X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fcache.c;h=8de2eac383acfe3c74566b6608761506adc1b46c;hp=c57d3b0a326a16adf01c4ee9b083f01df470fab3;hb=a8dcaa282122b5db8f4ffb7e5d99b2c4b62cbb78;hpb=93608a52655abf5ac23404c4b5cc05fe575a9c04 diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c index c57d3b0..8de2eac 100644 --- a/utils/mountd/cache.c +++ b/utils/mountd/cache.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -21,11 +22,37 @@ #include #include #include +#include +#include +#include #include "misc.h" #include "nfslib.h" #include "exportfs.h" #include "mountd.h" #include "xmalloc.h" +#include "fsloc.h" +#include "pseudoflavors.h" + +#ifdef USE_BLKID +#include "blkid/blkid.h" +#endif + +/* + * Invoked by RPC service loop + */ +void cache_set_fds(fd_set *fdset); +int cache_process_req(fd_set *readfds); + +enum nfsd_fsid { + FSID_DEV = 0, + FSID_NUM, + FSID_MAJOR_MINOR, + FSID_ENCODE_DEV, + FSID_UUID4_INUM, + FSID_UUID8, + FSID_UUID16, + FSID_UUID16_INUM, +}; /* * Support routines for text-based upcalls. @@ -35,13 +62,15 @@ * Record is terminated with newline. * */ -void cache_export_ent(char *domain, struct exportent *exp); +static int cache_export_ent(char *domain, struct exportent *exp, char *p); +#define INITIAL_MANAGED_GROUPS 100 char *lbuf = NULL; int lbuflen = 0; +extern int use_ipaddr; -void auth_unix_ip(FILE *f) +static void auth_unix_ip(FILE *f) { /* requests are * class IP-ADDR @@ -52,45 +81,442 @@ void auth_unix_ip(FILE *f) */ char *cp; char class[20]; - char ipaddr[20]; - char *client; - struct in_addr addr; + char ipaddr[INET6_ADDRSTRLEN]; + char *client = NULL; + struct addrinfo *tmp = NULL; if (readline(fileno(f), &lbuf, &lbuflen) != 1) return; + xlog(D_CALL, "auth_unix_ip: inbuf '%s'", lbuf); + cp = lbuf; if (qword_get(&cp, class, 20) <= 0 || strcmp(class, "nfsd") != 0) return; - if (qword_get(&cp, ipaddr, 20) <= 0) + if (qword_get(&cp, ipaddr, sizeof(ipaddr)) <= 0) return; - if (inet_aton(ipaddr, &addr)==0) + tmp = host_pton(ipaddr); + if (tmp == NULL) return; auth_reload(); /* addr is a valid, interesting address, find the domain name... */ - client = client_compose(addr); + if (!use_ipaddr) { + struct addrinfo *ai = NULL; - + ai = client_resolve(tmp->ai_addr); + if (ai == NULL) + goto out; + client = client_compose(ai); + freeaddrinfo(ai); + if (!client) + goto out; + } qword_print(f, "nfsd"); qword_print(f, ipaddr); - qword_printint(f, time(0)+30*60); - if (client) + qword_printuint(f, time(0) + DEFAULT_TTL); + if (use_ipaddr) + qword_print(f, ipaddr); + else if (client) qword_print(f, *client?client:"DEFAULT"); qword_eol(f); + xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT"); + + free(client); +out: + freeaddrinfo(tmp); + +} + +static void auth_unix_gid(FILE *f) +{ + /* Request are + * uid + * reply is + * uid expiry count list of group ids + */ + uid_t uid; + struct passwd *pw; + static gid_t *groups = NULL; + static int groups_len = 0; + gid_t *more_groups; + int ngroups; + int rv, i; + char *cp; - if (client && strcmp(ipaddr, client)) - mountlist_add(ipaddr, *client?client:"DEFAULT"); + if (groups_len == 0) { + groups = malloc(sizeof(gid_t) * INITIAL_MANAGED_GROUPS); + if (!groups) + return; + + groups_len = INITIAL_MANAGED_GROUPS; + } - if (client) free(client); + ngroups = groups_len; + + if (readline(fileno(f), &lbuf, &lbuflen) != 1) + return; + + cp = lbuf; + if (qword_get_uint(&cp, &uid) != 0) + return; + + pw = getpwuid(uid); + if (!pw) + rv = -1; + else { + rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + if (rv == -1 && ngroups >= groups_len) { + more_groups = realloc(groups, sizeof(gid_t)*ngroups); + if (!more_groups) + rv = -1; + else { + groups = more_groups; + groups_len = ngroups; + rv = getgrouplist(pw->pw_name, pw->pw_gid, + groups, &ngroups); + } + } + } + qword_printuint(f, uid); + qword_printuint(f, time(0) + DEFAULT_TTL); + if (rv >= 0) { + qword_printuint(f, ngroups); + for (i=0; imnt_dir, p, l) != 0 || + me->mnt_dir[l] != '/')) + ; + if (me == NULL) { + endmntent(f); + *v = NULL; + return NULL; + } + return me->mnt_dir; +} + +/* True iff e1 is a child of e2 and e2 has crossmnt set: */ +static bool subexport(struct exportent *e1, struct exportent *e2) +{ + char *p1 = e1->e_path, *p2 = e2->e_path; + int l2 = strlen(p2); + + return e2->e_flags & NFSEXP_CROSSMOUNT + && strncmp(p1, p2, l2) == 0 + && p1[l2] == '/'; +} + +struct parsed_fsid { + int fsidtype; + /* We could use a union for this, but it would be more + * complicated; why bother? */ + unsigned int inode; + unsigned int minor; + unsigned int major; + unsigned int fsidnum; + int uuidlen; + char *fhuuid; +}; + +int parse_fsid(int fsidtype, int fsidlen, char *fsid, struct parsed_fsid *parsed) +{ + unsigned int dev; + unsigned long long inode64; + + parsed->fsidtype = fsidtype; + switch(fsidtype) { + case FSID_DEV: /* 4 bytes: 2 major, 2 minor, 4 inode */ + if (fsidlen != 8) + return -1; + memcpy(&dev, fsid, 4); + memcpy(&parsed->inode, fsid+4, 4); + parsed->major = ntohl(dev)>>16; + parsed->minor = ntohl(dev) & 0xFFFF; + break; + + case FSID_NUM: /* 4 bytes - fsid */ + if (fsidlen != 4) + return -1; + memcpy(&parsed->fsidnum, fsid, 4); + break; + + case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode + * This format is never actually used but was + * an historical accident + */ + if (fsidlen != 12) + return -1; + memcpy(&dev, fsid, 4); + parsed->major = ntohl(dev); + memcpy(&dev, fsid+4, 4); + parsed->minor = ntohl(dev); + memcpy(&parsed->inode, fsid+8, 4); + break; + + case FSID_ENCODE_DEV: /* 8 bytes: 4 byte packed device number, 4 inode */ + /* This is *host* endian, not net-byte-order, because + * no-one outside this host has any business interpreting it + */ + if (fsidlen != 8) + return -1; + memcpy(&dev, fsid, 4); + memcpy(&parsed->inode, fsid+4, 4); + parsed->major = (dev & 0xfff00) >> 8; + parsed->minor = (dev & 0xff) | ((dev >> 12) & 0xfff00); + break; + + case FSID_UUID4_INUM: /* 4 byte inode number and 4 byte uuid */ + if (fsidlen != 8) + return -1; + memcpy(&parsed->inode, fsid, 4); + parsed->uuidlen = 4; + parsed->fhuuid = fsid+4; + break; + case FSID_UUID8: /* 8 byte uuid */ + if (fsidlen != 8) + return -1; + parsed->uuidlen = 8; + parsed->fhuuid = fsid; + break; + case FSID_UUID16: /* 16 byte uuid */ + if (fsidlen != 16) + return -1; + parsed->uuidlen = 16; + parsed->fhuuid = fsid; + break; + case FSID_UUID16_INUM: /* 8 byte inode number and 16 byte uuid */ + if (fsidlen != 24) + return -1; + memcpy(&inode64, fsid, 8); + parsed->inode = inode64; + parsed->uuidlen = 16; + parsed->fhuuid = fsid+8; + break; + } + return 0; +} + +static bool match_fsid(struct parsed_fsid *parsed, nfs_export *exp, char *path) +{ + struct stat stb; + int type; + char u[16]; + + if (stat(path, &stb) != 0) + return false; + if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) + return false; + + switch (parsed->fsidtype) { + case FSID_DEV: + case FSID_MAJOR_MINOR: + case FSID_ENCODE_DEV: + if (stb.st_ino != parsed->inode) + return false; + if (parsed->major != major(stb.st_dev) || + parsed->minor != minor(stb.st_dev)) + return false; + return true; + case FSID_NUM: + if (((exp->m_export.e_flags & NFSEXP_FSID) == 0 || + exp->m_export.e_fsid != parsed->fsidnum)) + return false; + return true; + case FSID_UUID4_INUM: + case FSID_UUID16_INUM: + if (stb.st_ino != parsed->inode) + return false; + goto check_uuid; + case FSID_UUID8: + case FSID_UUID16: + if (!is_mountpoint(path)) + return false; + check_uuid: + if (exp->m_export.e_uuid) + get_uuid(exp->m_export.e_uuid, parsed->uuidlen, u); + else + for (type = 0; + uuid_by_path(path, type, parsed->uuidlen, u); + type++) + if (memcmp(u, parsed->fhuuid, parsed->uuidlen) == 0) + return true; + + if (memcmp(u, parsed->fhuuid, parsed->uuidlen) != 0) + return false; + return true; + } + /* Well, unreachable, actually: */ + return false; } -void nfsd_fh(FILE *f) +struct addrinfo *lookup_client_addr(char *dom) +{ + struct addrinfo *ret; + struct addrinfo *tmp; + + dom++; /* skip initial "$" */ + + tmp = host_pton(dom); + if (tmp == NULL) + return NULL; + ret = client_resolve(tmp->ai_addr); + freeaddrinfo(tmp); + return ret; +} + +static void nfsd_fh(FILE *f) { /* request are: * domain fsidtype fsid @@ -101,11 +527,11 @@ void nfsd_fh(FILE *f) char *dom; int fsidtype; int fsidlen; - unsigned int dev, major=0, minor=0; - unsigned int inode=0; - unsigned int fsidnum=0; char fsid[32]; + struct parsed_fsid parsed; struct exportent *found = NULL; + struct addrinfo *ai = NULL; + char *found_path = NULL; nfs_export *exp; int i; int dev_missing = 0; @@ -113,6 +539,8 @@ void nfsd_fh(FILE *f) if (readline(fileno(f), &lbuf, &lbuflen) != 1) return; + xlog(D_CALL, "nfsd_fh: inbuf '%s'", lbuf); + cp = lbuf; dom = malloc(strlen(cp)); @@ -122,85 +550,85 @@ void nfsd_fh(FILE *f) goto out; if (qword_get_int(&cp, &fsidtype) != 0) goto out; - if (fsidtype < 0 || fsidtype > 3) + if (fsidtype < 0 || fsidtype > 7) goto out; /* unknown type */ if ((fsidlen = qword_get(&cp, fsid, 32)) <= 0) goto out; - switch(fsidtype) { - case 0: /* 4 bytes: 2 major, 2 minor, 4 inode */ - if (fsidlen != 8) - goto out; - memcpy(&dev, fsid, 4); - memcpy(&inode, fsid+4, 4); - major = ntohl(dev)>>16; - minor = ntohl(dev) & 0xFFFF; - break; - - case 1: /* 4 bytes - fsid */ - if (fsidlen != 4) - goto out; - memcpy(&fsidnum, fsid, 4); - break; + if (parse_fsid(fsidtype, fsidlen, fsid, &parsed)) + goto out; - case 2: /* 12 bytes: 4 major, 4 minor, 4 inode - * This format is never actually used but was - * an historical accident - */ - if (fsidlen != 12) - goto out; - memcpy(&dev, fsid, 4); major = ntohl(dev); - memcpy(&dev, fsid+4, 4); minor = ntohl(dev); - memcpy(&inode, fsid+8, 4); - break; + auth_reload(); - case 3: /* 8 bytes: 4 byte packed device number, 4 inode */ - /* This is *host* endian, not net-byte-order, because - * no-one outside this host has any business interpreting it - */ - if (fsidlen != 8) + if (is_ipaddr_client(dom)) { + ai = lookup_client_addr(dom); + if (!ai) goto out; - memcpy(&dev, fsid, 4); - memcpy(&inode, fsid+4, 4); - major = (dev & 0xfff00) >> 8; - minor = (dev & 0xff) | ((dev >> 12) & 0xfff00); - break; - } - auth_reload(); - /* Now determine export point for this fsid/domain */ for (i=0 ; i < MCL_MAXTYPES; i++) { - for (exp = exportlist[i]; exp; exp = exp->m_next) { - struct stat stb; + nfs_export *next_exp; + for (exp = exportlist[i].p_head; exp; exp = next_exp) { + char *path; + + if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) { + static nfs_export *prev = NULL; + static void *mnt = NULL; + + if (prev == exp) { + /* try a submount */ + path = next_mnt(&mnt, exp->m_export.e_path); + if (!path) { + next_exp = exp->m_next; + prev = NULL; + continue; + } + next_exp = exp; + } else { + prev = exp; + mnt = NULL; + path = exp->m_export.e_path; + next_exp = exp; + } + } else { + path = exp->m_export.e_path; + next_exp = exp->m_next; + } - if (!client_member(dom, exp->m_client->m_hostname)) + if (!is_ipaddr_client(dom) + && !namelist_client_matches(exp, dom)) continue; if (exp->m_export.e_mountpoint && !is_mountpoint(exp->m_export.e_mountpoint[0]? exp->m_export.e_mountpoint: exp->m_export.e_path)) dev_missing ++; - if (stat(exp->m_export.e_path, &stb) != 0) + + if (!match_fsid(&parsed, exp, path)) continue; - if (fsidtype == 1 && - ((exp->m_export.e_flags & NFSEXP_FSID) == 0 || - exp->m_export.e_fsid != fsidnum)) + if (is_ipaddr_client(dom) + && !ipaddr_client_matches(exp, ai)) continue; - if (fsidtype != 1) { - if (stb.st_ino != inode) - continue; - if (major != major(stb.st_dev) || - minor != minor(stb.st_dev)) - continue; - } - /* It's a match !! */ - if (!found) + if (!found || subexport(&exp->m_export, found)) { found = &exp->m_export; - else if (strcmp(found->e_path, exp->m_export.e_path)!= 0) + free(found_path); + found_path = strdup(path); + if (found_path == NULL) + goto out; + } else if (strcmp(found->e_path, exp->m_export.e_path) != 0 + && !subexport(found, &exp->m_export)) { xlog(L_WARNING, "%s and %s have same filehandle for %s, using first", - found->e_path, exp->m_export.e_path, dom); + found_path, path, dom); + } else { + /* same path, if one is V4ROOT, choose the other */ + if (found->e_flags & NFSEXP_V4ROOT) { + found = &exp->m_export; + free(found_path); + found_path = strdup(path); + if (found_path == NULL) + goto out; + } } } } @@ -225,21 +653,386 @@ void nfsd_fh(FILE *f) } if (found) - cache_export_ent(dom, found); + if (cache_export_ent(dom, found, found_path) < 0) + found = 0; qword_print(f, dom); qword_printint(f, fsidtype); qword_printhex(f, fsid, fsidlen); - qword_printint(f, time(0)+30*60); + /* The fsid -> path lookup can be quite expensive as it + * potentially stats and reads lots of devices, and some of those + * might have spun-down. The Answer is not likely to + * change underneath us, and an 'exportfs -f' can always + * remove this from the kernel, so use a really log + * timeout. Maybe this should be configurable on the command + * line. + */ + qword_printint(f, 0x7fffffff); if (found) - qword_print(f, found->e_path); + qword_print(f, found_path); qword_eol(f); out: + if (found_path) + free(found_path); + freeaddrinfo(ai); free(dom); + xlog(D_CALL, "nfsd_fh: found %p path %s", found, found ? found->e_path : NULL); return; } -void nfsd_export(FILE *f) +static void write_fsloc(FILE *f, struct exportent *ep) +{ + struct servers *servers; + + if (ep->e_fslocmethod == FSLOC_NONE) + return; + + servers = replicas_lookup(ep->e_fslocmethod, ep->e_fslocdata); + if (!servers) + return; + qword_print(f, "fsloc"); + qword_printint(f, servers->h_num); + if (servers->h_num >= 0) { + int i; + for (i=0; ih_num; i++) { + qword_print(f, servers->h_mp[i]->h_host); + qword_print(f, servers->h_mp[i]->h_path); + } + } + qword_printint(f, servers->h_referral); + release_replicas(servers); +} + +static void write_secinfo(FILE *f, struct exportent *ep, int flag_mask) +{ + struct sec_entry *p; + + for (p = ep->e_secinfo; p->flav; p++) + ; /* Do nothing */ + if (p == ep->e_secinfo) { + /* There was no sec= option */ + return; + } + qword_print(f, "secinfo"); + qword_printint(f, p - ep->e_secinfo); + for (p = ep->e_secinfo; p->flav; p++) { + qword_printint(f, p->flav->fnum); + qword_printint(f, p->flags & flag_mask); + } + +} + +static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *exp) +{ + qword_print(f, domain); + qword_print(f, path); + if (exp) { + int different_fs = strcmp(path, exp->e_path) != 0; + int flag_mask = different_fs ? ~NFSEXP_FSID : ~0; + + qword_printuint(f, time(0) + exp->e_ttl); + qword_printint(f, exp->e_flags & flag_mask); + qword_printint(f, exp->e_anonuid); + qword_printint(f, exp->e_anongid); + qword_printint(f, exp->e_fsid); + write_fsloc(f, exp); + write_secinfo(f, exp, flag_mask); + if (exp->e_uuid == NULL || different_fs) { + char u[16]; + if (uuid_by_path(path, 0, 16, u)) { + qword_print(f, "uuid"); + qword_printhex(f, u, 16); + } + } else { + char u[16]; + get_uuid(exp->e_uuid, 16, u); + qword_print(f, "uuid"); + qword_printhex(f, u, 16); + } + } else + qword_printuint(f, time(0) + DEFAULT_TTL); + return qword_eol(f); +} + +static int is_subdirectory(char *child, char *parent) +{ + int l = strlen(parent); + + return strcmp(child, parent) == 0 + || (strncmp(child, parent, l) == 0 && child[l] == '/'); +} + +static int path_matches(nfs_export *exp, char *path) +{ + if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) + return is_subdirectory(path, exp->m_export.e_path); + return strcmp(path, exp->m_export.e_path) == 0; +} + +static int +export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai) +{ + return path_matches(exp, path) && client_matches(exp, dom, ai); +} + +static nfs_export * +lookup_export(char *dom, char *path, struct addrinfo *ai) +{ + nfs_export *exp; + nfs_export *found = NULL; + int found_type = 0; + int i; + + for (i=0 ; i < MCL_MAXTYPES; i++) { + for (exp = exportlist[i].p_head; exp; exp = exp->m_next) { + if (!export_matches(exp, dom, path, ai)) + continue; + if (!found) { + found = exp; + found_type = i; + continue; + } + /* Always prefer non-V4ROOT exports */ + if (exp->m_export.e_flags & NFSEXP_V4ROOT) + continue; + if (found->m_export.e_flags & NFSEXP_V4ROOT) { + found = exp; + found_type = i; + continue; + } + + /* If one is a CROSSMOUNT, then prefer the longest path */ + if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) || + (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) && + strlen(found->m_export.e_path) != + strlen(exp->m_export.e_path)) { + + if (strlen(exp->m_export.e_path) > + strlen(found->m_export.e_path)) { + found = exp; + found_type = i; + } + continue; + + } else if (found_type == i && found->m_warned == 0) { + xlog(L_WARNING, "%s exported to both %s and %s, " + "arbitrarily choosing options from first", + path, found->m_client->m_hostname, exp->m_client->m_hostname, + dom); + found->m_warned = 1; + } + } + } + return found; +} + +#ifdef HAVE_NFS_PLUGIN_H +#include +#include + +/* + * Walk through a set of FS locations and build a set of export options. + * Returns true if all went to plan; otherwise, false. + */ +static _Bool +locations_to_options(struct jp_ops *ops, nfs_fsloc_set_t locations, + char *options, size_t remaining, int *ttl) +{ + char *server, *last_path, *rootpath, *ptr; + _Bool seen = false; + + last_path = NULL; + rootpath = NULL; + server = NULL; + ptr = options; + *ttl = 0; + + for (;;) { + enum jp_status status; + int len; + + status = ops->jp_get_next_location(locations, &server, + &rootpath, ttl); + if (status == JP_EMPTY) + break; + if (status != JP_OK) { + xlog(D_GENERAL, "%s: failed to parse location: %s", + __func__, ops->jp_error(status)); + goto out_false; + } + xlog(D_GENERAL, "%s: Location: %s:%s", + __func__, server, rootpath); + + if (last_path && strcmp(rootpath, last_path) == 0) { + len = snprintf(ptr, remaining, "+%s", server); + if (len < 0) { + xlog(D_GENERAL, "%s: snprintf: %m", __func__); + goto out_false; + } + if ((size_t)len >= remaining) { + xlog(D_GENERAL, "%s: options buffer overflow", __func__); + goto out_false; + } + remaining -= (size_t)len; + ptr += len; + } else { + if (last_path == NULL) + len = snprintf(ptr, remaining, "refer=%s@%s", + rootpath, server); + else + len = snprintf(ptr, remaining, ":%s@%s", + rootpath, server); + if (len < 0) { + xlog(D_GENERAL, "%s: snprintf: %m", __func__); + goto out_false; + } + if ((size_t)len >= remaining) { + xlog(D_GENERAL, "%s: options buffer overflow", + __func__); + goto out_false; + } + remaining -= (size_t)len; + ptr += len; + last_path = rootpath; + } + + seen = true; + free(rootpath); + free(server); + } + + xlog(D_CALL, "%s: options='%s', ttl=%d", + __func__, options, *ttl); + return seen; + +out_false: + free(rootpath); + free(server); + return false; +} + +/* + * Walk through the set of FS locations and build an exportent. + * Returns pointer to an exportent if "junction" refers to a junction. + * + * Returned exportent points to static memory. + */ +static struct exportent *locations_to_export(struct jp_ops *ops, + nfs_fsloc_set_t locations, const char *junction) +{ + static char options[BUFSIZ]; + struct exportent *exp; + int ttl; + + options[0] = '\0'; + if (!locations_to_options(ops, locations, options, sizeof(options), &ttl)) + return NULL; + + exp = mkexportent("*", (char *)junction, options); + if (exp == NULL) { + xlog(L_ERROR, "%s: Failed to construct exportent", __func__); + return NULL; + } + + exp->e_uuid = NULL; + exp->e_ttl = ttl; + return exp; +} + +/* + * Retrieve locations information in "junction" and dump it to the + * kernel. Returns pointer to an exportent if "junction" refers + * to a junction. + * + * Returned exportent points to static memory. + */ +static struct exportent *invoke_junction_ops(void *handle, + const char *junction) +{ + struct exportent *exp = NULL; + nfs_fsloc_set_t locations; + enum jp_status status; + struct jp_ops *ops; + char *error; + + ops = (struct jp_ops *)dlsym(handle, "nfs_junction_ops"); + error = dlerror(); + if (error != NULL) { + xlog(D_GENERAL, "%s: dlsym(jp_junction_ops): %s", + __func__, error); + return NULL; + } + if (ops->jp_api_version != JP_API_VERSION) { + xlog(D_GENERAL, "%s: unrecognized junction API version: %u", + __func__, ops->jp_api_version); + return NULL; + } + + status = ops->jp_init(false); + if (status != JP_OK) { + xlog(D_GENERAL, "%s: failed to resolve %s: %s", + __func__, junction, ops->jp_error(status)); + return NULL; + } + + status = ops->jp_get_locations(junction, &locations); + switch (status) { + case JP_OK: + break; + case JP_NOTJUNCTION: + xlog(D_GENERAL, "%s: %s is not a junction", + __func__, junction); + goto out; + default: + xlog(L_WARNING, "Dangling junction %s: %s", + junction, ops->jp_error(status)); + goto out; + } + + exp = locations_to_export(ops, locations, junction); + + ops->jp_put_locations(locations); + +out: + ops->jp_done(); + return exp; +} + +/* + * Load the junction plug-in, then try to resolve "pathname". + * Returns pointer to an initialized exportent if "junction" + * refers to a junction, or NULL if not. + * + * Returned exportent points to static memory. + */ +static struct exportent *lookup_junction(const char *pathname) +{ + struct exportent *exp; + void *handle; + + handle = dlopen("libnfsjunct.so", RTLD_NOW); + if (handle == NULL) { + xlog(D_GENERAL, "%s: dlopen: %s", __func__, dlerror()); + return NULL; + } + (void)dlerror(); /* Clear any error */ + + exp = invoke_junction_ops(handle, pathname); + + /* We could leave it loaded to make junction resolution + * faster next time. However, if we want to replace the + * library, that would require restarting mountd. */ + (void)dlclose(handle); + return exp; +} +#else /* !HAVE_NFS_PLUGIN_H */ +static inline struct exportent *lookup_junction(const char *UNUSED(pathname)) +{ + return NULL; +} +#endif /* !HAVE_NFS_PLUGIN_H */ + +static void nfsd_export(FILE *f) { /* requests are: * domain path @@ -248,14 +1041,15 @@ void nfsd_export(FILE *f) */ char *cp; - int i; char *dom, *path; - nfs_export *exp, *found = NULL; - + nfs_export *found = NULL; + struct addrinfo *ai = NULL; if (readline(fileno(f), &lbuf, &lbuflen) != 1) return; + xlog(D_CALL, "nfsd_export: inbuf '%s'", lbuf); + cp = lbuf; dom = malloc(strlen(cp)); path = malloc(strlen(cp)); @@ -270,37 +1064,29 @@ void nfsd_export(FILE *f) auth_reload(); - /* now find flags for this export point in this domain */ - for (i=0 ; i < MCL_MAXTYPES; i++) { - for (exp = exportlist[i]; exp; exp = exp->m_next) { - if (!client_member(dom, exp->m_client->m_hostname)) - continue; - if (strcmp(path, exp->m_export.e_path)) - continue; - if (!found) - found = exp; - else { - xlog(L_WARNING, "%s exported to both %s and %s in %s", - path, exp->m_client->m_hostname, found->m_client->m_hostname, - dom); - } - } + if (is_ipaddr_client(dom)) { + ai = lookup_client_addr(dom); + if (!ai) + goto out; } - qword_print(f, dom); - qword_print(f, path); - qword_printint(f, time(0)+30*60); + found = lookup_export(dom, path, ai); + if (found) { - qword_printint(f, found->m_export.e_flags); - qword_printint(f, found->m_export.e_anonuid); - qword_printint(f, found->m_export.e_anongid); - qword_printint(f, found->m_export.e_fsid); - mountlist_add(dom, path); + if (dump_to_cache(f, dom, path, &found->m_export) < 0) { + xlog(L_WARNING, + "Cannot export %s, possibly unsupported filesystem" + " or fsid= required", path); + dump_to_cache(f, dom, path, NULL); + } + } else { + dump_to_cache(f, dom, path, lookup_junction(path)); } - qword_eol(f); out: + xlog(D_CALL, "nfsd_export: found %p path %s", found, path ? path : NULL); if (dom) free(dom); if (path) free(path); + freeaddrinfo(ai); } @@ -308,23 +1094,41 @@ struct { char *cache_name; void (*cache_handle)(FILE *f); FILE *f; + char vbuf[RPC_CHAN_BUF_SIZE]; } cachelist[] = { - { "auth.unix.ip", auth_unix_ip}, - { "nfsd.export", nfsd_export}, - { "nfsd.fh", nfsd_fh}, - { NULL, NULL } + { "auth.unix.ip", auth_unix_ip, NULL, ""}, + { "auth.unix.gid", auth_unix_gid, NULL, ""}, + { "nfsd.export", nfsd_export, NULL, ""}, + { "nfsd.fh", nfsd_fh, NULL, ""}, + { NULL, NULL, NULL, ""} }; +extern int manage_gids; + +/** + * cache_open - prepare communications channels with kernel RPC caches + * + */ void cache_open(void) { int i; - for (i=0; cachelist[i].cache_name; i++ ){ + for (i=0; cachelist[i].cache_name; i++ ) { char path[100]; + if (!manage_gids && cachelist[i].cache_handle == auth_unix_gid) + continue; sprintf(path, "/proc/net/rpc/%s/channel", cachelist[i].cache_name); cachelist[i].f = fopen(path, "r+"); + if (cachelist[i].f != NULL) { + setvbuf(cachelist[i].f, cachelist[i].vbuf, _IOLBF, + RPC_CHAN_BUF_SIZE); + } } } +/** + * cache_set_fds - prepare cache file descriptors for one iteration of the service loop + * @fdset: pointer to fd_set to prepare + */ void cache_set_fds(fd_set *fdset) { int i; @@ -334,6 +1138,10 @@ void cache_set_fds(fd_set *fdset) } } +/** + * cache_process_req - process any active cache file descriptors during service loop iteration + * @fdset: pointer to fd_set to examine for activity + */ int cache_process_req(fd_set *readfds) { int i; @@ -352,54 +1160,106 @@ int cache_process_req(fd_set *readfds) /* * Give IP->domain and domain+path->options to kernel - * % echo nfsd $IP $[now+30*60] $domain > /proc/net/rpc/auth.unix.ip/channel - * % echo $domain $path $[now+30*60] $options $anonuid $anongid $fsid > /proc/net/rpc/nfsd.export/channel + * % echo nfsd $IP $[now+DEFAULT_TTL] $domain > /proc/net/rpc/auth.unix.ip/channel + * % echo $domain $path $[now+DEFAULT_TTL] $options $anonuid $anongid $fsid > /proc/net/rpc/nfsd.export/channel */ -void cache_export_ent(char *domain, struct exportent *exp) +static int cache_export_ent(char *domain, struct exportent *exp, char *path) { - + int err; FILE *f = fopen("/proc/net/rpc/nfsd.export/channel", "w"); if (!f) - return; + return -1; - qword_print(f, domain); - qword_print(f, exp->e_path); - qword_printint(f, time(0)+30*60); - qword_printint(f, exp->e_flags); - qword_printint(f, exp->e_anonuid); - qword_printint(f, exp->e_anongid); - qword_printint(f, exp->e_fsid); - qword_eol(f); + err = dump_to_cache(f, domain, exp->e_path, exp); + if (err) { + xlog(L_WARNING, + "Cannot export %s, possibly unsupported filesystem or" + " fsid= required", exp->e_path); + } - fclose(f); + while (err == 0 && (exp->e_flags & NFSEXP_CROSSMOUNT) && path) { + /* really an 'if', but we can break out of + * a 'while' more easily */ + /* Look along 'path' for other filesystems + * and export them with the same options + */ + struct stat stb; + size_t l = strlen(exp->e_path); + __dev_t dev; + + if (strlen(path) <= l || path[l] != '/' || + strncmp(exp->e_path, path, l) != 0) + break; + if (stat(exp->e_path, &stb) != 0) + break; + dev = stb.st_dev; + while(path[l] == '/') { + char c; + /* errors for submount should fail whole filesystem */ + int err2; + + l++; + while (path[l] != '/' && path[l]) + l++; + c = path[l]; + path[l] = 0; + err2 = lstat(path, &stb); + path[l] = c; + if (err2 < 0) + break; + if (stb.st_dev == dev) + continue; + dev = stb.st_dev; + path[l] = 0; + dump_to_cache(f, domain, path, exp); + path[l] = c; + } + break; + } - mountlist_add(domain, exp->e_path); + fclose(f); + return err; } -void cache_export(nfs_export *exp) +/** + * cache_export - Inform kernel of a new nfs_export + * @exp: target nfs_export + * @path: NUL-terminated C string containing export path + */ +int cache_export(nfs_export *exp, char *path) { + char buf[INET6_ADDRSTRLEN]; + int err; FILE *f; f = fopen("/proc/net/rpc/auth.unix.ip/channel", "w"); if (!f) - return; + return -1; + qword_print(f, "nfsd"); - qword_print(f, inet_ntoa(exp->m_client->m_addrlist[0])); - qword_printint(f, time(0)+30*60); + qword_print(f, + host_ntop(get_addrlist(exp->m_client, 0), buf, sizeof(buf))); + qword_printuint(f, time(0) + exp->m_export.e_ttl); qword_print(f, exp->m_client->m_hostname); - qword_eol(f); + err = qword_eol(f); fclose(f); - if (strcmp(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname)) - mountlist_add(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname); - - cache_export_ent(exp->m_client->m_hostname, &exp->m_export); + err = cache_export_ent(exp->m_client->m_hostname, &exp->m_export, path) + || err; + return err; } -/* Get a filehandle. +/** + * cache_get_filehandle - given an nfs_export, get its root filehandle + * @exp: target nfs_export + * @len: length of requested file handle + * @p: NUL-terminated C string containing export path + * + * Returns pointer to NFS file handle of root directory of export + * * { * echo $domain $path $length * read filehandle <&0 @@ -422,9 +1282,10 @@ cache_get_filehandle(nfs_export *exp, int len, char *p) qword_print(f, exp->m_client->m_hostname); qword_print(f, p); qword_printint(f, len); - qword_eol(f); + failed = qword_eol(f); - failed = (fgets(buf, sizeof(buf), f) == NULL); + if (!failed) + failed = (fgets(buf, sizeof(buf), f) == NULL); fclose(f); if (failed) return NULL; @@ -432,4 +1293,3 @@ cache_get_filehandle(nfs_export *exp, int len, char *p) fh.fh_size = qword_get(&bp, (char *)fh.fh_handle, NFS3_FHSIZE); return &fh; } -