summaryrefslogtreecommitdiff
path: root/usr.sbin/mountd
diff options
context:
space:
mode:
authorMatteo Riondato <matteo@FreeBSD.org>2007-10-20 11:25:34 +0000
committerMatteo Riondato <matteo@FreeBSD.org>2007-10-20 11:25:34 +0000
commitd11e36457b60efdaa3155b4dd72347f907da28e7 (patch)
treea5834293bb90b0a3a9ef455f6b320312137a21df /usr.sbin/mountd
parent51662691fd769697eb0d9298bc5d34914de94696 (diff)
downloadsrc-test2-d11e36457b60efdaa3155b4dd72347f907da28e7.tar.gz
src-test2-d11e36457b60efdaa3155b4dd72347f907da28e7.zip
Notes
Diffstat (limited to 'usr.sbin/mountd')
-rw-r--r--usr.sbin/mountd/mountd.820
-rw-r--r--usr.sbin/mountd/mountd.c480
2 files changed, 340 insertions, 160 deletions
diff --git a/usr.sbin/mountd/mountd.8 b/usr.sbin/mountd/mountd.8
index c6d8d1497998..4f1d61481b1b 100644
--- a/usr.sbin/mountd/mountd.8
+++ b/usr.sbin/mountd/mountd.8
@@ -28,7 +28,7 @@
.\" @(#)mountd.8 8.4 (Berkeley) 4/28/95
.\" $FreeBSD$
.\"
-.Dd February 3, 2007
+.Dd October 20, 2007
.Dt MOUNTD 8
.Os
.Sh NAME
@@ -39,6 +39,7 @@ mount requests
.Sh SYNOPSIS
.Nm
.Op Fl 2dlnr
+.Op Fl h Ar bindip
.Op Fl p Ar port
.Op Ar exportsfile ...
.Sh DESCRIPTION
@@ -67,6 +68,23 @@ Output debugging information.
.Nm
will not detach from the controlling terminal and will print
debugging messages to stderr.
+.It Fl h Ar bindip
+Specify specific IP addresses to bind to for TCP and UDP requests.
+This option may be specified multiple times.
+If no
+.Fl h
+option is specified,
+.Nm
+will bind to
+.Dv INADDR_ANY .
+Note that when specifying IP addresses with
+.Fl h ,
+.Nm
+will automatically add
+.Li 127.0.0.1
+and if IPv6 is enabled,
+.Li ::1
+to the list.
.It Fl l
Cause all succeeded
.Nm
diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c
index f7cb72698f92..01b332952202 100644
--- a/usr.sbin/mountd/mountd.c
+++ b/usr.sbin/mountd/mountd.c
@@ -161,6 +161,7 @@ int check_dirpath(char *);
int check_options(struct dirlist *);
int checkmask(struct sockaddr *sa);
int chk_host(struct dirlist *, struct sockaddr *, int *, int *);
+void create_service(struct netconfig *nconf);
void del_mlist(char *hostp, char *dirp);
struct dirlist *dirp_search(struct dirlist *, char *);
int do_mount(struct exportlist *, struct grouplist *, int,
@@ -207,6 +208,7 @@ struct mountlist *mlhead;
struct grouplist *grphead;
char *exnames_default[2] = { _PATH_EXPORTS, NULL };
char **exnames;
+char **hosts = NULL;
struct xucred def_anon = {
XUCRED_VERSION,
(uid_t)-2,
@@ -216,9 +218,13 @@ struct xucred def_anon = {
};
int force_v2 = 0;
int resvport_only = 1;
+int nhosts = 0;
int dir_only = 1;
int dolog = 0;
int got_sighup = 0;
+int xcreated = 0;
+
+char *svcport_str = NULL;
int opt_flags;
static int have_v6 = 1;
@@ -256,21 +262,13 @@ main(argc, argv)
char **argv;
{
fd_set readfds;
- struct sockaddr_in sin;
- struct sockaddr_in6 sin6;
- char *endptr;
- SVCXPRT *udptransp, *tcptransp, *udp6transp, *tcp6transp;
- struct netconfig *udpconf, *tcpconf, *udp6conf, *tcp6conf;
+ struct netconfig *nconf;
+ char *endptr, **hosts_bak;
+ void *nc_handle;
pid_t otherpid;
- int udpsock, tcpsock, udp6sock, tcp6sock;
- int xcreated = 0, s;
+ in_port_t svcport;
+ int c, k, s;
int maxrec = RPC_MAXDATASIZE;
- int one = 1;
- int c, r;
- in_port_t svcport = 0;
-
- udp6conf = tcp6conf = NULL;
- udp6sock = tcp6sock = 0;
/* Check that another mountd isn't already running. */
pfh = pidfile_open(_PATH_MOUNTDPID, 0600, &otherpid);
@@ -291,7 +289,7 @@ main(argc, argv)
errx(1, "NFS server is not available or loadable");
}
- while ((c = getopt(argc, argv, "2dlnp:r")) != -1)
+ while ((c = getopt(argc, argv, "2dh:lnp:r")) != -1)
switch (c) {
case '2':
force_v2 = 1;
@@ -314,6 +312,28 @@ main(argc, argv)
if (endptr == NULL || *endptr != '\0' ||
