search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
6332 mountd: Compile warnings cleanup
[illumos-gate.git] / usr / src / cmd / fs.d / nfs / mountd / mountd.c
blob50180d38151874eb190622338ae0c0e1cd2a70e5
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
25 */
26
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29
30 /*
31 * Portions of this source code were derived from Berkeley 4.3 BSD
32 * under license from the Regents of the University of California.
33 */
34
35 #include <stdio.h>
36 #include <stdio_ext.h>
37 #include <stdlib.h>
38 #include <ctype.h>
39 #include <sys/types.h>
40 #include <string.h>
41 #include <syslog.h>
42 #include <sys/param.h>
43 #include <rpc/rpc.h>
44 #include <sys/stat.h>
45 #include <netconfig.h>
46 #include <netdir.h>
47 #include <sys/file.h>
48 #include <sys/time.h>
49 #include <sys/errno.h>
50 #include <rpcsvc/mount.h>
51 #include <sys/pathconf.h>
52 #include <sys/systeminfo.h>
53 #include <sys/utsname.h>
54 #include <sys/wait.h>
55 #include <sys/resource.h>
56 #include <signal.h>
57 #include <locale.h>
58 #include <unistd.h>
59 #include <errno.h>
60 #include <sys/socket.h>
61 #include <netinet/in.h>
62 #include <arpa/inet.h>
63 #include <netdb.h>
64 #include <thread.h>
65 #include <assert.h>
66 #include <priv_utils.h>
67 #include <nfs/auth.h>
68 #include <nfs/nfssys.h>
69 #include <nfs/nfs.h>
70 #include <nfs/nfs_sec.h>
71 #include <rpcsvc/daemon_utils.h>
72 #include <deflt.h>
73 #include "../../fslib.h"
74 #include <sharefs/share.h>
75 #include <sharefs/sharetab.h>
76 #include "../lib/sharetab.h"
77 #include "mountd.h"
78 #include <tsol/label.h>
79 #include <sys/tsol/label_macro.h>
80 #include <libtsnet.h>
81 #include <sys/sdt.h>
82 #include <libscf.h>
83 #include <limits.h>
84 #include <sys/nvpair.h>
85 #include <attr.h>
86 #include "smfcfg.h"
87 #include <pwd.h>
88 #include <grp.h>
89 #include <alloca.h>
90
91 extern int daemonize_init(void);
92 extern void daemonize_fini(int);
93
94 extern int _nfssys(int, void *);
95
96 struct sh_list *share_list;
97
98 rwlock_t sharetab_lock; /* lock to protect the cached sharetab */
99 static mutex_t mnttab_lock; /* prevent concurrent mnttab readers */
100
101 static mutex_t logging_queue_lock;
102 static cond_t logging_queue_cv;
103
104 static share_t *find_lofsentry(char *, int *);
105 static int getclientsnames_lazy(char *, struct netbuf **,
106 struct nd_hostservlist **);
107 static int getclientsnames(SVCXPRT *, struct netbuf **,
108 struct nd_hostservlist **);
109 static int getclientsflavors_old(share_t *, SVCXPRT *, struct netbuf **,
110 struct nd_hostservlist **, int *);
111 static int getclientsflavors_new(share_t *, SVCXPRT *, struct netbuf **,
112 struct nd_hostservlist **, int *);
113 static int check_client_old(share_t *, SVCXPRT *, struct netbuf **,
114 struct nd_hostservlist **, int, uid_t, gid_t, uint_t, gid_t *, uid_t *,
115 gid_t *, uint_t *, gid_t **);
116 static int check_client_new(share_t *, SVCXPRT *, struct netbuf **,
117 struct nd_hostservlist **, int, uid_t, gid_t, uint_t, gid_t *, uid_t *,
118 gid_t *i, uint_t *, gid_t **);
119 static void mnt(struct svc_req *, SVCXPRT *);
120 static void mnt_pathconf(struct svc_req *);
121 static int mount(struct svc_req *r);
122 static void sh_free(struct sh_list *);
123 static void umount(struct svc_req *);
124 static void umountall(struct svc_req *);
125 static int newopts(char *);
126 static tsol_tpent_t *get_client_template(struct sockaddr *);
127
128 static int verbose;
129 static int rejecting;
130 static int mount_vers_min = MOUNTVERS;
131 static int mount_vers_max = MOUNTVERS3;
132
133 extern void nfscmd_func(void *, char *, size_t, door_desc_t *, uint_t);
134
135 thread_t nfsauth_thread;
136 thread_t cmd_thread;
137 thread_t logging_thread;
138
139 typedef struct logging_data {
140 char *ld_host;
141 char *ld_path;
142 char *ld_rpath;
143 int ld_status;
144 char *ld_netid;
145 struct netbuf *ld_nb;
146 struct logging_data *ld_next;
147 } logging_data;
148
149 static logging_data *logging_head = NULL;
150 static logging_data *logging_tail = NULL;
151
152 /*
153 * Our copy of some system variables obtained using sysconf(3c)
154 */
155 static long ngroups_max; /* _SC_NGROUPS_MAX */
156 static long pw_size; /* _SC_GETPW_R_SIZE_MAX */
157
158 /* ARGSUSED */
159 static void *
160 nfsauth_svc(void *arg)
161 {
162 int doorfd = -1;
163 uint_t darg;
164 #ifdef DEBUG
165 int dfd;
166 #endif
167
168 if ((doorfd = door_create(nfsauth_func, NULL,
169 DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
170 syslog(LOG_ERR, "Unable to create door: %m\n");
171 exit(10);
172 }
173
174 #ifdef DEBUG
175 /*
176 * Create a file system path for the door
177 */
178 if ((dfd = open(MOUNTD_DOOR, O_RDWR|O_CREAT|O_TRUNC,
179 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
180 syslog(LOG_ERR, "Unable to open %s: %m\n", MOUNTD_DOOR);
181 (void) close(doorfd);
182 exit(11);
183 }
184
185 /*
186 * Clean up any stale namespace associations
187 */
188 (void) fdetach(MOUNTD_DOOR);
189
190 /*
191 * Register in namespace to pass to the kernel to door_ki_open
192 */
193 if (fattach(doorfd, MOUNTD_DOOR) == -1) {
194 syslog(LOG_ERR, "Unable to fattach door: %m\n");
195 (void) close(dfd);
196 (void) close(doorfd);
197 exit(12);
198 }
199 (void) close(dfd);
200 #endif
201
202 /*
203 * Must pass the doorfd down to the kernel.
204 */
205 darg = doorfd;
206 (void) _nfssys(MOUNTD_ARGS, &darg);
207
208 /*
209 * Wait for incoming calls
210 */
211 /*CONSTCOND*/
212 for (;;)
213 (void) pause();
214
215 /*NOTREACHED*/
216 syslog(LOG_ERR, gettext("Door server exited"));
217 return (NULL);
218 }
219
220 /*
221 * NFS command service thread code for setup and handling of the
222 * nfs_cmd requests for character set conversion and other future
223 * events.
224 */
225
226 static void *
227 cmd_svc(void *arg)
228 {
229 int doorfd = -1;
230 uint_t darg;
231
232 if ((doorfd = door_create(nfscmd_func, NULL,
233 DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
234 syslog(LOG_ERR, "Unable to create cmd door: %m\n");
235 exit(10);
236 }
237
238 /*
239 * Must pass the doorfd down to the kernel.
240 */
241 darg = doorfd;
242 (void) _nfssys(NFSCMD_ARGS, &darg);
243
244 /*
245 * Wait for incoming calls
246 */
247 /*CONSTCOND*/
248 for (;;)
249 (void) pause();
250
251 /*NOTREACHED*/
252 syslog(LOG_ERR, gettext("Cmd door server exited"));
253 return (NULL);
254 }
255
256 static void
257 free_logging_data(logging_data *lq)
258 {
259 if (lq != NULL) {
260 free(lq->ld_host);
261 free(lq->ld_netid);
262
263 if (lq->ld_nb != NULL) {
264 free(lq->ld_nb->buf);
265 free(lq->ld_nb);
266 }
267
268 free(lq->ld_path);
269 free(lq->ld_rpath);
270
271 free(lq);
272 }
273 }
274
275 static logging_data *
276 remove_head_of_queue(void)
277 {
278 logging_data *lq;
279
280 /*
281 * Pull it off the queue.
282 */
283 lq = logging_head;
284 if (lq) {
285 logging_head = lq->ld_next;
286
287 /*
288 * Drained it.
289 */
290 if (logging_head == NULL) {
291 logging_tail = NULL;
292 }
293 }
294
295 return (lq);
296 }
297
298 static void
299 do_logging_queue(logging_data *lq)
300 {
301 int cleared = 0;
302 char *host;
303
304 struct nd_hostservlist *clnames;
305
306 while (lq) {
307 if (lq->ld_host == NULL) {
308 DTRACE_PROBE(mountd, name_by_lazy);
309 if (getclientsnames_lazy(lq->ld_netid,
310 &lq->ld_nb, &clnames) != 0)
311 host = NULL;
312 else
313 host = clnames->h_hostservs[0].h_host;
314 } else
315 host = lq->ld_host;
316
317 audit_mountd_mount(host, lq->ld_path, lq->ld_status); /* BSM */
318
319 /* add entry to mount list */
320 if (lq->ld_rpath)
321 mntlist_new(host, lq->ld_rpath);
322
323 if (lq->ld_host != host)
324 netdir_free(clnames, ND_HOSTSERVLIST);
325
326 free_logging_data(lq);
327 cleared++;
328
329 (void) mutex_lock(&logging_queue_lock);
330 lq = remove_head_of_queue();
331 (void) mutex_unlock(&logging_queue_lock);
332 }
333
334 DTRACE_PROBE1(mountd, logging_cleared, cleared);
335 }
336
337 static void *
338 logging_svc(void *arg)
339 {
340 logging_data *lq;
341
342 for (;;) {
343 (void) mutex_lock(&logging_queue_lock);
344 while (logging_head == NULL) {
345 (void) cond_wait(&logging_queue_cv,
346 &logging_queue_lock);
347 }
348
349 lq = remove_head_of_queue();
350 (void) mutex_unlock(&logging_queue_lock);
351
352 do_logging_queue(lq);
353 }
354
355 /*NOTREACHED*/
356 syslog(LOG_ERR, gettext("Logging server exited"));
357 return (NULL);
358 }
359
360 static int
361 convert_int(int *val, char *str)
362 {
363 long lval;
364
365 if (str == NULL || !isdigit(*str))
366 return (-1);
367
368 lval = strtol(str, &str, 10);
369 if (*str != '\0' || lval > INT_MAX)
370 return (-2);
371
372 *val = (int)lval;
373 return (0);
374 }
375
376 int
377 main(int argc, char *argv[])
378 {
379 int pid;
380 int c;
381 int rpc_svc_fdunlim = 1;
382 int rpc_svc_mode = RPC_SVC_MT_AUTO;
383 int maxrecsz = RPC_MAXDATASIZE;
384 bool_t exclbind = TRUE;
385 bool_t can_do_mlp;
386 long thr_flags = (THR_NEW_LWP|THR_DAEMON);
387 char defval[4];
388 int defvers, ret, bufsz;
389 struct rlimit rl;
390 int listen_backlog = 0;
391 int max_threads = 0;
392 int tmp;
393
394 int pipe_fd = -1;
395
396 /*
397 * Mountd requires uid 0 for:
398 * /etc/rmtab updates (we could chown it to daemon)
399 * /etc/dfs/dfstab reading (it wants to lock out share which
400 * doesn't do any locking before first truncate;
401 * NFS share does; should use fcntl locking instead)
402 * Needed privileges:
403 * auditing
404 * nfs syscall
405 * file dac search (so it can stat all files)
406 * Optional privileges:
407 * MLP
408 */
409 can_do_mlp = priv_ineffect(PRIV_NET_BINDMLP);
410 if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET, -1, -1,
411 PRIV_SYS_NFS, PRIV_PROC_AUDIT, PRIV_FILE_DAC_SEARCH,
412 can_do_mlp ? PRIV_NET_BINDMLP : NULL, NULL) == -1) {
413 (void) fprintf(stderr,
414 "%s: must be run with sufficient privileges\n",
415 argv[0]);
416 exit(1);
417 }
418
419 if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
420 syslog(LOG_ERR, "getrlimit failed");
421 } else {
422 rl.rlim_cur = rl.rlim_max;
423 if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
424 syslog(LOG_ERR, "setrlimit failed");
425 }
426
427 (void) enable_extended_FILE_stdio(-1, -1);
428
429 ret = nfs_smf_get_iprop("mountd_max_threads", &max_threads,
430 DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD);
431 if (ret != SA_OK) {
432 syslog(LOG_ERR, "Reading of mountd_max_threads from SMF "
433 "failed, using default value");
434 }
435
436 while ((c = getopt(argc, argv, "vrm:")) != EOF) {
437 switch (c) {
438 case 'v':
439 verbose++;
440 break;
441 case 'r':
442 rejecting = 1;
443 break;
444 case 'm':
445 if (convert_int(&tmp, optarg) != 0 || tmp < 1) {
446 (void) fprintf(stderr, "%s: invalid "
447 "max_threads option, using defaults\n",
448 argv[0]);
449 break;
450 }
451 max_threads = tmp;
452 break;
453 default:
454 fprintf(stderr, "usage: mountd [-v] [-r]\n");
455 exit(1);
456 }
457 }
458
459 /*
460 * Read in the NFS version values from config file.
