diff options
author | dfr <dfr@FreeBSD.org> | 1995-06-27 11:07:30 +0000 |
---|---|---|
committer | dfr <dfr@FreeBSD.org> | 1995-06-27 11:07:30 +0000 |
commit | 666343f7f055c064375d48bb9a608730d7145beb (patch) | |
tree | 372bad41f8c547f40d0826ed596c53dc772ab986 /usr.sbin | |
parent | 6da3ef32238f37b3b45cf709205fcff60bcbda7f (diff) | |
download | FreeBSD-src-666343f7f055c064375d48bb9a608730d7145beb.zip FreeBSD-src-666343f7f055c064375d48bb9a608730d7145beb.tar.gz |
Changes to support version 3 of the NFS protocol.
The version 2 support has been tested (client+server) against FreeBSD-2.0,
IRIX 5.3 and FreeBSD-current (using a loopback mount). The version 2 support
is stable AFAIK.
The version 3 support has been tested with a loopback mount and minimally
against an IRIX 5.3 server. It needs more testing and may have problems.
I have patched amd to support the new variable length filehandles although
it will still only use version 2 of the protocol.
Before booting a kernel with these changes, nfs clients will need to at least
build and install /usr/sbin/mount_nfs. Servers will need to build and
install /usr/sbin/mountd.
NFS diskless support is untested.
Obtained from: Rick Macklem <rick@snowhite.cis.uoguelph.ca>
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/amd/amd/afs_ops.c | 5 | ||||
-rw-r--r-- | usr.sbin/amd/amd/nfs_ops.c | 5 | ||||
-rw-r--r-- | usr.sbin/amd/config/os-bsd44.h | 7 | ||||
-rw-r--r-- | usr.sbin/mountd/exports.5 | 10 | ||||
-rw-r--r-- | usr.sbin/mountd/mountd.8 | 17 | ||||
-rw-r--r-- | usr.sbin/mountd/mountd.c | 247 | ||||
-rw-r--r-- | usr.sbin/nfsd/nfsd.8 | 3 | ||||
-rw-r--r-- | usr.sbin/nfsd/nfsd.c | 110 | ||||
-rw-r--r-- | usr.sbin/pstat/pstat.c | 2 |
9 files changed, 292 insertions, 114 deletions
diff --git a/usr.sbin/amd/amd/afs_ops.c b/usr.sbin/amd/amd/afs_ops.c index 73f39a8..d10a262 100644 --- a/usr.sbin/amd/amd/afs_ops.c +++ b/usr.sbin/amd/amd/afs_ops.c @@ -37,7 +37,7 @@ * * @(#)afs_ops.c 8.1 (Berkeley) 6/6/93 * - * $Id: afs_ops.c,v 1.1.1.1 1994/05/26 05:22:03 rgrimes Exp $ + * $Id: afs_ops.c,v 1.2 1995/05/30 03:45:43 rgrimes Exp $ * */ @@ -144,6 +144,9 @@ char *opts; } NFS_FH_DREF(nfs_args.fh, (NFS_FH_TYPE) fhp); +#ifdef NFSv3 + nfs_args.fhsize = FHSIZE; +#endif /* * Create sockaddr to point to the local machine. 127.0.0.1 diff --git a/usr.sbin/amd/amd/nfs_ops.c b/usr.sbin/amd/amd/nfs_ops.c index 1d92974..eed5b71 100644 --- a/usr.sbin/amd/amd/nfs_ops.c +++ b/usr.sbin/amd/amd/nfs_ops.c @@ -35,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: nfs_ops.c,v 1.2 1995/02/13 01:56:22 wpaul Exp $ + * $Id: nfs_ops.c,v 1.3 1995/05/30 03:45:52 rgrimes Exp $ */ #ifndef lint @@ -529,6 +529,9 @@ mntfs *mf; * set mount args */ NFS_FH_DREF(nfs_args.fh, (NFS_FH_TYPE) fhp->fhstatus_u.fhs_fhandle); +#ifdef NFSv3 + nfs_args.fhsize = FHSIZE; +#endif #ifdef ULTRIX_HACK nfs_args.optstr = mnt.mnt_opts; diff --git a/usr.sbin/amd/config/os-bsd44.h b/usr.sbin/amd/config/os-bsd44.h index fa41cfe..863ebfa 100644 --- a/usr.sbin/amd/config/os-bsd44.h +++ b/usr.sbin/amd/config/os-bsd44.h @@ -37,7 +37,7 @@ * * @(#)os-bsd44.h 8.1 (Berkeley) 6/6/93 * - * $Id: os-bsd44.h,v 1.1.1.1 1994/05/26 05:22:07 rgrimes Exp $ + * $Id: os-bsd44.h,v 1.2 1995/01/20 20:58:54 wollman Exp $ * * 4.4 BSD definitions for Amd (automounter) */ @@ -61,6 +61,7 @@ */ #define NFS_44 #define HAS_TCP_NFS +#define NFSv3 /* * Does this OS have NDBM support? @@ -170,7 +171,11 @@ struct mntent { * Type of a file handle */ #undef NFS_FH_TYPE +#ifdef NFSv3 +#define NFS_FH_TYPE fhandle_t * +#else #define NFS_FH_TYPE nfsv2fh_t * +#endif /* * How to get a mount list diff --git a/usr.sbin/mountd/exports.5 b/usr.sbin/mountd/exports.5 index d32527f..fc521f2 100644 --- a/usr.sbin/mountd/exports.5 +++ b/usr.sbin/mountd/exports.5 @@ -49,7 +49,9 @@ file specifies remote mount points for the mount protocol per the .Tn NFS server specification; see -.