static int nfs_probe_statd(void)
{
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
};
rpcprog_t program = nfs_getrpcbyname(NSMPROG, nfs_ns_pgmtbl);
return nfs_getport_ping((struct sockaddr *)&addr, sizeof(addr),
program, (rpcvers_t)1, IPPROTO_UDP);
}
/**
* start_statd - attempt to start rpc.statd
*
* Returns 1 if statd is running; otherwise zero.
*/
int start_statd(void)
{
#ifdef START_STATD
struct stat stb;
#endif
if (nfs_probe_statd())
return 1;
#ifdef START_STATD
if (stat(START_STATD, &stb) == 0) {
if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
pid_t pid = fork();
switch (pid) {
case 0: /* child */
execl(START_STATD, START_STATD, NULL);
exit(1);
case -1: /* error */
nfs_error(_("fork failed: %s"),
strerror(errno));
break;
default: /* parent */
waitpid(pid, NULL,0);
break;
}
if (nfs_probe_statd())
return 1;
}
}
#endif
return 0;
}
/**
* nfs_advise_umount - ask the server to remove a share from it's rmtab
* @sap: pointer to IP address of server to call
* @salen: length of server address
* @pmap: partially filled-in mountd RPC service tuple
* @argp: directory path of share to "unmount"
*
* Returns one if the unmount call succeeded; zero if the unmount
* failed for any reason; rpccreateerr.cf_stat is set to reflect
* the nature of the error.
*
* We use a fast timeout since this call is advisory only.
*/
int nfs_advise_umount(const struct sockaddr *sap, const socklen_t salen,
const struct pmap *pmap, const dirpath *argp)
{
struct sockaddr_storage address;
struct sockaddr *saddr = (struct sockaddr *)&address;
struct pmap mnt_pmap = *pmap;
struct timeval timeout = {
.tv_sec = MOUNT_TIMEOUT >> 3,
};
CLIENT *client;
enum clnt_stat res = 0;
if (nfs_probe_mntport(sap, salen, &mnt_pmap) == 0)
return 0;
memcpy(saddr, sap, salen);
nfs_set_port(saddr, mnt_pmap.pm_port);
client = nfs_get_rpcclient(saddr, salen, mnt_pmap.pm_prot,
mnt_pmap.pm_prog, mnt_pmap.pm_vers,
&timeout);
if (client == NULL)
return 0;
client->cl_auth = authunix_create_default();
res = CLNT_CALL(client, MOUNTPROC_UMNT,
(xdrproc_t)xdr_dirpath, (caddr_t)argp,
(xdrproc_t)xdr_void, NULL,
timeout);
auth_destroy(client->cl_auth);
CLNT_DESTROY(client);
if (res != RPC_SUCCESS)
return 0;
return 1;
}
/**
* nfs_call_umount - ask the server to remove a share from it's rmtab
* @mnt_server: address of RPC MNT program server
* @argp: directory path of share to "unmount"
*
* Returns one if the unmount call succeeded; zero if the unmount
* failed for any reason.
*
* Note that a side effect of calling this function is that rpccreateerr
* is set.
*/
int nfs_call_umount(clnt_addr_t *mnt_server, dirpath *argp)
{
struct sockaddr *sap = (struct sockaddr *)&mnt_server->saddr;
socklen_t salen = sizeof(mnt_server->saddr);
struct pmap *pmap = &mnt_server->pmap;
CLIENT *clnt;
enum clnt_stat res = 0;
int msock;
if (!nfs_probe_mntport(sap, salen, pmap))
return 0;
clnt = mnt_openclnt(mnt_server, &msock);
if (!clnt)
return 0;
res = clnt_call(clnt, MOUNTPROC_UMNT,
(xdrproc_t)xdr_dirpath, (caddr_t)argp,
(xdrproc_t)xdr_void, NULL,
TIMEOUT);
mnt_closeclnt(clnt, msock);
if (res == RPC_SUCCESS)
return 1;
return 0;
}
/**
* mnt_openclnt - get a handle for a remote mountd service
* @mnt_server: address and pmap arguments of mountd service
* @msock: returns a file descriptor of the underlying transport socket
*
* Returns an active handle for the remote's mountd service
*/
CLIENT *mnt_openclnt(clnt_addr_t *mnt_server, int *msock)
{
struct sockaddr_in *mnt_saddr = &mnt_server->saddr;
struct pmap *mnt_pmap = &mnt_server->pmap;
CLIENT *clnt = NULL;
mnt_saddr->sin_port = htons((u_short)mnt_pmap->pm_port);
*msock = get_socket(mnt_saddr, mnt_pmap->pm_prot, MOUNT_TIMEOUT,
TRUE, FALSE);
if (*msock == RPC_ANYSOCK) {
if (rpc_createerr.cf_error.re_errno == EADDRINUSE)
/*
* Probably in-use by a TIME_WAIT connection,
* It is worth waiting a while and trying again.