461 */
462 bufsz = 4;
463 ret = nfs_smf_get_prop("server_versmin", defval, DEFAULT_INSTANCE,
464 SCF_TYPE_INTEGER, NFSD, &bufsz);
465 if (ret == SA_OK) {
466 errno = 0;
467 defvers = strtol(defval, (char **)NULL, 10);
468 if (errno == 0) {
469 mount_vers_min = defvers;
470 /*
471 * special because NFSv2 is
472 * supported by mount v1 & v2
473 */
474 if (defvers == NFS_VERSION)
475 mount_vers_min = MOUNTVERS;
476 }
477 }
478
479 bufsz = 4;
480 ret = nfs_smf_get_prop("server_versmax", defval, DEFAULT_INSTANCE,
481 SCF_TYPE_INTEGER, NFSD, &bufsz);
482 if (ret == SA_OK) {
483 errno = 0;
484 defvers = strtol(defval, (char **)NULL, 10);
485 if (errno == 0) {
486 mount_vers_max = defvers;
487 }
488 }
489
490 ret = nfs_smf_get_iprop("mountd_listen_backlog", &listen_backlog,
491 DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD);
492 if (ret != SA_OK) {
493 syslog(LOG_ERR, "Reading of mountd_listen_backlog from SMF "
494 "failed, using default value");
495 }
496
497 /*
498 * Sanity check versions,
499 * even though we may get versions > MOUNTVERS3, we still need
500 * to start nfsauth service, so continue on regardless of values.
501 */
502 if (mount_vers_min > mount_vers_max) {
503 fprintf(stderr, "server_versmin > server_versmax\n");
504 mount_vers_max = mount_vers_min;
505 }
506 (void) setlocale(LC_ALL, "");
507 (void) rwlock_init(&sharetab_lock, USYNC_THREAD, NULL);
508 (void) mutex_init(&mnttab_lock, USYNC_THREAD, NULL);
509 (void) mutex_init(&logging_queue_lock, USYNC_THREAD, NULL);
510 (void) cond_init(&logging_queue_cv, USYNC_THREAD, NULL);
511
512 netgroup_init();
513
514 #if !defined(TEXT_DOMAIN)
515 #define TEXT_DOMAIN "SYS_TEST"
516 #endif
517 (void) textdomain(TEXT_DOMAIN);
518
519 /* Don't drop core if the NFS module isn't loaded. */
520 (void) signal(SIGSYS, SIG_IGN);
521
522 pipe_fd = daemonize_init();
523
524 /*
525 * If we coredump it'll be in /core
526 */
527 if (chdir("/") < 0)
528 fprintf(stderr, "chdir /: %s\n", strerror(errno));
529
530 openlog("mountd", LOG_PID, LOG_DAEMON);
531
532 /*
533 * establish our lock on the lock file and write our pid to it.
534 * exit if some other process holds the lock, or if there's any
535 * error in writing/locking the file.
536 */
537 pid = _enter_daemon_lock(MOUNTD);
538 switch (pid) {
539 case 0:
540 break;
541 case -1:
542 fprintf(stderr, "error locking for %s: %s\n", MOUNTD,
543 strerror(errno));
544 exit(2);
545 default:
546 /* daemon was already running */
547 exit(0);
548 }
549
550 audit_mountd_setup(); /* BSM */
551
552 /*
553 * Get required system variables
554 */
555 if ((ngroups_max = sysconf(_SC_NGROUPS_MAX)) == -1) {
556 syslog(LOG_ERR, "Unable to get _SC_NGROUPS_MAX");
557 exit(1);
558 }
559 if ((pw_size = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
560 syslog(LOG_ERR, "Unable to get _SC_GETPW_R_SIZE_MAX");
561 exit(1);
562 }
563
564 /*
565 * Set number of file descriptors to unlimited
566 */
567 if (!rpc_control(RPC_SVC_USE_POLLFD, &rpc_svc_fdunlim)) {
568 syslog(LOG_INFO, "unable to set number of FDs to unlimited");
569 }
570
571 /*
572 * Tell RPC that we want automatic thread mode.
573 * A new thread will be spawned for each request.
574 */
575 if (!rpc_control(RPC_SVC_MTMODE_SET, &rpc_svc_mode)) {
576 fprintf(stderr, "unable to set automatic MT mode\n");
577 exit(1);
578 }
579
580 /*
581 * Enable non-blocking mode and maximum record size checks for
582 * connection oriented transports.
583 */
584 if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrecsz)) {
585 fprintf(stderr, "unable to set RPC max record size\n");
586 }
587
588 /*
589 * Prevent our non-priv udp and tcp ports bound w/wildcard addr
590 * from being hijacked by a bind to a more specific addr.
591 */
592 if (!rpc_control(__RPC_SVC_EXCLBIND_SET, &exclbind)) {
593 fprintf(stderr, "warning: unable to set udp/tcp EXCLBIND\n");
594 }
595
596 /*
597 * Set the maximum number of outstanding connection
598 * indications (listen backlog) to the value specified.
599 */
600 if (listen_backlog > 0 && !rpc_control(__RPC_SVC_LSTNBKLOG_SET,
601 &listen_backlog)) {
602 fprintf(stderr, "unable to set listen backlog\n");
603 exit(1);
604 }
605
606 /*
607 * If max_threads was specified, then set the
608 * maximum number of threads to the value specified.
609 */
610 if (max_threads > 0 && !rpc_control(RPC_SVC_THRMAX_SET, &max_threads)) {
611 fprintf(stderr, "unable to set max_threads\n");
612 exit(1);
613 }
614
615 /*
616 * Make sure to unregister any previous versions in case the
617 * user is reconfiguring the server in interesting ways.
618 */
619 svc_unreg(MOUNTPROG, MOUNTVERS);
620 svc_unreg(MOUNTPROG, MOUNTVERS_POSIX);
621 svc_unreg(MOUNTPROG, MOUNTVERS3);
622
623 /*
624 * Create the nfsauth thread with same signal disposition
625 * as the main thread. We need to create a separate thread
626 * since mountd() will be both an RPC server (for remote
627 * traffic) _and_ a doors server (for kernel upcalls).
628 */
629 if (thr_create(NULL, 0, nfsauth_svc, 0, thr_flags, &nfsauth_thread)) {
630 fprintf(stderr,
631 gettext("Failed to create NFSAUTH svc thread\n"));
632 exit(2);
633 }
634
635 /*
636 * Create the cmd service thread with same signal disposition
637 * as the main thread. We need to create a separate thread
638 * since mountd() will be both an RPC server (for remote
639 * traffic) _and_ a doors server (for kernel upcalls).
640 */
641 if (thr_create(NULL, 0, cmd_svc, 0, thr_flags, &cmd_thread)) {
642 syslog(LOG_ERR, gettext("Failed to create CMD svc thread"));
643 exit(2);
644 }
645
646 /*
647 * Create an additional thread to service the rmtab and
648 * audit_mountd_mount logging for mount requests. Use the same
649 * signal disposition as the main thread. We create
650 * a separate thread to allow the mount request threads to
651 * clear as soon as possible.
652 */
653 if (thr_create(NULL, 0, logging_svc, 0, thr_flags, &logging_thread)) {
654 syslog(LOG_ERR, gettext("Failed to create LOGGING svc thread"));
655 exit(2);
656 }
657
658 /*
659 * Create datagram and connection oriented services
660 */
661 if (mount_vers_max >= MOUNTVERS) {
662 if (svc_create(mnt, MOUNTPROG, MOUNTVERS, "datagram_v") == 0) {
663 fprintf(stderr,
664 "couldn't register datagram_v MOUNTVERS\n");
665 exit(1);
666 }
667 if (svc_create(mnt, MOUNTPROG, MOUNTVERS, "circuit_v") == 0) {
668 fprintf(stderr,
669 "couldn't register circuit_v MOUNTVERS\n");
670 exit(1);
671 }
672 }
673
674 if (mount_vers_max >= MOUNTVERS_POSIX) {
675 if (svc_create(mnt, MOUNTPROG, MOUNTVERS_POSIX,
676 "datagram_v") == 0) {
677 fprintf(stderr,
678 "couldn't register datagram_v MOUNTVERS_POSIX\n");
679 exit(1);
680 }
681 if (svc_create(mnt, MOUNTPROG, MOUNTVERS_POSIX,
682 "circuit_v") == 0) {
683 fprintf(stderr,
684 "couldn't register circuit_v MOUNTVERS_POSIX\n");
685 exit(1);
686 }
687 }
688
689 if (mount_vers_max >= MOUNTVERS3) {
690 if (svc_create(mnt, MOUNTPROG, MOUNTVERS3, "datagram_v") == 0) {
691 fprintf(stderr,
692 "couldn't register datagram_v MOUNTVERS3\n");
693 exit(1);
694 }
695 if (svc_create(mnt, MOUNTPROG, MOUNTVERS3, "circuit_v") == 0) {
696 fprintf(stderr,
697 "couldn't register circuit_v MOUNTVERS3\n");
698 exit(1);
699 }
700 }
701
702 /*
703 * Start serving
704 */
705 rmtab_load();
706
707 daemonize_fini(pipe_fd);
708
709 /* Get rid of the most dangerous basic privileges. */
710 __fini_daemon_priv(PRIV_PROC_EXEC, PRIV_PROC_INFO, PRIV_PROC_SESSION,
711 (char *)NULL);
712
713 svc_run();
714 syslog(LOG_ERR, "Error: svc_run shouldn't have returned");
715 abort();
716
717 /* NOTREACHED */
718 return (0);
719 }
720
721 /*
722 * Server procedure switch routine
723 */
724 void
725 mnt(struct svc_req *rqstp, SVCXPRT *transp)
726 {
727 switch (rqstp->rq_proc) {
728 case NULLPROC:
729 errno = 0;
730 if (!svc_sendreply(transp, xdr_void, (char *)0))
731 log_cant_reply(transp);
732 return;
733
734 case MOUNTPROC_MNT:
735 (void) mount(rqstp);
736 return;
737
738 case MOUNTPROC_DUMP:
739 mntlist_send(transp);
740 return;
741
742 case MOUNTPROC_UMNT:
743 umount(rqstp);
744 return;
745
746 case MOUNTPROC_UMNTALL:
747 umountall(rqstp);
748 return;
749
750 case MOUNTPROC_EXPORT:
751 case MOUNTPROC_EXPORTALL:
752 export(rqstp);
753 return;
754
755 case MOUNTPROC_PATHCONF:
756 if (rqstp->rq_vers == MOUNTVERS_POSIX)
757 mnt_pathconf(rqstp);
758 else
759 svcerr_noproc(transp);
760 return;
761
762 default:
763 svcerr_noproc(transp);
764 return;
765 }
766 }
767
768 /* Set up anonymous client */
769
770 struct nd_hostservlist *
771 anon_client(char *host)
772 {
773 struct nd_hostservlist *anon_hsl;
774 struct nd_hostserv *anon_hs;
775
776 anon_hsl = malloc(sizeof (*anon_hsl));
777 if (anon_hsl == NULL)
778 return (NULL);
779
780 anon_hs = malloc(sizeof (*anon_hs));
781 if (anon_hs == NULL) {
782 free(anon_hsl);
783 return (NULL);
784 }
785
786 if (host == NULL)
787 anon_hs->h_host = strdup("(anon)");
788 else
789 anon_hs->h_host = strdup(host);
790
791 if (anon_hs->h_host == NULL) {
792 free(anon_hs);
793 free(anon_hsl);
794 return (NULL);
795 }
796 anon_hs->h_serv = '\0';
797
798 anon_hsl->h_cnt = 1;
799 anon_hsl->h_hostservs = anon_hs;
800
801 return (anon_hsl);
802 }
803
804 static int
805 getclientsnames_common(struct netconfig *nconf, struct netbuf **nbuf,
806 struct nd_hostservlist **serv)
807 {
808 char host[MAXIPADDRLEN];
809
810 assert(*nbuf != NULL);
811
812 /*
813 * Use the this API instead of the netdir_getbyaddr()
814 * to avoid service lookup.
815 */
816 if (__netdir_getbyaddr_nosrv(nconf, serv, *nbuf) != 0) {
817 if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
818 struct sockaddr_in *sa;
819
820 /* LINTED pointer alignment */
821 sa = (struct sockaddr_in *)((*nbuf)->buf);
822 (void) inet_ntoa_r(sa->sin_addr, host);
823 } else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) {
824 struct sockaddr_in6 *sa;
825
826 /* LINTED pointer alignment */
827 sa = (struct sockaddr_in6 *)((*nbuf)->buf);
828 (void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr,
829 host, INET6_ADDRSTRLEN);
830 } else {
831 syslog(LOG_ERR, gettext(
832 "Client's address is neither IPv4 nor IPv6"));
833 return (EINVAL);
834 }
835
836 *serv = anon_client(host);
837 if (*serv == NULL)
838 return (ENOMEM);
839 }
840
841 assert(*serv != NULL);
842 return (0);
843 }
844
845 /*
846 * Get the client's hostname from the copy of the
847 * relevant transport handle parts.
