1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2016 Nexenta Systems, Inc.
25 */
26
27 /*
28 * NFS specific functions
29 */
30 #include <stdio.h>
31 #include <string.h>
32 #include <ctype.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <zone.h>
36 #include <errno.h>
37 #include <locale.h>
38 #include <signal.h>
39 #include <strings.h>
40 #include "libshare.h"
41 #include "libshare_impl.h"
42 #include <nfs/export.h>
43 #include <pwd.h>
44 #include <grp.h>
45 #include <limits.h>
46 #include <libscf.h>
47 #include <syslog.h>
48 #include <rpcsvc/daemon_utils.h>
49 #include "nfslog_config.h"
50 #include "nfslogtab.h"
51 #include "libshare_nfs.h"
52 #include <nfs/nfs.h>
53 #include <nfs/nfssys.h>
54 #include <netconfig.h>
55 #include "smfcfg.h"
56
57 /* should really be in some global place */
58 #define DEF_WIN 30000
59 #define OPT_CHUNK 1024
60
61 int debug = 0;
62
63 #define NFS_SERVER_SVC "svc:/network/nfs/server:default"
64 #define NFS_CLIENT_SVC (char *)"svc:/network/nfs/client:default"
65
66 /* internal functions */
67 static int nfs_init();
68 static void nfs_fini();
69 static int nfs_enable_share(sa_share_t);
70 static int nfs_disable_share(sa_share_t, char *);
71 static int nfs_validate_property(sa_handle_t, sa_property_t, sa_optionset_t);
72 static int nfs_validate_security_mode(char *);
73 static int nfs_is_security_opt(char *);
74 static int nfs_parse_legacy_options(sa_group_t, char *);
75 static char *nfs_format_options(sa_group_t, int);
76 static int nfs_set_proto_prop(sa_property_t);
77 static sa_protocol_properties_t nfs_get_proto_set();
78 static char *nfs_get_status();
79 static char *nfs_space_alias(char *);
80 static uint64_t nfs_features();
81
82 /*
83 * ops vector that provides the protocol specific info and operations
84 * for share management.
85 */
86
87 struct sa_plugin_ops sa_plugin_ops = {
88 SA_PLUGIN_VERSION,
89 "nfs",
90 nfs_init,
91 nfs_fini,
92 nfs_enable_share,
93 nfs_disable_share,
94 nfs_validate_property,
95 nfs_validate_security_mode,
96 nfs_is_security_opt,
97 nfs_parse_legacy_options,
98 nfs_format_options,
99 nfs_set_proto_prop,
100 nfs_get_proto_set,
101 nfs_get_status,
102 nfs_space_alias,
103 NULL, /* update_legacy */
104 NULL, /* delete_legacy */
105 NULL, /* change_notify */
106 NULL, /* enable_resource */
107 NULL, /* disable_resource */
108 nfs_features,
109 NULL, /* transient shares */
110 NULL, /* notify resource */
111 NULL, /* rename_resource */
112 NULL, /* run_command */
113 NULL, /* command_help */
114 NULL /* delete_proto_section */
115 };
116
117 /*
118 * list of support services needed
119 * defines should come from head/rpcsvc/daemon_utils.h
120 */
121
122 static char *service_list_default[] =
123 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, REPARSED, NULL };
124 static char *service_list_logging[] =
125 { STATD, LOCKD, MOUNTD, NFSD, NFSMAPID, RQUOTAD, NFSLOGD, REPARSED,
126 NULL };
127
128 /*
129 * option definitions. Make sure to keep the #define for the option
130 * index just before the entry it is the index for. Changing the order
131 * can cause breakage. E.g OPT_RW is index 1 and must precede the
132 * line that includes the SHOPT_RW and OPT_RW entries.
133 */
134
135 struct option_defs optdefs[] = {
136 #define OPT_RO 0
137 {SHOPT_RO, OPT_RO, OPT_TYPE_ACCLIST},
138 #define OPT_RW 1
139 {SHOPT_RW, OPT_RW, OPT_TYPE_ACCLIST},
140 #define OPT_ROOT 2
141 {SHOPT_ROOT, OPT_ROOT, OPT_TYPE_ACCLIST},
142 #define OPT_SECURE 3
143 {SHOPT_SECURE, OPT_SECURE, OPT_TYPE_DEPRECATED},
144 #define OPT_ANON 4
145 {SHOPT_ANON, OPT_ANON, OPT_TYPE_USER},
146 #define OPT_WINDOW 5
147 {SHOPT_WINDOW, OPT_WINDOW, OPT_TYPE_NUMBER},
148 #define OPT_NOSUID 6
149 {SHOPT_NOSUID, OPT_NOSUID, OPT_TYPE_BOOLEAN},
150 #define OPT_ACLOK 7
151 {SHOPT_ACLOK, OPT_ACLOK, OPT_TYPE_BOOLEAN},
152 #define OPT_NOSUB 8
153 {SHOPT_NOSUB, OPT_NOSUB, OPT_TYPE_BOOLEAN},
154 #define OPT_SEC 9
155 {SHOPT_SEC, OPT_SEC, OPT_TYPE_SECURITY},
156 #define OPT_PUBLIC 10
157 {SHOPT_PUBLIC, OPT_PUBLIC, OPT_TYPE_BOOLEAN, OPT_SHARE_ONLY},
158 #define OPT_INDEX 11
159 {SHOPT_INDEX, OPT_INDEX, OPT_TYPE_FILE},
160 #define OPT_LOG 12
161 {SHOPT_LOG, OPT_LOG, OPT_TYPE_LOGTAG},
162 #define OPT_CKSUM 13
163 {SHOPT_CKSUM, OPT_CKSUM, OPT_TYPE_STRINGSET},
164 #define OPT_NONE 14
165 {SHOPT_NONE, OPT_NONE, OPT_TYPE_ACCLIST},
166 #define OPT_ROOT_MAPPING 15
167 {SHOPT_ROOT_MAPPING, OPT_ROOT_MAPPING, OPT_TYPE_USER},
168 #define OPT_CHARSET_MAP 16
169 {"", OPT_CHARSET_MAP, OPT_TYPE_ACCLIST},
170 #define OPT_NOACLFAB 17
171 {SHOPT_NOACLFAB, OPT_NOACLFAB, OPT_TYPE_BOOLEAN},
172 #define OPT_UIDMAP 18
173 {SHOPT_UIDMAP, OPT_UIDMAP, OPT_TYPE_MAPPING},
174 #define OPT_GIDMAP 19
175 {SHOPT_GIDMAP, OPT_GIDMAP, OPT_TYPE_MAPPING},
176 #ifdef VOLATILE_FH_TEST /* XXX added for testing volatile fh's only */
177 #define OPT_VOLFH 20
178 {SHOPT_VOLFH, OPT_VOLFH},
179 #endif /* VOLATILE_FH_TEST */
180 NULL
181 };
182
183 /*
184 * Codesets that may need to be converted to UTF-8 for file paths.
185 * Add new names here to add new property support. If we ever get a
186 * way to query the kernel for character sets, this should become
187 * dynamically loaded. Make sure changes here are reflected in
188 * cmd/fs.d/nfs/mountd/nfscmd.c
189 */
190
191 static char *legal_conv[] = {
192 "euc-cn",
193 "euc-jp",
194 "euc-jpms",
195 "euc-kr",
196 "euc-tw",
197 "iso8859-1",
198 "iso8859-2",
199 "iso8859-5",
200 "iso8859-6",
201 "iso8859-7",
202 "iso8859-8",
203 "iso8859-9",
204 "iso8859-13",
205 "iso8859-15",
206 "koi8-r",
207 NULL
208 };
209
210 /*
211 * list of properties that are related to security flavors.
212 */
213 static char *seclist[] = {
214 SHOPT_RO,
215 SHOPT_RW,
216 SHOPT_ROOT,
217 SHOPT_WINDOW,
218 SHOPT_NONE,
219 SHOPT_ROOT_MAPPING,
220 SHOPT_UIDMAP,
221 SHOPT_GIDMAP,
222 NULL
223 };
224
225 /* structure for list of securities */
226 struct securities {
227 sa_security_t security;
228 struct securities *next;
229 };
230
231 /*
232 * findcharset(charset)
233 *
234 * Returns B_TRUE if the charset is a legal conversion otherwise
235 * B_FALSE. This will need to be rewritten to be more efficient when
236 * we have a dynamic list of legal conversions.
237 */
238
239 static boolean_t
240 findcharset(char *charset)
241 {
242 int i;
243
244 for (i = 0; legal_conv[i] != NULL; i++)
245 if (strcmp(charset, legal_conv[i]) == 0)
246 return (B_TRUE);
247 return (B_FALSE);
248 }
249
250 /*
251 * findopt(name)
252 *
253 * Lookup option "name" in the option table and return the table
254 * index.
255 */
256
257 static int
258 findopt(char *name)
259 {
260 int i;
261 if (name != NULL) {
262 for (i = 0; optdefs[i].tag != NULL; i++) {
263 if (strcmp(optdefs[i].tag, name) == 0)
264 return (optdefs[i].index);
265 }
266 if (findcharset(name))
267 return (OPT_CHARSET_MAP);
268 }
269 return (-1);
270 }
271
272 /*
273 * gettype(name)
274 *
275 * Return the type of option "name".
276 */
277
278 static int
279 gettype(char *name)
280 {
281 int optdef;
282
283 optdef = findopt(name);
284 if (optdef != -1)
285 return (optdefs[optdef].type);
286 return (OPT_TYPE_ANY);
287 }
288
289 /*
290 * nfs_validate_security_mode(mode)
291 *
292 * is the specified mode string a valid one for use with NFS?
293 */
294
295 static int
296 nfs_validate_security_mode(char *mode)
297 {
298 seconfig_t secinfo;
299 int err;
300
301 (void) memset(&secinfo, '\0', sizeof (secinfo));
302 err = nfs_getseconfig_byname(mode, &secinfo);
303 if (err == SC_NOERROR)
304 return (1);
305 return (0);
306 }
307
308 /*
309 * nfs_is_security_opt(tok)
310 *
311 * check to see if tok represents an option that is only valid in some
312 * security flavor.
313 */
314
315 static int
316 nfs_is_security_opt(char *tok)
317 {
318 int i;
319
320 for (i = 0; seclist[i] != NULL; i++) {
321 if (strcmp(tok, seclist[i]) == 0)
322 return (1);
323 }
324 return (0);
325 }
326
327 /*
328 * find_security(seclist, sec)
329 *
330 * Walk the current list of security flavors and return true if it is
331 * present, else return false.
332 */
333
334 static int
335 find_security(struct securities *seclist, sa_security_t sec)
336 {
337 while (seclist != NULL) {
338 if (seclist->security == sec)
339 return (1);
340 seclist = seclist->next;
341 }
342 return (0);
343 }
344
345 /*
346 * make_security_list(group, securitymodes, proto)
347 * go through the list of securitymodes and add them to the
348 * group's list of security optionsets. We also keep a list of
349 * those optionsets so we don't have to find them later. All of
350 * these will get copies of the same properties.
351 */
352
353 static struct securities *
354 make_security_list(sa_group_t group, char *securitymodes, char *proto)
355 {
356 char *tok, *next = NULL;
357 struct securities *curp, *headp = NULL, *prev;
358 sa_security_t check;
359 int freetok = 0;
360
361 for (tok = securitymodes; tok != NULL; tok = next) {
362 next = strchr(tok, ':');
363 if (next != NULL)
364 *next++ = '\0';
365 if (strcmp(tok, "default") == 0) {
366 /* resolve default into the real type */
367 tok = nfs_space_alias(tok);
368 freetok = 1;
369 }
370 check = sa_get_security(group, tok, proto);
371
372 /* add to the security list if it isn't there already */
373 if (check == NULL || !find_security(headp, check)) {
374 curp = (struct securities *)calloc(1,
375 sizeof (struct securities));
376 if (curp != NULL) {
377 if (check == NULL) {
378 curp->security = sa_create_security(
379 group, tok, proto);
380 } else {
381 curp->security = check;
382 }
383 /*
384 * note that the first time through the loop,
385 * headp will be NULL and prev will be
386 * undefined. Since headp is NULL, we set
387 * both it and prev to the curp (first
388 * structure to be allocated).
389 *
390 * later passes through the loop will have
391 * headp not being NULL and prev will be used
392 * to allocate at the end of the list.
