2 * utils/mountd/mountd.c
4 * Authenticate mount requests and retrieve file handle.
6 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
15 #include <netinet/in.h>
16 #include <arpa/inet.h>
23 #include <sys/resource.h>
29 #include "pseudoflavors.h"
31 extern void cache_open(void);
32 extern struct nfs_fh_len *cache_get_filehandle(nfs_export *exp, int len, char *p);
33 extern int cache_export(nfs_export *exp, char *path);
35 extern void my_svc_run(void);
37 static void usage(const char *, int exitcode);
38 static exports get_exportlist(void);
39 static struct nfs_fh_len *get_rootfh(struct svc_req *, dirpath *, nfs_export **, mountstat3 *, int v3);
41 int reverse_resolve = 0;
46 /* PRC: a high-availability callout program can be specified with -H
47 * When this is done, the program will receive callouts whenever clients
48 * send mount or unmount requests -- the callout is not needed for 2.6 kernel */
49 char *ha_callout_prog = NULL;
51 /* Number of mountd threads to start. Default is 1 and
52 * that's probably enough unless you need hundreds of
53 * clients to be able to mount at once. */
54 static int num_threads = 1;
55 /* Arbitrary limit on number of threads */
56 #define MAX_THREADS 64
58 static struct option longopts[] =
60 { "foreground", 0, 0, 'F' },
61 { "descriptors", 1, 0, 'o' },
62 { "debug", 1, 0, 'd' },
63 { "help", 0, 0, 'h' },
64 { "exports-file", 1, 0, 'f' },
65 { "nfs-version", 1, 0, 'V' },
66 { "no-nfs-version", 1, 0, 'N' },
67 { "version", 0, 0, 'v' },
68 { "port", 1, 0, 'p' },
69 { "no-tcp", 0, 0, 'n' },
70 { "ha-callout", 1, 0, 'H' },
71 { "state-directory-path", 1, 0, 's' },
72 { "num-threads", 1, 0, 't' },
73 { "reverse-lookup", 0, 0, 'r' },
74 { "manage-gids", 0, 0, 'g' },
78 static int nfs_version = -1;
81 unregister_services (void)
83 if (nfs_version & 0x1)
84 pmap_unset (MOUNTPROG, MOUNTVERS);
85 if (nfs_version & (0x1 << 1))
86 pmap_unset (MOUNTPROG, MOUNTVERS_POSIX);
87 if (nfs_version & (0x1 << 2))
88 pmap_unset (MOUNTPROG, MOUNTVERS_NFSV3);
91 /* Wait for all worker child processes to exit and reap them */
93 wait_for_workers (void)
100 pid = waitpid(0, &status, 0);
104 return; /* no more children */
105 xlog(L_FATAL, "mountd: can't wait: %s\n",
109 /* Note: because we SIG_IGN'd SIGCHLD earlier, this
110 * does not happen on 2.6 kernels, and waitpid() blocks
111 * until all the children are dead then returns with
112 * -ECHILD. But, we don't need to do anything on the
113 * death of individual workers, so we don't care. */
114 xlog(L_NOTICE, "mountd: reaped child %d, status %d\n",
119 /* Fork num_threads worker children and wait for them */
126 xlog(L_NOTICE, "mountd: starting %d threads\n", num_threads);
128 for (i = 0 ; i < num_threads ; i++) {
131 xlog(L_FATAL, "mountd: cannot fork: %s\n",
137 /* Re-enable the default action on SIGTERM et al
138 * so that workers die naturally when sent them.
