X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fcache.c;h=9e1b16402009daeae9e828ebf47f3bb268701e56;hp=34f949c66b90200973856b6230f9095fe8675fcc;hb=0509d3428f523776ddd9d6e9fa318587d3ec7d84;hpb=4929f11159f0e6568f13820f114594028fc81e2d;ds=sidebyside

diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index 34f949c..9e1b164 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -6,11 +6,15 @@
  * and listen for requests (using my_svc_run)
  * 
  */
-#include "config.h"
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
 
 #include <sys/types.h>
 #include <sys/select.h>
 #include <sys/stat.h>
+#include <sys/vfs.h>
 #include <time.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -18,11 +22,32 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <mntent.h>
 #include "misc.h"
 #include "nfslib.h"
 #include "exportfs.h"
 #include "mountd.h"
 #include "xmalloc.h"
+#include "fsloc.h"
+#include "pseudoflavors.h"
+
+#ifdef USE_BLKID
+#include "blkid/blkid.h"
+#endif
+
+
+enum nfsd_fsid {
+	FSID_DEV = 0,
+	FSID_NUM,
+	FSID_MAJOR_MINOR,
+	FSID_ENCODE_DEV,
+	FSID_UUID4_INUM,
+	FSID_UUID8,
+	FSID_UUID16,
+	FSID_UUID16_INUM,
+};
 
 /*
  * Support routines for text-based upcalls.
@@ -32,11 +57,12 @@
  * Record is terminated with newline.
  *
  */
-void cache_export_ent(char *domain, struct exportent *exp);
+int cache_export_ent(char *domain, struct exportent *exp, char *p);
 
 
 char *lbuf  = NULL;
 int lbuflen = 0;
+extern int use_ipaddr;
 
 void auth_unix_ip(FILE *f)
 {
@@ -50,11 +76,14 @@ void auth_unix_ip(FILE *f)
 	char *cp;
 	char class[20];
 	char ipaddr[20];
-	char *client;
-	struct in_addr addr;
+	char *client = NULL;
+	struct addrinfo *tmp = NULL;
+	struct addrinfo *ai = NULL;
 	if (readline(fileno(f), &lbuf, &lbuflen) != 1)
 		return;
 
+	xlog(D_CALL, "auth_unix_ip: inbuf '%s'", lbuf);
+
 	cp = lbuf;
 
 	if (qword_get(&cp, class, 20) <= 0 ||
@@ -64,27 +93,234 @@ void auth_unix_ip(FILE *f)
 	if (qword_get(&cp, ipaddr, 20) <= 0)
 		return;
 
-	if (inet_aton(ipaddr, &addr)==0)
+	tmp = host_pton(ipaddr);
+	if (tmp == NULL)
 		return;
 
 	auth_reload();
 
 	/* addr is a valid, interesting address, find the domain name... */
-	client = client_compose(addr);
+	if (!use_ipaddr) {
+		ai = client_resolve(tmp->ai_addr);
+		client = client_compose(ai);
+		freeaddrinfo(ai);
+	}
+	freeaddrinfo(tmp);
 
-	
 	qword_print(f, "nfsd");
 	qword_print(f, ipaddr);
 	qword_printint(f, time(0)+30*60);
-	if (client)
+	if (use_ipaddr)
+		qword_print(f, ipaddr);
+	else if (client)
 		qword_print(f, *client?client:"DEFAULT");
 	qword_eol(f);
+	xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT");
+
+	free(client);
+}
+
+void auth_unix_gid(FILE *f)
+{
+	/* Request are
+	 *  uid
+	 * reply is
+	 *  uid expiry count list of group ids
+	 */
+	uid_t uid;
+	struct passwd *pw;
+	gid_t glist[100], *groups = glist;
+	int ngroups = 100;
+	int rv, i;
+	char *cp;
+
+	if (readline(fileno(f), &lbuf, &lbuflen) != 1)
+		return;
+
+	cp = lbuf;
+	if (qword_get_uint(&cp, &uid) != 0)
+		return;
+
+	pw = getpwuid(uid);
+	if (!pw)
+		rv = -1;
+	else {
+		rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
+		if (rv == -1 && ngroups >= 100) {
+			groups = malloc(sizeof(gid_t)*ngroups);
+			if (!groups)
+				rv = -1;
+			else
+				rv = getgrouplist(pw->pw_name, pw->pw_gid,
+						  groups, &ngroups);
+		}
+	}
+	qword_printuint(f, uid);
+	qword_printuint(f, time(0)+30*60);
+	if (rv >= 0) {
+		qword_printuint(f, ngroups);
+		for (i=0; i<ngroups; i++)
+			qword_printuint(f, groups[i]);
+	} else
+		qword_printuint(f, 0);
+	qword_eol(f);
 