848 * If the name is not available then return "(anon)".
849 */
850 static int
851 getclientsnames_lazy(char *netid, struct netbuf **nbuf,
852 struct nd_hostservlist **serv)
853 {
854 struct netconfig *nconf;
855 int rc;
856
857 nconf = getnetconfigent(netid);
858 if (nconf == NULL) {
859 syslog(LOG_ERR, "%s: getnetconfigent failed", netid);
860 *serv = anon_client(NULL);
861 if (*serv == NULL)
862 return (ENOMEM);
863 return (0);
864 }
865
866 rc = getclientsnames_common(nconf, nbuf, serv);
867 freenetconfigent(nconf);
868 return (rc);
869 }
870
871 /*
872 * Get the client's hostname from the transport handle.
873 * If the name is not available then return "(anon)".
874 */
875 int
876 getclientsnames(SVCXPRT *transp, struct netbuf **nbuf,
877 struct nd_hostservlist **serv)
878 {
879 struct netconfig *nconf;
880 int rc;
881
882 nconf = getnetconfigent(transp->xp_netid);
883 if (nconf == NULL) {
884 syslog(LOG_ERR, "%s: getnetconfigent failed",
885 transp->xp_netid);
886 *serv = anon_client(NULL);
887 if (*serv == NULL)
888 return (ENOMEM);
889 return (0);
890 }
891
892 *nbuf = svc_getrpccaller(transp);
893 if (*nbuf == NULL) {
894 freenetconfigent(nconf);
895 *serv = anon_client(NULL);
896 if (*serv == NULL)
897 return (ENOMEM);
898 return (0);
899 }
900
901 rc = getclientsnames_common(nconf, nbuf, serv);
902 freenetconfigent(nconf);
903 return (rc);
904 }
905
906 void
907 log_cant_reply(SVCXPRT *transp)
908 {
909 int saverrno;
910 struct nd_hostservlist *clnames = NULL;
911 char *host;
912 struct netbuf *nb;
913
914 saverrno = errno; /* save error code */
915 if (getclientsnames(transp, &nb, &clnames) != 0)
916 return;
917 host = clnames->h_hostservs->h_host;
918
919 errno = saverrno;
920 if (errno == 0)
921 syslog(LOG_ERR, "couldn't send reply to %s", host);
922 else
923 syslog(LOG_ERR, "couldn't send reply to %s: %m", host);
924
925 netdir_free(clnames, ND_HOSTSERVLIST);
926 }
927
928 /*
929 * Answer pathconf questions for the mount point fs
930 */
931 static void
932 mnt_pathconf(struct svc_req *rqstp)
933 {
934 SVCXPRT *transp;
935 struct pathcnf p;
936 char *path, rpath[MAXPATHLEN];
937 struct stat st;
938
939 transp = rqstp->rq_xprt;
940 path = NULL;
941 (void) memset((caddr_t)&p, 0, sizeof (p));
942
943 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
944 svcerr_decode(transp);
945 return;
946 }
947 if (lstat(path, &st) < 0) {
948 _PC_SET(_PC_ERROR, p.pc_mask);
949 goto done;
950 }
951 /*
952 * Get a path without symbolic links.
953 */
954 if (realpath(path, rpath) == NULL) {
955 syslog(LOG_DEBUG,
956 "mount request: realpath failed on %s: %m",
957 path);
958 _PC_SET(_PC_ERROR, p.pc_mask);
959 goto done;
960 }
961 (void) memset((caddr_t)&p, 0, sizeof (p));
962 /*
963 * can't ask about devices over NFS
964 */
965 _PC_SET(_PC_MAX_CANON, p.pc_mask);
966 _PC_SET(_PC_MAX_INPUT, p.pc_mask);
967 _PC_SET(_PC_PIPE_BUF, p.pc_mask);
968 _PC_SET(_PC_VDISABLE, p.pc_mask);
969
970 errno = 0;
971 p.pc_link_max = pathconf(rpath, _PC_LINK_MAX);
972 if (errno)
973 _PC_SET(_PC_LINK_MAX, p.pc_mask);
974 p.pc_name_max = pathconf(rpath, _PC_NAME_MAX);
975 if (errno)
976 _PC_SET(_PC_NAME_MAX, p.pc_mask);
977 p.pc_path_max = pathconf(rpath, _PC_PATH_MAX);
978 if (errno)
979 _PC_SET(_PC_PATH_MAX, p.pc_mask);
980 if (pathconf(rpath, _PC_NO_TRUNC) == 1)
981 _PC_SET(_PC_NO_TRUNC, p.pc_mask);
982 if (pathconf(rpath, _PC_CHOWN_RESTRICTED) == 1)
983 _PC_SET(_PC_CHOWN_RESTRICTED, p.pc_mask);
984
985 done:
986 errno = 0;
987 if (!svc_sendreply(transp, xdr_ppathcnf, (char *)&p))
988 log_cant_reply(transp);
989 if (path != NULL)
990 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
991 }
992
993 /*
994 * If the rootmount (export) option is specified, the all mount requests for
995 * subdirectories return EACCES.
996 */
997 static int
998 checkrootmount(share_t *sh, char *rpath)
999 {
1000 char *val;
1001
1002 if ((val = getshareopt(sh->sh_opts, SHOPT_NOSUB)) != NULL) {
1003 free(val);
1004 if (strcmp(sh->sh_path, rpath) != 0)
1005 return (0);
1006 else
1007 return (1);
1008 } else
1009 return (1);
1010 }
1011
1012 #define MAX_FLAVORS 128
1013
1014 /*
1015 * Return only EACCES if client does not have access
1016 * to this directory.
1017 * "If the server exports only /a/b, an attempt to
1018 * mount a/b/c will fail with ENOENT if the directory
1019 * does not exist"... However, if the client
1020 * does not have access to /a/b, an attacker can
1021 * determine whether the directory exists.
1022 * This routine checks either existence of the file or
1023 * existence of the file name entry in the mount table.
1024 * If the file exists and there is no file name entry,
1025 * the error returned should be EACCES.
1026 * If the file does not exist, it must be determined
1027 * whether the client has access to a parent
1028 * directory. If the client has access to a parent
1029 * directory, the error returned should be ENOENT,
1030 * otherwise EACCES.
1031 */
1032 static int
1033 mount_enoent_error(SVCXPRT *transp, char *path, char *rpath,
1034 struct nd_hostservlist **clnames, struct netbuf **nb, int *flavor_list)
1035 {
1036 char *checkpath, *dp;
1037 share_t *sh = NULL;
1038 int realpath_error = ENOENT, reply_error = EACCES, lofs_tried = 0;
1039 int flavor_count;
1040
1041 checkpath = strdup(path);
1042 if (checkpath == NULL) {
1043 syslog(LOG_ERR, "mount_enoent: no memory");
1044 return (EACCES);
1045 }
1046
1047 /* CONSTCOND */
1048 while (1) {
1049 if (sh) {
1050 sharefree(sh);
1051 sh = NULL;
1052 }
1053
1054 if ((sh = findentry(rpath)) == NULL &&
1055 (sh = find_lofsentry(rpath, &lofs_tried)) == NULL) {
1056 /*
1057 * There is no file name entry.
1058 * If the file (with symbolic links resolved) exists,
1059 * the error returned should be EACCES.
1060 */
1061 if (realpath_error == 0)
1062 break;
1063 } else if (checkrootmount(sh, rpath) == 0) {
1064 /*
1065 * This is a "nosub" only export, in which case,
1066 * mounting subdirectories isn't allowed.
1067 * If the file (with symbolic links resolved) exists,
1068 * the error returned should be EACCES.
1069 */
1070 if (realpath_error == 0)
1071 break;
1072 } else {
1073 /*
1074 * Check permissions in mount table.
1075 */
1076 if (newopts(sh->sh_opts))
1077 flavor_count = getclientsflavors_new(sh,
1078 transp, nb, clnames, flavor_list);
1079 else
1080 flavor_count = getclientsflavors_old(sh,
1081 transp, nb, clnames, flavor_list);
1082 if (flavor_count != 0) {
1083 /*
1084 * Found entry in table and
1085 * client has correct permissions.
1086 */
1087 reply_error = ENOENT;
1088 break;
1089 }
1090 }
1091
1092 /*
1093 * Check all parent directories.
1094 */
1095 dp = strrchr(checkpath, '/');
1096 if (dp == NULL)
1097 break;
1098 *dp = '\0';
1099 if (strlen(checkpath) == 0)
1100 break;
1101 /*
1102 * Get the real path (no symbolic links in it)
1103 */
1104 if (realpath(checkpath, rpath) == NULL) {
1105 if (errno != ENOENT)
1106 break;
1107 } else {
1108 realpath_error = 0;
1109 }
1110 }
1111
1112 if (sh)
1113 sharefree(sh);
1114 free(checkpath);
1115 return (reply_error);
1116 }
1117
1118 /*
1119 * We need to inform the caller whether or not we were
1120 * able to add a node to the queue. If we are not, then
1121 * it is up to the caller to go ahead and log the data.
1122 */
1123 static int
1124 enqueue_logging_data(char *host, SVCXPRT *transp, char *path,
1125 char *rpath, int status, int error)
1126 {
1127 logging_data *lq;
1128 struct netbuf *nb;
1129
1130 lq = (logging_data *)calloc(1, sizeof (logging_data));
1131 if (lq == NULL)
1132 goto cleanup;
1133
1134 /*
1135 * We might not yet have the host...
1136 */
1137 if (host) {
1138 DTRACE_PROBE1(mountd, log_host, host);
1139 lq->ld_host = strdup(host);
1140 if (lq->ld_host == NULL)
1141 goto cleanup;
1142 } else {
1143 DTRACE_PROBE(mountd, log_no_host);
1144
1145 lq->ld_netid = strdup(transp->xp_netid);
1146 if (lq->ld_netid == NULL)
1147 goto cleanup;
1148
1149 lq->ld_nb = calloc(1, sizeof (struct netbuf));
1150 if (lq->ld_nb == NULL)
1151 goto cleanup;
1152
1153 nb = svc_getrpccaller(transp);
1154 if (nb == NULL) {
1155 DTRACE_PROBE(mountd, e__nb__enqueue);
1156 goto cleanup;
1157 }
1158
1159 DTRACE_PROBE(mountd, nb_set_enqueue);
1160
1161 lq->ld_nb->maxlen = nb->maxlen;
1162 lq->ld_nb->len = nb->len;
1163
1164 lq->ld_nb->buf = malloc(lq->ld_nb->len);
1165 if (lq->ld_nb->buf == NULL)
1166 goto cleanup;
1167
1168 bcopy(nb->buf, lq->ld_nb->buf, lq->ld_nb->len);
1169 }
1170
1171 lq->ld_path = strdup(path);
1172 if (lq->ld_path == NULL)
1173 goto cleanup;
1174
1175 if (!error) {
1176 lq->ld_rpath = strdup(rpath);
1177 if (lq->ld_rpath == NULL)
1178 goto cleanup;
1179 }
1180
1181 lq->ld_status = status;
1182
1183 /*
1184 * Add to the tail of the logging queue.
1185 */
1186 (void) mutex_lock(&logging_queue_lock);
1187 if (logging_tail == NULL) {
1188 logging_tail = logging_head = lq;
1189 } else {
1190 logging_tail->ld_next = lq;
1191 logging_tail = lq;
1192 }
1193 (void) cond_signal(&logging_queue_cv);
1194 (void) mutex_unlock(&logging_queue_lock);
1195
1196 return (TRUE);
1197
1198 cleanup:
1199
1200 free_logging_data(lq);
1201
1202 return (FALSE);
1203 }
1204
1205 /*
1206 * Check mount requests, add to mounted list if ok
1207 */
1208 static int
1209 mount(struct svc_req *rqstp)
1210 {
1211 SVCXPRT *transp;
1212 int version, vers;
1213 struct fhstatus fhs;
1214 struct mountres3 mountres3;
1215 char fh[FHSIZE3];
1216 int len = FHSIZE3;
1217 char *path, rpath[MAXPATHLEN];
1218 share_t *sh = NULL;
1219 struct nd_hostservlist *clnames = NULL;
1220 char *host = NULL;
1221 int error = 0, lofs_tried = 0, enqueued;
1222 int flavor_list[MAX_FLAVORS];
1223 int flavor_count;
1224 struct netbuf *nb = NULL;
1225 ucred_t *uc = NULL;
1226
1227 int audit_status;
1228
1229 transp = rqstp->rq_xprt;
1230 version = rqstp->rq_vers;
1231 path = NULL;
1232
1233 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
1234 svcerr_decode(transp);
1235 return (EACCES);
1236 }
1237
1238 /*
1239 * Put off getting the name for the client until we
1240 * need it. This is a performance gain. If we are logging,
1241 * then we don't care about performance and might as well
1242 * get the host name now in case we need to spit out an
1243 * error message.