139 * Only the parent unregisters with pmap and
140 * hence needs to do special SIGTERM handling. */
142 sa.sa_handler = SIG_DFL;
144 sigemptyset(&sa.sa_mask);
145 sigaction(SIGHUP, &sa, NULL);
146 sigaction(SIGINT, &sa, NULL);
147 sigaction(SIGTERM, &sa, NULL);
149 /* fall into my_svc_run in caller */
156 unregister_services();
157 xlog(L_NOTICE, "mountd: no more workers, exiting\n");
167 unregister_services();
168 if (num_threads > 1) {
169 /* play Kronos and eat our children */
173 xlog (L_FATAL, "Caught signal %d, un-registering and exiting.", sig);
179 /* don't exit on SIGHUP */
180 xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
185 mount_null_1_svc(struct svc_req *rqstp, void *argp, void *resp)
191 mount_mnt_1_svc(struct svc_req *rqstp, dirpath *path, fhstatus *res)
193 struct nfs_fh_len *fh;
195 xlog(D_CALL, "MNT1(%s) called", *path);
196 fh = get_rootfh(rqstp, path, NULL, &res->fhs_status, 0);
198 memcpy(&res->fhstatus_u.fhs_fhandle, fh->fh_handle, 32);
203 mount_dump_1_svc(struct svc_req *rqstp, void *argp, mountlist *res)
205 struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
207 xlog(D_CALL, "dump request from %s.", inet_ntoa(addr->sin_addr));
208 *res = mountlist_list();
214 mount_umnt_1_svc(struct svc_req *rqstp, dirpath *argp, void *resp)
216 struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
219 char rpath[MAXPATHLEN+1];
224 if (realpath(p, rpath) != NULL) {
225 rpath[sizeof (rpath) - 1] = '\0';
229 if (!(exp = auth_authenticate("unmount", sin, p))) {
233 mountlist_del(inet_ntoa(sin->sin_addr), p);
238 mount_umntall_1_svc(struct svc_req *rqstp, void *argp, void *resp)
240 /* Reload /etc/xtab if necessary */
243 mountlist_del_all(nfs_getrpccaller_in(rqstp->rq_xprt));
248 mount_export_1_svc(struct svc_req *rqstp, void *argp, exports *resp)
250 struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
252 xlog(D_CALL, "export request from %s.", inet_ntoa(addr->sin_addr));
253 *resp = get_exportlist();
259 mount_exportall_1_svc(struct svc_req *rqstp, void *argp, exports *resp)
261 struct sockaddr_in *addr = nfs_getrpccaller_in(rqstp->rq_xprt);
263 xlog(D_CALL, "exportall request from %s.", inet_ntoa(addr->sin_addr));
264 *resp = get_exportlist();
270 * MNTv2 pathconf procedure
272 * The protocol doesn't include a status field, so Sun apparently considers
273 * it good practice to let anyone snoop on your system, even if it's
274 * pretty harmless data such as pathconf. We don't.
276 * Besides, many of the pathconf values don't make much sense on NFS volumes.
277 * FIFOs and tty device files represent devices on the *client*, so there's
278 * no point in getting the server's buffer sizes etc.
281 mount_pathconf_2_svc(struct svc_req *rqstp, dirpath *path, ppathcnf *res)
283 struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
286 char rpath[MAXPATHLEN+1];
289 memset(res, 0, sizeof(*res));
294 /* Reload /etc/xtab if necessary */
297 /* Resolve symlinks */
298 if (realpath(p, rpath) != NULL) {
299 rpath[sizeof (rpath) - 1] = '\0';
303 /* Now authenticate the intruder... */
304 exp = auth_authenticate("pathconf", sin, p);
307 } else if (stat(p, &stb) < 0) {
308 xlog(L_WARNING, "can't stat exported dir %s: %s",
313 res->pc_link_max = pathconf(p, _PC_LINK_MAX);
314 res->pc_max_canon = pathconf(p, _PC_MAX_CANON);
315 res->pc_max_input = pathconf(p, _PC_MAX_INPUT);
316 res->pc_name_max = pathconf(p, _PC_NAME_MAX);
317 res->pc_path_max = pathconf(p, _PC_PATH_MAX);
318 res->pc_pipe_buf = pathconf(p, _PC_PIPE_BUF);
319 res->pc_vdisable = pathconf(p, _PC_VDISABLE);
321 /* Can't figure out what to do with pc_mask */
329 * We should advertise the preferred flavours first. (See RFC 2623
330 * section 2.7.) We leave that to the administrator, by advertising
331 * flavours in the order they were listed in /etc/exports. AUTH_NULL is
332 * dropped from the list to avoid backward compatibility issue with
333 * older Linux clients, who inspect the list in reversed order.
335 * XXX: It might be more helpful to rearrange these so that flavors
336 * giving more access (as determined from readonly and id-squashing
337 * options) come first. (If we decide to do that we should probably do
338 * that when reading the exports rather than here.)
