From 5591654c71e7e2e5959c8718a7e880516b9081e8 Mon Sep 17 00:00:00 2001 From: hjl Date: Sat, 26 Aug 2000 04:09:40 +0000 Subject: [PATCH] 2000-08-25 Ion Badulescu * utils/rquotad/rquotad.man, utils/statd/statd.man, utils/mountd/mountd.man: updated * utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL) * utils/rquotad/Makefile: fix comment * support/misc/tcpwrapper.c (logit): added comment about waiting for the children after fork() * utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving zombies behind (from logit()'s fork) * utils/rquotad/rquota_svc.c (main): ditto * utils/statd/statd.c (main): ditto * utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG to check_default instead of 0, for prognum * utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG to check_default instead of 0, for prognum * utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if HAVE_TCP_WRAPPER is defined. (mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is defined. Reject an RPC call if check_default () fails. --- ChangeLog | 27 ++++++++++++ support/misc/tcpwrapper.c | 2 + utils/mountd/Makefile | 2 +- utils/mountd/mount_dispatch.c | 13 ++++++ utils/mountd/mountd.c | 2 + utils/mountd/mountd.man | 81 ++++++++++++++++++++++++++++------- utils/rquotad/Makefile | 2 +- utils/rquotad/rquota_svc.c | 15 ++++++- utils/rquotad/rquotad.man | 56 ++++++++++++++++++------ utils/statd/statd.c | 4 +- utils/statd/statd.man | 28 +++++++++++- 11 files changed, 199 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1fe0a6b..6561cf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,30 @@ +2000-08-25 Ion Badulescu + + * utils/rquotad/rquotad.man, utils/statd/statd.man, + utils/mountd/mountd.man: updated + + * utils/mountd/Makefile (LIBS): added -lmisc $(LIBWRAP) $(LIBNSL) + * utils/rquotad/Makefile: fix comment + + * support/misc/tcpwrapper.c (logit): added comment about waiting + for the children after fork() + + * utils/mountd/mountd.c (main): ignore SIGCHLD to prevent leaving + zombies behind (from logit()'s fork) + * utils/rquotad/rquota_svc.c (main): ditto + * utils/statd/statd.c (main): ditto + + * utils/rquotad/rquota_svc.c (rquotaprog_1): pass RQUOTAPROG + to check_default instead of 0, for prognum + + * utils/statd/statd.c (sm_prog_1_wrapper): pass SM_PROG + to check_default instead of 0, for prognum + + * utils/mountd/mount_dispatch.c: Include "tcpwrapper.h" if + HAVE_TCP_WRAPPER is defined. + (mount_dispatch): Call check_default () if HAVE_TCP_WRAPPER is + defined. Reject an RPC call if check_default () fails. + 2000-08-25 H.J. Lu * support/include/tcpwrapper.h: New for the tcp wrapper diff --git a/support/misc/tcpwrapper.c b/support/misc/tcpwrapper.c index 498a829..ba76864 100644 --- a/support/misc/tcpwrapper.c +++ b/support/misc/tcpwrapper.c @@ -229,6 +229,8 @@ char *text; /* * Fork off a process or the portmap daemon might hang while * getrpcbynumber() or syslog() does its thing. + * + * Don't forget to wait for the children, too... */ if (fork() == 0) { diff --git a/utils/mountd/Makefile b/utils/mountd/Makefile index 93529a0..49b9900 100644 --- a/utils/mountd/Makefile +++ b/utils/mountd/Makefile @@ -6,7 +6,7 @@ PROGRAM = mountd PREFIX = rpc. OBJS = mountd.o mount_dispatch.o auth.o rmtab.o LIBDEPS = $(TOP)support/lib/libexport.a $(TOP)/support/lib/libnfs.a -LIBS = -lexport -lnfs +LIBS = -lexport -lnfs -lmisc $(LIBBSD) $(LIBWRAP) $(LIBNSL) MAN8 = mountd include $(TOP)rules.mk diff --git a/utils/mountd/mount_dispatch.c b/utils/mountd/mount_dispatch.c index cee1981..e87831a 100644 --- a/utils/mountd/mount_dispatch.c +++ b/utils/mountd/mount_dispatch.c @@ -6,6 +6,10 @@ #include "config.h" +#ifdef HAVE_TCP_WRAPPER +#include "tcpwrapper.h" +#endif + #include "mountd.h" #include "rpcmisc.h" @@ -65,6 +69,15 @@ mount_dispatch(struct svc_req *rqstp, SVCXPRT *transp) union mountd_arguments argument; union mountd_results result; +#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ + if (!check_default("mountd", svc_getcaller(transp), + rqstp->rq_proc, MOUNTPROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +#endif + rpc_dispatch(rqstp, transp, dtable, number_of(dtable), &argument, &result); } diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 1eeefdc..d79bf15 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -445,6 +445,8 @@ main(int argc, char **argv) sigaction(SIGHUP, &sa, NULL); sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + sigaction(SIGCHLD, &sa, NULL); if (nfs_version & 0x1) rpc_init("mountd", MOUNTPROG, MOUNTVERS, diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man index 593037b..9dff681 100644 --- a/utils/mountd/mountd.man +++ b/utils/mountd/mountd.man @@ -2,7 +2,7 @@ .