#include "misc.h"
#include "mountd.h"
#include "rpcmisc.h"
+#include "pseudoflavors.h"
extern void cache_open(void);
extern struct nfs_fh_len *cache_get_filehandle(nfs_export *exp, int len, char *p);
-extern void cache_export(nfs_export *exp);
+extern int cache_export(nfs_export *exp, char *path);
extern void my_svc_run(void);
static void usage(const char *, int exitcode);
static exports get_exportlist(void);
-static struct nfs_fh_len *get_rootfh(struct svc_req *, dirpath *, mountstat3 *, int v3);
+static struct nfs_fh_len *get_rootfh(struct svc_req *, dirpath *, nfs_export **, mountstat3 *, int v3);
+int reverse_resolve = 0;
int new_cache = 0;
+int manage_gids;
+int use_ipaddr = -1;
/* PRC: a high-availability callout program can be specified with -H
* When this is done, the program will receive callouts whenever clients
{ "ha-callout", 1, 0, 'H' },
{ "state-directory-path", 1, 0, 's' },
{ "num-threads", 1, 0, 't' },
+ { "reverse-lookup", 0, 0, 'r' },
+ { "manage-gids", 0, 0, 'g' },
{ NULL, 0, 0, 0 }
};
pmap_unset (MOUNTPROG, MOUNTVERS_NFSV3);
}
+static void
+cleanup_lockfiles (void)
+{
+ unlink(_PATH_XTABLCK);
+ unlink(_PATH_ETABLCK);
+ unlink(_PATH_RMTABLCK);
+}
+
/* Wait for all worker child processes to exit and reap them */
static void
wait_for_workers (void)
/* in parent */
wait_for_workers();
unregister_services();
+ cleanup_lockfiles();
xlog(L_NOTICE, "mountd: no more workers, exiting\n");
exit(0);
}
kill(0, SIGTERM);
wait_for_workers();
}
+ cleanup_lockfiles();
xlog (L_FATAL, "Caught signal %d, un-registering and exiting.", sig);
}
static void
sig_hup (int sig)
{
- /* don't exit on SIGHUP */
- xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
- return;
+ /* don't exit on SIGHUP */
+ xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
+ return;
}
bool_t
struct nfs_fh_len *fh;
xlog(D_CALL, "MNT1(%s) called", *path);
- if ((fh = get_rootfh(rqstp, path, &res->fhs_status, 0)) != NULL)
+ fh = get_rootfh(rqstp, path, NULL, &res->fhs_status, 0);
+ if (fh)
memcpy(&res->fhstatus_u.fhs_fhandle, fh->fh_handle, 32);
return 1;
}
bool_t
mount_dump_1_svc(struct svc_req *rqstp, void *argp, mountlist *res)
{
- struct sockaddr_in *addr =
- (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
- if ((*res = mountlist_list()) == NULL)
- xlog(L_WARNING, "dump request from %s failed.",
- inet_ntoa(addr->sin_addr));
+ xlog(D_CALL, "dump request from %s.", inet_ntoa(addr->sin_addr));
+ *res = mountlist_list();
return 1;
}
bool_t
mount_umnt_1_svc(struct svc_req *rqstp, dirpath *argp, void *resp)
{
- struct sockaddr_in *sin
- = (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
nfs_export *exp;
char *p = *argp;
char rpath[MAXPATHLEN+1];
if (!(exp = auth_authenticate("unmount", sin, p))) {
return 1;
}
- if (new_cache) {
- if (strcmp(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname))
- mountlist_del(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname);
- mountlist_del(exp->m_client->m_hostname, p);
- } else {
- mountlist_del(exp->m_client->m_hostname, p);
- export_reset (exp);
- }
+
+ mountlist_del(inet_ntoa(sin->sin_addr), p);
return 1;
}
/* Reload /etc/xtab if necessary */
auth_reload();
- mountlist_del_all((struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt));
+ mountlist_del_all(nfs_getrpccaller_in(rqstp->rq_xprt));
return 1;
}
bool_t
mount_export_1_svc(struct svc_req *rqstp, void *argp, exports *resp)
{
- struct sockaddr_in *addr =
- (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
- if ((*resp = get_exportlist()) == NULL)
- xlog(L_WARNING, "export request from %s failed.",
- inet_ntoa(addr->sin_addr));
+ xlog(D_CALL, "export request from %s.", inet_ntoa(addr->sin_addr));
+ *resp = get_exportlist();
return 1;
}
bool_t
mount_exportall_1_svc(struct svc_req *rqstp, void *argp, exports *resp)
{
- struct sockaddr_in *addr =
- (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
+
+ xlog(D_CALL, "exportall request from %s.", inet_ntoa(addr->sin_addr));
+ *resp = get_exportlist();
- if ((*resp = get_exportlist()) == NULL)
- xlog(L_WARNING, "exportall request from %s failed.",
- inet_ntoa(addr->sin_addr));
return 1;
}
bool_t
mount_pathconf_2_svc(struct svc_req *rqstp, dirpath *path, ppathcnf *res)
{
- struct sockaddr_in *sin
- = (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
struct stat stb;
nfs_export *exp;
char rpath[MAXPATHLEN+1];
}
/* Now authenticate the intruder... */
- if (!(exp = auth_authenticate("pathconf", sin, p))) {
+ exp = auth_authenticate("pathconf", sin, p);
+ if (!exp) {
return 1;
} else if (stat(p, &stb) < 0) {
xlog(L_WARNING, "can't stat exported dir %s: %s",
p, strerror(errno));
- export_reset (exp);
return 1;
}
res->pc_mask[0] = 0;
res->pc_mask[1] = 0;
- export_reset (exp);
-
return 1;
}
+/*
+ * We should advertise the preferred flavours first. (See RFC 2623
+ * section 2.7.) We leave that to the administrator, by advertising
+ * flavours in the order they were listed in /etc/exports. AUTH_NULL is
+ * dropped from the list to avoid backward compatibility issue with
+ * older Linux clients, who inspect the list in reversed order.