340 static void set_authflavors(struct mountres3_ok *ok, nfs_export *exp)
343 static int flavors[SECFLAVOR_COUNT];
346 for (s = exp->m_export.e_secinfo; s->flav; s++) {
347 if (s->flav->fnum == AUTH_NULL)
349 flavors[i] = s->flav->fnum;
352 ok->auth_flavors.auth_flavors_val = flavors;
353 ok->auth_flavors.auth_flavors_len = i;
357 * NFSv3 MOUNT procedure
360 mount_mnt_3_svc(struct svc_req *rqstp, dirpath *path, mountres3 *res)
362 struct mountres3_ok *ok = &res->mountres3_u.mountinfo;
364 struct nfs_fh_len *fh;
366 xlog(D_CALL, "MNT3(%s) called", *path);
367 fh = get_rootfh(rqstp, path, &exp, &res->fhs_status, 1);
371 ok->fhandle.fhandle3_len = fh->fh_size;
372 ok->fhandle.fhandle3_val = (char *)fh->fh_handle;
373 set_authflavors(ok, exp);
377 static struct nfs_fh_len *
378 get_rootfh(struct svc_req *rqstp, dirpath *path, nfs_export **expret,
379 mountstat3 *error, int v3)
381 struct sockaddr_in *sin = nfs_getrpccaller_in(rqstp->rq_xprt);
382 struct stat stb, estb;
384 struct nfs_fh_len *fh;
385 char rpath[MAXPATHLEN+1];
391 /* Reload /var/lib/nfs/etab if necessary */
394 /* Resolve symlinks */
395 if (realpath(p, rpath) != NULL) {
396 rpath[sizeof (rpath) - 1] = '\0';
400 /* Now authenticate the intruder... */
401 exp = auth_authenticate("mount", sin, p);
403 *error = NFSERR_ACCES;
406 if (stat(p, &stb) < 0) {
407 xlog(L_WARNING, "can't stat exported dir %s: %s",
410 *error = NFSERR_NOENT;
412 *error = NFSERR_ACCES;
415 if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
416 xlog(L_WARNING, "%s is not a directory or regular file", p);
417 *error = NFSERR_NOTDIR;
420 if (stat(exp->m_export.e_path, &estb) < 0) {
421 xlog(L_WARNING, "can't stat export point %s: %s",
423 *error = NFSERR_NOENT;
426 if (estb.st_dev != stb.st_dev
428 || !(exp->m_export.e_flags & NFSEXP_CROSSMOUNT))) {
429 xlog(L_WARNING, "request to export directory %s below nearest filesystem %s",
430 p, exp->m_export.e_path);
431 *error = NFSERR_ACCES;
434 if (exp->m_export.e_mountpoint &&
435 !is_mountpoint(exp->m_export.e_mountpoint[0]?
436 exp->m_export.e_mountpoint:
437 exp->m_export.e_path)) {
438 xlog(L_WARNING, "request to export an unmounted filesystem: %s",
440 *error = NFSERR_NOENT;
445 /* This will be a static private nfs_export with just one
446 * address. We feed it to kernel then extract the filehandle,
450 if (cache_export(exp, p)) {
451 *error = NFSERR_ACCES;
454 fh = cache_get_filehandle(exp, v3?64:32, p);
456 *error = NFSERR_ACCES;
460 if (exp->m_exported<1)
466 fh = getfh_size ((struct sockaddr *) sin, p, 64);
467 if (!v3 || (fh == NULL && errno == EINVAL)) {
468 /* We first try the new nfs syscall. */
469 fh = getfh ((struct sockaddr *) sin, p);
470 if (fh == NULL && errno == EINVAL)
471 /* Let's try the old one. */
472 fh = getfh_old ((struct sockaddr *) sin,
473 stb.st_dev, stb.st_ino);
476 xlog(L_WARNING, "getfh failed: %s", strerror(errno));
477 *error = NFSERR_ACCES;
482 mountlist_add(inet_ntoa(sin->sin_addr), p);
491 static exports elist = NULL;
492 struct exportnode *e, *ne;
493 struct groupnode *g, *ng, *c, **cp;
496 static unsigned int ecounter;
497 unsigned int acounter;
499 acounter = auth_reload();
500 if (elist && acounter == ecounter)
505 for (e = elist; e != NULL; e = ne) {
507 for (g = e->ex_groups; g != NULL; g = ng) {
517 for (i = 0; i < MCL_MAXTYPES; i++) {
518 for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
519 for (e = elist; e != NULL; e = e->ex_next) {
520 if (!strcmp(exp->m_export.e_path, e->ex_dir))
524 e = (struct exportnode *) xmalloc(sizeof(*e));
527 e->ex_dir = xstrdup(exp->m_export.e_path);
531 /* We need to check if we should remove
533 if (i == MCL_ANONYMOUS && e->ex_groups) {
534 for (g = e->ex_groups; g; g = ng) {
543 if (i != MCL_FQDN && e->ex_groups) {
547 while ((c = *cp) != NULL) {
548 if (client_gettype (c->gr_name) == MCL_FQDN
549 && (hp = gethostbyname(c->gr_name))) {
550 hp = hostent_dup (hp);
