1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * NFS specific functions 31 */ 32 #include <stdio.h> 33 #include <string.h> 34 #include <ctype.h> 35 #include <stdlib.h> 36 #include <unistd.h> 37 #include <zone.h> 38 #include <errno.h> 39 #include <locale.h> 40 #include <signal.h> 41 #include "libshare.h" 42 #include "libshare_impl.h" 43 #include <nfs/export.h> 44 #include <pwd.h> 45 #include <limits.h> 46 #include <libscf.h> 47 #include "nfslog_config.h" 48 #include "nfslogtab.h" 49 #include "libshare_nfs.h" 50 #include <rpcsvc/daemon_utils.h> 51 #include <nfs/nfs.h> 52 53 /* should really be in some global place */ 54 #define DEF_WIN 30000 55 #define OPT_CHUNK 1024 56 57 int debug = 0; 58 59 60 /* internal functions */ 61 static int nfs_init(); 62 static void nfs_fini(); 63 static int nfs_enable_share(sa_share_t); 64 static int nfs_disable_share(char *); 65 static int nfs_validate_property(sa_property_t, sa_optionset_t); 66 static int nfs_validate_security_mode(char *); 67 static int nfs_is_security_opt(char *); 68 static int nfs_parse_legacy_options(sa_group_t, char *); 69 static char *nfs_format_options(sa_group_t, int); 70 static int nfs_set_proto_prop(sa_property_t); 71 static sa_protocol_properties_t nfs_get_proto_set(); 72 static char *nfs_get_status(); 73 static char *nfs_space_alias(char *); 74 75 /* 76 * ops vector that provides the protocol specific info and operations 77 * for share management. 78 */ 79 80 struct sa_plugin_ops sa_plugin_ops = { 81 SA_PLUGIN_VERSION, 82 "nfs", 83 nfs_init, 84 nfs_fini, 85 nfs_enable_share, 86 nfs_disable_share, 87 nfs_validate_property, 88 nfs_validate_security_mode, 89 nfs_is_security_opt, 90 nfs_parse_legacy_options, 91 nfs_format_options, 92 nfs_set_proto_prop, 93 nfs_get_proto_set, 94 nfs_get_status, 95 nfs_space_alias, 96 NULL, 97 NULL 98 }; 99 100 /* 101 * list of support services needed 102 * defines should come from head/rpcsvc/daemon_utils.h 103 */ 104 105 static char *service_list_default[] = 106 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NULL }; 107 static char *service_list_logging[] = 108 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, NULL }; 109 110 /* 111 * option definitions. Make sure to keep the #define for the option 112 * index just before the entry it is the index for. Changing the order 113 * can cause breakage. E.g OPT_RW is index 1 and must precede the 114 * line that includes the SHOPT_RW and OPT_RW entries. 115 */ 116 117 struct option_defs optdefs[] = { 118 #define OPT_RO 0 119 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST}, 120 #define OPT_RW 1 121 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST}, 122 #define OPT_ROOT 2 123 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST}, 124 #define OPT_SECURE 3 125 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED}, 126 #define OPT_ANON 4 127 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER}, 128 #define OPT_WINDOW 5 129 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER}, 130 #define OPT_NOSUID 6 131 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN}, 132 #define OPT_ACLOK 7 133 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN}, 134 #define OPT_NOSUB 8 135 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN}, 136 #define OPT_SEC 9 137 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY}, 138 #define OPT_PUBLIC 10 139 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY}, 140 #define OPT_INDEX 11 141 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE}, 142 #define OPT_LOG 12 143 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG}, 144 #define OPT_CKSUM 13 145 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET}, 146 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */ 147 #define OPT_VOLFH 14 148 {SHOPT_VOLFH, OPT_VOLFH}, 149 #endif /* VOLATILE_FH_TEST */ 150 NULL 151 }; 152 153 /* 154 * list of properties that are related to security flavors. 155 */ 156 static char *seclist[] = { 157 SHOPT_RO, 158 SHOPT_RW, 159 SHOPT_ROOT, 160 SHOPT_WINDOW, 161 NULL 162 }; 163 164 /* structure for list of securities */ 165 struct securities { 166 sa_security_t security; 167 struct securities *next; 168 }; 169 170 /* 171 * findopt(name) 172 * 173 * Lookup option "name" in the option table and return the table 174 * index. 175 */ 176 177 static int 178 findopt(char *name) 179 { 180 int i; 181 if (name != NULL) { 182 for (i = 0; optdefs[i].tag != NULL; i++) { 183 if (strcmp(optdefs[i].tag, name) == 0) 184 return (i); 185 } 186 } 187 return (-1); 188 } 189 190 /* 191 * gettype(name) 192 * 193 * Return the type of option "name". 194 */ 195 196 static int 197 gettype(char *name) 198 { 199 int optdef; 200 201 optdef = findopt(name); 202 if (optdef != -1) 203 return (optdefs[optdef].type); 204 return (OPT_TYPE_ANY); 205 } 206 207 /* 208 * nfs_validate_security_mode(mode) 209 * 210 * is the specified mode string a valid one for use with NFS? 211 */ 212 213 static int 214 nfs_validate_security_mode(char *mode) 215 { 216 seconfig_t secinfo; 217 int err; 218 219 (void) memset(&secinfo, '\0', sizeof (secinfo)); 220 err = nfs_getseconfig_byname(mode, &secinfo); 221 if (err == SC_NOERROR) 222 return (1); 223 return (0); 224 } 225 226 /* 227 * nfs_is_security_opt(tok) 228 * 229 * check to see if tok represents an option that is only valid in some 230 * security flavor. 231 */ 232 233 static int 234 nfs_is_security_opt(char *tok) 235 { 236 int i; 237 238 for (i = 0; seclist[i] != NULL; i++) { 239 if (strcmp(tok, seclist[i]) == 0) 240 return (1); 241 } 242 return (0); 243 } 244 245 /* 246 * find_security(seclist, sec) 247 * 248 * Walk the current list of security flavors and return true if it is 249 * present, else return false. 250 */ 251 252 static int 253 find_security(struct securities *seclist, sa_security_t sec) 254 { 255 while (seclist != NULL) { 256 if (seclist->security == sec) 257 return (1); 258 seclist = seclist->next; 259 } 260 return (0); 261 } 262 263 /* 264 * make_security_list(group, securitymodes, proto) 265 * go through the list of securitymodes and add them to the 266 * group's list of security optionsets. We also keep a list of 267 * those optionsets so we don't have to find them later. All of 268 * these will get copies of the same properties. 269 */ 270 271 static struct securities * 272 make_security_list(sa_group_t group, char *securitymodes, char *proto) 273 { 274 char *tok, *next = NULL; 275 struct securities *curp, *headp = NULL, *prev; 276 sa_security_t check; 277 int freetok = 0; 278 279 for (tok = securitymodes; tok != NULL; tok = next) { 280 next = strchr(tok, ':'); 281 if (next != NULL) 282 *next++ = '\0'; 283 if (strcmp(tok, "default") == 0) { 284 /* resolve default into the real type */ 285 tok = nfs_space_alias(tok); 286 freetok = 1; 287 } 288 check = sa_get_security(group, tok, proto); 289 290 /* add to the security list if it isn't there already */ 291 if (check == NULL || !find_security(headp, check)) { 292 curp = (struct securities *)calloc(1, 293 sizeof (struct securities)); 294 if (curp != NULL) { 295 if (check == NULL) { 296 curp->security = sa_create_security( 297 group, tok, proto); 298 } else { 299 curp->security = check; 300 } 301 /* 302 * note that the first time through the loop, 303 * headp will be NULL and prev will be 304 * undefined. Since headp is NULL, we set 305 * both it and prev to the curp (first 306 * structure to be allocated). 307 * 308 * later passes through the loop will have 309 * headp not being NULL and prev will be used 310 * to allocate at the end of the list. 311 */ 312 if (headp == NULL) { 313 headp = curp; 314 prev = curp; 315 } else { 316 prev->next = curp; 317 prev = curp; 318 } 319 } 320 } 321 322 if (freetok) { 323 freetok = 0; 324 sa_free_attr_string(tok); 325 } 326 } 327 return (headp); 328 } 329 330 static void 331 free_security_list(struct securities *sec) 332 { 333 struct securities *next; 334 if (sec != NULL) { 335 for (next = sec->next; sec != NULL; sec = next) { 336 next = sec->next; 337 free(sec); 338 } 339 } 340 } 341 342 /* 343 * nfs_alistcat(str1, str2, sep) 344 * 345 * concatenate str1 and str2 into a new string using sep as a separate 346 * character. If memory allocation fails, return NULL; 347 */ 348 349 static char * 350 nfs_alistcat(char *str1, char *str2, char sep) 351 { 352 char *newstr; 353 size_t len; 354 355 len = strlen(str1) + strlen(str2) + 2; 356 newstr = (char *)malloc(len); 357 if (newstr != NULL) 358 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2); 359 return (newstr); 360 } 361 362 /* 363 * add_security_prop(sec, name, value, persist) 364 * 365 * Add the property to the securities structure. This accumulates 366 * properties for as part of parsing legacy options. 367 */ 368 369 static int 370 add_security_prop(struct securities *sec, char *name, char *value, 371 int persist, int iszfs) 372 { 373 sa_property_t prop; 374 int ret = SA_OK; 375 376 for (; sec != NULL; sec = sec->next) { 377 if (value == NULL) { 378 if (strcmp(name, SHOPT_RW) == 0 || 379 strcmp(name, SHOPT_RO) == 0) 380 value = "*"; 381 else 382 value = "true"; 383 } 384 385 /* 386 * Get the existing property, if it exists, so we can 387 * determine what to do with it. The ro/rw/root 388 * properties can be merged if multiple instances of 389 * these properies are given. For example, if "rw" 390 * exists with a value "host1" and a later token of 391 * rw="host2" is seen, the values are merged into a 392 * single rw="host1:host2". 