, "*") == 0) { 1342 sa_free_attr_string(value); 1343 value = NULL; 1344 } else { 1345 if (value != NULL) 1346 len += 1 + strlen(value); 1347 } 1348 break; 1349 case OPT_TYPE_LOGTAG: 1350 if (value != NULL && strlen(value) == 0) { 1351 sa_free_attr_string(value); 1352 value = NULL; 1353 } else { 1354 if (value != NULL) 1355 len += 1 + strlen(value); 1356 } 1357 break; 1358 default: 1359 if (value != NULL) 1360 len += 1 + strlen(value); 1361 break; 1362 } 1363 while (buffsize <= (curlen + len)) { 1364 /* need more room */ 1365 buffsize += incr; 1366 buff = realloc(buff, buffsize); 1367 if (buff == NULL) { 1368 /* realloc failed so free everything */ 1369 if (*rbuff != NULL) 1370 free(*rbuff); 1371 } 1372 *rbuff = buff; 1373 *rbuffsize = buffsize; 1374 if (buff == NULL) 1375 goto skip; 1376 1377 } 1378 1379 if (buff == NULL) 1380 goto skip; 1381 1382 if (value == NULL) { 1383 (void) snprintf(buff + curlen, buffsize - curlen, 1384 "%s%s", sep ? "," : "", 1385 name, value != NULL ? value : ""); 1386 } else { 1387 (void) snprintf(buff + curlen, buffsize - curlen, 1388 "%s%s=%s", sep ? "," : "", 1389 name, value != NULL ? value : ""); 1390 } 1391 printed = B_TRUE; 1392 } 1393 skip: 1394 if (name != NULL) 1395 sa_free_attr_string(name); 1396 if (value != NULL) 1397 sa_free_attr_string(value); 1398 return (printed); 1399 } 1400 1401 /* 1402 * nfs_format_options(group, hier) 1403 * 1404 * format all the options on the group into an old-style option 1405 * string. If hier is non-zero, walk up the tree to get inherited 1406 * options. 1407 */ 1408 1409 static char * 1410 nfs_format_options(sa_group_t group, int hier) 1411 { 1412 sa_optionset_t options = NULL; 1413 sa_optionset_t secoptions = NULL; 1414 sa_property_t prop, secprop; 1415 sa_security_t security = NULL; 1416 char *buff; 1417 size_t buffsize; 1418 char *sectype = NULL; 1419 int sep = 0; 1420 1421 1422 buff = malloc(OPT_CHUNK); 1423 if (buff == NULL) { 1424 return (NULL); 1425 } 1426 1427 buff[0] = '\0'; 1428 buffsize = OPT_CHUNK; 1429 1430 /* 1431 * We may have a an optionset relative to this item. format 1432 * these if we find them and then add any security definitions. 1433 */ 1434 1435 options = sa_get_derived_optionset(group, "nfs", hier); 1436 1437 /* 1438 * do the default set first but skip any option that is also 1439 * in the protocol specific optionset. 1440 */ 1441 if (options != NULL) { 1442 for (prop = sa_get_property(options, NULL); 1443 prop != NULL; prop = sa_get_next_property(prop)) { 1444 /* 1445 * use this one since we skipped any 1446 * of these that were also in 1447 * optdefault 1448 */ 1449 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1450 prop, sep)) 1451 sep = 1; 1452 if (buff == NULL) { 1453 /* 1454 * buff could become NULL if there 1455 * isn't enough memory for 1456 * nfs_sprint_option to realloc() 1457 * as necessary. We can't really 1458 * do anything about it at this 1459 * point so we return NULL. The 1460 * caller should handle the 1461 * failure. 1462 */ 1463 if (options != NULL) 1464 sa_free_derived_optionset( 1465 options); 1466 return (buff); 1467 } 1468 } 1469 } 1470 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1471 "nfs", hier); 1472 if (secoptions != NULL) { 1473 for (secprop = sa_get_property(secoptions, NULL); 1474 secprop != NULL; 1475 secprop = sa_get_next_property(secprop)) { 1476 sectype = sa_get_property_attr(secprop, "type"); 1477 security = 1478 (sa_security_t)sa_get_derived_security( 1479 group, sectype, "nfs", hier); 1480 if (security != NULL) { 1481 if (sectype != NULL) { 1482 prop = sa_create_property( 1483 "sec", sectype); 1484 if (prop == NULL) 1485 goto err; 1486 if (nfs_sprint_option(&buff, 1487 &buffsize, OPT_CHUNK, prop, sep)) 1488 sep = 1; 1489 (void) sa_remove_property(prop); 1490 if (buff == NULL) 1491 goto err; 1492 } 1493 for (prop = sa_get_property(security, 1494 NULL); prop != NULL; 1495 prop = sa_get_next_property(prop)) { 1496 if (nfs_sprint_option(&buff, 1497 &buffsize, OPT_CHUNK, prop, sep)) 1498 sep = 1; 1499 if (buff == NULL) 1500 goto err; 1501 } 1502 sa_free_derived_optionset(security); 1503 } 1504 if (sectype != NULL) 1505 sa_free_attr_string(sectype); 1506 } 1507 sa_free_derived_optionset(secoptions); 1508 } 1509 1510 if (options != NULL) 1511 sa_free_derived_optionset(options); 1512 return (buff); 1513 1514 err: 1515 /* 1516 * If we couldn't allocate memory for option printing, we need 1517 * to break out of the nested loops, cleanup and return NULL. 1518 */ 1519 if (secoptions != NULL) 1520 sa_free_derived_optionset(secoptions); 1521 if (security != NULL) 1522 sa_free_derived_optionset(security); 1523 if (sectype != NULL) 1524 sa_free_attr_string(sectype); 1525 if (options != NULL) 1526 sa_free_derived_optionset(options); 1527 return (NULL); 1528 } 1529 1530 /* 1531 * Append an entry to the nfslogtab file 1532 */ 1533 static int 1534 nfslogtab_add(dir, buffer, tag) 1535 char *dir, *buffer, *tag; 1536 { 1537 FILE *f; 1538 struct logtab_ent lep; 1539 int error = 0; 1540 1541 /* 1542 * Open the file for update and create it if necessary. 1543 * This may leave the I/O offset at the end of the file, 1544 * so rewind back to the beginning of the file. 1545 */ 1546 f = fopen(NFSLOGTAB, "a+"); 1547 if (f == NULL) { 1548 error = errno; 1549 goto out; 1550 } 1551 rewind(f); 1552 1553 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1554 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1555 "share complete, however failed to lock %s " 1556 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1557 error = -1; 1558 goto out; 1559 } 1560 1561 if (logtab_deactivate_after_boot(f) == -1) { 1562 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1563 "share complete, however could not deactivate " 1564 "entries in %s\n"), NFSLOGTAB); 1565 error = -1; 1566 goto out; 1567 } 1568 1569 /* 1570 * Remove entries matching buffer and sharepoint since we're 1571 * going to replace it with perhaps an entry with a new tag. 1572 */ 1573 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1574 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1575 "share complete, however could not remove matching " 1576 "entries in %s\n"), NFSLOGTAB); 