1244 */
1245 if (verbose) {
1246 DTRACE_PROBE(mountd, name_by_verbose);
1247 if (getclientsnames(transp, &nb, &clnames) != 0) {
1248 /*
1249 * We failed to get a name for the client, even
1250 * 'anon', probably because we ran out of memory.
1251 * In this situation it doesn't make sense to
1252 * allow the mount to succeed.
1253 */
1254 error = EACCES;
1255 goto reply;
1256 }
1257 host = clnames->h_hostservs[0].h_host;
1258 }
1259
1260 /*
1261 * If the version being used is less than the minimum version,
1262 * the filehandle translation should not be provided to the
1263 * client.
1264 */
1265 if (rejecting || version < mount_vers_min) {
1266 if (verbose)
1267 syslog(LOG_NOTICE, "Rejected mount: %s for %s",
1268 host, path);
1269 error = EACCES;
1270 goto reply;
1271 }
1272
1273 /*
1274 * Trusted Extension doesn't support nfsv2. nfsv2 client
1275 * uses MOUNT protocol v1 and v2. To prevent circumventing
1276 * TX label policy via using nfsv2 client, reject a mount
1277 * request with version less than 3 and log an error.
1278 */
1279 if (is_system_labeled()) {
1280 if (version < 3) {
1281 if (verbose)
1282 syslog(LOG_ERR,
1283 "Rejected mount: TX doesn't support NFSv2");
1284 error = EACCES;
1285 goto reply;
1286 }
1287 }
1288
1289 /*
1290 * Get the real path (no symbolic links in it)
1291 */
1292 if (realpath(path, rpath) == NULL) {
1293 error = errno;
1294 if (verbose)
1295 syslog(LOG_ERR,
1296 "mount request: realpath: %s: %m", path);
1297 if (error == ENOENT)
1298 error = mount_enoent_error(transp, path, rpath,
1299 &clnames, &nb, flavor_list);
1300 goto reply;
1301 }
1302
1303 if ((sh = findentry(rpath)) == NULL &&
1304 (sh = find_lofsentry(rpath, &lofs_tried)) == NULL) {
1305 error = EACCES;
1306 goto reply;
1307 }
1308
1309 /*
1310 * Check if this is a "nosub" only export, in which case, mounting
1311 * subdirectories isn't allowed. Bug 1184573.
1312 */
1313 if (checkrootmount(sh, rpath) == 0) {
1314 error = EACCES;
1315 goto reply;
1316 }
1317
1318 if (newopts(sh->sh_opts))
1319 flavor_count = getclientsflavors_new(sh, transp, &nb, &clnames,
1320 flavor_list);
1321 else
1322 flavor_count = getclientsflavors_old(sh, transp, &nb, &clnames,
1323 flavor_list);
1324
1325 if (clnames)
1326 host = clnames->h_hostservs[0].h_host;
1327
1328 if (flavor_count == 0) {
1329 error = EACCES;
1330 goto reply;
1331 }
1332
1333 /*
1334 * Check MAC policy here. The server side policy should be
1335 * consistent with client side mount policy, i.e.
1336 * - we disallow an admin_low unlabeled client to mount
1337 * - we disallow mount from a lower labeled client.
1338 */
1339 if (is_system_labeled()) {
1340 m_label_t *clabel = NULL;
1341 m_label_t *slabel = NULL;
1342 m_label_t admin_low;
1343
1344 if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) {
1345 syslog(LOG_ERR,
1346 "mount request: Failed to get caller's ucred : %m");
1347 error = EACCES;
1348 goto reply;
1349 }
1350 if ((clabel = ucred_getlabel(uc)) == NULL) {
1351 syslog(LOG_ERR,
1352 "mount request: can't get client label from ucred");
1353 error = EACCES;
1354 goto reply;
1355 }
1356
1357 bsllow(&admin_low);
1358 if (blequal(&admin_low, clabel)) {
1359 struct sockaddr *ca;
1360 tsol_tpent_t *tp;
1361
1362 ca = (struct sockaddr *)(void *)svc_getrpccaller(
1363 rqstp->rq_xprt)->buf;
1364 if (ca == NULL) {
1365 error = EACCES;
1366 goto reply;
1367 }
1368 /*
1369 * get trusted network template associated
1370 * with the client.
1371 */
1372 tp = get_client_template(ca);
1373 if (tp == NULL || tp->host_type != SUN_CIPSO) {
1374 if (tp != NULL)
1375 tsol_freetpent(tp);
1376 error = EACCES;
1377 goto reply;
1378 }
1379 tsol_freetpent(tp);
1380 } else {
1381 if ((slabel = m_label_alloc(MAC_LABEL)) == NULL) {
1382 error = EACCES;
1383 goto reply;
1384 }
1385
1386 if (getlabel(rpath, slabel) != 0) {
1387 m_label_free(slabel);
1388 error = EACCES;
1389 goto reply;
1390 }
1391
1392 if (!bldominates(clabel, slabel)) {
1393 m_label_free(slabel);
1394 error = EACCES;
1395 goto reply;
1396 }
1397 m_label_free(slabel);
1398 }
1399 }
1400
1401 /*
1402 * Now get the filehandle.
1403 *
1404 * NFS V2 clients get a 32 byte filehandle.
1405 * NFS V3 clients get a 32 or 64 byte filehandle, depending on
1406 * the embedded FIDs.
1407 */
1408 vers = (version == MOUNTVERS3) ? NFS_V3 : NFS_VERSION;
1409
1410 /* LINTED pointer alignment */
1411 while (nfs_getfh(rpath, vers, &len, fh) < 0) {
1412 if (errno == EINVAL &&
1413 (sh = find_lofsentry(rpath, &lofs_tried)) != NULL) {
1414 errno = 0;
1415 continue;
1416 }
1417 error = errno == EINVAL ? EACCES : errno;
1418 syslog(LOG_DEBUG, "mount request: getfh failed on %s: %m",
1419 path);
1420 break;
1421 }
1422
1423 if (version == MOUNTVERS3) {
1424 mountres3.mountres3_u.mountinfo.fhandle.fhandle3_len = len;
1425 mountres3.mountres3_u.mountinfo.fhandle.fhandle3_val = fh;
1426 } else {
1427 bcopy(fh, &fhs.fhstatus_u.fhs_fhandle, NFS_FHSIZE);
1428 }
1429
1430 reply:
1431 if (uc != NULL)
1432 ucred_free(uc);
1433
1434 switch (version) {
1435 case MOUNTVERS:
1436 case MOUNTVERS_POSIX:
1437 if (error == EINVAL)
1438 fhs.fhs_status = NFSERR_ACCES;
1439 else if (error == EREMOTE)
1440 fhs.fhs_status = NFSERR_REMOTE;
1441 else
1442 fhs.fhs_status = error;
1443
1444 if (!svc_sendreply(transp, xdr_fhstatus, (char *)&fhs))
1445 log_cant_reply(transp);
1446
1447 audit_status = fhs.fhs_status;
1448 break;
1449
1450 case MOUNTVERS3:
1451 if (!error) {
1452 mountres3.mountres3_u.mountinfo.auth_flavors.auth_flavors_val =
1453 flavor_list;
1454 mountres3.mountres3_u.mountinfo.auth_flavors.auth_flavors_len =
1455 flavor_count;
1456
1457 } else if (error == ENAMETOOLONG)
1458 error = MNT3ERR_NAMETOOLONG;
1459
1460 mountres3.fhs_status = error;
1461 if (!svc_sendreply(transp, xdr_mountres3, (char *)&mountres3))
1462 log_cant_reply(transp);
1463
1464 audit_status = mountres3.fhs_status;
1465 break;
1466 }
1467
1468 if (verbose)
1469 syslog(LOG_NOTICE, "MOUNT: %s %s %s",
1470 (host == NULL) ? "unknown host" : host,
1471 error ? "denied" : "mounted", path);
1472
1473 /*
1474 * If we can not create a queue entry, go ahead and do it
1475 * in the context of this thread.
1476 */
1477 enqueued = enqueue_logging_data(host, transp, path, rpath,
1478 audit_status, error);
1479 if (enqueued == FALSE) {
1480 if (host == NULL) {
1481 DTRACE_PROBE(mountd, name_by_in_thread);
1482 if (getclientsnames(transp, &nb, &clnames) == 0)
1483 host = clnames->h_hostservs[0].h_host;
1484 }
1485
1486 DTRACE_PROBE(mountd, logged_in_thread);
1487 audit_mountd_mount(host, path, audit_status); /* BSM */
1488 if (!error)
1489 mntlist_new(host, rpath); /* add entry to mount list */
1490 }
1491
1492 if (path != NULL)
1493 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
1494
1495 if (sh)
1496 sharefree(sh);
1497 netdir_free(clnames, ND_HOSTSERVLIST);
1498
1499 return (error);
1500 }
1501
1502 /*
1503 * Determine whether two paths are within the same file system.
1504 * Returns nonzero (true) if paths are the same, zero (false) if
1505 * they are different. If an error occurs, return false.
1506 *
1507 * Use the actual FSID if it's available (via getattrat()); otherwise,
1508 * fall back on st_dev.
1509 *
1510 * With ZFS snapshots, st_dev differs from the regular file system
1511 * versus the snapshot. But the fsid is the same throughout. Thus
1512 * the fsid is a better test.
1513 */
1514 static int
1515 same_file_system(const char *path1, const char *path2)
1516 {
1517 uint64_t fsid1, fsid2;
1518 struct stat64 st1, st2;
1519 nvlist_t *nvl1 = NULL;
1520 nvlist_t *nvl2 = NULL;
1521
1522 if ((getattrat(AT_FDCWD, XATTR_VIEW_READONLY, path1, &nvl1) == 0) &&
1523 (getattrat(AT_FDCWD, XATTR_VIEW_READONLY, path2, &nvl2) == 0) &&
1524 (nvlist_lookup_uint64(nvl1, A_FSID, &fsid1) == 0) &&
1525 (nvlist_lookup_uint64(nvl2, A_FSID, &fsid2) == 0)) {
1526 nvlist_free(nvl1);
1527 nvlist_free(nvl2);
1528 /*
1529 * We have found fsid's for both paths.
1530 */
1531
1532 if (fsid1 == fsid2)
1533 return (B_TRUE);
1534
1535 return (B_FALSE);
1536 }
1537
1538 if (nvl1 != NULL)
1539 nvlist_free(nvl1);
1540 if (nvl2 != NULL)
1541 nvlist_free(nvl2);
1542
1543 /*
1544 * We were unable to find fsid's for at least one of the paths.
1545 * fall back on st_dev.
1546 */
1547
1548 if (stat64(path1, &st1) < 0) {
1549 syslog(LOG_NOTICE, "%s: %m", path1);
1550 return (B_FALSE);
1551 }
1552 if (stat64(path2, &st2) < 0) {
1553 syslog(LOG_NOTICE, "%s: %m", path2);
1554 return (B_FALSE);
1555 }
1556
1557 if (st1.st_dev == st2.st_dev)
1558 return (B_TRUE);
1559
1560 return (B_FALSE);
1561 }
1562
1563 share_t *
1564 findentry(char *path)
1565 {
1566 share_t *sh = NULL;
1567 struct sh_list *shp;
1568 char *p1, *p2;
1569
1570 check_sharetab();
1571
1572 (void) rw_rdlock(&sharetab_lock);
1573
1574 for (shp = share_list; shp; shp = shp->shl_next) {
1575 sh = shp->shl_sh;
1576 for (p1 = sh->sh_path, p2 = path; *p1 == *p2; p1++, p2++)
1577 if (*p1 == '\0')
1578 goto done; /* exact match */
1579
1580 /*
1581 * Now compare the pathnames for three cases:
1582 *
1583 * Parent: /export/foo (no trailing slash on parent)
1584 * Child: /export/foo/bar
1585 *
1586 * Parent: /export/foo/ (trailing slash on parent)
1587 * Child: /export/foo/bar
1588 *
1589 * Parent: /export/foo/ (no trailing slash on child)
1590 * Child: /export/foo
1591 */
1592 if ((*p1 == '\0' && *p2 == '/') ||
1593 (*p1 == '\0' && *(p1-1) == '/') ||
1594 (*p2 == '\0' && *p1 == '/' && *(p1+1) == '\0')) {
1595 /*
1596 * We have a subdirectory. Test whether the
1597 * subdirectory is in the same file system.