393 */ 394 prop = sa_get_property(sec->security, name); 395 396 if (prop != NULL) { 397 char *oldvalue; 398 char *newvalue; 399 400 /* 401 * The security options of ro/rw/root might appear 402 * multiple times. If they do, the values need to be 403 * merged into an access list. If it was previously 404 * empty, the new value alone is added. 405 */ 406 oldvalue = sa_get_property_attr(prop, "value"); 407 if (oldvalue != NULL) { 408 /* 409 * The general case is to concatenate the new 410 * value onto the old value for multiple 411 * rw(ro/root) properties. A special case 412 * exists when either the old or new is the 413 * "all" case. In the special case, if both 414 * are "all", then it is "all", else if one is 415 * an access-list, that replaces the "all". 416 */ 417 if (strcmp(oldvalue, "*") == 0) { 418 /* Replace old value with new value. */ 419 newvalue = strdup(value); 420 } else if (strcmp(value, "*") == 0) { 421 /* 422 * Keep old value and ignore 423 * the new value. 424 */ 425 newvalue = NULL; 426 } else { 427 /* 428 * Make a new list of old plus new 429 * access-list. 430 */ 431 newvalue = nfs_alistcat(oldvalue, 432 value, ':'); 433 } 434 435 if (newvalue != NULL) { 436 (void) sa_remove_property(prop); 437 prop = sa_create_property(name, 438 newvalue); 439 ret = sa_add_property(sec->security, 440 prop); 441 free(newvalue); 442 } 443 if (oldvalue != NULL) 444 sa_free_attr_string(oldvalue); 445 } 446 } else { 447 prop = sa_create_property(name, value); 448 ret = sa_add_property(sec->security, prop); 449 } 450 if (ret == SA_OK && !iszfs) { 451 ret = sa_commit_properties(sec->security, !persist); 452 } 453 } 454 return (ret); 455 } 456 457 /* 458 * check to see if group/share is persistent. 459 */ 460 static int 461 is_persistent(sa_group_t group) 462 { 463 char *type; 464 int persist = 1; 465 466 type = sa_get_group_attr(group, "type"); 467 if (type != NULL && strcmp(type, "persist") != 0) 468 persist = 0; 469 if (type != NULL) 470 sa_free_attr_string(type); 471 return (persist); 472 } 473 474 /* 475 * invalid_security(options) 476 * 477 * search option string for any invalid sec= type. 478 * return true (1) if any are not valid else false (0) 479 */ 480 static int 481 invalid_security(char *options) 482 { 483 char *copy, *base, *token, *value; 484 int ret = 0; 485 486 copy = strdup(options); 487 token = base = copy; 488 while (token != NULL && ret == 0) { 489 token = strtok(base, ","); 490 base = NULL; 491 if (token != NULL) { 492 value = strchr(token, '='); 493 if (value != NULL) 494 *value++ = '\0'; 495 if (strcmp(token, "sec") == 0) { 496 /* HAVE security flavors so check them */ 497 char *tok, *next; 498 for (next = NULL, tok = value; tok != NULL; 499 tok = next) { 500 next = strchr(tok, ':'); 501 if (next != NULL) 502 *next++ = '\0'; 503 ret = !nfs_validate_security_mode(tok); 504 if (ret) 505 break; 506 } 507 } 508 } 509 } 510 if (copy != NULL) 511 free(copy); 512 return (ret); 513 } 514 515 /* 516 * nfs_parse_legacy_options(group, options) 517 * 518 * Parse the old style options into internal format and store on the 519 * specified group. Group could be a share for full legacy support. 520 */ 521 522 static int 523 nfs_parse_legacy_options(sa_group_t group, char *options) 524 { 525 char *dup = strdup(options); 526 char *base; 527 char *token; 528 sa_optionset_t optionset; 529 struct securities *security_list = NULL; 530 sa_property_t prop; 531 int ret = SA_OK; 532 int iszfs = 0; 533 sa_group_t parent; 534 int persist = 0; 535 char *lasts; 536 537 /* do we have an existing optionset? */ 538 optionset = sa_get_optionset(group, "nfs"); 539 if (optionset == NULL) { 540 /* didn't find existing optionset so create one */ 541 optionset = sa_create_optionset(group, "nfs"); 542 } else { 543 /* 544 * have an existing optionset so we need to compare 545 * options in order to detect errors. For now, we 546 * assume that the first optionset is the correct one 547 * and the others will be the same. This needs to be 548 * fixed before the final code is ready. 549 */ 550 return (ret); 551 } 552 553 if (strcmp(options, SHOPT_RW) == 0) { 554 /* 555 * there is a special case of only the option "rw" 556 * being the default option. We don't have to do 557 * anything. 558 */ 559 return (ret); 560 } 561 562 /* 563 * check if security types are present and validate them. If 564 * any are not legal, fail. 565 */ 566 567 if (invalid_security(options)) { 568 return (SA_INVALID_SECURITY); 569 } 570 571 /* 572 * in order to not attempt to change ZFS properties unless 573 * absolutely necessary, we never do it in the legacy parsing. 574 */ 575 if (sa_is_share(group)) { 576 char *zfs; 577 parent = sa_get_parent_group(group); 578 if (parent != NULL) { 579 zfs = sa_get_group_attr(parent, "zfs"); 580 if (zfs != NULL) { 581 sa_free_attr_string(zfs); 582 iszfs++; 583 } 584 } 585 } else { 586 iszfs = sa_group_is_zfs(group); 587 } 588 589 /* 590 * we need to step through each option in the string and then 591 * add either the option or the security option as needed. If 592 * this is not a persistent share, don't commit to the 593 * repository. If there is an error, we also want to abort the 594 * processing and report it. 595 */ 596 persist = is_persistent(group); 597 base = dup; 598 token = dup; 599 lasts = NULL; 600 while (token != NULL && ret == SA_OK) { 601 ret = SA_OK; 602 token = strtok_r(base, ",", &lasts); 603 base = NULL; 604 if (token != NULL) { 605 char *value; 606 /* 607 * if the option has a value, it will have an '=' to 608 * separate the name from the value. The following 609 * code will result in value != NULL and token 610 * pointing to just the name if there is a value. 611 */ 612 value = strchr(token, '='); 613 if (value != NULL) { 614 *value++ = '\0'; 615 } 616 if (strcmp(token, "sec") == 0 || 617 strcmp(token, "secure") == 0) { 618 /* 619 * Once in security parsing, we only 620 * do security. We do need to move 621 * between the security node and the 622 * toplevel. The security tag goes on 623 * the root while the following ones 624 * go on the security. 625 */ 626 if (security_list != NULL) { 627 /* 628 * have an old list so close it and 629 * start the new 630 */ 631 free_security_list(security_list); 632 } 633 if (strcmp(token, "secure") == 0) { 634 value = "dh"; 635 } else { 636 if (value == NULL) { 637 ret = SA_SYNTAX_ERR; 638 break; 639 } 640 } 641 security_list = make_security_list(group, 642 value, "nfs"); 643 } else { 644 /* 645 * Note that the "old" syntax allowed a 646 * default security model This must be 647 * accounted for and internally converted to 648 * "standard" security structure. 649 */ 650 if (nfs_is_security_opt(token)) { 651 if (security_list == NULL) { 652 /* 653 * need to have a 654 * security 655 * option. This will 656 * be "closed" when a 657 * defined "sec=" 658 * option is 659 * seen. This is 660 * technically an 661 * error but will be 662 * allowed with 663 * warning. 664 */ 665 security_list = 666 make_security_list(group, 667 "default", 668 "nfs"); 669 } 670 if (security_list != NULL) { 671 ret = add_security_prop( 672 security_list, token, 673 value, persist, iszfs); 674 } else { 675 ret = SA_NO_MEMORY; 676 } 677 } else { 678 /* regular options */ 679 if (value == NULL) { 680 if (strcmp(token, SHOPT_RW) == 681 0 || strcmp(token, 682 SHOPT_RO) == 0) { 683 value = "*"; 684 } else { 685 value = "global"; 686 if (strcmp(token, 687 SHOPT_LOG) != 0) { 688 value = "true"; 689 } 690 } 691 } 692 /* 693 * In all cases, create the 694 * property specified. If the 695 * value was NULL, the default 696 * value will have been 697 * substituted. 698 */ 699 prop = sa_create_property(token, value); 700 ret = sa_add_property(optionset, prop); 701 if (ret != SA_OK) 702 break; 703 704 if (!iszfs) { 705 ret = sa_commit_properties( 706 optionset, !persist); 707 } 708 } 709 } 710 } 711 } 712 if (security_list != NULL) 713 free_security_list(security_list); 714 if (dup != NULL) 715 free(dup); 716 return (ret); 717 } 718 719 /* 720 * is_a_number(number) 721 * 722 * is the string a number in one of the forms we want to use? 723 */ 724 725 static int 726 is_a_number(char *number) 727 { 728 int ret = 1; 729 int hex = 0; 730 731 if (strncmp(number, "0x", 2) == 0) { 732 number += 2; 733 hex = 1; 734 } else if (*number == '-') { 735 number++; /* skip the minus */ 736 } 737 while (ret == 1 && *number != '\0') { 738 if (hex) { 739 ret = isxdigit(*number++); 740 } else { 741 ret = isdigit(*number++); 742 } 743 } 744 return (ret); 745 } 746 747 /* 748 * Look for the specified tag in the configuration file. If it is found, 749 * enable logging and set the logging configuration information for exp. 750 */ 751 static void 752 configlog(struct exportdata *exp, char *tag) 753 { 754 nfsl_config_t *configlist = NULL, *configp; 755 int error = 0; 756 char globaltag[] = DEFAULTTAG; 757 758 /* 759 * Sends config errors to stderr 760 */ 761 nfsl_errs_to_syslog = B_FALSE; 762 763 /* 764 * get the list of configuration settings 765 */ 766 error = nfsl_getconfig_list(&configlist); 767 if (error) { 768 (void) fprintf(stderr, 769 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"), 770 strerror(error)); 771 } 772 773 if (tag == NULL) 774 tag = globaltag; 775 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) { 776 nfsl_freeconfig_list(&configlist); 777 (void) fprintf(stderr, 778 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag); 779 /* bad configuration */ 780 error = ENOENT; 781 goto err; 782 } 783 784 if ((exp->ex_tag = strdup(tag)) == NULL) { 785 error = ENOMEM; 786 goto out; 787 } 788 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) { 789 error = ENOMEM; 790 goto out; 791 } 792 exp->ex_flags |= EX_LOG; 793 if (configp->nc_rpclogpath != NULL) 794 exp->ex_flags |= EX_LOG_ALLOPS; 795 out: 796 if (configlist != NULL) 797 nfsl_freeconfig_list(&configlist); 798 799 err: 800 if (error != 0) { 801 if (exp->ex_flags != NULL) 802 free(exp->ex_tag); 803 if (exp->ex_log_buffer != NULL) 804 free(exp->ex_log_buffer); 805 (void) fprintf(stderr, 806 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"), 807 strerror(error)); 808 } 809 } 810 811 /* 812 * fill_export_from_optionset(export, optionset) 813 * 814 * In order to share, we need to set all the possible general options 815 * into the export structure. Share info will be filled in by the 816 * caller. Various property values get turned into structure specific 817 * values. 