1577 error = -1; 1578 goto out; 1579 } 1580 1581 /* 1582 * Deactivate all active entries matching this sharepoint 1583 */ 1584 if (logtab_deactivate(f, NULL, dir, NULL)) { 1585 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1586 "share complete, however could not deactivate matching " 1587 "entries in %s\n"), NFSLOGTAB); 1588 error = -1; 1589 goto out; 1590 } 1591 1592 lep.le_buffer = buffer; 1593 lep.le_path = dir; 1594 lep.le_tag = tag; 1595 lep.le_state = LES_ACTIVE; 1596 1597 /* 1598 * Add new sharepoint / buffer location to nfslogtab 1599 */ 1600 if (logtab_putent(f, &lep) < 0) { 1601 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1602 "share complete, however could not add %s to %s\n"), 1603 dir, NFSLOGTAB); 1604 error = -1; 1605 } 1606 1607 out: 1608 if (f != NULL) 1609 (void) fclose(f); 1610 return (error); 1611 } 1612 1613 /* 1614 * Deactivate an entry from the nfslogtab file 1615 */ 1616 static int 1617 nfslogtab_deactivate(path) 1618 char *path; 1619 { 1620 FILE *f; 1621 int error = 0; 1622 1623 f = fopen(NFSLOGTAB, "r+"); 1624 if (f == NULL) { 1625 error = errno; 1626 goto out; 1627 } 1628 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1629 error = errno; 1630 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1631 "share complete, however could not lock %s for " 1632 "update: %s\n"), NFSLOGTAB, strerror(error)); 1633 goto out; 1634 } 1635 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1636 error = -1; 1637 (void) fprintf(stderr, 1638 dgettext(TEXT_DOMAIN, 1639 "share complete, however could not " 1640 "deactivate %s in %s\n"), path, NFSLOGTAB); 1641 goto out; 1642 } 1643 1644 out: if (f != NULL) 1645 (void) fclose(f); 1646 1647 return (error); 1648 } 1649 1650 /* 1651 * check_public(group, skipshare) 1652 * 1653 * Check the group for any shares that have the public property 1654 * enabled. We skip "skipshare" since that is the one we are 1655 * working with. This is a separate function to make handling 1656 * subgroups simpler. Returns true if there is a share with public. 1657 */ 1658 static int 1659 check_public(sa_group_t group, sa_share_t skipshare) 1660 { 1661 int exists = B_FALSE; 1662 sa_share_t share; 1663 sa_optionset_t opt; 1664 sa_property_t prop; 1665 char *shared; 1666 1667 for (share = sa_get_share(group, NULL); share != NULL; 1668 share = sa_get_next_share(share)) { 1669 if (share == skipshare) 1670 continue; 1671 1672 opt = sa_get_optionset(share, "nfs"); 1673 if (opt == NULL) 1674 continue; 1675 prop = sa_get_property(opt, "public"); 1676 if (prop == NULL) 1677 continue; 1678 shared = sa_get_share_attr(share, "shared"); 1679 if (shared != NULL) { 1680 exists = strcmp(shared, "true") == 0; 1681 sa_free_attr_string(shared); 1682 if (exists == B_TRUE) 1683 break; 1684 } 1685 } 1686 1687 return (exists); 1688 } 1689 1690 /* 1691 * public_exists(handle, share) 1692 * 1693 * check to see if public option is set on any other share than the 1694 * one specified. Need to check zfs sub-groups as well as the top 1695 * level groups. 1696 */ 1697 static int 1698 public_exists(sa_handle_t handle, sa_share_t skipshare) 1699 { 1700 sa_group_t group = NULL; 1701 1702 /* 1703 * If we don't have a handle, we can only do syntax check. We 1704 * can't check against other shares so we assume OK and will 1705 * catch the problem only when we actually try to apply it. 1706 */ 1707 if (handle == NULL) 1708 return (SA_OK); 1709 1710 if (skipshare != NULL) { 1711 group = sa_get_parent_group(skipshare); 1712 if (group == NULL) 1713 return (SA_NO_SUCH_GROUP); 1714 } 1715 1716 for (group = sa_get_group(handle, NULL); group != NULL; 1717 group = sa_get_next_group(group)) { 1718 /* Walk any ZFS subgroups as well as all standard groups */ 1719 if (sa_group_is_zfs(group)) { 1720 sa_group_t subgroup; 1721 for (subgroup = sa_get_sub_group(group); 1722 subgroup != NULL; 1723 subgroup = sa_get_next_group(subgroup)) { 1724 if (check_public(subgroup, skipshare)) 1725 return (B_TRUE); 1726 } 1727 } else { 1728 if (check_public(group, skipshare)) 1729 return (B_TRUE); 1730 } 1731 } 1732 return (B_FALSE); 1733 } 1734 1735 /* 1736 * sa_enable_share at the protocol level, enable_share must tell the 1737 * implementation that it is to enable the share. This entails 1738 * converting the path and options into the appropriate ioctl 1739 * calls. It is assumed that all error checking of paths, etc. were 1740 * done earlier. 1741 */ 1742 static int 1743 nfs_enable_share(sa_share_t share) 1744 { 1745 struct exportdata export; 1746 sa_optionset_t secoptlist; 1747 struct secinfo *sp; 1748 int num_secinfo; 1749 sa_optionset_t opt; 1750 sa_security_t sec; 1751 sa_property_t prop; 1752 char *path; 1753 int err = SA_OK; 1754 int i; 1755 int iszfs; 1756 sa_handle_t handle; 1757 1758 /* Don't drop core if the NFS module isn't loaded. */ 1759 (void) signal(SIGSYS, SIG_IGN); 1760 1761 /* get the path since it is important in several places */ 1762 path = sa_get_share_attr(share, "path"); 1763 if (path == NULL) 1764 return (SA_NO_SUCH_PATH); 1765 1766 iszfs = sa_path_is_zfs(path); 1767 /* 1768 * find the optionsets and security sets. There may not be 1769 * any or there could be one or two for each of optionset and 1770 * security may have multiple, one per security type per 1771 * protocol type. 1772 */ 1773 opt = sa_get_derived_optionset(share, "nfs", 1); 1774 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1775 if (secoptlist != NULL) 1776 num_secinfo = MAX(1, count_security(secoptlist)); 1777 else 1778 num_secinfo = 1; 1779 1780 /* 1781 * walk through the options and fill in the structure 1782 * appropriately. 1783 */ 1784 1785 (void) memset(&export, '\0', sizeof (export)); 1786 1787 /* 1788 * do non-security options first since there is only one after 1789 * the derived group is constructed. 