393 */
394 if (headp == NULL) {
395 headp = curp;
396 prev = curp;
397 } else {
398 prev->next = curp;
399 prev = curp;
400 }
401 }
402 }
403
404 if (freetok) {
405 freetok = 0;
406 sa_free_attr_string(tok);
407 }
408 }
409 return (headp);
410 }
411
412 static void
413 free_security_list(struct securities *sec)
414 {
415 struct securities *next;
416 if (sec != NULL) {
417 for (next = sec->next; sec != NULL; sec = next) {
418 next = sec->next;
419 free(sec);
420 }
421 }
422 }
423
424 /*
425 * nfs_alistcat(str1, str2, sep)
426 *
427 * concatenate str1 and str2 into a new string using sep as a separate
428 * character. If memory allocation fails, return NULL;
429 */
430
431 static char *
432 nfs_alistcat(char *str1, char *str2, char sep)
433 {
434 char *newstr;
435 size_t len;
436
437 len = strlen(str1) + strlen(str2) + 2;
438 newstr = (char *)malloc(len);
439 if (newstr != NULL)
440 (void) snprintf(newstr, len, "%s%c%s", str1, sep, str2);
441 return (newstr);
442 }
443
444 /*
445 * add_security_prop(sec, name, value, persist, iszfs)
446 *
447 * Add the property to the securities structure. This accumulates
448 * properties for as part of parsing legacy options.
449 */
450
451 static int
452 add_security_prop(struct securities *sec, char *name, char *value,
453 int persist, int iszfs)
454 {
455 sa_property_t prop;
456 int ret = SA_OK;
457
458 for (; sec != NULL; sec = sec->next) {
459 if (value == NULL) {
460 if (strcmp(name, SHOPT_RW) == 0 ||
461 strcmp(name, SHOPT_RO) == 0)
462 value = "*";
463 else
464 value = "true";
465 }
466
467 /*
468 * Get the existing property, if it exists, so we can
469 * determine what to do with it. The ro/rw/root
470 * properties can be merged if multiple instances of
471 * these properies are given. For example, if "rw"
472 * exists with a value "host1" and a later token of
473 * rw="host2" is seen, the values are merged into a
474 * single rw="host1:host2".
475 */
476 prop = sa_get_property(sec->security, name);
477
478 if (prop != NULL) {
479 char *oldvalue;
480 char *newvalue;
481
482 /*
483 * The security options of ro/rw/root/uidmap/gidmap
484 * might appear multiple times. If they do, the values
485 * need to be merged. If it was previously empty, the
486 * new value alone is added.
487 */
488 oldvalue = sa_get_property_attr(prop, "value");
489 if (oldvalue != NULL) {
490 char sep = ':';
491
492 if (strcmp(name, SHOPT_UIDMAP) == 0 ||
493 strcmp(name, SHOPT_GIDMAP) == 0)
494 sep = '~';
495
496 /*
497 * The general case is to concatenate the new
498 * value onto the old value for multiple
499 * rw(ro/root/uidmap/gidmap) properties. For
500 * rw/ro/root a special case exists when either
501 * the old or new is the "all" case. In the
502 * special case, if both are "all", then it is
503 * "all", else if one is an access-list, that
504 * replaces the "all".
505 */
506 if (strcmp(oldvalue, "*") == 0) {
507 /* Replace old value with new value. */
508 newvalue = strdup(value);
509 } else if (strcmp(value, "*") == 0 ||
510 strcmp(oldvalue, value) == 0) {
511 /*
512 * Keep old value and ignore
513 * the new value.
514 */
515 newvalue = NULL;
516 } else {
517 /*
518 * Make a new list of old plus new
519 * access-list.
520 */
521 newvalue = nfs_alistcat(oldvalue,
522 value, sep);
523 }
524
525 if (newvalue != NULL) {
526 (void) sa_remove_property(prop);
527 prop = sa_create_property(name,
528 newvalue);
529 ret = sa_add_property(sec->security,
530 prop);
531 free(newvalue);
532 }
533
534 sa_free_attr_string(oldvalue);
535 }
536 } else {
537 prop = sa_create_property(name, value);
538 ret = sa_add_property(sec->security, prop);
539 }
540 if (ret == SA_OK && !iszfs) {
541 ret = sa_commit_properties(sec->security, !persist);
542 }
543 }
544 return (ret);
545 }
546
547 /*
548 * check to see if group/share is persistent.
549 */
550 static int
551 is_persistent(sa_group_t group)
552 {
553 char *type;
554 int persist = 1;
555
556 type = sa_get_group_attr(group, "type");
557 if (type != NULL && strcmp(type, "persist") != 0)
558 persist = 0;
559 if (type != NULL)
560 sa_free_attr_string(type);
561 return (persist);
562 }
563
564 /*
565 * invalid_security(options)
566 *
567 * search option string for any invalid sec= type.
568 * return true (1) if any are not valid else false (0)
569 */
570 static int
571 invalid_security(char *options)
572 {
573 char *copy, *base, *token, *value;
574 int ret = 0;
575
576 copy = strdup(options);
577 token = base = copy;
578 while (token != NULL && ret == 0) {
579 token = strtok(base, ",");
580 base = NULL;
581 if (token != NULL) {
582 value = strchr(token, '=');
583 if (value != NULL)
584 *value++ = '\0';
585 if (strcmp(token, SHOPT_SEC) == 0) {
586 /* HAVE security flavors so check them */
587 char *tok, *next;
588 for (next = NULL, tok = value; tok != NULL;
589 tok = next) {
590 next = strchr(tok, ':');
591 if (next != NULL)
592 *next++ = '\0';
593 ret = !nfs_validate_security_mode(tok);
594 if (ret)
595 break;
596 }
597 }
598 }
599 }
600 if (copy != NULL)
601 free(copy);
602 return (ret);
603 }
604
605 /*
606 * nfs_parse_legacy_options(group, options)
607 *
608 * Parse the old style options into internal format and store on the
609 * specified group. Group could be a share for full legacy support.
610 */
611
612 static int
613 nfs_parse_legacy_options(sa_group_t group, char *options)
614 {
615 char *dup;
616 char *base;
617 char *token;
618 sa_optionset_t optionset;
619 struct securities *security_list = NULL;
620 sa_property_t prop;
621 int ret = SA_OK;
622 int iszfs = 0;
623 sa_group_t parent;
624 int persist = 0;
625 char *lasts;
626
627 /* do we have an existing optionset? */
628 optionset = sa_get_optionset(group, "nfs");
629 if (optionset == NULL) {
630 /* didn't find existing optionset so create one */
631 optionset = sa_create_optionset(group, "nfs");
632 } else {
633 /*
634 * Have an existing optionset . Ideally, we would need
635 * to compare options in order to detect errors. For
636 * now, we assume that the first optionset is the
637 * correct one and the others will be the same. An
638 * empty optionset is the same as no optionset so we
639 * don't want to exit in that case. Getting an empty
640 * optionset can occur with ZFS property checking.
641 */
642 if (sa_get_property(optionset, NULL) != NULL)
643 return (ret);
644 }
645
646 if (strcmp(options, SHOPT_RW) == 0) {
647 /*
648 * there is a special case of only the option "rw"
649 * being the default option. We don't have to do
650 * anything.
651 */
652 return (ret);
653 }
654
655 /*
656 * check if security types are present and validate them. If
657 * any are not legal, fail.
658 */
659
660 if (invalid_security(options)) {
661 return (SA_INVALID_SECURITY);
662 }
663
664 /*
665 * in order to not attempt to change ZFS properties unless
666 * absolutely necessary, we never do it in the legacy parsing.
667 */
668 if (sa_is_share(group)) {
669 char *zfs;
670 parent = sa_get_parent_group(group);
671 if (parent != NULL) {
672 zfs = sa_get_group_attr(parent, "zfs");
673 if (zfs != NULL) {
674 sa_free_attr_string(zfs);
675 iszfs++;
676 }
677 }
678 } else {
679 iszfs = sa_group_is_zfs(group);
680 }
681
682 /* We need a copy of options for the next part. */
683 dup = strdup(options);
684 if (dup == NULL)
685 return (SA_NO_MEMORY);
686
687 /*
688 * we need to step through each option in the string and then
689 * add either the option or the security option as needed. If
690 * this is not a persistent share, don't commit to the
691 * repository. If there is an error, we also want to abort the
692 * processing and report it.
693 */
694 persist = is_persistent(group);
695 base = dup;
696 token = dup;
697 lasts = NULL;
698 while (token != NULL && ret == SA_OK) {
699 token = strtok_r(base, ",", &lasts);
700 base = NULL;
701 if (token != NULL) {
702 char *value;
703 /*
704 * if the option has a value, it will have an '=' to
705 * separate the name from the value. The following
706 * code will result in value != NULL and token
707 * pointing to just the name if there is a value.
708 */
709 value = strchr(token, '=');
710 if (value != NULL) {
711 *value++ = '\0';
712 }
713 if (strcmp(token, SHOPT_SEC) == 0 ||
714 strcmp(token, SHOPT_SECURE) == 0) {
715 /*
716 * Once in security parsing, we only
717 * do security. We do need to move
718 * between the security node and the
719 * toplevel. The security tag goes on
720 * the root while the following ones
721 * go on the security.
722 */
723 if (security_list != NULL) {
724 /*
725 * have an old list so close it and
726 * start the new
727 */
728 free_security_list(security_list);
729 }
730 if (strcmp(token, SHOPT_SECURE) == 0) {
731 value = "dh";
732 } else {
733 if (value == NULL) {
734 ret = SA_SYNTAX_ERR;
735 break;
736 }
737 }
738 security_list = make_security_list(group,
739 value, "nfs");
740 } else {
741 /*
742 * Note that the "old" syntax allowed a
743 * default security model. This must be
744 * accounted for and internally converted to
745 * "standard" security structure.
746 */
747 if (nfs_is_security_opt(token)) {
748 if (security_list == NULL) {
749 /*
750 * need to have a
751 * security
752 * option. This will
753 * be "closed" when a
754 * defined "sec="
755 * option is
756 * seen. This is
757 * technically an
758 * error but will be
759 * allowed with
760 * warning.
761 */
762 security_list =
763 make_security_list(group,
764 "default",
765 "nfs");
766 }
767 if (security_list != NULL) {
768 ret = add_security_prop(
769 security_list, token,
770 value, persist, iszfs);
771 } else {
772 ret = SA_NO_MEMORY;
773 }
774 } else {
775 /* regular options */
776 if (value == NULL) {
777 if (strcmp(token, SHOPT_RW) ==
778 0 || strcmp(token,
779 SHOPT_RO) == 0) {
780 value = "*";
781 } else {
782 value = "global";
783 if (strcmp(token,
784 SHOPT_LOG) != 0) {
785 value = "true";
786 }
787 }
788 }
789 /*
790 * In all cases, create the
791 * property specified. If the
792 * value was NULL, the default
793 * value will have been
794 * substituted.
795 */
796 prop = sa_create_property(token, value);
797 ret = sa_add_property(optionset, prop);
798 if (ret != SA_OK)
799 break;
800
801 if (!iszfs) {
802 ret = sa_commit_properties(
803 optionset, !persist);
804 }
805 }
806 }
807 }
808 }
809 if (security_list != NULL)
810 free_security_list(security_list);
811
812 free(dup);
813 return (ret);
814 }
815
816 /*
817 * is_a_number(number)
818 *
819 * is the string a number in one of the forms we want to use?
820 */
821
822 static int
823 is_a_number(char *number)
824 {
825 int ret = 1;
826 int hex = 0;
827
828 if (strncmp(number, "0x", 2) == 0) {
829 number += 2;
830 hex = 1;
831 } else if (*number == '-') {
832 number++; /* skip the minus */
833 }
834 while (ret == 1 && *number != '\0') {
835 if (hex) {
836 ret = isxdigit(*number++);
837 } else {
838 ret = isdigit(*number++);
839 }
840 }
841 return (ret);
842 }
843
844 /*
845 * Look for the specified tag in the configuration file. If it is found,
846 * enable logging and set the logging configuration information for exp.
847 */
848 static void
849 configlog(struct exportdata *exp, char *tag)
850 {
851 nfsl_config_t *configlist = NULL, *configp;
852 int error = 0;
853 char globaltag[] = DEFAULTTAG;
854
855 /*
856 * Sends config errors to stderr
857 */
858 nfsl_errs_to_syslog = B_FALSE;
859
860 /*
861 * get the list of configuration settings
862 */
863 error = nfsl_getconfig_list(&configlist);
864 if (error) {
865 (void) fprintf(stderr,
866 dgettext(TEXT_DOMAIN, "Cannot get log configuration: %s\n"),
867 strerror(error));
868 }
869
870 if (tag == NULL)
871 tag = globaltag;
872 if ((configp = nfsl_findconfig(configlist, tag, &error)) == NULL) {
873 nfsl_freeconfig_list(&configlist);
874 (void) fprintf(stderr,
875 dgettext(TEXT_DOMAIN, "No tags matching \"%s\"\n"), tag);
876 /* bad configuration */
877 error = ENOENT;
878 goto err;
879 }
880
881 if ((exp->ex_tag = strdup(tag)) == NULL) {
882 error = ENOMEM;
883 goto out;
884 }
885 if ((exp->ex_log_buffer = strdup(configp->nc_bufferpath)) == NULL) {
886 error = ENOMEM;
887 goto out;
888 }
889 exp->ex_flags |= EX_LOG;
890 if (configp->nc_rpclogpath != NULL)
891 exp->ex_flags |= EX_LOG_ALLOPS;
892 out:
893 if (configlist != NULL)
894 nfsl_freeconfig_list(&configlist);
895
896 err:
897 if (error != 0) {
898 free(exp->ex_tag);
899 free(exp->ex_log_buffer);
900 (void) fprintf(stderr,
901 dgettext(TEXT_DOMAIN, "Cannot set log configuration: %s\n"),
902 strerror(error));
903 }
904 }
905
906 /*
907 * fill_export_from_optionset(export, optionset)
908 *
909 * In order to share, we need to set all the possible general options
910 * into the export structure. Share info will be filled in by the
911 * caller. Various property values get turned into structure specific
912 * values.
