diff options
| -rw-r--r-- | usr/src/cmd/fs.d/nfs/mountd/Makefile | 4 | ||||
| -rw-r--r-- | usr/src/cmd/fs.d/nfs/mountd/mountd.c | 86 | ||||
| -rw-r--r-- | usr/src/cmd/fs.d/nfs/svc/server.xml | 2 | ||||
| -rw-r--r-- | usr/src/lib/libshare/nfs/libshare_nfs.c | 9 | ||||
| -rw-r--r-- | usr/src/man/man5/nfs.5 | 12 |
5 files changed, 105 insertions, 8 deletions
diff --git a/usr/src/cmd/fs.d/nfs/mountd/Makefile b/usr/src/cmd/fs.d/nfs/mountd/Makefile index 505ab301e3..43b1ec62ac 100644 --- a/usr/src/cmd/fs.d/nfs/mountd/Makefile +++ b/usr/src/cmd/fs.d/nfs/mountd/Makefile @@ -24,6 +24,7 @@ # Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # # Copyright (c) 2018, Joyent, Inc. +# Copyright 2022 RackTop Systems. FSTYPE = nfs TYPEPROG = mountd @@ -39,7 +40,8 @@ SRCS = $(LOCAL:%.o=%.c) $(FSLIBSRC) ../lib/nfs_sec.c \ ../lib/sharetab.c ../lib/daemon.c ../lib/smfcfg.c DSRC = mountd_dt.d DOBJ = $(DSRC:%.d=%.o) -LDLIBS += -lrpcsvc -lnsl -lbsm -lsocket -ltsnet -ltsol -lnvpair -lscf -lumem +LDLIBS += -lrpcsvc -lnsl -lbsm -lsocket -linetutil -ltsnet -ltsol +LDLIBS += -lnvpair -lscf -lumem CPPFLAGS += -D_REENTRANT -I../lib CERRWARN += $(CNOWARN_UNINIT) diff --git a/usr/src/cmd/fs.d/nfs/mountd/mountd.c b/usr/src/cmd/fs.d/nfs/mountd/mountd.c index 1816deabc6..9df7f2f9a9 100644 --- a/usr/src/cmd/fs.d/nfs/mountd/mountd.c +++ b/usr/src/cmd/fs.d/nfs/mountd/mountd.c @@ -23,6 +23,7 @@ * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2016 by Delphix. All rights reserved. * Copyright 2016 Nexenta Systems, Inc. All rights reserved. + * Copyright 2022 RackTop Systems. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -88,6 +89,8 @@ #include <pwd.h> #include <grp.h> #include <alloca.h> +#include <libinetutil.h> +#include <libsocket_priv.h> extern int daemonize_init(void); extern void daemonize_fini(int); @@ -124,6 +127,7 @@ static int rejecting; static int mount_vers_min = MOUNTVERS; static int mount_vers_max = MOUNTVERS3; static int mountd_port = 0; +static boolean_t mountd_remote_dump = B_FALSE; extern void nfscmd_func(void *, char *, size_t, door_desc_t *, uint_t); @@ -150,6 +154,9 @@ static logging_data *logging_tail = NULL; static long ngroups_max; /* _SC_NGROUPS_MAX */ static long pw_size; /* _SC_GETPW_R_SIZE_MAX */ +/* Cached address info for this host. */ +static struct addrinfo *host_ai = NULL; + static void * nfsauth_svc(void *arg __unused) { @@ -435,7 +442,7 @@ main(int argc, char *argv[]) bool_t exclbind = TRUE; bool_t can_do_mlp; long thr_flags = (THR_NEW_LWP|THR_DAEMON); - char defval[4]; + char defval[5]; int defvers, ret, bufsz; struct rlimit rl; int listen_backlog = 0; @@ -445,6 +452,7 @@ main(int argc, char *argv[]) NCONF_HANDLE *nc; const char *errstr; int pipe_fd = -1; + char hostbuf[256]; /* * Mountd requires uid 0 for: @@ -533,7 +541,7 @@ main(int argc, char *argv[]) /* * Read in the NFS version values from config file. */ - bufsz = 4; + bufsz = sizeof (defval); ret = nfs_smf_get_prop("server_versmin", defval, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) { @@ -550,7 +558,7 @@ main(int argc, char *argv[]) } } - bufsz = 4; + bufsz = sizeof (defval); ret = nfs_smf_get_prop("server_versmax", defval, DEFAULT_INSTANCE, SCF_TYPE_INTEGER, NFSD, &bufsz); if (ret == SA_OK) { @@ -568,6 +576,24 @@ main(int argc, char *argv[]) "failed, using default value"); } + bufsz = sizeof (defval); + ret = nfs_smf_get_prop("mountd_remote_dump", defval, DEFAULT_INSTANCE, + SCF_TYPE_BOOLEAN, NFSD, &bufsz); + if (ret == SA_OK) { + mountd_remote_dump = string_to_boolean(defval); + } + if (!mountd_remote_dump) { + /* Cache host address list */ + if (gethostname(hostbuf, sizeof (hostbuf)) < 0) { + syslog(LOG_ERR, "gethostname() failed"); + exit(1); + } + if (getaddrinfo(hostbuf, NULL, NULL, &host_ai) != 0) { + syslog(LOG_ERR, "getaddrinfo() failed"); + exit(1); + } + } + /* * Sanity check versions, * even though we may get versions > MOUNTVERS3, we still need @@ -781,6 +807,55 @@ main(int argc, char *argv[]) } /* + * copied from usr/src/uts/common/klm/nlm_impl.c + */ +static