1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
freebsd/usr.sbin/mountd/mountd.c

3953 lines
96 KiB
C
Raw Normal View History

/*-
* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Herb Hasler and Rick Macklem at The University of Guelph.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static const char copyright[] =
"@(#) Copyright (c) 1989, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /*not lint*/
#if 0
#ifndef lint
static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
#endif /*not lint*/
#endif
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/conf.h>
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
#include <sys/fcntl.h>
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
#include <sys/fnv_hash.h>
#include <sys/linker.h>
#include <sys/module.h>
#include <sys/mount.h>
#include <sys/queue.h>
#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <rpc/rpc.h>
#include <rpc/rpc_com.h>
#include <rpc/pmap_clnt.h>
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
#include <rpc/pmap_prot.h>
#include <rpcsvc/mount.h>
#include <nfs/nfsproto.h>
#include <nfs/nfssvc.h>
#include <nfsserver/nfs.h>
#include <fs/nfs/nfsport.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <grp.h>
#include <libutil.h>
#include <limits.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "pathnames.h"
#include "mntopts.h"
#ifdef DEBUG
#include <stdarg.h>
#endif
/*
* Structures for keeping the mount list and export list
*/
struct mountlist {
char ml_host[MNTNAMLEN+1];
char ml_dirp[MNTPATHLEN+1];
SLIST_ENTRY(mountlist) next;
};
struct dirlist {
struct dirlist *dp_left;
struct dirlist *dp_right;
int dp_flag;
struct hostlist *dp_hosts; /* List of hosts this dir exported to */
char *dp_dirp;
};
/* dp_flag bits */
#define DP_DEFSET 0x1
#define DP_HOSTSET 0x2
/*
* maproot/mapall credentials.
* cr_smallgrps can be used for a group list up to SMALLNGROUPS in size.
* Larger group lists are malloc'd/free'd.
*/
#define SMALLNGROUPS 32
struct expcred {
uid_t cr_uid;
int cr_ngroups;
gid_t cr_smallgrps[SMALLNGROUPS];
gid_t *cr_groups;
};
struct exportlist {
struct dirlist *ex_dirl;
struct dirlist *ex_defdir;
struct grouplist *ex_grphead;
int ex_flag;
fsid_t ex_fs;
char *ex_fsdir;
char *ex_indexfile;
struct expcred ex_defanon;
uint64_t ex_defexflags;
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
int ex_numsecflavors;
int ex_secflavors[MAXSECFLAVORS];
int ex_defnumsecflavors;
int ex_defsecflavors[MAXSECFLAVORS];
SLIST_ENTRY(exportlist) entries;
};
/* ex_flag bits */
#define EX_LINKED 0x1
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
#define EX_DONE 0x2
#define EX_DEFSET 0x4
#define EX_PUBLICFH 0x8
SLIST_HEAD(exportlisthead, exportlist);
struct netmsk {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct sockaddr_storage nt_net;
struct sockaddr_storage nt_mask;
char *nt_name;
};
union grouptypes {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct addrinfo *gt_addrinfo;
struct netmsk gt_net;
};
struct grouplist {
int gr_type;
union grouptypes gr_ptr;
struct grouplist *gr_next;
struct expcred gr_anon;
uint64_t gr_exflags;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
int gr_flag;
int gr_numsecflavors;
int gr_secflavors[MAXSECFLAVORS];
};
/* Group types */
#define GT_NULL 0x0
#define GT_HOST 0x1
#define GT_NET 0x2
#define GT_DEFAULT 0x3
#define GT_IGNORE 0x5
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/* Group flags */
#define GR_FND 0x1
struct hostlist {
int ht_flag; /* Uses DP_xx bits */
struct grouplist *ht_grp;
struct hostlist *ht_next;
};
struct fhreturn {
int fhr_flag;
int fhr_vers;
nfsfh_t fhr_fh;
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
int fhr_numsecflavors;
int *fhr_secflavors;
};
#define GETPORT_MAXTRY 20 /* Max tries to get a port # */
/*
* How long to delay a reload of exports when there are RPC request(s)
* to process, in usec. Must be less than 1second.
*/
#define RELOADDELAY 250000
/* Global defs */
static char *add_expdir(struct dirlist **, char *, int);
static void add_dlist(struct dirlist **, struct dirlist *,
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
struct grouplist *, int, struct exportlist *,
struct expcred *, uint64_t);
static void add_mlist(char *, char *);
static int check_dirpath(char *);
static int check_options(struct dirlist *);
static int checkmask(struct sockaddr *sa);
static int chk_host(struct dirlist *, struct sockaddr *, int *, int *,
int *, int **);
static char *strsep_quote(char **stringp, const char *delim);
static int create_service(struct netconfig *nconf);
static void complete_service(struct netconfig *nconf, char *port_str);
static void clearout_service(void);
static void del_mlist(char *hostp, char *dirp);
static struct dirlist *dirp_search(struct dirlist *, char *);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static int do_export_mount(struct exportlist *, struct statfs *);
static int do_mount(struct exportlist *, struct grouplist *, uint64_t,
struct expcred *, char *, int, struct statfs *, int, int *);
static int do_opt(char **, char **, struct exportlist *,
struct grouplist *, int *, uint64_t *, struct expcred *);
static struct exportlist *ex_search(fsid_t *, struct exportlisthead *);
static struct exportlist *get_exp(void);
static void free_dir(struct dirlist *);
static void free_exp(struct exportlist *);
static void free_grp(struct grouplist *);
static void free_host(struct hostlist *);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static void free_v4rootexp(void);
static void get_exportlist_one(int);
static void get_exportlist(int);
static void insert_exports(struct exportlist *, struct exportlisthead *);
static void free_exports(struct exportlisthead *);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static void read_exportfile(int);
static int compare_nmount_exportlist(struct iovec *, int, char *);
static int compare_export(struct exportlist *, struct exportlist *);
static int compare_cred(struct expcred *, struct expcred *);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static int compare_secflavor(int *, int *, int);
static void delete_export(struct iovec *, int, struct statfs *, char *);
static int get_host(char *, struct grouplist *, struct grouplist *);
static struct hostlist *get_ht(void);
static int get_line(void);
static void get_mountlist(void);
static int get_net(char *, struct netmsk *, int);
static void getexp_err(struct exportlist *, struct grouplist *, const char *);
static struct grouplist *get_grp(void);
static void hang_dirp(struct dirlist *, struct grouplist *,
struct exportlist *, int, struct expcred *, uint64_t);
static void huphandler(int sig);
static int makemask(struct sockaddr_storage *ssp, int bitlen);
static void mntsrv(struct svc_req *, SVCXPRT *);
static void nextfield(char **, char **);
static void out_of_mem(void);
static void parsecred(char *, struct expcred *);
static int parsesec(char *, struct exportlist *);
static int put_exlist(struct dirlist *, XDR *, struct dirlist *,
int *, int);
static void *sa_rawaddr(struct sockaddr *sa, int *nbytes);
static int sacmp(struct sockaddr *sa1, struct sockaddr *sa2,
struct sockaddr *samask);
static int scan_tree(struct dirlist *, struct sockaddr *);
static void usage(void);
static int xdr_dir(XDR *, char *);
static int xdr_explist(XDR *, caddr_t);
static int xdr_explist_brief(XDR *, caddr_t);
static int xdr_explist_common(XDR *, caddr_t, int);
static int xdr_fhs(XDR *, caddr_t);
static int xdr_mlist(XDR *, caddr_t);
static void terminate(int);
static void cp_cred(struct expcred *, struct expcred *);
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
#define EXPHASH(f) (fnv_32_buf((f), sizeof(fsid_t), 0) % exphashsize)
static struct exportlisthead *exphead = NULL;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static struct exportlisthead *oldexphead = NULL;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
static int exphashsize = 0;
static SLIST_HEAD(, mountlist) mlhead = SLIST_HEAD_INITIALIZER(&mlhead);
static char *exnames_default[2] = { _PATH_EXPORTS, NULL };
static char **exnames;
static char **hosts = NULL;
static int force_v2 = 0;
static int resvport_only = 1;
static int nhosts = 0;
static int dir_only = 1;
static int dolog = 0;
static int got_sighup = 0;
static int xcreated = 0;
static char *svcport_str = NULL;
static int mallocd_svcport = 0;
static int *sock_fd;
static int sock_fdcnt;
static int sock_fdpos;
static int suspend_nfsd = 0;
static int opt_flags;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
static int have_v6 = 1;
static int v4root_phase = 0;
static char v4root_dirpath[PATH_MAX + 1];
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static struct exportlist *v4root_ep = NULL;
static int has_publicfh = 0;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
static int has_set_publicfh = 0;
static struct pidfh *pfh = NULL;
/* Bits for opt_flags above */
#define OP_MAPROOT 0x01
#define OP_MAPALL 0x02
/* 0x4 free */
#define OP_MASK 0x08
#define OP_NET 0x10
#define OP_ALLDIRS 0x40
#define OP_HAVEMASK 0x80 /* A mask was specified or inferred. */
#define OP_QUIET 0x100
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
#define OP_MASKLEN 0x200
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
#define OP_SEC 0x400
#ifdef DEBUG
static int debug = 1;
static void SYSLOG(int, const char *, ...) __printflike(2, 3);
#define syslog SYSLOG
#else
static int debug = 0;
#endif
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/*
* The LOGDEBUG() syslog() calls are always compiled into the daemon.
* To enable them, create a file at _PATH_MOUNTDDEBUG. This file can be empty.
* To disable the logging, just delete the file at _PATH_MOUNTDDEBUG.
*/
static int logdebug = 0;
#define LOGDEBUG(format, ...) \
(logdebug ? syslog(LOG_DEBUG, format, ## __VA_ARGS__) : 0)
/*
* Similar to strsep(), but it allows for quoted strings
* and escaped characters.
*
* It returns the string (or NULL, if *stringp is NULL),
* which is a de-quoted version of the string if necessary.
*
* It modifies *stringp in place.
*/
static char *
strsep_quote(char **stringp, const char *delim)
{
char *srcptr, *dstptr, *retval;
char quot = 0;
if (stringp == NULL || *stringp == NULL)
return (NULL);
srcptr = dstptr = retval = *stringp;
while (*srcptr) {
/*
* We're looking for several edge cases here.
* First: if we're in quote state (quot != 0),
* then we ignore the delim characters, but otherwise
* process as normal, unless it is the quote character.
* Second: if the current character is a backslash,
* we take the next character as-is, without checking
* for delim, quote, or backslash. Exception: if the
* next character is a NUL, that's the end of the string.
* Third: if the character is a quote character, we toggle
* quote state.
* Otherwise: check the current character for NUL, or
* being in delim, and end the string if either is true.
*/
if (*srcptr == '\\') {
srcptr++;
/*
* The edge case here is if the next character
* is NUL, we want to stop processing. But if
* it's not NUL, then we simply want to copy it.
*/
if (*srcptr) {
*dstptr++ = *srcptr++;
}
continue;
}
if (quot == 0 && (*srcptr == '\'' || *srcptr == '"')) {
quot = *srcptr++;
continue;
}
if (quot && *srcptr == quot) {
/* End of the quoted part */
quot = 0;
srcptr++;
continue;
}
if (!quot && strchr(delim, *srcptr))
break;
*dstptr++ = *srcptr++;
}
*stringp = (*srcptr == '\0') ? NULL : srcptr + 1;
*dstptr = 0; /* Terminate the string */
return (retval);
}
/*
* Mountd server for NFS mount protocol as described in:
* NFS: Network File System Protocol Specification, RFC1094, Appendix A
* The optional arguments are the exports file name
* default: _PATH_EXPORTS
* and "-n" to allow nonroot mount.
*/
int
2010-12-20 09:28:28 +00:00
main(int argc, char **argv)
{
fd_set readfds;
struct netconfig *nconf;
char *endptr, **hosts_bak;
void *nc_handle;
pid_t otherpid;
in_port_t svcport;
int c, k, s;
int maxrec = RPC_MAXDATASIZE;
int attempt_cnt, port_len, port_pos, ret;
char **port_list;
uint64_t curtime, nexttime;
struct timeval tv;
struct timespec tp;
sigset_t sig_mask, sighup_mask;
int enable_rpcbind;
enable_rpcbind = 1;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
/* Check that another mountd isn't already running. */
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
if (pfh == NULL) {
if (errno == EEXIST)
errx(1, "mountd already running, pid: %d.", otherpid);
warn("cannot open or create pidfile");
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (s < 0)
have_v6 = 0;
else
close(s);
while ((c = getopt(argc, argv, "2deh:lnp:RrS")) != -1)
switch (c) {
case '2':
force_v2 = 1;
break;
case 'e':
/* now a no-op, since this is the default */
break;
case 'n':
resvport_only = 0;
break;
case 'R':
/* Do not support Mount protocol */
enable_rpcbind = 0;
break;
case 'r':
dir_only = 0;
break;
case 'd':
debug = debug ? 0 : 1;
break;
case 'l':
dolog = 1;
break;
case 'p':
endptr = NULL;
svcport = (in_port_t)strtoul(optarg, &endptr, 10);
if (endptr == NULL || *endptr != '\0' ||
svcport == 0 || svcport >= IPPORT_MAX)
usage();
svcport_str = strdup(optarg);
break;
case 'h':
++nhosts;
hosts_bak = hosts;
hosts_bak = realloc(hosts, nhosts * sizeof(char *));
if (hosts_bak == NULL) {
if (hosts != NULL) {
for (k = 0; k < nhosts; k++)
free(hosts[k]);
free(hosts);
out_of_mem();
}
}
hosts = hosts_bak;
hosts[nhosts - 1] = strdup(optarg);
if (hosts[nhosts - 1] == NULL) {
for (k = 0; k < (nhosts - 1); k++)
free(hosts[k]);
free(hosts);
out_of_mem();
}
break;
case 'S':
suspend_nfsd = 1;
break;
default:
usage();
}
if (enable_rpcbind == 0) {
if (svcport_str != NULL) {
warnx("-p option not compatible with -R, ignored");
free(svcport_str);
svcport_str = NULL;
}
if (nhosts > 0) {
warnx("-h option not compatible with -R, ignored");
for (k = 0; k < nhosts; k++)
free(hosts[k]);
free(hosts);
hosts = NULL;
nhosts = 0;
}
}
if (modfind("nfsd") < 0) {
/* Not present in kernel, try loading it */
if (kldload("nfsd") < 0 || modfind("nfsd") < 0)
errx(1, "NFS server is not available");
}
argc -= optind;
argv += optind;
if (argc > 0)
exnames = argv;
else
exnames = exnames_default;
openlog("mountd", LOG_PID, LOG_DAEMON);
if (debug)
warnx("getting export list");
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
get_exportlist(0);
if (debug)
warnx("getting mount list");
get_mountlist();
if (debug)
warnx("here we go");
if (debug == 0) {
daemon(0, 0);
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
}
signal(SIGHUP, huphandler);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
signal(SIGTERM, terminate);
signal(SIGPIPE, SIG_IGN);
pidfile_write(pfh);
if (enable_rpcbind != 0) {
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
if (!resvport_only) {
if (sysctlbyname("vfs.nfsd.nfs_privport", NULL, NULL,
&resvport_only, sizeof(resvport_only)) != 0 &&
errno != ENOENT) {
syslog(LOG_ERR, "sysctl: %m");
exit(1);
}
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
/*
* If no hosts were specified, add a wildcard entry to bind to
* INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added
* to the list.
