search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
5296 Support for more than 16 groups with AUTH_SYS
[illumos-gate.git] / usr / src / cmd / fs.d / nfs / mountd / mountd.c
blob0d9ac76d30569f7c4eefc82d3da40eae1fa72cf9
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
25 */
26
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29
30 /*
31 * Portions of this source code were derived from Berkeley 4.3 BSD
32 * under license from the Regents of the University of California.
33 */
34
35 #include <stdio.h>
36 #include <stdio_ext.h>
37 #include <stdlib.h>
38 #include <ctype.h>
39 #include <sys/types.h>
40 #include <string.h>
41 #include <syslog.h>
42 #include <sys/param.h>
43 #include <rpc/rpc.h>
44 #include <sys/stat.h>
45 #include <netconfig.h>
46 #include <netdir.h>
47 #include <sys/file.h>
48 #include <sys/time.h>
49 #include <sys/errno.h>
50 #include <rpcsvc/mount.h>
51 #include <sys/pathconf.h>
52 #include <sys/systeminfo.h>
53 #include <sys/utsname.h>
54 #include <sys/wait.h>
55 #include <sys/resource.h>
56 #include <signal.h>
57 #include <locale.h>
58 #include <unistd.h>
59 #include <errno.h>
60 #include <sys/socket.h>
61 #include <netinet/in.h>
62 #include <arpa/inet.h>
63 #include <netdb.h>
64 #include <thread.h>
65 #include <assert.h>
66 #include <priv_utils.h>
67 #include <nfs/auth.h>
68 #include <nfs/nfssys.h>
69 #include <nfs/nfs.h>
70 #include <nfs/nfs_sec.h>
71 #include <rpcsvc/daemon_utils.h>
72 #include <deflt.h>
73 #include "../../fslib.h"
74 #include <sharefs/share.h>
75 #include <sharefs/sharetab.h>
76 #include "../lib/sharetab.h"
77 #include "mountd.h"
78 #include <tsol/label.h>
79 #include <sys/tsol/label_macro.h>
80 #include <libtsnet.h>
81 #include <sys/sdt.h>
82 #include <libscf.h>
83 #include <limits.h>
84 #include <sys/nvpair.h>
85 #include <attr.h>
86 #include "smfcfg.h"
87 #include <pwd.h>
88 #include <grp.h>
89 #include <alloca.h>
90
91 extern int daemonize_init(void);
92 extern void daemonize_fini(int fd);
93
94 struct sh_list *share_list;
95
96 rwlock_t sharetab_lock; /* lock to protect the cached sharetab */
97 static mutex_t mnttab_lock; /* prevent concurrent mnttab readers */
98
99 static mutex_t logging_queue_lock;
100 static cond_t logging_queue_cv;
101
102 static share_t *find_lofsentry(char *, int *);
103 static int getclientsnames_lazy(char *, struct netbuf **,
104 struct nd_hostservlist **);
105 static int getclientsnames(SVCXPRT *, struct netbuf **,
106 struct nd_hostservlist **);
107 static int getclientsflavors_old(share_t *, SVCXPRT *, struct netbuf **,
108 struct nd_hostservlist **, int *);
109 static int getclientsflavors_new(share_t *, SVCXPRT *, struct netbuf **,
110 struct nd_hostservlist **, int *);
111 static int check_client_old(share_t *, SVCXPRT *, struct netbuf **,
112 struct nd_hostservlist **, int, uid_t, gid_t, uint_t, gid_t *, uid_t *,
113 gid_t *, uint_t *, gid_t **);
114 static int check_client_new(share_t *, SVCXPRT *, struct netbuf **,
115 struct nd_hostservlist **, int, uid_t, gid_t, uint_t, gid_t *, uid_t *,
116 gid_t *i, uint_t *, gid_t **);
117 static void mnt(struct svc_req *, SVCXPRT *);
118 static void mnt_pathconf(struct svc_req *);
119 static int mount(struct svc_req *r);
120 static void sh_free(struct sh_list *);
121 static void umount(struct svc_req *);
122 static void umountall(struct svc_req *);
123 static void sigexit(int);
124 static int newopts(char *);
125 static tsol_tpent_t *get_client_template(struct sockaddr *);
126
127 static int verbose;
128 static int rejecting;
129 static int mount_vers_min = MOUNTVERS;
130 static int mount_vers_max = MOUNTVERS3;
131
132 /* Needs to be accessed by nfscmd.c */
133 int in_access_list(SVCXPRT *, struct netbuf **,
134 struct nd_hostservlist **, char *);
135
136 extern void nfscmd_func(void *, char *, size_t, door_desc_t *, uint_t);
137
138 thread_t nfsauth_thread;
139 thread_t cmd_thread;
140 thread_t logging_thread;
141
142 typedef struct logging_data {
143 char *ld_host;
144 char *ld_path;
145 char *ld_rpath;
146 int ld_status;
147 char *ld_netid;
148 struct netbuf *ld_nb;
149 struct logging_data *ld_next;
150 } logging_data;
151
152 static logging_data *logging_head = NULL;
153 static logging_data *logging_tail = NULL;
154
155 /*
156 * Our copy of some system variables obtained using sysconf(3c)
157 */
158 static long ngroups_max; /* _SC_NGROUPS_MAX */
159 static long pw_size; /* _SC_GETPW_R_SIZE_MAX */
160
161 /* ARGSUSED */
162 static void *
163 nfsauth_svc(void *arg)
164 {
165 int doorfd = -1;
166 uint_t darg;
167 #ifdef DEBUG
168 int dfd;
169 #endif
170
171 if ((doorfd = door_create(nfsauth_func, NULL,
172 DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
173 syslog(LOG_ERR, "Unable to create door: %m\n");
174 exit(10);
175 }
176
177 #ifdef DEBUG
178 /*
179 * Create a file system path for the door
180 */
181 if ((dfd = open(MOUNTD_DOOR, O_RDWR|O_CREAT|O_TRUNC,
182 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
183 syslog(LOG_ERR, "Unable to open %s: %m\n", MOUNTD_DOOR);
184 (void) close(doorfd);
185 exit(11);
186 }
187
188 /*
189 * Clean up any stale namespace associations
190 */
191 (void) fdetach(MOUNTD_DOOR);
192
193 /*
194 * Register in namespace to pass to the kernel to door_ki_open
195 */
196 if (fattach(doorfd, MOUNTD_DOOR) == -1) {
197 syslog(LOG_ERR, "Unable to fattach door: %m\n");
198 (void) close(dfd);
199 (void) close(doorfd);
200 exit(12);
201 }
202 (void) close(dfd);
203 #endif
204
205 /*
206 * Must pass the doorfd down to the kernel.
207 */
208 darg = doorfd;
209 (void) _nfssys(MOUNTD_ARGS, &darg);
210
211 /*
212 * Wait for incoming calls
213 */
214 /*CONSTCOND*/
215 for (;;)
216 (void) pause();
217
218 /*NOTREACHED*/
219 syslog(LOG_ERR, gettext("Door server exited"));
220 return (NULL);
221 }
222
223 /*
224 * NFS command service thread code for setup and handling of the
225 * nfs_cmd requests for character set conversion and other future
226 * events.
227 */
228
229 static void *
230 cmd_svc(void *arg)
231 {
232 int doorfd = -1;
233 uint_t darg;
234
235 if ((doorfd = door_create(nfscmd_func, NULL,
236 DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) == -1) {
237 syslog(LOG_ERR, "Unable to create cmd door: %m\n");
238 exit(10);
239 }
240
241 /*
242 * Must pass the doorfd down to the kernel.
243 */
244 darg = doorfd;
245 (void) _nfssys(NFSCMD_ARGS, &darg);
246
247 /*
248 * Wait for incoming calls
249 */
250 /*CONSTCOND*/
251 for (;;)
252 (void) pause();
253
254 /*NOTREACHED*/
255 syslog(LOG_ERR, gettext("Cmd door server exited"));
256 return (NULL);
257 }
258
259 static void
260 free_logging_data(logging_data *lq)
261 {
262 if (lq != NULL) {
263 free(lq->ld_host);
264 free(lq->ld_netid);
265
266 if (lq->ld_nb != NULL) {
267 free(lq->ld_nb->buf);
268 free(lq->ld_nb);
269 }
270
271 free(lq->ld_path);
272 free(lq->ld_rpath);
273
274 free(lq);
275 }
276 }
277
278 static logging_data *
279 remove_head_of_queue(void)
280 {
281 logging_data *lq;
282
283 /*
284 * Pull it off the queue.
285 */
286 lq = logging_head;
287 if (lq) {
288 logging_head = lq->ld_next;
289
290 /*
291 * Drained it.
292 */
293 if (logging_head == NULL) {
294 logging_tail = NULL;
295 }
296 }
297
298 return (lq);
299 }
300
301 static void
302 do_logging_queue(logging_data *lq)
303 {
304 int cleared = 0;
305 char *host;
306
307 struct nd_hostservlist *clnames;
308
309 while (lq) {
310 if (lq->ld_host == NULL) {
311 DTRACE_PROBE(mountd, name_by_lazy);
312 if (getclientsnames_lazy(lq->ld_netid,
313 &lq->ld_nb, &clnames) != 0)
314 host = NULL;
315 else
316 host = clnames->h_hostservs[0].h_host;
317 } else
318 host = lq->ld_host;
319
320 audit_mountd_mount(host, lq->ld_path, lq->ld_status); /* BSM */
321
322 /* add entry to mount list */
323 if (lq->ld_rpath)
324 mntlist_new(host, lq->ld_rpath);
325
326 if (lq->ld_host != host)
327 netdir_free(clnames, ND_HOSTSERVLIST);
328
329 free_logging_data(lq);
330 cleared++;
331
332 (void) mutex_lock(&logging_queue_lock);
333 lq = remove_head_of_queue();
334 (void) mutex_unlock(&logging_queue_lock);
335 }
336
337 DTRACE_PROBE1(mountd, logging_cleared, cleared);
338 }
339
340 static void *
341 logging_svc(void *arg)
342 {
343 logging_data *lq;
344
345 for (;;) {
346 (void) mutex_lock(&logging_queue_lock);
347 while (logging_head == NULL) {
348 (void) cond_wait(&logging_queue_cv,
349 &logging_queue_lock);
350 }
351
352 lq = remove_head_of_queue();
353 (void) mutex_unlock(&logging_queue_lock);
354
355 do_logging_queue(lq);
356 }
357
358 /*NOTREACHED*/
359 syslog(LOG_ERR, gettext("Logging server exited"));
360 return (NULL);
361 }
362
363 static int
364 convert_int(int *val, char *str)
365 {
366 long lval;
367
368 if (str == NULL || !isdigit(*str))
369 return (-1);
370
371 lval = strtol(str, &str, 10);
372 if (*str != '\0' || lval > INT_MAX)
373 return (-2);
374
375 *val = (int)lval;
376 return (0);
377 }
378
379 int
380 main(int argc, char *argv[])
381 {
382 int pid;
383 int c;
384 int rpc_svc_fdunlim = 1;
385 int rpc_svc_mode = RPC_SVC_MT_AUTO;
386 int maxrecsz = RPC_MAXDATASIZE;
387 bool_t exclbind = TRUE;
388 bool_t can_do_mlp;
389 long thr_flags = (THR_NEW_LWP|THR_DAEMON);
390 char defval[4];
391 int defvers, ret, bufsz;
392 struct rlimit rl;
393 int listen_backlog = 0;
394 int max_threads = 0;
395 int tmp;
396
397 int pipe_fd = -1;
398
399 /*
400 * Mountd requires uid 0 for:
401 * /etc/rmtab updates (we could chown it to daemon)
402 * /etc/dfs/dfstab reading (it wants to lock out share which
403 * doesn't do any locking before first truncate;
404 * NFS share does; should use fcntl locking instead)
405 * Needed privileges:
406 * auditing
407 * nfs syscall
408 * file dac search (so it can stat all files)
409 * Optional privileges:
410 * MLP
411 */
412 can_do_mlp = priv_ineffect(PRIV_NET_BINDMLP);
413 if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET, -1, -1,
414 PRIV_SYS_NFS, PRIV_PROC_AUDIT, PRIV_FILE_DAC_SEARCH,
415 can_do_mlp ? PRIV_NET_BINDMLP : NULL, NULL) == -1) {
416 (void) fprintf(stderr,
417 "%s: must be run with sufficient privileges\n",
418 argv[0]);
419 exit(1);
420 }
421
422 if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
423 syslog(LOG_ERR, "getrlimit failed");
424 } else {
425 rl.rlim_cur = rl.rlim_max;
426 if (setrlimit(RLIMIT_NOFILE, &rl) != 0)
427 syslog(LOG_ERR, "setrlimit failed");
428 }
429
430 (void) enable_extended_FILE_stdio(-1, -1);
431
432 ret = nfs_smf_get_iprop("mountd_max_threads", &max_threads,
433 DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD);
434 if (ret != SA_OK) {
435 syslog(LOG_ERR, "Reading of mountd_max_threads from SMF "
436 "failed, using default value");
437 }
438
439 while ((c = getopt(argc, argv, "vrm:")) != EOF) {
440 switch (c) {
441 case 'v':
442 verbose++;
443 break;
444 case 'r':
445 rejecting = 1;
446 break;
447 case 'm':
448 if (convert_int(&tmp, optarg) != 0 || tmp < 1) {
449 (void) fprintf(stderr, "%s: invalid "
450 "max_threads option, using defaults\n",
451 argv[0]);
452 break;
453 }
454 max_threads = tmp;
455 break;
456 default:
457 fprintf(stderr, "usage: mountd [-v] [-r]\n");
458 exit(1);
459 }
460 }
461
462 /*
463 * Read in the NFS version values from config file.
