+2000-08-25 Ion Badulescu <ionut@cs.columbia.edu>
+
+ * utils/rquotad/rquotad.man, utils/statd/statd.man,
+ utils/mountd/mountd.man: updated
+
+ * utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL)
+ * utils/rquotad/Makefile: fix comment
+
+ * support/misc/tcpwrapper.c (logit): added comment about waiting
+ for the children after fork()
+
+ * utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving
+ zombies behind (from logit()'s fork)
+ * utils/rquotad/rquota_svc.c (main): ditto
+ * utils/statd/statd.c (main): ditto
+
+ * utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG
+ to check_default instead of 0, for prognum
+
+ * utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG
+ to check_default instead of 0, for prognum
+
+ * utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if
+ HAVE_TCP_WRAPPER is defined.
+ (mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is
+ defined. Reject an RPC call if check_default () fails.
+
2000-08-25 H.J. Lu <hjl@lucon.org>
* support/include/tcpwrapper.h: New for the tcp wrapper
/*
* Fork off a process or the portmap daemon might hang while
* getrpcbynumber() or syslog() does its thing.
+ *
+ * Don't forget to wait for the children, too...
*/
if (fork() == 0) {
PREFIX = rpc.
OBJS = mountd.o mount_dispatch.o auth.o rmtab.o
LIBDEPS = $(TOP)support/lib/libexport.a $(TOP)/support/lib/libnfs.a
-LIBS = -lexport -lnfs
+LIBS = -lexport -lnfs -lmisc $(LIBBSD) $(LIBWRAP) $(LIBNSL)
MAN8 = mountd
include $(TOP)rules.mk
#include "config.h"
+#ifdef HAVE_TCP_WRAPPER
+#include "tcpwrapper.h"
+#endif
+
#include "mountd.h"
#include "rpcmisc.h"
union mountd_arguments argument;
union mountd_results result;
+#ifdef HAVE_TCP_WRAPPER
+ /* remote host authorization check */
+ if (!check_default("mountd", svc_getcaller(transp),
+ rqstp->rq_proc, MOUNTPROG)) {
+ svcerr_auth (transp, AUTH_FAILED);
+ return;
+ }
+#endif
+
rpc_dispatch(rqstp, transp, dtable, number_of(dtable),
&argument, &result);
}
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
+ /* WARNING: the following works on Linux and SysV, but not BSD! */
+ sigaction(SIGCHLD, &sa, NULL);
if (nfs_version & 0x1)
rpc_init("mountd", MOUNTPROG, MOUNTVERS,
.\" mountd(8)
.\"
.\" Copyright (C) 1999 Olaf Kirch <okir@monad.swb.de>
-.TH rpc.mountd 8 "31 May 1999"
+.TH rpc.mountd 8 "25 Aug 2000"
.SH NAME
rpc.mountd \- NFS mount daemon
.SH SYNOPSIS
.P
However, this file is mostly ornamental. One, the client can continue
to use the file handle even after calling
-.BR rpc.mountd 's
+.B rpc.mountd 's
UMOUNT procedure. And two, if a client reboots without notifying
-.BR rpc.mountd ,
+.B rpc.mountd ,
a stale entry will remain in
.BR rmtab .
.SH OPTIONS
.TP
-.\" This file isn't touched by mountd at all--even though it
-.\" accepts the option.
-.\" .BR \-f " or " \-\-exports-file
-.\" This option specifies the exports file, listing the clients that this
-.\" server is prepared to serve and parameters to apply to each
-.\" such mount (see
-.\" .BR exports (5)).
-.\" By default, export information is read from
-.\" .IR /etc/exports .
+.B \-d " or " \-\-debug
+Turn on debugging.
.TP
-.BR \-N " or " \-\-no-nfs-version
+.B \-F " or " \-\-foreground
+Run in foreground (do not daemonize)
+.TP
+.B \-f " or " \-\-exports-file
+This option specifies the exports file, listing the clients that this
+server is prepared to serve and parameters to apply to each
+such mount (see
+.BR exports (5)).
+By default, export information is read from
+.IR /etc/exports .
+.TP
+.B \-h " or " \-\-help
+Display usage message.
+.TP
+.B \-N " or " \-\-no-nfs-version
This option can be used to request that
.B rpc.mountd
-does not offer certain versions of NFS. The current version of
+do not offer certain versions of NFS. The current version of
.B rpc.mountd
can support both NFS version 2 and the newer version 3. If the
NFS kernel module was compiled without support for NFSv3,
.B rpc.mountd
must be invoked with the option
-.BR "\-\-no-nfs-version 3" .
+.B "\-\-no-nfs-version 3" .
+.TP
+.B \-P
+Ignored (compatibility with unfsd??).
+.TP
+.B \-p " or " \-\-port
+Force
+.B rpc.mountd
+to bind to the specified port, instead of using the random port
+number assigned by the portmapper.
.TP
-.BR \-v " or " \-\-version
+.B \-V " or " \-\-nfs-version
+This option can be used to request that
+.B rpc.mountd
+offer certain versions of NFS. The current version of
+.B rpc.mountd
+can support both NFS version 2 and the newer version 3.
+.TP
+.B \-v " or " \-\-version
Print the version of
.B rpc.mountd
and exit.
+
+.SH TCP_WRAPPERS SUPPORT
+This
+.B rpc.mountd
+version is protected by the
+.B tcp_wrapper
+library. You have to give the clients access to
+.B rpc.mountd
+if they should be allowed to use it. To allow connects from clients of
+the .bar.com domain you could use the following line in /etc/hosts.allow:
+
+mountd: .bar.com
+
+You have to use the daemon name
+.B mountd
+for the daemon name (even if the binary has a different name). For the
+client names you can only use the keyword ALL or IP addresses (NOT
+host or domain names).