913 */
914
915 static int
916 fill_export_from_optionset(struct exportdata *export, sa_optionset_t optionset)
917 {
918 sa_property_t option;
919 int ret = SA_OK;
920
921 for (option = sa_get_property(optionset, NULL);
922 option != NULL; option = sa_get_next_property(option)) {
923 char *name;
924 char *value;
925 uint32_t val;
926
927 /*
928 * since options may be set/reset multiple times, always do an
929 * explicit set or clear of the option. This allows defaults
930 * to be set and then the protocol specific to override.
931 */
932
933 name = sa_get_property_attr(option, "type");
934 value = sa_get_property_attr(option, "value");
935 switch (findopt(name)) {
936 case OPT_ANON:
937 if (value != NULL && is_a_number(value)) {
938 val = strtoul(value, NULL, 0);
939 } else {
940 struct passwd *pw;
941 pw = getpwnam(value != NULL ? value : "nobody");
942 if (pw != NULL) {
943 val = pw->pw_uid;
944 } else {
945 val = UID_NOBODY;
946 }
947 endpwent();
948 }
949 export->ex_anon = val;
950 break;
951 case OPT_NOSUID:
952 if (value != NULL && (strcasecmp(value, "true") == 0 ||
953 strcmp(value, "1") == 0))
954 export->ex_flags |= EX_NOSUID;
955 else
956 export->ex_flags &= ~EX_NOSUID;
957 break;
958 case OPT_ACLOK:
959 if (value != NULL && (strcasecmp(value, "true") == 0 ||
960 strcmp(value, "1") == 0))
961 export->ex_flags |= EX_ACLOK;
962 else
963 export->ex_flags &= ~EX_ACLOK;
964 break;
965 case OPT_NOSUB:
966 if (value != NULL && (strcasecmp(value, "true") == 0 ||
967 strcmp(value, "1") == 0))
968 export->ex_flags |= EX_NOSUB;
969 else
970 export->ex_flags &= ~EX_NOSUB;
971 break;
972 case OPT_PUBLIC:
973 if (value != NULL && (strcasecmp(value, "true") == 0 ||
974 strcmp(value, "1") == 0))
975 export->ex_flags |= EX_PUBLIC;
976 else
977 export->ex_flags &= ~EX_PUBLIC;
978 break;
979 case OPT_INDEX:
980 if (value != NULL && (strcmp(value, "..") == 0 ||
981 strchr(value, '/') != NULL)) {
982 /* this is an error */
983 (void) printf(dgettext(TEXT_DOMAIN,
984 "NFS: index=\"%s\" not valid;"
985 "must be a filename.\n"),
986 value);
987 break;
988 }
989 if (value != NULL && *value != '\0' &&
990 strcmp(value, ".") != 0) {
991 /* valid index file string */
992 if (export->ex_index != NULL) {
993 /* left over from "default" */
994 free(export->ex_index);
995 }
996 /* remember to free */
997 export->ex_index = strdup(value);
998 if (export->ex_index == NULL) {
999 (void) printf(dgettext(TEXT_DOMAIN,
1000 "NFS: out of memory setting "
1001 "index property\n"));
1002 break;
1003 }
1004 export->ex_flags |= EX_INDEX;
1005 }
1006 break;
1007 case OPT_LOG:
1008 if (value == NULL)
1009 value = strdup("global");
1010 if (value != NULL)
1011 configlog(export,
1012 strlen(value) ? value : "global");
1013 break;
1014 case OPT_CHARSET_MAP:
1015 /*
1016 * Set EX_CHARMAP when there is at least one
1017 * charmap conversion property. This will get
1018 * checked by the nfs server when it needs to.
1019 */
1020 export->ex_flags |= EX_CHARMAP;
1021 break;
1022 case OPT_NOACLFAB:
1023 if (value != NULL && (strcasecmp(value, "true") == 0 ||
1024 strcmp(value, "1") == 0))
1025 export->ex_flags |= EX_NOACLFAB;
1026 else
1027 export->ex_flags &= ~EX_NOACLFAB;
1028 break;
1029 default:
1030 /* have a syntactic error */
1031 (void) printf(dgettext(TEXT_DOMAIN,
1032 "NFS: unrecognized option %s=%s\n"),
1033 name != NULL ? name : "",
1034 value != NULL ? value : "");
1035 break;
1036 }
1037 if (name != NULL)
1038 sa_free_attr_string(name);
1039 if (value != NULL)
1040 sa_free_attr_string(value);
1041 }
1042 return (ret);
1043 }
1044
1045 /*
1046 * cleanup_export(export)
1047 *
1048 * Cleanup the allocated areas so we don't leak memory
1049 */
1050
1051 static void
1052 cleanup_export(struct exportdata *export)
1053 {
1054 int i;
1055
1056 free(export->ex_index);
1057
1058 for (i = 0; i < export->ex_seccnt; i++) {
1059 struct secinfo *s = &export->ex_secinfo[i];
1060
1061 while (s->s_rootcnt > 0)
1062 free(s->s_rootnames[--s->s_rootcnt]);
1063
1064 free(s->s_rootnames);
1065 }
1066 free(export->ex_secinfo);
1067 }
1068
1069 /*
1070 * Given a seconfig entry and a colon-separated
1071 * list of names, allocate an array big enough
1072 * to hold the root list, then convert each name to
1073 * a principal name according to the security
1074 * info and assign it to an array element.
1075 * Return the array and its size.
1076 */
1077 static caddr_t *
1078 get_rootnames(seconfig_t *sec, char *list, int *count)
1079 {
1080 caddr_t *a;
1081 int c, i;
1082 char *host, *p;
1083
1084 /*
1085 * Count the number of strings in the list.
1086 * This is the number of colon separators + 1.
1087 */
1088 c = 1;
1089 for (p = list; *p; p++)
1090 if (*p == ':')
1091 c++;
1092 *count = c;
1093
1094 a = (caddr_t *)malloc(c * sizeof (char *));
1095 if (a == NULL) {
1096 (void) printf(dgettext(TEXT_DOMAIN,
1097 "get_rootnames: no memory\n"));
1098 *count = 0;
1099 } else {
1100 for (i = 0; i < c; i++) {
1101 host = strtok(list, ":");
1102 if (!nfs_get_root_principal(sec, host, &a[i])) {
1103 while (i > 0)
1104 free(a[--i]);
1105 free(a);
1106 a = NULL;
1107 *count = 0;
1108 break;
1109 }
1110 list = NULL;
1111 }
1112 }
1113
1114 return (a);
1115 }
1116
1117 /*
1118 * fill_security_from_secopts(sp, secopts)
1119 *
1120 * Fill the secinfo structure from the secopts optionset.
1121 */
1122
1123 static int
1124 fill_security_from_secopts(struct secinfo *sp, sa_security_t secopts)
1125 {
1126 sa_property_t prop;
1127 char *type;
1128 int longform;
1129 int err = SC_NOERROR;
1130 uint32_t val;
1131
1132 type = sa_get_security_attr(secopts, "sectype");
1133 if (type != NULL) {
1134 /* named security type needs secinfo to be filled in */
1135 err = nfs_getseconfig_byname(type, &sp->s_secinfo);
1136 sa_free_attr_string(type);
1137 if (err != SC_NOERROR)
1138 return (err);
1139 } else {
1140 /* default case */
1141 err = nfs_getseconfig_default(&sp->s_secinfo);
1142 if (err != SC_NOERROR)
1143 return (err);
1144 }
1145
1146 err = SA_OK;
1147 for (prop = sa_get_property(secopts, NULL);
1148 prop != NULL && err == SA_OK;
1149 prop = sa_get_next_property(prop)) {
1150 char *name;
1151 char *value;
1152
1153 name = sa_get_property_attr(prop, "type");
1154 value = sa_get_property_attr(prop, "value");
1155
1156 longform = value != NULL && strcmp(value, "*") != 0;
1157
1158 switch (findopt(name)) {
1159 case OPT_RO:
1160 sp->s_flags |= longform ? M_ROL : M_RO;
1161 break;
1162 case OPT_RW:
1163 sp->s_flags |= longform ? M_RWL : M_RW;
1164 break;
1165 case OPT_ROOT:
1166 sp->s_flags |= M_ROOT;
1167 /*
1168 * if we are using AUTH_UNIX, handle like other things
1169 * such as RO/RW
1170 */
1171 if (sp->s_secinfo.sc_rpcnum == AUTH_UNIX)
1172 break;
1173 /* not AUTH_UNIX */
1174 if (value != NULL) {
1175 sp->s_rootnames = get_rootnames(&sp->s_secinfo,
1176 value, &sp->s_rootcnt);
1177 if (sp->s_rootnames == NULL) {
1178 err = SA_BAD_VALUE;
1179 (void) fprintf(stderr,
1180 dgettext(TEXT_DOMAIN,
1181 "Bad root list\n"));
1182 }
1183 }
1184 break;
1185 case OPT_NONE:
1186 sp->s_flags |= M_NONE;
1187 break;
1188 case OPT_WINDOW:
1189 if (value != NULL) {
1190 sp->s_window = atoi(value);
1191 /* just in case */
1192 if (sp->s_window < 0)
1193 sp->s_window = DEF_WIN;
1194 }
1195 break;
1196 case OPT_ROOT_MAPPING:
1197 if (value != NULL && is_a_number(value)) {
1198 val = strtoul(value, NULL, 0);
1199 } else {
1200 struct passwd *pw;
1201 pw = getpwnam(value != NULL ? value : "nobody");
1202 if (pw != NULL) {
1203 val = pw->pw_uid;
1204 } else {
1205 val = UID_NOBODY;
1206 }
1207 endpwent();
1208 }
1209 sp->s_rootid = val;
1210 break;
1211 case OPT_UIDMAP:
1212 case OPT_GIDMAP:
1213 sp->s_flags |= M_MAP;
1214 break;
1215 default:
1216 break;
1217 }
1218 if (name != NULL)
1219 sa_free_attr_string(name);
1220 if (value != NULL)
1221 sa_free_attr_string(value);
1222 }
1223 /* if rw/ro options not set, use default of RW */
1224 if ((sp->s_flags & NFS_RWMODES) == 0)
1225 sp->s_flags |= M_RW;
1226 return (err);
1227 }
1228
1229 /*
1230 * This is for testing only
1231 * It displays the export structure that
1232 * goes into the kernel.
1233 */
1234 static void
1235 printarg(char *path, struct exportdata *ep)
1236 {
1237 int i, j;
1238 struct secinfo *sp;
1239
1240 if (debug == 0)
1241 return;
1242
1243 (void) printf("%s:\n", path);
1244 (void) printf("\tex_version = %d\n", ep->ex_version);
1245 (void) printf("\tex_path = %s\n", ep->ex_path);
1246 (void) printf("\tex_pathlen = %ld\n", (ulong_t)ep->ex_pathlen);
1247 (void) printf("\tex_flags: (0x%02x) ", ep->ex_flags);
1248 if (ep->ex_flags & EX_NOSUID)
1249 (void) printf("NOSUID ");
1250 if (ep->ex_flags & EX_ACLOK)
1251 (void) printf("ACLOK ");
1252 if (ep->ex_flags & EX_PUBLIC)
1253 (void) printf("PUBLIC ");
1254 if (ep->ex_flags & EX_NOSUB)
1255 (void) printf("NOSUB ");
1256 if (ep->ex_flags & EX_LOG)
1257 (void) printf("LOG ");
1258 if (ep->ex_flags & EX_CHARMAP)
1259 (void) printf("CHARMAP ");
1260 if (ep->ex_flags & EX_LOG_ALLOPS)
1261 (void) printf("LOG_ALLOPS ");
1262 if (ep->ex_flags == 0)
1263 (void) printf("(none)");
1264 (void) printf("\n");
1265 if (ep->ex_flags & EX_LOG) {
1266 (void) printf("\tex_log_buffer = %s\n",
1267 (ep->ex_log_buffer ? ep->ex_log_buffer : "(NULL)"));
1268 (void) printf("\tex_tag = %s\n",
1269 (ep->ex_tag ? ep->ex_tag : "(NULL)"));
1270 }
1271 (void) printf("\tex_anon = %d\n", ep->ex_anon);
1272 (void) printf("\tex_seccnt = %d\n", ep->ex_seccnt);
1273 (void) printf("\n");
1274 for (i = 0; i < ep->ex_seccnt; i++) {
1275 sp = &ep->ex_secinfo[i];
1276 (void) printf("\t\ts_secinfo = %s\n", sp->s_secinfo.sc_name);
1277 (void) printf("\t\ts_flags: (0x%02x) ", sp->s_flags);
1278 if (sp->s_flags & M_ROOT) (void) printf("M_ROOT ");
1279 if (sp->s_flags & M_RO) (void) printf("M_RO ");
1280 if (sp->s_flags & M_ROL) (void) printf("M_ROL ");
1281 if (sp->s_flags & M_RW) (void) printf("M_RW ");
1282 if (sp->s_flags & M_RWL) (void) printf("M_RWL ");
1283 if (sp->s_flags & M_NONE) (void) printf("M_NONE ");
1284 if (sp->s_flags & M_MAP) (void) printf("M_MAP ");
1285 if (sp->s_flags == 0) (void) printf("(none)");
1286 (void) printf("\n");
1287 (void) printf("\t\ts_window = %d\n", sp->s_window);
1288 (void) printf("\t\ts_rootid = %d\n", sp->s_rootid);
1289 (void) printf("\t\ts_rootcnt = %d ", sp->s_rootcnt);
1290 (void) fflush(stdout);
1291 for (j = 0; j < sp->s_rootcnt; j++)
1292 (void) printf("%s ", sp->s_rootnames[j] ?