+ *
+ * XXX: It might be more helpful to rearrange these so that flavors
+ * giving more access (as determined from readonly and id-squashing
+ * options) come first. (If we decide to do that we should probably do
+ * that when reading the exports rather than here.)
+ */
+static void set_authflavors(struct mountres3_ok *ok, nfs_export *exp)
+{
+ struct sec_entry *s;
+ static int flavors[SECFLAVOR_COUNT];
+ int i = 0;
+
+ for (s = exp->m_export.e_secinfo; s->flav; s++) {
+ if (s->flav->fnum == AUTH_NULL)
+ continue;
+ flavors[i] = s->flav->fnum;
+ i++;
+ }
+ ok->auth_flavors.auth_flavors_val = flavors;
+ ok->auth_flavors.auth_flavors_len = i;
+}
+
/*
* NFSv3 MOUNT procedure
*/
bool_t
mount_mnt_3_svc(struct svc_req *rqstp, dirpath *path, mountres3 *res)
{
-#define AUTH_GSS_KRB5 390003
-#define AUTH_GSS_KRB5I 390004
-#define AUTH_GSS_KRB5P 390005
- static int flavors[] = { AUTH_NULL, AUTH_UNIX, AUTH_GSS_KRB5, AUTH_GSS_KRB5I, AUTH_GSS_KRB5P};
+ struct mountres3_ok *ok = &res->mountres3_u.mountinfo;
+ nfs_export *exp;
struct nfs_fh_len *fh;
xlog(D_CALL, "MNT3(%s) called", *path);
- if ((fh = get_rootfh(rqstp, path, &res->fhs_status, 1)) != NULL) {
- struct mountres3_ok *ok = &res->mountres3_u.mountinfo;
-
- ok->fhandle.fhandle3_len = fh->fh_size;
- ok->fhandle.fhandle3_val = (char *)fh->fh_handle;
- ok->auth_flavors.auth_flavors_len
- = sizeof(flavors)/sizeof(flavors[0]);
- ok->auth_flavors.auth_flavors_val = flavors;
- }
+ fh = get_rootfh(rqstp, path, &exp, &res->fhs_status, 1);
+ if (!fh)
+ return 1;
+
+ ok->fhandle.fhandle3_len = fh->fh_size;
+ ok->fhandle.fhandle3_val = (char *)fh->fh_handle;
+ set_authflavors(ok, exp);
return 1;
}
static struct nfs_fh_len *
-get_rootfh(struct svc_req *rqstp, dirpath *path, mountstat3 *error, int v3)
+get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
+ mountstat3 *error, int v3)
{
- struct sockaddr_in *sin =
- (struct sockaddr_in *) svc_getcaller(rqstp->rq_xprt);
+ struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
struct stat stb, estb;
nfs_export *exp;
+ struct nfs_fh_len *fh;
char rpath[MAXPATHLEN+1];
char *p = *path;
}
/* Now authenticate the intruder... */
- if (!(exp = auth_authenticate("mount", sin, p))) {
+ exp = auth_authenticate("mount", sin, p);
+ if (!exp) {
*error = NFSERR_ACCES;
- } else if (stat(p, &stb) < 0) {
+ return NULL;
+ }
+ if (stat(p, &stb) < 0) {
xlog(L_WARNING, "can't stat exported dir %s: %s",
p, strerror(errno));
if (errno == ENOENT)
*error = NFSERR_NOENT;
else
*error = NFSERR_ACCES;
- } else if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
+ return NULL;
+ }
+ if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
xlog(L_WARNING, "%s is not a directory or regular file", p);
*error = NFSERR_NOTDIR;
- } else if (stat(exp->m_export.e_path, &estb) < 0) {
+ return NULL;
+ }
+ if (stat(exp->m_export.e_path, &estb) < 0) {
xlog(L_WARNING, "can't stat export point %s: %s",
p, strerror(errno));
*error = NFSERR_NOENT;
- } else if (estb.st_dev != stb.st_dev
- /* && (!new_cache || !(exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) */
- ) {
+ return NULL;
+ }
+ if (estb.st_dev != stb.st_dev
+ && (!new_cache
+ || !(exp->m_export.e_flags & NFSEXP_CROSSMOUNT))) {
xlog(L_WARNING, "request to export directory %s below nearest filesystem %s",
p, exp->m_export.e_path);
*error = NFSERR_ACCES;
- } else if (exp->m_export.e_mountpoint &&
+ return NULL;
+ }
+ if (exp->m_export.e_mountpoint &&
!is_mountpoint(exp->m_export.e_mountpoint[0]?