1790 */ 1791 export.ex_version = EX_CURRENT_VERSION; 1792 export.ex_anon = UID_NOBODY; /* this is our default value */ 1793 export.ex_index = NULL; 1794 export.ex_path = path; 1795 export.ex_pathlen = strlen(path) + 1; 1796 1797 if (opt != NULL) 1798 err = fill_export_from_optionset(&export, opt); 1799 1800 /* 1801 * check to see if "public" is set. If it is, then make sure 1802 * no other share has it set. If it is already used, fail. 1803 */ 1804 1805 handle = sa_find_group_handle((sa_group_t)share); 1806 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) { 1807 (void) printf(dgettext(TEXT_DOMAIN, 1808 "NFS: Cannot share more than one file " 1809 "system with 'public' property\n")); 1810 err = SA_NOT_ALLOWED; 1811 goto out; 1812 } 1813 1814 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1815 if (sp == NULL) { 1816 err = SA_NO_MEMORY; 1817 (void) printf(dgettext(TEXT_DOMAIN, 1818 "NFS: NFS: no memory for security\n")); 1819 goto out; 1820 } 1821 export.ex_secinfo = sp; 1822 /* get default secinfo */ 1823 export.ex_seccnt = num_secinfo; 1824 /* 1825 * since we must have one security option defined, we 1826 * init to the default and then override as we find 1827 * defined security options. This handles the case 1828 * where we have no defined options but we need to set 1829 * up one. 1830 */ 1831 sp[0].s_window = DEF_WIN; 1832 sp[0].s_rootnames = NULL; 1833 /* setup a default in case no properties defined */ 1834 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1835 (void) printf(dgettext(TEXT_DOMAIN, 1836 "NFS: nfs_getseconfig_default: failed to " 1837 "get default security mode\n")); 1838 err = SA_CONFIG_ERR; 1839 } 1840 if (secoptlist != NULL) { 1841 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1842 prop != NULL && i < num_secinfo; 1843 prop = sa_get_next_property(prop), i++) { 1844 char *sectype; 1845 sectype = sa_get_property_attr(prop, "type"); 1846 /* 1847 * if sectype is NULL, we probably 1848 * have a memory problem and can't get 1849 * the correct values. Rather than 1850 * exporting with incorrect security, 1851 * don't share it. 1852 */ 1853 if (sectype == NULL) { 1854 err = SA_NO_MEMORY; 1855 (void) printf(dgettext(TEXT_DOMAIN, 1856 "NFS: Cannot share %s: " 1857 "no memory\n"), path); 1858 goto out; 1859 } 1860 sec = (sa_security_t)sa_get_derived_security( 1861 share, sectype, "nfs", 1); 1862 sp[i].s_window = DEF_WIN; 1863 sp[i].s_rootcnt = 0; 1864 sp[i].s_rootnames = NULL; 1865 (void) fill_security_from_secopts(&sp[i], sec); 1866 if (sec != NULL) 1867 sa_free_derived_security(sec); 1868 if (sectype != NULL) 1869 sa_free_attr_string(sectype); 1870 } 1871 } 1872 /* 1873 * when we get here, we can do the exportfs system call and 1874 * initiate thinsg. We probably want to enable the nfs.server 1875 * service first if it isn't running within SMF. 1876 */ 1877 /* check nfs.server status and start if needed */ 1878 /* now add the share to the internal tables */ 1879 printarg(path, &export); 1880 /* 1881 * call the exportfs system call which is implemented 1882 * via the nfssys() call as the EXPORTFS subfunction. 1883 */ 1884 if (iszfs) { 1885 struct exportfs_args ea; 1886 share_t sh; 1887 char *str; 1888 priv_set_t *priv_effective; 1889 int privileged; 1890 1891 /* 1892 * If we aren't a privileged user 1893 * and NFS server service isn't running 1894 * then print out an error message 1895 * and return EPERM 1896 */ 1897 1898 priv_effective = priv_allocset(); 1899 (void) getppriv(PRIV_EFFECTIVE, priv_effective); 1900 1901 privileged = (priv_isfullset(priv_effective) == B_TRUE); 1902 priv_freeset(priv_effective); 1903 1904 if (!privileged && 1905 (str = smf_get_state(NFS_SERVER_SVC)) != NULL) { 1906 err = 0; 1907 if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) { 1908 (void) printf(dgettext(TEXT_DOMAIN, 1909 "NFS: Cannot share remote " 1910 "filesystem: %s\n"), path); 1911 (void) printf(dgettext(TEXT_DOMAIN, 1912 "NFS: Service needs to be enabled " 1913 "by a privileged user\n")); 1914 err = SA_SYSTEM_ERR; 1915 errno = EPERM; 1916 } 1917 free(str); 1918 } 1919 1920 if (err == 0) { 1921 ea.dname = path; 1922 ea.uex = &export; 1923 1924 sa_sharetab_fill_zfs(share, &sh, "nfs"); 1925 err = sa_share_zfs(share, NULL, path, &sh, 1926 &ea, ZFS_SHARE_NFS); 1927 if (err != SA_OK) { 1928 errno = err; 1929 err = -1; 1930 } 1931 sa_emptyshare(&sh); 1932 } 1933 } else { 1934 err = exportfs(path, &export); 1935 } 1936 1937 if (err < 0) { 1938 err = SA_SYSTEM_ERR; 1939 switch (errno) { 1940 case EREMOTE: 1941 (void) printf(dgettext(TEXT_DOMAIN, 1942 "NFS: Cannot share filesystems " 1943 "in non-global zones: %s\n"), path); 1944 err = SA_NOT_SUPPORTED; 1945 break; 1946 case EPERM: 1947 if (getzoneid() != GLOBAL_ZONEID) { 1948 (void) printf(dgettext(TEXT_DOMAIN, 1949 "NFS: Cannot share file systems " 1950 "in non-global zones: %s\n"), path); 1951 err = SA_NOT_SUPPORTED; 1952 break; 1953 } 1954 err = SA_NO_PERMISSION; 1955 /* FALLTHROUGH */ 1956 default: 1957 break; 1958 } 1959 } else { 1960 /* update sharetab with an add/modify */ 1961 if (!iszfs) { 1962 (void) sa_update_sharetab(share, "nfs"); 1963 } 1964 } 1965 1966 if (err == SA_OK) { 1967 /* 1968 * enable services as needed. This should probably be 1969 * done elsewhere in order to minimize the calls to 1970 * check services. 1971 */ 1972 /* 1973 * check to see if logging and other services need to 1974 * be triggered, but only if there wasn't an 1975 * error. This is probably where sharetab should be 1976 * updated with the NFS specific entry. 1977 */ 1978 if (export.ex_flags & EX_LOG) { 1979 /* enable logging */ 1980 if (nfslogtab_add(path, export.ex_log_buffer, 1981 export.ex_tag) != 0) { 1982 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1983 "Could not enable logging for %s\n"), 1984 path); 1985 } 1986 _check_services(service_list_logging); 1987 } else { 1988 /* 1989 * don't have logging so remove it from file. It might 1990 * not be thre, but that doesn't matter. 1991 */ 1992 (void) nfslogtab_deactivate(path); 1993 _check_services(service_list_default); 1994 } 1995 } 1996 1997 out: 1998 if (path != NULL) 1999 free(path); 2000 2001 cleanup_export(&export); 2002 if (opt != NULL) 2003 sa_free_derived_optionset(opt); 2004 if (secoptlist != NULL) 2005 (void) sa_destroy_optionset(secoptlist); 2006 return (err); 2007 } 2008 2009 /* 2010 * nfs_disable_share(share, path) 2011 * 2012 * Unshare the specified share. Note that "path" is the same path as 2013 * what is in the "share" object. It is passed in to avoid an 2014 * additional lookup. A missing "path" value makes this a no-op 2015 * function. 