818 */ 819 820 static int 821 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset) 822 { 823 sa_property_t option; 824 int ret = SA_OK; 825 826 for (option = sa_get_property(optionset, NULL); 827 option != NULL; option = sa_get_next_property(option)) { 828 char *name; 829 char *value; 830 uint32_t val; 831 832 /* 833 * since options may be set/reset multiple times, always do an 834 * explicit set or clear of the option. This allows defaults 835 * to be set and then the protocol specifici to override. 836 */ 837 838 name = sa_get_property_attr(option, "type"); 839 value = sa_get_property_attr(option, "value"); 840 switch (findopt(name)) { 841 case OPT_ANON: 842 if (value != NULL && is_a_number(value)) { 843 val = strtoul(value, NULL, 0); 844 } else { 845 struct passwd *pw; 846 pw = getpwnam(value != NULL ? value : "nobody"); 847 if (pw != NULL) { 848 val = pw->pw_uid; 849 } else { 850 val = UID_NOBODY; 851 } 852 endpwent(); 853 } 854 export->ex_anon = val; 855 break; 856 case OPT_NOSUID: 857 if (value != NULL && (strcasecmp(value, "true") == 0 || 858 strcmp(value, "1") == 0)) 859 export->ex_flags |= EX_NOSUID; 860 else 861 export->ex_flags &= ~EX_NOSUID; 862 break; 863 case OPT_ACLOK: 864 if (value != NULL && (strcasecmp(value, "true") == 0 || 865 strcmp(value, "1") == 0)) 866 export->ex_flags |= EX_ACLOK; 867 else 868 export->ex_flags &= ~EX_ACLOK; 869 break; 870 case OPT_NOSUB: 871 if (value != NULL && (strcasecmp(value, "true") == 0 || 872 strcmp(value, "1") == 0)) 873 export->ex_flags |= EX_NOSUB; 874 else 875 export->ex_flags &= ~EX_NOSUB; 876 break; 877 case OPT_PUBLIC: 878 if (value != NULL && (strcasecmp(value, "true") == 0 || 879 strcmp(value, "1") == 0)) 880 export->ex_flags |= EX_PUBLIC; 881 else 882 export->ex_flags &= ~EX_PUBLIC; 883 break; 884 case OPT_INDEX: 885 if (value != NULL && (strcmp(value, "..") == 0 || 886 strchr(value, '/') != NULL)) { 887 /* this is an error */ 888 (void) printf(dgettext(TEXT_DOMAIN, 889 "NFS: index=\"%s\" not valid;" 890 "must be a filename.\n"), 891 value); 892 break; 893 } 894 if (value != NULL && *value != '\0' && 895 strcmp(value, ".") != 0) { 896 /* valid index file string */ 897 if (export->ex_index != NULL) { 898 /* left over from "default" */ 899 free(export->ex_index); 900 } 901 /* remember to free */ 902 export->ex_index = strdup(value); 903 if (export->ex_index == NULL) { 904 (void) printf(dgettext(TEXT_DOMAIN, 905 "NFS: out of memory setting " 906 "index property\n")); 907 break; 908 } 909 export->ex_flags |= EX_INDEX; 910 } 911 break; 912 case OPT_LOG: 913 if (value == NULL) 914 value = strdup("global"); 915 if (value != NULL) 916 configlog(export, 917 strlen(value) ? value : "global"); 918 break; 919 default: 920 /* have a syntactic error */ 921 (void) printf(dgettext(TEXT_DOMAIN, 922 "NFS: unrecognized option %s=%s\n"), 923 name, value != NULL ? value : ""); 924 break; 925 } 926 if (name != NULL) 927 sa_free_attr_string(name); 928 if (value != NULL) 929 sa_free_attr_string(value); 930 } 931 return (ret); 932 } 933 934 /* 935 * cleanup_export(export) 936 * 937 * Cleanup the allocated areas so we don't leak memory 938 */ 939 940 static void 941 cleanup_export(struct exportdata *export) 942 { 943 int i; 944 945 if (export->ex_index != NULL) 946 free(export->ex_index); 947 if (export->ex_secinfo != NULL) { 948 for (i = 0; i < export->ex_seccnt; i++) 949 if (export->ex_secinfo[i].s_rootnames != NULL) 950 free(export->ex_secinfo[i].s_rootnames); 951 free(export->ex_secinfo); 952 } 953 } 954 955 /* 956 * Given a seconfig entry and a colon-separated 957 * list of names, allocate an array big enough 958 * to hold the root list, then convert each name to 959 * a principal name according to the security 960 * info and assign it to an array element. 961 * Return the array and its size. 962 */ 963 static caddr_t * 964 get_rootnames(seconfig_t *sec, char *list, int *count) 965 { 966 caddr_t *a; 967 int c, i; 968 char *host, *p; 969 970 /* 971 * Count the number of strings in the list. 972 * This is the number of colon separators + 1. 973 */ 974 c = 1; 975 for (p = list; *p; p++) 976 if (*p == ':') 977 c++; 978 *count = c; 979 980 a = (caddr_t *)malloc(c * sizeof (char *)); 981 if (a == NULL) { 982 (void) printf(dgettext(TEXT_DOMAIN, 983 "get_rootnames: no memory\n")); 984 } else { 985 for (i = 0; i < c; i++) { 986 host = strtok(list, ":"); 987 if (!nfs_get_root_principal(sec, host, &a[i])) { 988 free(a); 989 a = NULL; 990 break; 991 } 992 list = NULL; 993 } 994 } 995 996 return (a); 997 } 998 999 /* 1000 * fill_security_from_secopts(sp, secopts) 1001 * 1002 * Fill the secinfo structure from the secopts optionset. 1003 */ 1004 1005 static int 1006 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts) 1007 { 1008 sa_property_t prop; 1009 char *type; 1010 int longform; 1011 int err = SC_NOERROR; 1012 1013 type = sa_get_security_attr(secopts, "sectype"); 1014 if (type != NULL) { 1015 /* named security type needs secinfo to be filled in */ 1016 err = nfs_getseconfig_byname(type, &sp->s_secinfo); 1017 sa_free_attr_string(type); 1018 if (err != SC_NOERROR) 1019 return (err); 1020 } else { 1021 /* default case */ 1022 err = nfs_getseconfig_default(&sp->s_secinfo); 1023 if (err != SC_NOERROR) 1024 return (err); 1025 } 1026 1027 err = SA_OK; 1028 for (prop = sa_get_property(secopts, NULL); 1029 prop != NULL && err == SA_OK; 1030 prop = sa_get_next_property(prop)) { 1031 char *name; 1032 char *value; 1033 1034 name = sa_get_property_attr(prop, "type"); 1035 value = sa_get_property_attr(prop, "value"); 1036 1037 longform = value != NULL && strcmp(value, "*") != 0; 1038 1039 switch (findopt(name)) { 1040 case OPT_RO: 1041 sp->s_flags |= longform ? M_ROL : M_RO; 1042 break; 1043 case OPT_RW: 1044 sp->s_flags |= longform ? M_RWL : M_RW; 1045 break; 1046 case OPT_ROOT: 1047 sp->s_flags |= M_ROOT; 1048 /* 1049 * if we are using AUTH_UNIX, handle like other things 1050 * such as RO/RW 1051 */ 1052 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX) 1053 continue; 1054 /* not AUTH_UNIX */ 1055 if (value != NULL) { 1056 sp->s_rootnames = get_rootnames(&sp->s_secinfo, 1057 value, &sp->s_rootcnt); 1058 if (sp->s_rootnames == NULL) { 1059 err = SA_BAD_VALUE; 1060 (void) fprintf(stderr, 1061 dgettext(TEXT_DOMAIN, 1062 "Bad root list\n")); 1063 } 1064 } 1065 break; 1066 case OPT_WINDOW: 1067 if (value != NULL) { 1068 sp->s_window = atoi(value); 1069 /* just in case */ 1070 if (sp->s_window < 0) 1071 sp->s_window = DEF_WIN; 1072 } 1073 break; 1074 default: 1075 break; 1076 } 1077 if (name != NULL) 1078 sa_free_attr_string(name); 1079 if (value != NULL) 1080 sa_free_attr_string(value); 1081 } 1082 /* if rw/ro options not set, use default of RW */ 1083 if ((sp->s_flags & NFS_RWMODES) == 0) 1084 sp->s_flags |= M_RW; 1085 return (err); 1086 } 1087 1088 /* 1089 * This is for testing only 1090 * It displays the export structure that 1091 * goes into the kernel. 1092 */ 1093 static void 1094 printarg(char *path, struct exportdata *ep) 1095 { 1096 int i, j; 1097 struct secinfo *sp; 1098 1099 if (debug == 0) 1100 return; 1101 1102 (void) printf("%s:\n", path); 1103 (void) printf("\tex_version = %d\n", ep->ex_version); 1104 (void) printf("\tex_path = %s\n", ep->ex_path); 1105 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen); 1106 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags); 1107 if (ep->ex_flags & EX_NOSUID) 1108 (void) printf("NOSUID "); 1109 if (ep->ex_flags & EX_ACLOK) 1110 (void) printf("ACLOK "); 1111 if (ep->ex_flags & EX_PUBLIC) 1112 (void) printf("PUBLIC "); 1113 if (ep->ex_flags & EX_NOSUB) 1114 (void) printf("NOSUB "); 1115 if (ep->ex_flags & EX_LOG) 1116 (void) printf("LOG "); 1117 if (ep->ex_flags & EX_LOG_ALLOPS) 1118 (void) printf("LOG_ALLOPS "); 1119 if (ep->ex_flags == 0) 1120 (void) printf("(none)"); 1121 (void) printf("\n"); 1122 if (ep->ex_flags & EX_LOG) { 1123 (void) printf("\tex_log_buffer = %s\n", 1124 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)")); 1125 (void) printf("\tex_tag = %s\n", 1126 (ep->ex_tag ? ep->ex_tag : "(NULL)")); 1127 } 1128 (void) printf("\tex_anon = %d\n", ep->ex_anon); 1129 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt); 1130 (void) printf("\n"); 1131 for (i = 0; i < ep->ex_seccnt; i++) { 1132 sp = &ep->ex_secinfo[i]; 1133 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name); 1134 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags); 1135 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT "); 1136 if (sp->s_flags & M_RO) (void) printf("M_RO "); 1137 if (sp->s_flags & M_ROL) (void) printf("M_ROL "); 1138 if (sp->s_flags & M_RW) (void) printf("M_RW "); 1139 if (sp->s_flags & M_RWL) (void) printf("M_RWL "); 1140 if (sp->s_flags == 0) (void) printf("(none)"); 1141 (void) printf("\n"); 1142 (void) printf("\t\ts_window = %d\n", sp->s_window); 1143 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt); 1144 (void) fflush(stdout); 1145 for (j = 0; j < sp->s_rootcnt; j++) 1146 (void) printf("%s ", sp->s_rootnames[j] ? 