184 185#define MAXNFSDCNT 20 186#define DEFNFSDCNT 4 187 nfsdcnt = DEFNFSDCNT; 188 cltpflag = reregister = tcpflag = tp4cnt = tp4flag = tpipcnt = 0; 189 tpipflag = udpflag = 0; 190#ifdef ISO 191#define GETOPT "cn:rtu" 192#define USAGE "[-crtu] [-n num_servers]" 193#else 194#define GETOPT "n:rtu" 195#define USAGE "[-rtu] [-n num_servers]" 196#endif 197 while ((ch = getopt(argc, argv, GETOPT)) != EOF) 198 switch (ch) { 199 case 'n': 200 nfsdcnt = atoi(optarg); 201 if (nfsdcnt < 1 || nfsdcnt > MAXNFSDCNT) { 202 warnx("nfsd count %d; reset to %d", DEFNFSDCNT); 203 nfsdcnt = DEFNFSDCNT; 204 } 205 break; 206 case 'r': 207 reregister = 1; 208 break; 209 case 't': 210 tcpflag = 1; 211 break; 212 case 'u': 213 udpflag = 1; 214 break; 215#ifdef ISO 216 case 'c': 217 cltpflag = 1; 218 break; 219#ifdef notyet 220 case 'i': 221 tp4cnt = 1; 222 break; 223 case 'p': 224 tpipcnt = 1; 225 break; 226#endif /* notyet */ 227#endif /* ISO */ 228 default: 229 case '?': 230 usage(); 231 }; 232 argv += optind; 233 argc -= optind; 234 235 /* 236 * XXX 237 * Backward compatibility, trailing number is the count of daemons. 238 */ 239 if (argc > 1) 240 usage(); 241 if (argc == 1) { 242 nfsdcnt = atoi(argv[0]); 243 if (nfsdcnt < 1 || nfsdcnt > MAXNFSDCNT) { 244 warnx("nfsd count %d; reset to %d", DEFNFSDCNT); 245 nfsdcnt = DEFNFSDCNT; 246 } 247 } 248 249 if (debug == 0) { 250 daemon(0, 0); 251 (void)signal(SIGHUP, SIG_IGN); 252 (void)signal(SIGINT, SIG_IGN); 253 (void)signal(SIGQUIT, SIG_IGN); 254 (void)signal(SIGSYS, nonfs); 255 (void)signal(SIGTERM, SIG_IGN); 256 } 257 (void)signal(SIGCHLD, reapchild); 258 259 if (reregister) { 260 if (udpflag && 261 (!pmap_set(RPCPROG_NFS, 2, IPPROTO_UDP, NFS_PORT) || 262 !pmap_set(RPCPROG_NFS, 3, IPPROTO_UDP, NFS_PORT))) 263 err(1, "can't register with portmap for UDP."); 264 if (tcpflag && 265 (!pmap_set(RPCPROG_NFS, 2, IPPROTO_TCP, NFS_PORT) || 266 !pmap_set(RPCPROG_NFS, 3, IPPROTO_TCP, NFS_PORT))) 267 err(1, "can't register with portmap for TCP."); 268 exit(0); 269 } 270 openlog("nfsd:", LOG_PID, LOG_DAEMON); 271 272 for (i = 0; i < nfsdcnt; i++) { 273 switch (fork()) { 274 case -1: 275 syslog(LOG_ERR, "fork: %m"); 276 exit (1); 277 case 0: 278 break; 279 default: 280 continue; 281 } 282 283 setproctitle("server"); 284 nfssvc_flag = NFSSVC_NFSD; 285 nsd.nsd_nfsd = NULL; 286#ifdef NFSKERB 287 if (sizeof (struct nfsrpc_fullverf) != RPCX_FULLVERF || 288 sizeof (struct nfsrpc_fullblock) != RPCX_FULLBLOCK) 289 syslog(LOG_ERR, "Yikes NFSKERB structs not packed!"); 290 nsd.nsd_authstr = (u_char *)&kt; 291 nsd.nsd_authlen = sizeof (kt); 292 nsd.nsd_verfstr = (u_char *)&kverf; 293 nsd.nsd_verflen = sizeof (kverf); 294#endif 295 while (nfssvc(nfssvc_flag, &nsd) < 0) { 296 if (errno != ENEEDAUTH) { 297 syslog(LOG_ERR, "nfssvc: %m"); 298 exit(1); 299 } 300 nfssvc_flag = NFSSVC_NFSD | NFSSVC_AUTHINFAIL; 301#ifdef NFSKERB 302 /* 303 * Get the Kerberos ticket out of the authenticator 304 * verify it and convert the principal name to a user 305 * name. The user name is then converted to a set of 306 * user credentials via the password and group file. 307 * Finally, decrypt the timestamp and validate it. 308 * For more info see the IETF Draft "Authentication 309 * in ONC RPC". 