*/
if (nhosts == 0) {
hosts = malloc(sizeof(char *));
if (hosts == NULL)
out_of_mem();
hosts[0] = "*";
nhosts = 1;
} else {
hosts_bak = hosts;
if (have_v6) {
hosts_bak = realloc(hosts, (nhosts + 2) *
sizeof(char *));
if (hosts_bak == NULL) {
for (k = 0; k < nhosts; k++)
free(hosts[k]);
free(hosts);
out_of_mem();
} else
hosts = hosts_bak;
nhosts += 2;
hosts[nhosts - 2] = "::1";
} else {
hosts_bak = realloc(hosts, (nhosts + 1) *
sizeof(char *));
if (hosts_bak == NULL) {
for (k = 0; k < nhosts; k++)
free(hosts[k]);
free(hosts);
out_of_mem();
} else {
nhosts += 1;
hosts = hosts_bak;
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
hosts[nhosts - 1] = "127.0.0.1";
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
attempt_cnt = 1;
sock_fdcnt = 0;
sock_fd = NULL;
port_list = NULL;
port_len = 0;
if (enable_rpcbind != 0) {
nc_handle = setnetconfig();
while ((nconf = getnetconfig(nc_handle))) {
if (nconf->nc_flag & NC_VISIBLE) {
if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
"inet6") == 0) {
/* DO NOTHING */
} else {
ret = create_service(nconf);
if (ret == 1)
/* Ignore this call */
continue;
if (ret < 0) {
/*
* Failed to bind port, so close
* off all sockets created and
* try again if the port# was
* dynamically assigned via
* bind(2).
*/
clearout_service();
if (mallocd_svcport != 0 &&
attempt_cnt <
GETPORT_MAXTRY) {
free(svcport_str);
svcport_str = NULL;
mallocd_svcport = 0;
} else {
errno = EADDRINUSE;
syslog(LOG_ERR,
"bindresvport_sa:"
" %m");
exit(1);
}
/*
* Start over at the first
* service.
*/
free(sock_fd);
sock_fdcnt = 0;
sock_fd = NULL;
nc_handle = setnetconfig();
attempt_cnt++;
} else if (mallocd_svcport != 0 &&
attempt_cnt == GETPORT_MAXTRY) {
/*
* For the last attempt, allow
* different port #s for each
* nconf by saving the
* svcport_str setting it back
* to NULL.
*/
port_list = realloc(port_list,
(port_len + 1) *
sizeof(char *));
if (port_list == NULL)
out_of_mem();
port_list[port_len++] =
svcport_str;
svcport_str = NULL;
mallocd_svcport = 0;
}
}
}
}
/*
* Successfully bound the ports, so call complete_service() to
* do the rest of the setup on the service(s).
*/
sock_fdpos = 0;
port_pos = 0;
nc_handle = setnetconfig();
while ((nconf = getnetconfig(nc_handle))) {
if (nconf->nc_flag & NC_VISIBLE) {
if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
"inet6") == 0) {
/* DO NOTHING */
} else if (port_list != NULL) {
if (port_pos >= port_len) {
syslog(LOG_ERR, "too many"
" port#s");
exit(1);
}
complete_service(nconf,
port_list[port_pos++]);
} else
complete_service(nconf, svcport_str);
}
}
endnetconfig(nc_handle);
free(sock_fd);
if (port_list != NULL) {
for (port_pos = 0; port_pos < port_len; port_pos++)
free(port_list[port_pos]);
free(port_list);
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (xcreated == 0) {
syslog(LOG_ERR, "could not create any services");
exit(1);
}
}
/* Expand svc_run() here so that we can call get_exportlist(). */
curtime = nexttime = 0;
sigemptyset(&sighup_mask);
sigaddset(&sighup_mask, SIGHUP);
for (;;) {
clock_gettime(CLOCK_MONOTONIC, &tp);
curtime = tp.tv_sec;
curtime = curtime * 1000000 + tp.tv_nsec / 1000;
sigprocmask(SIG_BLOCK, &sighup_mask, &sig_mask);
if (got_sighup && curtime >= nexttime) {
got_sighup = 0;
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
get_exportlist(1);
clock_gettime(CLOCK_MONOTONIC, &tp);
nexttime = tp.tv_sec;
nexttime = nexttime * 1000000 + tp.tv_nsec / 1000 +
RELOADDELAY;
} else
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
/*
* If a reload is pending, poll for received request(s),
* otherwise set a RELOADDELAY timeout, since a SIGHUP
* could be processed between the got_sighup test and
* the select() system call.
*/
tv.tv_sec = 0;
if (got_sighup)
tv.tv_usec = 0;
else
tv.tv_usec = RELOADDELAY;
if (enable_rpcbind != 0) {
readfds = svc_fdset;
switch (select(svc_maxfd + 1, &readfds, NULL, NULL,
&tv)) {
case -1:
if (errno == EINTR) {
/* Allow a reload now. */
nexttime = 0;
continue;
}
syslog(LOG_ERR, "mountd died: select: %m");
exit(1);
case 0:
/* Allow a reload now. */
nexttime = 0;
continue;
default:
svc_getreqset(&readfds);
}
} else {
/* Simply wait for a signal. */
sigsuspend(&sig_mask);
}
}
}
/*
* This routine creates and binds sockets on the appropriate
* addresses. It gets called one time for each transport.
* It returns 0 upon success, 1 for ingore the call and -1 to indicate
* bind failed with EADDRINUSE.
* Any file descriptors that have been created are stored in sock_fd and
* the total count of them is maintained in sock_fdcnt.
*/
static int
create_service(struct netconfig *nconf)
{
struct addrinfo hints, *res = NULL;
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
struct __rpc_sockinfo si;
int aicode;
int fd;
int nhostsbak;
int one = 1;
int r;
u_int32_t host_addr[4]; /* IPv4 or IPv6 */
int mallocd_res;
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
(nconf->nc_semantics != NC_TPI_COTS) &&
(nconf->nc_semantics != NC_TPI_COTS_ORD))
return (1); /* not my type */
/*
* XXX - using RPC library internal functions.
*/
if (!__rpc_nconf2sockinfo(nconf, &si)) {
syslog(LOG_ERR, "cannot get information for %s",
nconf->nc_netid);
return (1);
}
/* Get mountd's address on this transport */
memset(&hints, 0, sizeof hints);
hints.ai_family = si.si_af;
hints.ai_socktype = si.si_socktype;
hints.ai_protocol = si.si_proto;
/*
* Bind to specific IPs if asked to
*/
nhostsbak = nhosts;
while (nhostsbak > 0) {
--nhostsbak;
sock_fd = realloc(sock_fd, (sock_fdcnt + 1) * sizeof(int));
if (sock_fd == NULL)
out_of_mem();
sock_fd[sock_fdcnt++] = -1; /* Set invalid for now. */
mallocd_res = 0;
hints.ai_flags = AI_PASSIVE;
/*
* XXX - using RPC library internal functions.
*/
if ((fd = __rpc_nconf2fd(nconf)) < 0) {
int non_fatal = 0;
if (errno == EAFNOSUPPORT &&
nconf->nc_semantics != NC_TPI_CLTS)
non_fatal = 1;
syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
"cannot create socket for %s", nconf->nc_netid);
if (non_fatal != 0)
continue;
exit(1);
}
switch (hints.ai_family) {
case AF_INET:
if (inet_pton(AF_INET, hosts[nhostsbak],
host_addr) == 1) {
hints.ai_flags |= AI_NUMERICHOST;
} else {
/*
* Skip if we have an AF_INET6 address.
*/
if (inet_pton(AF_INET6, hosts[nhostsbak],
host_addr) == 1) {
close(fd);
continue;
}
}
break;
case AF_INET6:
if (inet_pton(AF_INET6, hosts[nhostsbak],
host_addr) == 1) {
hints.ai_flags |= AI_NUMERICHOST;
} else {
/*
* Skip if we have an AF_INET address.
*/
if (inet_pton(AF_INET, hosts[nhostsbak],
host_addr) == 1) {
close(fd);
continue;
}
}
/*
* We're doing host-based access checks here, so don't
* allow v4-in-v6 to confuse things. The kernel will
* disable it by default on NFS sockets too.
*/
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
sizeof one) < 0) {
syslog(LOG_ERR,
"can't disable v4-in-v6 on IPv6 socket");
exit(1);
}
break;
default:
break;
}
/*
* If no hosts were specified, just bind to INADDR_ANY
*/
if (strcmp("*", hosts[nhostsbak]) == 0) {
if (svcport_str == NULL) {
res = malloc(sizeof(struct addrinfo));
if (res == NULL)
out_of_mem();
mallocd_res = 1;
res->ai_flags = hints.ai_flags;
res->ai_family = hints.ai_family;
res->ai_protocol = hints.ai_protocol;
switch (res->ai_family) {
case AF_INET:
sin = malloc(sizeof(struct sockaddr_in));
if (sin == NULL)
out_of_mem();
sin->sin_family = AF_INET;
sin->sin_port = htons(0);
sin->sin_addr.s_addr = htonl(INADDR_ANY);
res->ai_addr = (struct sockaddr*) sin;
res->ai_addrlen = (socklen_t)
sizeof(struct sockaddr_in);
break;
case AF_INET6:
sin6 = malloc(sizeof(struct sockaddr_in6));
if (sin6 == NULL)
out_of_mem();
sin6->sin6_family = AF_INET6;
sin6->sin6_port = htons(0);
sin6->sin6_addr = in6addr_any;
res->ai_addr = (struct sockaddr*) sin6;
res->ai_addrlen = (socklen_t)
sizeof(struct sockaddr_in6);
break;
default:
syslog(LOG_ERR, "bad addr fam %d",
res->ai_family);
exit(1);
}
} else {
if ((aicode = getaddrinfo(NULL, svcport_str,
&hints, &res)) != 0) {
syslog(LOG_ERR,
"cannot get local address for %s: %s",
nconf->nc_netid,
gai_strerror(aicode));
close(fd);
continue;
}
}
} else {
if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
&hints, &res)) != 0) {
syslog(LOG_ERR,
"cannot get local address for %s: %s",
nconf->nc_netid, gai_strerror(aicode));
close(fd);
continue;
}
}
/* Store the fd. */
sock_fd[sock_fdcnt - 1] = fd;
/* Now, attempt the bind. */
r = bindresvport_sa(fd, res->ai_addr);
if (r != 0) {
if (errno == EADDRINUSE && mallocd_svcport != 0) {
if (mallocd_res != 0) {
free(res->ai_addr);
free(res);
} else
freeaddrinfo(res);
return (-1);
}
syslog(LOG_ERR, "bindresvport_sa: %m");
exit(1);
}
if (svcport_str == NULL) {
svcport_str = malloc(NI_MAXSERV * sizeof(char));
if (svcport_str == NULL)
out_of_mem();
mallocd_svcport = 1;
if (getnameinfo(res->ai_addr,
res->ai_addr->sa_len, NULL, NI_MAXHOST,
svcport_str, NI_MAXSERV * sizeof(char),
NI_NUMERICHOST | NI_NUMERICSERV))
errx(1, "Cannot get port number");
}
if (mallocd_res != 0) {
free(res->ai_addr);
free(res);
} else
freeaddrinfo(res);
res = NULL;
}
return (0);
}
/*
* Called after all the create_service() calls have succeeded, to complete
* the setup and registration.
*/
static void
complete_service(struct netconfig *nconf, char *port_str)
{
struct addrinfo hints, *res = NULL;
struct __rpc_sockinfo si;
struct netbuf servaddr;
SVCXPRT *transp = NULL;
int aicode, fd, nhostsbak;
int registered = 0;
if ((nconf->nc_semantics != NC_TPI_CLTS) &&
(nconf->nc_semantics != NC_TPI_COTS) &&
(nconf->nc_semantics != NC_TPI_COTS_ORD))
return; /* not my type */
/*
* XXX - using RPC library internal functions.
*/
if (!__rpc_nconf2sockinfo(nconf, &si)) {
syslog(LOG_ERR, "cannot get information for %s",
nconf->nc_netid);
return;
}
nhostsbak = nhosts;
while (nhostsbak > 0) {
--nhostsbak;
if (sock_fdpos >= sock_fdcnt) {
/* Should never happen. */
syslog(LOG_ERR, "Ran out of socket fd's");
return;
}
fd = sock_fd[sock_fdpos++];
if (fd < 0)
continue;
/*
* Using -1 tells listen(2) to use
* kern.ipc.soacceptqueue for the backlog.
*/
if (nconf->nc_semantics != NC_TPI_CLTS)
listen(fd, -1);
if (nconf->nc_semantics == NC_TPI_CLTS )
transp = svc_dg_create(fd, 0, 0);
else
transp = svc_vc_create(fd, RPC_MAXDATASIZE,
RPC_MAXDATASIZE);
if (transp != (SVCXPRT *) NULL) {
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS, mntsrv,
NULL))
syslog(LOG_ERR,
"can't register %s MOUNTVERS service",
nconf->nc_netid);
if (!force_v2) {
if (!svc_reg(transp, MOUNTPROG, MOUNTVERS3,
mntsrv, NULL))
syslog(LOG_ERR,
"can't register %s MOUNTVERS3 service",
nconf->nc_netid);
}
} else
syslog(LOG_WARNING, "can't create %s services",
nconf->nc_netid);
if (registered == 0) {
registered = 1;
memset(&hints, 0, sizeof hints);
hints.ai_flags = AI_PASSIVE;
hints.ai_family = si.si_af;
hints.ai_socktype = si.si_socktype;
hints.ai_protocol = si.si_proto;
if ((aicode = getaddrinfo(NULL, port_str, &hints,
&res)) != 0) {
syslog(LOG_ERR, "cannot get local address: %s",
gai_strerror(aicode));
exit(1);
}
servaddr.buf = malloc(res->ai_addrlen);
memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
servaddr.len = res->ai_addrlen;
rpcb_set(MOUNTPROG, MOUNTVERS, nconf, &servaddr);
rpcb_set(MOUNTPROG, MOUNTVERS3, nconf, &servaddr);
xcreated++;
freeaddrinfo(res);
}
} /* end while */
}
/*
* Clear out sockets after a failure to bind one of them, so that the
* cycle of socket creation/binding can start anew.