1147 sp->s_rootnames[j] : "<null>"); 1148 (void) printf("\n\n"); 1149 } 1150 } 1151 1152 /* 1153 * count_security(opts) 1154 * 1155 * Count the number of security types (flavors). The optionset has 1156 * been populated with the security flavors as a holding mechanism. 1157 * We later use this number to allocate data structures. 1158 */ 1159 1160 static int 1161 count_security(sa_optionset_t opts) 1162 { 1163 int count = 0; 1164 sa_property_t prop; 1165 if (opts != NULL) { 1166 for (prop = sa_get_property(opts, NULL); prop != NULL; 1167 prop = sa_get_next_property(prop)) { 1168 count++; 1169 } 1170 } 1171 return (count); 1172 } 1173 1174 /* 1175 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep) 1176 * 1177 * provides a mechanism to format NFS properties into legacy output 1178 * format. If the buffer would overflow, it is reallocated and grown 1179 * as appropriate. Special cases of converting internal form of values 1180 * to those used by "share" are done. this function does one property 1181 * at a time. 1182 */ 1183 1184 static void 1185 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr, 1186 sa_property_t prop, int sep) 1187 { 1188 char *name; 1189 char *value; 1190 int curlen; 1191 char *buff = *rbuff; 1192 size_t buffsize = *rbuffsize; 1193 1194 name = sa_get_property_attr(prop, "type"); 1195 value = sa_get_property_attr(prop, "value"); 1196 if (buff != NULL) 1197 curlen = strlen(buff); 1198 else 1199 curlen = 0; 1200 if (name != NULL) { 1201 int len; 1202 len = strlen(name) + sep; 1203 1204 /* 1205 * A future RFE would be to replace this with more 1206 * generic code and to possibly handle more types. 1207 */ 1208 switch (gettype(name)) { 1209 case OPT_TYPE_BOOLEAN: 1210 if (value != NULL && strcasecmp(value, "false") == 0) 1211 *name = '\0'; 1212 if (value != NULL) 1213 sa_free_attr_string(value); 1214 value = NULL; 1215 break; 1216 case OPT_TYPE_ACCLIST: 1217 if (value != NULL && strcmp(value, "*") == 0) { 1218 sa_free_attr_string(value); 1219 value = NULL; 1220 } else { 1221 if (value != NULL) 1222 len += 1 + strlen(value); 1223 } 1224 break; 1225 case OPT_TYPE_LOGTAG: 1226 if (value != NULL && strlen(value) == 0) { 1227 sa_free_attr_string(value); 1228 value = NULL; 1229 } else { 1230 if (value != NULL) 1231 len += 1 + strlen(value); 1232 } 1233 break; 1234 default: 1235 if (value != NULL) 1236 len += 1 + strlen(value); 1237 break; 1238 } 1239 while (buffsize <= (curlen + len)) { 1240 /* need more room */ 1241 buffsize += incr; 1242 buff = realloc(buff, buffsize); 1243 if (buff == NULL) { 1244 /* realloc failed so free everything */ 1245 if (*rbuff != NULL) 1246 free(*rbuff); 1247 } 1248 *rbuff = buff; 1249 *rbuffsize = buffsize; 1250 if (buff == NULL) { 1251 return; 1252 } 1253 } 1254 if (buff == NULL) 1255 return; 1256 if (value == NULL) { 1257 (void) snprintf(buff + curlen, buffsize - curlen, 1258 "%s%s", sep ? "," : "", 1259 name, value != NULL ? value : ""); 1260 } else { 1261 (void) snprintf(buff + curlen, buffsize - curlen, 1262 "%s%s=%s", sep ? "," : "", 1263 name, value != NULL ? value : ""); 1264 } 1265 } 1266 if (name != NULL) 1267 sa_free_attr_string(name); 1268 if (value != NULL) 1269 sa_free_attr_string(value); 1270 } 1271 1272 /* 1273 * nfs_format_options(group, hier) 1274 * 1275 * format all the options on the group into an old-style option 1276 * string. If hier is non-zero, walk up the tree to get inherited 1277 * options. 1278 */ 1279 1280 static char * 1281 nfs_format_options(sa_group_t group, int hier) 1282 { 1283 sa_optionset_t options = NULL; 1284 sa_optionset_t secoptions = NULL; 1285 sa_property_t prop, secprop; 1286 sa_security_t security = NULL; 1287 char *buff; 1288 size_t buffsize; 1289 char *sectype = NULL; 1290 int sep = 0; 1291 1292 1293 buff = malloc(OPT_CHUNK); 1294 if (buff == NULL) { 1295 return (NULL); 1296 } 1297 1298 buff[0] = '\0'; 1299 buffsize = OPT_CHUNK; 1300 1301 /* 1302 * We may have a an optionset relative to this item. format 1303 * these if we find them and then add any security definitions. 1304 */ 1305 1306 options = sa_get_derived_optionset(group, "nfs", hier); 1307 1308 /* 1309 * do the default set first but skip any option that is also 1310 * in the protocol specific optionset. 1311 */ 1312 if (options != NULL) { 1313 for (prop = sa_get_property(options, NULL); 1314 prop != NULL; prop = sa_get_next_property(prop)) { 1315 /* 1316 * use this one since we skipped any 1317 * of these that were also in 1318 * optdefault 1319 */ 1320 nfs_sprint_option(&buff, &buffsize, OPT_CHUNK, 1321 prop, sep); 1322 if (buff == NULL) { 1323 /* 1324 * buff could become NULL if there 1325 * isn't enough memory for 1326 * nfs_sprint_option to realloc() 1327 * as necessary. We can't really 1328 * do anything about it at this 1329 * point so we return NULL. The 1330 * caller should handle the 1331 * failure. 1332 */ 1333 if (options != NULL) 1334 sa_free_derived_optionset( 1335 options); 1336 return (buff); 1337 } 1338 sep = 1; 1339 } 1340 } 1341 secoptions = (sa_optionset_t)sa_get_all_security_types(group, 1342 "nfs", hier); 1343 if (secoptions != NULL) { 1344 for (secprop = sa_get_property(secoptions, NULL); 1345 secprop != NULL; 1346 secprop = sa_get_next_property(secprop)) { 1347 sectype = sa_get_property_attr(secprop, "type"); 1348 security = 1349 (sa_security_t)sa_get_derived_security( 1350 group, sectype, "nfs", hier); 1351 if (security != NULL) { 1352 if (sectype != NULL) { 1353 prop = sa_create_property( 1354 "sec", sectype); 1355 nfs_sprint_option(&buff, 1356 &buffsize, OPT_CHUNK, 1357 prop, sep); 1358 (void) sa_remove_property(prop); 1359 sep = 1; 1360 } 1361 for (prop = sa_get_property(security, 1362 NULL); prop != NULL; 1363 prop = sa_get_next_property(prop)) { 1364 nfs_sprint_option(&buff, 1365 &buffsize, OPT_CHUNK, prop, 1366 sep); 1367 if (buff == NULL) 1368 goto err; 1369 sep = 1; 1370 } 1371 sa_free_derived_optionset(security); 1372 } 1373 if (sectype != NULL) 1374 sa_free_attr_string(sectype); 1375 } 1376 sa_free_derived_optionset(secoptions); 1377 } 1378 1379 if (options != NULL) 1380 sa_free_derived_optionset(options); 1381 return (buff); 1382 1383 err: 1384 /* 1385 * If we couldn't allocate memory for option printing, we need 1386 * to break out of the nested loops, cleanup and return NULL. 1387 */ 1388 if (secoptions != NULL) 1389 sa_free_derived_optionset(secoptions); 1390 if (security != NULL) 1391 sa_free_derived_optionset(security); 1392 if (sectype != NULL) 1393 sa_free_attr_string(sectype); 1394 if (options != NULL) 1395 sa_free_derived_optionset(options); 1396 return (buff); 1397 } 1398 1399 /* 1400 * Append an entry to the nfslogtab file 1401 */ 1402 static int 1403 nfslogtab_add(dir, buffer, tag) 1404 char *dir, *buffer, *tag; 1405 { 1406 FILE *f; 1407 struct logtab_ent lep; 1408 int error = 0; 1409 1410 /* 1411 * Open the file for update and create it if necessary. 1412 * This may leave the I/O offset at the end of the file, 1413 * so rewind back to the beginning of the file. 1414 */ 1415 f = fopen(NFSLOGTAB, "a+"); 1416 if (f == NULL) { 1417 error = errno; 1418 goto out; 1419 } 1420 rewind(f); 1421 1422 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1423 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1424 "share complete, however failed to lock %s " 1425 "for update: %s\n"), NFSLOGTAB, strerror(errno)); 1426 error = -1; 1427 goto out; 1428 } 1429 1430 if (logtab_deactivate_after_boot(f) == -1) { 1431 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1432 "share complete, however could not deactivate " 1433 "entries in %s\n"), NFSLOGTAB); 1434 error = -1; 1435 goto out; 1436 } 1437 1438 /* 1439 * Remove entries matching buffer and sharepoint since we're 1440 * going to replace it with perhaps an entry with a new tag. 1441 */ 1442 if (logtab_rement(f, buffer, dir, NULL, -1)) { 1443 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1444 "share complete, however could not remove matching " 1445 "entries in %s\n"), NFSLOGTAB); 1446 error = -1; 1447 goto out; 1448 } 1449 1450 /* 1451 * Deactivate all active entries matching this sharepoint 1452 */ 1453 if (logtab_deactivate(f, NULL, dir, NULL)) { 1454 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1455 "share complete, however could not deactivate matching " 1456 "entries in %s\n"), NFSLOGTAB); 1457 error = -1; 1458 goto out; 1459 } 1460 1461 lep.le_buffer = buffer; 1462 lep.le_path = dir; 1463 lep.le_tag = tag; 1464 lep.le_state = LES_ACTIVE; 1465 1466 /* 1467 * Add new sharepoint / buffer location to nfslogtab 1468 */ 1469 if (logtab_putent(f, &lep) < 0) { 1470 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1471 "share complete, however could not add %s to %s\n"), 1472 dir, NFSLOGTAB); 1473 error = -1; 1474 } 1475 1476 out: 1477 if (f != NULL) 1478 (void) fclose(f); 1479 return (error); 1480 } 1481 1482 /* 1483 * Deactivate an entry from the nfslogtab file 1484 */ 1485 static int 1486 nfslogtab_deactivate(path) 1487 char *path; 1488 { 1489 FILE *f; 1490 int error = 0; 1491 1492 f = fopen(NFSLOGTAB, "r+"); 1493 if (f == NULL) { 1494 error = errno; 1495 goto out; 1496 } 1497 if (lockf(fileno(f), F_LOCK, 0L) < 0) { 1498 error = errno; 1499 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1500 "share complete, however could not lock %s for " 1501 "update: %s\n"), NFSLOGTAB, strerror(error)); 1502 goto out; 1503 } 1504 if (logtab_deactivate(f, NULL, path, NULL) == -1) { 1505 error = -1; 1506 (void) fprintf(stderr, 1507 dgettext(TEXT_DOMAIN, 1508 "share complete, however could not " 1509 "deactivate %s in %s\n"), path, NFSLOGTAB); 1510 goto out; 1511 } 1512 1513 out: if (f != NULL) 1514 (void) fclose(f); 1515 1516 return (error); 1517 } 1518 1519 /* 1520 * check_public(group, skipshare) 1521 * 1522 * Check the group for any shares that have the public property 1523 * enabled. We skip "skipshare" since that is the one we are 1524 * working with. This is a separate function to make handling 1525 * subgroups simpler. Returns true if there is a share with public. 1526 */ 1527 static int 1528 check_public(sa_group_t group, sa_share_t skipshare) 1529 { 1530 int exists = B_FALSE; 1531 sa_share_t share; 1532 sa_optionset_t opt; 1533 sa_property_t prop; 1534 char *shared; 1535 1536 for (share = sa_get_share(group, NULL); share != NULL; 1537 share = sa_get_next_share(share)) { 1538 if (share == skipshare) 1539 continue; 1540 1541 opt = sa_get_optionset(share, "nfs"); 1542 if (opt == NULL) 1543 continue; 1544 prop = sa_get_property(opt, "public"); 1545 if (prop == NULL) 1546 continue; 1547 shared = sa_get_share_attr(share, "shared"); 1548 if (shared != NULL) { 1549 exists = strcmp(shared, "true") == 0; 1550 sa_free_attr_string(shared); 1551 if (exists == B_TRUE) 1552 break; 1553 } 1554 } 1555 1556 return (exists); 1557 } 1558 1559 /* 1560 * public_exists(share) 1561 * 1562 * check to see if public option is set on any other share than the 1563 * one specified. Need to check zfs sub-groups as well as the top 1564 * level groups. 1565 */ 1566 static int 1567 public_exists(sa_share_t skipshare) 1568 { 1569 sa_group_t group; 1570 sa_handle_t handle; 1571 1572 group = sa_get_parent_group(skipshare); 1573 if (group == NULL) 1574 return (SA_NO_SUCH_GROUP); 1575 1576 handle = sa_find_group_handle(group); 1577 if (handle == NULL) 1578 return (SA_SYSTEM_ERR); 1579 1580 for (group = sa_get_group(handle, NULL); group != NULL; 1581 group = sa_get_next_group(group)) { 1582 /* Walk any ZFS subgroups as well as all standard groups */ 1583 if (sa_group_is_zfs(group)) { 1584 sa_group_t subgroup; 1585 for (subgroup = sa_get_sub_group(group); 1586 subgroup != NULL; 1587 subgroup = sa_get_next_group(subgroup)) { 1588 if (check_public(subgroup, skipshare)) 1589 return (B_TRUE); 1590 } 1591 } else { 1592 if (check_public(group, skipshare)) 1593 return (B_TRUE); 1594 } 1595 } 1596 return (B_FALSE); 1597 } 1598 1599 /* 1600 * sa_enable_share at the protocol level, enable_share must tell the 1601 * implementation that it is to enable the share. This entails 1602 * converting the path and options into the appropriate ioctl 1603 * calls. It is assumed that all error checking of paths, etc. were 1604 * done earlier. 1605 */ 1606 static int 1607 nfs_enable_share(sa_share_t share) 1608 { 1609 struct exportdata export; 1610 sa_optionset_t secoptlist; 1611 struct secinfo *sp; 1612 int num_secinfo; 1613 sa_optionset_t opt; 1614 sa_security_t sec; 1615 sa_property_t prop; 1616 char *path; 1617 int err = SA_OK; 1618 int i; 1619 1620 /* Don't drop core if the NFS module isn't loaded. */ 1621 (void) signal(SIGSYS, SIG_IGN); 1622 1623 /* get the path since it is important in several places */ 1624 path = sa_get_share_attr(share, "path"); 1625 if (path == NULL) 1626 return (SA_NO_SUCH_PATH); 1627 1628 /* 1629 * find the optionsets and security sets. There may not be 1630 * any or there could be one or two for each of optionset and 1631 * security may have multiple, one per security type per 1632 * protocol type. 1633 */ 1634 opt = sa_get_derived_optionset(share, "nfs", 1); 1635 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1); 1636 if (secoptlist != NULL) 1637 num_secinfo = MAX(1, count_security(secoptlist)); 1638 else 1639 num_secinfo = 1; 1640 1641 /* 1642 * walk through the options and fill in the structure 1643 * appropriately. 1644 */ 1645 1646 (void) memset(&export, '\0', sizeof (export)); 1647 1648 /* 1649 * do non-security options first since there is only one after 1650 * the derived group is constructed. 1651 */ 1652 export.ex_version = EX_CURRENT_VERSION; 1653 export.ex_anon = UID_NOBODY; /* this is our default value */ 1654 export.ex_index = NULL; 1655 export.ex_path = path; 1656 export.ex_pathlen = strlen(path) + 1; 1657 1658 if (opt != NULL) 1659 err = fill_export_from_optionset(&export, opt); 1660 1661 /* 1662 * check to see if "public" is set. If it is, then make sure 1663 * no other share has it set. If it is already used, fail. 1664 */ 1665 1666 if (export.ex_flags & EX_PUBLIC && public_exists(share)) { 1667 (void) printf(dgettext(TEXT_DOMAIN, 1668 "NFS: Cannot share more than one file " 1669 "system with 'public' property\n")); 1670 err = SA_NOT_ALLOWED; 1671 goto out; 1672 } 1673 1674 sp = calloc(num_secinfo, sizeof (struct secinfo)); 1675 if (sp == NULL) { 1676 err = SA_NO_MEMORY; 1677 (void) printf(dgettext(TEXT_DOMAIN, 1678 "NFS: NFS: no memory for security\n")); 1679 goto out; 1680 } 1681 export.ex_secinfo = sp; 1682 /* get default secinfo */ 1683 export.ex_seccnt = num_secinfo; 1684 /* 1685 * since we must have one security option defined, we 1686 * init to the default and then override as we find 1687 * defined security options. This handles the case 1688 * where we have no defined options but we need to set 1689 * up one. 1690 */ 1691 sp[0].s_window = DEF_WIN; 1692 sp[0].s_rootnames = NULL; 1693 /* setup a default in case no properties defined */ 1694 if (nfs_getseconfig_default(&sp[0].s_secinfo)) { 1695 (void) printf(dgettext(TEXT_DOMAIN, 1696 "NFS: nfs_getseconfig_default: failed to " 1697 "get default security mode\n")); 1698 err = SA_CONFIG_ERR; 1699 } 1700 if (secoptlist != NULL) { 1701 for (i = 0, prop = sa_get_property(secoptlist, NULL); 1702 prop != NULL && i < num_secinfo; 1703 prop = sa_get_next_property(prop), i++) { 1704 char *sectype; 1705 sectype = sa_get_property_attr(prop, "type"); 1706 /* 1707 * if sectype is NULL, we probably 1708 * have a memory problem and can't get 1709 * the correct values. Rather than 1710 * exporting with incorrect security, 1711 * don't share it. 1712 */ 1713 if (sectype == NULL) { 1714 err = SA_NO_MEMORY; 1715 (void) printf(dgettext(TEXT_DOMAIN, 1716 "NFS: Cannot share %s: " 1717 "no memory\n"), path); 1718 goto out; 1719 } 1720 sec = (sa_security_t)sa_get_derived_security( 1721 share, sectype, "nfs", 1); 1722 sp[i].s_window = DEF_WIN; 1723 sp[i].s_rootcnt = 0; 1724 sp[i].s_rootnames = NULL; 1725 (void) fill_security_from_secopts(&sp[i], sec); 1726 if (sec != NULL) 1727 sa_free_derived_security(sec); 1728 if (sectype != NULL) 1729 sa_free_attr_string(sectype); 1730 } 1731 } 1732 /* 1733 * when we get here, we can do the exportfs system call and 1734 * initiate thinsg. We probably want to enable the nfs.server 1735 * service first if it isn't running within SMF. 1736 */ 1737 /* check nfs.server status and start if needed */ 1738 /* now add the share to the internal tables */ 1739 printarg(path, &export); 1740 /* 1741 * call the exportfs system call which is implemented 1742 * via the nfssys() call as the EXPORTFS subfunction. 1743 */ 1744 if ((err = exportfs(path, &export)) < 0) { 1745 err = SA_SYSTEM_ERR; 1746 switch (errno) { 1747 case EREMOTE: 1748 (void) printf(dgettext(TEXT_DOMAIN, 1749 "NFS: Cannot share remote " 1750 "filesystem: %s\n"), path); 1751 break; 1752 case EPERM: 1753 if (getzoneid() != GLOBAL_ZONEID) { 1754 (void) printf(dgettext(TEXT_DOMAIN, 1755 "NFS: Cannot share filesystems " 1756 "in non-global zones: %s\n"), path); 1757 err = SA_NOT_SUPPORTED; 1758 break; 1759 } 1760 err = SA_NO_PERMISSION; 1761 /* FALLTHROUGH */ 1762 default: 1763 break; 1764 } 1765 } else { 1766 /* update sharetab with an add/modify */ 1767 (void) sa_update_sharetab(share, "nfs"); 1768 } 1769 1770 if (err == SA_OK) { 1771 /* 1772 * enable services as needed. This should probably be 1773 * done elsewhere in order to minimize the calls to 1774 * check services. 1775 */ 1776 /* 1777 * check to see if logging and other services need to 1778 * be triggered, but only if there wasn't an 1779 * error. This is probably where sharetab should be 1780 * updated with the NFS specific entry. 