*/
rpc_createerr.cf_stat = RPC_TIMEDOUT;
return NULL;
}
switch (mnt_pmap->pm_prot) {
case IPPROTO_UDP:
clnt = clntudp_bufcreate(mnt_saddr,
mnt_pmap->pm_prog, mnt_pmap->pm_vers,
RETRY_TIMEOUT, msock,
MNT_SENDBUFSIZE, MNT_RECVBUFSIZE);
break;
case IPPROTO_TCP:
clnt = clnttcp_create(mnt_saddr,
mnt_pmap->pm_prog, mnt_pmap->pm_vers,
msock,
MNT_SENDBUFSIZE, MNT_RECVBUFSIZE);
break;
}
if (clnt) {
/* try to mount hostname:dirname */
clnt->cl_auth = authunix_create_default();
return clnt;
}
return NULL;
}
/**
* mnt_closeclnt - terminate a handle for a remote mountd service
* @clnt: pointer to an active handle for a remote mountd service
* @msock: file descriptor of the underlying transport socket
*
*/
void mnt_closeclnt(CLIENT *clnt, int msock)
{
auth_destroy(clnt->cl_auth);
clnt_destroy(clnt);
close(msock);
}
/**
* clnt_ping - send an RPC ping to the remote RPC service endpoint
* @saddr: server's address
* @prog: target RPC program number
* @vers: target RPC version number
* @prot: target RPC protocol
* @caddr: filled in with our network address
*
* Sigh... GETPORT queries don't actually check the version number.
* In order to make sure that the server actually supports the service
* we're requesting, we open an RPC client, and fire off a NULL
* RPC call.
*
* caddr is the network address that the server will use to call us back.
* On multi-homed clients, this address depends on which NIC we use to
* route requests to the server.
*
* Returns one if successful, otherwise zero.
*/
int clnt_ping(struct sockaddr_in *saddr, const unsigned long prog,
const unsigned long vers, const unsigned int prot,
struct sockaddr_in *caddr)
{
CLIENT *clnt = NULL;
int sock, stat;
static char clnt_res;
struct sockaddr dissolve;
rpc_createerr.cf_stat = stat = 0;
sock = get_socket(saddr, prot, CONNECT_TIMEOUT, FALSE, TRUE);
if (sock == RPC_ANYSOCK) {
if (rpc_createerr.cf_error.re_errno == ETIMEDOUT) {
/*
* TCP timeout. Bubble up the error to see
* how it should be handled.
*/
rpc_createerr.cf_stat = RPC_TIMEDOUT;
}
return 0;
}
if (caddr) {
/* Get the address of our end of this connection */
socklen_t len = sizeof(*caddr);
if (getsockname(sock, caddr, &len) != 0)
caddr->sin_family = 0;
}
switch(prot) {
case IPPROTO_UDP:
/* The socket is connected (so we could getsockname successfully),
* but some servers on multi-homed hosts reply from
* the wrong address, so if we stay connected, we lose the reply.