464 */
465 bufsz = 4;
466 ret = nfs_smf_get_prop("server_versmin", defval, DEFAULT_INSTANCE,
467 SCF_TYPE_INTEGER, NFSD, &bufsz);
468 if (ret == SA_OK) {
469 errno = 0;
470 defvers = strtol(defval, (char **)NULL, 10);
471 if (errno == 0) {
472 mount_vers_min = defvers;
473 /*
474 * special because NFSv2 is
475 * supported by mount v1 & v2
476 */
477 if (defvers == NFS_VERSION)
478 mount_vers_min = MOUNTVERS;
479 }
480 }
481
482 bufsz = 4;
483 ret = nfs_smf_get_prop("server_versmax", defval, DEFAULT_INSTANCE,
484 SCF_TYPE_INTEGER, NFSD, &bufsz);
485 if (ret == SA_OK) {
486 errno = 0;
487 defvers = strtol(defval, (char **)NULL, 10);
488 if (errno == 0) {
489 mount_vers_max = defvers;
490 }
491 }
492
493 ret = nfs_smf_get_iprop("mountd_listen_backlog", &listen_backlog,
494 DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD);
495 if (ret != SA_OK) {
496 syslog(LOG_ERR, "Reading of mountd_listen_backlog from SMF "
497 "failed, using default value");
498 }
499
500 /*
501 * Sanity check versions,
502 * even though we may get versions > MOUNTVERS3, we still need
503 * to start nfsauth service, so continue on regardless of values.
504 */
505 if (mount_vers_min > mount_vers_max) {
506 fprintf(stderr, "server_versmin > server_versmax\n");
507 mount_vers_max = mount_vers_min;
508 }
509 (void) setlocale(LC_ALL, "");
510 (void) rwlock_init(&sharetab_lock, USYNC_THREAD, NULL);
511 (void) mutex_init(&mnttab_lock, USYNC_THREAD, NULL);
512 (void) mutex_init(&logging_queue_lock, USYNC_THREAD, NULL);
513 (void) cond_init(&logging_queue_cv, USYNC_THREAD, NULL);
514
515 netgroup_init();
516
517 #if !defined(TEXT_DOMAIN)
518 #define TEXT_DOMAIN "SYS_TEST"
519 #endif
520 (void) textdomain(TEXT_DOMAIN);
521
522 /* Don't drop core if the NFS module isn't loaded. */
523 (void) signal(SIGSYS, SIG_IGN);
524
525 pipe_fd = daemonize_init();
526
527 /*
528 * If we coredump it'll be in /core
529 */
530 if (chdir("/") < 0)
531 fprintf(stderr, "chdir /: %s\n", strerror(errno));
532
533 openlog("mountd", LOG_PID, LOG_DAEMON);
534
535 /*
536 * establish our lock on the lock file and write our pid to it.
537 * exit if some other process holds the lock, or if there's any
538 * error in writing/locking the file.
539 */
540 pid = _enter_daemon_lock(MOUNTD);
541 switch (pid) {
542 case 0:
543 break;
544 case -1:
545 fprintf(stderr, "error locking for %s: %s\n", MOUNTD,
546 strerror(errno));
547 exit(2);
548 default:
549 /* daemon was already running */
550 exit(0);
551 }
552
553 audit_mountd_setup(); /* BSM */
554
555 /*
556 * Get required system variables
557 */
558 if ((ngroups_max = sysconf(_SC_NGROUPS_MAX)) == -1) {
559 syslog(LOG_ERR, "Unable to get _SC_NGROUPS_MAX");
560 exit(1);
561 }
562 if ((pw_size = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
563 syslog(LOG_ERR, "Unable to get _SC_GETPW_R_SIZE_MAX");
564 exit(1);
565 }
566
567 /*
568 * Set number of file descriptors to unlimited
569 */
570 if (!rpc_control(RPC_SVC_USE_POLLFD, &rpc_svc_fdunlim)) {
571 syslog(LOG_INFO, "unable to set number of FDs to unlimited");
572 }
573
574 /*
575 * Tell RPC that we want automatic thread mode.
576 * A new thread will be spawned for each request.
577 */
578 if (!rpc_control(RPC_SVC_MTMODE_SET, &rpc_svc_mode)) {
579 fprintf(stderr, "unable to set automatic MT mode\n");
580 exit(1);
581 }
582
583 /*
584 * Enable non-blocking mode and maximum record size checks for
585 * connection oriented transports.
586 */
587 if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrecsz)) {
588 fprintf(stderr, "unable to set RPC max record size\n");
589 }
590
591 /*
592 * Prevent our non-priv udp and tcp ports bound w/wildcard addr
593 * from being hijacked by a bind to a more specific addr.
594 */
595 if (!rpc_control(__RPC_SVC_EXCLBIND_SET, &exclbind)) {
596 fprintf(stderr, "warning: unable to set udp/tcp EXCLBIND\n");
597 }
598
599 /*
600 * Set the maximum number of outstanding connection
601 * indications (listen backlog) to the value specified.
602 */
603 if (listen_backlog > 0 && !rpc_control(__RPC_SVC_LSTNBKLOG_SET,
604 &listen_backlog)) {
605 fprintf(stderr, "unable to set listen backlog\n");
606 exit(1);
607 }
608
609 /*
610 * If max_threads was specified, then set the
611 * maximum number of threads to the value specified.
612 */
613 if (max_threads > 0 && !rpc_control(RPC_SVC_THRMAX_SET, &max_threads)) {
614 fprintf(stderr, "unable to set max_threads\n");
615 exit(1);
616 }
617
618 /*
619 * Make sure to unregister any previous versions in case the
620 * user is reconfiguring the server in interesting ways.
621 */
622 svc_unreg(MOUNTPROG, MOUNTVERS);
623 svc_unreg(MOUNTPROG, MOUNTVERS_POSIX);
624 svc_unreg(MOUNTPROG, MOUNTVERS3);
625
626 /*
627 * Create the nfsauth thread with same signal disposition
628 * as the main thread. We need to create a separate thread
629 * since mountd() will be both an RPC server (for remote
630 * traffic) _and_ a doors server (for kernel upcalls).
631 */
632 if (thr_create(NULL, 0, nfsauth_svc, 0, thr_flags, &nfsauth_thread)) {
633 fprintf(stderr,
634 gettext("Failed to create NFSAUTH svc thread\n"));
635 exit(2);
636 }
637
638 /*
639 * Create the cmd service thread with same signal disposition
640 * as the main thread. We need to create a separate thread
641 * since mountd() will be both an RPC server (for remote
642 * traffic) _and_ a doors server (for kernel upcalls).
643 */
644 if (thr_create(NULL, 0, cmd_svc, 0, thr_flags, &cmd_thread)) {
645 syslog(LOG_ERR, gettext("Failed to create CMD svc thread"));
646 exit(2);
647 }
648
649 /*
650 * Create an additional thread to service the rmtab and
651 * audit_mountd_mount logging for mount requests. Use the same
652 * signal disposition as the main thread. We create
653 * a separate thread to allow the mount request threads to
654 * clear as soon as possible.
655 */
656 if (thr_create(NULL, 0, logging_svc, 0, thr_flags, &logging_thread)) {
657 syslog(LOG_ERR, gettext("Failed to create LOGGING svc thread"));
658 exit(2);
659 }
660
661 /*
662 * Create datagram and connection oriented services
663 */
664 if (mount_vers_max >= MOUNTVERS) {
665 if (svc_create(mnt, MOUNTPROG, MOUNTVERS, "datagram_v") == 0) {
666 fprintf(stderr,
667 "couldn't register datagram_v MOUNTVERS\n");
668 exit(1);
669 }
670 if (svc_create(mnt, MOUNTPROG, MOUNTVERS, "circuit_v") == 0) {
671 fprintf(stderr,
672 "couldn't register circuit_v MOUNTVERS\n");
673 exit(1);
674 }
675 }
676
677 if (mount_vers_max >= MOUNTVERS_POSIX) {
678 if (svc_create(mnt, MOUNTPROG, MOUNTVERS_POSIX,
679 "datagram_v") == 0) {
680 fprintf(stderr,
681 "couldn't register datagram_v MOUNTVERS_POSIX\n");
682 exit(1);
683 }
684 if (svc_create(mnt, MOUNTPROG, MOUNTVERS_POSIX,
685 "circuit_v") == 0) {
686 fprintf(stderr,
687 "couldn't register circuit_v MOUNTVERS_POSIX\n");
688 exit(1);
689 }
690 }
691
692 if (mount_vers_max >= MOUNTVERS3) {
693 if (svc_create(mnt, MOUNTPROG, MOUNTVERS3, "datagram_v") == 0) {
694 fprintf(stderr,
695 "couldn't register datagram_v MOUNTVERS3\n");
696 exit(1);
697 }
698 if (svc_create(mnt, MOUNTPROG, MOUNTVERS3, "circuit_v") == 0) {
699 fprintf(stderr,
700 "couldn't register circuit_v MOUNTVERS3\n");
701 exit(1);
702 }
703 }
704
705 /*
706 * Start serving
707 */
708 rmtab_load();
709
710 daemonize_fini(pipe_fd);
711
712 /* Get rid of the most dangerous basic privileges. */
713 __fini_daemon_priv(PRIV_PROC_EXEC, PRIV_PROC_INFO, PRIV_PROC_SESSION,
714 (char *)NULL);
715
716 svc_run();
717 syslog(LOG_ERR, "Error: svc_run shouldn't have returned");
718 abort();
719
720 /* NOTREACHED */
721 return (0);
722 }
723
724 /*
725 * Server procedure switch routine
726 */
727 void
728 mnt(struct svc_req *rqstp, SVCXPRT *transp)
729 {
730 switch (rqstp->rq_proc) {
731 case NULLPROC:
732 errno = 0;
733 if (!svc_sendreply(transp, xdr_void, (char *)0))
734 log_cant_reply(transp);
735 return;
736
737 case MOUNTPROC_MNT:
738 (void) mount(rqstp);
739 return;
740
741 case MOUNTPROC_DUMP:
742 mntlist_send(transp);
743 return;
744
745 case MOUNTPROC_UMNT:
746 umount(rqstp);
747 return;
748
749 case MOUNTPROC_UMNTALL:
750 umountall(rqstp);
751 return;
752
753 case MOUNTPROC_EXPORT:
754 case MOUNTPROC_EXPORTALL:
755 export(rqstp);
756 return;
757
758 case MOUNTPROC_PATHCONF:
759 if (rqstp->rq_vers == MOUNTVERS_POSIX)
760 mnt_pathconf(rqstp);
761 else
762 svcerr_noproc(transp);
763 return;
764
765 default:
766 svcerr_noproc(transp);
767 return;
768 }
769 }
770
771 /* Set up anonymous client */
772
773 struct nd_hostservlist *
774 anon_client(char *host)
775 {
776 struct nd_hostservlist *anon_hsl;
777 struct nd_hostserv *anon_hs;
778
779 anon_hsl = malloc(sizeof (*anon_hsl));
780 if (anon_hsl == NULL)
781 return (NULL);
782
783 anon_hs = malloc(sizeof (*anon_hs));
784 if (anon_hs == NULL) {
785 free(anon_hsl);
786 return (NULL);
787 }
788
789 if (host == NULL)
790 anon_hs->h_host = strdup("(anon)");
791 else
792 anon_hs->h_host = strdup(host);
793
794 if (anon_hs->h_host == NULL) {
795 free(anon_hs);
796 free(anon_hsl);
797 return (NULL);
798 }
799 anon_hs->h_serv = '\0';
800
801 anon_hsl->h_cnt = 1;
802 anon_hsl->h_hostservs = anon_hs;
803
804 return (anon_hsl);
805 }
806
807 static int
808 getclientsnames_common(struct netconfig *nconf, struct netbuf **nbuf,
809 struct nd_hostservlist **serv)
810 {
811 char host[MAXIPADDRLEN];
812
813 assert(*nbuf != NULL);
814
815 /*
816 * Use the this API instead of the netdir_getbyaddr()
817 * to avoid service lookup.