-	if (client && strcmp(ipaddr, client))
-		mountlist_add(ipaddr, *client?client:"DEFAULT");
+	if (groups != glist)
+		free(groups);
+}
+
+#if USE_BLKID
+static const char *get_uuid_blkdev(char *path)
+{
+	/* We set *safe if we know that we need the
+	 * fsid from statfs too.
+	 */
+	static blkid_cache cache = NULL;
+	struct stat stb;
+	char *devname;
+	blkid_tag_iterate iter;
+	blkid_dev dev;
+	const char *type;
+	const char *val, *uuid = NULL;
+
+	if (cache == NULL)
+		blkid_get_cache(&cache, NULL);
+
+	if (stat(path, &stb) != 0)
+		return NULL;
+	devname = blkid_devno_to_devname(stb.st_dev);
+	if (!devname)
+		return NULL;
+	dev = blkid_get_dev(cache, devname, BLKID_DEV_NORMAL);
+	free(devname);
+	if (!dev)
+		return NULL;
+	iter = blkid_tag_iterate_begin(dev);
+	if (!iter)
+		return NULL;
+	while (blkid_tag_next(iter, &type, &val) == 0) {
+		if (strcmp(type, "UUID") == 0)
+			uuid = val;
+		if (strcmp(type, "TYPE") == 0 &&
+		    strcmp(val, "btrfs") == 0) {
+			uuid = NULL;
+			break;
+		}
+	}
+	blkid_tag_iterate_end(iter);
+	return uuid;
+}
+#else
+#define get_uuid_blkdev(path) (NULL)
+#endif
 
-	if (client) free(client);
+int get_uuid(const char *val, int uuidlen, char *u)
+{
+	/* extract hex digits from uuidstr and compose a uuid
+	 * of the given length (max 16), xoring bytes to make
+	 * a smaller uuid.
+	 */
+	int i = 0;
 	