*/
static void
clearout_service(void)
{
int i;
for (i = 0; i < sock_fdcnt; i++) {
if (sock_fd[i] >= 0) {
shutdown(sock_fd[i], SHUT_RDWR);
close(sock_fd[i]);
}
}
}
static void
2010-12-20 09:28:28 +00:00
usage(void)
{
fprintf(stderr,
"usage: mountd [-2] [-d] [-e] [-l] [-n] [-p <port>] [-r] "
"[-S] [-h <bindip>] [export_file ...]\n");
exit(1);
}
/*
* The mount rpc service
*/
void
2010-12-20 09:28:28 +00:00
mntsrv(struct svc_req *rqstp, SVCXPRT *transp)
{
struct exportlist *ep;
struct dirlist *dp;
struct fhreturn fhr;
struct stat stb;
struct statfs fsb;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
char host[NI_MAXHOST], numerichost[NI_MAXHOST];
int lookup_failed = 1;
struct sockaddr *saddr;
u_short sport;
char rpcpath[MNTPATHLEN + 1], dirpath[MAXPATHLEN];
int defset, hostset;
long bad = 0;
sigset_t sighup_mask;
int numsecflavors, *secflavorsp;
sigemptyset(&sighup_mask);
sigaddset(&sighup_mask, SIGHUP);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
saddr = svc_getrpccaller(transp)->buf;
switch (saddr->sa_family) {
case AF_INET6:
sport = ntohs(((struct sockaddr_in6 *)saddr)->sin6_port);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
break;
case AF_INET:
sport = ntohs(((struct sockaddr_in *)saddr)->sin_port);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
break;
default:
syslog(LOG_ERR, "request from unknown address family");
return;
}
switch (rqstp->rq_proc) {
case MOUNTPROC_MNT:
case MOUNTPROC_UMNT:
case MOUNTPROC_UMNTALL:
lookup_failed = getnameinfo(saddr, saddr->sa_len, host,
sizeof host, NULL, 0, 0);
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
getnameinfo(saddr, saddr->sa_len, numerichost,
sizeof numerichost, NULL, 0, NI_NUMERICHOST);
switch (rqstp->rq_proc) {
case NULLPROC:
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
syslog(LOG_ERR, "can't send reply");
return;
case MOUNTPROC_MNT:
if (sport >= IPPORT_RESERVED && resvport_only) {
syslog(LOG_NOTICE,
"mount request from %s from unprivileged port",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
svcerr_weakauth(transp);
return;
}
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
syslog(LOG_NOTICE, "undecodable mount request from %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
svcerr_decode(transp);
return;
}
/*
* Get the real pathname and make sure it is a directory
* or a regular file if the -r option was specified
* and it exists.
*/
if (realpath(rpcpath, dirpath) == NULL ||
stat(dirpath, &stb) < 0 ||
statfs(dirpath, &fsb) < 0) {
chdir("/"); /* Just in case realpath doesn't */
syslog(LOG_NOTICE,
"mount request from %s for non existent path %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost, dirpath);
if (debug)
warnx("stat failed on %s", dirpath);
bad = ENOENT; /* We will send error reply later */
}
if (!bad &&
!S_ISDIR(stb.st_mode) &&
(dir_only || !S_ISREG(stb.st_mode))) {
syslog(LOG_NOTICE,
"mount request from %s for non-directory path %s",
numerichost, dirpath);
if (debug)
warnx("mounting non-directory %s", dirpath);
bad = ENOTDIR; /* We will send error reply later */
}
/* Check in the exports list */
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
if (bad)
ep = NULL;
else
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
ep = ex_search(&fsb.f_fsid, exphead);
hostset = defset = 0;
if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset,
&numsecflavors, &secflavorsp) ||
((dp = dirp_search(ep->ex_dirl, dirpath)) &&
chk_host(dp, saddr, &defset, &hostset, &numsecflavors,
&secflavorsp)) ||
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
(defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
scan_tree(ep->ex_dirl, saddr) == 0))) {
if (bad) {
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
(caddr_t)&bad))
syslog(LOG_ERR, "can't send reply");
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
return;
}
if (hostset & DP_HOSTSET) {
fhr.fhr_flag = hostset;
fhr.fhr_numsecflavors = numsecflavors;
fhr.fhr_secflavors = secflavorsp;
} else {
fhr.fhr_flag = defset;
fhr.fhr_numsecflavors = ep->ex_defnumsecflavors;
fhr.fhr_secflavors = ep->ex_defsecflavors;
}
fhr.fhr_vers = rqstp->rq_vers;
/* Get the file handle */
memset(&fhr.fhr_fh, 0, sizeof(nfsfh_t));
if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) {
bad = errno;
syslog(LOG_ERR, "can't get fh for %s", dirpath);
if (!svc_sendreply(transp, (xdrproc_t)xdr_long,
(caddr_t)&bad))
syslog(LOG_ERR, "can't send reply");
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
return;
}
if (!svc_sendreply(transp, (xdrproc_t)xdr_fhs,
(caddr_t)&fhr))
syslog(LOG_ERR, "can't send reply");
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (!lookup_failed)
add_mlist(host, dirpath);
else
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
add_mlist(numerichost, dirpath);
if (debug)
warnx("mount successful");
if (dolog)
syslog(LOG_NOTICE,
"mount request succeeded from %s for %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost, dirpath);
} else {
if (!bad)
bad = EACCES;
syslog(LOG_NOTICE,
"mount request denied from %s for %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost, dirpath);
}
if (bad && !svc_sendreply(transp, (xdrproc_t)xdr_long,
(caddr_t)&bad))
syslog(LOG_ERR, "can't send reply");
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
return;
case MOUNTPROC_DUMP:
if (!svc_sendreply(transp, (xdrproc_t)xdr_mlist, (caddr_t)NULL))
syslog(LOG_ERR, "can't send reply");
else if (dolog)
syslog(LOG_NOTICE,
"dump request succeeded from %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
return;
case MOUNTPROC_UMNT:
if (sport >= IPPORT_RESERVED && resvport_only) {
syslog(LOG_NOTICE,
"umount request from %s from unprivileged port",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
svcerr_weakauth(transp);
return;
}
if (!svc_getargs(transp, (xdrproc_t)xdr_dir, rpcpath)) {
syslog(LOG_NOTICE, "undecodable umount request from %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
svcerr_decode(transp);
return;
}
if (realpath(rpcpath, dirpath) == NULL) {
syslog(LOG_NOTICE, "umount request from %s "
"for non existent path %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost, dirpath);
}
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
syslog(LOG_ERR, "can't send reply");
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (!lookup_failed)
del_mlist(host, dirpath);
del_mlist(numerichost, dirpath);
if (dolog)
syslog(LOG_NOTICE,
"umount request succeeded from %s for %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost, dirpath);
return;
case MOUNTPROC_UMNTALL:
if (sport >= IPPORT_RESERVED && resvport_only) {
syslog(LOG_NOTICE,
"umountall request from %s from unprivileged port",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
svcerr_weakauth(transp);
return;
}
if (!svc_sendreply(transp, (xdrproc_t)xdr_void, (caddr_t)NULL))
syslog(LOG_ERR, "can't send reply");
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (!lookup_failed)
del_mlist(host, NULL);
del_mlist(numerichost, NULL);
if (dolog)
syslog(LOG_NOTICE,
"umountall request succeeded from %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
return;
case MOUNTPROC_EXPORT:
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist, (caddr_t)NULL))
if (!svc_sendreply(transp, (xdrproc_t)xdr_explist_brief,
(caddr_t)NULL))
syslog(LOG_ERR, "can't send reply");
if (dolog)
syslog(LOG_NOTICE,
"export request succeeded from %s",
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
numerichost);
return;
default:
svcerr_noproc(transp);
return;
}
}
/*
* Xdr conversion for a dirpath string
*/
static int
2010-12-20 09:28:28 +00:00
xdr_dir(XDR *xdrsp, char *dirp)
{
return (xdr_string(xdrsp, &dirp, MNTPATHLEN));
}
/*
* Xdr routine to generate file handle reply
*/
static int
2010-12-20 09:28:28 +00:00
xdr_fhs(XDR *xdrsp, caddr_t cp)
{
struct fhreturn *fhrp = (struct fhreturn *)cp;
u_long ok = 0, len, auth;
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
int i;
if (!xdr_long(xdrsp, &ok))
return (0);
switch (fhrp->fhr_vers) {
case 1:
return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH));
case 3:
len = NFSX_V3FH;
if (!xdr_long(xdrsp, &len))
return (0);
if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len))
return (0);
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
if (fhrp->fhr_numsecflavors) {
if (!xdr_int(xdrsp, &fhrp->fhr_numsecflavors))
return (0);
for (i = 0; i < fhrp->fhr_numsecflavors; i++)
if (!xdr_int(xdrsp, &fhrp->fhr_secflavors[i]))
return (0);
return (1);
} else {
auth = AUTH_SYS;
len = 1;
if (!xdr_long(xdrsp, &len))
return (0);
return (xdr_long(xdrsp, &auth));
}
}
return (0);
}
static int
2010-12-20 09:28:28 +00:00
xdr_mlist(XDR *xdrsp, caddr_t cp __unused)
{
struct mountlist *mlp;
int true = 1;
int false = 0;
char *strp;
SLIST_FOREACH(mlp, &mlhead, next) {
if (!xdr_bool(xdrsp, &true))
return (0);
strp = &mlp->ml_host[0];
if (!xdr_string(xdrsp, &strp, MNTNAMLEN))
return (0);
strp = &mlp->ml_dirp[0];
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
return (0);
}
if (!xdr_bool(xdrsp, &false))
return (0);
return (1);
}
/*
* Xdr conversion for export list
*/
static int
2010-12-20 09:28:28 +00:00
xdr_explist_common(XDR *xdrsp, caddr_t cp __unused, int brief)
{
struct exportlist *ep;
int false = 0;
int putdef;
sigset_t sighup_mask;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
int i;
sigemptyset(&sighup_mask);
sigaddset(&sighup_mask, SIGHUP);
sigprocmask(SIG_BLOCK, &sighup_mask, NULL);
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
for (i = 0; i < exphashsize; i++)
SLIST_FOREACH(ep, &exphead[i], entries) {
putdef = 0;
if (put_exlist(ep->ex_dirl, xdrsp, ep->ex_defdir,
&putdef, brief))
goto errout;
if (ep->ex_defdir && putdef == 0 &&
put_exlist(ep->ex_defdir, xdrsp, NULL,
&putdef, brief))
goto errout;
}
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
if (!xdr_bool(xdrsp, &false))
return (0);
return (1);
errout:
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
return (0);
}
/*
* Called from xdr_explist() to traverse the tree and export the
* directory paths.
*/
static int
2010-12-20 09:28:28 +00:00
put_exlist(struct dirlist *dp, XDR *xdrsp, struct dirlist *adp, int *putdefp,
int brief)
{
struct grouplist *grp;
struct hostlist *hp;
int true = 1;
int false = 0;
int gotalldir = 0;
char *strp;
if (dp) {
if (put_exlist(dp->dp_left, xdrsp, adp, putdefp, brief))
return (1);
if (!xdr_bool(xdrsp, &true))
return (1);
strp = dp->dp_dirp;
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
return (1);
if (adp && !strcmp(dp->dp_dirp, adp->dp_dirp)) {
gotalldir = 1;
*putdefp = 1;
}
if (brief) {
if (!xdr_bool(xdrsp, &true))
return (1);
strp = "(...)";
if (!xdr_string(xdrsp, &strp, MNTPATHLEN))
return (1);
} else if ((dp->dp_flag & DP_DEFSET) == 0 &&
(gotalldir == 0 || (adp->dp_flag & DP_DEFSET) == 0)) {
hp = dp->dp_hosts;
while (hp) {
grp = hp->ht_grp;
if (grp->gr_type == GT_HOST) {
if (!xdr_bool(xdrsp, &true))
return (1);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
strp = grp->gr_ptr.gt_addrinfo->ai_canonname;
1995-05-30 06:12:45 +00:00
if (!xdr_string(xdrsp, &strp,
MNTNAMLEN))
return (1);
} else if (grp->gr_type == GT_NET) {
if (!xdr_bool(xdrsp, &true))
return (1);
strp = grp->gr_ptr.gt_net.nt_name;
1995-05-30 06:12:45 +00:00
if (!xdr_string(xdrsp, &strp,
MNTNAMLEN))
return (1);
}
hp = hp->ht_next;
if (gotalldir && hp == (struct hostlist *)NULL) {
hp = adp->dp_hosts;
gotalldir = 0;
}
}
}
if (!xdr_bool(xdrsp, &false))
return (1);
if (put_exlist(dp->dp_right, xdrsp, adp, putdefp, brief))
return (1);
}
return (0);
}
static int
2010-12-20 09:28:28 +00:00
xdr_explist(XDR *xdrsp, caddr_t cp)
{
return xdr_explist_common(xdrsp, cp, 0);
}
static int
2010-12-20 09:28:28 +00:00
xdr_explist_brief(XDR *xdrsp, caddr_t cp)
{
return xdr_explist_common(xdrsp, cp, 1);
}
static char *line;
static size_t linesize;
static FILE *exp_file;
/*
* Get the export list from one, currently open file
*/
static void
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
get_exportlist_one(int passno)
{
struct exportlist *ep;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
struct grouplist *grp, *tgrp, *savgrp;
struct dirlist *dirhead;
struct statfs fsb;
struct expcred anon;
char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
int len, has_host, got_nondir, dirplen, netgrp;
uint64_t exflags;
v4root_phase = 0;
anon.cr_groups = NULL;
dirhead = (struct dirlist *)NULL;
while (get_line()) {
if (debug)
warnx("got line %s", line);
cp = line;
nextfield(&cp, &endcp);
if (*cp == '#')
goto nextline;
/*
* Set defaults.
*/
has_host = FALSE;
anon.cr_groups = anon.cr_smallgrps;
anon.cr_uid = UID_NOBODY;
anon.cr_ngroups = 1;
anon.cr_groups[0] = GID_NOGROUP;
exflags = MNT_EXPORTED;
got_nondir = 0;
opt_flags = 0;
ep = (struct exportlist *)NULL;
dirp = NULL;
/*
* Handle the V4 root dir.