1598 */
1599 if (same_file_system(path, sh->sh_path))
1600 goto done;
1601 }
1602 }
1603 done:
1604 sh = shp ? sharedup(sh) : NULL;
1605
1606 (void) rw_unlock(&sharetab_lock);
1607
1608 return (sh);
1609 }
1610
1611
1612 static int
1613 is_substring(char **mntp, char **path)
1614 {
1615 char *p1 = *mntp, *p2 = *path;
1616
1617 if (*p1 == '\0' && *p2 == '\0') /* exact match */
1618 return (1);
1619 else if (*p1 == '\0' && *p2 == '/')
1620 return (1);
1621 else if (*p1 == '\0' && *(p1-1) == '/') {
1622 *path = --p2; /* we need the slash in p2 */
1623 return (1);
1624 } else if (*p2 == '\0') {
1625 while (*p1 == '/')
1626 p1++;
1627 if (*p1 == '\0') /* exact match */
1628 return (1);
1629 }
1630 return (0);
1631 }
1632
1633 /*
1634 * find_lofsentry() searches for the real path which this requested LOFS path
1635 * (rpath) shadows. If found, it will return the sharetab entry of
1636 * the real path that corresponds to the LOFS path.
1637 * We first search mnttab to see if the requested path is an automounted
1638 * path. If it is an automounted path, it will trigger the mount by stat()ing
1639 * the requested path. Note that it is important to check that this path is
1640 * actually an automounted path, otherwise we would stat() a path which may
1641 * turn out to be NFS and block indefinitely on a dead server. The automounter
1642 * times-out if the server is dead, so there's no risk of hanging this
1643 * thread waiting for stat().
1644 * After the mount has been triggered (if necessary), we look for a
1645 * mountpoint of type LOFS (by searching /etc/mnttab again) which
1646 * is a substring of the rpath. If found, we construct a new path by
1647 * concatenating the mnt_special and the remaining of rpath, call findentry()
1648 * to make sure the 'real path' is shared.
1649 */
1650 static share_t *
1651 find_lofsentry(char *rpath, int *done_flag)
1652 {
1653 struct stat r_stbuf;
1654 mntlist_t *ml, *mntl, *mntpnt = NULL;
1655 share_t *retcode = NULL;
1656 char tmp_path[MAXPATHLEN];
1657 int mntpnt_len = 0, tmp;
1658 char *p1, *p2;
1659
1660 if ((*done_flag)++)
1661 return (retcode);
1662
1663 /*
1664 * While fsgetmntlist() uses lockf() to
1665 * lock the mnttab before reading it in,
1666 * the lock ignores threads in the same process.
1667 * Read in the mnttab with the protection of a mutex.
1668 */
1669 (void) mutex_lock(&mnttab_lock);
1670 mntl = fsgetmntlist();
1671 (void) mutex_unlock(&mnttab_lock);
1672
1673 /*
1674 * Obtain the mountpoint for the requested path.
1675 */
1676 for (ml = mntl; ml; ml = ml->mntl_next) {
1677 for (p1 = ml->mntl_mnt->mnt_mountp, p2 = rpath;
1678 *p1 == *p2 && *p1; p1++, p2++)
1679 ;
1680 if (is_substring(&p1, &p2) &&
1681 (tmp = strlen(ml->mntl_mnt->mnt_mountp)) >= mntpnt_len) {
1682 mntpnt = ml;
1683 mntpnt_len = tmp;
1684 }
1685 }
1686
1687 /*
1688 * If the path needs to be autoFS mounted, trigger the mount by
1689 * stat()ing it. This is determined by checking whether the
1690 * mountpoint we just found is of type autofs.
1691 */
1692 if (mntpnt != NULL &&
1693 strcmp(mntpnt->mntl_mnt->mnt_fstype, "autofs") == 0) {
1694 /*
1695 * The requested path is a substring of an autoFS filesystem.
1696 * Trigger the mount.
1697 */
1698 if (stat(rpath, &r_stbuf) < 0) {
1699 if (verbose)
1700 syslog(LOG_NOTICE, "%s: %m", rpath);
1701 goto done;
1702 }
1703 if ((r_stbuf.st_mode & S_IFMT) == S_IFDIR) {
1704 /*
1705 * The requested path is a directory, stat(2) it
1706 * again with a trailing '.' to force the autoFS
1707 * module to trigger the mount of indirect
1708 * automount entries, such as /net/jurassic/.
1709 */
1710 if (strlen(rpath) + 2 > MAXPATHLEN) {
1711 if (verbose) {
1712 syslog(LOG_NOTICE,
1713 "%s/.: exceeds MAXPATHLEN %d",
1714 rpath, MAXPATHLEN);
1715 }
1716 goto done;
1717 }
1718 (void) strcpy(tmp_path, rpath);
1719 (void) strcat(tmp_path, "/.");
1720
1721 if (stat(tmp_path, &r_stbuf) < 0) {
1722 if (verbose)
1723 syslog(LOG_NOTICE, "%s: %m", tmp_path);
1724 goto done;
1725 }
1726 }
1727
1728 /*
1729 * The mount has been triggered, re-read mnttab to pick up
1730 * the changes made by autoFS.
1731 */
1732 fsfreemntlist(mntl);
1733 (void) mutex_lock(&mnttab_lock);
1734 mntl = fsgetmntlist();
1735 (void) mutex_unlock(&mnttab_lock);
1736 }
1737
1738 /*
1739 * The autoFS mountpoint has been triggered if necessary,
1740 * now search mnttab again to determine if the requested path
1741 * is an LOFS mount of a shared path.
1742 */
1743 mntpnt_len = 0;
1744 for (ml = mntl; ml; ml = ml->mntl_next) {
1745 if (strcmp(ml->mntl_mnt->mnt_fstype, "lofs"))
1746 continue;
1747
1748 for (p1 = ml->mntl_mnt->mnt_mountp, p2 = rpath;
1749 *p1 == *p2 && *p1; p1++, p2++)
1750 ;
1751
1752 if (is_substring(&p1, &p2) &&
1753 ((tmp = strlen(ml->mntl_mnt->mnt_mountp)) >= mntpnt_len)) {
1754 mntpnt_len = tmp;
1755
1756 if ((strlen(ml->mntl_mnt->mnt_special) + strlen(p2)) >
1757 MAXPATHLEN) {
1758 if (verbose) {
1759 syslog(LOG_NOTICE, "%s%s: exceeds %d",
1760 ml->mntl_mnt->mnt_special, p2,
1761 MAXPATHLEN);
1762 }
1763 if (retcode)
1764 sharefree(retcode);
1765 retcode = NULL;
1766 goto done;
1767 }
1768
1769 (void) strcpy(tmp_path, ml->mntl_mnt->mnt_special);
1770 (void) strcat(tmp_path, p2);
1771 if (retcode)
1772 sharefree(retcode);
1773 retcode = findentry(tmp_path);
1774 }
1775 }
1776
1777 if (retcode) {
1778 assert(strlen(tmp_path) > 0);
1779 (void) strcpy(rpath, tmp_path);
1780 }
1781
1782 done:
1783 fsfreemntlist(mntl);
1784 return (retcode);
1785 }
1786
1787 /*
1788 * Determine whether an access list grants rights to a particular host.
1789 * We match on aliases of the hostname as well as on the canonical name.
1790 * Names in the access list may be either hosts or netgroups; they're
1791 * not distinguished syntactically. We check for hosts first because
1792 * it's cheaper, then try netgroups.
1793 *
1794 * If pnb and pclnames are NULL, it means that we have to use transp
1795 * to resolve client IP address to hostname. If they aren't NULL
1796 * then transp argument won't be used and can be NULL.
1797 */
1798 int
1799 in_access_list(SVCXPRT *transp, struct netbuf **pnb,
1800 struct nd_hostservlist **pclnames,
1801 char *access_list) /* N.B. we clobber this "input" parameter */
1802 {
1803 char addr[INET_ADDRSTRLEN];
1804 char buff[256];
1805 int nentries = 0;
1806 char *cstr = access_list;
1807 char *gr = access_list;
1808 char *host;
1809 int off;
1810 int i;
1811 int response;
1812 int sbr = 0;
1813 struct nd_hostservlist *clnames;
1814 struct netent n, *np;
1815
1816 /* If no access list - then it's unrestricted */
1817 if (access_list == NULL || *access_list == '\0')
1818 return (1);
1819
1820 assert(transp != NULL || (*pnb != NULL && *pclnames != NULL));
1821
1822 /* Get client address if it wasn't provided */
1823 if (*pnb == NULL)
1824 /* Don't grant access if client address isn't known */
1825 if ((*pnb = svc_getrpccaller(transp)) == NULL)
1826 return (0);
1827
1828 /* Try to lookup client hostname if it wasn't provided */
1829 if (*pclnames == NULL)
1830 getclientsnames(transp, pnb, pclnames);
1831 clnames = *pclnames;
1832
1833 for (;;) {
1834 if ((cstr = strpbrk(cstr, "[]:")) != NULL) {
1835 switch (*cstr) {
1836 case '[':
1837 case ']':
1838 sbr = !sbr;
1839 cstr++;
1840 continue;
1841 case ':':
1842 if (sbr) {
1843 cstr++;
1844 continue;
1845 }
1846 *cstr = '\0';
1847 }
1848 }
1849
1850 /*
1851 * If the list name has a '-' prepended then a match of
1852 * the following name implies failure instead of success.
1853 */
1854 if (*gr == '-') {
1855 response = 0;
1856 gr++;
1857 } else {
1858 response = 1;
1859 }
1860
1861 /*
1862 * First check if we have '@' entry, as it doesn't
1863 * require client hostname.
1864 */
1865 if (*gr == '@') {
1866 gr++;
1867
1868 /* Netname support */
1869 if (!isdigit(*gr) && *gr != '[') {
1870 if ((np = getnetbyname_r(gr, &n, buff,
1871 sizeof (buff))) != NULL &&
1872 np->n_net != 0) {
1873 while ((np->n_net & 0xFF000000u) == 0)
1874 np->n_net <<= 8;
1875 np->n_net = htonl(np->n_net);
1876 if (inet_ntop(AF_INET, &np->n_net, addr,
1877 INET_ADDRSTRLEN) == NULL)
1878 break;
1879 if (inet_matchaddr((*pnb)->buf, addr))
1880 return (response);
1881 }
1882 } else {
1883 if (inet_matchaddr((*pnb)->buf, gr))
1884 return (response);
1885 }
1886
1887 if (cstr == NULL)
1888 break;
1889
1890 gr = ++cstr;
1891
1892 continue;
1893 }
1894
1895 /*
1896 * No other checks can be performed if client address
1897 * can't be resolved.
1898 */
1899 if (clnames == NULL) {
1900 if (cstr == NULL)
1901 break;
1902
1903 gr = ++cstr;
1904
1905 continue;
1906 }
1907
1908 /* Otherwise loop through all client hostname aliases */
1909 for (i = 0; i < clnames->h_cnt; i++) {
1910 host = clnames->h_hostservs[i].h_host;
1911
1912 /*
1913 * If the list name begins with a dot then
1914 * do a domain name suffix comparison.
1915 * A single dot matches any name with no
1916 * suffix.
1917 */
1918 if (*gr == '.') {
1919 if (*(gr + 1) == '\0') { /* single dot */
1920 if (strchr(host, '.') == NULL)
1921 return (response);
1922 } else {
1923 off = strlen(host) - strlen(gr);
1924 if (off > 0 &&
1925 strcasecmp(host + off, gr) == 0) {
1926 return (response);
1927 }
1928 }
1929 } else {
1930 /* Just do a hostname match */
1931 if (strcasecmp(gr, host) == 0)
1932 return (response);
1933 }
1934 }
1935
1936 nentries++;
1937
1938 if (cstr == NULL)
1939 break;
1940
1941 gr = ++cstr;
1942 }
1943
1944 if (clnames == NULL)
1945 return (0);
1946
1947 return (netgroup_check(clnames, access_list, nentries));
1948 }
1949
1950
1951 static char *optlist[] = {
1952 #define OPT_RO 0
1953 SHOPT_RO,
1954 #define OPT_RW 1
1955 SHOPT_RW,
1956 #define OPT_ROOT 2
1957 SHOPT_ROOT,
1958 #define OPT_SECURE 3
1959 SHOPT_SECURE,
1960 #define OPT_ANON 4
1961 SHOPT_ANON,
1962 #define OPT_WINDOW 5
1963 SHOPT_WINDOW,
1964 #define OPT_NOSUID 6
1965 SHOPT_NOSUID,
1966 #define OPT_ACLOK 7
1967 SHOPT_ACLOK,
1968 #define OPT_SEC 8
1969 SHOPT_SEC,
1970 #define OPT_NONE 9
1971 SHOPT_NONE,
1972 #define OPT_UIDMAP 10
1973 SHOPT_UIDMAP,
1974 #define OPT_GIDMAP 11
1975 SHOPT_GIDMAP,
1976 NULL
1977 };
1978
1979 static int
1980 map_flavor(char *str)
1981 {
1982 seconfig_t sec;
1983
1984 if (nfs_getseconfig_byname(str, &sec))
1985 return (-1);
1986
1987 return (sec.sc_nfsnum);
1988 }
1989
1990 /*
1991 * If the option string contains a "sec="
1992 * option, then use new option syntax.