\" mountd(8) .\" .\" Copyright (C) 1999 Olaf Kirch -.TH rpc.mountd 8 "31 May 1999" +.TH rpc.mountd 8 "25 Aug 2000" .SH NAME rpc.mountd \- NFS mount daemon .SH SYNOPSIS @@ -48,38 +48,87 @@ user level part of the NFS service. .P However, this file is mostly ornamental. One, the client can continue to use the file handle even after calling -.BR rpc.mountd 's +.B rpc.mountd 's UMOUNT procedure. And two, if a client reboots without notifying -.BR rpc.mountd , +.B rpc.mountd , a stale entry will remain in .BR rmtab . .SH OPTIONS .TP -.\" This file isn't touched by mountd at all--even though it -.\" accepts the option. -.\" .BR \-f " or " \-\-exports-file -.\" This option specifies the exports file, listing the clients that this -.\" server is prepared to serve and parameters to apply to each -.\" such mount (see -.\" .BR exports (5)). -.\" By default, export information is read from -.\" .IR /etc/exports . +.B \-d " or " \-\-debug +Turn on debugging. .TP -.BR \-N " or " \-\-no-nfs-version +.B \-F " or " \-\-foreground +Run in foreground (do not daemonize) +.TP +.B \-f " or " \-\-exports-file +This option specifies the exports file, listing the clients that this +server is prepared to serve and parameters to apply to each +such mount (see +.BR exports (5)). +By default, export information is read from +.IR /etc/exports . +.TP +.B \-h " or " \-\-help +Display usage message. +.TP +.B \-N " or " \-\-no-nfs-version This option can be used to request that .B rpc.mountd -does not offer certain versions of NFS. The current version of +do not offer certain versions of NFS. The current version of .B rpc.mountd can support both NFS version 2 and the newer version 3. If the NFS kernel module was compiled without support for NFSv3, .B rpc.mountd must be invoked with the option -.BR "\-\-no-nfs-version 3" . +.B "\-\-no-nfs-version 3" . +.TP +.B \-P +Ignored (compatibility with unfsd??). +.TP +.B \-p " or " \-\-port +Force +.B rpc.mountd +to bind to the specified port, instead of using the random port +number assigned by the portmapper. .TP -.BR \-v " or " \-\-version +.B \-V " or " \-\-nfs-version +This option can be used to request that +.B rpc.mountd +offer certain versions of NFS. The current version of +.B rpc.mountd +can support both NFS version 2 and the newer version 3. +.TP +.B \-v " or " \-\-version Print the version of .B rpc.mountd and exit. + +.SH TCP_WRAPPERS SUPPORT +This +.B rpc.mountd +version is protected by the +.B tcp_wrapper +library. You have to give the clients access to +.B rpc.mountd +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +mountd: .bar.com + +You have to use the daemon name +.B mountd +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH SEE ALSO .BR rpc.nfsd (8), .BR exportfs (8), diff --git a/utils/rquotad/Makefile b/utils/rquotad/Makefile index 82928b6..aaf5762 100644 --- a/utils/rquotad/Makefile +++ b/utils/rquotad/Makefile @@ -1,5 +1,5 @@ # -# Makefile for rpc.mountd +# Makefile for rpc.rquotad # PROGRAM = rquotad diff --git a/utils/rquotad/rquota_svc.c b/utils/rquotad/rquota_svc.c index 81b6928..f55c192 100644 --- a/utils/rquotad/rquota_svc.c +++ b/utils/rquotad/rquota_svc.c @@ -34,6 +34,7 @@ #include #include #include +#include #ifdef __STDC__ #define SIG_PF void(*)(int) @@ -66,7 +67,7 @@ static void rquotaprog_1(struct svc_req *rqstp, register SVCXPRT *transp) #ifdef HAVE_TCP_WRAPPER /* remote host authorization check */ if (!check_default("rquotad", svc_getcaller(transp), - rqstp->rq_proc, (u_long) 0)) { + rqstp->rq_proc, RQUOTAPROG)) { svcerr_auth (transp, AUTH_FAILED); return; } @@ -138,6 +139,15 @@ static void rquotaprog_2(struct svc_req *rqstp, register SVCXPRT *transp) xdrproc_t xdr_argument, xdr_result; char *(*local)(char *, struct svc_req *); +#ifdef HAVE_TCP_WRAPPER + /* remote host