*/
if (*cp == 'V' && *(cp + 1) == '4' && *(cp + 2) == ':') {
/*
* V4: just indicates that it is the v4 root point,
* so skip over that and set v4root_phase.
*/
if (v4root_phase > 0) {
syslog(LOG_ERR, "V4:duplicate line, ignored");
goto nextline;
}
v4root_phase = 1;
cp += 3;
nextfield(&cp, &endcp);
}
/*
* Create new exports list entry
*/
len = endcp-cp;
tgrp = grp = get_grp();
while (len > 0) {
if (len > MNTNAMLEN) {
getexp_err(ep, tgrp, "mountpoint too long");
goto nextline;
}
if (*cp == '-') {
if (ep == (struct exportlist *)NULL) {
getexp_err(ep, tgrp,
"flag before export path definition");
goto nextline;
}
if (debug)
warnx("doing opt %s", cp);
got_nondir = 1;
if (do_opt(&cp, &endcp, ep, grp, &has_host,
&exflags, &anon)) {
getexp_err(ep, tgrp, NULL);
goto nextline;
}
} else if (*cp == '/') {
savedc = *endcp;
*endcp = '\0';
if (v4root_phase > 1) {
if (dirp != NULL) {
getexp_err(ep, tgrp, "Multiple V4 dirs");
goto nextline;
}
}
if (check_dirpath(cp) &&
statfs(cp, &fsb) >= 0) {
if ((fsb.f_flags & MNT_AUTOMOUNTED) != 0)
syslog(LOG_ERR, "Warning: exporting of "
"automounted fs %s not supported", cp);
if (got_nondir) {
getexp_err(ep, tgrp, "dirs must be first");
goto nextline;
}
if (v4root_phase == 1) {
if (dirp != NULL) {
getexp_err(ep, tgrp, "Multiple V4 dirs");
goto nextline;
}
if (strlen(v4root_dirpath) == 0) {
strlcpy(v4root_dirpath, cp,
sizeof (v4root_dirpath));
} else if (strcmp(v4root_dirpath, cp)
!= 0) {
syslog(LOG_ERR,
"different V4 dirpath %s", cp);
getexp_err(ep, tgrp, NULL);
goto nextline;
}
dirp = cp;
v4root_phase = 2;
got_nondir = 1;
ep = get_exp();
} else {
if (ep) {
if (fsidcmp(&ep->ex_fs, &fsb.f_fsid)
!= 0) {
getexp_err(ep, tgrp,
"fsid mismatch");
goto nextline;
}
} else {
/*
* See if this directory is already
* in the list.
*/
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
ep = ex_search(&fsb.f_fsid, exphead);
if (ep == (struct exportlist *)NULL) {
ep = get_exp();
ep->ex_fs = fsb.f_fsid;
ep->ex_fsdir = strdup(fsb.f_mntonname);
if (ep->ex_fsdir == NULL)
out_of_mem();
if (debug)
warnx(
"making new ep fs=0x%x,0x%x",
fsb.f_fsid.val[0],
fsb.f_fsid.val[1]);
} else if (debug)
warnx("found ep fs=0x%x,0x%x",
fsb.f_fsid.val[0],
fsb.f_fsid.val[1]);
}
/*
* Add dirpath to export mount point.
*/
dirp = add_expdir(&dirhead, cp, len);
dirplen = len;
}
} else {
getexp_err(ep, tgrp,
"symbolic link in export path or statfs failed");
goto nextline;
}
*endcp = savedc;
} else {
savedc = *endcp;
*endcp = '\0';
got_nondir = 1;
if (ep == (struct exportlist *)NULL) {
getexp_err(ep, tgrp,
"host(s) before export path definition");
goto nextline;
}
/*
* Get the host or netgroup.
*/
setnetgrent(cp);
netgrp = getnetgrent(&hst, &usr, &dom);
do {
if (has_host) {
grp->gr_next = get_grp();
grp = grp->gr_next;
}
if (netgrp) {
if (hst == 0) {
syslog(LOG_ERR,
"null hostname in netgroup %s, skipping", cp);
grp->gr_type = GT_IGNORE;
} else if (get_host(hst, grp, tgrp)) {
syslog(LOG_ERR,
"bad host %s in netgroup %s, skipping", hst, cp);
grp->gr_type = GT_IGNORE;
}
} else if (get_host(cp, grp, tgrp)) {
syslog(LOG_ERR, "bad host %s, skipping", cp);
grp->gr_type = GT_IGNORE;
}
has_host = TRUE;
} while (netgrp && getnetgrent(&hst, &usr, &dom));
endnetgrent();
*endcp = savedc;
}
cp = endcp;
nextfield(&cp, &endcp);
len = endcp - cp;
}
if (check_options(dirhead)) {
getexp_err(ep, tgrp, NULL);
goto nextline;
}
if (!has_host) {
grp->gr_type = GT_DEFAULT;
if (debug)
warnx("adding a default entry");
/*
* Don't allow a network export coincide with a list of
* host(s) on the same line.
*/
} else if ((opt_flags & OP_NET) && tgrp->gr_next) {
getexp_err(ep, tgrp, "network/host conflict");
goto nextline;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
/*
* If an export list was specified on this line, make sure
* that we have at least one valid entry, otherwise skip it.
*/
} else {
grp = tgrp;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
while (grp && grp->gr_type == GT_IGNORE)
grp = grp->gr_next;
if (! grp) {
getexp_err(ep, tgrp, "no valid entries");
goto nextline;
}
}
if (v4root_phase == 1) {
getexp_err(ep, tgrp, "V4:root, no dirp, ignored");
goto nextline;
}
/*
* Loop through hosts, pushing the exports into the kernel.
* After loop, tgrp points to the start of the list and
* grp points to the last entry in the list.
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
* Do not do the do_mount() for passno == 1, since the
* second pass will do it, as required.
*/
grp = tgrp;
do {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
grp->gr_exflags = exflags;
cp_cred(&grp->gr_anon, &anon);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if (v4root_phase == 2 && passno == 0)
LOGDEBUG("do_mount v4root");
if (passno == 0 && do_mount(ep, grp, exflags, &anon,
dirp, dirplen, &fsb, ep->ex_numsecflavors,
ep->ex_secflavors)) {
getexp_err(ep, tgrp, NULL);
goto nextline;
}
} while (grp->gr_next && (grp = grp->gr_next));
/*
* For V4: don't enter in mount lists.
*/
if (v4root_phase > 0 && v4root_phase <= 2) {
/*
* These structures are used for the reload,
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
* so save them for that case. Otherwise, just
* free them up now.
*/
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if (passno == 1 && ep != NULL) {
savgrp = tgrp;
while (tgrp != NULL) {
/*
* Save the security flavors and exflags
* for this host set in the groups.
*/
tgrp->gr_numsecflavors =
ep->ex_numsecflavors;
if (ep->ex_numsecflavors > 0)
memcpy(tgrp->gr_secflavors,
ep->ex_secflavors,
sizeof(ep->ex_secflavors));
tgrp = tgrp->gr_next;
}
if (v4root_ep == NULL) {
v4root_ep = ep;
ep = NULL; /* Don't free below. */
}
grp->gr_next = v4root_ep->ex_grphead;
v4root_ep->ex_grphead = savgrp;
}
if (ep != NULL)
free_exp(ep);
while (tgrp != NULL) {
grp = tgrp;
tgrp = tgrp->gr_next;
free_grp(grp);
}
goto nextline;
}
/*
* Success. Update the data structures.
*/
if (has_host) {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
hang_dirp(dirhead, tgrp, ep, opt_flags, &anon, exflags);
grp->gr_next = ep->ex_grphead;
ep->ex_grphead = tgrp;
} else {
hang_dirp(dirhead, (struct grouplist *)NULL, ep,
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
opt_flags, &anon, exflags);
free_grp(grp);
}
dirhead = (struct dirlist *)NULL;
if ((ep->ex_flag & EX_LINKED) == 0) {
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
insert_exports(ep, exphead);
ep->ex_flag |= EX_LINKED;
}
nextline:
v4root_phase = 0;
if (dirhead) {
free_dir(dirhead);
dirhead = (struct dirlist *)NULL;
}
if (anon.cr_groups != anon.cr_smallgrps) {
free(anon.cr_groups);
anon.cr_groups = NULL;
}
}
}
/*
* Get the export list from all specified files
*/
static void
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
get_exportlist(int passno)
{
struct export_args export;
struct iovec *iov;
struct statfs *mntbufp;
char errmsg[255];
int error, i, nfs_maxvers, num;
int iovlen;
struct nfsex_args eargs;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
FILE *debug_file;
size_t nfs_maxvers_size;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if ((debug_file = fopen(_PATH_MOUNTDDEBUG, "r")) != NULL) {
fclose(debug_file);
logdebug = 1;
} else
logdebug = 0;
LOGDEBUG("passno=%d", passno);
v4root_dirpath[0] = '\0';
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
free_v4rootexp();
if (passno == 1) {
/*
* Save the current lists as old ones, so that the new lists
* can be compared with the old ones in the 2nd pass.
*/
for (i = 0; i < exphashsize; i++) {
SLIST_FIRST(&oldexphead[i]) = SLIST_FIRST(&exphead[i]);
SLIST_INIT(&exphead[i]);
}
/* Note that the public fh has not yet been set. */
has_set_publicfh = 0;
/* Read the export file(s) and process them */
read_exportfile(passno);
} else {
/*
* Just make the old lists empty.
* exphashsize == 0 for the first call, before oldexphead
* has been initialized-->loop won't be executed.
*/
for (i = 0; i < exphashsize; i++)
SLIST_INIT(&oldexphead[i]);
}
bzero(&export, sizeof(export));
export.ex_flags = MNT_DELEXPORT;
iov = NULL;
iovlen = 0;
bzero(errmsg, sizeof(errmsg));
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if (suspend_nfsd != 0)
(void)nfssvc(NFSSVC_SUSPENDNFSD, NULL);
/*
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
* Delete the old V4 root dir.
*/
bzero(&eargs, sizeof (eargs));
eargs.export.ex_flags = MNT_DELEXPORT;
if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT, (caddr_t)&eargs) < 0 &&
errno != ENOENT)
syslog(LOG_ERR, "Can't delete exports for V4:");
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
build_iovec(&iov, &iovlen, "from", NULL, 0);
build_iovec(&iov, &iovlen, "update", NULL, 0);
build_iovec(&iov, &iovlen, "export", &export,
sizeof(export));
build_iovec(&iov, &iovlen, "errmsg", errmsg,
sizeof(errmsg));
/*
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
* For passno == 1, compare the old and new lists updating the kernel
* exports for any cases that have changed.
* This call is doing the second pass through the lists.
* If it fails, fall back on the bulk reload.
*/
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if (passno == 1 && compare_nmount_exportlist(iov, iovlen, errmsg) ==
0) {
LOGDEBUG("compareok");
/* Free up the old lists. */
free_exports(oldexphead);
} else {
LOGDEBUG("doing passno=0");
/*
* Clear flag that notes if a public fh has been exported.
* It is set by do_mount() if MNT_EXPUBLIC is set for the entry.
*/
has_publicfh = 0;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/* exphead == NULL if not yet allocated (first call). */
if (exphead != NULL) {
/*
* First, get rid of the old lists.
*/
free_exports(exphead);
free_exports(oldexphead);
}
/*
* And delete exports that are in the kernel for all local
* filesystems.
* XXX: Should know how to handle all local exportable
* filesystems.
*/
num = getmntinfo(&mntbufp, MNT_NOWAIT);
/* Allocate hash tables, for first call. */
if (exphead == NULL) {
/* Target an average linked list length of 10. */
exphashsize = num / 10;
if (exphashsize < 1)
exphashsize = 1;
else if (exphashsize > 100000)
exphashsize = 100000;
exphead = malloc(exphashsize * sizeof(*exphead));
oldexphead = malloc(exphashsize * sizeof(*oldexphead));
if (exphead == NULL || oldexphead == NULL)
errx(1, "Can't malloc hash tables");
for (i = 0; i < exphashsize; i++) {
SLIST_INIT(&exphead[i]);
SLIST_INIT(&oldexphead[i]);
}
}
for (i = 0; i < num; i++)
delete_export(iov, iovlen, &mntbufp[i], errmsg);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/* Read the export file(s) and process them */
read_exportfile(0);
}
if (strlen(v4root_dirpath) == 0) {
/* Check to see if a V4: line is needed. */
nfs_maxvers_size = sizeof(nfs_maxvers);
error = sysctlbyname("vfs.nfsd.server_max_nfsvers",
&nfs_maxvers, &nfs_maxvers_size, NULL, 0);
if (error != 0 || nfs_maxvers < NFS_VER2 || nfs_maxvers >
NFS_VER4) {
syslog(LOG_ERR, "sysctlbyname(vfs.nfsd."
"server_max_nfsvers) failed, defaulting to NFSv3");
nfs_maxvers = NFS_VER3;
}
if (nfs_maxvers == NFS_VER4)
syslog(LOG_ERR, "NFSv4 requires at least one V4: line");
}
if (iov != NULL) {
/* Free strings allocated by strdup() in getmntopts.c */
free(iov[0].iov_base); /* fstype */
free(iov[2].iov_base); /* fspath */
free(iov[4].iov_base); /* from */
free(iov[6].iov_base); /* update */
free(iov[8].iov_base); /* export */
free(iov[10].iov_base); /* errmsg */
/* free iov, allocated by realloc() */
free(iov);
iovlen = 0;
}
/*
* If there was no public fh, clear any previous one set.
*/
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
if (has_publicfh == 0) {
LOGDEBUG("clear public fh");
(void) nfssvc(NFSSVC_NOPUBLICFH, NULL);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
}
/* Resume the nfsd. If they weren't suspended, this is harmless. */
(void)nfssvc(NFSSVC_RESUMENFSD, NULL);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
LOGDEBUG("eo get_exportlist");
}
/*
* Insert an export entry in the appropriate list.
*/
static void
insert_exports(struct exportlist *ep, struct exportlisthead *exhp)
{
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
uint32_t i;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
i = EXPHASH(&ep->ex_fs);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
LOGDEBUG("fs=%s hash=%i", ep->ex_fsdir, i);
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
SLIST_INSERT_HEAD(&exhp[i], ep, entries);
}
/*
* Free up the exports lists passed in as arguments.
*/
static void
free_exports(struct exportlisthead *exhp)
{
struct exportlist *ep, *ep2;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
int i;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
for (i = 0; i < exphashsize; i++) {
SLIST_FOREACH_SAFE(ep, &exhp[i], entries, ep2) {
SLIST_REMOVE(&exhp[i], ep, exportlist, entries);
free_exp(ep);
}
SLIST_INIT(&exhp[i]);
}
}
/*
* Read the exports file(s) and call get_exportlist_one() for each line.