svcport == 0 || svcport >= IPPORT_MAX)
usage();
+ svcport_str = strdup(optarg);
+ break;
+ case 'h':
+ ++nhosts;
+ hosts_bak = hosts;
+ hosts_bak = realloc(hosts, nhosts * sizeof(char *));
+ if (hosts_bak == NULL) {
+ if (hosts != NULL) {
+ for (k = 0; k < nhosts; k++)
+ free(hosts[k]);
+ free(hosts);
+ out_of_mem();
+ }
+ }
+ hosts = hosts_bak;
+ hosts[nhosts - 1] = strdup(optarg);
+ if (hosts[nhosts - 1] == NULL) {
+ for (k = 0; k < (nhosts - 1); k++)
+ free(hosts[k]);
+ free(hosts);
+ out_of_mem();
+ }
break;
default:
usage();
@@ -349,36 +369,8 @@ main(argc, argv)
rpcb_unset(RPCPROG_MNT, RPCMNT_VER1, NULL);
rpcb_unset(RPCPROG_MNT, RPCMNT_VER3, NULL);
- udpsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- tcpsock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- udpconf = getnetconfigent("udp");
- tcpconf = getnetconfigent("tcp");
-
rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec);
- if (!have_v6)
- goto skip_v6;
- udp6sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
- tcp6sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
- /*
- * We're doing host-based access checks here, so don't allow
- * v4-in-v6 to confuse things. The kernel will disable it
- * by default on NFS sockets too.
- */
- if (udp6sock != -1 && setsockopt(udp6sock, IPPROTO_IPV6,
- IPV6_V6ONLY, &one, sizeof one) < 0) {
- syslog(LOG_ERR, "can't disable v4-in-v6 on UDP socket");
- exit(1);
- }
- if (tcp6sock != -1 && setsockopt(tcp6sock, IPPROTO_IPV6,
- IPV6_V6ONLY, &one, sizeof one) < 0) {
- syslog(LOG_ERR, "can't disable v4-in-v6 on TCP socket");
- exit(1);
- }
- udp6conf = getnetconfigent("udp6");
- tcp6conf = getnetconfigent("tcp6");
-
-skip_v6:
if (!resvport_only) {
if (sysctlbyname("vfs.nfsrv.nfs_privport", NULL, NULL,
&resvport_only, sizeof(resvport_only)) != 0 &&
@@ -387,129 +379,60 @@ skip_v6:
exit(1);
}
}
- if (svcport != 0) {
- bzero(&sin, sizeof(struct sockaddr_in));
- sin.sin_len = sizeof(struct sockaddr_in);
- sin.sin_family = AF_INET;
- sin.sin_port = htons(svcport);
-
- bzero(&sin6, sizeof(struct sockaddr_in6));
- sin6.sin6_len = sizeof(struct sockaddr_in6);
- sin6.sin6_family = AF_INET6;
- sin6.sin6_port = htons(svcport);
- }
- if (udpsock != -1 && udpconf != NULL) {
- if (svcport != 0) {
- r = bindresvport(udpsock, &sin);
- if (r != 0) {
- syslog(LOG_ERR, "bindresvport: %m");
- exit(1);
- }
- } else
- (void)bindresvport(udpsock, NULL);
- udptransp = svc_dg_create(udpsock, 0, 0);
- if (udptransp != NULL) {
- if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER1,
- mntsrv, udpconf))
- syslog(LOG_WARNING, "can't register UDP RPCMNT_VER1 service");
- else
- xcreated++;
- if (!force_v2) {
- if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER3,
- mntsrv, udpconf))
- syslog(LOG_WARNING, "can't register UDP RPCMNT_VER3 service");
- else
- xcreated++;
- }
- } else
- syslog(LOG_WARNING, "can't create UDP services");
- }
- if (tcpsock != -1 && tcpconf != NULL) {
- if (svcport != 0) {
- r = bindresvport(tcpsock, &sin);
- if (r != 0) {
- syslog(LOG_ERR, "bindresvport: %m");
- exit(1);
- }
- } else
- (void)bindresvport(tcpsock, NULL);
- listen(tcpsock, SOMAXCONN);
- tcptransp = svc_vc_create(tcpsock, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
- if (tcptransp != NULL) {
- if (!svc_reg(tcptransp, RPCPROG_MNT, RPCMNT_VER1,
- mntsrv, tcpconf))
- syslog(LOG_WARNING, "can't register TCP RPCMNT_VER1 service");
- else
- xcreated++;
- if (!force_v2) {
- if (!svc_reg(tcptransp, RPCPROG_MNT, RPCMNT_VER3,
- mntsrv, tcpconf))
- syslog(LOG_WARNING, "can't register TCP RPCMNT_VER3 service");
- else
- xcreated++;
+ /*
+ * If no hosts were specified, add a wildcard entry to bind to
+ * INADDR_ANY. Otherwise make sure 127.0.0.1 and ::1 are added to the
+ * list.