2016 */ 2017 static int 2018 nfs_disable_share(sa_share_t share, char *path) 2019 { 2020 int err; 2021 int ret = SA_OK; 2022 int iszfs; 2023 sa_group_t parent; 2024 sa_handle_t handle; 2025 2026 if (path == NULL) 2027 return (ret); 2028 2029 /* 2030 * If the share is in a ZFS group we need to handle it 2031 * differently. Just being on a ZFS file system isn't 2032 * enough since we may be in a legacy share case. 2033 */ 2034 parent = sa_get_parent_group(share); 2035 iszfs = sa_group_is_zfs(parent); 2036 if (iszfs) { 2037 struct exportfs_args ea; 2038 share_t sh = { 0 }; 2039 ea.dname = path; 2040 ea.uex = NULL; 2041 sh.sh_path = path; 2042 sh.sh_fstype = "nfs"; 2043 2044 err = sa_share_zfs(share, NULL, path, &sh, 2045 &ea, ZFS_UNSHARE_NFS); 2046 if (err != SA_OK) { 2047 errno = err; 2048 err = -1; 2049 } 2050 } else { 2051 err = exportfs(path, NULL); 2052 } 2053 if (err < 0) { 2054 /* 2055 * TBD: only an error in some 2056 * cases - need better analysis 2057 */ 2058 switch (errno) { 2059 case EPERM: 2060 case EACCES: 2061 ret = SA_NO_PERMISSION; 2062 if (getzoneid() != GLOBAL_ZONEID) { 2063 ret = SA_NOT_SUPPORTED; 2064 } 2065 break; 2066 case EINVAL: 2067 case ENOENT: 2068 ret = SA_NO_SUCH_PATH; 2069 break; 2070 default: 2071 ret = SA_SYSTEM_ERR; 2072 break; 2073 } 2074 } 2075 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 2076 handle = sa_find_group_handle((sa_group_t)share); 2077 if (!iszfs) 2078 (void) sa_delete_sharetab(handle, path, "nfs"); 2079 /* just in case it was logged */ 2080 (void) nfslogtab_deactivate(path); 2081 } 2082 return (ret); 2083 } 2084 2085 /* 2086 * check_rorwnone(v1, v2, v3) 2087 * 2088 * check ro vs rw vs none values. Over time this may get beefed up. 2089 * for now it just does simple checks. v1 is never NULL but v2 or v3 2090 * could be. 2091 */ 2092 2093 static int 2094 check_rorwnone(char *v1, char *v2, char *v3) 2095 { 2096 int ret = SA_OK; 2097 if (v2 != NULL && strcmp(v1, v2) == 0) 2098 ret = SA_VALUE_CONFLICT; 2099 else if (v3 != NULL && strcmp(v1, v3) == 0) 2100 ret = SA_VALUE_CONFLICT; 2101 2102 return (ret); 2103 } 2104 2105 /* 2106 * nfs_validate_property(handle, property, parent) 2107 * 2108 * Check that the property has a legitimate value for its type. 2109 */ 2110 2111 static int 2112 nfs_validate_property(sa_handle_t handle, sa_property_t property, 2113 sa_optionset_t parent) 2114 { 2115 int ret = SA_OK; 2116 char *propname; 2117 char *other1; 2118 char *other2; 2119 int optindex; 2120 nfsl_config_t *configlist; 2121 sa_group_t parent_group; 2122 char *value; 2123 2124 propname = sa_get_property_attr(property, "type"); 2125 2126 if ((optindex = findopt(propname)) < 0) 2127 ret = SA_NO_SUCH_PROP; 2128 2129 /* need to validate value range here as well */ 2130 2131 if (ret == SA_OK) { 2132 parent_group = sa_get_parent_group((sa_share_t)parent); 2133 if (optdefs[optindex].share && parent_group != NULL && 2134 !sa_is_share(parent_group)) 2135 ret = SA_PROP_SHARE_ONLY; 2136 } 2137 if (ret == SA_OK) { 2138 if (optdefs[optindex].index == OPT_PUBLIC) { 2139 /* 2140 * Public is special in that only one instance can 2141 * be in the repository at the same time. 2142 */ 2143 if (public_exists(handle, parent_group)) { 2144 sa_free_attr_string(propname); 2145 return (SA_VALUE_CONFLICT); 2146 } 2147 } 2148 value = sa_get_property_attr(property, "value"); 2149 if (value != NULL) { 2150 /* first basic type checking */ 2151 switch (optdefs[optindex].type) { 2152 case OPT_TYPE_NUMBER: 2153 /* check that the value is all digits */ 2154 if (!is_a_number(value)) 2155 ret = SA_BAD_VALUE; 2156 break; 2157 case OPT_TYPE_BOOLEAN: 2158 if (strlen(value) == 0 || 2159 strcasecmp(value, "true") == 0 || 2160 strcmp(value, "1") == 0 || 2161 strcasecmp(value, "false") == 0 || 2162 strcmp(value, "0") == 0) { 2163 ret = SA_OK; 2164 } else { 2165 ret = SA_BAD_VALUE; 2166 } 2167 break; 2168 case OPT_TYPE_USER: 2169 if (!is_a_number(value)) { 2170 struct passwd *pw; 2171 /* 2172 * in this case it would have to be a 2173 * user name 2174 */ 2175 pw = getpwnam(value); 2176 if (pw == NULL) 2177 ret = SA_BAD_VALUE; 2178 endpwent(); 2179 } else { 2180 uint64_t intval; 2181 intval = strtoull(value, NULL, 0); 2182 if (intval > UID_MAX && intval != ~0) 2183 ret = SA_BAD_VALUE; 2184 } 2185 break; 2186 case OPT_TYPE_FILE: 2187 if (strcmp(value, "..") == 0 || 2188 strchr(value, '/') != NULL) { 2189 ret = SA_BAD_VALUE; 2190 } 2191 break; 2192 case OPT_TYPE_ACCLIST: { 2193 sa_property_t oprop1; 2194 sa_property_t oprop2; 2195 char *ovalue1 = NULL; 2196 char *ovalue2 = NULL; 2197 2198 if (parent == NULL) 2199 break; 2200 /* 2201 * access list handling. Should eventually 2202 * validate that all the values make sense. 2203 * Also, ro and rw may have cross value 2204 * conflicts. 2205 */ 2206 if (strcmp(propname, SHOPT_RO) == 0) { 2207 other1 = SHOPT_RW; 2208 other2 = SHOPT_NONE; 2209 } else if (strcmp(propname, SHOPT_RW) == 0) { 2210 other1 = SHOPT_RO; 2211 other2 = SHOPT_NONE; 2212 } else if (strcmp(propname, SHOPT_NONE) == 0) { 2213 other1 = SHOPT_RO; 2214 other2 = SHOPT_RW; 2215 } else { 2216 other1 = NULL; 2217 other2 = NULL; 2218 } 2219 if (other1 == NULL && other2 == NULL) 2220 break; 2221 2222 /* compare rw(ro) with ro(rw) */ 2223 2224 oprop1 = sa_get_property(parent, other1); 2225 oprop2 = sa_get_property(parent, other2); 2226 if (oprop1 == NULL && oprop2 == NULL) 2227 break; 2228 /* 2229 * Only potential confusion if other1 2230 * or other2 exists. Check the values 2231 * and run the check if there is a 2232 * value other than the one we are 2233 * explicitly looking at. 2234 */ 2235 ovalue1 = sa_get_property_attr(oprop1, "value"); 2236 ovalue2 = sa_get_property_attr(oprop2, "value"); 2237 if (ovalue1 != NULL || ovalue2 != NULL) 2238 ret = check_rorwnone(value, ovalue1, 2239 ovalue2); 2240 2241 if (ovalue1 != NULL) 2242 sa_free_attr_string(ovalue1); 2243 if (ovalue2 != NULL) 2244 sa_free_attr_string(ovalue2); 2245 break; 2246 } 2247 case OPT_TYPE_LOGTAG: 2248 if (nfsl_getconfig_list(&configlist) == 0) { 2249 int error; 2250 if (value == NULL || 2251 strlen(value) == 0) { 2252 if (value != NULL) 2253 sa_free_attr_string( 2254 value); 2255 value = strdup("global"); 2256 } 2257 if (value != NULL && 2258 nfsl_findconfig(configlist, value, 2259 &error) == NULL) { 2260 ret = SA_BAD_VALUE; 2261 } 2262 /* Must always free when done */ 2263 nfsl_freeconfig_list(&configlist); 2264 } else { 2265 ret = SA_CONFIG_ERR; 2266 } 2267 break; 2268 case OPT_TYPE_STRING: 2269 /* whatever is here should be ok */ 2270 break; 2271 case OPT_TYPE_SECURITY: 2272 /* 2273 * The "sec" property isn't used in the 2274 * non-legacy parts of sharemgr. We need to 2275 * reject it here. For legacy, it is pulled 2276 * out well before we get here. 2277 */ 2278 ret = SA_NO_SUCH_PROP; 2279 break; 2280 default: 2281 break; 2282 } 2283 2284 if (value != NULL) 2285 sa_free_attr_string(value); 2286 2287 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2288 /* do the property specific check */ 2289 ret = optdefs[optindex].check(handle, property); 2290 } 2291 } 2292 } 2293 2294 if (propname != NULL) 2295 sa_free_attr_string(propname); 2296 return (ret); 2297 } 2298 2299 /* 2300 * Protocol management functions 2301 * 2302 * Properties defined in the default files are defined in 2303 * proto_option_defs for parsing and validation. If "other" and 2304 * "compare" are set, then the value for this property should be 2305 * compared against the property specified in "other" using the 2306 * "compare" check (either <= or >=) in order to ensure that the 2307 * values are in the correct range. E.g. setting server_versmin 2308 * higher than server_versmax should not be allowed. 2309 */ 2310 2311 struct proto_option_defs { 2312 char *tag; 2313 char *name; /* display name -- remove protocol identifier */ 2314 int index; 2315 int type; 2316 union { 2317 int intval; 2318 char *string; 2319 } defvalue; 2320 uint32_t svcs; 2321 int32_t minval; 2322 int32_t maxval; 2323 char *file; 2324 char *other; 2325 int compare; 2326 #define OPT_CMP_GE 0 2327 #define OPT_CMP_LE 1 2328 int (*check)(char *); 2329 } proto_options[] = { 2330 #define PROTO_OPT_NFSD_SERVERS 0 2331 {"nfsd_servers", 2332 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD, 2333 1, INT32_MAX, NFSADMIN}, 2334 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2335 {"lockd_listen_backlog", 2336 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2337 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX, NFSADMIN}, 2338 #define PROTO_OPT_LOCKD_SERVERS 2 2339 {"lockd_servers", 2340 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20, 2341 SVC_LOCKD, 1, INT32_MAX, NFSADMIN}, 2342 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2343 {"lockd_retransmit_timeout", 2344 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2345 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2346 #define PROTO_OPT_GRACE_PERIOD 4 2347 {"grace_period", 2348 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90, 2349 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2350 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2351 {"nfs_server_versmin", 2352 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER, 2353 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2354 NFS_VERSMAX, NFSADMIN, "server_versmax", OPT_CMP_LE}, 2355 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2356 {"nfs_server_versmax", 2357 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER, 2358 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2359 NFS_VERSMAX, NFSADMIN, "server_versmin", OPT_CMP_GE}, 2360 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2361 {"nfs_client_versmin", 2362 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER, 2363 (int)NFS_VERSMIN_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2364 NFSADMIN, "client_versmax", OPT_CMP_LE}, 2365 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2366 {"nfs_client_versmax", 2367 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER, 2368 (int)NFS_VERSMAX_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2369 NFSADMIN, "client_versmin", OPT_CMP_GE}, 2370 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2371 {"nfs_server_delegation", 2372 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION, 2373 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0, 2374 NFSADMIN}, 2375 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2376 {"nfsmapid_domain", 2377 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN, 2378 NULL, SVC_NFSMAPID, 0, 0, NFSADMIN}, 2379 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2380 {"nfsd_max_connections", 2381 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS, 2382 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX, NFSADMIN}, 2383 #define PROTO_OPT_NFSD_PROTOCOL 12 2384 {"nfsd_protocol", 2385 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0, 2386 SVC_NFSD, 0, 0, NFSADMIN}, 2387 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2388 {"nfsd_listen_backlog", 2389 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG, 2390 OPT_TYPE_NUMBER, 0, 2391 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2392 {NULL} 2393 }; 2394 2395 /* 2396 * the protoset holds the defined options so we don't have to read 2397 * them multiple times 2398 */ 2399 static sa_protocol_properties_t protoset; 2400 2401 static int 2402 findprotoopt(char *name, int whichname) 2403 { 2404 int i; 2405 for (i = 0; proto_options[i].tag != NULL; i++) { 2406 if (whichname == 1) { 2407 if (strcasecmp(proto_options[i].name, name) == 0) 2408 return (i); 2409 } else { 2410 if (strcasecmp(proto_options[i].tag, name) == 0) 2411 return (i); 2412 } 2413 } 2414 return (-1); 2415 } 2416 2417 /* 2418 * fixcaselower(str) 2419 * 2420 * convert a string to lower case (inplace). 2421 */ 2422 2423 static void 2424 fixcaselower(char *str) 2425 { 2426 while (*str) { 2427 *str = tolower(*str); 2428 str++; 2429 } 2430 } 2431 2432 /* 2433 * fixcaseupper(str) 2434 * 2435 * convert a string to upper case (inplace). 2436 */ 2437 2438 static void 2439 fixcaseupper(char *str) 2440 { 2441 while (*str) { 2442 *str = toupper(*str); 2443 str++; 2444 } 2445 } 2446 2447 /* 2448 * skipwhitespace(str) 2449 * 2450 * Skip leading white space. It is assumed that it is called with a 2451 * valid pointer. 