+	memset(u, 0, uuidlen);
+	for ( ; *val ; val++) {
+		char c = *val;
+		if (!isxdigit(c))
+			continue;
+		if (isalpha(c)) {
+			if (isupper(c))
+				c = c - 'A' + 10;
+			else
+				c = c - 'a' + 10;
+		} else
+			c = c - '0' + 0;
+		if ((i&1) == 0)
+			c <<= 4;
+		u[i/2] ^= c;
+		i++;
+		if (i == uuidlen*2)
+			i = 0;
+	}
+	return 1;
+}
+
+int uuid_by_path(char *path, int type, int uuidlen, char *uuid)
+{
+	/* get a uuid for the filesystem found at 'path'.
+	 * There are several possible ways of generating the
+	 * uuids (types).
+	 * Type 0 is used for new filehandles, while other types
+	 * may be used to interpret old filehandle - to ensure smooth
+	 * forward migration.
+	 * We return 1 if a uuid was found (and it might be worth 
+	 * trying the next type) or 0 if no more uuid types can be
+	 * extracted.
+	 */
+
+	/* Possible sources of uuid are
+	 * - blkid uuid
+	 * - statfs64 uuid
+	 *
+	 * On some filesystems (e.g. vfat) the statfs64 uuid is simply an
+	 * encoding of the device that the filesystem is mounted from, so
+	 * it we be very bad to use that (as device numbers change).  blkid
+	 * must be preferred.
+	 * On other filesystems (e.g. btrfs) the statfs64 uuid contains
+	 * important info that the blkid uuid cannot contain:  This happens
+	 * when multiple subvolumes are exported (they have the same
+	 * blkid uuid but different statfs64 uuids).
+	 * We rely on get_uuid_blkdev *knowing* which is which and not returning
+	 * a uuid for filesystems where the statfs64 uuid is better.
+	 *
+	 */
+	struct statfs64 st;
+	char fsid_val[17];
+	const char *blkid_val;
+	const char *val;
+
+	blkid_val = get_uuid_blkdev(path);
+
+	if (statfs64(path, &st) == 0 &&
+	    (st.f_fsid.__val[0] || st.f_fsid.__val[1]))
+		snprintf(fsid_val, 17, "%08x%08x",
+			 st.f_fsid.__val[0], st.f_fsid.__val[1]);
+	else
+		fsid_val[0] = 0;
+
+	if (blkid_val && (type--) == 0)
+		val = blkid_val;
+	else if (fsid_val[0] && (type--) == 0)
+		val = fsid_val;
+	else
+		return 0;
+
+	get_uuid(val, uuidlen, uuid);
+	return 1;
+}
+
+/* Iterate through /etc/mtab, finding mountpoints
+ * at or below a given path
+ */
+static char *next_mnt(void **v, char *p)
+{
+	FILE *f;
+	struct mntent *me;
+	int l = strlen(p);
+	if (*v == NULL) {
+		f = setmntent("/etc/mtab", "r");
+		*v = f;
+	} else
+		f = *v;
+	while ((me = getmntent(f)) != NULL &&
+	       (strncmp(me->mnt_dir, p, l) != 0 ||
+		me->mnt_dir[l] != '/'))
+		;
+	if (me == NULL) {
+		endmntent(f);
+		*v = NULL;
+		return NULL;
+	}
+	return me->mnt_dir;
 }
 
 void nfsd_fh(FILE *f)
@@ -100,18 +336,25 @@ void nfsd_fh(FILE *f)
 	int fsidlen;
 	unsigned int dev, major=0, minor=0;
 	unsigned int inode=0;
+	unsigned long long inode64;
 	unsigned int fsidnum=0;
 	char fsid[32];
 	struct exportent *found = NULL;
+	struct addrinfo *ai = NULL;
+	char *found_path = NULL;
 	nfs_export *exp;
 	int i;
 	int dev_missing = 0;
+	int uuidlen = 0;
+	char *fhuuid = NULL;
 
 	if (readline(fileno(f), &lbuf, &lbuflen) != 1)
 		return;
 
-	cp = lbuf;
+	xlog(D_CALL, "nfsd_fh: inbuf '%s'", lbuf);
 
+	cp = lbuf;
+	
 	dom = malloc(strlen(cp));
 	if (dom == NULL)
 		return;
@@ -119,12 +362,12 @@ void nfsd_fh(FILE *f)
 		goto out;
 	if (qword_get_int(&cp, &fsidtype) != 0)
 		goto out;
-	if (fsidtype < 0 || fsidtype > 3)
+	if (fsidtype < 0 || fsidtype > 7)
 		goto out; /* unknown type */
 	if ((fsidlen = qword_get(&cp, fsid, 32)) <= 0)
 		goto out;
 	switch(fsidtype) {
-	case 0: /* 4 bytes: 2 major, 2 minor, 4 inode */
+	case FSID_DEV: /* 4 bytes: 2 major, 2 minor, 4 inode */
 		if (fsidlen != 8)
 			goto out;
 		memcpy(&dev, fsid, 4);
@@ -133,13 +376,13 @@ void nfsd_fh(FILE *f)
 		minor = ntohl(dev) & 0xFFFF;
 		break;
 
-	case 1: /* 4 bytes - fsid */
+	case FSID_NUM: /* 4 bytes - fsid */
 		if (fsidlen != 4)
 			goto out;
 		memcpy(&fsidnum, fsid, 4);
 		break;
 