+ */
+ if (nhosts == 0) {
+ hosts = malloc(sizeof(char**));
+ if (hosts == NULL)
+ out_of_mem();
+ hosts[0] = "*";
+ nhosts = 1;
+ } else {
+ hosts_bak = hosts;
+ if (have_v6) {
+ hosts_bak = realloc(hosts, (nhosts + 2) *
+ sizeof(char *));
+ if (hosts_bak == NULL) {
+ for (k = 0; k < nhosts; k++)
+ free(hosts[k]);
+ free(hosts);
+ out_of_mem();
+ } else
+ hosts = hosts_bak;
+ nhosts += 2;
+ hosts[nhosts - 2] = "::1";
+ } else {
+ hosts_bak = realloc(hosts, (nhosts + 1) * sizeof(char *));
+ if (hosts_bak == NULL) {
+ for (k = 0; k < nhosts; k++)
+ free(hosts[k]);
+ free(hosts);
+ out_of_mem();
+ } else {
+ nhosts += 1;
+ hosts = hosts_bak;
}
- } else
- syslog(LOG_WARNING, "can't create TCP service");
+ }
+ hosts[nhosts - 1] = "127.0.0.1";
}
- if (have_v6 && udp6sock != -1 && udp6conf != NULL) {
- if (svcport != 0) {
- r = bindresvport_sa(udp6sock,
- (struct sockaddr *)&sin6);
- if (r != 0) {
- syslog(LOG_ERR, "bindresvport_sa: %m");
- exit(1);
- }
- } else
- (void)bindresvport_sa(udp6sock, NULL);
- udp6transp = svc_dg_create(udp6sock, 0, 0);
- if (udp6transp != NULL) {
- if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER1,
- mntsrv, udp6conf))
- syslog(LOG_WARNING, "can't register UDP6 RPCMNT_VER1 service");
- else
- xcreated++;
- if (!force_v2) {
- if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER3,
- mntsrv, udp6conf))
- syslog(LOG_WARNING, "can't register UDP6 RPCMNT_VER3 service");
- else
- xcreated++;
- }
- } else
- syslog(LOG_WARNING, "can't create UDP6 service");
+ nc_handle = setnetconfig();
+ while ((nconf = getnetconfig(nc_handle))) {
+ if (nconf->nc_flag & NC_VISIBLE) {
+ if (have_v6 == 0 && strcmp(nconf->nc_protofmly,
+ "inet6") == 0) {
+ /* DO NOTHING */
+ } else
+ create_service(nconf);
+ }
}
- if (have_v6 && tcp6sock != -1 && tcp6conf != NULL) {
- if (svcport != 0) {
- r = bindresvport_sa(tcp6sock,
- (struct sockaddr *)&sin6);
- if (r != 0) {
- syslog(LOG_ERR, "bindresvport_sa: %m");
- exit(1);
- }
- } else
- (void)bindresvport_sa(tcp6sock, NULL);
- listen(tcp6sock, SOMAXCONN);
- tcp6transp = svc_vc_create(tcp6sock, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
- if (tcp6transp != NULL) {
- if (!svc_reg(tcp6transp, RPCPROG_MNT, RPCMNT_VER1,
- mntsrv, tcp6conf))
- syslog(LOG_WARNING, "can't register TCP6 RPCMNT_VER1 service");
- else
- xcreated++;
- if (!force_v2) {
- if (!svc_reg(tcp6transp, RPCPROG_MNT, RPCMNT_VER3,
- mntsrv, tcp6conf))
- syslog(LOG_WARNING, "can't register TCP6 RPCMNT_VER3 service");
- else
- xcreated++;
- }
- } else
- syslog(LOG_WARNING, "can't create TCP6 service");
+ endnetconfig(nc_handle);
- }
if (xcreated == 0) {
syslog(LOG_ERR, "could not create any services");
exit(1);
@@ -534,6 +457,245 @@ skip_v6:
svc_getreqset(&readfds);
}
}
+}
+
+/*
+ * This routine creates and binds sockets on the appropriate
+ * addresses. It gets called one time for each transport and
+ * registrates the service with rpcbind on that trasport.