310 */ 311 kt.length = ntohl(kt.length); 312 if (gettimeofday(&ktv, (struct timezone *)0) == 0 && 313 kt.length > 0 && kt.length <= 314 (RPCAUTH_MAXSIZ - 3 * NFSX_UNSIGNED)) { 315 kin.w1 = NFS_KERBW1(kt); 316 kt.mbz = 0; 317 (void)strcpy(inst, "*"); 318 if (krb_rd_req(&kt, NFS_KERBSRV, 319 inst, nsd.nsd_haddr, &kauth, "") == RD_AP_OK && 320 krb_kntoln(&kauth, lnam) == KSUCCESS && 321 (pwd = getpwnam(lnam)) != NULL) { 322 cr = &nsd.nsd_cr; 323 cr->cr_uid = pwd->pw_uid; 324 cr->cr_groups[0] = pwd->pw_gid; 325 cr->cr_ngroups = 1; 326 setgrent(); 327 while ((grp = getgrent()) != NULL) { 328 if (grp->gr_gid == cr->cr_groups[0]) 329 continue; 330 for (cpp = grp->gr_mem; 331 *cpp != NULL; ++cpp) 332 if (!strcmp(*cpp, lnam)) 333 break; 334 if (*cpp == NULL) 335 continue; 336 cr->cr_groups[cr->cr_ngroups++] 337 = grp->gr_gid; 338 if (cr->cr_ngroups == NGROUPS) 339 break; 340 } 341 endgrent(); 342 343 /* 344 * Get the timestamp verifier out of the 345 * authenticator and verifier strings. 346 */ 347 kin.t1 = kverf.t1; 348 kin.t2 = kverf.t2; 349 kin.w2 = kverf.w2; 350 bzero((caddr_t)kivec, sizeof (kivec)); 351 bcopy((caddr_t)kauth.session, 352 (caddr_t)nsd.nsd_key,sizeof(kauth.session)); 353 354 /* 355 * Decrypt the timestamp verifier in CBC mode. 356 */ 357 XXX 358 359 /* 360 * Validate the timestamp verifier, to 361 * check that the session key is ok. 362 */ 363 nsd.nsd_timestamp.tv_sec = ntohl(kout.t1); 364 nsd.nsd_timestamp.tv_usec = ntohl(kout.t2); 365 nsd.nsd_ttl = ntohl(kout.w1); 366 if ((nsd.nsd_ttl - 1) == ntohl(kout.w2)) 367 nfssvc_flag = NFSSVC_NFSD | NFSSVC_AUTHIN; 368 } 369#endif /* NFSKERB */ 370 } 371 exit(0); 372 } 373 374 /* If we are serving udp, set up the socket. */ 375 if (udpflag) { 376 if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { 377 syslog(LOG_ERR, "can't create udp socket"); 378 exit(1); 379 } 380 inetaddr.sin_family = AF_INET; 381 inetaddr.sin_addr.s_addr = INADDR_ANY; 382 inetaddr.sin_port = htons(NFS_PORT); 383 inetaddr.sin_len = sizeof(inetaddr); 384 if (bind(sock, 385 (struct sockaddr *)&inetaddr, sizeof(inetaddr)) < 0) { 386 syslog(LOG_ERR, "can't bind udp addr"); 387 exit(1); 388 } 389 if (!pmap_set(RPCPROG_NFS, 2, IPPROTO_UDP, NFS_PORT) || 390 !pmap_set(RPCPROG_NFS, 3, IPPROTO_UDP, NFS_PORT)) { 391 syslog(LOG_ERR, "can't register with udp portmap"); 392 exit(1); 393 } 394 nfsdargs.sock = sock; 395 nfsdargs.name = NULL; 396 nfsdargs.namelen = 0; 397 if (nfssvc(NFSSVC_ADDSOCK, &nfsdargs) < 0) { 398 syslog(LOG_ERR, "can't Add UDP socket"); 399 exit(1); 400 } 401 (void)close(sock); 402 } 403 404#ifdef ISO 405 /* If we are serving cltp, set up the socket. */ 406 if (cltpflag) { 407 if ((sock = socket(AF_ISO, SOCK_DGRAM, 0)) < 0) { 408 syslog(LOG_ERR, "can't create cltp socket"); 409 exit(1); 410 } 411 memset(&isoaddr, 0, sizeof(isoaddr)); 412 isoaddr.siso_family = AF_ISO; 413 isoaddr.siso_tlen = 2; 414 cp = TSEL(&isoaddr); 415 *cp++ = (NFS_PORT >> 8); 416 *cp = (NFS_PORT & 0xff); 417 isoaddr.siso_len = sizeof(isoaddr); 418 if (bind(sock, 419 (struct sockaddr *)&isoaddr, sizeof(isoaddr)) < 0) { 420 syslog(LOG_ERR, "can't bind cltp addr"); 421 exit(1); 422 } 423#ifdef notyet 424 /* 425 * XXX 426 * Someday this should probably use "rpcbind", the son of 427 * portmap. 