-	case 2: /* 12 bytes: 4 major, 4 minor, 4 inode 
+	case FSID_MAJOR_MINOR: /* 12 bytes: 4 major, 4 minor, 4 inode 
 		 * This format is never actually used but was
 		 * an historical accident
 		 */
@@ -150,7 +393,7 @@ void nfsd_fh(FILE *f)
 		memcpy(&inode, fsid+8, 4);
 		break;
 
-	case 3: /* 8 bytes: 4 byte packed device number, 4 inode */
+	case FSID_ENCODE_DEV: /* 8 bytes: 4 byte packed device number, 4 inode */
 		/* This is *host* endian, not net-byte-order, because
 		 * no-one outside this host has any business interpreting it
 		 */
@@ -162,42 +405,143 @@ void nfsd_fh(FILE *f)
 		minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
 		break;
 
+	case FSID_UUID4_INUM: /* 4 byte inode number and 4 byte uuid */
+		if (fsidlen != 8)
+			goto out;
+		memcpy(&inode, fsid, 4);
+		uuidlen = 4;
+		fhuuid = fsid+4;
+		break;
+	case FSID_UUID8: /* 8 byte uuid */
+		if (fsidlen != 8)
+			goto out;
+		uuidlen = 8;
+		fhuuid = fsid;
+		break;
+	case FSID_UUID16: /* 16 byte uuid */
+		if (fsidlen != 16)
+			goto out;
+		uuidlen = 16;
+		fhuuid = fsid;
+		break;
+	case FSID_UUID16_INUM: /* 8 byte inode number and 16 byte uuid */
+		if (fsidlen != 24)
+			goto out;
+		memcpy(&inode64, fsid, 8);
+		inode = inode64;
+		uuidlen = 16;
+		fhuuid = fsid+8;
+		break;
 	}
 
 	auth_reload();
 
 	/* Now determine export point for this fsid/domain */
 	for (i=0 ; i < MCL_MAXTYPES; i++) {
-		for (exp = exportlist[i]; exp; exp = exp->m_next) {
+		nfs_export *next_exp;
+		for (exp = exportlist[i].p_head; exp; exp = next_exp) {
 			struct stat stb;
+			char u[16];
+			char *path;
+			int type;
+
+			if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT) {
+				static nfs_export *prev = NULL;
+				static void *mnt = NULL;
+				
+				if (prev == exp) {
+					/* try a submount */
+					path = next_mnt(&mnt, exp->m_export.e_path);
+					if (!path) {
+						next_exp = exp->m_next;
+						prev = NULL;
+						continue;
+					}
+					next_exp = exp;
+				} else {
+					prev = exp;
+					mnt = NULL;
+					path = exp->m_export.e_path;
+					next_exp = exp;
+				}
+			} else {
+				path = exp->m_export.e_path;
+				next_exp = exp->m_next;
+			}
 