818 */
819 if (__netdir_getbyaddr_nosrv(nconf, serv, *nbuf) != 0) {
820 if (strcmp(nconf->nc_protofmly, NC_INET) == 0) {
821 struct sockaddr_in *sa;
822
823 /* LINTED pointer alignment */
824 sa = (struct sockaddr_in *)((*nbuf)->buf);
825 (void) inet_ntoa_r(sa->sin_addr, host);
826 } else if (strcmp(nconf->nc_protofmly, NC_INET6) == 0) {
827 struct sockaddr_in6 *sa;
828
829 /* LINTED pointer alignment */
830 sa = (struct sockaddr_in6 *)((*nbuf)->buf);
831 (void) inet_ntop(AF_INET6, sa->sin6_addr.s6_addr,
832 host, INET6_ADDRSTRLEN);
833 } else {
834 syslog(LOG_ERR, gettext(
835 "Client's address is neither IPv4 nor IPv6"));
836 return (EINVAL);
837 }
838
839 *serv = anon_client(host);
840 if (*serv == NULL)
841 return (ENOMEM);
842 }
843
844 assert(*serv != NULL);
845 return (0);
846 }
847
848 /*
849 * Get the client's hostname from the copy of the
850 * relevant transport handle parts.
851 * If the name is not available then return "(anon)".
852 */
853 static int
854 getclientsnames_lazy(char *netid, struct netbuf **nbuf,
855 struct nd_hostservlist **serv)
856 {
857 struct netconfig *nconf;
858 int rc;
859
860 nconf = getnetconfigent(netid);
861 if (nconf == NULL) {
862 syslog(LOG_ERR, "%s: getnetconfigent failed", netid);
863 *serv = anon_client(NULL);
864 if (*serv == NULL)
865 return (ENOMEM);
866 return (0);
867 }
868
869 rc = getclientsnames_common(nconf, nbuf, serv);
870 freenetconfigent(nconf);
871 return (rc);
872 }
873
874 /*
875 * Get the client's hostname from the transport handle.
876 * If the name is not available then return "(anon)".
877 */
878 int
879 getclientsnames(SVCXPRT *transp, struct netbuf **nbuf,
880 struct nd_hostservlist **serv)
881 {
882 struct netconfig *nconf;
883 int rc;
884
885 nconf = getnetconfigent(transp->xp_netid);
886 if (nconf == NULL) {
887 syslog(LOG_ERR, "%s: getnetconfigent failed",
888 transp->xp_netid);
889 *serv = anon_client(NULL);
890 if (*serv == NULL)
891 return (ENOMEM);
892 return (0);
893 }
894
895 *nbuf = svc_getrpccaller(transp);
896 if (*nbuf == NULL) {
897 freenetconfigent(nconf);
898 *serv = anon_client(NULL);
899 if (*serv == NULL)
900 return (ENOMEM);
901 return (0);
902 }
903
904 rc = getclientsnames_common(nconf, nbuf, serv);
905 freenetconfigent(nconf);
906 return (rc);
907 }
908
909 void
910 log_cant_reply(SVCXPRT *transp)
911 {
912 int saverrno;
913 struct nd_hostservlist *clnames = NULL;
914 register char *host;
915 struct netbuf *nb;
916
917 saverrno = errno; /* save error code */
918 if (getclientsnames(transp, &nb, &clnames) != 0)
919 return;
920 host = clnames->h_hostservs->h_host;
921
922 errno = saverrno;
923 if (errno == 0)
924 syslog(LOG_ERR, "couldn't send reply to %s", host);
925 else
926 syslog(LOG_ERR, "couldn't send reply to %s: %m", host);
927
928 netdir_free(clnames, ND_HOSTSERVLIST);
929 }
930
931 /*
932 * Answer pathconf questions for the mount point fs
933 */
934 static void
935 mnt_pathconf(struct svc_req *rqstp)
936 {
937 SVCXPRT *transp;
938 struct pathcnf p;
939 char *path, rpath[MAXPATHLEN];
940 struct stat st;
941
942 transp = rqstp->rq_xprt;
943 path = NULL;
944 (void) memset((caddr_t)&p, 0, sizeof (p));
945
946 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
947 svcerr_decode(transp);
948 return;
949 }
950 if (lstat(path, &st) < 0) {
951 _PC_SET(_PC_ERROR, p.pc_mask);
952 goto done;
953 }
954 /*
955 * Get a path without symbolic links.
956 */
957 if (realpath(path, rpath) == NULL) {
958 syslog(LOG_DEBUG,
959 "mount request: realpath failed on %s: %m",
960 path);
961 _PC_SET(_PC_ERROR, p.pc_mask);
962 goto done;
963 }
964 (void) memset((caddr_t)&p, 0, sizeof (p));
965 /*
966 * can't ask about devices over NFS
967 */
968 _PC_SET(_PC_MAX_CANON, p.pc_mask);
969 _PC_SET(_PC_MAX_INPUT, p.pc_mask);
970 _PC_SET(_PC_PIPE_BUF, p.pc_mask);
971 _PC_SET(_PC_VDISABLE, p.pc_mask);
972
973 errno = 0;
974 p.pc_link_max = pathconf(rpath, _PC_LINK_MAX);
975 if (errno)
976 _PC_SET(_PC_LINK_MAX, p.pc_mask);
977 p.pc_name_max = pathconf(rpath, _PC_NAME_MAX);
978 if (errno)
979 _PC_SET(_PC_NAME_MAX, p.pc_mask);
980 p.pc_path_max = pathconf(rpath, _PC_PATH_MAX);
981 if (errno)
982 _PC_SET(_PC_PATH_MAX, p.pc_mask);
983 if (pathconf(rpath, _PC_NO_TRUNC) == 1)
984 _PC_SET(_PC_NO_TRUNC, p.pc_mask);
985 if (pathconf(rpath, _PC_CHOWN_RESTRICTED) == 1)
986 _PC_SET(_PC_CHOWN_RESTRICTED, p.pc_mask);
987
988 done:
989 errno = 0;
990 if (!svc_sendreply(transp, xdr_ppathcnf, (char *)&p))
991 log_cant_reply(transp);
992 if (path != NULL)
993 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
994 }
995
996 /*
997 * If the rootmount (export) option is specified, the all mount requests for
998 * subdirectories return EACCES.
999 */
1000 static int
1001 checkrootmount(share_t *sh, char *rpath)
1002 {
1003 char *val;
1004
1005 if ((val = getshareopt(sh->sh_opts, SHOPT_NOSUB)) != NULL) {
1006 free(val);
1007 if (strcmp(sh->sh_path, rpath) != 0)
1008 return (0);
1009 else
1010 return (1);
1011 } else
1012 return (1);
1013 }
1014
1015 #define MAX_FLAVORS 128
1016
1017 /*
1018 * Return only EACCES if client does not have access
1019 * to this directory.
1020 * "If the server exports only /a/b, an attempt to
1021 * mount a/b/c will fail with ENOENT if the directory
1022 * does not exist"... However, if the client
1023 * does not have access to /a/b, an attacker can
1024 * determine whether the directory exists.
1025 * This routine checks either existence of the file or
1026 * existence of the file name entry in the mount table.
1027 * If the file exists and there is no file name entry,
1028 * the error returned should be EACCES.
1029 * If the file does not exist, it must be determined
1030 * whether the client has access to a parent
1031 * directory. If the client has access to a parent
1032 * directory, the error returned should be ENOENT,
1033 * otherwise EACCES.
1034 */
1035 static int
1036 mount_enoent_error(SVCXPRT *transp, char *path, char *rpath,
1037 struct nd_hostservlist **clnames, struct netbuf **nb, int *flavor_list)
1038 {
1039 char *checkpath, *dp;
1040 share_t *sh = NULL;
1041 int realpath_error = ENOENT, reply_error = EACCES, lofs_tried = 0;
1042 int flavor_count;
1043
1044 checkpath = strdup(path);
1045 if (checkpath == NULL) {
1046 syslog(LOG_ERR, "mount_enoent: no memory");
1047 return (EACCES);
1048 }
1049
1050 /* CONSTCOND */
1051 while (1) {
1052 if (sh) {
1053 sharefree(sh);
1054 sh = NULL;
1055 }
1056
1057 if ((sh = findentry(rpath)) == NULL &&
1058 (sh = find_lofsentry(rpath, &lofs_tried)) == NULL) {
1059 /*
1060 * There is no file name entry.
1061 * If the file (with symbolic links resolved) exists,
1062 * the error returned should be EACCES.
1063 */
1064 if (realpath_error == 0)
1065 break;
1066 } else if (checkrootmount(sh, rpath) == 0) {
1067 /*
1068 * This is a "nosub" only export, in which case,
1069 * mounting subdirectories isn't allowed.
1070 * If the file (with symbolic links resolved) exists,
1071 * the error returned should be EACCES.
1072 */
1073 if (realpath_error == 0)
1074 break;
1075 } else {
1076 /*
1077 * Check permissions in mount table.
1078 */
1079 if (newopts(sh->sh_opts))
1080 flavor_count = getclientsflavors_new(sh,
1081 transp, nb, clnames, flavor_list);
1082 else
1083 flavor_count = getclientsflavors_old(sh,
1084 transp, nb, clnames, flavor_list);
1085 if (flavor_count != 0) {
1086 /*
1087 * Found entry in table and
1088 * client has correct permissions.
1089 */
1090 reply_error = ENOENT;
1091 break;
1092 }
1093 }
1094
1095 /*
1096 * Check all parent directories.
1097 */
1098 dp = strrchr(checkpath, '/');
1099 if (dp == NULL)
1100 break;
1101 *dp = '\0';
1102 if (strlen(checkpath) == 0)
1103 break;
1104 /*
1105 * Get the real path (no symbolic links in it)
1106 */
1107 if (realpath(checkpath, rpath) == NULL) {
1108 if (errno != ENOENT)
1109 break;
1110 } else {
1111 realpath_error = 0;
1112 }
1113 }
1114
1115 if (sh)
1116 sharefree(sh);
1117 free(checkpath);
1118 return (reply_error);
1119 }
1120
1121 /*
1122 * We need to inform the caller whether or not we were
1123 * able to add a node to the queue. If we are not, then
1124 * it is up to the caller to go ahead and log the data.
1125 */
1126 static int
1127 enqueue_logging_data(char *host, SVCXPRT *transp, char *path,
1128 char *rpath, int status, int error)
1129 {
1130 logging_data *lq;
1131 struct netbuf *nb;
1132
1133 lq = (logging_data *)calloc(1, sizeof (logging_data));
1134 if (lq == NULL)
1135 goto cleanup;
1136
1137 /*
1138 * We might not yet have the host...
1139 */
1140 if (host) {
1141 DTRACE_PROBE1(mountd, log_host, host);
1142 lq->ld_host = strdup(host);
1143 if (lq->ld_host == NULL)
1144 goto cleanup;
1145 } else {
1146 DTRACE_PROBE(mountd, log_no_host);
1147
1148 lq->ld_netid = strdup(transp->xp_netid);
1149 if (lq->ld_netid == NULL)
1150 goto cleanup;
1151
1152 lq->ld_nb = calloc(1, sizeof (struct netbuf));
1153 if (lq->ld_nb == NULL)
1154 goto cleanup;
1155
1156 nb = svc_getrpccaller(transp);
1157 if (nb == NULL) {
1158 DTRACE_PROBE(mountd, e__nb__enqueue);
1159 goto cleanup;
1160 }
1161
1162 DTRACE_PROBE(mountd, nb_set_enqueue);
1163
1164 lq->ld_nb->maxlen = nb->maxlen;
1165 lq->ld_nb->len = nb->len;
1166
1167 lq->ld_nb->buf = malloc(lq->ld_nb->len);
1168 if (lq->ld_nb->buf == NULL)
1169 goto cleanup;
1170
1171 bcopy(nb->buf, lq->ld_nb->buf, lq->ld_nb->len);
1172 }
1173
1174 lq->ld_path = strdup(path);
1175 if (lq->ld_path == NULL)
1176 goto cleanup;
1177
1178 if (!error) {
1179 lq->ld_rpath = strdup(rpath);
1180 if (lq->ld_rpath == NULL)
1181 goto cleanup;
1182 }
1183
1184 lq->ld_status = status;
1185
1186 /*
1187 * Add to the tail of the logging queue.
1188 */
1189 (void) mutex_lock(&logging_queue_lock);
1190 if (logging_tail == NULL) {
1191 logging_tail = logging_head = lq;
1192 } else {
1193 logging_tail->ld_next = lq;
1194 logging_tail = lq;
1195 }
1196 (void) cond_signal(&logging_queue_cv);
1197 (void) mutex_unlock(&logging_queue_lock);
1198
1199 return (TRUE);
1200
1201 cleanup:
1202
1203 free_logging_data(lq);
1204
1205 return (FALSE);
1206 }
1207
1208 /*
1209 * Check mount requests, add to mounted list if ok
1210 */
1211 static int
1212 mount(struct svc_req *rqstp)
1213 {
1214 SVCXPRT *transp;
1215 int version, vers;
1216 struct fhstatus fhs;
1217 struct mountres3 mountres3;
1218 char fh[FHSIZE3];
1219 int len = FHSIZE3;
1220 char *path, rpath[MAXPATHLEN];
1221 share_t *sh = NULL;
1222 struct nd_hostservlist *clnames = NULL;
1223 char *host = NULL;
1224 int error = 0, lofs_tried = 0, enqueued;
1225 int flavor_list[MAX_FLAVORS];
1226 int flavor_count;
1227 struct netbuf *nb = NULL;
1228 ucred_t *uc = NULL;
1229
1230 int audit_status;
1231
1232 transp = rqstp->rq_xprt;
1233 version = rqstp->rq_vers;
1234 path = NULL;
1235
1236 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
1237 svcerr_decode(transp);
1238 return (EACCES);
1239 }
1240
1241 /*
1242 * Put off getting the name for the client until we
1243 * need it. This is a performance gain. If we are logging,
1244 * then we don't care about performance and might as well
1245 * get the host name now in case we need to spit out an
1246 * error message.