2452 */ 2453 2454 static char * 2455 skipwhitespace(char *str) 2456 { 2457 while (*str && isspace(*str)) 2458 str++; 2459 2460 return (str); 2461 } 2462 2463 /* 2464 * extractprop() 2465 * 2466 * Extract the property and value out of the line and create the 2467 * property in the optionset. 2468 */ 2469 static int 2470 extractprop(char *name, char *value) 2471 { 2472 sa_property_t prop; 2473 int index; 2474 int ret = SA_OK; 2475 /* 2476 * Remove any leading 2477 * white space. 2478 */ 2479 name = skipwhitespace(name); 2480 2481 index = findprotoopt(name, 0); 2482 if (index >= 0) { 2483 fixcaselower(name); 2484 prop = sa_create_property(proto_options[index].name, value); 2485 if (prop != NULL) 2486 ret = sa_add_protocol_property(protoset, prop); 2487 else 2488 ret = SA_NO_MEMORY; 2489 } 2490 return (ret); 2491 } 2492 2493 /* 2494 * initprotofromdefault() 2495 * 2496 * Read the default file(s) and add the defined values to the 2497 * protoset. Note that default values are known from the built in 2498 * table in case the file doesn't have a definition. Not having the 2499 * /etc/default/nfs file is OK since we have builtin default 2500 * values. The default file will get constructed as needed if values 2501 * are changed from the defaults. 2502 */ 2503 2504 static int 2505 initprotofromdefault() 2506 { 2507 FILE *nfs; 2508 char buff[BUFSIZ]; 2509 char *name; 2510 char *value; 2511 int ret = SA_OK; 2512 2513 protoset = sa_create_protocol_properties("nfs"); 2514 2515 if (protoset != NULL) { 2516 nfs = fopen(NFSADMIN, "r"); 2517 if (nfs != NULL) { 2518 while (ret == SA_OK && 2519 fgets(buff, sizeof (buff), nfs) != NULL) { 2520 switch (buff[0]) { 2521 case '\n': 2522 case '#': 2523 /* skip */ 2524 break; 2525 default: 2526 name = buff; 2527 buff[strlen(buff) - 1] = '\0'; 2528 value = strchr(name, '='); 2529 if (value != NULL) { 2530 *value++ = '\0'; 2531 ret = extractprop(name, value); 2532 } 2533 } 2534 } 2535 (void) fclose(nfs); 2536 } else { 2537 switch (errno) { 2538 case EPERM: 2539 case EACCES: 2540 ret = SA_NO_PERMISSION; 2541 break; 2542 case ENOENT: 2543 break; 2544 default: 2545 ret = SA_SYSTEM_ERR; 2546 break; 2547 } 2548 } 2549 } else { 2550 ret = SA_NO_MEMORY; 2551 } 2552 return (ret); 2553 } 2554 2555 /* 2556 * add_defaults() 2557 * 2558 * Add the default values for any property not defined in the parsing 2559 * of the default files. Values are set according to their defined 2560 * types. 2561 */ 2562 2563 static void 2564 add_defaults() 2565 { 2566 int i; 2567 char number[MAXDIGITS]; 2568 2569 for (i = 0; proto_options[i].tag != NULL; i++) { 2570 sa_property_t prop; 2571 prop = sa_get_protocol_property(protoset, 2572 proto_options[i].name); 2573 if (prop == NULL) { 2574 /* add the default value */ 2575 switch (proto_options[i].type) { 2576 case OPT_TYPE_NUMBER: 2577 (void) snprintf(number, sizeof (number), "%d", 2578 proto_options[i].defvalue.intval); 2579 prop = sa_create_property(proto_options[i].name, 2580 number); 2581 break; 2582 2583 case OPT_TYPE_BOOLEAN: 2584 prop = sa_create_property(proto_options[i].name, 2585 proto_options[i].defvalue.intval ? 2586 "true" : "false"); 2587 break; 2588 2589 case OPT_TYPE_ONOFF: 2590 prop = sa_create_property(proto_options[i].name, 2591 proto_options[i].defvalue.intval ? 2592 "on" : "off"); 2593 break; 2594 2595 default: 2596 /* treat as strings of zero length */ 2597 prop = sa_create_property(proto_options[i].name, 2598 ""); 2599 break; 2600 } 2601 if (prop != NULL) 2602 (void) sa_add_protocol_property(protoset, prop); 2603 } 2604 } 2605 } 2606 2607 static void 2608 free_protoprops() 2609 { 2610 if (protoset != NULL) { 2611 xmlFreeNode(protoset); 2612 protoset = NULL; 2613 } 2614 } 2615 2616 /* 2617 * nfs_init() 2618 * 2619 * Initialize the NFS plugin. 2620 */ 2621 2622 static int 2623 nfs_init() 2624 { 2625 int ret = SA_OK; 2626 2627 if (sa_plugin_ops.sa_init != nfs_init) { 2628 (void) printf(dgettext(TEXT_DOMAIN, 2629 "NFS plugin not properly initialized\n")); 2630 return (SA_CONFIG_ERR); 2631 } 2632 2633 ret = initprotofromdefault(); 2634 if (ret != SA_OK) { 2635 (void) printf(dgettext(TEXT_DOMAIN, 2636 "NFS plugin problem with default file: %s\n"), 2637 sa_errorstr(ret)); 2638 ret = SA_OK; 2639 } 2640 add_defaults(); 2641 2642 return (ret); 2643 } 2644 2645 /* 2646 * nfs_fini() 2647 * 2648 * uninitialize the NFS plugin. Want to avoid memory leaks. 2649 */ 2650 2651 static void 2652 nfs_fini() 2653 { 2654 free_protoprops(); 2655 } 2656 2657 /* 2658 * nfs_get_proto_set() 2659 * 2660 * Return an optionset with all the protocol specific properties in 2661 * it. 2662 */ 2663 2664 static sa_protocol_properties_t 2665 nfs_get_proto_set() 2666 { 2667 return (protoset); 2668 } 2669 2670 struct deffile { 2671 struct deffile *next; 2672 char *line; 2673 }; 2674 2675 /* 2676 * read_default_file(fname) 2677 * 2678 * Read the specified default file. We return a list of entries. This 2679 * get used for adding or removing values. 2680 */ 2681 2682 static struct deffile * 2683 read_default_file(char *fname) 2684 { 2685 FILE *file; 2686 struct deffile *defs = NULL; 2687 struct deffile *newdef; 2688 struct deffile *prevdef = NULL; 2689 char buff[BUFSIZ * 2]; 2690 2691 file = fopen(fname, "r"); 2692 if (file != NULL) { 2693 while (fgets(buff, sizeof (buff), file) != NULL) { 2694 newdef = (struct deffile *)calloc(1, 2695 sizeof (struct deffile)); 2696 if (newdef != NULL) { 2697 /* Make sure we skip any leading whitespace. */ 2698 newdef->line = strdup(skipwhitespace(buff)); 2699 if (defs == NULL) { 2700 prevdef = defs = newdef; 2701 } else { 2702 prevdef->next = newdef; 2703 prevdef = newdef; 2704 } 2705 } 2706 } 2707 (void) fclose(file); 2708 } else { 2709 int ret = SA_OK; 2710 switch (errno) { 2711 case EPERM: 2712 case EACCES: 2713 ret = SA_NO_PERMISSION; 2714 break; 2715 case ENOENT: 2716 break; 2717 default: 2718 ret = SA_SYSTEM_ERR; 2719 break; 2720 } 2721 if (ret == SA_OK) { 2722 /* Want at least one comment line */ 2723 defs = (struct deffile *) 2724 calloc(1, sizeof (struct deffile)); 2725 defs->line = strdup("# NFS default file\n"); 2726 } 2727 } 2728 return (defs); 2729 } 2730 2731 static