-			if (!client_member(dom, exp->m_client->m_hostname))
+			if (!use_ipaddr && !client_member(dom, exp->m_client->m_hostname))
 				continue;
 			if (exp->m_export.e_mountpoint &&
 			    !is_mountpoint(exp->m_export.e_mountpoint[0]?
 					   exp->m_export.e_mountpoint:
 					   exp->m_export.e_path))
 				dev_missing ++;
-			if (stat(exp->m_export.e_path, &stb) != 0)
+			if (stat(path, &stb) != 0)
 				continue;
-			if (fsidtype == 1 &&
-			    ((exp->m_export.e_flags & NFSEXP_FSID) == 0 ||
-			     exp->m_export.e_fsid != fsidnum))
+			if (!S_ISDIR(stb.st_mode) && !S_ISREG(stb.st_mode)) {
 				continue;
-			if (fsidtype != 1) {
+			}
+			switch(fsidtype){
+			case FSID_DEV:
+			case FSID_MAJOR_MINOR:
+			case FSID_ENCODE_DEV:
 				if (stb.st_ino != inode)
 					continue;
 				if (major != major(stb.st_dev) ||
 				    minor != minor(stb.st_dev))
 					continue;
+				break;
+			case FSID_NUM:
+				if (((exp->m_export.e_flags & NFSEXP_FSID) == 0 ||
+				     exp->m_export.e_fsid != fsidnum))
+					continue;
+				break;
+			case FSID_UUID4_INUM:
+			case FSID_UUID16_INUM:
+				if (stb.st_ino != inode)
+					continue;
+				goto check_uuid;
+			case FSID_UUID8:
+			case FSID_UUID16:
+				if (!is_mountpoint(path))
+					continue;
+			check_uuid:
+				if (exp->m_export.e_uuid)
+					get_uuid(exp->m_export.e_uuid,
+						 uuidlen, u);
+				else
+					for (type = 0;
+					     uuid_by_path(path, type, uuidlen, u);
+					     type++)
+						if (memcmp(u, fhuuid, uuidlen) != 0)
+							break;
+
+				if (memcmp(u, fhuuid, uuidlen) != 0)
+					continue;
+				break;
+			}
+			if (use_ipaddr) {
+				if (ai == NULL) {
+					struct addrinfo *tmp;
+					tmp = host_pton(dom);
+					if (tmp == NULL)
+						goto out;
+					ai = client_resolve(tmp->ai_addr);
+					freeaddrinfo(tmp);
+				}
+				if (!client_check(exp->m_client, ai))
+					continue;
 			}
 			/* It's a match !! */
-			if (!found)
+			if (!found) {
 				found = &exp->m_export;
-			else if (strcmp(found->e_path, exp->m_export.e_path)!= 0)
+				found_path = strdup(path);
+				if (found_path == NULL)
+					goto out;
+			} else if (strcmp(found->e_path, exp->m_export.e_path)!= 0)
 			{
 				xlog(L_WARNING, "%s and %s have same filehandle for %s, using first",
-				     found->e_path, exp->m_export.e_path, dom);
+				     found_path, path, dom);
 			}
 		}
 	}
@@ -222,20 +566,182 @@ void nfsd_fh(FILE *f)
 	}
 
 	if (found)
-		cache_export_ent(dom, found);
+		if (cache_export_ent(dom, found, found_path) < 0)
+			found = 0;
 
 	qword_print(f, dom);
 	qword_printint(f, fsidtype);
 	qword_printhex(f, fsid, fsidlen);
-	qword_printint(f, time(0)+30*60);
+	/* The fsid -> path lookup can be quite expensive as it
+	 * potentially stats and reads lots of devices, and some of those
+	 * might have spun-down.  The Answer is not likely to
+	 * change underneath us, and an 'exportfs -f' can always
+	 * remove this from the kernel, so use a really log
+	 * timeout.  Maybe this should be configurable on the command
+	 * line.
+	 */
+	qword_printint(f, 0x7fffffff);
 	if (found)
-		qword_print(f, found->e_path);
+		qword_print(f, found_path);
 	qword_eol(f);
  out:
+	if (found_path)
+		free(found_path);
+	freeaddrinfo(ai);
 	free(dom);
+	xlog(D_CALL, "nfsd_fh: found %p path %s", found, found ? found->e_path : NULL);
 	return;		
 }
 