1781 */ 1782 if (export.ex_flags & EX_LOG) { 1783 /* enable logging */ 1784 if (nfslogtab_add(path, export.ex_log_buffer, 1785 export.ex_tag) != 0) { 1786 (void) fprintf(stderr, dgettext(TEXT_DOMAIN, 1787 "Could not enable logging for %s\n"), 1788 path); 1789 } 1790 _check_services(service_list_logging); 1791 } else { 1792 /* 1793 * don't have logging so remove it from file. It might 1794 * not be thre, but that doesn't matter. 1795 */ 1796 (void) nfslogtab_deactivate(path); 1797 _check_services(service_list_default); 1798 } 1799 } 1800 1801 out: 1802 if (path != NULL) 1803 free(path); 1804 1805 cleanup_export(&export); 1806 if (opt != NULL) 1807 sa_free_derived_optionset(opt); 1808 if (secoptlist != NULL) 1809 (void) sa_destroy_optionset(secoptlist); 1810 return (err); 1811 } 1812 1813 /* 1814 * nfs_disable_share(share) 1815 * 1816 * Unshare the specified share. How much error checking should be 1817 * done? We only do basic errors for now. 1818 */ 1819 static int 1820 nfs_disable_share(char *share) 1821 { 1822 int err; 1823 int ret = SA_OK; 1824 1825 if (share != NULL) { 1826 err = exportfs(share, NULL); 1827 if (err < 0) { 1828 /* 1829 * TBD: only an error in some cases - need 1830 * better analysis 1831 */ 1832 switch (errno) { 1833 case EPERM: 1834 case EACCES: 1835 ret = SA_NO_PERMISSION; 1836 if (getzoneid() != GLOBAL_ZONEID) 1837 ret = SA_NOT_SUPPORTED; 1838 break; 1839 case EINVAL: 1840 case ENOENT: 1841 ret = SA_NO_SUCH_PATH; 1842 break; 1843 default: 1844 ret = SA_SYSTEM_ERR; 1845 break; 1846 } 1847 } 1848 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) { 1849 (void) sa_delete_sharetab(share, "nfs"); 1850 /* just in case it was logged */ 1851 (void) nfslogtab_deactivate(share); 1852 } 1853 } 1854 return (ret); 1855 } 1856 1857 /* 1858 * check ro vs rw values. Over time this may get beefed up. 1859 * for now it just does simple checks. 1860 */ 1861 1862 static int 1863 check_rorw(char *v1, char *v2) 1864 { 1865 int ret = SA_OK; 1866 if (strcmp(v1, v2) == 0) 1867 ret = SA_VALUE_CONFLICT; 1868 return (ret); 1869 } 1870 1871 /* 1872 * nfs_validate_property(property, parent) 1873 * 1874 * Check that the property has a legitimate value for its type. 1875 */ 1876 1877 static int 1878 nfs_validate_property(sa_property_t property, sa_optionset_t parent) 1879 { 1880 int ret = SA_OK; 1881 char *propname; 1882 char *other; 1883 int optindex; 1884 nfsl_config_t *configlist; 1885 sa_group_t parent_group; 1886 char *value; 1887 1888 propname = sa_get_property_attr(property, "type"); 1889 1890 if ((optindex = findopt(propname)) < 0) 1891 ret = SA_NO_SUCH_PROP; 1892 1893 /* need to validate value range here as well */ 1894 1895 if (ret == SA_OK) { 1896 parent_group = sa_get_parent_group((sa_share_t)parent); 1897 if (optdefs[optindex].share && !sa_is_share(parent_group)) 1898 ret = SA_PROP_SHARE_ONLY; 1899 } 1900 if (ret == SA_OK) { 1901 value = sa_get_property_attr(property, "value"); 1902 if (value != NULL) { 1903 /* first basic type checking */ 1904 switch (optdefs[optindex].type) { 1905 case OPT_TYPE_NUMBER: 1906 /* check that the value is all digits */ 1907 if (!is_a_number(value)) 1908 ret = SA_BAD_VALUE; 1909 break; 1910 case OPT_TYPE_BOOLEAN: 1911 if (strlen(value) == 0 || 1912 strcasecmp(value, "true") == 0 || 1913 strcmp(value, "1") == 0 || 1914 strcasecmp(value, "false") == 0 || 1915 strcmp(value, "0") == 0) { 1916 ret = SA_OK; 1917 } else { 1918 ret = SA_BAD_VALUE; 1919 } 1920 break; 1921 case OPT_TYPE_USER: 1922 if (!is_a_number(value)) { 1923 struct passwd *pw; 1924 /* 1925 * in this case it would have to be a 1926 * user name 1927 */ 1928 pw = getpwnam(value); 1929 if (pw == NULL) 1930 ret = SA_BAD_VALUE; 1931 endpwent(); 1932 } else { 1933 uint64_t intval; 1934 intval = strtoull(value, NULL, 0); 1935 if (intval > UID_MAX && intval != ~0) 1936 ret = SA_BAD_VALUE; 1937 } 1938 break; 1939 case OPT_TYPE_FILE: 1940 if (strcmp(value, "..") == 0 || 1941 strchr(value, '/') != NULL) { 1942 ret = SA_BAD_VALUE; 1943 } 1944 break; 1945 case OPT_TYPE_ACCLIST: 1946 /* 1947 * access list handling. Should eventually 1948 * validate that all the values make sense. 1949 * Also, ro and rw may have cross value 1950 * conflicts. 1951 */ 1952 if (strcmp(propname, SHOPT_RO) == 0) 1953 other = SHOPT_RW; 1954 else if (strcmp(propname, SHOPT_RW) == 0) 1955 other = SHOPT_RO; 1956 else 1957 other = NULL; 1958 1959 if (other != NULL && parent != NULL) { 1960 /* compare rw(ro) with ro(rw) */ 1961 sa_property_t oprop; 1962 oprop = sa_get_property(parent, other); 1963 if (oprop != NULL) { 1964 /* 1965 * only potential 1966 * confusion if other 1967 * exists 1968 */ 1969 char *ovalue; 1970 ovalue = sa_get_property_attr( 1971 oprop, "value"); 1972 if (ovalue != NULL) { 1973 ret = check_rorw(value, 1974 ovalue); 1975 sa_free_attr_string( 1976 ovalue); 1977 } 1978 } 1979 } 1980 break; 1981 case OPT_TYPE_LOGTAG: 1982 if (nfsl_getconfig_list(&configlist) == 0) { 1983 int error; 1984 if (value == NULL || 1985 strlen(value) == 0) { 1986 if (value != NULL) 1987 sa_free_attr_string( 1988 value); 1989 value = strdup("global"); 1990 } 1991 if (value != NULL && 1992 nfsl_findconfig(configlist, value, 1993 &error) == NULL) { 1994 ret = SA_BAD_VALUE; 1995 } else { 1996 nfsl_freeconfig_list( 1997 &configlist); 1998 } 1999 } else { 2000 ret = SA_CONFIG_ERR; 2001 } 2002 break; 2003 case OPT_TYPE_STRING: 2004 /* whatever is here should be ok */ 2005 break; 2006 case OPT_TYPE_SECURITY: 2007 /* 2008 * The "sec" property isn't used in the 2009 * non-legacy parts of sharemgr. We need to 2010 * reject it here. For legacy, it is pulled 2011 * out well before we get here. 2012 */ 2013 ret = SA_NO_SUCH_PROP; 2014 break; 2015 default: 2016 break; 2017 } 2018 sa_free_attr_string(value); 2019 if (ret == SA_OK && optdefs[optindex].check != NULL) { 2020 /* do the property specific check */ 2021 ret = optdefs[optindex].check(property); 2022 } 2023 } 2024 } 2025 2026 if (propname != NULL) 2027 sa_free_attr_string(propname); 2028 return (ret); 2029 } 2030 2031 /* 2032 * Protocol management functions 2033 * 2034 * Properties defined in the default files are defined in 2035 * proto_option_defs for parsing and validation. If "other" and 2036 * "compare" are set, then the value for this property should be 2037 * compared against the property specified in "other" using the 2038 * "compare" check (either <= or >=) in order to ensure that the 2039 * values are in the correct range. E.g. setting server_versmin 2040 * higher than server_versmax should not be allowed. 2041 */ 2042 2043 struct proto_option_defs { 2044 char *tag; 2045 char *name; /* display name -- remove protocol identifier */ 2046 int index; 2047 int type; 2048 union { 2049 int intval; 2050 char *string; 2051 } defvalue; 2052 uint32_t svcs; 2053 int32_t minval; 2054 int32_t maxval; 2055 char *file; 2056 char *other; 2057 int compare; 2058 #define OPT_CMP_GE 0 2059 #define OPT_CMP_LE 1 2060 int (*check)(char *); 2061 } proto_options[] = { 2062 #define PROTO_OPT_NFSD_SERVERS 0 2063 {"nfsd_servers", 2064 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 16, SVC_NFSD, 2065 1, INT32_MAX, NFSADMIN}, 2066 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1 2067 {"lockd_listen_backlog", 2068 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG, 2069 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX, NFSADMIN}, 2070 #define PROTO_OPT_LOCKD_SERVERS 2 2071 {"lockd_servers", 2072 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 20, 2073 SVC_LOCKD, 1, INT32_MAX, NFSADMIN}, 2074 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3 2075 {"lockd_retransmit_timeout", 2076 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT, 2077 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2078 #define PROTO_OPT_GRACE_PERIOD 4 2079 {"grace_period", 2080 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90, 2081 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2082 #define PROTO_OPT_NFS_SERVER_VERSMIN 5 2083 {"nfs_server_versmin", 2084 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER, 2085 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2086 NFS_VERSMAX, NFSADMIN, "server_versmax", OPT_CMP_LE}, 2087 #define PROTO_OPT_NFS_SERVER_VERSMAX 6 2088 {"nfs_server_versmax", 2089 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER, 2090 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN, 2091 NFS_VERSMAX, NFSADMIN, "server_versmin", OPT_CMP_GE}, 2092 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7 2093 {"nfs_client_versmin", 2094 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER, 2095 (int)NFS_VERSMIN_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2096 NFSADMIN, "client_versmax", OPT_CMP_LE}, 2097 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8 2098 {"nfs_client_versmax", 2099 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER, 2100 (int)NFS_VERSMAX_DEFAULT, NULL, NFS_VERSMIN, NFS_VERSMAX, 2101 NFSADMIN, "client_versmin", OPT_CMP_GE}, 2102 #define PROTO_OPT_NFS_SERVER_DELEGATION 9 2103 {"nfs_server_delegation", 2104 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION, 2105 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0, 2106 NFSADMIN}, 2107 #define PROTO_OPT_NFSMAPID_DOMAIN 10 2108 {"nfsmapid_domain", 2109 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN, 2110 NULL, SVC_NFSMAPID, 0, 0, NFSADMIN}, 2111 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11 2112 {"nfsd_max_connections", 2113 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS, 2114 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX, NFSADMIN}, 2115 #define PROTO_OPT_NFSD_PROTOCOL 12 2116 {"nfsd_protocol", 2117 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0, 2118 SVC_NFSD, 0, 0, NFSADMIN}, 2119 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13 2120 {"nfsd_listen_backlog", 2121 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG, 2122 OPT_TYPE_NUMBER, 0, 2123 SVC_LOCKD, 0, INT32_MAX, NFSADMIN}, 2124 {NULL} 2125 }; 2126 2127 /* 2128 * the protoset holds the defined options so we don't have to read 2129 * them multiple times 2130 */ 2131 sa_protocol_properties_t protoset; 2132 2133 static int 2134 findprotoopt(char *name, int whichname) 2135 { 2136 int i; 2137 for (i = 0; proto_options[i].tag != NULL; i++) { 2138 if (whichname == 1) { 2139 if (strcasecmp(proto_options[i].name, name) == 0) 2140 return (i); 2141 } else { 2142 if (strcasecmp(proto_options[i].tag, name) == 0) 2143 return (i); 2144 } 2145 } 2146 return (-1); 2147 } 2148 2149 /* 2150 * fixcaselower(str) 2151 * 2152 * convert a string to lower case (inplace). 