+ freeaddrinfo(ai);
+}
+
+static int can_test(void)
+{
+ int fd;
+ int n;
+ char *setup = "nfsd 0.0.0.0 2147483647 -test-client-\n";
+ fd = open("/proc/net/rpc/auth.unix.ip/channel", O_WRONLY);
+ if ( fd < 0) return 0;
+ n = write(fd, setup, strlen(setup));
+ close(fd);
+ if (n < 0)
+ return 0;
+ fd = open("/proc/net/rpc/nfsd.export/channel", O_WRONLY);
+ if ( fd < 0) return 0;
+ close(fd);
+ return 1;
+}
+
+static int test_export(char *path, int with_fsid)
+{
+ char buf[1024];
+ int fd, n;
+
+ sprintf(buf, "-test-client- %s 3 %d -1 -1 0\n",
+ path,
+ with_fsid ? NFSEXP_FSID : 0);
+ fd = open("/proc/net/rpc/nfsd.export/channel", O_WRONLY);
+ if (fd < 0)
+ return 0;
+ n = write(fd, buf, strlen(buf));
+ close(fd);
+ if (n < 0)
+ return 0;
+ return 1;
+}
+
+static void
+validate_export(nfs_export *exp)
+{
+ /* Check that the given export point is potentially exportable.
+ * We just give warnings here, don't cause anything to fail.
+ * If a path doesn't exist, or is not a dir or file, give an warning
+ * otherwise trial-export to '-test-client-' and check for failure.
+ */
+ struct stat stb;
+ char *path = exp->m_export.e_path;
+ struct statfs64 stf;
+ int fs_has_fsid = 0;
+
+ if (stat(path, &stb) < 0) {
+ xlog(L_ERROR, "Failed to stat %s: %m", path);
+ return;
+ }
+ if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
+ xlog(L_ERROR, "%s is neither a directory nor a file. "
+ "Remote access will fail", path);
+ return;
+ }
+ if (!can_test())
+ return;
+
+ if (!statfs64(path, &stf) &&
+ (stf.f_fsid.__val[0] || stf.f_fsid.__val[1]))
+ fs_has_fsid = 1;
+
+ if ((exp->m_export.e_flags & NFSEXP_FSID) || exp->m_export.e_uuid ||
+ fs_has_fsid) {
+ if ( !test_export(path, 1)) {
+ xlog(L_ERROR, "%s does not support NFS export", path);
+ return;
+ }
+ } else if ( ! test_export(path, 0)) {
+ if (test_export(path, 1))
+ xlog(L_ERROR, "%s requires fsid= for NFS export", path);
+ else
+ xlog(L_ERROR, "%s does not support NFS export", path);
+ return;
+
+ }
+}
+
+static _Bool
+is_hostname(const char *sp)
+{
+ if (*sp == '\0' || *sp == '@')
+ return false;
+
+ for (; *sp != '\0'; sp++) {
+ if (*sp == '*' || *sp == '?' || *sp == '[' || *sp == '/')
+ return false;
+ if (*sp == '\\' && sp[1] != '\0')
+ sp++;
+ }
+
+ return true;
+}
+
+/*
+ * Take care to perform an explicit reverse lookup on presentation
+ * addresses. Otherwise we don't get a real canonical name or a
+ * complete list of addresses.
+ */
+static struct addrinfo *
+address_list(const char *hostname)
+{
+ struct addrinfo *ai;
+ char *cname;
+
+ ai = host_pton(hostname);
+ if (ai != NULL) {
+ /* @hostname was a presentation address */
+ cname = host_canonname(ai->ai_addr);
+ freeaddrinfo(ai);
+ if (cname != NULL)
+ goto out;
+ }
+ /* @hostname was a hostname or had no reverse mapping */
+ cname = strdup(hostname);
+ if (cname == NULL)
+ return NULL;
+
+out:
+ ai = host_addrinfo(cname);
+ free(cname);
+ return ai;
+}
+
+static int
+matchhostname(const char *hostname1, const char *hostname2)
+{
+ struct addrinfo *results1 = NULL, *results2 = NULL;
+ struct addrinfo *ai1, *ai2;
+ int result = 0;
+
+ if (strcasecmp(hostname1, hostname2) == 0)
+ return 1;
+
+ /*
+ * Don't pass export wildcards or netgroup names to DNS
+ */
+ if (!is_hostname(hostname1) || !is_hostname(hostname2))
+ return 0;
+
+ results1 = address_list(hostname1);
+ if (results1 == NULL)
+ goto out;
+ results2 = address_list(hostname2);
+ if (results2 == NULL)
+ goto out;
+
+ if (strcasecmp(results1->ai_canonname, results2->ai_canonname) == 0) {
+ result = 1;
+ goto out;
+ }
+
+ for (ai1 = results1; ai1 != NULL; ai1 = ai1->ai_next)
+ for (ai2 = results2; ai2 != NULL; ai2 = ai2->ai_next)
+ if (nfs_compare_sockaddr(ai1->ai_addr, ai2->ai_addr)) {
+ result = 1;
+ break;
+ }
+
+out:
+ freeaddrinfo(results1);
+ freeaddrinfo(results2);
+ return result;
+}
+
+/* Based on mnt_table_parse_dir() in
+ util-linux-ng/shlibs/mount/src/tab_parse.c */
+static void
+export_d_read(const char *dname)
+{
+ int n = 0, i;
+ struct dirent **namelist = NULL;
+
+
+ n = scandir(dname, &namelist, NULL, versionsort);
+ if (n < 0) {
+ if (errno == ENOENT)
+ /* Silently return */
+ return;
+ xlog(L_NOTICE, "scandir %s: %s", dname, strerror(errno));
+ } else if (n == 0)
+ return;
+
+ for (i = 0; i < n; i++) {
+ struct dirent *d = namelist[i];
+ size_t namesz;
+ char fname[PATH_MAX + 1];
+ int fname_len;
+
+
+ if (d->d_type != DT_UNKNOWN
+ && d->d_type != DT_REG
+ && d->d_type != DT_LNK)
+ continue;
+ if (*d->d_name == '.')
+ continue;
+
+#define _EXT_EXPORT_SIZ (sizeof(_EXT_EXPORT) - 1)
+ namesz = strlen(d->d_name);
+ if (!namesz
+ || namesz < _EXT_EXPORT_SIZ + 1
+ || strcmp(d->d_name + (namesz - _EXT_EXPORT_SIZ),
+ _EXT_EXPORT))
+ continue;
+
+ fname_len = snprintf(fname, PATH_MAX +1, "%s/%s", dname, d->d_name);
+ if (fname_len > PATH_MAX) {
+ xlog(L_WARNING, "Too long file name: %s in %s", d->d_name, dname);
+ continue;
+ }
+
+ export_read(fname);
+ }
+
+ for (i = 0; i < n; i++)
+ free(namelist[i]);
+ free(namelist);
+
+ return;