*/
static void
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
read_exportfile(int passno)
{
int done, i;
/*
* Read in the exports file and build the list, calling
* nmount() as we go along to push the export rules into the kernel.
*/
done = 0;
for (i = 0; exnames[i] != NULL; i++) {
if (debug)
warnx("reading exports from %s", exnames[i]);
if ((exp_file = fopen(exnames[i], "r")) == NULL) {
syslog(LOG_WARNING, "can't open %s", exnames[i]);
continue;
}
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
get_exportlist_one(passno);
fclose(exp_file);
done++;
}
if (done == 0) {
syslog(LOG_ERR, "can't open any exports file");
exit(2);
}
}
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/*
* Compare the export lists against the old ones and do nmount() operations
* for any cases that have changed. This avoids doing nmount() for entries
* that have not changed.
* Return 0 upon success, 1 otherwise.
*/
static int
compare_nmount_exportlist(struct iovec *iov, int iovlen, char *errmsg)
{
struct exportlist *ep, *oep;
struct grouplist *grp;
struct statfs fs, ofs;
int i, ret;
/*
* Loop through the current list and look for an entry in the old
* list.
* If found, check to see if it the same.
* If it is not the same, delete and re-export.
* Then mark it done on the old list.
* else (not found)
* export it.
* Any entries left in the old list after processing must have their
* exports deleted.
*/
for (i = 0; i < exphashsize; i++)
SLIST_FOREACH(ep, &exphead[i], entries) {
LOGDEBUG("foreach ep=%s", ep->ex_fsdir);
oep = ex_search(&ep->ex_fs, oldexphead);
if (oep != NULL) {
/*
* Check the mount paths are the same.
* If not, return 1 so that the reload of the
* exports will be done in bulk, the
* passno == 0 way.
*/
LOGDEBUG("found old exp");
if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
return (1);
LOGDEBUG("same fsdir");
/*
* Test to see if the entry is the same.
* If not the same delete exports and
* re-export.
*/
if (compare_export(ep, oep) != 0) {
/*
* Clear has_publicfh if if was set
* in the old exports, but only if it
* has not been set during processing of
* the exports for this pass, as
* indicated by has_set_publicfh.
*/
if (has_set_publicfh == 0 &&
(oep->ex_flag & EX_PUBLICFH) != 0)
has_publicfh = 0;
/* Delete and re-export. */
if (statfs(ep->ex_fsdir, &fs) < 0)
return (1);
delete_export(iov, iovlen, &fs, errmsg);
ret = do_export_mount(ep, &fs);
if (ret != 0)
return (ret);
}
oep->ex_flag |= EX_DONE;
LOGDEBUG("exdone");
} else {
LOGDEBUG("not found so export");
/* Not found, so do export. */
if (statfs(ep->ex_fsdir, &fs) < 0)
return (1);
ret = do_export_mount(ep, &fs);
if (ret != 0)
return (ret);
}
}
/* Delete exports not done. */
for (i = 0; i < exphashsize; i++)
SLIST_FOREACH(oep, &oldexphead[i], entries) {
if ((oep->ex_flag & EX_DONE) == 0) {
LOGDEBUG("not done delete=%s", oep->ex_fsdir);
if (statfs(oep->ex_fsdir, &ofs) >= 0 &&
fsidcmp(&oep->ex_fs, &ofs.f_fsid) == 0) {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
LOGDEBUG("do delete");
/*
* Clear has_publicfh if if was set
* in the old exports, but only if it
* has not been set during processing of
* the exports for this pass, as
* indicated by has_set_publicfh.
*/
if (has_set_publicfh == 0 &&
(oep->ex_flag & EX_PUBLICFH) != 0)
has_publicfh = 0;
delete_export(iov, iovlen, &ofs,
errmsg);
}
}
}
/* Do the V4 root exports, as required. */
grp = NULL;
if (v4root_ep != NULL)
grp = v4root_ep->ex_grphead;
v4root_phase = 2;
while (v4root_ep != NULL && grp != NULL) {
LOGDEBUG("v4root expath=%s", v4root_dirpath);
ret = do_mount(v4root_ep, grp, grp->gr_exflags, &grp->gr_anon,
v4root_dirpath, strlen(v4root_dirpath), &fs,
grp->gr_numsecflavors, grp->gr_secflavors);
if (ret != 0) {
v4root_phase = 0;
return (ret);
}
grp = grp->gr_next;
}
v4root_phase = 0;
free_v4rootexp();
return (0);
}
/*
* Compare old and current exportlist entries for the fsid and return 0
* if they are the same, 1 otherwise.
*/
static int
compare_export(struct exportlist *ep, struct exportlist *oep)
{
struct grouplist *grp, *ogrp;
if (strcmp(ep->ex_fsdir, oep->ex_fsdir) != 0)
return (1);
if ((ep->ex_flag & EX_DEFSET) != (oep->ex_flag & EX_DEFSET))
return (1);
if ((ep->ex_defdir != NULL && oep->ex_defdir == NULL) ||
(ep->ex_defdir == NULL && oep->ex_defdir != NULL))
return (1);
if (ep->ex_defdir != NULL && (ep->ex_defdir->dp_flag & DP_DEFSET) !=
(oep->ex_defdir->dp_flag & DP_DEFSET))
return (1);
if ((ep->ex_flag & EX_DEFSET) != 0 && (ep->ex_defnumsecflavors !=
oep->ex_defnumsecflavors || ep->ex_defexflags !=
oep->ex_defexflags || compare_cred(&ep->ex_defanon,
&oep->ex_defanon) != 0 || compare_secflavor(ep->ex_defsecflavors,
oep->ex_defsecflavors, ep->ex_defnumsecflavors) != 0))
return (1);
/* Now, check all the groups. */
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
ogrp->gr_flag = 0;
for (grp = ep->ex_grphead; grp != NULL; grp = grp->gr_next) {
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp =
ogrp->gr_next)
if ((ogrp->gr_flag & GR_FND) == 0 &&
grp->gr_numsecflavors == ogrp->gr_numsecflavors &&
grp->gr_exflags == ogrp->gr_exflags &&
compare_cred(&grp->gr_anon, &ogrp->gr_anon) == 0 &&
compare_secflavor(grp->gr_secflavors,
ogrp->gr_secflavors, grp->gr_numsecflavors) == 0)
break;
if (ogrp != NULL)
ogrp->gr_flag |= GR_FND;
else
return (1);
}
for (ogrp = oep->ex_grphead; ogrp != NULL; ogrp = ogrp->gr_next)
if ((ogrp->gr_flag & GR_FND) == 0)
return (1);
return (0);
}
/*
* This algorithm compares two arrays of "n" items. It returns 0 if they are
* the "same" and 1 otherwise. Although suboptimal, it is always safe to
* return 1, which makes compare_nmount_export() reload the exports entry.
* "same" refers to having the same set of values in the two arrays.
* The arrays are in no particular order and duplicates (multiple entries
* in an array with the same value) is allowed.
* The algorithm is inefficient, but the common case of indentical arrays is
* handled first and "n" is normally fairly small.
* Since the two functions need the same algorithm but for arrays of
* different types (gid_t vs int), this is done as a macro.
*/
#define COMPARE_ARRAYS(a1, a2, n) \
do { \
int fnd, fndarray[(n)], i, j; \
/* Handle common case of identical arrays. */ \
for (i = 0; i < (n); i++) \
if ((a1)[i] != (a2)[i]) \
break; \
if (i == (n)) \
return (0); \
for (i = 0; i < (n); i++) \
fndarray[i] = 0; \
for (i = 0; i < (n); i++) { \
fnd = 0; \
for (j = 0; j < (n); j++) { \
if ((a1)[i] == (a2)[j]) { \
fndarray[j] = 1; \
fnd = 1; \
} \
} \
if (fnd == 0) \
return (1); \
} \
for (i = 0; i < (n); i++) \
if (fndarray[i] == 0) \
return (1); \
return (0); \
} while (0)
/*
* Compare two struct expcred's. Return 0 if the same and 1 otherwise.
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
*/
static int
compare_cred(struct expcred *cr0, struct expcred *cr1)
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
{
if (cr0->cr_uid != cr1->cr_uid || cr0->cr_ngroups != cr1->cr_ngroups)
return (1);
COMPARE_ARRAYS(cr0->cr_groups, cr1->cr_groups, cr0->cr_ngroups);
}
/*
* Compare two lists of security flavors. Return 0 if the same and 1 otherwise.
*/
static int
compare_secflavor(int *sec1, int *sec2, int nsec)
{
COMPARE_ARRAYS(sec1, sec2, nsec);
}
/*
* Delete an exports entry.
*/
static void
delete_export(struct iovec *iov, int iovlen, struct statfs *fsp, char *errmsg)
{
struct xvfsconf vfc;
if (getvfsbyname(fsp->f_fstypename, &vfc) != 0) {
syslog(LOG_ERR, "getvfsbyname() failed for %s",
fsp->f_fstypename);
return;
}
/*
* We do not need to delete "export" flag from
* filesystems that do not have it set.
*/
if (!(fsp->f_flags & MNT_EXPORTED))
return;
/*
* Do not delete export for network filesystem by
* passing "export" arg to nmount().
* It only makes sense to do this for local filesystems.
*/
if (vfc.vfc_flags & VFCF_NETWORK)
return;
iov[1].iov_base = fsp->f_fstypename;
iov[1].iov_len = strlen(fsp->f_fstypename) + 1;
iov[3].iov_base = fsp->f_mntonname;
iov[3].iov_len = strlen(fsp->f_mntonname) + 1;
iov[5].iov_base = fsp->f_mntfromname;
iov[5].iov_len = strlen(fsp->f_mntfromname) + 1;
errmsg[0] = '\0';
/*
* EXDEV is returned when path exists but is not a
* mount point. May happens if raced with unmount.
*/
if (nmount(iov, iovlen, fsp->f_flags) < 0 && errno != ENOENT &&
errno != ENOTSUP && errno != EXDEV) {
syslog(LOG_ERR,
"can't delete exports for %s: %m %s",
fsp->f_mntonname, errmsg);
}
}
/*
* Allocate an export list element
*/
static struct exportlist *
2010-12-20 09:28:28 +00:00
get_exp(void)
{
struct exportlist *ep;
ep = (struct exportlist *)calloc(1, sizeof (struct exportlist));
if (ep == (struct exportlist *)NULL)
out_of_mem();
return (ep);
}
/*
* Allocate a group list element
*/
static struct grouplist *
2010-12-20 09:28:28 +00:00
get_grp(void)
{
struct grouplist *gp;
gp = (struct grouplist *)calloc(1, sizeof (struct grouplist));
if (gp == (struct grouplist *)NULL)
out_of_mem();
return (gp);
}
/*
* Clean up upon an error in get_exportlist().
*/
static void
getexp_err(struct exportlist *ep, struct grouplist *grp, const char *reason)
{
struct grouplist *tgrp;
if (!(opt_flags & OP_QUIET)) {
if (reason != NULL)
syslog(LOG_ERR, "bad exports list line '%s': %s", line,
reason);
else
syslog(LOG_ERR, "bad exports list line '%s'", line);
}
if (ep && (ep->ex_flag & EX_LINKED) == 0)
free_exp(ep);
while (grp) {
tgrp = grp;
grp = grp->gr_next;
free_grp(tgrp);
}
}
/*
* Search the export list for a matching fs.
*/
static struct exportlist *
ex_search(fsid_t *fsid, struct exportlisthead *exhp)
{
struct exportlist *ep;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
uint32_t i;
Replace a single linked list with a hash table of lists. mountd.c uses a single linked list of "struct exportlist" structures, where there is one of these for each exported file system on the NFS server. This list gets long if there are a large number of file systems exported and the list must be searched for each line in the exports file(s) when SIGHUP causes the exports file(s) to be reloaded. A simple benchmark that traverses SLIST() elements and compares two 32bit fields in the structure for equal (which is what the search is) appears to take a couple of nsec. So, for a server with 72000 exported file systems, this can take about 5sec during reload of the exports file(s). By replacing the single linked list with a hash table with a target of 10 elements per list, the time should be reduced to less than 1msec. Peter Errikson (who has a server with 72000+ exported file systems) ran a test program using 5 hashes to see how they worked. fnv_32_buf(fsid,..., 0) fnv_32_buf(fsid,..., FNV1_32_INIT) hash32_buf(fsid,..., 0) hash32_buf(fsid,..., HASHINIT) - plus simply using the low order bits of fsid.val[0]. The first three behaved about equally well, with the first one being slightly better than the others. It has an average variation of about 4.5% about the target list length and that is what this patch uses. Peter Errikson also tested this hash table version and found that the performance wasn't measurably improved by a larger hash table, so a load factor of 10 appears adequate. Tested by: pen@lysator.liu.se (with other patches) PR: 237860 MFC after: 1 month
2019-05-31 01:28:48 +00:00
i = EXPHASH(fsid);
SLIST_FOREACH(ep, &exhp[i], entries) {
if (fsidcmp(&ep->ex_fs, fsid) == 0)
return (ep);
}
return (ep);
}
/*
* Add a directory path to the list.
*/
static char *
2010-12-20 09:28:28 +00:00
add_expdir(struct dirlist **dpp, char *cp, int len)
{
struct dirlist *dp;
dp = malloc(sizeof (struct dirlist));
if (dp == (struct dirlist *)NULL)
out_of_mem();
dp->dp_left = *dpp;
dp->dp_right = (struct dirlist *)NULL;
dp->dp_flag = 0;
dp->dp_hosts = (struct hostlist *)NULL;
dp->dp_dirp = strndup(cp, len);
if (dp->dp_dirp == NULL)
out_of_mem();
*dpp = dp;
return (dp->dp_dirp);
}
/*
* Hang the dir list element off the dirpath binary tree as required
* and update the entry for host.
*/
static void
2010-12-20 09:28:28 +00:00
hang_dirp(struct dirlist *dp, struct grouplist *grp, struct exportlist *ep,
int flags, struct expcred *anoncrp, uint64_t exflags)
{
struct hostlist *hp;
struct dirlist *dp2;
if (flags & OP_ALLDIRS) {
if (ep->ex_defdir)
free((caddr_t)dp);
else
ep->ex_defdir = dp;
if (grp == (struct grouplist *)NULL) {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ep->ex_flag |= EX_DEFSET;
ep->ex_defdir->dp_flag |= DP_DEFSET;
/* Save the default security flavors list. */
ep->ex_defnumsecflavors = ep->ex_numsecflavors;
if (ep->ex_numsecflavors > 0)
memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
sizeof(ep->ex_secflavors));
cp_cred(&ep->ex_defanon, anoncrp);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ep->ex_defexflags = exflags;
} else while (grp) {
hp = get_ht();
hp->ht_grp = grp;
hp->ht_next = ep->ex_defdir->dp_hosts;
ep->ex_defdir->dp_hosts = hp;
/* Save the security flavors list for this host set. */
grp->gr_numsecflavors = ep->ex_numsecflavors;
if (ep->ex_numsecflavors > 0)
memcpy(grp->gr_secflavors, ep->ex_secflavors,
sizeof(ep->ex_secflavors));
grp = grp->gr_next;
}
} else {
/*
* Loop through the directories adding them to the tree.