%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" . +.%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" +and +.%T "NFS: Network File System Version 3 Specification, Appendix I" . .Pp Each line in the file (other than comment lines that begin with a #) @@ -71,7 +73,8 @@ The second is to specify the pathname of the root of the filesystem followed by the .Fl alldirs flag; -this form allows the host(s) to mount any directory within the filesystem. +this form allows the host(s) to mount at any point within the filesystem, +including regular files if the ``-r'' option is used on mountd. The pathnames must not have any symbolic links in them and should not have any "." or ".." components. Mount points for a filesystem may appear on multiple lines each with @@ -140,8 +143,7 @@ The .Fl kerb option specifies that the Kerberos authentication server should be used to authenticate and map client credentials. -(Note that this is NOT Sun NFS compatible and -is supported for TCP transport only.) +This requires that the kernel be built with the NFSKERB option. .Pp The .Fl ro diff --git a/usr.sbin/mountd/mountd.8 b/usr.sbin/mountd/mountd.8 index 78f95b5..7168c17 100644 --- a/usr.sbin/mountd/mountd.8 +++ b/usr.sbin/mountd/mountd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" From: @(#)mountd.8 8.1 (Berkeley) 6/9/93 -.\" $Id: mountd.8,v 1.2 1994/09/22 22:16:49 wollman Exp $ +.\" $Id: mountd.8,v 1.3 1995/02/22 21:42:48 ats Exp $ .\" .Dd September 22, 1994 .Dt MOUNTD 8 @@ -42,7 +42,7 @@ mount requests .Sh SYNOPSIS .Nm /sbin/mountd -.Op Fl n +.Op Fl nr .Op Ar exportsfile .Sh DESCRIPTION .Xr Mountd @@ -54,7 +54,9 @@ listens for service requests at the port indicated in the .Tn NFS server specification; see .%T "Network File System Protocol Specification" , -RFC1094. +RFC1094, Appendix A and +.%T "NFS: Network File System Version 3 Protocol Specification" , +Appendix I. .Pp Options and operands available for .Nm mountd : @@ -65,6 +67,15 @@ The option allows non-root mount requests to be served. This should only be specified if there are clients such as PC's, that require it. +.It Fl r +The +.Fl r +option allows mount RPCs requests for regular files to be served. +Although this seems to violate the mount protocol specification, some diskless +workstations do mount requests for their swapfiles and expect them to be +regular files. Since a regular file cannot be specified in /etc/exports, the +entire file system that the swapfiles reside in will have to be exported with +the ``-alldirs'' flag. .It Ar exportsfile The .Ar exportsfile diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 4434244..0887c59 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -43,7 +43,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "From: @(#)mountd.c 8.8 (Berkeley) 2/20/94";*/ static const char rcsid[] = - "$Id: mountd.c,v 1.7.2.1 1995/06/08 04:34:11 davidg Exp $"; + "$Id: mountd.c,v 1.8 1995/06/11 19:30:46 rgrimes Exp $"; #endif /*not lint*/ #include <sys/param.h> @@ -62,7 +62,7 @@ static const char rcsid[] = #include <netiso/iso.h> #endif #include <nfs/rpcv2.h> -#include <nfs/nfsv2.h> +#include <nfs/nfsproto.h> #include <arpa/inet.h> @@ -100,6 +100,8 @@ struct dirlist { }; /* dp_flag bits */ #define DP_DEFSET 0x1 +#define DP_HOSTSET 0x2 +#define DP_KERB 0x4 struct exportlist { struct exportlist *ex_next; @@ -139,22 +141,29 @@ struct grouplist { #define GT_IGNORE 0x5 