1993 */
1994 static int
1995 newopts(char *opts)
1996 {
1997 char *head, *p, *val;
1998
1999 if (!opts || *opts == '\0')
2000 return (0);
2001
2002 head = strdup(opts);
2003 if (head == NULL) {
2004 syslog(LOG_ERR, "opts: no memory");
2005 return (0);
2006 }
2007
2008 p = head;
2009 while (*p) {
2010 if (getsubopt(&p, optlist, &val) == OPT_SEC) {
2011 free(head);
2012 return (1);
2013 }
2014 }
2015
2016 free(head);
2017 return (0);
2018 }
2019
2020 /*
2021 * Given an export and the clients hostname(s)
2022 * determine the security flavors that this
2023 * client is permitted to use.
2024 *
2025 * This routine is called only for "old" syntax, i.e.
2026 * only one security flavor is allowed. So we need
2027 * to determine two things: the particular flavor,
2028 * and whether the client is allowed to use this
2029 * flavor, i.e. is in the access list.
2030 *
2031 * Note that if there is no access list, then the
2032 * default is that access is granted.
2033 */
2034 static int
2035 getclientsflavors_old(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2036 struct nd_hostservlist **clnames, int *flavors)
2037 {
2038 char *opts, *p, *val;
2039 boolean_t ok = B_FALSE;
2040 int defaultaccess = 1;
2041 boolean_t reject = B_FALSE;
2042
2043 opts = strdup(sh->sh_opts);
2044 if (opts == NULL) {
2045 syslog(LOG_ERR, "getclientsflavors: no memory");
2046 return (0);
2047 }
2048
2049 flavors[0] = AUTH_SYS;
2050 p = opts;
2051
2052 while (*p) {
2053
2054 switch (getsubopt(&p, optlist, &val)) {
2055 case OPT_SECURE:
2056 flavors[0] = AUTH_DES;
2057 break;
2058
2059 case OPT_RO:
2060 case OPT_RW:
2061 defaultaccess = 0;
2062 if (in_access_list(transp, nb, clnames, val))
2063 ok++;
2064 break;
2065
2066 case OPT_NONE:
2067 defaultaccess = 0;
2068 if (in_access_list(transp, nb, clnames, val))
2069 reject = B_TRUE;
2070 }
2071 }
2072
2073 free(opts);
2074
2075 /* none takes precedence over everything else */
2076 if (reject)
2077 ok = B_TRUE;
2078
2079 return (defaultaccess || ok);
2080 }
2081
2082 /*
2083 * Given an export and the clients hostname(s)
2084 * determine the security flavors that this
2085 * client is permitted to use.
2086 *
2087 * This is somewhat more complicated than the "old"
2088 * routine because the options may contain multiple
2089 * security flavors (sec=) each with its own access
2090 * lists. So a client could be granted access based
2091 * on a number of security flavors. Note that the
2092 * type of access might not always be the same, the
2093 * client may get readonly access with one flavor
2094 * and readwrite with another, however the client
2095 * is not told this detail, it gets only the list
2096 * of flavors, and only if the client is using
2097 * version 3 of the mount protocol.
2098 */
2099 static int
2100 getclientsflavors_new(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2101 struct nd_hostservlist **clnames, int *flavors)
2102 {
2103 char *opts, *p, *val;
2104 char *lasts;
2105 char *f;
2106 boolean_t access_ok;
2107 int count, c;
2108 boolean_t reject = B_FALSE;
2109
2110 opts = strdup(sh->sh_opts);
2111 if (opts == NULL) {
2112 syslog(LOG_ERR, "getclientsflavors: no memory");
2113 return (0);
2114 }
2115
2116 p = opts;
2117 count = c = 0;
2118 /* default access is rw */
2119 access_ok = B_TRUE;
2120
2121 while (*p) {
2122 switch (getsubopt(&p, optlist, &val)) {
2123 case OPT_SEC:
2124 /*
2125 * Before a new sec=xxx option, check if we need
2126 * to move the c index back to the previous count.
2127 */
2128 if (!access_ok) {
2129 c = count;
2130 }
2131
2132 /* get all the sec=f1[:f2] flavors */
2133 while ((f = strtok_r(val, ":", &lasts))
2134 != NULL) {
2135 flavors[c++] = map_flavor(f);
2136 val = NULL;
2137 }
2138
2139 /* for a new sec=xxx option, default is rw access */
2140 access_ok = B_TRUE;
2141 break;
2142
2143 case OPT_RO:
2144 case OPT_RW:
2145 if (in_access_list(transp, nb, clnames, val)) {
2146 count = c;
2147 access_ok = B_TRUE;
2148 } else {
2149 access_ok = B_FALSE;
2150 }
2151 break;
2152
2153 case OPT_NONE:
2154 if (in_access_list(transp, nb, clnames, val))
2155 reject = B_TRUE; /* none overides rw/ro */
2156 break;
2157 }
2158 }
2159
2160 if (reject)
2161 access_ok = B_FALSE;
2162
2163 if (!access_ok)
2164 c = count;
2165
2166 free(opts);
2167
2168 return (c);
2169 }
2170
2171 /*
2172 * This is a tricky piece of code that parses the
2173 * share options looking for a match on the auth
2174 * flavor that the client is using. If it finds
2175 * a match, then the client is given ro, rw, or
2176 * no access depending whether it is in the access
2177 * list. There is a special case for "secure"
2178 * flavor. Other flavors are values of the new "sec=" option.
2179 */
2180 int
2181 check_client(share_t *sh, struct netbuf *nb,
2182 struct nd_hostservlist *clnames, int flavor, uid_t clnt_uid, gid_t clnt_gid,
2183 uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid, gid_t *srv_gid,
2184 uint_t *srv_ngids, gid_t **srv_gids)
2185 {
2186 if (newopts(sh->sh_opts))
2187 return (check_client_new(sh, NULL, &nb, &clnames, flavor,
2188 clnt_uid, clnt_gid, clnt_ngids, clnt_gids, srv_uid, srv_gid,
2189 srv_ngids, srv_gids));
2190 else
2191 return (check_client_old(sh, NULL, &nb, &clnames, flavor,
2192 clnt_uid, clnt_gid, clnt_ngids, clnt_gids, srv_uid, srv_gid,
2193 srv_ngids, srv_gids));
2194 }
2195
2196 extern int _getgroupsbymember(const char *, gid_t[], int, int);
2197
2198 /*
2199 * Get supplemental groups for uid
2200 */
2201 static int
2202 getusergroups(uid_t uid, uint_t *ngrps, gid_t **grps)
2203 {
2204 struct passwd pwd;
2205 char *pwbuf = alloca(pw_size);
2206 gid_t *tmpgrps = alloca(ngroups_max * sizeof (gid_t));
2207 int tmpngrps;
2208
2209 if (getpwuid_r(uid, &pwd, pwbuf, pw_size) == NULL)
2210 return (-1);
2211
2212 tmpgrps[0] = pwd.pw_gid;
2213
2214 tmpngrps = _getgroupsbymember(pwd.pw_name, tmpgrps, ngroups_max, 1);
2215 if (tmpngrps <= 0) {
2216 syslog(LOG_WARNING,
2217 "getusergroups(): Unable to get groups for user %s",
2218 pwd.pw_name);
2219
2220 return (-1);
2221 }
2222
2223 *grps = malloc(tmpngrps * sizeof (gid_t));
2224 if (*grps == NULL) {
2225 syslog(LOG_ERR,
2226 "getusergroups(): Memory allocation failed: %m");
2227
2228 return (-1);
2229 }
2230
2231 *ngrps = tmpngrps;
2232 (void) memcpy(*grps, tmpgrps, tmpngrps * sizeof (gid_t));
2233
2234 return (0);
2235 }
2236
2237 /*
2238 * is_a_number(number)
2239 *
2240 * is the string a number in one of the forms we want to use?
2241 */
2242
2243 static int
2244 is_a_number(char *number)
2245 {
2246 int ret = 1;
2247 int hex = 0;
2248
2249 if (strncmp(number, "0x", 2) == 0) {
2250 number += 2;
2251 hex = 1;
2252 } else if (*number == '-') {
2253 number++; /* skip the minus */
2254 }
2255 while (ret == 1 && *number != '\0') {
2256 if (hex) {
2257 ret = isxdigit(*number++);
2258 } else {
2259 ret = isdigit(*number++);
2260 }
2261 }
2262 return (ret);
2263 }
2264
2265 static boolean_t
2266 get_uid(char *value, uid_t *uid)
2267 {
2268 if (!is_a_number(value)) {
2269 struct passwd *pw;
2270 /*
2271 * in this case it would have to be a
2272 * user name
2273 */
2274 pw = getpwnam(value);
2275 if (pw == NULL)
2276 return (B_FALSE);
2277 *uid = pw->pw_uid;
2278 endpwent();
2279 } else {
2280 uint64_t intval;
2281 intval = strtoull(value, NULL, 0);
2282 if (intval > UID_MAX && intval != -1)
2283 return (B_FALSE);
2284 *uid = (uid_t)intval;
2285 }
2286
2287 return (B_TRUE);
2288 }
2289
2290 static boolean_t
2291 get_gid(char *value, gid_t *gid)
2292 {
2293 if (!is_a_number(value)) {
2294 struct group *gr;
2295 /*
2296 * in this case it would have to be a
2297 * group name
2298 */
2299 gr = getgrnam(value);
2300 if (gr == NULL)
2301 return (B_FALSE);
2302 *gid = gr->gr_gid;
2303 endgrent();
2304 } else {
2305 uint64_t intval;
2306 intval = strtoull(value, NULL, 0);
2307 if (intval > UID_MAX && intval != -1)
2308 return (B_FALSE);
2309 *gid = (gid_t)intval;
2310 }
2311
2312 return (B_TRUE);
2313 }
2314
2315 static int
2316 check_client_old(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2317 struct nd_hostservlist **clnames, int flavor, uid_t clnt_uid,
2318 gid_t clnt_gid, uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid,
2319 gid_t *srv_gid, uint_t *srv_ngids, gid_t **srv_gids)
2320 {
2321 char *opts, *p, *val;
2322 int match; /* Set when a flavor is matched */
2323 int perm = 0; /* Set when "ro", "rw" or "root" is matched */
2324 int list = 0; /* Set when "ro", "rw" is found */
2325 int ro_val = 0; /* Set if ro option is 'ro=' */
2326 int rw_val = 0; /* Set if rw option is 'rw=' */
2327
2328 boolean_t map_deny = B_FALSE;
2329
2330 opts = strdup(sh->sh_opts);
2331 if (opts == NULL) {
2332 syslog(LOG_ERR, "check_client: no memory");
2333 return (0);
2334 }
2335
2336 /*
2337 * If client provided 16 supplemental groups with AUTH_SYS, lookup
2338 * locally for all of them
2339 */
2340 if (flavor == AUTH_SYS && clnt_ngids == NGRPS && ngroups_max > NGRPS)
2341 if (getusergroups(clnt_uid, srv_ngids, srv_gids) == 0)
2342 perm |= NFSAUTH_GROUPS;
2343
2344 p = opts;
2345 match = AUTH_UNIX;
2346
2347 while (*p) {
2348 switch (getsubopt(&p, optlist, &val)) {
2349
2350 case OPT_SECURE:
2351 match = AUTH_DES;
2352
2353 if (perm & NFSAUTH_GROUPS) {
2354 free(*srv_gids);
2355 *srv_ngids = 0;
2356 *srv_gids = NULL;
2357 perm &= ~NFSAUTH_GROUPS;
2358 }
2359
2360 break;
2361
2362 case OPT_RO:
2363 list++;
2364 if (val != NULL)
2365 ro_val++;
2366 if (in_access_list(transp, nb, clnames, val))
2367 perm |= NFSAUTH_RO;
2368 break;
2369
2370 case OPT_RW:
2371 list++;
2372 if (val != NULL)
2373 rw_val++;
2374 if (in_access_list(transp, nb, clnames, val))
2375 perm |= NFSAUTH_RW;
2376 break;
2377
2378 case OPT_ROOT:
2379 /*
2380 * Check if the client is in
2381 * the root list. Only valid
2382 * for AUTH_SYS.
2383 */
2384 if (flavor != AUTH_SYS)
2385 break;
2386
2387 if (val == NULL || *val == '\0')
2388 break;
2389
2390 if (clnt_uid != 0)
2391 break;
2392
2393 if (in_access_list(transp, nb, clnames, val)) {
2394 perm |= NFSAUTH_ROOT;
2395 perm |= NFSAUTH_UIDMAP | NFSAUTH_GIDMAP;
2396 map_deny = B_FALSE;
2397
2398 if (perm & NFSAUTH_GROUPS) {
2399 free(*srv_gids);
2400 *srv_ngids = 0;
2401 *srv_gids = NULL;
2402 perm &= ~NFSAUTH_GROUPS;
2403 }
2404 }
2405 break;
2406
2407 case OPT_NONE:
2408 /*
2409 * Check if the client should have no access
2410 * to this share at all. This option behaves
2411 * more like "root" than either "rw" or "ro".
