Attachment #183835 for bug #205193

Lines 35-40 __FBSDID("$FreeBSD: head/usr.sbin/nfsuse Link Here

(-)usr.sbin/nfsuserd/nfsuserd.c (-92 / +62 lines)
35	#include <sys/mount.h>	35	#include <sys/mount.h>
36	#include <sys/socket.h>	36	#include <sys/socket.h>
37	#include <sys/socketvar.h>	37	#include <sys/socketvar.h>
		38	#include <sys/stat.h>
38	#include <sys/time.h>	39	#include <sys/time.h>
39	#include <sys/ucred.h>	40	#include <sys/ucred.h>
40	#include <sys/vnode.h>	41	#include <sys/vnode.h>
Lines 43-48 __FBSDID("$FreeBSD: head/usr.sbin/nfsuse Link Here
43	#include <nfs/nfssvc.h>	44	#include <nfs/nfssvc.h>
44		45
45	#include <rpc/rpc.h>	46	#include <rpc/rpc.h>
		47	#include <rpc/rpc_com.h>
46		48
47	#include <fs/nfs/rpcv2.h>	49	#include <fs/nfs/rpcv2.h>
48	#include <fs/nfs/nfsproto.h>	50	#include <fs/nfs/nfsproto.h>
Lines 73-81 static bool_t xdr_getid(XDR *, caddr_t); Link Here
73	static bool_t xdr_getname(XDR *, caddr_t);	75	static bool_t xdr_getname(XDR *, caddr_t);
74	static bool_t xdr_retval(XDR *, caddr_t);	76	static bool_t xdr_retval(XDR *, caddr_t);
75		77
		78	#ifndef _PATH_NFSUSERDSOCK
		79	#define _PATH_NFSUSERDSOCK "/var/run/nfsuserd.sock"
		80	#endif
76	#define MAXNAME 1024	81	#define MAXNAME 1024
77	#define MAXNFSUSERD 20
78	#define DEFNFSUSERD 4
79	#define MAXUSERMAX 100000	82	#define MAXUSERMAX 100000
80	#define MINUSERMAX 10	83	#define MINUSERMAX 10
81	#define DEFUSERMAX 200	84	#define DEFUSERMAX 200
Lines 93-99 u_char *defaultgroup = "nogroup"; Link Here
93	gid_t defaultgid = 65533;	96	gid_t defaultgid = 65533;
94	int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0;	97	int verbose = 0, im_a_slave = 0, nfsuserdcnt = -1, forcestart = 0;
95	int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0;	98	int defusertimeout = DEFUSERTIMEOUT, manage_gids = 0;
96	pid_t slaves[MAXNFSUSERD];	99	pid_t slavepid;
97		100
98	int	101	int
99	main(int argc, char *argv[])	102	main(int argc, char *argv[])
Lines 103-117 main(int argc, char *argv[]) Link Here
103	struct nfsd_idargs nid;	106	struct nfsd_idargs nid;
104	struct passwd *pwd;	107	struct passwd *pwd;
105	struct group *grp;	108	struct group *grp;
106	int sock, one = 1;	109	int oldmask, sock;
107	SVCXPRT *udptransp;	110	SVCXPRT *xprt;
108	u_short portnum;
109	sigset_t signew;	111	sigset_t signew;
110	char hostname[MAXHOSTNAMELEN + 1], *cp;	112	char hostname[MAXHOSTNAMELEN + 1], *cp;
111	struct addrinfo *aip, hints;	113	struct addrinfo *aip, hints;
112	static uid_t check_dups[MAXUSERMAX];	114	static uid_t check_dups[MAXUSERMAX];
113	gid_t grps[NGROUPS];	115	gid_t grps[NGROUPS];
114	int ngroup;	116	int ngroup;
		117	struct sockaddr_un sun;
115		118
116	if (modfind("nfscommon") < 0) {	119	if (modfind("nfscommon") < 0) {
117	/* Not present in kernel, try loading it */	120	/* Not present in kernel, try loading it */
Lines 191-212 main(int argc, char *argv[]) Link Here
191	}	194	}
192	nid.nid_usertimeout = defusertimeout = i * 60;	195	nid.nid_usertimeout = defusertimeout = i * 60;
193	} else if (nfsuserdcnt == -1) {	196	} else if (nfsuserdcnt == -1) {
		197	/* nfsuserdcnt is no longer used. */
194	nfsuserdcnt = atoi(*argv);	198	nfsuserdcnt = atoi(*argv);
195	if (nfsuserdcnt < 1)	199	if (nfsuserdcnt < 1)
196	usage();	200	usage();
197	if (nfsuserdcnt > MAXNFSUSERD) {
198	warnx("nfsuserd count %d; reset to %d",
199	nfsuserdcnt, DEFNFSUSERD);
200	nfsuserdcnt = DEFNFSUSERD;
201	}
202	} else {	201	} else {
203	usage();	202	usage();
204	}	203	}
205	argc--;	204	argc--;
206	argv++;	205	argv++;
207	}	206	}
208	if (nfsuserdcnt < 1)
209	nfsuserdcnt = DEFNFSUSERD;