struct hostlist { + int ht_flag; /* Uses DP_xx bits */ struct grouplist *ht_grp; struct hostlist *ht_next; }; +struct fhreturn { + int fhr_flag; + int fhr_vers; + nfsfh_t fhr_fh; +}; + /* Global defs */ char *add_expdir __P((struct dirlist **, char *, int)); void add_dlist __P((struct dirlist **, struct dirlist *, - struct grouplist *)); + struct grouplist *, int)); void add_mlist __P((char *, char *)); int check_dirpath __P((char *)); int check_options __P((struct dirlist *)); -int chk_host __P((struct dirlist *, u_long, int *)); +int chk_host __P((struct dirlist *, u_long, int *, int *)); void del_mlist __P((char *, char *)); struct dirlist *dirp_search __P((struct dirlist *, char *)); int do_mount __P((struct exportlist *, struct grouplist *, int, - struct ucred *, char *, int, struct statfs *)); + struct ucred *, char *, int, struct statfs *)); int do_opt __P((char **, char **, struct exportlist *, struct grouplist *, int *, int *, struct ucred *)); struct exportlist *ex_search __P((fsid_t *)); @@ -165,6 +174,7 @@ void free_grp __P((struct grouplist *)); void free_host __P((struct hostlist *)); void get_exportlist __P((void)); int get_host __P((char *, struct grouplist *, struct grouplist *)); +int get_num __P((char *)); struct hostlist *get_ht __P((void)); int get_line __P((void)); void get_mountlist __P((void)); @@ -183,7 +193,7 @@ void send_umntall __P((void)); int umntall_each __P((caddr_t, struct sockaddr_in *)); int xdr_dir __P((XDR *, char *)); int xdr_explist __P((XDR *, caddr_t)); -int xdr_fhs __P((XDR *, nfsv2fh_t *)); +int xdr_fhs __P((XDR *, caddr_t)); int xdr_mlist __P((XDR *, caddr_t)); /* C library */ @@ -205,7 +215,8 @@ struct ucred def_anon = { 1, { (gid_t) -2 } }; -int root_only = 1; +int resvport_only = 1; +int dir_only = 1; int opt_flags; /* Bits for above */ #define OP_MAPROOT 0x01 @@ -238,6 +249,7 @@ main(argc, argv) { SVCXPRT *udptransp, *tcptransp; int c; +#ifdef __FreeBSD__ struct vfsconf *vfc; vfc = getvfsbyname("nfs"); @@ -250,17 +262,21 @@ main(argc, argv) if(!vfc) { errx(1, "NFS support is not available in the running kernel"); } +#endif /* __FreeBSD__ */ - while ((c = getopt(argc, argv, "dn")) != EOF) + while ((c = getopt(argc, argv, "dnr")) != EOF) switch (c) { + case 'n': + resvport_only = 0; + break; + case 'r': + dir_only = 0; + break; case 'd': debug = debug ? 0 : 1; break; - case 'n': - root_only = 0; - break; default: - fprintf(stderr, "Usage: mountd [-n] [export_file]\n"); + fprintf(stderr, "Usage: mountd [-r] [-n] [export_file]\n"); exit(1); }; argc -= optind; @@ -300,11 +316,12 @@ main(argc, argv) syslog(LOG_ERR, "Can't create socket"); exit(1); } - pmap_unset(RPCPROG_MNT, RPCMNT_VER1); - if (!svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, - IPPROTO_UDP) || - !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, - IPPROTO_TCP)) { + pmap_unset(RPCPROG_MNT, 1); + pmap_unset(RPCPROG_MNT, 3); + if (!svc_register(udptransp, RPCPROG_MNT, 1, mntsrv, IPPROTO_UDP) || + !svc_register(udptransp, RPCPROG_MNT, 3, mntsrv, IPPROTO_UDP) || + !svc_register(tcptransp, RPCPROG_MNT, 1, mntsrv, IPPROTO_TCP) || + !svc_register(tcptransp, RPCPROG_MNT, 3, mntsrv, IPPROTO_TCP)) { syslog(LOG_ERR, "Can't register mount"); exit(1); } @@ -323,28 +340,21 @@ mntsrv(rqstp, transp) { struct exportlist *ep; struct dirlist *dp; - nfsv2fh_t nfh; + struct fhreturn fhr; struct authunix_parms *ucr; struct stat stb; struct statfs fsb; struct hostent *hp; u_long saddr; + u_short sport; char rpcpath[RPCMNT_PATHLEN+1], dirpath[MAXPATHLEN]; - int bad = ENOENT, omask, defset; - uid_t uid = -2; - - /* Get authorization */ - switch (rqstp->rq_cred.oa_flavor) { - case