1293 sp->s_rootnames[j] : "<null>");
1294 (void) printf("\n\n");
1295 }
1296 }
1297
1298 /*
1299 * count_security(opts)
1300 *
1301 * Count the number of security types (flavors). The optionset has
1302 * been populated with the security flavors as a holding mechanism.
1303 * We later use this number to allocate data structures.
1304 */
1305
1306 static int
1307 count_security(sa_optionset_t opts)
1308 {
1309 int count = 0;
1310 sa_property_t prop;
1311 if (opts != NULL) {
1312 for (prop = sa_get_property(opts, NULL); prop != NULL;
1313 prop = sa_get_next_property(prop)) {
1314 count++;
1315 }
1316 }
1317 return (count);
1318 }
1319
1320 /*
1321 * nfs_sprint_option(rbuff, rbuffsize, incr, prop, sep)
1322 *
1323 * provides a mechanism to format NFS properties into legacy output
1324 * format. If the buffer would overflow, it is reallocated and grown
1325 * as appropriate. Special cases of converting internal form of values
1326 * to those used by "share" are done. this function does one property
1327 * at a time.
1328 */
1329
1330 static int
1331 nfs_sprint_option(char **rbuff, size_t *rbuffsize, size_t incr,
1332 sa_property_t prop, int sep)
1333 {
1334 char *name;
1335 char *value;
1336 int curlen;
1337 char *buff = *rbuff;
1338 size_t buffsize = *rbuffsize;
1339 int printed = B_FALSE;
1340
1341 name = sa_get_property_attr(prop, "type");
1342 value = sa_get_property_attr(prop, "value");
1343 if (buff != NULL)
1344 curlen = strlen(buff);
1345 else
1346 curlen = 0;
1347 if (name != NULL) {
1348 int len;
1349 len = strlen(name) + sep;
1350
1351 /*
1352 * A future RFE would be to replace this with more
1353 * generic code and to possibly handle more types.
1354 */
1355 switch (gettype(name)) {
1356 case OPT_TYPE_BOOLEAN:
1357 /*
1358 * For NFS, boolean value of FALSE means it
1359 * doesn't show up in the option list at all.
1360 */
1361 if (value != NULL && strcasecmp(value, "false") == 0)
1362 goto skip;
1363 if (value != NULL) {
1364 sa_free_attr_string(value);
1365 value = NULL;
1366 }
1367 break;
1368 case OPT_TYPE_ACCLIST:
1369 if (value != NULL && strcmp(value, "*") == 0) {
1370 sa_free_attr_string(value);
1371 value = NULL;
1372 } else {
1373 if (value != NULL)
1374 len += 1 + strlen(value);
1375 }
1376 break;
1377 case OPT_TYPE_LOGTAG:
1378 if (value != NULL && strlen(value) == 0) {
1379 sa_free_attr_string(value);
1380 value = NULL;
1381 } else {
1382 if (value != NULL)
1383 len += 1 + strlen(value);
1384 }
1385 break;
1386 default:
1387 if (value != NULL)
1388 len += 1 + strlen(value);
1389 break;
1390 }
1391 while (buffsize <= (curlen + len)) {
1392 /* need more room */
1393 buffsize += incr;
1394 buff = realloc(buff, buffsize);
1395 if (buff == NULL) {
1396 /* realloc failed so free everything */
1397 if (*rbuff != NULL)
1398 free(*rbuff);
1399 }
1400 *rbuff = buff;
1401 *rbuffsize = buffsize;
1402 if (buff == NULL)
1403 goto skip;
1404
1405 }
1406
1407 if (buff == NULL)
1408 goto skip;
1409
1410 if (value == NULL) {
1411 (void) snprintf(buff + curlen, buffsize - curlen,
1412 "%s%s", sep ? "," : "", name);
1413 } else {
1414 (void) snprintf(buff + curlen, buffsize - curlen,
1415 "%s%s=%s", sep ? "," : "",
1416 name, value != NULL ? value : "");
1417 }
1418 printed = B_TRUE;
1419 }
1420 skip:
1421 if (name != NULL)
1422 sa_free_attr_string(name);
1423 if (value != NULL)
1424 sa_free_attr_string(value);
1425 return (printed);
1426 }
1427
1428 /*
1429 * nfs_format_options(group, hier)
1430 *
1431 * format all the options on the group into an old-style option
1432 * string. If hier is non-zero, walk up the tree to get inherited
1433 * options.
1434 */
1435
1436 static char *
1437 nfs_format_options(sa_group_t group, int hier)
1438 {
1439 sa_optionset_t options = NULL;
1440 sa_optionset_t secoptions = NULL;
1441 sa_property_t prop, secprop;
1442 sa_security_t security = NULL;
1443 char *buff;
1444 size_t buffsize;
1445 char *sectype = NULL;
1446 int sep = 0;
1447
1448
1449 buff = malloc(OPT_CHUNK);
1450 if (buff == NULL) {
1451 return (NULL);
1452 }
1453
1454 buff[0] = '\0';
1455 buffsize = OPT_CHUNK;
1456
1457 /*
1458 * We may have a an optionset relative to this item. format
1459 * these if we find them and then add any security definitions.
1460 */
1461
1462 options = sa_get_derived_optionset(group, "nfs", hier);
1463
1464 /*
1465 * do the default set first but skip any option that is also
1466 * in the protocol specific optionset.
1467 */
1468 if (options != NULL) {
1469 for (prop = sa_get_property(options, NULL);
1470 prop != NULL; prop = sa_get_next_property(prop)) {
1471 /*
1472 * use this one since we skipped any
1473 * of these that were also in
1474 * optdefault
1475 */
1476 if (nfs_sprint_option(&buff, &buffsize, OPT_CHUNK,
1477 prop, sep))
1478 sep = 1;
1479 if (buff == NULL) {
1480 /*
1481 * buff could become NULL if there
1482 * isn't enough memory for
1483 * nfs_sprint_option to realloc()
1484 * as necessary. We can't really
1485 * do anything about it at this
1486 * point so we return NULL. The
1487 * caller should handle the
1488 * failure.
1489 */
1490 if (options != NULL)
1491 sa_free_derived_optionset(
1492 options);
1493 return (buff);
1494 }
1495 }
1496 }
1497 secoptions = (sa_optionset_t)sa_get_all_security_types(group,
1498 "nfs", hier);
1499 if (secoptions != NULL) {
1500 for (secprop = sa_get_property(secoptions, NULL);
1501 secprop != NULL;
1502 secprop = sa_get_next_property(secprop)) {
1503 sectype = sa_get_property_attr(secprop, "type");
1504 security =
1505 (sa_security_t)sa_get_derived_security(
1506 group, sectype, "nfs", hier);
1507 if (security != NULL) {
1508 if (sectype != NULL) {
1509 prop = sa_create_property(
1510 "sec", sectype);
1511 if (prop == NULL)
1512 goto err;
1513 if (nfs_sprint_option(&buff,
1514 &buffsize, OPT_CHUNK, prop, sep))
1515 sep = 1;
1516 (void) sa_remove_property(prop);
1517 if (buff == NULL)
1518 goto err;
1519 }
1520 for (prop = sa_get_property(security,
1521 NULL); prop != NULL;
1522 prop = sa_get_next_property(prop)) {
1523 if (nfs_sprint_option(&buff,
1524 &buffsize, OPT_CHUNK, prop, sep))
1525 sep = 1;
1526 if (buff == NULL)
1527 goto err;
1528 }
1529 sa_free_derived_optionset(security);
1530 }
1531 if (sectype != NULL)
1532 sa_free_attr_string(sectype);
1533 }
1534 sa_free_derived_optionset(secoptions);
1535 }
1536
1537 if (options != NULL)
1538 sa_free_derived_optionset(options);
1539 return (buff);
1540
1541 err:
1542 /*
1543 * If we couldn't allocate memory for option printing, we need
1544 * to break out of the nested loops, cleanup and return NULL.
1545 */
1546 if (secoptions != NULL)
1547 sa_free_derived_optionset(secoptions);
1548 if (security != NULL)
1549 sa_free_derived_optionset(security);
1550 if (sectype != NULL)
1551 sa_free_attr_string(sectype);
1552 if (options != NULL)
1553 sa_free_derived_optionset(options);
1554 return (buff);
1555 }
1556
1557 /*
1558 * Append an entry to the nfslogtab file
1559 */
1560 static int
1561 nfslogtab_add(char *dir, char *buffer, char *tag)
1562 {
1563 FILE *f;
1564 struct logtab_ent lep;
1565 int error = 0;
1566
1567 /*
1568 * Open the file for update and create it if necessary.
1569 * This may leave the I/O offset at the end of the file,
1570 * so rewind back to the beginning of the file.
1571 */
1572 f = fopen(NFSLOGTAB, "a+");
1573 if (f == NULL) {
1574 error = errno;
1575 goto out;
1576 }
1577 rewind(f);
1578
1579 if (lockf(fileno(f), F_LOCK, 0L) < 0) {
1580 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1581 "share complete, however failed to lock %s "
1582 "for update: %s\n"), NFSLOGTAB, strerror(errno));
1583 error = -1;
1584 goto out;
1585 }
1586
1587 if (logtab_deactivate_after_boot(f) == -1) {
1588 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1589 "share complete, however could not deactivate "
1590 "entries in %s\n"), NFSLOGTAB);
1591 error = -1;
1592 goto out;
1593 }
1594
1595 /*
1596 * Remove entries matching buffer and sharepoint since we're
1597 * going to replace it with perhaps an entry with a new tag.
1598 */
1599 if (logtab_rement(f, buffer, dir, NULL, -1)) {
1600 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1601 "share complete, however could not remove matching "
1602 "entries in %s\n"), NFSLOGTAB);
1603 error = -1;
1604 goto out;
1605 }
1606
1607 /*
1608 * Deactivate all active entries matching this sharepoint
1609 */
1610 if (logtab_deactivate(f, NULL, dir, NULL)) {
1611 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1612 "share complete, however could not deactivate matching "
1613 "entries in %s\n"), NFSLOGTAB);
1614 error = -1;
1615 goto out;
1616 }
1617
1618 lep.le_buffer = buffer;
1619 lep.le_path = dir;
1620 lep.le_tag = tag;
1621 lep.le_state = LES_ACTIVE;
1622
1623 /*
1624 * Add new sharepoint / buffer location to nfslogtab
1625 */
1626 if (logtab_putent(f, &lep) < 0) {
1627 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1628 "share complete, however could not add %s to %s\n"),
1629 dir, NFSLOGTAB);
1630 error = -1;
1631 }
1632
1633 out:
1634 if (f != NULL)
1635 (void) fclose(f);
1636 return (error);
1637 }
1638
1639 /*
1640 * Deactivate an entry from the nfslogtab file
1641 */
1642 static int
1643 nfslogtab_deactivate(char *path)
1644 {
1645 FILE *f;
1646 int error = 0;
1647
1648 f = fopen(NFSLOGTAB, "r+");
1649 if (f == NULL) {
1650 error = errno;
1651 goto out;
1652 }
1653 if (lockf(fileno(f), F_LOCK, 0L) < 0) {
1654 error = errno;
1655 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
1656 "share complete, however could not lock %s for "
1657 "update: %s\n"), NFSLOGTAB, strerror(error));
1658 goto out;
1659 }
1660 if (logtab_deactivate(f, NULL, path, NULL) == -1) {
1661 error = -1;
1662 (void) fprintf(stderr,
1663 dgettext(TEXT_DOMAIN,
1664 "share complete, however could not "
1665 "deactivate %s in %s\n"), path, NFSLOGTAB);
1666 goto out;
1667 }
1668
1669 out: if (f != NULL)
1670 (void) fclose(f);
1671
1672 return (error);
1673 }
1674
1675 /*
1676 * check_public(group, skipshare)
1677 *
1678 * Check the group for any shares that have the public property
1679 * enabled. We skip "skipshare" since that is the one we are
1680 * working with. This is a separate function to make handling
1681 * subgroups simpler. Returns true if there is a share with public.
