726b50dc61093a2fa926d131131ed59860b1ae8c
[nfs-utils.git] / utils / mountd / v4root.c
1 /*
2  * Copyright (C) 2009 Red Hat <nfs@redhat.com>
3  *
4  * support/export/v4root.c
5  *
6  * Routines used to support NFSv4 pseudo roots
7  *
8  */
9
10 #ifdef HAVE_CONFIG_H
11 #include <config.h>
12 #endif
13
14 #include <sys/types.h>
15 #include <sys/stat.h>
16 #include <sys/queue.h>
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <ctype.h>
20
21 #include <unistd.h>
22 #include <errno.h>
23
24 #include "xlog.h"
25 #include "exportfs.h"
26 #include "nfslib.h"
27 #include "misc.h"
28 #include "v4root.h"
29
30 int v4root_needed;
31
32 static nfs_export pseudo_root = {
33         .m_next = NULL,
34         .m_client = NULL,
35         .m_export = {
36                 .e_hostname = "*",
37                 .e_path = "/",
38                 .e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
39                                 | NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
40                                 | NFSEXP_V4ROOT,
41                 .e_anonuid = 65534,
42                 .e_anongid = 65534,
43                 .e_squids = NULL,
44                 .e_nsquids = 0,
45                 .e_sqgids = NULL,
46                 .e_nsqgids = 0,
47                 .e_fsid = 0,
48                 .e_mountpoint = NULL,
49                 .e_ttl = DEFAULT_TTL,
50         },
51         .m_exported = 0,
52         .m_xtabent = 1,
53         .m_mayexport = 1,
54         .m_changed = 0,
55         .m_warned = 0,
56 };
57
58 void set_pseudofs_security(struct exportent *pseudo, struct exportent *source)
59 {
60         struct sec_entry *se;
61         int i;
62
63         if (source->e_flags & NFSEXP_INSECURE_PORT)
64                 pseudo->e_flags |= NFSEXP_INSECURE_PORT;
65         if ((source->e_flags & NFSEXP_ROOTSQUASH) == 0)
66                 pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
67         for (se = source->e_secinfo; se->flav; se++) {
68                 struct sec_entry *new;
69
70                 i = secinfo_addflavor(se->flav, pseudo);
71                 new = &pseudo->e_secinfo[i];
72
73                 if (se->flags & NFSEXP_INSECURE_PORT)
74                         new->flags |= NFSEXP_INSECURE_PORT;
75         }
76 }
77
78 /*
79  * Create a pseudo export
80  */
81 static struct exportent *
82 v4root_create(char *path, nfs_export *export)
83 {
84         nfs_export *exp;
85         struct exportent eep;
86         struct exportent *curexp = &export->m_export;
87
88         dupexportent(&eep, &pseudo_root.m_export);
89         eep.e_hostname = curexp->e_hostname;
90         strncpy(eep.e_path, path, sizeof(eep.e_path));
91         if (strcmp(path, "/") != 0)
92                 eep.e_flags &= ~NFSEXP_FSID;
93         set_pseudofs_security(&eep, curexp);
94         exp = export_create(&eep, 0);
95         if (exp == NULL)
96                 return NULL;
97         xlog(D_CALL, "v4root_create: path '%s' flags 0x%x", 
98                 exp->m_export.e_path, exp->m_export.e_flags);
99         return &exp->m_export;
100 }
101
102 /*
103  * Make sure the kernel has pseudo root support.
104  */
105 static int
106 v4root_support(void)
107 {
108         struct export_features *ef;
109         static int warned = 0;
110
111         ef = get_export_features();
112
113         if (ef->flags & NFSEXP_V4ROOT)
114                 return 1;
115         if (!warned) {
116                 xlog(L_WARNING, "Kernel does not have pseudo root support.");
117                 xlog(L_WARNING, "NFS v4 mounts will be disabled unless fsid=0");
118                 xlog(L_WARNING, "is specfied in /etc/exports file.");
119                 warned++;
120         }
121         return 0;
122 }
123
124 int pseudofs_update(char *hostname, char *path, nfs_export *source)
125 {
126         nfs_export *exp;
127
128         exp = export_lookup(hostname, path, 0);
129         if (exp && !(exp->m_export.e_flags & NFSEXP_V4ROOT))
130                 return 0;
131         if (!exp) {
132                 if (v4root_create(path, source) == NULL) {
133                         xlog(L_WARNING, "v4root_set: Unable to create "
134                                         "pseudo export for '%s'", path);
135                         return -ENOMEM;
136                 }
137                 return 0;
138         }
139         /* Update an existing V4ROOT export: */
140         set_pseudofs_security(&exp->m_export, &source->m_export);
141         return 0;
142 }
143
144 static int v4root_add_parents(nfs_export *exp)
145 {
146         char *hostname = exp->m_export.e_hostname;
147         char *path;
148         char *ptr;
149
150         path = strdup(exp->m_export.e_path);
151         if (!path) {
152                 xlog(L_WARNING, "v4root_add_parents: Unable to create "
153                                 "pseudo export for '%s'", exp->m_export.e_path);
154                 return -ENOMEM;
155         }
156         for (ptr = path; ptr; ptr = strchr(ptr, '/')) {
157                 int ret;
158                 char saved;
159
160                 saved = *ptr;
161                 *ptr = '\0';
162                 ret = pseudofs_update(hostname, *path ? path : "/", exp);
163                 if (ret)
164                         return ret;
165                 *ptr = saved;
166                 ptr++;
167         }
168         free(path);
169         return 0;
170 }
171
172 /*
173  * Create pseudo exports by running through the real export
174  * looking at the components of the path that make up the export.
175  * Those path components, if not exported, will become pseudo
176  * exports allowing them to be found when the kernel does an upcall
177  * looking for components of the v4 mount.
178  */
179 void
180 v4root_set()
181 {
182         nfs_export      *exp;
183         int     i;
184
185         if (!v4root_needed)
186                 return;
187         if (!v4root_support())
188                 return;
189
190         for (i = 0; i < MCL_MAXTYPES; i++) {
191                 for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
192                         if (exp->m_export.e_flags & NFSEXP_V4ROOT)
193                                 /*
194                                  * We just added this one, so its
195                                  * parents are already dealt with!
196                                  */
197                                 continue;
198
199                         if (strcmp(exp->m_export.e_path, "/") == 0 &&
200                             !(exp->m_export.e_flags & NFSEXP_FSID)) {
201                                 /* Force '/' to be exported as fsid == 0*/
202                                 exp->m_export.e_flags |= NFSEXP_FSID;
203                                 exp->m_export.e_fsid = 0;
204                         }
205
206                         v4root_add_parents(exp);
207                         /* XXX: error handling! */
208                 }
209         }
210 }