authorization check */ + if (!check_default("rquotad", svc_getcaller(transp), + rqstp->rq_proc, RQUOTAPROG)) { + svcerr_auth (transp, AUTH_FAILED); + return; + } +#endif + /* * Don't bother authentication for NULLPROC. */ @@ -203,6 +213,9 @@ int main(int argc, char **argv) openlog("rquota", LOG_PID, LOG_DAEMON); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + signal(SIGCHLD, SIG_IGN); + transp = svcudp_create(RPC_ANYSOCK); if (transp == NULL) { syslog(LOG_ERR, "cannot create udp service."); diff --git a/utils/rquotad/rquotad.man b/utils/rquotad/rquotad.man index da8fa8c..9b16df5 100644 --- a/utils/rquotad/rquotad.man +++ b/utils/rquotad/rquotad.man @@ -1,5 +1,5 @@ -.\"@(#)rquotad.8c" -.TH RQUOTAD 8C" +.\"@(#)rquotad.8" +.TH RQUOTAD 8 "25 Aug 2000" .SH NAME rquotad, rpc.rquotad \- remote quota server .SH SYNOPSIS @@ -13,7 +13,7 @@ rquotad, rpc.rquotad \- remote quota server .IX "quotas" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server" .IX "file system" "rquotad daemon" "" "\fLrquotad\fP \(em remote quota server" .IX "remote procedure call services" "rquotad" "" "\fLrquotad\fP \(em remote quota server" -.B rquotad +.BR rquotad is an .BR rpc (3N) server which returns quotas for a user of a local file system @@ -22,20 +22,52 @@ which is mounted by a remote machine over the The results are used by .BR quota (1) to display user quotas for remote file systems. + The -.B rquotad +.BR rquotad daemon is normally started at boottime from the .BR rc.net -script +script (on systems with BSD'ish scripts, e.g. Slackware), or from the +.BR nfs +script in +.BR /etc/rc.d/init.d/ +or +.BR /etc/init.d/ +(on systems with SysV'ish scripts, e.g. RedHat, SuSE, etc). + +.SH TCP_WRAPPERS SUPPORT +This +.BR rpc.rquotad +version is protected by the +.BR tcp_wrapper +library. You have to give the clients access to +.BR rpc.rquotad +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +mountd: .bar.com + +You have to use the daemon name +.BR rquotad +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH FILES -.PD 0 -.TP 20 -.B quotas -quota file at the file system root +.BR quota.user , +.BR quota.group +-- quota files locate in the file system's root .PD .SH "SEE ALSO" -.BR quota (1), +.BR quota (8), .BR rpc (3N), -.BR nfs (4P), +.BR nfs (5), .BR services (5) -.BR inetd (8C), +.BR inetd (8), diff --git a/utils/statd/statd.c b/utils/statd/statd.c index d07a260..0c3b5e9 100644 --- a/utils/statd/statd.c +++ b/utils/statd/statd.c @@ -36,7 +36,7 @@ sm_prog_1_wrapper (struct svc_req *rqstp, register SVCXPRT *transp) { /* remote host authorization check */ if (!check_default("statd", svc_getcaller(transp), - rqstp->rq_proc, (u_long) 0)) { + rqstp->rq_proc, SM_PROG)) { svcerr_auth (transp, AUTH_FAILED); return; } @@ -104,6 +104,8 @@ main (int argc, char **argv) signal (SIGHUP, killer); signal (SIGINT, killer); signal (SIGTERM, killer); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + signal(SIGCHLD, SIG_IGN); for (;;) { pmap_unset (SM_PROG, SM_VERS); diff --git a/utils/statd/statd.man b/utils/statd/statd.man index 373cf77..38db9c5 100644 --- a/utils/statd/statd.man +++ b/utils/statd/statd.man @@ -3,7 +3,7 @@ .\" .\" Copyright (C) 1999 Olaf Kirch .\" Modified by Jeffrey A. Uphoff, 1999. -.TH rpc.statd 8 "11 June 1999" +.TH rpc.statd 8 "20 Aug 2000" .SH NAME rpc.statd \- NSM status monitor .SH SYNOPSIS @@ -36,6 +36,32 @@ forks and puts itself in the background when started. The .B -F argument tells it to remain in the foreground. This option is mainly for debugging purposes. + +.SH TCP_WRAPPERS SUPPORT +This +.B rpc.statd +version is protected by the +.B tcp_wrapper +library. You have to give the clients access to +.B rpc.statd +if they should be allowed to use it. To allow connects from clients of +the .bar.com domain you could use the following line in /etc/hosts.allow: + +statd: .bar.com + +You have to use the daemon name +.B statd +for the daemon name (even if the binary has a different name). For the +client names you can only use the keyword ALL or IP addresses (NOT +host or domain names). + +For further information please have a look at the +.BR tcpd (8), +.BR hosts_allow (5) +and +.BR hosts_access (5) +manual pages. + .SH FILES .BR /var/lib/nfs/sm/state .br -- 2.39.2