210		207
211	/*	208	/*
212	* Strip off leading and trailing '.'s in domain name and map	209	* Strip off leading and trailing '.'s in domain name and map
Lines 242-290 main(int argc, char *argv[]) Link Here
242	"nfsuserd: domain=%s usermax=%d usertimeout=%d\n",	239	"nfsuserd: domain=%s usermax=%d usertimeout=%d\n",
243	dnsname, nid.nid_usermax, nid.nid_usertimeout);	240	dnsname, nid.nid_usermax, nid.nid_usertimeout);
244		241
245	for (i = 0; i < nfsuserdcnt; i++)	242	slavepid = (pid_t)-1;
246	slaves[i] = (pid_t)-1;
247		243
248	/*	244	memset(&sun, 0, sizeof sun);
249	* Set up the service port to accept requests via UDP from	245	sun.sun_family = AF_LOCAL;
250	* localhost (127.0.0.1).	246	unlink(_PATH_NFSUSERDSOCK);
251	*/	247	strcpy(sun.sun_path, _PATH_NFSUSERDSOCK);
252	if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)	248	sun.sun_len = SUN_LEN(&sun);
253	err(1, "cannot create udp socket");	249	sock = socket(AF_LOCAL, SOCK_STREAM, 0);
		250	if (sock < 0)
		251	err(1, "Can't create local nfsuserd socket");
		252	oldmask = umask(S_IXUSR \| S_IRWXG \| S_IRWXO);
		253	if (bind(sock, (struct sockaddr *)&sun, sun.sun_len) < 0)
		254	err(1, "Can't bind local nfsuserd socket");
		255	umask(oldmask);
		256	if (listen(sock, SOMAXCONN) < 0)
		257	err(1, "Can't listen on local nfsuserd socket");
		258	xprt = svc_vc_create(sock, RPC_MAXDATASIZE, RPC_MAXDATASIZE);
		259	if (xprt == NULL)
		260	err(1, "Can't create transport for local nfsuserd socket");
		261	if (!svc_reg(xprt, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS, nfsuserdsrv,
		262	NULL))
		263	err(1, "Can't register service for local nfsuserd socket");
254		264
255	/*	265	/*
256	* Not sure what this does, so I'll leave it here for now.	266	* Tell the kernel what the socket's path is.
257	*/	267	*/
258	setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
259
260	if ((udptransp = svcudp_create(sock)) == NULL)
261	err(1, "Can't set up socket");
262
263	/*
264	* By not specifying a protocol, it is linked into the
265	* dispatch queue, but not registered with portmapper,
266	* which is just what I want.
267	*/
268	if (!svc_register(udptransp, RPCPROG_NFSUSERD, RPCNFSUSERD_VERS,
269	nfsuserdsrv, 0))
270	err(1, "Can't register nfsuserd");
271
272	/*
273	* Tell the kernel what my port# is.
274	*/
275	portnum = htons(udptransp->xp_port);
276	#ifdef DEBUG	268	#ifdef DEBUG
277	printf("portnum=0x%x\n", portnum);	269	printf("sockpath=%s\n", _PATH_NFSUSERDSOCK);
278	#else	270	#else
279	if (nfssvc(NFSSVC_NFSUSERDPORT, (caddr_t)&portnum) < 0) {	271	if (nfssvc(NFSSVC_NFSUSERDPORT \| NFSSVC_NEWSTRUCT, _PATH_NFSUSERDSOCK)
		272	< 0) {
280	if (errno == EPERM) {	273	if (errno == EPERM) {
281	fprintf(stderr,	274	fprintf(stderr,
282	"Can't start nfsuserd when already running");	275	"Can't start nfsuserd when already running");
283	fprintf(stderr,	276	fprintf(stderr,
284	" If not running, use the -force option.\n");	277	" If not running, use the -force option.\n");
285	} else {	278	} else
286	fprintf(stderr, "Can't do nfssvc() to add port\n");	279	fprintf(stderr, "Can't do nfssvc() to add socket\n");
287	}
288	exit(1);	280	exit(1);
289	}	281	}
290	#endif	282	#endif
Lines 413-440 main(int argc, char *argv[]) Link Here
413	openlog("nfsuserd:", LOG_PID, LOG_DAEMON);	405	openlog("nfsuserd:", LOG_PID, LOG_DAEMON);
414		406
415	/*	407	/*
416	* Fork off the slave daemons that do the work. All the master	408	* Fork off the slave daemon to do the work. All the master
417	* does is kill them off and cleanup.	409	* does is kill the slave off and cleanup.