1247 */
1248 if (verbose) {
1249 DTRACE_PROBE(mountd, name_by_verbose);
1250 if (getclientsnames(transp, &nb, &clnames) != 0) {
1251 /*
1252 * We failed to get a name for the client, even
1253 * 'anon', probably because we ran out of memory.
1254 * In this situation it doesn't make sense to
1255 * allow the mount to succeed.
1256 */
1257 error = EACCES;
1258 goto reply;
1259 }
1260 host = clnames->h_hostservs[0].h_host;
1261 }
1262
1263 /*
1264 * If the version being used is less than the minimum version,
1265 * the filehandle translation should not be provided to the
1266 * client.
1267 */
1268 if (rejecting || version < mount_vers_min) {
1269 if (verbose)
1270 syslog(LOG_NOTICE, "Rejected mount: %s for %s",
1271 host, path);
1272 error = EACCES;
1273 goto reply;
1274 }
1275
1276 /*
1277 * Trusted Extension doesn't support nfsv2. nfsv2 client
1278 * uses MOUNT protocol v1 and v2. To prevent circumventing
1279 * TX label policy via using nfsv2 client, reject a mount
1280 * request with version less than 3 and log an error.
1281 */
1282 if (is_system_labeled()) {
1283 if (version < 3) {
1284 if (verbose)
1285 syslog(LOG_ERR,
1286 "Rejected mount: TX doesn't support NFSv2");
1287 error = EACCES;
1288 goto reply;
1289 }
1290 }
1291
1292 /*
1293 * Get the real path (no symbolic links in it)
1294 */
1295 if (realpath(path, rpath) == NULL) {
1296 error = errno;
1297 if (verbose)
1298 syslog(LOG_ERR,
1299 "mount request: realpath: %s: %m", path);
1300 if (error == ENOENT)
1301 error = mount_enoent_error(transp, path, rpath,
1302 &clnames, &nb, flavor_list);
1303 goto reply;
1304 }
1305
1306 if ((sh = findentry(rpath)) == NULL &&
1307 (sh = find_lofsentry(rpath, &lofs_tried)) == NULL) {
1308 error = EACCES;
1309 goto reply;
1310 }
1311
1312 /*
1313 * Check if this is a "nosub" only export, in which case, mounting
1314 * subdirectories isn't allowed. Bug 1184573.
1315 */
1316 if (checkrootmount(sh, rpath) == 0) {
1317 error = EACCES;
1318 goto reply;
1319 }
1320
1321 if (newopts(sh->sh_opts))
1322 flavor_count = getclientsflavors_new(sh, transp, &nb, &clnames,
1323 flavor_list);
1324 else
1325 flavor_count = getclientsflavors_old(sh, transp, &nb, &clnames,
1326 flavor_list);
1327
1328 if (clnames)
1329 host = clnames->h_hostservs[0].h_host;
1330
1331 if (flavor_count == 0) {
1332 error = EACCES;
1333 goto reply;
1334 }
1335
1336 /*
1337 * Check MAC policy here. The server side policy should be
1338 * consistent with client side mount policy, i.e.
1339 * - we disallow an admin_low unlabeled client to mount
1340 * - we disallow mount from a lower labeled client.
1341 */
1342 if (is_system_labeled()) {
1343 m_label_t *clabel = NULL;
1344 m_label_t *slabel = NULL;
1345 m_label_t admin_low;
1346
1347 if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) {
1348 syslog(LOG_ERR,
1349 "mount request: Failed to get caller's ucred : %m");
1350 error = EACCES;
1351 goto reply;
1352 }
1353 if ((clabel = ucred_getlabel(uc)) == NULL) {
1354 syslog(LOG_ERR,
1355 "mount request: can't get client label from ucred");
1356 error = EACCES;
1357 goto reply;
1358 }
1359
1360 bsllow(&admin_low);
1361 if (blequal(&admin_low, clabel)) {
1362 struct sockaddr *ca;
1363 tsol_tpent_t *tp;
1364
1365 ca = (struct sockaddr *)(void *)svc_getrpccaller(
1366 rqstp->rq_xprt)->buf;
1367 if (ca == NULL) {
1368 error = EACCES;
1369 goto reply;
1370 }
1371 /*
1372 * get trusted network template associated
1373 * with the client.
1374 */
1375 tp = get_client_template(ca);
1376 if (tp == NULL || tp->host_type != SUN_CIPSO) {
1377 if (tp != NULL)
1378 tsol_freetpent(tp);
1379 error = EACCES;
1380 goto reply;
1381 }
1382 tsol_freetpent(tp);
1383 } else {
1384 if ((slabel = m_label_alloc(MAC_LABEL)) == NULL) {
1385 error = EACCES;
1386 goto reply;
1387 }
1388
1389 if (getlabel(rpath, slabel) != 0) {
1390 m_label_free(slabel);
1391 error = EACCES;
1392 goto reply;
1393 }
1394
1395 if (!bldominates(clabel, slabel)) {
1396 m_label_free(slabel);
1397 error = EACCES;
1398 goto reply;
1399 }
1400 m_label_free(slabel);
1401 }
1402 }
1403
1404 /*
1405 * Now get the filehandle.
1406 *
1407 * NFS V2 clients get a 32 byte filehandle.
1408 * NFS V3 clients get a 32 or 64 byte filehandle, depending on
1409 * the embedded FIDs.
1410 */
1411 vers = (version == MOUNTVERS3) ? NFS_V3 : NFS_VERSION;
1412
1413 /* LINTED pointer alignment */
1414 while (nfs_getfh(rpath, vers, &len, fh) < 0) {
1415 if (errno == EINVAL &&
1416 (sh = find_lofsentry(rpath, &lofs_tried)) != NULL) {
1417 errno = 0;
1418 continue;
1419 }
1420 error = errno == EINVAL ? EACCES : errno;
1421 syslog(LOG_DEBUG, "mount request: getfh failed on %s: %m",
1422 path);
1423 break;
1424 }
1425
1426 if (version == MOUNTVERS3) {
1427 mountres3.mountres3_u.mountinfo.fhandle.fhandle3_len = len;
1428 mountres3.mountres3_u.mountinfo.fhandle.fhandle3_val = fh;
1429 } else {
1430 bcopy(fh, &fhs.fhstatus_u.fhs_fhandle, NFS_FHSIZE);
1431 }
1432
1433 reply:
1434 if (uc != NULL)
1435 ucred_free(uc);
1436
1437 switch (version) {
1438 case MOUNTVERS:
1439 case MOUNTVERS_POSIX:
1440 if (error == EINVAL)
1441 fhs.fhs_status = NFSERR_ACCES;
1442 else if (error == EREMOTE)
1443 fhs.fhs_status = NFSERR_REMOTE;
1444 else
1445 fhs.fhs_status = error;
1446
1447 if (!svc_sendreply(transp, xdr_fhstatus, (char *)&fhs))
1448 log_cant_reply(transp);
1449
1450 audit_status = fhs.fhs_status;
1451 break;
1452
1453 case MOUNTVERS3:
1454 if (!error) {
1455 mountres3.mountres3_u.mountinfo.auth_flavors.auth_flavors_val =
1456 flavor_list;
1457 mountres3.mountres3_u.mountinfo.auth_flavors.auth_flavors_len =
1458 flavor_count;
1459
1460 } else if (error == ENAMETOOLONG)
1461 error = MNT3ERR_NAMETOOLONG;
1462
1463 mountres3.fhs_status = error;
1464 if (!svc_sendreply(transp, xdr_mountres3, (char *)&mountres3))
1465 log_cant_reply(transp);
1466
1467 audit_status = mountres3.fhs_status;
1468 break;
1469 }
1470
1471 if (verbose)
1472 syslog(LOG_NOTICE, "MOUNT: %s %s %s",
1473 (host == NULL) ? "unknown host" : host,
1474 error ? "denied" : "mounted", path);
1475
1476 /*
1477 * If we can not create a queue entry, go ahead and do it
1478 * in the context of this thread.
1479 */
1480 enqueued = enqueue_logging_data(host, transp, path, rpath,
1481 audit_status, error);
1482 if (enqueued == FALSE) {
1483 if (host == NULL) {
1484 DTRACE_PROBE(mountd, name_by_in_thread);
1485 if (getclientsnames(transp, &nb, &clnames) == 0)
1486 host = clnames->h_hostservs[0].h_host;
1487 }
1488
1489 DTRACE_PROBE(mountd, logged_in_thread);
1490 audit_mountd_mount(host, path, audit_status); /* BSM */
1491 if (!error)
1492 mntlist_new(host, rpath); /* add entry to mount list */
1493 }
1494
1495 if (path != NULL)
1496 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
1497
1498 done:
1499 if (sh)
1500 sharefree(sh);
1501 netdir_free(clnames, ND_HOSTSERVLIST);
1502
1503 return (error);
1504 }
1505
1506 /*
1507 * Determine whether two paths are within the same file system.
1508 * Returns nonzero (true) if paths are the same, zero (false) if
1509 * they are different. If an error occurs, return false.
1510 *
1511 * Use the actual FSID if it's available (via getattrat()); otherwise,
1512 * fall back on st_dev.
1513 *
1514 * With ZFS snapshots, st_dev differs from the regular file system
1515 * versus the snapshot. But the fsid is the same throughout. Thus
1516 * the fsid is a better test.
1517 */
1518 static int
1519 same_file_system(const char *path1, const char *path2)
1520 {
1521 uint64_t fsid1, fsid2;
1522 struct stat64 st1, st2;
1523 nvlist_t *nvl1 = NULL;
1524 nvlist_t *nvl2 = NULL;
1525
1526 if ((getattrat(AT_FDCWD, XATTR_VIEW_READONLY, path1, &nvl1) == 0) &&
1527 (getattrat(AT_FDCWD, XATTR_VIEW_READONLY, path2, &nvl2) == 0) &&
1528 (nvlist_lookup_uint64(nvl1, A_FSID, &fsid1) == 0) &&
1529 (nvlist_lookup_uint64(nvl2, A_FSID, &fsid2) == 0)) {
1530 nvlist_free(nvl1);
1531 nvlist_free(nvl2);
1532 /*
1533 * We have found fsid's for both paths.
1534 */
1535
1536 if (fsid1 == fsid2)
1537 return (B_TRUE);
1538
1539 return (B_FALSE);
1540 }
1541
1542 if (nvl1 != NULL)
1543 nvlist_free(nvl1);
1544 if (nvl2 != NULL)
1545 nvlist_free(nvl2);
1546
1547 /*
1548 * We were unable to find fsid's for at least one of the paths.
1549 * fall back on st_dev.
1550 */
1551
1552 if (stat64(path1, &st1) < 0) {
1553 syslog(LOG_NOTICE, "%s: %m", path1);
1554 return (B_FALSE);
1555 }
1556 if (stat64(path2, &st2) < 0) {
1557 syslog(LOG_NOTICE, "%s: %m", path2);
1558 return (B_FALSE);
1559 }
1560
1561 if (st1.st_dev == st2.st_dev)
1562 return (B_TRUE);
1563
1564 return (B_FALSE);
1565 }
1566
1567 share_t *
1568 findentry(char *path)
1569 {
1570 share_t *sh = NULL;
1571 struct sh_list *shp;
1572 register char *p1, *p2;
1573
1574 check_sharetab();
1575
1576 (void) rw_rdlock(&sharetab_lock);
1577
1578 for (shp = share_list; shp; shp = shp->shl_next) {
1579 sh = shp->shl_sh;
1580 for (p1 = sh->sh_path, p2 = path; *p1 == *p2; p1++, p2++)
1581 if (*p1 == '\0')
1582 goto done; /* exact match */
1583
1584 /*
1585 * Now compare the pathnames for three cases:
1586 *
1587 * Parent: /export/foo (no trailing slash on parent)
1588 * Child: /export/foo/bar
1589 *
1590 * Parent: /export/foo/ (trailing slash on parent)
1591 * Child: /export/foo/bar
1592 *
1593 * Parent: /export/foo/ (no trailing slash on child)
1594 * Child: /export/foo
1595 */
1596 if ((*p1 == '\0' && *p2 == '/') ||
1597 (*p1 == '\0' && *(p1-1) == '/') ||
1598 (*p2 == '\0' && *p1 == '/' && *(p1+1) == '\0')) {
1599 /*
1600 * We have a subdirectory. Test whether the
1601 * subdirectory is in the same file system.
