diff options
Diffstat (limited to 'meta/recipes-devtools/unfs-server/unfs-server-2.1+2.2beta47/001-2.2b47-2.2b51.patch')
| -rw-r--r-- | meta/recipes-devtools/unfs-server/unfs-server-2.1+2.2beta47/001-2.2b47-2.2b51.patch | 2344 |
1 files changed, 2344 insertions, 0 deletions
diff --git a/meta/recipes-devtools/unfs-server/unfs-server-2.1+2.2beta47/001-2.2b47-2.2b51.patch b/meta/recipes-devtools/unfs-server/unfs-server-2.1+2.2beta47/001-2.2b47-2.2b51.patch new file mode 100644 index 0000000000..886ce92b34 --- /dev/null +++ b/meta/recipes-devtools/unfs-server/unfs-server-2.1+2.2beta47/001-2.2b47-2.2b51.patch @@ -0,0 +1,2344 @@ +# Patch origin: nfs-server source RPM from openSUSE 10.3 + +diff -urN nfs-server-2.2beta47/.version nfs-server-2.2beta51/.version +--- nfs-server-2.2beta47/.version Tue Sep 7 09:47:27 1999 ++++ nfs-server-2.2beta51/.version Fri Nov 8 14:45:36 2002 +@@ -1 +1 @@ +-2.2beta46 ++2.2beta51 +diff -urN nfs-server-2.2beta47/ChangeLog nfs-server-2.2beta51/ChangeLog +--- nfs-server-2.2beta47/ChangeLog Wed Nov 10 10:17:51 1999 ++++ nfs-server-2.2beta51/ChangeLog Fri Nov 8 14:45:36 2002 +@@ -1,8 +1,59 @@ ++Thu Nov 9 17:03:05 2000 ++ ++ * No longer use OPEN_MAX ++ ++ * Reworked configure.in, BUILD script no longer needed ++ (nor functioning) ++ ++ * Be more anal about matching cached fh's and real files. ++ In addition to the psi, we also store dev/ino/type now ++ and match that in fh_find. ++ ++ * Write pidfiles ++ ++ * Support nosetuid ++ ++Wed Feb 9 14:52:34 2000 ++ ++ * auth_init.c didn't properly parse options--rot_squash ++ which is obviously a typo was parsed as ro. ++ Thanks to Jan Steffan for complaining about this :-) ++ ++Mon Jan 31 11:48:34 2000 ++ ++ * Fixed Y2K bug in logging.c. ++ Thanks to Jonathan Hankins <jhankins@homewood.k12.al.us>. ++ ++Thu Dec 9 11:14:21 1999 ++ ++ * Fix handling of NFS-mounted and /proc directories. ++ They weren't properly hidden. ++ Thanks to Dick Streefland <dick_streefland@tasking.com> ++ for the report and a first patch. ++ + Wed Nov 10 10:17:16 1999 + + * Security fix for buffer overflow in fh_buildpath + No thanks to Mariusz who reported it to bugtraq + rather than me. ++ ++Wed Nov 09 17:10:00 1999 ++ ++ * Workaround for broken Solaris clients that can't handle ++ atime/mtime/ctime of 0. ++ Thanks to Frank Wuebbelin for his problem report and ++ testing the fix. ++ ++ * Fixed typo in exports.man ++ ++Tue Nov 2 10:31:14 1999 ++ ++ * Patch for mode 0100 and 0100 executables by ++ Michael Deutschmann <michael@talamasca.wkpowerlink.com> ++ ++ * Common startup stuff for all daemons. ++ Inspired by code sent to me by someone (sorry, I forgot ++ your name, and the mail's gone!) + + Wed Sep 8 09:07:38 1999 + +diff -urN nfs-server-2.2beta47/Makefile.in nfs-server-2.2beta51/Makefile.in +--- nfs-server-2.2beta47/Makefile.in Tue Jun 22 14:53:10 1999 ++++ nfs-server-2.2beta51/Makefile.in Fri Nov 8 14:45:36 2002 +@@ -17,23 +17,30 @@ + + #### Start of system configuration section. #### + +-srcdir = @srcdir@ +-VPATH = @srcdir@ ++srcdir = @srcdir@ ++VPATH = @srcdir@ + +-CC = @CC@ +-AR = ar +-RANLIB = @RANLIB@ +- +-INSTALL = @INSTALL@ +-INSTALL_PROGRAM = @INSTALL_PROGRAM@ -m 755 +-INSTALL_DATA = @INSTALL_DATA@ +-MAKEINFO = makeinfo +-TEXI2DVI = texi2dvi +-RPCGEN = @RPCGEN@ @RPCGEN_C@ ++CC = @CC@ ++AR = ar ++RANLIB = @RANLIB@ ++ ++INSTALL = @INSTALL@ ++INSTALL_PROGRAM = @INSTALL_PROGRAM@ -m 755 ++INSTALL_DATA = @INSTALL_DATA@ ++MAKEINFO = makeinfo ++TEXI2DVI = texi2dvi ++RPCGEN = @RPCGEN@ @RPCGEN_C@ + + # General compile options and libs: +-DEFS = @DEFS@ $(NFSD_DEFS) +-LIBS = libnfs.a @LIBS@ ++DEFS = @DEFS@ $(NFSD_DEFS) ++LIBS = libnfs.a @LIBS@ ++ ++# Ugidd support ++UGIDD_PROG = @UGIDD_PROG@ ++UGIDD_MAN = @UGIDD_MAN@ ++ ++# New inode mapping scheme ++DEVTAB_FILE = $(install_prefix)@PATH_DEVTAB@ + + # Compile options for nfsd: + # CALL_PROFILING +@@ -80,9 +87,6 @@ + + #### End of system configuration section. #### + +-# include site-specific defintions generated by BUILD. +-include site.mk +- + SHELL = /bin/sh + + SRCS = version.c logging.c fh.c devtab.c \ +@@ -96,19 +100,19 @@ + utimes.c mkdir.c rename.c getopt.c getopt_long.c \ + alloca.c mountlist.c xmalloc.c \ + xstrdup.c strdup.c strstr.c nfsmounted.c faccess.c \ +- haccess.c failsafe.c signals.c ++ haccess.c daemon.c signals.c + XDRFILES = mount.x nfs_prot.x + GENFILES = mount.h mount_xdr.c mount_svc.c nfs_prot.h nfs_prot_xdr.c \ + ugid.h ugid_xdr.c ugid_clnt.c + HDRS = system.h nfsd.h auth.h fh.h logging.h fakefsuid.h \ + rpcmisc.h faccess.h rquotad.h rquota.h haccess.h +-LIBHDRS = fsusage.h getopt.h mountlist.h failsafe.h signals.h ++LIBHDRS = fsusage.h getopt.h mountlist.h daemon.h signals.h + MANPAGES5 = exports + MANPAGES8p = mountd nfsd $(UGIDD_MAN) + MANPAGES8 = showmount + MANPAGES = $(MANPAGES5) $(MANPAGES8p) $(MANPAGES8) + LIBOBJS = version.o fsusage.o mountlist.o xmalloc.o xstrdup.o \ +- nfsmounted.o faccess.o haccess.o failsafe.o \ ++ nfsmounted.o faccess.o haccess.o daemon.o \ + signals.o @LIBOBJS@ @ALLOCA@ + OBJS = logging.o fh.o devtab.o auth_init.o auth_clnt.o auth.o + NFSD_OBJS = nfsd.o rpcmisc.o nfs_dispatch.o getattr.o setattr.o \ +@@ -174,15 +178,13 @@ + ${srcdir}/mkinstalldirs $(bindir) $(man5dir) $(man8dir) + + $(rpcprefix)mountd: $(MOUNTD_OBJS) libnfs.a +- $(CC) $(LDFLAGS) -o $@ $(MOUNTD_OBJS) $(LIBS) \ +- $(LIBWRAP_DIR) $(LIBWRAP_LIB) ++ $(CC) $(LDFLAGS) -o $@ $(MOUNTD_OBJS) $(LIBS) + + $(rpcprefix)nfsd: $(NFSD_OBJS) libnfs.a + $(CC) $(LDFLAGS) -o $@ $(NFSD_OBJS) $(LIBS) + + $(rpcprefix)ugidd: $(UGIDD_OBJS) libnfs.a +- $(CC) $(LDFLAGS) -o $@ $(UGIDD_OBJS) $(LIBS) \ +- $(LIBWRAP_DIR) $(LIBWRAP_LIB) ++ $(CC) $(LDFLAGS) -o $@ $(UGIDD_OBJS) $(LIBS) + + showmount: $(SHOWMOUNT_OBJS) libnfs.a + $(CC) $(LDFLAGS) -o $@ $(SHOWMOUNT_OBJS) $(LIBS) +diff -urN nfs-server-2.2beta47/aclocal.m4 nfs-server-2.2beta51/aclocal.m4 +--- nfs-server-2.2beta47/aclocal.m4 Fri Jun 11 12:04:22 1999 ++++ nfs-server-2.2beta51/aclocal.m4 Fri Nov 8 14:45:36 2002 +@@ -221,20 +221,14 @@ + ])dnl + dnl *********** libwrap bug ************** + define(AC_LIBWRAP_BUG, +- [if test -f site.mk; then +- . ./site.mk +- fi +- if test ! -z "$LIBWRAP_DIR"; then ++ [if test "$ac_cv_lib_wrap_main" = yes; then + AC_MSG_CHECKING(for link problem with libwrap.a) + AC_CACHE_VAL(nfsd_cv_lib_wrap_bug, +- [ac_save_LIBS=$LIBS +- LIBS="$LIBS $LIBWRAP_DIR $LIBWRAP_LIB" +- AC_TRY_LINK([ ++ [AC_TRY_LINK([ + extern int deny_severity; + ],[ + deny_severity=1; + ], nfsd_cv_lib_wrap_bug=no, nfsd_cv_lib_wrap_bug=yes) +- LIBS=$ac_save_LIBS + ]) dnl + AC_MSG_RESULT($nfsd_cv_lib_wrap_bug) + test $nfsd_cv_lib_wrap_bug = yes && AC_DEFINE(HAVE_LIBWRAP_BUG) +diff -urN nfs-server-2.2beta47/auth.c nfs-server-2.2beta51/auth.c +--- nfs-server-2.2beta47/auth.c Mon Sep 13 16:56:03 1999 ++++ nfs-server-2.2beta51/auth.c Fri Nov 8 14:45:36 2002 +@@ -84,8 +84,9 @@ + 0, /* relative links */ + 0, /* noaccess */ + 1, /* cross_mounts */ +- (uid_t)-2, /* default uid */ +- (gid_t)-2, /* default gid */ ++ 1, /* allow setuid */ ++ 65534, /* default uid */ ++ 65534, /* default gid */ + 0, /* no NIS domain */ + }; + +@@ -99,8 +100,9 @@ + 0, /* relative links */ + 0, /* noaccess */ + 1, /* cross_mounts */ +- (uid_t)-2, /* default uid */ +- (gid_t)-2, /* default gid */ ++ 0, /* allow setuid */ ++ 65534, /* default uid */ ++ 65534, /* default gid */ + 0, /* no NIS domain */ + }; + +@@ -673,6 +675,7 @@ + cpp = &unknown_clients; + } else { + cpp = &known_clients; ++ cp->clnt_addr = *(struct in_addr *) hp->h_addr; + auth_hash_host(cp, hp); + } + cp->next = *cpp; +diff -urN nfs-server-2.2beta47/auth.h nfs-server-2.2beta51/auth.h +--- nfs-server-2.2beta47/auth.h Thu Apr 8 14:47:56 1999 ++++ nfs-server-2.2beta51/auth.h Fri Nov 8 14:45:36 2002 +@@ -23,14 +23,6 @@ + extern char * public_root_path; + extern struct nfs_fh public_root; + +-#if defined(linux) && defined(i386) && !defined(HAVE_SETFSUID) +-# define MAYBE_HAVE_SETFSUID +-#endif +- +-#ifdef MAYBE_HAVE_SETFSUID +-extern int have_setfsuid; +-#endif +- + /* + * These externs are set in the dispatcher (dispatch.c) and