418	*/	410	*/
419	for (i = 0; i < nfsuserdcnt; i++) {	411	slavepid = fork();
420	slaves[i] = fork();	412	if (slavepid == 0) {
421	if (slaves[i] == 0) {	413	im_a_slave = 1;
422	im_a_slave = 1;	414	setproctitle("slave");
423	setproctitle("slave");	415	sigemptyset(&signew);
424	sigemptyset(&signew);	416	sigaddset(&signew, SIGUSR1);
425	sigaddset(&signew, SIGUSR1);	417	sigprocmask(SIG_UNBLOCK, &signew, NULL);
426	sigprocmask(SIG_UNBLOCK, &signew, NULL);	418
427		419	/*
428	/*	420	* and away we go.
429	* and away we go.	421	*/
430	*/	422	svc_run();
431	svc_run();	423	syslog(LOG_ERR, "nfsuserd died: %m");
432	syslog(LOG_ERR, "nfsuserd died: %m");	424	exit(1);
433	exit(1);	425	} else if (slavepid < 0)
434	} else if (slaves[i] < 0) {	426	syslog(LOG_ERR, "fork: %m");
435	syslog(LOG_ERR, "fork: %m");
436	}
437	}
438		427
439	/*	428	/*
440	* Just wait for SIGUSR1 or a child to die and then...	429	* Just wait for SIGUSR1 or a child to die and then...
Lines 455-482 nfsuserdsrv(struct svc_req *rqstp, SVCXP Link Here
455	struct passwd *pwd;	444	struct passwd *pwd;
456	struct group *grp;	445	struct group *grp;
457	int error;	446	int error;
458	u_short sport;
459	struct info info;	447	struct info info;
460	struct nfsd_idargs nid;	448	struct nfsd_idargs nid;
461	u_int32_t saddr;
462	gid_t grps[NGROUPS];	449	gid_t grps[NGROUPS];
463	int ngroup;	450	int ngroup;
464		451
465	/*
466	* Only handle requests from 127.0.0.1 on a reserved port number.
467	* (Since a reserved port # at localhost implies a client with
468	* local root, there won't be a security breach. This is about
469	* the only case I can think of where a reserved port # means
470	* something.)
471	*/
472	sport = ntohs(transp->xp_raddr.sin_port);
473	saddr = ntohl(transp->xp_raddr.sin_addr.s_addr);
474	if ((rqstp->rq_proc != NULLPROC && sport >= IPPORT_RESERVED) \|\|
475	saddr != 0x7f000001) {
476	syslog(LOG_ERR, "req from ip=0x%x port=%d\n", saddr, sport);
477	svcerr_weakauth(transp);
478	return;
479	}
480	switch (rqstp->rq_proc) {	452	switch (rqstp->rq_proc) {
481	case NULLPROC:	453	case NULLPROC:
482	if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))	454	if (!svc_sendreply(transp, (xdrproc_t)xdr_void, NULL))
Lines 683-689 xdr_retval(XDR *xdrsp, caddr_t cp) Link Here
683	static void	655	static void
684	cleanup_term(int signo __unused)	656	cleanup_term(int signo __unused)
685	{	657	{
686	int i, cnt;	658	int cnt;
687		659
688	if (im_a_slave)	660	if (im_a_slave)
689	exit(0);	661	exit(0);
Lines 693-709 cleanup_term(int signo __unused) Link Here
693	* As the Governor of California might say, "Terminate them".	665	* As the Governor of California might say, "Terminate them".
694	*/	666	*/
695	cnt = 0;	667	cnt = 0;
696	for (i = 0; i < nfsuserdcnt; i++) {	668	if (slavepid != (pid_t)-1) {
697	if (slaves[i] != (pid_t)-1) {	669	cnt++;
698	cnt++;	670	kill(slavepid, SIGUSR1);
699	kill(slaves[i], SIGUSR1);
700	}
701	}	671	}
702		672
703	/*	673	/*
704	* and wait for them to die	674	* and wait for the slave to die
705	*/	675	*/
706	for (i = 0; i < cnt; i++)	676	if (cnt > 0)
707	wait3(NULL, 0, NULL);	677	wait3(NULL, 0, NULL);
708		678
709	/*	679	/*
Lines 721-725 usage(void) Link Here
721	{	691	{
722		692
723	errx(1,	693	errx(1,
724	"usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name] [n]");	694	"usage: nfsuserd [-usermax cache_size] [-usertimeout minutes] [-verbose] [-manage-gids] [-domain domain_name]");
725	}	695	}

Return to bug 205193