+ */
+void
+create_service(struct netconfig *nconf)
+{
+ struct addrinfo hints, *res = NULL;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+ struct __rpc_sockinfo si;
+ struct netbuf servaddr;
+ SVCXPRT *transp = NULL;
+ int aicode;
+ int fd;
+ int nhostsbak;
+ int one = 1;
+ int r;
+ int registered = 0;
+ u_int32_t host_addr[4]; /* IPv4 or IPv6 */
+
+ if ((nconf->nc_semantics != NC_TPI_CLTS) &&
+ (nconf->nc_semantics != NC_TPI_COTS) &&
+ (nconf->nc_semantics != NC_TPI_COTS_ORD))
+ return; /* not my type */
+
+ /*
+ * XXX - using RPC library internal functions.
+ */
+ if (!__rpc_nconf2sockinfo(nconf, &si)) {
+ syslog(LOG_ERR, "cannot get information for %s",
+ nconf->nc_netid);
+ return;
+ }
+
+ /* Get mountd's address on this transport */
+ memset(&hints, 0, sizeof hints);
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_family = si.si_af;
+ hints.ai_socktype = si.si_socktype;
+ hints.ai_protocol = si.si_proto;
+
+ /*
+ * Bind to specific IPs if asked to
+ */
+ nhostsbak = nhosts;
+ while (nhostsbak > 0) {
+ --nhostsbak;
+ /*
+ * XXX - using RPC library internal functions.
+ */
+ if ((fd = __rpc_nconf2fd(nconf)) < 0) {
+ int non_fatal = 0;
+ if (errno == EPROTONOSUPPORT &&
+ nconf->nc_semantics != NC_TPI_CLTS)
+ non_fatal = 1;
+
+ syslog(non_fatal ? LOG_DEBUG : LOG_ERR,
+ "cannot create socket for %s", nconf->nc_netid);
+ return;
+ }
+
+ switch (hints.ai_family) {
+ case AF_INET:
+ if (inet_pton(AF_INET, hosts[nhostsbak],
+ host_addr) == 1) {
+ hints.ai_flags &= AI_NUMERICHOST;
+ } else {
+ /*
+ * Skip if we have an AF_INET6 address.
+ */
+ if (inet_pton(AF_INET6, hosts[nhostsbak],
+ host_addr) == 1) {
+ close(fd);
+ continue;
+ }
+ }
+ break;
+ case AF_INET6:
+ if (inet_pton(AF_INET6, hosts[nhostsbak],
+ host_addr) == 1) {
+ hints.ai_flags &= AI_NUMERICHOST;
+ } else {
+ /*
+ * Skip if we have an AF_INET address.
+ */
+ if (inet_pton(AF_INET, hosts[nhostsbak],
+ host_addr) == 1) {
+ close(fd);
+ continue;
+ }
+ }
+
+ /*
+ * We're doing host-based access checks here, so don't
+ * allow v4-in-v6 to confuse things. The kernel will
+ * disable it by default on NFS sockets too.