428 */ 429 if (!pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_UDP, NFS_PORT)) { 430 syslog(LOG_ERR, "can't register with udp portmap"); 431 exit(1); 432 } 433#endif /* notyet */ 434 nfsdargs.sock = sock; 435 nfsdargs.name = NULL; 436 nfsdargs.namelen = 0; 437 if (nfssvc(NFSSVC_ADDSOCK, &nfsdargs) < 0) { 438 syslog(LOG_ERR, "can't add UDP socket"); 439 exit(1); 440 } 441 close(sock); 442 } 443#endif /* ISO */ 444 445 /* Now set up the master server socket waiting for tcp connections. */ 446 on = 1; 447 FD_ZERO(&sockbits); 448 connect_type_cnt = 0; 449 if (tcpflag) { 450 if ((tcpsock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 451 syslog(LOG_ERR, "can't create tcp socket"); 452 exit(1); 453 } 454 if (setsockopt(tcpsock, 455 SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) 456 syslog(LOG_ERR, "setsockopt SO_REUSEADDR: %m"); 457 inetaddr.sin_family = AF_INET; 458 inetaddr.sin_addr.s_addr = INADDR_ANY; 459 inetaddr.sin_port = htons(NFS_PORT); 460 inetaddr.sin_len = sizeof(inetaddr); 461 if (bind(tcpsock, 462 (struct sockaddr *)&inetaddr, sizeof (inetaddr)) < 0) { 463 syslog(LOG_ERR, "can't bind tcp addr"); 464 exit(1); 465 } 466 if (listen(tcpsock, 5) < 0) { 467 syslog(LOG_ERR, "listen failed"); 468 exit(1); 469 } 470 if (!pmap_set(RPCPROG_NFS, 2, IPPROTO_TCP, NFS_PORT) || 471 !pmap_set(RPCPROG_NFS, 3, IPPROTO_TCP, NFS_PORT)) { 472 syslog(LOG_ERR, "can't register tcp with portmap"); 473 exit(1); 474 } 475 FD_SET(tcpsock, &sockbits); 476 maxsock = tcpsock; 477 connect_type_cnt++; 478 } 479 480#ifdef notyet 481 /* Now set up the master server socket waiting for tp4 connections. */ 482 if (tp4flag) { 483 if ((tp4sock = socket(AF_ISO, SOCK_SEQPACKET, 0)) < 0) { 484 syslog(LOG_ERR, "can't create tp4 socket"); 485 exit(1); 486 } 487 if (setsockopt(tp4sock, 488 SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) 489 syslog(LOG_ERR, "setsockopt SO_REUSEADDR: %m"); 490 memset(&isoaddr, 0, sizeof(isoaddr)); 491 isoaddr.siso_family = AF_ISO; 492 isoaddr.siso_tlen = 2; 493 cp = TSEL(&isoaddr); 494 *cp++ = (NFS_PORT >> 8); 495 *cp = (NFS_PORT & 0xff); 496 isoaddr.siso_len = sizeof(isoaddr); 497 if (bind(tp4sock, 498 (struct sockaddr *)&isoaddr, sizeof (isoaddr)) < 0) { 499 syslog(LOG_ERR, "can't bind tp4 addr"); 500 exit(1); 501 } 502 if (listen(tp4sock, 5) < 0) { 503 syslog(LOG_ERR, "listen failed"); 504 exit(1); 505 } 506 /* 507 * XXX 508 * Someday this should probably use "rpcbind", the son of 509 * portmap. 510 */ 511 if (!pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_TCP, NFS_PORT)) { 512 syslog(LOG_ERR, "can't register tcp with portmap"); 513 exit(1); 514 } 515 FD_SET(tp4sock, &sockbits); 516 maxsock = tp4sock; 517 connect_type_cnt++; 518 } 519 520 /* Now set up the master server socket waiting for tpip connections. */ 521 if (tpipflag) { 522 if ((tpipsock = socket(AF_INET, SOCK_SEQPACKET, 0)) < 0) { 523 syslog(LOG_ERR, "can't create tpip socket"); 524 exit(1); 525 } 526 if (setsockopt(tpipsock, 527 SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) 528 syslog(LOG_ERR, "setsockopt SO_REUSEADDR: %m"); 529 inetaddr.sin_family = AF_INET; 530 inetaddr.sin_addr.s_addr = INADDR_ANY; 531 inetaddr.sin_port = htons(NFS_PORT); 532 inetaddr.sin_len = sizeof(inetaddr); 533 if (bind(tpipsock, 534 (struct sockaddr *)&inetaddr, sizeof (inetaddr)) < 0) { 535 syslog(LOG_ERR, "can't bind tcp addr"); 536 exit(1); 537 } 538 if (listen(tpipsock, 5) < 0) { 539 syslog(LOG_ERR, "listen failed"); 540 exit(1); 541 } 542 /* 543 * XXX 544 * Someday this should probably use "rpcbind", the son of 545 * portmap. 