auth_fh + * (nfsd.c) so that we can determine access rights, export options, +@@ -59,6 +51,7 @@ + int link_relative; + int noaccess; + int cross_mounts; ++ int allow_setuid; + uid_t nobody_uid; + gid_t nobody_gid; + char * clnt_nisdomain; +@@ -112,7 +105,7 @@ + extern void auth_free_lists(void); + extern nfs_client *auth_clnt(struct svc_req *rqstp); + extern nfs_mount *auth_path(nfs_client *, struct svc_req *, char *); +-extern void auth_user(nfs_mount *, struct svc_req *); ++extern int auth_user(nfs_mount *, struct svc_req *); + + extern nfs_client *auth_get_client(char *); + extern nfs_mount *auth_match_mount(nfs_client *, char *); +diff -urN nfs-server-2.2beta47/auth_clnt.c nfs-server-2.2beta51/auth_clnt.c +--- nfs-server-2.2beta47/auth_clnt.c Wed Nov 10 10:18:06 1999 ++++ nfs-server-2.2beta51/auth_clnt.c Fri Nov 8 14:45:36 2002 +@@ -12,20 +12,17 @@ + */ + + ++#include <sys/fsuid.h> + #include "system.h" + #include "nfsd.h" +-#include "fakefsuid.h" +- +-#ifndef svc_getcaller +-#define svc_getcaller(x) ((struct sockaddr_in *) &(x)->xp_rtaddr.buf) +-#endif ++#include "rpcmisc.h" + + +-#if defined(HAVE_SETFSUID) || defined(MAYBE_HAVE_SETFSUID) +-static void setfsids(uid_t, gid_t, gid_t *, int); ++#if defined(HAVE_SETFSUID) ++static int setfsids(uid_t, gid_t, gid_t *, int); + #endif + #ifndef HAVE_SETFSUID +-static void seteids(uid_t, gid_t, gid_t *, int); ++static int seteids(uid_t, gid_t, gid_t *, int); + #endif + + uid_t auth_uid = 0; /* Current effective user ids */ +@@ -43,6 +40,17 @@ + short *gid, short *nrgids, int *groups); + #endif + ++/* ++ * The following crap is required for glibc 2.1 which has 32bit uids ++ * in user land mapped to 16bit uids in the Linux kernel ++ */ ++#if defined(HAVE_BROKEN_SETFSUID) ++# define native_uid(u) ((unsigned short)(u)) ++# define native_gid(g) ((unsigned short)(g)) ++#else ++# define native_uid(u) (u) ++# define native_gid(g) (g) ++#endif + + /* + * For an RPC request, look up the NFS client info along with the +@@ -92,8 +100,9 @@ + } + + if (logging_enabled(D_AUTH)) { +- Dprintf(D_AUTH, "auth_path(%s): mount point %s, (%s%s%s%s%s)\n", +- path, mp->path, ++ Dprintf(D_AUTH, "auth_path(%s, %s): " ++ "mount point %s, (%s%s%s%s%s)\n", ++ inet_ntoa(cp->clnt_addr), path, mp->path, + mp->o.all_squash? "all_squash " : ( + mp->o.root_squash? "root_squash " : ""), + (mp->o.uidmap == map_daemon)? "uidmap " : "", +@@ -105,7 +114,8 @@ + return mp; + } + +-void auth_user(nfs_mount *mp, struct svc_req *rqstp) ++int ++auth_user(nfs_mount *mp, struct svc_req *rqstp) + { + uid_t cuid; + gid_t cgid; +@@ -160,23 +170,18 @@ + else if (cred_len > NGRPS) + cred_len = NGRPS; + +- cuid = luid(cred_uid, mp, rqstp); +- cgid = lgid(cred_gid, mp, rqstp); ++ cuid = luid(native_uid(cred_uid), mp, rqstp); ++ cgid = lgid(native_gid(cred_gid), mp, rqstp); + clen = cred_len; + for (i = 0; i < cred_len; i++) +- cgids[i] = lgid(cred_gids[i], mp, rqstp); ++ cgids[i] = lgid(native_gid(cred_gids[i]), mp, rqstp); + } else { + /* On systems that have 32bit uid_t in user space but + * 16bit in the kernel, we need to truncate the + * nobody ID (default -2). + */ +-#if !defined(HAVE_BROKEN_SETFSUID) +- cuid = mp->o.nobody_uid; +- cgid = mp->o.nobody_gid; +-#else +- cuid = (unsigned short) mp->o.nobody_uid; +- cgid = (unsigned short) mp->o.nobody_gid; +-#endif ++ cuid = native_uid(mp->o.nobody_uid); ++ cgid = native_gid(mp->o.nobody_gid); + /* Construct a list of one gid. */ + cgids[0] = cgid; + clen = 1; +@@ -193,14 +198,9 @@ + * upper 16 bits set (including our default nobody uid -2). + */ + #if defined(HAVE_SETFSUID) +- setfsids(cuid, cgid, cgids, clen); ++ return setfsids(cuid, cgid, cgids, clen); + #else +-#if defined(MAYBE_HAVE_SETFSUID) +- if (have_setfsuid) +- setfsids(cuid, cgid, cgids, clen); +- else +-#endif +- seteids(cuid, cgid, cgids, clen); ++ return seteids(cuid, cgid, cgids, clen); + #endif + } + +@@ -210,6 +210,8 @@ + void + auth_override_uid(uid_t uid) + { ++ int res; ++ + /* extension hooks: */ + efs_setfsuid(uid); + +@@ -217,19 +219,18 @@ + uid = (unsigned short) uid; + #endif + #if defined(HAVE_SETFSUID) +- setfsuid(uid); ++ res = setfsuid(uid); + #else +-#if defined(MAYBE_HAVE_SETFSUID) +- if (have_setfsuid) +- setfsuid(uid); +- else +-#endif +- seteuid(uid); ++ res = seteuid(uid); + #endif ++ /* should never happen */ ++ if (res < 0) ++ Dprintf(L_FATAL, "auth_override_uid(%d) failed: %s", ++ uid, strerror(errno)); + } + +-#if defined(HAVE_SETFSUID) || defined(MAYBE_HAVE_SETFSUID) +-static void ++#if defined(HAVE_SETFSUID) ++static int + setfsids(uid_t cred_uid, gid_t cred_gid, gid_t *cred_gids, int cred_len) + { + /* extension hooks: */ +@@ -238,43 +239,47 @@ + + /* First, set the user ID. */ + if (auth_uid != cred_uid) { +- if (setfsuid(cred_uid) < 0) ++ if (setfsuid(cred_uid) < 0) { + Dprintf(L_ERROR, "Unable to setfsuid %d: %s\n", + cred_uid, strerror(errno)); +- else +- auth_uid = cred_uid; ++ return 0; ++ } ++ auth_uid = cred_uid; + } + + /* Next, the group ID. */ + if (auth_gid != cred_gid) { +- if (setfsgid(cred_gid) < 0) ++ if (setfsgid(cred_gid) < 0) { + Dprintf(L_ERROR, "Unable to setfsgid %d: %s\n", + cred_gid, strerror(errno)); +- else +- auth_gid = cred_gid; ++ return 0; ++ } ++ auth_gid = cred_gid; + } + + #ifdef HAVE_SETGROUPS + /* Finally, set the supplementary group IDs if possible. */ +- if (cred_len < 0 || cred_len > NGRPS) ++ if (cred_len < 0 || cred_len > NGRPS) { + Dprintf(L_ERROR, "Negative or huge cred_len: %d\n", cred_len); +- else if (cred_len != auth_gidlen +- || memcmp(cred_gids, auth_gids, auth_gidlen*sizeof(gid_t))) { +- if (setgroups(cred_len, cred_gids) < 0) ++ return 0; ++ } ++ if (cred_len != auth_gidlen ++ || memcmp(cred_gids, auth_gids, auth_gidlen*sizeof(gid_t))) { ++ if (setgroups(cred_len, cred_gids) < 0) { + Dprintf(L_ERROR, "Unable to setgroups: %s\n", + strerror(errno)); +- else { +- memcpy(auth_gids, cred_gids, cred_len*sizeof(gid_t)); +- auth_gidlen = cred_len; ++ return 0; + } ++ memcpy(auth_gids, cred_gids, cred_len*sizeof(gid_t)); ++ auth_gidlen = cred_len; + } + #endif /* HAVE_SETGROUPS */ +- ++ return 1; + } + #endif + + #if !defined(HAVE_SETFSUID) +-static void ++static int + seteids(uid_t cred_uid, gid_t cred_gid, gid_t *cred_gids, int cred_len) + { + /* extension hooks: */ +@@ -286,52 +291,62 @@ + /* First set the group ID. */ + if (auth_gid != cred_gid) { + if (auth_uid != ROOT_UID) { +- if (seteuid(ROOT_UID) < 0) ++ if (seteuid(ROOT_UID) < 0) { + Dprintf(L_ERROR, "Unable to seteuid(%d): %s\n", + ROOT_UID, strerror(errno)); +- else +- auth_uid = ROOT_UID; ++ return 0; ++ } ++ auth_uid = ROOT_UID; + } +- if (setegid(cred_gid) < 0) ++ if (setegid(cred_gid) < 0) { + Dprintf(L_ERROR, "Unable to setegid(%d): %s\n", + cred_gid, strerror(errno)); +- else +- auth_gid = cred_gid; ++ return 0; ++ } ++ auth_gid = cred_gid; + } + + #ifdef HAVE_SETGROUPS + /* Next set the supplementary group IDs if possible. */ +- if (cred_len < 0 || cred_len > NGRPS) ++ if (cred_len < 0 || cred_len > NGRPS) { + Dprintf(L_ERROR, "Negative or huge cred_len: %d\n", cred_len); +- else if (cred_len != auth_gidlen +- || memcmp(cred_gids, auth_gids, auth_gidlen*sizeof(gid_t))) { ++ return 0; ++ } ++ if (cred_len != auth_gidlen ++ || memcmp(cred_gids, auth_gids, auth_gidlen*sizeof(gid_t))) { + if (auth_uid != ROOT_UID) { +- if (seteuid(ROOT_UID) < 0) ++ if (seteuid(ROOT_UID) < 0) { + Dprintf(L_ERROR, "Unable to seteuid(%d): %s\n", + ROOT_UID, strerror(errno)); +- else +- auth_uid = ROOT_UID; ++ return 0; ++ } ++ auth_uid = ROOT_UID; + } +- if (setgroups(cred_len, cred_gids) < 0) ++ if (setgroups(cred_len, cred_gids) < 0) { + Dprintf(L_ERROR, "Unable to setgroups: %s\n", + strerror(errno)); +- else { +- memcpy(auth_gids, cred_gids, cred_len*sizeof(gid_t)); +- auth_gidlen = cred_len; ++ return 0; + } ++ memcpy(auth_gids, cred_gids, cred_len*sizeof(gid_t)); ++ auth_gidlen = cred_len; + } + #endif /* HAVE_SETGROUPS */ + + /* Finally, set the user ID. */ + if (auth_uid != cred_uid) { +- if (auth_uid != ROOT_UID && seteuid(ROOT_UID) < 0) ++ if (auth_uid != ROOT_UID && seteuid(ROOT_UID) < 0) { + Dprintf(L_ERROR, "Unable to seteuid(%d): %s\n", + ROOT_UID, strerror(errno)); +- if (seteuid(cred_uid) < 0) ++ return 0; ++ } ++ if (seteuid(cred_uid) < 0) { + Dprintf(L_ERROR, "Unable to seteuid(%d): %s\n", + cred_uid, strerror(errno)); +- else +- auth_uid = cred_uid; ++ return 0; ++ } ++ auth_uid = cred_uid; + } ++ ++ return 1; + } + #endif +diff -urN nfs-server-2.2beta47/auth_init.c nfs-server-2.2beta51/auth_init.c +--- nfs-server-2.2beta47/auth_init.c Mon Apr 19 14:01:21 1999 ++++ nfs-server-2.2beta51/auth_init.c Fri Nov 8 14:45:36 2002 +@@ -13,7 +13,6 @@ + */ + + #include "nfsd.h" +-#include "fakefsuid.h" + #include <pwd.h> + + #define LINE_SIZE 1024 +@@ -263,55 +262,63 @@ + cp++; + while (*cp != terminator) { + kwd = cp; +- while (isalpha(*cp) || *cp == '_' || *cp == '=') { +- /* break out of loop after = sign */ +- if (*cp++ == '=') +- break; +- } ++ /* Gobble up keyword and "=" if there is one */ ++ while (isalpha(*cp) || *cp == '_') ++ ++cp; ++ if (*cp == '=') ++ ++cp; ++ + klen = cp - kwd; + + /* process keyword */ +- if (strncmp(kwd, "secure", 6) == 0) ++#define ifkwd(n, string) \ ++ if (klen == (n) && !strncmp(kwd, string, (n))) ++ ++ ifkwd(2, "ro") ++ mp->o.read_only = 1; ++ else ifkwd(2, "rw") ++ mp->o.read_only = 0; ++ else ifkwd(6, "secure") + mp->o.secure_port = 1; +- else if (strncmp(kwd, "insecure", 8) == 0) ++ else ifkwd(8, "insecure") + mp->o.secure_port = 0; +- else if (strncmp(kwd, "root_squash", 11) == 0) ++ else ifkwd(11, "root_squash") + mp->o.root_squash = 1; +- else if (strncmp(kwd, "no_root_squash", 14) == 0) ++ else ifkwd(14, "no_root_squash") + mp->o.root_squash = 0; +- else if (strncmp(kwd, "ro", 2) == 0) +- mp->o.read_only = 1; +- else if (strncmp(kwd, "rw", 2) == 0) +- mp->o.read_only = 0; +- else if (strncmp(kwd, "link_relative", 13) == 0) ++ else ifkwd(13, "link_relative") + mp->o.link_relative = 1; +- else if (strncmp(kwd, "link_absolute", 13) == 0) ++ else ifkwd(13, "link_absolute") + mp->o.link_relative = 0; +- else if (strncmp(kwd, "map_daemon", 10) == 0) ++ else ifkwd(10, "map_daemon") + mp->o.uidmap = map_daemon; +- else if (strncmp(kwd, "map_nis=", 8) == 0) ++ else ifkwd(8, "map_nis=") + parse_nis_uidmap(mp, &cp); +- else if (strncmp(kwd, "map_static=", 11) == 0) ++ else ifkwd(11, "map_static=") + parse_static_uidmap(mp, &cp); +- else if (strncmp(kwd, "map_identity", 12) == 0) ++ else ifkwd(12, "map_identity") + mp->o.uidmap = identity; +- else if (strncmp(kwd, "all_squash", 10) == 0) ++ else ifkwd(10, "all_squash") + mp->o.all_squash = 1; +- else if (strncmp(kwd, "no_all_squash", 13) == 0) ++ else ifkwd(13, "no_all_squash") + mp->o.all_squash = 0; +- else if (strncmp(kwd, "noaccess", 8) == 0) ++ else ifkwd(8, "noaccess") + mp->o.noaccess = 1; +- else if (strncmp(kwd, "squash_uids=", 12) == 0) ++ else ifkwd(12, "squash_uids=") + parse_squash(mp, 1, &cp); +- else if (strncmp(kwd, "squash_gids=", 12) == 0) ++ else ifkwd(12, "squash_gids=") + parse_squash(mp, 0, &cp); +- else if (strncmp(kwd, "anonuid=", 8) == 0) ++ else ifkwd(8, "anonuid=") + mp->o.nobody_uid = parse_num(&cp); +- else if (strncmp(kwd, "anongid=", 8) == 0) ++ else ifkwd(8, "anongid=") + mp->o.nobody_gid = parse_num(&cp); +- else if (strncmp(kwd, "async", 5) == 0) ++ else ifkwd(6, "setuid") ++ mp->o.allow_setuid = 1; ++ else ifkwd(8, "nosetuid") ++ mp->o.allow_setuid = 0; ++ else ifkwd(5, "async") + /* knfsd compatibility, ignore */; +- else if (strncmp(kwd, "sync", 4) == 0) ++ else ifkwd(4, "sync") + /* knfsd compatibility, ignore */; + else { + Dprintf(L_ERROR, +@@ -566,11 +573,6 @@ + auth_check_all_wildcards(); + auth_sort_all_mountlists(); + auth_log_all(); +- +-#if defined(MAYBE_HAVE_SETFSUID) && !defined(HAVE_SETFSUID) +- /* check if the a.out setfsuid syscall works on this machine */ +- have_setfsuid = (setfsuid(0) >= 0); +-#endif + + auth_initialized = 1; + } +diff -urN nfs-server-2.2beta47/config.h.in nfs-server-2.2beta51/config.h.in +--- nfs-server-2.2beta47/config.h.in Fri Jun 11 12:01:22 1999 ++++ nfs-server-2.2beta51/config.h.in Fri Nov 8 14:45:36 2002 +@@ -3,7 +3,7 @@ + /* Define if on AIX 3. + System headers sometimes define this. + We just want to avoid a redefinition error message. */ +-#ifndef _ALL_SOURCE ++#ifdef _ALL_SOURCE + #undef _ALL_SOURCE + #endif + +diff -urN nfs-server-2.2beta47/configure.in nfs-server-2.2beta51/configure.in +--- nfs-server-2.2beta47/configure.in Fri Jun 11 11:58:10 1999 ++++ nfs-server-2.2beta51/configure.in Fri Nov 8 14:45:36 2002 +@@ -2,7 +2,36 @@ + dnl Updated for autoconf 2. + dnl + AC_INIT(nfsd.c) +-AC_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADER(config.h site.h) ++ ++dnl ************************************************************** ++dnl * handle --enable options ++dnl ************************************************************** ++AC_ARG_ENABLE(new-inodes, ++ [ --enable-new-inodes Enable new-style inode inodes]) ++AC_ARG_WITH(devtab, ++ [ --with-devtab=file Specify location for devtab [/var/lib/nfs/devtab]], ++ PATH_DEVTAB=$withval, ++ PATH_DEVTAB=/var/lib/nfs/devtab) ++AC_ARG_ENABLE(ugid-dynamic, ++ [ --enable-ugid-dynamic Enable uid mapping using rpc.ugidd (not recommended)]) ++AC_ARG_ENABLE(ugid-nis, ++ [ --enable-ugid-nis Enable NIS-based uid mapping]) ++AC_ARG_ENABLE(host-access, ++ [ --enable-host-access Enable host access checking]) ++AC_ARG_ENABLE(mount-logging, ++ [ --disable-mount-logging Do not log mount operations to syslog],, ++ enable_mount_logging=yes) ++AC_ARG_WITH(exports-uid, ++ [ --with-exports-uid=N Make sure that /etc/exports is owned by uid N],, ++ with_exports_uid=0) ++AC_ARG_WITH(exports-gid, ++ [ --with-exports-gid=N Make sure that /etc/exports is owned by gid N],, ++ with_exports_gid=0) ++ ++dnl ************************************************************** ++dnl * Check for all kinds of stuff ++dnl ************************************************************** + AC_PROG_CC + # If we're using gcc, we want warning flags + test -n "$GCC" && +@@ -19,7 +48,7 @@ + AC_MINIX + AC_ISC_POSIX + AC_PROG_INSTALL +-AC_CROSS_CHECK ++dnl AC_CROSS_CHECK + AC_STDC_HEADERS + AC_GNULIBC + AC_CONST +@@ -52,14 +81,45 @@ + AC_CHECK_LIB(rpc, main) + AC_CHECK_LIB(crypt, main) + AC_CHECK_LIB(nys, main) +-AC_REPLACE_FUNCS(strerror realpath mkdir rename utimes strdup strstr getopt getopt_long) + AC_HAVE_FUNCS(getcwd seteuid setreuid getdtablesize setgroups lchown setsid setfsuid setfsgid innetgr quotactl authdes_getucred) + AC_AUTHDES_GETUCRED + AC_BROKEN_SETFSUID + AC_MOUNTLIST + AC_FSUSAGE ++AC_CHECK_LIB(wrap, main) + AC_LIBWRAP_BUG + AC_BSD_SIGNALS ++ ++dnl ************************************************************** ++dnl * Munge user specified options ++dnl ************************************************************** ++if test "$enable_new_inodes" = yes; then ++ AC_DEFINE(ENABLE_DEVTAB) ++fi ++if test "$enable_ugid_dynamic" = yes; then ++ AC_DEFINE(ENABLE_UGID_DAEMON) ++ UGIDD_PROG=\${rpcprefix}.ugidd ++ UGIDD_MAN=ugidd ++fi ++if test "$enable_ugid_nis" = yes; then ++ AC_DEFINE(ENABLE_UGID_NIS) ++fi ++if test "$enable_host_access" = yes; then ++ AC_DEFINE(HOSTS_ACCESS) ++fi ++if test "$enable_mount_logging" = yes; then ++ AC_DEFINE(WANT_LOG_MOUNTS) ++fi ++AC_DEFINE_UNQUOTED(EXPORTSOWNERUID, $with_exports_uid) ++AC_DEFINE_UNQUOTED(EXPORTSOWNERGID, $with_exports_gid) ++AC_SUBST(PATH_DEVTAB) ++AC_SUBST(UGIDD_PROG) ++AC_SUBST(UGIDD_MAN) ++ ++dnl ************************************************************** ++dnl * Output CFLAGS and LDFLAGS ++dnl ************************************************************** + AC_SUBST(LDFLAGS) + AC_SUBST(CFLAGS) ++ + AC_OUTPUT(Makefile) +diff -urN nfs-server-2.2beta47/daemon.c nfs-server-2.2beta51/daemon.c +--- nfs-server-2.2beta47/daemon.c Thu Jan 1 01:00:00 1970 ++++ nfs-server-2.2beta51/daemon.c Fri Nov 8 14:45:52 2002 +@@ -0,0 +1,270 @@ ++/* ++ * daemon.c ++ * ++ * Copyright (C) 1998, <okir@monad.swb.de> ++ * ++ * Implements common daemon stuff and ++ * fail-safe mode for nfsd/mountd. ++ */ ++ ++#include "system.h" ++#include "logging.h" ++#include "signals.h" ++#include <sys/wait.h> ++ ++static const char * pidfilename = 0; ++static const char * get_signame(int signo); ++ ++/* ++ * Do the Crawley Thing ++ */ ++void ++daemonize(void) ++{ ++ int c; ++ ++ /* Ignore SIGHUP so the parent can exit while we're still ++ * in limbo */ ++ ignore_signal(SIGHUP); ++ ++ /* Now fork */ ++ c = fork(); ++ if (c < 0) ++ Dprintf(L_FATAL, "unable to fork: %s", strerror(errno)); ++ ++ /* Parent process: exit */ ++ if (c > 0) ++ exit(0); ++ ++ /* Do the session stuff */ ++ close(0); ++ close(1); ++ close(2); ++#ifdef HAVE_SETSID ++ setsid(); ++#else ++ if ((c = open("/dev/tty", O_RDWR)) >= 0) { ++ ioctl(c, TIOCNOTTY, (char *) NULL); ++ close(c); ++ } ++#endif ++ ++ /* Stop stderr logging */ ++ background_logging(); ++} ++ ++void ++setpidpath(const char *filename) ++{ ++ pidfilename = filename; ++} ++ ++void ++writepid(pid_t pid, int clear) ++{ ++ FILE *fp; ++ ++ fp = fopen(pidfilename, clear? "w" : "a"); ++ if (fp == NULL) ++ Dprintf(L_FATAL, "Unable to open %s: %m", pidfilename); ++ fprintf(fp, "%d\n", pid); ++ fclose(fp); ++ return; ++} ++ ++void ++failsafe(int level, int ncopies) ++{ ++ int *servers, running, child, i; ++ int pid, signo, status; ++ time_t last_restart = 0, now; ++ int restarts = 0, backoff = 60; ++ ++ servers = (int *) xmalloc(ncopies * sizeof(int)); ++ memset(servers, 0, ncopies * sizeof(int)); ++ ++ /* Loop forever, until we get SIGTERM */ ++ running = 0; ++ while (1) { ++ /* Rewrite the pidfile */ ++ writepid(getpid(), 1); ++ for (i = 0; i < ncopies; i++) { ++ if (servers[i] != 0) ++ writepid(servers[i], 0); ++ } ++ ++ while (running < ncopies) { ++ if ((now = time(NULL)) == last_restart) { ++ if (++restarts > 2 * ncopies) { ++ Dprintf(L_ERROR, ++ "Servers restarting too " ++ "quickly, backing off."); ++ if (backoff < 60 * 60) ++ backoff <<= 1; ++ sleep(backoff); ++ } ++ } else { ++ last_restart = now; ++ restarts = 0; ++ backoff = 60; ++ } ++ ++ /* Locate a free pid slot */ ++ for (i = 0, child = -1; i < ncopies; i++) { ++ if (servers[i] == 0) { ++ child = i; ++ break; ++ } ++ } ++ ++ if (child < 0) ++ Dprintf(L_FATAL, "failsafe: no pid slot?!"); ++ ++ Dprintf(D_GENERAL, ++ "starting server thread %d...\n", child + 1); ++ ++ pid = fork(); ++ if (pid < 0) ++ Dprintf(L_FATAL, ++ "Unable to fork for failsafe: %s", ++ strerror(errno)); ++ ++ if (pid == 0) { ++ /* Child process: continue with execution. */ ++ return; ++ } ++ ++ writepid(pid, 0); ++ servers[child] = pid; ++ running++; ++ } ++ ++ /* Ignore some signals */ ++ ignore_signal(SIGTERM); ++ ignore_signal(SIGHUP); ++ ignore_signal(SIGINT); ++ ignore_signal(SIGCHLD); ++ ++ if ((pid = wait(&status)) < 0) { ++ Dprintf((errno == ECHILD)? L_FATAL : L_WARNING, ++ "failsafe: wait(): %s", strerror(errno)); ++ continue; ++ } ++ ++ /* Locate the child */ ++ for (i = 0, child = -1; i < ncopies; i++) { ++ if (servers[i] == pid) { ++ child = i; ++ break; ++ } ++ } ++ ++ if (child < 0) { ++ Dprintf(L_WARNING, ++ "failsafe: unknown child (pid %d) terminated", ++ pid); ++ continue; ++ } ++ ++ /* Book-keeping */ ++ servers[child] = 0; ++ running--; ++ ++ if (WIFSIGNALED(status)) { ++ signo = WTERMSIG(status); ++ if (signo == SIGTERM) { ++ Dprintf(L_NOTICE, "failsafe: " ++ "child %d terminated by SIGTERM. %s.", ++ pid, running? "Continue" : "Exit"); ++ } else { ++ Dprintf(L_WARNING, "failsafe: " ++ "child %d terminated by %s. " ++ "Restarting.", ++ pid, get_signame(signo)); ++ child = -1; /* Restart */ ++ } ++ } else if (WIFEXITED(status)) { ++ Dprintf(L_NOTICE, "failsafe: " ++ "child %d exited, status %d.", ++ pid, WEXITSTATUS(status)); ++ } else { ++ Dprintf(L_ERROR, "failsafe: " ++ "abnormal child termination, " ++ "pid=%d status=%d. Restarting.", ++ pid, status); ++ child = -1; /* Restart */ ++ } ++ ++ /* If child >= 0, we should not restart */ ++ if (child >= 0) { ++ if (!running) { ++ Dprintf(D_GENERAL, ++ "No more children, exiting."); ++ exit(0); ++ } ++ for (i = child; i < ncopies-1; i++) ++ servers[i] = servers[i+1]; ++ ncopies--; /* Make sure we start no new servers */ ++ } ++ } ++} ++ ++/* ++ * Failsafe session, catch core file. ++ * ++ * Not yet implemented. ++ * General outline: we need to fork first, because nfsd changes ++ * uids frequently, and the kernel won't write out a core file after ++ * that. The forked proc starts out with a clean dumpable flag though. ++ * ++ * After the fork, we might want to make sure we end up in some common ++ * directory that the failsafe loop knows about. ++ */ ++void ++failsafe_loop(int level, void (*function)(void)) ++{ ++ /* NOP */ ++} ++ ++static const char * ++get_signame(int signo) ++{ ++ static char namebuf[30]; ++ ++ switch (signo) { ++ case SIGHUP: return "SIGHUP"; ++ case SIGINT: return "SIGINT"; ++ case SIGQUIT: return "SIGQUIT"; ++ case SIGILL: return "SIGILL"; ++ case SIGTRAP: return "SIGTRAP"; ++ case SIGIOT: return "SIGIOT"; ++ case SIGBUS: return "SIGBUS"; ++ case SIGFPE: return "SIGFPE"; ++ case SIGKILL: return "SIGKILL"; ++ case SIGUSR1: return "SIGUSR1"; ++ case SIGSEGV: return "SIGSEGV"; ++ case SIGUSR2: return "SIGUSR2"; ++ case SIGPIPE: return "SIGPIPE"; ++ case SIGALRM: return "SIGALRM"; ++ case SIGTERM: return "SIGTERM"; ++ case SIGCHLD: return "SIGCHLD"; ++ case SIGCONT: return "SIGCONT"; ++ case SIGSTOP: return "SIGSTOP"; ++ case SIGTSTP: return "SIGTSTP"; ++ case SIGTTIN: return "SIGTTIN"; ++ case SIGTTOU: return "SIGTTOU"; ++ case SIGURG: return "SIGURG"; ++ case SIGXCPU: return "SIGXCPU"; ++ case SIGXFSZ: return "SIGXFSZ"; ++ case SIGVTALRM: return "SIGVTALRM"; ++ case SIGPROF: return "SIGPROF"; ++ case SIGWINCH: return "SIGWINCH"; ++ case SIGIO: return "SIGIO"; ++#ifdef SIGPWR ++ case SIGPWR: return "SIGPWR"; ++#endif ++ } ++ ++ sprintf(namebuf, "signal #%d", signo); ++ return namebuf; ++} +diff -urN nfs-server-2.2beta47/daemon.h nfs-server-2.2beta51/daemon.h +--- nfs-server-2.2beta47/daemon.h Thu Jan 1 01:00:00 1970 ++++ nfs-server-2.2beta51/daemon.h Fri Nov 8 14:45:52 2002 +@@ -0,0 +1,18 @@ ++/* ++ * daemon.h ++ * ++ * Daemon support ++ */ ++ ++#ifndef CRAWLEY_H ++#define CRAWLEY_H ++ ++#define _PATH_NFSD_PIDFILE "/var/run/nfsd.pid" ++#define _PATH_MOUNTD_PIDFILE "/var/run/mountd.pid" ++ ++extern void daemonize(void); ++extern void setpidpath(const char *); ++extern void writepid(pid_t, int); ++extern void failsafe(int level, int ncopies); ++ ++#endif /* CRAWLEY_H */ +diff -urN nfs-server-2.2beta47/exports.man nfs-server-2.2beta51/exports.man +--- nfs-server-2.2beta47/exports.man Wed Nov 10 10:18:49 1999 ++++ nfs-server-2.2beta51/exports.man Fri Nov 8 14:45:36 2002 +@@ -45,6 +45,12 @@ + simultaneously. This is done by specifying an IP address and netmask pair + as + .IR address/netmask . ++.IP "world ++You can export a directory to the world (i.e. to all computers that ++are able to reach your NFS server network-wise) by using the empty ++hostname. When exporting to the world, the ++.BR root_squash ", " all_squash ", " ro " and " nosetuid ++options are turned on by default. + .TP + .B =public + This is a special ``hostname'' that identifies the given directory name +@@ -81,6 +87,12 @@ + by using the + .IR ro " option. + .TP ++.I setuid ++This allows clients to assert the setuid and setgid bits on regular ++files. For non-anonymous exports, this option is on by default. ++For anonymous exports, the default is ++.IR nosetuid . ++.TP + .I noaccess + This makes everything below the directory inaccessible for the named + client. This is useful when you want to export a directory hierarchy to +@@ -296,6 +308,22 @@ + .I /usr/X11R6 + entry apply. This is also true when the latter is a wildcard or netgroup + entry. ++.PP ++You should also be careful about where you place spaces in the ++exports file. For instance, the following may appear as if you've ++exported ++.BR /pub " readonly to host " foozle , ++but what this does in fact is export the directory to ++.B foozle ++with the default options, ++.I and ++export it to the world with the readonly option: ++.PP ++.nf ++.ta +3i ++# bad: export to the world ++/pub foozle (ro) ++.fi + .SH FILES + /etc/exports + .SH DIAGNOSTICS +diff -urN nfs-server-2.2beta47/fh.c nfs-server-2.2beta51/fh.c +--- nfs-server-2.2beta47/fh.c Wed Nov 10 10:41:14 1999 ++++ nfs-server-2.2beta51/fh.c Fri Nov 8 14:45:36 2002 +@@ -95,17 +95,14 @@ + static int fh_list_size; + static time_t curtime; + +-#ifndef FOPEN_MAX +-#define FOPEN_MAX 256 +-#endif +- + #ifndef FHTRACE + #undef D_FHTRACE + #define D_FHTRACE D_FHCACHE + #endif + +-static fhcache * fd_cache[FOPEN_MAX] = { NULL }; ++static fhcache ** fd_cache = NULL; + static int fd_cache_size = 0; ++static int fd_cache_max = 0; + + #ifndef NFSERR_INVAL /* that Sun forgot */ + #define NFSERR_INVAL 22 +@@ -141,10 +138,13 @@ + + /* Forward declared local functions */ + static psi_t path_psi(char *, nfsstat *, struct stat *, int); ++static psi_t path_psi_m(char *, nfsstat *, struct stat *, ++ struct stat *, int); + static int fh_flush_fds(void); + static char * fh_dump(svc_fh *); + static void fh_insert_fdcache(fhcache *fhc); + static void fh_unlink_fdcache(fhcache *fhc); ++static void fh_complain(const char *msg, fhcache *fhc); + + static void + fh_move_to_front(fhcache *fhc) +@@ -192,6 +192,13 @@ + static void + fh_insert_fdcache(fhcache *fhc) + { ++#ifdef FHTRACE ++ Dprintf(D_FHTRACE, "insert fh %x into fdcache @%d\n", fhc->h.psi, fhc->fd); ++ if (fhc->fd < 0) { ++ fh_complain("fd cache bug: bad fd", fhc); ++ return; ++ } ++#endif + if (fhc == fd_lru_head) + return; + if (fhc->fd_next || fhc->fd_prev) +@@ -203,9 +210,20 @@ + fhc->fd_next = fd_lru_head; + fd_lru_head = fhc; + ++ if (fhc->fd >= fd_cache_max) { ++ int oldmax = fd_cache_max, newmax; ++ ++ newmax = (fhc->fd + 8) & ~7; ++ fd_cache = (fhcache **) xrealloc(fd_cache, newmax * sizeof(fhcache *)); ++ memset(fd_cache + oldmax, 0, (newmax - oldmax) * sizeof(fhcache *)); ++ fd_cache_max = newmax; ++ } ++ + #ifdef FHTRACE + if (fd_cache[fhc->fd] != NULL) { +- Dprintf(L_ERROR, "fd cache inconsistency!\n"); ++ Dprintf(L_ERROR, "fd cache inconsistency (two fh's for same fd)"); ++ fh_complain("new fh", fhc); ++ fh_complain("old fh", fd_cache[fhc->fd]); + return; + } + #endif +@@ -225,7 +243,7 @@ + } else if (fd_lru_tail == fhc) { + fd_lru_tail = prev; + } else { +- Dprintf(L_ERROR, "fd cache inconsistency\n"); ++ fh_complain("fd cache inconsistency (no next and not at tail)", fhc); + return; + } + if (prev) { +@@ -233,13 +251,13 @@ + } else if (fd_lru_head == fhc) { + fd_lru_head = next; + } else { +- Dprintf(L_ERROR, "fd cache inconsistency\n"); ++ fh_complain("fd cache inconsistency (no prev and not at head)", fhc); + return; + } + + #ifdef FHTRACE + if (fd_cache[fhc->fd] != fhc) { +- Dprintf(L_ERROR, "fd cache inconsistency!\n"); ++ fh_complain("fd cache inconsistency (fd cache ptr mismatch)", fhc); + return; + } + #endif +@@ -285,7 +303,7 @@ + hash_slot = &((*hash_slot)->hash_next); + if (*hash_slot == NULL) + Dprintf(L_ERROR, +- "internal inconsistency -- fhc(%x) not in hash table\n", ++ "internal inconsistency -- fhc(%x) not in hash table!\n", + fhc); + else + *hash_slot = fhc->hash_next; +@@ -572,7 +590,7 @@ + efs_seekdir(dir, cookie_stack[i]); + while ((dp = efs_readdir(dir))) { + char *name = dp->d_name; +- int n = strlen(name); ++ int n = strlen(name); /* or: dp->d_reclen */ + + if (pathlen + n + 1 >= NFS_MAXPATHLEN + || (name[0] == '.' +@@ -738,7 +756,16 @@ + static psi_t + path_psi(char *path, nfsstat *status, struct stat *sbp, int svalid) + { +- struct stat sbuf; ++ struct stat smounted; ++ ++ return path_psi_m(path, status, sbp, &smounted, svalid); ++} ++ ++static psi_t ++path_psi_m(char *path, nfsstat *status, ++ struct stat *sbp, struct stat *mbp, int svalid) ++{ ++ struct stat sbuf, ddbuf; + + if (sbp == NULL) + sbp = &sbuf; +@@ -746,10 +773,10 @@ + *status = nfs_errno(); + return (0); + } ++ *mbp = *sbp; + if (S_ISDIR(sbp->st_mode) && strcmp(path, "/") != 0) { + /* Special case for directories--test for mount point. */ +- struct stat ddbuf; +- char *fname; ++ char *fname; + + /* Find start of last component of path. */ + #if 1 +@@ -819,6 +846,19 @@ + return (pseudo_inode(sbp->st_ino, sbp->st_dev)); + } + ++/* ++ * Match attributes to make sure we're still referring to the original file ++ */ ++static inline int ++fh_attrmatch(struct fhcache *fhc, struct stat *attr) ++{ ++ if (fhc->dev == attr->st_dev ++ && fhc->ino == attr->st_ino ++ && fhc->type == (attr->st_mode & S_IFMT)) ++ return 1; ++ return 0; ++} ++ + fhcache * + fh_find(svc_fh *h, int mode) + { +@@ -838,6 +878,9 @@ + ex_state = active; + time(&curtime); + while ((fhc = fh_lookup(h->psi)) != NULL) { ++ struct stat sbuf, *s = NULL; ++ nfsstat dummy; ++ + Dprintf(D_FHCACHE, "fh_find: psi=%lx... found '%s', fd=%d\n", + (unsigned long) h->psi, + fhc->path ? fhc->path : "<unnamed>", +@@ -857,33 +900,27 @@ + * If it doesn't try to rebuild the path. + */ + if (check) { +- struct stat *s = &fhc->attrs; +- psi_t psi; +- nfsstat dummy; +- ++ s = &sbuf; + if (efs_lstat(fhc->path, s) < 0) { + Dprintf(D_FHTRACE, + "fh_find: stale fh: lstat: %m\n"); + } else { +- fhc->flags |= FHC_ATTRVALID; +- /* If pseudo-inos don't match, we fhc->path +- * may be a mount point (hence lstat() returns ++ /* If device/ino don't match, fhc->path may ++ * be a mount point (hence lstat() returns + * a different inode number than the readdir() + * stuff used in path_psi) + */ +- psi = pseudo_inode(s->st_ino, s->st_dev); +- if (h->psi == psi) ++ if (fh_attrmatch(fhc, s)) + goto fh_return; + +- /* Try again by computing the path psi */ +- psi = path_psi(fhc->path, &dummy, s, 1); +- if (h->psi == psi) ++ /* Get the dev/ino of the underlying ++ * mount point. */ ++ path_psi(fhc->path, &dummy, s, 1); ++ if (fh_attrmatch(fhc, s)) + goto fh_return; + +- Dprintf(D_FHTRACE, "fh_find: stale fh: " +- "dev/ino %x/%lx psi %lx", +- s->st_dev, s->st_ino, +- (unsigned long) psi); ++ Dprintf(D_FHTRACE, "fh_find: stale fh: %lx", ++ (unsigned long) h->psi); + } + + fh_discard: +@@ -896,6 +933,12 @@ + } + + fh_return: ++ /* Valid attributes; cache them */ ++ if (s != NULL) { ++ memcpy(&fhc->attrs, s, sizeof(*s)); ++ fhc->flags |= FHC_ATTRVALID; ++ } ++ + /* The cached fh seems valid */ + if (fhc != fh_head.next) + fh_move_to_front(fhc); +@@ -905,7 +948,8 @@ + } + + Dprintf(D_FHCACHE, "fh_find: psi=%lx... not found\n", +- (unsigned long) h->psi); ++ (unsigned long) h->psi); ++ + if (mode == FHFIND_FCACHED) { + ex_state = inactive; + return NULL; +@@ -918,6 +962,7 @@ + fhc = flush->prev; + fh_delete(flush); + } ++ + fhc = (fhcache *) xmalloc(sizeof *fhc); + if (mode == FHFIND_FCREATE) { + /* File will be created */ +@@ -937,11 +982,31 @@ + } + fhc->path = path; + } ++ + fhc->flags = 0; + if (fhc->path && efs_lstat(fhc->path, &fhc->attrs) >= 0) { +- if (re_export && nfsmounted(fhc->path, &fhc->attrs)) ++ if (nfsmounted(fhc->path, &fhc->attrs)) { + fhc->flags |= FHC_NFSMOUNTED; ++#if 0 ++ /* We must allow the client to send us the ++ * file handle for the NFS mount point itself, ++ * but not for entries within an NFS mount. ++ * XXX: needs fixing. ++ */ ++ if (!re_export) { ++ Dprintf(D_FHTRACE, ++ "Attempt to use %s (non-exportable)\n", ++ fhc->path); ++ free(fhc); ++ ex_state = inactive; ++ return NULL; ++ } ++#endif ++ } + fhc->flags |= FHC_ATTRVALID; ++ fhc->dev = fhc->attrs.st_dev; ++ fhc->ino = fhc->attrs.st_ino; ++ fhc->type = fhc->attrs.st_mode & S_IFMT; + } + fhc->fd = -1; + fhc->last_used = curtime; +@@ -993,6 +1058,14 @@ + return buf; + } + ++static void ++fh_complain(const char *msg, fhcache *fhc) ++{ ++ Dprintf(L_ERROR, "%s: ptr=%p fd=%d path=%s\n", msg, ++ fhc, fhc->fd, ++ fhc->path? fhc->path : "<unnamed>"); ++} ++ + /* + * This routine is only used by the mount daemon. + * It creates the initial file handle. +@@ -1000,23 +1073,25 @@ + int + fh_create(nfs_fh *fh, char *path) + { +- svc_fh key; +- fhcache *h; +- psi_t psi; +- nfsstat status; +- char *s; ++ struct stat stb; ++ svc_fh key; ++ fhcache *h; ++ psi_t psi; ++ nfsstat status; ++ char *s; + + memset(&key, 0, sizeof(key)); + status = NFS_OK; +- if ((psi = path_psi("/", &status, NULL, 0)) == 0) ++ if ((psi = path_psi("/", &status, &stb, 0)) == 0) + return ((int) status); ++ + s = path; + while ((s = strchr(s + 1, '/')) != NULL) { + if (++(key.hash_path[0]) >= HP_LEN) + return ((int) NFSERR_NAMETOOLONG); + key.hash_path[key.hash_path[0]] = hash_psi(psi); + *s = '\0'; +- if ((psi = path_psi(path, &status, NULL, 0)) == 0) ++ if ((psi = path_psi(path, &status, &stb, 0)) == 0) + return ((int) status); + *s = '/'; + } +@@ -1024,7 +1099,7 @@ + if (++(key.hash_path[0]) >= HP_LEN) + return ((int) NFSERR_NAMETOOLONG); + key.hash_path[key.hash_path[0]] = hash_psi(psi); +- if ((psi = path_psi(path, &status, NULL, 0)) == 0) ++ if ((psi = path_psi(path, &status, &stb, 0)) == 0) + return ((int) status); + } + key.psi = psi; +@@ -1037,9 +1112,12 @@ + + /* assert(h != NULL); */ + if (h->path == NULL) { +- h->fd = -1; +- h->path = xstrdup(path); ++ h->fd = -1; ++ h->path = xstrdup(path); + h->flags = 0; ++ h->dev = stb.st_dev; ++ h->ino = stb.st_ino; ++ h->type = stb.st_mode & S_IFMT; + } + memcpy(fh, &key, sizeof(key)); + return ((int) status); +@@ -1064,6 +1142,44 @@ + return ((nfs_fh*)&(h->h)); + } + ++ ++static inline int ++access_override(int omode, int perm, struct stat *buf) ++{ ++ /* Be suspicous of flags, particularly O_CREAT/O_TRUNC. A previous ++ * comment said: ++ * ++ * "[Not checking this] would truncate read-only files on creat() ++ * calls. Of course, ftruncate(fd, 0) should still be legal for ++ * the user when the file was chmoded *after* opening it, but we ++ * have no way to tell, and a semi-succeding `cp foo readonly-file' ++ * is much more unintuitive and destructive than a failing ++ * ftruncate()." ++ */ ++ if (omode & ~O_ACCMODE) ++ return 0; ++ ++ /* Users can do anything to their own files. Harmless (since they ++ * could chown anyway), and helps to mask NFSes statelessness. ++ * ++ * (in passing, this also handles mode 0100 execution) ++ */ ++ if (buf->st_uid == auth_uid) ++ return 1; ++ ++ /* Henceforth, we are considering granting read access to facilitate ++ * exec access. This is read only */ ++ if (omode != O_RDONLY) ++ return 0; ++ ++ /* Mode 0110 execution */ ++ if (buf->st_gid == auth_gid) ++ return (buf->st_mode & S_IXGRP) != 0; ++ ++ /* Mode 0111 execution */ ++ return (buf->st_mode & S_IXOTH) != 0; ++} ++ + int + path_open(char *path, int omode, int perm) + { +@@ -1113,30 +1229,15 @@ + * lishes two things: first, it gives the file owner r/w access to + * the file whatever the permissions are, so that files are still + * accessible after an fchown(fd, 0). The second part of the +- * condition allows read access to mode 0111 executables. +- * +- * The old conditon read like this: +- * if (fd < 0 && oerrno == EACCES) { +- * if (oerrno == EACCES && (buf.st_uid == auth_uid +- * || (omode == O_RDONLY && (buf.st_mode & S_IXOTH)))) { +- * override uid; etc... +- * } +- * } +- * This would truncate read-only files on creat() calls. Now +- * ftruncate(fd, 0) should still be legal for the user when the +- * file was chmoded *after* opening it, but we have no way to tell, +- * and a semi-succeding `cp foo readonly-file' is much more +- * unintuitive and destructive than a failing ftruncate(). ++ * condition allows read access to `execute-only' files. + */ +- if (fd < 0 && oerrno == EACCES && !(omode & (O_CREAT|O_TRUNC))) { +- if ((buf.st_uid == auth_uid && (omode & O_ACCMODE) == omode) +- || ((buf.st_mode & S_IXOTH) && omode == O_RDONLY)) { +- auth_override_uid(ROOT_UID); +- fd = efs_open(path, omode, perm); +- oerrno = errno; +- auth_override_uid(auth_uid); +- } ++ if (fd < 0 && oerrno == EACCES && access_override(omode, perm, &buf)) { ++ auth_override_uid(ROOT_UID); ++ fd = efs_open(path, omode, perm); ++ oerrno = errno; ++ auth_override_uid(auth_uid); + } ++ + + if (fd < 0) { + Dprintf(D_FHCACHE, +@@ -1241,7 +1342,7 @@ + char *sindx; + int is_dd; + nfsstat ret; +- struct stat sbuf; ++ struct stat sbuf, smount; + char pathbuf[PATH_MAX + NAME_MAX + 1], *fname; + + /* should not happen */ +@@ -1318,7 +1419,7 @@ + + *new_fh = dopa->dir; + key = (svc_fh *) new_fh; +- if ((key->psi = path_psi(pathbuf, &ret, sbp, 0)) == 0) ++ if ((key->psi = path_psi_m(pathbuf, &ret, sbp, &smount, 0)) == 0) + return (ret); + + if (is_dd) { +@@ -1344,6 +1445,10 @@ + h->h.hash_path[0]); + return NFSERR_STALE; + } ++ if (sbp->st_dev != smount.st_dev) { ++ Dprintf(D_FHTRACE, "fh_compose: %s hit%s mount point\n", ++ pathbuf, nfsmounted(pathbuf, &smount)? " NFS" : ""); ++ } + #endif + + /* New code added by Don Becker */ +@@ -1356,7 +1461,8 @@ + if (!h) return NFSERR_STALE; + #endif + if (h->path) +- Dprintf(L_ERROR, "Internal inconsistency: double entry (path '%s', now '%s').\n", ++ Dprintf(L_ERROR, ++ "internal inconsistency: double entry (path '%s', now '%s').\n", + h->path, pathbuf); + } + Dprintf(D_FHCACHE, "fh_compose: using handle %x ('%s', fd=%d)\n", +@@ -1365,9 +1471,18 @@ + + /* assert(h != NULL); */ + if (h->path == 0) { +- h->path = xstrdup(pathbuf); ++ h->path = xstrdup(pathbuf); + h->flags = 0; +- if (!re_export && nfsmounted(pathbuf, sbp)) ++ h->dev = sbp->st_dev; ++ h->ino = sbp->st_ino; ++ h->type = sbp->st_mode & S_IFMT; ++ ++ /* Note: in the case of a mount point, ++ * sbp contains the stats of the mount point, while ++ * ddbuf has the dev/ino of the underlying directory ++ */ ++ if (sbp->st_dev != smount.st_dev ++ && nfsmounted(pathbuf, &smount)) + h->flags |= FHC_NFSMOUNTED; + #ifdef FHTRACE + Dprintf(D_FHTRACE, "fh_compose: created handle %s\n", h->path); +diff -urN nfs-server-2.2beta47/fh.h nfs-server-2.2beta51/fh.h +--- nfs-server-2.2beta47/fh.h Mon Nov 23 12:15:43 1998 ++++ nfs-server-2.2beta51/fh.h Fri Nov 8 14:45:36 2002 +@@ -97,7 +97,13 @@ + struct fhcache * hash_next; + struct fhcache * fd_next; + struct fhcache * fd_prev; ++ ++ /* These are fixed during the lifetime of this object */ + svc_fh h; ++ dev_t dev; ++ ino_t ino; ++ mode_t type; /* st_mode & S_IFMT */ ++ + int fd; + int omode; + char * path; +diff -urN nfs-server-2.2beta47/getattr.c nfs-server-2.2beta51/getattr.c +--- nfs-server-2.2beta47/getattr.c Fri Oct 30 18:10:11 1998 ++++ nfs-server-2.2beta51/getattr.c Fri Nov 8 14:45:36 2002 +@@ -115,6 +115,16 @@ + attr->fsid = 1; + attr->fileid = fh_psi((nfs_fh *)&(fhc->h)); + #endif ++ ++ /* This may be needed by some Suns... testing */ ++#define MINTIME (24 * 2600) ++ if (s->st_atime < MINTIME) ++ s->st_atime = MINTIME; ++ if (s->st_mtime < MINTIME) ++ s->st_mtime = MINTIME; ++ if (s->st_ctime < MINTIME) ++ s->st_ctime = MINTIME; ++ + attr->atime.seconds = s->st_atime; + attr->atime.useconds = 0; + attr->mtime.seconds = s->st_mtime; +diff -urN nfs-server-2.2beta47/logging.c nfs-server-2.2beta51/logging.c +--- nfs-server-2.2beta47/logging.c Fri Oct 30 17:11:22 1998 ++++ nfs-server-2.2beta51/logging.c Fri Nov 8 14:45:36 2002 +@@ -147,8 +147,9 @@ + (void) time(&now); + tm = localtime(&now); + fprintf(log_fp, "%s %02d/%02d/%02d %02d:%02d %s", +- log_name, tm->tm_mon + 1, tm->tm_mday, tm->tm_year, +- tm->tm_hour, tm->tm_min, buff); ++ log_name, tm->tm_mon + 1, tm->tm_mday, ++ tm->tm_year % 100, ++ tm->tm_hour, tm->tm_min, buff); + if (strchr(buff, '\n') == NULL) + fputc('\n', log_fp); + } +@@ -182,7 +183,8 @@ + tm = localtime(&unix_cred->aup_time); + snprintf(buffer + len, total - len, + "%d/%d/%d %02d:%02d:%02d %s %d.%d", +- tm->tm_year, tm->tm_mon + 1, tm->tm_mday, ++ tm->tm_year %100, ++ tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec, + unix_cred->aup_machname, + unix_cred->aup_uid, +diff -urN nfs-server-2.2beta47/mountd.c nfs-server-2.2beta51/mountd.c +--- nfs-server-2.2beta47/mountd.c Wed Jun 2 14:10:33 1999 ++++ nfs-server-2.2beta51/mountd.c Fri Nov 8 14:45:36 2002 +@@ -32,7 +32,7 @@ + #include "rpcmisc.h" + #include "rmtab.h" + #include "haccess.h" +-#include "failsafe.h" ++#include "daemon.h" + #include "signals.h" + #include <rpc/pmap_clnt.h> + +@@ -44,6 +44,8 @@ + /* + * Option table for mountd + */ ++#define OPT_NOTCP 300 ++#define OPT_LOOPBACK 301 + static struct option longopts[] = + { + { "debug", required_argument, 0, 'd' }, +@@ -56,6 +58,8 @@ + { "no-spoof-trace", 0, 0, 't' }, + { "version", 0, 0, 'v' }, + { "fail-safe", optional_argument, 0, 'z' }, ++ { "no-tcp", 0, 0, OPT_NOTCP }, ++ { "loopback-only", 0, 0, OPT_LOOPBACK }, + + { NULL, 0, 0, 0 } + }; +@@ -358,6 +362,12 @@ + break; + case 0: + break; ++ case OPT_NOTCP: ++ udp_only = 1; ++ break; ++ case OPT_LOOPBACK: ++ loopback_only = 1; ++ break; + case '?': + default: + usage(stderr, 1); +@@ -384,38 +394,27 @@ + /* Create services and register with portmapper */ + rpc_init("mountd", MOUNTPROG, mountd_versions, mount_dispatch, port, 0); + +- if (!foreground && !