1682 */
1683 static int
1684 check_public(sa_group_t group, sa_share_t skipshare)
1685 {
1686 int exists = B_FALSE;
1687 sa_share_t share;
1688 sa_optionset_t opt;
1689 sa_property_t prop;
1690 char *shared;
1691
1692 for (share = sa_get_share(group, NULL); share != NULL;
1693 share = sa_get_next_share(share)) {
1694 if (share == skipshare)
1695 continue;
1696
1697 opt = sa_get_optionset(share, "nfs");
1698 if (opt == NULL)
1699 continue;
1700 prop = sa_get_property(opt, "public");
1701 if (prop == NULL)
1702 continue;
1703 shared = sa_get_share_attr(share, "shared");
1704 if (shared != NULL) {
1705 exists = strcmp(shared, "true") == 0;
1706 sa_free_attr_string(shared);
1707 if (exists == B_TRUE)
1708 break;
1709 }
1710 }
1711
1712 return (exists);
1713 }
1714
1715 /*
1716 * public_exists(handle, skipshare)
1717 *
1718 * check to see if public option is set on any other share than the
1719 * one specified. Need to check zfs sub-groups as well as the top
1720 * level groups.
1721 */
1722 static int
1723 public_exists(sa_handle_t handle, sa_share_t skipshare)
1724 {
1725 sa_group_t group = NULL;
1726
1727 /*
1728 * If we don't have a handle, we can only do syntax check. We
1729 * can't check against other shares so we assume OK and will
1730 * catch the problem only when we actually try to apply it.
1731 */
1732 if (handle == NULL)
1733 return (SA_OK);
1734
1735 if (skipshare != NULL) {
1736 group = sa_get_parent_group(skipshare);
1737 if (group == NULL)
1738 return (SA_NO_SUCH_GROUP);
1739 }
1740
1741 for (group = sa_get_group(handle, NULL); group != NULL;
1742 group = sa_get_next_group(group)) {
1743 /* Walk any ZFS subgroups as well as all standard groups */
1744 if (sa_group_is_zfs(group)) {
1745 sa_group_t subgroup;
1746 for (subgroup = sa_get_sub_group(group);
1747 subgroup != NULL;
1748 subgroup = sa_get_next_group(subgroup)) {
1749 if (check_public(subgroup, skipshare))
1750 return (B_TRUE);
1751 }
1752 } else {
1753 if (check_public(group, skipshare))
1754 return (B_TRUE);
1755 }
1756 }
1757 return (B_FALSE);
1758 }
1759
1760 /*
1761 * sa_enable_share at the protocol level, enable_share must tell the
1762 * implementation that it is to enable the share. This entails
1763 * converting the path and options into the appropriate ioctl
1764 * calls. It is assumed that all error checking of paths, etc. were
1765 * done earlier.
1766 */
1767 static int
1768 nfs_enable_share(sa_share_t share)
1769 {
1770 struct exportdata export;
1771 sa_optionset_t secoptlist;
1772 struct secinfo *sp;
1773 int num_secinfo;
1774 sa_optionset_t opt;
1775 sa_security_t sec;
1776 sa_property_t prop;
1777 char *path;
1778 int err = SA_OK;
1779 int i;
1780 int iszfs;
1781 sa_handle_t handle;
1782
1783 /* Don't drop core if the NFS module isn't loaded. */
1784 (void) signal(SIGSYS, SIG_IGN);
1785
1786 /* get the path since it is important in several places */
1787 path = sa_get_share_attr(share, "path");
1788 if (path == NULL)
1789 return (SA_NO_SUCH_PATH);
1790
1791 iszfs = sa_path_is_zfs(path);
1792 /*
1793 * find the optionsets and security sets. There may not be
1794 * any or there could be one or two for each of optionset and
1795 * security may have multiple, one per security type per
1796 * protocol type.
1797 */
1798 opt = sa_get_derived_optionset(share, "nfs", 1);
1799 secoptlist = (sa_optionset_t)sa_get_all_security_types(share, "nfs", 1);
1800 if (secoptlist != NULL)
1801 num_secinfo = MAX(1, count_security(secoptlist));
1802 else
1803 num_secinfo = 1;
1804
1805 /*
1806 * walk through the options and fill in the structure
1807 * appropriately.
1808 */
1809
1810 (void) memset(&export, '\0', sizeof (export));
1811
1812 /*
1813 * do non-security options first since there is only one after
1814 * the derived group is constructed.
1815 */
1816 export.ex_version = EX_CURRENT_VERSION;
1817 export.ex_anon = UID_NOBODY; /* this is our default value */
1818 export.ex_index = NULL;
1819 export.ex_path = path;
1820 export.ex_pathlen = strlen(path) + 1;
1821
1822 if (opt != NULL)
1823 err = fill_export_from_optionset(&export, opt);
1824
1825 /*
1826 * check to see if "public" is set. If it is, then make sure
1827 * no other share has it set. If it is already used, fail.
1828 */
1829
1830 handle = sa_find_group_handle((sa_group_t)share);
1831 if (export.ex_flags & EX_PUBLIC && public_exists(handle, share)) {
1832 (void) printf(dgettext(TEXT_DOMAIN,
1833 "NFS: Cannot share more than one file "
1834 "system with 'public' property\n"));
1835 err = SA_NOT_ALLOWED;
1836 goto out;
1837 }
1838
1839 sp = calloc(num_secinfo, sizeof (struct secinfo));
1840 if (sp == NULL) {
1841 err = SA_NO_MEMORY;
1842 (void) printf(dgettext(TEXT_DOMAIN,
1843 "NFS: NFS: no memory for security\n"));
1844 goto out;
1845 }
1846 export.ex_secinfo = sp;
1847 /* get default secinfo */
1848 export.ex_seccnt = num_secinfo;
1849 /*
1850 * since we must have one security option defined, we
1851 * init to the default and then override as we find
1852 * defined security options. This handles the case
1853 * where we have no defined options but we need to set
1854 * up one.
1855 */
1856 sp[0].s_window = DEF_WIN;
1857 sp[0].s_rootnames = NULL;
1858 /* setup a default in case no properties defined */
1859 if (nfs_getseconfig_default(&sp[0].s_secinfo)) {
1860 (void) printf(dgettext(TEXT_DOMAIN,
1861 "NFS: nfs_getseconfig_default: failed to "
1862 "get default security mode\n"));
1863 err = SA_CONFIG_ERR;
1864 }
1865 if (secoptlist != NULL) {
1866 for (i = 0, prop = sa_get_property(secoptlist, NULL);
1867 prop != NULL && i < num_secinfo;
1868 prop = sa_get_next_property(prop), i++) {
1869 char *sectype;
1870 sectype = sa_get_property_attr(prop, "type");
1871 /*
1872 * if sectype is NULL, we probably
1873 * have a memory problem and can't get
1874 * the correct values. Rather than
1875 * exporting with incorrect security,
1876 * don't share it.
1877 */
1878 if (sectype == NULL) {
1879 err = SA_NO_MEMORY;
1880 (void) printf(dgettext(TEXT_DOMAIN,
1881 "NFS: Cannot share %s: "
1882 "no memory\n"), path);
1883 goto out;
1884 }
1885 sec = (sa_security_t)sa_get_derived_security(
1886 share, sectype, "nfs", 1);
1887 sp[i].s_window = DEF_WIN;
1888 sp[i].s_rootcnt = 0;
1889 sp[i].s_rootnames = NULL;
1890 (void) fill_security_from_secopts(&sp[i], sec);
1891 if (sec != NULL)
1892 sa_free_derived_security(sec);
1893 if (sectype != NULL)
1894 sa_free_attr_string(sectype);
1895 }
1896 }
1897 /*
1898 * when we get here, we can do the exportfs system call and
1899 * initiate things. We probably want to enable the
1900 * svc:/network/nfs/server service first if it isn't running.
1901 */
1902 /* check svc:/network/nfs/server status and start if needed */
1903 /* now add the share to the internal tables */
1904 printarg(path, &export);
1905 /*
1906 * call the exportfs system call which is implemented
1907 * via the nfssys() call as the EXPORTFS subfunction.
1908 */
1909 if (iszfs) {
1910 struct exportfs_args ea;
1911 share_t sh;
1912 char *str;
1913 priv_set_t *priv_effective;
1914 int privileged;
1915
1916 /*
1917 * If we aren't a privileged user
1918 * and NFS server service isn't running
1919 * then print out an error message
1920 * and return EPERM
1921 */
1922
1923 priv_effective = priv_allocset();
1924 (void) getppriv(PRIV_EFFECTIVE, priv_effective);
1925
1926 privileged = (priv_isfullset(priv_effective) == B_TRUE);
1927 priv_freeset(priv_effective);
1928
1929 if (!privileged &&
1930 (str = smf_get_state(NFS_SERVER_SVC)) != NULL) {
1931 err = 0;
1932 if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) {
1933 (void) printf(dgettext(TEXT_DOMAIN,
1934 "NFS: Cannot share remote "
1935 "filesystem: %s\n"), path);
1936 (void) printf(dgettext(TEXT_DOMAIN,
1937 "NFS: Service needs to be enabled "
1938 "by a privileged user\n"));
1939 err = SA_SYSTEM_ERR;
1940 errno = EPERM;
1941 }
1942 free(str);
1943 }
1944
1945 if (err == 0) {
1946 ea.dname = path;
1947 ea.uex = &export;
1948
1949 (void) sa_sharetab_fill_zfs(share, &sh, "nfs");
1950 err = sa_share_zfs(share, NULL, path, &sh,
1951 &ea, ZFS_SHARE_NFS);
1952 if (err != SA_OK) {
1953 errno = err;
1954 err = -1;
1955 }
1956 sa_emptyshare(&sh);
1957 }
1958 } else {
1959 err = exportfs(path, &export);
1960 }
1961
1962 if (err < 0) {
1963 err = SA_SYSTEM_ERR;
1964 switch (errno) {
1965 case EREMOTE:
1966 (void) printf(dgettext(TEXT_DOMAIN,
1967 "NFS: Cannot share filesystems "
1968 "in non-global zones: %s\n"), path);
1969 err = SA_NOT_SUPPORTED;
1970 break;
1971 case EPERM:
1972 if (getzoneid() != GLOBAL_ZONEID) {
1973 (void) printf(dgettext(TEXT_DOMAIN,
1974 "NFS: Cannot share file systems "
1975 "in non-global zones: %s\n"), path);
1976 err = SA_NOT_SUPPORTED;
1977 break;
1978 }
1979 err = SA_NO_PERMISSION;
1980 break;
1981 case EEXIST:
1982 err = SA_SHARE_EXISTS;
1983 break;
1984 default:
1985 break;
1986 }
1987 } else {
1988 /* update sharetab with an add/modify */
1989 if (!iszfs) {
1990 (void) sa_update_sharetab(share, "nfs");
1991 }
1992 }
1993
1994 if (err == SA_OK) {
1995 /*
1996 * enable services as needed. This should probably be
1997 * done elsewhere in order to minimize the calls to
1998 * check services.
1999 */
2000 /*
2001 * check to see if logging and other services need to
2002 * be triggered, but only if there wasn't an
2003 * error. This is probably where sharetab should be
2004 * updated with the NFS specific entry.
2005 */
2006 if (export.ex_flags & EX_LOG) {
2007 /* enable logging */
2008 if (nfslogtab_add(path, export.ex_log_buffer,
2009 export.ex_tag) != 0) {
2010 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
2011 "Could not enable logging for %s\n"),
2012 path);
2013 }
2014 _check_services(service_list_logging);
2015 } else {
2016 /*
2017 * don't have logging so remove it from file. It might
2018 * not be thre, but that doesn't matter.
2019 */
2020 (void) nfslogtab_deactivate(path);
2021 _check_services(service_list_default);
2022 }
2023 }
2024
2025 out:
2026 if (path != NULL)
2027 free(path);
2028
2029 cleanup_export(&export);
2030 if (opt != NULL)
2031 sa_free_derived_optionset(opt);
2032 if (secoptlist != NULL)
2033 (void) sa_destroy_optionset(secoptlist);
2034 return (err);
2035 }
2036
2037 /*
2038 * nfs_disable_share(share, path)
2039 *
2040 * Unshare the specified share. Note that "path" is the same path as
2041 * what is in the "share" object. It is passed in to avoid an
2042 * additional lookup. A missing "path" value makes this a no-op
2043 * function.
2044 */
2045 static int
2046 nfs_disable_share(sa_share_t share, char *path)
2047 {
2048 int err;
2049 int ret = SA_OK;
2050 int iszfs;
2051 sa_group_t parent;
2052 sa_handle_t handle;
2053
2054 if (path == NULL)
2055 return (ret);
2056
2057 /*
2058 * If the share is in a ZFS group we need to handle it
2059 * differently. Just being on a ZFS file system isn't
2060 * enough since we may be in a legacy share case.