1602 */
1603 if (same_file_system(path, sh->sh_path))
1604 goto done;
1605 }
1606 }
1607 done:
1608 sh = shp ? sharedup(sh) : NULL;
1609
1610 (void) rw_unlock(&sharetab_lock);
1611
1612 return (sh);
1613 }
1614
1615
1616 static int
1617 is_substring(char **mntp, char **path)
1618 {
1619 char *p1 = *mntp, *p2 = *path;
1620
1621 if (*p1 == '\0' && *p2 == '\0') /* exact match */
1622 return (1);
1623 else if (*p1 == '\0' && *p2 == '/')
1624 return (1);
1625 else if (*p1 == '\0' && *(p1-1) == '/') {
1626 *path = --p2; /* we need the slash in p2 */
1627 return (1);
1628 } else if (*p2 == '\0') {
1629 while (*p1 == '/')
1630 p1++;
1631 if (*p1 == '\0') /* exact match */
1632 return (1);
1633 }
1634 return (0);
1635 }
1636
1637 /*
1638 * find_lofsentry() searches for the real path which this requested LOFS path
1639 * (rpath) shadows. If found, it will return the sharetab entry of
1640 * the real path that corresponds to the LOFS path.
1641 * We first search mnttab to see if the requested path is an automounted
1642 * path. If it is an automounted path, it will trigger the mount by stat()ing
1643 * the requested path. Note that it is important to check that this path is
1644 * actually an automounted path, otherwise we would stat() a path which may
1645 * turn out to be NFS and block indefinitely on a dead server. The automounter
1646 * times-out if the server is dead, so there's no risk of hanging this
1647 * thread waiting for stat().
1648 * After the mount has been triggered (if necessary), we look for a
1649 * mountpoint of type LOFS (by searching /etc/mnttab again) which
1650 * is a substring of the rpath. If found, we construct a new path by
1651 * concatenating the mnt_special and the remaining of rpath, call findentry()
1652 * to make sure the 'real path' is shared.
1653 */
1654 static share_t *
1655 find_lofsentry(char *rpath, int *done_flag)
1656 {
1657 struct stat r_stbuf;
1658 mntlist_t *ml, *mntl, *mntpnt = NULL;
1659 share_t *retcode = NULL;
1660 char tmp_path[MAXPATHLEN];
1661 int mntpnt_len = 0, tmp;
1662 char *p1, *p2;
1663
1664 if ((*done_flag)++)
1665 return (retcode);
1666
1667 /*
1668 * While fsgetmntlist() uses lockf() to
1669 * lock the mnttab before reading it in,
1670 * the lock ignores threads in the same process.
1671 * Read in the mnttab with the protection of a mutex.
1672 */
1673 (void) mutex_lock(&mnttab_lock);
1674 mntl = fsgetmntlist();
1675 (void) mutex_unlock(&mnttab_lock);
1676
1677 /*
1678 * Obtain the mountpoint for the requested path.
1679 */
1680 for (ml = mntl; ml; ml = ml->mntl_next) {
1681 for (p1 = ml->mntl_mnt->mnt_mountp, p2 = rpath;
1682 *p1 == *p2 && *p1; p1++, p2++)
1683 ;
1684 if (is_substring(&p1, &p2) &&
1685 (tmp = strlen(ml->mntl_mnt->mnt_mountp)) >= mntpnt_len) {
1686 mntpnt = ml;
1687 mntpnt_len = tmp;
1688 }
1689 }
1690
1691 /*
1692 * If the path needs to be autoFS mounted, trigger the mount by
1693 * stat()ing it. This is determined by checking whether the
1694 * mountpoint we just found is of type autofs.
1695 */
1696 if (mntpnt != NULL &&
1697 strcmp(mntpnt->mntl_mnt->mnt_fstype, "autofs") == 0) {
1698 /*
1699 * The requested path is a substring of an autoFS filesystem.
1700 * Trigger the mount.
1701 */
1702 if (stat(rpath, &r_stbuf) < 0) {
1703 if (verbose)
1704 syslog(LOG_NOTICE, "%s: %m", rpath);
1705 goto done;
1706 }
1707 if ((r_stbuf.st_mode & S_IFMT) == S_IFDIR) {
1708 /*
1709 * The requested path is a directory, stat(2) it
1710 * again with a trailing '.' to force the autoFS
1711 * module to trigger the mount of indirect
1712 * automount entries, such as /net/jurassic/.
1713 */
1714 if (strlen(rpath) + 2 > MAXPATHLEN) {
1715 if (verbose) {
1716 syslog(LOG_NOTICE,
1717 "%s/.: exceeds MAXPATHLEN %d",
1718 rpath, MAXPATHLEN);
1719 }
1720 goto done;
1721 }
1722 (void) strcpy(tmp_path, rpath);
1723 (void) strcat(tmp_path, "/.");
1724
1725 if (stat(tmp_path, &r_stbuf) < 0) {
1726 if (verbose)
1727 syslog(LOG_NOTICE, "%s: %m", tmp_path);
1728 goto done;
1729 }
1730 }
1731
1732 /*
1733 * The mount has been triggered, re-read mnttab to pick up
1734 * the changes made by autoFS.
1735 */
1736 fsfreemntlist(mntl);
1737 (void) mutex_lock(&mnttab_lock);
1738 mntl = fsgetmntlist();
1739 (void) mutex_unlock(&mnttab_lock);
1740 }
1741
1742 /*
1743 * The autoFS mountpoint has been triggered if necessary,
1744 * now search mnttab again to determine if the requested path
1745 * is an LOFS mount of a shared path.
1746 */
1747 mntpnt_len = 0;
1748 for (ml = mntl; ml; ml = ml->mntl_next) {
1749 if (strcmp(ml->mntl_mnt->mnt_fstype, "lofs"))
1750 continue;
1751
1752 for (p1 = ml->mntl_mnt->mnt_mountp, p2 = rpath;
1753 *p1 == *p2 && *p1; p1++, p2++)
1754 ;
1755
1756 if (is_substring(&p1, &p2) &&
1757 ((tmp = strlen(ml->mntl_mnt->mnt_mountp)) >= mntpnt_len)) {
1758 mntpnt_len = tmp;
1759
1760 if ((strlen(ml->mntl_mnt->mnt_special) + strlen(p2)) >
1761 MAXPATHLEN) {
1762 if (verbose) {
1763 syslog(LOG_NOTICE, "%s%s: exceeds %d",
1764 ml->mntl_mnt->mnt_special, p2,
1765 MAXPATHLEN);
1766 }
1767 if (retcode)
1768 sharefree(retcode);
1769 retcode = NULL;
1770 goto done;
1771 }
1772
1773 (void) strcpy(tmp_path, ml->mntl_mnt->mnt_special);
1774 (void) strcat(tmp_path, p2);
1775 if (retcode)
1776 sharefree(retcode);
1777 retcode = findentry(tmp_path);
1778 }
1779 }
1780
1781 if (retcode) {
1782 assert(strlen(tmp_path) > 0);
1783 (void) strcpy(rpath, tmp_path);
1784 }
1785
1786 done:
1787 fsfreemntlist(mntl);
1788 return (retcode);
1789 }
1790
1791 /*
1792 * Determine whether an access list grants rights to a particular host.
1793 * We match on aliases of the hostname as well as on the canonical name.
1794 * Names in the access list may be either hosts or netgroups; they're
1795 * not distinguished syntactically. We check for hosts first because
1796 * it's cheaper, then try netgroups.
1797 *
1798 * If pnb and pclnames are NULL, it means that we have to use transp
1799 * to resolve client IP address to hostname. If they aren't NULL
1800 * then transp argument won't be used and can be NULL.
1801 */
1802 int
1803 in_access_list(SVCXPRT *transp, struct netbuf **pnb,
1804 struct nd_hostservlist **pclnames,
1805 char *access_list) /* N.B. we clobber this "input" parameter */
1806 {
1807 char addr[INET_ADDRSTRLEN];
1808 char buff[256];
1809 int nentries = 0;
1810 char *cstr = access_list;
1811 char *gr = access_list;
1812 char *host;
1813 int off;
1814 int i;
1815 int response;
1816 int sbr = 0;
1817 struct nd_hostservlist *clnames;
1818 struct netent n, *np;
1819
1820 /* If no access list - then it's unrestricted */
1821 if (access_list == NULL || *access_list == '\0')
1822 return (1);
1823
1824 assert(transp != NULL || (*pnb != NULL && *pclnames != NULL));
1825
1826 /* Get client address if it wasn't provided */
1827 if (*pnb == NULL)
1828 /* Don't grant access if client address isn't known */
1829 if ((*pnb = svc_getrpccaller(transp)) == NULL)
1830 return (0);
1831
1832 /* Try to lookup client hostname if it wasn't provided */
1833 if (*pclnames == NULL)
1834 getclientsnames(transp, pnb, pclnames);
1835 clnames = *pclnames;
1836
1837 for (;;) {
1838 if ((cstr = strpbrk(cstr, "[]:")) != NULL) {
1839 switch (*cstr) {
1840 case '[':
1841 case ']':
1842 sbr = !sbr;
1843 cstr++;
1844 continue;
1845 case ':':
1846 if (sbr) {
1847 cstr++;
1848 continue;
1849 }
1850 *cstr = '\0';
1851 }
1852 }
1853
1854 /*
1855 * If the list name has a '-' prepended then a match of
1856 * the following name implies failure instead of success.
1857 */
1858 if (*gr == '-') {
1859 response = 0;
1860 gr++;
1861 } else {
1862 response = 1;
1863 }
1864
1865 /*
1866 * First check if we have '@' entry, as it doesn't
1867 * require client hostname.
1868 */
1869 if (*gr == '@') {
1870 gr++;
1871
1872 /* Netname support */
1873 if (!isdigit(*gr) && *gr != '[') {
1874 if ((np = getnetbyname_r(gr, &n, buff,
1875 sizeof (buff))) != NULL &&
1876 np->n_net != 0) {
1877 while ((np->n_net & 0xFF000000u) == 0)
1878 np->n_net <<= 8;
1879 np->n_net = htonl(np->n_net);
1880 if (inet_ntop(AF_INET, &np->n_net, addr,
1881 INET_ADDRSTRLEN) == NULL)
1882 break;
1883 if (inet_matchaddr((*pnb)->buf, addr))
1884 return (response);
1885 }
1886 } else {
1887 if (inet_matchaddr((*pnb)->buf, gr))
1888 return (response);
1889 }
1890
1891 if (cstr == NULL)
1892 break;
1893
1894 gr = ++cstr;
1895
1896 continue;
1897 }
1898
1899 /*
1900 * No other checks can be performed if client address
1901 * can't be resolved.
1902 */
1903 if (clnames == NULL) {
1904 if (cstr == NULL)
1905 break;
1906
1907 gr = ++cstr;
1908
1909 continue;
1910 }
1911
1912 /* Otherwise loop through all client hostname aliases */
1913 for (i = 0; i < clnames->h_cnt; i++) {
1914 host = clnames->h_hostservs[i].h_host;
1915
1916 /*
1917 * If the list name begins with a dot then
1918 * do a domain name suffix comparison.
1919 * A single dot matches any name with no
1920 * suffix.
1921 */
1922 if (*gr == '.') {
1923 if (*(gr + 1) == '\0') { /* single dot */
1924 if (strchr(host, '.') == NULL)
1925 return (response);
1926 } else {
1927 off = strlen(host) - strlen(gr);
1928 if (off > 0 &&
1929 strcasecmp(host + off, gr) == 0) {
1930 return (response);
1931 }
1932 }
1933 } else {
1934 /* Just do a hostname match */
1935 if (strcasecmp(gr, host) == 0)
1936 return (response);
1937 }
1938 }
1939
1940 nentries++;
1941
1942 if (cstr == NULL)
1943 break;
1944
1945 gr = ++cstr;
1946 }
1947
1948 if (clnames == NULL)
1949 return (0);
1950
1951 return (netgroup_check(clnames, access_list, nentries));
1952 }
1953
1954
1955 static char *optlist[] = {
1956 #define OPT_RO 0
1957 SHOPT_RO,
1958 #define OPT_RW 1
1959 SHOPT_RW,
1960 #define OPT_ROOT 2
1961 SHOPT_ROOT,
1962 #define OPT_SECURE 3
1963 SHOPT_SECURE,
1964 #define OPT_ANON 4
1965 SHOPT_ANON,
1966 #define OPT_WINDOW 5
1967 SHOPT_WINDOW,
1968 #define OPT_NOSUID 6
1969 SHOPT_NOSUID,
1970 #define OPT_ACLOK 7
1971 SHOPT_ACLOK,
1972 #define OPT_SEC 8
1973 SHOPT_SEC,
1974 #define OPT_NONE 9
1975 SHOPT_NONE,
1976 #define OPT_UIDMAP 10
1977 SHOPT_UIDMAP,
1978 #define OPT_GIDMAP 11
1979 SHOPT_GIDMAP,
1980 NULL
1981 };
1982
1983 static int
1984 map_flavor(char *str)
1985 {
1986 seconfig_t sec;
1987
1988 if (nfs_getseconfig_byname(str, &sec))
1989 return (-1);
1990
1991 return (sec.sc_nfsnum);
1992 }
1993
1994 /*
1995 * If the option string contains a "sec="
1996 * option, then use new option syntax.