2153 */ 2154 2155 static void 2156 fixcaselower(char *str) 2157 { 2158 while (*str) { 2159 *str = tolower(*str); 2160 str++; 2161 } 2162 } 2163 2164 /* 2165 * fixcaseupper(str) 2166 * 2167 * convert a string to upper case (inplace). 2168 */ 2169 2170 static void 2171 fixcaseupper(char *str) 2172 { 2173 while (*str) { 2174 *str = toupper(*str); 2175 str++; 2176 } 2177 } 2178 2179 /* 2180 * skipwhitespace(str) 2181 * 2182 * Skip leading white space. It is assumed that it is called with a 2183 * valid pointer. 2184 */ 2185 2186 static char * 2187 skipwhitespace(char *str) 2188 { 2189 while (*str && isspace(*str)) 2190 str++; 2191 2192 return (str); 2193 } 2194 2195 /* 2196 * extractprop() 2197 * 2198 * Extract the property and value out of the line and create the 2199 * property in the optionset. 2200 */ 2201 static void 2202 extractprop(char *name, char *value) 2203 { 2204 sa_property_t prop; 2205 int index; 2206 /* 2207 * Remove any leading 2208 * white space. 2209 */ 2210 name = skipwhitespace(name); 2211 2212 index = findprotoopt(name, 0); 2213 if (index >= 0) { 2214 fixcaselower(name); 2215 prop = sa_create_property(proto_options[index].name, value); 2216 if (prop != NULL) 2217 (void) sa_add_protocol_property(protoset, prop); 2218 } 2219 } 2220 2221 /* 2222 * initprotofromdefault() 2223 * 2224 * read the default file(s) and add the defined values to the 2225 * protoset. Note that default values are known from the built in 2226 * table in case the file doesn't have a definition. 2227 */ 2228 2229 static int 2230 initprotofromdefault() 2231 { 2232 FILE *nfs; 2233 char buff[BUFSIZ]; 2234 char *name; 2235 char *value; 2236 2237 protoset = sa_create_protocol_properties("nfs"); 2238 2239 if (protoset != NULL) { 2240 nfs = fopen(NFSADMIN, "r"); 2241 if (nfs != NULL) { 2242 while (fgets(buff, sizeof (buff), nfs) != NULL) { 2243 switch (buff[0]) { 2244 case '\n': 2245 case '#': 2246 /* skip */ 2247 break; 2248 default: 2249 name = buff; 2250 buff[strlen(buff) - 1] = '\0'; 2251 value = strchr(name, '='); 2252 if (value != NULL) { 2253 *value++ = '\0'; 2254 extractprop(name, value); 2255 } 2256 } 2257 } 2258 if (nfs != NULL) 2259 (void) fclose(nfs); 2260 } 2261 } 2262 if (protoset == NULL) 2263 return (SA_NO_MEMORY); 2264 return (SA_OK); 2265 } 2266 2267 /* 2268 * add_defaults() 2269 * 2270 * Add the default values for any property not defined in the parsing 2271 * of the default files. Values are set according to their defined 2272 * types. 2273 */ 2274 2275 static void 2276 add_defaults() 2277 { 2278 int i; 2279 char number[MAXDIGITS]; 2280 2281 for (i = 0; proto_options[i].tag != NULL; i++) { 2282 sa_property_t prop; 2283 prop = sa_get_protocol_property(protoset, 2284 proto_options[i].name); 2285 if (prop == NULL) { 2286 /* add the default value */ 2287 switch (proto_options[i].type) { 2288 case OPT_TYPE_NUMBER: 2289 (void) snprintf(number, sizeof (number), "%d", 2290 proto_options[i].defvalue.intval); 2291 prop = sa_create_property(proto_options[i].name, 2292 number); 2293 break; 2294 2295 case OPT_TYPE_BOOLEAN: 2296 prop = sa_create_property(proto_options[i].name, 2297 proto_options[i].defvalue.intval ? 2298 "true" : "false"); 2299 break; 2300 2301 case OPT_TYPE_ONOFF: 2302 prop = sa_create_property(proto_options[i].name, 2303 proto_options[i].defvalue.intval ? 2304 "on" : "off"); 2305 break; 2306 2307 default: 2308 /* treat as strings of zero length */ 2309 prop = sa_create_property(proto_options[i].name, 2310 ""); 2311 break; 2312 } 2313 if (prop != NULL) 2314 (void) sa_add_protocol_property(protoset, prop); 2315 } 2316 } 2317 } 2318 2319 static void 2320 free_protoprops() 2321 { 2322 xmlFreeNode(protoset); 2323 } 2324 2325 /* 2326 * nfs_init() 2327 * 2328 * Initialize the NFS plugin. 2329 */ 2330 2331 static int 2332 nfs_init() 2333 { 2334 int ret = SA_OK; 2335 2336 if (sa_plugin_ops.sa_init != nfs_init) 2337 (void) printf(dgettext(TEXT_DOMAIN, 2338 "NFS plugin not properly initialized\n")); 2339 2340 ret = initprotofromdefault(); 2341 if (ret == SA_OK) 2342 add_defaults(); 2343 2344 return (ret); 2345 } 2346 2347 /* 2348 * nfs_fini() 2349 * 2350 * uninitialize the NFS plugin. Want to avoid memory leaks. 2351 */ 2352 2353 static void 2354 nfs_fini() 2355 { 2356 free_protoprops(); 2357 } 2358 2359 /* 2360 * nfs_get_proto_set() 2361 * 2362 * Return an optionset with all the protocol specific properties in 2363 * it. 2364 */ 2365 2366 static sa_protocol_properties_t 2367 nfs_get_proto_set() 2368 { 2369 return (protoset); 2370 } 2371 2372 struct deffile { 2373 struct deffile *next; 2374 char *line; 2375 }; 2376 2377 /* 2378 * read_default_file(fname) 2379 * 2380 * Read the specified default file. We return a list of entries. This 2381 * get used for adding or removing values. 2382 */ 2383 2384 static struct deffile * 2385 read_default_file(char *fname) 2386 { 2387 FILE *file; 2388 struct deffile *defs = NULL; 2389 struct deffile *newdef; 2390 struct deffile *prevdef = NULL; 2391 char buff[BUFSIZ * 2]; 2392 2393 file = fopen(fname, "r"); 2394 if (file != NULL) { 2395 while (fgets(buff, sizeof (buff), file) != NULL) { 2396 newdef = (struct deffile *)calloc(1, 2397 sizeof (struct deffile)); 2398 if (newdef != NULL) { 2399 /* Make sure we skip any leading whitespace. */ 2400 newdef->line = strdup(skipwhitespace(buff)); 2401 if (defs == NULL) { 2402 prevdef = defs = newdef; 2403 } else { 2404 prevdef->next = newdef; 2405 prevdef = newdef; 2406 } 2407 } 2408 } 2409 } 2410 (void) fclose(file); 2411 return (defs); 2412 } 2413 2414 static void 2415 free_default_file(struct deffile *defs) 2416 { 2417 struct deffile *curdefs = NULL; 2418 2419 while (defs != NULL) { 2420 curdefs = defs; 2421 defs = defs->next; 2422 if (curdefs->line != NULL) 2423 free(curdefs->line); 2424 free(curdefs); 2425 } 2426 } 2427 2428 /* 2429 * write_default_file(fname, defs) 2430 * 2431 * Write the default file back. 2432 */ 2433 2434 static int 2435 write_default_file(char *fname, struct deffile *defs) 2436 { 2437 FILE *file; 2438 int ret = SA_OK; 2439 sigset_t old, new; 2440 2441 file = fopen(fname, "w+"); 2442 if (file != NULL) { 2443 (void) sigprocmask(SIG_BLOCK, NULL, &new); 2444 (void) sigaddset(&new, SIGHUP); 2445 (void) sigaddset(&new, SIGINT); 2446 (void) sigaddset(&new, SIGQUIT); 2447 (void) sigaddset(&new, SIGTSTP); 2448 (void) sigprocmask(SIG_SETMASK, &new, &old); 2449 while (defs != NULL) { 2450 (void) fputs(defs->line, file); 2451 defs = defs->next; 2452 } 2453 (void) fsync(fileno(file)); 2454 (void) sigprocmask(SIG_SETMASK, &old, NULL); 2455 (void) fclose(file); 2456 } else { 2457 switch (errno) { 2458 case EPERM: 2459 case EACCES: 2460 ret = SA_NO_PERMISSION; 2461 break; 2462 default: 2463 ret = SA_SYSTEM_ERR; 2464 } 2465 } 2466 return (ret); 2467 } 2468 2469 2470 /* 2471 * set_default_file_value(tag, value) 2472 * 2473 * Set the default file value for tag to value. Then rewrite the file. 2474 * tag and value are always set. The caller must ensure this. 2475 */ 2476 2477 #define MAX_STRING_LENGTH 256 2478 static int 2479 set_default_file_value(char *tag, char *value) 2480 { 2481 int ret = SA_OK; 2482 struct deffile *root; 2483 struct deffile *defs; 2484 struct deffile *prev; 2485 char string[MAX_STRING_LENGTH]; 2486 int len; 2487 int update = 0; 2488 2489 (void) snprintf(string, MAX_STRING_LENGTH, "%s=", tag); 2490 len = strlen(string); 2491 2492 root = defs = read_default_file(NFSADMIN); 2493 if (root == NULL) { 2494 if (errno == EPERM || errno == EACCES) 2495 ret = SA_NO_PERMISSION; 2496 else 2497 ret = SA_SYSTEM_ERR; 2498 } else { 2499 while (defs != NULL) { 2500 if (defs->line != NULL && 2501 strncasecmp(defs->line, string, len) == 0) { 2502 /* replace with the new value */ 2503 free(defs->line); 2504 fixcaseupper(tag); 2505 (void) snprintf(string, sizeof (string), 2506 "%s=%s\n", tag, value); 2507 string[MAX_STRING_LENGTH - 1] = '\0'; 2508 defs->line = strdup(string); 2509 update = 1; 2510 break; 2511 } 2512 defs = defs->next; 2513 } 2514 if (!update) { 2515 defs = root; 2516 /* didn't find, so see if it is a comment */ 2517 (void) snprintf(string, MAX_STRING_LENGTH, "#%s=", tag); 2518 len = strlen(string); 2519 while (defs != NULL) { 2520 if (strncasecmp(defs->line, string, len) == 0) { 2521 /* replace with the new value */ 2522 free(defs->line); 2523 fixcaseupper(tag); 2524 (void) snprintf(string, sizeof (string), 2525 "%s=%s\n", tag, value); 2526 string[MAX_STRING_LENGTH - 1] = '\0'; 2527 defs->line = strdup(string); 2528 update = 1; 2529 break; 2530 } 2531 defs = defs->next; 2532 } 2533 } 2534 if (!update) { 2535 fixcaseupper(tag); 2536 (void) snprintf(string, sizeof (string), "%s=%s\n", 2537 tag, value); 2538 prev = root; 2539 while (prev->next != NULL) 2540 prev = prev->next; 2541 defs = malloc(sizeof (struct deffile)); 2542 prev->next = defs; 2543 if (defs != NULL) { 2544 defs->next = NULL; 2545 defs->line = strdup(string); 2546 } 2547 } 2548 if (update) { 2549 ret = write_default_file(NFSADMIN, root); 2550 } 2551 free_default_file(root); 2552 } 2553 return (ret); 2554 } 2555 2556 /* 2557 * service_in_state(service, chkstate) 2558 * 2559 * Want to know if the specified service is in the desired state 2560 * (chkstate) or not. Return true (1) if it is and false (0) if it 2561 * isn't. 2562 */ 2563 static int 2564 service_in_state(char *service, const char *chkstate) 2565 { 2566 char *state; 2567 int ret = B_FALSE; 2568 2569 state = smf_get_state(service); 2570 if (state != NULL) { 2571 /* got the state so get the equality for the return value */ 2572 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE; 2573 free(state); 2574 } 2575 return (ret); 2576 } 2577 2578 /* 2579 * restart_service(svcs) 2580 * 2581 * Walk through the bit mask of services that need to be restarted in 2582 * order to use the new property values. Some properties affect 2583 * multiple daemons. Should only restart a service if it is currently 2584 * enabled (online). 2585 */ 2586 2587 static void 2588 restart_service(uint32_t svcs) 2589 { 2590 uint32_t mask; 2591 int ret; 2592 char *service; 2593 2594 for (mask = 1; svcs != 0; mask <<= 1) { 2595 switch (svcs & mask) { 2596 case SVC_LOCKD: 2597 service = LOCKD; 2598 break; 2599 case SVC_STATD: 2600 service = STATD; 2601 break; 2602 case SVC_NFSD: 2603 service = NFSD; 2604 break; 2605 case SVC_MOUNTD: 2606 service = MOUNTD; 2607 break; 2608 case SVC_NFS4CBD: 2609 service = NFS4CBD; 2610 break; 2611 case SVC_NFSMAPID: 2612 service = NFSMAPID; 2613 break; 2614 case SVC_RQUOTAD: 2615 service = RQUOTAD; 2616 break; 2617 case SVC_NFSLOGD: 2618 service = NFSLOGD; 2619 break; 2620 default: 2621 continue; 2622 } 2623 2624 /* 2625 * Only attempt to restart the service if it is 2626 * currently running. In the future, it may be 2627 * desirable to use smf_refresh_instance if the NFS 2628 * services ever implement the refresh method. 2629 */ 2630 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) { 2631 ret = smf_restart_instance(service); 2632 /* 2633 * There are only a few SMF errors at this point, but 2634 * it is also possible that a bad value may have put 2635 * the service into maintenance if there wasn't an 2636 * SMF level error. 2637 */ 2638 if (ret != 0) { 2639 (void) fprintf(stderr, 2640 dgettext(TEXT_DOMAIN, 2641 "%s failed to restart: %s\n"), 2642 scf_strerror(scf_error())); 2643 } else { 2644 /* 2645 * Check whether it has gone to "maintenance" 2646 * mode or not. Maintenance implies something 2647 * went wrong. 2648 */ 2649 if (service_in_state(service, 2650 SCF_STATE_STRING_MAINT)) { 2651 (void) fprintf(stderr, 2652 dgettext(TEXT_DOMAIN, 2653 "%s failed to restart\n"), 2654 service); 2655 } 2656 } 2657 } 2658 svcs &= ~mask; 2659 } 2660 } 2661 2662 /* 2663 * nfs_minmax_check(name, value) 2664 * 2665 * Verify that the value for the property specified by index is valid 2666 * relative to the opposite value in the case of a min/max variable. 2667 * Currently, server_minvers/server_maxvers and 2668 * client_minvers/client_maxvers are the only ones to check. 2669 */ 2670 2671 static int 2672 nfs_minmax_check(int index, int value) 2673 { 2674 int val; 2675 char *pval; 2676 sa_property_t prop; 2677 sa_optionset_t opts; 2678 int ret = B_TRUE; 2679 2680 if (proto_options[index].other != NULL) { 2681 /* have a property to compare against */ 2682 opts = nfs_get_proto_set(); 2683 prop = sa_get_property(opts, proto_options[index].other); 2684 /* 2685 * If we don't find the property, assume default 2686 * values which will work since the max will be at the 2687 * max and the min at the min. 2688 */ 2689 if (prop != NULL) { 2690 pval = sa_get_property_attr(prop, "value"); 2691 if (pval != NULL) { 2692 val = strtoul(pval, NULL, 0); 2693 if (proto_options[index].compare == 2694 OPT_CMP_LE) { 2695 ret = value <= val ? B_TRUE : B_FALSE; 2696 } else if (proto_options[index].compare == 2697 OPT_CMP_GE) { 2698 ret = value >= val ? B_TRUE : B_FALSE; 2699 } 2700 } 2701 } 2702 } 2703 return (ret); 2704 } 2705 2706 /* 2707 * nfs_validate_proto_prop(index, name, value) 2708 * 2709 * Verify that the property specifed by name can take the new 2710 * value. This is a sanity check to prevent bad values getting into 2711 * the default files. All values need to be checked against what is 2712 * allowed by their defined type. If a type isn't explicitly defined 2713 * here, it is treated as a string. 2714 * 2715 * Note that OPT_TYPE_NUMBER will additionally check that the value is 2716 * within the range specified and potentially against another property 2717 * value as well as specified in the proto_options members other and 2718 * compare. 2719 */ 2720 2721 static int 2722 nfs_validate_proto_prop(int index, char *name, char *value) 2723 { 2724 int ret = SA_OK; 2725 char *cp; 2726 #ifdef lint 2727 name = name; 2728 #endif 2729 2730 switch (proto_options[index].type) { 2731 case OPT_TYPE_NUMBER: 2732 if (!is_a_number(value)) 2733 ret = SA_BAD_VALUE; 2734 else { 2735 int val; 2736 val = strtoul(value, NULL, 0); 2737 if (val < proto_options[index].minval || 2738 val > proto_options[index].maxval) 2739 ret = SA_BAD_VALUE; 2740 /* 2741 * For server_versmin/server_versmax and 2742 * client_versmin/client_versmax, the value of the 2743 * min(max) should be checked to be correct relative 2744 * to the current max(min). 2745 */ 2746 if (!nfs_minmax_check(index, val)) { 2747 ret = SA_BAD_VALUE; 2748 } 2749 } 2750 break; 2751 2752 case OPT_TYPE_DOMAIN: 2753 /* 2754 * needs to be a qualified domain so will have at 2755 * least one period and other characters on either 2756 * side of it. A zero length string is also allowed 2757 * and is the way to turn off the override. 2758 */ 2759 if (strlen(value) == 0) 2760 break; 2761 cp = strchr(value, '.'); 2762 if (cp == NULL || cp == value || strchr(value, '@') != NULL) 2763 ret = SA_BAD_VALUE; 2764 break; 2765 2766 case OPT_TYPE_BOOLEAN: 2767 if (strlen(value) == 0 || 2768 strcasecmp(value, "true") == 0 || 2769 strcmp(value, "1") == 0 || 2770 strcasecmp(value, "false") == 0 || 2771 strcmp(value, "0") == 0) { 2772 ret = SA_OK; 2773 } else { 2774 ret = SA_BAD_VALUE; 2775 } 2776 break; 2777 2778 case OPT_TYPE_ONOFF: 2779 if (strcasecmp(value, "on") != 0 && 2780 strcasecmp(value, "off") != 0) { 2781 ret = SA_BAD_VALUE; 2782 } 2783 break; 2784 2785 case OPT_TYPE_PROTOCOL: 2786 if (strcasecmp(value, "all") != 0 && 2787 strcasecmp(value, "tcp") != 0 && 2788 strcasecmp(value, "udp") != 0) 2789 ret = SA_BAD_VALUE; 2790 break; 2791 2792 default: 2793 /* treat as a string */ 2794 break; 2795 } 2796 return (ret); 2797 } 2798 2799 /* 2800 * nfs_set_proto_prop(prop) 2801 * 2802 * check that prop is valid. 2803 */ 2804 2805 static int 2806 nfs_set_proto_prop(sa_property_t prop) 2807 { 2808 int ret = SA_OK; 2809 char *name; 2810 char *value; 2811 2812 name = sa_get_property_attr(prop, "type"); 2813 value = sa_get_property_attr(prop, "value"); 2814 if (name != NULL && value != NULL) { 2815 int index = findprotoopt(name, 1); 2816 if (index >= 0) { 2817 /* should test for valid value */ 2818 ret = nfs_validate_proto_prop(index, name, value); 2819 if (ret == SA_OK) 2820 ret = set_default_file_value( 2821 proto_options[index].tag, value); 2822 if (ret == SA_OK) 2823 restart_service(proto_options[index].svcs); 2824 } 2825 } 2826 if (name != NULL) 2827 sa_free_attr_string(name); 2828 if (value != NULL) 2829 sa_free_attr_string(value); 2830 return (ret); 2831 } 2832 2833 /* 2834 * nfs_get_status() 2835 * 2836 * What is the current status of the nfsd? We use the SMF state here. 2837 * Caller must free the returned value. 2838 */ 2839 2840 static char * 2841 nfs_get_status() 2842 { 2843 char *state; 2844 state = smf_get_state(NFSD); 2845 return (state != NULL ? state : strdup("-")); 2846 } 2847 2848 /* 2849 * nfs_space_alias(alias) 2850 * 2851 * Lookup the space (security) name. If it is default, convert to the 2852 * real name. 2853 */ 2854 2855 static char * 2856 nfs_space_alias(char *space) 2857 { 2858 char *name = space; 2859 seconfig_t secconf; 2860 2861 /* 2862 * Only the space named "default" is special. If it is used, 2863 * the default needs to be looked up and the real name used. 2864 * This is normally "sys" but could be changed. We always 2865 * change defautl to the real name. 2866 */ 2867 if (strcmp(space, "default") == 0 && 2868 nfs_getseconfig_default(&secconf) == 0) { 2869 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0) 2870 name = secconf.sc_name; 2871 } 2872 return (strdup(name)); 2873 } 2874