2061 */
2062 parent = sa_get_parent_group(share);
2063 iszfs = sa_group_is_zfs(parent);
2064 if (iszfs) {
2065 struct exportfs_args ea;
2066 share_t sh = { 0 };
2067 ea.dname = path;
2068 ea.uex = NULL;
2069 sh.sh_path = path;
2070 sh.sh_fstype = "nfs";
2071
2072 err = sa_share_zfs(share, NULL, path, &sh,
2073 &ea, ZFS_UNSHARE_NFS);
2074 if (err != SA_OK) {
2075 errno = err;
2076 err = -1;
2077 }
2078 } else {
2079 err = exportfs(path, NULL);
2080 }
2081 if (err < 0) {
2082 /*
2083 * TBD: only an error in some
2084 * cases - need better analysis
2085 */
2086 switch (errno) {
2087 case EPERM:
2088 case EACCES:
2089 ret = SA_NO_PERMISSION;
2090 if (getzoneid() != GLOBAL_ZONEID) {
2091 ret = SA_NOT_SUPPORTED;
2092 }
2093 break;
2094 case EINVAL:
2095 case ENOENT:
2096 ret = SA_NO_SUCH_PATH;
2097 break;
2098 default:
2099 ret = SA_SYSTEM_ERR;
2100 break;
2101 }
2102 }
2103 if (ret == SA_OK || ret == SA_NO_SUCH_PATH) {
2104 handle = sa_find_group_handle((sa_group_t)share);
2105 if (!iszfs)
2106 (void) sa_delete_sharetab(handle, path, "nfs");
2107 /* just in case it was logged */
2108 (void) nfslogtab_deactivate(path);
2109 }
2110 return (ret);
2111 }
2112
2113 static int
2114 check_user(char *value)
2115 {
2116 int ret = SA_OK;
2117
2118 if (!is_a_number(value)) {
2119 struct passwd *pw;
2120 /*
2121 * in this case it would have to be a
2122 * user name
2123 */
2124 pw = getpwnam(value);
2125 if (pw == NULL)
2126 ret = SA_BAD_VALUE;
2127 endpwent();
2128 } else {
2129 uint64_t intval;
2130 intval = strtoull(value, NULL, 0);
2131 if (intval > UID_MAX && intval != -1)
2132 ret = SA_BAD_VALUE;
2133 }
2134
2135 return (ret);
2136 }
2137
2138 static int
2139 check_group(char *value)
2140 {
2141 int ret = SA_OK;
2142
2143 if (!is_a_number(value)) {
2144 struct group *gr;
2145 /*
2146 * in this case it would have to be a
2147 * group name
2148 */
2149 gr = getgrnam(value);
2150 if (gr == NULL)
2151 ret = SA_BAD_VALUE;
2152 endgrent();
2153 } else {
2154 uint64_t intval;
2155 intval = strtoull(value, NULL, 0);
2156 if (intval > UID_MAX && intval != -1)
2157 ret = SA_BAD_VALUE;
2158 }
2159
2160 return (ret);
2161 }
2162
2163 /*
2164 * check_rorwnone(v1, v2, v3)
2165 *
2166 * check ro vs rw vs none values. Over time this may get beefed up.
2167 * for now it just does simple checks. v1 is never NULL but v2 or v3
2168 * could be.
2169 */
2170
2171 static int
2172 check_rorwnone(char *v1, char *v2, char *v3)
2173 {
2174 int ret = SA_OK;
2175 if (v2 != NULL && strcmp(v1, v2) == 0)
2176 ret = SA_VALUE_CONFLICT;
2177 else if (v3 != NULL && strcmp(v1, v3) == 0)
2178 ret = SA_VALUE_CONFLICT;
2179
2180 return (ret);
2181 }
2182
2183 /*
2184 * nfs_validate_property(handle, property, parent)
2185 *
2186 * Check that the property has a legitimate value for its type.
2187 */
2188
2189 static int
2190 nfs_validate_property(sa_handle_t handle, sa_property_t property,
2191 sa_optionset_t parent)
2192 {
2193 int ret = SA_OK;
2194 char *propname;
2195 char *other1;
2196 char *other2;
2197 int optindex;
2198 nfsl_config_t *configlist;
2199 sa_group_t parent_group;
2200 char *value;
2201
2202 propname = sa_get_property_attr(property, "type");
2203
2204 if ((optindex = findopt(propname)) < 0)
2205 ret = SA_NO_SUCH_PROP;
2206
2207 /* need to validate value range here as well */
2208
2209 if (ret == SA_OK) {
2210 parent_group = sa_get_parent_group((sa_share_t)parent);
2211 if (optdefs[optindex].share && parent_group != NULL &&
2212 !sa_is_share(parent_group))
2213 ret = SA_PROP_SHARE_ONLY;
2214 }
2215 if (ret == SA_OK) {
2216 if (optdefs[optindex].index == OPT_PUBLIC) {
2217 /*
2218 * Public is special in that only one instance can
2219 * be in the repository at the same time.
2220 */
2221 if (public_exists(handle, parent_group)) {
2222 sa_free_attr_string(propname);
2223 return (SA_VALUE_CONFLICT);
2224 }
2225 }
2226 value = sa_get_property_attr(property, "value");
2227 if (value != NULL) {
2228 /* first basic type checking */
2229 switch (optdefs[optindex].type) {
2230
2231 case OPT_TYPE_NUMBER:
2232 /* check that the value is all digits */
2233 if (!is_a_number(value))
2234 ret = SA_BAD_VALUE;
2235 break;
2236
2237 case OPT_TYPE_BOOLEAN:
2238 if (strlen(value) == 0 ||
2239 strcasecmp(value, "true") == 0 ||
2240 strcmp(value, "1") == 0 ||
2241 strcasecmp(value, "false") == 0 ||
2242 strcmp(value, "0") == 0) {
2243 ret = SA_OK;
2244 } else {
2245 ret = SA_BAD_VALUE;
2246 }
2247 break;
2248
2249 case OPT_TYPE_USER:
2250 ret = check_user(value);
2251 break;
2252
2253 case OPT_TYPE_FILE:
2254 if (strcmp(value, "..") == 0 ||
2255 strchr(value, '/') != NULL) {
2256 ret = SA_BAD_VALUE;
2257 }
2258 break;
2259
2260 case OPT_TYPE_ACCLIST: {
2261 sa_property_t oprop1;
2262 sa_property_t oprop2;
2263 char *ovalue1 = NULL;
2264 char *ovalue2 = NULL;
2265
2266 if (parent == NULL)
2267 break;
2268 /*
2269 * access list handling. Should eventually
2270 * validate that all the values make sense.
2271 * Also, ro and rw may have cross value
2272 * conflicts.
2273 */
2274 if (strcmp(propname, SHOPT_RO) == 0) {
2275 other1 = SHOPT_RW;
2276 other2 = SHOPT_NONE;
2277 } else if (strcmp(propname, SHOPT_RW) == 0) {
2278 other1 = SHOPT_RO;
2279 other2 = SHOPT_NONE;
2280 } else if (strcmp(propname, SHOPT_NONE) == 0) {
2281 other1 = SHOPT_RO;
2282 other2 = SHOPT_RW;
2283 } else {
2284 other1 = NULL;
2285 other2 = NULL;
2286 }
2287 if (other1 == NULL && other2 == NULL)
2288 break;
2289
2290 /* compare rw(ro) with ro(rw) */
2291
2292 oprop1 = sa_get_property(parent, other1);
2293 oprop2 = sa_get_property(parent, other2);
2294 if (oprop1 == NULL && oprop2 == NULL)
2295 break;
2296 /*
2297 * Only potential confusion if other1
2298 * or other2 exists. Check the values
2299 * and run the check if there is a
2300 * value other than the one we are
2301 * explicitly looking at.
2302 */
2303 ovalue1 = sa_get_property_attr(oprop1, "value");
2304 ovalue2 = sa_get_property_attr(oprop2, "value");
2305 if (ovalue1 != NULL || ovalue2 != NULL)
2306 ret = check_rorwnone(value, ovalue1,
2307 ovalue2);
2308
2309 if (ovalue1 != NULL)
2310 sa_free_attr_string(ovalue1);
2311 if (ovalue2 != NULL)
2312 sa_free_attr_string(ovalue2);
2313 break;
2314 }
2315
2316 case OPT_TYPE_LOGTAG:
2317 if (nfsl_getconfig_list(&configlist) == 0) {
2318 int error;
2319 if (value == NULL ||
2320 strlen(value) == 0) {
2321 if (value != NULL)
2322 sa_free_attr_string(
2323 value);
2324 value = strdup("global");
2325 }
2326 if (value != NULL &&
2327 nfsl_findconfig(configlist, value,
2328 &error) == NULL) {
2329 ret = SA_BAD_VALUE;
2330 }
2331 /* Must always free when done */
2332 nfsl_freeconfig_list(&configlist);
2333 } else {
2334 ret = SA_CONFIG_ERR;
2335 }
2336 break;
2337
2338 case OPT_TYPE_STRING:
2339 /* whatever is here should be ok */
2340 break;
2341
2342 case OPT_TYPE_SECURITY:
2343 /*
2344 * The "sec" property isn't used in the
2345 * non-legacy parts of sharemgr. We need to
2346 * reject it here. For legacy, it is pulled
2347 * out well before we get here.
2348 */
2349 ret = SA_NO_SUCH_PROP;
2350 break;
2351
2352 case OPT_TYPE_MAPPING: {
2353 char *p;
2354 char *n;
2355 char *c;
2356 int (*f)(char *);
2357
2358 sa_security_t security;
2359
2360 /*
2361 * mapping is only supported for sec=sys
2362 */
2363 ret = SA_CONFIG_ERR;
2364 if (parent_group == NULL)
2365 break;
2366
2367 for (security = sa_get_security(parent_group,
2368 NULL, NULL); security != NULL;
2369 security = sa_get_next_security(security)) {
2370 char *type;
2371 char *sectype;
2372
2373 type = sa_get_security_attr(security,
2374 "type");
2375 if (type == NULL)
2376 continue;
2377
2378 if (strcmp(type, "nfs") != 0) {
2379 sa_free_attr_string(type);
2380 continue;
2381 }
2382 sa_free_attr_string(type);
2383
2384 sectype = sa_get_security_attr(security,
2385 "sectype");
2386 if (sectype == NULL)
2387 continue;
2388
2389 if (strcmp(sectype, "sys") != 0) {
2390 sa_free_attr_string(sectype);
2391 ret = SA_CONFIG_ERR;
2392 break;
2393 }
2394 sa_free_attr_string(sectype);
2395 ret = SA_OK;
2396 }
2397
2398 if (ret != SA_OK)
2399 break;
2400
2401 assert(optindex == OPT_UIDMAP ||
2402 optindex == OPT_GIDMAP);
2403 f = optindex == OPT_UIDMAP ? check_user :
2404 check_group;
2405
2406
2407 p = strdup(value);
2408 if (p == NULL)
2409 ret = SA_BAD_VALUE;
2410
2411 for (c = p; ret == SA_OK && c != NULL; c = n) {
2412 char *s;
2413 char *t;
2414
2415 n = strchr(c, '~');
2416 if (n != NULL)
2417 *n++ = '\0';
2418
2419 s = strchr(c, ':');
2420 if (s != NULL) {
2421 *s++ = '\0';
2422 t = strchr(s, ':');
2423 if (t != NULL)
2424 *t = '\0';
2425 }
2426
2427 if (s == NULL || t == NULL)
2428 ret = SA_BAD_VALUE;
2429
2430 if (ret == SA_OK && *c != '\0' &&
2431 strcmp(c, "*") != 0)
2432 ret = f(c);
2433
2434 if (ret == SA_OK && *s != '\0' &&
2435 strcmp(s, "-1") != 0)
2436 ret = f(s);
2437 }
2438
2439 free(p);
2440
2441 break;
2442 }
2443
2444 default:
2445 break;
2446 }
2447
2448 if (value != NULL)
2449 sa_free_attr_string(value);
2450
2451 if (ret == SA_OK && optdefs[optindex].check != NULL) {
2452 /* do the property specific check */
2453 ret = optdefs[optindex].check(handle, property);
2454 }
2455 }
2456 }
2457
2458 if (propname != NULL)
2459 sa_free_attr_string(propname);
2460 return (ret);
2461 }
2462
2463 /*
2464 * Protocol management functions
2465 *
2466 * Properties defined in the default files are defined in
2467 * proto_option_defs for parsing and validation. If "other" and
2468 * "compare" are set, then the value for this property should be
2469 * compared against the property specified in "other" using the
2470 * "compare" check (either <= or >=) in order to ensure that the
2471 * values are in the correct range. E.g. setting server_versmin
2472 * higher than server_versmax should not be allowed.