+ */
+ if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
+ sizeof one) < 0) {
+ syslog(LOG_ERR,
+ "can't disable v4-in-v6 on IPv6 socket");
+ exit(1);
+ }
+ break;
+ default:
+ break;
+ }
+
+ /*
+ * If no hosts were specified, just bind to INADDR_ANY
+ */
+ if (strcmp("*", hosts[nhostsbak]) == 0) {
+ if (svcport_str == NULL) {
+ res = malloc(sizeof(struct addrinfo));
+ if (res == NULL)
+ out_of_mem();
+ res->ai_flags = hints.ai_flags;
+ res->ai_family = hints.ai_family;
+ res->ai_protocol = hints.ai_protocol;
+ switch (res->ai_family) {
+ case AF_INET:
+ sin = malloc(sizeof(struct sockaddr_in));
+ if (sin == NULL)
+ out_of_mem();
+ sin->sin_family = AF_INET;
+ sin->sin_port = htons(0);
+ sin->sin_addr.s_addr = htonl(INADDR_ANY);
+ res->ai_addr = (struct sockaddr*) sin;
+ res->ai_addrlen = (socklen_t)
+ sizeof(res->ai_addr);
+ break;
+ case AF_INET6:
+ sin6 = malloc(sizeof(struct sockaddr_in6));
+ if (res->ai_addr == NULL)
+ out_of_mem();
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = htons(0);
+ sin6->sin6_addr = in6addr_any;
+ res->ai_addr = (struct sockaddr*) sin6;
+ res->ai_addrlen = (socklen_t)
+ sizeof(res->ai_addr);
+ break;
+ default:
+ break;
+ }
+ } else {
+ if ((aicode = getaddrinfo(NULL, svcport_str,
+ &hints, &res)) != 0) {
+ syslog(LOG_ERR,
+ "cannot get local address for %s: %s",
+ nconf->nc_netid,
+ gai_strerror(aicode));
+ continue;
+ }
+ }
+ } else {
+ if ((aicode = getaddrinfo(hosts[nhostsbak], svcport_str,
+ &hints, &res)) != 0) {
+ syslog(LOG_ERR,
+ "cannot get local address for %s: %s",
+ nconf->nc_netid, gai_strerror(aicode));
+ continue;
+ }
+ }
+
+ r = bindresvport_sa(fd, res->ai_addr);
+ if (r != 0) {
+ syslog(LOG_ERR, "bindresvport_sa: %m");
+ exit(1);
+ }
+
+ if (nconf->nc_semantics != NC_TPI_CLTS)
+ listen(fd, SOMAXCONN);
+
+ if (nconf->nc_semantics == NC_TPI_CLTS )
+ transp = svc_dg_create(fd, 0, 0);
+ else
+ transp = svc_vc_create(fd, RPC_MAXDATASIZE,
+ RPC_MAXDATASIZE);
+
+ if (transp != (SVCXPRT *) NULL) {
+ if (!svc_reg(transp, RPCPROG_MNT, RPCMNT_VER1, mntsrv,
+ NULL))
+ syslog(LOG_ERR,
+ "can't register %s RPCMNT_VER1 service",
+ nconf->nc_netid);
+ if (!force_v2) {
+ if (!svc_reg(transp, RPCPROG_MNT, RPCMNT_VER3,
+ mntsrv, NULL))
+ syslog(LOG_ERR,
+ "can't register %s RPCMNT_VER3 service",
+ nconf->nc_netid);
+ }
+ } else
+ syslog(LOG_WARNING, "can't create %s services",
+ nconf->nc_netid);
+
+ if (registered == 0) {
+ registered = 1;
+ memset(&hints, 0, sizeof hints);
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_family = si.si_af;
+ hints.ai_socktype = si.si_socktype;
+ hints.ai_protocol = si.si_proto;
+
+ if (svcport_str == NULL) {
+ svcport_str = malloc(NI_MAXSERV * sizeof(char));
+ if (svcport_str == NULL)
+ out_of_mem();
+
+ if (getnameinfo(res->ai_addr,
+ res->ai_addr->sa_len, NULL, NI_MAXHOST,
+ svcport_str, NI_MAXSERV * sizeof(char),
+ NI_NUMERICHOST | NI_NUMERICSERV))
+ errx(1, "Cannot get port number");
+ }
+
+ if((aicode = getaddrinfo(NULL, svcport_str, &hints,
+ &res)) != 0) {
+ syslog(LOG_ERR, "cannot get local address: %s",
+ gai_strerror(aicode));
+ exit(1);
+ }
+
+ servaddr.buf = malloc(res->ai_addrlen);
+ memcpy(servaddr.buf, res->ai_addr, res->ai_addrlen);
+ servaddr.len = res->ai_addrlen;
+
+ rpcb_set(RPCPROG_MNT, RPCMNT_VER1, nconf, &servaddr);
+ rpcb_set(RPCPROG_MNT, RPCMNT_VER3, nconf, &servaddr);
+
+ xcreated++;
+ freeaddrinfo(res);
+ }
+ } /* end while */
}
static void
@@ -541,7 +703,7 @@ usage()
{
fprintf(stderr,
"usage: mountd [-2] [-d] [-l] [-n] [-p <port>] [-r] "
- "[export_file ...]\n");
+ "[-h <bindip>] [export_file ...]\n");
exit(1);
}