AUTH_UNIX: - ucr = (struct authunix_parms *)rqstp->rq_clntcred; - uid = ucr->aup_uid; - break; - case AUTH_NULL: - default: - break; - } + int bad = ENOENT, defset, hostset; + sigset_t sighup_mask; + sigemptyset(&sighup_mask); + sigaddset(&sighup_mask, SIGHUP); saddr = transp->xp_raddr.sin_addr.s_addr; + sport = ntohs(transp->xp_raddr.sin_port); hp = (struct hostent *)NULL; switch (rqstp->rq_proc) { case NULLPROC: @@ -352,7 +362,7 @@ mntsrv(rqstp, transp) syslog(LOG_ERR, "Can't send reply"); return; case RPCMNT_MOUNT: - if ((uid != 0 && root_only) || uid == -2) { + if (sport >= IPPORT_RESERVED && resvport_only) { svcerr_weakauth(transp); return; } @@ -363,11 +373,13 @@ mntsrv(rqstp, transp) /* * Get the real pathname and make sure it is a directory - * that exists. + * or a regular file if the -r option was specified + * and it exists. */ if (realpath(rpcpath, dirpath) == 0 || stat(dirpath, &stb) < 0 || - (stb.st_mode & S_IFMT) != S_IFDIR || + (!S_ISDIR(stb.st_mode) && + (dir_only || !S_ISREG(stb.st_mode))) || statfs(dirpath, &fsb) < 0) { chdir("/"); /* Just in case realpath doesn't */ if (debug) @@ -378,26 +390,31 @@ mntsrv(rqstp, transp) } /* Check in the exports list */ - omask = sigblock(sigmask(SIGHUP)); + sigprocmask(SIG_BLOCK, &sighup_mask, NULL); ep = ex_search(&fsb.f_fsid); - defset = 0; - if (ep && (chk_host(ep->ex_defdir, saddr, &defset) || + hostset = defset = 0; + if (ep && (chk_host(ep->ex_defdir, saddr, &defset, &hostset) || ((dp = dirp_search(ep->ex_dirl, dirpath)) && - chk_host(dp, saddr, &defset)) || + chk_host(dp, saddr, &defset, &hostset)) || (defset && scan_tree(ep->ex_defdir, saddr) == 0 && scan_tree(ep->ex_dirl, saddr) == 0))) { + if (hostset & DP_HOSTSET) + fhr.fhr_flag = hostset; + else + fhr.fhr_flag = defset; + fhr.fhr_vers = rqstp->rq_vers; /* Get the file handle */ - bzero((caddr_t)&nfh, sizeof(nfh)); - if (getfh(dirpath, (fhandle_t *)&nfh) < 0) { + bzero((caddr_t)&fhr.fhr_fh, sizeof(nfsfh_t)); + if (getfh(dirpath, (fhandle_t *)&fhr.fhr_fh) < 0) { bad = errno; syslog(LOG_ERR, "Can't get fh for %s", dirpath); if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) syslog(LOG_ERR, "Can't send reply"); - sigsetmask(omask); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); return; } - if (!svc_sendreply(transp, xdr_fhs, (caddr_t)&nfh)) + if (!svc_sendreply(transp, xdr_fhs, (caddr_t)&fhr)) syslog(LOG_ERR, "Can't send reply"); if (hp == NULL) hp = gethostbyaddr((caddr_t)&saddr, @@ -414,14 +431,14 @@ mntsrv(rqstp, transp) if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) syslog(LOG_ERR, "Can't send reply"); } - sigsetmask(omask); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); return; case RPCMNT_DUMP: if (!svc_sendreply(transp, xdr_mlist, (caddr_t)NULL)) syslog(LOG_ERR, "Can't send reply"); return; case RPCMNT_UMOUNT: - if ((uid != 0 && root_only) || uid == -2) { + if (sport >= IPPORT_RESERVED && resvport_only) { svcerr_weakauth(transp); return; } @@ -437,7 +454,7 @@ mntsrv(rqstp, transp) del_mlist(inet_ntoa(transp->xp_raddr.sin_addr), dirpath); return; case RPCMNT_UMNTALL: - if ((uid != 0 && root_only) || uid == -2) { + if (sport >= IPPORT_RESERVED && resvport_only) { svcerr_weakauth(transp); return; } @@ -470,18 +487,37 @@ xdr_dir(xdrsp, dirp) } /* - * Xdr routine to generate fhstatus + * Xdr routine to generate file handle reply */ int -xdr_fhs(xdrsp, nfh) +xdr_fhs(xdrsp, cp) XDR *xdrsp; - nfsv2fh_t *nfh; + caddr_t cp; { - u_long ok = 0; + register struct fhreturn *fhrp = (struct fhreturn *)cp; + u_long ok = 0, len, auth; if (!xdr_long(xdrsp, &ok)) return (0); - return (xdr_opaque(xdrsp, (caddr_t)nfh, NFSX_FH)); + switch (fhrp->fhr_vers) { + case 1: + return (xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, NFSX_V2FH)); + case 3: + len = NFSX_V3FH; + if (!xdr_long(xdrsp, &len)) + return (0); + if (!xdr_opaque(xdrsp, (caddr_t)&fhrp->fhr_fh, len)) + return (0); + if (fhrp->fhr_flag & DP_KERB) + auth = RPCAUTH_KERB4; + else + auth = RPCAUTH_UNIX; + len = 1; + if (!xdr_long(xdrsp, &len)) + return (0); + return (xdr_long(xdrsp, &auth)); + }; + return (0); } int @@ -521,9 +557,12 @@ xdr_explist(xdrsp, cp) { struct exportlist *ep; int false = 0; - int omask, putdef; + int putdef; + sigset_t sighup_mask; - omask = sigblock(sigmask(SIGHUP)); + sigemptyset(&sighup_mask); + sigaddset(&sighup_mask, SIGHUP); + sigprocmask(SIG_BLOCK, &sighup_mask, NULL); ep = exphead; while (ep) { putdef = 0; @@ -535,12 +574,12 @@ xdr_explist(xdrsp, cp) goto errout; ep = ep->ex_next; } - sigsetmask(omask); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); if (!xdr_bool(xdrsp, &false)) return (0); return (1); errout: - sigsetmask(omask); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); return (0); } @@ -660,6 +699,18 @@ get_exportlist() struct ufs_args ua; struct iso_args ia; struct mfs_args ma; +#ifdef __NetBSD__ + struct msdosfs_args da; + } targs; + + if (!strcmp(fsp->f_fstypename, MOUNT_MFS) || + !strcmp(fsp->f_fstypename, MOUNT_UFS) || + !strcmp(fsp->f_fstypename, MOUNT_MSDOS) || + !strcmp(fsp->f_fstypename, MOUNT_CD9660)) { + targs.ua.fspec = NULL; + targs.ua.export.ex_flags = MNT_DELEXPORT; + if (mount(fsp->f_fstypename, fsp->f_mntonname, +#else } targs; switch (fsp->f_type) { @@ -670,6 +721,7 @@ get_exportlist() targs.ua.fspec = NULL; targs.ua.export.ex_flags = MNT_DELEXPORT; if (mount(fsp->f_type, fsp->f_mntonname, +#endif fsp->f_flags | MNT_UPDATE, (caddr_t)&targs) < 0) syslog(LOG_ERR, "Can't delete exports for %s", @@ -805,6 +857,7 @@ get_exportlist() if (get_host(hst, grp, tgrp)) { syslog(LOG_ERR, "Bad netgroup %s", cp); getexp_err(ep, tgrp); + endnetgrent(); goto nextline; } } else if (get_host(cp, grp, tgrp)) { @@ -865,12 +918,12 @@ get_exportlist() * Success. Update the data structures. */ if (has_host) { - hang_dirp(dirhead, tgrp, ep, (opt_flags & OP_ALLDIRS)); + hang_dirp(dirhead, tgrp, ep, opt_flags); grp->gr_next = grphead; grphead = tgrp; } else { hang_dirp(dirhead, (struct grouplist *)NULL, ep, - (opt_flags & OP_ALLDIRS)); + opt_flags); free_grp(grp); } dirhead = (struct dirlist *)NULL; @@ -994,24 +1047,28 @@ add_expdir(dpp, cp, len) * and update the entry for host. */ void -hang_dirp(dp, grp, ep, alldirs) +hang_dirp(dp, grp, ep, flags) struct dirlist *dp; struct grouplist *grp; struct exportlist *ep; - int alldirs; + int flags; { struct hostlist *hp; struct dirlist *dp2; - if (alldirs) { + if (flags & OP_ALLDIRS) { if (ep->ex_defdir) free((caddr_t)dp); else ep->ex_defdir = dp; - if (grp == (struct grouplist *)NULL) + if (grp == (struct grouplist *)NULL) { ep->ex_defdir->dp_flag |= DP_DEFSET; - else while (grp) { + if (flags & OP_KERB) + ep->ex_defdir->dp_flag |= DP_KERB; + } else while (grp) { hp = get_ht(); + if (flags & OP_KERB) + hp->ht_flag |= DP_KERB; hp->ht_grp = grp; hp->ht_next = ep->ex_defdir->dp_hosts; ep->ex_defdir->dp_hosts = hp; @@ -1024,7 +1081,7 @@ hang_dirp(dp, grp, ep, alldirs) */ while (dp) { dp2 = dp->dp_left; - add_dlist(&ep->ex_dirl, dp, grp); + add_dlist(&ep->ex_dirl, dp, grp, flags); dp = dp2; } } @@ -1035,10 +1092,11 @@ hang_dirp(dp, grp, ep, alldirs) * for the new directory or adding the new node. */ void -add_dlist(dpp, newdp, grp) +add_dlist(dpp, newdp, grp, flags) struct dirlist **dpp; struct dirlist *newdp; struct grouplist *grp; + int flags; { struct dirlist *dp; struct hostlist *hp; @@ -1048,10 +1106,10 @@ add_dlist(dpp, newdp, grp) if (dp) { cmp = strcmp(dp->dp_dirp, newdp->dp_dirp); if (cmp > 0) { - add_dlist(&dp->dp_left, newdp, grp); + add_dlist(&dp->dp_left, newdp, grp, flags); return; } else if (cmp < 0) { - add_dlist(&dp->dp_right, newdp, grp); + add_dlist(&dp->dp_right, newdp, grp, flags); return; } else free((caddr_t)newdp); @@ -1067,13 +1125,18 @@ add_dlist(dpp, newdp, grp) */ do { hp = get_ht(); + if (flags & OP_KERB) + hp->ht_flag |= DP_KERB; hp->ht_grp = grp; hp->ht_next = dp->dp_hosts; dp->dp_hosts = hp; grp = grp->gr_next; } while (grp); - } else + } else { dp->dp_flag |= DP_DEFSET; + if (flags & OP_KERB) + dp->dp_flag |= DP_KERB; + } } /* @@ -1102,10 +1165,11 @@ dirp_search(dp, dirpath) * Scan for a host match in a directory tree. */ int -chk_host(dp, saddr, defsetp) +chk_host(dp, saddr, defsetp, hostsetp) struct dirlist *dp; u_long saddr; int *defsetp; + int *hostsetp; { struct hostlist *hp; struct grouplist *grp; @@ -1113,7 +1177,7 @@ chk_host(dp, saddr, defsetp) if (dp) { if (dp->dp_flag & DP_DEFSET) - *defsetp = 1; + *defsetp = dp->dp_flag; hp = dp->dp_hosts; while (hp) { grp = hp->ht_grp; @@ -1122,15 +1186,19 @@ chk_host(dp, saddr, defsetp) addrp = (u_long **) grp->gr_ptr.gt_hostent->h_addr_list; while (*addrp) { - if (**addrp == saddr) + if (**addrp == saddr) { + *hostsetp = (hp->ht_flag | DP_HOSTSET); return (1); + } addrp++; } break; case GT_NET: if ((saddr & grp->gr_ptr.gt_net.nt_mask) == - grp->gr_ptr.gt_net.nt_net) + grp->gr_ptr.gt_net.nt_net) { + *hostsetp = (hp->ht_flag | DP_HOSTSET); return (1); + } break; }; hp = hp->ht_next; @@ -1147,12 +1215,12 @@ scan_tree(dp, saddr) struct dirlist *dp; u_long saddr; { - int defset; + int defset, hostset; if (dp) { if (scan_tree(dp->dp_left, saddr)) return (1); - if (chk_host(dp, saddr, &defset)) + if (chk_host(dp, saddr, &defset, &hostset)) return (1); if (scan_tree(dp->dp_right, saddr)) return (1); @@ -1312,7 +1380,7 @@ get_host(cp, grp, tgrp) if (isdigit(*cp)) { saddr = inet_addr(cp); if (saddr == -1) { - syslog(LOG_ERR, "Inet_addr failed"); + syslog(LOG_ERR, "Inet_addr failed for %s", cp); return (1); } if ((hp = gethostbyaddr((caddr_t)&saddr, sizeof (saddr), @@ -1326,7 +1394,7 @@ get_host(cp, grp, tgrp) aptr[1] = (char *)NULL; } } else { - syslog(LOG_ERR, "Gethostbyname failed"); + syslog(LOG_ERR, "Gethostbyname failed for %s", cp); return (1); } } @@ -1424,6 +1492,7 @@ get_ht() if (hp == (struct hostlist *)NULL) out_of_mem(); hp->ht_next = (struct hostlist *)NULL; + hp->ht_flag = 0; return (hp); } @@ -1494,6 +1563,9 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) struct ufs_args ua; struct iso_args ia; struct mfs_args ma; +#ifdef __NetBSD__ + struct msdosfs_args da; +#endif } args; u_long net; @@ -1569,7 +1641,11 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) * Also, needs to know how to export all types of local * exportable file systems and not just MOUNT_UFS. */ +#ifdef __NetBSD__ + while (mount(fsb->f_fstypename, dirp, +#else while (mount(fsb->f_type, dirp, +#endif fsb->f_flags | MNT_UPDATE, (caddr_t)&args) < 0) { if (cp) *cp-- = savedc; @@ -2033,15 +2109,30 @@ check_dirpath(dirp) while (*cp && ret) { if (*cp == '/') { *cp = '\0'; - if (lstat(dirp, &sb) < 0 || - (sb.st_mode & S_IFMT) != S_IFDIR) + if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode)) ret = 0; *cp = '/'; } cp++; } - if (lstat(dirp, &sb) < 0 || - (sb.st_mode & S_IFMT) != S_IFDIR) + if (lstat(dirp, &sb) < 0 || !S_ISDIR(sb.st_mode)) ret = 0; return (ret); } + +/* + * Just translate an ascii string to an integer. + */ +int +get_num(cp) + register char *cp; +{ + register int res = 0; + + while (*cp) { + if (*cp < '0' || *cp > '9') + return (-1); + res = res * 10 + (*cp++ - '0'); + } + return (res); +} diff --git a/usr.sbin/nfsd/nfsd.8 b/usr.sbin/nfsd/nfsd.8 index a54a564..24573d9 100644 --- a/usr.sbin/nfsd/nfsd.8 +++ b/usr.sbin/nfsd/nfsd.8 @@ -98,7 +98,8 @@ listens for service requests at the port indicated in the .Tn NFS server specification; see .