2473 */
2474
2475 struct proto_option_defs {
2476 char *tag;
2477 char *name; /* display name -- remove protocol identifier */
2478 int index;
2479 int type;
2480 union {
2481 int intval;
2482 char *string;
2483 } defvalue;
2484 uint32_t svcs;
2485 int32_t minval;
2486 int32_t maxval;
2487 char *other;
2488 int compare;
2489 #define OPT_CMP_GE 0
2490 #define OPT_CMP_LE 1
2491 int (*check)(char *);
2492 } proto_options[] = {
2493 #define PROTO_OPT_NFSD_SERVERS 0
2494 {"nfsd_servers",
2495 "servers", PROTO_OPT_NFSD_SERVERS, OPT_TYPE_NUMBER, 1024, SVC_NFSD,
2496 1, INT32_MAX},
2497 #define PROTO_OPT_LOCKD_LISTEN_BACKLOG 1
2498 {"lockd_listen_backlog",
2499 "lockd_listen_backlog", PROTO_OPT_LOCKD_LISTEN_BACKLOG,
2500 OPT_TYPE_NUMBER, 32, SVC_LOCKD, 32, INT32_MAX},
2501 #define PROTO_OPT_LOCKD_SERVERS 2
2502 {"lockd_servers",
2503 "lockd_servers", PROTO_OPT_LOCKD_SERVERS, OPT_TYPE_NUMBER, 256,
2504 SVC_LOCKD, 1, INT32_MAX},
2505 #define PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT 3
2506 {"lockd_retransmit_timeout",
2507 "lockd_retransmit_timeout", PROTO_OPT_LOCKD_RETRANSMIT_TIMEOUT,
2508 OPT_TYPE_NUMBER, 5, SVC_LOCKD, 0, INT32_MAX},
2509 #define PROTO_OPT_GRACE_PERIOD 4
2510 {"grace_period",
2511 "grace_period", PROTO_OPT_GRACE_PERIOD, OPT_TYPE_NUMBER, 90,
2512 SVC_LOCKD, 0, INT32_MAX},
2513 #define PROTO_OPT_NFS_SERVER_VERSMIN 5
2514 {"nfs_server_versmin",
2515 "server_versmin", PROTO_OPT_NFS_SERVER_VERSMIN, OPT_TYPE_NUMBER,
2516 (int)NFS_VERSMIN_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN,
2517 NFS_VERSMAX, "server_versmax", OPT_CMP_LE},
2518 #define PROTO_OPT_NFS_SERVER_VERSMAX 6
2519 {"nfs_server_versmax",
2520 "server_versmax", PROTO_OPT_NFS_SERVER_VERSMAX, OPT_TYPE_NUMBER,
2521 (int)NFS_VERSMAX_DEFAULT, SVC_NFSD|SVC_MOUNTD, NFS_VERSMIN,
2522 NFS_VERSMAX, "server_versmin", OPT_CMP_GE},
2523 #define PROTO_OPT_NFS_CLIENT_VERSMIN 7
2524 {"nfs_client_versmin",
2525 "client_versmin", PROTO_OPT_NFS_CLIENT_VERSMIN, OPT_TYPE_NUMBER,
2526 (int)NFS_VERSMIN_DEFAULT, SVC_CLIENT, NFS_VERSMIN, NFS_VERSMAX,
2527 "client_versmax", OPT_CMP_LE},
2528 #define PROTO_OPT_NFS_CLIENT_VERSMAX 8
2529 {"nfs_client_versmax",
2530 "client_versmax", PROTO_OPT_NFS_CLIENT_VERSMAX, OPT_TYPE_NUMBER,
2531 (int)NFS_VERSMAX_DEFAULT, SVC_CLIENT, NFS_VERSMIN, NFS_VERSMAX,
2532 "client_versmin", OPT_CMP_GE},
2533 #define PROTO_OPT_NFS_SERVER_DELEGATION 9
2534 {"nfs_server_delegation",
2535 "server_delegation", PROTO_OPT_NFS_SERVER_DELEGATION,
2536 OPT_TYPE_ONOFF, NFS_SERVER_DELEGATION_DEFAULT, SVC_NFSD, 0, 0},
2537 #define PROTO_OPT_NFSMAPID_DOMAIN 10
2538 {"nfsmapid_domain",
2539 "nfsmapid_domain", PROTO_OPT_NFSMAPID_DOMAIN, OPT_TYPE_DOMAIN,
2540 NULL, SVC_NFSMAPID, 0, 0},
2541 #define PROTO_OPT_NFSD_MAX_CONNECTIONS 11
2542 {"nfsd_max_connections",
2543 "max_connections", PROTO_OPT_NFSD_MAX_CONNECTIONS,
2544 OPT_TYPE_NUMBER, -1, SVC_NFSD, -1, INT32_MAX},
2545 #define PROTO_OPT_NFSD_PROTOCOL 12
2546 {"nfsd_protocol",
2547 "protocol", PROTO_OPT_NFSD_PROTOCOL, OPT_TYPE_PROTOCOL, 0,
2548 SVC_NFSD, 0, 0},
2549 #define PROTO_OPT_NFSD_LISTEN_BACKLOG 13
2550 {"nfsd_listen_backlog",
2551 "listen_backlog", PROTO_OPT_NFSD_LISTEN_BACKLOG,
2552 OPT_TYPE_NUMBER, 0, SVC_NFSD, 0, INT32_MAX},
2553 #define PROTO_OPT_NFSD_DEVICE 14
2554 {"nfsd_device",
2555 "device", PROTO_OPT_NFSD_DEVICE,
2556 OPT_TYPE_STRING, NULL, SVC_NFSD, 0, 0},
2557 #define PROTO_OPT_MOUNTD_LISTEN_BACKLOG 15
2558 {"mountd_listen_backlog",
2559 "mountd_listen_backlog", PROTO_OPT_MOUNTD_LISTEN_BACKLOG,
2560 OPT_TYPE_NUMBER, 64, SVC_NFSD|SVC_MOUNTD, 1, INT32_MAX},
2561 #define PROTO_OPT_MOUNTD_MAX_THREADS 16
2562 {"mountd_max_threads",
2563 "mountd_max_threads", PROTO_OPT_MOUNTD_MAX_THREADS,
2564 OPT_TYPE_NUMBER, 16, SVC_NFSD|SVC_MOUNTD, 1, INT32_MAX},
2565 {NULL}
2566 };
2567
2568 /*
2569 * the protoset holds the defined options so we don't have to read
2570 * them multiple times
2571 */
2572 static sa_protocol_properties_t protoset;
2573
2574 static int
2575 findprotoopt(char *name, int whichname)
2576 {
2577 int i;
2578 for (i = 0; proto_options[i].tag != NULL; i++) {
2579 if (whichname == 1) {
2580 if (strcasecmp(proto_options[i].name, name) == 0)
2581 return (i);
2582 } else {
2583 if (strcasecmp(proto_options[i].tag, name) == 0)
2584 return (i);
2585 }
2586 }
2587 return (-1);
2588 }
2589
2590 /*
2591 * fixcaselower(str)
2592 *
2593 * convert a string to lower case (inplace).
2594 */
2595
2596 static void
2597 fixcaselower(char *str)
2598 {
2599 while (*str) {
2600 *str = tolower(*str);
2601 str++;
2602 }
2603 }
2604
2605 /*
2606 * skipwhitespace(str)
2607 *
2608 * Skip leading white space. It is assumed that it is called with a
2609 * valid pointer.
2610 */
2611
2612 static char *
2613 skipwhitespace(char *str)
2614 {
2615 while (*str && isspace(*str))
2616 str++;
2617
2618 return (str);
2619 }
2620
2621 /*
2622 * extractprop()
2623 *
2624 * Extract the property and value out of the line and create the
2625 * property in the optionset.
2626 */
2627 static int
2628 extractprop(char *name, char *value)
2629 {
2630 sa_property_t prop;
2631 int index;
2632 int ret = SA_OK;
2633 /*
2634 * Remove any leading
2635 * white space.
2636 */
2637 name = skipwhitespace(name);
2638
2639 index = findprotoopt(name, 1);
2640 if (index >= 0) {
2641 fixcaselower(name);
2642 prop = sa_create_property(proto_options[index].name, value);
2643 if (prop != NULL)
2644 ret = sa_add_protocol_property(protoset, prop);
2645 else
2646 ret = SA_NO_MEMORY;
2647 }
2648 return (ret);
2649 }
2650
2651 scf_type_t
2652 getscftype(int type)
2653 {
2654 scf_type_t ret;
2655
2656 switch (type) {
2657 case OPT_TYPE_NUMBER:
2658 ret = SCF_TYPE_INTEGER;
2659 break;
2660 case OPT_TYPE_BOOLEAN:
2661 ret = SCF_TYPE_BOOLEAN;
2662 break;
2663 default:
2664 ret = SCF_TYPE_ASTRING;
2665 }
2666 return (ret);
2667 }
2668
2669 char *
2670 getsvcname(uint32_t svcs)
2671 {
2672 char *service;
2673 switch (svcs) {
2674 case SVC_LOCKD:
2675 service = LOCKD;
2676 break;
2677 case SVC_STATD:
2678 service = STATD;
2679 break;
2680 case SVC_NFSD:
2681 service = NFSD;
2682 break;
2683 case SVC_CLIENT:
2684 service = NFS_CLIENT_SVC;
2685 break;
2686 case SVC_NFS4CBD:
2687 service = NFS4CBD;
2688 break;
2689 case SVC_NFSMAPID:
2690 service = NFSMAPID;
2691 break;
2692 case SVC_RQUOTAD:
2693 service = RQUOTAD;
2694 break;
2695 case SVC_NFSLOGD:
2696 service = NFSLOGD;
2697 break;
2698 case SVC_REPARSED:
2699 service = REPARSED;
2700 break;
2701 default:
2702 service = NFSD;
2703 }
2704 return (service);
2705 }
2706
2707 /*
2708 * initprotofromsmf()
2709 *
2710 * Read NFS SMF properties and add the defined values to the
2711 * protoset. Note that default values are known from the built in
2712 * table in case SMF doesn't have a definition. Not having
2713 * SMF properties is OK since we have builtin default
2714 * values.
2715 */
2716 static int
2717 initprotofromsmf()
2718 {
2719 char name[PATH_MAX];
2720 char value[PATH_MAX];
2721 int ret = SA_OK, bufsz = 0, i;
2722
2723 protoset = sa_create_protocol_properties("nfs");
2724 if (protoset != NULL) {
2725 for (i = 0; proto_options[i].tag != NULL; i++) {
2726 scf_type_t ptype;
2727 char *svc_name;
2728
2729 bzero(value, PATH_MAX);
2730 (void) strncpy(name, proto_options[i].name, PATH_MAX);
2731 /* Replace NULL with the correct instance */
2732 ptype = getscftype(proto_options[i].type);
2733 svc_name = getsvcname(proto_options[i].svcs);
2734 bufsz = PATH_MAX;
2735 ret = nfs_smf_get_prop(name, value,
2736 (char *)DEFAULT_INSTANCE, ptype,
2737 svc_name, &bufsz);
2738 if (ret == SA_OK) {
2739 ret = extractprop(name, value);
2740 }
2741 }
2742 } else {
2743 ret = SA_NO_MEMORY;
2744 }
2745
2746 return (ret);
2747 }
2748
2749 /*
2750 * add_defaults()
2751 *
2752 * Add the default values for any property not defined
2753 * in NFS SMF repository.
2754 * Values are set according to their defined types.
2755 */
2756
2757 static void
2758 add_defaults()
2759 {
2760 int i;
2761 char number[MAXDIGITS];
2762
2763 for (i = 0; proto_options[i].tag != NULL; i++) {
2764 sa_property_t prop;
2765 prop = sa_get_protocol_property(protoset,
2766 proto_options[i].name);
2767 if (prop == NULL) {
2768 /* add the default value */
2769 switch (proto_options[i].type) {
2770 case OPT_TYPE_NUMBER:
2771 (void) snprintf(number, sizeof (number), "%d",
2772 proto_options[i].defvalue.intval);
2773 prop = sa_create_property(proto_options[i].name,
2774 number);
2775 break;
2776
2777 case OPT_TYPE_BOOLEAN:
2778 prop = sa_create_property(proto_options[i].name,
2779 proto_options[i].defvalue.intval ?
2780 "true" : "false");
2781 break;
2782
2783 case OPT_TYPE_ONOFF:
2784 prop = sa_create_property(proto_options[i].name,
2785 proto_options[i].defvalue.intval ?
2786 "on" : "off");
2787 break;
2788
2789 default:
2790 /* treat as strings of zero length */
2791 prop = sa_create_property(proto_options[i].name,
2792 "");
2793 break;
2794 }
2795 if (prop != NULL)
2796 (void) sa_add_protocol_property(protoset, prop);
2797 }
2798 }
2799 }
2800
2801 static void
2802 free_protoprops()
2803 {
2804 if (protoset != NULL) {
2805 xmlFreeNode(protoset);
2806 protoset = NULL;
2807 }
2808 }
2809
2810 /*
2811 * nfs_init()
2812 *
2813 * Initialize the NFS plugin.