void 2732 free_default_file(struct deffile *defs) 2733 { 2734 struct deffile *curdefs = NULL; 2735 2736 while (defs != NULL) { 2737 curdefs = defs; 2738 defs = defs->next; 2739 if (curdefs->line != NULL) 2740 free(curdefs->line); 2741 free(curdefs); 2742 } 2743 } 2744 2745 /* 2746 * write_default_file(fname, defs) 2747 * 2748 * Write the default file back. 2749 */ 2750 2751 static int 2752 write_default_file(char *fname, struct deffile *defs) 2753 { 2754 FILE *file; 2755 int ret = SA_OK; 2756 sigset_t old, new; 2757 2758 file = fopen(fname, "w+"); 2759 if (file != NULL) { 2760 (void) sigprocmask(SIG_BLOCK, NULL, &new); 2761 (void) sigaddset(&new, SIGHUP); 2762 (void) sigaddset(&new, SIGINT); 2763 (void) sigaddset(&new, SIGQUIT); 2764 (void) sigaddset(&new, SIGTSTP); 2765 (void) sigprocmask(SIG_SETMASK, &new, &old); 2766 while (defs != NULL) { 2767 (void) fputs(defs->line, file); 2768 defs = defs->next; 2769 } 2770 (void) fsync(fileno(file)); 2771 (void) sigprocmask(SIG_SETMASK, &old, NULL); 2772 (void) fclose(file); 2773 } else { 2774 switch (errno) { 2775 case EPERM: 2776 case EACCES: 2777 ret = SA_NO_PERMISSION; 2778 break; 2779 default: 2780 ret = SA_SYSTEM_ERR; 2781 } 2782 } 2783 return (ret); 2784 } 2785 2786 2787 /* 2788 * set_default_file_value(tag, value) 2789 * 2790 * Set the default file value for tag to value. Then rewrite the file. 2791 * tag and value are always set. The caller must ensure this. 2792 */ 2793 2794 #define MAX_STRING_LENGTH 256 2795 static int 2796 set_default_file_value(char *tag, char *value) 2797 { 2798 int ret = SA_OK; 2799 struct deffile *root; 2800 struct deffile *defs; 2801 struct deffile *prev; 2802 char string[MAX_STRING_LENGTH]; 2803 int len; 2804 boolean_t update = B_FALSE; 2805 2806 (void) snprintf(string, MAX_STRING_LENGTH, "%s=", tag); 2807 len = strlen(string); 2808 2809 root = defs = read_default_file(NFSADMIN); 2810 if (root == NULL) { 2811 switch (errno) { 2812 case EPERM: 2813 case EACCES: 2814 ret = SA_NO_PERMISSION; 2815 break; 2816 default: 2817 ret = SA_NO_MEMORY; 2818 break; 2819 } 2820 return (ret); 2821 } 2822 2823 while (defs != NULL) { 2824 if (defs->line != NULL && 2825 strncasecmp(defs->line, string, len) == 0) { 2826 /* replace with the new value */ 2827 free(defs->line); 2828 fixcaseupper(tag); 2829 (void) snprintf(string, sizeof (string), 2830 "%s=%s\n", tag, value); 2831 string[MAX_STRING_LENGTH - 1] = '\0'; 2832 defs->line = strdup(string); 2833 update = B_TRUE; 2834 break; 2835 } 2836 defs = defs->next; 2837 } 2838 if (!update) { 2839 defs = root; 2840 /* didn't find, so see if it is a comment */ 2841 (void) snprintf(string, MAX_STRING_LENGTH, "#%s=", tag); 2842 len = strlen(string); 2843 while (defs != NULL) { 2844 if (strncasecmp(defs->line, string, len) == 0) { 2845 /* replace with the new value */ 2846 free(defs->line); 2847 fixcaseupper(tag); 2848 (void) snprintf(string, sizeof (string), 2849 "%s=%s\n", tag, value); 2850 string[MAX_STRING_LENGTH - 1] = '\0'; 2851 defs->line = strdup(string); 2852 update = B_TRUE; 2853 break; 2854 } 2855 defs = defs->next; 2856 } 2857 } 2858 if (!update) { 2859 fixcaseupper(tag); 2860 (void) snprintf(string, sizeof (string), "%s=%s\n", 2861 tag, value); 2862 prev = root; 2863 while (prev->next != NULL) 2864 prev = prev->next; 2865 defs = malloc(sizeof (struct deffile)); 2866 prev->next = defs; 2867 if (defs != NULL) { 2868 defs->next = NULL; 2869 defs->line = strdup(string); 2870 update = B_TRUE; 2871 } 2872 } 2873 if (update) { 2874 ret = write_default_file(NFSADMIN, root); 2875 } 2876 free_default_file(root); 2877 return (ret); 2878 } 2879 2880 /* 2881 * service_in_state(service, chkstate) 2882 * 2883 * Want to know if the specified service is in the desired state 2884 * (chkstate) or not. Return true (1) if it is and false (0) if it 2885 * isn't. 2886 */ 2887 static int 2888 service_in_state(char *service, const char *chkstate) 2889 { 2890 char *state; 2891 int ret = B_FALSE; 2892 2893 state = smf_get_state(service); 2894 if (state != NULL) { 2895 /* got the state so get the equality for the return value */ 2896 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 2897 free(state); 2898 } 2899 return (ret); 2900 } 2901 2902 /* 2903 * restart_service(svcs) 2904 * 2905 * Walk through the bit mask of services that need to be restarted in 2906 * order to use the new property values. Some properties affect 2907 * multiple daemons. Should only restart a service if it is currently 2908 * enabled (online). 2909 */ 2910 2911 static void 2912 restart_service(uint32_t svcs) 2913 { 2914 uint32_t mask; 2915 int ret; 2916 char *service; 2917 2918 for (mask = 1; svcs != 0; mask <<= 1) { 2919 switch (svcs & mask) { 2920 case SVC_LOCKD: 2921 service = LOCKD; 2922 break; 2923 case SVC_STATD: 2924 service = STATD; 2925 break; 2926 case SVC_NFSD: 2927 service = NFSD; 2928 break; 2929 case SVC_MOUNTD: 2930 service = MOUNTD; 2931 break; 2932 case SVC_NFS4CBD: 2933 service = NFS4CBD; 2934 break; 2935 case SVC_NFSMAPID: 2936 service = NFSMAPID; 2937 break; 2938 case SVC_RQUOTAD: 2939 service = RQUOTAD; 2940 break; 2941 case SVC_NFSLOGD: 2942 service = NFSLOGD; 2943 break; 2944 case SVC_REPARSED: 2945 service = REPARSED; 2946 break; 2947 default: 2948 continue; 2949 } 2950 2951 /* 2952 * Only attempt to restart the service if it is 2953 * currently running. In the future, it may be 2954 * desirable to use smf_refresh_instance if the NFS 2955 * services ever implement the refresh method. 2956 */ 2957 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 2958 ret = smf_restart_instance(service); 2959 /* 2960 * There are only a few SMF errors at this point, but 2961 * it is also possible that a bad value may have put 2962 * the service into maintenance if there wasn't an 2963 * SMF level error. 2964 */ 2965 if (ret != 0) { 2966 (void) fprintf(stderr, 2967 dgettext(TEXT_DOMAIN, 2968 "%s failed to restart: %s\n"), 2969 scf_strerror(scf_error())); 2970 } else { 2971 /* 2972 * Check whether it has gone to "maintenance" 2973 * mode or not. Maintenance implies something 2974 * went wrong. 