546 */ 547 if (!pmap_set(RPCPROG_NFS, NFS_VER2, IPPROTO_TCP, NFS_PORT)) { 548 syslog(LOG_ERR, "can't register tcp with portmap"); 549 exit(1); 550 } 551 FD_SET(tpipsock, &sockbits); 552 maxsock = tpipsock; 553 connect_type_cnt++; 554 } 555#endif /* notyet */ 556 557 if (connect_type_cnt == 0) 558 exit(0); 559 560 setproctitle("master"); 561 562 /* 563 * Loop forever accepting connections and passing the sockets 564 * into the kernel for the mounts. 565 */ 566 for (;;) { 567 ready = sockbits; 568 if (connect_type_cnt > 1) { 569 if (select(maxsock + 1, 570 &ready, NULL, NULL, NULL) < 1) { 571 syslog(LOG_ERR, "select failed: %m"); 572 exit(1); 573 } 574 } 575 if (tcpflag && FD_ISSET(tcpsock, &ready)) { 576 len = sizeof(inetpeer); 577 if ((msgsock = accept(tcpsock, 578 (struct sockaddr *)&inetpeer, &len)) < 0) { 579 syslog(LOG_ERR, "accept failed: %m"); 580 exit(1); 581 } 582 memset(inetpeer.sin_zero, 0, sizeof(inetpeer.sin_zero)); 583 if (setsockopt(msgsock, SOL_SOCKET, 584 SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0) 585 syslog(LOG_ERR, 586 "setsockopt SO_KEEPALIVE: %m"); 587 nfsdargs.sock = msgsock; 588 nfsdargs.name = (caddr_t)&inetpeer; 589 nfsdargs.namelen = sizeof(inetpeer); 590 nfssvc(NFSSVC_ADDSOCK, &nfsdargs); 591 (void)close(msgsock); 592 } 593#ifdef notyet 594 if (tp4flag && FD_ISSET(tp4sock, &ready)) { 595 len = sizeof(isopeer); 596 if ((msgsock = accept(tp4sock, 597 (struct sockaddr *)&isopeer, &len)) < 0) { 598 syslog(LOG_ERR, "accept failed: %m"); 599 exit(1); 600 } 601 if (setsockopt(msgsock, SOL_SOCKET, 602 SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0) 603 syslog(LOG_ERR, 604 "setsockopt SO_KEEPALIVE: %m"); 605 nfsdargs.sock = msgsock; 606 nfsdargs.name = (caddr_t)&isopeer; 607 nfsdargs.namelen = len; 608 nfssvc(NFSSVC_ADDSOCK, &nfsdargs); 609 (void)close(msgsock); 610 } 611 if (tpipflag && FD_ISSET(tpipsock, &ready)) { 612 len = sizeof(inetpeer); 613 if ((msgsock = accept(tpipsock, 614 (struct sockaddr *)&inetpeer, &len)) < 0) { 615 syslog(LOG_ERR, "Accept failed: %m"); 616 exit(1); 617 } 618 if (setsockopt(msgsock, SOL_SOCKET, 619 SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0) 620 syslog(LOG_ERR, "setsockopt SO_KEEPALIVE: %m"); 621 nfsdargs.sock = msgsock; 622 nfsdargs.name = (caddr_t)&inetpeer; 623 nfsdargs.namelen = len; 624 nfssvc(NFSSVC_ADDSOCK, &nfsdargs); 625 (void)close(msgsock); 626 } 627#endif /* notyet */ 628 } 629} 630 631void 632usage() 633{ 634 (void)fprintf(stderr, "usage: nfsd %s\n", USAGE); 635 exit(1); 636} 637 638void 639nonfs(signo) 640 int signo; 641{ 642 syslog(LOG_ERR, "missing system call: NFS not available."); 643} 644 645void 646reapchild(signo) 647 int signo; 648{ 649 650 while (wait3(NULL, WNOHANG, NULL) > 0); 651} 652
|