1997 */
1998 static int
1999 newopts(char *opts)
2000 {
2001 char *head, *p, *val;
2002
2003 if (!opts || *opts == '\0')
2004 return (0);
2005
2006 head = strdup(opts);
2007 if (head == NULL) {
2008 syslog(LOG_ERR, "opts: no memory");
2009 return (0);
2010 }
2011
2012 p = head;
2013 while (*p) {
2014 if (getsubopt(&p, optlist, &val) == OPT_SEC) {
2015 free(head);
2016 return (1);
2017 }
2018 }
2019
2020 free(head);
2021 return (0);
2022 }
2023
2024 /*
2025 * Given an export and the clients hostname(s)
2026 * determine the security flavors that this
2027 * client is permitted to use.
2028 *
2029 * This routine is called only for "old" syntax, i.e.
2030 * only one security flavor is allowed. So we need
2031 * to determine two things: the particular flavor,
2032 * and whether the client is allowed to use this
2033 * flavor, i.e. is in the access list.
2034 *
2035 * Note that if there is no access list, then the
2036 * default is that access is granted.
2037 */
2038 static int
2039 getclientsflavors_old(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2040 struct nd_hostservlist **clnames, int *flavors)
2041 {
2042 char *opts, *p, *val;
2043 boolean_t ok = B_FALSE;
2044 int defaultaccess = 1;
2045 boolean_t reject = B_FALSE;
2046
2047 opts = strdup(sh->sh_opts);
2048 if (opts == NULL) {
2049 syslog(LOG_ERR, "getclientsflavors: no memory");
2050 return (0);
2051 }
2052
2053 flavors[0] = AUTH_SYS;
2054 p = opts;
2055
2056 while (*p) {
2057
2058 switch (getsubopt(&p, optlist, &val)) {
2059 case OPT_SECURE:
2060 flavors[0] = AUTH_DES;
2061 break;
2062
2063 case OPT_RO:
2064 case OPT_RW:
2065 defaultaccess = 0;
2066 if (in_access_list(transp, nb, clnames, val))
2067 ok++;
2068 break;
2069
2070 case OPT_NONE:
2071 defaultaccess = 0;
2072 if (in_access_list(transp, nb, clnames, val))
2073 reject = B_TRUE;
2074 }
2075 }
2076
2077 free(opts);
2078
2079 /* none takes precedence over everything else */
2080 if (reject)
2081 ok = B_TRUE;
2082
2083 return (defaultaccess || ok);
2084 }
2085
2086 /*
2087 * Given an export and the clients hostname(s)
2088 * determine the security flavors that this
2089 * client is permitted to use.
2090 *
2091 * This is somewhat more complicated than the "old"
2092 * routine because the options may contain multiple
2093 * security flavors (sec=) each with its own access
2094 * lists. So a client could be granted access based
2095 * on a number of security flavors. Note that the
2096 * type of access might not always be the same, the
2097 * client may get readonly access with one flavor
2098 * and readwrite with another, however the client
2099 * is not told this detail, it gets only the list
2100 * of flavors, and only if the client is using
2101 * version 3 of the mount protocol.
2102 */
2103 static int
2104 getclientsflavors_new(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2105 struct nd_hostservlist **clnames, int *flavors)
2106 {
2107 char *opts, *p, *val;
2108 char *lasts;
2109 char *f;
2110 boolean_t access_ok;
2111 int count, c;
2112 boolean_t reject = B_FALSE;
2113
2114 opts = strdup(sh->sh_opts);
2115 if (opts == NULL) {
2116 syslog(LOG_ERR, "getclientsflavors: no memory");
2117 return (0);
2118 }
2119
2120 p = opts;
2121 count = c = 0;
2122 /* default access is rw */
2123 access_ok = B_TRUE;
2124
2125 while (*p) {
2126 switch (getsubopt(&p, optlist, &val)) {
2127 case OPT_SEC:
2128 /*
2129 * Before a new sec=xxx option, check if we need
2130 * to move the c index back to the previous count.
2131 */
2132 if (!access_ok) {
2133 c = count;
2134 }
2135
2136 /* get all the sec=f1[:f2] flavors */
2137 while ((f = strtok_r(val, ":", &lasts))
2138 != NULL) {
2139 flavors[c++] = map_flavor(f);
2140 val = NULL;
2141 }
2142
2143 /* for a new sec=xxx option, default is rw access */
2144 access_ok = B_TRUE;
2145 break;
2146
2147 case OPT_RO:
2148 case OPT_RW:
2149 if (in_access_list(transp, nb, clnames, val)) {
2150 count = c;
2151 access_ok = B_TRUE;
2152 } else {
2153 access_ok = B_FALSE;
2154 }
2155 break;
2156
2157 case OPT_NONE:
2158 if (in_access_list(transp, nb, clnames, val))
2159 reject = B_TRUE; /* none overides rw/ro */
2160 break;
2161 }
2162 }
2163
2164 if (reject)
2165 access_ok = B_FALSE;
2166
2167 if (!access_ok)
2168 c = count;
2169
2170 free(opts);
2171
2172 return (c);
2173 }
2174
2175 /*
2176 * This is a tricky piece of code that parses the
2177 * share options looking for a match on the auth
2178 * flavor that the client is using. If it finds
2179 * a match, then the client is given ro, rw, or
2180 * no access depending whether it is in the access
2181 * list. There is a special case for "secure"
2182 * flavor. Other flavors are values of the new "sec=" option.
2183 */
2184 int
2185 check_client(share_t *sh, struct netbuf *nb,
2186 struct nd_hostservlist *clnames, int flavor, uid_t clnt_uid, gid_t clnt_gid,
2187 uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid, gid_t *srv_gid,
2188 uint_t *srv_ngids, gid_t **srv_gids)
2189 {
2190 if (newopts(sh->sh_opts))
2191 return (check_client_new(sh, NULL, &nb, &clnames, flavor,
2192 clnt_uid, clnt_gid, clnt_ngids, clnt_gids, srv_uid, srv_gid,
2193 srv_ngids, srv_gids));
2194 else
2195 return (check_client_old(sh, NULL, &nb, &clnames, flavor,
2196 clnt_uid, clnt_gid, clnt_ngids, clnt_gids, srv_uid, srv_gid,
2197 srv_ngids, srv_gids));
2198 }
2199
2200 extern int _getgroupsbymember(const char *, gid_t[], int, int);
2201
2202 /*
2203 * Get supplemental groups for uid
2204 */
2205 static int
2206 getusergroups(uid_t uid, uint_t *ngrps, gid_t **grps)
2207 {
2208 struct passwd pwd;
2209 char *pwbuf = alloca(pw_size);
2210 gid_t *tmpgrps = alloca(ngroups_max * sizeof (gid_t));
2211 int tmpngrps;
2212
2213 if (getpwuid_r(uid, &pwd, pwbuf, pw_size) == NULL)
2214 return (-1);
2215
2216 tmpgrps[0] = pwd.pw_gid;
2217
2218 tmpngrps = _getgroupsbymember(pwd.pw_name, tmpgrps, ngroups_max, 1);
2219 if (tmpngrps <= 0) {
2220 syslog(LOG_WARNING,
2221 "getusergroups(): Unable to get groups for user %s",
2222 pwd.pw_name);
2223
2224 return (-1);
2225 }
2226
2227 *grps = malloc(tmpngrps * sizeof (gid_t));
2228 if (*grps == NULL) {
2229 syslog(LOG_ERR,
2230 "getusergroups(): Memory allocation failed: %m");
2231
2232 return (-1);
2233 }
2234
2235 *ngrps = tmpngrps;
2236 (void) memcpy(*grps, tmpgrps, tmpngrps * sizeof (gid_t));
2237
2238 return (0);
2239 }
2240
2241 /*
2242 * is_a_number(number)
2243 *
2244 * is the string a number in one of the forms we want to use?
2245 */
2246
2247 static int
2248 is_a_number(char *number)
2249 {
2250 int ret = 1;
2251 int hex = 0;
2252
2253 if (strncmp(number, "0x", 2) == 0) {
2254 number += 2;
2255 hex = 1;
2256 } else if (*number == '-') {
2257 number++; /* skip the minus */
2258 }
2259 while (ret == 1 && *number != '\0') {
2260 if (hex) {
2261 ret = isxdigit(*number++);
2262 } else {
2263 ret = isdigit(*number++);
2264 }
2265 }
2266 return (ret);
2267 }
2268
2269 static boolean_t
2270 get_uid(char *value, uid_t *uid)
2271 {
2272 if (!is_a_number(value)) {
2273 struct passwd *pw;
2274 /*
2275 * in this case it would have to be a
2276 * user name
2277 */
2278 pw = getpwnam(value);
2279 if (pw == NULL)
2280 return (B_FALSE);
2281 *uid = pw->pw_uid;
2282 endpwent();
2283 } else {
2284 uint64_t intval;
2285 intval = strtoull(value, NULL, 0);
2286 if (intval > UID_MAX && intval != -1)
2287 return (B_FALSE);
2288 *uid = (uid_t)intval;
2289 }
2290
2291 return (B_TRUE);
2292 }
2293
2294 static boolean_t
2295 get_gid(char *value, gid_t *gid)
2296 {
2297 if (!is_a_number(value)) {
2298 struct group *gr;
2299 /*
2300 * in this case it would have to be a
2301 * group name
2302 */
2303 gr = getgrnam(value);
2304 if (gr == NULL)
2305 return (B_FALSE);
2306 *gid = gr->gr_gid;
2307 endgrent();
2308 } else {
2309 uint64_t intval;
2310 intval = strtoull(value, NULL, 0);
2311 if (intval > UID_MAX && intval != -1)
2312 return (B_FALSE);
2313 *gid = (gid_t)intval;
2314 }
2315
2316 return (B_TRUE);
2317 }
2318
2319 static int
2320 check_client_old(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2321 struct nd_hostservlist **clnames, int flavor, uid_t clnt_uid,
2322 gid_t clnt_gid, uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid,
2323 gid_t *srv_gid, uint_t *srv_ngids, gid_t **srv_gids)
2324 {
2325 char *opts, *p, *val;
2326 int match; /* Set when a flavor is matched */
2327 int perm = 0; /* Set when "ro", "rw" or "root" is matched */
2328 int list = 0; /* Set when "ro", "rw" is found */
2329 int ro_val = 0; /* Set if ro option is 'ro=' */
2330 int rw_val = 0; /* Set if rw option is 'rw=' */
2331
2332 boolean_t map_deny = B_FALSE;
2333
2334 opts = strdup(sh->sh_opts);
2335 if (opts == NULL) {
2336 syslog(LOG_ERR, "check_client: no memory");
2337 return (0);
2338 }
2339
2340 /*
2341 * If client provided 16 supplemental groups with AUTH_SYS, lookup
2342 * locally for all of them
2343 */
2344 if (flavor == AUTH_SYS && clnt_ngids == NGRPS && ngroups_max > NGRPS)
2345 if (getusergroups(clnt_uid, srv_ngids, srv_gids) == 0)
2346 perm |= NFSAUTH_GROUPS;
2347
2348 p = opts;
2349 match = AUTH_UNIX;
2350
2351 while (*p) {
2352 switch (getsubopt(&p, optlist, &val)) {
2353
2354 case OPT_SECURE:
2355 match = AUTH_DES;
2356
2357 if (perm & NFSAUTH_GROUPS) {
2358 free(*srv_gids);
2359 *srv_ngids = 0;
2360 *srv_gids = NULL;
2361 perm &= ~NFSAUTH_GROUPS;
2362 }
2363
2364 break;
2365
2366 case OPT_RO:
2367 list++;
2368 if (val != NULL)
2369 ro_val++;
2370 if (in_access_list(transp, nb, clnames, val))
2371 perm |= NFSAUTH_RO;
2372 break;
2373
2374 case OPT_RW:
2375 list++;
2376 if (val != NULL)
2377 rw_val++;
2378 if (in_access_list(transp, nb, clnames, val))
2379 perm |= NFSAUTH_RW;
2380 break;
2381
2382 case OPT_ROOT:
2383 /*
2384 * Check if the client is in
2385 * the root list. Only valid
2386 * for AUTH_SYS.
2387 */
2388 if (flavor != AUTH_SYS)
2389 break;
2390
2391 if (val == NULL || *val == '\0')
2392 break;
2393
2394 if (clnt_uid != 0)
2395 break;
2396
2397 if (in_access_list(transp, nb, clnames, val)) {
2398 perm |= NFSAUTH_ROOT;
2399 perm |= NFSAUTH_UIDMAP | NFSAUTH_GIDMAP;
2400 map_deny = B_FALSE;
2401
2402 if (perm & NFSAUTH_GROUPS) {
2403 free(*srv_gids);
2404 *srv_ngids = 0;
2405 *srv_gids = NULL;
2406 perm &= ~NFSAUTH_GROUPS;
2407 }
2408 }
2409 break;
2410
2411 case OPT_NONE:
2412 /*
2413 * Check if the client should have no access
2414 * to this share at all. This option behaves
2415 * more like "root" than either "rw" or "ro".
2416 */
2417 if (in_access_list(transp, nb, clnames, val))
2418 perm |= NFSAUTH_DENIED;
2419 break;
2420
2421 case OPT_UIDMAP: {
2422 char *c;
2423 char *n;
2424
2425 /*
2426 * The uidmap is supported for AUTH_SYS only.