*/
dissolve.sa_family = AF_UNSPEC;
connect(sock, &dissolve, sizeof(dissolve));
clnt = clntudp_bufcreate(saddr, prog, vers,
RETRY_TIMEOUT, &sock,
RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
break;
case IPPROTO_TCP:
clnt = clnttcp_create(saddr, prog, vers, &sock,
RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
break;
}
if (!clnt) {
close(sock);
return 0;
}
memset(&clnt_res, 0, sizeof(clnt_res));
stat = clnt_call(clnt, NULLPROC,
(xdrproc_t)xdr_void, (caddr_t)NULL,
(xdrproc_t)xdr_void, (caddr_t)&clnt_res,
TIMEOUT);
if (stat) {
clnt_geterr(clnt, &rpc_createerr.cf_error);
rpc_createerr.cf_stat = stat;
}
clnt_destroy(clnt);
close(sock);
if (stat == RPC_SUCCESS)
return 1;
else
return 0;
}
/*
* Create an RPC connection and establish an authenticated
* gss context with a server.
*/
static int
create_auth_rpc_client(struct clnt_info *clp,
char *tgtname,
CLIENT **clnt_return,
AUTH **auth_return,
uid_t uid,
int authtype,
gss_cred_id_t cred)
{
CLIENT *rpc_clnt = NULL;
struct rpc_gss_sec sec;
AUTH *auth = NULL;
int retval = -1;
OM_uint32 min_stat;
char rpc_errmsg[1024];
int protocol;
struct timeval timeout;
struct sockaddr *addr = (struct sockaddr *) &clp->addr;
socklen_t salen;
sec.qop = GSS_C_QOP_DEFAULT;
sec.svc = RPCSEC_GSS_SVC_NONE;
sec.cred = cred;
sec.req_flags = 0;
if (authtype == AUTHTYPE_KRB5) {
sec.mech = (gss_OID)&krb5oid;
sec.req_flags = GSS_C_MUTUAL_FLAG;
}
else {
printerr(0, "ERROR: Invalid authentication type (%d) "
"in create_auth_rpc_client\n", authtype);
goto out_fail;
}
if (authtype == AUTHTYPE_KRB5) {
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* Do this before creating rpc connection since we won't need
* rpc connection if it fails!
*/
if (limit_krb5_enctypes(&sec)) {
printerr(1, "WARNING: Failed while limiting krb5 "
"encryption types for user with uid %d\n",
uid);
goto out_fail;
}
#endif
}
/* create an rpc connection to the nfs server */
printerr(2, "creating %s client for server %s\n", clp->protocol,
clp->servername);
protocol = IPPROTO_TCP;
if ((strcmp(clp->protocol, "udp")) == 0)
protocol = IPPROTO_UDP;
switch (addr->sa_family) {
case AF_INET:
salen = sizeof(struct sockaddr_in);
break;
#ifdef IPV6_SUPPORTED
case AF_INET6:
salen = sizeof(struct sockaddr_in6);
break;
#endif /* IPV6_SUPPORTED */
default:
printerr(1, "ERROR: Unknown address family %d\n",
addr->sa_family);
goto out_fail;
}
if (!populate_port(addr, salen, clp->prog, clp->vers, protocol))
goto out_fail;
/* set the timeout according to the requested valued */
timeout.tv_sec = (long) rpc_timeout;
timeout.tv_usec = (long) 0;
rpc_clnt = nfs_get_rpcclient(addr, salen, protocol, clp->prog,
clp->vers, &timeout);
if (!rpc_clnt) {
snprintf(rpc_errmsg, sizeof(rpc_errmsg),
"WARNING: can't create %s rpc_clnt to server %s for "
"user with uid %d",
protocol == IPPROTO_TCP ? "tcp" : "udp",
clp->servername, uid);
printerr(0, "%s\n",
clnt_spcreateerror(rpc_errmsg));
goto out_fail;
}
if (!tgtname)
tgtname = clp->servicename;
printerr(2, "creating context with server %s\n", tgtname);
auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
/* Our caller should print appropriate message */
printerr(1, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
uid, tgtname);
goto out_fail;
}
/* Success !!! */
rpc_clnt->cl_auth = auth;
*clnt_return = rpc_clnt;
*auth_return = auth;
retval = 0;
out:
if (sec.cred != GSS_C_NO_CREDENTIAL)
gss_release_cred(&min_stat, &sec.cred);
return retval;
out_fail:
/* Only destroy here if failure. Otherwise, caller is responsible */
if (rpc_clnt) clnt_destroy(rpc_clnt);
goto out;
}