2814 */
2815
2816 static int
2817 nfs_init()
2818 {
2819 int ret = SA_OK;
2820
2821 if (sa_plugin_ops.sa_init != nfs_init) {
2822 (void) printf(dgettext(TEXT_DOMAIN,
2823 "NFS plugin not properly initialized\n"));
2824 return (SA_CONFIG_ERR);
2825 }
2826
2827 ret = initprotofromsmf();
2828 if (ret != SA_OK) {
2829 (void) printf(dgettext(TEXT_DOMAIN,
2830 "NFS plugin problem with SMF repository: %s\n"),
2831 sa_errorstr(ret));
2832 ret = SA_OK;
2833 }
2834 add_defaults();
2835
2836 return (ret);
2837 }
2838
2839 /*
2840 * nfs_fini()
2841 *
2842 * uninitialize the NFS plugin. Want to avoid memory leaks.
2843 */
2844
2845 static void
2846 nfs_fini()
2847 {
2848 free_protoprops();
2849 }
2850
2851 /*
2852 * nfs_get_proto_set()
2853 *
2854 * Return an optionset with all the protocol specific properties in
2855 * it.
2856 */
2857
2858 static sa_protocol_properties_t
2859 nfs_get_proto_set()
2860 {
2861 return (protoset);
2862 }
2863
2864 /*
2865 * service_in_state(service, chkstate)
2866 *
2867 * Want to know if the specified service is in the desired state
2868 * (chkstate) or not. Return true (1) if it is and false (0) if it
2869 * isn't.
2870 */
2871 static int
2872 service_in_state(char *service, const char *chkstate)
2873 {
2874 char *state;
2875 int ret = B_FALSE;
2876
2877 state = smf_get_state(service);
2878 if (state != NULL) {
2879 /* got the state so get the equality for the return value */
2880 ret = strcmp(state, chkstate) == 0 ? B_TRUE : B_FALSE;
2881 free(state);
2882 }
2883 return (ret);
2884 }
2885
2886 /*
2887 * restart_service(svcs)
2888 *
2889 * Walk through the bit mask of services that need to be restarted in
2890 * order to use the new property values. Some properties affect
2891 * multiple daemons. Should only restart a service if it is currently
2892 * enabled (online).
2893 */
2894
2895 static void
2896 restart_service(uint32_t svcs)
2897 {
2898 uint32_t mask;
2899 int ret;
2900 char *service;
2901
2902 for (mask = 1; svcs != 0; mask <<= 1) {
2903 switch (svcs & mask) {
2904 case SVC_LOCKD:
2905 service = LOCKD;
2906 break;
2907 case SVC_STATD:
2908 service = STATD;
2909 break;
2910 case SVC_NFSD:
2911 service = NFSD;
2912 break;
2913 case SVC_MOUNTD:
2914 service = MOUNTD;
2915 break;
2916 case SVC_NFS4CBD:
2917 service = NFS4CBD;
2918 break;
2919 case SVC_NFSMAPID:
2920 service = NFSMAPID;
2921 break;
2922 case SVC_RQUOTAD:
2923 service = RQUOTAD;
2924 break;
2925 case SVC_NFSLOGD:
2926 service = NFSLOGD;
2927 break;
2928 case SVC_REPARSED:
2929 service = REPARSED;
2930 break;
2931 case SVC_CLIENT:
2932 service = NFS_CLIENT_SVC;
2933 break;
2934 default:
2935 continue;
2936 }
2937
2938 /*
2939 * Only attempt to restart the service if it is
2940 * currently running. In the future, it may be
2941 * desirable to use smf_refresh_instance if the NFS
2942 * services ever implement the refresh method.
2943 */
2944 if (service_in_state(service, SCF_STATE_STRING_ONLINE)) {
2945 ret = smf_restart_instance(service);
2946 /*
2947 * There are only a few SMF errors at this point, but
2948 * it is also possible that a bad value may have put
2949 * the service into maintenance if there wasn't an
2950 * SMF level error.
2951 */
2952 if (ret != 0) {
2953 (void) fprintf(stderr,
2954 dgettext(TEXT_DOMAIN,
2955 "%s failed to restart: %s\n"),
2956 service, scf_strerror(scf_error()));
2957 } else {
2958 /*
2959 * Check whether it has gone to "maintenance"
2960 * mode or not. Maintenance implies something
2961 * went wrong.
2962 */
2963 if (service_in_state(service,
2964 SCF_STATE_STRING_MAINT)) {
2965 (void) fprintf(stderr,
2966 dgettext(TEXT_DOMAIN,
2967 "%s failed to restart\n"),
2968 service);
2969 }
2970 }
2971 }
2972 svcs &= ~mask;
2973 }
2974 }
2975
2976 /*
2977 * nfs_minmax_check(name, value)
2978 *
2979 * Verify that the value for the property specified by index is valid
2980 * relative to the opposite value in the case of a min/max variable.
2981 * Currently, server_minvers/server_maxvers and
2982 * client_minvers/client_maxvers are the only ones to check.
2983 */
2984
2985 static int
2986 nfs_minmax_check(int index, int value)
2987 {
2988 int val;
2989 char *pval;
2990 sa_property_t prop;
2991 sa_optionset_t opts;
2992 int ret = B_TRUE;
2993
2994 if (proto_options[index].other != NULL) {
2995 /* have a property to compare against */
2996 opts = nfs_get_proto_set();
2997 prop = sa_get_property(opts, proto_options[index].other);
2998 /*
2999 * If we don't find the property, assume default
3000 * values which will work since the max will be at the
3001 * max and the min at the min.
3002 */
3003 if (prop != NULL) {
3004 pval = sa_get_property_attr(prop, "value");
3005 if (pval != NULL) {
3006 val = strtoul(pval, NULL, 0);
3007 if (proto_options[index].compare ==
3008 OPT_CMP_LE) {
3009 ret = value <= val ? B_TRUE : B_FALSE;
3010 } else if (proto_options[index].compare ==
3011 OPT_CMP_GE) {
3012 ret = value >= val ? B_TRUE : B_FALSE;
3013 }
3014 sa_free_attr_string(pval);
3015 }
3016 }
3017 }
3018 return (ret);
3019 }
3020
3021 /*
3022 * nfs_validate_proto_prop(index, name, value)
3023 *
3024 * Verify that the property specified by name can take the new
3025 * value. This is a sanity check to prevent bad values getting into
3026 * the default files. All values need to be checked against what is
3027 * allowed by their defined type. If a type isn't explicitly defined
3028 * here, it is treated as a string.
3029 *
3030 * Note that OPT_TYPE_NUMBER will additionally check that the value is
3031 * within the range specified and potentially against another property
3032 * value as well as specified in the proto_options members other and
3033 * compare.
3034 */
3035
3036 static int
3037 nfs_validate_proto_prop(int index, char *name, char *value)
3038 {
3039 int ret = SA_OK;
3040 char *cp;
3041 #ifdef lint
3042 name = name;
3043 #endif
3044 switch (proto_options[index].type) {
3045 case OPT_TYPE_NUMBER:
3046 if (!is_a_number(value))
3047 ret = SA_BAD_VALUE;
3048 else {
3049 int val;
3050 val = strtoul(value, NULL, 0);
3051 if (val < proto_options[index].minval ||
3052 val > proto_options[index].maxval)
3053 ret = SA_BAD_VALUE;
3054 /*
3055 * For server_versmin/server_versmax and
3056 * client_versmin/client_versmax, the value of the
3057 * min(max) should be checked to be correct relative
3058 * to the current max(min).
3059 */
3060 if (!nfs_minmax_check(index, val)) {
3061 ret = SA_BAD_VALUE;
3062 }
3063 }
3064 break;
3065
3066 case OPT_TYPE_DOMAIN:
3067 /*
3068 * needs to be a qualified domain so will have at
3069 * least one period and other characters on either
3070 * side of it. A zero length string is also allowed
3071 * and is the way to turn off the override.
3072 */
3073 if (strlen(value) == 0)
3074 break;
3075 cp = strchr(value, '.');
3076 if (cp == NULL || cp == value || strchr(value, '@') != NULL)
3077 ret = SA_BAD_VALUE;
3078 break;
3079
3080 case OPT_TYPE_BOOLEAN:
3081 if (strlen(value) == 0 ||
3082 strcasecmp(value, "true") == 0 ||
3083 strcmp(value, "1") == 0 ||
3084 strcasecmp(value, "false") == 0 ||
3085 strcmp(value, "0") == 0) {
3086 ret = SA_OK;
3087 } else {
3088 ret = SA_BAD_VALUE;
3089 }
3090 break;
3091
3092 case OPT_TYPE_ONOFF:
3093 if (strcasecmp(value, "on") != 0 &&
3094 strcasecmp(value, "off") != 0) {
3095 ret = SA_BAD_VALUE;
3096 }
3097 break;
3098
3099 case OPT_TYPE_PROTOCOL: {
3100 struct netconfig *nconf;
3101 void *nc;
3102 boolean_t pfound = B_FALSE;
3103
3104 if (strcasecmp(value, "all") == 0)
3105 break;
3106
3107 if ((nc = setnetconfig()) == NULL) {
3108 (void) fprintf(stderr, dgettext(TEXT_DOMAIN,
3109 "setnetconfig failed: %s\n"), strerror(errno));
3110 } else {
3111 while ((nconf = getnetconfig(nc)) != NULL) {
3112 if (strcmp(nconf->nc_proto, value) == 0) {
3113 pfound = B_TRUE;
3114 break;
3115 }
3116 }
3117 (void) endnetconfig(nc);
3118 }
3119
3120 if (!pfound)
3121 ret = SA_BAD_VALUE;
3122 break;
3123 }
3124
3125 default:
3126 /* treat as a string */
3127 break;
3128 }
3129 return (ret);
3130 }
3131
3132 /*
3133 * nfs_set_proto_prop(prop)
3134 *
3135 * check that prop is valid.
3136 */
3137
3138 static int
3139 nfs_set_proto_prop(sa_property_t prop)
3140 {
3141 int ret = SA_OK;
3142 char *name;
3143 char *value;
3144
3145 name = sa_get_property_attr(prop, "type");
3146 value = sa_get_property_attr(prop, "value");
3147 if (name != NULL && value != NULL) {
3148 scf_type_t sctype;
3149 char *svc_name;
3150 char *instance = NULL;
3151 int index = findprotoopt(name, 1);
3152
3153 ret = nfs_validate_proto_prop(index, name, value);
3154 if (ret == SA_OK) {
3155 sctype = getscftype(proto_options[index].type);
3156 svc_name = getsvcname(proto_options[index].svcs);
3157 if (sctype == SCF_TYPE_BOOLEAN) {
3158 if (value != NULL)
3159 sa_free_attr_string(value);
3160 if (string_to_boolean(value) == 0)
3161 value = strdup("0");
3162 else
3163 value = strdup("1");
3164 }
3165 ret = nfs_smf_set_prop(name, value, instance, sctype,
3166 svc_name);
3167 if (ret == SA_OK) {
3168 restart_service(proto_options[index].svcs);
3169 } else {
3170 (void) printf(dgettext(TEXT_DOMAIN,
3171 "Cannot restart NFS services : %s\n"),
3172 sa_errorstr(ret));
3173 }
3174 }
3175 }
3176 if (name != NULL)
3177 sa_free_attr_string(name);
3178 if (value != NULL)
3179 sa_free_attr_string(value);
3180 return (ret);
3181 }
3182
3183 /*
3184 * nfs_get_status()
3185 *
3186 * What is the current status of the nfsd? We use the SMF state here.
3187 * Caller must free the returned value.
3188 */
3189
3190 static char *
3191 nfs_get_status()
3192 {
3193 return (smf_get_state(NFSD));
3194 }
3195
3196 /*
3197 * nfs_space_alias(alias)
3198 *
3199 * Lookup the space (security) name. If it is default, convert to the
3200 * real name.
3201 */
3202
3203 static char *
3204 nfs_space_alias(char *space)
3205 {
3206 char *name = space;
3207 seconfig_t secconf;
3208
3209 /*
3210 * Only the space named "default" is special. If it is used,
3211 * the default needs to be looked up and the real name used.
3212 * This is normally "sys" but could be changed. We always
3213 * change default to the real name.
3214 */
3215 if (strcmp(space, "default") == 0 &&
3216 nfs_getseconfig_default(&secconf) == 0) {
3217 if (nfs_getseconfig_bynumber(secconf.sc_nfsnum, &secconf) == 0)
3218 name = secconf.sc_name;
3219 }
3220 return (strdup(name));
3221 }
3222
3223 /*
3224 * nfs_features()
3225 *
3226 * Return a mask of the features required.
3227 */
3228
3229 static uint64_t
3230 nfs_features()
3231 {
3232 return ((uint64_t)SA_FEATURE_DFSTAB | SA_FEATURE_SERVER);
3233 }