+static void write_fsloc(FILE *f, struct exportent *ep, char *path)
+{
+	struct servers *servers;
+
+	if (ep->e_fslocmethod == FSLOC_NONE)
+		return;
+
+	servers = replicas_lookup(ep->e_fslocmethod, ep->e_fslocdata, path);
+	if (!servers)
+		return;
+	qword_print(f, "fsloc");
+	qword_printint(f, servers->h_num);
+	if (servers->h_num >= 0) {
+		int i;
+		for (i=0; i<servers->h_num; i++) {
+			qword_print(f, servers->h_mp[i]->h_host);
+			qword_print(f, servers->h_mp[i]->h_path);
+		}
+	}
+	qword_printint(f, servers->h_referral);
+	release_replicas(servers);
+}
+
+static void write_secinfo(FILE *f, struct exportent *ep, int flag_mask)
+{
+	struct sec_entry *p;
+
+	for (p = ep->e_secinfo; p->flav; p++)
+		; /* Do nothing */
+	if (p == ep->e_secinfo) {
+		/* There was no sec= option */
+		return;
+	}
+	qword_print(f, "secinfo");
+	qword_printint(f, p - ep->e_secinfo);
+	for (p = ep->e_secinfo; p->flav; p++) {
+		qword_printint(f, p->flav->fnum);
+		qword_printint(f, p->flags & flag_mask);
+	}
+
+}
+
+static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *exp)
+{
+	qword_print(f, domain);
+	qword_print(f, path);
+	qword_printint(f, time(0)+30*60);
+	if (exp) {
+		int different_fs = strcmp(path, exp->e_path) != 0;
+		int flag_mask = different_fs ? ~NFSEXP_FSID : ~0;
+
+		qword_printint(f, exp->e_flags & flag_mask);
+		qword_printint(f, exp->e_anonuid);
+		qword_printint(f, exp->e_anongid);
+		qword_printint(f, exp->e_fsid);
+		write_fsloc(f, exp, path);
+		write_secinfo(f, exp, flag_mask);
+ 		if (exp->e_uuid == NULL || different_fs) {
+ 			char u[16];
+ 			if (uuid_by_path(path, 0, 16, u)) {
+ 				qword_print(f, "uuid");
+ 				qword_printhex(f, u, 16);
+ 			}
+ 		} else {
+ 			char u[16];
+ 			get_uuid(exp->e_uuid, 16, u);
+ 			qword_print(f, "uuid");
+ 			qword_printhex(f, u, 16);
+ 		}
+	}
+	return qword_eol(f);
+}
+
+static int is_subdirectory(char *child, char *parent)
+{
+	int l = strlen(parent);
+
+	return strcmp(child, parent) == 0
+		|| (strncmp(child, parent, l) == 0 && child[l] == '/');
+}
+
+static int path_matches(nfs_export *exp, char *path)
+{
+	if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+		return is_subdirectory(path, exp->m_export.e_path);
+	return strcmp(path, exp->m_export.e_path) == 0;
+}
+
+static int
+client_matches(nfs_export *exp, char *dom, struct addrinfo *ai)
+{
+	if (use_ipaddr)
+		return client_check(exp->m_client, ai);
+	return client_member(dom, exp->m_client->m_hostname);
+}
+
+static int
+export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
+{
+	return path_matches(exp, path) && client_matches(exp, dom, ai);
+}
+
+static nfs_export *
+lookup_export(char *dom, char *path, struct addrinfo *ai)
+{
+	nfs_export *exp;
+	nfs_export *found = NULL;
+	int found_type = 0;
+	int i;
+
+	for (i=0 ; i < MCL_MAXTYPES; i++) {
+		for (exp = exportlist[i].p_head; exp; exp = exp->m_next) {
+			if (!export_matches(exp, dom, path, ai))
+				continue;
+			if (!found) {
+				found = exp;
+				found_type = i;
+				continue;
+			}
+
+			/* Always prefer non-V4ROOT mounts */
+			if (found->m_export.e_flags & NFSEXP_V4ROOT)
+				continue;
+
+			/* If one is a CROSSMOUNT, then prefer the longest path */
+			if (((found->m_export.e_flags & NFSEXP_CROSSMOUNT) ||
+			     (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)) &&
+			    strlen(found->m_export.e_path) !=
+			    strlen(exp->m_export.e_path)) {
+
+				if (strlen(exp->m_export.e_path) >
+				    strlen(found->m_export.e_path)) {
+					found = exp;
+					found_type = i;
+				}
+				continue;
+
+			} else if (found_type == i && found->m_warned == 0) {
+				xlog(L_WARNING, "%s exported to both %s and %s, "
+				     "arbitrarily choosing options from first",
+				     path, found->m_client->m_hostname, exp->m_client->m_hostname,
+				     dom);
+				found->m_warned = 1;
+			}
+		}
+	}
+	return found;
+}
+
 void nfsd_export(FILE *f)
 {
 	/* requests are:
@@ -245,14 +751,15 @@ void nfsd_export(FILE *f)
 	 */
 
 	char *cp;
-	int i;
 	char *dom, *path;
-	nfs_export *exp, *found = NULL;
-
+	nfs_export *found = NULL;
+	struct addrinfo *ai = NULL;
 
 	if (readline(fileno(f), &lbuf, &lbuflen) != 1)
 		return;
 