2427 */
2428 if (flavor != AUTH_SYS)
2429 break;
2430
2431 if (perm & NFSAUTH_UIDMAP || map_deny)
2432 break;
2433
2434 for (c = val; c != NULL; c = n) {
2435 char *s;
2436 char *al;
2437 uid_t srv;
2438
2439 n = strchr(c, '~');
2440 if (n != NULL)
2441 *n++ = '\0';
2442
2443 s = strchr(c, ':');
2444 if (s != NULL) {
2445 *s++ = '\0';
2446 al = strchr(s, ':');
2447 if (al != NULL)
2448 *al++ = '\0';
2449 }
2450
2451 if (s == NULL || al == NULL)
2452 continue;
2453
2454 if (*c == '\0') {
2455 if (clnt_uid != (uid_t)-1)
2456 continue;
2457 } else if (strcmp(c, "*") != 0) {
2458 uid_t clnt;
2459
2460 if (!get_uid(c, &clnt))
2461 continue;
2462
2463 if (clnt_uid != clnt)
2464 continue;
2465 }
2466
2467 if (*s == '\0')
2468 srv = UID_NOBODY;
2469 else if (!get_uid(s, &srv))
2470 continue;
2471 else if (srv == (uid_t)-1) {
2472 map_deny = B_TRUE;
2473 break;
2474 }
2475
2476 if (in_access_list(transp, nb, clnames, al)) {
2477 *srv_uid = srv;
2478 perm |= NFSAUTH_UIDMAP;
2479
2480 if (perm & NFSAUTH_GROUPS) {
2481 free(*srv_gids);
2482 *srv_ngids = 0;
2483 *srv_gids = NULL;
2484 perm &= ~NFSAUTH_GROUPS;
2485 }
2486
2487 break;
2488 }
2489 }
2490
2491 break;
2492 }
2493
2494 case OPT_GIDMAP: {
2495 char *c;
2496 char *n;
2497
2498 /*
2499 * The gidmap is supported for AUTH_SYS only.
2500 */
2501 if (flavor != AUTH_SYS)
2502 break;
2503
2504 if (perm & NFSAUTH_GIDMAP || map_deny)
2505 break;
2506
2507 for (c = val; c != NULL; c = n) {
2508 char *s;
2509 char *al;
2510 gid_t srv;
2511
2512 n = strchr(c, '~');
2513 if (n != NULL)
2514 *n++ = '\0';
2515
2516 s = strchr(c, ':');
2517 if (s != NULL) {
2518 *s++ = '\0';
2519 al = strchr(s, ':');
2520 if (al != NULL)
2521 *al++ = '\0';
2522 }
2523
2524 if (s == NULL || al == NULL)
2525 break;
2526
2527 if (*c == '\0') {
2528 if (clnt_gid != (gid_t)-1)
2529 continue;
2530 } else if (strcmp(c, "*") != 0) {
2531 gid_t clnt;
2532
2533 if (!get_gid(c, &clnt))
2534 continue;
2535
2536 if (clnt_gid != clnt)
2537 continue;
2538 }
2539
2540 if (*s == '\0')
2541 srv = UID_NOBODY;
2542 else if (!get_gid(s, &srv))
2543 continue;
2544 else if (srv == (gid_t)-1) {
2545 map_deny = B_TRUE;
2546 break;
2547 }
2548
2549 if (in_access_list(transp, nb, clnames, al)) {
2550 *srv_gid = srv;
2551 perm |= NFSAUTH_GIDMAP;
2552
2553 if (perm & NFSAUTH_GROUPS) {
2554 free(*srv_gids);
2555 *srv_ngids = 0;
2556 *srv_gids = NULL;
2557 perm &= ~NFSAUTH_GROUPS;
2558 }
2559
2560 break;
2561 }
2562 }
2563
2564 break;
2565 }
2566
2567 default:
2568 break;
2569 }
2570 }
2571
2572 free(opts);
2573
2574 if (perm & NFSAUTH_ROOT) {
2575 *srv_uid = 0;
2576 *srv_gid = 0;
2577 }
2578
2579 if (map_deny)
2580 perm |= NFSAUTH_DENIED;
2581
2582 if (!(perm & NFSAUTH_UIDMAP))
2583 *srv_uid = clnt_uid;
2584 if (!(perm & NFSAUTH_GIDMAP))
2585 *srv_gid = clnt_gid;
2586
2587 if (flavor != match || perm & NFSAUTH_DENIED)
2588 return (NFSAUTH_DENIED);
2589
2590 if (list) {
2591 /*
2592 * If the client doesn't match an "ro" or "rw"
2593 * list then set no access.
2594 */
2595 if ((perm & (NFSAUTH_RO | NFSAUTH_RW)) == 0)
2596 perm |= NFSAUTH_DENIED;
2597 } else {
2598 /*
2599 * The client matched a flavor entry that
2600 * has no explicit "rw" or "ro" determination.
2601 * Default it to "rw".
2602 */
2603 perm |= NFSAUTH_RW;
2604 }
2605
2606 /*
2607 * The client may show up in both ro= and rw=
2608 * lists. If so, then turn off the RO access
2609 * bit leaving RW access.
2610 */
2611 if (perm & NFSAUTH_RO && perm & NFSAUTH_RW) {
2612 /*
2613 * Logically cover all permutations of rw=,ro=.
2614 * In the case where, rw,ro=<host> we would like
2615 * to remove RW access for the host. In all other cases
2616 * RW wins the precedence battle.
2617 */
2618 if (!rw_val && ro_val) {
2619 perm &= ~(NFSAUTH_RW);
2620 } else {
2621 perm &= ~(NFSAUTH_RO);
2622 }
2623 }
2624
2625 return (perm);
2626 }
2627
2628 /*
2629 * Check if the client has access by using a flavor different from
2630 * the given "flavor". If "flavor" is not in the flavor list,
2631 * return TRUE to indicate that this "flavor" is a wrong sec.
2632 */
2633 static bool_t
2634 is_wrongsec(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2635 struct nd_hostservlist **clnames, int flavor)
2636 {
2637 int flavor_list[MAX_FLAVORS];
2638 int flavor_count, i;
2639
2640 /* get the flavor list that the client has access with */
2641 flavor_count = getclientsflavors_new(sh, transp, nb,
2642 clnames, flavor_list);
2643
2644 if (flavor_count == 0)
2645 return (FALSE);
2646
2647 /*
2648 * Check if the given "flavor" is in the flavor_list.
2649 */
2650 for (i = 0; i < flavor_count; i++) {
2651 if (flavor == flavor_list[i])
2652 return (FALSE);
2653 }
2654
2655 /*
2656 * If "flavor" is not in the flavor_list, return TRUE to indicate
2657 * that the client should have access by using a security flavor
2658 * different from this "flavor".
2659 */
2660 return (TRUE);
2661 }
2662
2663 /*
2664 * Given an export and the client's hostname, we
2665 * check the security options to see whether the
2666 * client is allowed to use the given security flavor.
2667 *
2668 * The strategy is to proceed through the options looking
2669 * for a flavor match, then pay attention to the ro, rw,
2670 * and root options.
2671 *
2672 * Note that an entry may list several flavors in a
2673 * single entry, e.g.
2674 *
2675 * sec=krb5,rw=clnt1:clnt2,ro,sec=sys,ro
2676 *
2677 */
2678
2679 static int
2680 check_client_new(share_t *sh, SVCXPRT *transp, struct netbuf **nb,
2681 struct nd_hostservlist **clnames, int flavor, uid_t clnt_uid,
2682 gid_t clnt_gid, uint_t clnt_ngids, gid_t *clnt_gids, uid_t *srv_uid,
2683 gid_t *srv_gid, uint_t *srv_ngids, gid_t **srv_gids)
2684 {
2685 char *opts, *p, *val;
2686 char *lasts;
2687 char *f;
2688 int match = 0; /* Set when a flavor is matched */
2689 int perm = 0; /* Set when "ro", "rw" or "root" is matched */
2690 int list = 0; /* Set when "ro", "rw" is found */
2691 int ro_val = 0; /* Set if ro option is 'ro=' */
2692 int rw_val = 0; /* Set if rw option is 'rw=' */
2693
2694 boolean_t map_deny = B_FALSE;
2695
2696 opts = strdup(sh->sh_opts);
2697 if (opts == NULL) {
2698 syslog(LOG_ERR, "check_client: no memory");
2699 return (0);
2700 }
2701
2702 /*
2703 * If client provided 16 supplemental groups with AUTH_SYS, lookup
2704 * locally for all of them
2705 */
2706 if (flavor == AUTH_SYS && clnt_ngids == NGRPS && ngroups_max > NGRPS)
2707 if (getusergroups(clnt_uid, srv_ngids, srv_gids) == 0)
2708 perm |= NFSAUTH_GROUPS;
2709
2710 p = opts;
2711
2712 while (*p) {
2713 switch (getsubopt(&p, optlist, &val)) {
2714
2715 case OPT_SEC:
2716 if (match)
2717 goto done;
2718
2719 while ((f = strtok_r(val, ":", &lasts))
2720 != NULL) {
2721 if (flavor == map_flavor(f)) {
2722 match = 1;
2723 break;
2724 }
2725 val = NULL;
2726 }
2727 break;
2728
2729 case OPT_RO:
2730 if (!match)
2731 break;
2732
2733 list++;
2734 if (val != NULL)
2735 ro_val++;
2736 if (in_access_list(transp, nb, clnames, val))
2737 perm |= NFSAUTH_RO;
2738 break;
2739
2740 case OPT_RW:
2741 if (!match)
2742 break;
2743
2744 list++;
2745 if (val != NULL)
2746 rw_val++;
2747 if (in_access_list(transp, nb, clnames, val))
2748 perm |= NFSAUTH_RW;
2749 break;
2750
2751 case OPT_ROOT:
2752 /*
2753 * Check if the client is in
2754 * the root list. Only valid
2755 * for AUTH_SYS.
2756 */
2757 if (flavor != AUTH_SYS)
2758 break;
2759
2760 if (!match)
2761 break;
2762
2763 if (val == NULL || *val == '\0')
2764 break;
2765
2766 if (clnt_uid != 0)
2767 break;
2768
2769 if (in_access_list(transp, nb, clnames, val)) {
2770 perm |= NFSAUTH_ROOT;
2771 perm |= NFSAUTH_UIDMAP | NFSAUTH_GIDMAP;
2772 map_deny = B_FALSE;
2773
2774 if (perm & NFSAUTH_GROUPS) {
2775 free(*srv_gids);
2776 *srv_gids = NULL;
2777 *srv_ngids = 0;
2778 perm &= ~NFSAUTH_GROUPS;
2779 }
2780 }
2781 break;
2782
2783 case OPT_NONE:
2784 /*
2785 * Check if the client should have no access
2786 * to this share at all. This option behaves
2787 * more like "root" than either "rw" or "ro".
2788 */
2789 if (in_access_list(transp, nb, clnames, val))
2790 perm |= NFSAUTH_DENIED;
2791 break;
2792
2793 case OPT_UIDMAP: {
2794 char *c;
2795 char *n;
2796
2797 /*
2798 * The uidmap is supported for AUTH_SYS only.
2799 */
2800 if (flavor != AUTH_SYS)
2801 break;
2802
2803 if (!match || perm & NFSAUTH_UIDMAP || map_deny)
2804 break;
2805
2806 for (c = val; c != NULL; c = n) {
2807 char *s;
2808 char *al;
2809 uid_t srv;
2810
2811 n = strchr(c, '~');
2812 if (n != NULL)
2813 *n++ = '\0';
2814
2815 s = strchr(c, ':');
2816 if (s != NULL) {
2817 *s++ = '\0';
2818 al = strchr(s, ':');
2819 if (al != NULL)
2820 *al++ = '\0';
2821 }
2822
2823 if (s == NULL || al == NULL)
2824 continue;
2825
2826 if (*c == '\0') {
2827 if (clnt_uid != (uid_t)-1)
2828 continue;
2829 } else if (strcmp(c, "*") != 0) {
2830 uid_t clnt;
2831
2832 if (!get_uid(c, &clnt))
2833 continue;
2834
2835 if (clnt_uid != clnt)
2836 continue;
2837 }
2838
2839 if (*s == '\0')
2840 srv = UID_NOBODY;
2841 else if (!get_uid(s, &srv))
2842 continue;
2843 else if (srv == (uid_t)-1) {
2844 map_deny = B_TRUE;
2845 break;
2846 }
2847
2848 if (in_access_list(transp, nb, clnames, al)) {
2849 *srv_uid = srv;
2850 perm |= NFSAUTH_UIDMAP;
2851
2852 if (perm & NFSAUTH_GROUPS) {
2853 free(*srv_gids);
2854 *srv_gids = NULL;
2855 *srv_ngids = 0;
2856 perm &= ~NFSAUTH_GROUPS;
2857 }
2858
2859 break;
2860 }
2861 }
2862
2863 break;
2864 }
2865
2866 case OPT_GIDMAP: {
2867 char *c;
2868 char *n;
2869
2870 /*
2871 * The gidmap is supported for AUTH_SYS only.