_rpcpmstart) { +-#ifndef RPC_SVC_FG +- /* We first fork off a child. */ +- if ((c = fork()) > 0) +- exit(0); +- if (c < 0) { +- Dprintf(L_FATAL, "mountd: cannot fork: %s\n", +- strerror(errno)); +- } +- /* No more logging to stderr */ +- background_logging(); ++ if (_rpcpmstart) { ++ /* Always foreground mode */ ++ foreground = 1; + +- /* Now we remove ourselves from the foreground. */ +- (void) close(0); +- (void) close(1); +- (void) close(2); +-#ifdef TIOCNOTTY +- if ((c = open("/dev/tty", O_RDWR)) >= 0) { +- (void) ioctl(c, TIOCNOTTY, (char *) NULL); +- (void) close(c); +- } +-#else +- setsid(); +-#endif +-#endif /* not RPC_SVC_FG */ ++ /* ... but no logging */ ++ background_logging(); + } + ++ /* Become a daemon */ ++ if (!foreground) ++ daemonize(); ++ + /* Initialize the FH module. */ + fh_init(); + + /* Initialize the AUTH module. */ + auth_init(auth_file); ++ ++ /* Write pidfile */ ++ setpidpath(_PATH_MOUNTD_PIDFILE); ++ writepid(getpid(), 1); + + /* Failsafe mode */ + if (failsafe_level) +diff -urN nfs-server-2.2beta47/mountd.man nfs-server-2.2beta51/mountd.man +--- nfs-server-2.2beta47/mountd.man Wed Jun 2 14:12:21 1999 ++++ nfs-server-2.2beta51/mountd.man Fri Nov 8 14:45:36 2002 +@@ -14,6 +14,8 @@ + .B "[\ \-\-allow\-non\-root\ ]" + .B "[\ \-\-re\-export\ ]" + .B "[\ \-\-no\-spoof\-trace\ ]" ++.B "[\ \-\-no\-tcp ]" ++.B "[\ \-\-loopback\-only ]" + .B "[\ \-\-version\ ]" + .ad b + .SH DESCRIPTION +@@ -123,6 +125,18 @@ + .TP + .BR \-v " or " \-\-version + Report the current version number of the program. ++.TP ++.BR \-\-no\-tcp ++Force ++.I mountd ++to register only the UDP transport, but no TCP. ++This is an experimental option. ++.TP ++.BR \-\-loopback\-only ++Force ++.I mountd ++to bind to the loopback interface. ++This is an experimental option. + .SS Access Control + For enhanced security, access to + .I mountd +diff -urN nfs-server-2.2beta47/nfsd.c nfs-server-2.2beta51/nfsd.c +--- nfs-server-2.2beta47/nfsd.c Wed Nov 10 10:33:28 1999 ++++ nfs-server-2.2beta51/nfsd.c Fri Nov 8 14:45:36 2002 +@@ -21,7 +21,7 @@ + #include "getopt.h" + #include "fsusage.h" + #include "rpcmisc.h" +-#include "failsafe.h" ++#include "daemon.h" + #include "signals.h" + #ifdef __linux__ /* XXX - MvS: for UNIX sockets. */ + # include <sys/un.h> +@@ -30,7 +30,6 @@ + # include <syslog.h> + #endif + +-#define MULTIPLE_SERVERS + + /* Flags for auth_fh */ + #define CHK_READ 0 +@@ -51,6 +50,8 @@ + /* + * Option table + */ ++#define OPT_NOTCP 300 ++#define OPT_LOOPBACK 301 + static struct option longopts[] = { + { "auth-deamon", required_argument, 0, 'a' }, + { "debug", required_argument, 0, 'd' }, +@@ -68,6 +69,9 @@ + { "version", 0, 0, 'v' }, + { "no-cross-mounts", 0, 0, 'x' }, + { "fail-safe", optional_argument, 0, 'z' }, ++ { "no-tcp", 0, 0, OPT_NOTCP }, ++ { "udp-only", 0, 0, OPT_NOTCP }, ++ { "loopback-only", 0, 0, OPT_LOOPBACK }, + + { NULL, 0, 0, 0 } + }; +@@ -173,7 +177,10 @@ + return NULL; + } + +- auth_user(nfsmount, rqstp); ++ if (!auth_user(nfsmount, rqstp)) { ++ *statp = NFSERR_ACCES; ++ return NULL; ++ } + + *statp = NFS_OK; + return fhc; +@@ -211,7 +218,11 @@ + + if ((nfsmount = auth_path(nfsclient, rqstp, path)) == NULL) + return NFSERR_ACCES; +- auth_user(nfsmount, rqstp); ++ ++ /* XXX: really need to call it again here? ++ * Already invoked in auth_fh */ ++ if (!auth_user(nfsmount, rqstp)) ++ return NFSERR_ACCES; + + return (NFS_OK); + } +@@ -575,7 +586,8 @@ + #endif + + /* MvS: Some clients use chardev 0xFFFF for a FIFO. */ +- if (S_ISCHR(argp->attributes.mode) && dev == 0xFFFF) { ++ if (S_ISCHR(argp->attributes.mode) ++ && (dev == 0xFFFF || dev == (dev_t) -1)) { + is_borc = 0; + dev = 0; + argp->attributes.mode &= ~S_IFMT; +@@ -623,7 +635,7 @@ + flags = (argp->attributes.size == 0 ? + CREATE_OMODE | O_TRUNC : CREATE_OMODE); + if (!exists) +- flags |= O_CREAT; ++ flags |= O_CREAT|O_EXCL; + tmpfd = path_open(pathbuf, flags, + argp->attributes.mode & ~S_IFMT); + if (tmpfd < 0) +@@ -965,9 +977,7 @@ + int nfsport = 0; + int failsafe_level = 0; + int c; +-#ifdef MULTIPLE_SERVERS + int i, ncopies = 1; +-#endif + + program_name = argv[0]; + chdir("/"); +@@ -1031,12 +1041,17 @@ + break; + case 0: + break; ++ case OPT_NOTCP: ++ udp_only = 1; ++ break; ++ case OPT_LOOPBACK: ++ loopback_only = 1; ++ break; + case '?': + default: + usage(stderr, 1); + } + +-#ifdef MULTIPLE_SERVERS + if (optind == argc-1 && isdigit(argv[optind][0])) { + ncopies = atoi(argv[optind++]); + if (ncopies <= 0) { +@@ -1051,7 +1066,6 @@ + ncopies = 1; + } + } +-#endif + + /* No more arguments allowed. */ + if (optind != argc) +@@ -1075,72 +1089,54 @@ + rpc_init("nfsd", NFS_PROGRAM, nfsd_versions, nfs_dispatch, + nfsport, NFS_MAXDATA); + +- /* No more than 1 copy when run from inetd */ +- if (_rpcpmstart && ncopies > 1) { +- Dprintf(L_WARNING, +- "nfsd: warning: can run only " +- "one server in inetd mode\n"); +- ncopies = 1; ++ if (_rpcpmstart) { ++ /* Always do foreground mode */ ++ foreground = 1; ++ ++ /* ... but don't log to stderr */ ++ background_logging(); ++ ++ /* No more than 1 copy when run from inetd */ ++ if (ncopies > 1) { ++ Dprintf(L_WARNING, ++ "nfsd: warning: can run only " ++ "one server in inetd mode\n"); ++ ncopies = 1; ++ } + } + +-#ifndef MULTIPLE_SERVERS_READWRITE + if (ncopies > 1) + read_only = 1; +-#endif + +- /* We first fork off a child. */ +- if (!foreground) { +- if ((c = fork()) > 0) +- exit(0); +- if (c < 0) { +- Dprintf(L_FATAL, "nfsd: cannot fork: %s\n", +- strerror(errno)); +- } +- } ++ /* ++ * We first fork off a child and detach from tty ++ */ ++ if (!foreground) ++ daemonize(); + + /* Initialize the AUTH module. */ + auth_init(auth_file); + ++ setpidpath(_PATH_NFSD_PIDFILE); + if (failsafe_level == 0) { + /* Start multiple copies of the server */ ++ writepid(getpid(), 1); + for (i = 1; i < ncopies; i++) { ++ pid_t pid; ++ + Dprintf(D_GENERAL, "Forking server thread...\n"); +- if ((c = fork()) < 0) { ++ if ((pid = fork()) < 0) { + Dprintf(L_ERROR, "Unable to fork: %s", + strerror(errno)); +- } else if (c == 0) { +- /* Child process */ +- break; ++ } else if (pid != 0) { ++ writepid(pid, 0); ++ } else { ++ break; /* Child process */ + } + } + } else { + /* Init for failsafe mode */ + failsafe(failsafe_level, ncopies); +- } +- +- /* Now that we've done all the required forks, we make do all the +- * session magic. +- */ +- if (!foreground) { +- /* No more logging to stderr */ +- background_logging(); +- +- /* Now we remove ourselves from the foreground. */ +- close(0); +- close(1); +- close(2); +-#ifdef HAVE_SETSID +- setsid(); +-#else +- { +- int fd; +- +- if ((fd = open("/dev/tty", O_RDWR)) >= 0) { +- ioctl(fd, TIOCNOTTY, (char *) NULL); +- close(fd); +- } +- } +-#endif + } + + /* +diff -urN nfs-server-2.2beta47/nfsd.man nfs-server-2.2beta51/nfsd.man +--- nfs-server-2.2beta47/nfsd.man Wed Jun 2 14:13:37 1999 ++++ nfs-server-2.2beta51/nfsd.man Fri Nov 8 14:45:36 2002 +@@ -8,7 +8,7 @@ + .B "[\ \-d\ facility\ ]" + .B "[\ \-P\ port\ ]" + .B "[\ \-R\ dirname\ ]" +-.B "[\ \-Fhlnprstv\ ]" ++.B "[\ \-Fhlnprstuv\ ]" + .B "[\ \-\-debug\ facility\ ]" + .B "[\ \-\-exports\-file=file\ ]" + .B "[\ \-\-foreground\ ]" +@@ -18,6 +18,8 @@ + .B "[\ \-\-public\-root\ dirname\ ]" + .