exp->m_export.e_mountpoint:
exp->m_export.e_path)) {
xlog(L_WARNING, "request to export an unmounted filesystem: %s",
p);
*error = NFSERR_NOENT;
- } else if (new_cache) {
+ return NULL;
+ }
+
+ if (new_cache) {
/* This will be a static private nfs_export with just one
* address. We feed it to kernel then extract the filehandle,
*
*/
- struct nfs_fh_len *fh;
- cache_export(exp);
+ if (cache_export(exp, p)) {
+ *error = NFSERR_ACCES;
+ return NULL;
+ }
fh = cache_get_filehandle(exp, v3?64:32, p);
- if (fh == NULL)
+ if (fh == NULL) {
*error = NFSERR_ACCES;
- else
- *error = NFS_OK;
- return fh;
+ return NULL;
+ }
} else {
- struct nfs_fh_len *fh;
-
if (exp->m_exported<1)
export_export(exp);
if (!exp->m_xtabent)
fh = getfh_old ((struct sockaddr *) sin,
stb.st_dev, stb.st_ino);
}
- if (fh != NULL) {
- mountlist_add(exp->m_client->m_hostname, p);
- *error = NFS_OK;
- export_reset (exp);
- return fh;
+ if (fh == NULL) {
+ xlog(L_WARNING, "getfh failed: %s", strerror(errno));
+ *error = NFSERR_ACCES;
+ return NULL;
}
- xlog(L_WARNING, "getfh failed: %s", strerror(errno));
- *error = NFSERR_ACCES;
}
- export_reset (exp);
- return NULL;
+ *error = NFS_OK;
+ mountlist_add(inet_ntoa(sin->sin_addr), p);
+ if (expret)
+ *expret = exp;
+ return fh;
}
static exports
struct groupnode *g, *ng, *c, **cp;
nfs_export *exp;
int i;
+ static unsigned int ecounter;
+ unsigned int acounter;
- if (!auth_reload() && elist)
+ acounter = auth_reload();
+ if (elist && acounter == ecounter)
return elist;
+ ecounter = acounter;
+
for (e = elist; e != NULL; e = ne) {
ne = e->ex_next;
for (g = e->ex_groups; g != NULL; g = ng) {
elist = NULL;
for (i = 0; i < MCL_MAXTYPES; i++) {
- for (exp = exportlist[i]; exp; exp = exp->m_next) {
+ for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
for (e = elist; e != NULL; e = e->ex_next) {
- if (!strcmp(exp->m_export.m_path, e->ex_dir))
+ if (!strcmp(exp->m_export.e_path, e->ex_dir))
break;
}
if (!e) {
e = (struct exportnode *) xmalloc(sizeof(*e));
e->ex_next = elist;
e->ex_groups = NULL;
- e->ex_dir = xstrdup(exp->m_export.m_path);
+ e->ex_dir = xstrdup(exp->m_export.e_path);
elist = e;
}
/* Parse the command line options and arguments. */
opterr = 0;
- while ((c = getopt_long(argc, argv, "o:n:Fd:f:p:P:hH:N:V:vs:t:", longopts, NULL)) != EOF)
+ while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hH:N:V:vrs:t:g", longopts, NULL)) != EOF)
switch (c) {
+ case 'g':
+ manage_gids = 1;
+ break;
case 'o':
descriptors = atoi(optarg);
if (descriptors <= 0) {
case 'n':
_rpcfdtype = SOCK_DGRAM;
break;
+ case 'r':
+ reverse_resolve = 1;
+ break;
case 's':
if ((state_dir = xstrdup(optarg)) == NULL) {
fprintf(stderr, "%s: xstrdup(%s) failed!\n",
" [-p|--port port] [-V version|--nfs-version version]\n"
" [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
" [-H ha-callout-prog] [-s|--state-directory-path path]\n"
-" [-t num|--num-threads=num]\n", prog);
+" [-g|--manage-gids] [-t num|--num-threads=num]\n", prog);
exit(n);
}