bool_t +caller_is_local(SVCXPRT *transp) +{ + struct addrinfo *a; + char *netid; + struct netbuf *rtaddr; + struct sockaddr_storage addr; + bool_t rv = FALSE; + + netid = transp->xp_netid; + rtaddr = svc_getrpccaller(transp); + + if (netid == NULL) + return (FALSE); + + if (strcmp(netid, "ticlts") == 0 || + strcmp(netid, "ticotsord") == 0) + return (TRUE); + + if (strcmp(netid, "tcp") == 0 || strcmp(netid, "udp") == 0) { + struct sockaddr_in *sin = (void *)rtaddr->buf; + + if (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) + return (TRUE); + + memmove(&addr, sin, sizeof (*sin)); + } + if (strcmp(netid, "tcp6") == 0 || strcmp(netid, "udp6") == 0) { + struct sockaddr_in6 *sin6 = (void *)rtaddr->buf; + + if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) + return (TRUE); + + memmove(&addr, sin6, sizeof (*sin6)); + } + + for (a = host_ai; a != NULL; a = a->ai_next) { + if (sockaddrcmp(&addr, + (struct sockaddr_storage *)a->ai_addr)) { + rv = TRUE; + break; + } + } + return (rv); +} + +/* * Server procedure switch routine */ void @@ -798,7 +873,10 @@ mnt(struct svc_req *rqstp, SVCXPRT *transp) return; case MOUNTPROC_DUMP: - mntlist_send(transp); + if (mountd_remote_dump || caller_is_local(transp)) + mntlist_send(transp); + else + svcerr_noproc(transp); return; case MOUNTPROC_UMNT: diff --git a/usr/src/cmd/fs.d/nfs/svc/server.xml b/usr/src/cmd/fs.d/nfs/svc/server.xml index 9393d9da55..1e78742670 100644 --- a/usr/src/cmd/fs.d/nfs/svc/server.xml +++ b/usr/src/cmd/fs.d/nfs/svc/server.xml @@ -26,6 +26,7 @@ Copyright 2014 Nexenta Systems, Inc. All rights reserved Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> Copyright (c) 2012, 2014 by Delphix. All rights reserved. + Copyright 2022 RackTop Systems. NOTE: This service manifest is not editable; its contents will be overwritten by package or patch operations, including @@ -180,6 +181,7 @@ <propval name='mountd_listen_backlog' type='integer' value='64'/> <propval name='mountd_max_threads' type='integer' value='16'/> <propval name='mountd_port' type='integer' value='0'/> + <propval name='mountd_remote_dump' type='boolean' value='false'/> </property_group> </instance> diff --git a/usr/src/lib/libshare/nfs/libshare_nfs.c b/usr/src/lib/libshare/nfs/libshare_nfs.c index 9f6acce19f..76aef178d3 100644 --- a/usr/src/lib/libshare/nfs/libshare_nfs.c +++ b/usr/src/lib/libshare/nfs/libshare_nfs.c @@ -23,6 +23,7 @@ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2014, 2016 by Delphix. All rights reserved. * Copyright 2018 Nexenta Systems, Inc. + * Copyright 2022 RackTop Systems. */ /* @@ -2520,8 +2521,12 @@ struct proto_option_defs { #define PROTO_OPT_MOUNTD_PORT 17 {"mountd_port", "mountd_port", PROTO_OPT_MOUNTD_PORT, - OPT_TYPE_NUMBER, 0, SVC_MOUNTD, 1, UINT16_MAX}, -#define PROTO_OPT_STATD_PORT 18 + OPT_TYPE_NUMBER, 0, SVC_NFSD|SVC_MOUNTD, 1, UINT16_MAX}, +#define PROTO_OPT_MOUNTD_REMOTE_DUMP 18 + {"mountd_remote_dump", + "mountd_remote_dump", PROTO_OPT_MOUNTD_REMOTE_DUMP, + OPT_TYPE_BOOLEAN, B_FALSE, SVC_NFSD|SVC_MOUNTD, B_FALSE, B_TRUE}, +#define PROTO_OPT_STATD_PORT 19 {"statd_port", "statd_port", PROTO_OPT_STATD_PORT, OPT_TYPE_NUMBER, 0, SVC_STATD, 1, UINT16_MAX}, diff --git a/usr/src/man/man5/nfs.5 b/usr/src/man/man5/nfs.5 index d53d7bfe98..3788ac5f82 100644 --- a/usr/src/man/man5/nfs.5 +++ b/usr/src/man/man5/nfs.5 @@ -19,8 +19,9 @@ .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved. .\" Copyright 2016 Nexenta Systems, Inc. .\" Copyright 2020 Joyent, Inc. +.\" Copyright 2022 RackTop Systems. .\" -.Dd November 22, 2021 +.Dd September 15, 2022 .Dt NFS 5 .Os .Sh NAME @@ -195,6 +196,15 @@ should listen. The default value is .Li 0 , which means it should use a default binding. +.It Sy mountd_remote_dump Ns = Ns Ar boolean +Should +.Nm mountd +respond to remote +.Sy MOUNTPROC_DUMP +queries to read the list of remote mounts. +The default value is +.Li false , +which means only queries from local host will be allowed. .It Sy statd_port Ns = Ns Ar num The IP port number on which .Nm statd |