%T "Network File System Protocol Specification" , -RFC1094. +RFC1094 and +.%T "NFS: Network File System Version 3 Protocol Specification" . .Pp If .Nm nfsd diff --git a/usr.sbin/nfsd/nfsd.c b/usr.sbin/nfsd/nfsd.c index 9d4d226..8c8731d 100644 --- a/usr.sbin/nfsd/nfsd.c +++ b/usr.sbin/nfsd/nfsd.c @@ -63,10 +63,10 @@ static char sccsid[] = "@(#)nfsd.c 8.7 (Berkeley) 2/22/94"; #include <netiso/iso.h> #endif #include <nfs/rpcv2.h> -#include <nfs/nfsv2.h> +#include <nfs/nfsproto.h> #include <nfs/nfs.h> -#ifdef KERBEROS +#ifdef NFSKERB #include <kerberosIV/des.h> #include <kerberosIV/krb.h> #endif @@ -94,16 +94,23 @@ struct nfsd_srvargs nsd; char **Argv = NULL; /* pointer to argument vector */ char *LastArg = NULL; /* end of argv */ -#ifdef KERBEROS +#ifdef NFSKERB char lnam[ANAME_SZ]; KTEXT_ST kt; -AUTH_DAT auth; +AUTH_DAT kauth; char inst[INST_SZ]; +struct nfsrpc_fullblock kin, kout; +struct nfsrpc_fullverf kverf; +NFSKERBKEY_T kivec; +struct timeval ktv; +NFSKERBKEYSCHED_T kerb_keysched; #endif void nonfs __P((int)); void reapchild __P((int)); +#ifdef __FreeBSD__ void setproctitle __P((char *)); +#endif void usage __P((void)); /* @@ -139,11 +146,13 @@ main(argc, argv, envp) #ifdef ISO struct sockaddr_iso isoaddr, isopeer; #endif + struct timeval ktv; fd_set ready, sockbits; int ch, cltpflag, connect_type_cnt, i, len, maxsock, msgsock; int nfsdcnt, nfssvc_flag, on, reregister, sock, tcpflag, tcpsock; int tp4cnt, tp4flag, tp4sock, tpipcnt, tpipflag, tpipsock, udpflag; char *cp, **cpp; +#ifdef __FreeBSD__ struct vfsconf *vfc; vfc = getvfsbyname("nfs"); @@ -156,6 +165,7 @@ main(argc, argv, envp) if(!vfc) { errx(1, "NFS is not available in the running kernel"); } +#endif /* Save start and extent of argv for setproctitle. */ Argv = argv; @@ -241,10 +251,12 @@ main(argc, argv, envp) if (reregister) { if (udpflag && - !pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_UDP, NFS_PORT)) + (!pmap_set(RPCPROG_NFS, 2, IPPROTO_UDP, NFS_PORT) || + !pmap_set(RPCPROG_NFS, 3, IPPROTO_UDP, NFS_PORT))) err(1, "can't register with portmap for UDP."); if (tcpflag && - !pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_TCP, NFS_PORT)) + (!pmap_set(RPCPROG_NFS, 2, IPPROTO_TCP, NFS_PORT) || + !pmap_set(RPCPROG_NFS, 3, IPPROTO_TCP, NFS_PORT))) err(1, "can't register with portmap for TCP."); exit(0); } @@ -261,11 +273,17 @@ main(argc, argv, envp) continue; } - setproctitle("nfsd-srv"); + setproctitle("server"); nfssvc_flag = NFSSVC_NFSD; nsd.nsd_nfsd = NULL; -#ifdef KERBEROS - nsd.nsd_authstr = (char *)kt.dat; +#ifdef NFSKERB + if (sizeof (struct nfsrpc_fullverf) != RPCX_FULLVERF || + sizeof (struct nfsrpc_fullblock) != RPCX_FULLBLOCK) + syslog(LOG_ERR, "Yikes NFSKERB structs not packed!"); + nsd.nsd_authstr = (u_char *)&kt; + nsd.nsd_authlen = sizeof (kt); + nsd.nsd_verfstr = (u_char *)&kverf; + nsd.nsd_verflen = sizeof (kverf); #endif while (nfssvc(nfssvc_flag, &nsd) < 0) { if (errno != ENEEDAUTH) { @@ -273,14 +291,27 @@ main(argc, argv, envp) exit(1); } nfssvc_flag = NFSSVC_NFSD | NFSSVC_AUTHINFAIL; -#ifdef KERBEROS - kt.length = nsd.nsd_authlen; - kt.mbz = 0; - (void)strcpy(inst, "*"); - if (krb_rd_req(&kt, "rcmd", - inst, nsd.nsd_haddr, &auth, "") == RD_AP_OK && - krb_kntoln(&auth, lnam) == KSUCCESS && - (pwd = getpwnam(lnam)) != NULL) { +#ifdef NFSKERB + /* + * Get the Kerberos ticket out of the authenticator + * verify it and convert the principal name to a user + * name. The user name is then converted to a set of + * user credentials via the password and group file. + * Finally, decrypt the timestamp and validate it. + * For more info see the IETF Draft "Authentication + * in ONC RPC". + */ + kt.length = ntohl(kt.length); + if (gettimeofday(&ktv, (struct timezone *)0) == 0 && + kt.length > 0 && kt.length <= + (RPCAUTH_MAXSIZ - 3 * NFSX_UNSIGNED)) { + kin.w1 = NFS_KERBW1(kt); + kt.mbz = 0; + (void)strcpy(inst, "*"); + if (krb_rd_req(&kt, NFS_KERBSRV, + inst, nsd.nsd_haddr, &kauth, "") == RD_AP_OK && + krb_kntoln(&kauth, lnam) == KSUCCESS && + (pwd = getpwnam(lnam)) != NULL) { cr = &nsd.nsd_cr; cr->cr_uid = pwd->pw_uid; cr->cr_groups[0] = pwd->pw_gid; @@ -301,9 +332,34 @@ main(argc, argv, envp) break; } endgrent(); - nfssvc_flag = NFSSVC_NFSD | NFSSVC_AUTHIN; + + /* + * Get the timestamp verifier out of the + * authenticator and verifier strings. + */ + kin.t1 = kverf.t1; + kin.t2 = kverf.t2; + kin.w2 = kverf.w2; + bzero((caddr_t)kivec, sizeof (kivec)); + bcopy((caddr_t)kauth.session, + (caddr_t)nsd.nsd_key,sizeof(kauth.session)); + + /* + * Decrypt the timestamp verifier in CBC mode. + */ + XXX + + /* + * Validate the timestamp verifier, to + * check that the session key is ok. + */ + nsd.nsd_timestamp.tv_sec = ntohl(kout.t1); + nsd.nsd_timestamp.tv_usec = ntohl(kout.t2); + nsd.nsd_ttl = ntohl(kout.w1); + if ((nsd.nsd_ttl - 1) == ntohl(kout.w2)) + nfssvc_flag = NFSSVC_NFSD | NFSSVC_AUTHIN; } -#endif /* KERBEROS */ +#endif /* NFSKERB */ } exit(0); } @@ -323,7 +379,8 @@ main(argc, argv, envp) syslog(LOG_ERR, "can't bind udp addr"); exit(1); } - if (!pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_UDP, NFS_PORT)) { + if (!pmap_set(RPCPROG_NFS, 2, IPPROTO_UDP, NFS_PORT) || + !pmap_set(RPCPROG_NFS, 3, IPPROTO_UDP, NFS_PORT)) { syslog(LOG_ERR, "can't register with udp portmap"); exit(1); } @@ -403,7 +460,8 @@ main(argc, argv, envp) syslog(LOG_ERR, "listen failed"); exit(1); } - if (!pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_TCP, NFS_PORT)) { + if (!pmap_set(RPCPROG_NFS, 2, IPPROTO_TCP, NFS_PORT) || + !pmap_set(RPCPROG_NFS, 3, IPPROTO_TCP, NFS_PORT)) { syslog(LOG_ERR, "can't register tcp with portmap"); exit(1); } @@ -492,7 +550,7 @@ main(argc, argv, envp) if (connect_type_cnt == 0) exit(0); - setproctitle("nfsd-master"); + setproctitle("master"); /* * Loop forever accepting connections and passing the sockets @@ -566,7 +624,7 @@ main(argc, argv, envp) void usage() { - (void)fprintf(stderr, "nfsd %s\n", USAGE); + (void)fprintf(stderr, "usage: nfsd %s\n", USAGE); exit(1); } @@ -582,9 +640,10 @@ reapchild(signo) int signo; { - while (wait3(NULL, WNOHANG, NULL)); + while (wait3(NULL, WNOHANG, NULL) > 0); } +#ifdef __FreeBSD__ void setproctitle(a) char *a; @@ -593,9 +652,10 @@ setproctitle(a) char buf[80]; cp = Argv[0]; - (void)snprintf(buf, sizeof(buf), "%s", a); + (void)snprintf(buf, sizeof(buf), "nfsd-%s", a); (void)strncpy(cp, buf, LastArg - cp); cp += strlen(cp); while (cp < LastArg) *cp++ = '\0'; } +#endif /* __FreeBSD__ */ diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c index 736c96dd..3693557 100644 --- a/usr.sbin/pstat/pstat.c +++ b/usr.sbin/pstat/pstat.c @@ -54,6 +54,8 @@ static char sccsid[] = "@(#)pstat.c 8.9 (Berkeley) 2/16/94"; #undef NFS #undef KERNEL #include <sys/stat.h> +#include <nfs/rpcv2.h> +#include <nfs/nfsproto.h> #include <nfs/nfsnode.h> #include <sys/ioctl.h> #include <sys/ioctl_compat.h> /* XXX NTTYDISC is too well hidden */ |