2872 */
2873 if (flavor != AUTH_SYS)
2874 break;
2875
2876 if (!match || perm & NFSAUTH_GIDMAP || map_deny)
2877 break;
2878
2879 for (c = val; c != NULL; c = n) {
2880 char *s;
2881 char *al;
2882 gid_t srv;
2883
2884 n = strchr(c, '~');
2885 if (n != NULL)
2886 *n++ = '\0';
2887
2888 s = strchr(c, ':');
2889 if (s != NULL) {
2890 *s++ = '\0';
2891 al = strchr(s, ':');
2892 if (al != NULL)
2893 *al++ = '\0';
2894 }
2895
2896 if (s == NULL || al == NULL)
2897 break;
2898
2899 if (*c == '\0') {
2900 if (clnt_gid != (gid_t)-1)
2901 continue;
2902 } else if (strcmp(c, "*") != 0) {
2903 gid_t clnt;
2904
2905 if (!get_gid(c, &clnt))
2906 continue;
2907
2908 if (clnt_gid != clnt)
2909 continue;
2910 }
2911
2912 if (*s == '\0')
2913 srv = UID_NOBODY;
2914 else if (!get_gid(s, &srv))
2915 continue;
2916 else if (srv == (gid_t)-1) {
2917 map_deny = B_TRUE;
2918 break;
2919 }
2920
2921 if (in_access_list(transp, nb, clnames, al)) {
2922 *srv_gid = srv;
2923 perm |= NFSAUTH_GIDMAP;
2924
2925 if (perm & NFSAUTH_GROUPS) {
2926 free(*srv_gids);
2927 *srv_gids = NULL;
2928 *srv_ngids = 0;
2929 perm &= ~NFSAUTH_GROUPS;
2930 }
2931
2932 break;
2933 }
2934 }
2935
2936 break;
2937 }
2938
2939 default:
2940 break;
2941 }
2942 }
2943
2944 done:
2945 if (perm & NFSAUTH_ROOT) {
2946 *srv_uid = 0;
2947 *srv_gid = 0;
2948 }
2949
2950 if (map_deny)
2951 perm |= NFSAUTH_DENIED;
2952
2953 if (!(perm & NFSAUTH_UIDMAP))
2954 *srv_uid = clnt_uid;
2955 if (!(perm & NFSAUTH_GIDMAP))
2956 *srv_gid = clnt_gid;
2957
2958 /*
2959 * If no match then set the perm accordingly
2960 */
2961 if (!match || perm & NFSAUTH_DENIED) {
2962 free(opts);
2963 return (NFSAUTH_DENIED);
2964 }
2965
2966 if (list) {
2967 /*
2968 * If the client doesn't match an "ro" or "rw" list then
2969 * check if it may have access by using a different flavor.
2970 * If so, return NFSAUTH_WRONGSEC.
2971 * If not, return NFSAUTH_DENIED.
2972 */
2973 if ((perm & (NFSAUTH_RO | NFSAUTH_RW)) == 0) {
2974 if (is_wrongsec(sh, transp, nb, clnames, flavor))
2975 perm |= NFSAUTH_WRONGSEC;
2976 else
2977 perm |= NFSAUTH_DENIED;
2978 }
2979 } else {
2980 /*
2981 * The client matched a flavor entry that
2982 * has no explicit "rw" or "ro" determination.
2983 * Make sure it defaults to "rw".
2984 */
2985 perm |= NFSAUTH_RW;
2986 }
2987
2988 /*
2989 * The client may show up in both ro= and rw=
2990 * lists. If so, then turn off the RO access
2991 * bit leaving RW access.
2992 */
2993 if (perm & NFSAUTH_RO && perm & NFSAUTH_RW) {
2994 /*
2995 * Logically cover all permutations of rw=,ro=.
2996 * In the case where, rw,ro=<host> we would like
2997 * to remove RW access for the host. In all other cases
2998 * RW wins the precedence battle.
2999 */
3000 if (!rw_val && ro_val) {
3001 perm &= ~(NFSAUTH_RW);
3002 } else {
3003 perm &= ~(NFSAUTH_RO);
3004 }
3005 }
3006
3007 free(opts);
3008
3009 return (perm);
3010 }
3011
3012 void
3013 check_sharetab()
3014 {
3015 FILE *f;
3016 struct stat st;
3017 static timestruc_t last_sharetab_time;
3018 timestruc_t prev_sharetab_time;
3019 share_t *sh;
3020 struct sh_list *shp, *shp_prev;
3021 int res, c = 0;
3022
3023 /*
3024 * read in /etc/dfs/sharetab if it has changed
3025 */
3026 if (stat(SHARETAB, &st) != 0) {
3027 syslog(LOG_ERR, "Cannot stat %s: %m", SHARETAB);
3028 return;
3029 }
3030
3031 if (st.st_mtim.tv_sec == last_sharetab_time.tv_sec &&
3032 st.st_mtim.tv_nsec == last_sharetab_time.tv_nsec) {
3033 /*
3034 * No change.
3035 */
3036 return;
3037 }
3038
3039 /*
3040 * Remember the mod time, then after getting the
3041 * write lock check again. If another thread
3042 * already did the update, then there's no
3043 * work to do.
3044 */
3045 prev_sharetab_time = last_sharetab_time;
3046
3047 (void) rw_wrlock(&sharetab_lock);
3048
3049 if (prev_sharetab_time.tv_sec != last_sharetab_time.tv_sec ||
3050 prev_sharetab_time.tv_nsec != last_sharetab_time.tv_nsec) {
3051 (void) rw_unlock(&sharetab_lock);
3052 return;
3053 }
3054
3055 /*
3056 * Note that since the sharetab is now in memory
3057 * and a snapshot is taken, we no longer have to
3058 * lock the file.
3059 */
3060 f = fopen(SHARETAB, "r");
3061 if (f == NULL) {
3062 syslog(LOG_ERR, "Cannot open %s: %m", SHARETAB);
3063 (void) rw_unlock(&sharetab_lock);
3064 return;
3065 }
3066
3067 /*
3068 * Once we are sure /etc/dfs/sharetab has been
3069 * modified, flush netgroup cache entries.
3070 */
3071 netgrp_cache_flush();
3072
3073 sh_free(share_list); /* free old list */
3074 share_list = NULL;
3075
3076 while ((res = getshare(f, &sh)) > 0) {
3077 c++;
3078 if (strcmp(sh->sh_fstype, "nfs") != 0)
3079 continue;
3080
3081 shp = malloc(sizeof (*shp));
3082 if (shp == NULL)
3083 goto alloc_failed;
3084 if (share_list == NULL)
3085 share_list = shp;
3086 else
3087 /* LINTED not used before set */
3088 shp_prev->shl_next = shp;
3089 shp_prev = shp;
3090 shp->shl_next = NULL;
3091 shp->shl_sh = sharedup(sh);
3092 if (shp->shl_sh == NULL)
3093 goto alloc_failed;
3094 }
3095
3096 if (res < 0)
3097 syslog(LOG_ERR, "%s: invalid at line %d\n",
3098 SHARETAB, c + 1);
3099
3100 if (stat(SHARETAB, &st) != 0) {
3101 syslog(LOG_ERR, "Cannot stat %s: %m", SHARETAB);
3102 (void) fclose(f);
3103 (void) rw_unlock(&sharetab_lock);
3104 return;
3105 }
3106
3107 last_sharetab_time = st.st_mtim;
3108 (void) fclose(f);
3109 (void) rw_unlock(&sharetab_lock);
3110
3111 return;
3112
3113 alloc_failed:
3114
3115 syslog(LOG_ERR, "check_sharetab: no memory");
3116 sh_free(share_list);
3117 share_list = NULL;
3118 (void) fclose(f);
3119 (void) rw_unlock(&sharetab_lock);
3120 }
3121
3122 static void
3123 sh_free(struct sh_list *shp)
3124 {
3125 register struct sh_list *next;
3126
3127 while (shp) {
3128 sharefree(shp->shl_sh);
3129 next = shp->shl_next;
3130 free(shp);
3131 shp = next;
3132 }
3133 }
3134
3135
3136 /*
3137 * Remove an entry from mounted list
3138 */
3139 static void
3140 umount(struct svc_req *rqstp)
3141 {
3142 char *host, *path, *remove_path;
3143 char rpath[MAXPATHLEN];
3144 struct nd_hostservlist *clnames = NULL;
3145 SVCXPRT *transp;
3146 struct netbuf *nb;
3147
3148 transp = rqstp->rq_xprt;
3149 path = NULL;
3150 if (!svc_getargs(transp, xdr_dirpath, (caddr_t)&path)) {
3151 svcerr_decode(transp);
3152 return;
3153 }
3154 errno = 0;
3155 if (!svc_sendreply(transp, xdr_void, (char *)NULL))
3156 log_cant_reply(transp);
3157
3158 if (getclientsnames(transp, &nb, &clnames) != 0) {
3159 /*
3160 * Without the hostname we can't do audit or delete
3161 * this host from the mount entries.
3162 */
3163 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
3164 return;
3165 }
3166 host = clnames->h_hostservs[0].h_host;
3167
3168 if (verbose)
3169 syslog(LOG_NOTICE, "UNMOUNT: %s unmounted %s", host, path);
3170
3171 audit_mountd_umount(host, path);
3172
3173 remove_path = rpath; /* assume we will use the cannonical path */
3174 if (realpath(path, rpath) == NULL) {
3175 if (verbose)
3176 syslog(LOG_WARNING, "UNMOUNT: realpath: %s: %m ", path);
3177 remove_path = path; /* use path provided instead */
3178 }
3179
3180 mntlist_delete(host, remove_path); /* remove from mount list */
3181
3182 svc_freeargs(transp, xdr_dirpath, (caddr_t)&path);
3183 netdir_free(clnames, ND_HOSTSERVLIST);
3184 }
3185
3186 /*
3187 * Remove all entries for one machine from mounted list
3188 */
3189 static void
3190 umountall(struct svc_req *rqstp)
3191 {
3192 struct nd_hostservlist *clnames = NULL;
3193 SVCXPRT *transp;
3194 char *host;
3195 struct netbuf *nb;
3196
3197 transp = rqstp->rq_xprt;
3198 if (!svc_getargs(transp, xdr_void, NULL)) {
3199 svcerr_decode(transp);
3200 return;
3201 }
3202 /*
3203 * We assume that this call is asynchronous and made via rpcbind
3204 * callit routine. Therefore return control immediately. The error
3205 * causes rpcbind to remain silent, as opposed to every machine
3206 * on the net blasting the requester with a response.
3207 */
3208 svcerr_systemerr(transp);
3209 if (getclientsnames(transp, &nb, &clnames) != 0) {
3210 /* Can't do anything without the name of the client */
3211 return;
3212 }
3213
3214 host = clnames->h_hostservs[0].h_host;
3215
3216 /*
3217 * Remove all hosts entries from mount list
3218 */
3219 mntlist_delete_all(host);
3220
3221 if (verbose)
3222 syslog(LOG_NOTICE, "UNMOUNTALL: from %s", host);
3223
3224 netdir_free(clnames, ND_HOSTSERVLIST);
3225 }
3226
3227 void *
3228 exmalloc(size_t size)
3229 {
3230 void *ret;
3231
3232 if ((ret = malloc(size)) == NULL) {
3233 syslog(LOG_ERR, "Out of memory");
3234 exit(1);
3235 }
3236 return (ret);
3237 }
3238
3239 static void
3240 sigexit(int signum)
3241 {
3242
3243 if (signum == SIGHUP)
3244 _exit(0);
3245 _exit(1);
3246 }
3247
3248 static tsol_tpent_t *
3249 get_client_template(struct sockaddr *sock)
3250 {
3251 in_addr_t v4client;
3252 in6_addr_t v6client;
3253 char v4_addr[INET_ADDRSTRLEN];
3254 char v6_addr[INET6_ADDRSTRLEN];
3255 tsol_rhent_t *rh;
3256 tsol_tpent_t *tp;
3257
3258 switch (sock->sa_family) {
3259 case AF_INET:
3260 v4client = ((struct sockaddr_in *)(void *)sock)->
3261 sin_addr.s_addr;
3262 if (inet_ntop(AF_INET, &v4client, v4_addr, INET_ADDRSTRLEN) ==
3263 NULL)
3264 return (NULL);
3265 rh = tsol_getrhbyaddr(v4_addr, sizeof (v4_addr), AF_INET);
3266 if (rh == NULL)
3267 return (NULL);
3268 tp = tsol_gettpbyname(rh->rh_template);
3269 tsol_freerhent(rh);
3270 return (tp);
3271 break;
3272 case AF_INET6:
3273 v6client = ((struct sockaddr_in6 *)(void *)sock)->sin6_addr;
3274 if (inet_ntop(AF_INET6, &v6client, v6_addr, INET6_ADDRSTRLEN) ==
3275 NULL)
3276 return (NULL);
3277 rh = tsol_getrhbyaddr(v6_addr, sizeof (v6_addr), AF_INET6);
3278 if (rh == NULL)
3279 return (NULL);
3280 tp = tsol_gettpbyname(rh->rh_template);
3281 tsol_freerhent(rh);
3282 return (tp);
3283 break;
3284 default:
3285 return (NULL);
3286 }
3287 }
Community developed and maintained version of the OS/Net consolidation