551 if (client_check(exp->m_client, hp)) {
564 if (exp->m_export.e_hostname [0] != '\0') {
565 for (g = e->ex_groups; g; g = g->gr_next)
566 if (strcmp (exp->m_export.e_hostname,
571 g = (struct groupnode *) xmalloc(sizeof(*g));
572 g->gr_name = xstrdup(exp->m_export.e_hostname);
573 g->gr_next = e->ex_groups;
583 main(int argc, char **argv)
585 char *export_file = _PATH_EXPORTS;
586 char *state_dir = NFS_STATEDIR;
594 /* Parse the command line options and arguments. */
596 while ((c = getopt_long(argc, argv, "o:nFd:f:p:P:hH:N:V:vrs:t:g", longopts, NULL)) != EOF)
602 descriptors = atoi(optarg);
603 if (descriptors <= 0) {
604 fprintf(stderr, "%s: bad descriptors: %s\n",
613 xlog_sconfig(optarg, 1);
616 export_file = optarg;
618 case 'H': /* PRC: specify a high-availability callout program */
619 ha_callout_prog = optarg;
624 case 'P': /* XXX for nfs-server compatibility */
627 if (port <= 0 || port > 65535) {
628 fprintf(stderr, "%s: bad port number: %s\n",
634 nfs_version &= ~(1 << (atoi (optarg) - 1));
637 _rpcfdtype = SOCK_DGRAM;
643 if ((state_dir = xstrdup(optarg)) == NULL) {
644 fprintf(stderr, "%s: xstrdup(%s) failed!\n",
650 num_threads = atoi (optarg);
653 nfs_version |= 1 << (atoi (optarg) - 1);
656 printf("kmountd %s\n", VERSION);
665 /* No more arguments allowed. */
666 if (optind != argc || !(nfs_version & 0x7))
669 if (chdir(state_dir)) {
670 fprintf(stderr, "%s: chdir(%s) failed: %s\n",
671 argv [0], state_dir, strerror(errno));
675 if (getrlimit (RLIMIT_NOFILE, &rlim) != 0)
676 fprintf(stderr, "%s: getrlimit (RLIMIT_NOFILE) failed: %s\n",
677 argv [0], strerror(errno));
679 /* glibc sunrpc code dies if getdtablesize > FD_SETSIZE */
680 if ((descriptors == 0 && rlim.rlim_cur > FD_SETSIZE) ||
681 descriptors > FD_SETSIZE)
682 descriptors = FD_SETSIZE;
684 rlim.rlim_cur = descriptors;
685 if (setrlimit (RLIMIT_NOFILE, &rlim) != 0) {
686 fprintf(stderr, "%s: setrlimit (RLIMIT_NOFILE) failed: %s\n",
687 argv [0], strerror(errno));
692 /* Initialize logging. */
693 if (!foreground) xlog_stderr(0);
696 sa.sa_handler = SIG_IGN;
698 sigemptyset(&sa.sa_mask);
699 sigaction(SIGHUP, &sa, NULL);
700 sigaction(SIGINT, &sa, NULL);
701 sigaction(SIGTERM, &sa, NULL);
702 sigaction(SIGPIPE, &sa, NULL);
703 /* WARNING: the following works on Linux and SysV, but not BSD! */
704 sigaction(SIGCHLD, &sa, NULL);
706 /* Daemons should close all extra filehandles ... *before* RPC init. */
710 new_cache = check_new_cache();
714 if (nfs_version & 0x1)
715 rpc_init("mountd", MOUNTPROG, MOUNTVERS,
716 mount_dispatch, port);
717 if (nfs_version & (0x1 << 1))
718 rpc_init("mountd", MOUNTPROG, MOUNTVERS_POSIX,
719 mount_dispatch, port);
720 if (nfs_version & (0x1 << 2))
721 rpc_init("mountd", MOUNTPROG, MOUNTVERS_NFSV3,
722 mount_dispatch, port);
724 sa.sa_handler = killer;
725 sigaction(SIGINT, &sa, NULL);
726 sigaction(SIGTERM, &sa, NULL);
727 sa.sa_handler = sig_hup;
728 sigaction(SIGHUP, &sa, NULL);
730 auth_init(export_file);
733 /* We first fork off a child. */
734 if ((c = fork()) > 0)
737 xlog(L_FATAL, "mountd: cannot fork: %s\n",
740 /* Now we remove ourselves from the foreground.
741 Redirect stdin/stdout/stderr first. */
743 int fd = open("/dev/null", O_RDWR);
747 if (fd > 2) (void) close(fd);
752 /* silently bounds check num_threads */
755 else if (num_threads < 1)
757 else if (num_threads > MAX_THREADS)
758 num_threads = MAX_THREADS;
765 xlog(L_ERROR, "Ack! Gack! svc_run returned!\n");
770 usage(const char *prog, int n)
773 "Usage: %s [-F|--foreground] [-h|--help] [-v|--version] [-d kind|--debug kind]\n"
774 " [-o num|--descriptors num] [-f exports-file|--exports-file=file]\n"
775 " [-p|--port port] [-V version|--nfs-version version]\n"
776 " [-N version|--no-nfs-version version] [-n|--no-tcp]\n"
777 " [-H ha-callout-prog] [-s|--state-directory-path path]\n"
778 " [-g|--manage-gids] [-t num|--num-threads=num]\n", prog);
projects / nfs-utils.git / blob