+	xlog(D_CALL, "nfsd_export: inbuf '%s'", lbuf);
+
 	cp = lbuf;
 	dom = malloc(strlen(cp));
 	path = malloc(strlen(cp));
@@ -267,37 +774,33 @@ void nfsd_export(FILE *f)
 
 	auth_reload();
 
-	/* now find flags for this export point in this domain */
-	for (i=0 ; i < MCL_MAXTYPES; i++) {
-		for (exp = exportlist[i]; exp; exp = exp->m_next) {
-			if (!client_member(dom, exp->m_client->m_hostname))
-				continue;
-			if (strcmp(path, exp->m_export.e_path))
-				continue;
-			if (!found)
-				found = exp;
-			else {
-				xlog(L_WARNING, "%s exported to both %s and %s in %s",
-				     path, exp->m_client->m_hostname, found->m_client->m_hostname,
-				     dom);
-			}
-		}
+	if (use_ipaddr) {
+		struct addrinfo *tmp;
+		tmp = host_pton(dom);
+		if (tmp == NULL)
+			goto out;
+		ai = client_resolve(tmp->ai_addr);
+		freeaddrinfo(tmp);
+			goto out;
 	}
 
-	qword_print(f, dom);
-	qword_print(f, path);
-	qword_printint(f, time(0)+30*60);
+	found = lookup_export(dom, path, ai);
+
 	if (found) {
-		qword_printint(f, found->m_export.e_flags);
-		qword_printint(f, found->m_export.e_anonuid);
-		qword_printint(f, found->m_export.e_anongid);
-		qword_printint(f, found->m_export.e_fsid);
-		mountlist_add(dom, path);
+		if (dump_to_cache(f, dom, path, &found->m_export) < 0) {
+			xlog(L_WARNING,
+			     "Cannot export %s, possibly unsupported filesystem"
+			     " or fsid= required", path);
+			dump_to_cache(f, dom, path, NULL);
+		}
+	} else {
+		dump_to_cache(f, dom, path, NULL);
 	}
-	qword_eol(f);
  out:
+	xlog(D_CALL, "nfsd_export: found %p path %s", found, path ? path : NULL);
 	if (dom) free(dom);
 	if (path) free(path);
+	freeaddrinfo(ai);
 }
 
 
@@ -307,16 +810,20 @@ struct {
 	FILE *f;
 } cachelist[] = {
 	{ "auth.unix.ip", auth_unix_ip},
+	{ "auth.unix.gid", auth_unix_gid},
 	{ "nfsd.export", nfsd_export},
 	{ "nfsd.fh", nfsd_fh},
 	{ NULL, NULL }
 };
 
+extern int manage_gids;
 void cache_open(void) 
 {
 	int i;
-	for (i=0; cachelist[i].cache_name; i++ ){
+	for (i=0; cachelist[i].cache_name; i++ ) {
 		char path[100];
+		if (!manage_gids && cachelist[i].cache_handle == auth_unix_gid)
+			continue;
 		sprintf(path, "/proc/net/rpc/%s/channel", cachelist[i].cache_name);
 		cachelist[i].f = fopen(path, "r+");
 	}
@@ -353,47 +860,87 @@ int cache_process_req(fd_set *readfds)
  * % echo $domain $path $[now+30*60] $options $anonuid $anongid $fsid > /proc/net/rpc/nfsd.export/channel
  */
 
-void cache_export_ent(char *domain, struct exportent *exp)
+int cache_export_ent(char *domain, struct exportent *exp, char *path)
 {
-
+	int err;
 	FILE *f = fopen("/proc/net/rpc/nfsd.export/channel", "w");
 	if (!f)
-		return;
+		return -1;
 