*/
while (dp) {
dp2 = dp->dp_left;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
add_dlist(&ep->ex_dirl, dp, grp, flags, ep, anoncrp,
exflags);
dp = dp2;
}
}
}
/*
* Traverse the binary tree either updating a node that is already there
* for the new directory or adding the new node.
*/
static void
2010-12-20 09:28:28 +00:00
add_dlist(struct dirlist **dpp, struct dirlist *newdp, struct grouplist *grp,
int flags, struct exportlist *ep, struct expcred *anoncrp,
uint64_t exflags)
{
struct dirlist *dp;
struct hostlist *hp;
int cmp;
dp = *dpp;
if (dp) {
cmp = strcmp(dp->dp_dirp, newdp->dp_dirp);
if (cmp > 0) {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
add_dlist(&dp->dp_left, newdp, grp, flags, ep, anoncrp,
exflags);
return;
} else if (cmp < 0) {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
add_dlist(&dp->dp_right, newdp, grp, flags, ep, anoncrp,
exflags);
return;
} else
free((caddr_t)newdp);
} else {
dp = newdp;
dp->dp_left = (struct dirlist *)NULL;
*dpp = dp;
}
if (grp) {
/*
* Hang all of the host(s) off of the directory point.
*/
do {
hp = get_ht();
hp->ht_grp = grp;
hp->ht_next = dp->dp_hosts;
dp->dp_hosts = hp;
/* Save the security flavors list for this host set. */
grp->gr_numsecflavors = ep->ex_numsecflavors;
if (ep->ex_numsecflavors > 0)
memcpy(grp->gr_secflavors, ep->ex_secflavors,
sizeof(ep->ex_secflavors));
grp = grp->gr_next;
} while (grp);
} else {
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ep->ex_flag |= EX_DEFSET;
dp->dp_flag |= DP_DEFSET;
/* Save the default security flavors list. */
ep->ex_defnumsecflavors = ep->ex_numsecflavors;
if (ep->ex_numsecflavors > 0)
memcpy(ep->ex_defsecflavors, ep->ex_secflavors,
sizeof(ep->ex_secflavors));
cp_cred(&ep->ex_defanon, anoncrp);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ep->ex_defexflags = exflags;
}
}
/*
* Search for a dirpath on the export point.
*/
static struct dirlist *
2010-12-20 09:28:28 +00:00
dirp_search(struct dirlist *dp, char *dirp)
{
int cmp;
if (dp) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
cmp = strcmp(dp->dp_dirp, dirp);
if (cmp > 0)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
return (dirp_search(dp->dp_left, dirp));
else if (cmp < 0)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
return (dirp_search(dp->dp_right, dirp));
else
return (dp);
}
return (dp);
}
/*
* Scan for a host match in a directory tree.
*/
static int
2010-12-20 09:28:28 +00:00
chk_host(struct dirlist *dp, struct sockaddr *saddr, int *defsetp,
int *hostsetp, int *numsecflavors, int **secflavorsp)
{
struct hostlist *hp;
struct grouplist *grp;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct addrinfo *ai;
if (dp) {
if (dp->dp_flag & DP_DEFSET)
*defsetp = dp->dp_flag;
hp = dp->dp_hosts;
while (hp) {
grp = hp->ht_grp;
switch (grp->gr_type) {
case GT_HOST:
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
ai = grp->gr_ptr.gt_addrinfo;
for (; ai; ai = ai->ai_next) {
if (!sacmp(ai->ai_addr, saddr, NULL)) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
*hostsetp =
(hp->ht_flag | DP_HOSTSET);
if (numsecflavors != NULL) {
*numsecflavors =
grp->gr_numsecflavors;
*secflavorsp =
grp->gr_secflavors;
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
return (1);
}
}
break;
case GT_NET:
if (!sacmp(saddr, (struct sockaddr *)
&grp->gr_ptr.gt_net.nt_net,
(struct sockaddr *)
&grp->gr_ptr.gt_net.nt_mask)) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
*hostsetp = (hp->ht_flag | DP_HOSTSET);
if (numsecflavors != NULL) {
*numsecflavors =
grp->gr_numsecflavors;
*secflavorsp =
grp->gr_secflavors;
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
return (1);
}
break;
}
hp = hp->ht_next;
}
}
return (0);
}
/*
* Scan tree for a host that matches the address.
*/
static int
2010-12-20 09:28:28 +00:00
scan_tree(struct dirlist *dp, struct sockaddr *saddr)
{
int defset, hostset;
if (dp) {
if (scan_tree(dp->dp_left, saddr))
return (1);
if (chk_host(dp, saddr, &defset, &hostset, NULL, NULL))
return (1);
if (scan_tree(dp->dp_right, saddr))
return (1);
}
return (0);
}
/*
* Traverse the dirlist tree and free it up.
*/
static void
2010-12-20 09:28:28 +00:00
free_dir(struct dirlist *dp)
{
if (dp) {
free_dir(dp->dp_left);
free_dir(dp->dp_right);
free_host(dp->dp_hosts);
free(dp->dp_dirp);
free(dp);
}
}
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
/*
* Parse a colon separated list of security flavors
*/
static int
2010-12-20 09:28:28 +00:00
parsesec(char *seclist, struct exportlist *ep)
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
{
char *cp, savedc;
int flavor;
ep->ex_numsecflavors = 0;
for (;;) {
cp = strchr(seclist, ':');
if (cp) {
savedc = *cp;
*cp = '\0';
}
if (!strcmp(seclist, "sys"))
flavor = AUTH_SYS;
else if (!strcmp(seclist, "krb5"))
flavor = RPCSEC_GSS_KRB5;
else if (!strcmp(seclist, "krb5i"))
flavor = RPCSEC_GSS_KRB5I;
else if (!strcmp(seclist, "krb5p"))
flavor = RPCSEC_GSS_KRB5P;
else {
if (cp)
*cp = savedc;
syslog(LOG_ERR, "bad sec flavor: %s", seclist);
return (1);
}
if (ep->ex_numsecflavors == MAXSECFLAVORS) {
if (cp)
*cp = savedc;
syslog(LOG_ERR, "too many sec flavors: %s", seclist);
return (1);
}
ep->ex_secflavors[ep->ex_numsecflavors] = flavor;
ep->ex_numsecflavors++;
if (cp) {
*cp = savedc;
seclist = cp + 1;
} else {
break;
}
}
return (0);
}
/*
* Parse the option string and update fields.
* Option arguments may either be -<option>=<value> or
* -<option> <value>
*/
static int
2010-12-20 09:28:28 +00:00
do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
int *has_hostp, uint64_t *exflagsp, struct expcred *cr)
{
char *cpoptarg, *cpoptend;
char *cp, *endcp, *cpopt, savedc, savedc2;
int allflag, usedarg;
savedc2 = '\0';
cpopt = *cpp;
cpopt++;
cp = *endcpp;
savedc = *cp;
*cp = '\0';
while (cpopt && *cpopt) {
allflag = 1;
usedarg = -2;
if ((cpoptend = strchr(cpopt, ','))) {
*cpoptend++ = '\0';
if ((cpoptarg = strchr(cpopt, '=')))
*cpoptarg++ = '\0';
} else {
if ((cpoptarg = strchr(cpopt, '=')))
*cpoptarg++ = '\0';
else {
*cp = savedc;
nextfield(&cp, &endcp);
**endcpp = '\0';
if (endcp > cp && *cp != '-') {
cpoptarg = cp;
savedc2 = *endcp;
*endcp = '\0';
usedarg = 0;
}
}
}
if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) {
*exflagsp |= MNT_EXRDONLY;
} else if (cpoptarg && (!strcmp(cpopt, "maproot") ||
!(allflag = strcmp(cpopt, "mapall")) ||
!strcmp(cpopt, "root") || !strcmp(cpopt, "r"))) {
usedarg++;
parsecred(cpoptarg, cr);
if (allflag == 0) {
*exflagsp |= MNT_EXPORTANON;
opt_flags |= OP_MAPALL;
} else
opt_flags |= OP_MAPROOT;
} else if (cpoptarg && (!strcmp(cpopt, "mask") ||
!strcmp(cpopt, "m"))) {
if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 1)) {
syslog(LOG_ERR, "bad mask: %s", cpoptarg);
return (1);
}
usedarg++;
opt_flags |= OP_MASK;
} else if (cpoptarg && (!strcmp(cpopt, "network") ||
!strcmp(cpopt, "n"))) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (strchr(cpoptarg, '/') != NULL) {
if (debug)
fprintf(stderr, "setting OP_MASKLEN\n");
opt_flags |= OP_MASKLEN;
}
if (grp->gr_type != GT_NULL) {
syslog(LOG_ERR, "network/host conflict");
return (1);
} else if (get_net(cpoptarg, &grp->gr_ptr.gt_net, 0)) {
syslog(LOG_ERR, "bad net: %s", cpoptarg);
return (1);
}
grp->gr_type = GT_NET;
*has_hostp = 1;
usedarg++;
opt_flags |= OP_NET;
} else if (!strcmp(cpopt, "alldirs")) {
opt_flags |= OP_ALLDIRS;
} else if (!strcmp(cpopt, "public")) {
*exflagsp |= MNT_EXPUBLIC;
} else if (!strcmp(cpopt, "webnfs")) {
*exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON);
opt_flags |= OP_MAPALL;
} else if (cpoptarg && !strcmp(cpopt, "index")) {
ep->ex_indexfile = strdup(cpoptarg);
} else if (!strcmp(cpopt, "quiet")) {
opt_flags |= OP_QUIET;
} else if (cpoptarg && !strcmp(cpopt, "sec")) {
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
if (parsesec(cpoptarg, ep))
return (1);
opt_flags |= OP_SEC;
usedarg++;
} else if (!strcmp(cpopt, "tls")) {
*exflagsp |= MNT_EXTLS;
} else if (!strcmp(cpopt, "tlscert")) {
*exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT);
} else if (!strcmp(cpopt, "tlscertuser")) {
*exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT |
MNT_EXTLSCERTUSER);
} else {
syslog(LOG_ERR, "bad opt %s", cpopt);
return (1);
}
if (usedarg >= 0) {
*endcp = savedc2;
**endcpp = savedc;
if (usedarg > 0) {
*cpp = cp;
*endcpp = endcp;
}
return (0);
}
cpopt = cpoptend;
}
**endcpp = savedc;
return (0);
}
/*
* Translate a character string to the corresponding list of network
* addresses for a hostname.
*/
static int
2010-12-20 09:28:28 +00:00
get_host(char *cp, struct grouplist *grp, struct grouplist *tgrp)
{
struct grouplist *checkgrp;
struct addrinfo *ai, *tai, hints;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
int ecode;
char host[NI_MAXHOST];
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (grp->gr_type != GT_NULL) {
syslog(LOG_ERR, "Bad netgroup type for ip host %s", cp);
return (1);
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
memset(&hints, 0, sizeof hints);
hints.ai_flags = AI_CANONNAME;
hints.ai_protocol = IPPROTO_UDP;
ecode = getaddrinfo(cp, NULL, &hints, &ai);
if (ecode != 0) {
syslog(LOG_ERR,"can't get address info for host %s", cp);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
return 1;
}
grp->gr_ptr.gt_addrinfo = ai;
while (ai != NULL) {
if (ai->ai_canonname == NULL) {
if (getnameinfo(ai->ai_addr, ai->ai_addrlen, host,
sizeof host, NULL, 0, NI_NUMERICHOST) != 0)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
strlcpy(host, "?", sizeof(host));
ai->ai_canonname = strdup(host);
ai->ai_flags |= AI_CANONNAME;
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (debug)
fprintf(stderr, "got host %s\n", ai->ai_canonname);
/*
* Sanity check: make sure we don't already have an entry
* for this host in the grouplist.
*/
for (checkgrp = tgrp; checkgrp != NULL;
checkgrp = checkgrp->gr_next) {
if (checkgrp->gr_type != GT_HOST)
continue;
for (tai = checkgrp->gr_ptr.gt_addrinfo; tai != NULL;
tai = tai->ai_next) {
if (sacmp(tai->ai_addr, ai->ai_addr, NULL) != 0)
continue;
if (debug)
fprintf(stderr,
"ignoring duplicate host %s\n",
ai->ai_canonname);
grp->gr_type = GT_IGNORE;
return (0);
}
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
ai = ai->ai_next;
}
grp->gr_type = GT_HOST;
return (0);
}
/*
* Free up an exports list component
*/
static void
2010-12-20 09:28:28 +00:00
free_exp(struct exportlist *ep)
{
struct grouplist *grp, *tgrp;
if (ep->ex_defdir) {
free_host(ep->ex_defdir->dp_hosts);
free((caddr_t)ep->ex_defdir);
}
if (ep->ex_fsdir)
free(ep->ex_fsdir);
if (ep->ex_indexfile)
free(ep->ex_indexfile);
free_dir(ep->ex_dirl);
grp = ep->ex_grphead;
while (grp) {
tgrp = grp;
grp = grp->gr_next;
free_grp(tgrp);
}
if (ep->ex_defanon.cr_groups != ep->ex_defanon.cr_smallgrps)
free(ep->ex_defanon.cr_groups);
free((caddr_t)ep);
}
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/*
* Free up the v4root exports.
*/
static void
free_v4rootexp(void)
{
if (v4root_ep != NULL) {
free_exp(v4root_ep);
v4root_ep = NULL;
}
}
/*
* Free hosts.
*/
static void
2010-12-20 09:28:28 +00:00
free_host(struct hostlist *hp)
{
struct hostlist *hp2;
while (hp) {
hp2 = hp;
hp = hp->ht_next;
free((caddr_t)hp2);
}
}
static struct hostlist *
2010-12-20 09:28:28 +00:00
get_ht(void)
{
struct hostlist *hp;
hp = (struct hostlist *)malloc(sizeof (struct hostlist));
if (hp == (struct hostlist *)NULL)
out_of_mem();
hp->ht_next = (struct hostlist *)NULL;
hp->ht_flag = 0;
return (hp);
}
/*
* Out of memory, fatal
*/
static void
2010-12-20 09:28:28 +00:00
out_of_mem(void)
{
syslog(LOG_ERR, "out of memory");
exit(2);
}
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
/*
* Call do_mount() from the struct exportlist, for each case needed.