2412 */
2413 if (in_access_list(transp, nb, clnames, val))
2414 perm |= NFSAUTH_DENIED;
2415 break;
2416
2417 case OPT_UIDMAP: {
2418 char *c;
2419 char *n;
2420
2421 /*
2422 * The uidmap is supported for AUTH_SYS only.
2423 */
2424 if (flavor != AUTH_SYS)
2425 break;
2426
2427 if (perm & NFSAUTH_UIDMAP || map_deny)
2428 break;
2429
2430 for (c = val; c != NULL; c = n) {
2431 char *s;
2432 char *al;
2433 uid_t srv;
2434
2435 n = strchr(c, '~');
2436 if (n != NULL)
2437 *n++ = '\0';
2438
2439 s = strchr(c, ':');
2440 if (s != NULL) {
2441 *s++ = '\0';
2442 al = strchr(s, ':');
2443 if (al != NULL)
2444 *al++ = '\0';
2445 }
2446
2447 if (s == NULL || al == NULL)
2448 continue;
2449
2450 if (*c == '\0') {
2451 if (clnt_uid != (uid_t)-1)
2452 continue;
2453 } else if (strcmp(c, "*") != 0) {
2454 uid_t clnt;
2455
2456 if (!get_uid(c, &clnt))
2457 continue;
2458
2459 if (clnt_uid != clnt)
2460 continue;
2461 }
2462
2463 if (*s == '\0')
2464 srv = UID_NOBODY;
2465 else if (!get_uid(s, &srv))
2466 continue;
2467 else if (srv == (uid_t)-1) {
2468 map_deny = B_TRUE;
2469 break;
2470 }
2471
2472 if (in_access_list(transp, nb, clnames, al)) {
2473 *srv_uid = srv;
2474 perm |= NFSAUTH_UIDMAP;
2475
2476 if (perm & NFSAUTH_GROUPS) {
2477 free(*srv_gids);
2478 *srv_ngids = 0;
2479 *srv_gids = NULL;
2480 perm &= ~NFSAUTH_GROUPS;
2481 }
2482
2483 break;
2484 }
2485 }
2486
2487 break;
2488 }
2489
2490 case OPT_GIDMAP: {
2491 char *c;
2492 char *n;
2493
2494 /*
2495 * The gidmap is supported for AUTH_SYS only.
2496 */
2497 if (flavor != AUTH_SYS)
2498 break;
2499
2500 if (perm & NFSAUTH_GIDMAP || map_deny)
2501 break;
2502
2503 for (c = val; c != NULL; c = n) {
2504 char *s;
2505 char *al;
2506 gid_t srv;
2507
2508 n = strchr(c, '~');
2509 if (n != NULL)
2510 *n++ = '\0';
2511
2512 s = strchr(c, ':');
2513 if (s != NULL) {
2514 *s++ = '\0';
2515 al = strchr(s, ':');
2516 if (al != NULL)
2517 *al++ = '\0';
2518 }
2519
2520 if (s == NULL || al == NULL)
2521 break;
2522
2523 if (*c == '\0') {
2524 if (clnt_gid != (gid_t)-1)
2525 continue;
2526 } else if (strcmp(c, "*") != 0) {
2527 gid_t clnt;
2528
2529 if (!get_gid(c, &clnt))
2530 continue;
2531
2532 if (clnt_gid != clnt)
2533 continue;
2534 }
2535
2536 if (*s == '\0')
2537 srv = UID_NOBODY;
2538 else if (!get_gid(s, &srv))
2539 continue;
2540 else if (srv == (gid_t)-1) {
2541 map_deny = B_TRUE;
2542 break;
2543 }
2544
2545 if (in_access_list(transp, nb, clnames, al)) {
2546 *srv_gid = srv;
2547 perm |= NFSAUTH_GIDMAP;
2548
2549 if (perm & NFSAUTH_GROUPS) {
2550 free(*srv_gids);
2551 *srv_ngids = 0;
2552 *srv_gids = NULL;
2553 perm &= ~NFSAUTH_GROUPS;
2554 }
2555
2556 break;
2557 }
2558 }
2559
2560 break;
2561 }
2562
2563 default:
2564 break;
2565 }
2566 }
2567
2568 free(opts);
2569
2570 if (perm & NFSAUTH_ROOT) {
2571 *srv_uid = 0;
2572 *srv_gid = 0;
2573 }
2574
2575 if (map_deny)
2576 perm |= NFSAUTH_DENIED;
2577
2578 if (!(perm & NFSAUTH_UIDMAP))
2579 *srv_uid = clnt_uid;
2580 if (!(perm & NFSAUTH_GIDMAP))
2581 *srv_gid = clnt_gid;
2582
2583 if (flavor != match || perm & NFSAUTH_DENIED)
2584 return (NFSAUTH_DENIED);
2585
2586 if (list) {
2587 /*
2588 * If the client doesn't match an "ro" or "rw"
2589 * list then set no access.
2590 */
2591 if ((perm & (NFSAUTH_RO | NFSAUTH_RW)) == 0)
2592 perm |= NFSAUTH_DENIED;
2593 } else {
2594 /*
2595 * The client matched a flavor entry that
2596 * has no explicit "rw" or "ro" determination.
2597 * Default it to "rw".
2598 */
2599 perm |= NFSAUTH_RW;
2600 }
2601
2602 /*
2603 * The client may show up in both ro= and rw=
2604 * lists. If so, then turn off the RO access
2605 * bit leaving RW access.
2606 */
2607 if (perm & NFSAUTH_RO && perm & NFSAUTH_RW) {
2608 /*
2609 * Logically cover all permutations of rw=,ro=.
2610 * In the case where, rw,ro=<host> we would like
2611 * to remove RW access for the host. In all other cases
2612 * RW wins the precedence battle.
2613 */
2614 if (!rw_val && ro_val) {
2615 perm &= ~(NFSAUTH_RW);
2616 } else {
2617 perm &= ~(NFSAUTH_RO);
2618 }
2619 }
2620
2621 return (perm);
2622 }
2623
2624 /*
2625 * Check if the client has access by using a flavor different from
2626 * the given "flavor". If "flavor" is not in the flavor list,
2627 * return TRUE to indicate that this "flavor" is a wrong sec.
2628 */
2629 static bool_t
2630 is_wrongsec(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2631 struct nd_hostservlist **clnames, int flavor)
2632 {
2633 int flavor_list[MAX_FLAVORS];
2634 int flavor_count, i;
2635
2636 /* get the flavor list that the client has access with */
2637 flavor_count = getclientsflavors_new(sh, transp, nb,
2638 clnames, flavor_list);
2639
2640 if (flavor_count == 0)
2641 return (FALSE);
2642
2643 /*
2644 * Check if the given "flavor" is in the flavor_list.
2645 */
2646 for (i = 0; i < flavor_count; i++) {
2647 if (flavor == flavor_list[i])
2648 return (FALSE);
2649 }
2650
2651 /*
2652 * If "flavor" is not in the flavor_list, return TRUE to indicate
2653 * that the client should have access by using a security flavor
2654 * different from this "flavor".
2655 */
2656 return (TRUE);
2657 }
2658
2659 /*
2660 * Given an export and the client's hostname, we
2661 * check the security options to see whether the
2662 * client is allowed to use the given security flavor.
2663 *
2664 * The strategy is to proceed through the options looking
2665 * for a flavor match, then pay attention to the ro, rw,
2666 * and root options.
2667 *
2668 * Note that an entry may list several flavors in a
2669 * single entry, e.g.
2670 *
2671 * sec=krb5,rw=clnt1:clnt2,ro,sec=sys,ro
2672 *
2673 */
2674
2675 static int
2676 check_client_new(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2677 struct nd_hostservlist **clnames, int flavor, uid_t clnt_uid,
2678 gid_t clnt_gid, uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid,
2679 gid_t *srv_gid, uint_t *srv_ngids, gid_t **srv_gids)
2680 {
2681 char *opts, *p, *val;
2682 char *lasts;
2683 char *f;
2684 int match = 0; /* Set when a flavor is matched */
2685 int perm = 0; /* Set when "ro", "rw" or "root" is matched */
2686 int list = 0; /* Set when "ro", "rw" is found */
2687 int ro_val = 0; /* Set if ro option is 'ro=' */
2688 int rw_val = 0; /* Set if rw option is 'rw=' */
2689
2690 boolean_t map_deny = B_FALSE;
2691
2692 opts = strdup(sh->sh_opts);
2693 if (opts == NULL) {
2694 syslog(LOG_ERR, "check_client: no memory");
2695 return (0);
2696 }
2697
2698 /*
2699 * If client provided 16 supplemental groups with AUTH_SYS, lookup
2700 * locally for all of them
2701 */
2702 if (flavor == AUTH_SYS && clnt_ngids == NGRPS && ngroups_max > NGRPS)
2703 if (getusergroups(clnt_uid, srv_ngids, srv_gids) == 0)
2704 perm |= NFSAUTH_GROUPS;
2705
2706 p = opts;
2707
2708 while (*p) {
2709 switch (getsubopt(&p, optlist, &val)) {
2710
2711 case OPT_SEC:
2712 if (match)
2713 goto done;
2714
2715 while ((f = strtok_r(val, ":", &lasts))
2716 != NULL) {
2717 if (flavor == map_flavor(f)) {
2718 match = 1;
2719 break;
2720 }
2721 val = NULL;
2722 }
2723 break;
2724
2725 case OPT_RO:
2726 if (!match)
2727 break;
2728
2729 list++;
2730 if (val != NULL)
2731 ro_val++;
2732 if (in_access_list(transp, nb, clnames, val))
2733 perm |= NFSAUTH_RO;
2734 break;
2735
2736 case OPT_RW:
2737 if (!match)
2738 break;
2739
2740 list++;
2741 if (val != NULL)
2742 rw_val++;
2743 if (in_access_list(transp, nb, clnames, val))
2744 perm |= NFSAUTH_RW;
2745 break;
2746
2747 case OPT_ROOT:
2748 /*
2749 * Check if the client is in
2750 * the root list. Only valid
2751 * for AUTH_SYS.
2752 */
2753 if (flavor != AUTH_SYS)
2754 break;
2755
2756 if (!match)
2757 break;
2758
2759 if (val == NULL || *val == '\0')
2760 break;
2761
2762 if (clnt_uid != 0)
2763 break;
2764
2765 if (in_access_list(transp, nb, clnames, val)) {
2766 perm |= NFSAUTH_ROOT;
2767 perm |= NFSAUTH_UIDMAP | NFSAUTH_GIDMAP;
2768 map_deny = B_FALSE;
2769
2770 if (perm & NFSAUTH_GROUPS) {
2771 free(*srv_gids);
2772 *srv_gids = NULL;
2773 *srv_ngids = 0;
2774 perm &= ~NFSAUTH_GROUPS;
2775 }
2776 }
2777 break;
2778
2779 case OPT_NONE:
2780 /*
2781 * Check if the client should have no access
2782 * to this share at all. This option behaves
2783 * more like "root" than either "rw" or "ro".
2784 */
2785 if (in_access_list(transp, nb, clnames, val))
2786 perm |= NFSAUTH_DENIED;
2787 break;
2788
2789 case OPT_UIDMAP: {
2790 char *c;
2791 char *n;
2792
2793 /*
2794 * The uidmap is supported for AUTH_SYS only.
2795 */
2796 if (flavor != AUTH_SYS)
2797 break;
2798
2799 if (!match || perm & NFSAUTH_UIDMAP || map_deny)
2800 break;
2801
2802 for (c = val; c != NULL; c = n) {
2803 char *s;
2804 char *al;
2805 uid_t srv;
2806
2807 n = strchr(c, '~');
2808 if (n != NULL)
2809 *n++ = '\0';
2810
2811 s = strchr(c, ':');
2812 if (s != NULL) {
2813 *s++ = '\0';
2814 al = strchr(s, ':');
2815 if (al != NULL)
2816 *al++ = '\0';
2817 }
2818
2819 if (s == NULL || al == NULL)
2820 continue;
2821
2822 if (*c == '\0') {
2823 if (clnt_uid != (uid_t)-1)
2824 continue;
2825 } else if (strcmp(c, "*") != 0) {
2826 uid_t clnt;
2827
2828 if (!get_uid(c, &clnt))
2829 continue;
2830
2831 if (clnt_uid != clnt)
2832 continue;
2833 }
2834
2835 if (*s == '\0')
2836 srv = UID_NOBODY;
2837 else if (!get_uid(s, &srv))
2838 continue;
2839 else if (srv == (uid_t)-1) {
2840 map_deny = B_TRUE;
2841 break;
2842 }
2843
2844 if (in_access_list(transp, nb, clnames, al)) {
2845 *srv_uid = srv;
2846 perm |= NFSAUTH_UIDMAP;
2847
2848 if (perm & NFSAUTH_GROUPS) {
2849 free(*srv_gids);
2850 *srv_gids = NULL;
2851 *srv_ngids = 0;
2852 perm &= ~NFSAUTH_GROUPS;
2853 }
2854
2855 break;
2856 }
2857 }
2858
2859 break;
2860 }
2861
2862 case OPT_GIDMAP: {
2863 char *c;
2864 char *n;
2865
2866 /*
2867 * The gidmap is supported for AUTH_SYS only.