+
+For further information please have a look at the
+.BR tcpd (8),
+.BR hosts_allow (5)
+and
+.BR hosts_access (5)
+manual pages.
+
.SH SEE ALSO
.BR rpc.nfsd (8),
.BR exportfs (8),
#
-# Makefile for rpc.mountd
+# Makefile for rpc.rquotad
#
PROGRAM = rquotad
#include <sys/socket.h>
#include <netinet/in.h>
#include <syslog.h>
+#include <signal.h>
#ifdef __STDC__
#define SIG_PF void(*)(int)
#ifdef HAVE_TCP_WRAPPER
/* remote host authorization check */
if (!check_default("rquotad", svc_getcaller(transp),
- rqstp->rq_proc, (u_long) 0)) {
+ rqstp->rq_proc, RQUOTAPROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
xdrproc_t xdr_argument, xdr_result;
char *(*local)(char *, struct svc_req *);
+#ifdef HAVE_TCP_WRAPPER
+ /* remote host authorization check */
+ if (!check_default("rquotad", svc_getcaller(transp),
+ rqstp->rq_proc, RQUOTAPROG)) {
+ svcerr_auth (transp, AUTH_FAILED);
+ return;
+ }
+#endif
+
/*
* Don't bother authentication for NULLPROC.
*/
openlog("rquota", LOG_PID, LOG_DAEMON);
+ /* WARNING: the following works on Linux and SysV, but not BSD! */
+ signal(SIGCHLD, SIG_IGN);
+
transp = svcudp_create(RPC_ANYSOCK);
if (transp == NULL) {
syslog(LOG_ERR, "cannot create udp service.");
-.\"@(#)rquotad.8c"
-.TH RQUOTAD 8C"
+.\"@(#)rquotad.8"
+.TH RQUOTAD 8 "25 Aug 2000"
.SH NAME
rquotad, rpc.rquotad \- remote quota server
.SH SYNOPSIS
.IX "quotas" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server"
.IX "file system" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server"
.IX "remote procedure call services" "rquotad" "" "\fLrquotad\fP \(em remote quota server"
-.B rquotad
+.BR rquotad
is an
.BR rpc (3N)
server which returns quotas for a user of a local file system
The results are used by
.BR quota (1)
to display user quotas for remote file systems.
+
The
-.B rquotad
+.BR rquotad
daemon is normally started at boottime from the
.BR rc.net
-script
+script (on systems with BSD'ish scripts, e.g. Slackware), or from the
+.BR nfs
+script in
+.BR /etc/rc.d/init.d/
+or
+.BR /etc/init.d/
+(on systems with SysV'ish scripts, e.g. RedHat, SuSE, etc).
+
+.SH TCP_WRAPPERS SUPPORT
+This
+.BR rpc.rquotad
+version is protected by the
+.BR tcp_wrapper
+library. You have to give the clients access to
+.BR rpc.rquotad
+if they should be allowed to use it. To allow connects from clients of
+the .bar.com domain you could use the following line in /etc/hosts.allow:
+
+mountd: .bar.com
+
+You have to use the daemon name
+.BR rquotad
+for the daemon name (even if the binary has a different name). For the
+client names you can only use the keyword ALL or IP addresses (NOT
+host or domain names).
+
+For further information please have a look at the
+.BR tcpd (8),
+.BR hosts_allow (5)
+and
+.BR hosts_access (5)
+manual pages.
+
.SH FILES
-.PD 0
-.TP 20
-.B quotas
-quota file at the file system root
+.BR quota.user ,
+.BR quota.group
+-- quota files locate in the file system's root
.PD
.SH "SEE ALSO"
-.BR quota (1),
+.BR quota (8),
.BR rpc (3N),
-.BR nfs (4P),
+.BR nfs (5),
.BR services (5)
-.BR inetd (8C),
+.BR inetd (8),
{
/* remote host authorization check */
if (!check_default("statd", svc_getcaller(transp),
- rqstp->rq_proc, (u_long) 0)) {
+ rqstp->rq_proc, SM_PROG)) {
svcerr_auth (transp, AUTH_FAILED);
return;
}
signal (SIGHUP, killer);
signal (SIGINT, killer);
signal (SIGTERM, killer);
+ /* WARNING: the following works on Linux and SysV, but not BSD! */
+ signal(SIGCHLD, SIG_IGN);
for (;;) {
pmap_unset (SM_PROG, SM_VERS);
.\"
.\" Copyright (C) 1999 Olaf Kirch <okir@monad.swb.de>
.\" Modified by Jeffrey A. Uphoff, 1999.
-.TH rpc.statd 8 "11 June 1999"
+.TH rpc.statd 8 "20 Aug 2000"
.SH NAME
rpc.statd \- NSM status monitor
.SH SYNOPSIS
.B -F
argument tells it to remain in the foreground. This option is
mainly for debugging purposes.
+
+.SH TCP_WRAPPERS SUPPORT
+This
+.B rpc.statd
+version is protected by the
+.B tcp_wrapper
+library. You have to give the clients access to
+.B rpc.statd
+if they should be allowed to use it. To allow connects from clients of
+the .bar.com domain you could use the following line in /etc/hosts.allow:
+
+statd: .bar.com
+
+You have to use the daemon name
+.B statd
+for the daemon name (even if the binary has a different name). For the
+client names you can only use the keyword ALL or IP addresses (NOT
+host or domain names).
+
+For further information please have a look at the
+.BR tcpd (8),
+.BR hosts_allow (5)
+and
+.BR hosts_access (5)
+manual pages.
+
.SH FILES
.BR /var/lib/nfs/sm/state
.br
projects / nfs-utils.git / commitdiff