-	qword_print(f, domain);
-	qword_print(f, exp->e_path);
-	qword_printint(f, time(0)+30*60);
-	qword_printint(f, exp->e_flags);
-	qword_printint(f, exp->e_anonuid);
-	qword_printint(f, exp->e_anongid);
-	qword_printint(f, exp->e_fsid);
-	qword_eol(f);
+	err = dump_to_cache(f, domain, exp->e_path, exp);
+	if (err) {
+		xlog(L_WARNING,
+		     "Cannot export %s, possibly unsupported filesystem or"
+		     " fsid= required", exp->e_path);
+	}
 
-	fclose(f);
+	while (err == 0 && (exp->e_flags & NFSEXP_CROSSMOUNT) && path) {
+		/* really an 'if', but we can break out of
+		 * a 'while' more easily */
+		/* Look along 'path' for other filesystems
+		 * and export them with the same options
+		 */
+		struct stat stb;
+		int l = strlen(exp->e_path);
+		int dev;
+
+		if (strlen(path) <= l || path[l] != '/' ||
+		    strncmp(exp->e_path, path, l) != 0)
+			break;
+		if (stat(exp->e_path, &stb) != 0)
+			break;
+		dev = stb.st_dev;
+		while(path[l] == '/') {
+			char c;
+			/* errors for submount should fail whole filesystem */
+			int err2;
+
+			l++;
+			while (path[l] != '/' && path[l])
+				l++;
+			c = path[l];
+			path[l] = 0;
+			err2 = lstat(path, &stb);
+			path[l] = c;
+			if (err2 < 0)
+				break;
+			if (stb.st_dev == dev)
+				continue;
+			dev = stb.st_dev;
+			path[l] = 0;
+			dump_to_cache(f, domain, path, exp);
+			path[l] = c;
+		}
+		break;
+	}
 
-	mountlist_add(domain, exp->e_path);
+	fclose(f);
+	return err;
 }
 
-void cache_export(nfs_export *exp)
+int cache_export(nfs_export *exp, char *path)
 {
+	char buf[INET_ADDRSTRLEN];
+	int err;
 	FILE *f;
 
 	f = fopen("/proc/net/rpc/auth.unix.ip/channel", "w");
 	if (!f)
-		return;
+		return -1;
+
 
 	qword_print(f, "nfsd");
-	qword_print(f, inet_ntoa(exp->m_client->m_addrlist[0]));
+	qword_print(f, 
+		host_ntop(get_addrlist(exp->m_client, 0), buf, sizeof(buf)));
 	qword_printint(f, time(0)+30*60);
 	qword_print(f, exp->m_client->m_hostname);
-	qword_eol(f);
+	err = qword_eol(f);
 	
 	fclose(f);
 
-	if (strcmp(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname))
-		mountlist_add(inet_ntoa(exp->m_client->m_addrlist[0]), exp->m_client->m_hostname);
-
-	cache_export_ent(exp->m_client->m_hostname, &exp->m_export);
+	err = cache_export_ent(exp->m_client->m_hostname, &exp->m_export, path)
+		|| err;
+	return err;
 }
 
 /* Get a filehandle.
@@ -419,14 +966,15 @@ cache_get_filehandle(nfs_export *exp, int len, char *p)
 	qword_print(f, exp->m_client->m_hostname);
 	qword_print(f, p);
 	qword_printint(f, len);	
-	qword_eol(f);
+	failed = qword_eol(f);
 	
-	failed = (fgets(buf, sizeof(buf), f) == NULL);
+	if (!failed)
+		failed = (fgets(buf, sizeof(buf), f) == NULL);
 	fclose(f);
 	if (failed)
 		return NULL;
 	memset(fh.fh_handle, 0, sizeof(fh.fh_handle));
-	fh.fh_size = qword_get(&bp, fh.fh_handle, NFS3_FHSIZE);
+	fh.fh_size = qword_get(&bp, (char *)fh.fh_handle, NFS3_FHSIZE);
 	return &fh;
 }