*/
static int
do_export_mount(struct exportlist *ep, struct statfs *fsp)
{
struct grouplist *grp, defgrp;
int ret;
size_t dirlen;
LOGDEBUG("do_export_mount=%s", ep->ex_fsdir);
dirlen = strlen(ep->ex_fsdir);
if ((ep->ex_flag & EX_DEFSET) != 0) {
defgrp.gr_type = GT_DEFAULT;
defgrp.gr_next = NULL;
/* We have an entry for all other hosts/nets. */
LOGDEBUG("ex_defexflags=0x%jx", (uintmax_t)ep->ex_defexflags);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ret = do_mount(ep, &defgrp, ep->ex_defexflags, &ep->ex_defanon,
ep->ex_fsdir, dirlen, fsp, ep->ex_defnumsecflavors,
ep->ex_defsecflavors);
if (ret != 0)
return (ret);
}
/* Do a mount for each group. */
grp = ep->ex_grphead;
while (grp != NULL) {
LOGDEBUG("do mount gr_type=0x%x gr_exflags=0x%jx",
grp->gr_type, (uintmax_t)grp->gr_exflags);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
ret = do_mount(ep, grp, grp->gr_exflags, &grp->gr_anon,
ep->ex_fsdir, dirlen, fsp, grp->gr_numsecflavors,
grp->gr_secflavors);
if (ret != 0)
return (ret);
grp = grp->gr_next;
}
return (0);
}
/*
* Do the nmount() syscall with the update flag to push the export info into
* the kernel.
*/
static int
do_mount(struct exportlist *ep, struct grouplist *grp, uint64_t exflags,
struct expcred *anoncrp, char *dirp, int dirplen, struct statfs *fsb,
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
int numsecflavors, int *secflavors)
{
struct statfs fsb1;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct addrinfo *ai;
struct export_args *eap;
char errmsg[255];
char *cp;
int done;
char savedc;
struct iovec *iov;
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
int i, iovlen;
int ret;
struct nfsex_args nfsea;
eap = &nfsea.export;
cp = NULL;
savedc = '\0';
iov = NULL;
iovlen = 0;
ret = 0;
bzero(eap, sizeof (struct export_args));
bzero(errmsg, sizeof(errmsg));
eap->ex_flags = exflags;
eap->ex_uid = anoncrp->cr_uid;
eap->ex_ngroups = anoncrp->cr_ngroups;
if (eap->ex_ngroups > 0) {
eap->ex_groups = malloc(eap->ex_ngroups * sizeof(gid_t));
memcpy(eap->ex_groups, anoncrp->cr_groups, eap->ex_ngroups *
sizeof(gid_t));
}
LOGDEBUG("do_mount exflags=0x%jx", (uintmax_t)exflags);
eap->ex_indexfile = ep->ex_indexfile;
if (grp->gr_type == GT_HOST)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
ai = grp->gr_ptr.gt_addrinfo;
else
ai = NULL;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
eap->ex_numsecflavors = numsecflavors;
LOGDEBUG("do_mount numsec=%d", numsecflavors);
for (i = 0; i < eap->ex_numsecflavors; i++)
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
eap->ex_secflavors[i] = secflavors[i];
if (eap->ex_numsecflavors == 0) {
eap->ex_numsecflavors = 1;
eap->ex_secflavors[0] = AUTH_SYS;
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
2008-11-03 10:38:00 +00:00
}
done = FALSE;
if (v4root_phase == 0) {
build_iovec(&iov, &iovlen, "fstype", NULL, 0);
build_iovec(&iov, &iovlen, "fspath", NULL, 0);
build_iovec(&iov, &iovlen, "from", NULL, 0);
build_iovec(&iov, &iovlen, "update", NULL, 0);
build_iovec(&iov, &iovlen, "export", eap,
sizeof (struct export_args));
build_iovec(&iov, &iovlen, "errmsg", errmsg, sizeof(errmsg));
}
while (!done) {
switch (grp->gr_type) {
case GT_HOST:
if (ai->ai_addr->sa_family == AF_INET6 && have_v6 == 0)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
goto skip;
eap->ex_addr = ai->ai_addr;
eap->ex_addrlen = ai->ai_addrlen;
eap->ex_masklen = 0;
break;
case GT_NET:
if (grp->gr_ptr.gt_net.nt_net.ss_family == AF_INET6 &&
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
have_v6 == 0)
goto skip;
eap->ex_addr =
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_net;
eap->ex_addrlen =
((struct sockaddr *)&grp->gr_ptr.gt_net.nt_net)->sa_len;
eap->ex_mask =
(struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask;
eap->ex_masklen = ((struct sockaddr *)&grp->gr_ptr.gt_net.nt_mask)->sa_len;
break;
case GT_DEFAULT:
eap->ex_addr = NULL;
eap->ex_addrlen = 0;
eap->ex_mask = NULL;
eap->ex_masklen = 0;
break;
case GT_IGNORE:
ret = 0;
goto error_exit;
break;
default:
syslog(LOG_ERR, "bad grouptype");
if (cp)
*cp = savedc;
ret = 1;
goto error_exit;
}
/*
* For V4:, use the nfssvc() syscall, instead of mount().
*/
if (v4root_phase == 2) {
nfsea.fspec = v4root_dirpath;
if (nfssvc(NFSSVC_V4ROOTEXPORT | NFSSVC_NEWSTRUCT,
(caddr_t)&nfsea) < 0) {
syslog(LOG_ERR, "Exporting V4: failed");
ret = 2;
goto error_exit;
}
} else {
/*
* XXX:
* Maybe I should just use the fsb->f_mntonname path
* instead of looping back up the dirp to the mount
* point??
* Also, needs to know how to export all types of local
* exportable filesystems and not just "ufs".
*/
iov[1].iov_base = fsb->f_fstypename; /* "fstype" */
iov[1].iov_len = strlen(fsb->f_fstypename) + 1;
iov[3].iov_base = fsb->f_mntonname; /* "fspath" */
iov[3].iov_len = strlen(fsb->f_mntonname) + 1;
iov[5].iov_base = fsb->f_mntfromname; /* "from" */
iov[5].iov_len = strlen(fsb->f_mntfromname) + 1;
errmsg[0] = '\0';
while (nmount(iov, iovlen, fsb->f_flags) < 0) {
if (cp)
*cp-- = savedc;
else
cp = dirp + dirplen - 1;
if (opt_flags & OP_QUIET) {
ret = 1;
goto error_exit;
}
if (errno == EPERM) {
if (debug)
warnx("can't change attributes for %s: %s",
dirp, errmsg);
syslog(LOG_ERR,
"can't change attributes for %s: %s",
dirp, errmsg);
ret = 1;
goto error_exit;
}
if (opt_flags & OP_ALLDIRS) {
if (errno == EINVAL)
syslog(LOG_ERR,
"-alldirs requested but %s is not a filesystem mountpoint",
dirp);
else
syslog(LOG_ERR,
"could not remount %s: %m",
dirp);
ret = 1;
goto error_exit;
}
/* back up over the last component */
while (cp > dirp && *cp == '/')
cp--;
while (cp > dirp && *(cp - 1) != '/')
cp--;
if (cp == dirp) {
if (debug)
warnx("mnt unsucc");
syslog(LOG_ERR, "can't export %s %s",
dirp, errmsg);
ret = 1;
goto error_exit;
}
savedc = *cp;
*cp = '\0';
/*
* Check that we're still on the same
* filesystem.
*/
if (statfs(dirp, &fsb1) != 0 ||
fsidcmp(&fsb1.f_fsid, &fsb->f_fsid) != 0) {
*cp = savedc;
syslog(LOG_ERR,
"can't export %s %s", dirp,
errmsg);
ret = 1;
goto error_exit;
}
}
}
/*
* For the experimental server:
* If this is the public directory, get the file handle
* and load it into the kernel via the nfssvc() syscall.
*/
if ((exflags & MNT_EXPUBLIC) != 0) {
fhandle_t fh;
char *public_name;
if (eap->ex_indexfile != NULL)
public_name = eap->ex_indexfile;
else
public_name = dirp;
if (getfh(public_name, &fh) < 0)
syslog(LOG_ERR,
"Can't get public fh for %s", public_name);
else if (nfssvc(NFSSVC_PUBLICFH, (caddr_t)&fh) < 0)
syslog(LOG_ERR,
"Can't set public fh for %s", public_name);
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
else {
has_publicfh = 1;
Modify mountd so that it incrementally updates the kernel exports upon a reload. Without this patch, mountd would delete/load all exports from the exports file(s) when it receives a SIGHUP. This works fine for small exports file(s), but can take several seconds to do when there are large numbers (10000+) of exported file systems. Most of this time is spent doing the system calls that delete/export each of these file systems. When the "-S" option has been specified (the default these days), the nfsd threads are suspended for several seconds while the reload is done. This patch changes mountd so that it only does system calls for file systems where the exports have been changed/added/deleted as compared to the exports done for the previous load/reload of the exports file(s). Basically, when SIGHUP is posted to mountd, it saves the exportlist structures from the previous load and creates a new set of structures from the current exports file(s). Then it compares the current with the previous and only does system calls for cases that have been changed/added/deleted. The nfsd threads do not need to be suspended until the comparison step is being done. This results in a suspension period of milliseconds for a server with 10000+ exported file systems. There is some code using a LOGDEBUG() macro that allow runtime debugging output via syslog(LOG_DEBUG,...) that can be enabled by creating a file called /var/log/mountd.debug. This code is expected to be replaced with code that uses dtrace by cy@ in the near future, once issues w.r.t. dtrace in stable/12 have been resolved. The patch should not change the usage of the exports file(s), but improves the performance of reloading large exports file(s) where there are only a small number of changes done to the file(s). Tested by: pen@lysator.liu.se PR: 237860 Reviewed by: kib MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20487
2019-06-03 22:58:51 +00:00
has_set_publicfh = 1;
ep->ex_flag |= EX_PUBLICFH;
}
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
skip:
if (ai != NULL)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
ai = ai->ai_next;
if (ai == NULL)
done = TRUE;
}
if (cp)
*cp = savedc;
error_exit:
free(eap->ex_groups);
/* free strings allocated by strdup() in getmntopts.c */
if (iov != NULL) {
free(iov[0].iov_base); /* fstype */
free(iov[2].iov_base); /* fspath */
free(iov[4].iov_base); /* from */
free(iov[6].iov_base); /* update */
free(iov[8].iov_base); /* export */
free(iov[10].iov_base); /* errmsg */
/* free iov, allocated by realloc() */
free(iov);
}
return (ret);
}
/*
* Translate a net address.
*
* If `maskflg' is nonzero, then `cp' is a netmask, not a network address.
*/
static int
2010-12-20 09:28:28 +00:00
get_net(char *cp, struct netmsk *net, int maskflg)
{
struct netent *np = NULL;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
char *name, *p, *prefp;
struct sockaddr_in sin;
struct sockaddr *sa = NULL;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
struct addrinfo hints, *ai = NULL;
char netname[NI_MAXHOST];
long preflen;
p = prefp = NULL;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if ((opt_flags & OP_MASKLEN) && !maskflg) {
p = strchr(cp, '/');
*p = '\0';
prefp = p + 1;
}
/*
* Check for a numeric address first. We wish to avoid
* possible DNS lookups in getnetbyname().
*/
if (isxdigit(*cp) || *cp == ':') {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
memset(&hints, 0, sizeof hints);
/* Ensure the mask and the network have the same family. */
if (maskflg && (opt_flags & OP_NET))
hints.ai_family = net->nt_net.ss_family;
else if (!maskflg && (opt_flags & OP_HAVEMASK))
hints.ai_family = net->nt_mask.ss_family;
else
hints.ai_family = AF_UNSPEC;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(cp, NULL, &hints, &ai) == 0)
sa = ai->ai_addr;
if (sa != NULL && ai->ai_family == AF_INET) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
/*
* The address in `cp' is really a network address, so
* use inet_network() to re-interpret this correctly.
* e.g. "127.1" means 127.1.0.0, not 127.0.0.1.
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
*/
bzero(&sin, sizeof sin);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
sin.sin_family = AF_INET;
sin.sin_len = sizeof sin;
sin.sin_addr = inet_makeaddr(inet_network(cp), 0);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (debug)
fprintf(stderr, "get_net: v4 addr %s\n",
inet_ntoa(sin.sin_addr));
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
sa = (struct sockaddr *)&sin;
}
}
if (sa == NULL && (np = getnetbyname(cp)) != NULL) {
bzero(&sin, sizeof sin);
sin.sin_family = AF_INET;
sin.sin_len = sizeof sin;
sin.sin_addr = inet_makeaddr(np->n_net, 0);
sa = (struct sockaddr *)&sin;
}
if (sa == NULL)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
goto fail;
if (maskflg) {
/* The specified sockaddr is a mask. */
if (checkmask(sa) != 0)
goto fail;
bcopy(sa, &net->nt_mask, sa->sa_len);
opt_flags |= OP_HAVEMASK;
} else {
/* The specified sockaddr is a network address. */
bcopy(sa, &net->nt_net, sa->sa_len);
/* Get a network name for the export list. */
if (np) {
name = np->n_name;
} else if (getnameinfo(sa, sa->sa_len, netname, sizeof netname,
NULL, 0, NI_NUMERICHOST) == 0) {
name = netname;
} else {
goto fail;
}
if ((net->nt_name = strdup(name)) == NULL)
out_of_mem();
/*
* Extract a mask from either a "/<masklen>" suffix, or
* from the class of an IPv4 address.