2868 */
2869 if (flavor != AUTH_SYS)
2870 break;
2871
2872 if (!match || perm & NFSAUTH_GIDMAP || map_deny)
2873 break;
2874
2875 for (c = val; c != NULL; c = n) {
2876 char *s;
2877 char *al;
2878 gid_t srv;
2879
2880 n = strchr(c, '~');
2881 if (n != NULL)
2882 *n++ = '\0';
2883
2884 s = strchr(c, ':');
2885 if (s != NULL) {
2886 *s++ = '\0';
2887 al = strchr(s, ':');
2888 if (al != NULL)
2889 *al++ = '\0';
2890 }
2891
2892 if (s == NULL || al == NULL)
2893 break;
2894
2895 if (*c == '\0') {
2896 if (clnt_gid != (gid_t)-1)
2897 continue;
2898 } else if (strcmp(c, "*") != 0) {
2899 gid_t clnt;
2900
2901 if (!get_gid(c, &clnt))
2902 continue;
2903
2904 if (clnt_gid != clnt)
2905 continue;
2906 }
2907
2908 if (*s == '\0')
2909 srv = UID_NOBODY;
2910 else if (!get_gid(s, &srv))
2911 continue;
2912 else if (srv == (gid_t)-1) {
2913 map_deny = B_TRUE;
2914 break;
2915 }
2916
2917 if (in_access_list(transp, nb, clnames, al)) {
2918 *srv_gid = srv;
2919 perm |= NFSAUTH_GIDMAP;
2920
2921 if (perm & NFSAUTH_GROUPS) {
2922 free(*srv_gids);
2923 *srv_gids = NULL;
2924 *srv_ngids = 0;
2925 perm &= ~NFSAUTH_GROUPS;
2926 }
2927
2928 break;
2929 }
2930 }
2931
2932 break;
2933 }
2934
2935 default:
2936 break;
2937 }
2938 }
2939
2940 done:
2941 if (perm & NFSAUTH_ROOT) {
2942 *srv_uid = 0;
2943 *srv_gid = 0;
2944 }
2945
2946 if (map_deny)
2947 perm |= NFSAUTH_DENIED;
2948
2949 if (!(perm & NFSAUTH_UIDMAP))
2950 *srv_uid = clnt_uid;
2951 if (!(perm & NFSAUTH_GIDMAP))
2952 *srv_gid = clnt_gid;
2953
2954 /*
2955 * If no match then set the perm accordingly
2956 */
2957 if (!match || perm & NFSAUTH_DENIED) {
2958 free(opts);
2959 return (NFSAUTH_DENIED);
2960 }
2961
2962 if (list) {
2963 /*
2964 * If the client doesn't match an "ro" or "rw" list then
2965 * check if it may have access by using a different flavor.
2966 * If so, return NFSAUTH_WRONGSEC.
2967 * If not, return NFSAUTH_DENIED.
2968 */
2969 if ((perm & (NFSAUTH_RO | NFSAUTH_RW)) == 0) {
2970 if (is_wrongsec(sh, transp, nb, clnames, flavor))
2971 perm |= NFSAUTH_WRONGSEC;
2972 else
2973 perm |= NFSAUTH_DENIED;
2974 }
2975 } else {
2976 /*
2977 * The client matched a flavor entry that
2978 * has no explicit "rw" or "ro" determination.
2979 * Make sure it defaults to "rw".
2980 */
2981 perm |= NFSAUTH_RW;
2982 }
2983
2984 /*
2985 * The client may show up in both ro= and rw=
2986 * lists. If so, then turn off the RO access
2987 * bit leaving RW access.
2988 */
2989 if (perm & NFSAUTH_RO && perm & NFSAUTH_RW) {
2990 /*
2991 * Logically cover all permutations of rw=,ro=.
2992 * In the case where, rw,ro=<host> we would like
2993 * to remove RW access for the host. In all other cases
2994 * RW wins the precedence battle.
2995 */
2996 if (!rw_val && ro_val) {
2997 perm &= ~(NFSAUTH_RW);
2998 } else {
2999 perm &= ~(NFSAUTH_RO);
3000 }
3001 }
3002
3003 free(opts);
3004
3005 return (perm);
3006 }
3007
3008 void
3009 check_sharetab()
3010 {
3011 FILE *f;
3012 struct stat st;
3013 static timestruc_t last_sharetab_time;
3014 timestruc_t prev_sharetab_time;
3015 share_t *sh;
3016 struct sh_list *shp, *shp_prev;
3017 int res, c = 0;
3018
3019 /*
3020 * read in /etc/dfs/sharetab if it has changed
3021 */
3022 if (stat(SHARETAB, &st) != 0) {
3023 syslog(LOG_ERR, "Cannot stat %s: %m", SHARETAB);
3024 return;
3025 }
3026
3027 if (st.st_mtim.tv_sec == last_sharetab_time.tv_sec &&
3028 st.st_mtim.tv_nsec == last_sharetab_time.tv_nsec) {
3029 /*
3030 * No change.
3031 */
3032 return;
3033 }
3034
3035 /*
3036 * Remember the mod time, then after getting the
3037 * write lock check again. If another thread
3038 * already did the update, then there's no
3039 * work to do.
3040 */
3041 prev_sharetab_time = last_sharetab_time;
3042
3043 (void) rw_wrlock(&sharetab_lock);
3044
3045 if (prev_sharetab_time.tv_sec != last_sharetab_time.tv_sec ||
3046 prev_sharetab_time.tv_nsec != last_sharetab_time.tv_nsec) {
3047 (void) rw_unlock(&sharetab_lock);
3048 return;
3049 }
3050
3051 /*
3052 * Note that since the sharetab is now in memory
3053 * and a snapshot is taken, we no longer have to
3054 * lock the file.
3055 */
3056 f = fopen(SHARETAB, "r");
3057 if (f == NULL) {
3058 syslog(LOG_ERR, "Cannot open %s: %m", SHARETAB);
3059 (void) rw_unlock(&sharetab_lock);
3060 return;
3061 }
3062
3063 /*
3064 * Once we are sure /etc/dfs/sharetab has been
3065 * modified, flush netgroup cache entries.
3066 */
3067 netgrp_cache_flush();
3068
3069 sh_free(share_list); /* free old list */
3070 share_list = NULL;
3071
3072 while ((res = getshare(f, &sh)) > 0) {
3073 c++;
3074 if (strcmp(sh->sh_fstype, "nfs") != 0)
3075 continue;
3076
3077 shp = malloc(sizeof (*shp));
3078 if (shp == NULL)
3079 goto alloc_failed;
3080 if (share_list == NULL)
3081 share_list = shp;
3082 else
3083 /* LINTED not used before set */
3084 shp_prev->shl_next = shp;
3085 shp_prev = shp;
3086 shp->shl_next = NULL;
3087 shp->shl_sh = sharedup(sh);
3088 if (shp->shl_sh == NULL)
3089 goto alloc_failed;
3090 }
3091
3092 if (res < 0)
3093 syslog(LOG_ERR, "%s: invalid at line %d\n",
3094 SHARETAB, c + 1);
3095
3096 if (stat(SHARETAB, &st) != 0) {
3097 syslog(LOG_ERR, "Cannot stat %s: %m", SHARETAB);
3098 (void) fclose(f);
3099 (void) rw_unlock(&sharetab_lock);
3100 return;
3101 }
3102
3103 last_sharetab_time = st.st_mtim;
3104 (void) fclose(f);
3105 (void) rw_unlock(&sharetab_lock);
3106
3107 return;
3108
3109 alloc_failed:
3110
3111 syslog(LOG_ERR, "check_sharetab: no memory");
3112 sh_free(share_list);
3113 share_list = NULL;
3114 (void) fclose(f);
3115 (void) rw_unlock(&sharetab_lock);
3116 }
3117
3118 static void
3119 sh_free(struct sh_list *shp)
3120 {
3121 struct sh_list *next;
3122
3123 while (shp) {
3124 sharefree(shp->shl_sh);
3125 next = shp->shl_next;
3126 free(shp);
3127 shp = next;
3128 }
3129 }
3130
3131
3132 /*
3133 * Remove an entry from mounted list
3134 */
3135 static void
3136 umount(struct svc_req *rqstp)
3137 {
3138 char *host, *path, *remove_path;
3139 char rpath[MAXPATHLEN];
3140 struct nd_hostservlist *clnames = NULL;
3141 SVCXPRT *transp;
3142 struct netbuf *nb;
3143
3144 transp = rqstp->rq_xprt;
3145 path = NULL;
3146 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
3147 svcerr_decode(transp);
3148 return;
3149 }
3150 errno = 0;
3151 if (!svc_sendreply(transp, xdr_void, (char *)NULL))
3152 log_cant_reply(transp);
3153
3154 if (getclientsnames(transp, &nb, &clnames) != 0) {
3155 /*
3156 * Without the hostname we can't do audit or delete
3157 * this host from the mount entries.
3158 */
3159 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
3160 return;
3161 }
3162 host = clnames->h_hostservs[0].h_host;
3163
3164 if (verbose)
3165 syslog(LOG_NOTICE, "UNMOUNT: %s unmounted %s", host, path);
3166
3167 audit_mountd_umount(host, path);
3168
3169 remove_path = rpath; /* assume we will use the cannonical path */
3170 if (realpath(path, rpath) == NULL) {
3171 if (verbose)
3172 syslog(LOG_WARNING, "UNMOUNT: realpath: %s: %m ", path);
3173 remove_path = path; /* use path provided instead */
3174 }
3175
3176 mntlist_delete(host, remove_path); /* remove from mount list */
3177
3178 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
3179 netdir_free(clnames, ND_HOSTSERVLIST);
3180 }
3181
3182 /*
3183 * Remove all entries for one machine from mounted list
3184 */
3185 static void
3186 umountall(struct svc_req *rqstp)
3187 {
3188 struct nd_hostservlist *clnames = NULL;
3189 SVCXPRT *transp;
3190 char *host;
3191 struct netbuf *nb;
3192
3193 transp = rqstp->rq_xprt;
3194 if (!svc_getargs(transp, xdr_void, NULL)) {
3195 svcerr_decode(transp);
3196 return;
3197 }
3198 /*
3199 * We assume that this call is asynchronous and made via rpcbind
3200 * callit routine. Therefore return control immediately. The error
3201 * causes rpcbind to remain silent, as opposed to every machine
3202 * on the net blasting the requester with a response.
3203 */
3204 svcerr_systemerr(transp);
3205 if (getclientsnames(transp, &nb, &clnames) != 0) {
3206 /* Can't do anything without the name of the client */
3207 return;
3208 }
3209
3210 host = clnames->h_hostservs[0].h_host;
3211
3212 /*
3213 * Remove all hosts entries from mount list
3214 */
3215 mntlist_delete_all(host);
3216
3217 if (verbose)
3218 syslog(LOG_NOTICE, "UNMOUNTALL: from %s", host);
3219
3220 netdir_free(clnames, ND_HOSTSERVLIST);
3221 }
3222
3223 void *
3224 exmalloc(size_t size)
3225 {
3226 void *ret;
3227
3228 if ((ret = malloc(size)) == NULL) {
3229 syslog(LOG_ERR, "Out of memory");
3230 exit(1);
3231 }
3232 return (ret);
3233 }
3234
3235 static tsol_tpent_t *
3236 get_client_template(struct sockaddr *sock)
3237 {
3238 in_addr_t v4client;
3239 in6_addr_t v6client;
3240 char v4_addr[INET_ADDRSTRLEN];
3241 char v6_addr[INET6_ADDRSTRLEN];
3242 tsol_rhent_t *rh;
3243 tsol_tpent_t *tp;
3244
3245 switch (sock->sa_family) {
3246 case AF_INET:
3247 v4client = ((struct sockaddr_in *)(void *)sock)->
3248 sin_addr.s_addr;
3249 if (inet_ntop(AF_INET, &v4client, v4_addr, INET_ADDRSTRLEN) ==
3250 NULL)
3251 return (NULL);
3252 rh = tsol_getrhbyaddr(v4_addr, sizeof (v4_addr), AF_INET);
3253 if (rh == NULL)
3254 return (NULL);
3255 tp = tsol_gettpbyname(rh->rh_template);
3256 tsol_freerhent(rh);
3257 return (tp);
3258 break;
3259 case AF_INET6:
3260 v6client = ((struct sockaddr_in6 *)(void *)sock)->sin6_addr;
3261 if (inet_ntop(AF_INET6, &v6client, v6_addr, INET6_ADDRSTRLEN) ==
3262 NULL)
3263 return (NULL);
3264 rh = tsol_getrhbyaddr(v6_addr, sizeof (v6_addr), AF_INET6);
3265 if (rh == NULL)
3266 return (NULL);
3267 tp = tsol_gettpbyname(rh->rh_template);
3268 tsol_freerhent(rh);
3269 return (tp);
3270 break;
3271 default:
3272 return (NULL);
3273 }
3274 }
Community developed and maintained version of the OS/Net consolidation