\".B "[\ \-\-synchronous\-writes\ ]" + .B "[\ \-\-no\-spoof\-trace\ ]" ++.B "[\ \-\-no\-tcp ]" ++.B "[\ \-\-loopback-only ]" + .B "[\ \-\-port\ port\ ]" + .B "[\ \-\-log-transfers\ ]" + .B "[\ \-\-version\ ]" +@@ -56,7 +58,7 @@ + .PP + When run from + .IR inetd , +-.i nfsd ++.I nfsd + will terminate after a certain period of inactivity. + .SH OPTIONS + .TP +@@ -167,6 +169,14 @@ + .BR \-v " or " \-\-version + Report the current version number of the program. + .TP ++.BR \-\-no\-tcp ++Force nfsd to only register a UDP transport, but not TCP. ++This is an experimental option. ++.TP ++.BR \-\-loopback\-only ++Force nfsd to bind to the loopback interface. ++This is an experimental option. ++.TP + .BR numcopies + This is an experimental feature that lets you run several instances of + .I nfsd +@@ -174,15 +184,8 @@ + .B numcopies + greater than one, + .I nfsd +-will fork as many times as specified by this value. +-However, the servers do not share a common file handle +-cache, which makes certain file operations impossible. +-.IP +-For this reason, +-.I nfsd +-will disallow all write operations when invoked with this option. Although +-this is very limiting, this feature may still prove useful for exporting +-public FTP areas or Usenet News spools. ++will fork as many times as specified by this value so it is able to ++handle that many NFS requests in parallel. + .SS WebNFS Support + WebNFS is an extension to the normal NFS protocol developed by Sun + that is particularly well-suited for file retrieval over the +@@ -268,6 +271,19 @@ + .I nfsd + writes out a transfer record whenever it encounters a READ or WRITE + request at offset zero. ++.SS Generating a debug trace ++When suspecting a bug in nfsd, it is helpful to look at a debug trace ++of what's going on. You can create such a trace by first killing nfsd, ++and then restarting it as ++.PP ++.nf ++.ta +3i ++/usr/sbin/rpc.nfsd -F -d all ++.fi ++.PP ++Instead of ++.BR all , ++you can use less verbose debug facilities as described above. + .SH "SEE ALSO" + exports(5), mountd(8), ugidd(8C) + .SH AUTHORS +diff -urN nfs-server-2.2beta47/rmtab.c nfs-server-2.2beta51/rmtab.c +--- nfs-server-2.2beta47/rmtab.c Fri Feb 6 09:43:25 1998 ++++ nfs-server-2.2beta51/rmtab.c Fri Nov 8 14:45:36 2002 +@@ -8,6 +8,7 @@ + + #include "nfsd.h" + #include "rmtab.h" ++#include "rpcmisc.h" + + static char * rmtab_gethost(struct svc_req *); + static int rmtab_insert(char *, char *); +diff -urN nfs-server-2.2beta47/rpcmisc.c nfs-server-2.2beta51/rpcmisc.c +--- nfs-server-2.2beta47/rpcmisc.c Tue Sep 7 10:42:58 1999 ++++ nfs-server-2.2beta51/rpcmisc.c Fri Nov 8 14:45:36 2002 +@@ -39,6 +39,8 @@ + int _rpcfdtype = 0; + int _rpcsvcdirty = 0; + const char * auth_daemon = 0; ++int udp_only = 0; ++int loopback_only = 0; + + #ifdef AUTH_DAEMON + static bool_t (*tcp_rendevouser)(SVCXPRT *, struct rpc_msg *); +@@ -96,7 +98,7 @@ + } + } + +- if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_STREAM)) { ++ if ((_rpcfdtype == 0 && !udp_only) || (_rpcfdtype == SOCK_STREAM)) { + if (_rpcfdtype == 0 && defport != 0) + sock = makesock(defport, IPPROTO_TCP, bufsiz); + transp = svctcp_create(sock, 0, 0); +@@ -199,6 +201,9 @@ + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = htons(port); ++ ++ if (loopback_only) ++ sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + + #ifdef DEBUG + { +diff -urN nfs-server-2.2beta47/rpcmisc.h nfs-server-2.2beta51/rpcmisc.h +--- nfs-server-2.2beta47/rpcmisc.h Tue Sep 7 10:37:38 1999 ++++ nfs-server-2.2beta51/rpcmisc.h Fri Nov 8 14:45:36 2002 +@@ -9,6 +9,8 @@ + extern int _rpcpmstart; + extern int _rpcfdtype; + extern int _rpcsvcdirty; ++extern int udp_only; ++extern int loopback_only; + extern const char * auth_daemon; + + extern void rpc_init(const char *name, int prog, int *verstbl, +@@ -16,5 +18,13 @@ + int defport, int bufsize); + extern void rpc_exit(int prog, int *verstbl); + extern void rpc_closedown(void); ++ ++/* ++ * Some older systems don't have svc_getcaller. ++ * Some, like glibc 2.2, have it but it returns some type that's ++ * not a sockaddr_in anymore. ++ */ ++#undef svc_getcaller ++#define svc_getcaller(xprt) ((struct sockaddr_in *) (&(xprt)->xp_raddr)) + + #endif /* RPCMISC_H */ +diff -urN nfs-server-2.2beta47/setattr.c nfs-server-2.2beta51/setattr.c +--- nfs-server-2.2beta47/setattr.c Fri Oct 30 18:29:42 1998 ++++ nfs-server-2.2beta51/setattr.c Fri Nov 8 14:45:36 2002 +@@ -103,6 +103,10 @@ + if (flags & SATTR_CHMOD) { + unsigned int mode = attr->mode; + ++ /* If setuid is not allowed, silently squash them */ ++ if (!nfsmount->o.allow_setuid && S_ISREG(s->st_mode)) ++ mode &= ~(S_ISUID|S_ISGID) | s->st_mode; ++ + if (mode != -1 && mode != 0xFFFF /* ultrix bug */ + && (mode & 07777) != (s->st_mode & 07777)) { + if (efs_chmod(path, mode) < 0) +diff -urN nfs-server-2.2beta47/showmount.c nfs-server-2.2beta51/showmount.c +--- nfs-server-2.2beta47/showmount.c Wed Jun 12 22:31:04 1996 ++++ nfs-server-2.2beta51/showmount.c Fri Nov 8 14:45:36 2002 +@@ -162,17 +162,13 @@ + break; + } + +- if (hostname[0] >= '0' && hostname[0] <= '9') { +- server_addr.sin_family = AF_INET; +- server_addr.sin_addr.s_addr = inet_addr(hostname); +- } +- else { ++ server_addr.sin_family = AF_INET; ++ if (!inet_aton(hostname, &server_addr.sin_addr)) { + if ((hp = gethostbyname(hostname)) == NULL) { + fprintf(stderr, "%s: can't get address for %s\n", + program_name, hostname); + exit(1); + } +- server_addr.sin_family = AF_INET; + memcpy(&server_addr.sin_addr, hp->h_addr, hp->h_length); + } + +diff -urN nfs-server-2.2beta47/site.h.in nfs-server-2.2beta51/site.h.in +--- nfs-server-2.2beta47/site.h.in Thu Jan 1 01:00:00 1970 ++++ nfs-server-2.2beta51/site.h.in Fri Nov 8 14:45:57 2002 +@@ -0,0 +1,50 @@ ++/* ++ * Site-specific configuration options generated by BUILD. ++ * Please do not edit. ++ */ ++ ++/* ++ * If ENABLE_DEVTAB is defined, nfsd will use the new inode ++ * number generation scheme for avoiding inode number clashes ++ * on big hard disks. ++ */ ++#undef ENABLE_DEVTAB ++ ++/* ++ * If MULTIPLE_SERVER_READWRITE is defined, you will be able ++ * to run several nfsd process in parallel servicing all NFS ++ * requests. ++ */ ++#define MULTIPLE_SERVERS_READWRITE ++ ++/* ++ * If ENABLE_UGID_DAEMON is defined, the real rpc.ugidd is built, ++ * nfsd is built to support ugidd queries. ++ * Otherwise, a dummy program is created ++ */ ++#undef ENABLE_UGID_DAEMON ++ ++/* ++ * If ENABLE_UGID_NIS is defined, nfsd will support user mapping ++ * vie the client's NIS server. ++ */ ++#undef ENABLE_UGID_NIS ++ ++/* ++ * if HOSTS_ACCESS is defined, ugidd uses host access control ++ * provided by libwrap.a from tcp_wrappers ++ */ ++#define HOSTS_ACCESS ++ ++/* ++ * Define correct ownership of export control file ++ */ ++#define EXPORTSOWNERUID 0 ++#define EXPORTSOWNERGID 0 ++ ++/* ++ * If WANT_LOG_MOUNTS is defined, every mount request will be logged ++ * to syslogd with the name of source site and a path that was ++ * it requested ++ */ ++#define WANT_LOG_MOUNTS +diff -urN nfs-server-2.2beta47/ugidd.c nfs-server-2.2beta51/ugidd.c +--- nfs-server-2.2beta47/ugidd.c Wed Dec 10 12:34:16 1997 ++++ nfs-server-2.2beta51/ugidd.c Fri Nov 8 14:45:36 2002 +@@ -43,9 +43,7 @@ + }; + + int +-main(argc, argv) +-int argc; +-char **argv; ++main(int argc, char **argv) + { + SVCXPRT *transp; + int c, longind; +@@ -92,32 +90,11 @@ + exit(1); + } + +- if (!foreground) { +- if ((c = fork()) > 0) +- exit(0); +- if (c < 0) { +- fprintf(stderr, "ugidd: cannot fork: %s\n", +- strerror(errno)); +- exit(-1); +- } +- close(0); +- close(1); +- close(2); +-#ifdef HAVE_SETSID +- setsid(); +-#else +- { +- int fd; +- +- if ((fd = open("/dev/tty", O_RDWR)) >= 0) { +- ioctl(fd, TIOCNOTTY, (char *) NULL); +- close(fd); +- } +- } +-#endif +- } +- + log_open("ugidd", foreground); ++ ++ /* Become a daemon */ ++ if (!foreground) ++ daemonize(); + + svc_run(); + Dprintf(L_ERROR, "svc_run returned\n"); +diff -urN nfs-server-2.2beta47/version.c nfs-server-2.2beta51/version.c +--- nfs-server-2.2beta47/version.c Wed Nov 10 10:33:33 1999 ++++ nfs-server-2.2beta51/version.c Fri Nov 8 14:45:36 2002 +@@ -1 +1 @@ +-char version[] = "Universal NFS Server 2.2beta47"; ++char version[] = "Universal NFS Server 2.2beta51"; |