2975 */ 2976 if (service_in_state(service, 2977 SCF_STATE_STRING_MAINT)) { 2978 (void) fprintf(stderr, 2979 dgettext(TEXT_DOMAIN, 2980 "%s failed to restart\n"), 2981 service); 2982 } 2983 } 2984 } 2985 svcs &= ~mask; 2986 } 2987 } 2988 2989 /* 2990 * nfs_minmax_check(name, value) 2991 * 2992 * Verify that the value for the property specified by index is valid 2993 * relative to the opposite value in the case of a min/max variable. 2994 * Currently, server_minvers/server_maxvers and 2995 * client_minvers/client_maxvers are the only ones to check. 2996 */ 2997 2998 static int 2999 nfs_minmax_check(int index, int value) 3000 { 3001 int val; 3002 char *pval; 3003 sa_property_t prop; 3004 sa_optionset_t opts; 3005 int ret = B_TRUE; 3006 3007 if (proto_options[index].other != NULL) { 3008 /* have a property to compare against */ 3009 opts = nfs_get_proto_set(); 3010 prop = sa_get_property(opts, proto_options[index].other); 3011 /* 3012 * If we don't find the property, assume default 3013 * values which will work since the max will be at the 3014 * max and the min at the min. 3015 */ 3016 if (prop != NULL) { 3017 pval = sa_get_property_attr(prop, "value"); 3018 if (pval != NULL) { 3019 val = strtoul(pval, NULL, 0); 3020 if (proto_options[index].compare == 3021 OPT_CMP_LE) { 3022 ret = value <= val ? B_TRUE : B_FALSE; 3023 } else if (proto_options[index].compare == 3024 OPT_CMP_GE) { 3025 ret = value >= val ? B_TRUE : B_FALSE; 3026 } 3027 sa_free_attr_string(pval); 3028 } 3029 } 3030 } 3031 return (ret); 3032 } 3033 3034 /* 3035 * nfs_validate_proto_prop(index, name, value) 3036 * 3037 * Verify that the property specified by name can take the new 3038 * value. This is a sanity check to prevent bad values getting into 3039 * the default files. All values need to be checked against what is 3040 * allowed by their defined type. If a type isn't explicitly defined 3041 * here, it is treated as a string. 3042 * 3043 * Note that OPT_TYPE_NUMBER will additionally check that the value is 3044 * within the range specified and potentially against another property 3045 * value as well as specified in the proto_options members other and 3046 * compare. 3047 */ 3048 3049 static int 3050 nfs_validate_proto_prop(int index, char *name, char *value) 3051 { 3052 int ret = SA_OK; 3053 char *cp; 3054 #ifdef lint 3055 name = name; 3056 #endif 3057 3058 switch (proto_options[index].type) { 3059 case OPT_TYPE_NUMBER: 3060 if (!is_a_number(value)) 3061 ret = SA_BAD_VALUE; 3062 else { 3063 int val; 3064 val = strtoul(value, NULL, 0); 3065 if (val < proto_options[index].minval || 3066 val > proto_options[index].maxval) 3067 ret = SA_BAD_VALUE; 3068 /* 3069 * For server_versmin/server_versmax and 3070 * client_versmin/client_versmax, the value of the 3071 * min(max) should be checked to be correct relative 3072 * to the current max(min). 3073 */ 3074 if (!nfs_minmax_check(index, val)) { 3075 ret = SA_BAD_VALUE; 3076 } 3077 } 3078 break; 3079 3080 case OPT_TYPE_DOMAIN: 3081 /* 3082 * needs to be a qualified domain so will have at 3083 * least one period and other characters on either 3084 * side of it. A zero length string is also allowed 3085 * and is the way to turn off the override. 3086 */ 3087 if (strlen(value) == 0) 3088 break; 3089 cp = strchr(value, '.'); 3090 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 3091 ret = SA_BAD_VALUE; 3092 break; 3093 3094 case OPT_TYPE_BOOLEAN: 3095 if (strlen(value) == 0 || 3096 strcasecmp(value, "true") == 0 || 3097 strcmp(value, "1") == 0 || 3098 strcasecmp(value, "false") == 0 || 3099 strcmp(value, "0") == 0) { 3100 ret = SA_OK; 3101 } else { 3102 ret = SA_BAD_VALUE; 3103 } 3104 break; 3105 3106 case OPT_TYPE_ONOFF: 3107 if (strcasecmp(value, "on") != 0 && 3108 strcasecmp(value, "off") != 0) { 3109 ret = SA_BAD_VALUE; 3110 } 3111 break; 3112 3113 case OPT_TYPE_PROTOCOL: 3114 if (strlen(value) != 0 && 3115 strcasecmp(value, "all") != 0 && 3116 strcasecmp(value, "tcp") != 0 && 3117 strcasecmp(value, "udp") != 0) 3118 ret = SA_BAD_VALUE; 3119 break; 3120 3121 default: 3122 /* treat as a string */ 3123 break; 3124 } 3125 return (ret); 3126 } 3127 3128 /* 3129 * nfs_set_proto_prop(prop) 3130 * 3131 * check that prop is valid. 3132 */ 3133 3134 static int 3135 nfs_set_proto_prop(sa_property_t prop) 3136 { 3137 int ret = SA_OK; 3138 char *name; 3139 char *value; 3140 3141 name = sa_get_property_attr(prop, "type"); 3142 value = sa_get_property_attr(prop, "value"); 3143 if (name != NULL && value != NULL) { 3144 int index = findprotoopt(name, 1); 3145 if (index >= 0) { 3146 /* should test for valid value */ 3147 ret = nfs_validate_proto_prop(index, name, value); 3148 if (ret == SA_OK) 3149 ret = set_default_file_value( 3150 proto_options[index].tag, value); 3151 if (ret == SA_OK) 3152 restart_service(proto_options[index].svcs); 3153 } 3154 } 3155 if (name != NULL) 3156 sa_free_attr_string(name); 3157 if (value != NULL) 3158 sa_free_attr_string(value); 3159 return (ret); 3160 } 3161 3162 /* 3163 * nfs_get_status() 3164 * 3165 * What is the current status of the nfsd? We use the SMF state here. 3166 * Caller must free the returned value. 3167 */ 3168 3169 static char * 3170 nfs_get_status() 3171 { 3172 char *state; 3173 state = smf_get_state(NFSD); 3174 return (state != NULL ? state : strdup("-")); 3175 } 3176 3177 /* 3178 * nfs_space_alias(alias) 3179 * 3180 * Lookup the space (security) name. If it is default, convert to the 3181 * real name. 3182 */ 3183 3184 static char * 3185 nfs_space_alias(char *space) 3186 { 3187 char *name = space; 3188 seconfig_t secconf; 3189 3190 /* 3191 * Only the space named "default" is special. If it is used, 3192 * the default needs to be looked up and the real name used. 3193 * This is normally "sys" but could be changed. We always 3194 * change defautl to the real name. 3195 */ 3196 if (strcmp(space, "default") == 0 && 3197 nfs_getseconfig_default(&secconf) == 0) { 3198 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 3199 name = secconf.sc_name; 3200 } 3201 return (strdup(name)); 3202 } 3203 3204 /* 3205 * nfs_features() 3206 * 3207 * Return a mask of the features required. 3208 */ 3209 3210 static uint64_t 3211 nfs_features() 3212 { 3213 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER); 3214 } 3215