*/
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (opt_flags & OP_MASKLEN) {
preflen = strtol(prefp, NULL, 10);
if (preflen < 0L || preflen == LONG_MAX)
goto fail;
bcopy(sa, &net->nt_mask, sa->sa_len);
if (makemask(&net->nt_mask, (int)preflen) != 0)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
goto fail;
opt_flags |= OP_HAVEMASK;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
*p = '/';
} else if (sa->sa_family == AF_INET &&
(opt_flags & OP_MASK) == 0) {
in_addr_t addr;
addr = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
if (IN_CLASSA(addr))
preflen = 8;
else if (IN_CLASSB(addr))
preflen = 16;
else if (IN_CLASSC(addr))
preflen = 24;
else if (IN_CLASSD(addr))
preflen = 28;
else
preflen = 32; /* XXX */
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
bcopy(sa, &net->nt_mask, sa->sa_len);
makemask(&net->nt_mask, (int)preflen);
opt_flags |= OP_HAVEMASK;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (ai)
freeaddrinfo(ai);
return 0;
fail:
if (ai)
freeaddrinfo(ai);
return 1;
}
/*
* Parse out the next white space separated field
*/
static void
2010-12-20 09:28:28 +00:00
nextfield(char **cp, char **endcp)
{
char *p;
char quot = 0;
p = *cp;
while (*p == ' ' || *p == '\t')
p++;
*cp = p;
while (*p != '\0') {
if (quot) {
if (*p == quot)
quot = 0;
} else {
if (*p == '\\' && *(p + 1) != '\0')
p++;
else if (*p == '\'' || *p == '"')
quot = *p;
else if (*p == ' ' || *p == '\t')
break;
}
p++;
};
*endcp = p;
}
/*
* Get an exports file line. Skip over blank lines and handle line
* continuations.
*/
static int
2010-12-20 09:28:28 +00:00
get_line(void)
{
char *p, *cp;
size_t len;
int totlen, cont_line;
/*
* Loop around ignoring blank lines and getting all continuation lines.
*/
p = line;
totlen = 0;
do {
if ((p = fgetln(exp_file, &len)) == NULL)
return (0);
cp = p + len - 1;
cont_line = 0;
while (cp >= p &&
(*cp == ' ' || *cp == '\t' || *cp == '\n' || *cp == '\\')) {
if (*cp == '\\')
cont_line = 1;
cp--;
len--;
}
if (cont_line) {
*++cp = ' ';
len++;
}
if (linesize < len + totlen + 1) {
linesize = len + totlen + 1;
line = realloc(line, linesize);
if (line == NULL)
out_of_mem();
}
memcpy(line + totlen, p, len);
totlen += len;
line[totlen] = '\0';
} while (totlen == 0 || cont_line);
return (1);
}
/*
* Parse a description of a credential.
*/
static void
parsecred(char *namelist, struct expcred *cr)
{
char *name;
int inpos;
char *names;
struct passwd *pw;
struct group *gr;
gid_t groups[NGROUPS_MAX + 1];
int ngroups;
/*
* Set up the unprivileged user.
*/
cr->cr_groups = cr->cr_smallgrps;
cr->cr_uid = UID_NOBODY;
cr->cr_groups[0] = GID_NOGROUP;
cr->cr_ngroups = 1;
/*
* Get the user's password table entry.
*/
names = namelist;
name = strsep_quote(&names, ":");
/* Bug? name could be NULL here */
if (isdigit(*name) || *name == '-')
pw = getpwuid(atoi(name));
else
pw = getpwnam(name);
/*
* Credentials specified as those of a user.
*/
if (names == NULL) {
if (pw == NULL) {
syslog(LOG_ERR, "unknown user: %s", name);
return;
}
cr->cr_uid = pw->pw_uid;
ngroups = NGROUPS_MAX + 1;
if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
syslog(LOG_ERR, "too many groups");
ngroups = NGROUPS_MAX + 1;
}
/*
* Compress out duplicate.
*/
if (ngroups > 1 && groups[0] == groups[1]) {
ngroups--;
inpos = 2;
} else
inpos = 1;
if (ngroups > NGROUPS_MAX)
ngroups = NGROUPS_MAX;
if (ngroups > SMALLNGROUPS)
cr->cr_groups = malloc(ngroups * sizeof(gid_t));
cr->cr_ngroups = ngroups;
cr->cr_groups[0] = groups[0];
memcpy(&cr->cr_groups[1], &groups[inpos], (ngroups - 1) *
sizeof(gid_t));
return;
}
/*
* Explicit credential specified as a colon separated list:
* uid:gid:gid:...
*/
if (pw != NULL)
cr->cr_uid = pw->pw_uid;
else if (isdigit(*name) || *name == '-')
cr->cr_uid = atoi(name);
else {
syslog(LOG_ERR, "unknown user: %s", name);
return;
}
cr->cr_ngroups = 0;
while (names != NULL && *names != '\0' && cr->cr_ngroups < NGROUPS_MAX) {
name = strsep_quote(&names, ":");
if (isdigit(*name) || *name == '-') {
groups[cr->cr_ngroups++] = atoi(name);
} else {
if ((gr = getgrnam(name)) == NULL) {
syslog(LOG_ERR, "unknown group: %s", name);
continue;
}
groups[cr->cr_ngroups++] = gr->gr_gid;
}
}
if (names != NULL && *names != '\0' && cr->cr_ngroups == NGROUPS_MAX)
syslog(LOG_ERR, "too many groups");
if (cr->cr_ngroups > SMALLNGROUPS)
cr->cr_groups = malloc(cr->cr_ngroups * sizeof(gid_t));
memcpy(cr->cr_groups, groups, cr->cr_ngroups * sizeof(gid_t));
}
#define STRSIZ (MNTNAMLEN+MNTPATHLEN+50)
/*
* Routines that maintain the remote mounttab
*/
static void
2010-12-20 09:28:28 +00:00
get_mountlist(void)
{
struct mountlist *mlp;
char *host, *dirp, *cp;
char str[STRSIZ];
FILE *mlfile;
if ((mlfile = fopen(_PATH_RMOUNTLIST, "r")) == NULL) {
if (errno == ENOENT)
return;
else {
syslog(LOG_ERR, "can't open %s", _PATH_RMOUNTLIST);
return;
}
}
while (fgets(str, STRSIZ, mlfile) != NULL) {
cp = str;
host = strsep(&cp, " \t\n");
dirp = strsep(&cp, " \t\n");
if (host == NULL || dirp == NULL)
continue;
mlp = (struct mountlist *)malloc(sizeof (*mlp));
if (mlp == (struct mountlist *)NULL)
out_of_mem();
strncpy(mlp->ml_host, host, MNTNAMLEN);
mlp->ml_host[MNTNAMLEN] = '\0';
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
mlp->ml_dirp[MNTPATHLEN] = '\0';
SLIST_INSERT_HEAD(&mlhead, mlp, next);
}
fclose(mlfile);
}
static void
del_mlist(char *hostp, char *dirp)
{
struct mountlist *mlp, *mlp2;
FILE *mlfile;
int fnd = 0;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
SLIST_FOREACH_SAFE(mlp, &mlhead, next, mlp2) {
if (!strcmp(mlp->ml_host, hostp) &&
(!dirp || !strcmp(mlp->ml_dirp, dirp))) {
fnd = 1;
SLIST_REMOVE(&mlhead, mlp, mountlist, next);
free((caddr_t)mlp);
}
}
if (fnd) {
if ((mlfile = fopen(_PATH_RMOUNTLIST, "w")) == NULL) {
syslog(LOG_ERR,"can't update %s", _PATH_RMOUNTLIST);
return;
}
SLIST_FOREACH(mlp, &mlhead, next) {
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
}
fclose(mlfile);
}
}
static void
2010-12-20 09:28:28 +00:00
add_mlist(char *hostp, char *dirp)
{
struct mountlist *mlp;
FILE *mlfile;
SLIST_FOREACH(mlp, &mlhead, next) {
if (!strcmp(mlp->ml_host, hostp) && !strcmp(mlp->ml_dirp, dirp))
return;
}
mlp = (struct mountlist *)malloc(sizeof (*mlp));
if (mlp == (struct mountlist *)NULL)
out_of_mem();
strncpy(mlp->ml_host, hostp, MNTNAMLEN);
mlp->ml_host[MNTNAMLEN] = '\0';
strncpy(mlp->ml_dirp, dirp, MNTPATHLEN);
mlp->ml_dirp[MNTPATHLEN] = '\0';
SLIST_INSERT_HEAD(&mlhead, mlp, next);
if ((mlfile = fopen(_PATH_RMOUNTLIST, "a")) == NULL) {
syslog(LOG_ERR, "can't update %s", _PATH_RMOUNTLIST);
return;
}
fprintf(mlfile, "%s %s\n", mlp->ml_host, mlp->ml_dirp);
fclose(mlfile);
}
/*
* Free up a group list.
*/
static void
2010-12-20 09:28:28 +00:00
free_grp(struct grouplist *grp)
{
if (grp->gr_type == GT_HOST) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (grp->gr_ptr.gt_addrinfo != NULL)
freeaddrinfo(grp->gr_ptr.gt_addrinfo);
} else if (grp->gr_type == GT_NET) {
if (grp->gr_ptr.gt_net.nt_name)
free(grp->gr_ptr.gt_net.nt_name);
}
if (grp->gr_anon.cr_groups != grp->gr_anon.cr_smallgrps)
free(grp->gr_anon.cr_groups);
free((caddr_t)grp);
}
#ifdef DEBUG
static void
SYSLOG(int pri, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
}
#endif /* DEBUG */
/*
* Check options for consistency.
*/
static int
2010-12-20 09:28:28 +00:00
check_options(struct dirlist *dp)
{
if (v4root_phase == 0 && dp == NULL)
return (1);
if ((opt_flags & (OP_MAPROOT | OP_MAPALL)) == (OP_MAPROOT | OP_MAPALL)) {
syslog(LOG_ERR, "-mapall and -maproot mutually exclusive");
return (1);
}
if ((opt_flags & OP_MASK) && (opt_flags & OP_NET) == 0) {
syslog(LOG_ERR, "-mask requires -network");
return (1);
}
if ((opt_flags & OP_NET) && (opt_flags & OP_HAVEMASK) == 0) {
syslog(LOG_ERR, "-network requires mask specification");
return (1);
}
if ((opt_flags & OP_MASK) && (opt_flags & OP_MASKLEN)) {
syslog(LOG_ERR, "-mask and /masklen are mutually exclusive");
return (1);
}
if (v4root_phase > 0 &&
(opt_flags &
~(OP_SEC | OP_MASK | OP_NET | OP_HAVEMASK | OP_MASKLEN)) != 0) {
syslog(LOG_ERR,"only -sec,-net,-mask options allowed on V4:");
return (1);
}
if ((opt_flags & OP_ALLDIRS) && dp->dp_left) {
syslog(LOG_ERR, "-alldirs has multiple directories");
return (1);
}
return (0);
}
/*
* Check an absolute directory path for any symbolic links. Return true
*/
static int
2010-12-20 09:28:28 +00:00
check_dirpath(char *dirp)
{
char *cp;
int ret = 1;
struct stat sb;
cp = dirp + 1;
while (*cp && ret) {
if (*cp == '/') {
*cp = '\0';
if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
ret = 0;
*cp = '/';
}
cp++;
}
if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode))
ret = 0;
return (ret);
}
/*
* Make a netmask according to the specified prefix length. The ss_family
* and other non-address fields must be initialised before calling this.
*/
static int
makemask(struct sockaddr_storage *ssp, int bitlen)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
{
u_char *p;
int bits, i, len;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if ((p = sa_rawaddr((struct sockaddr *)ssp, &len)) == NULL)
return (-1);
if (bitlen > len * CHAR_BIT)
return (-1);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
for (i = 0; i < len; i++) {
bits = MIN(CHAR_BIT, bitlen);
*p++ = (u_char)~0 << (CHAR_BIT - bits);
bitlen -= bits;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
return 0;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
/*
* Check that the sockaddr is a valid netmask. Returns 0 if the mask
* is acceptable (i.e. of the form 1...10....0).
*/
static int
checkmask(struct sockaddr *sa)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
{
u_char *mask;
int i, len;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if ((mask = sa_rawaddr(sa, &len)) == NULL)
return (-1);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
for (i = 0; i < len; i++)
if (mask[i] != 0xff)
break;
if (i < len) {
if (~mask[i] & (u_char)(~mask[i] + 1))
return (-1);
i++;
}
for (; i < len; i++)
if (mask[i] != 0)
return (-1);
return (0);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
/*
* Compare two sockaddrs according to a specified mask. Return zero if
* `sa1' matches `sa2' when filtered by the netmask in `samask'.
2011-12-30 10:58:14 +00:00
* If samask is NULL, perform a full comparison.
*/
static int
sacmp(struct sockaddr *sa1, struct sockaddr *sa2, struct sockaddr *samask)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
{
unsigned char *p1, *p2, *mask;
int len, i;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if (sa1->sa_family != sa2->sa_family ||
(p1 = sa_rawaddr(sa1, &len)) == NULL ||
(p2 = sa_rawaddr(sa2, NULL)) == NULL)
return (1);
switch (sa1->sa_family) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case AF_INET6:
if (((struct sockaddr_in6 *)sa1)->sin6_scope_id !=
((struct sockaddr_in6 *)sa2)->sin6_scope_id)
return (1);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
break;
}
/* Simple binary comparison if no mask specified. */
if (samask == NULL)
return (memcmp(p1, p2, len));
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
/* Set up the mask, and do a mask-based comparison. */
if (sa1->sa_family != samask->sa_family ||
(mask = sa_rawaddr(samask, NULL)) == NULL)
return (1);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
for (i = 0; i < len; i++)
if ((p1[i] & mask[i]) != (p2[i] & mask[i]))
return (1);
return (0);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
/*
* Return a pointer to the part of the sockaddr that contains the
* raw address, and set *nbytes to its length in bytes. Returns
* NULL if the address family is unknown.
*/
static void *
sa_rawaddr(struct sockaddr *sa, int *nbytes) {
void *p;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
int len;
switch (sa->sa_family) {
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case AF_INET:
len = sizeof(((struct sockaddr_in *)sa)->sin_addr);
p = &((struct sockaddr_in *)sa)->sin_addr;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
break;
case AF_INET6:
len = sizeof(((struct sockaddr_in6 *)sa)->sin6_addr);
p = &((struct sockaddr_in6 *)sa)->sin6_addr;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
break;
default:
p = NULL;
len = 0;
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
if (nbytes != NULL)
*nbytes = len;
return (p);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
}
static void
2010-12-20 09:28:28 +00:00
huphandler(int sig __unused)
{
got_sighup = 1;
}
static void
terminate(int sig __unused)
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
{
pidfile_remove(pfh);
rpcb_unset(MOUNTPROG, MOUNTVERS, NULL);
rpcb_unset(MOUNTPROG, MOUNTVERS3, NULL);
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
exit (0);
}
static void
cp_cred(struct expcred *outcr, struct expcred *incr)
{
outcr->cr_uid = incr->cr_uid;
outcr->cr_ngroups = incr->cr_ngroups;
if (outcr->cr_ngroups > SMALLNGROUPS)
outcr->cr_groups = malloc(outcr->cr_ngroups * sizeof(gid_t));
else
outcr->cr_groups = outcr->cr_smallgrps;
memcpy(outcr->cr_groups, incr->cr_groups, incr->cr_ngroups *
sizeof(gid_t));
}